System32[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

System32.7z
Size

130.9MB
MD5

156ce05a900efce86b09d49a0ae60605
SHA1

e4ee2dcb5e5eecb878167d4cf90a3d3d4a073e35
SHA256

51770a2adba10ed85defa1a5a76c95d263dfd574dcae79d39c8d3bc23eee2b1f
SHA512

b52bfae8333c8b0c82a36bb3417d8c057b5fff249158715d7d597fa53c251d5b88f0b0723e0ee826a2de7cb4b95d22c0dd6a8d7aa178f87d2aea420b69cb5aff
SSDEEP

3145728:Mpoum8DPxEaRQdPZr4aFh+ljgwy+qLwauMwwU8:Qxm6JEqQdPZr4zljgwy+XauiU8

Score

3^/10

Malware Config

Signatures

Unsigned PE 302 IoCs

Checks for missing Authenticode signature.

resource
unpack001/APMon.dll
unpack001/AboveLockAppHost.dll
unpack001/ApiSetHost.AppExecutionAlias.dll
unpack001/AppXApplicabilityBlob.dll
unpack001/AppXDeploymentExtensions.desktop.dll
unpack001/AppXDeploymentExtensions.onecore.dll
unpack001/AppXDeploymentServer.dll
unpack001/AudioEndpointBuilder.dll
unpack001/AudioHandlers.dll
unpack001/BioCredProv.dll
unpack001/BluetoothApis.dll
unpack001/CBDHSvc.dll
unpack001/CapabilityAccessManager.dll
unpack001/CapabilityAccessManagerClient.dll
unpack001/CloudDesktopCSP.dll
unpack001/CloudIdWxhExtension.dll
unpack001/CloudRestoreLauncher.dll
unpack001/CredProvDataModel.dll
unpack001/CustomInstallExec.exe
unpack001/DMAlertListener.ProxyStub.dll
unpack001/DMPushRouterCore.dll
unpack001/DataStoreCacheDumpTool.exe
unpack001/DesktopShellExt.dll
unpack001/DeviceEnroller.exe
unpack001/EditBufferTestHook.dll
unpack001/ExplorerFrame.dll
unpack001/FaxPrinterInstaller.dll
unpack001/FirewallAPI.dll
unpack001/FrameServer.dll
unpack001/FrameServerClient.dll
unpack001/FrameServerMonitor.dll
unpack001/FrameServerMonitorClient.dll
unpack001/HoloSHExtensions.dll
unpack001/IDStore.dll
unpack001/IESettingSync.exe
unpack001/ISM.dll
unpack001/IndexedDbLegacy.dll
unpack001/InputCloudStore.dll
unpack001/InputLocaleManager.dll
unpack001/InputService.dll
unpack001/InstallService.dll
unpack001/InstallServiceTasks.dll
unpack001/LaunchTM.exe
unpack001/LaunchWinApp.exe
unpack001/LockAppBroker.dll
unpack001/LockController.dll
unpack001/LockScreenData.dll
unpack001/MDMAgent.exe
unpack001/MFMediaEngine.dll
unpack001/MPSSVC.dll
unpack001/Magnify.exe
unpack001/MdmDiagnostics.dll
unpack001/MrmIndexer.dll
unpack001/MsSpellCheckingFacility.dll
unpack001/MusUpdateHandlers.dll
unpack001/NgcCtnr.dll
unpack001/NgcCtnrGidsHandler.dll
unpack001/NgcCtnrSvc.dll
unpack001/NgcIsoCtnr.dll
unpack001/NgcProCsp.dll
unpack001/NotificationController.dll
unpack001/PersonalizationCSP.dll
unpack001/PhotoScreensaver.scr
unpack001/Print.PrintSupport.Source.dll
unpack001/Print.Workflow.Source.dll
unpack001/PrintIsolationProxy.dll
unpack001/PrintWorkflowService.dll
unpack001/PrinterCleanupTask.dll
unpack001/PsmServiceExtHost.dll
unpack001/PushToInstall.dll
unpack001/RDXTaskFactory.dll
unpack001/ResetEngOnline.dll
unpack001/RjvMDMConfig.dll
unpack001/Robocopy.exe
unpack001/SRH.dll
unpack001/SecureTimeAggregator.dll
unpack001/SensorRuntimeBroker.exe
unpack001/SensorService.dll
unpack001/SettingsEnvironment.Desktop.dll
unpack001/SettingsHandlers_Authentication.dll
unpack001/SettingsHandlers_Backup.dll
unpack001/SettingsHandlers_BatteryUsage.dll
unpack001/SettingsHandlers_CapabilityAccess.dll
unpack001/SettingsHandlers_Copilot.dll
unpack001/SettingsHandlers_Display.dll
unpack001/SettingsHandlers_ForceSync.dll
unpack001/SettingsHandlers_Gpu.dll
unpack001/SettingsHandlers_HumanPresence.dll
unpack001/SettingsHandlers_InputPersonalization.dll
unpack001/SettingsHandlers_Language.dll
unpack001/SettingsHandlers_OptionalFeatures.dll
unpack001/SettingsHandlers_Region.dll
unpack001/SettingsHandlers_SharedExperiences_Rome.dll
unpack001/SettingsHandlers_Startup.dll
unpack001/SettingsHandlers_User.dll
unpack001/SettingsHandlers_nt.dll
unpack001/ShareHost.dll
unpack001/ShellCommonCommonProxyStub.dll
unpack001/SmartActionPlatform.dll
unpack001/SpatialAudioLicenseSrv.exe
unpack001/SppExtComObj.Exe
unpack001/StorSvc.dll
unpack001/SyncSettings.dll
unpack001/SystemSettings.DeviceEncryptionHandlers.dll
unpack001/SystemSettings.Handlers.dll
unpack001/SystemSettingsThresholdAdminFlowUI.dll
unpack001/TSpkg.dll
unpack001/TaskManagerDataLayer.dll
unpack001/TextInputMethodFormatter.dll
unpack001/TpmTasks.dll
unpack001/UsbSettingsHandlers.dll
unpack001/UserDataTimeUtil.dll
unpack001/UserDeviceRegistration.Ngc.dll
unpack001/UserDeviceRegistration.dll
unpack001/VaultCDS.dll
unpack001/WiFiCloudStore.dll
unpack001/WinHvPlatform.dll
unpack001/Windows.ApplicationModel.LockScreen.dll
unpack001/Windows.CloudStore.EarlyDownloader.dll
unpack001/Windows.CloudStore.Schema.Shell.dll
unpack001/Windows.CloudStore.dll
unpack001/Windows.Devices.Lights.dll
unpack001/Windows.Graphics.Printing.Workflow.Native.dll
unpack001/Windows.Graphics.Printing.Workflow.dll
unpack001/Windows.Internal.Management.dll
unpack001/Windows.Internal.Shell.CloudDesktop.TransitionScreen.dll
unpack001/Windows.Internal.Shell.XamlInputViewHost.dll
unpack001/Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
unpack001/Windows.Management.InprocObjects.dll
unpack001/Windows.Management.ModernDeployment.ConfigProviders.dll
unpack001/Windows.Management.Service.dll
unpack001/Windows.Media.Audio.dll
unpack001/Windows.Media.Streaming.dll
unpack001/Windows.Shell.BlueLightReduction.dll
unpack001/Windows.StateRepositoryUpgrade.dll
unpack001/Windows.UI.Accessibility.dll
unpack001/Windows.UI.Core.TextInput.dll
unpack001/Windows.UI.Cred.dll
unpack001/Windows.UI.FileExplorer.dll
unpack001/Windows.UI.Logon.dll
unpack001/Windows.UI.Xaml.InkControls.dll
unpack001/Windows.UI.Xaml.Maps.dll
unpack001/Windows.UI.Xaml.Phone.dll
unpack001/Windows.UI.Xaml.Resources.Common.dll
unpack001/Windows.UI.Xaml.dll
unpack001/Wldap32.dll
unpack001/WordBreakers.dll
unpack001/WpcTok.exe
unpack001/acppage.dll
unpack001/archiveint.dll
unpack001/audioresourceregistrar.dll
unpack001/audiosrv.dll
unpack001/auditcse.dll
unpack001/autopilot.dll
unpack001/autopilotdiag.dll
unpack001/bcastdvruserservice.dll
unpack001/bthserv.dll
unpack001/catsrvut.dll
unpack001/cdd.dll
unpack001/cdp.dll
unpack001/cdprt.dll
unpack001/cdpusersvc.dll
unpack001/certprop.dll
unpack001/cfgbkend.dll
unpack001/cloudAP.dll
unpack001/comsvcs.dll
unpack001/configmanager2.dll
unpack001/credprovhost.dll
unpack001/credprovs.dll
unpack001/credssp.dll
unpack001/cryptngc.dll
unpack001/dafBth.dll
unpack001/das.dll
unpack001/dcsvc.dll
unpack001/declaredconfiguration.dll
unpack001/desktopimgdownldr.exe
unpack001/diagtrack.dll
unpack001/dlnashext.dll
unpack001/dmenrollengine.dll
unpack001/dmenterprisediagnostics.dll
unpack001/dmwappushsvc.dll
unpack001/dpapisrv.dll
unpack001/drvinst.exe
unpack001/dsregcmd.exe
unpack001/dsregtask.dll
unpack001/dtdump.exe
unpack001/dwmredir.dll
unpack001/edgehtml.dll
unpack001/energy.dll
unpack001/enrollmentapi.dll
unpack001/enterprisecsps.dll
unpack001/enterpriseresourcemanager.dll
unpack001/facecredentialprovider.dll
unpack001/fcon.dll
unpack001/fodhelper.exe
unpack001/fveapi.dll
unpack001/fveapibase.dll
unpack001/fwbase.dll
unpack001/fwmdmcsp.dll
unpack001/fwpolicyiomgr.dll
unpack001/hascsp.dll
unpack001/hmkd.dll
unpack001/ieframe.dll
unpack001/iemigplugin.dll
unpack001/immersivetpmvscmgrsvr.exe
unpack001/jscript9Legacy.dll
unpack001/kerberos.dll
unpack001/localspl.dll
unpack001/localui.dll
unpack001/lsm.dll
unpack001/mdmmigrator.dll
unpack001/mdmregistration.dll
unpack001/mshtml.dll
unpack001/mstsc.exe
unpack001/mstscax.dll
unpack001/ncsi.dll
unpack001/negoexts.dll
unpack001/netlogon.dll
unpack001/netprofmsvc.dll
unpack001/ngccredprov.dll
unpack001/ngcksp.dll
unpack001/ngclocal.dll
unpack001/ngcrecovery.dll
unpack001/ngcsvc.dll
unpack001/nlaapi.dll
unpack001/nlmproxy.dll
unpack001/nlmsprep.dll
unpack001/nltest.exe
unpack001/nshwfp.dll
unpack001/ntfsres.dll
unpack001/ntlanman.dll
unpack001/omadmclient.exe
unpack001/pcadm.dll
unpack001/pcaui.dll
unpack001/pcaui.exe
unpack001/pcwutl.dll
unpack001/pku2u.dll
unpack001/powercfg.exe
unpack001/profprov.dll
unpack001/profsvc.dll
unpack001/profsvcext.dll
unpack001/proquota.exe
unpack001/psr.exe
unpack001/ptpprov.dll
unpack001/rdpclip.exe
unpack001/rdpcorets.dll
unpack001/rdpcredentialprovider.dll
unpack001/rdpsharercom.dll
unpack001/rdsdwmdr.dll
unpack001/readCloudDataSettings.exe
unpack001/regapi.dll
unpack001/remotepg.dll
unpack001/reseteng.dll
unpack001/rmttpmvscmgrsvr.exe
unpack001/schannel.dll
unpack001/shutdownux.dll
unpack001/smartscreen.exe
unpack001/smartscreenps.dll
unpack001/smbwmiv2.dll
unpack001/spoolss.dll
unpack001/spoolsv.exe
unpack001/sppc.dll
unpack001/sppcext.dll
unpack001/srvsvc.dll
unpack001/sscore.dll
unpack001/tdhres.dll
unpack001/termsrv.dll
unpack001/themeui.dll
unpack001/tier2punctuations.dll
unpack001/timesync.dll
unpack001/tpmvscmgrsvr.exe
unpack001/tsgqec.dll
unpack001/twinapi.dll
unpack001/twinui.appcore.dll
unpack001/twinui.dll
unpack001/twinui.pcshell.dll
unpack001/tzautoupdate.dll
unpack001/tzres.dll
unpack001/uDWM.dll
unpack001/usbmon.dll
unpack001/usodocked.dll
unpack001/usosvcimpl.dll
unpack001/vbsapi.dll
unpack001/vmrdvcore.dll
unpack001/w32time.dll
unpack001/wbiosrvc.dll
unpack001/wci.dll
unpack001/wdigest.dll
unpack001/webauthn.dll
unpack001/wfapigp.dll
unpack001/win32kfull.sys
unpack001/win32spl.dll
unpack001/winbio.dll
unpack001/windows.internal.shellcommon.shareexperience.dll
unpack001/windowsudk.shellcommon.dll
unpack001/windowsudkservices.shellcommon.dll
unpack001/winlogon.exe
unpack001/wkssvc.dll
unpack001/wlidsvc.dll
unpack001/wosc.dll
unpack001/wpdshext.dll
unpack001/wshbth.dll

Files

System32.7z
.7z
APMon.dll
.dll windows:10 windows x64 arch:x64

01351d026ed6f51a635178e7776cd3ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

APMon.pdb

Imports

msvcrt

__crtCompareStringA
__crtLCMapStringW
??8type_info@@QEBAHAEBV0@@Z
islower
__crtLCMapStringA
toupper
__pctype_func
_ismbblead
___lc_codepage_func
___lc_handle_func
___mb_cur_max_func
setlocale
__uncaught_exception
wcstod
wcstoul
wcspbrk
sscanf_s
wcsrchr
iswspace
wcstok_s
_wctime
time
wcstol
_get_errno
_set_errno
_wtof
_wtol
_errno
strcspn
localeconv
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
strchr
tolower
isdigit
swprintf_s
towlower
_wtoi
_vsnprintf
sprintf_s
_stricmp
_wcsdup
_wcsnicmp
wcsstr
_wsplitpath_s
_wsetlocale
abort
realloc
memset
memchr
??1type_info@@UEAA@XZ
_onexit
__dllonexit
___lc_collate_cp_func
_unlock
_lock
?terminate@@YAXXZ
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
memmove
memcpy
memcmp
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
wcschr
wcsncmp
_wcsicmp
??_V@YAXPEAX@Z
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
isupper
wcstok
calloc
__CxxFrameHandler4
wcscmp

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
GetProcAddress
GetModuleHandleW
LoadLibraryExW
LoadResource
LockResource
LoadStringW
GetModuleFileNameA
FreeLibrary
DisableThreadLibraryCalls
GetModuleHandleExW

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

SetEvent
CreateEventW
ReleaseSemaphore
InitializeCriticalSectionEx
CreateEventExW
WaitForSingleObject
CreateSemaphoreExW
EnterCriticalSection
LeaveCriticalSection
ResetEvent
ReleaseSRWLockShared
InitializeCriticalSectionAndSpinCount
ReleaseMutex
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
DeleteCriticalSection
WaitForSingleObjectEx
CreateMutexExW
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventActivityIdControl
EventUnregister
EventSetInformation
EventWriteTransfer

api-ms-win-core-processthreads-l1-1-0

SetThreadToken
ProcessIdToSessionId
GetCurrentThreadId
GetCurrentProcessId
OpenProcessToken
GetCurrentThread
TerminateProcess
CreateThread
GetCurrentProcess
OpenThreadToken

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetUserDefaultLocaleName
GetSystemPreferredUILanguages
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids

api-ms-win-core-threadpool-l1-2-0

CreateThreadpool
SubmitThreadpoolWork
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolThreadMaximum
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolWork
CloseThreadpoolCleanupGroup
CloseThreadpool
CloseThreadpoolWork

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenCurrentUser
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount

spoolss

SetPortW
GetServerPolicy
RouterCreatePrintAsyncNotificationChannel
GetPrinterDriverDirectoryW
GetJobW
RouterFreeBidiMem
RouterAllocBidiMem
GetPrinterW
RouterAllocBidiResponseContainer
SetPrinterW
DeletePrinter
SetJobW
GetPrinterDataW
GetPrinterDriverW
ImpersonatePrinterClient
OpenPrinterW
ClosePrinter
EnumPortsW
EnumPrintersW
RouterFreeBidiResponseContainer
GetJobNamedPropertyValue
FreePrintPropertyValue
SetJobNamedProperty
RevertToPrinterSelf

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
CompareStringOrdinal

api-ms-win-core-file-l1-1-0

GetFileAttributesW

ntdll

NtOpenProcessToken
NtSetInformationThread
NtOpenThreadToken
EtwEventWrite
EtwEventEnabled
TpReleaseAlpcCompletion
TpWaitForAlpcCompletion
TpReleaseIoCompletion
TpWaitForIoCompletion
TpReleaseTimer
TpWaitForTimer
TpReleaseWait
TpWaitForWait
NtClose
TpWaitForWork
TpAllocAlpcCompletion
TpStartAsyncIoOperation
TpAllocIoCompletion
TpSetTimer
TpAllocTimer
TpAllocWait
TpPostWork
TpAllocWork
RtlNtStatusToDosError
TpSimpleTryPost
TpSetWait
TpCallbackMayRunLong
TpReleasePool
EtwTraceMessage
RtlGetDeviceFamilyInfoEnum
TpReleaseWork

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

CopySid
GetLengthSid
GetTokenInformation
EqualSid
ImpersonateLoggedOnUser
RevertToSelf
DuplicateTokenEx

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-eventlog-legacy-l1-1-0

ReportEventW
RegisterEventSourceW
DeregisterEventSource

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsCreateString
WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-threadpool-legacy-l1-1-0

ChangeTimerQueueTimer
CreateTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW
GetPrivateProfileSectionW

api-ms-win-security-activedirectoryclient-l1-1-0

DsCrackNamesW
DsUnBindW
DsFreeNameResultW

api-ms-win-core-string-l2-1-0

CharUpperBuffW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

Exports

Exports

InitializePrintMonitor2

Sections

.text
Size: 852KB - Virtual size: 850KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 232KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AUDIOKSE.dll
.dll regsvr32 windows:10 windows x64 arch:x64

0171c8b34a2862ac3a0bc42087150e58

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

86:fc:11:4d:8f:d6:1f:8b:87:00:45:84:16:8b:d1:46:15:64:44:f9:68:8d:f3:b5:94:2f:52:b8:d6:58:f1:a4
Signer

Actual PE Digest

86:fc:11:4d:8f:d6:1f:8b:87:00:45:84:16:8b:d1:46:15:64:44:f9:68:8d:f3:b5:94:2f:52:b8:d6:58:f1:a4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AUDIOKSE.pdb

Imports

api-ms-win-crt-string-l1-1-0

strcmp
wcscmp
memset
strnlen
strncmp
wcsnlen

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__strnicmp
_o__crt_atexit
memcpy
_o__wcslwr
_o__wfopen
_o__wtol
_o_fclose
_o_feof
_o_fread
_o_free
_o_fseek
_o_log10
_o_malloc
_o_pow
_o_tolower
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o__configure_narrow_argv
wcsrchr
_o__cexit
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcsstr
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_CxxThrowException
__C_specific_handler_noexcept
memcmp

ntdll

RtlFreeMemoryBlockLookaside
RtlNtStatusToDosError
RtlGetPersistedStateLocation
RtlLockMemoryBlockLookaside
RtlCreateMemoryBlockLookaside
RtlUnlockMemoryBlockLookaside
NtQueryInformationProcess
RtlAllocateMemoryBlockLookaside
RtlDestroyMemoryBlockLookaside
RtlExtendMemoryBlockLookaside
RtlDeleteFunctionTable
RtlAddFunctionTable
ShipAssert
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
NtCreateFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
LoadResource
SizeofResource
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
GetProcAddress
LoadLibraryExW
FreeLibrary
DisableThreadLibraryCalls
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

SetEvent
CreateEventW
CreateWaitableTimerExW
LeaveCriticalSection
EnterCriticalSection
ResetEvent
CreateEventA
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
InitializeCriticalSection
CreateEventExW
CancelWaitableTimer
DeleteCriticalSection
SetWaitableTimer
WaitForMultipleObjectsEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
GetCurrentThread
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
CreateThread

api-ms-win-core-localization-l1-2-0

GetThreadLocale
SetThreadLocale
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

oleaut32

SysStringLen
SysAllocString
VarUI4FromStr
SysFreeString

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventActivityIdControl
EventSetInformation

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
TraceEvent
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoGetMalloc
PropVariantClear
StringFromGUID2

api-ms-win-core-string-l2-1-0

CharNextW
CharLowerBuffW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegGetValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-synch-l1-2-0

InitOnceInitialize
WakeByAddressAll
WaitOnAddress
Sleep
InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
VirtualProtect
VirtualFree
VirtualAlloc
MapViewOfFile
CreateFileMappingW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW
GetLocalTime
GlobalMemoryStatusEx
GetTickCount
GetWindowsDirectoryW
GetTickCount64

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-memory-l1-1-1

SetProcessWorkingSetSizeEx
GetProcessWorkingSetSizeEx

api-ms-win-core-file-l1-1-0

GetDiskFreeSpaceW
CreateFileW
GetFileSize

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentStringsW
FreeEnvironmentStringsA
FreeEnvironmentStringsW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

mmdevapi

ord5

avrt

AvRevertMmThreadCharacteristics
AvQuerySystemResponsiveness
AvSetMmThreadPriority
AvSetMmThreadCharacteristicsA

api-ms-win-core-psapi-l1-1-0

K32GetDeviceDriverBaseNameW
K32GetDeviceDriverFileNameW
K32EnumDeviceDrivers

api-ms-win-devices-query-l1-1-0

DevCreateObjectQuery
DevCloseObjectQuery

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 312KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 4KB - Virtual size: 344B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AboveLockAppHost.dll
.dll windows:10 windows x64 arch:x64

3c46a72f774f3c5de348b2bf9ed669af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AboveLockAppHost.pdb

Imports

msvcrt

?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
memcpy_s
memmove_s
_vsnwprintf
_purecall
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
__CxxFrameHandler4
wcsrchr
_wcsicmp
wcscspn
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
_callnewh
??1type_info@@UEAA@XZ
free
_amsg_exit
_XcptFilter
_vsnprintf_s
??3@YAXPEAX@Z
memcmp
memset

shcore

SHGetThreadRef
IUnknown_QueryService
SHTaskPoolQueueTask

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceComplete
Sleep
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsSubstringWithSpecifiedLength
WindowsDuplicateString
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateString
WindowsGetStringLen

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-synch-l1-1-0

ReleaseMutex
CreateEventW
InitializeSRWLock
CreateMutexExW
ReleaseSRWLockShared
DeleteCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
CreateSemaphoreExW
AcquireSRWLockShared
WaitForSingleObject
ReleaseSRWLockExclusive
ReleaseSemaphore
SetEvent
WaitForSingleObjectEx
OpenSemaphoreW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleHandleExA
GetModuleHandleExW
GetModuleFileNameA
DisableThreadLibraryCalls

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetProcessId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister
EventUnregister
EventActivityIdControl

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
CoGetCallContext
CoGetInterfaceAndReleaseStream
CoReleaseMarshalData
CoMarshalInterThreadInterfaceInStream
CoGetStdMarshalEx
CoGetMalloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
CoGetApartmentType
CoTaskMemAlloc
CoWaitForMultipleObjects
CoCreateInstance

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegGetValueW
RegCreateKeyExW
RegCloseKey
RegQueryInfoKeyW

api-ms-win-ro-typeresolution-l1-1-1

RoCreatePropertySetSerializer

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

ntdll

NtQueryWnfStateData
RtlPublishWnfStateData

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
UnregisterWait

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-shcore-thread-l1-1-0

GetProcessReference

combase

ord140
ord79

kernel32

CloseState
GetSystemAppDataKey
OpenStateExplicit

user32

SetLayeredWindowAttributes
SetWindowLongW
SetRectEmpty
IsIconic
IsZoomed
SetForegroundWindow
GetSystemMetrics
GetWindowBand
SetWindowPos
GetWindowThreadProcessId
GetShellWindow
GetWindowLongW
SetPropW
GetWindowRect
PostMessageW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 276KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ApiSetHost.AppExecutionAlias.dll
.dll windows:10 windows x64 arch:x64

419d3df0c304b02e82102755817c66f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ApiSetHost.AppExecutionAlias.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__ui64tow_s
memmove
_o_free
_o_malloc
__C_specific_handler
_o__crt_atexit
_o___stdio_common_vswprintf
_o__configure_narrow_argv
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__callnewh
_o__execute_onexit_table
_o__errno
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
_CxxThrowException
__CxxFrameHandler3

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsDeleteString
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
LeaveCriticalSection
CreateMutexExW
DeleteCriticalSection
InitializeCriticalSectionEx
OpenSemaphoreW
ReleaseMutex
WaitForSingleObject
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSemaphore
ReleaseSRWLockExclusive
CreateSemaphoreExW
WaitForSingleObjectEx
CreateEventW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW
DisableThreadLibraryCalls

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

SetThreadToken
GetCurrentThread
OpenThreadToken
GetCurrentProcess
TerminateProcess
ProcessIdToSessionId
GetCurrentProcessId
GetCurrentThreadId
OpenProcessToken

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetSystemDirectoryW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

ntdll

RtlFreeHeap
RtlAllocateAndInitializeSid
RtlCreateAcl
RtlAddProcessTrustLabelAce
RtlCreateSecurityDescriptor
RtlSetSaclSecurityDescriptor
NtSetSecurityObject
RtlFreeSid
RtlCopySid
RtlDestroyEnvironment
RtlAcquireSRWLockShared
RtlSleepConditionVariableSRW
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlWakeAllConditionVariable
NtClose
RtlLengthSid
RtlExpandEnvironmentStrings
RtlNtStatusToDosError
NtQueryInformationToken
RtlAllocateHeap
RtlQueryTokenHostIdAsUlong64
NtOpenProcessToken

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-security-base-l1-1-0

GetLengthSid
SetSecurityAccessMask
GetTokenInformation
CreateWellKnownSid

api-ms-win-core-file-l1-1-0

CreateFileW

profapi

ord101

api-ms-win-core-com-l1-1-0

CoIncrementMTAUsage
CoTaskMemFree
CoTaskMemAlloc
CoDecrementMTAUsage
CoCreateInstance

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-io-l1-1-0

DeviceIoControl

msvcp_win

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAI@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?uncaught_exception@std@@YA_NXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ

rpcrt4

RpcStringBindingComposeW
I_RpcExceptionFilter
RpcAsyncCompleteCall
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcAsyncCancelCall
RpcBindingFromStringBindingW
Ndr64AsyncClientCall
RpcBindingFree
RpcAsyncInitializeHandle

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-psm-key-l1-1-0

PsmGetKeyFromToken

api-ms-win-core-processthreads-l1-1-3

GetProcessInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CheckAppExecutionAliasApplicationType
CloseAppExecutionAliasEx
CompleteAppExecutionAliasProcessCreationEx
CompletePackagedProcessCreationEx
CreateAndPersistAppExecutionAliasEx
CreateAppExecutionAliasEx
CreateAppExecutionAliasEx2
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
FreeAppExecutionAliasInfoEx
GetAppExecutionAliasApplicationType
GetAppExecutionAliasApplicationUserModelIdEx
GetAppExecutionAliasExecutableEx
GetAppExecutionAliasPackageFamilyNameEx
GetAppExecutionAliasPackageFullNameEx
GetAppExecutionAliasPath
LoadAppExecutionAliasInfoEx
OpenAppExecutionAliasForUserEx
PerformAppxLicenseRundownEx
PersistAppExecutionAliasToFileEx
PersistAppExecutionAliasToFileHandleEx

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppInstallerBackgroundUpdate.exe
.exe windows:10 windows x64 arch:x64

db517dcd8e27c95037f893b749a20d89

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:61:4a:50:8c:37:50:3e:66:3d:61:9d:ea:7f:23:34:e7:02:1d:56:3b:f8:a1:b1:04:e8:9b:f4:7e:f4:dc:d0
Signer

Actual PE Digest

45:61:4a:50:8c:37:50:3e:66:3d:61:9d:ea:7f:23:34:e7:02:1d:56:3b:f8:a1:b1:04:e8:9b:f4:7e:f4:dc:d0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

AppInstallerBackgroundUpdate.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_initterm
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o___p__commode
memcpy
_o___stdio_common_vsnwprintf_s
_o_exit
_o_free
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
_CxxThrowException

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
GetProcAddress
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoSetProxyBlanket

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppResolver.dll
.dll windows:10 windows x64 arch:x64

0e71d9c58b8d04c0f005fa0b587b6780

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

84:7f:70:fa:6f:a2:e5:4b:93:3e:fa:95:09:bd:fd:be:cc:33:22:b5:e5:91:36:ed:19:5a:be:1f:9b:b2:38:05
Signer

Actual PE Digest

84:7f:70:fa:6f:a2:e5:4b:93:3e:fa:95:09:bd:fd:be:cc:33:22:b5:e5:91:36:ed:19:5a:be:1f:9b:b2:38:05

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppResolver.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__ui64tow_s
memmove
_o__wcstoui64
_o__wtoi
_o_ceilf
_o_free
_o_malloc
_o_terminate
_o_towupper
__C_specific_handler
__current_exception
__current_exception_context
_o__execute_onexit_table
_o__errno
_o__get_errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
wcschr
wcsrchr
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsspn
memset
wcscmp

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleW
GetModuleHandleExW
FreeLibrary
GetModuleFileNameA
GetModuleFileNameW
GetProcAddress

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

OpenEventW
ResetEvent
InitializeSRWLock
InitializeCriticalSection
CreateEventExW
ReleaseMutex
SetEvent
AcquireSRWLockExclusive
WaitForSingleObject
CreateEventW
OpenSemaphoreW
ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockShared
ReleaseSemaphore
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateSemaphoreExW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
RaiseException
GetLastError

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
OpenProcessToken
OpenThreadToken
GetCurrentThreadId
ProcessIdToSessionId
GetProcessTimes
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GetCurrentThread

api-ms-win-core-localization-l1-2-0

GetUserGeoID
FormatMessageW
GetUserDefaultLCID
GetThreadPreferredUILanguages

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

shcore

IUnknown_GetSite
ord213
ord130
SHTaskPoolGetUniqueContext
SHQueryValueExW
SHStrDupW
ord192
IUnknown_Set
IStream_Size
IStream_Read
ord188
IUnknown_QueryService
SHTaskPoolQueueTask
GetScaleFactorForDevice
ord141
ord109
ord122
SHSetValueW
SHGetValueW
ord123
ord170
SHAnsiToUnicode
ord145
ord193
ord190

windows.storage

SHGetDesktopFolder
SHOpenFolderAndSelectItems
SHGetKnownFolderPath
ord942
ord946

ntdll

NtQueryInformationProcess
RtlNtStatusToDosError
RtlAllocateHeap
RtlFreeHeap
RtlReleaseSRWLockExclusive
NtQueryWnfStateData
RtlPublishWnfStateData
RtlNtStatusToDosErrorNoTeb
RtlInitUnicodeString
VerSetConditionMask
NtQueryInformationToken
RtlSubscribeWnfStateChangeNotification
RtlAcquireSRWLockExclusive
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlCompareUnicodeString

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchCombine
PathAllocCombine
PathCchFindExtension
PathCchRemoveExtension
PathCchAppend
PathCchRemoveBackslash

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegDeleteValueW
RegGetValueW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegEnumValueW

api-ms-win-core-file-l1-1-0

GetFileSizeEx
GetLongPathNameW
CreateDirectoryW
CompareFileTime
DeleteFileW
CreateFileW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
LocalReAlloc

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFile
ReadProcessMemory
UnmapViewOfFile

api-ms-win-core-memory-l1-1-1

PrefetchVirtualMemory

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-security-base-l1-1-0

GetSidSubAuthority
DuplicateTokenEx
GetFileSecurityW
GetSecurityDescriptorSacl
GetAce
GetTokenInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-appmodel-unlock-l1-1-0

IsDeveloperModeEnabled

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 424KB - Virtual size: 423KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppXApplicabilityBlob.dll
.dll windows:10 windows x64 arch:x64

c415be19dba4fe4d36996e13146e882a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

appxapplicabilityblob.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
wcsnlen
strcspn

api-ms-win-crt-locale-l1-1-0

_unlock_locales
_lock_locales

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__calloc_base
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__free_base
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__malloc_base
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsdup
_o__wtoi64
_o_abort
_o_calloc
_o_free
_o_frexp
_o_localeconv
_o_malloc
_o_realloc
_o_setlocale
_o_terminate
__uncaught_exception
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___pctype_func
_o____mb_cur_max_func
_o____lc_locale_name_func
_o____lc_collate_cp_func
_o____lc_codepage_func
strchr
__CxxFrameHandler3
memcpy

api-ms-win-core-libraryloader-l1-1-0

GetProcAddress
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

CreateEventW
CreateSemaphoreExW
EnterCriticalSection
CreateMutexExW
LeaveCriticalSection
InitializeCriticalSectionEx
ResetEvent
OpenSemaphoreW
WaitForSingleObjectEx
DeleteCriticalSection
SetEvent
InitializeCriticalSectionAndSpinCount
ReleaseMutex
ReleaseSemaphore
WaitForSingleObject

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-core-localization-l1-2-0

LCMapStringEx
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-string-l1-1-0

CompareStringEx
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

Exports

Exports

CreateSerializedBundleManifestStatement
GetApplicabilityFactory
IsAppx
IsModernApp
IsPreThresholdDesktop
IsPreThresholdPhone
IsXAP

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppXDeploymentClient.dll
.dll windows:10 windows x64 arch:x64

e65ad12104ccb52f549562950224ea48

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

53:09:55:c4:41:32:e1:07:51:4a:07:53:9c:fb:25:e1:ef:72:a9:c3:34:75:e9:b8:79:ee:c9:99:34:28:4e:b5
Signer

Actual PE Digest

53:09:55:c4:41:32:e1:07:51:4a:07:53:9c:fb:25:e1:ef:72:a9:c3:34:75:e9:b8:79:ee:c9:99:34:28:4e:b5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppXDeploymentClient.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-string-l1-1-0

memset
memmove_s
strcmp

ntdll

RtlNumberGenericTableElementsAvl
RtlIsMultiUsersInSessionSku
RtlAllocateHeap
NtSetInformationThread
NtQueryInformationProcess
NtQueryInformationFile
RtlFreeHeap
RtlDeleteCriticalSection
NtQuerySystemInformation
RtlReportException
RtlFreeUnicodeString
RtlAllocateAndInitializeSid
NtSetInformationVirtualMemory
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlInitializeSRWLock
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlGetDeviceFamilyInfoEnum
NtUnmapViewOfSection
NtMapViewOfSection
RtlNtStatusToDosErrorNoTeb
RtlConvertSidToUnicodeString
NtClose
NtCreateSection
EtwEventUnregister
EtwEventWrite
EtwEventRegister
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlFreeSid
RtlAllocateWnfSerializationGroup
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlUnsubscribeWnfStateChangeNotification
RtlNtStatusToDosError
NtQueryInformationThread
RtlDeleteElementGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlLookupElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlInitUnicodeString
RtlCompareUnicodeString
RtlDowncaseUnicodeString
RtlQueryPackageClaims
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlInitializeCriticalSection

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleExA
LoadLibraryExA
GetProcAddress
GetModuleFileNameW
GetModuleHandleW
GetModuleFileNameA
FreeLibrary
LoadStringW
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

SleepEx
InitializeSRWLock
AcquireSRWLockShared
CreateMutexExW
CreateEventW
ResetEvent
CreateEventExW
SetEvent
ReleaseSRWLockShared
OpenSemaphoreW
CreateSemaphoreExW
ReleaseMutex
EnterCriticalSection
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObjectEx
AcquireSRWLockExclusive
LeaveCriticalSection
WaitForSingleObject
InitializeCriticalSectionEx
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
FreeLibraryWhenCallbackReturns
WaitForThreadpoolWorkCallbacks
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolTimer
CreateThreadpoolWork

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
OpenThreadToken
SetThreadToken
GetCurrentProcess
TlsSetValue
OpenProcessToken
TlsAlloc
GetProcessId
TerminateProcess
GetCurrentThread
GetCurrentThreadId
ProcessIdToSessionId
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

rpcrt4

NdrDllGetClassObject
NdrDllCanUnloadNow
UuidCreate
UuidToStringW
NdrOleAllocate
Ndr64AsyncClientCall
RpcAsyncInitializeHandle
RpcAsyncCancelCall
RpcBindingUnbind
RpcAsyncCompleteCall
NdrOleFree
RpcServerInqCallAttributesW
RpcBindingFromStringBindingW
RpcStringFreeW
RpcStringBindingComposeW
RpcBindingFree
NdrClientCall3
I_RpcExceptionFilter
RpcBindingCreateW
RpcBindingBind

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo
RoSetErrorReportingFlags
SetRestrictedErrorInfo
RoOriginateError
RoOriginateErrorW
RoTransformError

api-ms-win-core-com-l1-1-0

CoUninitialize
CoTaskMemFree
CoInitializeEx
CoGetApartmentType
CoGetCallContext
CoMarshalInterface
CoCreateInstance
CoReleaseMarshalData
CoIncrementMTAUsage
CLSIDFromString
CoTaskMemAlloc
CoDecrementMTAUsage
CoRevertToSelf
CreateStreamOnHGlobal
CoCreateFreeThreadedMarshaler
StringFromGUID2
CoImpersonateClient

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventSetInformation
EventActivityIdControl
EventUnregister

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringEx
CompareStringOrdinal

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory
RoUninitialize
RoInitialize

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetSystemInfo
GetVersionExW
GetLocalTime

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-security-sddl-l1-1-0

ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-security-lsalookup-l1-1-0

LsaLookupClose
LsaLookupOpenLocalPolicy
LsaLookupFreeMemory
LsaLookupGetDomainInfo

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchRemoveBackslash
PathCchSkipRoot
PathAllocCanonicalize

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx
NotifyServiceStatusChangeW

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW
StartServiceW

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
VirtualProtect
VirtualQuery
CreateFileMappingW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AppInstallerUpdateAllTask
AppxAddPackageToAllUserStoreForPbr
AppxCleanupOrphanPackages
AppxCleanupSystemAppsMigratedToFOD
AppxCleanupWCIReparsePoints
AppxCreateSharedLocalFolder
AppxCreateSharedLocalFolderForFamilyName
AppxDeletePackageFiles
AppxDestagePackage
AppxDoesSharedLocalFolderExistForFamilyName
AppxGetPackageInstalledLocation
AppxGetStagedPackageFullNameFromFamilyName
AppxIsStagedPackageStoreSigned
AppxPackageRepositoryRecoverStagedPackages
AppxPackageRepositoryRecoverUserInstalls
AppxPreRegisterAllInboxPackages
AppxPreRegisterPackage
AppxPreStageCleanupRunTask
AppxRecoverUserInstallsForUpgrade
AppxRegisterPackage
AppxRemoveAllPackagesForUserSid
AppxRemovePackageForAllUsers
AppxRemovePackageForUserSid
AppxRequestRemovePackageForUser
AppxResetPackage
AppxStagePackage
AppxValidatePackages
AppxValidatePackagesWithOptions
CheckAppInstallerUpdateAvailability
CheckComCallerHasCapabilities
CheckForUpdatesAndWaitForInstallerIfNeeded
CleanupProfileForUser
ClientDeleteAllPackagesFromMainPackageArray
ClientGetAllPackagesToBeInstalledForUser
CreateCanonicalPriFile
DeleteApplicabilityInfoArray
DeleteAutoUpdateSettings
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
EnsurePackageFamilyIsRegisteredBeforeActivation
EnsurePackageIsRegisteredInContainer
FixJunctionsForAppsIfNecessary
GeneratePreInstalledPriFiles
GetApplicability
GetApplicability2
GetApplicability4
GetApplicability5
GetApplicabilityForPackage
GetBundleApplicablePackages
GetMetadataRootForPackage
GetNotificationPayload
GetNotificationPayloadForUser
GetPackageRegistrationStatusForUser
GetPackageRegistrationStatusForUserAndDefaultAccount
HasPackageFamilyBeenRegisteredForUser
IsPackageInstalled
IsPackageMetadataUnderSystemMetadata
IsSharedAppsEnabled
MSIXForceReRegisterPackage
MsixEnsurePackageIsRegistered
MsixPackageVolumeIsRepairNeeded
MsixPackageVolumeRepair
NotifyPackageStatusChanged
PauseAutoUpdateSettings
PopulateProtocolAndFTA
RDSRecoverRequests
ReArmAppxPreStageCleanupTask
RegisterNotification
RegisterNotificationForUser
RemovePackageFromContainer
RepairPackageFileAcls
RequestContentGroups
RequestContentGroupsForFullTrust
ScheduleAppInstallerBackgroundUpdate
SetPackageStatusInContainer
UnregisterNotification
UnregisterNotificationForUser
UpdateAgentCancelAllDownloads
UpdateAgentCancelDownload
UpdateAgentCreateDownload
UpdateAgentFreeDownloadRanges
UpdateAgentGetDownloadPackageReturnValue
UpdateAgentGetDownloadRanges
UpdateAgentGetDownloadingPackageCount
UpdateAppInstallerSettings
UpdateDataSourceAddRange
UpdateDataSourceCancelRun
UpdateDataSourceRegister
UpdateDataSourceRun
VerifyPackage

Sections

.text
Size: 800KB - Virtual size: 796KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 340KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppXDeploymentExtensions.desktop.dll
.dll windows:10 windows x64 arch:x64

44debfab0009d92a5ab06b6c8fcae085

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppxDeploymentExtensions.Desktop.pdb

Imports

msvcp_win

?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
_Wcscoll
??1_Lockit@std@@QEAA@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$collate@G@std@@2V0locale@2@A
?_Xinvalid_argument@std@@YAXPEBD@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Winerror_map@std@@YAHH@Z
?id@?$ctype@G@std@@2V0locale@2@A
?_Syserror_map@std@@YAPEBDH@Z
_Wcsxfrm
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?_Xout_of_range@std@@YAXPEBD@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
??Bios_base@std@@QEBA_NXZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
??0_Lockit@std@@QEAA@H@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Xbad_alloc@std@@YAXXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1_Locinfo@std@@QEAA@XZ

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__wcsicmp
_o__wcsnicmp
_o__wcstoui64
_o___std_exception_destroy
_o__wtoi
_o_calloc
_o_ceilf
_o_free
memmove
_o_malloc
_o_memcpy_s
_o_realloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncat_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstol
_o_wcstoll
_o_wcstoul
_o_wcstoull
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o___std_exception_copy
_o__cexit
wcsrchr
wcschr
strchr
_o__callnewh
_o__execute_onexit_table
_o__errno
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o__crt_atexit
_o___stdio_common_vsnprintf_s
_o____lc_codepage_func
__std_terminate
__CxxFrameHandler4
_o__configure_narrow_argv
_local_unwind
memcmp
_o___std_type_info_destroy_list
memcpy

api-ms-win-crt-string-l1-1-0

wcscmp
wcsncmp
memmove_s
wcsnlen
memset
strcmp

appxdeploymentserver

PackageRepositoryAllocate
AppXApplyTrustLabelToFolder
PackageRepositoryFree
AppXSetTrustLabelOnPackage

staterepository.core

sqlite3_bind_int
sqlite3_stmt_busy
sqlite3_bind_int64
sqlite3_close
sqlite3_open_v2
sqlite3_extended_errcode
sqlite3_file_control
sqlite3_bind_text16
sqlite3_extended_result_codes
sqlite3_db_config
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint_v2
sqlite3_changes
sqlite3_total_changes
sqlite3_get_autocommit
sqlite3_last_insert_rowid
sqlite3_column_type
sqlite3_column_blob
sqlite3_next_stmt
sqlite3_db_filename
sqlite3_step
sqlite3_sql
sqlite3_reset
sqlite3_column_int
sqlite3_busy_timeout
sqlite3_db_status
sqlite3_create_function_v2
sqlite3_user_data
sqlite3_result_error_nomem
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_int64
sqlite3_result_int
sqlite3_value_type
sqlite3_value_text16
sqlite3_value_int
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_malloc
sqlite3_result_blob
sqlite3_free
sqlite3_value_int64
sqlite3_result_text16
sqlite3_value_text
sqlite3_errcode
sqlite3_column_int64
sqlite3_errmsg
sqlite3_prepare_v2
sqlite3_exec
sqlite3_config
sqlite3_trace
sqlite3_clear_bindings
sqlite3_column_text16
sqlite3_profile
sqlite3_snprintf
sqlite3_expanded_sql
sqlite3_db_handle
sqlite3_status
sqlite3_column_text
sqlite3_finalize
sqlite3_log
sqlite3_bind_blob
sqlite3_bind_null
sqlite3_column_bytes

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
CreateEventW
CreateSemaphoreExW
AcquireSRWLockExclusive
ReleaseSRWLockShared
EnterCriticalSection
DeleteCriticalSection
ReleaseSRWLockExclusive
ReleaseSemaphore
AcquireSRWLockShared
CreateMutexExW
LeaveCriticalSection
InitializeCriticalSectionEx
SetEvent
WaitForSingleObject
ReleaseMutex
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
CreateProcessAsUserW
GetCurrentThread
ProcessIdToSessionId
GetExitCodeProcess
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
CreateProcessW
OpenProcessToken
SetThreadToken
OpenThreadToken

api-ms-win-core-localization-l1-2-0

FormatMessageW
FormatMessageA

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
FreeLibrary
GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventActivityIdControl
EventSetInformation
EventWriteTransfer

oleaut32

VariantClear
SysAllocString
SysFreeString
SysAllocStringLen
VariantInit

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringLen
WindowsPromoteStringBuffer
WindowsPreallocateStringBuffer
WindowsCreateStringReference
WindowsConcatString
WindowsDeleteString
WindowsDeleteStringBuffer
WindowsGetStringRawBuffer
WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDuplicateString
WindowsCompareStringOrdinal

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegGetValueW
RegCreateKeyExW
RegSetValueExW
RegDeleteTreeW
RegCloseKey
RegDeleteValueW
RegOpenCurrentUser
RegEnumKeyExW
RegCopyTreeW
RegOpenKeyExW
RegDeleteKeyExW
RegQueryInfoKeyW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureStackBackTrace
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount64
GetLocalTime
GetSystemInfo
GlobalMemoryStatusEx
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegSaveKeyW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW
MultiByteToWideChar
CompareStringEx
WideCharToMultiByte

api-ms-win-security-base-l1-1-0

EqualSid
CreateWellKnownSid
GetTokenInformation
AddAce
IsValidSid
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
FreeSid
GetLengthSid
CopySid
SetSecurityDescriptorDacl
GetAclInformation

api-ms-win-core-com-l1-1-0

CoEnableCallCancellation
CoCancelCall
CoSetProxyBlanket
CoTaskMemFree
StringFromGUID2
CoDisableCallCancellation
CoCreateGuid
CoGetClassObject
IIDFromString
CoTaskMemAlloc
CoCreateInstance

api-ms-win-core-file-l1-1-0

FindClose
FindFirstFileW
RemoveDirectoryW
DeleteFileW
WriteFile
GetFileAttributesW
SetFileAttributesW
ReadFile
CreateFileW
GetFileSize
CreateDirectoryW
FindNextFileW

ntdll

EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlEqualUnicodeString
RtlUpcaseUnicodeChar
NtQueryKey
NtQueryValueKey
NtEnumerateValueKey
NtSetValueKey
RtlWow64IsWowGuestMachineSupported
RtlDeriveCapabilitySidsFromName
RtlValidSid
RtlLengthSid
RtlFreeHeap
RtlIsMultiUsersInSessionSku
NtQueryInformationThread
NtQueryInformationFile
RtlNtStatusToDosErrorNoTeb
NtQueryInformationProcess
RtlAllocateHeap
RtlReleaseRelativeName
RtlIsMultiSessionSku
RtlNtStatusToDosError
RtlRunOnceComplete
RtlRunOnceBeginInitialize
RtlFindNextForwardRunClear
RtlNumberOfSetBits
RtlInitializeSRWLock
NtAdjustPrivilegesToken
RtlDosPathNameToNtPathName_U
NtDelayExecution
NtOpenThreadToken
NtQueryObject
RtlImpersonateSelf
NtDeviceIoControlFile
NtWaitForSingleObject
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
NtSetInformationThread
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
RtlPublishWnfStateData
NtSetInformationFile
NtOpenFile
NtSetInformationVirtualMemory
RtlConvertSidToUnicodeString
RtlFreeUnicodeString
NtQueryInformationToken
RtlCopySid
RtlDetermineDosPathNameType_U
RtlCompareUnicodeString
RtlGetDeviceFamilyInfoEnum
NtQuerySystemInformation
RtlEnumerateGenericTableWithoutSplayingAvl
RtlExpandEnvironmentStrings_U
RtlInitUnicodeString
RtlFreeSid
RtlInsertElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlDowncaseUnicodeString
RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlReportException
RtlAllocateAndInitializeSid
RtlInitUnicodeStringEx
RtlpEnsureBufferSize
RtlNtPathNameToDosPathName
RtlAddAce
NtClose
NtAccessCheck
NtQueryEaFile
NtCreateFile
RtlDosPathNameToNtPathName_U_WithStatus
NtFsControlFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchRemoveBackslash
PathCchAppend
PathCchSkipRoot
PathCchRemoveFileSpec
PathCchCombine
PathAllocCanonicalize

api-ms-win-shcore-thread-l1-1-0

SHCreateThreadWithHandle

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsPrefixW
PathFindFileNameW
PathFindExtensionW

api-ms-win-core-file-l1-2-2

FindNextFileNameW
FindFirstFileNameW

api-ms-win-core-file-l2-1-0

CopyFileExW
MoveFileExW
CreateHardLinkW
GetFileInformationByHandleEx

api-ms-win-security-cryptoapi-l1-1-0

CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptAcquireContextW
CryptCreateHash

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-security-trustee-l1-1-0

BuildTrusteeWithSidW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

api-ms-win-service-winsvc-l1-1-0

ChangeServiceConfig2A
ControlService

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CreateServiceW
CloseServiceHandle
DeleteService
OpenServiceW

api-ms-win-service-management-l2-1-0

SetServiceObjectSecurity
ChangeServiceConfig2W
NotifyServiceStatusChangeW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError
RoTransformError

api-ms-win-core-wow64-l1-1-1

GetSystemWow64Directory2W
Wow64SetThreadDefaultGuestMachine

api-ms-win-core-com-private-l1-1-0

CoGetModuleArchitecture

rpcrt4

UuidToStringW
UuidCreate
UuidFromStringW
RpcStringFreeW

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-security-lsalookup-l1-1-0

LsaLookupOpenLocalPolicy
LsaLookupClose
LsaLookupFreeMemory
LsaLookupGetDomainInfo

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-windowserrorreporting-l1-1-1

WerRegisterCustomMetadata

combase

ord153

kernel32

GetWindowsDirectoryW
DeviceIoControl
GetFileAttributesExW
CreateSymbolicLinkW
SetFileInformationByHandle
GetTempFileNameW
FindFirstFileExW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
InitializeCriticalSectionAndSpinCount
FileTimeToSystemTime
GetModuleHandleExA
GetVersionExW
GlobalFree
GlobalAlloc
TlsAlloc
GetVolumeNameForVolumeMountPointW
TlsGetValue
TlsFree
TlsSetValue
GetFinalPathNameByHandleW
GetFileSizeEx
GetVolumePathNameW
CopyFileW
InitializeSRWLock

ole32

CreateStreamOnHGlobal
CoGetApartmentType
CoTaskMemRealloc
PropVariantClear

advapi32

RegGetKeySecurity
GetAce
GetSidSubAuthority
InitializeAcl
IsValidSecurityDescriptor
ImpersonateLoggedOnUser
RevertToSelf
IsWellKnownSid
GetSidSubAuthorityCount
DuplicateTokenEx
AddAccessAllowedAceEx
DeleteAce
AllocateAndInitializeSid
ImpersonateSelf
AdjustTokenPrivileges
TreeResetNamedSecurityInfoW
GetFileSecurityW
AccessCheck
GetSecurityInfo

shlwapi

ord12
PathFileExistsW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken

bindfltapi

BfRemoveMappingEx
BfSetupFilterEx

appxdeploymentclient

ord26

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

profapi

ord104

ntmarta

AccTreeResetNamedSecurityInfo

api-ms-win-eventing-tdh-l1-1-0

TdhGetEventMapInformation
TdhEnumerateProviderFieldInformation
TdhGetEventInformation

fltlib

FilterSendMessage
FilterConnectCommunicationPort

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-shcore-registry-l1-1-0

SHSetValueW

propsys

PropVariantToStringVectorAlloc
PSCreateMemoryPropertyStore

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-string-l2-1-0

CharLowerBuffW

Exports

Exports

CreateRegistryCompatibilityCollector
CreateRegistryCompatibilityCollectorForUserOrSystemRegister
CreateRegistryCompatibilityManager
LoadCategoryNameTable
LoadExtensionRegistrationTable
ShellRefresh

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGECMRC
Size: 4KB - Virtual size: 130B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 520KB - Virtual size: 516KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 276KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppXDeploymentExtensions.onecore.dll
.dll windows:10 windows x64 arch:x64

de854b87fef01dc4aa3c1b5a323d550f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppxDeploymentExtensions.OneCore.pdb

Imports

msvcp_win

?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??Bid@locale@std@@QEAA_KXZ
?setf@ios_base@std@@QEAAHHH@Z
?_Xbad_alloc@std@@YAXXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?fail@ios_base@std@@QEBA_NXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@2V0locale@2@A
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?get@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEBA?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBG4@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__ui64tow_s
_o__wcsicmp
_o__wcsnicmp
_o__wcstoui64
_o__wtoi
_o_ceilf
_o_free
memmove
_o_malloc
_o_memcpy_s
_o_realloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcstok_s
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
wcsrchr
wcsstr
wcschr
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o____lc_codepage_func
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
memmove_s
strcmp
wcscmp

shcore

IsOS
ord131
SHSetValueW

appxdeploymentserver

RequestPackageOperationImplementation
PackageRepositoryFree
PackageRepositoryAllocate
GetSessionIdsOwnedByUser

staterepository.core

sqlite3_bind_text16
sqlite3_value_type
sqlite3_result_error_nomem
sqlite3_column_text
sqlite3_column_bytes
sqlite3_column_text16
sqlite3_column_blob
sqlite3_column_type
sqlite3_stmt_busy
sqlite3_sql
sqlite3_bind_int64
sqlite3_user_data
sqlite3_bind_int
sqlite3_db_handle
sqlite3_log
sqlite3_bind_null
sqlite3_status
sqlite3_finalize
sqlite3_create_function_v2
sqlite3_expanded_sql
sqlite3_bind_blob
sqlite3_errmsg
sqlite3_snprintf
sqlite3_result_int64
sqlite3_profile
sqlite3_column_int64
sqlite3_clear_bindings
sqlite3_reset
sqlite3_step
sqlite3_config
sqlite3_db_status
sqlite3_exec
sqlite3_next_stmt
sqlite3_get_autocommit
sqlite3_prepare_v2
sqlite3_result_int
sqlite3_result_error16
sqlite3_value_text
sqlite3_close
sqlite3_result_text16
sqlite3_errcode
sqlite3_open_v2
sqlite3_value_int64
sqlite3_extended_errcode
sqlite3_file_control
sqlite3_extended_result_codes
sqlite3_db_config
sqlite3_free
sqlite3_result_blob
sqlite3_value_text16
sqlite3_value_int
sqlite3_value_blob
sqlite3_malloc
sqlite3_wal_autocheckpoint
sqlite3_trace
sqlite3_value_bytes
sqlite3_db_filename
sqlite3_wal_checkpoint_v2
sqlite3_changes
sqlite3_total_changes
sqlite3_last_insert_rowid
sqlite3_result_error_code
sqlite3_column_int
sqlite3_busy_timeout

api-ms-win-core-synch-l1-1-0

CreateMutexExW
CreateEventW
InitializeSRWLock
ResetEvent
SetEvent
CreateSemaphoreExW
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseMutex
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
EnterCriticalSection
AcquireSRWLockShared
CreateEventExW
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TlsSetValue
TlsGetValue
SetThreadToken
TlsAlloc
ProcessIdToSessionId
TerminateProcess
GetCurrentProcess
OpenThreadToken
GetCurrentThread
GetCurrentProcessId
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageA
FormatMessageW
LCMapStringEx

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadLibraryExW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExA
FreeLibrary
GetModuleHandleExW

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventSetInformation
EventWriteTransfer
EventRegister

oleaut32

VariantClear
SysAllocStringLen
VariantInit
SysFreeString
SysAllocString

api-ms-win-core-winrt-string-l1-1-0

WindowsCompareStringOrdinal
WindowsConcatString
WindowsDuplicateString
WindowsIsStringEmpty
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringLen
WindowsPromoteStringBuffer
WindowsDeleteStringBuffer
WindowsPreallocateStringBuffer
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegEnumValueW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegDeleteTreeW
RegGetKeySecurity
RegGetValueW
RegQueryValueExW
RegSetKeySecurity
RegDeleteKeyExW
RegDeleteValueW
RegLoadAppKeyW
RegQueryInfoKeyW
RegOpenCurrentUser

ntdll

RtlWow64IsWowGuestMachineSupported
RtlPublishWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlGetDaclSecurityDescriptor
RtlExpandEnvironmentStrings_U
NtQuerySystemInformation
RtlGetAce
RtlIsStateSeparationEnabled
NtSetInformationThread
NtQueryInformationToken
RtlValidSid
RtlIsMultiSessionSku
NtDeleteWnfStateName
NtMapViewOfSection
RtlIsMultiUsersInSessionSku
NtQueryInformationThread
NtQueryInformationProcess
RtlAllocateAndInitializeSid
RtlCopySid
RtlCreateAcl
RtlAddProcessTrustLabelAce
RtlCreateSecurityDescriptor
RtlSetSaclSecurityDescriptor
NtSetSecurityObject
RtlConvertSidToUnicodeString
RtlFreeUnicodeString
RtlEqualUnicodeString
RtlUpcaseUnicodeChar
ZwClose
EtwEventRegister
EtwEventWrite
EtwEventUnregister
NtUnmapViewOfSection
ZwOpenFile
RtlFreeHeap
NtQueryInformationFile
RtlDeriveCapabilitySidsFromName
RtlFreeSid
NtClose
RtlAddAce
RtlLengthSid
ZwSetEaFile
NtSetInformationVirtualMemory
NtCreateSection
RtlAllocateHeap
NtAccessCheck
RtlNtStatusToDosErrorNoTeb
ZwFlushBuffersFileEx
NtFsControlFile
RtlInitializeGenericTableAvl
RtlInitUnicodeString
RtlCompareUnicodeString
RtlLookupElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
NtCreateFile
RtlDeleteElementGenericTableAvl
RtlDosPathNameToNtPathName_U_WithStatus
RtlReportException
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlDeleteCriticalSection
RtlExpandEnvironmentStrings
RtlInitializeCriticalSection
RtlDowncaseUnicodeString
RtlDetermineDosPathNameType_U
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
NtCreateLowBoxToken
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureStackBackTrace
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetWindowsDirectoryW
GlobalMemoryStatusEx
GetSystemDirectoryW
GetLocalTime
GetSystemInfo
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead

api-ms-win-security-base-l1-1-0

GetTokenInformation
FreeSid
GetLengthSid
CopySid
AddAccessAllowedAceEx
EqualSid
AddAce
DestroyPrivateObjectSecurity
ImpersonateSelf
SetSecurityDescriptorControl
GetSecurityDescriptorOwner
CreateWellKnownSid
InitializeAcl
GetAce
GetSecurityDescriptorGroup
GetAclInformation
ImpersonateLoggedOnUser
DeleteAce
CreatePrivateObjectSecurityEx
IsWellKnownSid
AdjustTokenPrivileges
AllocateAndInitializeSid
GetSidSubAuthority
GetSidSubAuthorityCount
AccessCheck
GetFileSecurityW
RevertToSelf
IsValidSid
MakeSelfRelativeSD
SetSecurityDescriptorGroup
SetSecurityAccessMask
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorDacl

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW
LookupPrivilegeValueW

api-ms-win-core-file-l1-1-0

FindFirstFileW
CreateDirectoryW
GetFinalPathNameByHandleW
FindNextFileW
WriteFile
GetFileSizeEx
GetFileInformationByHandle
DeleteFileW
FindFirstFileExW
ReadFile
SetFileInformationByHandle
CreateFileW
RemoveDirectoryW
GetFileAttributesW
FindClose
SetFileAttributesW
GetFileAttributesExW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
WideCharToMultiByte
CompareStringOrdinal
CompareStringEx

api-ms-win-core-com-l1-1-0

IIDFromString
StringFromCLSID
CoTaskMemRealloc
CoGetApartmentType
CoSetProxyBlanket
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles
CoCreateInstance
CoTaskMemFree
CoCreateGuid
StringFromGUID2
CLSIDFromString

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-psapi-l1-1-0

K32EnumProcesses
QueryFullProcessImageNameW

userenv

ord210
ord213
ord212
GetProfileType
ord218

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegEnumKeyW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-file-l2-1-0

MoveFileExW
CreateHardLinkW
CopyFileExW
CreateSymbolicLinkW
GetFileInformationByHandleEx

api-ms-win-core-sysinfo-l2-1-0

GetUserNameW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoTransformError
RoOriginateError

api-ms-win-security-sddl-l1-1-0

ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

rpcrt4

UuidToStringW
RpcExceptionFilter
RpcBindingCreateW
RpcBindingFree
RpcBindingBind
I_RpcExceptionFilter
UuidCreate
NdrClientCall2
UuidFromStringW
RpcStringFreeW

profapi

ord103
ord107
ord114
ord104

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-security-provider-l1-1-0

GetSecurityInfo
SetNamedSecurityInfoW
SetEntriesInAclW
SetSecurityInfo
GetNamedSecurityInfoW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabledForPackage2

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchAppend
PathAllocCanonicalize
PathAllocCombine
PathCchRemoveFileSpec
PathCchSkipRoot
PathCchRemoveBackslash

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsFileSpecW
PathFindFileNameW
PathFindExtensionW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-com-private-l1-1-0

CoGetModuleArchitecture

api-ms-win-security-cryptoapi-l1-1-0

CryptDestroyHash
CryptHashData
CryptAcquireContextW
CryptGetHashParam
CryptReleaseContext
CryptCreateHash

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-security-lsalookup-l1-1-0

LsaLookupGetDomainInfo
LsaLookupFreeMemory
LsaLookupClose
LsaLookupOpenLocalPolicy

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetTempPathW

api-ms-win-core-windowserrorreporting-l1-1-1

WerRegisterCustomMetadata

api-ms-win-core-processthreads-l1-1-3

GetProcessInformation

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

combase

ord154
ord153

mrmcorer

ResourceManagerQueueGetCurrentDepth
ResourceManagerQueueGetMrtCachePathForPackage
GetInternalReferenceBlobForManifestValue
ResourceManagerQueueReset

api-ms-win-net-isolation-l1-1-0

NetworkIsolationSetupAppContainerBinaries

api-ms-win-core-wow64-l1-1-1

GetSystemWow64Directory2W

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

api-ms-win-eventing-tdh-l1-1-0

TdhGetEventMapInformation
TdhEnumerateProviderFieldInformation
TdhGetEventInformation

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntmarta

AccTreeResetNamedSecurityInfo

Exports

Exports

LoadCategoryNameTable
LoadExtensionRegistrationTable
PackageRequiresCustomCapability
ShellRefresh

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 676KB - Virtual size: 672KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 276KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppXDeploymentServer.dll
.dll windows:10 windows x64 arch:x64

fc6ce248cf65e119e1c8bc4e8a2054a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppxDeploymentServer.pdb

Imports

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

wcscmp
memset
wcsncmp
strcmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__stricmp
_o__ui64tow_s
_o__ultow_s
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
_o__wcstoui64
_o__wtoi
_o_abort
_o_calloc
_o_ceilf
memmove
_o_free
_o_iswspace
_o_malloc
_o_qsort
_o_realloc
_o_strncpy_s
_o_strtol
_o_terminate
_o_wcscpy_s
_o_wcsncat_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
wcsstr
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__get_errno
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
strchr
wcsrchr
wcschr
__std_terminate
__CxxFrameHandler4
_local_unwind
memcmp
memcpy

ntdll

RtlAddFunctionTable
NtCreateWnfStateName
RtlWaitForWnfMetaNotification
RtlDeleteCriticalSection
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlGetDeviceFamilyInfoEnum
NtQueryInformationThread
RtlIsMultiSessionSku
RtlReportExceptionEx
RtlCaptureContext
RtlDeleteSecurityObject
NtAccessCheck
RtlCreateAndSetSD
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlAllocateAndInitializeSid
RtlIsStateSeparationEnabled
RtlQueryPackageClaims
ZwFlushBuffersFileEx
RtlAllocateHeap
NtUnmapViewOfSection
NtMapViewOfSection
RtlDeleteFunctionTable
RtlValidSid
RtlFreeUnicodeString
RtlDowncaseUnicodeString
RtlDetermineDosPathNameType_U
RtlConvertSidToUnicodeString
RtlLengthSid
RtlNtStatusToDosErrorNoTeb
RtlNtStatusToDosError
RtlDosPathNameToNtPathName_U
NtDelayExecution
NtOpenThreadToken
NtQueryObject
RtlImpersonateSelf
NtAdjustPrivilegesToken
NtDeviceIoControlFile
NtWaitForSingleObject
NtQueryInformationToken
NtCreateSection
EtwEventUnregister
EtwEventWrite
EtwEventRegister
NtClose
RtlIsGenericTableEmptyAvl
NtDeleteWnfStateName
RtlIsMultiUsersInSessionSku
RtlFreeSid
RtlNumberGenericTableElementsAvl
RtlPublishWnfStateData
RtlFreeHeap
RtlLookupElementGenericTableAvl
NtSetInformationThread
RtlEnterCriticalSection
RtlQueryWnfStateData
RtlExpandEnvironmentStrings_U
RtlLeaveCriticalSection
RtlInitUnicodeString
RtlCompareUnicodeString
RtlEqualUnicodeString
RtlUpcaseUnicodeChar
RtlInitializeGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlDeleteElementGenericTableAvl
RtlEnumerateGenericTableAvl
RtlInsertElementGenericTableAvl
RtlWow64IsWowGuestMachineSupported
RtlCopySid
RtlReportException
NtQuerySystemInformation
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlInitializeCriticalSection
RtlExpandEnvironmentStrings
NtQuerySecurityObject
RtlGetAppContainerNamedObjectPath
NtOpenDirectoryObject
RtlDeriveCapabilitySidsFromName
NtGetCachedSigningLevel
NtCompareSigningLevels
RtlFindAceByType
RtlCreateSecurityDescriptor
RtlCreateAcl
NtQueryLicenseValue
NtSetSecurityObject
RtlAddProcessTrustLabelAce
RtlSetSaclSecurityDescriptor
RtlGetPersistedStateLocation
NtQueryInformationFile
ZwQuerySecurityAttributesToken
ZwQueryEaFile
NtSetCachedSigningLevel2
NtQueryInformationProcess
NtFsControlFile
NtSetInformationFile
RtlReleaseRelativeName
NtOpenFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
RtlNtPathNameToDosPathName
RtlpEnsureBufferSize
RtlAddAce
NtSetInformationVirtualMemory
RtlDosPathNameToNtPathName_U_WithStatus
NtCreateFile
RtlInitUnicodeStringEx
RtlEqualSid

combase

ord153
GetErrorInfo
SetErrorInfo
ord148

staterepository.core

sqlite3_vfs_find
sqlite3_status
sqlite3_expanded_sql
sqlite3_snprintf
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_profile
sqlite3_trace
sqlite3_config
sqlite3_enable_shared_cache
sqlite3_shutdown
sqlite3_initialize
sqlite3_step
sqlite3_reset
sqlite3_finalize
sqlite3_db_handle
sqlite3_sql
sqlite3_column_type
sqlite3_close
sqlite3_errmsg
sqlite3_column_blob
sqlite3_log
sqlite3_column_text16
sqlite3_column_bytes
sqlite3_open_v2
sqlite3_extended_errcode
sqlite3_file_control
sqlite3_column_text
sqlite3_extended_result_codes
sqlite3_column_int64
sqlite3_column_int
sqlite3_bind_blob
sqlite3_get_autocommit
sqlite3_db_config
sqlite3_bind_text16
sqlite3_wal_autocheckpoint
sqlite3_bind_int64
sqlite3_bind_int
sqlite3_bind_null
sqlite3_clear_bindings
sqlite3_exec
sqlite3_wal_checkpoint_v2
sqlite3_changes
sqlite3_stmt_busy
sqlite3_total_changes
sqlite3_last_insert_rowid
sqlite3_prepare_v2
sqlite3_value_text
sqlite3_result_text16
sqlite3_value_int64
sqlite3_free
sqlite3_db_filename
sqlite3_result_blob
sqlite3_malloc
sqlite3_busy_timeout
sqlite3_db_status
sqlite3_next_stmt
sqlite3_errcode
sqlite3_create_function_v2
sqlite3_user_data
sqlite3_result_error_nomem
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_int64
sqlite3_result_int
sqlite3_value_type
sqlite3_value_text16
sqlite3_value_bytes
sqlite3_value_blob
sqlite3_value_int

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleFileNameW
GetModuleFileNameA
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleExA
FreeLibrary
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

SetEvent
CreateMutexExW
AcquireSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockShared
CreateWaitableTimerExW
DeleteCriticalSection
ResetEvent
ReleaseMutex
WaitForSingleObject
SetWaitableTimer
ReleaseSemaphore
CreateEventExW
CreateEventW
OpenEventW
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockExclusive
CancelWaitableTimer
EnterCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
InitializeSRWLock
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
RaiseException
SetLastError

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolCleanupGroupMembers
SubmitThreadpoolWork
CloseThreadpool
CloseThreadpoolCleanupGroup
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
CreateThreadpool
CreateThreadpoolWork
SetThreadpoolThreadMaximum
CreateThreadpoolCleanupGroup
CloseThreadpoolWork
SetThreadpoolThreadMinimum
TrySubmitThreadpoolCallback

api-ms-win-core-processthreads-l1-1-0

CreateProcessAsUserW
UpdateProcThreadAttribute
GetCurrentProcess
InitializeProcThreadAttributeList
CreateThread
SetThreadToken
ProcessIdToSessionId
GetProcessTimes
TlsSetValue
TerminateProcess
GetExitCodeProcess
TlsGetValue
ExitProcess
TlsFree
TlsAlloc
GetCurrentThreadId
OpenProcessToken
ResumeThread
OpenThreadToken
OpenThread
GetCurrentProcessId
SetThreadPriority
GetCurrentThread

api-ms-win-core-localization-l1-2-0

GetSystemPreferredUILanguages
LCMapStringEx
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemDirectoryW
GetVersionExW
GlobalMemoryStatusEx
GetWindowsDirectoryW
GetTickCount64
GetSystemInfo
GetSystemTimeAsFileTime

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep
WaitOnAddress
WakeByAddressAll

api-ms-win-core-file-l1-1-0

GetTempFileNameW
GetVolumeInformationW
SetFilePointerEx
FindFirstFileW
GetDriveTypeW
CreateFileW
GetVolumeInformationByHandleW
DeleteFileW
WriteFile
SetFileAttributesW
FindClose
GetFileAttributesW
CompareFileTime
RemoveDirectoryW
SetEndOfFile
CreateDirectoryW
GetFinalPathNameByHandleW
ReadFile
GetFileSizeEx
SetFilePointer
GetFileInformationByHandle
GetFileAttributesExW
FindFirstFileExW
FlushFileBuffers
GetVolumePathNameW
FindNextFileW
GetFileType
SetFileInformationByHandle
GetFileTime

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus
MoveFileW

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegEnumValueW
RegSetKeySecurity
RegEnumKeyExW
RegGetKeySecurity
RegFlushKey
RegDeleteTreeW
RegDeleteKeyExW
RegLoadAppKeyW
RegCreateKeyExW
RegSetValueExW
RegGetValueW
RegOpenUserClassesRoot
RegOpenCurrentUser
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
AddAccessAllowedAce
GetFileSecurityW
DuplicateTokenEx
ImpersonateLoggedOnUser
AccessCheck
EqualSid
DeleteAce
IsValidSid
ImpersonateSelf
CheckTokenMembership
DuplicateToken
CopySid
GetLengthSid
CreateWellKnownSid
GetTokenInformation
InitializeSecurityDescriptor
CreatePrivateObjectSecurityEx
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
FreeSid
GetSecurityDescriptorDacl
SetSecurityAccessMask
GetAce
GetSecurityDescriptorSacl
RevertToSelf
GetSidSubAuthority
GetSidSubAuthorityCount
IsWellKnownSid
AdjustTokenPrivileges
DestroyPrivateObjectSecurity
GetSecurityDescriptorOwner
SetSecurityDescriptorGroup
InitializeAcl
AddAccessAllowedAceEx
CreateRestrictedToken
SetSecurityDescriptorControl
MakeSelfRelativeSD
SetTokenInformation

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindNextComponentW
PathStripPathW
PathFindFileNameW
PathFileExistsW
PathGetDriveNumberW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-url-l1-1-0

UrlCreateFromPathW
PathCreateFromUrlW

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-io-l1-1-1

CancelSynchronousIo

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW
WaitForMultipleObjects

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabledForPackage

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchCombine
PathCchAppend
PathAllocCombine
PathCchRemoveBackslash
PathCchSkipRoot
PathAllocCanonicalize

api-ms-win-core-file-l2-1-0

MoveFileExW
CreateHardLinkW
CopyFileExW
CreateSymbolicLinkW
GetFileInformationByHandleEx

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree
VirtualProtect
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPopEntrySList
InterlockedFlushSList
InterlockedPushEntrySList

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask
GetNativeSystemInfo

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW
K32EnumProcesses

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW
GetTempPathW

api-ms-win-core-io-l1-1-0

CancelIoEx
GetOverlappedResult
DeviceIoControl

userenv

DeleteAppContainerProfile
DeriveAppContainerSidFromAppContainerName
ord218
ord210
CreateAppContainerProfile
ord213
GetProfileType
ord212

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-file-l1-2-2

FindNextFileNameW
FindFirstFileNameW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-wow64-l1-1-1

GetSystemWow64Directory2W
GetSystemWow64DirectoryW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

api-ms-win-core-windowserrorreporting-l1-1-1

WerRegisterCustomMetadata

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

mrmdeploy

GetOrCreatePriFileForAvailablePackages

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

AddToPurgeList
AppXApplyTrustLabelToFolder
AppXSetTrustLabelOnPackage
CancelDeploymentImplementation
CreateCanonicalPriFileImplementation
CreateWnfStateNameImplementation
DllCanUnloadNow
DllGetActivationFactory
EnumPackagesByUserSidInternal
EnumPackagesByUserSidNamePublisherInternal
EnumPackagesByUserSidPackageFamilyNameInternal
EnumProvisionedPackagesInternal
EnumVisibilityByPackageFullNameInternal
FindPackageByUserSidPackageFullNameInternal
GenerateBytecodeForPackageImplementation
GenerateBytecodeForPackagesImplementation
GetApplicability5Implementation
GetApplicabilityForPackageImplementation
GetApplicabilityImplementation
GetDeploymentError
GetPackageFilesDiskUsageImplementation
GetPackageFilesDiskUsagePerVolumeImplementation
GetSessionIdsOwnedByUser
IsPackageInstalledInternal
MergeSystemResourceFilesImplementation
PackageRepositoryAllocate
PackageRepositoryFree
PackageStatusOperationImplementation
PackageVolumeStatusImplementation
RDSRecoverRequestsImplementation
RepairResourcesPriAclsImplementation
RequestPackageOperationImplementation
ServerSideRequestContentGroupsImplementation
ServiceMain
SetDeploymentError
SetPackageStatusBlockingForUserImplementation
SetPackageStatusBlockingImplementation
StartDeploymentImplementation
SvchostPushServiceGlobals

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 276KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ApplyTrustOffline.exe
.exe windows:10 windows x64 arch:x64

ce259a9ec10b5a939b4b54e8324ff58c

Code Sign

33:00:00:04:70:69:f2:ac:06:49:04:ec:1c:00:00:00:00:04:70
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/02/2024, 19:22

Not After

07/02/2025, 19:22

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

da:2b:51:5f:10:92:3d:c6:de:ba:96:f2:f0:40:f7:fc:16:6e:79:c8:ca:d7:dd:5d:6e:de:cd:d2:52:61:52:fe
Signer

Actual PE Digest

da:2b:51:5f:10:92:3d:c6:de:ba:96:f2:f0:40:f7:fc:16:6e:79:c8:ca:d7:dd:5d:6e:de:cd:d2:52:61:52:fe

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ApplyTrustOffline.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__stricmp
_o__wcslwr
_o__wcsnicmp
memmove
_o_exit
_o_free
_o_malloc
_o_memcpy_s
_o_terminate
_o_wcscpy_s
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o__get_initial_wide_environment
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
wcsrchr
__CxxFrameHandler4
__std_terminate
wcsstr
__CxxFrameHandler3
_o__configthreadlocale
_o__cexit
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
_o___acrt_iob_func
wcschr
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

strcmp
memset

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleExA

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemFree
CoInitializeEx
StringFromGUID2
CoUninitialize

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TlsSetValue
GetCurrentThread
TerminateProcess
GetCurrentProcessId
OpenProcessToken
OpenThreadToken
ProcessIdToSessionId
TlsGetValue
TlsAlloc
GetCurrentProcess
SetThreadToken

api-ms-win-core-memory-l1-1-0

MapViewOfFile
VirtualProtect
CreateFileMappingW
UnmapViewOfFile
VirtualAlloc
VirtualFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-rtlsupport-l1-1-0

RtlDeleteFunctionTable
RtlCaptureContext
RtlCaptureStackBackTrace
RtlAddFunctionTable
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetLocalTime
GetSystemInfo
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GlobalMemoryStatusEx

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

staterepository.core

sqlite3_column_bytes
sqlite3_column_text16
sqlite3_column_text
sqlite3_bind_blob
sqlite3_column_blob
sqlite3_bind_text16
sqlite3_column_type
sqlite3_stmt_busy
sqlite3_sql
sqlite3_db_handle
sqlite3_log
sqlite3_bind_int64
sqlite3_finalize
sqlite3_errmsg
sqlite3_expanded_sql
sqlite3_reset
sqlite3_step
sqlite3_bind_int
sqlite3_column_int64
sqlite3_next_stmt
sqlite3_bind_null
sqlite3_get_autocommit
sqlite3_close
sqlite3_open_v2
sqlite3_extended_errcode
sqlite3_file_control
sqlite3_extended_result_codes
sqlite3_db_config
sqlite3_clear_bindings
sqlite3_exec
sqlite3_wal_checkpoint_v2
sqlite3_changes
sqlite3_total_changes
sqlite3_last_insert_rowid
sqlite3_db_filename
sqlite3_errcode
sqlite3_column_int
sqlite3_busy_timeout
sqlite3_db_status
sqlite3_create_function_v2
sqlite3_user_data
sqlite3_result_error_nomem
sqlite3_result_error16
sqlite3_snprintf
sqlite3_result_error_code
sqlite3_result_int64
sqlite3_result_int
sqlite3_profile
sqlite3_value_type
sqlite3_value_text16
sqlite3_value_int
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_malloc
sqlite3_result_blob
sqlite3_free
sqlite3_value_int64
sqlite3_trace
sqlite3_result_text16
sqlite3_wal_autocheckpoint
sqlite3_value_text
sqlite3_prepare_v2

api-ms-win-appmodel-runtime-internal-l1-1-1

GetPackageFullNameFromToken
GetPackageStatus
UpdatePackageStatus
IncrementPackageStatusVersion

api-ms-win-appmodel-runtime-internal-l1-1-2

GetEffectivePackageStatusForUser
PackageSidFromFamilyName

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

ntdll

NtFsControlFile
NtQueryInformationProcess
NtQueryInformationFile
RtlCompareUnicodeString
RtlValidSid
RtlFreeUnicodeString
NtCreateFile
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
NtSetInformationVirtualMemory
RtlReportException
RtlInitializeCriticalSection
RtlNtStatusToDosErrorNoTeb
NtGetCachedSigningLevel
NtCompareSigningLevels
RtlIsStateSeparationEnabled
RtlFindAceByType
RtlCreateSecurityDescriptor
RtlEqualSid
RtlLeaveCriticalSection
NtQueryInformationThread
RtlCreateAcl
RtlInsertElementGenericTableAvl
NtQueryLicenseValue
RtlFreeSid
RtlEnterCriticalSection
RtlIsMultiUsersInSessionSku
RtlAllocateHeap
RtlLengthSid
RtlInitializeGenericTableAvl
NtSetSecurityObject
RtlConvertSidToUnicodeString
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlAllocateAndInitializeSid
NtSetInformationThread
RtlLookupElementGenericTableAvl
RtlAddProcessTrustLabelAce
RtlAcquireSRWLockExclusive
RtlSetSaclSecurityDescriptor
RtlReleaseSRWLockExclusive
RtlGetDeviceFamilyInfoEnum
NtQuerySystemInformation
RtlDowncaseUnicodeString
RtlFreeHeap

api-ms-win-security-provider-l1-1-0

GetSecurityInfo
SetNamedSecurityInfoW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateDirectoryW
SetFileAttributesW
FindNextFileW
GetFileSizeEx
FindClose
GetVolumePathNameW
GetVolumeInformationW
FindFirstFileW
GetFileAttributesExW
WriteFile
DeleteFileW
CreateFileW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
CreateSemaphoreExW
InitializeCriticalSectionEx
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
ReleaseSRWLockExclusive
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-security-base-l1-1-0

SetSecurityAccessMask
EqualSid
GetAce
RevertToSelf
GetLengthSid
GetTokenInformation
ImpersonateSelf
GetFileSecurityW
AccessCheck
IsValidSid
GetSecurityDescriptorOwner
ImpersonateLoggedOnUser
AdjustTokenPrivileges
CopySid

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegDeleteKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegQueryValueExW

api-ms-win-core-psapi-l1-1-0

K32EnumProcesses
QueryFullProcessImageNameW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

oleaut32

SysFreeString
SysAllocStringLen
VariantClear

api-ms-win-core-file-l2-1-2

CopyFileW

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

api-ms-win-core-path-l1-1-0

PathCchSkipRoot
PathCchRemoveBackslash
PathAllocCanonicalize
PathCchCombine

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-file-l1-2-2

FindFirstFileNameW
FindNextFileNameW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

crypt32

CertFreeCertificateChainEngine
CertGetEnhancedKeyUsage
CertFreeCertificateChain
CertFreeCertificateContext
CryptMsgClose
CertVerifyCertificateChainPolicy
CertCloseStore
CryptQueryObject
CryptMsgGetParam
CertGetSubjectCertificateFromStore
CertGetCertificateChain
CertOpenStore
CertCreateCertificateChainEngine

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-windowserrorreporting-l1-1-1

WerRegisterCustomMetadata

api-ms-win-eventing-tdh-l1-1-0

TdhEnumerateProviderFieldInformation
TdhGetEventMapInformation
TdhGetEventInformation

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 484KB - Virtual size: 482KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 656KB - Virtual size: 652KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AudioEndpointBuilder.dll
.dll windows:10 windows x64 arch:x64

84e0b0e51f9d86edce3b85ffb206d399

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AudioEndpointBuilder.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ

api-ms-win-crt-string-l1-1-0

memmove_s
wcsncmp
wcsnlen
memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wtoi
_o_calloc
_o_free
_o_malloc
_o_terminate
_o_towlower
_o_wcsncpy_s
_o_wcstoul
_o_wmemcpy_s
__current_exception
__current_exception_context
__CxxFrameHandler3
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
__C_specific_handler
__std_terminate
_o__errno
__CxxFrameHandler4
_CxxThrowException
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
DisableThreadLibraryCalls
SizeofResource
LockResource
LoadStringW
GetModuleHandleExW
FindResourceExW
GetProcAddress
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
LoadResource
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

CreateEventW
CreateSemaphoreExW
CreateMutexExW
SetEvent
InitializeCriticalSectionEx
LeaveCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DeleteCriticalSection
EnterCriticalSection
ReleaseMutex
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
ResetEvent
ReleaseSemaphore
InitializeCriticalSection

api-ms-win-core-heap-l1-1-0

HeapSize
GetProcessHeap
HeapReAlloc
HeapFree
HeapDestroy
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
SubmitThreadpoolWork
WaitForThreadpoolWaitCallbacks
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
CreateThreadpoolWork
SetThreadpoolTimer
CreateThreadpoolCleanupGroup
WaitForThreadpoolTimerCallbacks
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
CloseThreadpool
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

CreateThread
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

ntdll

EtwTraceMessage
RtlInitUnicodeString
EtwEventSetInformation
EtwEventUnregister
RtlHashUnicodeString
EtwEventWriteTransfer
RtlNtStatusToDosError
WinSqmAddToStreamEx
RtlQueryWnfStateData
RtlGetCurrentServiceSessionId
RtlGetActiveConsoleId
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlPublishWnfStateData
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
RtlIsStateSeparationEnabled
RtlDllShutdownInProgress
EtwEventRegister

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteValueW
RegCloseKey
RegDeleteTreeW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathParseIconLocationW
PathFileExistsW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-io-l1-1-0

PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatus

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-localization-private-l1-1-0

LoadStringByReference

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 412KB - Virtual size: 410KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 32B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AudioEng.dll
.dll regsvr32 windows:10 windows x64 arch:x64

71d9cf8be5fc6d6b97364f9766912856

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

00:2d:74:d2:64:63:20:9f:31:4b:51:70:da:1e:47:33:d1:07:65:ed:71:db:0a:57:fa:ac:ab:3d:f1:38:a4:1a
Signer

Actual PE Digest

00:2d:74:d2:64:63:20:9f:31:4b:51:70:da:1e:47:33:d1:07:65:ed:71:db:0a:57:fa:ac:ab:3d:f1:38:a4:1a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AUDIOENG.pdb

Imports

oleaut32

VarUI4FromStr

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap

api-ms-win-core-com-l1-1-0

StringFromCLSID
CoTaskMemFree
CoTaskMemAlloc
StringFromIID
IIDFromString
PropVariantClear
StringFromGUID2
CoTaskMemRealloc
CoCreateGuid
CoCreateFreeThreadedMarshaler
CoCreateInstance

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

SetThreadLocale
FormatMessageW
GetThreadLocale

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TlsGetValue
CreateThread
GetCurrentProcessId
TlsSetValue
GetCurrentProcess
TerminateProcess

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
LoadLibraryExW
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleW
LockResource
SizeofResource
GetModuleFileNameW
GetModuleHandleExW
GetModuleFileNameA
LoadResource
FreeLibrary

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
AcquireSRWLockExclusive
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
OpenSemaphoreW
LeaveCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
ResetEvent
CreateMutexExW
CreateSemaphoreExW
CreateEventA
InitializeCriticalSectionEx
CreateEventW
ReleaseSemaphore
SetEvent
ReleaseMutex

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegQueryValueExA
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegGetValueW
RegQueryInfoKeyW
RegDeleteKeyExW
RegNotifyChangeKeyValue
RegCreateKeyExA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceEvent
UnregisterTraceGuids
TraceMessage

rpcrt4

I_RpcExceptionFilter
RpcStringBindingComposeW
NdrClientCall3
RpcStringFreeW
RpcBindingFree
RpcBindingFromStringBindingW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce
InitOnceInitialize
Sleep

propsys

PropVariantToBuffer
PropVariantGetElementCount
PropVariantToString

api-ms-win-crt-math-l1-1-0

_finite
_isnan

api-ms-win-crt-string-l1-1-0

strncmp
memmove_s
strnlen
memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
_o__aligned_malloc
_o__wcsicmp
_o__wfopen_s
_o__wmkdir
_o__wstat32
_o__wtof
_o_acos
_o_asinf
_o_atan2
_o_atan2f
_o_atoi
_o_calloc
_o_ceil
_o_ceilf
_o_cos
_o_cosf
_o_exp
_o_expf
_o_fclose
_o_fgets
_o_floor
_o_floorf
_o_fmod
_o_fopen
_o_fread
_o_free
_o_fseek
_o_fwrite
_o_log
_o_log10f
_o_logf
_o_malloc
_o_pow
_o_powf
_o_qsort
_o_realloc
_o_sin
_o_sinf
_o_sqrt
_o_sqrtf
_o_strcat_s
_o_strcpy_s
_o_strncpy_s
_o_strtod
_o_tanf
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstombs_s
_o_wmemcpy_s
strchr
strstr
__current_exception
__current_exception_context
__CxxFrameHandler3
_o__aligned_free
_o___stdio_common_vswscanf
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsscanf
_o___stdio_common_vsprintf_s
memcmp
_o___stdio_common_vsprintf
_o__crt_atexit
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___stdio_common_vfprintf_s
_o___stdio_common_vfprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_narrow_argv
memcpy
_o___acrt_iob_func
_CxxThrowException
__C_specific_handler_noexcept
_o__cexit
__C_specific_handler
__std_terminate
__CxxFrameHandler4
memmove

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolCleanupGroupMembers
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
CreateThreadpool
CloseThreadpool
SubmitThreadpoolWork
CreateThreadpoolCleanupGroup
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
CloseThreadpoolWork
CloseThreadpoolCleanupGroup
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolWait
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime

ntdll

EtwLogTraceEvent
RtlAllocateMemoryBlockLookaside
RtlPublishWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
NtQueryInformationProcess
RtlUnlockMemoryBlockLookaside
RtlCreateMemoryBlockLookaside
EtwGetTraceEnableFlags
RtlLockMemoryBlockLookaside
RtlFreeMemoryBlockLookaside
RtlNtStatusToDosError
RtlDestroyMemoryBlockLookaside
RtlExtendMemoryBlockLookaside
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwUnregisterTraceGuids

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsConcatString
WindowsCompareStringOrdinal
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathFindFileNameW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-path-l1-1-0

PathCchRenameExtension

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueue
CreateTimerQueueTimer
DeleteTimerQueueEx

api-ms-win-core-file-l1-1-0

CreateFileA
WriteFile
GetFileSize
ReadFile

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA

api-ms-win-core-memory-l1-1-1

GetProcessWorkingSetSizeEx
SetProcessWorkingSetSizeEx

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureUsage
GetFeatureEnabledState
UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AERT_Allocate
AERT_Free
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 996KB - Virtual size: 995KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 844KB - Virtual size: 840KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AudioHandlers.dll
.dll windows:10 windows x64 arch:x64

6b6045a94063a5cd99e452dbd923bbcd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AudioHandlers.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o_abort
_o_bsearch_s
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_roundf
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__beginthreadex
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_CxxThrowException
_o___stdio_common_vsnprintf_s
__CxxFrameHandler3
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
strncmp

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
GetModuleFileNameA
LoadStringW
GetModuleHandleExW
LoadResource
FindResourceExW
FreeResource
GetProcAddress
DisableThreadLibraryCalls
SizeofResource
LockResource
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
TryAcquireSRWLockExclusive
CreateMutexExW
WaitForSingleObject
ReleaseSRWLockExclusive
ReleaseSemaphore
SetEvent
ResetEvent
CreateEventW
AcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
CreateSemaphoreExW
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeCriticalSection
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
RaiseException
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
SetThreadPriority
GetCurrentProcess
TerminateProcess
CreateThread
GetCurrentProcessId
OpenProcessToken

api-ms-win-core-localization-l1-2-0

GetUserDefaultLocaleName
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventActivityIdControl
EventWriteTransfer

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsDuplicateString
WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCompareStringOrdinal

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoIncrementMTAUsage
CoCreateInstance
CoDecrementMTAUsage
CoGetApartmentType
StringFromCLSID
CoCreateGuid
PropVariantClear
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoTaskMemFree
CoUninitialize
CoTaskMemAlloc
CoGetMalloc
CoWaitForMultipleHandles

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory
RoInitialize
RoUninitialize

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError
RoTransformError

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-security-base-l1-1-0

GetTokenInformation
CopySid
GetLengthSid

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-shcore-sysinfo-l1-1-0

IsOS

api-ms-win-core-shlwapi-legacy-l1-1-0

PathParseIconLocationW

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask

api-ms-win-shcore-registry-l1-1-0

SHSetValueW
SHGetValueW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime

api-ms-win-core-datetime-l1-1-1

GetTimeFormatEx
GetDateFormatEx

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpIW

oleaut32

GetErrorInfo
SetErrorInfo
SysAllocString
SysFreeString
SysStringLen

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOnFile
CreateRandomAccessStreamOverStream

ntdll

RtlQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-rtcore-ntuser-window-l1-1-0

GetWindowLongW
IsWindow
GetWindow
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
AllowSetForegroundWindow
FindWindowW
SendMessageW

mmdevapi

ord25
ord28
ord21

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFamilyName

api-ms-win-shlwapi-winrt-storage-l1-1-1

ord348

api-ms-win-mm-misc-l1-1-0

mmioRead
mmioClose
mmioOpenW
mmioDescend

msvcp_win

?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_id
_Thrd_join
_Cnd_do_broadcast_at_thread_exit
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
_Xtime_get_ticks
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
_Query_perf_frequency
_Query_perf_counter
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
GetSetting

Sections

.text
Size: 496KB - Virtual size: 492KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BioCredProv.dll
.dll windows:10 windows x64 arch:x64

775f7ed40ee7c5ce16250f92bd0348a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

BioCredProv.pdb

Imports

msvcp_win

?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
_Mtx_unlock
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Cnd_unregister_at_thread_exit
_Cnd_destroy_in_situ
_Mtx_destroy_in_situ
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
_Cnd_wait
?__ExceptionPtrCurrentException@@YAXPEAX@Z
_Query_perf_counter
_Query_perf_frequency
?_Syserror_map@std@@YAPEBDH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_current_owns
_Xtime_get_ticks
_Cnd_init_in_situ
_Mtx_init_in_situ
_Thrd_join
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
_Cnd_register_at_thread_exit
_Cnd_broadcast
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Cnd_timedwait
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o__wcsicmp
_o_ceilf
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o___stdio_common_vsnprintf_s
_o__execute_onexit_table
_o__errno
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
_o__configure_narrow_argv
_o___stdio_common_vswprintf
__std_terminate
_o__cexit
__CxxFrameHandler4
_o__callnewh
_o__beginthreadex
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

strcmp
memset

dsreg

DsrGetJoinInfo
DsrFreeJoinInfo

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
SizeofResource
LoadResource
GetProcAddress
FindResourceExW
GetModuleHandleW
DisableThreadLibraryCalls
LoadStringW
GetModuleHandleExA
LockResource
FreeLibrary
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

ResetEvent
CreateSemaphoreExW
ReleaseSemaphore
SetEvent
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
InitializeSRWLock
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateEventExW
AcquireSRWLockShared
ReleaseSRWLockShared
CreateMutexExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateEventW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
ProcessIdToSessionId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage
GetThreadUILanguage

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CLSIDFromString
CoUninitialize
CoGetMalloc
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoInitializeEx

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
Sleep
InitOnceComplete

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

EqualSid
GetLengthSid
CopySid
IsValidSid
GetTokenInformation
IsWellKnownSid

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegQueryInfoKeyW
RegGetValueW
RegQueryValueExW
RegCloseKey
RegDeleteTreeW
RegOpenKeyExW
RegEnumKeyExW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

ntdll

RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
RtlGetNtProductType
RtlIsMultiSessionSku
RtlFreeAnsiString

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 256KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BioIso.exe
.exe windows:10 windows x64 arch:x64

08f8291d9acc26dcbbf3a60431ed46c7

Code Sign

33:00:00:04:5c:3d:56:72:66:6c:b7:54:17:00:00:00:00:04:5c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 18:20

Not After

04/09/2024, 18:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:14:aa:fe:aa:06:cd:95:25:4f:8e:58:bd:3a:7e:95:b1:d3:08:3b:2b:0b:76:f6:fd:bc:82:73:38:c5:80:8f
Signer

Actual PE Digest

4c:14:aa:fe:aa:06:cd:95:25:4f:8e:58:bd:3a:7e:95:b1:d3:08:3b:2b:0b:76:f6:fd:bc:82:73:38:c5:80:8f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

BioIso.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm
_c_exit
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__crt_atexit
_o_atoi
_o_bsearch_s
_o_exit
_o_free
_o_isdigit
_o_iswalpha
_o_malloc
_o_terminate
_o_towupper
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o__configthreadlocale
_o___p__commode
_o__cexit
_o__callnewh
_o___p___wargv
_o___p___argc
_o___stdio_common_vswprintf
__std_terminate
__CxxFrameHandler4
_o___stdio_common_vsnprintf_s
memcmp
_o___std_exception_destroy
memcpy
_o___std_exception_copy
_o__configure_wide_argv

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
FreeLibrary
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
SetEvent
OpenEventW
DeleteCriticalSection
ReleaseSRWLockExclusive
ReleaseSemaphore
InitializeCriticalSectionEx
AcquireSRWLockShared
WaitForSingleObject
CreateSemaphoreExW
CreateEventW
CreateMutexExW
ResetEvent
ReleaseSRWLockShared
InitializeCriticalSectionAndSpinCount
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
OpenProcessToken
GetCurrentThread
OpenThreadToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventActivityIdControl
EventRegister

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-security-base-l1-1-0

GetLengthSid
IsValidSid
GetTokenInformation
EqualSid

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetWindowsDirectoryW
GetTickCount64

api-ms-win-core-file-l1-1-0

CompareFileTime

rpcrt4

RpcServerListen
RpcServerUseProtseqIfW
NdrServerCallAll
NdrServerCall2
UuidFromStringA
RpcImpersonateClient
RpcRevertToSelfEx
RpcMgmtStopServerListening
RpcMgmtWaitServerListen
RpcServerUnregisterIf
RpcServerRegisterIfEx

api-ms-win-core-memory-l1-1-0

VirtualQuery
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlCompareMemory
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlTimeFieldsToTime
RtlFreeHeap
RtlEqualSid
NtQuerySystemInformation
RtlImageNtHeader
RtlNtStatusToDosError
RtlAllocateHeap

iumsdk

GetSignedReport
EncryptData
GetTaggedData
GetSecureIdentitySigningKey
OpenSecureSection
GetTaggedDataSize
DecryptData

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

__ImagePolicyMetadata

Sections

.text
Size: 428KB - Virtual size: 427KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tPolicy
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGEDATA
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGECONS
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BluetoothApis.dll
.dll windows:10 windows x64 arch:x64

445075fe53b1bae2cb3cd600df5f7d3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

BluetoothApis.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_dll
_o__errno
memmove
_o__wcsicmp
_o_free
_o_malloc
_o_wcstombs
__C_specific_handler
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_CxxThrowException
__CxxFrameHandler3
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

ntdll

EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwUnregisterTraceGuids
RtlNtStatusToDosError
RtlUnicodeToUTF8N
RtlCompareMemory
RtlLookupFunctionEntry
RtlVirtualUnwind
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
RtlCaptureContext

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FreeLibrary
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
ReleaseSRWLockShared
CreateMutexExW
CreateEventW
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
EnterCriticalSection
AcquireSRWLockShared
ReleaseSRWLockExclusive
DeleteCriticalSection
CreateEventExW
ReleaseMutex
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
ReleaseSemaphore
InitializeCriticalSectionEx
LeaveCriticalSection
ResetEvent
SetEvent

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork
CloseThreadpoolTimer
CloseThreadpoolWork
CloseThreadpoolCleanupGroup
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

GetThreadLocale
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

rpcrt4

RpcStringBindingComposeW
RpcBindingBind
RpcBindingSetAuthInfoExW
RpcBindingFree
RpcStringFreeW
NdrClientCall3
RpcBindingFromStringBindingW
RpcBindingCreateW
RpcBindingUnbind

api-ms-win-security-base-l1-1-0

CreateWellKnownSid

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegGetValueW
RegOpenKeyExW
RegEnumValueW
RegCloseKey
RegQueryInfoKeyW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoCreateInstance
CoUninitialize
CoCreateGuid
StringFromGUID2
CLSIDFromString

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

oleaut32

SysFreeString
SysAllocString

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsRelativeW
PathFileExistsW

devobj

DevObjGetClassDevs
DevObjCreateDeviceInfoList
DevObjGetDeviceInstanceId
DevObjUninstallDevice
DevObjDestroyDeviceInfoList
DevObjOpenDevRegKey
DevObjEnumDeviceInfo
DevObjGetDeviceInterfaceDetail
DevObjEnumDeviceInterfaces

api-ms-win-devices-query-l1-1-0

DevGetObjects
DevFreeObjects

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-devices-config-l1-1-1

CM_Unregister_Notification
CM_Register_Notification

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

BluetoothAddressToString
BluetoothCheckForUnsupportedGuid
BluetoothDisconnectDevice
BluetoothEnableConnectableAndDiscoverable
BluetoothEnableDiscovery
BluetoothEnableIncomingConnections
BluetoothEnumerateInstalledServices
BluetoothEnumerateInstalledServicesEx
BluetoothEnumerateLocalServices
BluetoothFindBrowseGroupClose
BluetoothFindClassIdClose
BluetoothFindDeviceClose
BluetoothFindFirstBrowseGroup
BluetoothFindFirstClassId
BluetoothFindFirstDevice
BluetoothFindFirstProfileDescriptor
BluetoothFindFirstProtocolDescriptorStack
BluetoothFindFirstProtocolEntry
BluetoothFindFirstRadio
BluetoothFindFirstService
BluetoothFindFirstServiceEx
BluetoothFindNextBrowseGroup
BluetoothFindNextClassId
BluetoothFindNextDevice
BluetoothFindNextProfileDescriptor
BluetoothFindNextProtocolDescriptorStack
BluetoothFindNextProtocolEntry
BluetoothFindNextRadio
BluetoothFindNextService
BluetoothFindProfileDescriptorClose
BluetoothFindProtocolDescriptorStackClose
BluetoothFindProtocolEntryClose
BluetoothFindRadioClose
BluetoothFindServiceClose
BluetoothGATTAbortReliableWrite
BluetoothGATTBeginReliableWrite
BluetoothGATTEndReliableWrite
BluetoothGATTGetCharacteristicValue
BluetoothGATTGetCharacteristics
BluetoothGATTGetDescriptorValue
BluetoothGATTGetDescriptors
BluetoothGATTGetIncludedServices
BluetoothGATTGetServices
BluetoothGATTRegisterEvent
BluetoothGATTSetCharacteristicValue
BluetoothGATTSetDescriptorValue
BluetoothGATTUnregisterEvent
BluetoothGetDeviceInfo
BluetoothGetLocalServiceInfo
BluetoothGetRadioInfo
BluetoothGetServicePnpInstance
BluetoothIsBluetoothServiceRunning
BluetoothIsConnectable
BluetoothIsConnectableByDefault
BluetoothIsDiscoverable
BluetoothIsDiscoverableByDefault
BluetoothIsSwiftPairEnabledByDefault
BluetoothIsTopOfServiceGroup
BluetoothIsVersionAvailable
BluetoothMapStatusToError
BluetoothRegisterForAuthentication
BluetoothRegisterForAuthenticationEx
BluetoothRegisterForAuthenticationInternal
BluetoothRemoveDevice
BluetoothSdpEnumAttributes
BluetoothSdpGetAttributeValue
BluetoothSdpGetContainerElementData
BluetoothSdpGetElementData
BluetoothSdpGetInnerRecord
BluetoothSdpGetNextRecord
BluetoothSdpGetString
BluetoothSendAuthenticationResponse
BluetoothSendAuthenticationResponseEx
BluetoothSetLocalServiceInfo
BluetoothSetServiceState
BluetoothSetServiceStateEx
BluetoothSppEnableIncomingComPort
BluetoothSppFindNextOpenComPort
BluetoothUnregisterAuthentication
BluetoothUpdateDeviceRecord
BthpCleanupBRDeviceNode
BthpCleanupDeviceLocalServices
BthpCleanupDeviceRemoteServices
BthpCleanupLEDeviceNodes
BthpEnableA2DPIfPresent
BthpEnableAllServices
BthpEnableRadioSoftware
BthpFindPnpInfo
BthpGATTCloseSession
BthpInnerRecord
BthpIsRadioSoftwareEnabled
BthpNextRecord
BthpRegisterForAuthentication
BthpSetServiceState
BthpSetServiceStateEx
BthpShouldForceAuthentication
BthpTransposeAndExtendBytes
DllCanUnloadNow

Sections

.text
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CBDHSvc.dll
.dll windows:10 windows x64 arch:x64

1b677d78e104eed72aaad14c1e5f7984

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

CBDHSvc.pdb

Imports

msvcp_win

?width@ios_base@std@@QEBA_JXZ
?good@ios_base@std@@QEBA_NXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?flags@ios_base@std@@QEBAHXZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?width@ios_base@std@@QEAA_J_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
_Mtx_destroy_in_situ
_Thrd_join
_Mtx_init_in_situ
_Mtx_lock
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
_Mtx_unlock
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Xbad_alloc@std@@YAXXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Cnd_init_in_situ
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
_Cnd_destroy_in_situ
_Cnd_wait
?_Xout_of_range@std@@YAXPEBD@Z
_Xtime_get_ticks
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?__ExceptionPtrCreate@@YAXPEAX@Z
_Cnd_broadcast
?_Xlength_error@std@@YAXPEBD@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Throw_C_error@std@@YAXH@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Incref@facet@locale@std@@UEAAXXZ
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
_Thrd_detach

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__gmtime64
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__mkgmtime64
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
memmove
_o_abort
_o_ceilf
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
_o_wcsftime
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__difftime64
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__beginthreadex
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
wcschr
_o___std_exception_copy
__std_type_info_compare
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp

api-ms-win-core-libraryloader-l1-2-0

FreeLibraryAndExitThread
GetModuleFileNameA
GetProcAddress
FindStringOrdinal
FreeLibrary
LoadLibraryExW
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameW
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
WaitOnAddress
WakeByAddressAll
WakeByAddressSingle
InitOnceExecuteOnce
InitOnceComplete

api-ms-win-core-synch-l1-1-0

ResetEvent
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
DeleteCriticalSection
AcquireSRWLockShared
SetEvent
EnterCriticalSection
ReleaseSemaphore
CreateEventExW
ReleaseSRWLockShared
InitializeSRWLock
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
LeaveCriticalSection
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
InitializeCriticalSectionEx
CreateEventW
ReleaseMutex
WaitForSingleObject
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
RaiseException
GetLastError

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-threadpool-l1-2-0

TrySubmitThreadpoolCallback
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CreateThreadpoolWait
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
TerminateProcess
GetCurrentProcess
OpenProcessToken
GetCurrentProcessId
GetProcessId
GetCurrentThreadId
ProcessIdToSessionId
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetUserDefaultLocaleName

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification
PowerSettingUnregisterNotification

api-ms-win-core-kernel32-legacy-l1-1-0

UnregisterWait

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString
WindowsCompareStringOrdinal
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsCreateString

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegGetValueW
RegNotifyChangeKeyValue

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoImpersonateClient
CoResumeClassObjects
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoTaskMemAlloc
CoRegisterClassObject
CoCreateGuid
IIDFromString
CoRevokeClassObject
CoWaitForMultipleHandles
CoDecrementMTAUsage
StringFromGUID2
CoIncrementMTAUsage
CoDisconnectContext
CoInitializeEx
CoUninitialize
CoReleaseMarshalData
CreateStreamOnHGlobal
CoMarshalInterface
CoGetApartmentType
CoRevertToSelf
CoGetInterfaceAndReleaseStream

ntdll

RtlSubscribeWnfStateChangeNotification
RtlGetDeviceFamilyInfoEnum
RtlFreeHeap
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryInformationToken
RtlInitUnicodeString
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
NtQueryInformationProcess
RtlPublishWnfStateData

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-l1-1-0

RoRegisterActivationFactories
RoActivateInstance
RoGetActivationFactory
RoRevokeActivationFactories

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateErrorW
RoOriginateError
GetRestrictedErrorInfo
RoTransformError

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-localization-l1-2-3

GetUserDefaultGeoName

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext
SHTaskPoolAllowThreadReuse

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW
PathIsFileSpecW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-base-l1-1-0

MapGenericMask
GetTokenInformation
AccessCheck

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-appmodel-runtime-l1-1-1

GetApplicationUserModelIdFromToken

api-ms-win-rtcore-ntuser-window-l1-1-0

GetWindowThreadProcessId
GetForegroundWindow
GetPropW

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-shcore-thread-l1-1-0

SHGetThreadRef

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

oleaut32

SysStringLen
SetErrorInfo
GetErrorInfo
SysFreeString
SysAllocString

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOverStream

rpcrt4

I_RpcBindingInqLocalClientPID

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-file-l1-1-0

CreateDirectoryW

api-ms-win-core-path-l1-1-0

PathCchSkipRoot

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 740KB - Virtual size: 738KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CapabilityAccessManager.dll
.dll windows:10 windows x64 arch:x64

4ebca6393252dd7589d57c74e64977f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

CapabilityAccessManager.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__wcsicmp
_o__wcsnicmp
memmove
_o__wstat64
_o_ceilf
_o_free
_o_malloc
_o_rand
_o_realloc
_o_terminate
_o_towlower
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__beginthreadex
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
wcschr

api-ms-win-crt-string-l1-1-0

memset
strcmp
memmove_s

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
GetProcAddress
LoadResource
LockResource
GetModuleHandleW
DisableThreadLibraryCalls
LoadStringW
LoadLibraryExW
GetModuleHandleExA
GetModuleHandleExW
FreeLibrary
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
InitializeSRWLock
CreateSemaphoreExW
ReleaseSemaphore
TryAcquireSRWLockExclusive
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
ResetEvent
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
CreateEventExW
WaitForSingleObject
ReleaseMutex
OpenSemaphoreW
ReleaseSRWLockShared
SetEvent
CreateEventW
CreateMutexExW
AcquireSRWLockShared
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventWriteTransfer
EventRegister
EventActivityIdControl

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceEnableLevel
RegisterTraceGuidsW
TraceMessage
GetTraceLoggerHandle
GetTraceEnableFlags

api-ms-win-core-processthreads-l1-1-0

SetThreadToken
TerminateProcess
GetCurrentProcess
OpenThreadToken
GetCurrentThread
GetCurrentThreadId
GetCurrentProcessId
OpenProcessToken
ProcessIdToSessionId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
TrySubmitThreadpoolCallback
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureStackBackTrace
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetLocalTime
GetSystemTimeAsFileTime
GlobalMemoryStatusEx

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegSetValueExW
RegDeleteTreeW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW

ntdll

RtlDeriveCapabilitySidsFromName
RtlInitUnicodeString
RtlFreeHeap
RtlEqualSid
NtQueryInformationProcess
NtQueryInformationToken
RtlCompareUnicodeString
RtlPublishWnfStateData
NtQueryInformationThread
RtlIsMultiSessionSku
RtlConvertSidToUnicodeString
RtlFreeUnicodeString
RtlQueryPackageClaims
RtlFreeSid
RtlGetDeviceFamilyInfoEnum
NtQueryInformationFile
NtSetInformationThread
RtlAllocateHeap
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlInsertElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlLookupElementGenericTableAvl
RtlNtStatusToDosErrorNoTeb
RtlGetPersistedStateLocation
RtlCapabilityCheck

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-file-l1-1-0

CreateDirectoryW
GetFileAttributesW
CreateFileW
WriteFile

api-ms-win-core-synch-ansi-l1-1-0

CreateSemaphoreA

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW
K32GetProcessImageFileNameW

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabledForProcess

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte

combase

ord69
ord66
ord67
ord68
ord184
ord148

staterepository.core

sqlite3_shutdown
sqlite3_enable_shared_cache
sqlite3_clear_bindings
sqlite3_vfs_unregister
sqlite3_vfs_register
sqlite3_vfs_find
sqlite3_status
sqlite3_expanded_sql
sqlite3_snprintf
sqlite3_profile
sqlite3_trace
sqlite3_config
sqlite3_exec
sqlite3_prepare_v2
sqlite3_value_text
sqlite3_result_text16
sqlite3_value_int64
sqlite3_free
sqlite3_result_blob
sqlite3_malloc
sqlite3_value_bytes
sqlite3_value_blob
sqlite3_value_int
sqlite3_value_text16
sqlite3_value_type
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_error_code
sqlite3_result_error16
sqlite3_result_error_nomem
sqlite3_user_data
sqlite3_create_function_v2
sqlite3_db_status
sqlite3_busy_timeout
sqlite3_db_filename
sqlite3_last_insert_rowid
sqlite3_changes
sqlite3_wal_autocheckpoint
sqlite3_db_config
sqlite3_db_readonly
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_extended_errcode
sqlite3_open_v2
sqlite3_close
sqlite3_get_autocommit
sqlite3_next_stmt
sqlite3_step
sqlite3_reset
sqlite3_errmsg
sqlite3_finalize
sqlite3_log
sqlite3_db_handle
sqlite3_sql
sqlite3_stmt_busy
sqlite3_column_text16
sqlite3_column_text
sqlite3_column_int64
sqlite3_errcode
sqlite3_bind_text16
sqlite3_bind_int64
sqlite3_bind_int
sqlite3_initialize

msvcp_win

?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_detach
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Cnd_do_broadcast_at_thread_exit

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-windowserrorreporting-l1-1-1

WerRegisterCustomMetadata

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CapabilityAccessManagerDoStoreMaintenance
DllCanUnloadNow
DllGetClassObject
ServiceMain

Sections

.text
Size: 588KB - Virtual size: 585KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CapabilityAccessManagerClient.dll
.dll windows:10 windows x64 arch:x64

04b0a3f0d239127087ee840bb7b1ac8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

CapabilityAccessManagerClient.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
memmove
_o_ceilf
_o_free
_o_malloc
_o_terminate
_o_towlower
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
FreeLibrary
GetModuleHandleW
DisableThreadLibraryCalls
GetProcAddress
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

WaitOnAddress
InitOnceComplete
InitOnceBeginInitialize
WakeByAddressAll
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
CreateEventW
OpenSemaphoreW
ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeSRWLock

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
RaiseException
UnhandledExceptionFilter
GetLastError

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserUnmarshal64
HSTRING_UserUnmarshal
HSTRING_UserMarshal64
HSTRING_UserFree
HSTRING_UserSize64
HSTRING_UserFree64
HSTRING_UserMarshal
HSTRING_UserSize
WindowsDuplicateString
WindowsCreateStringReference
WindowsCreateString
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
OpenProcessToken
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError
SetRestrictedErrorInfo
GetRestrictedErrorInfo
RoTransformError

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CreateStreamOnHGlobal
CoGetInterfaceAndReleaseStream
CoAddRefServerProcess
CoReleaseServerProcess
CoCreateInstance
CLSIDFromString
CoRevokeClassObject
CoResumeClassObjects
CoRegisterClassObject
CoSetProxyBlanket
CoMarshalInterface
CoReleaseMarshalData

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-winrt-l1-1-0

RoRegisterActivationFactories
RoRevokeActivationFactories
RoGetActivationFactory

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

ntdll

RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlCapabilityCheck
RtlInitUnicodeString

rpcrt4

NdrStubForwardingFunction
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow

combase

ord66
ord67
ord68

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegGetValueW
RegOpenKeyExW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CloudDesktopCSP.dll
.dll windows:10 windows x64 arch:x64

461e05cfa1b2634a38374d3d3ec078de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

CloudDesktopCSP.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__fseeki64
_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__lock_file
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__unlock_file
memmove
_o__wcsicmp
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fgetwc
_o_fputwc
_o_free
_o_fsetpos
_o_fwrite
_o_malloc
_o_memcpy_s
_o_realloc
_o_setvbuf
_o_terminate
_o_ungetc
_o_ungetwc
__C_specific_handler
__current_exception
__current_exception_context
_o__errno
_o____lc_codepage_func
_o___stdio_common_vswprintf
_o__crt_atexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o___stdio_common_vsnprintf_s
__std_terminate
_o__cexit
_o__callnewh
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__CxxFrameHandler4
memcmp
memcpy
_CxxThrowException
__CxxFrameHandler3

api-ms-win-crt-string-l1-1-0

memset
strncmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleHandleExA
GetProcAddress
FreeLibrary

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

CreateEventW
ResetEvent
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeCriticalSectionAndSpinCount
ReleaseMutex
SetEvent
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
InitializeCriticalSection

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageA
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetLocalTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

msvcp_win

?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?clear@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?_Syserror_map@std@@YAPEBDH@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
??Bid@locale@std@@QEAA_KXZ
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?uncaught_exception@std@@YA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?unshift@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Winerror_map@std@@YAHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z

userenv

LeaveCriticalPolicySection
EnterCriticalPolicySection

oleaut32

SysFreeString
VariantInit
SysAllocString
VariantClear

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegSetValueExW
RegGetValueW
RegCreateKeyExW
RegOpenKeyExW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-path-l1-1-0

PathCchCombine

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileAttributesW
CreateDirectoryW
GetFileAttributesExW

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

appxalluserstore

SetPackageOverrideSetupPhase

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CloudExperienceHost.dll
.dll windows:10 windows x64 arch:x64

b85bb3353db040beab848c3559e3e586

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8a:57:f4:9a:e2:9d:5b:b7:6e:5c:0f:a2:e3:38:e8:0e:74:30:e6:13:77:43:3a:27:35:97:cb:ff:a1:2f:bf:37
Signer

Actual PE Digest

8a:57:f4:9a:e2:9d:5b:b7:6e:5c:0f:a2:e3:38:e8:0e:74:30:e6:13:77:43:3a:27:35:97:cb:ff:a1:2f:bf:37

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

CloudExperienceHost.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o_abort
_o_free
_o_iswspace
_o_malloc
_o_memcpy_s
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o___stdio_common_vswprintf
_CxxThrowException
__CxxFrameHandler3
_o__configure_narrow_argv
_o___stdio_common_vsnprintf_s
_o__cexit
_o__callnewh
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp
wcscspn

twinapi.appcore

ord2
ord3

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleExW
GetProcAddress
GetModuleHandleExA
GetModuleFileNameW
FreeLibrary
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
ReleaseSRWLockShared
DeleteCriticalSection
AcquireSRWLockExclusive
InitializeCriticalSectionEx
OpenEventW
AcquireSRWLockShared
CreateEventExW
OpenSemaphoreW
CreateEventW
SetEvent
ReleaseSRWLockExclusive
WaitForSingleObjectEx
CreateMutexExW
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventActivityIdControl
EventSetInformation
EventUnregister

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentProcessId
GetCurrentThreadId
GetProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExA
GetSystemDirectoryW
GetVersionExW
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

rpcrt4

NdrOleFree
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegGetValueW
RegCreateKeyExW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolAllowThreadReuse

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
CheckTokenMembership
GetTokenInformation
CreateWellKnownSid
DuplicateToken

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

ntdll

NtQueryInformationToken
NtQueryWnfStateData
RtlPublishWnfStateData

api-ms-win-rtcore-ntuser-window-l1-1-0

GetForegroundWindow
GetDesktopWindow

api-ms-win-shcore-scaling-l1-1-1

ord244

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW
SHExpandEnvironmentStringsW
PathCommonPrefixW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-appmodel-runtime-l1-1-1

ParseApplicationUserModelId
FindPackagesByPackageFamily

api-ms-win-oobe-notification-l1-1-0

OOBEComplete

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

oleaut32

SysStringLen
SetErrorInfo
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 404KB - Virtual size: 403KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CloudExperienceHostBroker.dll
.dll windows:10 windows x64 arch:x64

f93d7c34a40f199afd89dc2c6c66f4d5

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:f9:e7:55:4a:f7:5e:60:66:52:df:af:9b:87:03:28:ef:e1:c4:a3:4a:04:9c:c0:ea:6c:67:90:d6:53:40:7c
Signer

Actual PE Digest

2f:f9:e7:55:4a:f7:5e:60:66:52:df:af:9b:87:03:28:ef:e1:c4:a3:4a:04:9c:c0:ea:6c:67:90:d6:53:40:7c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

CloudExperienceHostBroker.pdb

Imports

msvcrt

__dllonexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
memcmp
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
__CxxFrameHandler3
realloc
_vscwprintf
??_V@YAXPEAX@Z
swprintf_s
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
memcpy_s
memmove_s
_onexit
memcpy
__CxxFrameHandler4
memmove
_vsnwprintf
_unlock
memset

rpcrt4

NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrOleFree

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
ReleaseMutex
DeleteCriticalSection
InitializeCriticalSectionEx
WaitForMultipleObjectsEx
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockExclusive
WaitForSingleObject
LeaveCriticalSection
CreateEventExW
SetEvent
ReleaseSemaphore
AcquireSRWLockExclusive
ReleaseSRWLockShared
InitializeSRWLock
CreateSemaphoreExW
OpenSemaphoreW
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
RaiseException
GetLastError
UnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventActivityIdControl
EventRegister
EventWriteTransfer

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
GetProcessId
GetCurrentThread
OpenThreadToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetTickCount
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-1

OpenProcess

oleaut32

SysFreeString
SysAllocString

api-ms-win-power-base-l1-1-0

GetPwrCapabilities

api-ms-win-security-lsalookup-l1-1-2

LsaLookupUserAccountType

ntdll

RtlInitUnicodeString
RtlInitString

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolAllowThreadReuse

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-shcore-sysinfo-l1-1-0

IsOS

powrprof

PowerDeterminePlatformRole

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-security-lsapolicy-l1-1-0

LsaLookupSids
LsaOpenPolicy
LsaClose
LsaLookupNames2
LsaFreeMemory

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrChrW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
GetProxyDllInfo

Sections

.text
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CloudExperienceHostCommon.dll
.dll windows:10 windows x64 arch:x64

991e42a8e477e0b6dfc6b345431f887d

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:84:93:1b:ed:62:60:00:b7:3e:fa:d1:6d:cc:32:3c:5a:be:44:75:a7:e6:15:94:d2:28:1a:18:38:41:0b:6b
Signer

Actual PE Digest

1b:84:93:1b:ed:62:60:00:b7:3e:fa:d1:6d:cc:32:3c:5a:be:44:75:a7:e6:15:94:d2:28:1a:18:38:41:0b:6b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

CloudExperienceHostCommon.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__wcsicmp
memmove
_o_ceilf
_o_free
_o_localeconv
_o_malloc
_o_realloc
_o_strtod
_o_strtoll
_o_strtoull
_o_terminate
_o_tolower
_o_towlower
_o_wcsncpy_s
_o_wcstok
_o_wcstoul
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__cexit
_o__callnewh
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswprintf
_o__dclass
_o___stdio_common_vsnprintf_s
_o__crt_atexit
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_narrow_argv
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
wcsrchr

api-ms-win-crt-string-l1-1-0

wcscmp
wcscspn
wcsnlen
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
LoadResource
LockResource
GetModuleHandleExW
FindStringOrdinal
FreeResource
GetModuleHandleW
FindResourceExW
FreeLibrary
LoadLibraryExW
GetProcAddress
GetModuleFileNameA
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
Sleep
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
CreateSemaphoreExW
DeleteCriticalSection
InitializeCriticalSectionEx
ReleaseSemaphore
CreateEventExW
OpenEventW
InitializeSRWLock
WaitForSingleObject
WaitForMultipleObjectsEx
ReleaseMutex
SetEvent
ResetEvent
EnterCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
AcquireSRWLockShared
CreateMutexExW
CreateEventW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsCompareStringOrdinal
WindowsDuplicateString
WindowsCreateStringReference
HSTRING_UserUnmarshal64
HSTRING_UserUnmarshal
HSTRING_UserMarshal64
HSTRING_UserFree
HSTRING_UserSize64
HSTRING_UserFree64
HSTRING_UserMarshal
HSTRING_UserSize
WindowsDeleteString
WindowsCreateString
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
OpenProcessToken
TerminateProcess
GetCurrentProcess
GetProcessId
GetCurrentProcessId
OpenThreadToken
GetCurrentThread

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateErrorW
GetRestrictedErrorInfo
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-localization-l1-2-0

FormatMessageW
LocaleNameToLCID
GetGeoInfoW
GetFileMUIPath
ResolveLocaleName
GetUserGeoID
GetUILanguageInfo

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetVersionExW
GetTickCount
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegSetValueExW
RegGetValueW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-oobe-notification-l1-1-0

UnregisterWaitUntilOOBECompleted
RegisterWaitUntilOOBECompleted
OOBEComplete

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-path-l1-1-0

PathCchAppend
PathAllocCombine

api-ms-win-core-file-l1-1-0

FindFirstFileW
DeleteFileW
FindNextFileW
FindClose

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
CompareStringW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation

rpcrt4

NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
AdjustTokenPrivileges
GetTokenInformation

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentVariableW
GetEnvironmentVariableW
ExpandEnvironmentStringsW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-localization-l1-2-3

GetGeoInfoEx
EnumSystemGeoNames

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

ntdll

NtQueryWnfStateData
RtlPublishWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlGetDeviceFamilyInfoEnum

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

msvcp_win

?good@ios_base@std@@QEBA_NXZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?width@ios_base@std@@QEBA_JXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setf@ios_base@std@@QEAAHH@Z
?setf@ios_base@std@@QEAAHHH@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?flags@ios_base@std@@QEBAHXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?width@ios_base@std@@QEAA_J_J@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Xout_of_range@std@@YAXPEBD@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z

winhttp

WinHttpReceiveResponse
WinHttpReadData
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpConnect
WinHttpOpen
WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpSendRequest

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 956KB - Virtual size: 953KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CloudIdWxhExtension.dll
.dll windows:10 windows x64 arch:x64

cf8b940b89d28864b1727d005dcd2ede

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

CloudIdWxhExtension.pdb

Imports

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
FreeLibrary
GetModuleHandleW
GetModuleHandleExW
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
ResetEvent
EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSRWLockShared
WaitForSingleObject
ReleaseSemaphore
SetEvent
CreateSemaphoreExW
CreateEventW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister
EventUnregister
EventActivityIdControl

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

rpcrt4

UuidFromStringW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
CloseThreadpoolWait
CreateThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolWait
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
TrySubmitThreadpoolCallback

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal

winhttp

WinHttpOpen
WinHttpConnect
WinHttpReadData
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpCloseHandle
WinHttpCrackUrl
WinHttpOpenRequest

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer

api-ms-win-core-com-l1-1-0

StringFromCLSID
CoCreateInstance
CoTaskMemFree
CoCreateGuid
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoGetObjectContext
CoGetApartmentType

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegSetValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vswprintf_s
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__dclass
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__wcsicmp
_o_abort
_o_ceilf
_o_free
_o_iswspace
_o_localeconv
_o_malloc
_o_strtod
_o_strtoll
_o_strtoull
_o_terminate
_o_towlower
__CxxFrameHandler4
__std_terminate
memcpy
memcmp
memmove
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_CxxThrowException
__current_exception_context
__current_exception
__C_specific_handler
__CxxFrameHandler3
_o__seh_filter_dll

api-ms-win-crt-string-l1-1-0

wcsnlen
strlen
memset
wcslen

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

msvcp_win

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?_Xout_of_range@std@@YAXPEBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
_Thrd_yield
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?_Xlength_error@std@@YAXPEBD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uncaught_exception@std@@YA_NXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

oleaut32

SysFreeString
SysAllocString
GetErrorInfo
SysStringLen
SetErrorInfo

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory

Sections

.text
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CloudRestoreLauncher.dll
.dll windows:10 windows x64 arch:x64

2f22f442641fefdce167e44bf17875c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

CloudRestoreLauncher.pdb

Imports

msvcp_win

_Mtx_init_in_situ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xbad_function_call@std@@YAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
??Bid@locale@std@@QEAA_KXZ
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Xlength_error@std@@YAXPEBD@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
_Thrd_yield
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Xout_of_range@std@@YAXPEBD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
?_Xbad_alloc@std@@YAXXZ
_Mtx_destroy_in_situ

api-ms-win-crt-string-l1-1-0

strncmp
memset
wcscmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__free_base
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__malloc_base
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o__wtoi
_o_abort
_o_ceilf
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_strncpy_s
_o_strtol
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
_o____lc_codepage_func
strchr
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
_o__wcsdup
__std_type_info_compare

ntdll

RtlVirtualUnwind
RtlCaptureContext
RtlPublishWnfStateData
RtlGetPersistedStateLocation
RtlLookupFunctionEntry

combase

ord68
ord67
ord69
GetErrorInfo
ord66
SetErrorInfo

kernel32

FindNextFileW
FindFirstFileExW
GetFileInformationByHandleEx
FormatMessageA
CreateFileW
ReadFile
GetSystemDirectoryW
GetProductInfo
SetDynamicTimeZoneInformation
WaitForMultipleObjectsEx
GetProcessId
GetExitCodeProcess
FindClose
GetFileAttributesExW
GetCurrentThread
LoadLibraryExW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
CreateEventW
ResetEvent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventExW
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
UnregisterWait
SubmitThreadpoolWork
CreateThreadpoolWork
DisableThreadLibraryCalls
CreateDirectoryW
GetFileAttributesW
ExpandEnvironmentStringsW
LocalAlloc
MultiByteToWideChar
InitializeCriticalSection
WideCharToMultiByte
CopyFileW
CreateThreadpoolTimer
OpenEventW
InitOnceComplete
SetEvent
InitOnceBeginInitialize
Sleep
LocalFree
RaiseException
GetModuleHandleExA
CreateThreadpoolWait
InterlockedPushEntrySList
InterlockedFlushSList
FreeLibraryAndExitThread
ResumeThread
FreeLibrary
CreateThread
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetThreadpoolTimer
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
CreateMutexExW
GetProcAddress
HeapAlloc
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
EncodePointer
CreateProcessW
TrySubmitThreadpoolCallback
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CompareStringOrdinal
TerminateProcess
LoadLibraryW
FindStringOrdinal

ole32

CoGetObjectContext
CoCreateFreeThreadedMarshaler
CoGetApartmentType
CoCreateGuid
CoDisconnectContext
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2

advapi32

FreeSid
EventWriteTransfer
EventUnregister
RegOpenKeyExW
RegEnumKeyExW
RegNotifyChangeKeyValue
EventSetInformation
RegSetKeyValueW
EventRegister
RegGetValueW
EventActivityIdControl
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegisterServiceCtrlHandlerExW
SetServiceStatus
CheckTokenMembership
AllocateAndInitializeSid
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
OpenThreadToken
CopySid
GetLengthSid
IsValidSid
EnumDynamicTimeZoneInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
TraceMessage

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
SysStringLen

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsCreateString

rpcrt4

UuidCreate

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoActivateInstance
RoRegisterActivationFactories
RoGetActivationFactory

shell32

ord165
SHGetKnownFolderPath
SHParseDisplayName
SHCreateShellItemArrayFromIDLists
SHCreateItemFromParsingName
ord723
ShellExecuteExW

shcore

SHTaskPoolQueueTask
SHRegGetValueW
ord121

windows.networking.vpn

VpnClientSetCostedNetworkSettings
VpnClientGetCostedNetworkSettings

user32

SystemParametersInfoW
EnumWindows
GetWindowThreadProcessId
GetShellWindow
SendMessageW

secur32

GetUserNameExW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-path-l1-1-0

PathCchSkipRoot
PathAllocCombine

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 236KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CompatTelRunner.exe
.exe windows:10 windows x64 arch:x64

28e3625088594cb0020db251a9845bfa

Code Sign

33:00:00:05:56:c9:20:2b:1f:74:32:5d:2d:00:00:00:00:05:56
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

95:9b:57:bc:a9:9a:89:c1:32:b3:70:9a:fd:21:c6:97:5e:8b:2f:a9:97:df:2e:61:68:07:20:e0:d8:77:a8:71
Signer

Actual PE Digest

95:9b:57:bc:a9:9a:89:c1:32:b3:70:9a:fd:21:c6:97:5e:8b:2f:a9:97:df:2e:61:68:07:20:e0:d8:77:a8:71

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CompatTelRunner.pdb

Imports

msvcrt

_wcslwr
strncmp
_wtoi
malloc
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
memcmp
wcscat_s
wcsncmp
_wtoi64
wcschr
??_V@YAXPEAX@Z
_onexit
__dllonexit
wcsstr
_unlock
_lock
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
??1type_info@@UEAA@XZ
strcpy_s
_wcsnicmp
_XcptFilter
_wfopen_s
iswalpha
fwprintf
wcscpy_s
sprintf_s
sscanf_s
wcsrchr
iswdigit
?terminate@@YAXXZ
_wtof
strchr
_vsnprintf
_stricmp
__CxxFrameHandler3
_wcsicmp
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
memset
wcscmp

ntdll

RtlVerifyVersionInfo
LdrResSearchResource
ZwMapViewOfSection
ZwUnmapViewOfSection
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
EtwEventRegister
EtwEventWrite
EtwEventUnregister
ZwCreateSection
ZwQueryInformationFile
ZwCreateFile
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwEnumerateKey
ZwOpenKey
RtlImageDirectoryEntryToData
RtlNtStatusToDosError
RtlAllocateAndInitializeSid
RtlFreeSid
RtlRandomEx
RtlStringFromGUID
RtlDosPathNameToRelativeNtPathName_U
NtLoadKeyEx
RtlReleaseRelativeName
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
ZwClose
RtlLeaveCriticalSection
RtlFreeHeap
RtlInitializeCriticalSection
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlEqualString
RtlAllocateHeap
RtlDeleteCriticalSection
NtCreateEvent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WinSqmIsOptedInEx
VerSetConditionMask
RtlInitUnicodeString
LdrGetDllHandle
RtlInitString
LdrGetProcedureAddress
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtCreateFile
NtQueryInformationFile
NtClose
RtlAdjustPrivilege

rpcrt4

UuidCreate

ws2_32

getaddrinfo
freeaddrinfo
gethostname
WSAGetLastError
WSACleanup
WSAStartup

aepic

ord104
ord106
ord101
ord108
ord109
ord105
ord107
ord103
ord100
ord102

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
FreeLibrary
GetModuleHandleExA
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
InitializeCriticalSectionEx
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
CreateSemaphoreExW
CreateEventW
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
ReleaseMutex
CreateMutexW
EnterCriticalSection
WaitForSingleObject
LeaveCriticalSection
OpenWaitableTimerW
SetEvent
SetWaitableTimer
InitializeSRWLock
TryAcquireSRWLockExclusive
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetExitCodeProcess
GetCurrentProcessId
SetPriorityClass
GetCurrentProcess
TerminateProcess
CreateProcessW
ExitProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringA
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryA
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount64
GetTickCount
GetSystemTime

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpA

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
LoadLibraryA

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegDeleteTreeW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegSetKeySecurity
RegGetValueW
RegUnLoadKeyW
RegLoadKeyW
RegSaveKeyExW
RegCloseKey
RegSetValueExW
RegDeleteKeyExW
RegLoadAppKeyW
RegQueryInfoKeyW
RegCreateKeyExW

api-ms-win-core-synch-l1-2-0

Sleep
SignalObjectAndWait

api-ms-win-core-memory-l1-1-1

SetProcessWorkingSetSizeEx

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW
CreateWaitableTimerW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
OpenFileMappingW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegDeleteKeyW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileAttributesW
GetFileTime
WriteFile
CreateDirectoryW

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus
WTSGetActiveConsoleSessionId

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

winhttp

WinHttpGetDefaultProxyConfiguration
WinHttpQueryHeaders
WinHttpSetOption
WinHttpGetProxyForUrl
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpQueryAuthSchemes
WinHttpReceiveResponse
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpReadData
WinHttpSetCredentials
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
ImpersonateLoggedOnUser
InitializeSecurityDescriptor
RevertToSelf

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-security-credentials-l1-1-0

CredReadW
CredFree

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalFree

oleaut32

SysAllocString
SysStringLen
SysFreeString

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNA

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 188KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ContentDeliveryManager.Utilities.dll
.dll windows:10 windows x64 arch:x64

a0031635e59cb52807d41a60ee5ebd61

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ce:2d:f0:57:c2:64:a7:18:25:83:cb:f2:14:81:82:7d:bb:af:94:55:4d:06:06:86:ea:e6:82:f5:55:0e:bb:5f
Signer

Actual PE Digest

ce:2d:f0:57:c2:64:a7:18:25:83:cb:f2:14:81:82:7d:bb:af:94:55:4d:06:06:86:ea:e6:82:f5:55:0e:bb:5f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ContentDeliveryManager.Utilities.pdb

Imports

msvcrt

_errno
tolower
memchr
_lock
_unlock
setlocale
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
isspace
memmove
__uncaught_exception
??0bad_cast@@QEAA@AEBV0@@Z
??0bad_cast@@QEAA@PEBD@Z
__CxxFrameHandler4
_vscwprintf
memcpy
__pctype_func
isupper
___lc_handle_func
??1bad_cast@@UEAA@XZ
vswprintf_s
___lc_codepage_func
malloc
memmove_s
localeconv
calloc
swprintf_s
___mb_cur_max_func
free
__CxxFrameHandler3
_ismbblead
_CxxThrowException
memset
isalnum
isdigit
sprintf_s
abort
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_get_errno
_wcsdup
__mb_cur_max
_vsnprintf_s
__crtCompareStringW
_set_errno
wcscspn
??0exception@@QEAA@AEBV0@@Z
__crtCompareStringA
ldexp
__crtLCMapStringW
__crtLCMapStringA
??1type_info@@UEAA@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
__C_specific_handler
??0exception@@QEAA@XZ
_initterm
_amsg_exit
??1exception@@UEAA@XZ
_purecall
_XcptFilter
memcmp
??3@YAXPEAX@Z
___lc_collate_cp_func
_Strftime
_Gettnames
_Wcsftime
_W_Gettnames
_W_Getmonths
_W_Getdays
realloc
_wcstoui64
_Getmonths
_Getdays
islower
wcsncpy_s
strcspn
wcschr
strncpy_s
strtol
strchr
strrchr
wcstol
wcstoul
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
_wsetlocale

shcore

ord141
SHTaskPoolQueueTask
SHTaskPoolAllowThreadReuse
IUnknown_Set

api-ms-win-security-base-l1-1-0

GetTokenInformation
ImpersonateLoggedOnUser
RevertToSelf
IsValidSid
GetLengthSid
CopySid
DuplicateTokenEx

api-ms-win-core-file-l1-1-0

SetFileInformationByHandle
LocalFileTimeToFileTime
RemoveDirectoryW
CreateFileW
CreateDirectoryW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleFileNameA
FindStringOrdinal
DisableThreadLibraryCalls
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

CreateMutexExW
ReleaseSRWLockShared
ReleaseMutex
AcquireSRWLockShared
WaitForSingleObject
WaitForMultipleObjectsEx
LeaveCriticalSection
OpenEventW
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
SetEvent
DeleteCriticalSection
ReleaseSemaphore
EnterCriticalSection
ReleaseSRWLockExclusive
CreateEventExW
InitializeCriticalSectionEx
CreateSemaphoreExW
InitializeSRWLock

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
InitOnceComplete
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceExecuteOnce
Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TlsGetValue
TlsAlloc
TlsSetValue
OpenProcessToken
TlsFree

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserMarshal64
WindowsSubstringWithSpecifiedLength
HSTRING_UserUnmarshal
HSTRING_UserFree
HSTRING_UserSize64
HSTRING_UserFree64
WindowsCompareStringOrdinal
HSTRING_UserMarshal
WindowsIsStringEmpty
WindowsCreateString
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsDeleteString
WindowsGetStringLen
HSTRING_UserUnmarshal64
WindowsCreateStringReference
WindowsConcatString
HSTRING_UserSize
WindowsStringHasEmbeddedNull

api-ms-win-core-com-l1-1-0

CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemAlloc
CoWaitForMultipleHandles
CoMarshalInterface
CoGetClassObject
CoGetInterfaceAndReleaseStream
CoGetCallContext
CoTaskMemFree
StringFromGUID2
CoGetApartmentType
CoReleaseMarshalData
CoCreateInstance
CoCreateFreeThreadedMarshaler
CLSIDFromString

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
SetRestrictedErrorInfo
RoOriginateError
GetRestrictedErrorInfo
RoOriginateErrorW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation
EventActivityIdControl

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenKeyExW
RegDeleteKeyExW
RegDeleteTreeW
RegGetValueW
RegCreateKeyExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte
GetStringTypeW

ntdll

RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
NtFsControlFile
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
RtlPublishWnfStateData

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
RoReportFailedDelegate

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch
StrToIntW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-com-private-l1-1-0

CoRegisterInitializeSpy
CoRevokeInitializeSpy

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-oobe-notification-l1-1-0

OOBEComplete

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchCombine

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 900KB - Virtual size: 897KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 724KB - Virtual size: 723KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CredProvDataModel.dll
.dll windows:10 windows x64 arch:x64

f00ce6c21f5208025108f9f39150d9ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

credprovdatamodel.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o_free
_o_malloc
_o_realloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_CxxThrowException
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__CxxFrameHandler3
_o__crt_atexit
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExA
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
FreeLibrary
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
SetEvent
ReleaseSRWLockExclusive
AcquireSRWLockShared
InitializeSRWLock
TryAcquireSRWLockExclusive
CreateSemaphoreExW
CreateEventExW
ReleaseSemaphore
CreateMutexExW
ReleaseSRWLockShared
LeaveCriticalSection
EnterCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
DeleteCriticalSection
WaitForSingleObject
InitializeCriticalSectionEx
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
RaiseException
GetLastError

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister
EventActivityIdControl

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoFailFastWithErrorContext
SetRestrictedErrorInfo
RoOriginateErrorW
GetRestrictedErrorInfo
RoTransformError

oleaut32

SysFreeString

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsCompareStringOrdinal
WindowsIsStringEmpty
WindowsCreateStringReference
WindowsDeleteString
WindowsDuplicateString

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateGuid
StringFromCLSID
CoReleaseMarshalData
CoTaskMemFree
CreateStreamOnHGlobal
CoMarshalInterface
CoTaskMemRealloc
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles
CoGetInterfaceAndReleaseStream
StringFromGUID2

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolAllowThreadReuse

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW

ntdll

RtlIsMultiSessionSku

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 512KB - Virtual size: 510KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CustomInstallExec.exe
.exe windows:10 windows x64 arch:x64

69cb6aaa8e7be4ed6eb03f3cbc946c0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CustomInstallExec.pdb

Imports

msvcp_win

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm_e
_initterm
_c_exit

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsicmp
_o__wtoi
_o__wtoi64
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameW
GetModuleHandleExW
LoadStringW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

CreateMutexExW
ReleaseSRWLockExclusive
CreateSemaphoreExW
ReleaseMutex
OpenSemaphoreW
WaitForSingleObjectEx
WaitForSingleObject
ReleaseSemaphore
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetStartupInfoW
GetCurrentProcess
GetCurrentThreadId
GetExitCodeProcess
TerminateProcess
OpenProcessToken
CreateProcessW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventActivityIdControl
EventRegister

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize
CoInitializeEx

api-ms-win-security-base-l1-1-0

IsValidSid
GetSidSubAuthority
GetTokenInformation
GetSidSubAuthorityCount

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-windowserrorreporting-l1-1-0

WerSetFlags
WerGetFlags

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

ntdll

NtQueryInformationProcess
NtQueryMutant

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-rtcore-ntuser-window-l1-1-0

EnableWindow
AllowSetForegroundWindow
SetWindowTextW
DefWindowProcW
EnumWindows
ShowWindow
SetForegroundWindow
RegisterClassExW
CreateWindowExW
GetWindowThreadProcessId

comctl32

InitCommonControlsEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DMAlertListener.ProxyStub.dll
.dll regsvr32 windows:10 windows x64 arch:x64

920e791082a96ebf1e04c19cee6394ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

DMAlertListener.ProxyStub.pdb

Imports

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

rpcrt4

NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleFree
NdrOleAllocate
NdrDllUnregisterProxy
NdrDllRegisterProxy

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserFree
HSTRING_UserMarshal64
HSTRING_UserUnmarshal
HSTRING_UserUnmarshal64
HSTRING_UserFree64
HSTRING_UserMarshal
HSTRING_UserSize
HSTRING_UserSize64

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DMPushRouterCore.dll
.dll windows:10 windows x64 arch:x64

1af2a23622fc9e76198ca57f51fe96c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

DMPushRouterCore.pdb

Imports

msvcp110_win

?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Add_vtordisp1@?$basic_istream@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Add_vtordisp2@?$basic_ios@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??Bid@locale@std@@QEAA_KXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_BADOFF@std@@3_JB
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?_Getcat@?$codecvt@DDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDH@std@@QEBAHAEAHPEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Syserror_map@std@@YAPEBDH@Z

msvcrt

??1exception@@UEAA@XZ
??3@YAXPEAX@Z
memcpy_s
??_V@YAXPEAX@Z
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
_vsnwprintf
_vsnprintf_s
malloc
_purecall
_callnewh
_XcptFilter
_amsg_exit
_initterm
__C_specific_handler
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
_onexit
memmove
memmove_s
_wcsicmp
wcsstr
qsort
_itow_s
sprintf_s
srand
rand
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
??0bad_cast@@QEAA@AEBV0@@Z
fputc
towlower
fflush
fclose
fgetc
fwrite
swprintf_s
fgetpos
setvbuf
ungetc
fsetpos
_fseeki64
__CxxFrameHandler3
__CxxFrameHandler4
free
memcpy
memcmp
_CxxThrowException
_ltow_s
_ultow_s
memset

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcess
OpenProcessToken
CreateProcessW
GetExitCodeProcess
GetCurrentThread
GetCurrentProcessId
OpenThreadToken
CreateThread
TerminateThread
GetExitCodeThread
TerminateProcess
GetCurrentThreadId

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadLibraryExW
DisableThreadLibraryCalls
FindStringOrdinal
GetModuleHandleW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockShared
ResetEvent
DeleteCriticalSection
AcquireSRWLockShared
ReleaseMutex
InitializeCriticalSectionEx
InitializeCriticalSection
WaitForSingleObjectEx
WaitForSingleObject
CreateMutexExW
CreateEventW
CreateSemaphoreExW
ReleaseSemaphore
OpenSemaphoreW
SetEvent
OpenEventW
ReleaseSRWLockExclusive

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegEnumValueW
RegOpenKeyExW
RegGetValueW
RegCloseKey

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
SleepConditionVariableSRW
WakeAllConditionVariable
InitOnceComplete
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime
GetTickCount

ntdll

RtlIsStateSeparationEnabled
RtlNtStatusToDosError

omadmapi

ord117
ord119
ord118
ord79

dmenrollengine

GetEnrollmentCertStore
ord10
GetEnrollmentSID
GetEnrollmentType

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoInitialize

api-ms-win-core-winrt-string-l1-1-0

WindowsPromoteStringBuffer
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsDeleteStringBuffer
WindowsPreallocateStringBuffer

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalAlloc
LocalFree

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoCreateInstance
CLSIDFromProgID
CoInitializeSecurity
CoRevertToSelf
CLSIDFromString
CoTaskMemFree

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-file-l1-1-0

DeleteFileW
CreateDirectoryW
FindNextFileW
FindFirstFileW
CompareFileTime
FileTimeToLocalFileTime
ReadFile
GetFileSize
FindClose
WriteFile
SetFilePointer
CreateFileW
GetFileAttributesW
SetEndOfFile

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-path-l1-1-0

PathCchSkipRoot
PathCchCombine
PathCchAppend
PathAllocCombine

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-firmware-l1-1-0

GetFirmwareEnvironmentVariableW
SetFirmwareEnvironmentVariableW

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA

Exports

Exports

InitializePushRouter
PrAreAllClientsHandled
PrSvcDecMessageCount
PrSvcGetMessageCount
PrSvcIncMessageCount
PrSvcSetMessageCount
PushRouter_SubmitPushLocal
RegisterRPCInterface
ShutDownPushRouter
ShutDownPushRouterSynchronously
UnregisterRPCInterface

Sections

.text
Size: 244KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DMRServer.dll
.dll windows:10 windows x64 arch:x64

dcecf9d0f2c2611cb81d0078b470e4e4

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:81:07:8b:11:05:29:d1:be:87:46:f8:26:53:6f:13:1c:f9:90:c1:84:61:83:45:02:8e:e4:bf:21:af:a2:89
Signer

Actual PE Digest

62:81:07:8b:11:05:29:d1:be:87:46:f8:26:53:6f:13:1c:f9:90:c1:84:61:83:45:02:8e:e4:bf:21:af:a2:89

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

DMRServer.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__ltow_s
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
_o__ultow_s
memmove
_o__wcsicmp
_o__wcsnicmp
_o__wtof
_o__wtoi
_o__wtoi64
_o_free
_o_iswalpha
_o_iswdigit
_o_malloc
_o_qsort
_o_qsort_s
_o_realloc
_o_strncpy_s
_o_towupper
_o_wcstok_s
_o_wmemcpy_s
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
wcschr
wcsrchr
wcsstr
__CxxFrameHandler4
__std_terminate
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__C_specific_handler
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsncmp
wcscmp
strnlen
memset
wcspbrk

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseMutex
DeleteCriticalSection
InitializeCriticalSectionEx
InitializeSRWLock
CreateEventW
CreateMutexExW
ReleaseSemaphore
SetEvent
AcquireSRWLockShared
OpenSemaphoreW
ResetEvent
LeaveCriticalSection
InitializeCriticalSection
CreateSemaphoreExW
WaitForSingleObject
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
CreateEventExW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
RaiseException
SetLastError

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameA
GetModuleHandleExW
FindStringOrdinal
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameW
FindResourceExW
LoadResource
LockResource
SizeofResource

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy
OpenProcess
IsProcessorFeaturePresent

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-string-l2-1-0

CharLowerW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
OpenProcessToken
OpenThreadToken
GetCurrentThread
GetCurrentProcessId
TlsGetValue
TlsAlloc
TlsFree
SetThreadPriority
TlsSetValue
GetThreadPriority
CreateThread
GetCurrentProcess
TerminateProcess
ResumeThread

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetComputerNameExW
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-threadpool-l1-2-0

CallbackMayRunLong
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
TrySubmitThreadpoolCallback
FreeLibraryWhenCallbackReturns
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegGetValueW
RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegEnumValueW
RegEnumKeyExW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
GetProcessHeap
HeapSize
HeapFree
HeapDestroy
HeapAlloc

api-ms-win-core-file-l1-1-0

CreateFileW
WriteFile
GetFileAttributesW
CreateDirectoryW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-featurestaging-l1-1-0

SubscribeFeatureStateChangeNotification
UnsubscribeFeatureStateChangeNotification
RecordFeatureUsage

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 396KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DXCore.dll
.dll windows:10 windows x64 arch:x64

73e5752d4319a48a50937d14dbd63110

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

53:9d:a0:c7:92:40:e3:12:f7:b1:b6:a3:44:f2:0c:bb:5e:b9:da:a6:3f:c9:f0:aa:aa:d9:45:21:ea:fc:ae:b1
Signer

Actual PE Digest

53:9d:a0:c7:92:40:e3:12:f7:b1:b6:a3:44:f2:0c:bb:5e:b9:da:a6:3f:c9:f0:aa:aa:d9:45:21:ea:fc:ae:b1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

DXCore.pdb

Imports

msvcp_win

?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_unlock
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Incref@facet@locale@std@@UEAAXXZ
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
??0task_continuation_context@Concurrency@@AEAA@XZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
_Cnd_init_in_situ
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
_Cnd_wait
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
_Cnd_register_at_thread_exit
_Cnd_broadcast
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Cnd_destroy_in_situ
_Cnd_unregister_at_thread_exit
_Thrd_id

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___std_type_info_destroy_list
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_dll
_o___std_exception_destroy
memmove
_o_abort
_o_ceilf
_o_free
_o_malloc
_o_terminate
_o_towlower
_o_wcsncpy_s
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
__std_terminate
__CxxFrameHandler4
_o___std_exception_copy
memcmp
memcpy
_o__purecall

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnsubscribeWnfStateChangeNotification
RtlFreeHeap
RtlAllocateHeap
RtlCaptureStackBackTrace
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW
GetModuleFileNameW
GetModuleHandleExA
GetProcAddress

api-ms-win-core-synch-l1-1-0

CreateEventW
DeleteCriticalSection
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
ReleaseMutex
AcquireSRWLockExclusive
WaitForSingleObject
AcquireSRWLockShared
InitializeCriticalSectionEx
LeaveCriticalSection
WaitForSingleObjectEx
ReleaseSemaphore
EnterCriticalSection
ReleaseSRWLockShared
CreateSemaphoreExW
ReleaseSRWLockExclusive
CreateMutexExW
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemWindowsDirectoryW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileTime

api-ms-win-core-psapi-l1-1-0

K32GetModuleInformation

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

win32u

NtGdiDdDDISetVidPnSourceOwner
NtGdiDdDDINetDispStartMiracastDisplayDevice
NtDxgkUnpinResources
NtDxgkEnumAdapters3
NtGdiDdDDISignalSynchronizationObject
NtGdiDdDDIWaitForSynchronizationObject
NtGdiDdDDICreateSynchronizationObject
NtGdiDdDDIOpenResource
NtGdiDdDDICreateAllocation
NtGdiDdDDIChangeVideoMemoryReservation
NtGdiDdDDIQueryVideoMemoryInfo
NtGdiDdDDICloseAdapter
NtGdiDdDDIQueryAdapterInfo
NtDxgkPinResources

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DXCoreCreateAdapterFactory

Sections

.text
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataExchangeHost.exe
.exe windows:10 windows x64 arch:x64

49c1ddf00d65adc71a873b54d5ac58d7

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ca:85:fd:df:8a:e8:80:c3:fe:fb:55:07:2e:f6:70:a7:c9:95:0c:df:c8:4c:d8:7d:f4:56:bb:a5:22:04:b5:69
Signer

Actual PE Digest

ca:85:fd:df:8a:e8:80:c3:fe:fb:55:07:2e:f6:70:a7:c9:95:0c:df:c8:4c:d8:7d:f4:56:bb:a5:22:04:b5:69

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DataExchangeHost.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit

api-ms-win-crt-private-l1-1-0

_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_abort
_o_ceilf
_o_exit
_o_floor
_o_free
_o_iswspace
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
wcschr
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
FindResourceExW
GetModuleHandleExW
LockResource
GetModuleHandleW
FreeLibrary
LoadResource

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
LeaveCriticalSection
AcquireSRWLockShared
CreateEventW
CreateMutexExW
SetEvent
ResetEvent
AcquireSRWLockExclusive
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseSRWLockShared
CreateSemaphoreExW
InitializeCriticalSection
ReleaseMutex
EnterCriticalSection
WaitForSingleObject
DeleteCriticalSection
ReleaseSemaphore
InitializeCriticalSectionEx

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError
SetErrorMode

api-ms-win-core-processthreads-l1-1-0

GetProcessId
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
SetPriorityClass
OpenProcessToken
GetStartupInfoW
GetCurrentThread
OpenThreadToken

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
SetProcessMitigationPolicy
OpenProcess
GetProcessMitigationPolicy

api-ms-win-core-com-l1-1-0

CoIncrementMTAUsage
CoRegisterClassObject
CoDecrementMTAUsage
CoUninitialize
CoFreeUnusedLibrariesEx
CoInitializeEx
CoResumeClassObjects
CoCreateInstance
CoCancelCall
CoInitializeSecurity
CoEnableCallCancellation
CoCreateFreeThreadedMarshaler
CoTaskMemRealloc
CoGetCallerTID
CoTaskMemFree
CoReleaseServerProcess
CoTaskMemAlloc
CoMarshalInterface
CreateStreamOnHGlobal
CoReleaseMarshalData
CoAddRefServerProcess
CoGetMalloc
CoRevokeClassObject
CoMarshalInterThreadInterfaceInStream
CoUnmarshalInterface
CoDisableCallCancellation
CoGetCallContext

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoRegisterActivationFactories
RoRevokeActivationFactories
RoActivateInstance

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError
RoTransformError
GetRestrictedErrorInfo
SetRestrictedErrorInfo

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString
WindowsGetStringLen
WindowsCreateString
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-security-base-l1-1-0

GetTokenInformation
GetSidSubAuthority
DuplicateTokenEx

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-heap-obsolete-l1-1-0

GlobalSize
GlobalUnlock
GlobalLock

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

ntdll

RtlFreeHeap
ZwQueryWnfStateData
RtlNtStatusToDosError
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
RtlInitUnicodeString
RtlAllocateHeap
RtlPublishWnfStateData
NtQueryInformationToken

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-shcore-stream-winrt-l1-1-0

CreateStreamOverRandomAccessStream

api-ms-win-shcore-stream-l1-1-0

IStream_Read
IStream_Reset
IStream_Size

api-ms-win-core-debug-l1-1-1

CheckRemoteDebuggerPresent

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-rtcore-ntuser-window-l1-1-0

SetTimer
DefWindowProcW
ShowWindow
PostMessageW
SendMessageW
UnregisterClassW
DestroyWindow
GetWindowLongPtrW
TranslateMessage
SetForegroundWindow
WindowFromPoint
GetMessageW
GetParent
GetWindowThreadProcessId
GetDesktopWindow
AllowSetForegroundWindow
GetWindowRect
GetPropW
SetWindowLongPtrW
CreateWindowExW
RegisterClassExW
GetClassInfoExW
DispatchMessageW
GetWindowLongW
ClientToScreen
GetForegroundWindow
ScreenToClient

d2d1

ord7

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics

d3d11

D3D11CreateDevice

api-ms-win-rtcore-ntuser-private-l1-1-0

CreateWindowInBand

dwrite

DWriteCreateFactory

api-ms-win-rtcore-ntuser-clipboard-l1-1-0

GetClipboardFormatNameW

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFullName

combase

ord69
ord99

twinapi

ord11
ord12

dcomp

ord1019
DCompositionCreateDevice2

user32

ord2550
GetTopLevelWindow
ord2557
SetCapture
GetCapture
IsIconic
ord2521
AttachThreadInput
GetSysColor
GetAsyncKeyState
SetProcessDefaultLayout
GetWindowDpiAwarenessContext
ReleaseCapture
SendInput

msvcp_win

?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

oleaut32

SetErrorInfo
GetErrorInfo
SysFreeString
SysStringLen
SysAllocString

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Sections

.text
Size: 192KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataStoreCacheDumpTool.exe
.exe windows:10 windows x64 arch:x64

92d24aaef3eb74338a5a2498bef83307

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DataStoreCacheDumpTool.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_register_thread_local_exe_atexit_callback
_initterm_e
_c_exit

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__exit
_o__fileno
_o__get_errno
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_errno
_o__set_fmode
_o__set_new_mode
_o__setmode
memmove
_o__configure_wide_argv
_o__wfopen
_o_ceilf
_o_exit
_o_fclose
_o_free
_o_malloc
_o_sqrt
_o_terminate
_o_towupper
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__callnewh
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler4
_o__configthreadlocale
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o___p__commode
_o___p___wargv
_o___p___argc
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW
FreeLibrary

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

SetEvent
InitializeCriticalSectionEx
AcquireSRWLockExclusive
LeaveCriticalSection
ReleaseSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseMutex
CreateMutexExW
AcquireSRWLockShared
ReleaseSemaphore
DeleteCriticalSection
WaitForSingleObject
EnterCriticalSection
CreateEventExW
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
ResetEvent
CreateEventW
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc
CoWaitForMultipleHandles
StringFromGUID2
CoUninitialize
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemRealloc
CoInitializeEx

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
OpenThreadToken
TerminateProcess
GetCurrentThread

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-shell-shdirectory-l1-1-0

ord290

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-path-l1-1-0

PathCchCanonicalizeEx
PathCchRemoveFileSpec

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDuplicateString
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsFileSpecW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSize
ReadFile

api-ms-win-shcore-stream-l1-1-0

IStream_Reset
IStream_Read
SHCreateMemStream
IStream_Size

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DesktopShellExt.dll
.dll windows:10 windows x64 arch:x64

0150f14ee853f1b5aa8677f2bc7850be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

desktopshellext.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wtoi
_o_abort
_o_ceilf
_o_free
_o_iswspace
_o_malloc
_o_realloc
__C_specific_handler
_o__configure_narrow_argv
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__callnewh
_o__crt_atexit
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
_CxxThrowException
__CxxFrameHandler3

api-ms-win-crt-string-l1-1-0

strncmp
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameW
GetModuleHandleExA
GetProcAddress
FreeLibrary

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
OpenEventW
EnterCriticalSection
WaitForMultipleObjectsEx
CreateEventExW
LeaveCriticalSection
DeleteCriticalSection
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
InitializeCriticalSectionAndSpinCount

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
GetCurrentProcess
GetExitCodeProcess
GetProcessTimes
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventActivityIdControl
EventWriteTransfer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegEnumValueW

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc

api-ms-win-core-shlwapi-legacy-l1-1-0

PathRemoveBlanksW
PathFindFileNameW

api-ms-win-shcore-registry-l1-1-0

SHRegGetValueW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer
TrySubmitThreadpoolCallback

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-shlwapi-winrt-storage-l1-1-1

PathRemoveArgsW

api-ms-win-rtcore-ntuser-window-l1-1-0

FindWindowW
PostMessageW
GetWindowThreadProcessId

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNIW
StrCmpICW

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

ntdll

RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlGetDeviceFamilyInfoEnum

msvcp_win

?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Thrd_yield
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Xlength_error@std@@YAXPEBD@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

oleaut32

SysAllocString
SysStringLen
SysFreeString
GetErrorInfo
SetErrorInfo

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DeviceEnroller.exe
.exe windows:10 windows x64 arch:x64

8f663f6063278af99491b7b7ab582628

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

deviceenroller.pdb

Imports

msvcp110_win

?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?_BADOFF@std@@3_JB
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Add_vtordisp1@?$basic_ios@GU?$char_traits@G@std@@@std@@UEAAXXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Add_vtordisp2@?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAAXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?endl@std@@YAAEAV?$basic_ostream@GU?$char_traits@G@std@@@1@AEAV21@@Z

msvcrt

memmove
memcpy
?terminate@@YAXXZ
__CxxFrameHandler3
srand
rand
_vsnwprintf_s
wcstod
sprintf_s
_wtoi
swprintf_s
_wcsnicmp
wcsncmp
_commode
_fmode
_acmdln
_initterm
__setusermatherr
memcmp
_CxxThrowException
memset
??3@YAXPEAX@Z
__CxxFrameHandler4
??_V@YAXPEAX@Z
_vsnwprintf
memcpy_s
_purecall
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
__C_specific_handler
_wcsicmp
wcsstr
free
memmove_s
malloc
wcsncpy_s
_callnewh
_XcptFilter
_ismbblead
_amsg_exit
__getmainargs
__set_app_type
exit
_cexit
realloc
_errno
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_exit
_lock

dmenrollengine

GetEnrollmentAuthPolicy
GetEnrollmentCertStore
GetEnrollmentSID
GetEnrollmentPartnerOpaqueID
GetEnrollmentState
GetEnrollmentEntDmId
GetEnrollmentAadResourceUrl
GetEnrollmentClientCertThumbprint
ord7
MmpcDiscoverEndpoint
ord3
ord1
GetEnrollmentType
SetEnrollState
EnrollEngineInitialize
GetIsRecoveryAllowed
ord10
SetMmpcEnrollmentFlag

dmcmnutils

OmaDmRegistryGetDWORD
OmaDmRegistryDeleteValue
DmImpersonate
DmRevertToSelf
MBToUnicode
UnicodeToMB
DmRemoveToastNotification
SafeWideCharToMultiByte
OmaDmRegistryGetAllSubKeys
OmaDmRegistrySetDWORD
OmDmRegistryAllocAndGetString
OmaDmRegistrySetString
OmaDmRegistrySetBinary
BigStrcat
DmRaiseToastNotificationAndWait
DmDisableTask
DmRaiseToastNotification
CopyString
HexStringToBinary
DmGetAadUserToken
OmaDmRegistryGetString
DmGetAadDeviceToken
InvStrCmpIW
DmGetActiveUserSid
DmDeleteTask
DmGetCurrentUserSid
DmRemoveToastNotificationByExecutablePath

omadmapi

ord64
ord105
ord22
ord103
ord102
ord114
ord104
ord119
ord54
ord117
ord23
ord118
ord52
ord34
ord101
ord18
ord37
ord56
ord47

ntdll

NtCreateWnfStateName
NtDeleteWnfStateName
RtlNtStatusToDosErrorNoTeb
RtlGetDeviceFamilyInfoEnum
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlNtStatusToDosError
RtlIsStateSeparationEnabled
RtlIsMultiUsersInSessionSku

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

combase

ord154
ord69

umpdc

PdcActivationClientRegister
PdcActivationClientActivityRequest
PdcActivationClientUnregister

xmllite

CreateXmlReader
CreateXmlReaderInputWithEncodingName

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

dmenterprisediagnostics

RecordDiagnosticsError

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleW
FindResourceExW
FreeLibrary
SizeofResource
GetModuleFileNameA
GetModuleHandleExW
LockResource
LoadResource
LoadStringW
LoadLibraryExW
GetProcAddress

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
ResetEvent
CreateEventW
WaitForMultipleObjectsEx
CreateSemaphoreExW
CreateEventExW
ReleaseSemaphore
DeleteCriticalSection
WaitForSingleObject
AcquireSRWLockShared
ReleaseMutex
SetEvent
WaitForSingleObjectEx
OpenSemaphoreW
OpenEventW
CreateMutexExW
ReleaseSRWLockShared
ReleaseSRWLockExclusive
EnterCriticalSection
AcquireSRWLockExclusive
InitializeCriticalSection
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsCreateString
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
GetCurrentThreadId
OpenThreadToken
GetCurrentProcessId
TerminateProcess
GetStartupInfoW
GetCurrentProcess
OpenProcessToken
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoInitialize
RoActivateInstance
RoUninitialize

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

VariantClear
SafeArrayCreate
VariantTimeToSystemTime
VariantInit
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayUnlock
SafeArrayGetLBound
SysAllocStringLen
VariantChangeTypeEx
SysStringByteLen
SysAllocStringByteLen
SafeArrayLock
VarUI4FromStr
SysFreeString
SysAllocString

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW
LookupAccountNameW
LookupAccountSidW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegGetValueW
RegDeleteTreeW
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegOpenCurrentUser
RegCloseKey
RegQueryInfoKeyW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

samcli

NetUserGetInfo
NetLocalGroupGetMembers
NetLocalGroupAddMembers

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-url-l1-1-0

UrlUnescapeW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA
lstrcmpiW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
RevertToSelf
ImpersonateLoggedOnUser
GetLengthSid
GetTokenInformation
CopySid

netutils

NetApiBufferFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetTickCount64
GetSystemTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-file-l1-1-0

CompareFileTime
FileTimeToLocalFileTime

sspicli

GetUserNameExW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

crypt32

CertOpenStore
CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext

declaredconfiguration

DMOrchestratorRefresh
DMOrchestratorRefreshPerEnrollment

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 340KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DolbyDecMFT.dll
.dll regsvr32 windows:10 windows x64 arch:x64

e11a24f4b129e978cb5d1869a2dcf839

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:3f:fa:12:92:6c:8e:ae:c5:a9:d5:88:8c:6d:d2:5b:b3:f6:de:a7:37:a1:b3:ef:0e:23:1e:d6:f7:1c:0e:31
Signer

Actual PE Digest

a6:3f:fa:12:92:6c:8e:ae:c5:a9:d5:88:8c:6d:d2:5b:b3:f6:de:a7:37:a1:b3:ef:0e:23:1e:d6:f7:1c:0e:31

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

DolbyAtmosDecMFT.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_free
_o_lrintf
_o_malloc
_o_rand
_o_sqrtf
_o_srand
_o_strncpy_s
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
__CxxFrameHandler3
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__C_specific_handler
__CxxFrameHandler4
_CxxThrowException
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcsnlen
strnlen

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TlsSetValue
SetThreadPriority
CreateThread
TlsAlloc
TerminateProcess
GetCurrentProcess
TlsGetValue
GetCurrentThreadId
GetCurrentThread
TlsFree
ResumeThread
GetThreadPriority

ntdll

RtlGetPersistedStateLocation
NtQuerySystemInformation

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
LoadLibraryExW
GetModuleFileNameW
GetModuleFileNameA
FreeLibraryAndExitThread
FreeLibrary
DisableThreadLibraryCalls
GetModuleHandleExW

api-ms-win-core-rtlsupport-l1-1-0

RtlDeleteFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlAddFunctionTable

api-ms-win-core-synch-l1-1-0

CreateMutexExW
OpenSemaphoreW
InitializeCriticalSection
ReleaseSRWLockShared
AcquireSRWLockShared
WaitForSingleObjectEx
SetEvent
CreateEventExW
ReleaseSemaphore
InitializeCriticalSectionEx
AcquireSRWLockExclusive
WaitForSingleObject
OpenEventW
EnterCriticalSection
ReleaseMutex
CreateSemaphoreExW
LeaveCriticalSection
DeleteCriticalSection
ReleaseSRWLockExclusive

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetTickCount
GetLocalTime
GlobalMemoryStatusEx
GetVersionExW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

mfperfhelper

ord1

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventWriteTransfer
EventRegister

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-featurestaging-l1-1-0

UnsubscribeFeatureStateChangeNotification
RecordFeatureUsage
SubscribeFeatureStateChangeNotification

api-ms-win-core-threadpool-l1-2-0

TrySubmitThreadpoolCallback
CallbackMayRunLong
FreeLibraryWhenCallbackReturns
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-core-file-l1-1-0

GetDiskFreeSpaceW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-processenvironment-l1-1-0

FreeEnvironmentStringsA
GetEnvironmentStringsW
FreeEnvironmentStringsW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 744KB - Virtual size: 743KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 4KB - Virtual size: 280B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 4KB - Virtual size: 460B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DrtmAuthTxt.wim
EditBufferTestHook.dll
.dll windows:10 windows x64 arch:x64

305fe82001f625c3963f0278afa61753

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

EditBufferTestHook.pdb

Imports

msvcrt

??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@XZ
_callnewh
_ismbblead
_errno
__C_specific_handler
_initterm
_amsg_exit
__crtLCMapStringW
??1type_info@@UEAA@XZ
_XcptFilter
___mb_cur_max_func
calloc
___lc_codepage_func
___lc_handle_func
__uncaught_exception
abort
?terminate@@YAXXZ
_vsnwprintf
_vsnprintf_s
__dllonexit
memmove_s
_onexit
__pctype_func
memmove
memcmp
memcpy
__CxxFrameHandler3
_CxxThrowException
__CxxFrameHandler4
setlocale
_unlock
_lock
_beginthreadex
_wcsdup
?what@exception@@UEBAPEBDXZ
memcpy_s
_purecall
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
??0bad_cast@@QEAA@PEBD@Z
strcspn
malloc
sprintf_s
localeconv
_wsetlocale
??0exception@@QEAA@AEBV0@@Z
free
??1exception@@UEAA@XZ
memset
??0exception@@QEAA@AEBQEBD@Z
??_V@YAXPEAX@Z
??3@YAXPEAX@Z

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer

api-ms-win-core-errorhandling-l1-1-3

TerminateProcessOnMemoryExhaustion

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
ReleaseSRWLockShared
ReleaseMutex
CreateSemaphoreExW
WaitForSingleObjectEx
EnterCriticalSection
CreateMutexExW
AcquireSRWLockShared
AcquireSRWLockExclusive
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
DeleteCriticalSection
LeaveCriticalSection
CreateEventW
WaitForSingleObject
SetEvent
ReleaseSemaphore

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-string-l1-1-0

GetStringTypeW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

coremessaging

CoreUICreate

coreuicomponents

CoreUIFactoryCreate
CoreUIClientCreate

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

Exports

Exports

CreateEditBufferTestHook
CreateEditBufferTestHookClient
EnableTestHook
GetTestHookEnabled

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExecModelClient.dll
.dll windows:10 windows x64 arch:x64

d1dd6feedcc7c7eccd5e7c30aff7ec5b

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:c4:e2:04:6e:c9:a4:97:bd:b6:ee:fb:5c:87:2b:71:21:39:18:69:48:fa:d9:2b:89:3f:0a:3e:a5:e5:a9:c9
Signer

Actual PE Digest

5d:c4:e2:04:6e:c9:a4:97:bd:b6:ee:fb:5c:87:2b:71:21:39:18:69:48:fa:d9:2b:89:3f:0a:3e:a5:e5:a9:c9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ExecModelClient.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__ui64tow_s
memmove
_o_abort
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
_o_wcscpy_s
_o_wcstok_s
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_o__errno
_CxxThrowException
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
__std_type_info_compare
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o____lc_codepage_func
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadLibraryExW
FindResourceExW
LoadResource
GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleExA
LockResource

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
OpenSemaphoreW
SetEvent
CreateEventW
ReleaseMutex
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
CreateSemaphoreExW
InitializeSRWLock
WaitForMultipleObjectsEx
CreateMutexExW
CreateEventExW
ReleaseSemaphore
InitializeCriticalSectionEx
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
OpenProcessToken
GetProcessId
CreateThread
GetThreadId
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageA
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsIsStringEmpty
WindowsCreateStringReference
WindowsStringHasEmbeddedNull
WindowsGetStringLen
WindowsCreateString
WindowsConcatString

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventActivityIdControl
EventUnregister
EventSetInformation

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo
SetRestrictedErrorInfo
RoOriginateErrorW
RoTransformError
RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-com-l1-1-0

CoRevokeClassObject
StringFromGUID2
CoTaskMemAlloc
CoCreateInstance
CoCreateInstanceEx
CoUninitialize
CoInitializeEx
CoCreateGuid
CoReleaseMarshalData
CreateStreamOnHGlobal
CoMarshalInterface
CoGetClassObject
CoGetCallContext
CoTaskMemFree
CoWaitForMultipleHandles
CoGetApartmentType
CoRegisterClassObject
CoResumeClassObjects
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
CoGetCallerTID

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoGetActivationFactory
RoRegisterActivationFactories
RoActivateInstance

api-ms-win-core-synch-l1-2-0

InitializeConditionVariable
WakeConditionVariable
InitOnceBeginInitialize
InitOnceComplete
WaitOnAddress
InitOnceExecuteOnce
WakeByAddressAll

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedFlushSList
InitializeSListHead

combase

ord67
ord68
ord66

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
_Make_dir
_Unlink
_Stat
_Lstat
_Open_dir
_Close_dir
_Remove_dir

api-ms-win-core-heap-l2-1-0

LocalFree
LocalReAlloc
LocalAlloc

ntdll

RtlRunOnceBeginInitialize
RtlAcquireSRWLockExclusive
RtlGetDeviceFamilyInfoEnum
RtlReleaseSRWLockExclusive
RtlDeriveCapabilitySidsFromName
RtlFreeHeap
RtlInitializeSRWLock
NtQuerySystemInformation
RtlValidSid
NtQueryInformationToken
RtlCopySid
RtlAllocateHeap
RtlRunOnceExecuteOnce
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
RtlSleepConditionVariableSRW
RtlQueryUnbiasedInterruptTime

api-ms-win-core-psm-key-l1-1-0

PsmGetKeyFromProcess

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
RoReportFailedDelegate

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-security-base-l1-1-0

GetLengthSid
CopySid
EqualSid
GetTokenInformation

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegGetValueW
RegDeleteKeyExW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-psapi-l1-1-0

K32GetProcessImageFileNameW

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabledForPackage

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-file-l1-1-0

CreateFileW
DeleteFileW
GetFileAttributesExW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

CreateForegroundTaskManager
CreateModernVoipPolicy
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
TestHook_CancelShutdown

Sections

.text
Size: 372KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExplorerFrame.dll
.dll windows:10 windows x64 arch:x64

8f9d569e07b30cd10e6d5b13c3ac357f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ExplorerFrame.pdb

Imports

msvcp_win

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Xlength_error@std@@YAXPEBD@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Xbad_alloc@std@@YAXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
_Thrd_yield
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

api-ms-win-crt-string-l1-1-0

wcsncmp
strncmp
memset
wcscmp
wcsnlen

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o_free
_o_iswspace
_o_malloc
_o_memcpy_s
memmove
_o_rand
_o_realloc
_o_strncpy_s
_o_terminate
__current_exception
__current_exception_context
__CxxFrameHandler3
_o__set_errno
_o__seh_filter_dll
_o__register_onexit_function
_o__purecall
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__wcsicmp
_o__ultow_s
_o_abort
_o__get_errno
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__C_specific_handler
strchr
__std_terminate
__CxxFrameHandler4
_CxxThrowException
memcmp
memcpy

shcore

SHSetValueW
SHGetThreadRef
SHStrDupA
ord200
ord131
SHDeleteKeyW
SHRegGetValueW
ord126
SHTaskPoolQueueTask
ord120
SHQueryValueExW
IUnknown_GetSite
SHStrDupW
IStream_Reset
SHEnumValueW
ord187
ord186
ord183
ord210
ord102
ord162
ord182
ord125
ord175
GetProcessDpiAwareness
ord130
ord213
ord192
SHUnicodeToAnsi
SHDeleteValueW
IStream_Write
SHGetValueW
ord188
ord191
SHOpenRegStream2W
SHCreateThread
IsOS
ord141
GetDpiForMonitor
SHCreateThreadRef
ord140
ord212
ord193
ord190
ord122
SHCreateMemStream
ord170
ord143
SHAnsiToUnicode
IStream_Size
IStream_Read
SHSetThreadRef
ord142
IUnknown_SetSite
IUnknown_QueryService
IUnknown_Set
ord172
ord145
ord123

shell32

SHChangeNotifyRegisterThread
SHGetInstanceExplorer
SHGetKnownFolderItem
SHChangeNotify
ord947
ord948
ord14
ord162
ord85
ord152
ord153
SHGetFolderPathEx
SHGetPathFromIDListW
ord900
Shell_GetCachedImageIndexW
SHCreateShellItemArrayFromDataObject
SHCreateItemFromParsingName
SHSetTemporaryPropertyForItem
SHGetTemporaryPropertyForItem
SHGetNameFromIDList
ord88
ord193
ord71
ord787
ord727
SHGetIconOverlayIndexW
SHCreateShellItemArrayFromShellItem
SHELL32_AreAllItemsAvailable
ord6
SHCreateItemInKnownFolder
ord912
ord862
SHGetDesktopFolder
ord897
ord942
ord893
SHGetFolderLocation
ord945
ord98
ord853
ord27
SHGetPathFromIDListA
ord103
StateRepoNewMenuCache_EnsureCacheAsync
ord90
SHGetPropertyStoreForWindow
ord59
ShellAboutW
SHCreateShellItemArray
ord888
SHGetItemFromDataObject
ord22
ord134
ord129
ord136
ord173
ord654
ord652
ord747
ord871
RegenerateUserEnvironment
ShellExecuteExW
ord851
ord824
ord147
ord95
ord881
ord137
SHAppBarMessage
ord823
ord777
SHGetItemFromObject
SHCreateShellItemArrayFromIDLists
ord941
ord866
ord833
ord882
ord24
ord4
ord2
SHCreateItemWithParent
SHGetKnownFolderIDList
ord68
ord873
ord23
ord645
ord644
ord939
ord21
SHBindToObject
ord17
ord19
SHBindToFolderIDListParentEx
ord25
DragQueryFileW
ord67
ord132
ord74
ord840
SHPathPrepareForWriteW
SHBindToFolderIDListParent
ord102
SHGetIDListFromObject
ord884
ord77
SHBindToParent
SHGetFileInfoW
ord155
ord100
ord850
SHGetKnownFolderPath
SHGetSpecialFolderLocation
SHParseDisplayName
ord18
SHCreateItemFromIDList
ord16
ord176
ord829
ord870

shlwapi

ord200
ord479
ord388
ord204
StrCmpW
StrDupW
PathIsRelativeW
ord172
ord164
ord165
ord163
ord509
ord268
ord481
ChrCmpIW
ord225
ord173
PathFindNextComponentW
PathSkipRootW
StrStrIW
PathIsUNCW
PathIsURLW
ord219
ord2
ord267
ord202
ord1
PathAppendW
PathRemoveFileSpecW
ord317
PathRemoveExtensionW
ord639
ord533
ord487
ord538
StrCmpNIW
StrToIntExW
StrPBrkW
StrToIntW
IntlStrEqWorkerW
ord581
ord154
HashData
ord517
ord516
UrlApplySchemeW
UrlCreateFromPathW
UrlCanonicalizeW
ord210
ord287
SHCreateShellPalette
UrlUnescapeA
PathCreateFromUrlA
ord240
ord288
ord635
ord282
GetMenuPosFromID
ord192
ord384
ord187
ord179
ord209
ord208
ord540
AssocCreate
PathFileExistsW
PathCompactPathExW
StrCmpIW
StrTrimW
ord239
PathFindExtensionW
ord545
ord157
ord571
StrCmpNW
ord181
SHRegGetBoolUSValueW
ord638
PathCreateFromUrlW
ord283
ord281
ord286
PathFindFileNameW
ord284
PathUnquoteSpacesW
StrStrW
ord156
ord178
PathStripToRootW
StrChrW
PathGetDriveNumberW
ord616
ord515
ord167
ord168
PathParseIconLocationW
AssocQueryStringW
ord484
SHRegGetUSValueW
ord24
ord197
ord433
ord158
ord201
ord191
ord186
ord190
ord478
ord182
ord198
ord177

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleExA
FreeLibrary
LoadStringW
LockResource
FindStringOrdinal
LoadResource
GetProcAddress
GetModuleHandleExW
FindResourceExW
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
OpenMutexW
WaitForMultipleObjectsEx
InitializeCriticalSectionAndSpinCount
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
CreateEventExW
ResetEvent
SetEvent
CreateSemaphoreExW
DeleteCriticalSection
AcquireSRWLockShared
AcquireSRWLockExclusive
InitializeCriticalSection
CreateEventW
ReleaseMutex
ReleaseSRWLockShared
CreateMutexExW
OpenEventW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapDestroy
HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-com-l1-1-0

StringFromCLSID
CoUnmarshalInterface
CoRegisterClassObject
CreateStreamOnHGlobal
CoRevokeClassObject
PropVariantCopy
CoCreateGuid
CoMarshalInterface
CoGetClassObject
CoGetObjectContext
CoTaskMemAlloc
CoFreeUnusedLibraries
CLSIDFromString
CoTaskMemFree
CoGetMalloc
StringFromGUID2
CoGetApartmentType
CoWaitForMultipleHandles
CoGetInterfaceAndReleaseStream
CoReleaseMarshalData
CoMarshalInterThreadInterfaceInStream
GetHGlobalFromStream
CoInitializeEx
CoUninitialize
CoCreateFreeThreadedMarshaler
CoCreateInstance
PropVariantClear
CoTaskMemRealloc

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventSetInformation
EventWriteTransfer
EventEnabled
EventWrite
EventUnregister
EventRegister

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
CreateThreadpoolWait
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolWait
WaitForThreadpoolTimerCallbacks
WaitForThreadpoolWaitCallbacks
CloseThreadpoolTimer
TrySubmitThreadpoolCallback

api-ms-win-core-processthreads-l1-1-0

TlsFree
GetThreadPriority
TlsAlloc
SetThreadPriority
GetCurrentProcessId
TlsGetValue
GetCurrentThreadId
GetCurrentProcess
TlsSetValue
TerminateProcess
GetStartupInfoW
CreateThread
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FindNLSStringEx
FormatMessageW
GetThreadUILanguage
GetLocaleInfoW
GetUserDefaultLCID
GetThreadLocale
FindNLSString

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegGetValueW
RegEnumKeyExW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
GetStringTypeW
WideCharToMultiByte
CompareStringW

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryW
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetLocalTime
GetTickCount64

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
LoadLibraryA

api-ms-win-core-path-l1-1-0

PathCchRemoveExtension
PathCchRemoveFileSpec
PathCchStripToRoot
PathCchCombine

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

rpcrt4

UuidCreate

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalAlloc
LocalReAlloc
GlobalFree
LocalFree

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-file-l1-1-0

GetDriveTypeW

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
GetEnvironmentVariableW
ExpandEnvironmentStringsW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-string-l2-1-0

CharUpperW
CharNextW

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlCaptureStackBackTrace
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

ntdll

WinSqmAddToStream
RtlQueryResourcePolicy
WinSqmSetDWORD
WinSqmAddToStreamEx
WinSqmIncrementDWORD
NtQueryWnfStateData
RtlQueryWnfStateData
RtlNtStatusToDosError

advapi32

RegEnumKeyW
RegCreateKeyW
RegOpenKeyW

imm32

ImmNotifyIME
ImmReleaseContext
ImmSetCandidateWindow
ImmGetCompositionStringW
ImmSetCompositionStringW
ImmGetDefaultIMEWnd
ImmIsIME
ImmGetContext

kernel32

lstrcmpiW
RegisterWaitForSingleObject
UnregisterWait
lstrlenW
DeactivateActCtx
GetUserDefaultUILanguage
GlobalLock
GlobalUnlock
lstrcmpW
MulDiv
ActivateActCtx
GlobalSize
AddAtomW
lstrlenA
CreateActCtxW
ReleaseActCtx
lstrcmpA

user32

GetClassLongW
DestroyCaret
SetCaretPos
SetWindowLongPtrW
DefWindowProcW
LoadCursorW
DispatchMessageW
TranslateMessage
SystemParametersInfoW
GetDC
ReleaseDC
GetWindowRect
GetDpiForWindow
GetSystemMetricsForDpi
SystemParametersInfoForDpi
ShowWindow
SendMessageW
GetKeyState
TranslateAcceleratorW
SetFocus
GetFocus
GetWindowTextW
KillTimer
SetTimer
GetSysColor
GetSystemMetrics
DestroyAcceleratorTable
IsWindow
DestroyWindow
LoadAcceleratorsW
RegisterClassW
SetPropW
GetWindowLongW
SetWindowTextW
GetPropW
RemovePropW
CallWindowProcW
GetSystemMenu
GetParent
SetWindowPos
GetClientRect
OffsetRect
InvalidateRect
GetAsyncKeyState
GetAncestor
TrackMouseEvent
EnableWindow
GetWindowTextLengthW
SetCursor
GetCursorPos
MapWindowPoints
PtInRect
PeekMessageW
SendNotifyMessageW
GetClassNameW
FindWindowW
SendMessageTimeoutW
GetForegroundWindow
GetDesktopWindow
ScreenToClient
OpenClipboard
GetClipboardData
CloseClipboard
RegisterWindowMessageA
IsChild
RedrawWindow
LockWindowUpdate
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
GetWindow
RegisterClipboardFormatW
GetMenuItemCount
PostMessageW
SetCapture
InflateRect
GetCapture
ReleaseCapture
CreatePopupMenu
CheckMenuItem
EnableMenuItem
DeleteMenu
DestroyMenu
TrackPopupMenu
MonitorFromWindow
IsWindowVisible
GetWindowLongPtrW
IsWindowUnicode
DefWindowProcA
SetClipboardData
TrackPopupMenuEx
ClientToScreen
CopyRect
SetForegroundWindow
GetClassWord
GetMenuItemID
GetMenuItemInfoW
GetSubMenu
GetMenuState
InsertMenuW
MonitorFromPoint
GetMonitorInfoW
GetMessagePos
GetActiveWindow
AdjustWindowRectEx
MoveWindow
SetParent
SetRectEmpty
IntersectRect
IsRectEmpty
SetWindowRgn
MessageBeep
SetRect
MonitorFromRect
EqualRect
PostQuitMessage
MsgWaitForMultipleObjectsEx
AttachThreadInput
GetWindowThreadProcessId
RegisterWindowMessageW
GetLastActivePopup
GetShellWindow
DestroyIcon
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
SetWindowPlacement
GetWindowPlacement
SetClassLongPtrW
IsWindowEnabled
FillRect
IsIconic
GetPhysicalCursorPos
WaitMessage
EnumDesktopWindows
EnumDisplayMonitors
IsZoomed
SetLayeredWindowAttributes
RegisterClassExW
CreateWindowExW
GetMenuStringW
DrawTextW
AnimateWindow
GetSysColorBrush
DrawEdge
NotifyWinEvent
BeginPaint
EndPaint
GetDlgCtrlID
GetMenuDefaultItem
SetWindowLongW
SetMenuDefaultItem
SetMessageExtraInfo
GetDoubleClickTime
GetMessageExtraInfo
SetClipboardViewer
ChangeClipboardChain
WindowFromPoint
AppendMenuW
LoadBitmapW
GetIconInfo
IsClipboardFormatAvailable
SendInput
GetClassInfoExW
DrawTextExW
LoadMenuW
AddClipboardFormatListener
InsertMenuItemW
SetMenuItemInfoW
RemoveClipboardFormatListener
CallMsgFilterW
LoadIconW
EnumWindows
CreateMenu
IsHungAppWindow
CopyIcon
PhysicalToLogicalPointForPerMonitorDPI
IsWinEventHookInstalled
SetGestureConfig
GetGestureInfo
CloseGestureInfoHandle
UpdateWindow
EnumChildWindows
RemoveMenu
UnionRect
GetScrollBarInfo
GetWindowBand
ord2705
ord2707
GetKeyboardLayout
ActivateKeyboardLayout
ValidateRect
GetMessageTime
GetMenuInfo
SetMenuInfo
GetCurrentInputMessageSource
CreateCaret
HideCaret
ShowCaret

gdi32

GetStockObject
CreateRectRgnIndirect
StretchBlt
SetTextAlign
GetTextExtentPoint32W
CreateSolidBrush
SetTextColor
DeleteDC
GdiAlphaBlend
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
GetTextExtentPointW
GetCharWidth32W
GetRgnBox
GetClipRgn
OffsetViewportOrgEx
ExtTextOutW
GetTextMetricsW
SelectClipRgn
GdiTransparentBlt
CreateBitmapFromDxSurface
CreateRectRgn
CreatePalette
RealizePalette
SelectPalette
SetPaletteEntries
GetPaletteEntries
GetDCDpiScaleValue
SetViewportOrgEx
LPtoDP
GetViewportOrgEx
SetLayout
GetLayout
GetObjectType
StretchDIBits
GetDIBits
CreateDIBSection
BitBlt
SetBkMode
Polyline
CreatePen
SelectObject
CreateFontIndirectW
GetDeviceCaps
SetRectRgn
CombineRgn
EqualRgn
SetBkColor
GetObjectW
SetWindowOrgEx
GetClipBox
OffsetWindowOrgEx

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetVersion

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 484KB - Virtual size: 482KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FNTCACHE.DAT
FaxPrinterInstaller.dll
.dll windows:10 windows x64 arch:x64

c449049348e26c4c9cc2435dac6e7949

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FaxPrinterInstaller.pdb

Imports

msvcrt

??1type_info@@UEAA@XZ
?terminate@@YAXXZ
memcmp
_XcptFilter
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
memset
_vsnwprintf
_wcsicmp
wcschr
__CxxFrameHandler4
memcpy_s
??3@YAXPEAX@Z
_purecall
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
memmove_s
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
wcscmp

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleFileNameA
FreeLibrary
GetProcAddress
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-file-l1-1-0

FindFirstFileW
DeleteFileW
FindNextFileW
FindClose

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
InitializeCriticalSectionEx
CreateSemaphoreExW
OpenSemaphoreW
ReleaseSRWLockShared
CreateMutexExW
WaitForSingleObjectEx
AcquireSRWLockShared
AcquireSRWLockExclusive
EnterCriticalSection
DeleteCriticalSection
ReleaseMutex
LeaveCriticalSection
ReleaseSRWLockExclusive
ReleaseSemaphore

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer

ext-ms-win-com-sta-l1-1-0

CoInitialize

shell32

SHChangeNotify
SHGetMalloc
SHGetSpecialFolderLocation

winspool.drv

DeletePrinterDriverExW
EnumPrintersW
OpenPrinterW
ClosePrinter
EnumPrinterDriversW
InstallPrinterDriverFromPackageW
DeleteMonitorW
DeletePrinter
AddPrinterW
AddMonitorW
SetPrinterW
GetPrinterW

setupapi

SetupGetInfDriverStoreLocationW

Exports

Exports

InstallLocalFaxPrinter
UninstallLocalFaxPrinter

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FirewallAPI.dll
.dll regsvr32 windows:10 windows x64 arch:x64

2058ce3451d2ab2c67a4cc88f143b6f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FirewallAPI.pdb

Imports

msvcrt

??1type_info@@UEAA@XZ
_callnewh
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_lock
_wcsnicmp
_unlock
qsort
_XcptFilter
_vsnwprintf
wcstok
_onexit
_wcsicmp
memset
memcpy
_purecall
wcscpy_s
_amsg_exit
memcmp
realloc
_CxxThrowException
wcscat_s
malloc
_initterm
__dllonexit
free
__C_specific_handler
__CxxFrameHandler4
?terminate@@YAXXZ
wcscmp

rpcrt4

RpcAsyncInitializeHandle
RpcAsyncCancelCall
RpcAsyncCompleteCall
RpcStringFreeW
UuidToStringW
RpcEpResolveBinding
RpcStringBindingComposeW
UuidCreate
RpcBindingSetOption
RpcBindingFromStringBindingW
RpcBindingFree
NdrStubCall3
IUnknown_QueryInterface_Proxy
NdrOleAllocate
IUnknown_Release_Proxy
NdrOleFree
IUnknown_AddRef_Proxy
NdrStubForwardingFunction
NdrDllCanUnloadNow
RpcExceptionFilter
NdrDllGetClassObject
NdrDllRegisterProxy
NdrDllUnregisterProxy
Ndr64AsyncClientCall
NdrClientCall3
RpcBindingSetAuthInfoExW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
ReleaseSemaphore
OpenSemaphoreW
WaitForSingleObjectEx
TryAcquireSRWLockExclusive
CreateMutexExW
InitializeCriticalSectionEx
EnterCriticalSection
AcquireSRWLockShared
WaitForSingleObject
SetEvent
InitializeSRWLock
DeleteCriticalSection
CreateSemaphoreExW
ReleaseMutex
ReleaseSRWLockExclusive
InitializeCriticalSection
AcquireSRWLockExclusive
CreateEventW
LeaveCriticalSection

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleFileNameW
FindResourceExW
FreeLibrary
GetProcAddress
LoadResource
LoadLibraryExW
SizeofResource
GetModuleHandleExW

api-ms-win-core-string-l2-1-0

CharNextW
CharPrevW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegRestoreKeyW
RegSaveKeyExW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegOpenCurrentUser
RegDeleteValueW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcpynW

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect
VirtualAlloc

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount64
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW
MultiByteToWideChar

ntdll

EtwEventWrite
RtlIpv6AddressToStringW
RtlNtStatusToDosError
RtlCapabilityCheck
RtlInitUnicodeString
RtlGetCurrentServiceSessionId
RtlIpv4AddressToStringW
RtlIpv4StringToAddressW
EtwTraceMessage
EtwEventUnregister
EtwEventRegister
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
RtlIpv6StringToAddressW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree
HeapDestroy

api-ms-win-security-base-l1-1-0

AccessCheck
GetTokenInformation
RevertToSelf
IsValidSid
DuplicateTokenEx
CheckTokenMembership
CreateWellKnownSid
GetLengthSid

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-localization-l1-2-0

GetThreadUILanguage
GetSystemDefaultLangID
FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
OpenProcessToken
GetCurrentThreadId
TerminateProcess
OpenThreadToken
GetCurrentProcessId
SetThreadToken
GetCurrentProcess

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForThreadpoolWaitCallbacks
CreateThreadpoolTimer
SetThreadpoolWait
CreateThreadpoolWait
SetThreadpoolWaitEx
CloseThreadpoolWait
SetThreadpoolTimer

api-ms-win-security-base-l1-2-0

CheckTokenCapability

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
FWAddAuthenticationSet
FWAddConnectionSecurityRule
FWAddCryptoSet
FWAddDynamicKeywordAddress0
FWAddDynamicKeywordAddress_Int
FWAddFirewallRule
FWAddHyperVRule0
FWAddHyperVRule1
FWAddMainModeRule
FWAddSecurityRealm
FWChangeNotificationCreate
FWChangeNotificationDestroy
FWChangeTransactionalState
FWClosePolicyStore
FWCopyAuthenticationSet
FWCopyConnectionSecurityRule
FWCopyCryptoSet
FWCopyFirewallRule
FWCreateHyperVPort0
FWCreateHyperVPort1
FWDeleteAllAuthenticationSets
FWDeleteAllConnectionSecurityRules
FWDeleteAllCryptoSets
FWDeleteAllFirewallRules
FWDeleteAllMainModeRules
FWDeleteAuthenticationSet
FWDeleteConnectionSecurityRule
FWDeleteCryptoSet
FWDeleteDynamicKeywordAddress0
FWDeleteDynamicKeywordAddress_Int
FWDeleteFirewallRule
FWDeleteHyperVPort0
FWDeleteHyperVRule0
FWDeleteMainModeRule
FWDeletePhase1SAs
FWDeletePhase2SAs
FWDeleteSecurityRealm
FWDiagGetAppList
FWEnumAdapters
FWEnumAuthenticationSets
FWEnumConnectionSecurityRules
FWEnumCryptoSets
FWEnumDynamicKeywordAddressById0
FWEnumDynamicKeywordAddressesByType0
FWEnumDynamicKeywordAddresses_Int
FWEnumFirewallRules
FWEnumHyperVPorts0
FWEnumHyperVPorts1
FWEnumHyperVRules0
FWEnumHyperVRules1
FWEnumHyperVVMCreators0
FWEnumMainModeRules
FWEnumNetworks
FWEnumPhase1SAs
FWEnumPhase2SAs
FWEnumProducts
FWExportPolicy
FWFreeAdapters
FWFreeAuthenticationSet
FWFreeAuthenticationSets
FWFreeAuthenticationSetsByHandle
FWFreeConnectionSecurityRule
FWFreeConnectionSecurityRules
FWFreeConnectionSecurityRulesByHandle
FWFreeCryptoSet
FWFreeCryptoSets
FWFreeCryptoSetsByHandle
FWFreeDiagAppList
FWFreeDynamicKeywordAddressData0
FWFreeFirewallRule
FWFreeFirewallRules
FWFreeFirewallRulesByHandle
FWFreeFirewallRulesOld
FWFreeHyperVPorts0
FWFreeHyperVPorts1
FWFreeHyperVRules0
FWFreeHyperVRules1
FWFreeHyperVVMCreators0
FWFreeMainModeRule
FWFreeMainModeRules
FWFreeMainModeRulesByHandle
FWFreeNetworks
FWFreePhase1SAs
FWFreePhase2SAs
FWFreeProducts
FWGetConfig
FWGetConfig2
FWGetGlobalConfig
FWGetGlobalConfig2
FWGetGlobalConfig3
FWGetHyperVProfileConfig0
FWGetHyperVVMConfig0
FWGetIndicatedPortInUse
FWImportPolicy
FWIndicatePortInUse
FWIndicateProxyForUrl
FWIndicateProxyResolverRefresh
FWIndicateTupleInUse
FWIndicateTupleInUse2
FWIsTargetAProxy
FWOpenPolicyStore
FWQueryAuthenticationSets
FWQueryConnectionSecurityRules
FWQueryCryptoSets
FWQueryFirewallRules
FWQueryIsolationType
FWQueryMainModeRules
FWRefreshHyperVPorts0
FWRegisterHyperVVMCreator0
FWRegisterProduct
FWResetIndicatedPortInUse
FWResetIndicatedTupleInUse
FWRestoreDefaults
FWRestoreGPODefaults
FWRevertTransaction
FWRuleDuplicateStatusByRuleID
FWSelectConSecRule
FWSetAuthenticationSet
FWSetConfig
FWSetConnectionSecurityRule
FWSetCryptoSet
FWSetFirewallRule
FWSetGlobalConfig
FWSetGlobalConfig2
FWSetHyperVPort0
FWSetHyperVPort1
FWSetHyperVProfileConfig0
FWSetHyperVRule0
FWSetHyperVRule1
FWSetHyperVVMConfig0
FWSetMainModeRule
FWStatusMessageFromStatusCode
FWUnregisterHyperVVMCreator0
FWUnregisterProduct
FWUpdateDynamicKeywordAddress0
FWUpdateDynamicKeywordAddress_Int
FWVerifyAuthenticationSet
FWVerifyAuthenticationSetQuery
FWVerifyConnectionSecurityRule
FWVerifyConnectionSecurityRuleQuery
FWVerifyCryptoSet
FWVerifyCryptoSetQuery
FWVerifyFirewallRule
FWVerifyFirewallRuleQuery
FWVerifyMainModeRule
FWVerifyMainModeRuleQuery
FwActivate
FwAlloc
FwAllocCheckSize
FwAllowedProgramsAdd
FwAllowedProgramsDelete
FwAnalyzeFirewallPolicy
FwAnalyzeFirewallPolicyOnProfile
FwApiHelperFree
FwApiHelperInit
FwBstrToIcmp
FwBstrToInterfaceTypes
FwBstrToPorts
FwConvertIPv6SubNetToRange
FwCopyAuthSet
FwCopyMainModeRule
FwCopyWFAddressesContents
FwEmptyWFAddresses
FwFree
FwFreeAddresses
FwFreePorts
FwGetAddressesAsString
FwGetCurrentProfile
FwGetVersionField
FwIcmpSettingsEnum
FwIcmpSettingsSet
FwIcmpToBstr
FwInterfaceTypesToBstr
FwIsGroupPolicyEnforced
FwIsRemoteManagementEnabled
FwLogSettingsSet
FwMergeAddresses
FwMulticastBroadcastResponsesEnum
FwMulticastBroadcastResponsesSet
FwNotificationsEnum
FwNotificationsSet
FwOpModesEnum
FwOpModesSet
FwPortOpeningsAdd
FwPortOpeningsDelete
FwProfileTypeCurrentGet
FwProfileTypeGet
FwRestoreDefaults
FwServicesEnum
FwServicesSet
FwStringToAddresses
FwStringToPorts
GetDisabledInterfaces
IcfAddrChangeNotificationCreate
IcfChangeNotificationCreate
IcfChangeNotificationDestroy
IcfConnect
IcfDisconnect
IcfFreeDynamicFwPorts
IcfFreeProfile
IcfFreeTickets
IcfGetCurrentProfileType
IcfGetDynamicFwPorts
IcfGetOperationalMode
IcfGetProfile
IcfGetTickets
IcfIsPortAllowed
IcfOpenDynamicFwPortWithoutSocket
IcfSubNetsGetScope
IsFirewallInCoExistanceMode
IsPortOrICMPAllowed
NetworkIsolationAddAllowEnterpriseIdRule
NetworkIsolationCreateAllInterfacesContainer
NetworkIsolationCreateAppContainer
NetworkIsolationCreateAppContainerLoopbackRules
NetworkIsolationCreateContainer
NetworkIsolationCreateInterfaceContainer
NetworkIsolationDeleteAllInterfacesContainer
NetworkIsolationDeleteAllowEnterpriseIdRule
NetworkIsolationDeleteAppContainer
NetworkIsolationDeleteAppContainerLoopbackRules
NetworkIsolationDeleteContainer
NetworkIsolationDeleteInterfaceContainer
NetworkIsolationDeleteUserAppContainers
NetworkIsolationDiagnoseConnectFailure
NetworkIsolationDiagnoseConnectFailureAndGetInfo
NetworkIsolationDiagnoseListen
NetworkIsolationDiagnoseSocketCreation
NetworkIsolationEnumAppContainers
NetworkIsolationEnumerateAppContainerRules
NetworkIsolationFreeAppContainers
NetworkIsolationGetAppContainer
NetworkIsolationGetAppContainerConfig
NetworkIsolationGetEnterpriseId
NetworkIsolationGetEnterpriseIdAsync
NetworkIsolationGetEnterpriseIdClose
NetworkIsolationRegisterForAppContainerChanges
NetworkIsolationSetAppContainerConfig
NetworkIsolationSetupAppContainerBinaries
NetworkIsolationUnregisterForAppContainerChanges

Sections

.text
Size: 376KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FlightSettings.dll
.dll windows:10 windows x64 arch:x64

b547a184c25cf8f85db201712c8b8049

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

64:5f:01:85:5f:32:50:85:e2:c0:82:a2:2a:56:df:b2:0e:18:2a:ca:7e:8e:6d:1d:19:eb:11:6c:b9:4c:78:65
Signer

Actual PE Digest

64:5f:01:85:5f:32:50:85:e2:c0:82:a2:2a:56:df:b2:0e:18:2a:ca:7e:8e:6d:1d:19:eb:11:6c:b9:4c:78:65

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FlightSettings.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__wcsicmp
memmove
_o__wcstoui64
_o__wcsupr
_o__wtoi
_o__wtol
_o_abort
_o_ceilf
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
_o_towlower
_o_wcstok_s
_o_wcstoul
_o_wctomb_s
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
wcsrchr
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o__crt_atexit
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
_o__configure_narrow_argv
wcsstr
strchr
wcschr

api-ms-win-crt-string-l1-1-0

wcsnlen
wcscmp
wcsncmp
memset

combase

GetErrorInfo
ord67
ord69
ord68
ord66
ord154
ord168
SetErrorInfo

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
LoadLibraryExW
GetModuleHandleExA
GetProcAddress
GetModuleFileNameW
GetModuleHandleW
FreeLibrary
FindStringOrdinal
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

TryEnterCriticalSection
InitializeSRWLock
ReleaseMutex
ReleaseSemaphore
CreateSemaphoreExW
WaitForSingleObjectEx
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockExclusive
OpenSemaphoreW
WaitForSingleObject
ReleaseSRWLockShared
InitializeCriticalSectionEx
SetEvent
CreateEventExW
CreateMutexExW
CreateMutexW
AcquireSRWLockShared
DeleteCriticalSection
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer
IsThreadpoolTimerSet

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
CreateProcessW
GetCurrentProcess
GetExitCodeProcess
GetCurrentThreadId
SetThreadToken
GetCurrentProcessId
OpenProcessToken
TerminateProcess
GetCurrentThread

api-ms-win-core-localization-l1-2-0

GetUserDefaultLocaleName
GetLocaleInfoW
GetSystemPreferredUILanguages
GetUserPreferredUILanguages
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventActivityIdControl
EventRegister
EventWriteTransfer

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep
InitOnceExecuteOnce

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-kernel32-legacy-l1-1-0

CopyFileW
UnregisterWait
MoveFileW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetComputerNameExW
GetSystemWindowsDirectoryW

ntdll

RtlUnsubscribeWnfNotificationWaitForCompletion
RtlNtStatusToDosError
RtlIsStateSeparationEnabled
NtQueryWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlIsMultiUsersInSessionSku
RtlSubscribeWnfStateChangeNotification
RtlConvertDeviceFamilyInfoToString
NtQueryLicenseValue
RtlGetVersion
NtQuerySystemInformation
EtwTraceMessage
NtQueryInformationToken
RtlPublishWnfStateData

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyExW
RegGetValueW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

OpenProcess
GetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-string-l2-1-0

CharLowerBuffW
CharUpperBuffW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
AdjustTokenPrivileges
DuplicateToken
CreateWellKnownSid
GetTokenInformation
IsValidSid
GetLengthSid
CopySid
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
RevertToSelf
DuplicateTokenEx

api-ms-win-core-file-l1-1-0

DefineDosDeviceW
RemoveDirectoryW
SetFileInformationByHandle
FlushFileBuffers
CreateFileA
WriteFile
SetFileAttributesW
SetFilePointer
CreateDirectoryW
DeleteFileW
CreateFileW
GetFileSizeEx
ReadFile
GetFileAttributesW
GetFullPathNameW
FindClose
FindNextFileW
FindFirstFileW
QueryDosDeviceW

api-ms-win-core-url-l1-1-0

UrlEscapeW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathFindFileNameW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrNIW

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW
GetPersistedRegistryValueW

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx

msvcp_win

??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
_Wcscoll
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
??1_Lockit@std@@QEAA@XZ
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
_Wcsxfrm
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?id@?$ctype@G@std@@2V0locale@2@A
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?id@?$collate@G@std@@2V0locale@2@A
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?_Xbad_alloc@std@@YAXXZ
?tolower@?$ctype@G@std@@QEBAGG@Z

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchSkipRoot

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-datetime-l1-1-1

GetTimeFormatEx
GetDateFormatEx

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 716KB - Virtual size: 715KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FrameServer.dll
.dll windows:10 windows x64 arch:x64

fb48f74b2eaae5379178fb03a508cf41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FrameServer.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__ltoa_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__ultoa_s
_o__wcsicmp
_o__wcslwr
_o__wcslwr_s
_o__wcsnicmp
_o__wcsupr_s
memmove
_o__invalid_parameter_noinfo
_o_free
_o_malloc
_o_memcpy_s
_o_qsort
_o_realloc
_o_sqrt
_o_strncpy_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstol
__C_specific_handler
__CxxFrameHandler3
_o__configure_narrow_argv
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__i64toa_s
_o___stdio_common_vsprintf
_o___std_type_info_destroy_list
_o__cexit
_o__callnewh
_o__execute_onexit_table
_o__errno
_o__gcvt_s
_o__crt_atexit
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp

mfsensorgroup

MFCreateSensorProfileCollection
MFCreateSensorGroupById
MFCheckProcessCapabilities
MFCloneSensorProfile
MFCreateSensorProfileWithFlags
MFCreateSensorGroup
MFGetSensorOrientation
MFCreateTranslatedMediaType3
MFCreatePassthroughTranslatedMediaType
MFCreateSensorGroupWithOptions
MFIsStreamAvailableToAppPackage
MFCreateSensorGroupIdManager
MFCreateSensorStream
MFGetSensorGroupAttributesFromId
MFDeleteSensorGroupById

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableFlags
UnregisterTraceGuids
TraceMessage
GetTraceEnableLevel

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameW
LoadLibraryExW
AddDllDirectory
LoadStringW
FreeLibrary
RemoveDllDirectory

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

CreateMutexW
TryEnterCriticalSection
OpenSemaphoreW
DeleteCriticalSection
WaitForSingleObjectEx
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseMutex
ReleaseSemaphore
EnterCriticalSection
SetEvent
CreateSemaphoreExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
OpenMutexW
CreateEventW
ReleaseSRWLockShared
InitializeCriticalSection
CreateMutexExW
AcquireSRWLockShared
InitializeSRWLock
WaitForSingleObject
OpenEventW
CreateEventExW
ResetEvent

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
OpenProcessToken
OpenThreadToken
TerminateProcess
GetPriorityClass
GetThreadPriority
GetCurrentThread
SetThreadPriority
GetCurrentProcess
SetPriorityClass
TlsSetValue
TlsGetValue

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegSetValueExW
RegCloseKey
RegGetValueW
RegOpenKeyExW
RegDeleteKeyExW
RegCreateKeyExW
RegQueryValueExW
RegEnumKeyExW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-com-l1-1-0

CoTaskMemFree
PropVariantCopy
CoCreateGuid
CoCreateInstance
CoSetProxyBlanket
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
PropVariantClear
StringFromGUID2
StringFromCLSID
CLSIDFromString
IIDFromString

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

rpcrt4

RpcServerInqCallAttributesW
RpcStringBindingParseW
NdrServerCallAll
NdrServerCall2
RpcBindingToStringBindingW
RpcStringFreeW
RpcBindingFree
RpcRevertToSelfEx
UuidCreate
RpcImpersonateClient
RpcEpUnregister
RpcEpRegisterW
RpcServerRegisterIf3
RpcServerRegisterAuthInfoW
RpcServerInqDefaultPrincNameW
RpcServerInqBindings
RpcServerUseProtseqW
RpcServerUseProtseqEpW
RpcBindingVectorFree
RpcServerUnregisterIfEx
RpcServerInqBindingHandle

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-security-base-l1-1-0

CreateWellKnownSid
CheckTokenMembership
AllocateAndInitializeSid
FreeSid
EqualSid
GetTokenInformation
ImpersonateLoggedOnUser
RevertToSelf

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification
PowerSettingUnregisterNotification

api-ms-win-power-base-l1-1-0

PowerRegisterSuspendResumeNotification
PowerUnregisterSuspendResumeNotification

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-synch-l1-2-0

WaitOnAddress
Sleep
WakeByAddressAll

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteStringBuffer
WindowsPromoteStringBuffer
WindowsPreallocateStringBuffer
WindowsCreateStringReference
WindowsCompareStringOrdinal
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsDeleteString
WindowsDuplicateString
WindowsCreateString

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateErrorW
RoOriginateError

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_PropertyW
CM_MapCrToWin32Err
CM_Set_Device_Interface_PropertyW
CM_Locate_DevNodeW
CM_Get_DevNode_PropertyW
CM_Open_Device_Interface_KeyW
CM_Get_DevNode_Status
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW
CM_Enable_DevNode
CM_Disable_DevNode

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-file-l1-1-0

GetFinalPathNameByHandleW
CreateFileW
FileTimeToLocalFileTime
GetFileTime

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
OpenFileMappingW

bcrypt

BCryptCreateHash
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptHashData
BCryptGetProperty

crypt32

CryptProtectData
CryptUnprotectData

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

api-ms-win-core-winrt-propertysetprivate-l1-1-1

RoCreatePropertySetSerializer

ntdll

NtQueryInformationProcess
RtlStringFromGUIDEx
NtCreateFile
RtlReleaseSRWLockExclusive
NtClose
RtlAcquireSRWLockExclusive
RtlWakeAllConditionVariable
RtlSleepConditionVariableSRW
memmove_s
wcsstr
wcsncmp
wcschr
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlPublishWnfStateData
NtCreateCrossVmEvent
NtCreateCrossVmMutant
NtAcquireCrossVmMutant
NtReleaseMutant
RtlAppendUnicodeStringToString
RtlFreeUnicodeString
RtlAppendUnicodeToString
NtCreateSection
strnlen

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureUsage
GetFeatureEnabledState
SubscribeFeatureStateChangeNotification
UnsubscribeFeatureStateChangeNotification

api-ms-win-rtcore-ntuser-powermanagement-l1-1-0

UnregisterPowerSettingNotification

cfgmgr32

CM_Get_Device_Interface_AliasW

mf

MFEnumDeviceSources
MFCreateDeviceSource

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFamilyName
GetCurrentPackageFamilyName

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-apiquery-l2-1-0

IsApiSetImplemented

propsys

PropVariantCompareEx

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FrameServerClient.dll
.dll regsvr32 windows:10 windows x64 arch:x64

1559b8333bebe80b7f868b0c89885035

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FrameServerClient.pdb

Imports

mfsensorgroup

MFIsSensorGroupName
MFCreateSensorGroup

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__i64toa_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__ltoa_s
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
_o__ultoa_s
_o__wcslwr
_o_free
_o_malloc
_o_memcpy_s
_o_qsort
_o_strncpy_s
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
__CxxFrameHandler3
_o__gcvt_s
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___std_type_info_destroy_list
__C_specific_handler
memcmp
memcpy
memmove

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
FindResourceExW
GetModuleFileNameA
DisableThreadLibraryCalls
GetProcAddress
LoadResource
SizeofResource
GetModuleHandleW
GetModuleHandleExW
FreeLibrary
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
OpenMutexW
CreateMutexW
OpenEventW
CreateEventW
AcquireSRWLockExclusive
WaitForSingleObjectEx
DeleteCriticalSection
OpenSemaphoreW
CreateEventExW
SetEvent
ReleaseSRWLockShared
CreateMutexExW
InitializeSRWLock
CreateSemaphoreExW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
ResetEvent
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
TlsGetValue
GetCurrentProcess
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle
CompareObjectHandles

oleaut32

VarUI4FromStr

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
TraceMessage
GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoTaskMemRealloc
StringFromCLSID
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
PropVariantCopy
PropVariantClear
StringFromIID

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetSystemInfo

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_PropertyW
CM_Get_Device_Interface_List_SizeW
CM_Open_Device_Interface_KeyW
CM_Set_Device_Interface_PropertyW
CM_MapCrToWin32Err

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

rpcrt4

NdrClientCall3
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcEpResolveBinding
UuidCreate
RpcBindingSetAuthInfoExW
RpcBindingFree
RpcStringFreeW
I_RpcExceptionFilter
RpcBindingBind
RpcBindingCreateW
RpcMgmtInqServerPrincNameW

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-io-l1-1-0

DeviceIoControl

bcrypt

BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptDestroyHash
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptHashData
BCryptCreateHash

api-ms-win-security-base-l1-1-0

EqualSid
CheckTokenMembership
GetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

crypt32

CryptUnprotectData
CryptProtectData

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
MapViewOfFile

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification
GetFeatureEnabledState

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

ntdll

NtCreateSection
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlFreeUnicodeString
NtClose
RtlStringFromGUIDEx
strnlen
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlWakeAllConditionVariable
RtlSleepConditionVariableSRW
RtlConvertHostPerfCounterToPerfCounter
NtCreateFile
NtAcquireCrossVmMutant
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
NtQueryInformationProcess
NtCreateCrossVmEvent
NtCreateCrossVmMutant
NtReleaseMutant

cfgmgr32

CM_Get_Device_Interface_AliasW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-mm-time-l1-1-0

timeEndPeriod
timeBeginPeriod

api-ms-win-appmodel-runtime-l1-1-0

GetCurrentPackageFamilyName

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 492KB - Virtual size: 488KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FrameServerMonitor.dll
.dll windows:10 windows x64 arch:x64

3aa6d04088ba868569ad241582cf943c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FrameServerMonitor.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__ltoa_s
_o__register_onexit_function
_o__seh_filter_dll
_o__wcslwr
_o__wcslwr_s
_o__wcsnicmp
memmove
_o_free
_o_malloc
_o_qsort
_o_strncpy_s
_o_wcsncpy_s
__C_specific_handler
_o__cexit
_o__callnewh
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___std_type_info_destroy_list
_o__crt_atexit
_o__configure_narrow_argv
memcmp
memcpy
__CxxFrameHandler3

api-ms-win-crt-string-l1-1-0

memset
strnlen

mfsensorgroup

MFCloneSensorProfile
MFCreateSensorGroupWithOptions
MFWriteSensorGroupDataToRegistry
MFGenerateAndPublishCameraTelemetry
MFGetSGCH
MFCreateSensorDeviceBlobByObject
MFCreateSensorGroupById
MFCreateSensorGroup
MFGetSensorDeviceProperty
MFGetSensorDeviceRegistryProperty
MFCleanupVirtualCameraEntries
MFInitializeSensorGroupStore
MFCreateSensorGroupIdManager
MFGetSensorGroupAttributesFromId
MFCreateSensorProfileCollection

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-security-logon-l1-1-1

LogonUserW

api-ms-win-core-kernel32-legacy-l1-1-0

LoadLibraryW
RaiseFailFastException

ntdll

RtlPublishWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlSubscribeWnfStateChangeNotification
wcsstr
NtQueryInformationProcess
wcsrchr

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleHandleExW
DisableThreadLibraryCalls
GetModuleFileNameA
FreeLibrary
LoadLibraryExW
LoadStringW

api-ms-win-core-synch-l1-1-0

SetEvent
CreateEventExW
ReleaseMutex
CreateSemaphoreExW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReleaseSRWLockExclusive
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSemaphore
CreateMutexExW
OpenSemaphoreW
WaitForSingleObject

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetThreadPriority
OpenThreadToken
TerminateProcess
SetThreadPriority
SetPriorityClass
GetCurrentProcess
GetPriorityClass
GetCurrentProcessId
TlsSetValue
GetCurrentThread
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegSetValueExW
RegGetValueW
RegDeleteValueW
RegCloseKey
RegDeleteKeyExW
RegCreateKeyExW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-heap-l2-1-0

LocalFree

rpcrt4

RpcServerInqBindingHandle
RpcImpersonateClient
RpcRevertToSelfEx
RpcEpUnregister
RpcServerUnregisterIfEx
RpcServerUseProtseqEpW
RpcServerUseProtseqW
RpcServerInqBindings
RpcServerInqDefaultPrincNameW
RpcServerRegisterAuthInfoW
RpcServerRegisterIf3
RpcEpRegisterW
I_RpcBindingInqLocalClientPID
RpcServerInqCallAttributesW
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcRevertToSelf
RpcStringFreeW
RpcBindingFree
RpcBindingVectorFree
NdrServerCall2
NdrServerCallAll

api-ms-win-security-base-l1-1-0

GetTokenInformation
RevertToSelf
AllocateAndInitializeSid
FreeSid
GetSecurityDescriptorControl
CheckTokenMembership
CreateWellKnownSid
ImpersonateLoggedOnUser
GetLengthSid

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-devices-config-l1-1-1

CM_Get_DevNode_Status
CM_Set_Device_Interface_PropertyW
CM_Unregister_Notification
CM_Open_Device_Interface_KeyW
CM_Query_And_Remove_SubTreeW
CM_Uninstall_DevNode
CM_Disable_DevNode
CM_MapCrToWin32Err
CM_Register_Notification
CM_Get_DevNode_PropertyW
CM_Locate_DevNodeW
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_PropertyW
CM_Enable_DevNode

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
IIDFromString
CLSIDFromString
CoCreateInstance
CoTaskMemFree
PropVariantClear
CoSetProxyBlanket
StringFromIID

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification
PowerSettingUnregisterNotification

api-ms-win-power-base-l1-1-0

PowerRegisterSuspendResumeNotification
PowerUnregisterSuspendResumeNotification

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateString

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime
CreateFileW

api-ms-win-devices-swdevice-l1-1-0

SwDeviceCreate
SwDeviceClose
SwMemFree
SwDeviceInterfaceRegister
SwDeviceInterfaceSetState
SwDeviceInterfacePropertySet

api-ms-win-devices-swdevice-l1-1-1

SwDeviceSetLifetime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification
GetFeatureEnabledState
SubscribeFeatureStateChangeNotification

cfgmgr32

CM_Get_Device_Interface_AliasW

mf

MFCreateDeviceSourceActivate

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-synch-l1-2-0

Sleep

crypt32

CryptUnprotectData
CryptProtectData

bcrypt

BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptDestroyHash
BCryptHashData
BCryptCreateHash

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-apiquery-l2-1-0

IsApiSetImplemented

api-ms-win-appmodel-runtime-l1-1-0

GetCurrentPackageFamilyName
GetPackageFamilyName

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 256KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FrameServerMonitorClient.dll
.dll regsvr32 windows:10 windows x64 arch:x64

1e2cfc6aa89f24d9efd0a6d8884e9732

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FrameServerMonitorClient.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcslwr
_o__wcslwr_s
_o__wtol
_o_free
_o_malloc
_o_qsort
_o_strncpy_s
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
__CxxFrameHandler3
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___std_type_info_destroy_list
__C_specific_handler
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameA
LoadStringW
DisableThreadLibraryCalls
FreeLibrary
GetModuleFileNameW
LoadLibraryExW
LoadResource
SizeofResource
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
CreateMutexExW
WaitForSingleObject
SetEvent
CreateEventExW
ReleaseMutex
AcquireSRWLockExclusive
OpenSemaphoreW
ReleaseSRWLockExclusive
ReleaseSemaphore
DeleteCriticalSection
InitializeCriticalSection
CreateSemaphoreExW
EnterCriticalSection
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
RaiseException
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TlsSetValue
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

oleaut32

VarUI4FromStr

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids

api-ms-win-core-com-l1-1-0

PropVariantClear
CLSIDFromString
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoCreateInstance
CoCreateGuid
CoTaskMemAlloc
CoTaskMemRealloc
CoWaitForMultipleHandles
StringFromGUID2

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-file-l1-1-0

GetFinalPathNameByHandleW
CreateFileW

api-ms-win-core-heap-l2-1-0

LocalFree

rpcrt4

RpcStringFreeW
RpcBindingCreateW
RpcBindingBind
I_RpcExceptionFilter
NdrClientCall3
UuidCreate
RpcBindingFree
RpcBindingSetAuthInfoExW
RpcMgmtInqServerPrincNameW
RpcEpResolveBinding
RpcBindingFromStringBindingW
RpcStringBindingComposeW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-featurestaging-l1-1-0

GetFeatureEnabledState
SubscribeFeatureStateChangeNotification
RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_List_SizeW
CM_MapCrToWin32Err
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_PropertyW
CM_Set_Device_Interface_PropertyW

api-ms-win-security-base-l1-1-0

FreeSid
EqualSid
CheckTokenMembership
CreateWellKnownSid
GetTokenInformation
AllocateAndInitializeSid

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateString

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-appmodel-runtime-l1-1-2

AppPolicyGetLifecycleManagement

ntdll

NtQueryInformationProcess
strnlen

mfsensorgroup

MFCreateSensorDeviceBlobByObject

bcrypt

BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCreateHash
BCryptHashData
BCryptCloseAlgorithmProvider
BCryptFinishHash

crypt32

CryptUnprotectData
CryptProtectData

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

cfgmgr32

CM_Get_Device_Interface_AliasW

api-ms-win-appmodel-runtime-l1-1-0

GetCurrentPackageFamilyName

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FsIso.exe
.exe windows:10 windows x64 arch:x64

ae3f6ea4a75c2c488f0816f6b35bb5d0

Code Sign

33:00:00:04:5b:f6:31:bc:00:f4:fc:37:45:00:00:00:00:04:5b
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 18:20

Not After

04/09/2024, 18:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9e:72:a4:e2:6e:5c:ff:40:33:45:d1:51:d6:38:16:3d:5c:28:2c:ff:55:9b:92:0d:82:6c:dc:ce:c6:34:98:f2
Signer

Actual PE Digest

9e:72:a4:e2:6e:5c:ff:40:33:45:d1:51:d6:38:16:3d:5c:28:2c:ff:55:9b:92:0d:82:6c:dc:ce:c6:34:98:f2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

FsIso.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_calloc
_o_ceil
_o_exit
_o_free
_o_malloc
_o_terminate
__current_exception
__current_exception_context
__std_terminate
_o___stdio_common_vsnprintf_s
_o___p__commode
_o___p___wargv
_o___p___argc
__CxxFrameHandler4
__C_specific_handler
memcpy
memcmp

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-synch-l1-1-0

CreateEventW
SetEvent
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObject

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

rpcrt4

RpcMgmtStopServerListening
NdrServerCall2
RpcServerUseProtseqEpW
RpcServerRegisterIf
RpcServerListen
RpcServerUnregisterIf
NdrServerCallAll

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

iumsdk

CreateSecureSection
OpenSecureSection

Exports

Exports

__ImagePolicyMetadata

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tPolicy
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GameInputInbox.dll
.dll windows:10 windows x64 arch:x64

a1e885a08458a2db77c2a47eeff13da8

Code Sign

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3a:aa:77:b2:e4:a0:da:48:b0:0e:64:ca:bf:f2:f2:9b:04:4c:a5:5a:5a:56:80:55:21:2b:06:47:8d:da:a5:79
Signer

Actual PE Digest

3a:aa:77:b2:e4:a0:da:48:b0:0e:64:ca:bf:f2:f2:9b:04:4c:a5:5a:5a:56:80:55:21:2b:06:47:8d:da:a5:79

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

GameInputInbox.pdb

Imports

ntdll

NtCreateWaitCompletionPacket
NtAlpcDeleteSectionView
NtCancelWaitCompletionPacket
NtAlpcAcceptConnectPort
NtAlpcDeletePortSection
NtAlpcCreatePort
NtTerminateProcess
NtAlpcConnectPort
NtAlpcDisconnectPort
wcstoul
_wcslwr_s
NtAlpcSendWaitReceivePort
NtDelayExecution
NtAlpcCreateSectionView
NtUpdateWnfStateData
NtWaitForSingleObject
__chkstk
memcmp
EtwEventWrite
wcscpy_s
swprintf_s
wcsnlen
LdrResSearchResource
memcpy
NtAlpcCancelMessage
RtlNotifyFeatureUsage
EtwEventRegister
memmove
RtlPublishWnfStateData
EtwEventUnregister
RtlQueryFeatureConfiguration
memset
RtlUnhandledExceptionFilter
RtlFreeHeap
RtlGetDeviceFamilyInfoEnum
RtlGetVersion
NtAlertThread
_wcstoui64
NtQueryLicenseValue
NtAssociateWaitCompletionPacket
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlAllocateHeap
NtQuerySystemInformation
NtAlpcCreatePortSection
RtlCaptureContext
RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
EtwEventWriteTransfer
wcscmp

ntoskrnl.exe

wcsspn
wcsncpy
towlower
RtlGUIDFromString
RtlInitUnicodeString
_wcsicmp
wcsncmp

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
CreateEventW
EnterCriticalSection
ReleaseSRWLockShared
WaitForSingleObject
AcquireSRWLockExclusive
OpenEventW
SetEvent
ReleaseSRWLockExclusive
InitializeCriticalSection
InitializeCriticalSectionEx
ResetEvent
LeaveCriticalSection
TryAcquireSRWLockExclusive
AcquireSRWLockShared

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
QueueUserAPC
GetThreadId
GetCurrentProcessId
GetCurrentThreadId
SuspendThread
ResumeThread
GetCurrentProcess
CreateThread
GetCurrentThread

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateFileW
WriteFile

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle
SetHandleInformation

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount64

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError

api-ms-win-security-base-l1-1-0

IsWellKnownSid
CopySid
AllocateAndInitializeSid
GetLengthSid
GetTokenInformation
IsValidSid

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
FreeLibrary

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW

api-ms-win-core-io-l1-1-0

CancelIoEx
DeviceIoControl
GetQueuedCompletionStatus
CreateIoCompletionPort

api-ms-win-core-com-l1-1-0

CoCreateInstance
CLSIDFromString

api-ms-win-core-debug-l1-1-0

OutputDebugStringW

api-ms-win-core-memory-l1-1-0

VirtualProtect

api-ms-win-core-namespace-l1-1-0

ClosePrivateNamespace
AddSIDToBoundaryDescriptor
DeleteBoundaryDescriptor
OpenPrivateNamespaceW
CreatePrivateNamespaceW
CreateBoundaryDescriptorW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

bcrypt

BCryptCloseAlgorithmProvider
BCryptHashData
BCryptCreateHash
BCryptFinishHash
BCryptGenRandom
BCryptDestroyHash
BCryptOpenAlgorithmProvider

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-mm-time-l1-1-0

timeEndPeriod
timeBeginPeriod

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GameInputCreate

Sections

.text
Size: 300KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sinit
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GameInputSvc.exe
.exe windows:10 windows x64 arch:x64

a503a0ba0419880f4f04cd095e200de4

Code Sign

33:00:00:05:56:c9:20:2b:1f:74:32:5d:2d:00:00:00:00:05:56
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0b:1e:20:4b:a0:a8:73:13:46:54:b0:a2:09:2b:d7:12:b8:61:51:36:cf:d1:a5:f9:88:14:87:02:9d:e0:a5
Signer

Actual PE Digest

6a:0b:1e:20:4b:a0:a8:73:13:46:54:b0:a2:09:2b:d7:12:b8:61:51:36:cf:d1:a5:f9:88:14:87:02:9d:e0:a5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

GameInputSvc.pdb

Imports

ntdll

swprintf_s
RtlInitUnicodeString
towlower
RtlQueryFeatureConfiguration
LdrResSearchResource
RtlNotifyFeatureUsage
RtlAllocateHeap
RtlGetVersion
EtwEventWriteTransfer
RtlFreeHeap
EtwEventUnregister
RtlUnhandledExceptionFilter
RtlVirtualUnwind
NtQueryLicenseValue
RtlLookupFunctionEntry
RtlCaptureContext
NtTerminateProcess
_wcsicmp
RtlAdjustPrivilege
_wcsnicmp
wcscpy_s
VerSetConditionMask
EtwEventRegister
memset

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
OpenEventW
WaitForSingleObject
SetEvent
DeleteCriticalSection
CreateEventW
EnterCriticalSection
LeaveCriticalSection

api-ms-win-core-errorhandling-l1-1-0

GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-file-l1-1-0

CreateFileW
SetFileAttributesW
GetTempFileNameW
GetVolumePathNameW
GetFullPathNameW
GetFileAttributesW
DeleteFileW

api-ms-win-core-file-l2-1-0

MoveFileExW
CopyFileExW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleFileNameW

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount64

api-ms-win-core-wow64-l1-1-1

GetSystemWow64DirectoryW

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
TerminateProcess
CreateProcessAsUserW
GetStartupInfoW
CreateThread
GetCurrentProcess
GetExitCodeProcess

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorSacl
GetSecurityDescriptorGroup
SetTokenInformation
GetSecurityDescriptorDacl
DuplicateTokenEx
AdjustTokenPrivileges
GetSecurityDescriptorOwner

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId
MoveFileW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW
SetNamedSecurityInfoW

ext-ms-win-session-wtsapi32-l1-1-0

WTSFreeMemory
WTSEnumerateSessionsW

crypt32

CertVerifyCertificateChainPolicy

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

wintrust

WTHelperGetProvSignerFromChain
WinVerifyTrust
WTHelperProvDataFromStateData

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sinit
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HoloSHExtensions.dll
.dll windows:10 windows x64 arch:x64

9fa738e58eeb328c3426a05743c5a4fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

HoloSHExtensions.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__errno
memmove
_o_free
_o_malloc
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleW
GetProcAddress

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseSemaphore
CreateEventExW
ReleaseMutex
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
OpenSemaphoreW
CreateSemaphoreExW
ReleaseSRWLockShared
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
InitializeSRWLock
WaitForSingleObjectEx
EnterCriticalSection
CreateEventW
WaitForMultipleObjectsEx
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceInitialize
InitOnceExecuteOnce
InitOnceComplete
Sleep

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsIsStringEmpty
WindowsDeleteString
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsDuplicateString

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegGetValueW
RegOpenKeyExW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-com-l1-1-0

CoMarshalInterThreadInterfaceInStream
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeEx
CoGetApartmentType
CoWaitForMultipleHandles
CoReleaseMarshalData
CoGetInterfaceAndReleaseStream
CoSetProxyBlanket
CoGetMalloc
CoTaskMemFree
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoUninitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlPublishWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlIsMultiSessionSku

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-rtcore-ntuser-window-l1-1-0

KillTimer
PeekMessageW
PostQuitMessage
TranslateMessage
DispatchMessageW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-ro-typeresolution-l1-1-1

RoCreatePropertySetSerializer

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_QueryService

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpIW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDStore.dll
.dll windows:10 windows x64 arch:x64

8cc0998b6d76df93d71965bd569246f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

IdStore.pdb

Imports

msvcrt

memmove
_XcptFilter
memcpy
__CxxFrameHandler3
_amsg_exit
free
_vsnprintf_s
??3@YAXPEAX@Z
_initterm
??0exception@@QEAA@AEBV0@@Z
?terminate@@YAXXZ
_lock
_CxxThrowException
??0exception@@QEAA@XZ
__dllonexit
??1exception@@UEAA@XZ
_purecall
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
_onexit
??1type_info@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
wcscpy_s
memcpy_s
_vsnwprintf
_wcsnicmp
_wcsicmp
??_V@YAXPEAX@Z
_callnewh
__C_specific_handler
_unlock
__CxxFrameHandler4
malloc
memset

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
GetProcAddress

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapReAlloc
GetProcessHeap
HeapFree

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
CreateMutexW
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
ReleaseMutex

api-ms-win-core-com-l1-1-0

IIDFromString
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
PropVariantClear

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-core-registry-l1-1-0

RegSetKeySecurity
RegEnumKeyExW
RegCopyTreeW
RegDeleteTreeW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegQueryInfoKeyW
RegCreateKeyExW
RegQueryValueExW

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
OpenProcessToken
GetCurrentThread
OpenThreadToken
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-string-l2-1-0

CharUpperBuffW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetTickCount
GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-security-base-l1-1-0

IsValidSid
EqualDomainSid
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
AddAccessAllowedAceEx
InitializeAcl
GetLengthSid
GetTokenInformation
CopySid

api-ms-win-core-namespace-l1-1-0

CreateBoundaryDescriptorW
ClosePrivateNamespace
CreatePrivateNamespaceW
DeleteBoundaryDescriptor
OpenPrivateNamespaceW
AddSIDToBoundaryDescriptor

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

ntdll

RtlInitializeSid
RtlFreeUnicodeString
RtlDuplicateUnicodeString
RtlEqualSid
RtlSubAuthoritySid
RtlSubAuthorityCountSid
RtlCopySid
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlFreeHeap
RtlCreateSecurityDescriptor
RtlNtStatusToDosError
RtlAllocateAndInitializeSid
RtlLengthSid
RtlEqualUnicodeString
RtlInitUnicodeString
EtwTraceMessage
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlSetDaclSecurityDescriptor
NtQueryInformationToken
RtlLengthRequiredSid
RtlInitString

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

bcrypt

BCryptDestroyHash
BCryptCreateHash
BCryptFinishHash
BCryptHashData

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IESettingSync.exe
.exe windows:10 windows x64 arch:x64

d4afe2bb98f5c7a053170c5fdb8c0e43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

IESettingSync.pdb

Imports

advapi32

EventUnregister
EventSetInformation
EventRegister
EventWriteEx
SetSecurityInfo
RegSetKeyValueW
GetSecurityInfo
GetNamedSecurityInfoW
OpenProcessToken
SetNamedSecurityInfoW

kernel32

GetProcAddress
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
GetSystemTimeAsFileTime
DebugBreak
IsDebuggerPresent
CreateThreadpoolTimer
DelayLoadFailureHook
ResolveDelayLoadedAPI
HeapReAlloc
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
HeapAlloc
WaitForSingleObjectEx
AcquireSRWLockExclusive
CloseThreadpoolTimer
OutputDebugStringW
ReleaseSRWLockExclusive
GetLastError
FormatMessageW
Sleep
CreateEventW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
GetModuleFileNameA
RaiseException
ReleaseSRWLockShared
OpenSemaphoreW
SetThreadpoolTimer
CloseHandle
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
CreateMutexW
LeaveCriticalSection
WaitForMultipleObjects
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
SetLastError
HeapFree
CreateSemaphoreExW

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
??0task_continuation_context@Concurrency@@AEAA@XZ
_Cnd_destroy_in_situ
_Cnd_broadcast
_Mtx_unlock
?_Xbad_function_call@std@@YAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
_Cnd_wait
?__ExceptionPtrCreate@@YAXPEAX@Z
_Cnd_init_in_situ
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Mtx_lock
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Mtx_init_in_situ

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm
_initterm_e
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_errno
_o__set_fmode
_o__set_new_mode
_o__wcsnicmp
_o_abort
_o_exit
_o_free
_o_iswalnum
_o_malloc
_o_pow
_o_realloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcstok_s
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o__exit
_o___std_exception_copy
_o__errno
_o___p__commode
_o__crt_atexit
_o__configure_narrow_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
__std_terminate
__CxxFrameHandler4
__std_type_info_compare
wcsrchr
wcschr
wcsstr
_o__wcsicmp
memcmp
memcpy
memmove

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

shlwapi

ord647
ord599
PathGetDriveNumberW
PathIsUNCW
PathStripPathW
PathFindFileNameW
PathRemoveFileSpecW
ord187
PathGetCharTypeW
UrlEscapeW
AssocGetPerceivedType
SHStrDupW
ord212
SHCreateStreamOnFileEx
SHRegGetValueW
ord219
ord568
ord213
ord12
ord184
ord214
SHOpenRegStream2W
PathRelativePathToW
ord600
PathFileExistsW

ntdll

RtlNtStatusToDosError
RtlMapGenericMask
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlNtStatusToDosErrorNoTeb
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateString
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize
RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo
RoTransformError

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
OpenThreadToken
TerminateProcess
CreateProcessW
GetCurrentProcess
GetStartupInfoW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchRemoveFileSpec
PathAllocCombine
PathAllocCanonicalize

api-ms-win-core-file-l1-1-0

CompareFileTime
SetFileAttributesW
DeleteFileW
FindFirstFileW
GetTempFileNameW
FindNextFileW
SetFileTime
GetFileAttributesExW
GetFileTime
GetDriveTypeW
RemoveDirectoryW
GetFileAttributesW
FindClose
CreateFileW

api-ms-win-core-synch-l1-1-0

ResetEvent
CreateEventExW
InitializeSRWLock
SetEvent
InitializeCriticalSectionAndSpinCount

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegDeleteTreeW
RegSetValueExW
RegDeleteKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegEnumValueW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalReAlloc
LocalFree

api-ms-win-core-io-l1-1-0

DeviceIoControl

sspicli

GetUserNameExW

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorControl
CopySid
IsValidSid
AddAccessAllowedAceEx
GetTokenInformation
EqualSid
GetAclInformation
GetAce
DeleteAce
GetLengthSid
InitializeAcl
AddAce
GetSecurityDescriptorSacl
AddAccessDeniedAceEx

crypt32

CryptProtectData
CryptUnprotectData

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
FindStringOrdinal

api-ms-win-core-localization-l1-2-0

LCMapStringEx

api-ms-win-core-file-l2-1-0

MoveFileExW
CreateHardLinkW
CopyFileExW

api-ms-win-core-file-l1-2-4

GetTempPath2W

cabinet

ord40
ord33
ord35
ord43
ord45
ord30

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize

mpr

WNetGetConnectionW

bcrypt

BCryptOpenAlgorithmProvider
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptGetProperty

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

umpdc

Pdcv2ActivationClientUnregister
Pdcv2ActivationClientRegister
Pdcv2ActivationClientActivate
Pdcv2ActivationClientDeactivate

iertutil

ord791
ord793
ord594
ord398
ord650
ord670
ord597
ord797
ord796
ord654

settingsyncdownloadhelper

DownloadSettingUnits

Sections

.text
Size: 344KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ISM.dll
.dll windows:10 windows x64 arch:x64

aa8e49fe4b145bdb4671841542b74a0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ISM.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__malloc_base
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
memmove
_o_abort
_o_acosf
_o_asinf
_o_atan2f
_o_ceilf
_o_cosf
_o_fmodf
_o_free
_o_iswspace
_o_malloc
_o_pow
_o_powf
_o_rand
_o_realloc
_o_sinf
_o_sqrt
_o_sqrtf
_o_tan
_o_tanf
_o_terminate
_o_towlower
_o_wcscat_s
_o_wcscpy_s
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler4
__std_terminate
_CxxThrowException
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o__free_base
_o__crt_atexit
_o___std_type_info_destroy_list
_o__configure_narrow_argv
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__callnewh
memcmp
memcpy
_o__execute_onexit_table
_o__errno
__CxxFrameHandler3

api-ms-win-crt-string-l1-1-0

memset
wcsnlen

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtAlpcDeletePortSection
LdrResSearchResource
NtAssociateWaitCompletionPacket
RtlGetDeviceFamilyInfoEnum
RtlIsMultiSessionSku
RtlCaptureStackBackTrace
NtAlpcCreatePortSection
NtAlpcSendWaitReceivePort
NtAlpcDisconnectPort
NtAlpcCreatePort
RtlNtStatusToDosError
NtAlpcAcceptConnectPort
RtlUnsubscribeWnfNotificationWaitForCompletion
NtAlpcDeleteSectionView
NtAlpcCancelMessage
RtlQueryWnfStateData
NtQuerySystemInformation
NtQueryLicenseValue
RtlInitUnicodeString
RtlPublishWnfStateData
DbgPrint
NtCreateWaitCompletionPacket
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
NtCancelWaitCompletionPacket
NtAlpcCreateSectionView
NtQueryInformationProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetExitCodeProcess
CreateThread
GetCurrentProcessId
OpenProcessToken
GetCurrentThread
GetCurrentThreadId
CreateProcessW
QueueUserAPC
OpenThread

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW
GetTickCount64

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExA
FreeLibraryAndExitThread
FreeLibrary
DisableThreadLibraryCalls
FindStringOrdinal
GetModuleFileNameA
LoadLibraryExW
GetModuleHandleExW
GetProcAddress
GetModuleHandleW

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegGetValueW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegSetValueExW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
CreateWaitableTimerExW
CreateEventExA
OpenSemaphoreW
ReleaseSRWLockShared
CreateMutexExW
WaitForSingleObject
InitializeCriticalSectionEx
WaitForSingleObjectEx
AcquireSRWLockShared
DeleteCriticalSection
WaitForMultipleObjectsEx
CreateSemaphoreExW
ReleaseMutex
CreateEventExW
TryAcquireSRWLockShared
OpenEventW
EnterCriticalSection
LeaveCriticalSection
SetEvent
InitializeCriticalSection
SleepEx
InitializeSRWLock
OpenEventA
ReleaseSemaphore
ReleaseSRWLockExclusive
CreateEventW
ResetEvent
InitializeCriticalSectionAndSpinCount

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventActivityIdControl
EventWriteTransfer
EventRegister

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolWait
CreateThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
DisassociateCurrentThreadFromCallback
CloseThreadpoolTimer
WaitForThreadpoolWaitCallbacks

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle
SetHandleInformation

coremessaging

CoreUICallCreateConversationHost
MsgBlobCreateShared
MsgRelease
MsgStringCreateShared
CoreUIOpenExisting
CoreUICreate
CoreUICallReceive
CoreUICallSend
CoreUICallCreateEndpointHost

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize
RoActivateInstance

api-ms-win-rtcore-ntuser-window-l1-1-0

GetClassNameW
GetAncestor
SetForegroundWindow
DefWindowProcW
CreateWindowExW
UnregisterClassW
GetCursorPos
GetPropW
GetForegroundWindow
GetWindowThreadProcessId
PostQuitMessage
RegisterClassW
DispatchMessageW
GetMessageW
GetClassInfoW
EnumChildWindows

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-rtcore-ntuser-private-l1-1-9

ord2647
MapPointsByVisualIdentifier

api-ms-win-ntuser-sysparams-l1-1-0

GetDisplayConfigBufferSizes
QueryDisplayConfig
GetMonitorInfoW
SystemParametersInfoW
GetSystemMetrics
DisplayConfigGetDeviceInfo

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-com-l1-1-0

CreateStreamOnHGlobal
CoTaskMemFree
CoReleaseMarshalData
CoCreateInstance
CoGetApartmentType
CLSIDFromString
CoCreateFreeThreadedMarshaler
CoMarshalInterface
CoInitializeSecurity
CoGetInterfaceAndReleaseStream
CoTaskMemAlloc
CoInitializeEx

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError
GetRestrictedErrorInfo
RoOriginateErrorW
RoTransformError

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsGetStringLen
WindowsCompareStringOrdinal
WindowsDeleteStringBuffer
WindowsPreallocateStringBuffer
WindowsPromoteStringBuffer
WindowsCreateString
WindowsDuplicateString

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-core-io-l1-1-0

GetQueuedCompletionStatus
GetOverlappedResult
CancelIoEx
DeviceIoControl
CreateIoCompletionPort

api-ms-win-core-file-l1-1-0

ReadFileEx
WriteFile
CreateFileW
CreateDirectoryW
GetFileAttributesW

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification
PowerGetActiveScheme
PowerSettingUnregisterNotification

api-ms-win-power-base-l1-1-0

CallNtPowerInformation

powrprof

PowerReadDCValueIndex
PowerReadACValueIndex

api-ms-win-devices-config-l1-1-1

CM_Locate_DevNodeW
CM_Get_Device_Interface_PropertyW
CM_MapCrToWin32Err
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
CM_Register_Notification
CM_Unregister_Notification
CM_Get_Parent
CM_Get_DevNode_PropertyW

api-ms-win-core-path-l1-1-0

PathCchSkipRoot

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
StartTraceW
EnableTraceEx2

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-eventing-consumer-l1-1-0

CloseTrace

api-ms-win-security-base-l1-1-0

IsWellKnownSid
IsValidSid
DestroyPrivateObjectSecurity
GetTokenInformation
AllocateLocallyUniqueId
RevertToSelf

api-ms-win-devices-query-l1-1-0

DevFreeObjectProperties
DevGetObjectProperties

coreuicomponents

CoreUIFactoryCreate
CoreUIClientCreate

dcomp

ord1100
DCompositionCreateDevice3
ord1044
ord1019

win32u

NtRIMSetDeadzoneRotation
NtQueryCompositionInputSinkViewId
NtQueryCompositionInputIsImplicit
NtQueryCompositionInputQueueAndTransform
NtMITConfigureVirtualTouchpad
NtMITSetInputObservationState
NtDCompositionGetStatistics
NtDCompositionGetTargetStatistics
NtMITPostThreadEventMessage
NtUserPostKeyboardInputMessage
NtCloseCompositionInputSink
NtMITSynthesizeMouseInput
NtMITSetInputDelegationMode
NtMITPostMouseInputMessage
NtMITSetInputCallbacks
NtMITAccessibilityTimerNotification
NtRIMDeviceIoControl
NtRIMEnableMonitorMappingForDevice
NtMITSetKeyboardInputRoutingPolicy
NtRIMGetSourceProcessId
NtRIMOnTimerNotification
NtMITUpdateInputGlobals
NtDCompositionDuplicateHandleToProcess
NtMITDisableMouseIntercept
NtMITEnableMouseIntercept
NtMITCoreMsgKOpenConnectionTo
NtUserStopAndEndInertia
NtUserRegisterManipulationThread
NtQueryCompositionInputSinkLuid
NtMITSetKeyboardOverriderState
NtMITSynthesizeKeyboardInput
NtUserSetManipulationInputTarget

dwmcore

MilCompositionEngine_CreateCursorController

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-file-l2-1-0

ReadDirectoryChangesW

crypt32

CertVerifyCertificateChainPolicy

api-ms-win-core-memory-l1-1-0

VirtualProtect

api-ms-win-core-namespace-l1-1-0

OpenPrivateNamespaceW
CreateBoundaryDescriptorW
ClosePrivateNamespace
AddSIDToBoundaryDescriptor
DeleteBoundaryDescriptor

bcrypt

BCryptHashData
BCryptCreateHash
BCryptOpenAlgorithmProvider
BCryptDestroyHash
BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptFinishHash

oleaut32

SetErrorInfo
GetErrorInfo
SysStringLen
SysAllocString
SysFreeString

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-3

TerminateProcessOnMemoryExhaustion

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

Exports

Exports

CreateSystemInputHost
IsSystemInputHostStandalone
NotifyInputSinkParented
NotifyInputSinkRemoved
NotifyInputSinkTransformChanged
Register3DCompositor
RegisterManipulationThread
SetManipulationInputTarget
StopAndEndInertia
Unregister3DCompositor

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 448KB - Virtual size: 447KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sipc
Size: 4KB - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IndexedDbLegacy.dll
.dll windows:10 windows x64 arch:x64

381e8495db592f486394c3865d6eae45

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

IndexedDbLegacy.pdb

Imports

msvcrt

malloc
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
memcmp
__CxxFrameHandler3
free
_amsg_exit
??0exception@@QEAA@AEBQEBD@Z
_callnewh
_purecall
mbstowcs_s
__CxxFrameHandler4
_onexit
?terminate@@YAXXZ
memmove
floor
_lock
_unlock
_XcptFilter
__C_specific_handler
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
_initterm
??1type_info@@UEAA@XZ
memcpy
memcpy_s
_vsnwprintf
__dllonexit
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameW
LoadLibraryExW
GetModuleFileNameA
GetProcAddress

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
CreateThread
OpenProcessToken
GetCurrentThread
GetCurrentProcessId
GetCurrentThreadId
OpenThreadToken
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessageVa

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetLocalTime
GetSystemTime
GetSystemTimeAsFileTime

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep
InitOnceExecuteOnce

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
InitializeSRWLock
CreateMutexW
WaitForMultipleObjectsEx
SetEvent
CreateEventW
ReleaseSemaphore
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
CreateMutexExW
OpenSemaphoreW
ResetEvent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObjectEx
CreateSemaphoreExW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister

oleaut32

VariantCopyInd
VariantInit
VariantClear
SafeArrayCopy
SafeArrayGetVartype
SafeArrayCreate
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SysStringLen
SafeArrayUnlock
SafeArrayDestroy
SystemTimeToVariantTime
SysFreeString
SysAllocStringLen

api-ms-win-core-heap-l2-1-0

LocalAlloc
GlobalFree
GlobalAlloc
LocalFree

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CreateStreamOnHGlobal

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

GetDiskFreeSpaceExW
FindNextFileW
DeleteFileW
FindFirstFileW
FindClose

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchAddBackslash

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-heap-obsolete-l1-1-0

GlobalSize
GlobalReAlloc
GlobalUnlock
GlobalLock

ntdll

RtlQueryPackageClaims
ZwQueryWnfStateData
RtlNtStatusToDosError
NtQueryInformationToken

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
GetSidSubAuthorityCount
GetSidSubAuthority
CopySid
RevertToSelf
ImpersonateSelf
GetTokenInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

GetIndexedDbLegacyFunctions

Sections

.text
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wpp_sf
Size: 4KB - Virtual size: 819B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InputCloudStore.dll
.dll windows:10 windows x64 arch:x64

87dbd2cb6823249da26e426dc943afbb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

InputCloudStore.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_abort
_o_free
_o_iswspace
_o_malloc
_o_realloc
__C_specific_handler
__CxxFrameHandler3
_o__callnewh
_CxxThrowException
_o__configure_narrow_argv
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
_o__cexit
__std_type_info_compare

api-ms-win-crt-string-l1-1-0

memset
strncmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
GetModuleHandleW
FreeLibrary

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
EnterCriticalSection
CreateSemaphoreExW
ReleaseSRWLockShared
AcquireSRWLockShared
CreateEventW
ResetEvent
CreateMutexExW
SetEvent
WaitForSingleObject
InitializeCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
DeleteCriticalSection
ReleaseSemaphore
LeaveCriticalSection
ReleaseMutex
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsCreateString

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoTaskMemFree

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

msvcp_win

?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Xbad_alloc@std@@YAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Xlength_error@std@@YAXPEBD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z

oleaut32

SetErrorInfo
GetErrorInfo
SysFreeString
SysAllocString
SysStringLen

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegGetValueW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics
SystemParametersInfoW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InputLocaleManager.dll
.dll windows:10 windows x64 arch:x64

66faf042007d3736433381d297a96fb6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

InputLocaleManager.pdb

Imports

msvcrt

setlocale
_CxxThrowException
___lc_collate_cp_func
memset
malloc
wcsncmp
__CxxFrameHandler3
_XcptFilter
abort
_amsg_exit
_wsetlocale
strchr
memmove
__crtLCMapStringW
free
_vsnprintf_s
_errno
__crtCompareStringW
_initterm
__C_specific_handler
__dllonexit
_callnewh
_wcsdup
_unlock
_onexit
??0exception@@QEAA@AEBV0@@Z
?terminate@@YAXXZ
??0exception@@QEAA@AEBQEBD@Z
memcpy
_ismbblead
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
___mb_cur_max_func
memcmp
_purecall
calloc
wcstoul
___lc_codepage_func
??1type_info@@UEAA@XZ
___lc_handle_func
__CxxFrameHandler4
_vsnwprintf
wcscpy_s
realloc
memcpy_s
??0bad_cast@@QEAA@AEBV0@@Z
__pctype_func
??0exception@@QEAA@AEBQEBDH@Z
_lock
wcsrchr
memmove_s
wcsnlen
_wcsicmp
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??3@YAXPEAX@Z

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
GetProcAddress

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegQueryValueExW
RegEnumKeyExW
RegGetValueW
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
CreateSemaphoreExW
CreateMutexExW
AcquireSRWLockShared
ReleaseSemaphore
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
EnterCriticalSection
OpenSemaphoreW
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
GetLocaleInfoW
FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-3

TerminateProcessOnMemoryExhaustion

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetSystemDirectoryW

ntdll

RtlPublishWnfStateData
NtQueryInformationProcess

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryValueW
GetPersistedRegistryLocationW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateDirectoryW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW
StrRChrW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

InputLocaleManagerCreate

Sections

.text
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InputService.dll
.dll windows:10 windows x64 arch:x64

2411a6f1c8a4301638425ad4db75f298

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

InputService.pdb

Imports

msvcrt

_strlwr_s
wcscpy_s
wcstok_s
wcstombs_s
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
??0bad_cast@@QEAA@AEBV0@@Z
realloc
iswupper
strcspn
localeconv
iswalpha
strchr
_wcsnicmp
sprintf_s
fflush
fclose
fputwc
iswcntrl
ungetwc
iswdigit
fgetc
__mb_cur_max
fgetwc
fwrite
_errno
wcschr
fgetpos
setvbuf
ungetc
iswpunct
fsetpos
_fseeki64
wcsncmp
rand_s
isspace
swscanf_s
iswascii
tolower
wcsnlen
wcstol
iswprint
calloc
islower
toupper
swprintf_s
wcscat_s
iswgraph
_ultow_s
time
qsort
qsort_s
wcsncpy_s
_wtoi
ldexp
swscanf
_create_locale
_free_locale
_wtof_l
___lc_collate_cp_func
setlocale
__uncaught_exception
__pctype_func
isupper
___lc_handle_func
iswalnum
memcmp
___mb_cur_max_func
_ismbblead
memset
fseek
_wfsopen
memchr
_wcsdup
??8type_info@@QEBAHAEBV0@@Z
__crtCompareStringW
__crtCompareStringA
__crtLCMapStringW
__crtLCMapStringA
abort
_Getdays
_Getmonths
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
_Gettnames
_Strftime
isalnum
isdigit
sqrt
_snwprintf_s
wcsstr
??3@YAXPEAX@Z
_wcsicmp
towupper
_wcslwr_s
iswspace
towlower
_beginthreadex
fputc
wcspbrk
_wcsnicmp_l
atan
atan2
floorf
logf
sin
wcsrchr
sqrtf
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
memmove_s
strrchr
_wsetlocale
_vsnprintf_s
strcpy_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
wcstoul
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
__CxxFrameHandler4
___lc_codepage_func
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadLibraryExW
LoadStringW
FreeLibrary
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleExA
GetModuleFileNameW
GetProcAddress

api-ms-win-core-com-l1-1-0

CoUninitialize
CoTaskMemRealloc
CoCreateInstance
IIDFromString
CoDecrementMTAUsage
CoRevokeClassObject
CoRegisterClassObject
StringFromCLSID
CoCreateGuid
CoTaskMemAlloc
CoGetApartmentType
CoIncrementMTAUsage
StringFromGUID2
CLSIDFromString
CoTaskMemFree
CoWaitForMultipleHandles
CoInitializeSecurity
CoGetMalloc
CoInitializeEx
CoCreateFreeThreadedMarshaler

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableSRW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
GetStringTypeExW
CompareStringW
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
WaitForSingleObjectEx
SetEvent
OpenSemaphoreW
CreateSemaphoreExW
ReleaseSRWLockShared
EnterCriticalSection
ReleaseSRWLockExclusive
ResetEvent
AcquireSRWLockShared
InitializeCriticalSectionEx
CreateEventW
DeleteCriticalSection
LeaveCriticalSection
ReleaseSemaphore
InitializeSRWLock
OpenEventW
WaitForSingleObject
ReleaseMutex
CreateEventExW
CreateMutexExW
InitializeCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapDestroy
HeapCreate
HeapReAlloc
HeapSize
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetProcessIdOfThread
ProcessIdToSessionId
GetThreadId
GetCurrentThread
ResumeThread
GetCurrentThreadId
CreateThread
GetPriorityClass
OpenProcessToken
GetCurrentProcess
SetThreadPriority
TerminateProcess
OpenThreadToken
OpenThread
GetThreadPriority

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister
EventActivityIdControl

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CreateThreadpoolTimer
CreateThreadpoolWait
CloseThreadpoolTimer
CloseThreadpoolWait
WaitForThreadpoolTimerCallbacks

api-ms-win-core-errorhandling-l1-1-3

TerminateProcessOnMemoryExhaustion

api-ms-win-core-localization-l1-2-0

LCMapStringW
GetACP
GetLocaleInfoEx
GetLocaleInfoA
GetLocaleInfoW
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetTickCount64
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetWindowsDirectoryW
GetTickCount
GetSystemTime

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

textinputmethodformatter

?Uninitialize@TextInputMethodFormatter@@UEAAJXZ
?SetTVKRTarget@TextInputMethodFormatter@@UEAAJPEAUITextVirtualizationKeyRouting@@@Z
?GetTVIImpl@TextInputMethodFormatter@@UEAAJPEAPEAUITextVirtualizationInternal@@@Z
?Initialize@TextInputMethodFormatter@@QEAAJPEAUIMessagePort@@PEAUIMessageSession@@W4VirtualizationEnvironment@@PEAUIVirtualizedTextDataSender@@U_GUID@@@Z
?GetTVKRImpl@TextInputMethodFormatter@@UEAAJPEAPEAUITextVirtualizationKeyRouting@@@Z
?TryConnect@TextInputMethodFormatter@@QEAAJXZ
??0TextInputMethodFormatter@@QEAA@PEAUITextVirtualizationKeyRoutingServerCallback@@@Z
?GetPduIdHelper@TextInputMethodFormatter@@QEAAJPEAPEAX@Z
?ContinueDeserialize@TextInputMethodFormatter@@QEAAJGAEAV?$vector@DV?$allocator@D@std@@@std@@@Z
??1TextInputMethodFormatter@@QEAA@XZ

ntdll

DbgPrintEx
NtQueryWnfStateData
RtlPublishWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlIsMultiUsersInSessionSku
RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
VerSetConditionMask
RtlCaptureStackBackTrace
RtlGetDeviceFamilyInfoEnum
NtQueryInformationProcess

api-ms-win-core-registry-l1-1-0

RegNotifyChangeKeyValue
RegEnumKeyExW
RegCreateKeyExW
RegOpenCurrentUser
RegQueryValueExW
RegOpenKeyExW
RegGetValueW
RegCloseKey
RegDeleteKeyExW
RegDeleteTreeW
RegSetValueExW
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW
GetPersistedRegistryValueW

api-ms-win-core-file-l1-1-0

GetFullPathNameW
CompareFileTime
GetFileAttributesW
CreateDirectoryW
GetFileSize
CreateFileW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorControl
SetSecurityDescriptorDacl
CheckTokenMembership
IsWellKnownSid
MakeAbsoluteSD
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetLengthSid
CopySid
EqualSid
GetSidSubAuthority
AddAce
InitializeSid
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeAcl
GetTokenInformation
GetAclInformation
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
IsValidSid
CreateWellKnownSid
GetSecurityDescriptorSacl
GetSidLengthRequired

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalAlloc
LocalFree

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateString
WindowsPreallocateStringBuffer
WindowsDeleteStringBuffer
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance
RoInitialize
RoUninitialize

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathFindFileNameW
PathIsFileSpecW

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
SetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-core-memory-l1-1-0

OpenFileMappingW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW

api-ms-win-core-normalization-l1-1-0

NormalizeString

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-privacy-coreprivacysettingsstore-l1-1-0

CPSSPutDwordSettingByKey
CPSSGetDwordSettingByKey

api-ms-win-core-url-l1-1-0

UrlEscapeW

api-ms-win-core-string-l2-1-0

CharUpperBuffW
CharUpperW
CharLowerBuffW

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-core-util-l1-1-0

DecodePointer
Beep
EncodePointer

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW
StrRChrW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-memory-l1-1-1

PrefetchVirtualMemory

Exports

Exports

CreateInputMethodClient
CreateKeyEventProcessor
InitializeService
ServiceMain
SvchostPushServiceGlobals
UninitializeService

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 888KB - Virtual size: 886KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InstallService.dll
.dll windows:10 windows x64 arch:x64

5797a37549f8702583971e73d1b35c27

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

InstallService.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__localtime64_s
_o__lock_file
_o__mktime64
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__ui64tow_s
_o__unlock_file
_o__wcsicmp
_o__wcstoui64
_o__wtoi64
_o_abort
memmove
_o_ceilf
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fgetwc
_o_fputwc
_o_free
_o_fsetpos
_o_fwrite
_o_isalnum
_o_iswspace
_o_malloc
_o_mbstowcs
_o_mbstowcs_s
_o_rand
_o_realloc
_o_setvbuf
_o_srand
_o_strncpy_s
_o_strtol
_o_terminate
_o_ungetc
_o_ungetwc
_o_wcscat_s
_o_wcscpy_s
_o_wcsftime
_o_wcsncpy_s
_o_wcstok_s
_o_wcstol
_o_wcstombs
_o_wcstombs_s
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__fseeki64
_o____lc_codepage_func
__std_terminate
__CxxFrameHandler4
_o__wtoi
memcmp
memcpy
__std_type_info_compare
wcsstr
strrchr
wcschr
strchr

api-ms-win-crt-string-l1-1-0

wcsncpy
memset
wcscmp
wcsnlen

umpdc

Pdcv2ActivationClientActivate
Pdcv2ActivationClientDeactivate

ntdll

RtlWow64IsWowGuestMachineSupported
RtlSetBit
RtlClearAllBits
RtlInitializeBitMap
RtlIsStateSeparationEnabled
RtlConvertDeviceFamilyInfoToString
RtlGetDeviceFamilyInfoEnum
RtlIsMultiSessionSku
NtQueryWnfStateData
RtlIsMultiUsersInSessionSku
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-appmodel-runtime-internal-l1-1-1

GetPackageFullNameFromToken

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
FindStringOrdinal
GetModuleFileNameA
LoadStringW
GetModuleHandleExA
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
ReleaseMutex
CreateEventExW
WaitForSingleObject
ReleaseSemaphore
OpenSemaphoreW
InitializeCriticalSection
WaitForSingleObjectEx
InitializeSRWLock
CreateMutexW
CreateMutexExW
EnterCriticalSection
ResetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
ReleaseSRWLockExclusive
SetEvent
CreateEventW
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
SetThreadToken
TerminateProcess
GetCurrentThreadId
OpenThreadToken
OpenProcessToken
GetCurrentProcess
ProcessIdToSessionId
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW
LCMapStringEx
FormatMessageA

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventActivityIdControl
EventUnregister
EventRegister
EventSetInformation

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete
WaitOnAddress
WakeByAddressAll
InitOnceExecuteOnce

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
GlobalFree

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetVersionExA
GetTickCount64
GetSystemInfo
GetSystemTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedFlushSList
InterlockedPushEntrySList

api-ms-win-core-registry-l1-1-0

RegOpenCurrentUser
RegEnumKeyExW
RegQueryInfoKeyW
RegGetValueW
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegEnumValueW
RegSetValueExW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
FreeLibraryWhenCallbackReturns
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
SubmitThreadpoolWork

rpcrt4

I_RpcBindingInqLocalClientPID
RpcStringFreeW
RpcAsyncInitializeHandle
RpcBindingFree
RpcBindingFromStringBindingW
UuidCreate
RpcBindingSetAuthInfoExW
RpcAsyncCompleteCall
I_RpcExceptionFilter
RpcAsyncCancelCall
RpcStringBindingComposeW
Ndr64AsyncClientCall

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolAllowThreadReuse

api-ms-win-security-capability-l1-1-0

CapabilityCheck

oleaut32

GetErrorInfo
SetErrorInfo
SysStringByteLen
SysStringLen
SysAllocStringByteLen
VariantTimeToSystemTime
VariantInit
VariantClear
VarBstrCmp
SysFreeString
SysAllocString

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-registry-l2-1-0

RegCreateKeyW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime
CompareFileTime
GetFileAttributesW
GetTempFileNameW
ReadFile
GetFileAttributesExW
SetFileAttributesW
DeleteFileW
FindFirstFileExW
CreateFileW
GetFinalPathNameByHandleW
SetFileInformationByHandle
CreateDirectoryW
GetFileSizeEx
WriteFile
FindFirstFileW
FindClose
FindNextFileW

winhttp

WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpSendRequest
WinHttpReadData
WinHttpSetTimeouts
WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpReceiveResponse
WinHttpQueryOption
WinHttpOpen
WinHttpConnect
WinHttpCreateUrl
WinHttpSetOption

api-ms-win-core-url-l1-1-0

UrlEscapeW

api-ms-win-core-psm-app-l1-1-0

PsmUnregisterAppStateChangeNotification
PsmRegisterAppStateChangeNotification

api-ms-win-shell-namespace-l1-1-0

SHGetIDListFromObject

api-ms-win-core-path-l1-1-0

PathCchRemoveExtension
PathCchAddExtension
PathCchRemoveFileSpec
PathCchStripToRoot
PathCchCombine
PathCchAppend

api-ms-win-shell-shdirectory-l1-1-0

ord290

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathFindFileNameW

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
FlushViewOfFile
MapViewOfFile
CreateFileMappingW

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
GetEnvironmentVariableW

api-ms-win-core-file-l1-2-4

GetTempPath2W

userenv

ExpandEnvironmentStringsForUserW

api-ms-win-core-kernel32-legacy-l1-1-1

PowerSetRequest
PowerClearRequest

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-ham-apphistory-l1-1-0

HamQueryPackageUsageInfo

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-security-cryptoapi-l1-1-0

CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

combase

ord67
ord68
ord66
ord69

wldp

WldpQueryWindowsLockdownMode
WldpIsAppApprovedByPolicy

msvcp_win

?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Winerror_map@std@@YAHH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?uncaught_exception@std@@YA_NXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXXZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?imbue@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
_Thrd_id
?_Xinvalid_argument@std@@YAXPEBD@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?id@?$ctype@G@std@@2V0locale@2@A
?clear@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@G@std@@QEBAGD@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
_Mtx_lock
_Mtx_unlock
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
_Mtx_init_in_situ
_Cnd_init_in_situ
??0task_continuation_context@Concurrency@@AEAA@XZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_Xbad_function_call@std@@YAXXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
_Cnd_wait
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
_Cnd_register_at_thread_exit
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
_Cnd_broadcast
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Mtx_destroy_in_situ
_Cnd_destroy_in_situ
_Cnd_unregister_at_thread_exit
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?id@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@2V0locale@2@A
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bid@locale@std@@QEAA_KXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
??1_Lockit@std@@QEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?get@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEBA?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBG4@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?_Xbad_alloc@std@@YAXXZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
_Xtime_get_ticks
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?uncaught_exceptions@std@@YAHXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?unshift@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Throw_C_error@std@@YAXH@Z

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

mpr

WNetGetConnectionW

api-ms-win-service-management-l1-1-0

OpenSCManagerW
StartServiceW
OpenServiceW
CloseServiceHandle

api-ms-win-ntuser-sysparams-l1-1-0

GetMonitorInfoW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
ServiceMain

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 572KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InstallServiceTasks.dll
.dll regsvr32 windows:10 windows x64 arch:x64

23fef16513b377718caaf48368e9adde

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

InstallServiceTasks.pdb

Imports

msvcp_win

_Cnd_init_in_situ
??0task_continuation_context@Concurrency@@AEAA@XZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_Xbad_function_call@std@@YAXXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Mtx_unlock
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
_Cnd_wait
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
_Cnd_register_at_thread_exit
_Cnd_broadcast
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Cnd_unregister_at_thread_exit
?_Syserror_map@std@@YAPEBDH@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
_Xtime_get_ticks
?_Xlength_error@std@@YAXPEBD@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@2V0locale@2@A
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?get@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEBA?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBG4@Z
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0_Lockit@std@@QEAA@H@Z
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Xbad_alloc@std@@YAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
??1_Lockit@std@@QEAA@XZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
_Cnd_destroy_in_situ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__localtime64_s
_o__mktime64
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__wcsdup
memmove
_o_abort
_o_bsearch_s
_o_free
_o_isdigit
_o_iswspace
_o_malloc
_o_mbstowcs
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsftime
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__beginthreadex
__std_terminate
__CxxFrameHandler4
_o___stdio_common_vswprintf
wcschr
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

ntdll

NtQueryWnfStateData
RtlCaptureContext
RtlVirtualUnwind
RtlGetDeviceFamilyInfoEnum
RtlIsMultiSessionSku
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlLookupFunctionEntry

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameW
GetModuleFileNameA
FreeLibraryAndExitThread
LoadLibraryExW
DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleW
GetProcAddress

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
InitializeSRWLock
OpenSemaphoreW
DeleteCriticalSection
CreateMutexExW
CreateSemaphoreExW
ResetEvent
ReleaseSRWLockExclusive
CreateEventW
CreateEventExW
ReleaseMutex
AcquireSRWLockExclusive
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
SetEvent
WaitForSingleObjectEx
ReleaseSemaphore
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

ResumeThread
GetCurrentThreadId
GetCurrentProcessId
OpenThreadToken
CreateThread
TerminateProcess
GetCurrentThread
SetThreadToken
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoUninitialize
CoCreateInstance
CoGetMalloc
CoTaskMemRealloc
CoWaitForMultipleHandles
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocString
VarBstrCmp
VariantInit
GetErrorInfo
VariantClear
SetErrorInfo
SysStringLen

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateString
WindowsCompareStringOrdinal
WindowsDuplicateString

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoUninitialize
RoActivateInstance
RoInitialize

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegGetValueW
RegOpenKeyExW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

rpcrt4

UuidCreate

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
ImpersonateSelf
RevertToSelf
DuplicateTokenEx
GetTokenInformation
CheckTokenMembership
CreateWellKnownSid

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-registry-l2-1-0

RegCreateKeyW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ForceAppInUseRestart
GetSetting

Sections

.text
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IntegratedServicesRegionPolicySet.json
KernelBase.dll
.dll windows:10 windows x64 arch:x64

e39150f16e8dc5041bd763bb1f83c337

Code Sign

33:00:00:04:5b:f6:31:bc:00:f4:fc:37:45:00:00:00:00:04:5b
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 18:20

Not After

04/09/2024, 18:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:90:b6:44:cd:b2:20:7e:32:0c:43:ab:e0:18:39:2f:5e:80:9f:f6:64:78:81:5b:bf:22:a4:e0:0a:82:ff:61
Signer

Actual PE Digest

77:90:b6:44:cd:b2:20:7e:32:0c:43:ab:e0:18:39:2f:5e:80:9f:f6:64:78:81:5b:bf:22:a4:e0:0a:82:ff:61

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

kernelbase.pdb

Imports

ntdll

NtOpenPrivateNamespace
RtlAddSIDToBoundaryDescriptor
__C_specific_handler
RtlFreeAnsiString
RtlAnsiStringToUnicodeString
RtlInitializeSid
NlsMbCodePageTag
RtlSubAuthoritySid
RtlDosPathNameToRelativeNtPathName_U
RtlFreeUnicodeString
RtlInitUnicodeString
RtlGetOwnerSecurityDescriptor
RtlReleaseRelativeName
RtlLengthRequiredSid
RtlUnicodeStringToAnsiString
RtlInitAnsiString
LdrResRelease
NtQueryInformationFile
RtlEqualSid
SbSelectProcedure
LdrResSearchResource
NtQuerySecurityObject
NtOpenFile
_wcsicmp
RtlDecodeSystemPointer
RtlUnicodeToMultiByteN
RtlMultiByteToUnicodeN
RtlDeleteCriticalSection
RtlUpcaseUnicodeChar
RtlEnterCriticalSection
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlIsThreadWithinLoaderCallout
NtSetInformationFile
RtlDosPathNameToNtPathName_U
wcscpy_s
wcscat_s
swprintf_s
NtFsControlFile
_wcsnicmp
NtQueryVolumeInformationFile
NtCreateFile
RtlSetLastWin32Error
NtWaitForSingleObject
NtNotifyChangeDirectoryFileEx
RtlSetCurrentTransaction
NtCopyFileChunk
RtlEqualUnicodeString
NtQuerySystemInformation
TpSetWait
RtlReleasePrivilege
NtOpenKey
TpReleaseWait
ZwQueryWnfStateData
RtlDosPathNameToNtPathName_U_WithStatus
RtlGetAce
RtlQueryInformationAcl
RtlVerifyVersionInfo
NtQueryEaFile
RtlAcquirePrivilege
RtlGetCurrentTransaction
NtFlushBuffersFile
RtlGetLastNtStatus
NtCreateEvent
RtlGetLastWin32Error
RtlpMergeSecurityAttributeInformation
VerSetConditionMask
RtlNtStatusToDosError
TpWaitForWait
wcsrchr
RtlFindAceByType
NtQueryValueKey
NtOpenMutant
_vsnwprintf
RtlIsDosDeviceName_U
NtReleaseMutant
RtlIsStateSeparationEnabled
NtCreateKeyTransacted
RtlDetermineDosPathNameType_U
NtCreateKey
NtSetValueKey
RtlUnicodeStringToOemString
RtlGetUserInfoHeap
RtlIsValidHandle
RtlAllocateHandle
RtlReAllocateHeap
RtlFreeHandle
RtlSizeHeap
RtlSetUserValueHeap
RtlUnlockHeap
RtlLockHeap
NtQueryDirectoryFile
RtlGetPersistedStateLocation
RtlGetExtendedFeaturesMask
RtlGetEnabledExtendedFeatures
RtlLocateLegacyContext
RtlCopyContext
RtlSetExtendedFeaturesMask
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
NtSetInformationProcess
RtlInitializeExtendedContext2
RtlGetExtendedContextLength2
RtlLocateExtendedFeature
RtlGetDeviceFamilyInfoEnum
RtlIsApiSetImplemented
wcspbrk
iswalpha
wcschr
wcsncmp
RtlNtStatusToDosErrorNoTeb
TpSetTimer
RtlDllShutdownInProgress
memcpy_s
NtDeletePrivateNamespace
TpReleaseTimer
RtlInitializeCriticalSectionEx
memmove_s
_vsnprintf
NtCreateIoRing
NtSubmitIoRing
NtSetInformationIoRing
NtQueryIoRingCapabilities
NtTerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
RtlNormalizeString
RtlPublishWnfStateData
NtSetDefaultLocale
_wtoi
_itow_s
NtDeleteValueKey
RtlUnicodeStringToInteger
RtlLocaleNameToLcid
RtlIsMultiSessionSku
RtlLcidToLocaleName
RtlpLoadUserUIByPolicy
RtlpLoadMachineUIByPolicy
RtlpGetLCIDFromLangInfoNode
NtEnumerateValueKey
qsort
RtlpCreateProcessRegistryInfo
RtlLCIDToCultureName
RtlpGetNameFromLangInfoNode
NtQueryInstallUILanguage
RtlpMuiFreeLangRegistryInfo
RtlpInitializeLangRegistryInfo
RtlpIsQualifiedLanguage
RtlCultureNameToLCID
RtlGetLocaleFileMappingAddress
NtEnumerateKey
NtGetNlsSectionPtr
_ui64tow_s
LdrFindResourceEx_U
RtlGetThreadPreferredUILanguages
RtlSetProcessPreferredUILanguages
RtlGetUILanguageInfo
RtlGetUserPreferredUILanguages
RtlGetSystemPreferredUILanguages
RtlpQueryDefaultUILanguage
RtlGetProcessPreferredUILanguages
RtlSetThreadPreferredUILanguages
RtlSetThreadPreferredUILanguages2
RtlGetFileMUIPath
RtlRestoreThreadPreferredUILanguages
RtlpGetSystemDefaultUILanguage
LdrAccessResource
RtlIdnToNameprepUnicode
RtlIsNormalizedString
RtlIdnToAscii
RtlIdnToUnicode
NtDeleteKey
RtlAppendUnicodeStringToString
RtlLoadString
RtlAppendUnicodeToString
RtlCopyUnicodeString
RtlExpandEnvironmentStrings_U
NtCreateSection
RtlOpenCurrentUser
NtMapViewOfSection
NtQueryDefaultLocale
NtNotifyChangeKey
NtQueryInformationToken
RtlTimeFieldsToTime
CsrClientCallServer
CsrCaptureMessageBuffer
CsrFreeCaptureBuffer
CsrAllocateCaptureBuffer
RtlUTF8ToUnicodeN
RtlUnicodeToUTF8N
_wcslwr
NtQueryLicenseValue
_wtol
RtlIntegerToUnicodeString
RtlRunOnceExecuteOnce
DbgPrint
sqrt
RtlQueryWnfStateData
RtlSetProtectedPolicy
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlUnicodeToMultiByteSize
RtlQueryInformationActivationContext
DbgPrintEx
RtlReleaseActivationContext
RtlInitAnsiStringEx
TpAllocTimer
TpAllocIoCompletion
TpAllocWork
TpCallbackMayRunLong
TpAllocCleanupGroup
TpSimpleTryPost
TpQueryPoolStackInformation
TpAllocPool
TpSetPoolMinThreads
TpSetPoolStackInformation
TpAllocWait
RtlConvertSidToUnicodeString
RtlSubAuthorityCountSid
ZwQueryInformationToken
RtlIsMultiUsersInSessionSku
ZwQueryValueKey
ZwClose
ZwOpenKey
NtQueryMultipleValueKey
wcsncpy_s
RtlExitUserProcess
RtlInitializeCriticalSectionAndSpinCount
vswprintf_s
RtlDecodePointer
RtlEncodePointer
NtCreatePrivateNamespace
RtlInitUnicodeStringEx
NtClose
RtlReleaseSRWLockShared
RtlPrefixUnicodeString
RtlAcquireSRWLockShared
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlDeleteBoundaryDescriptor
NtQueryInformationProcess
RtlCreateBoundaryDescriptor
RtlCompareUnicodeString
TpWaitForTimer
RtlFreeHeap
isalpha
_strnicmp
RtlRunOnceInitialize
NtDuplicateObject
RtlFormatCurrentUserKeyPath
NtResetEvent
RtlCheckTokenMembershipEx
RtlDeriveCapabilitySidsFromName
NtQueryEvent
RtlCapabilityCheck
RtlCreateUnicodeStringFromAsciiz
NtQueryKey
RtlCreateUnicodeString
RtlValidSecurityDescriptor
RtlRandomEx
RtlStringFromGUID
NtLoadKeyEx
RtlLengthSecurityDescriptor
RtlMakeSelfRelativeSD
LdrGetProcedureAddress
LdrGetDllHandle
RtlInitString
strncat
_strlwr
RtlRaiseException
PssNtCaptureSnapshot
PssNtValidateDescriptor
PssNtFreeSnapshot
PssNtFreeRemoteSnapshot
PssNtQuerySnapshot
PssNtWalkSnapshot
PssNtDuplicateSnapshot
PssNtFreeWalkMarker
NtQueryVirtualMemory
NtOpenProcessTokenEx
RtlGUIDFromString
RtlQueryPackageIdentityEx
RtlStringFromGUIDEx
EtwEventUnregister
EtwEventRegister
EtwEventEnabled
EtwEventWrite
NtCreateWnfStateName
NtDeleteWnfStateName
RtlFreeSid
RtlInitializeSRWLock
WinSqmIncrementDWORD
WinSqmSetDWORD
WinSqmSetString
RtlGetDaclSecurityDescriptor
RtlCreateAcl
RtlAddAccessAllowedAceEx
RtlAddAce
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlSetControlSecurityDescriptor
NtSetSecurityObject
RtlDowncaseUnicodeString
RtlUpcaseUnicodeString
RtlAllocateAndInitializeSid
wcsspn
NtUnmapViewOfSection
RtlQueryPackageClaims
wcsstr
LdrUpdatePackageSearchPath
strncmp
RtlInsertElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlValidSid
RtlLengthSid
RtlGetAppContainerSidType
RtlCopySid
RtlExpandEnvironmentStrings
RtlGetAppContainerParent
NtQuerySecurityAttributesToken
RtlIsParentOfChildAppContainer
WinSqmIsOptedIn
WinSqmStartSession
WinSqmAddToStreamEx
WinSqmEndSession
TpReleaseWork
TpPostWork
RtlSetSaclSecurityDescriptor
NtGetCachedSigningLevel
NtCompareSigningLevels
ZwCreateKey
ZwSetValueKey
NtDeviceIoControlFile
EtwEventWriteTransfer
TpCancelAsyncIoOperation
TpWaitForIoCompletion
TpReleaseIoCompletion
RtlQueryPerformanceCounter
TpStartAsyncIoOperation
RtlCompareUnicodeStrings
strchr
NtReadFile
RtlRaiseStatus
RtlTryAcquirePebLock
RtlReleasePebLock
wcscspn
RtlGetNtSystemRoot
NtWaitForMultipleObjects
RtlImageNtHeader
NtSetSystemInformation
RtlExitUserThread
NtYieldExecution
RtlCreateProcessParametersEx
RtlDestroyProcessParameters
strtoul
_errno
RtlQueryPerformanceFrequency
RtlTryAcquireSRWLockExclusive
NtDuplicateToken
NtAllocateLocallyUniqueId
NtAccessCheck
NtAccessCheckByType
NtAccessCheckByTypeResultList
NtOpenProcessToken
NtOpenThreadToken
NtSetInformationToken
NtAdjustPrivilegesToken
NtAdjustGroupsToken
NtPrivilegeCheck
NtAccessCheckAndAuditAlarm
NtAccessCheckByTypeAndAuditAlarm
NtAccessCheckByTypeResultListAndAuditAlarm
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
NtOpenObjectAuditAlarm
NtPrivilegeObjectAuditAlarm
NtCloseObjectAuditAlarm
NtDeleteObjectAuditAlarm
NtPrivilegedServiceAuditAlarm
RtlEqualPrefixSid
RtlIdentifierAuthoritySid
RtlAreAllAccessesGranted
RtlAreAnyAccessesGranted
RtlMapGenericMask
RtlValidAcl
RtlSetInformationAcl
RtlDeleteAce
RtlAddAccessAllowedAce
RtlAddMandatoryAce
RtlAddResourceAttributeAce
RtlAddScopedPolicyIDAce
RtlAddAccessDeniedAce
RtlAddAccessDeniedAceEx
RtlAddAuditAccessAce
RtlAddAuditAccessAceEx
RtlAddAccessAllowedObjectAce
RtlAddAccessDeniedObjectAce
RtlAddAuditAccessObjectAce
RtlFirstFreeAce
RtlValidRelativeSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlNewSecurityObject
RtlConvertToAutoInheritSecurityObject
RtlNewSecurityObjectEx
RtlNewSecurityObjectWithMultipleInheritance
RtlSetSecurityObject
RtlSetSecurityObjectEx
RtlQuerySecurityObject
RtlDeleteSecurityObject
RtlAbsoluteToSelfRelativeSD
RtlSelfRelativeToAbsoluteSD
RtlImpersonateSelf
NtSetInformationThread
NtImpersonateAnonymousToken
EtwEventWriteNoRegistration
NtFilterToken
RtlCheckTokenCapability
RtlSelfRelativeToAbsoluteSD2
RtlGetSecurityDescriptorRMControl
RtlSetSecurityDescriptorRMControl
RtlIsPackageSid
RtlIsCapabilitySid
NtSetCachedSigningLevel
RtlDosApplyFileIsolationRedirection_Ustr
LdrGetDllHandleByName
RtlDosSearchPath_Ustr
RtlImageNtHeaderEx
LdrGetDllHandleByMapping
RtlGetActiveActivationContext
LdrAddLoadAsDataTable
_stricmp
strncat_s
LdrGetDllPath
RtlReleasePath
LdrLoadDll
LdrRemoveLoadAsDataTable
LdrUnloadAlternateResourceModule
LdrUnloadDll
LdrDisableThreadCalloutsForDll
LdrGetDllFullName
RtlPcToFileHeader
LdrAddRefDll
LdrGetProcedureAddressForCaller
LdrAddDllDirectory
LdrRemoveDllDirectory
LdrSetDefaultDllDirectories
LdrResolveDelayLoadedAPI
LdrResolveDelayLoadsFromDll
LdrQueryOptionalDelayLoadedAPI
RtlGetProductInfo
RtlGetVersion
LdrFindResource_U
LdrResGetRCConfig
LdrpResGetResourceDirectory
RtlImageDirectoryEntryToData
LdrResFindResourceDirectory
LdrResFindResource
LdrGetFileNameFromLoadAsDataTable
LdrLoadAlternateResourceModule
LdrRscIsTypeExist
LdrLoadAlternateResourceModuleEx
LdrpResGetMappingSize
wcstoul
NtLockVirtualMemory
NtUnlockVirtualMemory
NtReadVirtualMemory
RtlOpenCrossProcessEmulatorWorkConnection
RtlWow64PopCrossProcessWorkFromFreeList
RtlWow64RequestCrossProcessHeavyFlush
RtlWow64PushCrossProcessWorkOntoWorkList
RtlWow64PushCrossProcessWorkOntoFreeList
NtProtectVirtualMemory
NtWriteVirtualMemory
NtAllocateVirtualMemory
NtAllocateVirtualMemoryEx
NtFreeVirtualMemory
RtlFlushSecureMemoryCache
NtOpenEvent
NtGetWriteWatch
NtResetWriteWatch
NtSetInformationVirtualMemory
NtAllocateUserPhysicalPages
NtAllocateUserPhysicalPagesEx
NtFreeUserPhysicalPages
NtMapUserPhysicalPages
RtlUnsubscribeWnfStateChangeNotification
NtManagePartition
RtlxAnsiStringToUnicodeSize
RtlxOemStringToUnicodeSize
RtlxUnicodeStringToOemSize
RtlxUnicodeStringToAnsiSize

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer
EventActivityIdControl
EventSetInformation

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AccessCheck
AccessCheckAndAuditAlarmW
AccessCheckByType
AccessCheckByTypeAndAuditAlarmW
AccessCheckByTypeResultList
AccessCheckByTypeResultListAndAuditAlarmByHandleW
AccessCheckByTypeResultListAndAuditAlarmW
AcquireSRWLockExclusive
AcquireSRWLockShared
AcquireStateLock
ActivateActCtx
AddAccessAllowedAce
AddAccessAllowedAceEx
AddAccessAllowedObjectAce
AddAccessDeniedAce
AddAccessDeniedAceEx
AddAccessDeniedObjectAce
AddAce
AddAuditAccessAce
AddAuditAccessAceEx
AddAuditAccessObjectAce
AddConsoleAliasA
AddConsoleAliasW
AddDependencyToProcessPackageGraph
AddDllDirectory
AddExtensionProgId
AddMandatoryAce
AddPackageDependency
AddRefActCtx
AddResourceAttributeAce
AddSIDToBoundaryDescriptor
AddScopedPolicyIDAce
AddVectoredContinueHandler
AddVectoredExceptionHandler
AdjustTokenGroups
AdjustTokenPrivileges
AllocConsole
AllocateAndInitializeSid
AllocateLocallyUniqueId
AllocateUserPhysicalPages
AllocateUserPhysicalPages2
AllocateUserPhysicalPagesNuma
AppContainerDeriveSidFromMoniker
AppContainerFreeMemory
AppContainerLookupDisplayNameMrtReference
AppContainerLookupMoniker
AppContainerRegisterSid
AppContainerUnregisterSid
AppPolicyGetClrCompat
AppPolicyGetCreateFileAccess
AppPolicyGetLifecycleManagement
AppPolicyGetMediaFoundationCodecLoading
AppPolicyGetProcessTerminationMethod
AppPolicyGetShowDeveloperDiagnostic
AppPolicyGetThreadInitializationType
AppPolicyGetWindowingModel
AppXFreeMemory
AppXGetApplicationData
AppXGetDevelopmentMode
AppXGetOSMaxVersionTested
AppXGetOSMinVersion
AppXGetPackageCapabilities
AppXGetPackageSid
AppXLookupDisplayName
AppXLookupMoniker
AppXPostSuccessExtension
AppXPreCreationExtension
AppXReleaseAppXContext
AppXUpdatePackageCapabilities
ApplicationUserModelIdFromProductId
AreAllAccessesGranted
AreAnyAccessesGranted
AreFileApisANSI
AreShortNamesEnabled
AreThereVisibleLogoffScriptsInternal
AreThereVisibleShutdownScriptsInternal
ArmFeatureUsageSubscriberFlushNotification
AttachConsole
BaseCheckAppcompatCache
BaseCheckAppcompatCacheEx
BaseCleanupAppcompatCacheSupport
BaseDllFreeResourceId
BaseDllMapResourceIdW
BaseDumpAppcompatCache
BaseFlushAppcompatCache
BaseFormatObjectAttributes
BaseFreeAppCompatDataForProcess
BaseGetConsoleReference
BaseGetNamedObjectDirectory
BaseInitAppcompatCacheSupport
BaseIsAppcompatInfrastructureDisabled
BaseMarkFileForDelete
BaseReadAppCompatDataForProcess
BaseUpdateAppcompatCache
BasepAdjustObjectAttributesForPrivateNamespace
BasepCopyFileCallback
BasepCopyFileExW
BasepNotifyTrackingService
Beep
BuildIoRingCancelRequest
BuildIoRingFlushFile
BuildIoRingReadFile
BuildIoRingRegisterBuffers
BuildIoRingRegisterFileHandles
BuildIoRingWriteFile
CLOSE_LOCAL_HANDLE_INTERNAL
CallEnclave
CallNamedPipeW
CallbackMayRunLong
CancelIo
CancelIoEx
CancelSynchronousIo
CancelThreadpoolIo
CancelWaitableTimer
CeipIsOptedIn
ChangeTimerQueueTimer
CharLowerA
CharLowerBuffA
CharLowerBuffW
CharLowerW
CharNextA
CharNextExA
CharNextW
CharPrevA
CharPrevExA
CharPrevW
CharUpperA
CharUpperBuffA
CharUpperBuffW
CharUpperW
CheckAllowDecryptedRemoteDestinationPolicy
CheckGroupPolicyEnabled
CheckIfStateChangeNotificationExists
CheckIsMSIXPackage
CheckRemoteDebuggerPresent
CheckTokenCapability
CheckTokenMembership
CheckTokenMembershipEx
ChrCmpIA
ChrCmpIW
ClearCommBreak
ClearCommError
CloseHandle
CloseIoRing
ClosePackageInfo
ClosePrivateNamespace
ClosePseudoConsole
CloseState
CloseStateAtom
CloseStateChangeNotification
CloseStateContainer
CloseStateLock
CloseThreadpool
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolIo
CloseThreadpoolTimer
CloseThreadpoolWait
CloseThreadpoolWork
CommandLineToArgvW
CommitStateAtom
CompareFileTime
CompareObjectHandles
CompareStringA
CompareStringEx
CompareStringOrdinal
CompareStringW
ConnectNamedPipe
ContinueDebugEvent
ConvertAuxiliaryCounterToPerformanceCounter
ConvertDefaultLocale
ConvertFiberToThread
ConvertPerformanceCounterToAuxiliaryCounter
ConvertThreadToFiber
ConvertThreadToFiberEx
ConvertToAutoInheritPrivateObjectSecurity
CopyContext
CopyFile2
CopyFileExW
CopyFileFromAppW
CopyFileW
CopyMemoryNonTemporal
CopySid
CouldMultiUserAppsBehaviorBePossibleForPackage
CreateActCtxW
CreateAppContainerToken
CreateBoundaryDescriptorW
CreateConsoleScreenBuffer
CreateDirectoryA
CreateDirectoryExW
CreateDirectoryFromAppW
CreateDirectoryW
CreateEnclave
CreateEventA
CreateEventExA
CreateEventExW
CreateEventW
CreateFiber
CreateFiberEx
CreateFile2
CreateFile2FromAppW
CreateFileA
CreateFileFromAppW
CreateFileMapping2
CreateFileMappingFromApp
CreateFileMappingNumaW
CreateFileMappingW
CreateFileW
CreateHardLinkA
CreateHardLinkW
CreateIoCompletionPort
CreateIoRing
CreateMemoryResourceNotification
CreateMutexA
CreateMutexExA
CreateMutexExW
CreateMutexW
CreateNamedPipeW
CreatePipe
CreatePrivateNamespaceW
CreatePrivateObjectSecurity
CreatePrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
CreateProcessA
CreateProcessAsUserA
CreateProcessAsUserW
CreateProcessInternalA
CreateProcessInternalW
CreateProcessW
CreatePseudoConsole
CreatePseudoConsoleAsUser
CreateRemoteThread
CreateRemoteThreadEx
CreateRestrictedToken
CreateSemaphoreExW
CreateSemaphoreW
CreateStateAtom
CreateStateChangeNotification
CreateStateContainer
CreateStateLock
CreateStateSubcontainer
CreateSymbolicLinkW
CreateThread
CreateThreadpool
CreateThreadpoolCleanupGroup
CreateThreadpoolIo
CreateThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolWork
CreateTimerQueue
CreateTimerQueueTimer
CreateWaitableTimerExW
CreateWaitableTimerW
CreateWellKnownSid
CtrlRoutine
CveEventWrite
DeactivateActCtx
DebugActiveProcess
DebugActiveProcessStop
DebugBreak
DecodePointer
DecodeRemotePointer
DecodeSystemPointer
DefineDosDeviceW
DelayLoadFailureHook
DelayLoadFailureHookLookup
DeleteAce
DeleteBoundaryDescriptor
DeleteCriticalSection
DeleteEnclave
DeleteFiber
DeleteFileA
DeleteFileFromAppW
DeleteFileW
DeletePackageDependency
DeleteProcThreadAttributeList
DeleteStateAtomValue
DeleteStateContainer
DeleteStateContainerValue
DeleteSynchronizationBarrier
DeleteTimerQueue
DeleteTimerQueueEx
DeleteTimerQueueTimer
DeleteVolumeMountPointW
DeriveCapabilitySidsFromName
DestroyPrivateObjectSecurity
DeviceIoControl
DisablePredefinedHandleTableInternal
DisableThreadLibraryCalls
DisassociateCurrentThreadFromCallback
DiscardVirtualMemory
DisconnectNamedPipe
DnsHostnameToComputerNameExW
DsBindWithSpnExW
DsCrackNamesW
DsFreeDomainControllerInfoW
DsFreeNameResultW
DsFreeNgcKey
DsFreePasswordCredentials
DsGetDomainControllerInfoW
DsMakePasswordCredentialsW
DsReadNgcKeyW
DsUnBindW
DsWriteNgcKeyW
DuplicateHandle
DuplicateStateContainerHandle
DuplicateToken
DuplicateTokenEx
EmptyWorkingSet
EnableProcessOptionalXStateFeatures
EncodePointer
EncodeRemotePointer
EncodeSystemPointer
EnterCriticalPolicySectionInternal
EnterCriticalSection
EnterSynchronizationBarrier
EnumCalendarInfoExEx
EnumCalendarInfoExW
EnumCalendarInfoW
EnumDateFormatsExEx
EnumDateFormatsExW
EnumDateFormatsW
EnumDeviceDrivers
EnumDynamicTimeZoneInformation
EnumLanguageGroupLocalesW
EnumPageFilesA
EnumPageFilesW
EnumProcessModules
EnumProcessModulesEx
EnumProcesses
EnumResourceLanguagesExA
EnumResourceLanguagesExW
EnumResourceNamesA
EnumResourceNamesExA
EnumResourceNamesExW
EnumResourceNamesW
EnumResourceTypesExA
EnumResourceTypesExW
EnumSystemCodePagesW
EnumSystemFirmwareTables
EnumSystemGeoID
EnumSystemGeoNames
EnumSystemLanguageGroupsW
EnumSystemLocalesA
EnumSystemLocalesEx
EnumSystemLocalesW
EnumTimeFormatsEx
EnumTimeFormatsW
EnumUILanguagesW
EnumerateExtensionNames
EnumerateStateAtomValues
EnumerateStateContainerItems
EqualDomainSid
EqualPrefixSid
EqualSid
EscapeCommFunction
EventActivityIdControl
EventEnabled
EventProviderEnabled
EventRegister
EventSetInformation
EventUnregister
EventWrite
EventWriteEx
EventWriteString
EventWriteTransfer
ExitProcess
ExitThread
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
ExpungeConsoleCommandHistoryA
ExpungeConsoleCommandHistoryW
ExtensionProgIdExists
FatalAppExitA
FatalAppExitW
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FillConsoleOutputCharacterW
FindActCtxSectionGuid
FindActCtxSectionStringW
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExA
FindFirstFileExFromAppW
FindFirstFileExW
FindFirstFileNameW
FindFirstFileW
FindFirstFreeAce
FindFirstStreamW
FindFirstVolumeW
FindNLSString
FindNLSStringEx
FindNextChangeNotification
FindNextFileA
FindNextFileNameW
FindNextFileW
FindNextStreamW
FindNextVolumeW
FindPackagesByPackageFamily
FindResourceExW
FindResourceW
FindStringOrdinal
FindVolumeClose
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushConsoleInputBuffer
FlushFileBuffers
FlushInstructionCache
FlushProcessWriteBuffers
FlushViewOfFile
FoldStringW
ForceSyncFgPolicyInternal
FormatApplicationUserModelId
FormatApplicationUserModelIdA
FormatMessageA
FormatMessageW
FreeConsole
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeGPOListInternalA
FreeGPOListInternalW
FreeLibrary
FreeLibraryAndExitThread
FreeLibraryWhenCallbackReturns
FreeResource
FreeSid
FreeUserPhysicalPages
GenerateConsoleCtrlEvent
GenerateGPNotificationInternal
GetACP
GetAcceptLanguagesA
GetAcceptLanguagesW
GetAce
GetAclInformation
GetAdjustObjectAttributesForPrivateNamespaceRoutine
GetAlternatePackageRoots
GetAppContainerAce
GetAppContainerNamedObjectPath
GetAppDataFolder
GetAppModelVersion
GetApplicationRecoveryCallback
GetApplicationRestartSettings
GetApplicationUserModelId
GetApplicationUserModelIdFromToken
GetAppliedGPOListInternalA
GetAppliedGPOListInternalW
GetCPFileNameFromRegistry
GetCPHashNode
GetCPInfo
GetCPInfoExW
GetCachedSigningLevel
GetCalendar
GetCalendarInfoEx
GetCalendarInfoW
GetCommConfig
GetCommMask
GetCommModemStatus
GetCommPorts
GetCommProperties
GetCommState
GetCommTimeouts
GetCommandLineA
GetCommandLineW
GetCompressedFileSizeA
GetCompressedFileSizeW
GetComputerNameExA
GetComputerNameExW
GetConsoleAliasA
GetConsoleAliasExesA
GetConsoleAliasExesLengthA
GetConsoleAliasExesLengthW
GetConsoleAliasExesW
GetConsoleAliasW
GetConsoleAliasesA
GetConsoleAliasesLengthA
GetConsoleAliasesLengthW
GetConsoleAliasesW
GetConsoleCP
GetConsoleCommandHistoryA
GetConsoleCommandHistoryLengthA
GetConsoleCommandHistoryLengthW
GetConsoleCommandHistoryW
GetConsoleCursorInfo
GetConsoleDisplayMode
GetConsoleFontSize
GetConsoleHistoryInfo
GetConsoleInputExeNameA
GetConsoleInputExeNameW
GetConsoleMode
GetConsoleOriginalTitleA
GetConsoleOriginalTitleW
GetConsoleOutputCP
GetConsoleProcessList

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 192KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LaunchTM.exe
.exe windows:10 windows x64 arch:x64

ad4cee994bce4bec755fc55c249b5c5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

launchtm.pdb

Imports

msvcrt

__set_app_type
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_XcptFilter
_exit
exit
memset

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
SetPriorityClass

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

shell32

ShellExecuteExW

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LaunchWinApp.exe
.exe windows:10 windows x64 arch:x64

8c737ba4ec48f66fd4105da3099e1b71

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

LaunchWinApp.pdb

Imports

advapi32

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

kernel32

GetModuleFileNameA
InitOnceBeginInitialize
CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
GetCommandLineW
GetCurrentProcess
ReleaseSemaphore
GetModuleHandleExW
K32GetModuleFileNameExW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
K32EnumProcessModulesEx
OpenProcess
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
InitOnceComplete
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
HeapAlloc
GetProcAddress
CreateMutexExW
LocalFree
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent

msvcrt

_onexit
_purecall
__dllonexit
_unlock
_lock
memcpy_s
?terminate@@YAXXZ
__CxxFrameHandler3
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
??1type_info@@UEAA@XZ
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_vsnwprintf
_XcptFilter
??3@YAXPEAX@Z
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
__setusermatherr
memcmp
memmove
memcpy
__CxxFrameHandler4
memmove_s
malloc
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memset

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoTaskMemFree

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize

oleaut32

SysFreeString

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

iertutil

CreateUri

ntdll

NtQueryInformationProcess

shell32

CommandLineToArgvW
ShellExecuteExW

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LicenseManager.dll
.dll windows:10 windows x64 arch:x64

bb195591d571322231ab379fcbb84532

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cb:70:11:c6:fb:63:d0:0e:41:89:3d:94:c5:58:38:a2:46:bd:cd:4d:f1:a4:2b:10:25:32:0e:50:c3:3e:93:f8
Signer

Actual PE Digest

cb:70:11:c6:fb:63:d0:0e:41:89:3d:94:c5:58:38:a2:46:bd:cd:4d:f1:a4:2b:10:25:32:0e:50:c3:3e:93:f8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

LicenseManager.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__i64toa_s
_o__i64tow_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__ui64toa_s
_o__ui64tow_s
_o__wcsicmp
_o__wcsnicmp
memmove
_o_ceilf
_o_free
_o_iswspace
_o_isxdigit
_o_malloc
_o_realloc
_o_terminate
_o_wcstod
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__errno
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o__crt_atexit
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_narrow_argv
_o__cexit
_o__callnewh
__std_terminate
__CxxFrameHandler4
memcmp
_o__execute_onexit_table
memcpy
wcsstr

api-ms-win-crt-string-l1-1-0

memset
wcsnlen
wcscmp
memmove_s
strnlen

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleA
GetModuleHandleW
GetModuleHandleExW
DisableThreadLibraryCalls
GetModuleFileNameA
FreeLibrary
GetModuleHandleExA
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

SetEvent
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
InitializeSRWLock
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
CreateEventExW
ReleaseMutex
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
ResetEvent
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

SetThreadToken
OpenThreadToken
OpenProcessToken
GetCurrentThread
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-localization-l1-2-0

GetUserPreferredUILanguages
FormatMessageW
GetUserGeoID
GetGeoInfoW
FormatMessageA
LCMapStringEx

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
SetRestrictedErrorInfo
RoOriginateErrorW
RoTransformErrorW
RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceInitialize
InitOnceExecuteOnce
Sleep
InitOnceBeginInitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

clipc

ClipGetFileIdFromAssociateId
ClipUninstallLicense
ClipGenerateClientChallengeData
ClipGetQueryResults
ClipGetAssociatedResults
ClipGetLicenseData
ClipInstallLicense
ClipClose
ClipOpen

msvcp_win

?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Xbad_alloc@std@@YAXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Syserror_map@std@@YAPEBDH@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?width@ios_base@std@@QEBA_JXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QEBA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flags@ios_base@std@@QEBAHXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?width@ios_base@std@@QEAA_J_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Winerror_map@std@@YAHH@Z
?get@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAGXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-core-heap-l2-1-0

LocalAlloc
GlobalFree
LocalFree

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
RegOpenCurrentUser
RegDeleteValueW
RegGetValueW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer
ChangeTimerQueueTimer
QueueUserWorkItem

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize
RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-service-core-l1-1-3

GetServiceRegistryStateKey

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
SubmitThreadpoolWork
CreateThreadpoolWork
CreateThreadpoolTimer
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
WaitForThreadpoolTimerCallbacks

rpcrt4

UuidCreate
RpcImpersonateClient
RpcRevertToSelfEx
UuidFromStringW

api-ms-win-security-cryptoapi-l1-1-0

CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptGenRandom
CryptAcquireContextW
CryptReleaseContext

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

oleaut32

SysAllocString

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntdll

EtwEventUnregister
EtwEventRegister
EtwEventWriteTransfer
RtlPublishWnfStateData
RtlGetDeviceFamilyInfoEnum

api-ms-win-shcore-thread-l1-1-0

GetProcessReference

api-ms-win-core-psm-key-l1-1-0

PsmGetPackageFullNameFromKey

api-ms-win-core-com-private-l1-1-0

CoGetErrorInfo
CoSetErrorInfo

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
LmCreateLicenseManager
LmCreateStandardServiceProvider
ServiceBeginAcquireLicense
ServiceCleanup
ServiceCreateApplicationLicenseManager
ServiceEnsureLicenseForOptionalPackageUsage
ServiceEnsureLicenseForPackageActivation
ServiceInitialize
ServiceOptionalPackageRundownNotification
ServicePackageRundownNotification
ServicePackageSuspendedNotification
ServicePrecacheLicenseForPackageResume
ServiceReset
SetServiceStatusHandle
WnfEventHandlerForDeviceIdChange
WnfEventHandlerForOfflinePcChange
WnfEventHandlerForXboxTestNetworkConnectionComplete

Sections

.text
Size: 744KB - Virtual size: 742KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LockAppBroker.dll
.dll windows:10 windows x64 arch:x64

74d55a1b10caabf31cada796c0a0f56a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

lockappbroker.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__wcsicmp
memmove
_o_free
_o_malloc
_o_memcpy_s
_o_realloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__get_errno
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
__std_terminate
__CxxFrameHandler4
wcschr
memcpy
memcmp

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
FreeLibrary
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockShared
AcquireSRWLockExclusive
CreateMutexExW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
OpenSemaphoreW
CreateEventExW
WaitForSingleObjectEx
ReleaseMutex
ResetEvent
WaitForSingleObject
TryAcquireSRWLockShared
CreateEventW
WaitForMultipleObjectsEx
ReleaseSemaphore
ReleaseSRWLockShared
InitializeSRWLock
CreateSemaphoreExW
OpenEventW
SetEvent

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
TerminateProcess
GetProcessId
GetCurrentThread
GetCurrentProcessId
CreateThread
GetCurrentProcess
OpenThreadToken
GetCurrentThreadId
GetExitCodeProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-threadpool-l1-2-0

FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
CloseThreadpoolWork

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventActivityIdControl
EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError
RoOriginateErrorW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
WaitOnAddress
WakeByAddressAll
InitOnceBeginInitialize

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsDuplicateString
WindowsCreateStringReference
WindowsCreateString
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-com-l1-1-0

CoDisableCallCancellation
CoCancelCall
CoGetCallContext
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoGetApartmentType
CoInitializeEx
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
PropVariantClear
CoEnableCallCancellation
CoIncrementMTAUsage
CoDecrementMTAUsage

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegGetValueW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegQueryInfoKeyW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
UnregisterWaitEx
CreateTimerQueueTimer

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

api-ms-win-security-base-l1-1-0

GetTokenInformation
EqualSid
GetSidSubAuthority
DuplicateTokenEx
IsValidSid

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

ntdll

RtlPublishWnfStateData
RtlCompareUnicodeString
RtlSubscribeWnfStateChangeNotification
RtlAllocateHeap
RtlInitUnicodeString
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryInformationToken
NtQueryWnfStateData
RtlFreeHeap
RtlNtStatusToDosErrorNoTeb

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW
SHCreateMemStream

api-ms-win-core-file-l1-1-0

CreateFileW

oleaut32

SysAllocString
VariantClear
SysFreeString

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOverStream
CreateStreamOverRandomAccessStream

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus
RegisterWaitForSingleObject

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-timezone-l1-1-0

GetDynamicTimeZoneInformation

api-ms-win-power-base-l1-1-0

GetPwrCapabilities

api-ms-win-shcore-scaling-l1-1-0

GetScaleFactorForDevice

api-ms-win-rtcore-ntuser-private-l1-1-0

GetWindowBand

api-ms-win-rtcore-ntuser-window-l1-1-0

PostQuitMessage
DefWindowProcW
DestroyWindow
SetWindowLongPtrW
GetWindowLongPtrW
PeekMessageW
TranslateMessage
DispatchMessageW
PostMessageW

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx

api-ms-win-ntuser-sysparams-l1-1-0

SystemParametersInfoW
GetSystemMetrics

api-ms-win-shlwapi-winrt-storage-l1-1-1

SHCreateWorkerWindowW

api-ms-win-rtcore-ntuser-powermanagement-l1-1-0

RegisterPowerSettingNotification
UnregisterPowerSettingNotification

mrmcorer

ResourceManagerQueueGetString

shcore

ord190
ord200
ord109

twinapi.appcore

ord2
ord3

ole32

CoGetCallerTID

user32

GetSysColor
DestroyIcon

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-registryuserspecific-l1-1-0

SHRegGetUSValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

shell32

DuplicateIcon
ord866

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 292KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LockController.dll
.dll windows:10 windows x64 arch:x64

a76556fffdf5e362142a84a5536d07cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

LockController.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__wcsicmp
memmove
_o_abort
_o_ceilf
_o_free
_o_iswspace
_o_malloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
__C_specific_handler
__current_exception
__current_exception_context
__std_terminate
_o__get_errno
__CxxFrameHandler4
memcmp
memcpy
_o__execute_onexit_table
_o__errno
_o__crt_atexit
__CxxFrameHandler3
_CxxThrowException
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcsrchr

api-ms-win-crt-string-l1-1-0

wcscspn
memset
wcsncmp

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
GetModuleHandleExA
GetModuleFileNameA
LoadLibraryExW
DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
AcquireSRWLockShared
CreateSemaphoreExW
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
OpenEventW
ReleaseSemaphore
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
DeleteCriticalSection
InitializeSRWLock
ResetEvent
AcquireSRWLockExclusive
CreateMutexExW
OpenSemaphoreW
ReleaseSRWLockShared
CreateEventW
SetEvent

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-winrt-string-l1-1-0

WindowsCompareStringOrdinal
WindowsDuplicateString
WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsSubstringWithSpecifiedLength

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventSetInformation
EventWriteTransfer
EventRegister

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
OpenThreadToken
OpenProcessToken
GetCurrentThreadId
GetProcessId
GetCurrentThread
TerminateProcess

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError
RoOriginateErrorW
RoTransformError

api-ms-win-core-localization-l1-2-0

GetThreadUILanguage
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-com-l1-1-0

CoGetMalloc
CoCreateInstance
CoDisconnectObject
CoWaitForMultipleHandles
CoCancelCall
CoGetStdMarshalEx
CoDisableCallCancellation
CoGetApartmentType
CoCreateFreeThreadedMarshaler
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
CoReleaseMarshalData
CoGetInterfaceAndReleaseStream
CoEnableCallCancellation
CoTaskMemRealloc
CoGetCallContext

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

ntdll

RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlPublishWnfStateData
NtQuerySystemInformation
NtQueryInformationToken

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWait
DisassociateCurrentThreadFromCallback
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolWaitCallbacks
CloseThreadpoolTimer
SetThreadpoolWait

api-ms-win-core-kernel32-legacy-l1-1-0

UnregisterWait
RegisterWaitForSingleObject

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer
UnregisterWaitEx

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegQueryInfoKeyW

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-file-l1-1-0

GetFileAttributesW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
OpenFileMappingW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-shcore-thread-l1-1-0

SHCreateThreadWithHandle
SHGetThreadRef

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-security-base-l1-1-0

GetTokenInformation
IsValidSid
GetLengthSid
CopySid

api-ms-win-ro-typeresolution-l1-1-1

RoCreatePropertySetSerializer

api-ms-win-rtcore-ntuser-winevent-l1-1-0

UnhookWinEvent
SetWinEventHook

api-ms-win-rtcore-ntuser-window-l1-1-0

SendMessageW
PeekMessageW
GetWindowLongPtrW
SetWindowLongPtrW
PostQuitMessage
GetClassNameW
PostMessageW
TranslateMessage
UnregisterClassW
GetClassInfoExW
GetMessageW
RegisterWindowMessageW
RegisterClassExW
DispatchMessageW

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjects

api-ms-win-rtcore-ntuser-private-l1-1-0

CreateWindowInBandEx

d3d11

D3D11CreateDevice

shlwapi

ord618

dwmapi

ord159
DwmGetWindowAttribute

umpdc

Pdcv2ActivationClientRegister
Pdcv2ActivationClientUnregister
Pdcv2ActivationClientRenewActivation
Pdcv2ActivationClientActivate
Pdcv2ActivationClientDeactivate

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-debug-l1-1-1

CheckRemoteDebuggerPresent

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_QueryService

api-ms-win-shcore-stream-l1-1-0

IStream_Write

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-appmodel-state-l1-2-0

OpenStateExplicit
GetSystemAppDataKey
CloseState

oleaut32

SysFreeString
SysAllocString
SysStringLen
GetErrorInfo
SetErrorInfo

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 528KB - Virtual size: 525KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LockScreenData.dll
.dll windows:10 windows x64 arch:x64

74e9bbd8efd52c81275a5887f1bd69c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

LockScreenData.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o__wtoi
_o_abort
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_CxxThrowException
__CxxFrameHandler3
wcschr
_o___stdio_common_vswprintf
__std_terminate
__CxxFrameHandler4
_o__cexit
_o__callnewh
memcmp
memcpy
_o___stdio_common_vsnprintf_s

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW
DisableThreadLibraryCalls
GetProcAddress
FreeLibrary

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
RaiseException
SetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

ReleaseMutex
InitializeCriticalSectionEx
SetEvent
CreateEventExW
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObjectEx
AcquireSRWLockExclusive
AcquireSRWLockShared
WaitForSingleObject
OpenSemaphoreW
CreateSemaphoreExW
ReleaseSRWLockShared
CreateMutexExW
ReleaseSRWLockExclusive
InitializeSRWLock
ReleaseSemaphore
DeleteCriticalSection

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsCompareStringOrdinal
WindowsDeleteString
WindowsCreateStringReference
WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsGetStringRawBuffer

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventActivityIdControl
EventRegister
EventUnregister

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoTransformError
RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceExecuteOnce
WaitOnAddress
WakeByAddressAll
InitOnceComplete

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork
IsThreadpoolTimerSet
CloseThreadpoolTimer

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
CoTaskMemAlloc
CoDecrementMTAUsage
StringFromGUID2
CoTaskMemFree
CoIncrementMTAUsage
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
CoCreateInstance

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

ntdll

RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegGetValueW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-appmodel-runtime-l1-1-3

GetStagedPackagePathByFullName2

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchRemoveFileSpec

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsRelativeW

api-ms-win-core-url-l1-1-0

PathIsURLW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-appmodel-runtime-l1-1-1

ParseApplicationUserModelId

api-ms-win-shcore-stream-l1-1-0

IStream_ReadStr
IStream_Read

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

oleaut32

SetErrorInfo
SysStringLen
GetErrorInfo
SysAllocString
SysFreeString

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MDMAgent.exe
.exe windows:10 windows x64 arch:x64

3869e103ee10dda6ec9428bad4a16117

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MDMAgent.pdb

Imports

msvcp110_win

?_Winerror_map@std@@YAPEBDH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ

msvcrt

memcpy
memcmp
_CxxThrowException
memmove
??3@YAXPEAX@Z
__CxxFrameHandler4
_vsnwprintf
memcpy_s
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_wcsicmp
memmove_s
memset
sprintf_s
free
__CxxFrameHandler3
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlIsStateSeparationEnabled

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoActivateInstance

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW

oleaut32

SafeArrayGetUBound
SafeArrayUnlock
SafeArrayCreate
SysAllocString
VariantInit
SysFreeString
SafeArrayDestroy
VariantClear
SafeArrayLock
SafeArrayGetLBound

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
DeleteCriticalSection
ReleaseSRWLockExclusive
CreateSemaphoreExW
ReleaseSRWLockShared
OpenEventW
WaitForSingleObjectEx
InitializeCriticalSectionEx
CreateMutexExW
LeaveCriticalSection
ReleaseMutex
ReleaseSemaphore
AcquireSRWLockShared
WaitForSingleObject
OpenSemaphoreW
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CLSIDFromString

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegGetValueW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemTime

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
InitOnceComplete
Sleep
InitOnceBeginInitialize
SleepConditionVariableSRW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

dmcmnutils

HexStringToBinary
UnicodeToMB
DmRevertToSelf
DmImpersonate
OmaDmRegistryGetString
DmIsSystemOrAdmin
IsWvdFeatureAllowed
OmaDmRegistryGetDWORD
DmDeleteTask
DmDisableTask
DmIsTaskScheduled
InvStrCmpIW

omadmapi

ord104

dmenrollengine

GetEnrollmentSID
GetEnrollmentCertStore
GetEnrollmentType

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime

rpcrt4

UuidFromStringW
UuidCreate

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchAppend

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

crypt32

CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CertOpenStore

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MFMediaEngine.dll
.dll windows:10 windows x64 arch:x64

c13df48d63db89b00edac34bb64b84e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MFMediaEngine.pdb

Imports

msvcp_win

?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?seekg@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eof@ios_base@std@@QEBA_NXZ
?tellg@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QEBA_NXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?get@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?width@ios_base@std@@QEAA_J_J@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??Bios_base@std@@QEBA_NXZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

strncmp
wcscspn
memmove_s
strnlen
memset
wcscmp
wcsncmp
wcspbrk

api-ms-win-crt-math-l1-1-0

_isnan
_finite

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__gcvt_s
_o__i64toa_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__ltoa_s
_o__ltow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__strnicmp
_o__strtoui64
memmove
_o__ui64toa_s
_o__ultoa_s
_o__ultow_s
_o__wcsicmp
_o__wcsnicmp
_o__wtof
_o__wtoi
_o_atoi
_o_floor
_o_free
_o_isalpha
_o_isprint
_o_iswalpha
_o_iswdigit
_o_isxdigit
_o_malloc
_o_memcpy_s
_o_qsort
_o_realloc
_o_strncpy_s
_o_strtol
_o_terminate
_o_towlower
_o_towupper
_o_wcscpy_s
_o_wcstod
_o_wcstok_s
_o_wcstol
_o_wcstombs_s
_o_wcstoul
__CxxFrameHandler4
__std_terminate
wcschr
wcsstr
wcsrchr
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_CxxThrowException
memcmp
memcpy

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-synch-l1-1-0

CreateEventExW
ReleaseSemaphore
WaitForSingleObject
CreateEventW
WaitForMultipleObjectsEx
ReleaseMutex
InitializeCriticalSectionEx
InitializeSRWLock
CreateWaitableTimerExW
CreateMutexW
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
AcquireSRWLockExclusive
EnterCriticalSection
CreateSemaphoreExW
SetEvent
ResetEvent
ReleaseSRWLockShared
SetWaitableTimer
InitializeCriticalSection
AcquireSRWLockShared
LeaveCriticalSection
DeleteCriticalSection

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceEnableFlags
GetTraceLoggerHandle
GetTraceEnableLevel
RegisterTraceGuidsW
TraceMessage

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleExW
LoadStringW
LoadLibraryExW
FreeLibrary
GetModuleFileNameW
GetModuleFileNameA

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
TerminateProcess
TlsGetValue
OpenProcessToken
GetCurrentProcessId
CreateThread
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpW
StrTrimW
StrStrIW
StrSpnW
StrChrW
StrCmpIW
StrCmpNW
StrToIntW
StrCmpNIW
StrStrW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegGetValueW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW

api-ms-win-core-console-l3-2-0

GetConsoleWindow

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GlobalMemoryStatusEx
GetTickCount64
GetSystemInfo

api-ms-win-core-url-l1-1-0

UrlHashW

api-ms-win-core-path-l1-1-0

PathIsUNCEx
PathCchFindExtension

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-processthreads-l1-1-1

OpenProcess
GetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-power-base-l1-1-0

PowerUnregisterSuspendResumeNotification
PowerRegisterSuspendResumeNotification

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-heap-l2-1-0

LocalAlloc
GlobalFree
LocalFree

xmllite

CreateXmlReader

api-ms-win-core-shlwapi-legacy-l1-1-0

IsCharSpaceW

api-ms-win-core-string-l2-1-0

IsCharAlphaW

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-appmodel-runtime-l1-1-2

AppPolicyGetWindowingModel
AppPolicyGetMediaFoundationCodecLoading
AppPolicyGetLifecycleManagement

api-ms-win-appmodel-runtime-l1-1-0

GetCurrentPackageFullName
GetPackagesByPackageFamily
PackageIdFromFullName

api-ms-win-dx-d3dkmt-l1-1-0

GdiEntry13

api-ms-win-crt-time-l1-1-0

_time32
_ctime32

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-file-l1-1-0

WriteFile
SetFilePointerEx
CreateFileA
SetFilePointer
FlushFileBuffers

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiA
lstrcmpiW

api-ms-win-core-console-l1-1-0

AllocConsole

api-ms-win-core-console-l2-2-0

SetConsoleTitleW

bcrypt

BCryptDecrypt
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptDestroyKey
BCryptOpenAlgorithmProvider

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

rtworkq

RtwqSetLongRunning

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 588KB - Virtual size: 585KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MPSSVC.dll
.dll windows:10 windows x64 arch:x64

e0817f13b9fd1bfc049f80656813a5b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MPSSVC.pdb

Imports

msvcp_win

?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?_Xout_of_range@std@@YAXPEBD@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Xlength_error@std@@YAXPEBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?uncaught_exception@std@@YA_NXZ
?width@ios_base@std@@QEAA_J_J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

api-ms-win-crt-string-l1-1-0

wcsnlen
memset
wcspbrk
wcsncmp
wcscmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__crt_atexit
_o__ultow_s
_o__wcsicmp
_o__wcslwr_s
_o__wcsnicmp
memmove
_o_bsearch
_o_ceilf
_o_free
_o_iswdigit
_o_iswspace
_o_malloc
_o_qsort
_o_terminate
_o_towlower
_o_towupper
_o_wcscat_s
_o_wcscpy_s
_o_wcstok
_o_wcstok_s
_o_wmemcpy_s
__CxxFrameHandler4
__std_terminate
__C_specific_handler
wcsstr
wcschr
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o__execute_onexit_table
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o__errno
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
memcmp
memcpy

ntdll

RtlInitUnicodeString
RtlFreeHeap
NtQuerySecurityAttributesToken
RtlIpv4AddressToStringW
RtlAllocateHeap
RtlIpv6AddressToStringW
RtlCompareUnicodeString
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
RtlQueryPackageIdentity
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
EtwEventUnregister
EtwEventRegister
EtwTraceMessage
EtwEventWrite
NtQueryInformationProcess
RtlGetActiveConsoleId
WinSqmAddToStream
RtlSubscribeWnfStateChangeNotification
RtlIsStateSeparationEnabled
RtlPublishWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlIpv4AddressToStringA
RtlNtStatusToDosErrorNoTeb
DbgPrint
RtlIpv6AddressToStringA
RtlGetPersistedStateLocation
RtlGetAppContainerSidType
RtlEqualSid
RtlIsParentOfChildAppContainer
RtlValidSid
RtlIsCapabilitySid
RtlLengthSid
RtlCopySid
RtlCreateServiceSid
RtlNtStatusToDosError
EtwEventEnabled
RtlIsPackageSid

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetProcAddress
GetModuleFileNameA
FreeLibrary
GetModuleHandleW
GetModuleHandleA
LoadLibraryExW
LoadStringW
GetModuleHandleExA

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
CreateMutexExW
DeleteCriticalSection
AcquireSRWLockExclusive
ResetEvent
CreateEventW
CreateMutexW
SetEvent
WaitForSingleObject
ReleaseSRWLockExclusive
SetWaitableTimer
CreateWaitableTimerExW
CreateEventA
InitializeCriticalSectionAndSpinCount
ReleaseMutex
WaitForMultipleObjectsEx
TryAcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
OpenSemaphoreW
InitializeCriticalSectionEx
CreateSemaphoreExW
InitializeCriticalSection
EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
WaitForSingleObjectEx

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolIoCallbacks
CancelThreadpoolIo
StartThreadpoolIo
SetThreadpoolTimer
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
CreateThreadpoolIo
CloseThreadpoolIo
CreateThreadpoolWork
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SubmitThreadpoolWork
CloseThreadpoolTimer

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenProcessToken
TerminateThread
OpenThreadToken
ResumeThread
GetCurrentThread
CreateThread
QueueUserAPC
GetCurrentProcessId
GetCurrentThreadId
CreateProcessAsUserW
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetVersionExW
GetTickCount64
GetLocalTime

api-ms-win-core-windowserrorreporting-l1-1-0

WerSetFlags

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
CreateTimerQueueTimer
DeleteTimerQueueTimer
CreateTimerQueue
DeleteTimerQueueEx

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorGroup
MakeSelfRelativeSD
SetSecurityDescriptorOwner
AccessCheck
IsValidSid
AllocateAndInitializeSid
GetLengthSid
EqualSid
IsValidSecurityDescriptor
FreeSid
InitializeSecurityDescriptor
AddAccessAllowedAce
CreateWellKnownSid
InitializeAcl
GetSecurityDescriptorLength
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetFileSecurityW
CheckTokenMembership
DuplicateTokenEx
AdjustTokenPrivileges

sspicli

LsaRegisterPolicyChangeNotification
LsaUnregisterPolicyChangeNotification

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalAlloc
LocalFree
GlobalAlloc

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiA
lstrcmpiW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathRemoveFileSpecW
PathIsRelativeW
PathFindFileNameW
PathFileExistsW

api-ms-win-core-file-l1-1-0

GetFileAttributesW
WriteFile
FindNextFileW
FindFirstFileW
FileTimeToLocalFileTime
SetEndOfFile
CreateFileW
QueryDosDeviceW
FindClose
SetFilePointerEx
GetFileSize
GetFileType
GetLogicalDriveStringsW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegGetValueW
RegEnumKeyExW
RegOpenCurrentUser
RegCloseKey
RegQueryValueExW
RegNotifyChangeKeyValue

api-ms-win-core-heap-l1-1-0

HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc

api-ms-win-devices-config-l1-1-1

CM_Open_Class_KeyW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
Sleep
InitOnceComplete
InitOnceExecuteOnce

api-ms-win-core-localization-l1-2-0

IdnToAscii
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
EnableTraceEx2
StartTraceW

api-ms-win-eventing-consumer-l1-1-0

OpenTraceW
CloseTrace
ProcessTrace

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-eventing-obsolete-l1-1-0

RemoveTraceCallback

rpcrt4

NdrServerCallAll
RpcImpersonateClient
RpcBindingInqAuthClientW
RpcStringBindingParseW
RpcBindingToStringBindingW
I_RpcBindingIsClientLocal
RpcServerUnregisterIfEx
RpcBindingVectorFree
RpcEpUnregister
RpcEpRegisterW
RpcServerInqBindings
RpcServerRegisterIf3
RpcServerUseProtseqW
RpcStringFreeW
RpcRevertToSelf
RpcServerInqDefaultPrincNameW
Ndr64AsyncServerCallAll
RpcServerRegisterAuthInfoW
NdrAsyncServerCall
NdrServerCall2
RpcAsyncCompleteCall
RpcAsyncAbortCall
UuidCreate

api-ms-win-core-file-l2-1-0

CopyFileExW

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW

api-ms-win-power-base-l1-1-0

PowerRegisterSuspendResumeNotification
PowerUnregisterSuspendResumeNotification

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-security-grouppolicy-l1-1-0

UnregisterGPNotificationInternal
RegisterGPNotificationInternal

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateString

winhttp

WinHttpGetProxyForUrlEx
WinHttpCloseHandle
WinHttpFreeProxyResult
WinHttpSetStatusCallback
WinHttpCreateProxyResolver
WinHttpGetProxyResult
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen

api-ms-win-security-base-l1-2-0

CheckTokenCapability

dnsapi

DnsFreeNrptRuleNamesList
DnsRemoveNrptRule
DnsGetNrptRuleNamesList
DnsSetNrptRules
DnsGetProxyInformation
DnsFreeProxyName

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCompareMemory
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

fwpuclnt

FwpmFilterDeleteByKey0
FwpmTransactionCommit0
FwpmProviderContextDeleteById0
FwpmFilterDeleteById0
FwpmTransactionAbort0
FwpmFilterDestroyEnumHandle0
FwpmCalloutAdd0
FwpmFilterEnum0
FwpmFilterAdd0
FwpmProviderContextAdd3
FwpmProviderContextAdd0
FwpmNetEventDestroyEnumHandle0
FwpmNetEventEnum5
FwpmProviderAdd0
FwpmSubLayerAdd0
FwpmIPsecTunnelAddConditions0
FwpmIPsecTunnelDeleteByKey0
FwpmNetEventCreateEnumHandle0
IkeextSaDestroyEnumHandle0
FwpmIPsecTunnelAdd2
FwppGetMD5HashBytes
FwpiExpandCriteria0
FwpmProviderContextDeleteByKey0
FwpmFilterCreateEnumHandle0
FwpmEngineSetOption0
IkeextSaCreateEnumHandle0
IPsecSaContextDestroyEnumHandle0
FwpiFreeCriteria0
FwpmTransactionBegin0
FwpmFreeMemory0
IkeextSaEnum2
IPsecSaContextEnum0
IPsecSaContextDeleteById0
IkeextSaDeleteById0
IPsecSaContextCreateEnumHandle0
FwpmEngineOpen0
FwpmEventProviderDestroy0
FwpmEngineClose0
FwpmEventProviderFireNetEvent0
FwpmEventProviderCreate0
FwpmNetEventSubscribe4
FwpmEventProviderIsNetEventTypeEnabled0
FwpmNetEventUnsubscribe0

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 880KB - Virtual size: 878KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MSAudDecMFT.dll
.dll regsvr32 windows:10 windows x64 arch:x64

adbdda0800a7e5f99afa9a75be5d5ec1

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

24:a2:6d:e4:48:f4:7b:08:b4:74:94:17:40:82:e2:8b:ed:50:7a:aa:d4:51:f5:ad:33:ca:bc:db:04:8e:0c:b7
Signer

Actual PE Digest

24:a2:6d:e4:48:f4:7b:08:b4:74:94:17:40:82:e2:8b:ed:50:7a:aa:d4:51:f5:ad:33:ca:bc:db:04:8e:0c:b7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MSAudDecMFTxHEAAC.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_control87
_clearfp
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_atan2f
_o_calloc
_o_ceilf
_o_cos
_o_cosf
_o_expf
_o_floorf
_o_free
_o_frexp
_o_log10f
_o_log2f
_o_malloc
_o_powf
_o_rand
_o_roundf
_o_sinf
_o_srand
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o__errno
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o__execute_onexit_table
__CxxFrameHandler4
__std_terminate
__CxxFrameHandler3
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
_o__configure_narrow_argv
__C_specific_handler
_CxxThrowException
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
strnlen
wcsnlen

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

ntdll

RtlGetPersistedStateLocation
RtlGetDeviceFamilyInfoEnum
NtQuerySystemInformation

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-synch-l1-1-0

ReleaseMutex
DeleteCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateMutexExW
OpenSemaphoreW
WaitForSingleObject
WaitForSingleObjectEx
LeaveCriticalSection
EnterCriticalSection
CreateSemaphoreExW
InitializeCriticalSection
InitializeCriticalSectionEx
ReleaseSemaphore

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetTickCount
GlobalMemoryStatusEx
GetSystemTimeAsFileTime
GetLocalTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

mfperfhelper

ord1

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-featurestaging-l1-1-0

GetFeatureEnabledState
SubscribeFeatureStateChangeNotification
RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-file-l1-1-0

GetDiskFreeSpaceW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-processenvironment-l1-1-0

FreeEnvironmentStringsA
GetEnvironmentStringsW
FreeEnvironmentStringsW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 564KB - Virtual size: 562KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 296KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Magnify.exe
.exe windows:10 windows x64 arch:x64

040c0d0cb06c9061bf366d53eabd8db9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Magnify.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
EventUnregister
EventRegister
EventWriteTransfer
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyExW
RegDeleteKeyW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegGetValueW
EventSetInformation
RegQueryValueExW
RegDeleteTreeW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
RegEnumKeyExW
RegQueryValueW
RegLoadMUIStringW
RegNotifyChangeKeyValue
RegEnumValueW

kernel32

GetTickCount64
SetProcessShutdownParameters
RegisterApplicationRestart
CreateEventExW
DeleteCriticalSection
InitializeCriticalSectionEx
TerminateProcess
GetCurrentProcess
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
RaiseException
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
InitializeCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
GlobalAddAtomW
GlobalDeleteAtom
SetEvent
GetUserDefaultLCID
LoadLibraryExW
FreeLibrary
ResetEvent
VirtualQuery
Sleep
HeapSetInformation
OpenMutexW
CompareStringW
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
CreateMutexExW
GetProcAddress
HeapAlloc
CloseHandle
OpenSemaphoreW
CreateMutexW
GetSystemInfo
LoadLibraryExA
VirtualProtect
InitOnceComplete
InitOnceBeginInitialize
K32GetModuleBaseNameW
K32EnumProcessModules
K32EnumProcesses
DeleteFileW
GetFileAttributesW
DeleteProcThreadAttributeList
CreateProcessW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
OpenProcess
ExpandEnvironmentStringsW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
LocalFree
GetLocaleInfoEx
LoadLibraryW
InterlockedPushEntrySList
GlobalAlloc
OOBEComplete
LoadResource
FindResourceExW
CreateThread
LockResource
ProcessIdToSessionId
IsProcessInJob
OpenJobObjectW
CompareStringOrdinal
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
HeapSize
HeapReAlloc
HeapDestroy
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
CreateEventW
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
SizeofResource

gdi32

FillRgn
GetObjectW
CreateCompatibleDC
DeleteDC
LineTo
MoveToEx
SelectObject
GetStockObject
CreateSolidBrush
CreateBrushIndirect
CreateBitmap
DeleteObject
CombineRgn
CreateRectRgn

user32

DestroyCursor
SetWindowsHookExW
CallNextHookEx
GetUserObjectInformationW
GetWindowRgn
SetFullscreenMagnifierOffsetsDWMUpdated
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
WindowFromPhysicalPoint
ReleaseDC
UnregisterClassA
CloseDesktop
UpdateLayeredWindow
LoadImageW
GetDC
RegisterClassW
FillRect
SetCursor
GetMessagePos
RemovePropW
SetPropW
SetWindowPlacement
RealGetWindowClassW
GetDoubleClickTime
SendMessageTimeoutW
SetRectEmpty
GetClassNameW
GetForegroundWindow
IsIconic
PostQuitMessage
DispatchMessageW
TranslateMessage
UnregisterHotKey
OpenInputDesktop
UpdateWindow
GetWindow
AdjustWindowRectEx
IsWindowVisible
SendMessageW
LoadIconW
SetWindowLongW
SetPhysicalCursorPos
MapWindowPoints
GetPointerFrameInfoHistory
GetPointerInfo
GetWindowTextW
GetWindowThreadProcessId
ShowWindow
InvalidateRect
GetCursorPos
SetWindowRgn
SetWindowPos
GetSysColor
GetClientRect
SetWinEventHook
SetLayeredWindowAttributes
LoadCursorW
SetActiveWindow
EndPaint
BeginPaint
GetPointerDeviceRects
GetParent
UnhookWinEvent
SetWindowLongPtrW
GetWindowLongPtrW
InflateRect
SetRect
GetGUIThreadInfo
DefWindowProcW
MonitorFromRect
RegisterClassExW
SetSystemCursor
RegisterHotKey
GetAsyncKeyState
GetKeyboardLayout
GetMessageW
MapVirtualKeyExW
UnionRect
RegisterPointerDeviceNotifications
CreateWindowExW
GetPhysicalCursorPos
DestroyWindow
IsWindow
ClipCursor
EnumDisplayMonitors
KillTimer
SystemParametersInfoW
LoadStringW
FindWindowW
PostMessageW
UnhookWindowsHookEx
GetSystemMetrics
GetWindowLongW
GetAncestor
IntersectRect
EqualRect
GetDesktopWindow
GetWindowRect
IsRectEmpty
OffsetRect
PtInRect
SendInput
MonitorFromPoint
GetMonitorInfoW
CopyRect
GetPointerDevices
GetDpiForWindow
AdjustWindowRectExForDpi
GetFocus
SetFocus
GetKeyState
GetShellWindow
SendNotifyMessageW
SetDesktopColorTransform
GetProcessDefaultLayout
GetThreadDesktop
SetTimer

msvcp_win

_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
_Thrd_detach
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
_Unlock_shared_ptr_spin_lock
_Lock_shared_ptr_spin_lock
?_Xbad_function_call@std@@YAXXZ
_Thrd_id
_Thrd_join
_Mtx_unlock
_Mtx_lock
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

api-ms-win-crt-string-l1-1-0

wcsncmp
memmove_s
memset
wcsspn
strncmp
wcscmp
wcscspn

api-ms-win-crt-runtime-l1-1-0

_initterm
_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vswscanf
_o__beginthreadex
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__hypot
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__ltow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcslwr_s
_o__wtoi
_o_abort
_o_atan2
_o_atan2f
_o_ceil
_o_ceilf
_o_cosf
_o_exit
_o_floorf
_o_fmod
_o_free
_o_iswspace
_o_log
_o_malloc
_o_memcpy_s
_o_pow
_o_powf
_o_realloc
_o_sinf
_o_sqrt
_o_sqrtf
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcstok
_o_wcstok_s
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o___p__commode
__std_terminate
__CxxFrameHandler4
_o___std_exception_destroy
_o___std_exception_copy
wcschr
wcsrchr
memcmp
memcpy
memmove

ole32

CoUninitialize
CoWaitForMultipleObjects
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoInitialize

oleacc

AccessibleObjectFromEvent
AccessibleObjectFromWindow

comctl32

ord17
InitCommonControlsEx

oleaut32

SafeArrayCreate
SafeArrayDestroy
SysAllocString
VariantInit
VariantClear
SafeArrayGetLBound
SysFreeString
SafeArrayGetDim
SafeArrayGetVartype
SafeArrayAccessData
SafeArrayUnaccessData
SetErrorInfo
SysStringLen
GetErrorInfo
SafeArrayGetUBound
SafeArrayPutElement

gdiplus

GdipSetSmoothingMode
GdipFree
GdipAlloc
GdipCloneBrush
GdipStringFormatGetGenericTypographic
GdipDrawString
GdipSetTextRenderingHint
GdipDeleteFont
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawLine
GdipDeletePen
GdipDeleteBrush
GdipCreatePen1
GdipFillRectangle
GdipSetInterpolationMode

shell32

ShellExecuteW
SHGetKnownFolderPath
SHAppBarMessage

ntdll

NtQueryWnfStateData
WinSqmSetDWORD
WinSqmIsOptedIn
WinSqmIncrementDWORD
RtlLookupFunctionEntry
RtlCaptureContext
RtlPublishWnfStateData
RtlVirtualUnwind
WinSqmAddToStream

dwmapi

DwmSetWindowAttribute
DwmIsCompositionEnabled

magnification

MagSetInputTransform
MagSetLensUseBitmapSmoothing
MagSetWindowTransform
MagSetWindowSource
MagSetFullscreenUseBitmapSmoothing
MagSetFullscreenColorEffect
MagSetFullscreenTransform
MagInitialize
MagUninitialize
MagShowSystemCursor

uiautomationcore

UiaRaiseStructureChangedEvent
UiaRaiseAutomationEvent
UiaHostProviderFromHwnd
UiaClientsAreListening
UiaReturnRawElementProvider

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

api-ms-win-crt-math-l1-1-0

_isnan
_finite

Sections

.text
Size: 516KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MdmDiagnostics.dll
.dll windows:10 windows x64 arch:x64

91e50da74bac778f1f3da5e8f2068db0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MdmDiagnostics.pdb

Imports

msvcp_win

??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Xbad_function_call@std@@YAXXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??Bid@locale@std@@QEAA_KXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
_Wcscoll
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$collate@G@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@G@std@@2V0locale@2@A
_Wcsxfrm
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?swap@?$basic_istream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?tolower@?$ctype@G@std@@QEBAGG@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
??1facet@locale@std@@MEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
??0facet@locale@std@@IEAA@_K@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Incref@facet@locale@std@@UEAAXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?_Xbad_alloc@std@@YAXXZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?put@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@G@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGD@Z
?clear@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_J@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?widen@?$ctype@G@std@@QEBAGD@Z
_Xtime_get_ticks
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
?_Syserror_map@std@@YAPEBDH@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Lock_shared_ptr_spin_lock
_Unlock_shared_ptr_spin_lock
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?classic@locale@std@@SAAEBV12@XZ
?imbue@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_K@Z
?_Winerror_map@std@@YAHH@Z
?__ExceptionPtrCompare@@YA_NPEBX0@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?uncaught_exception@std@@YA_NXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ

api-ms-win-crt-string-l1-1-0

memset
wcscmp
wcsncmp
strnlen
wcsnlen
strncmp

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__free_locale
_o__fseeki64
_o__get_errno
_o__get_stream_buffer_pointers
_o__gmtime64_s
_o__i64toa_s
_o__i64tow_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__lock_file
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__ui64toa_s
_o__ui64tow_s
_o__unlock_file
_o__wcsicmp
_o__wcslwr
_o__wcstod_l
_o__wfopen_s
_o__wsplitpath_s
_o__wtoi
_o__wtol
_o_abort
_o_btowc
_o_ceil
_o_ceilf
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fputc
_o_fread
_o_free
_o_fsetpos
_o_fwrite
_o_isalpha
_o_isdigit
_o_isspace
_o_iswspace
_o_log2
_o_malloc
_o_pow
_o_rand
_o_realloc
_o_setvbuf
_o_srand
_o_strerror
_o_terminate
_o_tolower
_o_toupper
_o_towlower
_o_ungetc
_o_wcscat_s
_o_wcscpy_s
_o_wcsftime
_o_wcstok_s
_o_wcstol
_o_wmemcpy_s
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__create_locale
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf_s
_o___stdio_common_vfwprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___pctype_func
_o___acrt_iob_func
strchr
__std_terminate
wcsstr
wcschr
__CxxFrameHandler4
__RTDynamicCast
__std_type_info_compare
memmove
memcmp
memcpy

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlAcquirePrivilege
RtlReleasePrivilege
RtlGetDeviceFamilyInfoEnum
RtlGetPersistedStateLocation
RtlIsStateSeparationEnabled

xmllite

CreateXmlWriter
CreateXmlReader

api-ms-win-core-file-l1-1-0

CreateDirectoryW
DeleteFileW
GetFileSize
GetFullPathNameW
SetFileAttributesW
SetFilePointerEx
WriteFile
RemoveDirectoryW
FindClose
GetTempFileNameW
GetFileSizeEx
FindNextFileW
GetFileTime
ReadFile
SetFileInformationByHandle
CreateFileW
GetFileAttributesW
FindFirstFileExW
FindFirstFileW
CompareFileTime

crypt32

CryptStringToBinaryW
CertGetCertificateChain
CertFindExtension
CertVerifyCertificateChainPolicy
CertOpenStore
CertGetNameStringW
CryptBinaryToStringW
CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext
CertFreeCertificateChain
CryptUnprotectMemory
CryptFormatObject

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FreeLibrary
GetModuleHandleExW
LoadLibraryExW
DisableThreadLibraryCalls
LockResource
SizeofResource
GetProcAddress
FindResourceExW
LoadResource
GetModuleHandleA
GetModuleFileNameA

oleaut32

VariantClear
SysStringLen
SysAllocString
SysAllocStringByteLen
SysFreeString
VariantInit
SystemTimeToVariantTime
SysAllocStringLen
VariantTimeToSystemTime

winhttp

WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetOption
WinHttpReadData
WinHttpSetTimeouts
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpQueryOption
WinHttpQueryHeaders
WinHttpSetStatusCallback
WinHttpSetCredentials
WinHttpWriteData
WinHttpGetProxyForUrl
WinHttpQueryAuthSchemes
WinHttpOpenRequest
WinHttpOpen
WinHttpAddRequestHeaders

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
InitializeCriticalSection
CreateEventExW
WaitForSingleObject
WaitForSingleObjectEx
ReleaseSemaphore
SetEvent
EnterCriticalSection
CreateEventA
ResetEvent
CreateSemaphoreExW
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
ReleaseSRWLockExclusive
InitializeSRWLock
AcquireSRWLockExclusive
CreateEventW
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapDestroy
HeapAlloc
HeapSize
HeapReAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

bcrypt

BCryptGetProperty
BCryptEncrypt
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptDestroyKey
BCryptCloseAlgorithmProvider
BCryptHashData
BCryptGenerateSymmetricKey
BCryptDestroyHash
BCryptSetProperty
BCryptDecrypt
BCryptGenRandom
BCryptCreateHash

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
RegGetValueW
RegCreateKeyExW
RegOpenKeyExW
RegOpenCurrentUser
RegEnumKeyExW
RegCloseKey
RegSetValueExW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoCreateGuid
CoTaskMemAlloc
CreateStreamOnHGlobal
CoTaskMemFree
CoRevertToSelf
CoCreateFreeThreadedMarshaler
CoUninitialize
CoTaskMemRealloc
CoWaitForMultipleHandles
CoInitializeEx

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolIo
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
StartThreadpoolIo
CreateThreadpoolIo
CancelThreadpoolIo
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
CreateProcessW
GetCurrentProcessId
GetExitCodeProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageA
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchCombine
PathCchCombineEx
PathCchAppend

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventActivityIdControl
EventUnregister
EventSetInformation
EventRegister
EventWriteString

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

rpcrt4

NdrClientCall3
RpcExceptionFilter
UuidFromStringW
RpcStringFreeW
UuidCreate
RpcBindingFromStringBindingW
RpcBindingFree
UuidToStringW
RpcStringBindingComposeW

api-ms-win-core-heap-l2-1-0

LocalAlloc
GlobalFree
LocalFree

api-ms-win-core-file-l1-2-0

CreateFile2

api-ms-win-eventing-controller-l1-1-0

QueryAllTracesW
ControlTraceW

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemTime
GetLocalTime

api-ms-win-core-winrt-l1-1-0

RoActivateInstance

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-eventing-consumer-l1-1-0

CloseTrace

api-ms-win-core-firmware-l1-1-0

GetFirmwareEnvironmentVariableW

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW
SHCreateMemStream

dmcmnutils

DmCreateFileSafe
DmInitializeContainer
DmGetUserSidFromToken
DmStopContainerActivity
MBToUnicode
DmStartContainerActivity
DmExecuteProcessAndCollect
DmGetSmbiosSerialNumber
OmaDmRegistryRetrieveCurrentUsersHKCU
BinaryToHexString
DmGetEnrollmentTypeName
DmGetAadUserToken
HexStringToBinary
IsDesktopSku
DmRevertToSelf
DmImpersonate
DmGetActiveUserSid
DmGetCurrentUserSid

api-ms-win-core-kernel32-legacy-l1-1-0

SetFileCompletionNotificationModes
GetComputerNameW
MoveFileW

api-ms-win-core-kernel32-legacy-l1-1-1

GetFirmwareType

dmenrollengine

GetEnrollmentAadResourceUrl
ord7
ord10
ord9
GetEnrollmentSID

omadmapi

ord23
ord47

dmiso8601utils

ISO8601StringToSystemTime

tbs

Tbsi_Context_Create
Tbsi_Is_Tpm_Present
Tbsi_GetDeviceInfo
Tbsip_Context_Close
Tbsip_Submit_Command
Tbsi_Get_TCG_Log_Ex

wininet

InternetCheckConnectionW

policymanager

EnterprisePolicyManagerStore_IsAreaPolicySLAPIAllowed
PolicyManager_FreeGetPolicyData
PolicyManager_GetPolicy

api-ms-win-core-apiquery-l2-1-0

IsApiSetImplemented

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-core-sysinfo-l1-2-1

GetPhysicallyInstalledSystemMemory

api-ms-win-core-url-l1-1-0

UrlUnescapeW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-io-l1-1-0

GetOverlappedResult

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

Exports

Exports

CollectOneTraceFiles
CreateLogCabOnArea
CreateLogZipOnArea
CreateLogZipOnXml
CreateMdmEnterpriseDiagnosticHTMLReport
CreateMdmEnterpriseDiagnosticReport

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 596KB - Virtual size: 592KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MrmCoreR.dll
.dll windows:10 windows x64 arch:x64

2576c5aa66ffdd58a83b85c7394e386a

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:af:92:fb:a2:80:81:6e:9d:95:7d:b5:63:ab:0d:53:94:56:4c:a6:7e:53:27:bc:79:72:d8:a6:e9:cb:6c:d8
Signer

Actual PE Digest

0a:af:92:fb:a2:80:81:6e:9d:95:7d:b5:63:ab:0d:53:94:56:4c:a6:7e:53:27:bc:79:72:d8:a6:e9:cb:6c:d8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MrmCoreR.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
wcsncmp
memmove_s
wcsnlen

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__ui64tow_s
_o__wcsicmp
memmove
_o__wcslwr
_o__wcsnicmp
_o__wcstoi64
_o__wtof
_o__wtoi
_o_abort
_o_bsearch
_o_free
_o_isalpha
_o_iswalnum
_o_iswctype
_o_iswdigit
_o_iswspace
_o_malloc
_o_memcpy_s
_o_qsort_s
_o_terminate
_o_towlower
_o_towupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcsstr
wcsrchr
wcschr
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

kernelbase

GetSystemMetadataPathForPackage
GetCurrentPackageResourcesContext
GetCurrentPackageApplicationResourcesContext
GetPackageResourcesProperty
PackageFamilyNameFromId
GetCurrentPackageId
PackageIdFromFullName
OpenGlobalizationUserSettingsKey
GetCurrentPackageGlobalizationContext
GetPackagePathByFullName
PackageFamilyNameFromFullName
GetPackageGlobalizationProperty
GetStagedPackagePathByFullName2
GetStagedPackageOrigin
PackageNameAndPublisherIdFromFamilyName
GetPackageStatusForUser
GetPackagePathByFullName2
GetCurrentPackageInfo3
GetCurrentPackageInfo2
GetCurrentPackageInfo
AppXGetOSMaxVersionTested
GetCurrentPackageFullName
GetCurrentPackageFamilyName

api-ms-win-core-localization-private-l1-1-0

_GetMUIStringFromCache
_AddMUIStringToCache
_OpenMuiStringCache

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExA
FindStringOrdinal
GetModuleHandleW
FreeLibrary
LoadLibraryExW
GetProcAddress
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
WaitForSingleObjectEx
ResetEvent
SetEvent
CreateEventW
OpenSemaphoreW
CreateEventExW
CreateMutexExW
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseSemaphore
InitializeSRWLock
ReleaseSRWLockExclusive
WaitForSingleObject
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseMutex

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentProcess
TerminateProcess
GetCurrentThread
GetCurrentProcessId
OpenThreadToken
GetCurrentThreadId
OpenProcessToken

api-ms-win-core-localization-l1-2-0

GetThreadPreferredUILanguages
GetUserGeoID
GetGeoInfoW
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceComplete
SignalObjectAndWait
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-file-l1-1-0

GetFileAttributesExW
GetFileSizeEx
FindFirstFileW
CreateFileW
GetFileAttributesW
ReadFile
GetFinalPathNameByHandleW
FlushFileBuffers
WriteFile
GetTempFileNameW
FindNextFileW
FindClose
GetDriveTypeW
CompareFileTime
DeleteFileW
CreateDirectoryW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenCurrentUser
RegDeleteValueW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegGetValueW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList
InterlockedFlushSList

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte

ntdll

RtlCheckSandboxedToken
RtlGetDeviceFamilyInfoEnum
RtlReportException
RtlAllocateHeap
RtlReAllocateHeap
ZwEnumerateKey
RtlFreeHeap
ZwClose
RtlUpcaseUnicodeChar
RtlGetNativeSystemInformation
ZwQuerySystemInformation
ZwOpenKey
RtlInitUnicodeStringEx
ZwQueryValueKey
RtlInitializeSRWLock
RtlCompareUnicodeString
RtlInitUnicodeString
NtQuerySystemInformation
RtlPublishWnfStateData
RtlConvertDeviceFamilyInfoToString
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockShared
RtlSubscribeWnfStateChangeNotification
NtQueryInformationToken
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
NtClose
RtlAcquireSRWLockShared

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-featurestaging-l1-1-0

UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification
RecordFeatureUsage

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
GetInternalReferenceBlobForManifestValue
GetMergedSystemPri
GetMergedSystemPriEx
GetStringValueForManifestField
MergeResourcePackPri
MergeSystemPriFiles
ResourceManagerQueueGetCurrentDepth
ResourceManagerQueueGetGlobalFlags
ResourceManagerQueueGetMrtCachePathForPackage
ResourceManagerQueueGetString
ResourceManagerQueueGetStringDirect
ResourceManagerQueueIsResourceReference
ResourceManagerQueueReset
ResourceManagerQueueSetGlobalFlags
ShouldMergeInproc

Sections

.text
Size: 800KB - Virtual size: 797KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MrmDeploy.dll
.dll windows:10 windows x64 arch:x64

2868c5e681dcd840625f1bcb74fadcfc

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:22:73:b6:f5:ee:95:c8:9e:31:90:b9:d3:a9:7b:2e:d0:5d:fb:9f:83:8e:11:bc:ad:e9:df:68:fc:36:62:71
Signer

Actual PE Digest

a4:22:73:b6:f5:ee:95:c8:9e:31:90:b9:d3:a9:7b:2e:d0:5d:fb:9f:83:8e:11:bc:ad:e9:df:68:fc:36:62:71

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MrmDeploy.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
_o__wtoi
_o_free
_o_isalpha
_o_iswalnum
_o_iswdigit
_o_iswspace
_o_memcpy_s
_o_qsort_s
_o_towlower
_o_towupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
__C_specific_handler
_CxxThrowException
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o__configure_narrow_argv
_o___std_exception_copy
_o__crt_atexit
wcsstr
wcsrchr
_o__cexit
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
wcschr
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
GetModuleHandleExW
GetModuleHandleW
GetModuleHandleExA
GetModuleFileNameA
FreeLibrary

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
AcquireSRWLockExclusive
ReleaseSemaphore
ReleaseSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
ReleaseMutex
CreateSemaphoreExW
WaitForSingleObject

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetThreadPreferredUILanguages

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-file-l1-1-0

CreateFileW
GetDriveTypeW
GetFileAttributesExW
FlushFileBuffers
FindFirstFileW
GetFinalPathNameByHandleW
GetFileSizeEx
FindClose
DeleteFileW
GetFileAttributesW
WriteFile
ReadFile

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize
RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-registry-l1-1-0

RegGetValueW

ntdll

RtlInitUnicodeStringEx
ZwOpenKey
RtlPublishWnfStateData
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
RtlInitUnicodeString
ZwClose
RtlFreeHeap
ZwEnumerateKey
RtlReAllocateHeap
RtlAllocateHeap
ZwQueryValueKey

Exports

Exports

DllMain
GetCanonicalMergedPriFileName
GetCanonicalMergedPriFileNameForPackages
GetInitInfoByPackageFullName
GetOrCreatePriFileForApplicablePackages
GetOrCreatePriFileForAvailablePackages
GetOrCreatePriFileForRelatedPackages
GetPriFileForPackageOnly
MergeRelatedPriFiles

Sections

.text
Size: 280KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MrmIndexer.dll
.dll windows:10 windows x64 arch:x64

96c245fb852e868cf23645fc079cc686

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MrmIndexer.pdb

Imports

msvcrt

memmove_s
??0exception@@QEAA@AEBQEBD@Z
_unlock
towlower
_wtoi
wcscpy_s
_vscwprintf_l
vswprintf_s
wcschr
wcsnlen
wcsncmp
_wfopen
fgetwc
_errno
fclose
_wcsnicmp
wcsstr
?terminate@@YAXXZ
iswdigit
wcscspn
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
??0bad_cast@@QEAA@AEBV0@@Z
strcspn
localeconv
sprintf_s
_fileno
__C_specific_handler
_filelengthi64
_vsnprintf
printf
wprintf
_wtof
isalpha
isxdigit
strtol
isdigit
iswctype
towupper
wcsrchr
iswalnum
iswspace
qsort_s
_ui64tow_s
wcsncpy_s
wcstoul
bsearch
_wcsicmp
wcscat_s
_wcslwr
__pctype_func
___lc_handle_func
___lc_codepage_func
__mb_cur_max
setlocale
__uncaught_exception
__crtGetStringTypeW
__crtLCMapStringW
___mb_cur_max_func
abort
_initterm
malloc
free
realloc
_amsg_exit
??0exception@@QEAA@AEBQEBDH@Z
__CxxFrameHandler4
memmove
memcpy
memcmp
memchr
wprintf_s
vwprintf_s
?what@exception@@UEBAPEBDXZ
_purecall
_callnewh
_XcptFilter
_lock
__CxxFrameHandler3
fread
_CxxThrowException
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
__dllonexit
_onexit
??1type_info@@UEAA@XZ
memset
wcscmp

bcp47mrm

CompareBcp47Tags
GetDistanceOfClosestLanguageInList
GetClosenessOfUnIsoRegionTags
GetCompositeRegionCode
IsWellFormedTag
FormatLanguageTag
IsValidTag
IsValidUnIsoRegionTag
GetParentCompositeRegionCode

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExA
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
FreeLibrary
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

SetEvent
CreateMutexExW
InitializeCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
EnterCriticalSection
ReleaseMutex
LeaveCriticalSection
WaitForSingleObject
AcquireSRWLockExclusive
ReleaseSRWLockShared
DeleteCriticalSection
ReleaseSemaphore
CreateSemaphoreExW
AcquireSRWLockShared
InitializeSRWLock
ReleaseSRWLockExclusive
CreateEventExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
OpenProcessToken
TerminateProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

LCMapStringEx
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
GetRestrictedErrorInfo
RoTransformError
RoOriginateError
RoOriginateErrorW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-com-l1-1-0

CoMarshalInterface
CoCreateInstance
CreateStreamOnHGlobal
CoReleaseMarshalData
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsIsStringEmpty
WindowsCreateString
WindowsDuplicateString
WindowsDeleteString

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
CreateThreadpoolWork
CloseThreadpoolWork
FreeLibraryWhenCallbackReturns

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize
RoGetActivationFactory

api-ms-win-core-url-l1-1-0

PathCreateFromUrlW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

GetLengthSid
AddAccessAllowedAceEx
EqualSid
AllocateAndInitializeSid
GetAce
GetTokenInformation
FreeSid

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemTime
GetSystemWindowsDirectoryW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-file-l1-1-0

FindFirstFileW
FindNextFileW
FindClose
GetFileSizeEx
CompareFileTime
CreateDirectoryW
GetDriveTypeW
FlushFileBuffers
WriteFile
GetFileAttributesExW
DeleteFileW
ReadFile
CreateFileW
GetFullPathNameW
GetFileAttributesW
GetFinalPathNameByHandleW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathIsRelativeW
PathRelativePathToW
PathRemoveBackslashW

api-ms-win-shcore-path-l1-1-0

ord170

oleaut32

VariantInit
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
VariantClear
SysFreeString
VariantChangeTypeEx
SysAllocString
SysStringLen

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegGetValueW
RegCreateKeyExW
RegSetValueExW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-security-provider-l1-1-0

SetNamedSecurityInfoW
GetNamedSecurityInfoW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-file-l1-2-4

GetTempPath2W

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

api-ms-win-core-heap-l2-1-0

LocalFree

ntdll

ZwQueryValueKey
RtlInitUnicodeStringEx
ZwOpenKey
RtlPublishWnfStateData
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
RtlInitUnicodeString
ZwClose
RtlFreeHeap
ZwEnumerateKey
RtlReAllocateHeap
RtlAllocateHeap

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 604KB - Virtual size: 602KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MsSpellCheckingFacility.dll
.dll regsvr32 windows:10 windows x64 arch:x64

d0ecbc22fcf6d8633f22f7116729fd9b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

msspellcheckingfacility.pdb

Imports

msvcrt

abort
memcmp
___lc_collate_cp_func
_ismbblead
_wfopen_s
iswupper
_errno
fclose
fseek
___mb_cur_max_func
wcstombs_s
fread
__uncaught_exception
islower
___lc_codepage_func
isupper
__pctype_func
setlocale
_unlock
ftell
_onexit
_lock
___lc_handle_func
_wsetlocale
__crtLCMapStringA
__crtLCMapStringW
__crtCompareStringW
??8type_info@@QEBAHAEBV0@@Z
_wcsdup
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
tolower
__dllonexit
??1type_info@@UEAA@XZ
_callnewh
calloc
_initterm
_resetstkoflw
memset
strchr
towupper
_amsg_exit
??0bad_cast@@QEAA@AEBV0@@Z
??1bad_cast@@UEAA@XZ
_XcptFilter
??3@YAXPEAX@Z
??0bad_cast@@QEAA@PEBD@Z
strncmp
realloc
malloc
sprintf_s
??0exception@@QEAA@AEBQEBD@Z
wcscat_s
free
wcsncpy_s
__C_specific_handler
sprintf
?what@exception@@UEBAPEBDXZ
?terminate@@YAXXZ
??0exception@@QEAA@AEBQEBDH@Z
_purecall
wcscpy_s
memmove_s
??0exception@@QEAA@XZ
_vsnprintf_s
_vsnwprintf
??0exception@@QEAA@AEBV0@@Z
memcpy_s
??1exception@@UEAA@XZ
??_V@YAXPEAX@Z
__CxxFrameHandler4
_isctype

profapi

ord104

oleaut32

SysStringLen
SysFreeString
VarUI4FromStr
CreateErrorInfo
VariantClear
VariantCopy
VariantInit
SysAllocString
SetErrorInfo

api-ms-win-core-localization-l1-2-0

SetThreadLocale
FormatMessageW
GetThreadLocale

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
OpenProcessToken
GetCurrentProcessId
InitializeProcThreadAttributeList
OpenThreadToken
GetCurrentProcess
GetCurrentThread
CreateThread
CreateProcessW
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
TerminateProcess

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
LoadResource
FindResourceExW
GetModuleHandleExW
GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
LoadLibraryExW
GetProcAddress
LockResource
LoadStringW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
DebugBreak
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

SetEvent
LeaveCriticalSection
CreateSemaphoreExW
AcquireSRWLockExclusive
WaitForSingleObjectEx
ReleaseMutex
SleepEx
CreateEventW
CreateMutexW
InitializeCriticalSectionAndSpinCount
AcquireSRWLockShared
ReleaseSemaphore
EnterCriticalSection
InitializeSRWLock
CreateMutexExW
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForMultipleObjectsEx
WaitForSingleObject
OpenSemaphoreW
InitializeCriticalSection
ReleaseSRWLockExclusive
ReleaseSRWLockShared

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
TrySubmitThreadpoolCallback
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemRealloc
CoRevertToSelf
CoCreateInstance
CoDisableCallCancellation
CLSIDFromString
CoTaskMemFree
CoEnableCallCancellation
CoImpersonateClient
CoUninitialize
CoInitializeEx
CoCreateFreeThreadedMarshaler
CoCancelCall
StringFromGUID2

userenv

CreateAppContainerProfile
DeriveAppContainerSidFromAppContainerName

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-base-l1-1-0

FreeSid
GetTokenInformation
RevertToSelf
ImpersonateLoggedOnUser

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
WakeAllConditionVariable
Sleep

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsCreateString
WindowsDuplicateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsGetStringRawBuffer

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegEnumValueW
RegGetValueW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegQueryValueExW
RegEnumKeyExW
RegQueryValueExA
RegOpenKeyExA

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateFileW
ReadFile
FindNextFileW
LockFile
SetFilePointerEx
GetFileSizeEx
GetDriveTypeW
FindClose
CreateDirectoryW
SetFilePointer
FindNextChangeNotification
FindFirstChangeNotificationW
FlushFileBuffers
SetEndOfFile
GetFileTime
WriteFile
FindFirstFileExW
UnlockFile
SetFileTime
GetFileSize

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError
RoTransformError
SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal
GetStringTypeW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathCombineW
PathFindNextComponentW
PathGetDriveNumberW
PathIsPrefixW
PathAppendW
PathStripPathW
PathFileExistsW
PathIsUNCW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-string-l2-1-0

CharNextW
CharUpperW

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-core-com-l1-1-1

RoGetAgileReference

ntdll

wcschr
iswdigit
iswspace
swscanf_s
SbSelectProcedure
iswctype
RtlPublishWnfStateData
wcsncmp
wcsrchr
wcsstr
towlower
iswxdigit
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlQueryWnfStateData
NtQueryWnfStateData
toupper
wcscspn

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime
GetTickCount64
GetSystemDirectoryW
GetSystemTime
GetSystemWindowsDirectoryW
GetTickCount

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

rpcrt4

UuidCreateSequential

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

bcp47langs

Bcp47GetDistance
GetUserLanguages

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-normalization-l1-1-0

NormalizeString

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllRegisterServer
DllUnregisterServer
SpellerCheck
SpellerCloseLex
SpellerGetOptions
SpellerInit
SpellerOpenLex
SpellerSetOptions
SpellerTerminate

Sections

.text
Size: 800KB - Virtual size: 797KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 244KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MusUpdateHandlers.dll
.dll windows:10 windows x64 arch:x64

96d86403abe333aaa23a4d7fe7fbc94d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MusUpdateHandlers.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
wcsnlen
strnlen

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__i64toa_s
_o__i64tow_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__stricmp
_o__ui64toa_s
_o__ui64tow_s
_o__ultow_s
_o__wcsicmp
_o__wcsnicmp
_o__wcstod_l
_o__wtol
_o_abort
memmove
_o_bsearch_s
_o_ceilf
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_strncpy_s
_o_strtol
_o_terminate
_o_wcsncpy_s
_o_wcstoul
__current_exception
__current_exception_context
_CxxThrowException
_o__crt_atexit
_o__create_locale
_o__configure_narrow_argv
_o__free_locale
_o__cexit
_o__callnewh
_o__beginthreadex
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
__CxxFrameHandler3
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o__execute_onexit_table
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___pctype_func
_o__errno
__C_specific_handler
__std_terminate
__CxxFrameHandler4
__C_specific_handler_noexcept
memcmp
memcpy
strchr
strrchr

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleFileNameW
DisableThreadLibraryCalls
LoadResource
GetModuleFileNameA
FreeLibrary
SizeofResource
GetModuleHandleA
GetModuleHandleW
LoadLibraryExW
GetProcAddress
FindResourceExW
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeCriticalSection
InitializeSRWLock
EnterCriticalSection
LeaveCriticalSection
AcquireSRWLockExclusive
CreateSemaphoreExW
CreateEventW
ResetEvent
SetEvent
CreateMutexW
ReleaseSemaphore
ReleaseMutex
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForSingleObject
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetExitCodeProcess
OpenProcessToken
TerminateProcess
CreateThread
GetCurrentThread
OpenThreadToken
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

GetUserPreferredUILanguages
FormatMessageA
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoGetMalloc
CoSetProxyBlanket
CoIncrementMTAUsage
CoWaitForMultipleHandles
CoDecrementMTAUsage
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoUninitialize
CoCreateGuid
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegGetValueW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey

oleaut32

VariantClear
VariantInit
VariantTimeToSystemTime
VariantChangeType
SysStringLen
SysAllocString
SysFreeString
VariantCopy
VarUI4FromStr

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-winrt-string-l1-1-0

WindowsCompareStringOrdinal
WindowsCreateString
WindowsDuplicateString
WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsConcatString

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetSystemTime
GetSystemDirectoryW
GetLocalTime
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

msvcp_win

?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?_Winerror_map@std@@YAHH@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Xlength_error@std@@YAXPEBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
_Thrd_detach
?_Throw_C_error@std@@YAXH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
??0task_continuation_context@Concurrency@@AEAA@XZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
_Cnd_do_broadcast_at_thread_exit
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_Xbad_function_call@std@@YAXXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
_Mtx_current_owns
_Cnd_timedwait
_Query_perf_frequency
_Query_perf_counter
_Mtx_init_in_situ
_Cnd_init_in_situ
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?_Syserror_map@std@@YAPEBDH@Z
_Cnd_wait
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
_Cnd_register_at_thread_exit
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Mtx_destroy_in_situ
_Cnd_destroy_in_situ
_Cnd_unregister_at_thread_exit
_Cnd_broadcast
_Xtime_get_ticks
_Mtx_unlock
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
_Mtx_lock
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Throw_Cpp_error@std@@YAXH@Z

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalReAlloc
LocalAlloc

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoInitialize
RoGetActivationFactory
RoUninitialize

api-ms-win-core-file-l1-1-0

FindFirstFileW
GetFileAttributesExW
FindClose
FileTimeToLocalFileTime
CreateDirectoryW
FindNextFileW
GetFileAttributesW
DeleteFileW
CompareFileTime
LocalFileTimeToFileTime

api-ms-win-core-timezone-l1-1-0

TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventSetInformation
EventActivityIdControl
EventUnregister

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

ntdll

RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
RtlNtStatusToDosError

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
CloseServiceHandle

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

xmllite

CreateXmlReader

rpcrt4

NdrClientCall3
I_RpcExceptionFilter
I_RpcMapWin32Status
UuidCreate
RpcBindingBind
RpcBindingCreateW
RpcBindingFree
RpcStringFreeW
RpcBindingFromStringBindingW
RpcStringBindingComposeW

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
GetTokenInformation
CheckTokenMembership
FreeSid

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileEx

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-eventing-controller-l1-1-0

StartTraceW
EnableTraceEx2
ControlTraceW

api-ms-win-eventing-legacy-l1-1-0

QueryTraceW

crypt32

CertVerifyCertificateChainPolicy

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchRemoveBackslash
PathCchSkipRoot
PathAllocCanonicalize
PathCchCanonicalize

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
GetSetting

Sections

.text
Size: 964KB - Virtual size: 960KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 304KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NgcCtnr.dll
.dll windows:10 windows x64 arch:x64

e36ad26b5731eed9a29b111c63263975

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

NgcCtnr.pdb

Imports

msvcp_win

?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?_Incref@facet@locale@std@@UEAAXXZ
?do_always_noconv@?$codecvt@GDU_Mbstatet@@@std@@MEBA_NXZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?do_max_length@?$codecvt@GDU_Mbstatet@@@std@@MEBAHXZ
?do_encoding@?$codecvt@GDU_Mbstatet@@@std@@MEBAHXZ
?do_in@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?do_out@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?do_unshift@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?do_length@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBD1_K@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Mtx_unlock
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-time-l1-1-0

clock

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcserror
_o__wcsicmp
memmove
_o_ceilf
_o_free
_o_iswascii
_o_iswcntrl
_o_iswdigit
_o_iswlower
_o_iswpunct
_o_iswspace
_o_iswupper
_o_malloc
_o_memcpy_s
_o_terminate
_o_wcsncpy_s
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
wcsstr

api-ms-win-crt-string-l1-1-0

memset
wcscmp
wcsnlen

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
GetModuleHandleW
GetModuleHandleExA
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleExW
LoadStringW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
CreateSemaphoreExW
CreateEventExW
EnterCriticalSection
ReleaseSemaphore
InitializeCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
InitializeSRWLock
CreateMutexExW
DeleteCriticalSection
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapDestroy
HeapSetInformation
HeapAlloc
HeapCreate

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetLastError
SetLastError

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CloseThreadpoolCleanupGroup
WaitForThreadpoolTimerCallbacks
CreateThreadpoolCleanupGroup
SetThreadpoolTimer
TrySubmitThreadpoolCallback
CreateThreadpoolTimer
CloseThreadpoolCleanupGroupMembers

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
OpenThreadToken
SetThreadToken
GetCurrentThread
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoGetMalloc
CoCreateGuid
StringFromGUID2
CoTaskMemFree
CoCreateFreeThreadedMarshaler

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-security-base-l1-1-0

GetLengthSid
EqualSid
CopySid
IsValidSid

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo

ntdll

RtlNtStatusToDosError
RtlPublishWnfStateData
RtlGetPersistedStateLocation
RtlIsMultiSessionSku
NtFlushBuffersFileEx

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-libraryloader-l2-1-0

QueryOptionalDelayLoadedAPI

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventRegister
EventActivityIdControl
EventUnregister

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegEnumKeyExW
RegLoadKeyW
RegGetValueW
RegOpenKeyExW
RegSetValueExW
RegUnLoadKeyW
RegOpenCurrentUser
RegFlushKey
RegQueryInfoKeyW

api-ms-win-core-file-l1-1-0

WriteFile
FindFirstFileExW
ReadFile
GetFileSizeEx
GetFileAttributesExW
RemoveDirectoryW
CreateFileW
FindClose
CompareFileTime
FindNextFileW
DeleteFileW
CreateDirectoryW

bcrypt

BCryptDeriveKeyPBKDF2
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptDestroyKey
BCryptDecrypt
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptGenRandom
BCryptHash

crypt32

CryptBinaryToStringW
CertFindExtension
CertOpenStore
CertFindCertificateInStore
CryptEncodeObjectEx
CryptUnprotectData
CertCloseStore
CertFreeCertificateContext
CertDuplicateCertificateContext
CryptUnprotectMemory
CryptProtectMemory
CryptProtectData
CryptExportPublicKeyInfoEx
CryptDecodeObjectEx
CertGetCertificateContextProperty

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-string-l1-1-0

CompareStringEx

rpcrt4

RpcStringFreeW
UuidToStringW
UuidIsNil
NdrDllCanUnloadNow
NdrDllGetClassObject
UuidFromStringW

api-ms-win-core-file-l2-1-0

MoveFileExW

samcli

NetLocalGroupGetMembers

netutils

NetApiBufferFree

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-memory-l1-1-1

GetProcessWorkingSetSizeEx
VirtualLock
SetProcessWorkingSetSizeEx
VirtualUnlock

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 368KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NgcCtnrGidsHandler.dll
.dll windows:10 windows x64 arch:x64

ffddfedd09eabb5357a42ee1e9820978

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

NgcCtnrGidsHandler.pdb

Imports

msvcp_win

?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_id
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Cnd_do_broadcast_at_thread_exit
?_Xbad_function_call@std@@YAXXZ
_Thrd_detach
_Thrd_join

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itoa_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o___std_exception_destroy
_o__strtoui64
memmove
_o_free
_o_malloc
_o_terminate
_o___std_exception_copy
_CxxThrowException
_o__callnewh
_o___stdio_common_vsprintf_s
_o__beginthreadex
_o__crt_atexit
_o___stdio_common_vsnprintf_s
_o__configure_narrow_argv
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_o__cexit
memchr
memcmp
memcpy
_o___stdio_common_vswprintf
_o___std_type_info_destroy_list

api-ms-win-crt-string-l1-1-0

wcsnlen
memset
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
CreateEventW
EnterCriticalSection
LeaveCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
DeleteCriticalSection
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetCPInfoExW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

RpcRaiseException
UuidToStringW
NdrServerCall2
NdrClientCall3
RpcImpersonateClient
RpcRevertToSelfEx
RpcBindingFree
RpcExceptionFilter
RpcBindingBind
RpcBindingCreateW
NdrServerCallAll

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventActivityIdControl
EventSetInformation

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoGetMalloc

api-ms-win-security-base-l1-1-0

CheckTokenMembership

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-file-l1-1-0

WriteFile
FindNextFileW
ReadFile
FindClose
GetFileSizeEx

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA

ntdll

EtwTraceMessage
RtlUnicodeStringToAnsiString
RtlNtStatusToDosError
RtlInitUnicodeString
RtlFreeAnsiString
WinSqmIncrementDWORD
WinSqmIsOptedIn

kernel32

SetFileAttributesTransactedW
DeleteFileTransactedW
CreateFileTransactedW
FindFirstFileTransactedW
RemoveDirectoryTransactedW
CreateDirectoryTransactedW

ktmw32

CommitTransaction
CreateTransaction

Exports

Exports

InitializeHandler

Sections

.text
Size: 300KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NgcCtnrSvc.dll
.dll windows:10 windows x64 arch:x64

5f73498a9a5528c47abedf26af69c73a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

NgcCtnrSvc.pdb

Imports

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
_Cnd_broadcast
_Cnd_register_at_thread_exit
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
_Mtx_unlock
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Cnd_unregister_at_thread_exit
_Cnd_destroy_in_situ
_Mtx_destroy_in_situ
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
_Cnd_wait
?__ExceptionPtrCurrentException@@YAXPEAX@Z
_Query_perf_counter
_Query_perf_frequency
_Cnd_timedwait
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_current_owns
_Xtime_get_ticks
_Cnd_init_in_situ
_Mtx_init_in_situ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?do_length@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBD1_K@Z
?do_unshift@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?do_out@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?do_in@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?do_encoding@?$codecvt@GDU_Mbstatet@@@std@@MEBAHXZ
?do_max_length@?$codecvt@GDU_Mbstatet@@@std@@MEBAHXZ
?do_always_noconv@?$codecvt@GDU_Mbstatet@@@std@@MEBA_NXZ
?_Incref@facet@locale@std@@UEAAXXZ
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
??Bid@locale@std@@QEAA_KXZ
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcreate_locale
_o__wcsicmp
_o__wcsicmp_l
memmove
_o_ceilf
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__free_locale
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcscmp
wcsnlen
memset

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
LoadLibraryExW
FreeLibrary
LoadStringW
GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
CreateSemaphoreExW
ReleaseSRWLockShared
ResetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
ReleaseSemaphore
WaitForSingleObjectEx
InitializeCriticalSectionEx
CreateEventW
SetEvent
SleepEx
CreateEventExW
OpenSemaphoreW
WaitForSingleObject
CreateMutexExW
ReleaseMutex
ReleaseSRWLockExclusive
AcquireSRWLockShared
DeleteCriticalSection
InitializeSRWLock
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolCleanupGroup
TrySubmitThreadpoolCallback
CreateThreadpoolTimer
CloseThreadpoolCleanupGroupMembers
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolCleanupGroup

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetPriorityClass
OpenThreadToken
OpenProcessToken
GetCurrentThread
GetCurrentProcess
SetPriorityClass
GetCurrentThreadId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventRegister
EventActivityIdControl
EventUnregister

api-ms-win-core-file-l1-1-0

CreateFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
CreateDirectoryW
FindClose
CompareFileTime

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoGetMalloc
StringFromGUID2
CoDecrementMTAUsage
CoIncrementMTAUsage
CoCreateInstance
IIDFromString
CoCreateFreeThreadedMarshaler
CoInitializeEx

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegGetValueW
RegEnumKeyExW
RegFlushKey
RegCloseKey
RegQueryInfoKeyW
RegQueryValueExW
RegDeleteTreeW
RegDeleteValueW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-libraryloader-l2-1-0

QueryOptionalDelayLoadedAPI

rpcrt4

RpcBindingBind
RpcBindingCreateW
RpcRevertToSelfEx
RpcServerInterfaceGroupClose
RpcServerInterfaceGroupDeactivate
RpcServerInterfaceGroupActivate
RpcServerInterfaceGroupCreateW
RpcImpersonateClient
UuidToStringW
I_RpcExceptionFilter
RpcRaiseException
RpcBindingFree
RpcEpResolveBinding
NdrServerCall2
NdrServerCallAll
RpcBindingFromStringBindingW
RpcStringFreeW
RpcStringBindingComposeW
RpcExceptionFilter
NdrClientCall3
RpcRevertToSelf

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
IsWellKnownSid
EqualSid
GetTokenInformation
CopySid
GetLengthSid
IsValidSid

api-ms-win-core-sysinfo-l1-2-0

GetSystemFirmwareTable

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-core-psapi-l1-1-0

K32EnumProcesses
QueryFullProcessImageNameW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

profapi

ord104

devobj

DevObjCreateDeviceInfoList
DevObjEnumDeviceInterfaces
DevObjGetClassDevs
DevObjEnumDeviceInfo
DevObjOpenDevRegKey
DevObjDestroyDeviceInfoList

api-ms-win-security-lsalookup-l1-1-2

LsaLookupUserAccountType

api-ms-win-core-kernel32-legacy-l1-1-0

UnregisterWait

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

ntdll

RtlInitUnicodeString
RtlNtStatusToDosError
RtlIsMultiSessionSku
RtlPublishWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
LdrAddRefDll
LdrUnloadDll
RtlWnfDllUnloadCallback
RtlUnsubscribeWnfNotificationWithCompletionCallback
NtCreateUserProcess
NtTerminateProcess
NtQueryInformationProcess
RtlDosPathNameToNtPathName_U_WithStatus
RtlCreateProcessParametersEx
RtlFreeUnicodeString
RtlDestroyProcessParameters
NtQuerySystemInformation
ZwOpenKey
ZwQueryValueKey
NtClose

api-ms-win-security-accesshlpr-l1-1-0

FreeTransientObjectSecurityDescriptor
QueryTransientObjectSecurityDescriptor

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus
StartServiceA
OpenSCManagerA

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 484KB - Virtual size: 481KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NgcIso.exe
.exe windows:10 windows x64 arch:x64

71ae2b639b53e1e5b0b73127854aee75

Code Sign

33:00:00:04:5b:f6:31:bc:00:f4:fc:37:45:00:00:00:00:04:5b
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 18:20

Not After

04/09/2024, 18:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4d:e5:3a:f8:85:0b:ba:0a:2d:21:11:c2:3a:d6:f7:d1:60:e3:05:ca:4d:d3:ed:83:4c:0f:1d:39:0c:a8:82:44
Signer

Actual PE Digest

4d:e5:3a:f8:85:0b:ba:0a:2d:21:11:c2:3a:d6:f7:d1:60:e3:05:ca:4d:d3:ed:83:4c:0f:1d:39:0c:a8:82:44

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

NgcIso.pdb

Imports

msvcp_win

?setf@ios_base@std@@QEAAHHH@Z
?setf@ios_base@std@@QEAAHH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Xbad_function_call@std@@YAXXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o___p___wargv
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_ceilf
_o_exit
_o_free
_o_ldexp
_o_malloc
_o_memcpy_s
_o_terminate
__current_exception
__current_exception_context
_CxxThrowException
_o___p___argc
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_o___stdio_common_vswprintf
__CxxFrameHandler3
_o___p__commode
__RTDynamicCast
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW
GetProcAddress

api-ms-win-core-synch-l1-1-0

OpenEventW
SetEvent
CreateEventExW
CreateSemaphoreExW
EnterCriticalSection
ReleaseSemaphore
CreateEventW
ResetEvent
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapSize
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

NdrClientCall3
RpcServerRegisterIf
NdrServerCall2
RpcServerUseProtseqIfW
RpcServerListen
NdrServerCallAll
RpcExceptionFilter
RpcRaiseException
RpcServerUnregisterIf
RpcMgmtStopServerListening

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister
EventActivityIdControl

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

iumsdk

GetSignedReport
GetTaggedData
GetTaggedDataSize
EncryptData
GetTpmBindingInfo
RtlNtStatusToDosError
GetSecureIdentitySigningKey
DecryptData

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

__ImagePolicyMetadata

Sections

.text
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tPolicy
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NgcIsoCtnr.dll
.dll windows:10 windows x64 arch:x64

f9f019dba4843cd507e29b4515f90944

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

NgcIsoCtnr.pdb

Imports

msvcp_win

_Cnd_destroy_in_situ
_Mtx_init_in_situ
_Cnd_init_in_situ
_Mtx_destroy_in_situ
_Cnd_wait
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Cnd_broadcast
_Cnd_register_at_thread_exit
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?_Syserror_map@std@@YAPEBDH@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Query_perf_frequency
_Query_perf_counter
_Thrd_id
_Thrd_join
_Cnd_unregister_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
_Cnd_do_broadcast_at_thread_exit
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?_Xlength_error@std@@YAXPEBD@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Xout_of_range@std@@YAXPEBD@Z
?setf@ios_base@std@@QEAAHHH@Z
?setf@ios_base@std@@QEAAHH@Z
_Cnd_timedwait
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
_Mtx_current_owns
?_Xbad_function_call@std@@YAXXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?flags@ios_base@std@@QEBAHXZ
_Xtime_get_ticks
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?do_length@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBD1_K@Z
?do_unshift@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?do_out@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?do_in@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?do_encoding@?$codecvt@GDU_Mbstatet@@@std@@MEBAHXZ
?do_max_length@?$codecvt@GDU_Mbstatet@@@std@@MEBAHXZ
?do_always_noconv@?$codecvt@GDU_Mbstatet@@@std@@MEBA_NXZ
?_Incref@facet@locale@std@@UEAAXXZ
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
??Bid@locale@std@@QEAA_KXZ
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
_Thrd_detach
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QEBA_NXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z

api-ms-win-crt-time-l1-1-0

clock

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__dclass
_o__dsign
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__configure_narrow_argv
memmove
_o__wcsicmp
_o_ceilf
_o_free
_o_iswascii
_o_iswcntrl
_o_iswdigit
_o_iswlower
_o_iswpunct
_o_iswspace
_o_iswupper
_o_ldexp
_o_localeconv
_o_malloc
_o_strtod
_o_strtoll
_o_strtoull
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__cexit
_o__callnewh
_o__beginthreadex
__std_terminate
__CxxFrameHandler4
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__RTDynamicCast
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleHandleExA
GetModuleHandleExW
GetProcAddress

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
AcquireSRWLockExclusive
ReleaseSRWLockShared
CreateEventW
ResetEvent
InitializeCriticalSectionAndSpinCount
AcquireSRWLockShared
CreateEventExW
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
EnterCriticalSection
SetEvent

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree
HeapSize

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep
InitOnceExecuteOnce

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateGuid
StringFromGUID2
CoTaskMemAlloc

api-ms-win-core-file-l1-1-0

CompareFileTime
CreateFileW
FindClose
FindFirstFileExW
DeleteFileW
GetFileSizeEx
ReadFile
WriteFile
CreateDirectoryW
FindNextFileW
RemoveDirectoryW
GetFileAttributesExW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolCleanupGroup
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
TrySubmitThreadpoolCallback
CloseThreadpoolTimer

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

rpcrt4

UuidFromStringW
RpcStringFreeW
RpcStringBindingComposeW
RpcExceptionFilter
NdrClientCall3
NdrServerCallAll
NdrServerCall2
RpcRaiseException
RpcBindingFree
RpcEpResolveBinding
RpcBindingFromStringBindingW

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-security-base-l1-1-0

CopySid
GetLengthSid
IsValidSid

api-ms-win-core-file-l2-1-0

MoveFileExW

ntdll

NtQuerySystemInformation
NtFlushBuffersFileEx
RtlIsMultiSessionSku
RtlPublishWnfStateData

api-ms-win-security-lsalookup-l1-1-2

LsaLookupUserAccountType

tpmcoreprovisioning

TpmIsLockedOut
TpmIsFIPS
TpmChangeOwnerAuth
TpmGetRandomAuthValue

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject
NgcIsoCtnrInitialize
NgcIsoCtnrInitializePregenPool
NgcIsoCtnrTriggerPregen
NgcIsoCtnrUninitializePregenPool

Sections

.text
Size: 380KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NgcProCsp.dll
.dll windows:10 windows x64 arch:x64

907ec84e85e828328f36d0039dd0cead

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

NgcProCsp.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__callnewh
memmove
_o__wcserror
_o__wcsicmp
_o_ceilf
_o_free
_o_malloc
_o_memcpy_s
_o_wcsncpy_s
__C_specific_handler
_CxxThrowException
__CxxFrameHandler3
_o__crt_atexit
_o__configure_narrow_argv
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
wcsstr
__std_terminate
__CxxFrameHandler4
__RTDynamicCast
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsnlen
memset

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlIsMultiSessionSku
RtlLookupFunctionEntry
RtlPublishWnfStateData
RtlGetPersistedStateLocation

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleHandleExA
GetModuleFileNameA
GetProcAddress

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
WaitForSingleObject
EnterCriticalSection
ReleaseMutex
ReleaseSRWLockExclusive
LeaveCriticalSection
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSemaphore
ReleaseSRWLockShared
AcquireSRWLockExclusive
OpenSemaphoreW
WaitForSingleObjectEx
InitializeCriticalSectionEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation

oleaut32

VariantInit
VariantClear
SysAllocString

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree

rpcrt4

UuidFromStringW
RpcStringFreeW
UuidIsNil
UuidToStringW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
RegGetValueW
RegSetValueExW
RegDeleteValueW
RegDeleteTreeW
RegLoadKeyW
RegCloseKey
RegOpenCurrentUser
RegCreateKeyExW
RegUnLoadKeyW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

crypt32

CertGetCertificateContextProperty
CertFindCertificateInStore
CertCloseStore
CryptDecodeObjectEx
CryptBinaryToStringW
CertDuplicateCertificateContext
CertFreeCertificateContext
CertFindExtension
CertOpenStore

api-ms-win-core-string-l1-1-0

CompareStringEx

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NotificationController.dll
.dll windows:10 windows x64 arch:x64

ce9b264a7dbbf152be9f06044a12c8a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

NotificationController.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__gmtime64
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__wcsicmp
_o__wcsnicmp
memmove
_o__wtof
_o__wtoi
_o__wtol
_o_abort
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcstod
_o_wcstoul
_o_wcstoull
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__difftime64
_o__get_errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memchr
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscspn
wcscmp

rmclient

HamCloseActivity
HamStartActivityAsync
HamCreateActivityForProcess
HamPopulateActivityProperties
HamConnectToServer
HamDisconnectFromServer

combase

GetErrorInfo
SetErrorInfo
ord154
ord140

api-ms-win-core-libraryloader-l1-2-0

LoadResource
GetProcAddress
FindResourceExW
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleHandleExW
FreeLibrary
GetModuleHandleExA
LoadStringW
LockResource
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
TryAcquireSRWLockShared
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
WaitForSingleObject
InitializeSRWLock
WaitForMultipleObjectsEx
ReleaseMutex
CreateEventExW
SetEvent
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateSemaphoreExW
TryAcquireSRWLockExclusive
LeaveCriticalSection
InitializeCriticalSection
ResetEvent
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
ProcessIdToSessionId
GetCurrentProcessId
OpenProcessToken
GetProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventSetInformation
EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateErrorW
GetRestrictedErrorInfo
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDuplicateString
WindowsDeleteString
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsSubstringWithSpecifiedLength
WindowsCreateString

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
CoGetCallContext
CoTaskMemFree
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoResumeClassObjects
CoReleaseMarshalData
CreateStreamOnHGlobal
CoTaskMemRealloc
CoMarshalInterface
CoRegisterClassObject
CoRevokeClassObject
CLSIDFromString
StringFromGUID2
CoGetApartmentType
CoCreateGuid

api-ms-win-core-winrt-l1-1-0

RoRegisterActivationFactories
RoActivateInstance
RoGetActivationFactory
RoUninitialize
RoInitialize
RoRevokeActivationFactories

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegCloseKey
RegGetValueW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

oleaut32

SysAllocStringLen
SysReAllocStringLen
SysAllocString
SysStringLen
SysFreeString

api-ms-win-security-base-l1-1-0

GetTokenInformation
IsWellKnownSid
EqualSid

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateDirectoryW
FindNextFileW
FindFirstFileW
CompareFileTime
DeleteFileW
FindClose

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchFindExtension
PathCchRemoveExtension
PathCchRemoveFileSpec
PathCchAppendEx

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-url-l1-1-0

PathCreateFromUrlW

umpdc

Pdcv2ActivationClientUnregister
Pdcv2ActivationClientDeactivate

api-ms-win-shcore-thread-l1-1-0

SHGetThreadRef

api-ms-win-rtcore-ntuser-window-l1-1-0

PeekMessageW
PostQuitMessage
TranslateMessage
DispatchMessageW

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx

api-ms-win-appmodel-runtime-l1-1-1

ParseApplicationUserModelId

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

ntdll

RtlSleepConditionVariableSRW
RtlWakeAllConditionVariable
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
wcschr
wcsncmp
wcsrchr
RtlSubscribeWnfStateChangeNotification
wcsstr
strncmp
RtlDeriveCapabilitySidsFromName
RtlTestAndPublishWnfStateData
RtlPublishWnfStateData
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlGetDeviceFamilyInfoEnum
RtlIsMultiUsersInSessionSku

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext
SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask

api-ms-win-shcore-registry-l1-1-0

SHRegGetValueW

api-ms-win-rtcore-ntuser-powermanagement-l1-1-0

UnregisterPowerSettingNotification

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

shcore

ord190

msvcp_win

?seekp@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@_JH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?_Xbad_alloc@std@@YAXXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?good@ios_base@std@@QEBA_NXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?id@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Getcat@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@GU?$char_traits@G@std@@@2@V32@AEAVios_base@2@GPEBUtm@@PEBG3@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_K@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Xbad_function_call@std@@YAXXZ
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Incref@facet@locale@std@@UEAAXXZ
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?_Xinvalid_argument@std@@YAXPEBD@Z
_Xtime_get_ticks
??Bios_base@std@@QEBA_NXZ
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 280KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OpenWith.exe
.exe windows:10 windows x64 arch:x64

c9d688e9591d69636f921914b8c58481

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

16:3c:b8:bf:f3:73:d4:10:38:42:3e:39:41:c7:d4:4b:bb:9a:df:1e:7d:42:57:f1:03:f0:7d:15:15:c8:a7:d8
Signer

Actual PE Digest

16:3c:b8:bf:f3:73:d4:10:38:42:3e:39:41:c7:d4:4b:bb:9a:df:1e:7d:42:57:f1:03:f0:7d:15:15:c8:a7:d8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

OpenWith.pdb

Imports

kernel32

HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
LocalFree
CompareStringOrdinal
ReleaseSRWLockExclusive
CreateSemaphoreExW
AcquireSRWLockShared
ReleaseSRWLockShared
SetThreadpoolTimer
CreateThreadpoolTimer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
ResolveDelayLoadedAPI
DelayLoadFailureHook
AcquireSRWLockExclusive
GetModuleFileNameA

user32

GetMessageW
TranslateMessage
DispatchMessageW
KillTimer
PostQuitMessage
SetTimer
DestroyMenu
CreatePopupMenu
GetMenuDefaultItem
PostThreadMessageW
ord2521

msvcp_win

?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
memmove

api-ms-win-crt-string-l1-1-0

memset

shcore

IUnknown_Set
IUnknown_QueryService
SHSetThreadRef
SHCreateThreadRef
SetProcessReference
IUnknown_GetSite
IUnknown_SetSite
SHStrDupA

shell32

ord764

shlwapi

ord172
PathIsURLW
ord219

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoRegisterClassObject
CoCopyProxy
CoUninitialize
CoRevokeClassObject
CoGetCallContext
CoInitializeEx

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess
GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-heap-l2-1-0

LocalAlloc

comctl32

ord236

oleaut32

SysFreeString
SysStringLen
SetErrorInfo

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PerfStringBackup.INI
PersonalizationCSP.dll
.dll windows:10 windows x64 arch:x64

72a94cb8430cf5a7ff6aed50823b7422

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

PersonalizationCSP.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o_free
_o_isalnum
_o_malloc
_o_memcpy_s
__C_specific_handler
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleW
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleExW
FreeLibrary
GetModuleHandleExA
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
CreateMutexExW
SetEvent
AcquireSRWLockExclusive
LeaveCriticalSection
InitializeCriticalSectionEx
OpenSemaphoreW
WaitForSingleObjectEx
CreateEventW
OpenEventW
ReleaseSRWLockShared
DeleteCriticalSection
ReleaseMutex
EnterCriticalSection
WaitForSingleObject
InitializeCriticalSection
ReleaseSemaphore
AcquireSRWLockShared
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
ResetEvent

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
GetCurrentThread
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
OpenThreadToken
OpenProcessToken
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventActivityIdControl
EventUnregister

api-ms-win-security-base-l1-1-0

GetLengthSid
GetTokenInformation
GetSecurityDescriptorDacl
IsValidSid

crypt32

CryptBinaryToStringW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-file-l1-1-0

FindNextFileW
DeleteFileW
FindFirstFileExW
FindClose

api-ms-win-core-com-l1-1-0

PropVariantClear
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

oleaut32

SysFreeString
SysAllocString
SysStringLen
VariantInit

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegGetValueW
RegOpenKeyExW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW
SHExpandEnvironmentStringsW
PathFileExistsW

api-ms-win-shell-shdirectory-l1-1-0

ord292

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW
SetNamedSecurityInfoW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-path-l1-1-0

PathCchCombine

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntdll

RtlGetDeviceFamilyInfoEnum
RtlGetPersistedStateLocation
RtlPublishWnfStateData

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW
GetPersistedFileLocationW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PhotoScreensaver.scr
.exe windows:10 windows x64 arch:x64

98b1e7a25457b09fa698ffdb00df75d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

PhotoScreensaver.pdb

Imports

advapi32

RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
TraceEvent
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegEnumValueW
RegQueryValueExW

kernel32

EnterCriticalSection
LeaveCriticalSection
SizeofResource
GetExitCodeThread
CompareStringOrdinal
lstrlenW
CreateThread
GetUserDefaultUILanguage
EnumUILanguagesW
GetLocaleInfoW
LocalFree
LocalAlloc
GetProcessMitigationPolicy
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
LoadResource
EncodePointer
VirtualAlloc
VirtualFree
CompareStringW
LoadLibraryA
SetDllDirectoryW
UnhandledExceptionFilter
CreateFileMappingW
FindResourceW
SystemTimeToFileTime
GetSystemTime
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
MultiByteToWideChar
RaiseException
lstrcmpiW
LoadLibraryExW
GetModuleHandleW
DecodePointer
GetProcAddress
GetLastError
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
FindResourceExW
VirtualQuery
GetSystemInfo
LoadLibraryExA
VirtualProtect
GetTickCount
ExitProcess
Sleep
GetVersionExW
GetSystemPowerStatus
GetCommandLineW
CreateSemaphoreExW
CreateMutexExW
CreateThreadpoolTimer
OpenSemaphoreW
WaitForSingleObject
InitializeCriticalSectionEx
WaitForSingleObjectEx
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
ReleaseMutex
ReleaseSemaphore
CloseHandle
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
OutputDebugStringW
DebugBreak
GetModuleFileNameA
HeapFree
GetProcessHeap
HeapAlloc
FormatMessageW
LockResource
OutputDebugStringA
QueryActCtxW
GetModuleHandleExW
CreateActCtxW
FindActCtxSectionStringW
ActivateActCtx
LoadLibraryW
DeactivateActCtx
SetLastError
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter

user32

ReleaseCapture
SetRect
GetNextDlgTabItem
GetCapture
SetCapture
GetWindowTextLengthW
GetWindowTextW
NotifyWinEvent
UpdateWindow
RegisterClipboardFormatW
PtInRect
GetAncestor
SetWindowLongW
MapWindowPoints
EnumDisplaySettingsW
EnumDisplayDevicesW
GetKeyState
GetWindow
IsWindowVisible
IsWindowEnabled
GetFocus
ShowWindow
GetActiveWindow
GetProcessDefaultLayout
WindowFromDC
GetClassLongPtrW
TrackMouseEvent
DestroyWindow
KillTimer
SetTimer
GetWindowLongPtrW
GetMessageW
GetSystemMetrics
DispatchMessageW
PeekMessageW
RegisterClassW
GetForegroundWindow
TranslateMessage
LoadIconW
FindWindowW
SetCursor
PostQuitMessage
DialogBoxParamW
SetForegroundWindow
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
GetSysColorBrush
FillRect
DrawTextW
GetSysColor
BeginPaint
GetDC
EndPaint
ReleaseDC
EnableWindow
SetFocus
CheckDlgButton
IsDlgButtonChecked
MessageBoxW
GetParent
GetDlgItem
SetWindowTextW
CallWindowProcW
GetCursorPos
SystemParametersInfoW
InvalidateRect
PostMessageW
DefWindowProcW
CreateDialogParamW
GetWindowLongW
AdjustWindowRectEx
GetClientRect
GetWindowRect
SendMessageW
IsWindow
EndDialog
SetWindowPos
UnregisterClassA
SetWindowLongPtrW
CharNextW

api-ms-win-crt-string-l1-1-0

memset
wcscmp
memmove_s
wcspbrk

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_calloc
_o_ceilf
_o_exit
_o_free
_o_malloc
_o_rand
_o_srand
_o_terminate
_o_towlower
_o_wcsncpy_s
_o_wcstok
_o_wcstol
_o_wmemcpy_s
__current_exception
__current_exception_context
_o__exit
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__configthreadlocale
_o__cexit
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___argv
_o___p___argc
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_o__initialize_narrow_environment
_CxxThrowException
__C_specific_handler_noexcept
_o__get_initial_narrow_environment
memcmp
memcpy
wcschr
memmove

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtSetInformationProcess

shell32

SHBrowseForFolderW
SHGetIDListFromObject
ord152
SHCreateItemWithParent
ord102
SHAddToRecentDocs
ord4
ord644
ord645
ord2
SHCreateItemFromIDList
SHGetFolderPathW
SHGetKnownFolderIDList

oleaut32

VariantClear
SysAllocString
SysStringLen
LoadRegTypeLi
LoadTypeLi
SysAllocStringByteLen
SysAllocStringLen
SysStringByteLen
VariantCopy
VarUI4FromStr
SysFreeString
VariantInit

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree
CLSIDFromString
PropVariantClear
CreateBindCtx

gdi32

SetTextColor
DeleteObject
GetClipBox
GetStockObject
RealizePalette
SetBkColor
BitBlt
GetObjectW
SetDIBitsToDevice
CreateCompatibleDC
CreateDIBSection
GetRegionData
DeleteDC
SelectObject
OffsetRgn
SelectPalette
GetClipRgn
CreateFontIndirectW
ExtCreateRegion
CreateRectRgnIndirect
CreateRectRgn
GetLayout
SetLayout
GetObjectA
GetDeviceCaps

gdiplus

GdipFillRectangle
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesWrapMode
GdipDrawImagePointsRectI
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCreateLineBrush
GdipSetLineSigmaBlend
GdipFillPath
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipDrawPath
GdipDeletePath
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatHotkeyPrefix
GdipGetImageGraphicsContext
GdipDeleteFont
GdipCreatePath
GdipDeleteGraphics
GdipCreateFromHDC
GdipDrawImageRectRectI
GdipSetPageUnit
GdipGetPageUnit
GdipTranslateWorldTransform
GdipGetImageHeight
GdipGetImageWidth
GdipClosePathFigure
GdipGetStringFormatFlags
GdipSetStringFormatDigitSubstitution
GdipGetStringFormatDigitSubstitution
GdipDrawString
GdipMultiplyWorldTransform
GdipCreateMatrix2
GdipSetWorldTransform
GdipGetWorldTransform
GdipDeleteMatrix
GdipCreateMatrix
GdipSetTextRenderingHint
GdipGetTextRenderingHint
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdiplusShutdown
GdiplusStartup
GdipAddPathLineI
GdipAddPathArcI
GdipDrawRectangleI
GdipCreatePen2
GdipCreateHatchBrush
GdipMeasureString
GdipGetGenericFontFamilySansSerif
GdipReleaseDC
GdipGetDC
GdipFillRectangleI
GdipCloneBrush
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill
GdipSetRenderingOrigin
GdipCreateHalftonePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipSetClipHrgn
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipCreateFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily

comctl32

InitCommonControlsEx

crypt32

CryptBinaryToStringW
CryptStringToBinaryW

api-ms-win-crt-time-l1-1-0

_time64

shlwapi

PathFindExtensionW

windowscodecs

WICConvertBitmapSource

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleProxyW

dwmapi

DwmIsCompositionEnabled

Sections

.text
Size: 288KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 216KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Print.PrintSupport.Source.dll
.dll windows:10 windows x64 arch:x64

0993bfccb42079c416a322518009f67c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Print.PrintSupport.Source.pdb

Imports

msvcp_win

?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1_Lockit@std@@QEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
_Wcscoll
_Wcsxfrm
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?good@ios_base@std@@QEBA_NXZ
??0_Lockit@std@@QEAA@H@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGD@Z
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$collate@G@std@@2V0locale@2@A
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?id@?$ctype@G@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPEBD@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
_Thrd_yield
?_Xbad_alloc@std@@YAXXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

wcscmp
memset
wcsncmp

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

wcsrchr
strchr
_o___std_exception_copy
_o___std_exception_destroy
_o___std_type_info_destroy_list
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vswprintf_s
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
wcschr
_o__purecall
wcsstr
__std_terminate
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wtof
_o__wtol
_o_abort
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
_o_towlower
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
__CxxFrameHandler4
_CxxThrowException
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleW
LoadStringW
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
FreeLibrary
GetProcAddress

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
ReleaseMutex
CreateEventW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseSRWLockExclusive
OpenSemaphoreW
AcquireSRWLockShared
ResetEvent
CreateMutexExW
SetEvent
InitializeCriticalSectionAndSpinCount
ReleaseSemaphore
WaitForSingleObject
WaitForSingleObjectEx
CreateSemaphoreExW
ReleaseSRWLockShared
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
WaitOnAddress
WakeByAddressSingle
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-com-l1-1-0

CoGetApartmentType
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CreateStreamOnHGlobal
StringFromGUID2
CoGetObjectContext
CoUninitialize
CoGetMalloc
CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc

api-ms-win-core-heap-l2-1-0

LocalAlloc

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegGetValueW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
TrySubmitThreadpoolCallback
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

ntdll

RtlUnsubscribeWnfNotificationWaitForCompletion
RtlGetDeviceFamilyInfoEnum
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification

api-ms-win-devices-query-l1-1-0

DevFreeObjects
DevGetObjects
DevFindProperty

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-security-base-l1-1-0

GetLengthSid
GetTokenInformation
FreeSid
CopySid

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-devices-swdevice-l1-1-1

SwDeviceSetLifetime

api-ms-win-devices-swdevice-l1-1-0

SwDeviceCreate

api-ms-win-rtcore-ntuser-window-l1-1-0

SetForegroundWindow
AllowSetForegroundWindow

oleaut32

VariantInit
SetErrorInfo
SysFreeString
VariantClear
GetErrorInfo
SysAllocString
SysStringLen

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InitializeSListHead
InterlockedPushEntrySList

combase

ord154
ord148

api-ms-win-core-file-l1-1-0

WriteFile

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CreateAndStartPsaSession
CreatePsaManagerForUserContextAbi
CreatePsaSessionForUserContext
CreatePsaSourceStream
CreateSoftwareDevnode
DllCanUnloadNow
DoesPsaHavePdcUpdatePolicyForPrinter
GetAppUserModelId
GetDeviceContainerIdByPerUserPrinterName
GetEntryPoint
GetSidFromUPPrinterName
HasAppWithContract
IsActivationContractSupported
IsIppPrinterPsaEnabledForContractAsCurrentUser
IsMandatoryPsaMissing
IsPdcRegneratedForPrinterWithAppByPrinterName
IsPrinterConnection
IsPsaContractActivatableForDevice
IsPsaEnabledForContract
IsPsaEnabledForContractAsCurrentUser
IsSameUserContextBySid
LaunchPsaAppForError
LaunchSystemSettingsBroker
OnPrinterSelected
QueryAndSubscribePdmPrinterChangeNotification
RegeneratePdcForApp
RemovePsaSession
RemovePsaSessionForUserContext
SetJobIdForPsaSession
SetPrintTicketPsa
ShoudPdcBeUpdatedNow
UpdatePDC
UpdatePDCAndPDR
UpdatePdcRegenerationRegKey
ValidatePrintTicket

Sections

.text
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Print.Workflow.Source.dll
.dll windows:10 windows x64 arch:x64

2946680a3504a65a34e23f6d03a1b880

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Print.Workflow.Source.pdb

Imports

msvcp_win

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?uncaught_exception@std@@YA_NXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o___stdio_common_vsnprintf_s
_o__wcsnicmp
_o_abort
_o_free
_o_iswspace
_o_malloc
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
__std_terminate
__CxxFrameHandler4
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
GetModuleHandleExW
GetModuleHandleW
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
DeleteCriticalSection
EnterCriticalSection
ReleaseSRWLockExclusive
CreateMutexExW
LeaveCriticalSection
SetEvent
AcquireSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseSRWLockShared
CreateSemaphoreExW
ReleaseSemaphore
ReleaseMutex
InitializeCriticalSectionEx
WaitForSingleObject

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

GetUserDefaultLangID
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeEx

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsCreateStringReference
WindowsDeleteString

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InitializeSListHead

api-ms-win-core-file-l1-1-0

WriteFile

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

oleaut32

SysFreeString
SysStringLen
SetErrorInfo

Exports

Exports

DllCanUnloadNow
WfpAbortSession
WfpCloseSession
WfpCreateWorkflowSession
WfpGetOutputFileName
WfpGetWorkFlowStream
WfpSetJobInfo
WfpSetOutputFileName
WfpSetPrintTicket
WfpSetXpsDataType
WfpWaitforJobCompletion

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PrintIsolationProxy.dll
.dll regsvr32 windows:10 windows x64 arch:x64

4927cb707d87faecbfc0411d31a15270

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

PrintIsolationProxy.pdb

Imports

msvcrt

__dllonexit
_lock
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_purecall
_unlock
memcmp
free
_callnewh
malloc
memmove_s
memcpy_s
_vsnwprintf
_onexit
memset

ntdll

EtwEventRegister
EtwEventUnregister
EtwEventEnabled
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwEventWrite

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-com-l1-1-0

CoRevertToSelf
CoImpersonateClient
CoGetObjectContext
CoUninitialize

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
CreateThread
SetThreadToken
GetCurrentThread
OpenThreadToken
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetErrorMode
SetLastError
SetUnhandledExceptionFilter
GetLastError

rpcrt4

NdrDllGetClassObject
NdrOleAllocate
RpcImpersonateClient
NdrDllRegisterProxy
NdrOleFree
NdrDllCanUnloadNow
NdrDllUnregisterProxy

api-ms-win-security-base-l1-1-0

CreateWellKnownSid
CheckTokenMembership

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
ReleaseSRWLockExclusive
ReleaseMutex
DeleteCriticalSection
CreateEventW
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
WaitForSingleObjectEx
InitializeCriticalSectionEx
OpenSemaphoreW
LeaveCriticalSection
AcquireSRWLockExclusive
EnterCriticalSection
SetEvent
CreateMutexExW
CreateSemaphoreExW
ReleaseSRWLockShared
ReleaseSemaphore

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

gdi32

CreateDCW
DeleteDC
GetDeviceCaps

spoolss

RevertToPrinterSelf
ImpersonatePrinterClient

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PrintWorkflowService.dll
.dll windows:10 windows x64 arch:x64

e38a40da5a47fb57aef985f605ab327b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

PrintWorkflowService.pdb

Imports

msvcp_win

?_Xbad_function_call@std@@YAXXZ
_Xtime_get_ticks
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?_Xout_of_range@std@@YAXPEBD@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
_Thrd_yield
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Mtx_unlock
_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
?_Xlength_error@std@@YAXPEBD@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_Throw_C_error@std@@YAXH@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
memmove
_o_abort
_o_free
_o_iswspace
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__execute_onexit_table
_o__errno
wcsrchr
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcschr
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscspn

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlGetDeviceFamilyInfoEnum
RtlInitUnicodeString
RtlVirtualUnwind
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlFreeHeap
NtQueryInformationToken
RtlIsMultiSessionSku
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString

api-ms-win-core-com-l1-1-0

CreateStreamOnHGlobal
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoRegisterClassObject
CoGetMalloc
CoDisconnectContext
CoReleaseServerProcess
CoResumeClassObjects
CoDecrementMTAUsage
CoImpersonateClient
CoRevertToSelf
CoCreateInstance
CoGetStdMarshalEx
CoCreateGuid
CoGetApartmentType
CoGetClassObject
StringFromGUID2
CoUninitialize
CoInitializeEx
CoGetCallContext
CoGetObjectContext
CoTaskMemAlloc
CoRevokeClassObject
CoAddRefServerProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExA
FreeLibrary
DisableThreadLibraryCalls
GetModuleHandleExW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

CreateMutexExW
CreateSemaphoreExW
CreateEventExW
EnterCriticalSection
ReleaseSemaphore
CreateEventW
InitializeCriticalSectionAndSpinCount
ResetEvent
LeaveCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockShared
DeleteCriticalSection
WaitForSingleObject
ReleaseMutex
InitializeSRWLock
ReleaseSRWLockExclusive
SetEvent
AcquireSRWLockExclusive
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsDuplicateString
WindowsCreateStringReference
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsSubstringWithSpecifiedLength

api-ms-win-core-kernel32-legacy-l1-1-0

UnregisterWait

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation
EventActivityIdControl
EventWriteTransfer

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolWait
CreateThreadpoolWait
CreateThreadpoolTimer
CloseThreadpoolWait
SetThreadpoolTimer
TrySubmitThreadpoolCallback

api-ms-win-core-processthreads-l1-1-0

GetProcessId
GetExitCodeThread
OpenProcessToken
GetCurrentProcessId
OpenThreadToken
GetCurrentThread
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
CreateThread

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance
RoRevokeActivationFactories
RoInitialize
RoUninitialize
RoRegisterActivationFactories

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateErrorW
RoOriginateError

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-processthreads-l1-1-1

GetCurrentProcessorNumber
OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedFlushSList
InitializeSListHead

combase

ord140
ord67
ord66
ord68
ord69

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-debug-l1-1-1

CheckRemoteDebuggerPresent

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegOpenCurrentUser
RegGetValueW

api-ms-win-devices-query-l1-1-0

DevFreeObjectProperties
DevGetObjectProperties

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-file-l1-1-0

CreateDirectoryW
CreateFileW
GetFileSize
ReadFile

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorSacl
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-provider-l1-1-0

SetNamedSecurityInfoW

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOverStream
CreateStreamOverRandomAccessStream

api-ms-win-shcore-stream-l1-1-0

IStream_Write
SHCreateStreamOnFileEx
SHCreateMemStream

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-path-l1-1-0

PathCchCombineEx

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-rtcore-ntuser-window-l1-1-0

PeekMessageW
TranslateMessage
DispatchMessageW
PostMessageW
RegisterClassExW

api-ms-win-core-biptcltapi-l1-1-7

BiPtQueryWorkItemStatusStateName
BiPtActivateInBackground

ondemandbrokerclient

CreateOnDemandBrokerClient

api-ms-win-appmodel-runtime-l1-1-0

GetPackagesByPackageFamily

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_QueryService

api-ms-win-appmodel-state-l1-2-0

CloseState
OpenStateExplicit
GetSystemAppDataKey

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-appmodel-unlock-l1-1-0

IsDeveloperModeEnabled

oleaut32

SysAllocString
SysStringLen
SetErrorInfo
GetErrorInfo
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 280KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PrinterCleanupTask.dll
.dll windows:10 windows x64 arch:x64

7a51ad29d63d351471543b7a0a7711d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

PrinterCleanUpTask.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__configure_narrow_argv
memmove
_o__wcsdup
_o_abort
_o_free
_o_iswspace
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__cexit
_o__callnewh
_o__crt_atexit
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
__std_terminate
__CxxFrameHandler4
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
FreeLibrary
LoadStringW
GetModuleHandleW
FreeLibraryAndExitThread
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
WakeByAddressSingle
WaitOnAddress
InitOnceBeginInitialize

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-1-0

CreateEventW
SetEvent
ReleaseSemaphore
OpenSemaphoreW
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
CreateMutexExW
ReleaseMutex
CreateSemaphoreExW
WaitForSingleObjectEx
WaitForSingleObject
AcquireSRWLockShared
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
ReleaseSRWLockShared
AcquireSRWLockExclusive

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
ResumeThread
GetCurrentThreadId
TerminateProcess
CreateThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

print.printsupport.source

GetDeviceContainerIdByPerUserPrinterName

msvcp_win

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

ext-ms-win-printer-winspool-core-l1-1-0

EnumPrintersW
ClosePrinter
OpenPrinterW

ext-ms-win-printer-winspool-l1-1-4

EnumJobsW

ext-ms-win-printer-winspool-l1-1-2

SetJobW

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoCreateFreeThreadedMarshaler

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-sysinfo-l2-1-0

GetUserNameW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx

oleaut32

SysStringLen
VariantInit
VariantClear
SysAllocString
GetErrorInfo
SysFreeString
SetErrorInfo

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-devices-query-l1-1-0

DevSetObjectProperties

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

Exports

Exports

DllCanUnloadNow
DllGetClassObject
EnablePrintJobCleanupTask
EnablePrinterCleanUpTask
SetLastUserInteractionDate

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PsmServiceExtHost.dll
.dll windows:10 windows x64 arch:x64

b08e957a1504bd4b16ddded691f5a13c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

PsmServiceExtHost.pdb

Imports

msvcrt

_wcsnicmp
wcsncmp
wcsrchr
wcschr
qsort
qsort_s
wcscpy_s
memmove_s
memcpy_s
wcsnlen
wcstok_s
_wcsicmp
_vsnwprintf
bsearch
wcsstr
strncmp
memcmp
memcpy
memmove
swprintf_s
_callnewh
wcscmp
_purecall
memset
_onexit
__dllonexit
_unlock
_lock
__CxxFrameHandler3
__C_specific_handler
_initterm
malloc
_amsg_exit
_XcptFilter
free

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus
GetMaximumProcessorGroupCount
LoadLibraryW
RaiseFailFastException
WaitForMultipleObjects

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalFree
GlobalAlloc
LocalAlloc
LocalFree

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

umpdc

PdcNotificationClientRegister
SleepstudyHelperCreateLibrary
Pdcv2ActivationClientActivate
SleepstudyHelperBuildBlocker
SleepstudyHelperDestroyBlocker
Pdcv2ActivationClientDeactivate
SleepstudyHelperSetBlockerParentHandle
SleepstudyHelperBlockerActiveReference
PdcNotificationClientUnregister
Pdcv2ActivationClientUnregister
SleepstudyHelperCreateBlockerFromGuid
PdcNotificationClientAcknowledge
SleepstudyHelperBlockerActiveDereference
Pdcv2ActivationClientRegister
Pdcv2ActivationClientRenewActivation
SleepstudyHelperDestroyBlockerBuilder
SleepstudyHelperDestroyLibrary

api-ms-win-security-capability-l1-1-0

CapabilityCheck

rpcrt4

NdrServerCall2
RpcImpersonateClient
NdrServerCallAll
UuidCreate
RpcServerInqCallAttributesW
RpcServerInqBindings
RpcRevertToSelf
I_RpcMapWin32Status
RpcServerInqBindingsEx
RpcEpRegisterW
RpcServerUnregisterIf
RpcBindingVectorFree
RpcServerRegisterIf3
RpcEpUnregister
RpcServerUseProtseqW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
TlsAlloc
TlsGetValue
TerminateProcess
GetCurrentThreadId
CreateThread
GetProcessId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlCompareMemory
RtlVirtualUnwind

api-ms-win-core-registry-l1-1-0

RegNotifyChangeKeyValue
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
RegGetValueW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
TryAcquireSRWLockExclusive
InitializeSRWLock
CreateEventW
EnterCriticalSection
ReleaseSRWLockExclusive
SetEvent
ReleaseMutex
InitializeCriticalSectionEx
AcquireSRWLockExclusive
OpenSemaphoreW
ResetEvent
WaitForMultipleObjectsEx
ReleaseSRWLockShared
LeaveCriticalSection
WaitForSingleObject
CreateMutexExW
WaitForSingleObjectEx
CreateSemaphoreExW
DeleteCriticalSection
ReleaseSemaphore

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetModuleHandleExA
LockResource
LoadResource

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

iphlpapi

NotifyUnicastIpAddressChange
NotifyIpInterfaceChange
FreeMibTable
CancelMibChangeNotify2
GetUnicastIpAddressTable
GetIpInterfaceTable

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-com-l1-1-0

CoUnmarshalInterface
CoInitializeEx
CoTaskMemAlloc
CreateStreamOnHGlobal
CoReleaseMarshalData
CoUninitialize
CoGetClassObject

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-security-base-l1-1-0

RevertToSelf
IsWellKnownSid
ImpersonateLoggedOnUser
CreateWellKnownSid
ImpersonateSelf

api-ms-win-core-processthreads-l1-1-1

OpenProcess
GetProcessMitigationPolicy

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

ntdll

NtPowerInformation
RtlQueryPackageClaims
NtTerminateJobObject
NtDeviceIoControlFile
NtDuplicateObject
RtlIsMultiSessionSku
NtOpenThreadToken
NtUpdateWnfStateData
NtSetInformationProcess
TpAllocWait
NtQueryInformationThread
RtlCapabilityCheck
NtOpenPartition
TpWaitForWait
NtTerminateProcess
NtOpenFile
NtManagePartition
PssNtCaptureSnapshot
PssNtFreeSnapshot
ZwUpdateWnfStateData
ZwQueryWnfStateNameInformation
NtOpenEvent
NtAlpcConnectPort
RtlAllocateAndInitializeSid
RtlFreeSid
EtwEventWriteNoRegistration
NtAlpcSendWaitReceivePort
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
NtOpenKey
ZwQuerySystemInformation
ZwClose
ZwEnumerateValueKey
RtlDosPathNameToNtPathName_U_WithStatus
ZwCreateFile
NtQueryInformationFile
RtlGetVersion
ZwQueryValueKey
RtlInitUnicodeStringEx
RtlRunOnceExecuteOnce
ZwOpenKey
NtCompareObjects
NtQueryInformationJobObject
NtSetInformationThread
NtOpenProcess
NtSetSystemInformation
NtQuerySystemInformationEx
ZwQueryWnfStateData
TpReleaseWait
NtSetInformationJobObject
TpSetWait
NtOpenProcessToken
NtOpenProcessTokenEx
NtAdjustPrivilegesToken
RtlClearAllBits
RtlRbRemoveNode
RtlInitializeBitMap
RtlInitializeSRWLock
RtlNtStatusToDosError
RtlWakeAddressAll
NtClearEvent
NtWaitForMultipleObjects
NtCreateEvent
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
TpReleaseCleanupGroupMembers
TpReleaseCleanupGroup
TpAllocCleanupGroup
RtlUpcaseUnicodeChar
NtWaitForSingleObject
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlAbsoluteToSelfRelativeSD
RtlNumberOfSetBitsUlongPtr
RtlAddAccessAllowedAceEx
NtQueryInformationProcess
RtlSetDaclSecurityDescriptor
NtCreateWnfStateName
RtlSetOwnerSecurityDescriptor
NtSetEvent
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlInitUnicodeString
RtlFreeUnicodeString
RtlConvertSidToUnicodeString
RtlEqualSid
NtDeleteWnfStateName
RtlWakeAddressSingle
RtlValidSid
RtlQueryPerformanceCounter
RtlClearBit
RtlSetBit
RtlQueryPerformanceFrequency
NtClose
TpAllocPool
NtQueryWnfStateData
TpReleasePool
RtlCopySid
RtlNumberOfSetBits
RtlFreeHeap
RtlReAllocateHeap
NtGetNextThread
RtlAllocateHeap
TpSetTimerEx
TpReleaseWork
RtlInitializeConditionVariable
RtlWakeAllConditionVariable
RtlWakeConditionVariable
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlGetNtSystemRoot
TpReleaseTimer
TpWaitForTimer
RtlRandom
RtlSubscribeWnfStateChangeNotification
RtlLengthSid
RtlPublishWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlSleepConditionVariableSRW
RtlQueryTokenHostIdAsUlong64
RtlQueryWnfMetaNotification
RtlWaitForWnfMetaNotification
RtlQueryWnfStateData
RtlGetNtProductType
RtlGetSuiteMask
NtQueryVolumeInformationFile
NtCreateFile
NtQueryValueKey
ZwOpenFile
ZwEnumerateKey
ZwQueryInformationFile
ZwCreateSection
RtlInitString
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
ZwUnmapViewOfSection
ZwMapViewOfSection
LdrResSearchResource
RtlVerifyVersionInfo
RtlImageDirectoryEntryToData
ZwQueryDirectoryFile
RtlpEnsureBufferSize
RtlNtPathNameToDosPathName
RtlGetNativeSystemInformation
NtApphelpCacheControl
RtlRbInsertNodeEx
TpAllocTimer
NtQuerySystemInformation
TpSetTimer
RtlQueryUnbiasedInterruptTime
RtlWaitOnAddress
TpWaitForWork
TpPostWork
TpAllocWork
NtQueryInformationToken

api-ms-win-appmodel-runtime-l1-1-0

ClosePackageInfo
PackageFamilyNameFromFullName
PackageIdFromFullName

api-ms-win-appmodel-runtime-l1-1-1

OpenPackageInfoByFullNameForUser
ParseApplicationUserModelId

api-ms-win-core-psm-key-l1-1-3

PsmGetAumidFromKey

api-ms-win-core-psm-key-l1-1-0

PsmGetKeyFromToken
PsmIsValidKey
PsmGetPackageFullNameFromKey
PsmIsDynamicKey
PsmGetApplicationNameFromKey

api-ms-win-core-psm-key-l1-1-2

PsmGetDynamicIdFromKey

wer

WerpAddTerminationReason

rmclient

HamCreateActivityForProcess
HamCreateActivity
HamConnectToServer
HamDisconnectFromServer
HamStartActivityAsync
HamCloseActivity
HamStopActivity

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-quirks-l1-1-1

QuirkIsEnabledForPackage3

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

Exports

Exports

BiHamExtHostQueryResourceUsage
CrmpInProcActivityAllocate
CrmpInProcActivityFree
CrmpInProcActivityQueryWindowClosedReasons
CrmpInProcActivityStart
CrmpInProcActivityStop
CrmpInProcActivityWindowClosedReasonSubscribe
CrmpInProcActivityWindowClosedReasonUnsubscribe
HampInProcCloseActivity
HampInProcCompleteConnection
HampInProcCreateActivity
HampInProcCreateActivityForProcess
HampInProcIsHostBeingDebugged
HampInProcQueryActivityPendDiagnostics
HampInProcResetExternalResourcePriority
HampInProcSetExternalResourcePriority
HampInProcStartActivityAsync
HampInProcStopActivity
HampInProcTerminateActivityHost
HampInProcTerminateApplicationHost
HampInProcTerminateHostOnProcessExit
HampInProcUpdateActivityProperties
PsmApplicationStateNotification
PsmCrmCleanup
PsmCrmSessionUserNotification
PsmCrmStart
PsmCrmSuspendNotification
PsmHamDereferenceHostId
PsmHamGetPackageDebugMode
PsmHamReferenceHostId
PsmHamRegisterProcess
PsmHamTerminateApplication
PsmHamTerminateHost
PsmHamTerminatePackage
PsmHangNotification
PsmHangNotification2
PsmHostStateNotification
PsmHostStateNotification2
PsmInitializeServiceExtension
PsmInitializeServiceExtension2
PsmInitializeServiceExtension3
PsmInitializeServiceExtension4
PsmMemoryLimitNotification
PsmMemoryLimitNotification2

Sections

.text
Size: 644KB - Virtual size: 642KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PushToInstall.dll
.dll windows:10 windows x64 arch:x64

fd92721cd1e7c2d7a77029a29dcc6629

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

PushToInstall.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__i64toa_s
_o__i64tow_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__stricmp
_o__ui64toa_s
_o__ui64tow_s
_o__wcsicmp
memmove
_o_free
_o_iswspace
_o_isxdigit
_o_malloc
_o_mbstowcs_s
_o_memcpy_s
_o_realloc
_o_strncpy_s
_o_strtol
_o_terminate
_o_wcstod
__C_specific_handler
__current_exception
__current_exception_context
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
_CxxThrowException
__CxxFrameHandler3
strchr

api-ms-win-crt-string-l1-1-0

memset
wcsnlen
strnlen
memmove_s
wcscmp

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleW
GetModuleFileNameW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleA

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
CreateEventExW
ReleaseSRWLockExclusive
InitializeSRWLock
CreateSemaphoreExW
ReleaseSRWLockShared
SetEvent
ReleaseSemaphore
WaitForSingleObject
OpenSemaphoreW
CreateEventW
AcquireSRWLockExclusive
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
AcquireSRWLockShared
EnterCriticalSection
WaitForSingleObjectEx
CreateMutexExW
LeaveCriticalSection
ReleaseMutex
InitializeCriticalSectionEx
ResetEvent

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
OpenThreadToken
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
OpenProcessToken
GetCurrentThreadId
SetThreadToken

api-ms-win-core-localization-l1-2-0

FormatMessageA
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetTickCount
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
EtwEventWriteTransfer
RtlUnsubscribeWnfNotificationWaitForCompletion
EtwEventUnregister
EtwEventSetInformation
RtlGetDeviceFamilyInfoEnum
RtlIsMultiUsersInSessionSku
EtwEventRegister

api-ms-win-shcore-thread-l1-1-0

GetProcessReference
SetProcessReference

combase

ord154

msvcp_win

??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?_Winerror_map@std@@YAHH@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ

api-ms-win-core-threadpool-l1-2-0

IsThreadpoolTimerSet
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalFree
LocalAlloc

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

rpcrt4

UuidCreate

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateString
WindowsCompareStringOrdinal
WindowsCreateStringReference

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantInit

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

winhttp

WinHttpQueryHeaders
WinHttpSetTimeouts
WinHttpSetOption
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpConnect
WinHttpOpen
WinHttpQueryOption
WinHttpReceiveResponse
WinHttpOpenRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetDefaultProxyConfiguration
WinHttpCloseHandle
WinHttpCreateUrl
WinHttpCrackUrl
WinHttpSendRequest

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventSetInformation
EventUnregister

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

ServiceMain

Sections

.text
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RDXTaskFactory.dll
.dll windows:10 windows x64 arch:x64

ae5b7506dc5318bed82cfd758dc10048

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

RDXTaskFactory.pdb

Imports

msvcrt

wcscspn
__CxxFrameHandler4
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
realloc
sprintf_s
strncmp
??0bad_cast@@QEAA@AEBV0@@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
??_V@YAXPEAX@Z
_set_errno
_get_errno
_wcsicmp
_wcsnicmp
swprintf_s
wcsrchr
__uncaught_exception
setlocale
__pctype_func
isupper
___lc_handle_func
___lc_codepage_func
calloc
islower
abort
memset
_wcsdup
__crtLCMapStringA
_wsetlocale
memcmp
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
??1type_info@@UEAA@XZ
sqrtf

shcore

IUnknown_GetSite
SHGetThreadRef
IUnknown_SetSite
SHCreateStreamOnFileW
SHTaskPoolQueueTask
IUnknown_QueryService
SHDeleteValueW
SHDeleteKeyW
ord127

shlwapi

StrStrIW
PathFileExistsW
PathStripPathW
StrRChrW

combase

ord140

rpcrt4

NdrDllGetClassObject
NdrOleAllocate
NdrOleFree
NdrDllCanUnloadNow

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleExA
GetModuleFileNameA
LoadLibraryExW

api-ms-win-core-synch-l1-2-0

Sleep
SleepConditionVariableSRW
WakeAllConditionVariable
InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSemaphore
WaitForMultipleObjectsEx
CreateEventExW
OpenEventW
SetEvent
WaitForSingleObject
InitializeCriticalSectionEx
ReleaseMutex
EnterCriticalSection
CreateSemaphoreExW
ReleaseSRWLockExclusive
LeaveCriticalSection
WaitForSingleObjectEx
OpenSemaphoreW
InitializeCriticalSection
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventActivityIdControl
EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetExitCodeProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentThread
OpenThreadToken
OpenProcessToken

api-ms-win-core-localization-l1-2-0

GetUserDefaultLCID
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetLocalTime

api-ms-win-core-registry-l1-1-0

RegOpenCurrentUser
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegGetValueW
RegDeleteTreeW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchCombine
PathCchAppend

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsCreateString
WindowsSubstringWithSpecifiedLength
WindowsDeleteString
WindowsDuplicateString

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

netutils

NetApiBufferFree

oleaut32

SysAllocString
SysFreeString
VariantClear

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-power-setting-l1-1-0

PowerGetActiveScheme
PowerWriteDCValueIndex
PowerSetActiveScheme
PowerWriteACValueIndex

powrprof

PowerReadDCDefaultIndex
PowerReadACDefaultIndex

api-ms-win-core-file-l1-1-0

FindFirstFileW
CreateDirectoryW
FindNextFileW
GetFullPathNameW
FindClose

api-ms-win-core-registry-l2-1-0

RegCreateKeyW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-security-base-l1-1-0

GetTokenInformation
ImpersonateLoggedOnUser
RevertToSelf

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

sspicli

LsaFreeReturnBuffer
LsaEnumerateLogonSessions
LsaGetLogonSessionData

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW
LookupAccountSidW

crypt32

CryptUnprotectData

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-ntuser-sysparams-l1-1-0

GetDisplayConfigBufferSizes
QueryDisplayConfig
SystemParametersInfoW
GetMonitorInfoW

api-ms-win-core-psapi-l1-1-0

K32GetProcessImageFileNameW

api-ms-win-core-toolhelp-l1-1-0

CreateToolhelp32Snapshot
Process32NextW

api-ms-win-appmodel-runtime-l1-1-0

GetPackagesByPackageFamily

api-ms-win-shlwapi-winrt-storage-l1-1-1

ord24

ntdll

RtlGetPersistedStateLocation
RtlIsStateSeparationEnabled
RtlGetVersion
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlNtStatusToDosError

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

shell32

SHGetKnownFolderIDList
SHQueryRecycleBinW
ShellExecuteExW

user32

LockSetForegroundWindow
SetWindowPos
SetWindowLongW
MonitorFromWindow
GetWindowLongW
GetWindowInfo
LoadCursorW
SetCursor
GetWindowThreadProcessId
UnhookWindowsHookEx
IsWindowVisible
GetKeyState
EnumWindows
ord2521
SetForegroundWindow
GetCursorPos
PtInRect
SetCursorPos
SetDisplayConfig
SetWindowsHookExW
GetForegroundWindow
CallNextHookEx
SetWindowPlacement

rmclient

HamDebugQueryPackageState
HamFreeBuffer
HamConnectForDebugging
HamDebugClosePackageHandle
HamDisconnectFromServer
HamDebugOpenPackageHandle

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetProxyDllInfo

Sections

.text
Size: 324KB - Virtual size: 322KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ResetEngOnline.dll
.dll windows:10 windows x64 arch:x64

a2ac744caf158b3a3acd5c5091554bd7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ResetEngOnline.pdb

Imports

msvcrt

_onexit
_wcsicmp
_wcsnicmp
wcsrchr
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
wcsncmp
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
_XcptFilter
_amsg_exit
__C_specific_handler
vswprintf_s
_vscwprintf
wcsstr
_purecall
calloc
free
memmove_s
_initterm
_vsnprintf_s
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
__CxxFrameHandler4
_lock
_unlock
??3@YAXPEAX@Z
__dllonexit
wcschr
memset

ntdll

RtlFreeHeap
RtlAllocateHeap
NtSetInformationFile
RtlNtStatusToDosError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
LoadLibraryExW
FindResourceExW
LoadResource
GetModuleHandleExW
LockResource
FreeLibrary
GetProcAddress
GetModuleHandleW
SizeofResource
LoadStringW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
HeapSize
HeapReAlloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
CreateThread
GetCurrentThreadId
GetCurrentProcessId
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-synch-l1-1-0

SetEvent
CreateMutexExW
OpenSemaphoreW
CreateSemaphoreExW
InitializeCriticalSectionEx
ReleaseSemaphore
ReleaseMutex
EnterCriticalSection
WaitForSingleObjectEx
LeaveCriticalSection
WaitForSingleObject
CreateEventW
InitializeCriticalSection
DeleteCriticalSection

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
RaiseException
GetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

api-ms-win-core-registry-l1-1-0

RegGetKeySecurity
RegSetKeySecurity
RegEnumKeyExW
RegDeleteKeyExW
RegCloseKey
RegGetValueW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegCreateKeyExW
RegDeleteTreeW
RegSetValueExW
RegUnLoadKeyW
RegLoadKeyW
RegDeleteValueW

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoSetProxyBlanket
CLSIDFromString
CoCreateInstance

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetWindowsDirectoryW
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-file-l1-1-0

CreateDirectoryW
FindFirstFileW
SetFileInformationByHandle
SetFileAttributesW
FindClose
GetFileInformationByHandle
DeleteFileW
GetVolumeInformationW
FindNextFileW
GetVolumePathNameW
GetFinalPathNameByHandleW
CreateFileW
GetLongPathNameW
GetFullPathNameW
QueryDosDeviceW
GetFileAttributesW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringEx

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventRegister
EventUnregister

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

user32

UnregisterClassA
FindWindowExW

wdscore

CurrentIP
ConstructPartialMsgVW
WdsSetupLogMessageW

luiapi

LuiCloseHandle
LuiRegisterForLpaNotifications
LuiWipeEsim
LuiOpenHandle

wwapi

WwanOpenHandle
WwanFreeMemory
WwanCloseHandle
WwanEnumerateInterfaces
WwanQueryInterface
WwanQueryInterfaceEx

reagent

WinReSetNarratorScheduled

resetengine

ResetValidateScenario
ResetWillSuspendProtection
ResetNotifyCancel
ResetSetStringPoint
ResetNotifyConfirm
ResetSetDataPoint
ResetReleaseSession
ResetCreateSession
ResetPayloadConnection
ResetCleanPCBlocked
ResetHasCustomizations
ResetPayloadEnabled
ResetUnstageOfflineBoot
ResetStageOfflineBoot
ResetGetTelemetrySessionID
ResetGetDiskSpaceRequired
ResetGetRestoredApps
ResetTraceClientInfo
ResetDisabledByPolicy
ResetGetDataVolumes
ResetClearSession
ResetPrepareSession
ResetDownloadPayload

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx
CopyFileExW
MoveFileExW

crypt32

CertVerifyCertificateChainPolicy

api-ms-win-security-base-l1-1-0

IsWellKnownSid
AdjustTokenPrivileges

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus
MoveFileW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvSignerFromChain

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

Exports

Exports

GetNetworkCost
IsEsimPresent
ResetEsim
ResetGetEngineInterface
ResetInitializeEngine
ResetRebootSystem
ResetReleaseEngine
UninstallFinalize
UninstallGetInterface

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ResetEngine.dll
.dll windows:10 windows x64 arch:x64

675db46f1702f3f5549e49b5c892cf77

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d8:2b:aa:ce:60:f8:9e:63:c0:c5:55:11:74:27:e5:2c:e3:b9:0a:45:8c:74:44:93:7e:b1:e7:52:a5:33:50:9b
Signer

Actual PE Digest

d8:2b:aa:ce:60:f8:9e:63:c0:c5:55:11:74:27:e5:2c:e3:b9:0a:45:8c:74:44:93:7e:b1:e7:52:a5:33:50:9b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ResetEngine.pdb

Imports

msvcrt

strncmp
strrchr
strchr
_set_errno
strtol
strncpy_s
sprintf_s
towlower
__RTDynamicCast
memcmp
iswalpha
memset
realloc
_errno
_onexit
__dllonexit
_unlock
_lock
wcspbrk
?terminate@@YAXXZ
_amsg_exit
_XcptFilter
malloc
wcscpy_s
??_V@YAXPEAX@Z
__C_specific_handler
_purecall
calloc
vswprintf_s
_vscwprintf
free
memmove_s
memcpy_s
wcstok_s
wcscspn
wcsspn
strstr
iswspace
_wtol
??0exception@@QEAA@AEBV0@@Z
_vsnwprintf
_wcsnicmp
_wtof
_wtoi
_vscprintf
memcpy
memmove
??3@YAXPEAX@Z
_vsnwprintf_s
_callnewh
_initterm
vsprintf_s
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
_wcsicmp
__CxxFrameHandler4
wcschr
wcstoul
wcsstr
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBDH@Z
??1type_info@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
_vsnprintf_s
??1exception@@UEAA@XZ
_wtoi64
towupper
_vsnprintf
wcsrchr
wcsncmp
wcscmp

advapi32

QueryServiceStatus
ControlTraceW
EventSetInformation
CloseTrace
StopTraceW
EnableTraceEx2
EnableTraceEx
StartTraceW
RegLoadKeyW
RegUnLoadKeyW
RegDeleteKeyW
RegGetKeySecurity
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
SetFileSecurityW
GetFileSecurityW
EventRegister
EventWriteTransfer
EventUnregister
QueryAllTracesW
OpenProcessToken
CloseServiceHandle
NotifyServiceStatusChangeW
ControlService
StartServiceW
OpenServiceW
RegDeleteKeyExW
RegEnumKeyExW
RegSetKeySecurity
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
RevertToSelf
ImpersonateLoggedOnUser
RegDeleteTreeW
RegCreateKeyExW
RegCloseKey
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
CredFree
CredReadW
RegSetValueExW
RegGetValueW
GetTraceLoggerHandle
OpenSCManagerW
CryptDestroyKey
CryptDecrypt
CryptGetKeyParam
CryptExportKey
CryptImportKey
IsWellKnownSid
ConvertStringSidToSidW

kernel32

OutputDebugStringA
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
WideCharToMultiByte
GetEnvironmentVariableW
CompareStringW
LeaveCriticalSection
EnterCriticalSection
RaiseException
DeleteCriticalSection
InitializeCriticalSection
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
GetLastError
GetSystemWindowsDirectoryW
GetProcessHeap
HeapFree
FindResourceExW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
GetFileSizeEx
GetWindowsDirectoryW
SetFilePointer
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetSystemPowerStatus
SetThreadExecutionState
PowerClearRequest
PowerCreateRequest
PowerSetRequest
GetFirmwareType
VirtualProtect
LoadLibraryExA
VirtualQuery
CloseHandle
VerSetConditionMask
VerifyVersionInfoW
GetSystemDirectoryW
GetFileAttributesW
FreeLibrary
ReleaseMutex
LoadLibraryExW
GetProcAddress
GlobalFree
ExitProcess
WTSGetActiveConsoleSessionId
CreateMutexW
WaitForSingleObject
GetProductInfo
CreateDirectoryW
SetLastError
GetFullPathNameW
GetLongPathNameW
GetFinalPathNameByHandleW
GetModuleFileNameW
GetVolumePathNameW
CreateFileW
GetVolumeNameForVolumeMountPointW
GetCurrentDirectoryW
GetDriveTypeW
QueryDosDeviceW
GetSystemInfo
ExpandEnvironmentStringsW
LocalFree
GetFileInformationByHandleEx
FindFirstFileW
FindNextFileW
GetDiskFreeSpaceW
DeviceIoControl
FindClose
SetFileAttributesW
GetFileInformationByHandle
SetFileInformationByHandle
DeleteFileW
GetModuleHandleW
CopyFileExW
FlushFileBuffers
SetEnvironmentVariableW
OpenEventW
FormatMessageW
SetEvent
CreateThread
ResetEvent
SleepEx
OutputDebugStringW
GetVolumePathNamesForVolumeNameW
MoveFileExW
RemoveDirectoryW
CopyFile2
WriteFile
GetDiskFreeSpaceExW
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
IsDebuggerPresent
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseSemaphore
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForSingleObjectEx
InitializeCriticalSectionEx
OpenSemaphoreW
CreateThreadpoolTimer
TlsAlloc
TlsGetValue
TlsSetValue
ReadFile
CreateMutexExW
CreateSemaphoreExW
CreateEventW
WaitForMultipleObjects
GetOverlappedResult
CancelIoEx
CreateNamedPipeW
CreateProcessW
GetExitCodeProcess
GetFirmwareEnvironmentVariableW
GetTempPath2W
OpenThread
SuspendThread
GetLocaleInfoEx
SystemTimeToTzSpecificLocalTime
GetLocalTime
GetDateFormatEx
GetTimeFormatEx
GetSystemPreferredUILanguages
LoadLibraryW
QueryPerformanceFrequency
LocalAlloc
GetVersionExW
GetVersionExA
WakeAllConditionVariable
SleepConditionVariableSRW
GetSystemTime

ole32

CoInitializeEx
CoUninitialize
StringFromCLSID
CoTaskMemFree
CoCreateGuid
CLSIDFromString
CoCreateInstance
StringFromGUID2

user32

FindWindowExW
GetSystemMetrics
LoadStringW
RegisterHotKey
PostThreadMessageW
UnregisterHotKey
UnregisterClassA
GetMessageW

ntdll

RtlCheckPortableOperatingSystem
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
NtQuerySystemInformation
NtPowerInformation
NtClose
NtOpenFile
NtUnloadKey2
RtlDosPathNameToNtPathName_U_WithStatus
RtlAllocateHeap
RtlFreeHeap
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlInitUnicodeString
RtlSetThreadErrorMode
NtSetInformationFile
RtlNtStatusToDosError
RtlGetVersion

oleaut32

BSTR_UserFree
BSTR_UserUnmarshal64
BSTR_UserUnmarshal
BSTR_UserMarshal
SysFreeString
BSTR_UserSize
SysAllocStringLen
BSTR_UserFree64
BSTR_UserSize64
BSTR_UserMarshal64
VariantClear
SysStringLen
SysAllocString
VariantInit

bootsvc

BfsRedirectLogging
BfsUnregisterLogCallback
BfsRegisterLogCallback
BfsInitializeBcdStore
BsdSummarize

wdscore

WdsSetupLogMessageW
WdsTerminate
CurrentIP
ConstructPartialMsgVW
WdsInitialize

shlwapi

StrStrIW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW
GetFileVersionInfoSizeW

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW

rpcrt4

RpcStringFreeW
UuidCreate
NdrClientCall3
RpcBindingFromStringBindingW
RpcStringBindingComposeW
NdrServerCallAll
RpcBindingFree
NdrServerCall2

api-ms-win-devices-config-l1-1-0

CM_Unregister_Notification
CM_Register_Notification

bcd

SyspartGetSystemPartition
BcdOpenStore
BcdDeleteSystemStore
BcdExportStore
BcdFlushStore
BcdCloseObject
BcdOpenObject
BcdSetElementData
BcdGetElementData
BcdDeleteElement
BcdQueryObject
BcdDeleteObject
BcdCloseStore

dismapi

DismShutdown
DismOpenSession
_DismSetProductKey
DismCloseSession
DismInitialize
_DismGetEffectiveSystemUILanguage
DismDelete

fveapi

FveConversionEncryptEx
FveDeleteAuthMethod
FveGetAuthMethodInformation
FveConversionDecrypt
FveCommitChanges
FveAddAuthMethodInformation
FveOpenVolumeW
FveCloseVolume
FveGetStatus
FveDeleteDeviceEncryptionOptOutForVolumeW
FveRevertVolume

reagent

WinReSetRecoveryAction
WinReCopyDiagnosticFiles
WinReGetConfig
WinReHashWimFile
WinReInstallOnTargetOS

fltlib

FilterFindFirst
FilterFindClose
FilterUnload
FilterFindNext

profapi

ord104

wimgapi

WIMUnregisterMessageCallback
WIMRegisterMessageCallback
WIMUnmountImage
WIMAddImagePath
WIMFindNextImageFile
WIMExtractImagePath
WIMFindFirstImageFile
WIMWriteFileWithIntegrity
WIMLoadImage
WIMSetReferenceFile
WIMSetTemporaryPath
WIMGetAttributes
WIMGetImageInformation
WIMCreateFile
WIMCloseHandle
WIMRegisterLogFile
WIMUnregisterLogFile
WIMSplitFile
WIMReadFileEx
WIMUnmountImageHandle
WIMApplyImage

setupapi

SetupDiGetDeviceInterfacePropertyW
SetupDiGetClassDevsW
SetupDiGetDevicePropertyW
SetupIterateCabinetW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInfoW

crypt32

CertVerifyCertificateChainPolicy

tbs

Tbsi_GetDeviceInfo
Tbsi_Physical_Presence_Command
Tbsip_Context_Close
Tbsi_Context_Create

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData

xmllite

CreateXmlReader
CreateXmlWriter

bcrypt

BCryptCloseAlgorithmProvider

Exports

Exports

ResetApplyCloudPartitionLayout
ResetArmBootTrigger
ResetCBMREnabled
ResetCBMRPreparation
ResetCancelCleanup
ResetCancelImageDownload
ResetCleanPCBlocked
ResetClearSession
ResetCloudEndpointAvailable
ResetConnectCloud
ResetCreateMedia
ResetCreateSession
ResetDisabledByPolicy
ResetDisarmBootTrigger
ResetDownloadImage
ResetDownloadPayload
ResetEnterOOBE
ResetExecCleanup
ResetExecOnline
ResetExecute
ResetGetDataVolumes
ResetGetDiskSpaceRequired
ResetGetMediaSize
ResetGetRestoredApps
ResetGetScenarioType
ResetGetTargetVolume
ResetGetTelemetrySessionID
ResetHasCustomizations
ResetLoadSession
ResetNotifyAcknowledgeWarning
ResetNotifyCancel
ResetNotifyConfirm
ResetPayloadConnection
ResetPayloadEnabled
ResetPrepareSession
ResetProvisionMedia
ResetReleaseMedia
ResetReleaseSession
ResetResumeBitLockerProtection
ResetResumeLog
ResetReturnToOldOS
ResetSetDataPoint
ResetSetStringPoint
ResetSetTestFlag
ResetStageOfflineBoot
ResetSubmitTelemetry
ResetSuspendSession
ResetTraceClientInfo
ResetUndo
ResetUnstageOfflineBoot
ResetUserLogon
ResetValidateScenario
ResetWillSuspendProtection
ResetWipeSystem

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 900KB - Virtual size: 896KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ResetEngine.exe
.exe windows:10 windows x64 arch:x64

7be250e36699d6849e88f93be3f3a653

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

28:21:c9:f4:28:3c:d8:6f:46:17:97:72:48:12:08:88:5b:1d:93:15:83:91:7a:2d:fd:29:bc:c7:85:dd:68:eb
Signer

Actual PE Digest

28:21:c9:f4:28:3c:d8:6f:46:17:97:72:48:12:08:88:5b:1d:93:15:83:91:7a:2d:fd:29:bc:c7:85:dd:68:eb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ResetEngine.pdb

Imports

kernel32

LoadLibraryExW
GetLastError
GetSystemWindowsDirectoryW
GetProcAddress
LocalFree
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
TerminateProcess
GetCurrentProcess

msvcrt

__C_specific_handler
??1type_info@@UEAA@XZ
_commode
_initterm
_fmode
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_wcsicmp
??3@YAXPEAX@Z
_wcmdln
?terminate@@YAXXZ
memset

shell32

CommandLineToArgvW

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RjvMDMConfig.dll
.dll windows:10 windows x64 arch:x64

b1e5406672052e77410932f6ce12004a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

RjvMDMConfig.pdb

Imports

msvcp110_win

?_Xbad_alloc@std@@YAXXZ
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z

msvcrt

sprintf_s
wcsncmp
wcstod
toupper
memmove_s
_wcsicmp
_CxxThrowException
memcmp
memcpy
memmove
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
_callnewh
malloc
_vsnprintf_s
_vsnwprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
_purecall
??3@YAXPEAX@Z
__CxxFrameHandler4
__CxxFrameHandler3
_wcsnicmp
memset

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleW
GetProcAddress
GetModuleHandleExW
LoadLibraryExA

api-ms-win-core-file-l1-1-0

GetFileSize
CreateFileW
ReadFile
WriteFile

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

crypt32

PFXImportCertStore
CertFreeCertificateContext
CertOpenStore
CertFindCertificateInStore
CertCloseStore
PFXExportCertStoreEx
CertEnumCertificatesInStore
CertAddCertificateContextToStore

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
ReleaseMutex
CreateMutexExW
AcquireSRWLockExclusive
InitializeCriticalSectionEx
LeaveCriticalSection
DeleteCriticalSection
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
CreateSemaphoreExW
WaitForSingleObject
EnterCriticalSection
ReleaseSemaphore
OpenEventW
ReleaseSRWLockExclusive

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentThread
OpenThreadToken
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

VariantInit
VariantClear
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SysFreeString
SafeArrayGetLBound
SafeArrayCreate
SafeArrayGetUBound
SysAllocString

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

rpcrt4

UuidFromStringW
UuidCreate

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegQueryValueExW
RegOpenKeyExW
RegGetValueW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetTickCount
GetVersionExW

ntdll

RtlFreeHeap
RtlInitUnicodeString
NtSetInformationToken
NtQuerySecurityAttributesToken
RtlAllocateHeap
RtlIsStateSeparationEnabled
RtlCompareMemory

wdscore

WdsSetupLogMessageW
ConstructPartialMsgVW
CurrentIP

api-ms-win-core-com-l1-1-0

CoInitializeEx
StringFromGUID2
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchAppend

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

CheckTokenMembership
GetTokenInformation
AllocateAndInitializeSid
ImpersonateLoggedOnUser
CopySid
EqualSid
RevertToSelf
FreeSid
GetLengthSid

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

Preserve
Restore

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Robocopy.exe
.exe windows:10 windows x64 arch:x64

fd7565eca3274aa505e2b7b750db8dce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

robocopy.pdb

Imports

msvcrt

__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
__C_specific_handler
_wcsnicmp
_wcsicmp
malloc
__set_app_type
wcsstr
clock
ctime
time
_lock
_unlock
exit
_exit
_cexit
??1type_info@@UEAA@XZ
__setusermatherr
_initterm
_fmode
__dllonexit
_onexit
_commode
free
memset
?terminate@@YAXXZ
memcpy
memcmp
_CxxThrowException
wcstok_s
wcscat_s
wcscpy_s
fwprintf_s
fflush
wcstol
_wsetlocale
swprintf_s
fwprintf
memmove_s
printf
fgetws
_wcsupr_s
_wfopen
_vsnprintf_s
_fileno
_setmode
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
__iob_func
_errno
_get_osfhandle
fprintf
_purecall
fputws
fclose
memcpy_s
_vsnwprintf
wprintf
__CxxFrameHandler4
wcscmp

kernel32

lstrlenW
WriteConsoleW
GetStdHandle
HeapValidate
GetConsoleMode
GetFileType
HeapSize
HeapReAlloc
HeapDestroy
RaiseException
ExitProcess
OpenThread
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateThread
GetExitCodeThread
ExitThread
GetModuleFileNameA
SizeofResource
CompareStringW
CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
GetFullPathNameW
ReleaseSemaphore
GetModuleHandleExW
ExpandEnvironmentStringsW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
GetVersion
FormatMessageW
LocalFileTimeToFileTime
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
FileTimeToSystemTime
CloseThreadpoolTimer
AcquireSRWLockExclusive
WaitForSingleObjectEx
LockResource
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
FindResourceExW
LoadResource
HeapAlloc
GetLocalTime
GetProcAddress
CreateMutexExW
GetTimeFormatW
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GetModuleHandleW
GetSystemTime
DebugBreak
GetDateFormatW
IsDebuggerPresent
InitializeSRWLock
CloseThreadpoolWork
CreateThreadpool
SetWaitableTimer
TlsSetValue
GetConsoleOutputCP
CreateWaitableTimerW
SetFileTime
WaitForMultipleObjects
SetThreadUILanguage
InitializeCriticalSection
SetErrorMode
CreateFileW
GetFileAttributesW
FindFirstChangeNotificationW
OpenProcess
CreateEventW
CloseThreadpoolCleanupGroupMembers
Sleep
SetThreadpoolThreadMaximum
SetEvent
FindCloseChangeNotification
TlsAlloc
QueryPerformanceFrequency
CreateThreadpoolCleanupGroup
HeapSetInformation
ResetEvent
FindNextChangeNotification
SubmitThreadpoolWork
SleepEx
TlsGetValue
QueryPerformanceCounter
ResumeThread
CreateThreadpoolWork
GetLocaleInfoEx
LocalAlloc
GetNumberFormatEx
LocalFree
WideCharToMultiByte
CreateDirectoryW
GetVolumeInformationW
CompareFileTime
FindFirstFileW
DeviceIoControl
RemoveDirectoryW
FindClose
SetFileAttributesW
GetFileInformationByHandle
GlobalFree
CopyFile2
lstrcmpW
RtlCompareMemory
BackupWrite
CompareStringOrdinal
DeleteFileW
BackupRead
GetTickCount
SetThreadPriority

advapi32

GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetSecurityDescriptorControl
EncryptFileW
ReadEncryptedFileRaw
DecryptFileW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
WriteEncryptedFileRaw
OpenEncryptedFileRawW
CloseEncryptedFileRaw
OpenProcessToken

user32

UnregisterClassA
LoadStringW

ws2_32

WSACleanup

ntdll

NtSetInformationProcess
NtOpenFile
RtlGetDaclSecurityDescriptor
NtQuerySecurityObject
NtQueryDirectoryFile
RtlFreeHeap
NtQueryInformationFile
RtlSetControlSecurityDescriptor
NtClose
NtSetSecurityObject
NtSetEaFile
NtSetInformationFile
RtlInitUnicodeString
RtlGetSaclSecurityDescriptor
RtlDosPathNameToRelativeNtPathName_U
RtlGetControlSecurityDescriptor
RtlNtStatusToDosErrorNoTeb
NtQueryVolumeInformationFile
RtlNtStatusToDosError
NtQueryEaFile

Sections

.text
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SFAPE.dll
.dll windows:10 windows x64 arch:x64

906ddff480c7da976a4ccb2241581044

Code Sign

33:00:00:04:5c:3d:56:72:66:6c:b7:54:17:00:00:00:00:04:5c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 18:20

Not After

04/09/2024, 18:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3f:e2:93:30:d5:f7:79:4c:7b:d8:fc:6f:97:bc:25:fb:57:e4:a1:0f:59:3b:e8:fe:46:a2:cc:a0:13:6f:79:c0
Signer

Actual PE Digest

3f:e2:93:30:d5:f7:79:4c:7b:d8:fc:6f:97:bc:25:fb:57:e4:a1:0f:59:3b:e8:fe:46:a2:cc:a0:13:6f:79:c0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SFAPE.pdb

Imports

ucrtbase_enclave

_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_callnewh
malloc
free
_seh_filter_dll
__CxxFrameHandler4
__std_exception_copy
__std_exception_destroy
__C_specific_handler
__std_type_info_destroy_list
_CxxThrowException
_invalid_parameter_noinfo_noreturn
_initterm_e
_initterm
memcpy
memcmp
memset
memmove

bcrypt

BCryptDeriveKeyPBKDF2
BCryptHash
BCryptGenRandom

vertdll

CallEnclave
GetLastError
EnclaveSealData
EnclaveUnsealData
TlsGetValue
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeSListHead
TlsAlloc
GetCurrentThreadId
TlsSetValue

Exports

Exports

CharactersInput
ClipboardInput
CloseCcHandle
GetCcAttributes
Initialize
MeasurePerformance
SealUnsealCredentials
SetCcTimeStamps
UserCredentials

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SFAPM.dll
.dll windows:10 windows x64 arch:x64

4cbcd1b5fb7fd4028f2097704dc0f702

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

50:73:54:4b:f9:06:51:31:bf:b6:13:41:26:76:9a:36:70:32:04:35:9b:f6:0d:81:e4:c7:89:1f:57:84:d2:1a
Signer

Actual PE Digest

50:73:54:4b:f9:06:51:31:bf:b6:13:41:26:76:9a:36:70:32:04:35:9b:f6:0d:81:e4:c7:89:1f:57:84:d2:1a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SFAPM.pdb

Imports

msvcp_win

_Mtx_current_owns
_Cnd_timedwait
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Thrd_id
_Thrd_join
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_broadcast
_Query_perf_frequency
_Query_perf_counter
_Cnd_do_broadcast_at_thread_exit
?_Xbad_function_call@std@@YAXXZ
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
_Xtime_get_ticks
_Mtx_lock
_Mtx_init_in_situ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

wcsnlen
memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_free
_o_malloc
_o_terminate
_o_wcsncpy_s
__current_exception
__current_exception_context
_o__crt_atexit
_CxxThrowException
_o__configure_narrow_argv
_o__beginthreadex
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__C_specific_handler
__CxxFrameHandler4
_o__cexit
_o__callnewh
memcmp
memcpy

wtdsensor

WtdsGetEventData
WtdsFreeEvent
WtdsGetProcessId
WtdsAllocateEvent
WtdsRegisterSensor
WtdsUnregisterSensor
WtdsSendEvent

kernel32

ReleaseMutex
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
InitializeSRWLock
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleExA
AcquireSRWLockExclusive
WaitForSingleObjectEx
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
LeaveCriticalSection
WaitForThreadpoolTimerCallbacks
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
TryAcquireSRWLockExclusive
GetModuleHandleExW
GetComputerNameW
InitializeEnclave
CreateEnclave
IsEnclaveTypeSupported
SetProcessMitigationPolicy
VerSetConditionMask
VerifyVersionInfoW
WriteFile
GetFinalPathNameByHandleW
ReadFile
CreateFileW
ReleaseSemaphore
EnterCriticalSection
DeleteFileW
SetThreadpoolTimer
CloseHandle
UnhandledExceptionFilter
SetLastError
DisableThreadLibraryCalls
InitializeCriticalSectionEx
HeapFree
CreateSemaphoreExW
LocalAlloc
QueryFullProcessImageNameW
SetUnhandledExceptionFilter
LocalFree
OpenProcess
GetCurrentProcess
GetPriorityClass
SetThreadPriority
SetThreadInformation
GetCurrentThread
GetThreadPriority
GetModuleFileNameA
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
GetProcAddress
HeapAlloc
CreateThreadpoolTimer
ReleaseSRWLockShared
OpenSemaphoreW

advapi32

EventWriteTransfer
EventSetInformation
EventRegister
EventUnregister
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorDacl
SetNamedSecurityInfoW
ImpersonateLoggedOnUser
RevertToSelf
OpenThreadToken
ConvertSidToStringSidW

shlwapi

PathFindFileNameW

secur32

LsaGetLogonSessionData
LsaEnumerateLogonSessions
LsaFreeReturnBuffer

shell32

SHCreateDirectoryExW
SHGetKnownFolderPath

ole32

CoTaskMemFree

wtsapi32

WTSFreeMemoryExW
WTSEnumerateSessionsExW

bcrypt

BCryptHash
BCryptDeriveKeyPBKDF2
BCryptGenRandom

rpcrt4

I_RpcBindingInqLocalClientPID
NdrServerCall2
NdrServerCallAll
RpcRevertToSelf
RpcImpersonateClient
RpcServerInqBindingHandle
RpcAsyncAbortCall
RpcServerUseProtseqEpExW
RpcServerRegisterIf3
RpcServerListen
RpcMgmtStopServerListening
RpcMgmtWaitServerListen
RpcServerUnregisterIfEx
RpcServerInqCallAttributesW
RpcServerTestCancel
UuidCreate
RpcExceptionFilter
RpcAsyncCompleteCall
NdrAsyncServerCall
Ndr64AsyncServerCallAll

api-ms-win-core-realtime-l1-1-1

QueryUnbiasedInterruptTimePrecise
QueryInterruptTime

api-ms-win-core-enclave-l1-1-1

CallEnclave
LoadEnclaveImageW

ntdll

NtQuerySystemTime
RtlCopyLuid
RtlCreateUnicodeString
RtlDuplicateUnicodeString
RtlCopySid
RtlLengthSid
RtlValidSid
RtlInitString
RtlEqualUnicodeString
RtlPublishWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlInitUnicodeString
NtQueryInformationToken
RtlFreeUnicodeString
RtlGetThreadWorkOnBehalfTicket
RtlSetThreadWorkOnBehalfTicket

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

crypt32

CryptUnprotectData
CryptProtectData

api-ms-win-security-lsalookup-l1-1-2

LsaLookupUserAccountType

Exports

Exports

SpLsaModeInitialize

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SHCore.dll
.dll windows:10 windows x64 arch:x64

f471698a8d2bd68a1687bdae2cbd694e

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

82:89:e0:e3:4c:64:30:65:5d:3e:46:ab:bc:f8:b7:94:5a:a3:c7:de:5d:6d:09:f6:cb:08:17:f9:03:7c:d8:60
Signer

Actual PE Digest

82:89:e0:e3:4c:64:30:65:5d:3e:46:ab:bc:f8:b7:94:5a:a3:c7:de:5d:6d:09:f6:cb:08:17:f9:03:7c:d8:60

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

shcore.pdb

Imports

msvcp_win

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Xlength_error@std@@YAXPEBD@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Xbad_alloc@std@@YAXXZ

api-ms-win-crt-string-l1-1-0

memset
strncmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_floor
_o_free
_o_malloc
_o_realloc
_o_terminate
_o_wcstod
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
__CxxFrameHandler3
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

LockResource
LoadResource
GetModuleHandleExW
DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleW
FreeLibraryAndExitThread
LoadLibraryExW
SizeofResource
GetModuleFileNameA
GetModuleHandleExA
GetProcAddress
GetModuleFileNameW
FindResourceExW
LoadStringW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

CreateEventExW
CreateSemaphoreExW
EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
CreateEventW
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
CreateMutexExW
OpenEventW
ResetEvent
WaitForMultipleObjectsEx
CreateMutexW
AcquireSRWLockShared
TryAcquireSRWLockExclusive
DeleteCriticalSection
SetEvent
InitializeSRWLock
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventRegister
EventWriteTransfer
EventSetInformation

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-0

ResumeThread
GetCurrentThread
TlsAlloc
GetThreadPriority
CreateThread
GetStartupInfoW
GetCurrentProcess
TlsGetValue
GetProcessId
OpenThreadToken
OpenProcessToken
GetCurrentProcessId
SetThreadPriority
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsFree

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetVersionExW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
TrySubmitThreadpoolCallback
CallbackMayRunLong
DisassociateCurrentThreadFromCallback
CloseThreadpoolWait
SetThreadpoolTimer
FreeLibraryWhenCallbackReturns
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait
SetThreadpoolWait
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-heap-l2-1-0

LocalFree
LocalReAlloc
LocalAlloc

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNIW
StrCmpNICW
StrDupA
StrChrW
StrCmpICW
StrDupW
StrToIntW
QISearch

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegSetValueExA
RegDeleteKeyExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteKeyExW
RegEnumValueW
RegGetValueW
RegEnumKeyExW
RegDeleteValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueA

api-ms-win-security-base-l1-1-0

RevertToSelf
CheckTokenMembership
GetTokenInformation
AdjustTokenPrivileges
ImpersonateLoggedOnUser

api-ms-win-core-memory-l1-1-0

OpenFileMappingW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-core-file-l1-1-0

GetFileInformationByHandle
GetFileSizeEx
GetFileAttributesExW
SetFilePointer
WriteFile
SetEndOfFile
CreateFileW
GetFileAttributesW
SetFileInformationByHandle
ReadFile
SetFilePointerEx
LockFileEx
GetVolumeInformationByHandleW
FindFirstFileW
FlushFileBuffers
UnlockFileEx
FindClose
GetDriveTypeW
DeleteFileW
CreateDirectoryW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathUnExpandEnvStringsA
PathUnExpandEnvStringsW
PathIsRelativeW
PathFindExtensionW
PathCombineW
PathFindFileNameW
PathRemoveFileSpecW
PathGetDriveNumberW
PathFileExistsW
PathIsUNCW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA
ExpandEnvironmentStringsW

api-ms-win-core-wow64-l1-1-1

Wow64SetThreadDefaultGuestMachine

ntdll

NtQuerySystemInformationEx
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlNtStatusToDosError
RtlIsPartialPlaceholder
RtlInitUnicodeString
wcsncmp
wcschr
wcsrchr
RtlAreLongPathsEnabled
NtCreateFile
NtQueryInformationProcess
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive

api-ms-win-core-sysinfo-l1-2-0

GetOsSafeBootMode

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-core-io-l1-1-0

CancelIoEx
GetOverlappedResult
DeviceIoControl

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx
ReplaceFileW

api-ms-win-core-file-l1-2-0

CreateFile2

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem
DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-atoms-l1-1-0

GlobalAddAtomExW
GlobalAddAtomW
GlobalGetAtomNameW
GlobalDeleteAtom
GlobalFindAtomW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-path-l1-1-0

PathCchAddBackslashEx

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CommandLineToArgvW
CreateRandomAccessStreamOnFile
CreateRandomAccessStreamOverStream
CreateStreamOverRandomAccessStream
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
GetCurrentProcessExplicitAppUserModelID
GetDpiForMonitor
GetDpiForShellUIComponent
GetFeatureEnabledState
GetFeatureVariant
GetProcessDpiAwareness
GetProcessReference
GetScaleFactorForDevice
GetScaleFactorForMonitor
IStream_Copy
IStream_Read
IStream_ReadStr
IStream_Reset
IStream_Size
IStream_Write
IStream_WriteStr
IUnknown_AtomicRelease
IUnknown_GetSite
IUnknown_QueryService
IUnknown_Set
IUnknown_SetSite
IsOS
IsProcessInIsolatedContainer
IsProcessInWDAGContainer
RecordFeatureError
RecordFeatureUsage
RegisterScaleChangeEvent
RegisterScaleChangeNotifications
RevokeScaleChangeNotifications
SHAnsiToAnsi
SHAnsiToUnicode
SHCopyKeyA
SHCopyKeyW
SHCreateMemStream
SHCreateStreamOnFileA
SHCreateStreamOnFileEx
SHCreateStreamOnFileW
SHCreateThread
SHCreateThreadRef
SHCreateThreadWithHandle
SHDeleteEmptyKeyA
SHDeleteEmptyKeyW
SHDeleteKeyA
SHDeleteKeyW
SHDeleteValueA
SHDeleteValueW
SHEnumKeyExA
SHEnumKeyExW
SHEnumValueA
SHEnumValueW
SHGetThreadRef
SHGetValueA
SHGetValueW
SHOpenRegStream2A
SHOpenRegStream2W
SHOpenRegStreamA
SHOpenRegStreamW
SHQueryInfoKeyA
SHQueryInfoKeyW
SHQueryValueExA
SHQueryValueExW
SHRegDuplicateHKey
SHRegGetIntW
SHRegGetPathA
SHRegGetPathW
SHRegGetValueA
SHRegGetValueFromHKCUHKLM
SHRegGetValueW
SHRegSetPathA
SHRegSetPathW
SHReleaseThreadRef
SHSetThreadRef
SHSetValueA
SHSetValueW
SHStrDupA
SHStrDupW
SHTaskPoolAllowThreadReuse
SHTaskPoolDoNotWaitForMoreTasks
SHTaskPoolGetCurrentThreadLifetime
SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask
SHTaskPoolSetThreadReuseAllowed
SHUnicodeToAnsi
SHUnicodeToUnicode
SetCurrentProcessExplicitAppUserModelID
SetProcessDpiAwareness
SetProcessReference
SubscribeFeatureStateChangeNotification
UnregisterScaleChangeEvent
UnsubscribeFeatureStateChangeNotification

Sections

.text
Size: 668KB - Virtual size: 665KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SRH.dll
.dll windows:10 windows x64 arch:x64

a6303cf2ef1710de4ab1c2bc2e0b6d31

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SRH.pdb

Imports

msvcp_win

?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?good@ios_base@std@@QEBA_NXZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$ctype@G@std@@2V0locale@2@A
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
_Thrd_yield
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?unshift@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Random_device@std@@YAIXZ
??Bios_base@std@@QEBA_NXZ
?_Xruntime_error@std@@YAXPEBD@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Makeloc@_Locimp@locale@std@@CAPEAV123@AEBV_Locinfo@3@HPEAV123@PEBV23@@Z
?_Getname@_Locinfo@std@@QEBAPEBDXZ
??0_Locinfo@std@@QEAA@HPEBD@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@_N@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
?id@?$collate@G@std@@2V0locale@2@A
_Wcsxfrm
_Wcscoll
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?tolower@?$ctype@G@std@@QEBAGG@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
_Cnd_do_broadcast_at_thread_exit
_Mtx_unlock
_Mtx_lock
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
_Unlock_shared_ptr_spin_lock
_Lock_shared_ptr_spin_lock
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?id@?$collate@D@std@@2V0locale@2@A
_Mtx_destroy_in_situ
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?tolower@?$ctype@D@std@@QEBADD@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Lockit@std@@QEAA@XZ
??1_Locinfo@std@@QEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
_Strcoll
_Strxfrm
?_Throw_C_error@std@@YAXH@Z
_Thrd_detach
_Mtx_init_in_situ
??1facet@locale@std@@MEAA@XZ
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_join
_Thrd_id
??0facet@locale@std@@IEAA@_K@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?width@ios_base@std@@QEAA_J_J@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?widen@?$ctype@G@std@@QEBAGD@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset
wcspbrk
wcscspn
wcsspn
wcsncmp
wcscmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__itow_s
_o__lock_file
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__unlock_file
_o__wcsicmp
_o__wcslwr_s
_o__wcsnicmp
_o__wtoi
memmove
_o_acosf
_o_atan2
_o_atan2f
_o_ceil
_o_ceilf
_o_cosf
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fgetwc
_o_floor
_o_floorf
_o_fmod
_o_fputwc
_o_free
_o_fsetpos
_o_fwrite
_o_iswalpha
_o_iswcntrl
_o_iswlower
_o_iswspace
_o_iswupper
_o_log
_o_log10f
_o_malloc
_o_pow
_o_powf
_o_realloc
_o_setvbuf
_o_sinf
_o_sqrt
_o_sqrtf
_o_terminate
_o_towlower
_o_towupper
_o_ungetc
_o_ungetwc
_o_wcstol
_o_wmemcpy_s
__std_type_info_compare
wcschr
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__fseeki64
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__beginthreadex
strchr
wcsstr
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o____lc_codepage_func
__C_specific_handler
__std_terminate
__CxxFrameHandler4
__C_specific_handler_noexcept
memcmp
memcpy
_o_abort

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnsubscribeWnfNotificationWaitForCompletion
WinSqmAddToStream
WinSqmIncrementDWORD
RtlCaptureContext
WinSqmSetDWORD
RtlGetDeviceFamilyInfoEnum
NtQueryWnfStateData
RtlPublishWnfStateData
RtlSubscribeWnfStateChangeNotification
WinSqmSetString

oleaut32

SysFreeString
VariantClear
SafeArrayUnaccessData
VarBstrCat
SafeArrayDestroy
GetErrorInfo
SetErrorInfo
SafeArrayAccessData
SafeArrayCopy
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
SafeArrayGetDim
SafeArrayCreateVector
SysAllocString
VarBstrCmp
VariantInit
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetVartype
SysStringLen
VariantCopy
VarCmp
SysAllocStringLen
VariantCopyInd
SafeArrayLock
SafeArrayCreate
SafeArrayRedim
SafeArrayUnlock
SafeArrayPutElement

bcp47langs

Bcp47FromLcid
Bcp47GetLanguageName
Bcp47GetNlsForm

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleExA
GetModuleHandleW
GetProcAddress
LoadStringW
FreeLibrary
GetModuleHandleExW
FindResourceExW
LoadResource
LockResource
GetModuleFileNameW
GetModuleFileNameA
SizeofResource

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
CancelWaitableTimer
SetWaitableTimer
OpenSemaphoreW
CreateMutexExW
DeleteCriticalSection
InitializeCriticalSection
SetEvent
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
LeaveCriticalSection
EnterCriticalSection
OpenMutexW
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount
CreateEventExW
ResetEvent
CreateEventW
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapSize
HeapDestroy
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
SetProcessShutdownParameters
GetCurrentProcess
GetExitCodeProcess
CreateThread
GetThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW
FormatMessageA
LocaleNameToLCID
GetSystemDefaultLCID
GetLocaleInfoEx
GetThreadLocale
GetUserPreferredUILanguages

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
TraceMessage
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceEnableLevel

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError
RoOriginateErrorW

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW

api-ms-win-core-com-l1-1-0

CoGetObjectContext
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoAllowUnmarshalerCLSID
CoWaitForMultipleHandles
IIDFromString
CLSIDFromString
CoUninitialize
PropVariantClear
StringFromCLSID
CoInitializeEx
StringFromGUID2
CoGetApartmentType
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoTaskMemFree

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWait
SetThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolWait
CreateThreadpoolWait
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForThreadpoolWaitCallbacks
TrySubmitThreadpoolCallback

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
GetStringTypeExW
CompareStringW
MultiByteToWideChar

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-string-l2-1-0

CharLowerW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetVersionExW
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount64
GetTickCount

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-devices-config-l1-1-1

CM_Register_Notification
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_SizeW
CM_MapCrToWin32Err
CM_Unregister_Notification

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-file-l1-1-0

CreateFileW
FindClose
FindFirstFileW
GetFileAttributesExW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumValueW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegNotifyChangeKeyValue

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalFree
GlobalAlloc

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer
WindowsCreateString
WindowsDeleteString
WindowsCreateStringReference
WindowsIsStringEmpty

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-console-l1-2-0

FreeConsole
AttachConsole

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo
ReadConsoleOutputW

rpcrt4

UuidCreate

api-ms-win-core-datetime-l1-1-1

GetTimeFormatEx
GetDateFormatEx

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-synch-l1-2-1

CreateWaitableTimerW
WaitForMultipleObjects

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-security-base-l1-1-0

CheckTokenMembership
GetTokenInformation
AllocateAndInitializeSid
FreeSid

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

api-ms-win-service-management-l1-1-0

StartServiceW
CloseServiceHandle
OpenSCManagerW
OpenServiceW

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-core-fibers-l1-1-0

FlsGetValue
FlsFree
FlsAlloc
FlsSetValue

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-shlwapi-legacy-l1-1-0

PathRemoveFileSpecW
PathFileExistsW

api-ms-win-core-kernel32-legacy-l1-1-5

SetThreadExecutionState

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-sidebyside-l1-1-0

DeactivateActCtx
ActivateActCtx
GetCurrentActCtx
ReleaseActCtx
CreateActCtxW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-ntuser-rectangle-l1-1-0

IsRectEmpty
UnionRect
CopyRect
PtInRect
InflateRect
EqualRect

api-ms-win-crt-math-l1-1-0

_isnan
_finite

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

Exports

Exports

CreateAndEnqueueNarratorCommandEvent
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllMain
ExecuteNarratorFind
GetInputLearningHelper
IgnoreLeaksInCurrentlyTrackedMemory
Initialize
IsIgnoringLeaks
PostTestCheckForLeaks
RunNarrator
SetBrailleBlinkingCursor
SetBrailleCursorRepresentation
SetBrailleDeviceChangeFromReg
SetBrailleIsEnabledFromReg
SetBrailleTablesFromReg
SetDictationRunning
SetFastKeyEntryEnabled
SetFollowInsertion
SetReadHints
SetScriptingEnabledFromReg
SetVoicePropertiesFromReg
StartIgnoringLeaks
StopIgnoringLeaks
UpdateErrorLoggingCallback
UpdateNarratorSettingsFromReg

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 888KB - Virtual size: 884KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 504KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SecConfig.efi
.exe windows:0 windows x64 arch:x64

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

89:d1:a1:ed:e2:a3:77:06:d7:8e:07:cd:03:5c:38:dc:89:5e:b2:29:b1:38:ec:fa:f0:49:00:64:ad:17:4a:f6
Signer

Actual PE Digest

89:d1:a1:ed:e2:a3:77:06:d7:8e:07:cd:03:5c:38:dc:89:5e:b2:29:b1:38:ec:fa:f0:49:00:64:ad:17:4a:f6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SecConfig.pdb

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRANSIT
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGER32C
Size: 1024B - Virtual size: 729B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SecureTimeAggregator.dll
.dll windows:10 windows x64 arch:x64

ab2e5c128592f83c9a9b41995f46bf36

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SecureTimeAggregator.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__crt_atexit
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__register_onexit_function
_o__seh_filter_dll
memcpy
_o_free
_o_malloc
_o_wcstoul
_CxxThrowException
_o__cexit
_o___stdio_common_vswprintf
_o__callnewh
_o__beginthread
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcschr
_set_se_translator
__C_specific_handler
__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

wcscspn
memset

api-ms-win-core-synch-l1-1-0

CreateEventW
EnterCriticalSection
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
SetEvent
DeleteCriticalSection

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

ntdll

RtlConvertSharedToExclusive
RtlConvertExclusiveToShared
RtlAllocateHeap
RtlImageNtHeader
RtlIsStateSeparationEnabled
RtlDeleteResource
RtlInitUnicodeString
RtlRunOnceExecuteOnce
NtQuerySystemInformation
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlAcquireResourceShared
RtlReleaseResource
RtlInitializeResource
RtlAcquireResourceExclusive
RtlFreeHeap

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemInfo
GetSystemTimeAsFileTime

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-file-l1-1-0

GetFileSizeEx
WriteFile
CreateFileW
FileTimeToLocalFileTime

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetCurrentProcessorNumber

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
SetThreadStackGuarantee

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery
VirtualAlloc

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AggregateSSLHandshakeTime
DllCanUnloadNow
GetSecureTime
UnInitialize

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SensorRuntimeBroker.exe
.exe windows:10 windows x64 arch:x64

945f13d60b3cfa3bbe130dc0b7bbf330

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SensorRuntimeBroker.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o___p__commode
_o__callnewh
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlSubAuthoritySid
RtlSubAuthorityCountSid
RtlInitUnicodeString

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseMutex
CreateEventExW
WaitForSingleObject
AcquireSRWLockExclusive
InitializeCriticalSectionEx
LeaveCriticalSection
CreateMutexExW
ReleaseSemaphore
EnterCriticalSection
AcquireSRWLockShared
DeleteCriticalSection
CreateSemaphoreExW
OpenSemaphoreW
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString
WindowsCreateString
WindowsGetStringRawBuffer

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
GetTraceEnableFlags
RegisterTraceGuidsW

api-ms-win-security-base-l1-1-0

SetTokenInformation
AdjustTokenPrivileges
GetTokenInformation
GetLengthSid

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoInitialize
RoUninitialize
RoRegisterActivationFactories

api-ms-win-core-com-l1-1-0

CoRevokeClassObject
CoRegisterClassObject
CoResumeClassObjects
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoReleaseServerProcess
CoCreateInstance
CoAddRefServerProcess

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

combase

ord69

wpprecorderum

WppAutoLogStart
WppAutoLogStop
WppAutoLogTrace

api-ms-win-core-com-l1-1-3

CoRegisterDeviceCatalog
CoRevokeDeviceCatalog

oleaut32

SysStringLen
SysFreeString
SetErrorInfo

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SensorService.dll
.dll windows:10 windows x64 arch:x64

f68b7fe4b4c36fedb4ddff2980ac1f18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SensorService.pdb

Imports

msvcp_win

??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??0facet@locale@std@@IEAA@_K@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$collate@G@std@@2V0locale@2@A
?id@?$ctype@G@std@@2V0locale@2@A
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
_Wcsxfrm
_Wcscoll
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
_Mtx_trylock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1facet@locale@std@@MEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
memmove
_o_abort
_o_ceilf
_o_free
_o_iswspace
_o_malloc
_o_rand
_o_realloc
_o_wcscpy_s
_o_wcstoul
__C_specific_handler
_CxxThrowException
_o__difftime64
_o__crt_atexit
__std_type_info_compare
_o__configure_narrow_argv
wcsstr
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
strchr
__CxxFrameHandler3
_o__execute_onexit_table
_o__errno
__std_terminate
__CxxFrameHandler4
__RTDynamicCast
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcscmp
memset
strncmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleExA
DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
WaitForMultipleObjectsEx
OpenSemaphoreW
CreateMutexExW
CreateSemaphoreExW
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
TryAcquireSRWLockExclusive
InitializeSRWLock
InitializeCriticalSection
CreateEventExW
AcquireSRWLockExclusive
SetEvent
CreateEventW
InitializeCriticalSectionAndSpinCount
ResetEvent

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
OpenThreadToken
TerminateProcess
GetCurrentProcess
OpenProcessToken
CreateThread
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolWork
CloseThreadpoolCleanupGroup
WaitForThreadpoolWorkCallbacks
CloseThreadpoolTimer
SubmitThreadpoolWork
SetThreadpoolThreadMinimum
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolCleanupGroup
SetThreadpoolThreadMaximum
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWork
CreateThreadpool
FreeLibraryWhenCallbackReturns
WaitForThreadpoolWaitCallbacks
CloseThreadpool
CreateThreadpoolWait
CloseThreadpoolCleanupGroupMembers

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation
EventWriteTransfer

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
GetTraceLoggerHandle
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage

wpprecorderum

WppAutoLogStart
WppAutoLogTrace
WppAutoLogStop

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

ntdll

LdrAddRefDll
RtlInitUnicodeString
NtQuerySystemInformation
NtPowerInformation
NtQueryWnfStateData
NtCancelTimer2
NtSetTimer2
NtCreateIRTimer
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlQueryPackageIdentity
RtlSubscribeWnfStateChangeNotification
RtlPublishWnfStateData

sensorsnativeapi

SensorStopHistory
SensorCancelHistoryRetrieval
SensorGetPrxData
SensorOpenByType
SensorGetAccData
SensorGetThresholds
SensorGetProperties
SensorGetDataCollection
SensorGetDeviceId
SensorStop
SensorStartCollection
SensorGetHistory
SensorStartHistory
SensorClose
SensorEnableIdleOperation
SensorGetTypeFromInterfacePath
SensorClearHistory
SensorGetCapabilitiesCollection
SensorOpenByInterface
SensorSelectBestDevice

brokerlib

BrDeleteBrokerInstance
BrInitializeBrokerInstance2
BrCreateBrokerInstance2
BrCheckCallerIsAppContainer
BrSignalBrokerEvent2

umpdc

PdcSignalClientRegister
PdcSignalClientSetActive
PdcSignalClientUnregister
PdcSignalClientPulse

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_List_SizeW
CM_Unregister_Notification
CM_Open_Device_Interface_KeyW
CM_Get_Device_Interface_PropertyW
CM_MapCrToWin32Err
CM_Register_Notification
CM_Get_DevNode_PropertyW
CM_Locate_DevNodeW
CM_Get_Device_Interface_ListW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoTaskMemAlloc
CLSIDFromString
CoCreateFreeThreadedMarshaler
CoEnableCallCancellation
CoDisableCallCancellation
CoCancelCall
CoTaskMemFree
CoWaitForMultipleHandles
PropVariantCopy
PropVariantClear
CoCreateGuid

propsys

VariantToPropVariant
InitPropVariantFromCLSID
PSStringFromPropertyKey
PropVariantToVariant
InitPropVariantFromFileTime

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

rpcrt4

RpcServerUseProtseqW
RpcServerUnregisterIfEx
RpcImpersonateClient
RpcServerUnregisterIf
UuidCreate
RpcBindingVectorFree
NdrServerCallAll
NdrServerCall2
RpcServerRegisterIf3
RpcEpUnregister
RpcEpRegisterW
RpcRevertToSelf
RpcServerInqBindings

api-ms-win-devices-swdevice-l1-1-0

SwDeviceInterfaceRegister
SwDeviceCreate
SwDeviceClose
SwDeviceInterfaceSetState
SwMemFree

api-ms-win-core-file-l1-1-0

WriteFile
CompareFileTime

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-core-namedpipe-l1-1-0

DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW

api-ms-win-core-io-l1-1-0

CancelIoEx
GetOverlappedResult

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegGetValueW
RegSetValueExW
RegNotifyChangeKeyValue

api-ms-win-security-base-l1-1-0

IsValidSid
AdjustTokenPrivileges
CopySid
GetTokenInformation
GetLengthSid

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

oleaut32

VariantTimeToSystemTime
SysAllocString
VariantClear
GetErrorInfo
SetErrorInfo
SysFreeString
SysStringLen

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-kernel32-legacy-l1-1-1

PowerClearRequest
PowerSetRequest
PowerCreateRequest

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification
PowerSetActiveScheme
PowerWriteACValueIndex
PowerGetActiveScheme
PowerWriteDCValueIndex

api-ms-win-power-base-l1-1-0

PowerRegisterSuspendResumeNotification
CallNtPowerInformation
PowerUnregisterSuspendResumeNotification

api-ms-win-devices-swdevice-l1-1-1

SwDeviceSetLifetime
SwDeviceGetLifetime

powrprof

PowerReadACValueIndex
PowerReadDCValueIndex

api-ms-win-service-core-l1-1-3

GetServiceRegistryStateKey

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-security-capability-l1-1-0

RpcClientCapabilityCheck

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

sensorsutilsv2

SerializationBufferFree
CollectionsListAllocateBufferAndSerialize
PropKeyFindKeyGetUlong
PropKeyFindKeyGetFloat
PropKeyFindKeySetPropVariant
PropKeyFindKeyGetNthUlong
PropKeyFindKeyGetFileTime
PropKeyFindKeyGetNthInt64

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
ServiceMain
SvchostPushServiceGlobalsEx

Sections

.text
Size: 648KB - Virtual size: 644KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingsEnvironment.Desktop.dll
.dll windows:10 windows x64 arch:x64

c3d5858f100835751771501c6bedc18a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsEnvironment.Desktop.pdb

Imports

msvcp_win

?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1_Lockit@std@@QEAA@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
_Strcoll
_Strxfrm
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
??0_Locinfo@std@@QEAA@PEBD@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?id@?$collate@D@std@@2V0locale@2@A
?_Xbad_alloc@std@@YAXXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?is@?$ctype@D@std@@QEBA_NFD@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?tolower@?$ctype@D@std@@QEBADD@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1facet@locale@std@@MEAA@XZ
?id@?$ctype@D@std@@2V0locale@2@A
??0facet@locale@std@@IEAA@_K@Z
??0_Lockit@std@@QEAA@H@Z
??Bid@locale@std@@QEAA_KXZ
??1_Locinfo@std@@QEAA@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset
strncmp
wcscspn
wcsncmp
wcscmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o__wcsicmp
_o_abort
_o_free
_o_iswspace
_o_malloc
_o_memcpy_s
_o_realloc
_o_wcsncpy_s
_o_wcstok_s
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o__execute_onexit_table
_o__errno
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
wcsstr
strchr
_o__callnewh
wcschr
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

ntdll

RtlNtStatusToDosError
RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlGetDeviceFamilyInfoEnum
VerSetConditionMask
NtQuerySystemInformation
NtPowerInformation
NtQueryWnfStateData
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlInitString
RtlIsMultiSessionSku
RtlIsMultiUsersInSessionSku
NtQueryInformationToken

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleFileNameA
FreeLibrary
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleHandleExW
FindStringOrdinal
GetProcAddress

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCreateKeyExW
RegNotifyChangeKeyValue
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegGetValueW

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-synch-l1-1-0

ResetEvent
CreateSemaphoreExW
EnterCriticalSection
CreateEventW
InitializeCriticalSectionAndSpinCount
CreateEventExW
SetEvent
ReleaseSemaphore
TryEnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
InitializeCriticalSection

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventActivityIdControl
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentVariableW
GetEnvironmentVariableW
ExpandEnvironmentStringsW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentThreadId
TerminateProcess
OpenThreadToken
GetCurrentThread
GetProcessId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError
RoTransformError

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsCreateString
WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-com-l1-1-0

CoGetCallerTID
CoWaitForMultipleHandles
CoGetCallContext
CoTaskMemAlloc
CoTaskMemFree
CoGetApartmentType
CoGetClassObject
CoCreateInstance
CoGetMalloc
CoCreateFreeThreadedMarshaler
PropVariantClear
CoTaskMemRealloc

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-security-base-l1-1-0

DuplicateToken
GetTokenInformation
CheckTokenMembership
GetSidSubAuthorityCount
CopySid
GetSidSubAuthority
IsValidSid
CreateWellKnownSid

userenv

GetProfileType

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetComputerNameExW
GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_List_SizeW
CM_MapCrToWin32Err

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-winrt-registration-l1-1-0

RoGetActivatableClassRegistration

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

hid

HidD_GetHidGuid

api-ms-win-core-localization-private-l1-1-0

NlsCheckPolicy

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
RegisterWaitForSingleObject

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrChrW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

kernel32

TryAcquireSRWLockExclusive
InitializeSRWLock

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceEnableLevel

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-service-private-l1-1-0

UnsubscribeServiceChangeNotifications

Exports

Exports

DllCanUnloadNow
GetDesktopSettingsEnvironment

Sections

.text
Size: 552KB - Virtual size: 550KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingsHandlers_Authentication.dll
.dll windows:10 windows x64 arch:x64

389f6ee380b29d064489264005ce2d5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_Authentication.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_bsearch_s
_o_free
_o_malloc
_o_realloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__crt_atexit
_o__configure_narrow_argv
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__callnewh
__CxxFrameHandler3
_CxxThrowException
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

cryptngc

NgcFreeEnumState
NgcEnumContainers

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentProcessId
GetCurrentProcess
CreateThread
GetProcessId
OpenThreadToken
GetCurrentThreadId
GetExitCodeProcess
GetCurrentThread
TerminateProcess

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExW
GetProcAddress
DisableThreadLibraryCalls
GetModuleFileNameA

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

CreateEventW
ResetEvent
OpenSemaphoreW
WaitForSingleObject
AcquireSRWLockShared
AcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjectsEx
SetEvent
CreateEventExW
WaitForSingleObjectEx
InitializeSRWLock
ReleaseSRWLockExclusive
CreateMutexExW
CreateSemaphoreExW
ReleaseSRWLockShared
InitializeCriticalSectionEx
ReleaseMutex
ReleaseSemaphore
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryAcquireSRWLockExclusive

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsCompareStringOrdinal

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
EventActivityIdControl

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
SetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegSetValueExW
RegGetValueW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance
RoInitialize
RoUninitialize

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitializeEx
CoCreateFreeThreadedMarshaler

ntdll

RtlIsMultiSessionSku
RtlInitString
RtlIsMultiUsersInSessionSku

api-ms-win-rtcore-ntuser-window-l1-1-0

EnumWindows
SendMessageW
GetWindowThreadProcessId

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

wldp

WldpQueryWindowsLockdownMode

sspicli

LsaCallAuthenticationPackage
LsaLookupAuthenticationPackage
LsaFreeReturnBuffer
LsaConnectUntrusted
LsaDeregisterLogonProcess

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-security-base-l1-1-0

CopySid
GetTokenInformation

api-ms-win-security-lsalookup-l1-1-2

LsaLookupUserAccountType

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetSetting

Sections

.text
Size: 252KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingsHandlers_Backup.dll
.dll windows:10 windows x64 arch:x64

7bc5c35ddb12f9fe313752d3d0c27467

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_Backup.pdb

Imports

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o_abort
_o_free
_o_iswspace
_o_malloc
_o_realloc
__CxxFrameHandler4
memcpy
__std_terminate
memcmp
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
__CxxFrameHandler3
__C_specific_handler
_CxxThrowException
memmove
__std_type_info_compare

api-ms-win-crt-string-l1-1-0

strlen
wcslen
strncmp
strcmp
memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetProcAddress
GetModuleHandleExW
FreeLibrary
DisableThreadLibraryCalls

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetComputerNameExW

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead
InterlockedFlushSList

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
CreateEventW
OpenSemaphoreW
ReleaseSRWLockExclusive
ReleaseSRWLockShared
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
EnterCriticalSection
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
LeaveCriticalSection
CreateMutexExW
InitializeCriticalSection
SetEvent
AcquireSRWLockExclusive
AcquireSRWLockShared
DeleteCriticalSection
InitializeCriticalSectionEx

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventActivityIdControl
EventUnregister

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoGetObjectContext
CoGetApartmentType
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
StringFromGUID2
CoCreateFreeThreadedMarshaler

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
TrySubmitThreadpoolCallback

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsCreateString

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

msvcp_win

?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
_Thrd_yield
?_Xlength_error@std@@YAXPEBD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ

ntdll

RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlInitializeCorrelationVector
RtlIncrementCorrelationVector

api-ms-win-shcore-registry-l1-1-0

SHRegGetValueW

api-ms-win-security-lsalookup-l1-1-2

LsaLookupUserAccountType

dsreg

DsrIsDeviceJoined

oleaut32

SysFreeString
SysStringLen
SysAllocString
GetErrorInfo
SetErrorInfo

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-util-l1-1-0

EncodePointer

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
GetSetting

Sections

.text
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingsHandlers_BatteryUsage.dll
.dll windows:10 windows x64 arch:x64

2af904bab4fbdd0009fa656e00f5fb2b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_BatteryUsage.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__execute_onexit_table
_o__ui64tow_s
_o__wcsicmp
_o__wcsnicmp
memmove
_o_abort
_o_bsearch_s
_o_ceilf
_o_free
_o_iswspace
_o_log2
_o_malloc
_o_pow
_o_rand_s
_o_realloc
_o_terminate
_o_wcsncpy_s
__C_specific_handler
__current_exception
__current_exception_context
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcschr
__CxxFrameHandler3
_CxxThrowException
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcscmp
memset

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
OpenThreadToken
GetCurrentThread
CreateThread
OpenProcessToken
TerminateProcess

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
FreeLibrary

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
ReleaseSRWLockShared
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseMutex
LeaveCriticalSection
CreateSemaphoreExW
InitializeSRWLock
ReleaseSemaphore
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockExclusive
WaitForSingleObjectEx
DeleteCriticalSection
CreateMutexExW
InitializeCriticalSectionEx
OpenSemaphoreW
WaitForSingleObject
ResetEvent
CreateEventW
SetEvent

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

shcore

SHCreateThread
SHStrDupW
CreateRandomAccessStreamOnFile
ord244

msvcp_win

?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Syserror_map@std@@YAPEBDH@Z
_Cnd_unregister_at_thread_exit
_Cnd_register_at_thread_exit
_Cnd_wait
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
_Cnd_destroy_in_situ
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
_Cnd_init_in_situ
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Throw_C_error@std@@YAXH@Z
_Cnd_broadcast
_Xtime_get_ticks
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?__ExceptionPtrDestroy@@YAXPEAX@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?__ExceptionPtrRethrow@@YAXPEBX@Z
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0task_continuation_context@Concurrency@@AEAA@XZ
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?_Xbad_function_call@std@@YAXXZ
?width@ios_base@std@@QEAA_J_J@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?uncaught_exception@std@@YA_NXZ
?flags@ios_base@std@@QEBAHXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?good@ios_base@std@@QEBA_NXZ
?width@ios_base@std@@QEBA_JXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??Bid@locale@std@@QEAA_KXZ
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?id@?$ctype@G@std@@2V0locale@2@A
?__ExceptionPtrCreate@@YAXPEAX@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@G@std@@QEBAGD@Z
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?_Xlength_error@std@@YAXPEBD@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoDecrementMTAUsage
PropVariantClear
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles
CoGetApartmentType
CoGetMalloc
CoTaskMemRealloc
CoIncrementMTAUsage
CoGetClassObject

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError

api-ms-win-core-datetime-l1-1-1

GetTimeFormatEx

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-security-base-l1-1-0

GetTokenInformation
ImpersonateLoggedOnUser
RevertToSelf
CopySid
GetLengthSid
IsValidSid

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-file-l1-1-0

FindNextVolumeW
GetLogicalDriveStringsW
FindFirstVolumeW
FileTimeToLocalFileTime
QueryDosDeviceW
FindVolumeClose

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW
StrCmpIW
StrCmpLogicalW
StrToIntW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-shell-namespace-l1-1-0

SHCreateItemFromParsingName
SHCreateItemWithParent

api-ms-win-appmodel-runtime-l1-1-1

ParseApplicationUserModelId

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-storage-exports-internal-l1-1-0

SHGetKnownFolderItem

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW

api-ms-win-appmodel-runtime-l1-1-0

OpenPackageInfoByFullName
PackageFamilyNameFromFullName
ClosePackageInfo
GetPackageInfo

ntdll

RtlInitUnicodeString
NtQuerySystemInformation
NtPowerInformation
NtQueryFullAttributesFile

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW
PathIsRelativeW

api-ms-win-appmodel-runtime-internal-l1-1-0

GetPackageContext
GetPackagePropertyString

oleaut32

SysFreeString

api-ms-win-shlwapi-winrt-storage-l1-1-1

ord448

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegGetValueW
RegCloseKey
RegEnumValueW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

GetSetting

Sections

.text
Size: 348KB - Virtual size: 347KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingsHandlers_CapabilityAccess.dll
.dll windows:10 windows x64 arch:x64

ccbc18ed87047f0cde41605915070388

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_CapabilityAccess.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__wcsicmp
memmove
_o_bsearch_s
_o_ceilf
_o_free
_o_malloc
_o_qsort
_o_realloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
__C_specific_handler
__current_exception
__current_exception_context
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_CxxThrowException
__CxxFrameHandler3
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FreeLibrary
GetModuleHandleW
GetModuleHandleExW
DisableThreadLibraryCalls
LoadStringW
GetProcAddress

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
ReleaseMutex
OpenSemaphoreW
CreateMutexExW
InitializeSRWLock
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSemaphore
CreateSemaphoreExW
AcquireSRWLockShared
DeleteCriticalSection
TryAcquireSRWLockExclusive
EnterCriticalSection
WaitForSingleObject
LeaveCriticalSection
CreateEventW
SetEvent
ResetEvent
CreateEventExW
ReleaseSRWLockShared
WaitForMultipleObjectsEx

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentProcess
TerminateProcess
GetProcessId
OpenProcessToken
GetCurrentProcessId
CreateThread
GetExitCodeProcess
OpenThreadToken
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsDuplicateString
WindowsDeleteString
WindowsCreateStringReference
WindowsCreateString
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-com-l1-1-0

CoAddRefServerProcess
CoReleaseServerProcess
CoRevokeClassObject
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoResumeClassObjects
CoImpersonateClient
CoRevertToSelf
CoRegisterClassObject
CoDecrementMTAUsage
CoInitializeEx
CoWaitForMultipleHandles
CoGetMalloc
CoIncrementMTAUsage
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoSetProxyBlanket

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoTransformError
RoOriginateError

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-core-winrt-l1-1-0

RoRegisterActivationFactories
RoUninitialize
RoInitialize
RoActivateInstance
RoGetActivationFactory
RoRevokeActivationFactories

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-security-base-l1-1-0

GetTokenInformation
RevertToSelf
CreateWellKnownSid
ImpersonateSelf
GetLengthSid
CheckTokenMembership
ImpersonateLoggedOnUser
CopySid

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

api-ms-win-shcore-scaling-l1-1-1

ord244

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceExecuteOnce
InitOnceComplete

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpIW

ntdll

RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOnFile

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegGetValueW
RegOpenKeyExW
RegSetValueExW
RegCloseKey

api-ms-win-core-file-l1-1-0

GetFileAttributesW

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-lsalookup-l1-1-0

LsaLookupOpenLocalPolicy
LsaLookupGetDomainInfo
LsaLookupFreeMemory
LsaLookupClose

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-rtcore-ntuser-window-l1-1-0

GetWindowThreadProcessId
EnumWindows
GetWindowRect
SendMessageW

api-ms-win-appmodel-runtime-internal-l1-1-4

GetEffectivePackageStatusForUserSid

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics

api-ms-win-shlwapi-winrt-storage-l1-1-1

ord348

combase

ord67
ord66
ord68

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

GetSetting
GetSettingForUser

Sections

.text
Size: 232KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingsHandlers_CloudPC.dll
.dll windows:10 windows x64 arch:x64

e9650381b01d45253fe6ce75473e7c15

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:80:a7:ab:28:ba:10:b0:2c:db:20:74:dc:2d:79:d3:fc:ab:5c:90:44:8e:b2:cb:61:3f:4a:66:b7:ce:ca:0e
Signer

Actual PE Digest

2e:80:a7:ab:28:ba:10:b0:2c:db:20:74:dc:2d:79:d3:fc:ab:5c:90:44:8e:b2:cb:61:3f:4a:66:b7:ce:ca:0e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_CloudPC.pdb

Imports

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o_abort
_o_ceilf
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
__CxxFrameHandler4
memcpy
_o__configure_narrow_argv
__std_terminate
memmove
memcmp
_CxxThrowException
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__CxxFrameHandler3
__C_specific_handler
__current_exception_context
_o__crt_atexit
__current_exception

api-ms-win-crt-string-l1-1-0

strncmp
memset
wcslen
strlen
strcmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

msvcp_win

?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Xbad_alloc@std@@YAXXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetProcAddress
FreeLibrary
GetModuleHandleExW
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

ResetEvent
SetEvent
ReleaseSRWLockExclusive
EnterCriticalSection
CreateMutexExW
AcquireSRWLockExclusive
DeleteCriticalSection
LeaveCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
CreateEventW
ReleaseSRWLockShared
InitializeCriticalSectionEx
ReleaseMutex
AcquireSRWLockShared
WaitForSingleObject
CreateSemaphoreExW
ReleaseSemaphore
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList
InterlockedFlushSList

shcore

IUnknown_QueryService

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

oleaut32

SetErrorInfo
SysStringLen
SysAllocString
GetErrorInfo
SysFreeString

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
GetSetting

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 748B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingsHandlers_Copilot.dll
.dll windows:10 windows x64 arch:x64

e3a5202d374b351111b78cacf9eca32b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_Copilot.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__crt_atexit
memmove
_o_abort
_o_bsearch_s
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__CxxFrameHandler3
_CxxThrowException
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
strncmp

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleFileNameA
GetProcAddress
GetModuleHandleExW
GetModuleHandleW
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
CreateSemaphoreExW
ReleaseSemaphore
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
SetEvent
InitializeCriticalSectionEx
EnterCriticalSection
WaitForSingleObject
ReleaseSRWLockShared
ResetEvent
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CreateEventW
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseMutex
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError
RaiseException

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
CreateThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateString
WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

msvcp_win

?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegGetValueW
RegOpenKeyExW
RegDeleteKeyExW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoIncrementMTAUsage
CoWaitForMultipleHandles
CoDecrementMTAUsage
CoTaskMemFree
CoInitializeEx
CoUninitialize

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
RoReportFailedDelegate

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize
RoGetActivationFactory

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

oleaut32

SetErrorInfo
SysAllocString
GetErrorInfo
SysStringLen
SysFreeString

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetSetting

Sections

.text
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingsHandlers_DesktopTaskbar.dll
.dll windows:10 windows x64 arch:x64

28251c574e2f62484389ed33b6ede8a9

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

83:c2:df:9f:ba:7d:a5:a1:4d:d5:1f:51:f0:45:75:72:39:c7:7c:10:4a:2e:44:59:9b:85:8c:37:0f:d2:90:02
Signer

Actual PE Digest

83:c2:df:9f:ba:7d:a5:a1:4d:d5:1f:51:f0:45:75:72:39:c7:7c:10:4a:2e:44:59:9b:85:8c:37:0f:d2:90:02

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_DesktopTaskbar.pdb

Imports

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__wcsicmp
_o_abort
_o_free
_o_iswspace
_o_malloc
_o_memcpy_s
_o_realloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
__CxxFrameHandler4
memcpy
__std_terminate
memmove
memcmp
_o__get_errno
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_CxxThrowException
__current_exception_context
__current_exception
__CxxFrameHandler3
__C_specific_handler

api-ms-win-crt-string-l1-1-0

strncmp
memset
strlen
wcslen
strcmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameA
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
CreateSemaphoreExW
AcquireSRWLockExclusive
DeleteCriticalSection
ReleaseSRWLockShared
InitializeCriticalSection
WaitForSingleObject
ReleaseSRWLockExclusive
WaitForSingleObjectEx
CreateEventExW
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
OpenSemaphoreW
InitializeCriticalSectionAndSpinCount
ReleaseMutex
CreateEventW
CreateMutexExW
SetEvent
ResetEvent

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
TrySubmitThreadpoolCallback
CreateThreadpoolTimer
SetThreadpoolWait
SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedFlushSList
InitializeSListHead

ext-ms-win-devmgmt-policy-l1-1-1

PolicyManager_FreeGetPolicyData
PolicyManager_GetPolicy

ext-ms-win-devmgmt-policy-l1-1-0

PolicyManager_GetPolicyInt

user32

GetSystemMetrics
CreateIconFromResourceEx
FindWindowW
SendMessageW
DestroyIcon
SendNotifyMessageW
GetPointerDevices
LoadStringW
IsWindow

shell32

SHGetKnownFolderPath
ord100
SHCreateItemFromParsingName

slc

SLGetWindowsInformationDWORD

shcore

ord190
ord200

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegDeleteKeyW

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoGetApartmentType
CoCreateFreeThreadedMarshaler
CoGetObjectContext
CLSIDFromString
CoCreateInstance

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchAppend

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
SetEnvironmentVariableW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-file-l1-1-0

GetFileAttributesW

api-ms-win-core-localization-l1-2-3

GetUserDefaultGeoName

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceLoggerHandle
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoActivateInstance

msvcp_win

?_Xbad_function_call@std@@YAXXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Xbad_alloc@std@@YAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?_Xlength_error@std@@YAXPEBD@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathFindFileNameW

ntdll

RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlSubscribeWnfStateChangeNotification

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

userenv

GetProfileType

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

oleaut32

SysStringLen
SetErrorInfo
SysAllocString
GetErrorInfo
SysFreeString

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-util-l1-1-0

EncodePointer

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
GetSetting

Sections

.text
Size: 335KB - Virtual size: 335KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingsHandlers_Display.dll
.dll windows:10 windows x64 arch:x64

f63c15f7ed895580b23811db2e57231e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_Display.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__crt_atexit
memmove
_o_abort
_o_bsearch_s
_o_free
_o_iswspace
_o_lroundf
_o_malloc
_o_realloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o__execute_onexit_table
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__errno
__std_type_info_compare
__CxxFrameHandler3
_CxxThrowException
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadResource
GetModuleFileNameA
LockResource
FindResourceExW
GetModuleHandleW
GetProcAddress
FreeLibrary
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
WaitOnAddress
InitOnceExecuteOnce
InitOnceComplete
WakeByAddressAll

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
LeaveCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
CreateEventW
ReleaseMutex
OpenSemaphoreW
WaitForSingleObject
InitializeCriticalSectionEx
AcquireSRWLockShared
ReleaseSRWLockShared
CreateMutexExW
ReleaseSemaphore
InitializeCriticalSectionAndSpinCount
SetEvent
CreateSemaphoreExW
EnterCriticalSection
InitializeSRWLock
CreateEventExW
ResetEvent

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
RaiseException
UnhandledExceptionFilter
SetLastError

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
CreateThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateString
WindowsCreateStringReference
WindowsDeleteString

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetLocalTime
GlobalMemoryStatusEx

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

msvcp_win

?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
_Mtx_init_in_situ
??0task_continuation_context@Concurrency@@AEAA@XZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
_Thrd_yield
_Cnd_init_in_situ
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
_Cnd_destroy_in_situ
_Cnd_broadcast
_Mtx_unlock
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Xbad_function_call@std@@YAXXZ
_Cnd_wait
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Xlength_error@std@@YAXPEBD@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Mtx_lock

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoUninitialize
RoInitialize
RoActivateInstance

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
TrySubmitThreadpoolCallback

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoUninitialize
CoWaitForMultipleHandles
CoDecrementMTAUsage
CoTaskMemAlloc
CoGetApartmentType
CoTaskMemRealloc
CoCreateInstance
CoGetObjectContext
CoTaskMemFree
CoInitializeEx
CoIncrementMTAUsage
CoGetMalloc

api-ms-win-core-datetime-l1-1-1

GetTimeFormatEx

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
RoReportFailedDelegate

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegGetValueW
RegCloseKey

api-ms-win-power-setting-l1-1-0

PowerGetActiveScheme
PowerWriteACValueIndex

api-ms-win-devices-query-l1-1-0

DevCreateObjectQuery
DevCloseObjectQuery

api-ms-win-ntuser-sysparams-l1-1-0

DisplayConfigSetDeviceInfo
GetDisplayConfigBufferSizes
QueryDisplayConfig
DisplayConfigGetDeviceInfo

api-ms-win-appmodel-runtime-l1-1-0

PackageFamilyNameFromFullName

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

ntdll

ZwQueryLicenseValue
RtlIsMultiSessionSku
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlInitUnicodeString

deviceassociation

DafCreateAssociationContext
DafStartRemoveAssociation
DafCloseAssociationContext

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

oleaut32

SysFreeString
SysAllocString
GetErrorInfo
SetErrorInfo
SysStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetSetting

Sections

.text
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingsHandlers_ForceSync.dll
.dll windows:10 windows x64 arch:x64

78503cd2529b35789a7f5f8ec4d95e05

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_ForceSync.pdb

Imports

msvcrt

_lock
_unlock
??3@YAXPEAX@Z
_onexit
__dllonexit
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__C_specific_handler
_initterm
malloc
_vsnwprintf
??1exception@@UEAA@XZ
memcpy_s
_vsnprintf_s
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
bsearch_s
_XcptFilter
_amsg_exit
??_V@YAXPEAX@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
??0bad_cast@@QEAA@AEBV0@@Z
_wcsicmp
realloc
_purecall
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBD@Z
strchr
memmove_s
_errno
_callnewh
___lc_collate_cp_func
setlocale
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
??0exception@@QEAA@AEBQEBDH@Z
__pctype_func
___lc_handle_func
___lc_codepage_func
calloc
memcmp
___mb_cur_max_func
_ismbblead
_wcsdup
__crtCompareStringW
__crtLCMapStringW
_wsetlocale
abort
memset
free
__CxxFrameHandler4

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetProcessId
GetCurrentProcessId
GetExitCodeProcess
CreateThread
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA
LoadStringW
DisableThreadLibraryCalls

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
InitializeSRWLock
CreateMutexExW
EnterCriticalSection
CreateEventExW
OpenSemaphoreW
LeaveCriticalSection
WaitForSingleObject
CreateSemaphoreExW
WaitForSingleObjectEx
InitializeCriticalSectionEx
ReleaseMutex
ReleaseSRWLockShared
WaitForMultipleObjectsEx
ReleaseSemaphore
AcquireSRWLockExclusive
SetEvent
CreateEventW
DeleteCriticalSection
ReleaseSRWLockExclusive

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateString
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoCreateFreeThreadedMarshaler
CoUninitialize
CoTaskMemAlloc

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError

api-ms-win-security-isolatedcontainer-l1-1-1

IsProcessInWDAGContainer

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegNotifyChangeKeyValue

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoUninitialize
RoInitialize

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime

timesync

SyncW32Time
GetLastGoodSampleInfo
SetNTPSync
GetW32timeParameterSz
GetTimeStatusInfo
ReadLastKnownGoodTimeFromRegistry
StartTimeService
FreeTimeStatusInfo

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

Exports

Exports

GetSetting

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingsHandlers_Gpu.dll
.dll windows:10 windows x64 arch:x64

17fdc5c1166076d16fce3c138a08ffa8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_Gpu.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o___std_exception_destroy
_o__wcsicmp
memmove
_o__wcsnicmp
_o__wtoi
_o_bsearch_s
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
__C_specific_handler
__current_exception
__current_exception_context
_o___std_exception_copy
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__execute_onexit_table
_o__errno
_o__cexit
_o__callnewh
wcschr
wcsstr
wcsrchr
__CxxFrameHandler3
_CxxThrowException
_o__crt_atexit
_o__wcslwr
_o__configure_narrow_argv
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
_o___std_type_info_destroy_list

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
FreeLibrary
GetModuleHandleExW
LoadLibraryExW
DisableThreadLibraryCalls
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSemaphore
CreateMutexExW
DeleteCriticalSection
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjectsEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateEventExW
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
SetEvent
CreateSemaphoreExW
LeaveCriticalSection
CreateEventW
ResetEvent
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetProcessId
GetExitCodeProcess
OpenThreadToken
GetCurrentThread
CreateThread
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsCreateString
WindowsGetStringRawBuffer
WindowsDuplicateString

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-core-com-l1-1-0

CoDecrementMTAUsage
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoTaskMemRealloc
CoGetMalloc
CoWaitForMultipleHandles
CoIncrementMTAUsage
CoUninitialize
CoInitializeEx
CoCreateInstance

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize
RoGetActivationFactory
RoActivateInstance

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo

api-ms-win-security-base-l1-1-0

RevertToSelf
ImpersonateLoggedOnUser

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegOpenKeyExW
RegGetValueW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey

api-ms-win-dx-d3dkmt-l1-1-0

D3DKMTCloseAdapter
D3DKMTQueryAdapterInfo

dxgi

CreateDXGIFactory2

api-ms-win-dx-d3dkmt-l1-1-1

D3DKMTOpenAdapterFromLuid

api-ms-win-ntuser-sysparams-l1-1-0

DisplayConfigGetDeviceInfo
QueryDisplayConfig
GetDisplayConfigBufferSizes

api-ms-win-core-file-l1-1-0

FindNextFileW
FindFirstFileW
FindClose

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

ntdll

RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlAllocateHeap
RtlReAllocateHeap
ZwEnumerateKey
RtlSubscribeWnfStateChangeNotification
ZwClose
ZwQuerySystemInformation
RtlQueryWnfStateData
RtlUpcaseUnicodeChar
RtlInitUnicodeString
RtlGetNativeSystemInformation
RtlInitUnicodeStringEx
ZwQueryValueKey
ZwOpenKey
RtlUnsubscribeWnfStateChangeNotification
RtlFreeHeap

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

api-ms-win-shlwapi-winrt-storage-l1-1-1

ord348

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW

api-ms-win-rtcore-ntuser-window-l1-1-0

SendMessageW
GetWindowThreadProcessId
EnumWindows

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetSetting

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingsHandlers_HumanPresence.dll
.dll windows:10 windows x64 arch:x64

406712ce527c9c261ee604c58665d4dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_HumanPresence.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o_abort
_o_bsearch_s
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_round
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o__crt_atexit
_CxxThrowException
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__CxxFrameHandler3
__std_type_info_compare
__std_terminate
__CxxFrameHandler4
__C_specific_handler_noexcept
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
FreeLibrary
GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleHandleW
GetProcAddress

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
LeaveCriticalSection
InitializeCriticalSectionEx
InitializeSRWLock
InitializeCriticalSectionAndSpinCount
CreateMutexExW
EnterCriticalSection
ResetEvent
SetEvent
OpenSemaphoreW
WaitForSingleObjectEx
CreateEventExW
CreateSemaphoreExW
ReleaseMutex
ReleaseSRWLockExclusive
WaitForSingleObject
DeleteCriticalSection
ReleaseSemaphore
CreateEventW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
GetLastError
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
OpenProcessToken
CreateThread
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoEx

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

RpcBindingFree
NdrClientCall3
RpcBindingBind
RpcExceptionFilter
RpcBindingCreateW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceEnableLevel
TraceMessage
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableFlags

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateString
WindowsCreateStringReference
WindowsDeleteString
WindowsDuplicateString

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoInitialize
RoUninitialize
RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoDecrementMTAUsage
CoWaitForMultipleHandles
CoIncrementMTAUsage
CoInitializeEx
CoUninitialize
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoGetApartmentType
CoCreateInstance
CoGetMalloc
CoTaskMemRealloc

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

ntdll

NtPowerInformation

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

api-ms-win-devices-config-l1-1-1

CM_Locate_DevNodeW
CM_MapCrToWin32Err
CM_Get_DevNode_PropertyW
CM_Get_Device_Interface_PropertyW

api-ms-win-security-base-l1-1-0

GetLengthSid
GetTokenInformation
CopySid

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?_Xbad_function_call@std@@YAXXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ

oleaut32

SetErrorInfo
SysAllocString
SysFreeString
SysStringLen
GetErrorInfo

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
GetSetting

Sections

.text
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingsHandlers_InputPersonalization.dll
.dll windows:10 windows x64 arch:x64

3f4162c18c03e822979b7ae224449625

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_InputPersonalization.pdb

Imports

msvcrt

??0bad_cast@@QEAA@AEBV0@@Z
memcpy_s
__ExceptionPtrCopy
realloc
strcspn
__ExceptionPtrDestroy
_purecall
__mb_cur_max
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
__ExceptionPtrCurrentException
__ExceptionPtrRethrow
??0bad_cast@@QEAA@PEBD@Z
_vsnprintf_s
memmove_s
sprintf_s
fputc
fflush
fclose
fgetc
fwrite
fgetpos
setvbuf
ungetc
fsetpos
_fseeki64
_wcsicmp
_errno
_callnewh
ldexp
setlocale
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
memset
__uncaught_exception
__pctype_func
isupper
___lc_handle_func
___lc_codepage_func
calloc
___mb_cur_max_func
_ismbblead
_wcsdup
__crtCompareStringW
__crtCompareStringA
__crtLCMapStringW
__crtLCMapStringA
_wsetlocale
fseek
_wfsopen
islower
_Getdays
_Getmonths
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
_Gettnames
_Strftime
isspace
tolower
memchr
abort
___lc_collate_cp_func
memcmp
isalnum
isdigit
??1type_info@@UEAA@XZ
??1bad_cast@@UEAA@XZ
__ExceptionPtrCreate
_vsnwprintf
??_V@YAXPEAX@Z
_amsg_exit
_XcptFilter
bsearch_s
??3@YAXPEAX@Z
free
_onexit
__dllonexit
localeconv
_unlock
_lock
?terminate@@YAXXZ
__C_specific_handler
_initterm
malloc
__CxxFrameHandler4

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
DisableThreadLibraryCalls

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsDuplicateString
WindowsCreateStringReference
WindowsCreateString
WindowsGetStringRawBuffer

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
InitializeSRWLock
OpenSemaphoreW
WaitForSingleObject
CreateSemaphoreExW
CreateEventW
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSectionEx
CreateEventExW
ResetEvent
AcquireSRWLockShared
ReleaseSRWLockShared
DeleteCriticalSection
ReleaseMutex
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateMutexExW
SetEvent
EnterCriticalSection

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
Sleep
InitOnceComplete
InitOnceBeginInitialize
WakeAllConditionVariable
InitOnceExecuteOnce

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
CreateThread
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation
EventActivityIdControl

api-ms-win-security-base-l1-1-0

GetTokenInformation
IsValidSid

api-ms-win-core-file-l1-1-0

WriteFile
CreateFileW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
CloseThreadpoolTimer
CloseThreadpoolWork
SetThreadpoolTimer
SubmitThreadpoolWork
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-com-l1-1-0

CoUninitialize
CoWaitForMultipleHandles
CoTaskMemRealloc
CoIncrementMTAUsage
CoCreateInstance
CoInitializeEx
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoDecrementMTAUsage
CoTaskMemFree
CoGetMalloc

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize
RoActivateInstance
RoGetActivationFactory

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

ext-ms-win-shell32-shellfolders-l1-1-0

SHGetKnownFolderPath

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

ntdll

RtlIsMultiUsersInSessionSku
RtlIsMultiSessionSku

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW

Exports

Exports

GetSetting

Sections

.text
Size: 368KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingsHandlers_Language.dll
.dll windows:10 windows x64 arch:x64

effc860423168db14e64e9a2420d8a4a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_Language.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
memmove
_o_abort
_o_bsearch_s
_o_ceilf
_o_floor
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
_o_tolower
_o_towlower
_o_wcscpy_s
_o_wcstod
_o_wcstol
_o_wcstoull
__C_specific_handler
__current_exception
__current_exception_context
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
strchr
__std_type_info_compare
__CxxFrameHandler3
_CxxThrowException
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcsnlen

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleExA
GetModuleHandleW
GetModuleHandleExW
FreeLibrary

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep
InitOnceInitialize
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
SetEvent
WaitForSingleObject
ReleaseMutex
LeaveCriticalSection
ReleaseSemaphore
ResetEvent
CreateSemaphoreExW
InitializeSRWLock
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventExW
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockExclusive
CreateEventW
AcquireSRWLockExclusive
ReleaseSRWLockShared
WaitForSingleObjectEx
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException
GetLastError

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventActivityIdControl
EventRegister
EventSetInformation
EventUnregister

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
OpenProcessToken
CreateThread
GetCurrentProcessId
GetCurrentThread
OpenThreadToken
TerminateProcess

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
GetLocaleInfoW
ResolveLocaleName
GetCalendarInfoEx
GetUserDefaultLocaleName
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError
SetRestrictedErrorInfo

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsIsStringEmpty
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsCompareStringOrdinal
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsDuplicateString
WindowsConcatString

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

winlangdb

EnsureLanguageProfileExists
Bcp47GetLocalizedName
Bcp47GetNativeName
Bcp47GetLocalizedScript
Bcp47GetEnglishName
LanguagesDatabaseHasChildren
SetUserLanguages
SetUserLanguagesCore
LanguagesDatabaseGetChildLanguages
LanguagesDatabaseGetLeafLanguages
GetLocaleFromLanguageAndRegion

bcp47langs

ClearUserLocaleFromLanguageProfileOptOut
GetStartingUserDisplayLanguage
ClearUserDisplayLanguageOverride
SetUserDisplayLanguageOverride
AppendUserLanguageInputMethods
SetInputMethodOverride
Bcp47GetNeutralForm
GetUserDisplayLanguageOverride
Bcp47GetMuiForm
Bcp47GetIsoScriptCode
GetUserLanguages
GetUserLanguageInputMethods
RemoveUserLanguageInputMethods
GetAppropriateUserLocaleForUserLanguages
GetPendingUserDisplayLanguage
Bcp47GetDistance
Bcp47Normalize
Bcp47GetIsoLanguageCode
Bcp47GetUnIsoRegionCode
GetUserLanguagesForAllUsers
Bcp47FromLcid

bcp47mrm

Bcp47IsValid

servicinguapi

EnumerateFeatures
FreeEnumerateFeaturesResult
GetServicingStatus

api-ms-win-core-localization-private-l1-1-0

NlsCheckPolicy
NlsUpdateLocale

windows.storage

ShellExecuteExW
ord245

msvcp_win

_Cnd_init_in_situ
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Throw_C_error@std@@YAXH@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$collate@G@std@@2V0locale@2@A
_Wcscoll
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??Bid@locale@std@@QEAA_KXZ
_Cnd_destroy_in_situ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??0_Locinfo@std@@QEAA@PEBD@Z
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??1_Lockit@std@@QEAA@XZ
_Cnd_broadcast
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?id@?$ctype@G@std@@2V0locale@2@A
_Cnd_wait
??1_Locinfo@std@@QEAA@XZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
_Wcsxfrm
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Xout_of_range@std@@YAXPEBD@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?__ExceptionPtrRethrow@@YAXPEBX@Z
??Bios_base@std@@QEBA_NXZ
?tellp@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0task_continuation_context@Concurrency@@AEAA@XZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?width@ios_base@std@@QEAA_J_J@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?width@ios_base@std@@QEBA_JXZ
?_Xbad_function_call@std@@YAXXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?uncaught_exception@std@@YA_NXZ
?flags@ios_base@std@@QEBAHXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?good@ios_base@std@@QEBA_NXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ

api-ms-win-core-com-l1-1-0

CoGetApartmentType
CoInitializeEx
CoDecrementMTAUsage
CoUninitialize
CoGetClassObject
CoTaskMemFree
CoIncrementMTAUsage
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
CoGetMalloc
CoCreateInstance
CoWaitForMultipleHandles
CoSetProxyBlanket
CoTaskMemAlloc

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoInitialize
RoActivateInstance
RoUninitialize

api-ms-win-security-base-l1-1-0

CreateWellKnownSid
RevertToSelf
CheckTokenMembership
GetTokenInformation
DuplicateToken
AllocateAndInitializeSid
ImpersonateLoggedOnUser

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolThreadMaximum
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolCleanupGroupMembers
TrySubmitThreadpoolCallback
CloseThreadpool
CloseThreadpoolCleanupGroup
CreateThreadpoolCleanupGroup
CreateThreadpool
IsThreadpoolTimerSet

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

ntdll

NtQueryInformationToken
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
WinSqmAddToStream
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlIsMultiUsersInSessionSku
RtlRaiseStatus
RtlAllocateWnfSerializationGroup
RtlIsStateSeparationEnabled
RtlPublishWnfStateData

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegGetValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegEnumValueW
RegSetValueExW
RegCreateKeyExW

oleaut32

VariantInit
VariantClear
GetErrorInfo
SysFreeString
SysAllocString
SysStringLen
SetErrorInfo

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-localization-obsolete-l1-2-0

EnumUILanguagesW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-core-localization-l1-2-3

GetGeoInfoEx
GetUserDefaultGeoName

api-ms-win-shcore-sysinfo-l1-1-0

IsOS

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-core-timezone-l1-1-0

GetDynamicTimeZoneInformation

coremessaging

CoreUICreate

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetSettingForUser

Sections

.text
Size: 596KB - Virtual size: 593KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingsHandlers_OptionalFeatures.dll
.dll windows:10 windows x64 arch:x64

c29ab34a08f1f2329eacdef5705469cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_OptionalFeatures.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wtoi64
_o_abort
_o_bsearch_s
_o_ceilf
_o_free
_o_malloc
_o_realloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__beginthreadex
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_CxxThrowException
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__CxxFrameHandler3
_o__execute_onexit_table
_o__errno
__std_terminate
__CxxFrameHandler4
__RTDynamicCast
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

rpcrt4

NdrDllCanUnloadNow
NdrOleFree
UuidCreate
NdrOleAllocate
NdrDllGetClassObject

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
FormatMessageW

api-ms-win-core-processthreads-l1-1-0

CreateThread
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
OpenProcessToken

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
AcquireSRWLockShared
WaitForSingleObject
CreateMutexExW
OpenSemaphoreW
CreateSemaphoreExW
ReleaseSRWLockShared
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeSRWLock
CreateEventW
ResetEvent
SetEvent
ReleaseSRWLockExclusive
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsGetStringLen
WindowsTrimStringStart
WindowsDeleteString
WindowsTrimStringEnd
WindowsCreateString
WindowsCreateStringReference
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsGetStringRawBuffer

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventWriteTransfer
EventActivityIdControl
EventUnregister

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateErrorW
RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoGetMalloc
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoDecrementMTAUsage
CoTaskMemRealloc
CoInitializeEx
CoWaitForMultipleHandles
CoIncrementMTAUsage
CoTaskMemFree
CoSetProxyBlanket

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize
RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo

api-ms-win-shcore-scaling-l1-1-1

ord244

ntdll

RtlGetDeviceFamilyInfoEnum
RtlRaiseStatus
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
NtQueryInformationToken
RtlSubscribeWnfStateChangeNotification

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-shlwapi-winrt-storage-l1-1-1

StrFormatByteSizeEx

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx

api-ms-win-security-base-l1-1-0

CreateWellKnownSid
CheckTokenMembership
DuplicateToken
GetTokenInformation

msvcp_win

_Thrd_detach
?_Xlength_error@std@@YAXPEBD@Z
_Cnd_do_broadcast_at_thread_exit
?_Xout_of_range@std@@YAXPEBD@Z
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
GetProxyDllInfo
GetSetting

Sections

.text
Size: 292KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingsHandlers_Region.dll
.dll windows:10 windows x64 arch:x64

d7cf66b93ed32975aee7a13eb82397fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_Region.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
memmove
_o_abort
_o_bsearch_s
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
_o_wcstol
__C_specific_handler
__current_exception
__current_exception_context
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
__std_type_info_compare
__CxxFrameHandler3
_CxxThrowException
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
FreeLibrary

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
SetEvent
ResetEvent
CreateEventW
ReleaseMutex
CreateSemaphoreExW
InitializeSRWLock
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
ReleaseSemaphore
ReleaseSRWLockExclusive
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringEx

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentProcessId
GetCurrentProcess
OpenThreadToken
GetCurrentThreadId
TerminateProcess
GetCurrentThread

api-ms-win-core-localization-l1-2-0

GetUserDefaultLocaleName
ResolveLocaleName
GetCalendarInfoEx
GetCalendarInfoW
FormatMessageW
GetLocaleInfoEx
SetLocaleInfoW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsCreateStringReference
WindowsDeleteString
WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsCreateString

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetLocalTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

winlangdb

EnsureLanguageProfileExists
GetRegionalFormatList

bcp47langs

GetUserLanguages
GetUserLocaleFromLanguageProfileOptOut
GetAppropriateUserLocaleForUserLanguages
Bcp47Normalize
ClearUserLocaleFromLanguageProfileOptOut
SetUserLocaleFromLanguageProfileOptOut
GetPendingUserDisplayLanguage
Bcp47GetMuiForm

shcore

SHStrDupW

msvcp_win

?__ExceptionPtrRethrow@@YAXPEBX@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
_Cnd_wait
_Cnd_broadcast
_Cnd_destroy_in_situ
_Cnd_init_in_situ
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
??0task_continuation_context@Concurrency@@AEAA@XZ

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
EventActivityIdControl

api-ms-win-core-localization-l1-2-3

EnumSystemGeoNames
GetGeoInfoEx
SetUserGeoName
GetUserDefaultGeoName

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoUninitialize
CoCreateInstance
CoDecrementMTAUsage
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoGetMalloc
CoWaitForMultipleHandles
CoIncrementMTAUsage
CoTaskMemRealloc

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-localization-l2-1-0

EnumCalendarInfoExEx
EnumTimeFormatsEx

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-security-base-l1-1-0

RevertToSelf
ImpersonateLoggedOnUser

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-localization-l1-2-1

EnumSystemLocalesEx

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage
EnumUILanguagesW

api-ms-win-core-timezone-l1-1-0

GetDynamicTimeZoneInformation

oleaut32

GetErrorInfo
SysStringLen
SysAllocString
SysFreeString
SetErrorInfo

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-localization-private-l1-1-0

NlsCheckPolicy
NlsUpdateLocale

ntdll

NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
RtlIsMultiUsersInSessionSku

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetSetting

Sections

.text
Size: 236KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingsHandlers_SharedExperiences_Rome.dll
.dll windows:10 windows x64 arch:x64

dadd1426d8e98d1aad47c4c2fb3b7dfd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_SharedExperiences_Rome.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__cexit
_o_abort
_o_bsearch_s
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswprintf
_o__callnewh
_o___stdio_common_vsnprintf_s
_o__crt_atexit
_o__configure_narrow_argv
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcschr
__CxxFrameHandler3
_CxxThrowException
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-synch-l1-1-0

ReleaseMutex
WaitForSingleObjectEx
WaitForSingleObject
ReleaseSRWLockShared
OpenSemaphoreW
CreateMutexExW
CreateEventExW
InitializeCriticalSectionEx
SetEvent
ResetEvent
CreateEventW
InitializeSRWLock
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReleaseSemaphore
AcquireSRWLockShared
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
CreateThread
GetProcessId
GetCurrentProcessId
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsDeleteString
WindowsDuplicateString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance
RoInitialize
RoUninitialize

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError
RoTransformError

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoUninitialize
CoTaskMemAlloc
CoInitializeEx
CoTaskMemRealloc
CoGetMalloc
CoWaitForMultipleHandles
CoDecrementMTAUsage
CoCreateInstance
PropVariantClear
CoCreateFreeThreadedMarshaler
CoIncrementMTAUsage
CoGetCallContext

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenKeyExW
RegGetValueW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-base-l1-1-0

GetTokenInformation
IsWellKnownSid

ntdll

RtlIsMultiUsersInSessionSku
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlPublishWnfStateData
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlAllocateHeap
RtlFreeHeap
NtQueryInformationToken
RtlInitUnicodeString

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFullName

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

oleaut32

SetErrorInfo
SysStringLen
GetErrorInfo
SysFreeString
SysAllocString

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

GetSetting

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingsHandlers_Startup.dll
.dll windows:10 windows x64 arch:x64

c3f08ba5175a3a735291164a652ee580

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_Startup.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o_bsearch_s
_o_free
_o_malloc
_o_realloc
_o_terminate
_o_wcstod
_o_wcstok_s
__C_specific_handler
__current_exception
__current_exception_context
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_CxxThrowException
__CxxFrameHandler3
wcschr
_o__cexit
_o__callnewh
_o__beginthreadex
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
FreeLibrary
DisableThreadLibraryCalls
GetModuleHandleW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsIsStringEmpty
WindowsDuplicateString
WindowsCompareStringOrdinal
WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringEx

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetProcessTimes
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetProcessId
GetExitCodeProcess
OpenProcessToken
OpenThreadToken
GetCurrentThread
CreateThread
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-synch-l1-1-0

CreateMutexExW
SetEvent
ReleaseMutex
OpenSemaphoreW
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreExW
CreateEventW
InitializeCriticalSectionEx
WaitForSingleObjectEx
InitializeSRWLock
AcquireSRWLockExclusive
ResetEvent
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjectsEx
ReleaseSRWLockExclusive
AcquireSRWLockShared
CreateEventExW
ReleaseSRWLockShared

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoUninitialize
CoTaskMemFree
CoWaitForMultipleHandles
CoIncrementMTAUsage
CoDecrementMTAUsage
CoGetMalloc
CoTaskMemRealloc
CoInitializeEx

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
RoReportFailedDelegate

api-ms-win-security-base-l1-1-0

GetLengthSid
CopySid
RevertToSelf
ImpersonateLoggedOnUser
GetTokenInformation

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoGetActivationFactory
RoActivateInstance
RoInitialize

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

api-ms-win-shell-namespace-l1-1-0

ILFree
SHParseDisplayName
SHGetIDListFromObject
SHBindToParent

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOnFile

api-ms-win-appmodel-runtime-l1-1-1

ParseApplicationUserModelId

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrTrimW
StrCmpIW
StrToIntExW

api-ms-win-appmodel-runtime-internal-l1-1-4

GetEffectivePackageStatusForUserSid

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegGetValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegEnumValueW
RegCloseKey

oleaut32

SysAllocString
SysFreeString

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathParseIconLocationW
PathGetArgsW
PathRemoveExtensionW
PathStripPathW
PathRemoveBlanksW

api-ms-win-core-path-l1-1-0

PathCchFindExtension

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-file-l1-1-0

FindFirstFileW
GetFileAttributesExW
FindClose
CreateFileW
CompareFileTime
FindNextFileW

api-ms-win-rtcore-ntuser-window-l1-1-0

GetWindowThreadProcessId
EnumWindows
SendMessageW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo
GetNativeSystemInfo

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

api-ms-win-shlwapi-winrt-storage-l1-1-1

StrRetToBufW

api-ms-win-core-string-l2-1-0

CharUpperBuffW

ntdll

RtlGetDeviceFamilyInfoEnum

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

xmllite

CreateXmlReader

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

shcore

ord190

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

GetSetting

Sections

.text
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingsHandlers_StorageSense.dll
.dll windows:10 windows x64 arch:x64

ec665f40ba1b03efc22182422943437e

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:84:ca:e5:b0:59:23:87:6e:75:77:db:f5:f3:aa:15:aa:ef:72:46:33:12:13:ee:b8:43:0e:65:5e:b1:17:5f
Signer

Actual PE Digest

2d:84:ca:e5:b0:59:23:87:6e:75:77:db:f5:f3:aa:15:aa:ef:72:46:33:12:13:ee:b8:43:0e:65:5e:b1:17:5f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_StorageSense.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__wcsicmp
_o_abort
_o_bsearch_s
_o_ceilf
memmove
_o_free
_o_iswspace
_o_malloc
_o_qsort
_o_realloc
_o_terminate
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcstod
_o_wcstok_s
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
_o__get_errno
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__i64toa_s
_o___std_type_info_destroy_list
_o__execute_onexit_table
_o__errno
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o__configure_narrow_argv
_o___stdio_common_vswprintf
_o__cexit
_o__callnewh
_o__beginthreadex
_CxxThrowException
_o___stdio_common_vsnprintf_s
__std_terminate
__CxxFrameHandler4
__RTDynamicCast
memcmp
memcpy
__CxxFrameHandler3
wcschr
strchr
wcsstr

api-ms-win-crt-string-l1-1-0

strncmp
memset
wcscmp
wcsnlen

ntdll

NtQueryInformationFile
NtCreateFile
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
RtlInitializeCorrelationVector
RtlNtStatusToDosError
NtQueryWnfStateData
NtFsControlFile
RtlGetDeviceFamilyInfoEnum
RtlIsMultiSessionSku
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlCopySid
NtQueryInformationToken
RtlValidSid
EtwTraceMessage

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FreeLibrary
GetModuleHandleExW
LoadLibraryExW
GetModuleHandleW
GetProcAddress

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
TryAcquireSRWLockExclusive
WaitForSingleObject
ReleaseMutex
WaitForMultipleObjectsEx
WaitForSingleObjectEx
CreateSemaphoreExW
CreateMutexExW
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
OpenSemaphoreW
InitializeCriticalSection
ReleaseSRWLockShared
CreateEventW
ResetEvent
AcquireSRWLockShared
CreateEventExW
SetEvent
EnterCriticalSection
LeaveCriticalSection
InitializeSRWLock

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetExitCodeProcess
OpenThreadToken
GetCurrentProcess
GetProcessId
CreateThread
OpenProcessToken
GetCurrentProcessId
CreateProcessW
GetProcessTimes
TerminateProcess
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoEx

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

NdrDllCanUnloadNow
NdrOleAllocate
NdrOleFree
NdrDllGetClassObject
RpcAsyncCompleteCall
RpcAsyncInitializeHandle
RpcImpersonateClient

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventActivityIdControl
EventRegister

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserUnmarshal64
HSTRING_UserUnmarshal
HSTRING_UserMarshal64
HSTRING_UserFree
HSTRING_UserSize64
HSTRING_UserFree64
HSTRING_UserMarshal
HSTRING_UserSize
WindowsGetStringLen
WindowsTrimStringEnd
WindowsTrimStringStart
WindowsConcatString
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsCreateString
WindowsDuplicateString
WindowsDeleteString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsGetStringRawBuffer

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringEx
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError
RoOriginateErrorW
SetRestrictedErrorInfo

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep
InitOnceExecuteOnce

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetTickCount64
GetLocalTime
GetSystemDirectoryW
GetWindowsDirectoryW
GetVersionExW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-threadpool-l1-2-0

CloseThreadpool
CreateThreadpoolTimer
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
SubmitThreadpoolWork
CreateThreadpoolWork
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolCleanupGroup
CreateThreadpool
TrySubmitThreadpoolCallback
SetThreadpoolTimer
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum

api-ms-win-core-com-l1-1-0

PropVariantClear
CoDecrementMTAUsage
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitializeEx
CoCreateFreeThreadedMarshaler
CoGetApartmentType
CoTaskMemFree
CoGetMalloc
StringFromGUID2
CoWaitForMultipleHandles
CoIncrementMTAUsage
CoTaskMemRealloc
CoGetClassObject
CLSIDFromString
CoCreateGuid

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegEnumValueW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegGetValueW
RegOpenCurrentUser

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoActivateInstance
RoGetActivationFactory
RoUninitialize

api-ms-win-core-url-l1-1-0

PathIsURLW
UrlUnescapeW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW
PathRemoveExtensionW
PathRemoveBlanksW
PathIsRootW
PathIsUNCW
PathParseIconLocationW
PathGetDriveNumberW
PathStripPathW
PathQuoteSpacesW
PathGetArgsW
PathIsRelativeW
PathFileExistsW

api-ms-win-shlwapi-winrt-storage-l1-1-1

StrRetToBufW
PathRemoveArgsW
StrFormatByteSizeEx

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW
StrRStrIW
StrToIntExW
StrCmpW
QISearch
StrTrimW
StrToIntW
StrCmpIW

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOnFile

api-ms-win-appmodel-runtime-internal-l1-1-1

GetPackageStatusForUser

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

api-ms-win-appmodel-runtime-l1-1-1

VerifyApplicationUserModelId
VerifyPackageFamilyName
ParseApplicationUserModelId

api-ms-win-security-base-l1-1-0

GetTokenInformation
CreateWellKnownSid
AdjustTokenPrivileges
ImpersonateLoggedOnUser
CheckTokenMembership
CopySid
GetLengthSid
RevertToSelf

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-shell-namespace-l1-1-0

SHCreateItemFromIDList
SHBindToParent
SHGetIDListFromObject
ILCombine
SHParseDisplayName
SHCreateItemWithParent
ILClone
SHCreateItemFromParsingName
ILIsEqual
ILFree

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-shcore-path-l1-1-0

ord170

oleaut32

SafeArrayUnaccessData
SysAllocString
SysFreeString
SafeArrayGetUBound
SafeArrayCreateVector
SafeArrayDestroy
SafeArrayAccessData
GetErrorInfo
SafeArrayGetLBound
SetErrorInfo
SysStringLen
VariantInit
VariantClear

propsys

ord435
VariantToBuffer

api-ms-win-storage-exports-internal-l1-1-0

SHGetKnownFolderIDList

api-ms-win-core-path-l1-1-0

PathCchStripToRoot
PathCchFindExtension
PathCchAppend
PathAllocCombine
PathAllocCanonicalize

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime
FindClose
FindNextFileW
CreateFileW
GetFileAttributesW
FindFirstFileW
GetVolumePathNameW
FindFirstFileExW
CompareFileTime
GetFileAttributesExW

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_Set

api-ms-win-ham-apphistory-l1-1-0

HamQueryPackageUsageInfo
HamQueryApplicationUsageInfo

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegDeleteKeyW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo
GetProductInfo

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics

api-ms-win-appmodel-runtime-l1-1-3

GetPackagePathByFullName2

api-ms-win-appmodel-runtime-internal-l1-1-2

GetEffectivePackageStatusForUser

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

devobj

DevObjCreateDeviceInfoList
DevObjEnumDeviceInterfaces
DevObjDestroyDeviceInfoList
DevObjGetClassDevs

api-ms-win-appmodel-runtime-internal-l1-1-4

GetEffectivePackageStatusForUserSid

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

appxalluserstore

IsNonInboxAllUserPackage

shcore

ord190
ord142

msvcp_win

_Cnd_do_broadcast_at_thread_exit
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
_Wcsxfrm
_Wcscoll
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?id@?$ctype@G@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?tolower@?$ctype@G@std@@QEBAGG@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
_Cnd_broadcast
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
_Cnd_wait
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?uncaught_exception@std@@YA_NXZ
?flags@ios_base@std@@QEBAHXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
_Cnd_destroy_in_situ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
_Cnd_init_in_situ
_Thrd_detach
_Thrd_join
_Thrd_id
?id@?$collate@G@std@@2V0locale@2@A
?_Throw_Cpp_error@std@@YAXH@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?good@ios_base@std@@QEBA_NXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
_Mtx_unlock
_Mtx_lock
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Throw_C_error@std@@YAXH@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Xbad_alloc@std@@YAXXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-core-string-l2-1-0

CharUpperBuffW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

xmllite

CreateXmlReader

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
GetProxyDllInfo
GetSetting
GetSettingForUser

Sections

.text
Size: 848KB - Virtual size: 844KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 504KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingsHandlers_Troubleshoot.dll
.dll windows:10 windows x64 arch:x64

9631197102a8a43fbae49463bbeb72e7

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:12:fb:24:c4:b0:94:1a:62:85:54:97:2f:33:41:73:63:8f:c5:56:21:76:c2:c4:9b:58:4a:0d:8c:92:f9:55
Signer

Actual PE Digest

5e:12:fb:24:c4:b0:94:1a:62:85:54:97:2f:33:41:73:63:8f:c5:56:21:76:c2:c4:9b:58:4a:0d:8c:92:f9:55

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_Troubleshoot.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o__wcsicmp
_o__wtol
_o_bsearch_s
_o_ceilf
_o_free
_o_malloc
_o_realloc
_o_terminate
_o_wcstok
__C_specific_handler
__current_exception
__current_exception_context
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_CxxThrowException
__CxxFrameHandler3
_o___stdio_common_vsnprintf_s
wcsstr
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleW
GetModuleFileNameA
GetProcAddress
LoadStringW
GetModuleHandleExW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetProcessId
GetExitCodeProcess
CreateThread
GetCurrentThread
GetCurrentThreadId
OpenThreadToken
GetCurrentProcess
TerminateProcess
OpenProcessToken

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

diagnosticdatasettings

TelEvaluateActiveSettingAuthority

api-ms-win-core-synch-l1-1-0

OpenEventW
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseMutex
WaitForSingleObject
SetEvent
ReleaseSemaphore
InitializeSRWLock
CreateMutexExW
CreateSemaphoreExW
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
CreateEventExW
WaitForMultipleObjectsEx
EnterCriticalSection
CreateEventW
ReleaseSRWLockShared
InitializeCriticalSection
ResetEvent

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoTaskMemFree
PropVariantClear
CoDecrementMTAUsage
CoWaitForMultipleHandles
CoInitializeEx
CoGetClassObject
CoTaskMemRealloc
CoUninitialize
CoCreateInstance
StringFromGUID2
CoIncrementMTAUsage
CoTaskMemAlloc

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
ImpersonateLoggedOnUser
RevertToSelf

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-rtcore-ntuser-window-l1-1-0

FindWindowExW
DestroyWindow
SetForegroundWindow
AllowSetForegroundWindow
GetWindowThreadProcessId
EnumWindows
SendMessageW

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

oleaut32

VariantInit
SysAllocString
SysFreeString
VariantClear

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

ntdll

RtlGetDeviceFamilyInfoEnum

api-ms-win-shlwapi-winrt-storage-l1-1-1

SHFormatDateTimeW

api-ms-win-core-file-l1-1-0

CompareFileTime
FileTimeToLocalFileTime

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-appmodel-runtime-l1-1-1

FindPackagesByPackageFamily

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

GetSetting

Sections

.text
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingsHandlers_User.dll
.dll windows:10 windows x64 arch:x64

4982985c31343613b33d5f6e958e9a93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_User.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o__wtoi
_o_bsearch_s
_o_free
_o_iswalnum
_o_iswalpha
_o_iswascii
_o_malloc
_o_realloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
strncmp

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
OpenThreadToken
CreateThread
OpenProcessToken
GetExitCodeProcess
GetCurrentThreadId
GetCurrentProcess
GetProcessId
TerminateProcess
GetCurrentProcessId

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
DisableThreadLibraryCalls

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
CreateEventExW
ReleaseSRWLockShared
SetEvent
ResetEvent
LeaveCriticalSection
CreateMutexExW
CreateEventW
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjectsEx
InitializeCriticalSectionEx
InitializeCriticalSection
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
AcquireSRWLockExclusive
AcquireSRWLockShared
WaitForSingleObject
OpenEventW
DeleteCriticalSection
OpenSemaphoreW
EnterCriticalSection
InitializeSRWLock
SleepEx
ReleaseSRWLockExclusive

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference
WindowsDuplicateString
WindowsCompareStringOrdinal

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventActivityIdControl
EventWriteTransfer
EventUnregister
EventSetInformation

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo
RoTransformError

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetComputerNameExW
GetSystemDirectoryW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

shlwapi

SHSetValueW
ord16
SHGetValueW

ntdll

RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryInformationToken
RtlDeleteResource
RtlReleaseResource
RtlAcquireResourceExclusive
RtlInitializeResource

msvcp_win

?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??Bid@locale@std@@QEAA_KXZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegNotifyChangeKeyValue
RegGetValueW
RegSetValueExW
RegEnumValueW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoGetMalloc
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoTaskMemAlloc
CoIncrementMTAUsage
CoWaitForMultipleHandles
CoDecrementMTAUsage
PropVariantClear
CoSwitchCallContext

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
CloseThreadpoolTimer
SubmitThreadpoolWork
CreateThreadpoolTimer
CreateThreadpoolWork
CreateThreadpoolWait
CloseThreadpoolWork
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-rtcore-ntuser-window-l1-1-0

GetWindowThreadProcessId
GetForegroundWindow
SendMessageW
EnumWindows

api-ms-win-security-lsalookup-l1-1-2

LsaLookupUserAccountType

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize
RoActivateInstance

api-ms-win-security-base-l1-1-0

DuplicateToken
CopySid
GetLengthSid
IsValidSid
GetTokenInformation
CheckTokenMembership
EqualSid
CreateWellKnownSid

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics
SystemParametersInfoW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

oleaut32

VariantInit
SysFreeString
VariantClear
SysAllocString

wkscli

NetGetJoinInformation

netutils

NetApiBufferFree

api-ms-win-power-setting-l1-1-0

PowerReadACValue
PowerGetActiveScheme
PowerReadDCValue

api-ms-win-power-base-l1-1-0

GetPwrCapabilities

powrprof

PowerReadACValueIndex
PowerReadDCValueIndex

sspicli

LsaLookupAuthenticationPackage
LsaConnectUntrusted
LsaLogonUser

api-ms-win-service-management-l1-1-0

OpenSCManagerW
StartServiceW
OpenServiceW
CloseServiceHandle

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW

samcli

NetUserGetInfo

api-ms-win-security-lsalookup-l1-1-1

GetIdentityProviderInfoByGUID
ReleaseIdentityProviderEnumContext
EnumerateIdentityProviders
GetDefaultIdentityProvider

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch
StrChrW

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetSetting

Sections

.text
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SettingsHandlers_nt.dll
.dll windows:10 windows x64 arch:x64

2bbeaadef7143969f05d50c980b4ab63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_nt.pdb

Imports

api-ms-win-crt-string-l1-1-0

wcscspn
wcsncmp
wcscmp
wcsspn
memset
strncmp
memmove_s

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__wcsicmp
_o__wcslwr_s
_o__wcsnicmp
_o__wcstoui64
_o__wtoi
_o_abort
_o_bsearch_s
_o_calloc
_o_ceil
_o_ceilf
_o_floor
_o_fmod
_o_free
_o_iswspace
_o_malloc
_o_memcpy_s
_o_pow
_o_realloc
_o_terminate
_o_towlower
memmove
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstol
__current_exception
__current_exception_context
_CxxThrowException
_o__set_errno
_o__seh_filter_dll
_o__ltow_s
_o__register_onexit_function
_o__recalloc
_o__itow_s
_o__purecall
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__get_errno
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__beginthreadex
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__C_specific_handler
__std_terminate
__CxxFrameHandler4
memcmp
__C_specific_handler_noexcept
memcpy
_o_wcscat_s
__CxxFrameHandler3
wcsrchr
strchr
wcschr
wcsstr
__std_type_info_compare

combase

GetErrorInfo
SetErrorInfo

api-ms-win-core-kernel32-legacy-l1-1-0

UnregisterWait
LoadLibraryW
GetComputerNameW
RegisterWaitForSingleObject

rpcrt4

NdrDllCanUnloadNow
NdrOleAllocate
NdrOleFree
NdrDllGetClassObject

api-ms-win-core-string-l1-1-0

GetStringTypeExW
WideCharToMultiByte
CompareStringW
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-localization-l1-2-0

GetUserPreferredUILanguages
FormatMessageW
LocaleNameToLCID
GetLocaleInfoEx
GetUserDefaultLocaleName

api-ms-win-core-processthreads-l1-1-0

GetProcessId
GetExitCodeProcess
OpenProcessToken
GetCurrentThread
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
OpenThreadToken
GetCurrentProcessId
CreateThread

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapSize
HeapAlloc
HeapDestroy

api-ms-win-core-libraryloader-l1-2-0

FindStringOrdinal
LoadStringW
GetModuleFileNameA
GetModuleHandleExA
DisableThreadLibraryCalls
GetModuleFileNameW
FindResourceExW
LoadResource
SizeofResource
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
LoadLibraryExW
LockResource
FreeLibrary

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW
OutputDebugStringA

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
WaitForMultipleObjectsEx
ReleaseMutex
WaitForSingleObjectEx
EnterCriticalSection
ReleaseSRWLockShared
DeleteCriticalSection
ReleaseSRWLockExclusive
WaitForSingleObject
OpenSemaphoreW
SetEvent
TryEnterCriticalSection
CreateEventExW
InitializeCriticalSectionAndSpinCount
ResetEvent
AcquireSRWLockExclusive
AcquireSRWLockShared
LeaveCriticalSection
InitializeCriticalSection
CreateMutexExW
InitializeSRWLock
InitializeCriticalSectionEx
CreateSemaphoreExW
CreateEventW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait
SetThreadpoolTimer
CloseThreadpoolTimer
SubmitThreadpoolWork
CreateThreadpoolWork
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWait
CreateThreadpoolTimer
TrySubmitThreadpoolCallback

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoWaitForMultipleHandles
CoIncrementMTAUsage
CoSetProxyBlanket
CoTaskMemFree
CoGetMalloc
CoCreateFreeThreadedMarshaler
PropVariantClear
CoGetClassObject
CoInitializeEx
PropVariantCopy
CoCreateInstance
CoGetCallContext
StringFromCLSID
CoDecrementMTAUsage
CoGetApartmentType
CoCreateGuid
CoGetInterfaceAndReleaseStream
CoReleaseMarshalData
CoMarshalInterThreadInterfaceInStream
CoGetObjectContext
StringFromGUID2
CreateStreamOnHGlobal
CoTaskMemRealloc
CoGetStdMarshalEx
CoUninitialize
CLSIDFromString

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventActivityIdControl
EventUnregister
EventRegister

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoTransformError
RoOriginateError

api-ms-win-core-string-l2-1-0

CharNextW
CharLowerBuffW

api-ms-win-core-registry-l1-1-0

RegOpenCurrentUser
RegEnumValueW
RegNotifyChangeKeyValue
RegDeleteKeyExW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
RegGetValueW
RegOpenKeyExW
RegLoadMUIStringW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW

oleaut32

LPSAFEARRAY_UserSize64
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserUnmarshal64
LPSAFEARRAY_UserMarshal64
LPSAFEARRAY_UserFree64
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserSize
SafeArrayGetElement
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayAccessData
VariantClear
VariantInit
VarUI4FromStr
SysFreeString
SysAllocStringByteLen
SysStringByteLen
SysAllocString
SysStringLen
SysAllocStringLen
SafeArrayUnaccessData

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce
Sleep
WaitOnAddress

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetVersionExW
GetTickCount
GetTickCount64
GetComputerNameExW
GetSystemTimeAsFileTime
GetLocalTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-misc-l1-1-0

lstrcmpiW

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
FindActCtxSectionStringW
QueryActCtxW
CreateActCtxW
DeactivateActCtx

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-security-base-l1-1-0

CopySid
GetLengthSid
EqualSid
CreateWellKnownSid
IsValidSid
DestroyPrivateObjectSecurity
CheckTokenMembership
ImpersonateLoggedOnUser
RevertToSelf
AdjustTokenPrivileges
DuplicateToken
AllocateAndInitializeSid
GetTokenInformation
FreeSid

api-ms-win-core-file-l1-1-0

FindNextFileW
WriteFile
CreateFileW
FileTimeToLocalFileTime
CreateDirectoryW
CompareFileTime
FindFirstFileExW
FindClose
FindFirstFileW
GetFileAttributesW
DeleteFileW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo
VerSetConditionMask

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-psapi-l1-1-0

K32GetProcessImageFileNameW
QueryFullProcessImageNameW
K32GetModuleFileNameExW

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-localization-l1-2-3

GetUserDefaultGeoName
GetGeoInfoEx

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-errorhandling-l1-1-3

TerminateProcessOnMemoryExhaustion

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrPBrkW
StrCmpNIW
StrChrW

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

api-ms-win-core-registryuserspecific-l1-1-0

SHRegEnumUSKeyW
SHRegOpenUSKeyW
SHRegQueryUSValueW
SHRegSetUSValueW
SHRegGetUSValueW
SHRegWriteUSValueW
SHRegGetBoolUSValueW
SHRegCloseUSKey
SHRegCreateUSKeyW

api-ms-win-core-localization-private-l1-1-0

NlsCheckPolicy

api-ms-win-core-url-l1-1-0

UrlEscapeW

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem
UnregisterWaitEx

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW
PathFindFileNameW
PathCommonPrefixW
SHExpandEnvironmentStringsW
PathFileExistsW
PathRemoveExtensionW

api-ms-win-core-registry-l2-1-0

RegQueryValueW
RegOpenKeyW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-timezone-private-l1-1-0

IsTimeZoneRedirectionEnabled

user32

UnregisterClassA
GetProcessDefaultLayout
GetWindowRect
ExitWindowsEx
SystemParametersInfoW
SendNotifyMessageW
SendMessageW
GetSysColor
ord2521
GetKeyboardLayout
SetPropW
GetPropW
DestroyMenu
GetMenuDefaultItem
CreatePopupMenu
GetKeyState
SendInput
GetShellWindow
PostMessageW
IsWindow
MapVirtualKeyExW
GetWindowThreadProcessId
GetProcessWindowStation
EnumDesktopsW
CloseDesktop
EnumDesktopWindows
SetThreadDesktop
OpenDesktopW
GhostWindowFromHungWindow
IsWindowVisible
GetWindowLongW
GetWindow
GetClassNameW
InflateRect
ord2544
GetActiveWindow
GetMonitorInfoW
MonitorFromRect
GetUserObjectInformationW
GetThreadDesktop
AllowSetForegroundWindow
EnumDisplayMonitors
DefWindowProcW
GetWindowLongPtrW
UnregisterClassW
DestroyWindow
GetMessageW
SetWindowLongPtrW
CreateWindowExW
RegisterClassExW
GetClassInfoExW
CopyIcon
FindWindowExW
LoadImageW
DestroyIcon
EnumWindows
FindWindowW
MsgWaitForMultipleObjectsEx
PeekMessageW
PostQuitMessage
TranslateMessage
SetCursor
LoadCursorW
DispatchMessageW
ord2517
GetSystemMetrics
GetForegroundWindow
SetDesktopColorTransform

shlwapi

ord214
ord568
ord629
ord176
PathIsNetworkPathW
ord213
ord12
SHDeleteValueW
ord270
SHRegGetValueW
ord199
ord433
ord548
ord618
ord544
ord437
ord174
ord560
SHSetValueW
SHGetValueW
SHDeleteKeyW
SHGetThreadRef
ord16
ord354
ord611
ord487
StrToIntW
PathIsRelativeW
PathMatchSpecExW
ord154
SHStrDupA
ord219
StrStrIW
ord158
StrChrIW
ord212
ord630

shell32

SHBindToFolderIDListParentEx
ord846
SHCreateItemInKnownFolder
ord921
SHCreateShellItemArrayFromIDLists
ord4
ord850
SHGetKnownFolderItem
ord155
ord2
ord924
ShellExecuteExW
SHGetFolderPathEx
ord165
ord644
SHGetKnownFolderPath
SHGetKnownFolderIDList
ShellExecuteW
ord100
ord645
SHGetNameFromIDList
SHCreateShellItem
ord27
ord923
SHGetIDListFromObject
ord18
ord901
SHCreateItemFromIDList
ord916
SHCreateItemFromParsingName
SHChangeNotify

shcore

ord241
CreateRandomAccessStreamOverStream
CreateStreamOverRandomAccessStream
ord232
ord145
SHTaskPoolQueueTask
ord233
ord244
ord230

languagecomponentsinstaller

RequestFeaturesInstallation
RequestFeaturesUninstallation

kernel32

CeipIsOptedIn
OpenEventW
CloseThreadpoolWork
ProcessIdToSessionId
GlobalAlloc
GetFileAttributesExW
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformationForYear
LocalReAlloc
GetSystemPreferredUILanguages
GetSystemDefaultLCID
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
FindNLSString
LCMapStringW
CreateMutexW
GlobalFree
HeapReAlloc
GetDynamicTimeZoneInformation
GetTimeZoneInformation
GetSystemTime
SetDynamicTimeZoneInformation
SearchPathW
UnmapViewOfFile
LCIDToLocaleName
CreateFileMappingW
MapViewOfFile
K32EnumProcesses
K32EnumProcessModules
K32GetModuleBaseNameW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
CreateProcessW
DeleteProcThreadAttributeList
RegDeleteTreeW
OpenMutexW
OpenJobObjectW
IsProcessInJob
OOBEComplete
ResolveLocaleName

api-ms-win-appmodel-runtime-l1-1-0

ClosePackageInfo
OpenPackageInfoByFullName
GetPackageInfo

policymanager

PolicyManager_FreeGetPolicyData
PolicyManager_FreeStringValue
PolicyManager_IsPolicySetByMobileDeviceManager
PolicyManager_GetPolicy
PolicyManager_GetPolicyInt
PolicyManager_GetPolicyString

servicinguapi

FreeEnumerateFeaturesResult
EnumerateFeatures

msvcp_win

?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
??0task_continuation_context@Concurrency@@AEAA@XZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
_Cnd_unregister_at_thread_exit
_Cnd_register_at_thread_exit
?_Syserror_map@std@@YAPEBDH@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
_Cnd_wait
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
_Cnd_broadcast
_Cnd_destroy_in_situ
_Cnd_init_in_situ
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Throw_C_error@std@@YAXH@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?widen@?$ctype@G@std@@QEBAGD@Z
?id@?$ctype@G@std@@2V0locale@2@A
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bid@locale@std@@QEAA_KXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?uncaught_exception@std@@YA_NXZ
?flags@ios_base@std@@QEBAHXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?clear@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?_Throw_Cpp_error@std@@YAXH@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$collate@G@std@@2V0locale@2@A
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
_Wcsxfrm
?good@ios_base@std@@QEBA_NXZ
_Wcscoll
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setf@ios_base@std@@QEAAHHH@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xbad_function_call@std@@YAXXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
_Thrd_yield
?_Xlength_error@std@@YAXPEBD@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
??Bios_base@std@@QEBA_NXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?__ExceptionPtrCurrentException@@YAXPEAX@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ

appxdeploymentclient

ord25
ord24
ord23

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchCombine

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
OpenSCManagerW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-memory-l1-1-0

VirtualQuery

winhttp

WinHttpSetStatusCallback
WinHttpSetOption
WinHttpOpen
WinHttpCrackUrl
WinHttpConnect
WinHttpReadData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpDetectAutoProxyConfigUrl
WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpSendRequest

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntdll

RtlPublishWnfStateData
WinSqmAddToStreamEx
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlFreeHeap
RtlLookupElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
RtlCompareUnicodeString
NtQueryInformationToken
RtlFreeUnicodeString
RtlConvertSidToUnicodeString
RtlIsMultiUsersInSessionSku
WinSqmAddToStream
RtlInitUnicodeString
RtlGetDeviceFamilyInfoEnum
RtlNtStatusToDosError
RtlAllocateWnfSerializationGroup
RtlQueryWnfStateData
WinSqmIncrementDWORD
WinSqmIsOptedIn
NtClose
NtAdjustPrivilegesToken
NtOpenProcessToken
RtlRaiseStatus
RtlUnsubscribeWnfNotificationWaitForCompletion
WinSqmSetDWORD
RtlNtStatusToDosErrorNoTeb
RtlAllocateHeap

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-shlwapi-winrt-storage-l1-1-1

SHPinDllOfCLSID
ord317
ord448

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-com-private-l1-1-0

CoRevokeInitializeSpy
CoRegisterInitializeSpy

api-ms-win-shell-shellcom-l1-1-0

SHCoCreateInstance

api-ms-win-appmodel-runtime-internal-l1-1-0

GetPackageContext
GetPackagePropertyString

api-ms-win-appmodel-state-l1-2-0

GetSystemAppDataKey
CloseState
OpenStateExplicit

api-ms-win-shcore-thread-l1-1-0

GetProcessReference

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_GetSite

sppc

SLpIsCurrentInstalledProductKeyDefaultKey

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

errordetailscore

FreeErrorDetails
GetErrorDetailsWithContext

Exports

Exports

CallInstallNewAppxThemes
DllCanUnloadNow
DllGetClassObject
GetProxyDllInfo
GetSetting

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 940KB - Virtual size: 938KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ShareHost.dll
.dll windows:10 windows x64 arch:x64

03484536642fcfa6e4ea9b692ee897df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ShareHost.pdb

Imports

msvcrt

??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
_XcptFilter
_CxxThrowException
_amsg_exit
free
malloc
_initterm
__C_specific_handler
__CxxFrameHandler4
memcpy
_lock
memmove
memset
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
memcmp
strncpy_s
_purecall
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
_set_errno
_errno
_get_errno
strtol
_ui64tow_s
strchr
strrchr
memmove_s
sprintf_s
??_V@YAXPEAX@Z
realloc
wcscpy_s
??0exception@@QEAA@AEBQEBD@Z
_vsnprintf
__ExceptionPtrAssign
__ExceptionPtrCreate
__ExceptionPtrCopy
__ExceptionPtrToBool
__ExceptionPtrDestroy
__ExceptionPtrCurrentException
__ExceptionPtrRethrow
_wcsicmp
wcscspn
wcschr
_callnewh
__CxxFrameHandler3
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
??1type_info@@UEAA@XZ
wcscmp

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
DisableThreadLibraryCalls
LoadResource
LockResource
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW
FindResourceExW
GetModuleHandleExA

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
Sleep
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
EnterCriticalSection
DeleteCriticalSection
OpenSemaphoreW
ReleaseSemaphore
CreateSemaphoreExW
WaitForSingleObject
CreateEventExW
CreateEventW
SetEvent
CreateMutexExW
ReleaseMutex
LeaveCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeCriticalSectionEx
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsSubstringWithSpecifiedLength
WindowsCompareStringOrdinal
HSTRING_UserMarshal
HSTRING_UserFree64
WindowsDeleteString
HSTRING_UserSize64
HSTRING_UserMarshal64
HSTRING_UserUnmarshal
HSTRING_UserUnmarshal64
WindowsGetStringRawBuffer
WindowsCreateStringReference
HSTRING_UserSize
WindowsDuplicateString
HSTRING_UserFree

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventActivityIdControl
EventWriteTransfer
EventSetInformation

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
OpenThreadToken
SetThreadToken
GetCurrentProcessId
TerminateProcess
CreateThread
GetThreadId
GetCurrentThread
OpenProcessToken

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError
RoOriginateErrorW
GetRestrictedErrorInfo
SetRestrictedErrorInfo

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetTickCount64

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegGetValueW
RegCloseKey

api-ms-win-core-com-l1-1-0

CoUninitialize
CoGetMalloc
CoInitializeEx
CoUnmarshalInterface
CreateStreamOnHGlobal
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoReleaseMarshalData
CoCreateInstance
CoMarshalInterface
CoWaitForMultipleHandles
CoGetCallContext
StringFromGUID2
CoCreateGuid
CoTaskMemAlloc
CoGetStdMarshalEx
CoGetInterfaceAndReleaseStream
CoTaskMemRealloc

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW
PathIsFileSpecW

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWait
CreateThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolTimer
WaitForThreadpoolWaitCallbacks
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolWait

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-kernel32-legacy-l1-1-1

PowerSetRequest
PowerCreateRequest

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte

ntdll

RtlFreeHeap
NtQueryInformationToken
RtlInitUnicodeString
EtwTraceMessage
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlQueryPackageClaims
RtlGetDeviceFamilyInfoEnum

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpIW

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

combase

ord154

msvcp110_win

??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?in@?$codecvt@GDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAG3AEAPEAG@Z
??0?$codecvt@GDH@std@@QEAA@_K@Z
?_Getcat@?$codecvt@GDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1?$codecvt@GDH@std@@MEAA@XZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
??0id@locale@std@@QEAA@_K@Z
?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z
?_Orphan_all@_Container_base0@std@@QEAAXXZ
?uncaught_exception@std@@YA_NXZ
?_BADOFF@std@@3_JB
?id@?$codecvt@GDH@std@@2V0locale@2@A
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Add_vtordisp1@?$basic_ios@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Add_vtordisp2@?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAAXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xbad_function_call@std@@YAXXZ

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
GetProxyDllInfo
ResolveConnectedSharePlatformToken

Sections

.text
Size: 452KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ShellAppRuntime.exe
.exe windows:10 windows x64 arch:x64

06d563a1cf8b5b1e6d8513d625d018c7

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:83:42:d9:d1:41:ac:75:53:ec:3a:a1:ce:f6:f6:5a:6c:9b:29:ed:0f:9a:5a:91:f6:a5:81:84:83:03:c8:d6
Signer

Actual PE Digest

33:83:42:d9:d1:41:ac:75:53:ec:3a:a1:ce:f6:f6:5a:6c:9b:29:ed:0f:9a:5a:91:f6:a5:81:84:83:03:c8:d6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ShellAppRuntime.pdb

Imports

advapi32

GetTokenInformation
MakeAbsoluteSD
ConvertStringSecurityDescriptorToSecurityDescriptorW
EventUnregister
RegGetValueW
RegOpenKeyExW
EventSetInformation
EventRegister
EventWriteTransfer
RegCloseKey
EqualSid
RegDeleteValueW
RegEnumKeyExW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegEnumValueW
GetSecurityInfo
GetAclInformation
GetAce
DeleteAce
SetSecurityInfo
InitializeAcl
AddAce
RegDeleteKeyExW
SetEntriesInAclW
SetNamedSecurityInfoW
TraceMessage
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
NotifyServiceStatusChangeW
CloseServiceHandle
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetSecurityDescriptorDacl
EventEnabled
EventWrite
QueryServiceStatus
RegSetKeyValueW
GetNamedSecurityInfoW
CheckTokenMembership
DuplicateToken
CreateWellKnownSid
RegQueryInfoKeyW
IsValidSid
LsaLookupNames2
LsaClose
LsaFreeMemory
LsaOpenPolicy
CopySid
GetLengthSid
ConvertSidToStringSidW
OpenProcessToken
OpenThreadToken
EventActivityIdControl

kernel32

ResolveDelayLoadedAPI
GetModuleFileNameA
InitOnceBeginInitialize
CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
ReleaseSemaphore
GetModuleHandleExW
GetModuleFileNameW
K32GetModuleFileNameExW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
Sleep
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
InitOnceComplete
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
SetPriorityClass
GetSystemAppDataKey
InterlockedPushEntrySList
TrySubmitThreadpoolCallback
CreateEventExW
SetProcessShutdownParameters
SetErrorMode
CreateEventW
SetEvent
RaiseException
RegisterApplicationRestart
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
AcquireSRWLockShared
LocalFree
CreateMutexExW
GetProcAddress
HeapAlloc
GetModuleHandleExA
LocalAlloc
GetProcessMitigationPolicy
CreateProcessW
GetCurrentThread
CompareStringW
lstrcmpiW
GetPackagesByPackageFamily
CreateThreadpoolTimer
OpenStateExplicit
CloseState
CreateMutexW
CompareStringOrdinal
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetTickCount
GetTimeZoneInformationForYear
FindResourceExW
LoadResource
ReleaseSRWLockShared
WaitForMultipleObjectsEx
OpenEventW
LoadLibraryExW
FreeLibrary
LoadLibraryW
PowerCreateRequest
DelayLoadFailureHook
AssignProcessToJobObject
CreateJobObjectW
SetInformationJobObject
CreateIoCompletionPort
GetQueuedCompletionStatus
DeviceIoControl
GetNativeSystemInfo
GetSystemDirectoryW
GetVersionExW
ProcessIdToSessionId
ResetEvent
UnmapViewOfFile
GetProcessId
CreateFileMappingW
InitOnceExecuteOnce
GetUserDefaultGeoName
GetExitCodeProcess
SleepEx
ResumeThread
SetThreadPriorityBoost
SetThreadPriority
CopyFileW
WriteFile
FindPackagesByPackageFamily
GetCommandLineW
GetGeoInfoW
GetEnvironmentVariableW
SetEnvironmentVariableW
CompareFileTime
GetWindowsDirectoryW
ExpandEnvironmentStringsW
InitializeSRWLock
VerifyVersionInfoW
VerSetConditionMask
GetSystemTime
GetProductInfo
OpenFileMappingW
MapViewOfFile
OOBEComplete
CreateThread
SizeofResource
InitializeCriticalSection
MultiByteToWideChar
LocalReAlloc
OpenProcess
GetTickCount64
GetFileAttributesW
DeleteFileW
FindStringOrdinal
WideCharToMultiByte
CreateFileW
PowerSetRequest

msvcp_win

?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_yield
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Thrd_detach
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_wait
_Mtx_unlock
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Xbad_alloc@std@@YAXXZ

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm
_initterm_e
_c_exit

api-ms-win-crt-private-l1-1-0

_o__recalloc
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_errno
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o_abort
_o_exit
_o_free
_o_iswspace
_o_lround
_o_malloc
_o_realloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstoll
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o__get_wide_winmain_command_line
_o__get_errno
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o__beginthreadex
wcschr
_o__purecall
_o__itow_s
_o__itoa_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
wcsrchr
__std_terminate
wcsstr
__CxxFrameHandler4
__C_specific_handler_noexcept
memcmp
memcpy
memmove

api-ms-win-crt-string-l1-1-0

wcscmp
memset
wcscspn
strncmp

api-ms-win-core-com-l1-1-0

CLSIDFromString
StringFromIID
CoGetApartmentType
CoWaitForMultipleHandles
CoRegisterClassObject
CoSetProxyBlanket
StringFromGUID2
PropVariantClear
CoRevokeClassObject
CoTaskMemRealloc
CoInitializeEx
CoInitializeSecurity
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoGetObjectContext

oleaut32

SysAllocString
SysFreeString
GetErrorInfo
SysStringLen
VarUI4FromStr
VariantInit
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantClear
SetErrorInfo

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcess
TerminateProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

shcore

SHGetValueW
SHSetValueW
SHUnicodeToAnsi
SHDeleteValueW
SHRegGetValueW
SHDeleteKeyW
IsOS
ord191
SHTaskPoolQueueTask
SHQueryInfoKeyW
ord190
IUnknown_Set
IUnknown_QueryService
IUnknown_SetSite
SetCurrentProcessExplicitAppUserModelID
ord184
ord186
SHSetThreadRef
SHCreateThreadRef
SHGetThreadRef

propsys

PropVariantToStringAlloc
PSPropertyBag_WriteInt
PropVariantToUInt32
InitVariantFromBuffer
PSCreateMemoryPropertyStore
PSPropertyBag_WriteDWORD
PSPropertyBag_ReadDWORD

ntdll

NtPowerInformation
RtlNtStatusToDosError
RtlPublishWnfStateData
RtlQueryUnbiasedInterruptTime
NtQuerySystemInformation
NtQueryInformationProcess
RtlGetNtSystemRoot
NtOpenProcessToken
NtOpenKey
RtlRunOnceExecuteOnce
NtDeviceIoControlFile
NtClose
RtlGetSuiteMask
NtCreateFile
NtQueryValueKey
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
NtSetThreadExecutionState
NtQueryInformationToken
NtOpenThreadToken
RtlSubscribeWnfStateChangeNotification
RtlInitUnicodeString
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData

ole32

CoAllowSetForegroundWindow
RoGetAgileReference
CoGetStdMarshalEx
CoGetCallContext
CreateBindCtx
OleUninitialize
OleInitialize
RevokeDragDrop
CoGetMalloc
CoCreateFreeThreadedMarshaler

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

shell32

ord938
SHChangeNotifyRegisterThread
ord188
ord904
ord244
SHBindToParent
SHParseDisplayName
SHEvaluateSystemCommandTemplate
ord885
ord723
ord680
ord899
ord100
SHGetKnownFolderItem
ord155
ord68
SHGetKnownFolderIDList
SHBindToObject
ord172
SHGetKnownFolderPath
ord152
SHGetIDListFromObject
SHCreateItemInKnownFolder

shlwapi

ord260
ord256
StrChrW
ord515
ord158
ord240
ord219
ord197
ord544
ord212

user32

GetAsyncKeyState
CallNextHookEx
SetWindowsHookExW
UnregisterClassA
PostThreadMessageW
GetProcessWindowStation
CreateWindowInBand
UnhookWindowsHookEx
TranslateMessage
PeekMessageW
EnableMouseInPointer
DispatchMessageW
WaitMessage
DestroyMenu
GetMenuDefaultItem
CreatePopupMenu
IsCharAlphaNumericW
CharLowerW
UnregisterClassW
GetMessageW
LockWorkStation
CloseDesktop
GetUserObjectInformationW
GetThreadDesktop
SetWinEventHook
MonitorFromPoint
ExitWindowsEx
FindWindowW
SetRectEmpty
CharLowerBuffW
CharNextW
GetWindowThreadProcessId
UnhookWinEvent
MsgWaitForMultipleObjectsEx
SetCursor
GetPropW
EnumDisplayMonitors
GetMonitorInfoW
CopyRect
SetGestureConfig
SetFocus
TranslateAcceleratorW
GetClassNameW
PostQuitMessage
SetShellWindowEx
UpdateWindow
SetWindowPos
EnumChildWindows
SendMessageW
RemovePropW
ShowWindow
GetSysColor
SetPropW
SetShellWindow
GetClientRect
KillTimer
InvalidateRect
BeginPaint
EndPaint
GetDC
ReleaseDC
UnregisterHotKey
RegisterShellHookWindow
DeregisterShellHookWindow
SetTaskmanWindow
GetTaskmanWindow
SystemParametersInfoW
RegisterWindowMessageW
GetShellWindow
DefWindowProcW
DestroyWindow
SetWindowLongPtrW
CreateWindowExW
GetWindowLongPtrW
RegisterClassExW
IsWindow
LoadCursorW
PostMessageW
GetSystemMetrics

gdi32

GetStockObject
GetDeviceCaps

sspicli

GetUserNameExW

api-ms-win-security-lsalookup-l1-1-2

LsaLookupUserAccountType

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsDeleteStringBuffer
WindowsPromoteStringBuffer
WindowsCreateString
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsPreallocateStringBuffer
WindowsSubstringWithSpecifiedLength

userenv

DeriveAppContainerSidFromAppContainerName
GetProfileType

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchCombine

api-ms-win-power-base-l1-1-0

CallNtPowerInformation
GetPwrCapabilities

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance
RoInitialize
RoUninitialize

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids

api-ms-win-service-management-l1-1-0

StartServiceW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsFileSpecW
PathQuoteSpacesW
PathFileExistsW
SHExpandEnvironmentStringsW
PathFindFileNameW
PathGetArgsW

api-ms-win-core-kernel32-legacy-l1-1-2

SetTermsrvAppInstallMode

comctl32

ord334
ord328
ord329

rpcrt4

RpcBindingFromStringBindingW
RpcStringBindingComposeW
I_RpcExceptionFilter
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingFree
NdrClientCall3

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-security-lsalookup-l1-1-1

EnumerateIdentityProviders
ReleaseIdentityProviderEnumContext
GetDefaultIdentityProvider
GetIdentityProviderInfoByGUID

Exports

Exports

FileTimeToVariantTime
InitPropVariantFromFileTimeEx
InitPropVariantFromSystemTimeEx
VariantTimeToFileTime
_ConvertTimeHelper

Sections

.text
Size: 996KB - Virtual size: 994KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 232KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ShellCommonCommonProxyStub.dll
.dll windows:10 windows x64 arch:x64

16249758225e231782261f05d2731bc8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ShellCommonCommonProxyStub.pdb

Imports

msvcrt

__C_specific_handler
_XcptFilter
_initterm
malloc
free
_amsg_exit

rpcrt4

NdrDllCanUnloadNow
NdrDllGetClassObject
NdrStubForwardingFunction
NdrOleAllocate
NdrOleFree

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-marshal-l1-1-0

HWND_UserSize
HWND_UserMarshal
HWND_UserUnmarshal
HWND_UserFree
HWND_UserFree64
HWND_UserMarshal64
HWND_UserUnmarshal64
HWND_UserSize64

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetProxyDllInfo

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 856KB - Virtual size: 852KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SmartActionPlatform.dll
.dll windows:10 windows x64 arch:x64

a68a800978240930a3d5456bcbf78949

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SmartActionPlatform.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o_abort
_o_ceilf
_o_free
_o_iswspace
_o_malloc
_o_strncpy_s
_o_strtol
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o__crt_atexit
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o__configure_narrow_argv
_o___std_exception_copy
_o__cexit
_o__execute_onexit_table
_o__callnewh
_o__errno
memcmp
memcpy
_CxxThrowException
__CxxFrameHandler3
strrchr
strchr
__std_terminate
__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

memset
wcscmp

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
FreeLibrary
GetModuleFileNameA
FindStringOrdinal
DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleHandleExA

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
RaiseException
SetLastError

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

shell32

SHGetKnownFolderPath
ShellExecuteExW
SHCreateAssociationRegistration

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
CreateMutexExW
AcquireSRWLockExclusive
OpenSemaphoreW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
AcquireSRWLockShared
CreateEventExW
ReleaseSRWLockShared
SetEvent
TryAcquireSRWLockExclusive
InitializeSRWLock
ReleaseSRWLockExclusive
CreateEventW
DeleteCriticalSection
ResetEvent

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-localization-l1-2-0

GetUserDefaultLocaleName
FormatMessageW

api-ms-win-appmodel-runtime-l1-1-0

PackageFamilyNameFromFullName

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

UuidCreate

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegGetValueW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolWaitCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
TrySubmitThreadpoolCallback
SetThreadpoolWait
CreateThreadpoolWait

api-ms-win-core-localization-l1-2-3

GetUserDefaultGeoName

api-ms-win-core-com-l1-1-0

CoGetApartmentType
CoGetObjectContext
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler

api-ms-win-rtcore-ntuser-clipboard-l1-1-0

CloseClipboard
OpenClipboard

oleaut32

GetErrorInfo
SetErrorInfo
SysFreeString
SysStringLen
SysAllocString
SysAllocStringByteLen
VariantInit
VariantClear

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsCreateString
WindowsGetStringRawBuffer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-rtcore-ntuser-window-l1-1-0

GetForegroundWindow

ext-ms-win-ntuser-private-l1-6-1

GetClipboardMetadata

ext-ms-win-ntuser-misc-l1-5-1

EnumClipboardFormats

msvcp_win

?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?__ExceptionPtrCreate@@YAXPEAX@Z
_Cnd_init_in_situ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
??0task_continuation_context@Concurrency@@AEAA@XZ
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Xbad_function_call@std@@YAXXZ
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Mtx_lock
?__ExceptionPtrCurrentException@@YAXPEAX@Z
_Mtx_init_in_situ
_Cnd_wait
_Mtx_unlock
_Cnd_broadcast
_Cnd_destroy_in_situ
_Thrd_yield
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-shell-associations-l1-1-3

SHAssocEnumHandlers
SHAssocEnumHandlersForProtocolByApplication

api-ms-win-core-file-l1-1-0

CreateDirectoryW

api-ms-win-core-path-l1-1-0

PathCchSkipRoot

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory

Sections

.text
Size: 244KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SpatialAudioLicenseSrv.exe
.exe windows:10 windows x64 arch:x64

7c10f6768228eaacb724f6a992633646

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SpatialAudioLicenseSrv.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__crt_atexit
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_wide_argv
_o__configthreadlocale
_o___p__commode
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
__CxxFrameHandler4
__std_terminate
_o___stdio_common_vsnprintf_s

api-ms-win-crt-string-l1-1-0

wcscmp
memset

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

ReleaseMutex
OpenSemaphoreW
CreateMutexExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
WaitForSingleObjectEx
EnterCriticalSection
LeaveCriticalSection
CreateEventExW
DeleteCriticalSection
InitializeCriticalSectionEx
SetEvent

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetStartupInfoW
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
CoInitializeSecurity
CoReleaseServerProcess
CoTaskMemFree
CoAddRefServerProcess
CoRevokeClassObject
CoRegisterClassObject
CoResumeClassObjects

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString
WindowsCreateString
WindowsGetStringLen

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoRegisterActivationFactories
RoRevokeActivationFactories
RoUninitialize
RoInitialize
RoActivateInstance

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

mmdevapi

ord26

combase

ord69

api-ms-win-core-featurestaging-l1-1-0

SubscribeFeatureStateChangeNotification
RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SppExtComObj.Exe
.exe windows:10 windows x64 arch:x64

7e2ccbfdb1baf1c91cddcadac907f977

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SppExtComObj.pdb

Imports

advapi32

RegSetKeySecurity
RegSetValueExW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyW
RegQueryInfoKeyW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

kernel32

EncodePointer
GetCurrentProcessId
CreateProcessW
OpenEventW
DecodePointer
LocalAlloc
LocalFree
SetLastError
VirtualFree
GetCurrentProcess
VirtualAlloc
RtlAddFunctionTable
InitializeCriticalSection
RaiseFailFastException
GetCurrentThread
DeleteCriticalSection
GetModuleHandleW
RtlDeleteFunctionTable
LoadLibraryExW
HeapFree
HeapSetInformation
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetCommandLineW
GetModuleHandleExW
HeapAlloc
GetProcAddress
WaitForSingleObject
CreateEventW
SetEvent
CloseHandle
GetProcessHeap
VirtualQuery
GetLastError
GetModuleFileNameW
WaitForMultipleObjects
FreeLibrary
GetSystemDirectoryW
SetThreadPriority
FreeLibraryAndExitThread
GetComputerNameExW
CreateThread

msvcrt

?terminate@@YAXXZ
_onexit
wcscmp
srand
rand
wcschr
_unlock
_lock
towupper
_purecall
_commode
_fmode
_acmdln
_initterm
__setusermatherr
_ismbblead
_cexit
_wcsicmp
memcmp
memcpy
memmove
memset
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
__C_specific_handler
_vsnwprintf
__dllonexit

ntdll

NtQuerySystemInformation
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

rpcrt4

NdrOleAllocate
RpcStringFreeW
UuidToStringW
NdrOleFree
UuidFromStringW
RpcServerUnregisterIf
RpcServerRegisterIf2
RpcServerUseProtseqEpW
RpcBindingFree
RpcAsyncCompleteCall
Ndr64AsyncServerCallAll
NdrAsyncServerCall
I_RpcMapWin32Status
Ndr64AsyncClientCall
RpcAsyncCancelCall
I_RpcExceptionFilter
RpcAsyncInitializeHandle
RpcBindingFromStringBindingW
RpcStringBindingComposeW
NdrDllGetClassObject

oleaut32

VariantClear
BSTR_UserFree
LPSAFEARRAY_UserSize
BSTR_UserUnmarshal64
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree64
LPSAFEARRAY_UserMarshal64
BSTR_UserUnmarshal
SysFreeString
SysAllocString
BSTR_UserMarshal
LPSAFEARRAY_UserUnmarshal64
LPSAFEARRAY_UserMarshal
BSTR_UserFree64
BSTR_UserSize64
VariantInit
SafeArrayDestroy
LPSAFEARRAY_UserSize64
BSTR_UserMarshal64
UnRegisterTypeLi
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreateVector
BSTR_UserSize
RegisterTypeLi
LoadTypeLi

api-ms-win-core-com-l1-1-0

CoRevokeClassObject
CoUninitialize
CoInitializeEx
CoResumeClassObjects
CoRegisterClassObject
CoAddRefServerProcess
CoSuspendClassObjects
CoReleaseServerProcess
CoRevertToSelf
CoImpersonateClient

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

ole32

CoRegisterPSClsid

shell32

CommandLineToArgvW

logoncli

DsGetDcNameW

ws2_32

WSAGetLastError
WSAAddressToStringW
FreeAddrInfoW
GetAddrInfoW
WSAStartup
WSACleanup

dnsapi

DnsFree
DnsQuery_W
DnsModifyRecordsInSet_W
DnsNameCompare_W

activeds

ord20
ord15
ord9

Sections

.text
Size: 436KB - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
StartTileData.dll
.dll windows:10 windows x64 arch:x64

cbe56584252041cd07e7b6ba685c5a3b

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e2:3e:6d:79:90:47:72:30:d2:12:30:0d:94:37:d7:35:99:8f:0f:ac:cc:41:a7:bf:86:6a:4e:9f:7c:18:d5:aa
Signer

Actual PE Digest

e2:3e:6d:79:90:47:72:30:d2:12:30:0d:94:37:d7:35:99:8f:0f:ac:cc:41:a7:bf:86:6a:4e:9f:7c:18:d5:aa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

StartTileData.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__itow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__ui64tow_s
_o__wcsicmp
_o__wcstoi64
_o__wcstoui64
_o__wtoi
_o_abort
memmove
_o_bsearch_s
_o_calloc
_o_ceil
_o_ceilf
_o_free
_o_iswspace
_o_llroundl
_o_lround
_o_malloc
_o_pow
_o_rand_s
_o_realloc
_o_roundf
_o_roundl
_o_terminate
_o_towupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstol
_o_wcstoul
_o_wcstoull
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
wcschr
wcsstr
strchr
__std_type_info_compare
wcsrchr
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__get_errno
__std_terminate
_o__execute_onexit_table
__CxxFrameHandler4
_o__errno
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcscspn
strncmp
memset
wcsncmp
wcsspn

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FindStringOrdinal
GetProcAddress
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleExA
GetModuleHandleExW
LoadStringW
DisableThreadLibraryCalls
GetModuleFileNameW
FreeLibrary

api-ms-win-core-synch-l1-1-0

WaitForMultipleObjectsEx
AcquireSRWLockShared
LeaveCriticalSection
CreateSemaphoreExW
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeCriticalSection
AcquireSRWLockExclusive
ResetEvent
CreateEventW
SetEvent
OpenSemaphoreW
CreateMutexExW
InitializeCriticalSectionAndSpinCount
CreateEventExW
InitializeSRWLock
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentThread
SetThreadToken
TerminateProcess
GetProcessId
ProcessIdToSessionId
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
OpenProcessToken
CreateThread

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetThreadPreferredUILanguages
LCMapStringW
GetGeoInfoW
GetUserDefaultLCID
GetUserGeoID

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo
RoFailFastWithErrorContext
SetRestrictedErrorInfo
RoOriginateErrorW
RoOriginateError
RoTransformError

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
TrySubmitThreadpoolCallback

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
CompareStringW
WideCharToMultiByte

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringLen
WindowsConcatString
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsDuplicateString
WindowsDeleteString
WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsGetStringRawBuffer

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemInfo
GetTickCount64
GetSystemTimeAsFileTime
GetSystemTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedFlushSList
InterlockedPushEntrySList

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoDisableCallCancellation
CoReleaseMarshalData
CoTaskMemAlloc
StringFromGUID2
CoCancelCall
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoCreateGuid
CoCreateInstance
CoGetObjectContext
CoGetMalloc
CreateStreamOnHGlobal
CoMarshalInterface
CoWaitForMultipleHandles
CoGetApartmentType
CoGetCallContext
CoRevertToSelf
IIDFromString
CoEnableCallCancellation
CoIncrementMTAUsage
CoDecrementMTAUsage
CoGetClassObject
CoInitializeEx
CoUninitialize
PropVariantClear

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize
RoActivateInstance
RoGetActivationFactory

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

EqualSid
ImpersonateLoggedOnUser
GetAce
IsWellKnownSid
DuplicateTokenEx
GetTokenInformation
RevertToSelf

api-ms-win-core-file-l1-1-0

CreateDirectoryW
ReadFile
GetFileSize
SetEndOfFile
FindFirstFileW
GetFileSizeEx
FindNextFileW
WriteFile
CompareFileTime
FindClose
FileTimeToLocalFileTime
GetFileAttributesExW
GetDiskFreeSpaceExW
SetFilePointer
DeleteFileW
RemoveDirectoryW
CreateFileW
GetFileAttributesW
SetFileInformationByHandle

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegDisablePredefinedCacheEx
RegOpenKeyExW
RegNotifyChangeKeyValue
RegSetValueExW
RegGetValueW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpICW
StrStrIW

api-ms-win-core-path-l1-1-0

PathCchFindExtension
PathAllocCombine
PathCchRemoveExtension
PathCchRemoveFileSpec
PathCchCombine
PathCchAppend

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
ExpandEnvironmentStringsW
SetEnvironmentVariableW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsUNCW
SHExpandEnvironmentStringsW
PathUnExpandEnvStringsW
PathStripPathW
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
PathIsFileSpecW
PathGetDriveNumberW
PathIsRelativeW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

ntdll

RtlQueryInformationAcl
RtlGetDaclSecurityDescriptor
RtlCreateAcl
RtlGetAce
RtlAddAce
RtlAddAccessAllowedAce
RtlSetDaclSecurityDescriptor
NtSetSecurityObject
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
RtlAllocateHeap
RtlLengthSid
RtlInitUnicodeString
RtlIsMultiSessionSku
NtQueryInformationToken
RtlFreeHeap
RtlGetDeviceFamilyInfoEnum
NtQueryValueKey
NtCreateFile
RtlGetSuiteMask
RtlGetNtSystemRoot
NtClose
NtDeviceIoControlFile
RtlRunOnceExecuteOnce
NtOpenKey
RtlCreateSecurityDescriptor
NtQuerySecurityObject
RtlGetCurrentServiceSessionId
NtQueryWnfStateData
RtlIsMultiUsersInSessionSku
RtlPublishWnfStateData
NtSetInformationFile
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
RoReportFailedDelegate

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask
GetProductInfo

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW
K32QueryWorkingSetEx

api-ms-win-core-memory-l1-1-1

PrefetchVirtualMemory
VirtualUnlock

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
FlushViewOfFile
UnmapViewOfFile

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabledForPackage

api-ms-win-core-localization-l1-2-3

GetUserDefaultGeoName

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

crypt32

CryptBinaryToStringW

api-ms-win-core-registry-l2-1-0

RegCreateKeyW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-url-l1-1-0

PathIsURLW
ParseURLW

api-ms-win-core-normalization-l1-1-0

GetStringScripts

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

iphlpapi

GetNetworkConnectivityHint
NotifyNetworkConnectivityHintChange
CancelMibChangeNotify2

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics

api-ms-win-appmodel-unlock-l1-1-0

IsDeveloperModeEnabled

api-ms-win-rtcore-ntuser-wmpointer-l1-1-0

GetPointerDevices

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

msvcp_win

?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?_Xbad_function_call@std@@YAXXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Cnd_wait
_Mtx_unlock
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
_Cnd_broadcast
_Mtx_destroy_in_situ
_Cnd_destroy_in_situ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
??0task_continuation_context@Concurrency@@AEAA@XZ
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
_Mtx_init_in_situ
_Cnd_init_in_situ
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$ctype@G@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?id@?$collate@G@std@@2V0locale@2@A
_Wcsxfrm
_Wcscoll
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?widen@?$ctype@G@std@@QEBAGD@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Thrd_yield
?classic@locale@std@@SAAEBV12@XZ
?id@?$numpunct@D@std@@2V0locale@2@A
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?swap@?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAAXAEAV12@@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?swap@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXAEAV12@@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z

combase

ord147
ord154
SetErrorInfo
ord148
ord168
GetErrorInfo

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
GetSetting
HasMigratedTDLData
ProcessStartLayoutPolicy
TryMigrateTDLData

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
StateRepository.Core.dll
.dll windows:10 windows x64 arch:x64

fb5ff35e0a4258af08744a2deab19445

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ea:7c:2b:3e:a8:3f:1d:1e:88:c7:b6:4f:2a:87:1f:5c:63:c4:68:8b:b8:c4:d4:a2:86:46:f5:a7:8d:0b:28:17
Signer

Actual PE Digest

ea:7c:2b:3e:a8:3f:1d:1e:88:c7:b6:4f:2a:87:1f:5c:63:c4:68:8b:b8:c4:d4:a2:86:46:f5:a7:8d:0b:28:17

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

staterepository.core.pdb

Imports

api-ms-win-crt-string-l1-1-0

strcmp
memset
strncmp
strcspn

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__endthreadex
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__msize
_o__seh_filter_dll
memmove
_o_free
_o_malloc
_o_realloc
__C_specific_handler
_o__cexit
_o__beginthreadex
_o___std_type_info_destroy_list
strrchr
memcmp
memcpy

api-ms-win-core-file-l1-2-2

AreFileApisANSI
GetTempPathA

api-ms-win-core-file-l1-1-0

WriteFile
GetDiskFreeSpaceW
GetFullPathNameW
LockFile
SetFilePointer
CreateFileA
DeleteFileA
DeleteFileW
GetFullPathNameA
GetFileAttributesExW
GetFileAttributesA
SetEndOfFile
UnlockFileEx
ReadFile
FlushFileBuffers
CreateFileW
GetFileAttributesW
GetFileSize
GetDiskFreeSpaceA
LockFileEx
UnlockFile

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
LeaveCriticalSection
WaitForSingleObjectEx
CreateMutexW
WaitForSingleObject
EnterCriticalSection
DeleteCriticalSection
TryEnterCriticalSection

api-ms-win-core-heap-l1-1-0

HeapCreate
HeapReAlloc
HeapSize
HeapValidate
HeapAlloc
GetProcessHeap
HeapCompact
HeapDestroy
HeapFree

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
FlushViewOfFile

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-localization-l1-2-0

FormatMessageA
FormatMessageW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA
LoadLibraryW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_blob64
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_pointer
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_text64
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_bind_zeroblob64
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_create_window_function
sqlite3_data_count
sqlite3_db_cacheflush
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_errstr
sqlite3_exec
sqlite3_expanded_sql
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_keyword_check
sqlite3_keyword_count
sqlite3_keyword_name
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_malloc64
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_msize
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare16_v3
sqlite3_prepare_v2
sqlite3_prepare_v3
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_realloc64
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_blob64
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_pointer
sqlite3_result_subtype
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_text64
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_result_zeroblob64
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_set_last_insert_rowid
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_status64
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_isexplain
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_str_append
sqlite3_str_appendall
sqlite3_str_appendchar
sqlite3_str_appendf
sqlite3_str_errcode
sqlite3_str_finish
sqlite3_str_length
sqlite3_str_new
sqlite3_str_reset
sqlite3_str_value
sqlite3_str_vappendf
sqlite3_strglob
sqlite3_stricmp
sqlite3_strlike
sqlite3_strnicmp
sqlite3_system_errno
sqlite3_table_column_metadata
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_trace_v2
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_dup
sqlite3_value_free
sqlite3_value_frombind
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_nochange
sqlite3_value_numeric_type
sqlite3_value_pointer
sqlite3_value_subtype
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_collation
sqlite3_vtab_config
sqlite3_vtab_nochange
sqlite3_vtab_on_conflict
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_mbcs_to_utf8_v2
sqlite3_win32_set_directory
sqlite3_win32_set_directory16
sqlite3_win32_set_directory8
sqlite3_win32_sleep
sqlite3_win32_unicode_to_utf8
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_utf8_to_mbcs_v2
sqlite3_win32_utf8_to_unicode
sqlite3_win32_write_debug

Sections

.text
Size: 564KB - Virtual size: 563KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
StorSvc.dll
.dll windows:10 windows x64 arch:x64

36aa175a5d6f33e5ffa0672fb6a911da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

StorSvc.pdb

Imports

msvcp_win

?_Xinvalid_argument@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEBA?AVlocale@2@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGD@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Xlength_error@std@@YAXPEBD@Z
?clear@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Xout_of_range@std@@YAXPEBD@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?exceptions@ios_base@std@@QEAAXH@Z
?good@ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?_Xbad_alloc@std@@YAXXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__lock_file
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__unlock_file
_o__wcsdup
_o__wcsicmp
_o__wcslwr
_o__wcslwr_s
_o__wsplitpath_s
_o__wtoi
_o_calloc
memmove
_o_exp
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fgetwc
_o_fputwc
_o_free
_o_fsetpos
_o_fwrite
_o_log10
_o_malloc
_o_realloc
_o_setvbuf
_o_sqrt
_o_strtod
_o_strtoul
_o_terminate
_o_towlower
_o_ungetc
_o_ungetwc
_o_wcscat_s
_o_wcscpy_s
_o_wcsncat_s
_o_wcstod
_o_wcstol
_o_wcstoul
_o_wcstoull
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__fseeki64
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__i64toa_s
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
wcsstr
__std_terminate
wcsrchr
wcschr
__CxxFrameHandler4
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
memcmp
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o__wcsupr_s
_o___std_exception_copy
memcpy
_o__wcsnicmp
_o_ceilf

api-ms-win-crt-string-l1-1-0

wcsnlen
wcsncmp
wcscmp
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LockResource
GetModuleFileNameA
GetProcAddress
GetModuleHandleW
FindResourceExW
DisableThreadLibraryCalls
LoadStringW
GetModuleFileNameW
FreeLibrary
LoadResource
LoadLibraryExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-com-l1-1-0

CoGetMalloc
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitializeEx
StringFromGUID2
CLSIDFromString
CoWaitForMultipleHandles
CoTaskMemRealloc
IIDFromString
CoCreateGuid
CoCreateFreeThreadedMarshaler

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThread
GetExitCodeProcess
SetThreadToken
CreateProcessW
GetExitCodeThread
CreateThread
GetCurrentProcessId
OpenProcessToken
GetCurrentThreadId
GetCurrentProcess
OpenThreadToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
InitializeSRWLock
CreateMutexW
ResetEvent
CreateSemaphoreExW
EnterCriticalSection
ReleaseSemaphore
CreateEventExW
SetEvent
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseMutex
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
InitializeCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
CreateEventW
ReleaseSRWLockExclusive

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
RaiseException
GetLastError
SetLastError
GetErrorMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpool
CreateThreadpool
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWait
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetTempPathW
GetVolumePathNamesForVolumeNameW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteString
EventWriteTransfer
EventSetInformation
EventRegister
EventActivityIdControl

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
ImpersonateLoggedOnUser
CreateWellKnownSid
RevertToSelf
GetTokenInformation
AdjustTokenPrivileges
DuplicateToken
CheckTokenMembership

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsStringHasEmbeddedNull
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoInitialize
RoUninitialize
RoGetActivationFactory

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

ntdll

RtlImpersonateSelf
NtClose
NtOpenThreadTokenEx
NtSetInformationThread
NtOpenProcessTokenEx
NtAdjustPrivilegesToken
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
NtQuerySystemInformation
RtlIsNonEmptyDirectoryReparsePointAllowed
RtlQueryWnfStateData
NtCreateFile
RtlInitializeCorrelationVector
NtQueryVolumeInformationFile
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlFreeUnicodeString
RtlIsMultiSessionSku
RtlRaiseStatus
RtlCreateSystemVolumeInformationFolder
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtFsControlFile
RtlSubscribeWnfStateChangeNotification
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlFreeHeap
RtlFreeSid
RtlAddAccessAllowedAce
RtlLengthSid
RtlAllocateAndInitializeSid
NtQueryWnfStateData
RtlPublishWnfStateData
RtlSetDaclSecurityDescriptor
RtlAllocateHeap
ZwQueryLicenseValue
WinSqmIncrementDWORD
RtlGetPersistedStateLocation
RtlNtStatusToDosError
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvlEx
RtlEnumerateGenericTableWithoutSplayingAvl
NtQueryInformationToken
RtlUpcaseUnicodeChar
DbgPrintEx
RtlReAllocateHeap
ZwEnumerateKey
ZwClose
RtlGetNativeSystemInformation
ZwQuerySystemInformation
ZwOpenKey
RtlInitUnicodeStringEx
ZwQueryValueKey

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW
PathGetDriveNumberW
PathStripPathW
PathFindExtensionW
PathFileExistsW

api-ms-win-core-file-l1-1-0

GetDriveTypeW
CompareFileTime
QueryDosDeviceW
GetVolumeInformationW
FindFirstFileW
GetFinalPathNameByHandleW
FindCloseChangeNotification
FindFirstChangeNotificationW
SetFileInformationByHandle
FindClose
CreateFileW
GetFileAttributesW
GetDiskFreeSpaceExW
RemoveDirectoryW
FindNextFileW
FindFirstFileExW
DeleteVolumeMountPointW
FindNextVolumeW
FindVolumeClose
GetFileSize
SetFilePointerEx
GetVolumeInformationByHandleW
DeleteFileW
SetFileAttributesW
GetVolumePathNameW
GetDiskFreeSpaceW
CreateDirectoryW
ReadFile
GetLogicalDrives
WriteFile
GetFileSizeEx
FindFirstVolumeW
FindNextChangeNotification

api-ms-win-core-registry-l1-1-0

RegFlushKey
RegNotifyChangeKeyValue
RegGetValueW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegSetValueExW
RegOpenCurrentUser
RegDeleteTreeW
RegCloseKey
RegEnumKeyExW
RegCreateKeyExW
RegEnumValueW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError
RoOriginateErrorW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount64
GetSystemWindowsDirectoryW

api-ms-win-core-file-l2-1-1

OpenFileById

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce
Sleep

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathAllocCanonicalize
PathAllocCombine
PathCchAppend
PathCchCombine
PathCchStripPrefix
PathCchRemoveBackslash

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegOpenKeyW
RegCreateKeyW

api-ms-win-core-kernel32-legacy-l1-1-1

SetVolumeMountPointW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-apiquery-l2-1-0

IsApiSetImplemented

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-realtime-l1-1-1

QueryInterruptTime

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

kernelbase

GetDiskSpaceInformationWCOS

storageusage

GetStorageDeviceSize
ResetStoragePolicySettings
SetStoragePolicySettings
TriggerStorageCleanup
TriggerStoragePolicies
SelectStorageVolumeEx
CloseFindStorageSearch
RunStorageGroveler
FindNextStorageTypeEx
GetStorageUsageInfo
OpenStorageTypeSearch
GetStoragePolicySettings

combase

ord154

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 596KB - Virtual size: 593KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SyncSettings.dll
.dll windows:10 windows x64 arch:x64

4797f317739e047b39a1fa34a706205f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SyncSettings.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o_abort
_o_bsearch_s
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
__CxxFrameHandler3
wcschr
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolAllowThreadReuse

shcore

ord131

dsreg

DsrFreeJoinInfo
DsrGetJoinInfo

api-ms-win-core-libraryloader-l1-2-0

LockResource
GetProcAddress
FreeLibrary
GetModuleFileNameW
LoadResource
FindResourceExW
GetModuleFileNameA
GetModuleHandleExW
DisableThreadLibraryCalls
GetModuleHandleExA
GetModuleHandleW
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
LeaveCriticalSection
CreateMutexExW
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionEx
ReleaseSemaphore
WaitForSingleObject
ReleaseSRWLockExclusive
WaitForSingleObjectEx
ResetEvent
InitializeSRWLock
EnterCriticalSection
CreateEventExW
SetEvent
ReleaseMutex
OpenSemaphoreW
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentProcess
OpenThreadToken
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
CreateThread
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

NdrDllGetClassObject
NdrOleAllocate
NdrOleFree
NdrDllCanUnloadNow

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserSize
WindowsCreateString
HSTRING_UserMarshal64
WindowsCreateStringReference
HSTRING_UserUnmarshal
WindowsDuplicateString
HSTRING_UserFree64
WindowsDeleteString
WindowsGetStringRawBuffer
HSTRING_UserFree
HSTRING_UserMarshal
HSTRING_UserSize64
WindowsStringHasEmbeddedNull
HSTRING_UserUnmarshal64
WindowsIsStringEmpty

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoTransformError
RoOriginateError
SetRestrictedErrorInfo
GetRestrictedErrorInfo

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceExecuteOnce
InitOnceComplete

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegGetValueW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoGetActivationFactory
RoInitialize

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventActivityIdControl
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
DeactivateActCtx
CreateActCtxW
FindActCtxSectionStringW
QueryActCtxW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

sspicli

GetUserNameExW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx

ntdll

RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
NtQueryInformationToken
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlCompareUnicodeString
RtlPublishWnfStateData
RtlNtStatusToDosErrorNoTeb
RtlAllocateHeap
RtlInitUnicodeString
RtlFreeHeap

api-ms-win-security-base-l1-1-0

GetTokenInformation
DuplicateTokenEx

api-ms-win-core-sysinfo-l1-2-0

GetOsSafeBootMode
VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-security-capability-l1-1-0

CapabilityCheck

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
GetProxyDllInfo
GetSetting

Sections

.text
Size: 232KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SysResetErr.exe
.exe windows:10 windows x64 arch:x64

116d2bd2a5f2bc22df04fb0a0d14cb08

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c2:ef:88:5a:e2:0b:bb:9b:ea:ee:4d:20:19:88:21:c2:8c:79:3f:34:35:c9:fe:5c:c7:3d:70:b7:f8:34:65:fc
Signer

Actual PE Digest

c2:ef:88:5a:e2:0b:bb:9b:ea:ee:4d:20:19:88:21:c2:8c:79:3f:34:35:c9:fe:5c:c7:3d:70:b7:f8:34:65:fc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SysResetErr.pdb

Imports

advapi32

RegGetValueW

kernel32

InitOnceExecuteOnce
SizeofResource
LockResource
LoadResource
FindResourceExW
GetModuleHandleW
DecodePointer
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
HeapSize
HeapReAlloc
CloseHandle
WaitForSingleObject
OpenEventW
OutputDebugStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
GetLastError
LeaveCriticalSection
HeapFree
HeapAlloc
EnterCriticalSection
RaiseException
DeleteCriticalSection
InitializeCriticalSection
HeapDestroy
GetProcessHeap
GetCommandLineW

user32

GetMessageW
LoadStringW
DispatchMessageW
TranslateMessage
UnregisterClassA

msvcrt

memmove
memcpy
_CxxThrowException
__CxxFrameHandler3
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
malloc
free
__C_specific_handler
_purecall
memmove_s
memcpy_s
_wcsicmp
__CxxFrameHandler4
??3@YAXPEAX@Z
_vscwprintf
vswprintf_s
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
memset

shell32

CommandLineToArgvW

ntdll

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

ole32

CoCreateInstance
CoTaskMemAlloc
CoInitialize

oleaut32

SysFreeString
SysAllocString

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

dui70

?Destroy@Element@DirectUI@@QEAAJ_N@Z
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z

wdscore

ConstructPartialMsgVW
CurrentIP
WdsSetupLogMessageW

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SystemSettings.DataModel.dll
.dll windows:10 windows x64 arch:x64

ac9645f4931bc274a60889bf3d547f09

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:ce:5e:56:43:26:fd:3e:e3:b2:ba:4a:1b:bc:bb:5f:af:5b:23:49:5b:fd:ac:47:04:8a:aa:82:13:f2:aa:2a
Signer

Actual PE Digest

2d:ce:5e:56:43:26:fd:3e:e3:b2:ba:4a:1b:bc:bb:5f:af:5b:23:49:5b:fd:ac:47:04:8a:aa:82:13:f2:aa:2a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SystemSettings.Datamodel.pdb

Imports

msvcp_win

?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Xbad_alloc@std@@YAXXZ
?_Xbad_function_call@std@@YAXXZ
?_Throw_C_error@std@@YAXH@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_broadcast
_Cnd_wait
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
??0task_continuation_context@Concurrency@@AEAA@XZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset
wcsncmp
strncmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_abort
_o_ceilf
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__cexit
_o__callnewh
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetGeoInfoW
GetUserGeoID

api-ms-win-core-processthreads-l1-1-0

ProcessIdToSessionId
OpenThreadToken
GetCurrentProcess
GetCurrentThreadId
TerminateProcess
OpenProcessToken
GetCurrentThread
GetCurrentProcessId

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadLibraryExW
DisableThreadLibraryCalls
GetModuleFileNameA
FreeLibrary
GetProcAddress
GetModuleHandleW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

ReleaseMutex
CreateEventExW
WaitForMultipleObjectsEx
WaitForSingleObjectEx
AcquireSRWLockExclusive
AcquireSRWLockShared
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
LeaveCriticalSection
CreateSemaphoreExW
EnterCriticalSection
InitializeCriticalSectionEx
CreateMutexExW
DeleteCriticalSection
InitializeSRWLock
ReleaseSRWLockShared
ReleaseSRWLockExclusive
WaitForSingleObject
OpenSemaphoreW
ReleaseSemaphore

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegGetValueW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegSetValueExW

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-file-l1-1-0

GetFileAttributesW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegOpenKeyW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

rpcrt4

NdrOleFree
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrOleAllocate

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InterlockedPushEntrySList
InitializeSListHead

ntdll

RtlPublishWnfStateData

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-security-base-l1-1-0

IsValidSid
GetTokenInformation
EqualSid
DuplicateTokenEx

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

combase

ord135
ord148
ord168

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 392KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SystemSettings.DeviceEncryptionHandlers.dll
.dll windows:10 windows x64 arch:x64

4f74a5270f176915b413e6d0e7fe907d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SystemSettings.DeviceEncryptionHandlers.pdb

Imports

msvcrt

??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
malloc
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
_XcptFilter
_amsg_exit
free
_initterm
__C_specific_handler
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
iswascii
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
_wcsicmp
??1exception@@UEAA@XZ
__CxxFrameHandler4
memset
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleFileNameW
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleHandleExW
FreeLibrary
GetProcAddress

api-ms-win-core-synch-l1-1-0

CreateMutexExW
AcquireSRWLockExclusive
DeleteCriticalSection
ResetEvent
WaitForSingleObjectEx
LeaveCriticalSection
ReleaseSemaphore
CreateEventExW
ReleaseSRWLockExclusive
CreateSemaphoreExW
CreateEventW
SetEvent
InitializeCriticalSection
InitializeSRWLock
WaitForSingleObject
WaitForMultipleObjectsEx
InitializeCriticalSectionEx
OpenSemaphoreW
ReleaseMutex
EnterCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetProcessId
GetCurrentThreadId
CreateThread
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetExitCodeProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
CoDecrementMTAUsage
CoCreateFreeThreadedMarshaler
CoIncrementMTAUsage
CoTaskMemFree
CoInitializeEx
CoGetMalloc
CoTaskMemRealloc
CoUninitialize
CoCreateInstance
CoTaskMemAlloc

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize
RoGetActivationFactory

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW

ntdll

RtlSetThreadErrorMode
RtlNtStatusToDosError
WinSqmSetDWORD

shell32

ShellExecuteExW

user32

GetWindowRect
GetProcessDefaultLayout
GetWindowThreadProcessId
SendMessageW
EnumWindows

shlwapi

ord260
ord16

dsreg

DsrIsWorkplaceJoined
DsrIsDeviceJoined

shcore

ord230
ord244
ord232
ord233

fveapi

FveFindFirstVolume
FveOpenVolumeW
FveGetVolumeNameW
FveCloseHandle
FveIsVolumeEncryptable
FveGetStatus
FveOpenVolumeByHandle
FveCloseVolume
FveFindNextVolume

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-devices-config-l1-1-1

CM_Register_Notification
CM_Unregister_Notification
CM_MapCrToWin32Err

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenCurrentUser
RegCloseKey

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-file-l1-1-0

CreateFileW
GetVolumePathNameW
GetVolumeInformationW

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-sidebyside-l1-1-0

CreateActCtxW
DeactivateActCtx
FindActCtxSectionStringW
ActivateActCtx
QueryActCtxW

api-ms-win-security-lsapolicy-l1-1-0

LsaFreeMemory
LsaClose
LsaQueryInformationPolicy
LsaOpenPolicy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetActualDeviceEncryptionUIState
GetSetting

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SystemSettings.Handlers.dll
.dll windows:10 windows x64 arch:x64

c4fa2f7a1616d8897b46fa91200c8f92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SystemSettings.Handlers.pdb

Imports

advapi32

EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
EventActivityIdControl
RegGetValueW
RegSetKeyValueW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegCloseKey

user32

GetWindowRect
GetProcessDefaultLayout
AllowSetForegroundWindow

api-ms-win-devices-query-l1-1-0

DevCloseObjectQuery
DevCreateObjectQueryFromId
DevGetObjectProperties
DevFreeObjects
DevSetObjectProperties
DevCreateObjectQuery

api-ms-win-devices-query-l1-1-1

DevGetObjectsEx
DevCreateObjectQueryEx

shell32

ord916
ShellExecuteExW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
SetEvent
AcquireSRWLockShared
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
InitializeSRWLock
EnterCriticalSection
LeaveCriticalSection
ResetEvent
ReleaseSemaphore
DeleteCriticalSection
WaitForSingleObject
OpenSemaphoreW
ReleaseMutex
WaitForSingleObjectEx
CreateMutexExW
AcquireSRWLockExclusive
CreateSemaphoreExW
CreateEventW
CreateEventExW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-com-l1-1-0

IIDFromString
CoTaskMemFree
CoTaskMemAlloc
PropVariantClear
CoGetInterfaceAndReleaseStream
CoSetProxyBlanket
CoCreateInstanceEx
CoGetApartmentType
CoGetObjectContext
CoCreateInstance
CoMarshalInterThreadInterfaceInStream

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleExA
GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolWait
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
SetThreadpoolTimer
CreateThreadpoolWait

ntdll

RtlGetDeviceFamilyInfoEnum
WinSqmIncrementDWORD
WinSqmSetDWORD

api-ms-win-shcore-scaling-l1-1-1

ord244

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
WakeAllConditionVariable
InitOnceBeginInitialize
SleepConditionVariableSRW
Sleep
InitOnceComplete

api-ms-win-core-string-l1-1-0

CompareStringEx
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

rpcrt4

UuidToStringW
RpcStringFreeW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx

kernel32

ParseApplicationUserModelId
GetPackagesByPackageFamily

msvcrt

___mb_cur_max_func
___lc_handle_func
___lc_codepage_func
_ismbblead
__pctype_func
calloc
abort
_wcsdup
__crtLCMapStringW
_wsetlocale
_unlock
memcmp
??1type_info@@UEAA@XZ
__dllonexit
__C_specific_handler
_onexit
_XcptFilter
_amsg_exit
_initterm
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
_wcsicmp
??_V@YAXPEAX@Z
_purecall
_vsnwprintf
memcpy_s
__CxxFrameHandler4
??3@YAXPEAX@Z
_errno
setlocale
_lock
__uncaught_exception
memmove
memcpy
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_CxxThrowException
wcslen
memset
__CxxFrameHandler3
_vsnprintf_s
_ui64tow_s
malloc
strcspn
localeconv
free
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
sprintf_s
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
_wcsnicmp
wcsncmp
wcsstr
__ExceptionPtrCurrentException
__ExceptionPtrRethrow
__ExceptionPtrCreate
__ExceptionPtrDestroy
__ExceptionPtrCopy
??0exception@@QEAA@AEBV0@@Z
?terminate@@YAXXZ
memmove_s

wincorlib

?GetWeakReference@Details@Platform@@YAPEAU__abi_IUnknown@@QE$ADVObject@2@@Z
?ResolveWeakReference@Details@Platform@@YAPE$AAVObject@2@AEBU_GUID@@PEAPEAU__abi_IUnknown@@@Z
?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ
?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z
?InitializeData@Details@Platform@@YAJH@Z
?ToString@float64@default@@QEAAPE$AAVString@Platform@@XZ
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z
?__abi_FailFast@@YAXXZ
?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
?GetActivationFactory@Details@Platform@@YAJPEAVModuleBase@1WRL@Microsoft@@PEAUHSTRING__@@PEAPEAUIActivationFactory@@@Z
?GetType@Object@Platform@@QE$AAAPE$AAVType@2@XZ
?UninitializeData@Details@Platform@@YAXH@Z
??0OutOfBoundsException@Platform@@QE$AAA@XZ
?__abi_ObjectToString@__abi_details@@YAPE$AAVString@Platform@@PE$AAVObject@3@_N@Z
?__abi_make_type_id@@YAPE$AAVType@Platform@@AEBU__abi_type_descriptor@@@Z
?GetTypeCode@Type@Platform@@SA?AW4TypeCode@2@PE$AAV12@@Z
?GetIBoxVtable@Details@Platform@@YAPEAXPEAX@Z
?CreateValue@Details@Platform@@YAPE$AAVObject@2@W4TypeCode@2@PEBX@Z
?ReCreateException@Exception@Platform@@SAPE$AAV12@H@Z
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
??0NullReferenceException@Platform@@QE$AAA@XZ
?Equals@Object@Platform@@QE$AAA_NPE$AAV12@@Z
?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z
??0InvalidArgumentException@Platform@@QE$AAA@XZ
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
??0Delegate@Platform@@QE$AAA@XZ
?Allocate@Heap@Details@Platform@@SAPEAX_K@Z
??0DisconnectedException@Platform@@QE$AAA@XZ
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
??0NotImplementedException@Platform@@QE$AAA@XZ
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?Free@Heap@Details@Platform@@SAXPEAX@Z
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
?CreateException@Exception@Platform@@SAPE$AAV12@H@Z
?__abi_cast_Object_to_String@__abi_details@@YAPE$AAVString@Platform@@_NPE$AAVObject@3@@Z
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseFailureException@@YAXXZ
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
??0FailureException@Platform@@QE$AAA@XZ
??BType@Platform@@SA?AVTypeName@Interop@Xaml@UI@Windows@@PE$AAV01@@Z
??0OutOfMemoryException@Platform@@QE$AAA@XZ
??0Object@Platform@@QE$AAA@XZ
??0ChangedStateException@Platform@@QE$AAA@XZ
?TerminateModule@Details@Platform@@YA_NPEAVModuleBase@1WRL@Microsoft@@@Z

ole32

CoCreateFreeThreadedMarshaler

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-winrt-string-l1-1-0

WindowsConcatString
WindowsCreateString
WindowsCreateStringReference
WindowsDeleteString
WindowsCompareStringOrdinal
WindowsGetStringLen
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsDuplicateString

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
GetSetting

Sections

.text
Size: 688KB - Virtual size: 687KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SystemSettingsAdminFlows.exe
.exe windows:10 windows x64 arch:x64

14922efe4b87532d286b50a79428948a

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:e4:77:7c:a6:4c:a9:85:33:72:c7:f5:38:9c:ad:eb:18:87:e3:4d:17:88:d1:4b:34:bd:b1:c2:8e:c8:0b:8e
Signer

Actual PE Digest

6a:e4:77:7c:a6:4c:a9:85:33:72:c7:f5:38:9c:ad:eb:18:87:e3:4d:17:88:d1:4b:34:bd:b1:c2:8e:c8:0b:8e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SystemSettingsAdminFlows.pdb

Imports

msvcrt

___mb_cur_max_func
setlocale
___lc_handle_func
_wsetlocale
__crtLCMapStringW
__crtCompareStringW
??8type_info@@QEBAHAEBV0@@Z
_wcsdup
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
___lc_codepage_func
??0exception@@QEAA@AEBQEBDH@Z
memchr
_ismbblead
__pctype_func
_callnewh
calloc
wcstok
___lc_collate_cp_func
wcscspn
wcsspn
??1type_info@@UEAA@XZ
memcmp
towupper
strchr
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
abort
?what@exception@@UEBAPEBDXZ
realloc
free
malloc
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
wcstol
wcstoul
wcschr
_wcstoui64
_errno
_wtoi
_wcsicmp
_purecall
memmove_s
??_V@YAXPEAX@Z
wcsncmp
memcpy_s
_vsnwprintf
??3@YAXPEAX@Z
__CxxFrameHandler4
memset
_XcptFilter
__uncaught_exception
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
wcscmp

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentThread
OpenProcessToken
GetCurrentProcess
TerminateProcess
OpenThreadToken
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
GetModuleHandleW
SizeofResource
LoadResource
LockResource

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetTickCount
GetSystemTimeAsFileTime

systemsettingsthresholdadminflowui

DeviceEncryptionPage_CreateInstance
SetDateTimePage_CreateInstance
ManageExclusionPage_CreateInstance
TroubleshootActivationPage_CreateInstance
EnterProductKeyPage_CreateInstance
RenamePCPage_CreateInstance
DisableUserPage_CreateInstance
EnableUserPage_CreateInstance
EditUserPage_CreateInstance
LockdownUserPage_CreateInstance
RemoveUserPage_CreateInstance
SetGeolocationMasterPage_CreateInstance
SetFindMyDevicePage_CreateInstance
LeaveDomainPage_CreateInstance
ChangeKbLayoutPage_CreateInstance
RetailDemoConfirmPage_CreateInstance
DevicePortalAuthenticationPage_CreateInstance
DeviceDiscoveryUnpairAllDevicesPage_CreateInstance
DevicePortalSetAuthenticationPage_CreateInstance
JoinDomainPage_CreateInstance
SurfaceHubDeveloperModePage_CreateInstance
RemoteDesktopPage_CreateInstance
HolographicUninstallPage_CreateInstance
FeaturedResetPCPage_CreateInstance
UninstallOSPage_CreateInstance
ViewWifiPasswordPage_CreateInstance
InPlaceUpgradePage_CreateInstance
UninitializeXamlRuntime
UninitializeXamlCustomResourceLoader
InitializeXamlCustomResourceLoader
AddDomainUserPage_CreateInstance
InitializeXamlRuntime
DeveloperModePage_CreateInstance

gdi32

GetDeviceCaps

kernel32

InitOnceInitialize
CreateWaitableTimerW
CancelWaitableTimer
WaitForMultipleObjects
SetWaitableTimer
RegOpenKeyExA
RegQueryValueExA
K32EnumDeviceDrivers
K32GetDeviceDriverBaseNameA
ResolveLocaleName
K32GetDeviceDriverFileNameA
RegFlushKey
InitializeSRWLock
SystemTimeToFileTime
CompareStringOrdinal
GetModuleHandleExW
GetModuleFileNameA
LoadLibraryA
DebugBreak
GetProcAddress
LocalFree
HeapFree
GetProcessHeap
CloseHandle
FreeLibrary
RegCloseKey
OutputDebugStringW
FormatMessageW
IsDebuggerPresent
GetLastError
SetLastError
WaitForSingleObject
ReleaseSemaphore
OpenSemaphoreW
HeapAlloc
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateThreadpoolTimer
SetThreadpoolTimer
RegOpenKeyExW
WaitForMultipleObjectsEx
GetProductInfo
RegGetValueW
GetVersionExW
CreateEventW
SetEvent
RegCreateKeyExW
RegSetValueExW
OpenProcess
AcquireSRWLockShared
ReleaseSRWLockShared
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
CreateEventExW
LoadLibraryExW
LocalAlloc
TlsGetValue
ResetEvent
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
TlsAlloc
TlsFree
DecodePointer
TlsSetValue
InitOnceBeginInitialize
CreateMutexExW
ReleaseMutex
InitOnceComplete
InitOnceExecuteOnce
CreateSemaphoreExW
WaitForSingleObjectEx
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
RaiseException
EncodePointer

newdev

DiInstallDevice
DiUninstallDevice

ntdll

NtQueryInformationToken
RtlInitUnicodeString
NtGetMUIRegistryInfo
RtlPublishWnfStateData
RtlRaiseStatus

ole32

CoCreateGuid
CoCreateFreeThreadedMarshaler
CoSetProxyBlanket
CoTaskMemRealloc
CoGetMalloc
CoTaskMemAlloc
CoResumeClassObjects
CoRegisterClassObject
CoRevokeClassObject
CoAddRefServerProcess
CoReleaseServerProcess
IIDFromString
CoGetClassObject
CLSIDFromString
CreateClassMoniker
GetRunningObjectTable
CoUninitialize
CoInitializeEx
CoWaitForMultipleHandles
CoGetApartmentType
CoCreateInstance
CoTaskMemFree
CoInitialize

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoW
SetupDiSetClassInstallParamsW
SetupDiCallClassInstaller
SetupDiGetClassDevsW
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoList

shell32

CommandLineToArgvW
ShellExecuteExW
SHGetSpecialFolderPathW

shlwapi

ord16
StrChrW
SHSetValueW
SHDeleteValueW
SHStrDupW

dui70

InitProcessPriv
StartMessagePump
UnInitThread
InitThread
UnInitProcessPriv
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ

user32

DestroyWindow
GetWindowLongPtrW
DefWindowProcW
GetWindowRect
PostMessageW
SetWindowPos
GetPropW
GetWindow
EnableMouseInPointer
AllowSetForegroundWindow
ChangeWindowMessageFilter
DisplayConfigSetDeviceInfo
ord2544
ExitWindowsEx
ReleaseDC
GetDC
GetWindowThreadProcessId
DispatchMessageW
LoadCursorW
SetCursor
TranslateMessage
PostQuitMessage
MsgWaitForMultipleObjectsEx
PeekMessageW

shcore

ord188
ord241
ord244
ord200
ord190
ord123

languagecomponentsinstaller

RequestFeaturesInstallation
RequestFeaturesUninstallation

servicinguapi

EnumerateFeatures
FreeEnumerateFeaturesResult

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCompareStringOrdinal
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateString

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
SetRestrictedErrorInfo
RoOriginateErrorW
RoOriginateError

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
RegisterTraceGuidsW
GetTraceEnableFlags

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoRegisterActivationFactories
RoUninitialize
RoRevokeActivationFactories
RoGetActivationFactory
RoActivateInstance

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

crypt32

CryptUnprotectData

api-ms-win-core-shutdown-l1-1-1

InitiateShutdownW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

sspicli

LsaFreeReturnBuffer
LsaConnectUntrusted
LsaLogonUser
LsaLookupAuthenticationPackage

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW
OpenServiceW
StartServiceW

api-ms-win-service-winsvc-l1-1-0

ControlService
QueryServiceStatus

oleaut32

SysFreeString
SysAllocStringLen
SafeArrayAccessData
SafeArrayCreateVector
SysStringLen
SafeArrayUnaccessData
SafeArrayDestroy
VariantClear
VariantInit
SysAllocString

api-ms-win-service-management-l2-1-0

ChangeServiceConfigW
QueryServiceStatusEx
QueryServiceConfigW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-string-l1-1-0

GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

wkscli

NetGetJoinInformation

logoncli

DsGetDcNameW

netutils

NetApiBufferFree

api-ms-win-security-base-l1-1-0

GetTokenInformation
CreateWellKnownSid
CheckTokenMembership
DuplicateToken
AdjustTokenPrivileges

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegDeleteValueW
RegCopyTreeW

dismapi

DismOpenSession
DismCloseSession
DismInitialize
DismDelete
DismGetProvisionedAppxPackages

wldp

WldpDisableDeveloperMode

timesync

SyncW32Time
SetNTPSync
StartTimeService

credui

CredUIPromptForWindowsCredentialsW
CredPackAuthenticationBufferW
CredUnPackAuthenticationBufferW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection

api-ms-win-security-lsapolicy-l1-1-0

LsaStorePrivateData
LsaOpenPolicy
LsaFreeMemory
LsaClose
LsaLookupSids

api-ms-win-devices-query-l1-1-0

DevFreeObjectProperties
DevGetObjectProperties

api-ms-win-core-versionansi-l1-1-1

GetFileVersionInfoSizeA
GetFileVersionInfoA

api-ms-win-core-versionansi-l1-1-0

VerQueryValueA

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-appmodel-unlock-l1-1-0

SetIsDeveloperModeEnabled
IsDeveloperModePolicyApplied

api-ms-win-crt-environment-l1-1-0

_dupenv_s

bcp47langs

Bcp47GetUnIsoRegionCode
Bcp47GetIsoLanguageCode
Bcp47GetNlsForm
ClearUserDisplayLanguageOverride
Bcp47GetMuiForm

api-ms-win-core-heap-l1-1-0

HeapSize
HeapReAlloc
HeapDestroy

Sections

.text
Size: 408KB - Virtual size: 407KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SystemSettingsBroker.exe
.exe windows:10 windows x64 arch:x64

c0235487ee7eecd7b1357dacf94aeb95

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f9:0f:4b:23:a8:68:8a:61:af:fe:26:fc:08:d6:d3:2a:8b:4b:a3:80:e7:50:fe:bc:b1:b3:fd:73:bf:6e:f0:59
Signer

Actual PE Digest

f9:0f:4b:23:a8:68:8a:61:af:fe:26:fc:08:d6:d3:2a:8b:4b:a3:80:e7:50:fe:bc:b1:b3:fd:73:bf:6e:f0:59

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SystemSettingsBroker.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_abort
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
InitializeSRWLock
WaitForSingleObject
ReleaseMutex
ReleaseSemaphore
CreateSemaphoreExW
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
ReleaseSRWLockExclusive
ReleaseSRWLockShared
CreateEventW
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapSetInformation
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
OpenProcessToken
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
IsProcessorFeaturePresent
SetProcessMitigationPolicy

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-base-l1-1-0

MakeAbsoluteSD
GetTokenInformation
DuplicateTokenEx

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegGetValueW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

combase

ord69

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-security-capability-l1-1-0

CapabilityCheck

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SystemSettingsThresholdAdminFlowUI.dll
.dll windows:10 windows x64 arch:x64

bf0b51a2817c5fae377a4d55c79a9816

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SystemSettingsThresholdAdminFlowUI.pdb

Imports

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventRegister
EventWriteTransfer
EventSetInformation
EventUnregister

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegGetValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegUnLoadKeyW
RegDeleteValueW
RegEnumKeyExW
RegFlushKey
RegLoadKeyW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThread
OpenThreadToken
OpenProcessToken
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

wkscli

NetUnjoinDomain
NetGetJoinInformation
NetJoinDomain
NetValidateName
NetRenameMachineInDomain

netutils

NetApiBufferFree
NetpwNameValidate

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseMutex
WaitForSingleObject
CreateEventExW
OpenSemaphoreW
SetWaitableTimer
ResetEvent
ReleaseSemaphore
SetEvent
WaitForSingleObjectEx
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeSRWLock
AcquireSRWLockShared
ReleaseSRWLockShared
CreateSemaphoreExW
ReleaseSRWLockExclusive
CreateMutexExW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-core-string-l1-1-0

GetStringTypeW
CompareStringOrdinal
CompareStringEx

oleaut32

SysAllocString
SafeArrayUnaccessData
SafeArrayCreateVector
SafeArrayAccessData
SysFreeString
SafeArrayDestroy

samcli

NetLocalGroupDelMembers
NetUserGetInfo
NetUserEnum
NetLocalGroupAddMembers
NetUserSetInfo
NetLocalGroupGetMembers

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW
LookupPrivilegeValueW
LookupAccountNameW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsCreateStringReference
WindowsDeleteString
WindowsCompareStringOrdinal
WindowsStringHasEmbeddedNull
WindowsConcatString
WindowsCreateString
WindowsGetStringRawBuffer
WindowsGetStringLen
WindowsDuplicateString

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalFree

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
RaiseException
SetLastError

api-ms-win-core-com-l1-1-0

CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoTaskMemAlloc
IIDFromString
CoGetObjectContext
CoTaskMemRealloc
CoCreateInstance
CoGetApartmentType
CoTaskMemFree

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetTickCount
GetSystemTimeAsFileTime
SetLocalTime

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FreeLibrary
GetModuleHandleW
GetModuleHandleExW
LoadLibraryExW
GetProcAddress

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
DuplicateToken
CheckTokenMembership
CreateWellKnownSid
GetTokenInformation
GetLengthSid

sspicli

LsaDeregisterLogonProcess
LsaConnectUntrusted
LsaLookupAuthenticationPackage

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-synch-l1-2-1

CreateWaitableTimerW

api-ms-win-core-file-l1-1-0

CreateDirectoryW
GetDiskFreeSpaceExW

api-ms-win-security-logon-l1-1-1

LogonUserW

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus

ntdll

RtlFreeUnicodeString
RtlCanonicalizeDomainName
RtlEqualUnicodeString
NtQueryInformationToken
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlInitUnicodeString
RtlGetDeviceFamilyInfoEnum
RtlPublishWnfStateData

shlwapi

StrChrW
StrFormatByteSizeW
StrCmpW
ord158

shell32

SHCreateItemInKnownFolder
SHGetSpecialFolderPathW
ShellExecuteExW
CommandLineToArgvW
SHCreateItemFromParsingName

advapi32

LsaLookupNames2
LsaFreeMemory
LsaClose
LsaOpenPolicy
LsaLookupSids
LsaNtStatusToWinError
GetUserNameW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

propsys

PSCreateMemoryPropertyStore
PSPropertyBag_WriteStr
PropVariantToStringAlloc

appxdeploymentclient

ord30

winbrand

BrandingLoadStringForEdition
BrandingLoadString
BrandingFormatString

shcore

CreateRandomAccessStreamOverStream
ord244
SHTaskPoolQueueTask
SHRegGetValueW

dismapi

DismDelete
DismInitialize
DismOpenSession
DismCloseSession
DismGetProvisionedAppxPackages

kernel32

Sleep
DeleteTimerQueueTimer
OOBEComplete
MultiByteToWideChar
MoveFileExW
DeleteFileW
FindNextFileW
RemoveDirectoryW
FindFirstFileW
FindClose
GetVersionExW
CreateTimerQueueTimer
DnsHostnameToComputerNameW
DnsHostnameToComputerNameExW
WideCharToMultiByte
SetComputerNameExW
SetComputerNameEx2W
lstrcmpiW
LocalAlloc

msvcrt

__pctype_func
_ismbblead
___lc_codepage_func
___lc_handle_func
___mb_cur_max_func
setlocale
__uncaught_exception
_lock
memmove
memcpy
??0exception@@QEAA@AEBQEBDH@Z
_CxxThrowException
wcslen
memset
__CxxFrameHandler3
calloc
_unlock
__C_specific_handler
wcsncmp
wcstok_s
malloc
towlower
iswupper
iswascii
wcschr
realloc
strchr
wcstol
_errno
localeconv
ldexp
free
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
_wgetenv
tolower
wcsspn
wcscspn
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
__ExceptionPtrRethrow
memmove_s
wcsstr
_vsnprintf_s
_get_errno
_set_errno
?terminate@@YAXXZ
__ExceptionPtrCreate
__crtCompareStringW
__crtLCMapStringW
__ExceptionPtrCurrentException
memchr
__ExceptionPtrCopy
_wsetlocale
_initterm
_amsg_exit
_XcptFilter
??1type_info@@UEAA@XZ
_onexit
__ExceptionPtrDestroy
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_wcsicmp
_vsnwprintf
_purecall
__dllonexit
___lc_collate_cp_func
memcmp
abort
isspace
_wtoi
isdigit
_wcsdup
wcsrchr
isalnum
__CxxFrameHandler4
ceil

wincorlib

?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z
?__abi_cast_Object_to_String@__abi_details@@YAPE$AAVString@Platform@@_NPE$AAVObject@3@@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K@Z
??0Delegate@Platform@@QE$AAA@XZ
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
?get@FullName@Type@Platform@@QE$AAAPE$AAVString@3@XZ
?__abi_ObjectToString@__abi_details@@YAPE$AAVString@Platform@@PE$AAVObject@3@_N@Z
?__abi_make_type_id@@YAPE$AAVType@Platform@@AEBU__abi_type_descriptor@@@Z
??0FailureException@Platform@@QE$AAA@XZ
?GetIBoxVtable@Details@Platform@@YAPEAXPEAX@Z
?CreateValue@Details@Platform@@YAPE$AAVObject@2@W4TypeCode@2@PEBX@Z
??0NullReferenceException@Platform@@QE$AAA@XZ
??0NotImplementedException@Platform@@QE$AAA@XZ
??0OutOfBoundsException@Platform@@QE$AAA@XZ
??0ChangedStateException@Platform@@QE$AAA@XZ
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
?GetWeakReference@Details@Platform@@YAPEAU__abi_IUnknown@@QE$ADVObject@2@@Z
??0DisconnectedException@Platform@@QE$AAA@XZ
?ResolveWeakReference@Details@Platform@@YAPE$AAVObject@2@AEBU_GUID@@PEAPEAU__abi_IUnknown@@@Z
?CreateException@Exception@Platform@@SAPE$AAV12@H@Z
??0InvalidArgumentException@Platform@@QE$AAA@XZ
?ReCreateException@Exception@Platform@@SAPE$AAV12@H@Z
??0Exception@Platform@@QE$AAA@H@Z
?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ
?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z
??BType@Platform@@SA?AVTypeName@Interop@Xaml@UI@Windows@@PE$AAV01@@Z
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseFailureException@@YAXXZ
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?Free@Heap@Details@Platform@@SAXPEAX@Z
??0Object@Platform@@QE$AAA@XZ
?InitializeData@Details@Platform@@YAJH@Z
?UninitializeData@Details@Platform@@YAXH@Z
?__abi_FailFast@@YAXXZ
?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z
??0OutOfMemoryException@Platform@@QE$AAA@XZ
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z
?TerminateModule@Details@Platform@@YA_NPEAVModuleBase@1WRL@Microsoft@@@Z
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
?GetActivationFactory@Details@Platform@@YAJPEAVModuleBase@1WRL@Microsoft@@PEAUHSTRING__@@PEAPEAUIActivationFactory@@@Z
?GetTypeCode@Type@Platform@@SA?AW4TypeCode@2@PE$AAV12@@Z

ole32

CoEnableCallCancellation
CoGetMalloc
CoAllowSetForegroundWindow
CoDisableCallCancellation
CreateBindCtx
CoCreateGuid
PropVariantClear
CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles
CoGetObject
StringFromGUID2
CoCancelCall

dnsapi

DnsValidateName_W

api-ms-win-core-string-l2-1-0

CharUpperW

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoTransformError
RoOriginateError

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

userenv

ExpandEnvironmentStringsForUserW

api-ms-win-core-path-l1-1-0

PathCchAppend
PathAllocCombine
PathCchCanonicalize

api-ms-win-devices-config-l1-1-1

CM_Get_Device_IDW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

user32

MsgWaitForMultipleObjects
GetKeyboardLayout
GetForegroundWindow

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

api-ms-win-appmodel-unlock-l1-1-0

SetIsDeveloperModeEnabled
IsDeveloperModePolicyApplied

api-ms-win-security-accesshlpr-l1-1-0

FreeTransientObjectSecurityDescriptor
QueryTransientObjectSecurityDescriptor

Exports

Exports

AddDomainUserPage_CreateInstance
ChangeKbLayoutPage_CreateInstance
DeveloperModePage_CreateInstance
DeviceDiscoveryUnpairAllDevicesPage_CreateInstance
DeviceEncryptionPage_CreateInstance
DevicePortalAuthenticationPage_CreateInstance
DevicePortalSetAuthenticationPage_CreateInstance
DisableUserPage_CreateInstance
DllCanUnloadNow
DllGetActivationFactory
EditUserPage_CreateInstance
EnableUserPage_CreateInstance
EnterProductKeyPage_CreateInstance
FeaturedResetPCPage_CreateInstance
HolographicUninstallPage_CreateInstance
InPlaceUpgradePage_CreateInstance
InitializeXamlCustomResourceLoader
InitializeXamlRuntime
JoinDomainPage_CreateInstance
LeaveDomainPage_CreateInstance
LockdownUserPage_CreateInstance
ManageExclusionPage_CreateInstance
RemoteDesktopPage_CreateInstance
RemoveUserPage_CreateInstance
RenamePCPage_CreateInstance
RetailDemoConfirmPage_CreateInstance
SetDateTimePage_CreateInstance
SetFindMyDevicePage_CreateInstance
SetGeolocationMasterPage_CreateInstance
SurfaceHubDeveloperModePage_CreateInstance
TroubleshootActivationPage_CreateInstance
UninitializeXamlCustomResourceLoader
UninitializeXamlRuntime
UninstallOSPage_CreateInstance
ViewWifiPasswordPage_CreateInstance

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 499KB - Virtual size: 498KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TSpkg.dll
.dll windows:10 windows x64 arch:x64

0a3afcd27ee91f8749be27fde9326046

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

TSpkg.pdb

Imports

msvcrt

_amsg_exit
free
malloc
_snwprintf_s
_wcsicmp
_lock
__CxxFrameHandler3
_unlock
_XcptFilter
__C_specific_handler
__dllonexit
wcsncat_s
_wcsnicmp
wcsncpy_s
wcscat_s
wcscpy_s
_callnewh
memmove_s
_vsnwprintf
wcschr
_onexit
_purecall
memcpy_s
memcmp
memcpy
memset
_initterm
strcmp

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
LoadLibraryExW
FreeLibrary
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
WaitForSingleObjectEx
AcquireSRWLockShared
InitializeCriticalSection
AcquireSRWLockExclusive
DeleteCriticalSection
CreateMutexExW
EnterCriticalSection
ReleaseSRWLockExclusive
CreateEventW
ReleaseMutex
WaitForSingleObject
InitializeCriticalSectionEx
CreateSemaphoreExW
OpenSemaphoreW
ReleaseSemaphore
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
SetThreadStackGuarantee
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

sspicli

InitializeSecurityContextW
AcceptSecurityContext
SspiPrepareForCredRead
SspiLocalFree
FreeContextBuffer
SspiCopyAuthIdentity
SspiEncryptAuthIdentityEx
EncryptMessage
DecryptMessage
DeleteSecurityContext
QueryContextAttributesW
SspiValidateAuthIdentity
SspiDecryptAuthIdentityEx
SspiEncodeAuthIdentityAsStrings
SspiFreeAuthIdentity
SspiIsAuthIdentityEncrypted
ImpersonateSecurityContext
GetUserNameExW
SspiUnmarshalAuthIdentity
SetCredentialsAttributesW
AcquireCredentialsHandleW
CompleteAuthToken
FreeCredentialsHandle

api-ms-win-security-base-l1-1-0

CopySid
GetLengthSid
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
DuplicateToken
RevertToSelf

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExW
RegNotifyChangeKeyValue

api-ms-win-core-processenvironment-l1-1-0

SetCurrentDirectoryW
GetCurrentDirectoryW
ExpandEnvironmentStringsW

bcrypt

BCryptFinishHash
BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptHashData
BCryptDestroyHash
BCryptCreateHash

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetVersionExW
GetWindowsDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetComputerNameExW

msasn1

ASN1BERDecNotEndOfContents
ASN1BERDecOpenType2
ASN1octetstring_free
ASN1BERDecExplicitTag
ASN1BERDecPeekTag
ASN1BEREncU32
ASN1BERDecOctetString
ASN1BEREncExplicitTag
ASN1BERDecEndOfContents
ASN1BEREncS32
ASN1BEREncEndOfContents
ASN1BERDecSkip
ASN1_CreateModule
ASN1Free
ASN1_CreateEncoder
ASN1_CreateDecoder
ASN1_CloseEncoder
ASN1_CloseDecoder
ASN1_Decode
ASN1_FreeDecoded
ASN1_Encode
ASN1_FreeEncoded
ASN1BERDecOctetString2
ASN1DEREncOctetString
ASN1BERDecS32Val
ASN1BERDecU32Val
ASN1BEREncOpenType
ASN1DecAlloc

ntdll

RtlNtStatusToDosError
RtlFreeHeap
NtSetEvent
NtCreateEvent
NtClose
NtOpenEvent
NtQuerySystemInformation
RtlAllocateHeap
NtQuerySystemTime
RtlAvlRemoveNode
RtlAvlInsertNodeEx
RtlDuplicateUnicodeString
RtlCompareUnicodeString
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlEqualUnicodeString
RtlAllocateAndInitializeSid
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
RtlDeleteCriticalSection
NtWaitForSingleObject
RtlInitUnicodeStringEx
NtQueryInformationToken
RtlMapSecurityErrorToNtStatus
RtlCreateUnicodeStringFromAsciiz
RtlFreeUnicodeString
RtlGetLastNtStatus
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
RtlDeleteResource
RtlInitializeGenericTableAvl
RtlInitializeResource
RtlEnumerateGenericTableAvl
RtlNumberGenericTableElementsAvl
RtlDeleteElementGenericTableAvl
RtlAcquireResourceExclusive
RtlInsertElementGenericTableAvl
RtlConvertSharedToExclusive
RtlReleaseResource
RtlLookupElementGenericTableAvl
RtlImageNtHeader
RtlAcquireResourceShared
EtwTraceMessage
RtlInitializeCriticalSection

api-ms-win-core-file-l1-1-0

CreateDirectoryW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
StartTraceW
EnableTraceEx2

api-ms-win-core-memory-l1-1-0

VirtualAlloc
CreateFileMappingW
OpenFileMappingW
UnmapViewOfFile
VirtualQuery
VirtualProtect
MapViewOfFileEx

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer
UnregisterWaitEx
ChangeTimerQueueTimer

api-ms-win-eventlog-legacy-l1-1-0

ReportEventW
DeregisterEventSource
RegisterEventSourceW

Exports

Exports

SpLsaModeInitialize
SpUserModeInitialize

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TaskManagerDataLayer.dll
.dll windows:10 windows x64 arch:x64

3c14f737d535366c0cfb45d519a0f5e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

TaskManagerDataLayer.pdb

Imports

user32

ord2521

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
SetEvent
LeaveCriticalSection
ReleaseSemaphore
CreateEventW
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
EnterCriticalSection
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ResetEvent
ReleaseSRWLockShared
DeleteCriticalSection
CreateSemaphoreExW
CreateMutexExW
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
TrySubmitThreadpoolCallback
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetProcessTimes
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

ntdll

RtlInitUnicodeString
RtlAllocateHeap
RtlFreeHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
NtQuerySystemInformation
NtQueryInformationToken

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
PropVariantClear
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoCreateInstance

api-ms-win-core-file-l1-1-0

GetLogicalDriveStringsW
QueryDosDeviceW

propsys

PropVariantToStringAlloc

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-appmodel-runtime-l1-1-1

ParseApplicationUserModelId

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableCS

api-ms-win-core-shlwapi-legacy-l1-1-0

SHExpandEnvironmentStringsW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-crt-private-l1-1-0

_o___std_exception_copy
_o___std_exception_destroy
_o___std_type_info_destroy_list
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsnicmp
_o_abort
_o_ceilf
_o_free
_o_iswspace
_o_malloc
_o_terminate
__CxxFrameHandler4
__std_terminate
__std_type_info_hash
__std_type_info_compare
wcschr
memcpy
_CxxThrowException
__current_exception_context
__current_exception
__CxxFrameHandler3
__C_specific_handler
memcmp
__RTDynamicCast
memmove

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

msvcp_win

??Bid@locale@std@@QEAA_KXZ
?tolower@?$ctype@G@std@@QEBAGG@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$ctype@G@std@@2V0locale@2@A
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
_Xtime_get_ticks
_Query_perf_counter
_Thrd_sleep
_Query_perf_frequency
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedFlushSList

api-ms-win-crt-string-l1-1-0

memset

oleaut32

SetErrorInfo
SysAllocString
SysStringLen
SysFreeString
GetErrorInfo

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-util-l1-1-0

EncodePointer

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 145KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Taskbar.dll
.dll windows:10 windows x64 arch:x64

722149c92f80f25bc6113772cfdb14c5

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

92:1b:00:a5:8d:21:f4:44:64:17:40:85:2f:21:1c:1b:1b:70:40:39:40:88:b7:4a:b3:8f:a4:ac:42:c8:d2:74
Signer

Actual PE Digest

92:1b:00:a5:8d:21:f4:44:64:17:40:85:2f:21:1c:1b:1b:70:40:39:40:88:b7:4a:b3:8f:a4:ac:42:c8:d2:74

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Taskbar.pdb

Imports

twinapi

ord9

api-ms-win-core-url-l1-1-0

PathIsURLW
UrlUnescapeW
HashData

api-ms-win-core-registryuserspecific-l1-1-0

SHRegGetUSValueW
SHRegGetBoolUSValueW

api-ms-win-core-sidebyside-l1-1-0

ReleaseActCtx
CreateActCtxW
DeactivateActCtx
ActivateActCtx

ext-ms-win-devmgmt-policy-l1-1-0

PolicyManager_IsPolicySetByMobileDeviceManager
PolicyManager_GetPolicyInt

ext-ms-win-devmgmt-policy-l1-1-1

PolicyManager_FreeGetPolicyData
PolicyManager_GetPolicy

ext-ms-win-ntuser-draw-l1-1-0

BeginPaint
GetWindowDC
GetUpdateRect
EndPaint
InvalidateRect
UpdateWindow
RedrawWindow
DrawFocusRect
GetWindowRgnBox
SetWindowRgn

ext-ms-win-ntuser-draw-l1-1-2

GetWindowRgn

ext-ms-win-rtcore-ntuser-window-ext-l1-1-0

GetClassInfoExW
PeekMessageW
GetWindowInfo
TranslateMessage
DispatchMessageW
AllowSetForegroundWindow
IsWindowEnabled
ScreenToClient
SendMessageCallbackW
SetWindowsHookExW
WindowFromPoint
CallNextHookEx
PostThreadMessageW
GetClassInfoW
InSendMessage
WindowFromPhysicalPoint
GetWindowThreadProcessId
SetCursorPos
RemovePropW
FindWindowExW
IsWindowVisible
GetCursorPos
SetFocus
GetFocus
IsWindow
EndDeferWindowPos
EnumThreadWindows
BeginDeferWindowPos
GetMessagePos
ClientToScreen
GetWindowLongPtrW
SetWindowLongPtrW
SetTimer
GetWindowTextW
GetClientRect
GetMessageExtraInfo
CreateWindowExW
RegisterClassW
MapWindowPoints
DefWindowProcW
DestroyWindow
PostMessageW
SetForegroundWindow
SendMessageTimeoutW
SendNotifyMessageW
GetForegroundWindow
GetDesktopWindow
GetParent
FindWindowW
SetWindowTextW
KillTimer
SetCoalescableTimer
DeferWindowPos
SetWindowPos
GetWindow
GetWindowRect
SendMessageW
EnumChildWindows
ShowWindow
GetWindowLongW
GetAncestor
GetPropW
SetWindowLongW
EnumWindows
SetPropW
GetClassNameW
RegisterWindowMessageW
UnhookWindowsHookEx
RegisterClassExW

ext-ms-win-rtcore-ntuser-window-ext-l1-1-1

SetWindowPlacement
IsZoomed

ext-ms-win-session-winsta-l1-1-0

WinStationIsSessionRemoteable

api-ms-win-core-registry-l1-1-0

RegNotifyChangeKeyValue
RegCloseKey
RegEnumValueW
RegDeleteValueW
RegQueryValueExW
RegEnumKeyExW
RegDeleteTreeW
RegGetValueW
RegOpenCurrentUser
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW

api-ms-win-core-synch-l1-1-0

OpenEventW
DeleteCriticalSection
CreateEventW
ReleaseSRWLockShared
ReleaseSRWLockExclusive
CreateEventExW
ReleaseMutex
AcquireSRWLockShared
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
ResetEvent
ReleaseSemaphore
TryEnterCriticalSection
EnterCriticalSection
CreateSemaphoreExW
AcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
InitializeSRWLock
OpenSemaphoreW
CreateMutexW
CreateMutexExW
SetEvent
WaitForSingleObjectEx

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWait
TrySubmitThreadpoolCallback
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
DisassociateCurrentThreadFromCallback

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation
EventEnabled
EventActivityIdControl

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
Sleep
InitOnceBeginInitialize

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameW
LoadResource
FindResourceExW
GetModuleFileNameA
DisableThreadLibraryCalls
LoadStringW
FindStringOrdinal
LockResource
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleExW

api-ms-win-core-file-l1-1-0

CreateFileW
GetLongPathNameW
GetFileAttributesW
DeleteFileW

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
TlsSetValue
GetThreadPriority
TerminateProcess
OpenProcessToken
GetCurrentThread
TlsFree
OpenThreadToken
TlsGetValue
GetCurrentProcessId
ProcessIdToSessionId
GetProcessId
TlsAlloc
OpenThread
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
FormatMessageA
GetCalendarInfoW
GetLocaleInfoW
GetThreadUILanguage
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

oleaut32

SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SysAllocStringByteLen
VariantInit
SysFreeString
SysAllocString
SysStringLen
VariantClear

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask

api-ms-win-core-com-l1-1-0

CoEnableCallCancellation
CoCancelCall
CoGetInterfaceAndReleaseStream
CoGetMalloc
CoTaskMemAlloc
CoDisableCallCancellation
IIDFromString
CoInitializeEx
CoUninitialize
CoGetCallContext
CoReleaseMarshalData
CoMarshalInterThreadInterfaceInStream
CoCreateFreeThreadedMarshaler
CoCreateGuid
CoTaskMemFree
CoGetApartmentType
StringFromIID
StringFromCLSID
StringFromGUID2
PropVariantClear
CoGetObjectContext
CreateStreamOnHGlobal
CoTaskMemRealloc
CoCreateInstance
CLSIDFromString

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNICW
StrChrW
QISearch
StrCmpW
StrCmpNIW
StrCmpICW
StrToIntW

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_SetSite
IUnknown_QueryService
IUnknown_Set
IUnknown_GetSite

ntdll

RtlFormatCurrentUserKeyPath
ZwMapViewOfSection
RtlInitUnicodeStringEx
RtlInitString
ZwSetInformationProcess
RtlPublishWnfStateData
ZwQueryDirectoryFile
RtlVerifyVersionInfo
RtlGetNativeSystemInformation
RtlInitUnicodeString
RtlpEnsureBufferSize
ZwQueryInformationProcess
RtlxAnsiStringToUnicodeSize
ZwCreateSection
RtlUpcaseUnicodeString
RtlUpcaseUnicodeChar
NtQueryWnfStateData
ZwCreateFile
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
RtlAppendUnicodeToString
NtQueryInformationToken
RtlNtPathNameToDosPathName
ZwQueryValueKey
RtlAppendUnicodeStringToString
ZwOpenFile
ZwQueryInformationFile
RtlGetDeviceFamilyInfoEnum
LdrResSearchResource
ZwUnmapViewOfSection
ZwOpenKey
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlGetVersion
ZwEnumerateValueKey
NtQueryInformationFile
RtlSubscribeWnfStateChangeNotification
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
RtlAnsiStringToUnicodeString
ZwClose
ZwEnumerateKey
RtlReAllocateHeap
RtlNtStatusToDosError
RtlQueryWnfStateData
RtlRunOnceExecuteOnce
RtlFreeHeap
RtlAllocateHeap
RtlCopyUnicodeString
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalFree
GlobalAlloc
LocalReAlloc
LocalAlloc

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTime
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetVersionExW
GetLocalTime

api-ms-win-core-datetime-l1-1-1

GetTimeFormatEx
GetDateFormatEx

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsCreateString
WindowsDeleteString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsCreateStringReference
WindowsCompareStringOrdinal

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-shcore-registry-l1-1-0

SHDeleteValueW
SHSetValueW
SHRegGetValueW
SHGetValueW

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathAllocCombine
PathCchAppend
PathCchCombine

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
VirtualAlloc
VirtualFree
UnmapViewOfFile
OpenFileMappingW
VirtualProtect

api-ms-win-core-shlwapi-legacy-l1-1-0

SHExpandEnvironmentStringsW
PathParseIconLocationW
PathIsFileSpecW
PathFileExistsW
PathCommonPrefixW
PathFindFileNameW
PathFindExtensionW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegCreateKeyW
RegDeleteKeyW

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW
IStream_Size
IStream_Reset
IStream_Read
SHCreateStreamOnFileEx
SHOpenRegStream2W
SHCreateMemStream
IStream_Write

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrcmpiW

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer
ChangeTimerQueueTimer

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

userenv

GetProfileType

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime
GetDynamicTimeZoneInformation
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-security-base-l1-1-0

IsValidSid
GetLengthSid
CheckTokenMembership
GetTokenInformation
SetKernelObjectSecurity
CopySid

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-shcore-sysinfo-l1-1-0

IsOS

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetEnvironmentVariableW

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-shcore-unicodeansi-l1-1-0

SHAnsiToUnicode

api-ms-win-shcore-thread-l1-1-0

SHCreateThread
SHGetThreadRef

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-string-l2-1-0

CharNextW
CharLowerBuffW

api-ms-win-core-stringansi-l1-1-0

CharNextA

api-ms-win-shcore-scaling-l1-1-1

ord244
GetDpiForMonitor

api-ms-win-power-base-l1-1-0

CallNtPowerInformation

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOverStream

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage

api-ms-win-service-management-l1-1-0

StartServiceW
OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-shlwapi-winrt-storage-l1-1-1

StrRetToStrW
ord197
ord479
SHCreateWorkerWindowW
SHPinDllOfCLSID
ord165
AssocQueryStringW
ord509
StrRetToBufW
SHIsChildOrSelf
ord635
IUnknown_GetWindow
ord481
ShellMessageBoxW
IStream_ReadPidl
ord348

api-ms-win-ntuser-sysparams-l1-1-0

SystemParametersInfoW
GetMonitorInfoW
QueryDisplayConfig
GetSystemMetrics
EnumDisplayDevicesW
EnumDisplayMonitors
GetDisplayConfigBufferSizes

api-ms-win-ntuser-rectangle-l1-1-0

EqualRect
SetRectEmpty
SubtractRect
OffsetRect
CopyRect
UnionRect
IsRectEmpty
InflateRect
PtInRect
SetRect
IntersectRect

api-ms-win-rtcore-ntuser-winevent-l1-1-0

SetWinEventHook
UnhookWinEvent
NotifyWinEvent

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFullName

api-ms-win-rtcore-ntuser-private-l1-1-0

CreateWindowInBand
GetWindowBand

api-ms-win-shell-namespace-l1-1-0

SHGetNameFromIDList
SHGetIDListFromObject
ILIsEqual
ILFree
ILGetSize
ILCombine
SHCreateItemFromIDList
ILClone
ILFindLastID
ILRemoveLastID
SHBindToParent
SHCreateItemFromParsingName
SHBindToFolderIDListParent
ILIsParent

api-ms-win-rtcore-ntuser-wmpointer-l1-1-2

SetWindowFeedbackSetting

ext-ms-win-shell32-shellfolders-l1-1-0

SHGetFileInfoW
SHGetFolderPathAndSubDirW
SHGetKnownFolderPath

api-ms-win-rtcore-ntuser-wmpointer-l1-1-0

GetPointerInfo
GetCurrentInputMessageSource
GetPointerType
GetPointerDevices

propsys

PSPropertyBag_WriteStr
PropVariantToUInt32
PSCreateMemoryPropertyStore
PSGetPropertyFromPropertyStorage
PropVariantToBoolean
InitVariantFromResource
InitVariantFromGUIDAsString

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx

api-ms-win-shell-changenotify-l1-1-1

SHChangeNotifyRegister
SHChangeNotification_Lock
SHChangeNotification_Unlock
SHHandleUpdateImage
SHChangeNotifyDeregister

api-ms-win-storage-exports-internal-l1-1-0

SetThreadFlags
SHGetKnownFolderIDList
GetThreadFlags
SHGetSpecialFolderLocation

api-ms-win-shell-dataobject-l1-1-0

SHCreateDataObject

d2d1

ord1

dwrite

DWriteCreateFactory

api-ms-win-rtcore-ntuser-clipboard-l1-1-0

RegisterClipboardFormatW

api-ms-win-shell-changenotify-l1-1-0

SHChangeNotify

api-ms-win-appmodel-runtime-l1-1-1

ParseApplicationUserModelId
FindPackagesByPackageFamily

ext-ms-win-ntuser-windowstation-l1-1-0

GetThreadDesktop
SetThreadDesktop
CloseDesktop

ext-ms-win-ntuser-windowstation-l1-1-1

OpenInputDesktop

ext-ms-win-gdi-draw-l1-1-0

CreateBitmap
GdiFlush
BitBlt
CreateCompatibleBitmap
StretchDIBits
CreateDIBSection
GetDIBits

ext-ms-win-gdi-draw-l1-1-1

GetBkColor
GetViewportOrgEx
GdiAlphaBlend
Polyline
SetBkMode
CreatePen
PatBlt
SetBkColor

ext-ms-win-gdi-draw-l1-1-2

OffsetWindowOrgEx
SetViewportOrgEx

gdi32

CreateSolidBrush
StretchBlt
ExcludeClipRect
CreateFontW
GetDeviceCaps
GetCurrentObject
CombineRgn
OffsetRgn
SetRectRgn
CreateRectRgnIndirect
SetStretchBltMode
GetGlyphOutlineW
CreateRectRgn
GetOutlineTextMetricsW
GetStockObject
CreateCompatibleDC
SelectObject
GetObjectW
DeleteDC
DeleteObject
GetClipBox
CreateFontIndirectW
SetTextColor
SetTextAlign
GetTextMetricsW
ExtTextOutW
GetTextExtentPoint32W

kernel32

__C_specific_handler
IsBadWritePtr
VerifyVersionInfoW
RtlCompareMemory
VerSetConditionMask
__chkstk

wininet

InternetCrackUrlW

shcore

ord141
ord1
ord192
ord126
ord210
ord186
ord183
ord213
ord123
ord121
ord190
ord109
ord200
ord142

shell32

ShellExecuteExW
ord100
ord85
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHCreateItemInKnownFolder
ord67
DuplicateIcon
ExtractIconExW
SHGetStockIconInfo
ord6
ord137
ord132
ord711
ord244
ord941
ShellExecuteW
ord895
ord181
ord906
SHGetPropertyStoreForWindow
ord894
ord162
SHAppBarMessage
ord727
ord792
ord790
Shell_GetCachedImageIndexW
ord22
ord134
ord95
SHGetPathFromIDListW
ord850
ord190
SHGetLocalizedName
SHBindToObject
ord43
ord907
ord743

shlwapi

ord164
ord548
ord163
AssocQueryKeyW
ChrCmpIW
PathIsRelativeW

uxtheme

GetThemeBool
GetThemeMargins
GetThemeBackgroundExtent
OpenThemeDataForDpi
ord126
ord138
GetThemeInt
IsThemePartDefined
OpenThemeData
IsAppThemed
GetThemeColor
IsCompositionActive
DrawThemeTextEx
GetThemeFont
GetThemeMetric
BufferedPaintUnInit
GetThemePartSize
BufferedPaintInit
BeginBufferedPaint
EndBufferedPaint
GetBufferedPaintBits
DrawThemeParentBackground
DrawThemeBackground
CloseThemeData
GetWindowTheme
SetWindowTheme
IsThemeActive

dwmapi

DwmQueryThumbnailSourceSize
ord114
ord159
ord140
DwmUpdateThumbnailProperties
ord141
ord138
DwmSetWindowAttribute
DwmEnableBlurBehindWindow
ord139
DwmRegisterThumbnail
ord113
DwmIsCompositionEnabled

user32

MonitorFromPoint
AdjustWindowRectEx
GetDC
ReleaseDC
MonitorFromRect
LoadMenuW
GetSubMenu
TrackPopupMenuEx
DestroyMenu
DestroyIcon
LoadCursorW
CopyImage
GetSysColor
GetDoubleClickTime
CalculatePopupWindowPosition
TrackMouseEvent
SetCapture
GetCapture
AreDpiAwarenessContextsEqual
GetWindowDpiAwarenessContext
GetDpiForSystem
SetMessageExtraInfo
SetMenuInfo
GetMenuInfo
WindowFromDC
ReleaseCapture
CopyIcon
GetPhysicalCursorPos
GetClassLongW
GetClassWord
DrawIconEx
GetIconInfoExW
UpdateLayeredWindow
LoadIconW
SetMenuItemInfoW
GetClassLongPtrW
GetCaretBlinkTime
MonitorFromWindow
GetSystemMetricsForDpi
GetCursorInfo
ord2005
GetWindowProcessHandle
DefWindowProcA
IsWindowUnicode
LoadImageW
GetWindowCompositionAttribute
GetIconInfo
SetThreadDpiAwarenessContext
IsProcessDPIAware
FillRect
DrawTextExW
DrawTextW
GetKeyState
CreateIconIndirect
GetLastInputInfo
GetSysColorBrush
GetLayeredWindowAttributes
InternalGetWindowText
GetGuiResources
GetCursorFrameInfo
DeleteMenu
GetMenuStringW
CheckMenuItem
AdjustWindowRect
GetDpiForWindow
SetWindowCompositionAttribute
SetScrollPos
GetScrollInfo
SetLayeredWindowAttributes
SetGestureConfig
SetScrollInfo
EnableMenuItem
GetMenuState
RemoveMenu
SetMenuDefaultItem
IsTopLevelWindow
EndTask
GetMenuItemCount
GetMenuItemInfoW
GhostWindowFromHungWindow
ReplyMessage
HungWindowFromGhostWindow
ord2573
GetAsyncKeyState
ModifyMenuW
ord2574
TileWindows
SwitchToThisWindow
CascadeWindows
GetSystemMenu
BringWindowToTop
CreatePopupMenu
IsIconic
GetLastActivePopup
InsertMenuW
ShowWindowAsync

slc

SLGetWindowsInformationDWORD

api-ms-win-crt-private-l1-1-0

_o_fmod
_o_floorf
_o_floor
_o_terminate
_o_free
_o_iswspace
_o_wcscat_s
_o_wcscpy_s
__CxxFrameHandler3
__current_exception
__current_exception_context
_o_lroundf
_o_malloc
_o_wcstol
_o_ceilf
_o_wcstoull
__CxxFrameHandler4
__std_terminate
memcpy
memmove
memcmp
wcsstr
wcschr
__std_type_info_compare
wcsrchr
strchr
_o_pow
_o_realloc
_o_round
_o_sqrt
_o____lc_codepage_func
_o___std_exception_copy
_o___std_exception_destroy
_o___std_type_info_destroy_list
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vswprintf_s
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
_o__wtoi
_o_abort
_o_ceil
_CxxThrowException

api-ms-win-crt-string-l1-1-0

memset
wcsncmp
strncmp
wcscmp
strcmp
strlen
wcslen
wcsspn

api-ms-win-crt-utility-l1-1-0

labs

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

msvcp_win

??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$ctype@G@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?id@?$collate@G@std@@2V0locale@2@A
_Wcsxfrm
_Wcscoll
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QEBA_NXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?width@ios_base@std@@QEAA_J_J@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??0_Locinfo@std@@QEAA@PEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Random_device@std@@YAIXZ
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
_Query_perf_frequency
_Query_perf_counter
?_Xbad_function_call@std@@YAXXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??1_Lockit@std@@QEAA@XZ
??1_Locinfo@std@@QEAA@XZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
_Thrd_yield
?_Xlength_error@std@@YAXPEBD@Z
??0_Lockit@std@@QEAA@H@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Winerror_map@std@@YAHH@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-appmodel-runtime-l1-1-3

GetStagedPackagePathByFullName2

ext-ms-win-core-iuri-l1-1-0

CreateUri

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-com-private-l1-1-0

CoRevokeInitializeSpy
CoRegisterInitializeSpy

api-ms-win-appmodel-runtime-internal-l1-1-7

IsMrtResourceRedirectionEnabled

combase

GetErrorInfo
SetErrorInfo

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 599KB - Virtual size: 599KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 761KB - Virtual size: 760KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Taskmgr.exe
.exe windows:10 windows x64 arch:x64

e688041ba04b7b421c9615eabfb87b4f

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1c:39:f5:ba:6c:12:64:3e:fa:9b:96:30:df:bb:c2:ae:25:6d:fb:ce:e7:44:50:3b:f7:87:0b:33:3e:d0:02:f2
Signer

Actual PE Digest

1c:39:f5:ba:6c:12:64:3e:fa:9b:96:30:df:bb:c2:ae:25:6d:fb:ce:e7:44:50:3b:f7:87:0b:33:3e:d0:02:f2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Taskmgr.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm_e
_c_exit
_initterm

api-ms-win-crt-private-l1-1-0

_o_realloc
_o_round
_o_sqrtf
_o_terminate
_o_tolower
_o_towupper
_o_wcstod
_o_wcstok_s
_o_wcstol
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
_o_free
_o__wcsnicmp
_o_memcpy_s
memmove
_o_floorf
_o_floor
_o_malloc
_o_exit
_o_ceilf
_o_ceil
_o__wcsicmp
_o_bsearch
_o_abort
_o__wtol
_o__wtoi
_o_iswspace
_o_iswdigit
_o_iswalpha
_o_isdigit
_CxxThrowException
__CxxFrameHandler3
strchr
wcsrchr
wcschr
wcsstr
__std_type_info_compare
__std_terminate
__CxxFrameHandler4
_o__ui64tow_s
_o__strnicmp
_o__stricmp
_o__set_new_mode
_o__set_fmode
_o__set_errno
_o__set_app_type
_o__seh_filter_exe
_o__register_onexit_function
_o__purecall
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o__i64tow_s
_o__get_wide_winmain_command_line
_o__get_errno
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___acrt_iob_func
_o____lc_codepage_func
__RTDynamicCast
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

strcmp
memset
wcscmp

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

ProcessIdToSessionId
GetCurrentProcess
GetPriorityClass
TerminateProcess
CreateProcessW
CreateThread
GetStartupInfoW
SetProcessShutdownParameters
GetExitCodeThread
GetProcessTimes
OpenProcessToken
SetThreadPriority
SetPriorityClass
GetCurrentThread
GetThreadPriority
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetTickCount64
GetLogicalProcessorInformationEx
GetVersionExW
GetSystemInfo
GlobalMemoryStatusEx
GetLocalTime
GetComputerNameExW
GetSystemDirectoryW

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak
OutputDebugStringA

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetErrorMode
SetErrorMode

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy
OpenProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadStringW
GetModuleFileNameW
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

SetEvent
CreateEventW
CreateSemaphoreExW
EnterCriticalSection
ReleaseSemaphore
OpenEventW
LeaveCriticalSection
ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockExclusive
AcquireSRWLockShared
InitializeSRWLock
TryEnterCriticalSection
WaitForSingleObjectEx
InitializeCriticalSection
ReleaseMutex
DeleteCriticalSection
CreateEventExW
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockExclusive
WaitForSingleObject
OpenSemaphoreW
CreateMutexW
ResetEvent

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
TrySubmitThreadpoolCallback

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapSize
HeapAlloc
HeapFree
GetProcessHeap
HeapReAlloc

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
GetThreadUILanguage
GetLocaleInfoW
GetThreadPreferredUILanguages
FormatMessageW
FormatMessageA

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegNotifyChangeKeyValue
RegCloseKey
RegSetValueExW
RegGetValueW
RegQueryInfoKeyW

api-ms-win-core-synch-l1-2-0

WakeConditionVariable
InitOnceBeginInitialize
Sleep
InitOnceComplete
SleepConditionVariableCS
WakeAllConditionVariable

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-l1-1-0

CompareStringEx
WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

GetLengthSid
FreeSid
AdjustTokenPrivileges
AllocateAndInitializeSid
CopySid
GetTokenInformation
IsWellKnownSid
EqualSid
CreateWellKnownSid
SetTokenInformation
CheckTokenMembership

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo
GetSystemFirmwareTable

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-io-l1-1-1

CancelSynchronousIo

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

oleaut32

SysStringLen
SafeArrayCreateVector
SafeArrayDestroy
SafeArrayPutElement
SysFreeString
SysAllocString
SetErrorInfo
VariantClear
VariantInit
GetErrorInfo

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-core-file-l1-1-0

CompareFileTime
FindClose
FindNextChangeNotification
FlushFileBuffers
FindFirstFileW
FindCloseChangeNotification
GetFileAttributesExW
CreateFileW
FindFirstChangeNotificationW
GetDriveTypeW
GetFileType
FindNextFileW
WriteFile
CreateDirectoryW
GetFileSizeEx
FindNextVolumeW
ReadFile
FindVolumeClose
GetLogicalDriveStringsW
QueryDosDeviceW
GetLongPathNameW
FindFirstVolumeW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA
GetCurrentDirectoryW
ExpandEnvironmentStringsW

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-memory-l1-1-1

VirtualUnlock
SetProcessWorkingSetSize

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchAppend
PathCchCanonicalize

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-string-l2-1-0

CharLowerW
CharUpperBuffW

api-ms-win-core-memory-l1-1-0

ReadProcessMemory

api-ms-win-core-datetime-l1-1-2

GetDurationFormatEx

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

rpcrt4

UuidCreate

api-ms-win-core-sysinfo-l1-2-2

GetProcessorSystemCycleTime

api-ms-win-core-processtopology-l1-1-0

GetProcessGroupAffinity

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW

api-ms-win-core-sysinfo-l1-2-1

GetPhysicallyInstalledSystemMemory

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation
GetProcessInformation

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
MulDiv

api-ms-win-security-provider-l1-1-0

SetSecurityInfo
SetEntriesInAclW

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer
QueueUserWorkItem

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathStripPathW
PathRemoveBlanksW
SHExpandEnvironmentStringsW
PathRemoveBackslashW
PathIsRelativeW
PathIsPrefixW
PathRemoveExtensionW
PathGetArgsW

api-ms-win-perf-legacy-l1-1-0

PerfOpenQueryHandle
PerfQueryCounterData
PerfAddCounters
PerfCloseQueryHandle

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
FindActCtxSectionStringW
DeactivateActCtx
CreateActCtxW
QueryActCtxW

api-ms-win-core-windowserrorreporting-l1-1-3

RegisterApplicationRestart

api-ms-win-core-pcw-l1-1-0

PcwAddQueryItem
PcwCollectData
PcwCreateQuery

nsi

NsiGetParameter
NsiGetAllParameters

api-ms-win-core-atoms-l1-1-0

AddAtomW
DeleteAtom

comctl32

ImageList_CoCreateInstance

ntdll

NtQuerySystemInformation
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlNumberOfSetBitsUlongPtr
NtQueryInformationProcess
NtSystemDebugControl
NtSetInformationFile
EtwCheckCoverage
ZwQueryWnfStateData
RtlNtStatusToDosError
NtQueryInformationThread
RtlInitUnicodeString
NtQueryTimerResolution
NtQueryObject
NtQueryInformationFile
RtlIpv4AddressToStringExW
RtlIpv6AddressToStringExW
RtlSecondsSince1970ToTime
NtPowerInformation
RtlTimeToElapsedTimeFields
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
NtQueryInformationToken
NtOpenFile
RtlCheckPortableOperatingSystem
LdrQueryProcessModuleInformation
RtlImageNtHeader
RtlFreeHeap
RtlAllocateHeap
NtSetInformationProcess

shlwapi

StrToIntExW
ord548
ord199
ord219
StrRChrIW
PathRemoveArgsW
SHCreateStreamOnFileEx
ord278
StrRetToBufW
StrTrimW
ord176
ord16
AssocQueryStringW
PathIsNetworkPathW
ord437
SHCreateStreamOnFileW
StrStrW
ord618
StrStrIW

shell32

SHEvaluateSystemCommandTemplate
Shell_NotifyIconW
SHGetPropertyStoreForWindow
SHGetFileInfoW
SHGetIDListFromObject
ord4
ord2
SHGetKnownFolderIDList
ord727
Shell_GetCachedImageIndexW
SHGetKnownFolderItem
ord155
SHBindToParent
ord61
SHOpenFolderAndSelectItems
SHParseDisplayName
ord75
ShellExecuteExW
CommandLineToArgvW
DuplicateIcon
SHGetKnownFolderPath
SHGetStockIconInfo
ShellExecuteW

credui

CredUIPromptForCredentialsW

gdi32

BitBlt
GetCurrentObject
CreateDIBSection
D3DKMTQueryAdapterInfo
D3DKMTOpenAdapterFromLuid
GdiAlphaBlend
StretchBlt
D3DKMTCloseAdapter
Rectangle
LineTo
CreateCompatibleDC
GetObjectW
ExcludeClipRect
SetStretchBltMode
CreateFontIndirectW
MoveToEx
CreatePen
DeleteObject
SelectObject
SetTextColor
SetBkColor
SetBkMode
GetStockObject
CreateSolidBrush
GetTextExtentPointW
GetDeviceCaps
DeleteDC
CreateRectRgn

user32

EmptyClipboard
OpenClipboard
GetMessagePos
SetMenuInfo
GetScrollPos
PtInRect
DialogBoxParamW
GetParent
GetForegroundWindow
InsertMenuW
CreatePopupMenu
TrackPopupMenuEx
RedrawWindow
SetWindowLongPtrW
GetWindowLongPtrW
GetCursorPos
CloseGestureInfoHandle
GetGestureInfo
SetGestureConfig
TrackMouseEvent
GetSysColor
SystemParametersInfoW
CopyRect
EqualRect
IsZoomed
ReleaseDC
DestroyMenu
RemoveMenu
LoadMenuW
MapWindowPoints
DestroyIcon
LoadImageW
GetWindowLongW
GetKeyState
GetSystemMetrics
KillTimer
PostQuitMessage
DestroyWindow
IsWindowEnabled
OpenIcon
SetFocus
IsWindow
GetFocus
IsIconic
ScreenToClient
SetTimer
LoadIconW
DefWindowProcW
SendMessageW
PostMessageW
CloseClipboard
UpdateWindow
GetDC
ShowWindow
GetMenu
UnregisterDeviceNotification
ChangeWindowMessageFilterEx
SetForegroundWindow
CreateWindowInBand
SetLayeredWindowAttributes
CreateWindowExW
RegisterClassExW
CheckMenuRadioItem
GetSubMenu
GetMenuItemID
GetMenuItemCount
CheckMenuItem
EnableMenuItem
DeleteMenu
SetWindowPos
GetMonitorInfoW
MonitorFromPoint
GetWindowRect
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
MessageBoxW
SendMessageTimeoutW
AllowSetForegroundWindow
GetWindowThreadProcessId
FindWindowW
ord2569
RegisterWindowMessageW
SetWindowLongW
SetPropW
RemovePropW
MonitorFromWindow
SendInput
GetWindowPlacement
ReleaseCapture
SetWindowRgn
GetAncestor
SetClassLongPtrW
SetCapture
GetKeyboardState
GetNextDlgTabItem
InvalidateRect
TrackPopupMenu
GetPropW
InternalGetWindowText
GetCurrentInputMessageSource
GetDoubleClickTime
SetDlgItemTextW
EndDialog
ShowWindowAsync
GetLastActivePopup
MessageBeep
SwitchToThisWindow
GetDlgItem
GetDlgItemTextW
GetWindowTextW
EnableWindow
GetWindowTextLengthW
CreateDialogParamW
SetWindowTextW
ord2521
AppendMenuW
GetMenuItemInfoW
GetMenuState
SetMenuDefaultItem
MsgWaitForMultipleObjectsEx
PeekMessageW
CopyIcon
SetClipboardData
UnregisterClassW
GetClassLongPtrW
GetClassNameW
GetWindow
IsWindowVisible
GhostWindowFromHungWindow
IsHungAppWindow
HungWindowFromGhostWindow
OpenDesktopW
GetThreadDesktop
SetThreadDesktop
EnumDesktopWindows
CloseDesktop
EnumDesktopsW
GetProcessWindowStation
GetDpiAwarenessContextForProcess
AreDpiAwarenessContextsEqual
GetGuiResources
GetClientRect
RegisterDeviceNotificationW
GetWindowBand
DrawIconEx
DrawTextW
EnumWindows
WindowFromDC
WindowFromPoint
GetMenuInfo
SetMenuItemInfoW
SetMessageExtraInfo
GetMessageExtraInfo
GetDpiForSystem
GetWindowDpiAwarenessContext
DrawTextExW
GetDpiForWindow
ord2574
GetWindowCompositionAttribute
SetMenu
ord2573

duser

ForwardGadgetMessage
SetGadgetStyle
GetGadgetRect

dui70

InitThread
UnInitThread
UnInitProcessPriv
?GetKeyFocusedElement@HWNDElement@DirectUI@@SAPEAVElement@2@XZ
?CreateGraphic@Value@DirectUI@@SAPEAV12@PEAUHICON__@@_N11@Z
?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z
?ContentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?Release@Value@DirectUI@@QEAAXXZ
?GetRootRelativeBounds@Element@DirectUI@@QEAAJPEAUtagRECT@@@Z
?GetRoot@Element@DirectUI@@QEAAPEAV12@XZ
?IsRTL@Element@DirectUI@@QEAA_NXZ
?GetExtent@Element@DirectUI@@QEAAPEBUtagSIZE@@PEAPEAVValue@2@@Z
InitProcessPriv
?SetContentAlign@Element@DirectUI@@QEAAJH@Z
?GetBorderThickness@Element@DirectUI@@QEAAPEBUtagRECT@@PEAPEAVValue@2@@Z
?GetPadding@Element@DirectUI@@QEAAPEBUtagRECT@@PEAPEAVValue@2@@Z
?SetX@Element@DirectUI@@QEAAJH@Z
?GetParent@Element@DirectUI@@QEAAPEAV12@XZ
?GetLocation@Element@DirectUI@@QEAAPEBUtagPOINT@@PEAPEAVValue@2@@Z
?GetClassInfoPtr@HWNDElement@DirectUI@@SAPEAUIClassInfo@2@XZ
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
StrToID
?SetForegroundColor@Element@DirectUI@@QEAAJK@Z
?ForegroundProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?SetBackgroundColor@Element@DirectUI@@QEAAJK@Z
?GetDisplayNode@Element@DirectUI@@QEAAPEAUHGADGET__@@XZ
?Register@HWNDElement@DirectUI@@SAJXZ
?BackgroundProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?SetBorderColor@Element@DirectUI@@QEAAJK@Z
?RemoveLocalValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZ@Z
??0HWNDElement@DirectUI@@QEAA@XZ
??1HWNDElement@DirectUI@@UEAA@XZ
?Destroy@NativeHWNDHost@DirectUI@@QEAAXXZ
?Initialize@NativeHWNDHost@DirectUI@@QEAAJPEBGPEAUHWND__@@PEAUHICON__@@HHHHHHI@Z
??0NativeHWNDHost@DirectUI@@QEAA@XZ
??1NativeHWNDHost@DirectUI@@UEAA@XZ
?CreateHostWindow@NativeHWNDHost@DirectUI@@UEAAPEAUHWND__@@KPEBG0KHHHHPEAU3@PEAUHMENU__@@PEAUHINSTANCE__@@PEAX@Z
?KeyWithinProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?Create@GridLayout@DirectUI@@SAJHHPEAPEAVLayout@2@@Z
??0IProvider@DirectUI@@QEAA@XZ
?AdviseEventRemoved@ElementProvider@DirectUI@@UEAAJHPEAUtagSAFEARRAY@@@Z
?AdviseEventAdded@ElementProvider@DirectUI@@UEAAJHPEAUtagSAFEARRAY@@@Z
?get_FragmentRoot@ElementProvider@DirectUI@@UEAAJPEAPEAUIRawElementProviderFragmentRoot@@@Z
?SetFocus@ElementProvider@DirectUI@@UEAAJXZ
?GetEmbeddedFragmentRoots@ElementProvider@DirectUI@@UEAAJPEAPEAUtagSAFEARRAY@@@Z
?get_BoundingRectangle@ElementProvider@DirectUI@@UEAAJPEAUUiaRect@@@Z
?GetRuntimeId@ElementProvider@DirectUI@@UEAAJPEAPEAUtagSAFEARRAY@@@Z
?Navigate@ElementProvider@DirectUI@@UEAAJW4NavigateDirection@@PEAPEAUIRawElementProviderFragment@@@Z
?ShowContextMenu@ElementProvider@DirectUI@@UEAAJXZ
?get_HostRawElementProvider@ElementProvider@DirectUI@@UEAAJPEAPEAUIRawElementProviderSimple@@@Z
?GetPropertyValue@ElementProvider@DirectUI@@UEAAJHPEAUtagVARIANT@@@Z
?get_ProviderOptions@ElementProvider@DirectUI@@UEAAJPEAW4ProviderOptions@@@Z
?TossElement@ElementProvider@DirectUI@@UEAAXXZ
?QueryInterface@ElementProvider@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?Create@ElementProvider@DirectUI@@SAJPEAVElement@2@PEAVInvokeHelper@2@PEAPEAV12@@Z
?Create@HWNDElementProvider@DirectUI@@SAJPEAVHWNDElement@2@PEAVInvokeHelper@2@PEAPEAV12@@Z
?Find@ElementProviderManager@DirectUI@@SAPEAVElementProvider@2@PEAVElement@2@@Z
??0ProviderProxy@DirectUI@@IEAA@XZ
??0ElementProxy@DirectUI@@IEAA@XZ
??1ElementProvider@DirectUI@@UEAA@XZ
??0RefcountBase@DirectUI@@QEAA@XZ
??0ElementProvider@DirectUI@@QEAA@XZ
?GetInvokeHelper@InvokeManager@DirectUI@@SAJPEAPEAVInvokeHelper@2@@Z
?Init@ProviderProxy@DirectUI@@MEAAXPEAVElement@2@@Z
?CreatePatternProvider@Schema@DirectUI@@SAJW4Pattern@12@PEAVElementProvider@2@PEAPEAUIUnknown@@@Z
?IsPatternSupported@ElementProxy@DirectUI@@IEAAJW4Pattern@Schema@2@PEA_N@Z
?AddRef@ElementProvider@DirectUI@@UEAAKXZ
?TossPatternProvider@ElementProvider@DirectUI@@QEAAXW4Pattern@Schema@2@@Z
??1RefcountBase@DirectUI@@UEAA@XZ
?DoInvokeArgs@ElementProvider@DirectUI@@QEAAJHP6APEAVProviderProxy@2@PEAVElement@2@@ZPEAD@Z
?GetElement@ElementProvider@DirectUI@@UEAAPEDVElement@2@XZ
?AddRef@RefcountBase@DirectUI@@QEAAJXZ
?Release@RefcountBase@DirectUI@@QEAAJXZ
?Init@ElementProxy@DirectUI@@MEAAXPEAVElement@2@@Z
?DoMethod@ElementProxy@DirectUI@@UEAAJHPEAD@Z
?GetProperty@ElementProxy@DirectUI@@IEAAJPEAUtagVARIANT@@H@Z
?Release@ElementProvider@DirectUI@@UEAAKXZ
?Init@ElementProvider@DirectUI@@MEAAJPEAVElement@2@PEAVInvokeHelper@2@@Z
??1AutoLock@DirectUI@@QEAA@XZ
??0AutoLock@DirectUI@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
?DoInvoke@ElementProvider@DirectUI@@IEAAJHZZ
?PatternFromPatternId@Schema@DirectUI@@SA?AW4Pattern@12@H@Z
?DataGridControlType@Schema@DirectUI@@2HA
?SelectionPattern@Schema@DirectUI@@2HA
?TablePattern@Schema@DirectUI@@2HA
?InvokePattern@Schema@DirectUI@@2HA
?TableItemPattern@Schema@DirectUI@@2HA
?IsControlElementProperty@Schema@DirectUI@@2HA
?IsContentElementProperty@Schema@DirectUI@@2HA
?TreeItemControlType@Schema@DirectUI@@2HA
?ListItemControlType@Schema@DirectUI@@2HA
?ControlTypeProperty@Schema@DirectUI@@2HA
?GridPattern@Schema@DirectUI@@2HA
?SelectionItemPattern@Schema@DirectUI@@2HA
?ExpandCollapsePattern@Schema@DirectUI@@2HA
?GridItemPattern@Schema@DirectUI@@2HA
?UiaRaiseAutomationPropertyChangedEvent@Schema@DirectUI@@2P6AJPEAUIRawElementProviderSimple@@HUtagVARIANT@@1@ZEA
?GetAccessible@Element@DirectUI@@QEAA_NXZ
?WantPropertyEvent@EventManager@DirectUI@@SA_NH@Z
?FWantAnyEvent@EventManager@DirectUI@@SA_NPEAVElement@2@@Z
GetScaleFactor
??0ScrollViewer@DirectUI@@QEAA@XZ
??1ScrollViewer@DirectUI@@UEAA@XZ
?OnPropertyChanging@BaseScrollViewer@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@ScrollViewer@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnEvent@BaseScrollViewer@DirectUI@@UEAAXPEAUEvent@2@@Z
?Add@BaseScrollViewer@DirectUI@@UEAAJPEAPEAVElement@2@I@Z
?CreateScrollBars@ScrollViewer@DirectUI@@MEAAJXZ
?AddChildren@ScrollViewer@DirectUI@@MEAAJXZ
?OnListenerAttach@BaseScrollViewer@DirectUI@@UEAAXPEAVElement@2@@Z
?OnListenerDetach@BaseScrollViewer@DirectUI@@UEAAXPEAVElement@2@@Z
?OnListenedPropertyChanging@BaseScrollViewer@DirectUI@@UEAA_NPEAVElement@2@PEBUPropertyInfo@2@HPEAVValue@2@2@Z
?OnListenedPropertyChanged@ScrollViewer@DirectUI@@UEAAXPEAVElement@2@PEBUPropertyInfo@2@HPEAVValue@2@2@Z
?OnListenedInput@BaseScrollViewer@DirectUI@@UEAAXPEAVElement@2@PEAUInputEvent@2@@Z
?OnListenedEvent@BaseScrollViewer@DirectUI@@UEAAXPEAVElement@2@PEAUEvent@2@@Z
?GetClassInfoPtr@ScrollViewer@DirectUI@@SAPEAUIClassInfo@2@XZ
?Initialize@BaseScrollViewer@DirectUI@@QEAAJPEAVElement@2@PEAK@Z
?Register@ScrollViewer@DirectUI@@SAJXZ
?OnInput@BaseScrollViewer@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?GetXScrollable@BaseScrollViewer@DirectUI@@QEAA_NXZ
?GetHScroll@ScrollViewer@DirectUI@@MEAAPEAVBaseScrollBar@2@XZ
?GetVScroll@ScrollViewer@DirectUI@@MEAAPEAVBaseScrollBar@2@XZ
?OnReceivedDialogFocus@Button@DirectUI@@UEAA_NPEAUIDialogElement@2@@Z
?OnLostDialogFocus@Button@DirectUI@@UEAA_NPEAUIDialogElement@2@@Z
?DefaultAction@Button@DirectUI@@UEAAJXZ
?OnInput@Button@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?GetClassInfoPtr@Button@DirectUI@@SAPEAUIClassInfo@2@XZ
??1Button@DirectUI@@UEAA@XZ
??0Button@DirectUI@@QEAA@XZ
?Destroy@Layout@DirectUI@@QEAAXXZ
?Register@Button@DirectUI@@SAJXZ
?KeyFocusedProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?OnPropertyChanged@Button@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?MouseWithinProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?GetBackgroundColor@Element@DirectUI@@QEAAPEBUFill@2@PEAPEAVValue@2@@Z
?Initialize@Button@DirectUI@@QEAAJIPEAVElement@2@PEAK@Z
?SetLayout@Element@DirectUI@@QEAAJPEAVLayout@2@@Z
?Create@RowLayout@DirectUI@@SAJHIIPEAPEAVLayout@2@@Z
?SetFontStyle@Element@DirectUI@@QEAAJH@Z
?SetFontWeight@Element@DirectUI@@QEAAJH@Z
?GetFontWeight@Element@DirectUI@@QEAAHXZ
?GetMouseWithin@Element@DirectUI@@QEAA_NXZ
?SetActive@Element@DirectUI@@QEAAJH@Z
?SetID@Element@DirectUI@@QEAAJPEBG@Z
?SetPressed@Button@DirectUI@@QEAAJ_N@Z
?GetBoolFalse@Value@DirectUI@@SAPEAV12@XZ
?GetContentString@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?SetAnimation@Element@DirectUI@@QEAAJH@Z
?HeightProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?LayoutPosProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?HasPadding@Element@DirectUI@@QEAA_NXZ
?HasBorder@Element@DirectUI@@QEAA_NXZ
?GetType@Value@DirectUI@@QEBAHXZ
?CustomProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@P6APEBUPropertyInfo@2@XZHPEAUUpdateCache@2@@Z
?SetClass@Element@DirectUI@@QEAAJPEBG@Z
?CreateInt@Value@DirectUI@@SAPEAV12@HW4DynamicScaleValue@@@Z
?IsDestroyed@Element@DirectUI@@QEAA_NXZ
?OnNotify@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnPropertyChanged@HWNDHost@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetClassInfoPtr@HWNDHost@DirectUI@@SAPEAUIClassInfo@2@XZ
?Register@HWNDHost@DirectUI@@SAJXZ
?OnInput@HWNDHost@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?Release@Element@DirectUI@@QEAAKXZ
?Initialize@HWNDHost@DirectUI@@QEAAJIIPEAVElement@2@PEAK@Z
??1HWNDHost@DirectUI@@UEAA@XZ
??0HWNDHost@DirectUI@@QEAA@XZ
?GetEnabled@Element@DirectUI@@QEAA_NXZ
?SetAccName@Element@DirectUI@@QEAAJPEBG@Z
?GetDPI@Element@DirectUI@@QEAAHXZ
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?UpdateSheets@DUIXmlParser@DirectUI@@QEAAJPEAVElement@2@@Z
?SetMinSize@Element@DirectUI@@QEAAJHH@Z
?IsDescendent@Element@DirectUI@@QEAA_NPEAV12@@Z
?Add@Element@DirectUI@@QEAAJPEAV12@@Z
?SetAccDesc@Element@DirectUI@@QEAAJPEBG@Z
?SetTooltip@Element@DirectUI@@QEAAJ_N@Z
?GetClassInfoPtr@Expando@DirectUI@@SAPEAUIClassInfo@2@XZ
??0Element@DirectUI@@QEAA@XZ
?_PostEvent@Element@DirectUI@@AEAAXPEAUEvent@2@H@Z
?Register@Element@DirectUI@@SAJXZ
?SetXScrollable@BaseScrollViewer@DirectUI@@QEAAJ_N@Z
?SetPadding@Element@DirectUI@@QEAAJHHHH@Z
?SetXOffset@BaseScrollViewer@DirectUI@@QEAAJH@Z
?XOffsetProp@BaseScrollViewer@DirectUI@@SAPEBUPropertyInfo@2@XZ
?ShiftChild@Element@DirectUI@@QEAAJII@Z
?GetForegroundColor@Element@DirectUI@@QEAAPEBUFill@2@PEAPEAVValue@2@@Z
?Initialize@Element@DirectUI@@QEAAJIPEAV12@PEAK@Z
?SetHeight@Element@DirectUI@@QEAAJH@Z
?Insert@Element@DirectUI@@QEAAJPEAV12@I@Z
?Remove@Element@DirectUI@@QEAAJPEAV12@@Z
?GetSize@Value@DirectUI@@QEAAPEBUtagSIZE@@XZ
?ExtentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?OnInput@Element@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?GetDesiredSize@Element@DirectUI@@QEAAPEBUtagSIZE@@XZ
?GetInt@Value@DirectUI@@QEAAHXZ
?GetWidth@Element@DirectUI@@QEAAHXZ
??1DCSurface@DirectUI@@UEAA@XZ
??0DCSurface@DirectUI@@QEAA@PEAUHDC__@@@Z
?SetValue@Element@DirectUI@@QEAAJPEBUPropertyInfo@2@HPEAVValue@2@@Z
?SetAccValue@Element@DirectUI@@QEAAJPEBG@Z
?SetWidth@Element@DirectUI@@QEAAJH@Z
?RemoveListener@Element@DirectUI@@QEAAXPEAUIElementListener@2@@Z
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
?Init@NavReference@DirectUI@@QEAAXPEAVElement@2@PEAUtagRECT@@@Z
?GetKeyWithin@Element@DirectUI@@QEAA_NXZ
?OnEvent@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?AddListener@Element@DirectUI@@QEAAJPEAUIElementListener@2@@Z
??1Element@DirectUI@@UEAA@XZ
?OnPropertyChanged@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnDestroy@Element@DirectUI@@UEAAXXZ
?GetAccessibleImpl@Element@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?ExpandCollapse_ExpandCollapseState_Property@Schema@DirectUI@@2HA
?SetSelected@Element@DirectUI@@QEAAJ_N@Z
?CreateBool@Value@DirectUI@@SAPEAV12@_N@Z
?SetExpanded@Expandable@DirectUI@@QEAAJ_N@Z
?GetExpanded@Expandable@DirectUI@@QEAA_NXZ
?SortChildren@Element@DirectUI@@QEAAJP6AHPEBX0@Z@Z
?GetBool@Value@DirectUI@@QEAA_NXZ
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@PEBUPropertyInfo@2@HPEAUUpdateCache@2@@Z
?GetVisible@Element@DirectUI@@QEAA_NXZ
?HasChildren@Element@DirectUI@@QEAA_NXZ
?GetChildren@Element@DirectUI@@QEAAPEAV?$DynamicArray@PEAVElement@DirectUI@@$0A@@2@PEAPEAVValue@2@@Z
?GetClassInfoPtr@Element@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClass@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?GetIndex@Element@DirectUI@@QEAAHXZ
??1CCListView@DirectUI@@UEAA@XZ
?PostCreate@CCBase@DirectUI@@MEAAXPEAUHWND__@@@Z
?OnReceivedDialogFocus@CCBase@DirectUI@@UEAA_NPEAUIDialogElement@2@@Z
?OnLostDialogFocus@CCBase@DirectUI@@UEAA_NPEAUIDialogElement@2@@Z
?OnCustomDraw@CCBase@DirectUI@@UEAA_NPEAUtagNMCUSTOMDRAWINFO@@PEA_J@Z
?EraseBkgnd@HWNDHost@DirectUI@@MEAA_NPEAUHDC__@@PEA_J@Z
?SetWindowDirection@HWNDHost@DirectUI@@UEAAXPEAUHWND__@@@Z
?OnWindowStyleChanged@HWNDHost@DirectUI@@UEAAX_KPEBUtagSTYLESTRUCT@@@Z
?OnCtrlThemeChanged@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnSinkThemeChanged@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnSysChar@HWNDHost@DirectUI@@UEAA_NG@Z
?DefaultAction@CCBase@DirectUI@@UEAAJXZ
?GetAccessibleImpl@HWNDHost@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?GetKeyFocused@HWNDHost@DirectUI@@UEAA_NXZ
?RemoveTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?ActivateTooltip@Element@DirectUI@@MEAAXPEAV12@K@Z
?UpdateTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?OnUnHosted@HWNDHost@DirectUI@@MEAAXPEAVElement@2@@Z
?OnHosted@HWNDHost@DirectUI@@MEAAXPEAVElement@2@@Z
?MessageCallback@HWNDHost@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?GetContentSize@CCListView@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@HWNDHost@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnEvent@HWNDHost@DirectUI@@UEAAXPEAUEvent@2@@Z
?OnDestroy@HWNDHost@DirectUI@@UEAAXXZ
?OnGroupChanged@Element@DirectUI@@UEAAXH_N@Z
?OnPropertyChanged@CCBase@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetClassInfoPtr@CCListView@DirectUI@@SAPEAUIClassInfo@2@XZ
?Register@CCListView@DirectUI@@SAJXZ
?SetBorderThickness@Element@DirectUI@@QEAAJHHHH@Z
?OnInput@CCBase@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?SetKeyFocus@HWNDHost@DirectUI@@UEAAXXZ
?OnNotify@CCBase@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnMessage@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnAdjustWindowSize@HWNDHost@DirectUI@@UEAAHHHI@Z
?GetHWND@HWNDHost@DirectUI@@UEAAPEAUHWND__@@XZ
?SetWinStyle@CCBase@DirectUI@@QEAAJH@Z
?Initialize@CCListView@DirectUI@@QEAAJIPEAVElement@2@PEAK@Z
?CreateHWND@CCBase@DirectUI@@UEAAPEAUHWND__@@PEAU3@@Z
??0CCListView@DirectUI@@QEAA@XZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UEBAXXZ
?GetChildren@ClassInfoBase@DirectUI@@UEBAHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UEAAXXZ
?AddChild@ClassInfoBase@DirectUI@@UEAAXXZ
?IsGlobal@ClassInfoBase@DirectUI@@UEBA_NXZ
?GetModule@ClassInfoBase@DirectUI@@UEBAPEAUHINSTANCE__@@XZ
?IsSubclassOf@ClassInfoBase@DirectUI@@UEBA_NPEAUIClassInfo@2@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UEBA_NPEBUPropertyInfo@2@@Z
?GetName@ClassInfoBase@DirectUI@@UEBAPEBGXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UEBAIXZ
?GetPICount@ClassInfoBase@DirectUI@@UEBAIXZ
?GetByClassIndex@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?Release@ClassInfoBase@DirectUI@@UEAAHXZ
?AddRef@ClassInfoBase@DirectUI@@UEAAXXZ
?_OnUIStateChanged@HWNDElement@DirectUI@@MEAAXGG@Z
?GetWindowClassNameAndStyle@HWNDElement@DirectUI@@UEAAXPEAPEBGPEAI@Z
?CanSetFocus@HWNDElement@DirectUI@@UEAA_NXZ
?OnCompositionChanged@HWNDElement@DirectUI@@UEAAXXZ
?OnWmSettingChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnWmThemeChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnGetDlgCode@HWNDElement@DirectUI@@UEAAXPEAUtagMSG@@PEA_J@Z
?OnNoChildWithShortcutFound@HWNDElement@DirectUI@@UEAAXPEAUKeyboardEvent@2@@Z
?OnImmersiveColorSchemeChanged@HWNDElement@DirectUI@@UEAAXXZ
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?GetAccessibleImpl@HWNDElement@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?RemoveTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?UpdateTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnGroupChanged@HWNDElement@DirectUI@@UEAAXH_N@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@HWNDElement@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
??1ClassInfoBase@DirectUI@@UEAA@XZ
??0ClassInfoBase@DirectUI@@QEAA@XZ
?Initialize@ClassInfoBase@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG_NPEBQEBUPropertyInfo@2@I@Z
?Register@ClassInfoBase@DirectUI@@QEAAJXZ
?ClassExist@ClassInfoBase@DirectUI@@SA_NPEAPEAUIClassInfo@2@PEBQEBUPropertyInfo@2@IPEAU32@PEAUHINSTANCE__@@PEBG_N@Z
??1CritSecLock@DirectUI@@QEAA@XZ
?GetFactoryLock@Element@DirectUI@@SAPEAU_RTL_CRITICAL_SECTION@@XZ
??0CritSecLock@DirectUI@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
?WndProc@HWNDElement@DirectUI@@UEAA_JPEAUHWND__@@I_K_J@Z
?OnThemeChanged@HWNDElement@DirectUI@@UEAAXPEAUThemeChangedEvent@2@@Z
?GetLayoutPos@Element@DirectUI@@QEAAHXZ
?ActivateTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@K@Z
EnableAnimations
?StartNavigate@Browser@DirectUI@@SA?AVUID@@XZ
DisableAnimations
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?Host@NativeHWNDHost@DirectUI@@QEAAXPEAVElement@2@@Z
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?SetAccRole@Element@DirectUI@@QEAAJH@Z
?SetAccessible@Element@DirectUI@@QEAAJ_N@Z
?Initialize@HWNDElement@DirectUI@@QEAAJPEAUHWND__@@_NIPEAVElement@2@PEAK@Z
?GetHWND@NativeHWNDHost@DirectUI@@QEAAPEAUHWND__@@XZ
?Create@NativeHWNDHost@DirectUI@@SAJPEBGPEAUHWND__@@PEAUHICON__@@HHHHHHIPEAPEAV12@@Z
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?OnDestroy@HWNDElement@DirectUI@@UEAAXXZ
?OnEvent@HWNDElement@DirectUI@@UEAAXPEAUEvent@2@@Z
?KeyboardNavigate@Element@DirectUI@@SA?AVUID@@XZ
?GetID@Element@DirectUI@@QEAAGXZ
?SetFocus@HWNDElement@DirectUI@@QEAAX_N@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?OnInput@HWNDElement@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?FireEvent@Element@DirectUI@@QEAAXPEAUEvent@2@_N1@Z
?Click@Button@DirectUI@@SA?AVUID@@XZ
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?EndDefer@Element@DirectUI@@QEAAXK@Z
?StartDefer@Element@DirectUI@@QEAAXPEAK@Z
?GetHWND@HWNDElement@DirectUI@@UEAAPEAUHWND__@@XZ

uxtheme

SetWindowTheme
GetThemeInt
ord135
ord132
OpenThemeData
GetThemeColor
BeginPanningFeedback
CloseThemeData
UpdatePanningFeedback
EndPanningFeedback

dwmapi

DwmSetWindowAttribute

api-ms-win-core-appcompat-l1-1-1

BaseReadAppCompatDataForProcess
BaseFreeAppCompatDataForProcess

pdh

PdhGetFormattedCounterArrayW
PdhCollectQueryData
PdhCloseQuery
PdhAddCounterW
PdhOpenQueryW
PdhGetRawCounterArrayW

dxcore

DXCoreCreateAdapterFactory

dxgi

DXGIDeclareAdapterRemovalSupport
CreateDXGIFactory2

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDevicePropertyW
SetupDiGetClassDevsW

d3d11

D3D11CreateDevice

d3d12

ord101

shcore

ord244
GetDpiForMonitor

kernel32

GlobalGetAtomNameW
GetNumberFormatW
GetActiveProcessorGroupCount
SetProcessAffinityMask
GetProcessAffinityMask
GetModuleHandleExA

msvcp_win

_Thrd_sleep
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bid@locale@std@@QEAA_KXZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
_Thrd_yield
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
_Wcsxfrm
_Wcscoll
?_Incref@facet@locale@std@@UEAAXXZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1_Locinfo@std@@QEAA@XZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??0_Locinfo@std@@QEAA@PEBD@Z
?id@?$collate@G@std@@2V0locale@2@A
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?id@?$ctype@G@std@@2V0locale@2@A
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
_Xtime_get_ticks
??1_Lockit@std@@QEAA@XZ
_Query_perf_counter
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
_Query_perf_frequency
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Random_device@std@@YAIXZ

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-util-l1-1-0

EncodePointer

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TextInputMethodFormatter.dll
.dll windows:10 windows x64 arch:x64

0db5846bda30d105ee5cc05986f750bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

TextInputMethodFormatter.pdb

Imports

msvcrt

abort
___lc_codepage_func
memset
_wcsdup
__crtLCMapStringA
_wsetlocale
memcmp
___lc_handle_func
___mb_cur_max_func
setlocale
strcspn
localeconv
islower
??1bad_cast@@UEAA@XZ
calloc
??0bad_cast@@QEAA@AEBV0@@Z
sprintf_s
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
realloc
wcsncpy_s
?terminate@@YAXXZ
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
memmove
isupper
__uncaught_exception
memcpy
__CxxFrameHandler3
_CxxThrowException
_callnewh
malloc
memmove_s
__CxxFrameHandler4
__pctype_func
??0bad_cast@@QEAA@PEBD@Z
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
_ismbblead
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
GetModuleHandleExW
GetModuleHandleW
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
InitializeCriticalSection
InitializeSRWLock
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
EnterCriticalSection
OpenSemaphoreW
CreateMutexExW
SetEvent
CreateEventW
DeleteCriticalSection
AcquireSRWLockExclusive
ReleaseSemaphore
ReleaseSRWLockExclusive
AcquireSRWLockShared
ResetEvent
ReleaseSRWLockShared
InitializeCriticalSectionEx
WaitForMultipleObjectsEx
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoGetApartmentType
PropVariantClear
CoTaskMemAlloc

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
CreateThread
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateErrorW
RoTransformError
RoOriginateError

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
Sleep
InitOnceComplete
InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsIsStringEmpty
HSTRING_UserUnmarshal64
HSTRING_UserMarshal64
HSTRING_UserUnmarshal
HSTRING_UserSize64
HSTRING_UserFree64
HSTRING_UserMarshal
HSTRING_UserSize
WindowsDeleteString
HSTRING_UserFree
WindowsCreateStringReference
WindowsCompareStringOrdinal
WindowsDuplicateString
WindowsCreateString
WindowsStringHasEmbeddedNull

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-errorhandling-l1-1-3

TerminateProcessOnMemoryExhaustion

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

coremessaging

CoreUICreate
MsgBlobCreateShared
CoreUICallReceive
CoreUICallCreateEndpointHost
CoreUICallSend
MsgStringCreateShared
MsgRelease

coreuicomponents

CoreUIClientCreate
CoreUIFactoryCreate

api-ms-win-core-file-l1-1-0

ReadFile
WriteFile

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-io-l1-1-0

CancelIoEx
GetOverlappedResult

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

oleaut32

SysStringLen
SysFreeString
SysAllocString
SysAllocStringLen

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

rpcrt4

NdrOleAllocate
NdrStubForwardingFunction
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleFree

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntdll

NtQueryInformationProcess
RtlDllShutdownInProgress

api-ms-win-security-capability-l1-1-0

CapabilityCheck

Exports

Exports

??0TextInputMethodFormatter@@QEAA@PEAUITextVirtualizationKeyRoutingServerCallback@@@Z
??0TextInputMethodFormatter@@QEAA@XZ
??1TextInputMethodFormatter@@QEAA@XZ
?ContinueDeserialize@TextInputMethodFormatter@@QEAAJGAEAV?$vector@DV?$allocator@D@std@@@std@@@Z
?DataReceived@TextInputMethodFormatter@@UEAAJIAEAV?$vector@DV?$allocator@D@std@@@std@@@Z
?GetCIVMSender@TextInputMethodFormatter@@UEAAJPEAPEAUIRemoteCoreInputViewManager@@@Z
?GetCIVSender@TextInputMethodFormatter@@UEAAJPEAPEAUIRemoteCoreInputView@@@Z
?GetIsHost@TextInputMethodFormatter@@UEAA_NXZ
?GetPduIdHelper@TextInputMethodFormatter@@QEAAJPEAPEAX@Z
?GetRemoteImeOpsQueue@TextInputMethodFormatter@@UEAAJPEAPEAUIRemoteImeOperationsQueue@@@Z
?GetTICImpl@TextInputMethodFormatter@@UEAAJPEAPEAUIRemoteTextInputClient@@@Z
?GetTISImpl@TextInputMethodFormatter@@UEAAJPEAPEAUIRemoteTextInputServer@@@Z
?GetTVIImpl@TextInputMethodFormatter@@UEAAJPEAPEAUITextVirtualizationInternal@@@Z
?GetTVKRImpl@TextInputMethodFormatter@@UEAAJPEAPEAUITextVirtualizationKeyRouting@@@Z
?GetVirtTIS@TextInputMethodFormatter@@QEAAJPEAPEAUIRemoteTextInputServer@@@Z
?Initialize@TextInputMethodFormatter@@QEAAJPEAUIMessagePort@@PEAUIMessageSession@@W4VirtualizationEnvironment@@PEAUIVirtualizedTextDataSender@@U_GUID@@@Z
?Initialize@TextInputMethodFormatter@@UEAAJPEAUIMessagePort@@PEAUIMessageSession@@@Z
?PeekPayloadPdu@TextInputMethodFormatter@@QEAAJAEAV?$vector@DV?$allocator@D@std@@@std@@PEAUKeyEventPayloadInfo@@@Z
?ProcessQueue@TextInputMethodFormatter@@QEAAJXZ
?SetCIVMTarget@TextInputMethodFormatter@@UEAAJPEAUIRemoteCoreInputViewManager@@@Z
?SetCIVTarget@TextInputMethodFormatter@@UEAAJPEAUIRemoteCoreInputView@@PEAVVirtCoreInputViewForwarder@@@Z
?SetRemoteImeOpsQueue@TextInputMethodFormatter@@UEAAJPEAUIRemoteImeOperationsQueue@@@Z
?SetTICTarget@TextInputMethodFormatter@@UEAAJPEAUIRemoteTextInputClient@@PEAVVirtTextInputClient@@@Z
?SetTIHTarget@TextInputMethodFormatter@@UEAAJPEAVVirtTextInputHost@@@Z
?SetTISTarget@TextInputMethodFormatter@@UEAAJPEAUIRemoteTextInputServer@@@Z
?SetTVKRTarget@TextInputMethodFormatter@@UEAAJPEAUITextVirtualizationKeyRouting@@@Z
?TryConnect@TextInputMethodFormatter@@QEAAJXZ
?Uninitialize@TextInputMethodFormatter@@UEAAJXZ
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 416KB - Virtual size: 413KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TpmTasks.dll
.dll regsvr32 windows:10 windows x64 arch:x64

482f05241aced4567ec1f50ea7826b9e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

TpmTasks.pdb

Imports

msvcp_win

_Xtime_get_ticks
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsdup
_o__wcsicmp
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
__CxxFrameHandler3
_o__execute_onexit_table
_o__errno
wcsstr
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__wcsnicmp
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp

ntdll

NtClose
RtlVirtualUnwind
NtQuerySystemEnvironmentValueEx
RtlLookupFunctionEntry
RtlCaptureContext
RtlNtStatusToDosError
NtQueryWnfStateData
RtlInitUnicodeString
ZwQueryWnfStateData
RtlPublishWnfStateData
NtQuerySystemInformation
RtlAcquirePrivilege
RtlCheckPortableOperatingSystem
RtlReleasePrivilege
NtWaitForSingleObject
NtCreateFile
RtlComputeCrc32
NtSetSystemEnvironmentValueEx
NtCreateEvent
RtlGetPersistedStateLocation
NtDeviceIoControlFile

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleExW
DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleW
GetProcAddress
FreeLibraryAndExitThread
GetModuleFileNameA

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-core-file-l1-1-0

DeleteFileW
FindFirstFileW
CreateFileW
FindNextFileW
FindClose
ReadFile
GetFileSizeEx

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSemaphore
CreateMutexExW
ReleaseSRWLockExclusive
DeleteCriticalSection
OpenMutexW
TryAcquireSRWLockExclusive
WaitForSingleObject
EnterCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseMutex
ReleaseSRWLockShared
LeaveCriticalSection
CreateMutexW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize
CoSetProxyBlanket
CoInitializeEx
CoInitializeSecurity

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegGetValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

ResumeThread
OpenProcessToken
GetCurrentThreadId
GetCurrentProcessId
OpenThreadToken
SetThreadToken
GetCurrentProcess
TerminateProcess
CreateThread
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

ncrypt

NCryptCreateClaim
NCryptFreeObject
NCryptGetProperty
NCryptOpenStorageProvider

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetWindowsDirectoryW
GetVersionExW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

crypt32

CertCreateCertificateContext
CryptQueryObject
CryptMsgClose
CertGetCertificateContextProperty
CertCloseStore
CertFreeCertificateContext
CryptMsgGetParam
CertFindCertificateInStore

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

tpmcoreprovisioning

TpmRemoveRegisteredWindowsAIK
TpmEKCertValidateAndCleanup
TpmEnableAutoProvisioning
TpmRetrieveHealthCertOrReschedule
TpmGatherTpmData
TpmGetTpmVersion
TpmEnrollWindowsAikCertificate
TpmCertGetWindowsAik
TpmGetCapLockoutInfo
TpmCertSetPreferredMaximumProtocolVersion
TpmSetToLegacyDictionaryAttackParameters
TpmCheckCreateWindowsAIK
TpmGet_IsTpmVersion20
TpmIsOwned
TpmCertDeleteHealthCert
TpmGetInstalledEkCertificateCount
TpmGet_ManufacturerId
TpmPrepForNgc
TpmRetrieveEkCertOrReschedule
TpmGet_IsTpmPresent
TpmCertSetEkAttestationOverride
TpmIsUseLegacyDictionaryAttackParametersPolicySet
TpmProvision
TpmCertInstallNvEkCerts
TpmGet_ManufacturerVersion
TpmGetNumberOfEkCertsInNV
TpmVerifyDeviceHealth
TpmIsReadyInformation
TpmGetOrderlyShutdownInfo

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW
StrCmpIW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
AdjustTokenPrivileges

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-firmware-l1-1-0

GetFirmwareEnvironmentVariableW
SetFirmwareEnvironmentVariableExW

api-ms-win-core-rtlsupport-l1-1-0

RtlCompareMemory

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UpdateAgent.dll
.dll windows:10 windows x64 arch:x64

993483b630cc7c8c3b67a46f74585eb0

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c0:fb:32:d6:8a:58:6f:79:90:80:a9:86:91:c5:a1:3a:92:f4:75:15:96:47:5d:54:eb:cc:5c:5c:31:e8:3d:45
Signer

Actual PE Digest

c0:fb:32:d6:8a:58:6f:79:90:80:a9:86:91:c5:a1:3a:92:f4:75:15:96:47:5d:54:eb:cc:5c:5c:31:e8:3d:45

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

UpdateAgent.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__strnicmp
_o__wcsicmp
_o__wcsnicmp
_o__wcstoui64
_o__wfopen
_o__wsplitpath_s
_o__wtof
_o__wtoi
_o_fclose
_o_feof
_o_fgetws
memmove
_o_free
_o_iswctype
_o_iswspace
_o_malloc
_o_memcpy_s
_o_strncpy_s
_o_strtol
_o_terminate
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstoul
__current_exception
__current_exception_context
_CxxThrowException
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__execute_onexit_table
_o__errno
_o__crt_atexit
wcsstr
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__beginthreadex
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___acrt_iob_func
strrchr
wcsrchr
strchr
wcschr
__C_specific_handler
__CxxFrameHandler3
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcsncmp
wcscmp
strncmp
wcsnlen

oleaut32

SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString
VariantInit
VariantClear

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CryptHashCertificate2
CertVerifyCertificateChainPolicy

ntdll

RtlDowncaseUnicodeChar
RtlFormatCurrentUserKeyPath
RtlReAllocateHeap
RtlValidAcl
NtAdjustPrivilegesToken
RtlSetSaclSecurityDescriptor
RtlValidSid
NtDuplicateToken
RtlGetSaclSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlAllocateAndInitializeSid
RtlCopySid
RtlSetGroupSecurityDescriptor
RtlFindAceByType
NtDelayExecution
RtlCreateEnvironmentEx
RtlExpandEnvironmentStrings_U
NtQueryInformationToken
RtlNtStatusToDosErrorNoTeb
RtlNtStatusToDosError
RtlRunOnceComplete
RtlRunOnceBeginInitialize
RtlFindNextForwardRunClear
RtlNumberOfSetBits
RtlInitializeSRWLock
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
NtSetInformationProcess
RtlUnicodeToMultiByteN
RtlDosPathNameToNtPathName_U_WithStatus
RtlAdjustPrivilege
RtlDuplicateUnicodeString
RtlCopyUnicodeString
RtlIsTextUnicode
RtlUnicodeToMultiByteSize
RtlConvertSidToUnicodeString
RtlTimeToTimeFields
NtOpenKey
RtlUpcaseUnicodeChar
LdrGetDllHandleEx
DbgPrintEx
DbgPrint
NtWaitForSingleObject
NtQueryEaFile
RtlCreateUnicodeStringFromAsciiz
RtlReleaseRelativeName
NtSetEaFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
RtlDeleteSecurityObject
RtlGetGroupSecurityDescriptor
NtShutdownSystem
NtQueryValueKey
NtOpenFile
NtSetValueKey
NtQuerySecurityObject
NtQueryDirectoryFile
RtlDestroyEnvironment
RtlCreateSecurityDescriptor
NtQueryVolumeInformationFile
NtOpenKeyTransactedEx
NtCreateKey
RtlCreateAcl
NtSetInformationKey
NtOpenThreadToken
NtYieldExecution
NtQueryInformationFile
NtFsControlFile
NtDuplicateObject
NtFlushBuffersFile
NtQueryAttributesFile
RtlAddAce
NtDeleteValueKey
RtlGetCurrentTransaction
RtlQueryEnvironmentVariable_U
NtSetSecurityObject
RtlCaptureStackBackTrace
NtDeleteFile
RtlNewSecurityObjectEx
LdrLoadDll
NtCreateKeyTransacted
NtReadFile
RtlAddAccessAllowedAceEx
NtSetInformationFile
RtlQueryInformationAcl
LdrUnloadDll
RtlpApplyLengthFunction
RtlGetAce
RtlAppendUnicodeStringToString
RtlSetDaclSecurityDescriptor
RtlEqualUnicodeString
NtEnumerateValueKey
RtlLengthSecurityDescriptor
RtlDosPathNameToNtPathName_U
NtWriteFile
RtlGetLengthWithoutLastFullDosOrNtPathElement
NtEnumerateKey
LdrGetProcedureAddress
RtlSetCurrentTransaction
RtlSetOwnerSecurityDescriptor
NtOpenProcessToken
NtDeleteKey
NtQueryKey
RtlCompareUnicodeString
NtQueryLicenseValue
RtlFreeHeap
RtlLengthSid
RtlInitUnicodeStringEx
NtQueryInformationThread
NtSetInformationThread
NtQueryObject
RtlInitUnicodeString
VerSetConditionMask
NtLoadKey2
NtOpenKeyEx
NtFlushKey
NtUnloadKey2
NtCreateFile
NtQuerySystemInformation
RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlCreateHeap
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlAllocateHeap
RtlDestroyHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlRaiseStatus
RtlGetVersion
NtClose
RtlGetControlSecurityDescriptor
RtlMakeSelfRelativeSD
RtlSetEnvironmentVariable
RtlAnsiCharToUnicodeChar
RtlSetControlSecurityDescriptor
NtQueryPerformanceCounter
NtQuerySystemTime
RtlCreateEnvironment
RtlExpandEnvironmentStrings
RtlGetDaclSecurityDescriptor

api-ms-win-security-base-l1-1-0

RevertToSelf
IsValidSid
AdjustTokenPrivileges
IsValidSecurityDescriptor
GetAce
DestroyPrivateObjectSecurity
GetSecurityDescriptorLength
SetSecurityDescriptorGroup
IsValidAcl
AddAccessAllowedAceEx
MakeSelfRelativeSD
AllocateAndInitializeSid
CopySid
FreeSid
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorControl
GetLengthSid
AddAccessAllowedAce
GetTokenInformation
EqualSid
CheckTokenMembership
SetSecurityDescriptorDacl
GetSidSubAuthority
GetSidLengthRequired
CreatePrivateObjectSecurityWithMultipleInheritance
InitializeSid
SetPrivateObjectSecurityEx
SetSecurityDescriptorOwner

api-ms-win-core-file-l1-1-0

GetFinalPathNameByHandleW
DeleteFileW
FindFirstFileExW
GetFileAttributesW
CreateFileW
FindClose
GetDiskFreeSpaceW
SetEndOfFile
RemoveDirectoryW
SetFileAttributesW
GetVolumeInformationByHandleW
GetFileSize
FlushFileBuffers
SetFileInformationByHandle
SetFilePointer
WriteFile
FindNextFileW
GetFullPathNameW
GetDiskFreeSpaceExW
SetFilePointerEx
GetFileType
GetFileSizeEx
FindFirstFileW
GetLogicalDriveStringsW
SetFileTime
ReadFile
CreateDirectoryW
GetShortPathNameW
GetLogicalDrives
DeleteFileA
CreateFileA
GetFileInformationByHandle
GetLongPathNameW
GetDriveTypeW
GetVolumeInformationW
GetTempFileNameW

api-ms-win-core-libraryloader-l1-1-0

GetModuleFileNameW
GetModuleHandleExW
GetModuleFileNameA
LoadLibraryExA
FreeLibrary
GetModuleHandleExA
LoadLibraryExW
GetProcAddress
GetModuleHandleW

api-ms-win-core-file-l2-1-0

MoveFileExW
GetFileInformationByHandleEx
CopyFileExW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
Sleep
InitOnceExecuteOnce
InitOnceComplete

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegSetKeySecurity
RegOpenKeyExW
RegCreateKeyExW
RegEnumValueW
RegQueryValueExW
RegCloseKey
RegGetKeySecurity

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
CompareStringW
WideCharToMultiByte

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
OpenEventW
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
WaitForMultipleObjectsEx
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CreateMutexA
SetEvent
ReleaseSRWLockExclusive
InitializeSRWLock
ResetEvent
CreateEventW
CreateSemaphoreExW
ReleaseMutex
EnterCriticalSection
WaitForSingleObject
InitializeCriticalSectionEx
CreateMutexW
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

HeapCompact
HeapReAlloc
HeapAlloc
HeapDestroy
HeapValidate
HeapWalk
GetProcessHeap
HeapSize
HeapCreate
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
GetErrorMode
UnhandledExceptionFilter
RaiseException
GetLastError
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-com-l1-1-0

CoCreateGuid
StringFromGUID2
CoTaskMemAlloc
CLSIDFromString
CoSetProxyBlanket
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitializeEx
CoGetMalloc

api-ms-win-core-processthreads-l1-1-0

CreateProcessA
SetThreadPriority
ExitProcess
SetPriorityClass
GetThreadPriority
TlsSetValue
GetPriorityClass
TerminateProcess
GetExitCodeProcess
CreateThread
GetExitCodeThread
TlsGetValue
CreateProcessW
GetCurrentProcessId
GetCurrentThread
TlsFree
OpenThreadToken
GetCurrentProcess
GetProcessId
TlsAlloc
OpenProcessToken
GetCurrentThreadId

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetEnvironmentVariableW
GetCurrentDirectoryW
GetCommandLineW

api-ms-win-security-sddl-l1-1-0

ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventWriteString
EventRegister

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetTempPathW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime
GetWindowsDirectoryW
GetComputerNameExW
GetVersionExA
GetSystemTime
GetLocalTime
GetVersion
GetTickCount64
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetVersionExW
GlobalMemoryStatusEx

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-localization-l1-2-0

ResolveLocaleName
FormatMessageW
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-heap-obsolete-l1-1-0

GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
LocalFree
GlobalUnlock

api-ms-win-core-kernel32-legacy-l1-1-0

LoadLibraryW
WaitForMultipleObjects
RaiseFailFastException
MoveFileW
CopyFileW
CreateFileMappingA
GlobalMemoryStatus

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
VirtualQuery
UnmapViewOfFile
MapViewOfFile
VirtualFree
VirtualAlloc
VirtualProtect

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-core-localization-obsolete-l1-2-0

LCIDToLocaleName

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegOpenKeyW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-service-management-l2-1-0

ChangeServiceConfigW

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

api-ms-win-security-provider-l1-1-0

SetSecurityInfo

api-ms-win-security-cryptoapi-l1-1-0

CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptDestroyHash
CryptReleaseContext
CryptGetHashParam

api-ms-win-core-shlwapi-legacy-l1-1-0

PathMatchSpecW

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW
I_RpcMapWin32Status
UuidFromStringW

wer

WerReportCreate
WerReportSubmit
WerReportCloseHandle
WerReportAddFile
WerReportSetParameter
WerReportSetUIOption

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
EnableTraceEx2

api-ms-win-devices-config-l1-1-0

CM_Get_Device_Interface_PropertyW
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_SizeW

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW

Exports

Exports

CreateDeploymentSession
CreateDeploymentSessionEx
CreateOfflineDeploymentSession
UA_CommitActionList
UA_CreateActionList
UA_CreateActionList2
UA_CreateDeviceInformation
UA_CreateDownloadList
UA_CreateDownloadListFromActionList
UA_CreatePackageListFromDownloadList
UA_InstallActionList
UA_ReleaseDownloadList

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGECMRC
Size: 4KB - Virtual size: 130B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 672KB - Virtual size: 668KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UsbSettingsHandlers.dll
.dll windows:10 windows x64 arch:x64

a7b7f0470b1f8c0e268981b049fc30d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

UsbSettingsHandlers.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o___std_exception_copy
memmove
_o_bsearch_s
_o_free
_o_isspace
_o_malloc
_o_realloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
__CxxFrameHandler3
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
_o___std_type_info_destroy_list
_o___std_exception_destroy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExA
GetProcAddress
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA
DisableThreadLibraryCalls

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation
EventWriteTransfer

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsCreateString
WindowsGetStringRawBuffer
WindowsDuplicateString

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
OpenThreadToken
GetCurrentThread
CreateThread

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-synch-l1-1-0

SetEvent
AcquireSRWLockShared
InitializeCriticalSection
InitializeSRWLock
CreateEventW
DeleteCriticalSection
ReleaseSRWLockShared
InitializeCriticalSectionEx
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ResetEvent
ReleaseSRWLockExclusive
CreateMutexExW
ReleaseMutex
WaitForSingleObject
CreateSemaphoreExW
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegNotifyChangeKeyValue
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoCreateFreeThreadedMarshaler
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoGetMalloc
PropVariantClear
CoIncrementMTAUsage
CoDecrementMTAUsage
CoWaitForMultipleHandles
CoTaskMemFree
CoCreateInstance

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError
SetRestrictedErrorInfo

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoInitialize
RoUninitialize

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_SizeW

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
RevertToSelf

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
QueueUserWorkItem

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

ntdll

RtlSubscribeWnfStateChangeNotification
DbgPrint
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlGetPersistedStateLocation
RtlIsStateSeparationEnabled

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery

Exports

Exports

GetSetting

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UserDataTimeUtil.dll
.dll windows:10 windows x64 arch:x64

8b80c15a1aaf722c801c7b2e0eb47af5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

UserDataTimeUtil.pdb

Imports

msvcrt

__CxxFrameHandler3
_lock
malloc
wcschr
_initterm
_unlock
__dllonexit
__C_specific_handler
memmove
_callnewh
_amsg_exit
_XcptFilter
free
tolower
_onexit
floor
memcpy
memset

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
EnumDynamicTimeZoneInformation
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
GetTimeZoneInformation

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
InitializeSRWLock
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSRWLockShared
DeleteCriticalSection
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW

api-ms-win-core-localization-l1-2-0

GetSystemDefaultLCID
GetLocaleInfoW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetLocalTime

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree

api-ms-win-core-winrt-l1-1-0

RoActivateInstance

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AdjustForAllDayAppts
AdjustForBias
AdjustGMTForAllDayAppts
CmpDateST
CmpST
CmpYMD
ConvertFileTimeToLocalVariantTime
ConvertLocalVariantTimeToFileTime
ConvertSchedPlusToRenTz
ConvertTimeZone
ConvertVariantTimeToFileTime
DaysBetweenDates
DaysBetweenFT
DowFromDate
DurationBetweenFT
ExpandRtm
FileTimeAdjustTzToUTC
FileTimeAdjustUTCToTz
FileTimeToLocalFileTimeEx
FileTimeToTzSpecificVariantTime
FileTimeToVariantTime
GetCurrentLocalTime
GetDaysForLunarMonthOfCalendar
GetDaysForMonth
GetLeapMonthOfLunarYear
GetLocalIANAName
GetLunarDate
GetLunarDateOfCalendar
GetSolarDateOfCalendar
GetStartEndTime
IncrSystemTime
IsSupportedLunarCalendarType
LIncrWord
LegacyTimezoneInformationToTimezoneInformation
LocalFileTimeToFileTimeEx
MapIANATZNameToTZInfo
MapTZInfoToIANAName
MinutesBetweenFT
MinutesBetweenST
PimGet24HourFormat
PimGetDateFormat
PimGetLocaleInfo
PimGetTimeFormat
RenFromStdTimeZoneInfo
RoundEventTime
SecondsBetweenFT
StdTimeZoneInfoFromRen
TruncFt

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UserDeviceRegistration.Ngc.dll
.dll windows:10 windows x64 arch:x64

2a9563699e9bd19c3ea6e7c1aa529cb4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

UserDeviceRegistration.Ngc.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcserror
memcpy
_o_free
_o_malloc
_o_memcpy_s
_o_wcsncpy_s
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o___std_type_info_destroy_list
_o__callnewh
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
wcsstr
__std_terminate
__CxxFrameHandler4
memcmp

api-ms-win-crt-string-l1-1-0

memset
wcsnlen

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringLen
WindowsDuplicateString
WindowsDeleteString
WindowsCreateStringReference
WindowsCreateString
HSTRING_UserUnmarshal64
HSTRING_UserUnmarshal
HSTRING_UserMarshal64
HSTRING_UserFree
HSTRING_UserSize64
HSTRING_UserFree64
HSTRING_UserMarshal
HSTRING_UserSize
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsConcatString

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoGetCallContext
CoGetCallerTID
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
StringFromGUID2

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
GetRestrictedErrorInfo
RoOriginateErrorW
SetRestrictedErrorInfo
RoTransformError

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateEventW
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
CreateSemaphoreExW
ReleaseSRWLockShared
SetEvent
InitializeSRWLock
AcquireSRWLockShared
WaitForSingleObject
CreateEventExW

rpcrt4

UuidIsNil
NdrDllGetClassObject
UuidCreate
NdrDllCanUnloadNow
NdrOleFree
NdrOleAllocate
UuidFromStringW
UuidToStringW
RpcStringFreeW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
OpenProcessToken
GetProcessId
OpenThreadToken
GetCurrentThreadId
GetCurrentProcessId
GetCurrentThread

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetTickCount

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadStringW

ntdll

RtlGetPersistedStateLocation
LdrDisableThreadCalloutsForDll
RtlImageNtHeader

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegFlushKey
RegOpenKeyExW
RegGetValueW
RegEnumKeyExW
RegDeleteValueW
RegOpenCurrentUser
RegDeleteKeyExW
RegQueryInfoKeyW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoActivateInstance
RoUninitialize
RoGetActivationFactory

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-console-l3-2-0

GetConsoleWindow

crypt32

CertFreeCertificateContext
CertVerifySubjectCertificateContext

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

twinapi.appcore

ord3
ord2

cryptngc

NgcGetUserIdKeyCertificate

webauthn

WebAuthNCtapResetDevice

api-ms-win-security-base-l1-1-0

GetLengthSid
CopySid
GetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

winhttp

WinHttpCrackUrl

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 192KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UserDeviceRegistration.dll
.dll windows:10 windows x64 arch:x64

c29d1b55e50e0cd2b60c69006f5877bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

UserDeviceRegistration.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memcpy
_o_free
_o_malloc
_o_memcpy_s
_o_realloc
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy

api-ms-win-crt-string-l1-1-0

memmove_s
memset

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
HSTRING_UserUnmarshal64
HSTRING_UserUnmarshal
HSTRING_UserMarshal64
HSTRING_UserFree
HSTRING_UserSize64
HSTRING_UserFree64
HSTRING_UserMarshal
HSTRING_UserSize
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsCreateStringReference

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoRevertToSelf
CoImpersonateClient
CoTaskMemFree
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoGetInterfaceAndReleaseStream
CoMarshalInterface
CoGetCallContext
CreateStreamOnHGlobal
CoReleaseMarshalData

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
GetRestrictedErrorInfo
RoTransformError
SetRestrictedErrorInfo
RoOriginateErrorW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
InitializeSRWLock
ReleaseMutex
ReleaseSRWLockShared
SetEvent
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateEventExW
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW

rpcrt4

NdrDllGetClassObject
NdrDllCanUnloadNow
NdrOleAllocate
NdrOleFree

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
OpenThreadToken
GetCurrentThread
OpenProcessToken

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA
FreeLibrary

ntdll

LdrDisableThreadCalloutsForDll
RtlImageNtHeader

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

crypt32

CryptAcquireCertificatePrivateKey
CertNameToStrW
CryptHashCertificate

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

ncrypt

NCryptSignHash
NCryptFreeObject

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

GetTokenInformation
AllocateAndInitializeSid
GetLengthSid
CopySid
FreeSid

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolAllowThreadReuse

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-security-base-l1-2-0

CheckTokenCapability

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VaultCDS.dll
.dll windows:10 windows x64 arch:x64

d19af6e5dcd68042e9a4cd46532b21cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

vaultcds.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
__std_type_info_compare
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
_CxxThrowException
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleFileNameA
FreeLibrary
GetModuleHandleW
GetProcAddress

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
CreateMutexExW
EnterCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitializeCriticalSectionEx
CreateSemaphoreExW
ReleaseMutex
AcquireSRWLockShared
WaitForSingleObject
LeaveCriticalSection
ReleaseSemaphore
ReleaseSRWLockShared
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
TraceMessage
GetTraceEnableLevel
GetTraceEnableFlags

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventActivityIdControl
EventWriteTransfer
EventSetInformation
EventUnregister

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateGuid
CoCreateFreeThreadedMarshaler
StringFromGUID2

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsDeleteString

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

Exports

Exports

VaultCDSEnumerateItems
VaultCDSSaveItem

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WiFiCloudStore.dll
.dll windows:10 windows x64 arch:x64

48b8f41ddb1708538596a480cbd2a2e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WiFiCloudStore.pdb

Imports

msvcp_win

?setf@ios_base@std@@QEAAHHH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?flags@ios_base@std@@QEBAHXZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?_Xout_of_range@std@@YAXPEBD@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAI@Z
?_Xbad_function_call@std@@YAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$ctype@G@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?id@?$collate@G@std@@2V0locale@2@A
_Wcsxfrm
_Wcscoll
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_ceilf
_o_free
_o_malloc
_o_realloc
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__configure_narrow_argv
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__callnewh
_o__crt_atexit
_o___stdio_common_vswprintf
__std_terminate
__CxxFrameHandler4
_o___stdio_common_vsprintf
__std_type_info_compare
strchr
_o___stdio_common_vsnprintf_s
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleW
FreeLibrary
GetModuleHandleExW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize
Sleep

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
ReleaseSRWLockExclusive
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
OpenSemaphoreW
ReleaseSRWLockShared
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateMutexExW
CreateSemaphoreExW
AcquireSRWLockExclusive
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsDeleteString

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError
GetRestrictedErrorInfo
RoFailFastWithErrorContext
RoOriginateErrorW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
FreeLibraryWhenCallbackReturns
CreateThreadpoolTimer

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventSetInformation
EventWriteTransfer
EventRegister

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateGuid
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoSetProxyBlanket
CoCreateInstance
StringFromGUID2
CoInitializeEx
CoTaskMemFree
CLSIDFromString

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-security-base-l1-1-0

EqualSid
CheckTokenMembership
IsWellKnownSid
GetTokenInformation

ntdll

RtlGetDeviceFamilyInfoEnum

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegDeleteValueW
RegGetValueW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
TriggerCloudSyncOnCostChange

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinHvPlatform.dll
.dll windows:10 windows x64 arch:x64

2d62019e6bb75252f00899d7c892bee4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WinHvPlatform.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsnicmp
_o_abort
_o_free
_o_malloc
_o_terminate
_o_wcstod
_o_wcstoull
__current_exception
__current_exception_context
_o__callnewh
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__C_specific_handler
_o__cexit
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtPowerInformation

ext-ms-win-cng-rng-l1-1-1

ProcessPrngGuid

vid

VidCreateSynicPort
VidDestroySynicPort
VidReopenExoPartition
VidExoBrokerSend
VidExoGetVpState
VidDeletePartition
VidExoVpCreate
VidResetPartition
VidExoControlGpaAccessTracking
VidSetPartitionProperty
VidExoUnpinGpaRanges
VidExoAccessVaFault
VidExoUnmapGpaRange
VidExoPinGpaRanges
VidGetExoPartitionProperty
VidGetExoSystemInformation
VidMapHvLocalStatsPage
VidExoInstallIntercept
VidSetPropertySynicPort
VidMapHypercallDoorbellPage
VidGetPartitionProperty
VidExoRegisterInterceptResult
VidCreateExoPartition
VidExoMapGpaRange
VidExoVpMap
VidExoVpDestroy
VidExoSetVpState
VidTriggerDestroy
VidTriggerUpdateParameters
VidTriggerCreate
VidExoBrokerReceive

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
GetProcAddress

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
WaitForSingleObjectEx
DeleteCriticalSection
CreateEventExW
TryAcquireSRWLockExclusive
CreateSemaphoreExW
WaitForSingleObject
SetEvent
AcquireSRWLockShared
ReleaseMutex
ReleaseSRWLockShared
EnterCriticalSection
ReleaseSRWLockExclusive
ResetEvent
AcquireSRWLockExclusive
OpenSemaphoreW
CreateEventW
CreateMutexExW
LeaveCriticalSection
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-memory-l1-1-0

VirtualProtect

api-ms-win-core-synch-l1-2-0

WaitOnAddress
InitOnceComplete
InitOnceBeginInitialize
WakeByAddressAll

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventSetInformation
EventUnregister

api-ms-win-core-io-l1-1-0

GetOverlappedResult
CancelIoEx
DeviceIoControl

api-ms-win-core-systemtopology-l1-1-0

GetNumaHighestNodeNumber

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-processthreads-l1-1-1

GetThreadIdealProcessorEx
IsProcessorFeaturePresent

api-ms-win-core-kernel32-legacy-l1-1-1

GetNumaProcessorNodeEx

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

devobj

DevObjGetDeviceProperty
DevObjCreateDeviceInfoList
DevObjGetClassDevs
DevObjGetDeviceInterfaceDetail
DevObjDestroyDeviceInfoList
DevObjEnumDeviceInterfaces
DevObjEnumDeviceInfo

Exports

Exports

WHvAcceptPartitionMigration
WHvAdviseGpaRange
WHvAllocateVpciResource
WHvCancelPartitionMigration
WHvCancelRunVirtualProcessor
WHvCompletePartitionMigration
WHvCreateNotificationPort
WHvCreatePartition
WHvCreateTrigger
WHvCreateVirtualProcessor
WHvCreateVirtualProcessor2
WHvCreateVpciDevice
WHvDeleteNotificationPort
WHvDeletePartition
WHvDeleteTrigger
WHvDeleteVirtualProcessor
WHvDeleteVpciDevice
WHvGetCapability
WHvGetInterruptTargetVpSet
WHvGetPartitionCounters
WHvGetPartitionProperty
WHvGetVirtualProcessorCounters
WHvGetVirtualProcessorCpuidOutput
WHvGetVirtualProcessorInterruptControllerState
WHvGetVirtualProcessorInterruptControllerState2
WHvGetVirtualProcessorRegisters
WHvGetVirtualProcessorState
WHvGetVirtualProcessorXsaveState
WHvGetVpciDeviceInterruptTarget
WHvGetVpciDeviceNotification
WHvGetVpciDeviceProperty
WHvMapGpaRange
WHvMapGpaRange2
WHvMapVpciDeviceInterrupt
WHvMapVpciDeviceMmioRanges
WHvPostVirtualProcessorSynicMessage
WHvQueryGpaRangeDirtyBitmap
WHvReadGpaRange
WHvReadVpciDeviceRegister
WHvRegisterPartitionDoorbellEvent
WHvRequestInterrupt
WHvRequestVpciDeviceInterrupt
WHvResetPartition
WHvResumePartitionTime
WHvRetargetVpciDeviceInterrupt
WHvRunVirtualProcessor
WHvSetNotificationPortProperty
WHvSetPartitionProperty
WHvSetVirtualProcessorInterruptControllerState
WHvSetVirtualProcessorInterruptControllerState2
WHvSetVirtualProcessorRegisters
WHvSetVirtualProcessorState
WHvSetVirtualProcessorXsaveState
WHvSetVpciDevicePowerState
WHvSetupPartition
WHvSignalVirtualProcessorSynicEvent
WHvStartPartitionMigration
WHvSuspendPartitionTime
WHvTranslateGva
WHvUnmapGpaRange
WHvUnmapVpciDeviceInterrupt
WHvUnmapVpciDeviceMmioRanges
WHvUnregisterPartitionDoorbellEvent
WHvUpdateTriggerParameters
WHvWriteGpaRange
WHvWriteVpciDeviceRegister

Sections

.text
Size: 196KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mrdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.ApplicationModel.LockScreen.dll
.dll windows:10 windows x64 arch:x64

da9be8cda952b5283f398fbe8733609e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

windows.applicationmodel.lockscreen.pdb

Imports

wincorlib

??0NotImplementedException@Platform@@QE$AAA@XZ
?__abi_cast_Object_to_String@__abi_details@@YAPE$AAVString@Platform@@_NPE$AAVObject@3@@Z
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?__abi_make_type_id@@YAPE$AAVType@Platform@@AEBU__abi_type_descriptor@@@Z
?Free@Heap@Details@Platform@@SAXPEAX@Z
??0Object@Platform@@QE$AAA@XZ
?UninitializeData@Details@Platform@@YAXH@Z
?InitializeData@Details@Platform@@YAJH@Z
??0NullReferenceException@Platform@@QE$AAA@XZ
?CreateValue@Details@Platform@@YAPE$AAVObject@2@W4TypeCode@2@PEBX@Z
?get@FullName@Type@Platform@@QE$AAAPE$AAVString@3@XZ
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
?GetWeakReference@Details@Platform@@YAPEAU__abi_IUnknown@@QE$ADVObject@2@@Z
?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z
?ResolveWeakReference@Details@Platform@@YAPE$AAVObject@2@AEBU_GUID@@PEAPEAU__abi_IUnknown@@@Z
??0DisconnectedException@Platform@@QE$AAA@XZ
??0Delegate@Platform@@QE$AAA@XZ
?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
?GetIBoxVtable@Details@Platform@@YAPEAXPEAX@Z
?__abi_ObjectToString@__abi_details@@YAPE$AAVString@Platform@@PE$AAVObject@3@_N@Z
?GetTypeCode@Type@Platform@@SA?AW4TypeCode@2@PE$AAV12@@Z
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?__abi_WinRTraiseFailureException@@YAXXZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_FailFast@@YAXXZ
?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ

msvcrt

_callnewh
malloc
__CxxFrameHandler4
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
_purecall
memcpy
memmove
_XcptFilter
_amsg_exit
free
_initterm
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
memcpy_s
log
__C_specific_handler
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
_vsnwprintf
??3@YAXPEAX@Z
memmove_s
??_V@YAXPEAX@Z
realloc
wcschr
?terminate@@YAXXZ
_lock
??1type_info@@UEAA@XZ
__CxxFrameHandler3
_unlock
_onexit
exp
__dllonexit
memcmp
wcslen
memset
wcsstr
wcsrchr

twinapi.appcore

ord7
ord6
ord9

shcore

IStream_WriteStr
IStream_ReadStr
CreateRandomAccessStreamOverStream
ord109
SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext
SHCreateMemStream
SHGetThreadRef

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetProcessId
GetCurrentProcess
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoEx

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
RaiseException
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
CreateSemaphoreExW
WaitForSingleObjectEx
AcquireSRWLockShared
InitializeCriticalSectionEx
AcquireSRWLockExclusive
SetEvent
InitializeCriticalSection
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
CreateMutexExW
ReleaseMutex
OpenSemaphoreW
LeaveCriticalSection
ReleaseSemaphore
CreateEventW
ReleaseSRWLockExclusive
InitializeSRWLock

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-com-l1-1-0

CoIncrementMTAUsage
CoCreateInstance
CoDecrementMTAUsage
CoUnmarshalInterface
CoEnableCallCancellation
CoMarshalInterface
CoCreateFreeThreadedMarshaler
CoGetMarshalSizeMax
CoDisableCallCancellation
CoTaskMemAlloc
CoTaskMemFree
CoGetApartmentType
CoGetCallContext
CoCancelCall
CoReleaseMarshalData
CreateStreamOnHGlobal

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation
EventActivityIdControl

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
FreeLibrary
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleW
GetModuleHandleExA

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW
SetRestrictedErrorInfo
RoTransformError
GetRestrictedErrorInfo

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceComplete
WaitOnAddress
InitOnceExecuteOnce
Sleep
WakeByAddressAll
InitOnceBeginInitialize

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserSize
WindowsCompareStringOrdinal
WindowsIsStringEmpty
HSTRING_UserFree64
WindowsStringHasEmbeddedNull
HSTRING_UserSize64
WindowsCreateStringReference
HSTRING_UserFree
HSTRING_UserMarshal
HSTRING_UserMarshal64
WindowsGetStringLen
HSTRING_UserUnmarshal
WindowsGetStringRawBuffer
HSTRING_UserUnmarshal64
WindowsCreateString
WindowsDeleteString
WindowsDuplicateString

rpcrt4

NdrDllGetClassObject
NdrOleFree
NdrDllCanUnloadNow
NdrOleAllocate

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CloseThreadpoolWork
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-file-l1-1-0

ReadFile
GetFileSize

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

ntdll

NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
RtlAllocateHeap
RtlInitUnicodeString
NtQueryInformationToken
RtlFreeHeap

combase

ord157
ord90

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 328KB - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.ApplicationModel.Store.dll
.dll windows:10 windows x64 arch:x64

16a2415c9e86453212dddfafcf1830dc

Code Sign

33:00:00:05:56:c9:20:2b:1f:74:32:5d:2d:00:00:00:00:05:56
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:e8:1c:24:ab:bc:26:79:48:33:0f:7d:93:86:b9:1b:a3:3c:bb:35:c8:dc:82:cb:7e:71:a6:f2:d2:45:0e:a2
Signer

Actual PE Digest

1a:e8:1c:24:ab:bc:26:79:48:33:0f:7d:93:86:b9:1b:a3:3c:bb:35:c8:dc:82:cb:7e:71:a6:f2:d2:45:0e:a2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.ApplicationModel.Store.pdb

Imports

msvcrt

sprintf_s
wcstombs
strncpy_s
memset
_set_errno
strrchr
strchr
memmove_s
mbstowcs_s
_wcsicmp
_itow_s
wcsstr
_wtol
_wcsdup
_wcsupr
_amsg_exit
_vsnwprintf
wcsrchr
wcschr
_wcstoui64
_snwprintf_s
_vsnprintf
wcstombs_s
wcstoul
_wtof
vswprintf_s
wcscspn
_wtoi
_callnewh
malloc
_initterm
_lock
memmove
floor
wcscpy_s
_wcstoi64
__CxxFrameHandler3
_onexit
_XcptFilter
memcmp
memcpy
__dllonexit
_unlock
_errno
realloc
??_V@YAXPEAX@Z
__C_specific_handler
strcmp
free
_purecall
wcstod
memcpy_s
strtol
wcscmp

ntdll

RtlUpcaseUnicodeChar
RtlNtStatusToDosError
NtQueryWnfStateData
RtlIsStateSeparationEnabled
RtlGetDeviceFamilyInfoEnum
RtlPublishWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryInformationProcess
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwEventWriteTransfer
RtlUnsubscribeWnfStateChangeNotification
EtwEventSetInformation
EtwEventUnregister
EtwEventRegister

api-ms-win-core-kernel32-legacy-l1-1-0

FileTimeToDosDateTime

api-ms-win-core-libraryloader-l1-2-0

FreeResource
GetModuleFileNameA
SizeofResource
LoadResource
FindResourceExW
GetModuleHandleExA
GetModuleHandleExW
FreeLibrary
GetProcAddress
LockResource
DisableThreadLibraryCalls
LoadStringW
GetModuleHandleW

api-ms-win-core-localization-l1-2-0

GetUserDefaultLocaleName
LCMapStringEx
GetLocaleInfoEx
GetUserGeoID
GetGeoInfoW
FormatMessageW

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
OpenThreadToken
GetCurrentThreadId
CreateProcessW
GetCurrentThread
GetExitCodeProcess
GetProcessId
OpenThread
GetProcessIdOfThread
GetCurrentProcessId
OpenProcessToken

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
SetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
WaitForMultipleObjectsEx
CreateEventW
CreateEventExW
ResetEvent
CreateSemaphoreExW
ReleaseSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockShared
CreateMutexExW
InitializeCriticalSection
AcquireSRWLockExclusive
ReleaseMutex
ReleaseSemaphore
InitializeSRWLock
OpenSemaphoreW
WaitForSingleObject
SetEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceExecuteOnce
InitOnceBeginInitialize
Sleep
InitOnceComplete

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW
MultiByteToWideChar

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA
ExpandEnvironmentStringsW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetTickCount64
GetLocalTime
GetVersionExA
GetSystemTimeAsFileTime
GetSystemTime

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventActivityIdControl
EventUnregister
EventWriteTransfer
EventSetInformation

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-security-base-l1-1-0

CopySid
ImpersonateLoggedOnUser
AllocateAndInitializeSid
FreeSid
GetLengthSid
DuplicateTokenEx
GetTokenInformation
RevertToSelf

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-file-l1-1-0

GetFileSize
CreateFileW
CreateDirectoryW
DeleteFileW
ReadFile
FindFirstFileA
FindClose
FindNextFileA
CompareFileTime
CreateFileA
FindFirstFileExA
WriteFile
SetFilePointer
DeleteFileA
GetFileInformationByHandle
FileTimeToLocalFileTime

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx

api-ms-win-core-file-l1-2-2

GetTempFileNameA
GetTempPathA

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-registry-l1-1-0

RegOpenCurrentUser
RegGetValueW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-path-l1-1-0

PathCchAppendEx
PathCchAddExtension

api-ms-win-core-localization-l2-1-0

GetCurrencyFormatEx

api-ms-win-core-url-l1-1-0

UrlEscapeW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-shlwapi-legacy-l1-1-0

PathAppendA
PathRemoveFileSpecA
PathCombineA
PathAppendW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalFree

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 856KB - Virtual size: 854KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.CloudStore.EarlyDownloader.dll
.dll windows:10 windows x64 arch:x64

1ac40bb36e1a9defac3268940e2b839c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.CloudStore.EarlyDownloader.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wtoll
_o_abort
_o_ceilf
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_strcat_s
_o_strcpy_s
_o_terminate
_o_towlower
__C_specific_handler
__current_exception
__current_exception_context
_o__crt_atexit
_o__free_base
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
__std_type_info_compare
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vsnprintf_s
_o___std_type_info_name
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
_o__execute_onexit_table
_o__errno

api-ms-win-crt-string-l1-1-0

memset
strcmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
FreeLibrary
DisableThreadLibraryCalls
FindStringOrdinal
GetModuleHandleW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThread
OpenThreadToken
GetCurrentThreadId
GetCurrentProcessId
OpenProcessToken
TerminateProcess

api-ms-win-core-localization-l1-2-0

GetSystemPreferredUILanguages
FormatMessageW
FormatMessageA

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

rpcrt4

NdrDllGetClassObject
NdrDllCanUnloadNow

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation
EventActivityIdControl

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
ResetEvent
AcquireSRWLockShared
ReleaseSRWLockShared
CreateEventW
ReleaseSRWLockExclusive
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
SetEvent
CreateMutexExW
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
OpenSemaphoreW
WaitForSingleObjectEx
CreateSemaphoreExW
AcquireSRWLockExclusive

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
TrySubmitThreadpoolCallback
SetThreadpoolWait
CloseThreadpoolWait
CreateThreadpoolTimer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegGetValueW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCompareMemory

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar

msvcp_win

??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?uncaught_exception@std@@YA_NXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?widen@?$ctype@G@std@@QEBAGD@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?id@?$ctype@G@std@@2V0locale@2@A
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??1_Lockit@std@@QEAA@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Xtime_get_ticks
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Random_device@std@@YAIXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
_Thrd_yield
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-path-l1-1-0

PathCchSkipRoot
PathAllocCanonicalize

api-ms-win-core-file-l1-1-0

CreateFileW
FindFirstFileExW
WriteFile
GetFileAttributesExW
SetFileInformationByHandle
DeleteFileW
GetFileAttributesW
GetFileSizeEx
CreateDirectoryW
FindNextFileW
ReadFile
FindClose

ntdll

RtlGetDeviceFamilyInfoEnum

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-shell-shdirectory-l1-1-0

ord290

api-ms-win-security-lsalookup-l1-1-2

LsaLookupUserAccountType

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoUninitialize
RoInitialize

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

oleaut32

SetErrorInfo
SysStringLen
SysFreeString
GetErrorInfo
SysAllocString

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
GetProxyDllInfo

Sections

.text
Size: 644KB - Virtual size: 642KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.CloudStore.Schema.Shell.dll
.dll windows:10 windows x64 arch:x64

e23a202c3b7350446c8b717a7134496f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.CloudStore.Schema.Shell.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o_abort
_o_ceilf
_o_free
_o_iswspace
_o_malloc
_o_strncpy_s
_o_strtol
_o_terminate
_o_towlower
__C_specific_handler
__current_exception
__current_exception_context
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_CxxThrowException
_o__execute_onexit_table
__CxxFrameHandler3
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o__errno
strrchr
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
strchr
__std_type_info_compare
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsncmp
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
FreeLibrary
DisableThreadLibraryCalls
FindStringOrdinal
GetProcAddress

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

rpcrt4

NdrOleFree
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate
UuidCreate

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
RaiseException
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
CreateMutexExW
InitializeCriticalSectionAndSpinCount
ResetEvent
CreateEventW
ReleaseMutex
OpenSemaphoreW
ReleaseSemaphore
WaitForSingleObject
EnterCriticalSection
SetEvent
WaitForSingleObjectEx
ReleaseSRWLockShared
DeleteCriticalSection
CreateEventExW
AcquireSRWLockShared
ReleaseSRWLockExclusive
CreateSemaphoreExW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventActivityIdControl
EventUnregister
EventRegister
EventSetInformation

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo
SetRestrictedErrorInfo
RoOriginateError
RoOriginateErrorW
RoFailFastWithErrorContext

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserFree
HSTRING_UserFree64
HSTRING_UserMarshal
HSTRING_UserSize
WindowsGetStringRawBuffer
HSTRING_UserMarshal64
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
HSTRING_UserUnmarshal
HSTRING_UserUnmarshal64
WindowsCreateString
WindowsCreateStringReference
WindowsDeleteString
HSTRING_UserSize64

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-file-l1-1-0

SetFileAttributesW
GetFileAttributesW
GetFullPathNameW
DeleteFileW
FindFirstFileW
RemoveDirectoryW
CreateFileW
FindClose
CreateDirectoryW
SetFileInformationByHandle
FindNextFileW

ntdll

RtlPublishWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlExtendCorrelationVector
RtlIsMultiSessionSku
RtlIncrementCorrelationVector
RtlInitializeCorrelationVector
RtlConvertDeviceFamilyInfoToString

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize
RoActivateInstance
RoGetActivationFactory

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchSkipRoot

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-shcore-registry-l1-1-0

SHDeleteKeyW

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

msvcp_win

?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
??0task_continuation_context@Concurrency@@AEAA@XZ
?__ExceptionPtrCreate@@YAXPEAX@Z
_Cnd_init_in_situ
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
_Mtx_destroy_in_situ
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Mtx_lock
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Mtx_init_in_situ
_Cnd_wait
_Mtx_unlock
_Cnd_broadcast
_Cnd_destroy_in_situ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Throw_C_error@std@@YAXH@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Xbad_function_call@std@@YAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
GetProxyDllInfo

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.CloudStore.dll
.dll windows:10 windows x64 arch:x64

5ccfc583e6c81e7dea64dbae376bf7c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.CloudStore.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__free_base
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__malloc_base
_o__mkgmtime64
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__wcslwr
memmove
_o_abort
_o_calloc
_o_ceilf
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_strcat_s
_o_strcpy_s
_o_strtoul
_o_terminate
_o_towlower
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
__std_terminate
strchr
_o___stdio_common_vswprintf
_o___stdio_common_vsscanf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
__CxxFrameHandler4
memchr
memcmp
memcpy
_CxxThrowException
__CxxFrameHandler3
wcschr
__std_type_info_compare

api-ms-win-crt-string-l1-1-0

strncmp
strcmp
memset

shcore

IStream_Size
IStream_Reset
IStream_Copy
ord270
IStream_Read
SHCreateStreamOnFileW
SHTaskPoolGetUniqueContext
GetFeatureEnabledState
SHTaskPoolQueueTask
SHCreateMemStream

api-ms-win-core-path-l1-1-0

PathCchAddBackslashEx
PathCchSkipRoot
PathCchCombine
PathCchCombineEx
PathAllocCanonicalize

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister
EventUnregister
EventActivityIdControl

api-ms-win-core-threadpool-l1-1-0

SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
TrySubmitThreadpoolCallback
CreateThreadpoolWait

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-file-l1-1-0

GetFileInformationByHandle
CreateDirectoryW
CreateFileW
GetFileSizeEx
ReadFile
WriteFile
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedFlushSList
InterlockedPushEntrySList

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
DisableThreadLibraryCalls
FreeLibrary
FindStringOrdinal
GetModuleHandleExW
GetProcAddress
GetModuleHandleExA
GetModuleFileNameA

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetSystemPreferredUILanguages
LCMapStringEx

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
OpenThreadToken
GetCurrentThread
SetThreadToken
GetProcessId
OpenProcessToken
ProcessIdToSessionId

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegQueryValueExW
RegGetValueW
RegDisablePredefinedCacheEx
RegLoadAppKeyW
RegCopyTreeW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteTreeW
RegEnumKeyExW
RegNotifyChangeKeyValue

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
ReleaseSRWLockShared
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
OpenSemaphoreW
CreateMutexExW
ReleaseMutex
ReleaseSRWLockExclusive
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
WaitForSingleObjectEx
InitializeCriticalSection
CreateEventExW
SetEvent
InitializeSRWLock
ResetEvent
AcquireSRWLockShared
AcquireSRWLockExclusive
WaitForSingleObject
CreateEventW

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep
InitOnceBeginInitialize
InitOnceExecuteOnce
InitOnceComplete

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpiA
lstrcmpW

ntdll

RtlGetCurrentServiceSessionId
RtlGetDeviceFamilyInfoEnum
RtlValidateCorrelationVector
RtlIsMultiSessionSku
RtlDeriveCapabilitySidsFromName
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
RtlAllocateHeap
RtlInitUnicodeString
NtQueryInformationToken
RtlPublishWnfStateData
RtlFreeHeap

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

combase

ord148
ord147

msvcp_win

?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
_Xtime_get_ticks
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Throw_C_error@std@@YAXH@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Xbad_function_call@std@@YAXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
_Thrd_yield
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Xbad_alloc@std@@YAXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
_Mtx_lock
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Xout_of_range@std@@YAXPEBD@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?id@?$numpunct@D@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
_Mtx_unlock
?_Random_device@std@@YAIXZ
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?_Incref@facet@locale@std@@UEAAXXZ
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
??Bid@locale@std@@QEAA_KXZ
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?setf@ios_base@std@@QEAAHHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?classic@locale@std@@SAAEBV12@XZ
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
GetProxyDllInfo

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 440KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.Devices.Lights.dll
.dll windows:10 windows x64 arch:x64

e282a791e9c7ed4877ab8e146123ee27

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.Devices.Lights.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o__wcsicmp
_o_abort
_o_ceilf
_o_free
_o_iswspace
_o_malloc
_o_sqrt
_o_terminate
_o_wcstol
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__crt_atexit
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_narrow_argv
_o__execute_onexit_table
_o__errno
_o__cexit
_o__callnewh
__C_specific_handler
__std_terminate
__CxxFrameHandler4
__C_specific_handler_noexcept
memcmp
memcpy
wcsrchr

api-ms-win-crt-string-l1-1-0

wcsnlen
memset

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
FreeLibraryAndExitThread
GetModuleHandleExW
FreeLibrary
GetProcAddress
GetModuleFileNameA
LoadStringW
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

TryEnterCriticalSection
SleepEx
CreateMutexExW
ReleaseSemaphore
DeleteCriticalSection
InitializeCriticalSection
OpenSemaphoreW
CreateEventW
InitializeSRWLock
SetEvent
CreateEventExW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
WaitForSingleObjectEx
ReleaseSRWLockShared
CreateSemaphoreExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
OpenEventW
WaitForSingleObject
ResetEvent
EnterCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
OpenProcessToken
CreateThread
QueueUserAPC
SetThreadPriority
GetCurrentThread
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle
SetHandleInformation

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventActivityIdControl
EventRegister
EventUnregister

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce
Sleep

rpcrt4

NdrOleFree
NdrStubForwardingFunction
NdrDllGetClassObject
NdrOleAllocate
NdrDllCanUnloadNow

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

oleaut32

GetErrorInfo
SetErrorInfo
SysFreeString
SysStringLen
SysAllocString

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
RtlCaptureStackBackTrace

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolAllowThreadReuse

api-ms-win-security-base-l1-1-0

IsValidSid
AllocateAndInitializeSid
RevertToSelf
GetTokenInformation
CopySid
GetLengthSid
IsWellKnownSid

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

coremessaging

CoreUICallCreateConversationHost
CoreUICallReceive
CoreUICreate
CoreUICallSend

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-io-l1-1-0

GetOverlappedResult
CreateIoCompletionPort
DeviceIoControl
GetQueuedCompletionStatus

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

api-ms-win-core-psapi-l1-1-0

K32GetProcessImageFileNameW

api-ms-win-appmodel-runtime-l1-1-1

GetPackageFamilyNameFromToken
GetPackageFullNameFromToken

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegGetValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteTreeW
RegEnumKeyExW
RegNotifyChangeKeyValue
RegEnumValueW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

ntdll

NtAlpcSendWaitReceivePort
NtAlpcDisconnectPort
RtlNtStatusToDosError
NtAlpcAcceptConnectPort
NtCreateWaitCompletionPacket
NtDelayExecution
NtCancelWaitCompletionPacket
RtlUnsubscribeWnfNotificationWaitForCompletion
NtAlpcCreateSectionView
NtQueryWnfStateData
NtAssociateWaitCompletionPacket
RtlSubscribeWnfStateChangeNotification
RtlGetDeviceFamilyInfoEnum
NtAlpcCancelMessage
NtAlpcConnectPort
NtAlpcCreatePortSection
RtlGetSystemTimePrecise
NtAlpcDeletePortSection
NtAlpcDeleteSectionView

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ

api-ms-win-core-memory-l1-1-0

VirtualProtect

api-ms-win-core-namespace-l1-1-0

CreatePrivateNamespaceW
DeleteBoundaryDescriptor
OpenPrivateNamespaceW
CreateBoundaryDescriptorW
AddSIDToBoundaryDescriptor
ClosePrivateNamespace

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileAttributesW

bcrypt

BCryptCreateHash
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptHashData
BCryptGenRandom
BCryptDestroyHash

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 384KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sipc
Size: 4KB - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.Devices.Sensors.dll
.dll windows:10 windows x64 arch:x64

db0ed4ca9335f03dfe9fbbed4c442a08

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:56:99:d2:71:db:19:58:a8:9c:4e:a8:9d:74:f9:de:25:da:34:6e:d1:6f:df:a1:ca:c5:b1:28:8b:e2:66:cc
Signer

Actual PE Digest

52:56:99:d2:71:db:19:58:a8:9c:4e:a8:9d:74:f9:de:25:da:34:6e:d1:6f:df:a1:ca:c5:b1:28:8b:e2:66:cc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.Devices.Sensors.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wtoi
_o_asinf
_o_atan2f
_o_atanf
_o_ceilf
_o_cosf
_o_floorf
_o_fmodf
_o_free
_o_log
_o_malloc
_o_realloc
_o_sinf
_o_strncat_s
_o_terminate
_o_wcsncpy_s
_o_wcstombs_s
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_type_info_compare
__C_specific_handler
__std_terminate
__CxxFrameHandler4
__C_specific_handler_noexcept
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FreeLibrary
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleHandleExA
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
TryAcquireSRWLockExclusive
CreateSemaphoreExW
ReleaseMutex
WaitForSingleObjectEx
InitializeCriticalSection
OpenSemaphoreW
AcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockExclusive
InitializeSRWLock
ReleaseSRWLockShared
ResetEvent
CreateEventW
WaitForSingleObject
InitializeCriticalSectionEx
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
CreateEventExW
WaitForMultipleObjectsEx
SetEvent
LeaveCriticalSection
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
TrySubmitThreadpoolCallback
WaitForThreadpoolTimerCallbacks
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
SetThreadpoolThreadMaximum
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
SetThreadpoolThreadMinimum
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
CreateThreadpool
CloseThreadpool

api-ms-win-core-processthreads-l1-1-0

CreateThread
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
OpenThreadToken
GetCurrentProcessId
OpenProcessToken
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
UnregisterTraceGuids
GetTraceEnableLevel
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableFlags

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete

rpcrt4

NdrDllGetClassObject
NdrDllCanUnloadNow
I_RpcExceptionFilter
NdrOleFree
NdrStubForwardingFunction
RpcBindingCreateW
RpcBindingBind
RpcExceptionFilter
NdrOleAllocate
RpcBindingFree
NdrClientCall3

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

biwinrt

BiRtDeleteEventForApp
BiRtCreateEventForApp

msvcp_win

?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-security-base-l1-1-0

GetTokenInformation

ntdll

LdrAddRefDll
NtQuerySystemInformation
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_PropertyW
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW
CM_MapCrToWin32Err
CM_Unregister_Notification
CM_Register_Notification

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-core-file-l1-1-0

CreateFileW
ReadFile

api-ms-win-core-io-l1-1-0

CancelIoEx
GetOverlappedResult

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 904KB - Virtual size: 901KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 480KB - Virtual size: 477KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.Graphics.Printing.Workflow.Native.dll
.dll windows:10 windows x64 arch:x64

5ddb7c3ab8f047236f9bfbb4cf172ce4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.Graphics.Printing.Workflow.Native.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___std_type_info_destroy_list
_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
__C_specific_handler

api-ms-win-crt-string-l1-1-0

memset

rpcrt4

NdrDllCanUnloadNow
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.Graphics.Printing.Workflow.dll
.dll windows:10 windows x64 arch:x64

c0f655e4dfdb9fbaed4ac716028a5c58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.Graphics.Printing.Workflow.pdb

Imports

msvcp_win

?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z
_Thrd_yield
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
?_Xout_of_range@std@@YAXPEBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
?width@ios_base@std@@QEBA_JXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?uncaught_exception@std@@YA_NXZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?good@ios_base@std@@QEBA_NXZ
?__ExceptionPtrDestroy@@YAXPEAX@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?flags@ios_base@std@@QEBAHXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?width@ios_base@std@@QEAA_J_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?__ExceptionPtrRethrow@@YAXPEBX@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Xtime_get_ticks
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@M@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__gmtime64
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__localtime64
_o__mktime64
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__wcsicmp
_o__wcsnicmp
memmove
_o__wtof
_o__wtoi
_o__wtol
_o_abort
_o_ceilf
_o_free
_o_isdigit
_o_isupper
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
_o_tolower
_o_towlower
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcschr
__std_terminate
__CxxFrameHandler4
memchr
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
DisableThreadLibraryCalls
LoadLibraryExA
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

ResetEvent
CreateSemaphoreExW
EnterCriticalSection
ReleaseSemaphore
CreateEventW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
InitializeSRWLock
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
InitializeCriticalSectionAndSpinCount
CreateEventExW
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
SetEvent

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWait
CloseThreadpoolTimer
SetThreadpoolWait
TrySubmitThreadpoolCallback
CloseThreadpoolWait

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
CreateThread
OpenProcessToken
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetUserDefaultLocaleName

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventActivityIdControl
EventRegister
EventUnregister

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
SetRestrictedErrorInfo
RoOriginateErrorW
GetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
InitOnceComplete
InitOnceBeginInitialize
WaitOnAddress
WakeByAddressSingle
InitOnceExecuteOnce

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList
InterlockedFlushSList

print.printsupport.source

RegeneratePdcForApp
IsPrinterConnection
IsPdcRegneratedForPrinterWithAppByPrinterName
IsPsaEnabledForContract
SetPrintTicketPsa

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateString
WindowsCompareStringOrdinal
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsDuplicateString

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
CoGetMalloc
CoGetApartmentType
CoTaskMemFree
CoMarshalInterface
CreateStreamOnHGlobal
CoCreateInstance
CoGetObjectContext
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
CoGetInterfaceAndReleaseStream
CoTaskMemAlloc
CoCreateGuid
CoReleaseMarshalData

oleaut32

VariantInit
GetErrorInfo
SetErrorInfo
SysAllocString
SysFreeString
SysStringLen
SysAllocStringLen
VariantClear

ntdll

RtlFreeHeap
NtQueryInformationToken
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlIsMultiSessionSku
RtlInitUnicodeString
RtlGetDeviceFamilyInfoEnum

api-ms-win-shcore-stream-l1-1-0

IStream_Size
SHCreateMemStream

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask
SHTaskPoolAllowThreadReuse

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoUninitialize
RoInitialize
RoGetActivationFactory

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-shcore-stream-winrt-l1-1-0

CreateStreamOverRandomAccessStream
CreateRandomAccessStreamOverStream

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-eventlog-legacy-l1-1-0

DeregisterEventSource
RegisterEventSourceW
ReportEventW

api-ms-win-devices-query-l1-1-0

DevGetObjectProperties
DevGetObjects
DevFreeObjectProperties
DevFreeObjects
DevFindProperty

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegGetValueW
RegCloseKey
RegOpenCurrentUser

api-ms-win-core-heap-l2-1-0

GlobalFree

winhttp

WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpCloseHandle
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpConnect
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpReadData
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpCrackUrl
WinHttpWriteData
WinHttpGetIEProxyConfigForCurrentUser

sspicli

GetUserNameExW

api-ms-win-rtcore-ntuser-window-l1-1-0

GetPropW
GetWindowThreadProcessId

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

xpstopclmconverter

CreateXpsToPCLmConverter

xpstopwgrconverter

CreateXpsToPwgrConverter

xpsrasterservice

ord1

api-ms-win-core-file-l1-1-0

SetFilePointerEx
ReadFile
GetFileSizeEx

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 904KB - Virtual size: 902KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 300KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.Internal.Management.dll
.dll windows:10 windows x64 arch:x64

65966c20ef668e84dbd5512844e1ed51

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.Internal.Management.pdb

Imports

msvcp110_win

?swap@?$basic_istream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
?unshift@?$codecvt@DDH@std@@QEBAHAEAHPEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?in@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Xbad_alloc@std@@YAXXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Add_vtordisp2@?$basic_ios@DU?$char_traits@D@std@@@std@@UEAAXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Add_vtordisp2@?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Add_vtordisp1@?$basic_istream@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??Bios_base@std@@QEBAPEAXXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?_Add_vtordisp2@?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Add_vtordisp1@?$basic_istream@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_BADOFF@std@@3_JB
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Orphan_all@_Container_base0@std@@QEAAXXZ
?_Getcat@?$codecvt@DDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Orphan_all@_Container_base12@std@@QEAAXXZ
??1_Container_base12@std@@QEAA@XZ
??0_Container_base12@std@@QEAA@XZ
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z

msvcrt

fgetc
fwrite
fgetpos
setvbuf
ungetc
fsetpos
_fseeki64
towlower
fflush
fputc
??0bad_cast@@QEAA@AEBV0@@Z
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
wcschr
strrchr
strchr
strtol
_errno
_set_errno
strncpy_s
wcstoul
wcsstr
realloc
wcsrchr
_wcsicmp
sprintf_s
memset
memmove
memcpy
memcmp
_CxxThrowException
swprintf_s
_wcsnicmp
__CxxFrameHandler3
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
_callnewh
malloc
??_V@YAXPEAX@Z
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
__CxxFrameHandler4
??3@YAXPEAX@Z
fclose
wcscmp

dmcmnutils

DmDisableTask
DmIsSystemOrAdmin
InvStrCmpIW
HexStringToBinary
UnicodeToMB
DmRaiseToastNotificationAndWait
DmIsRunningInSystemContext
DmRaiseToastNotification
DmInvalidateAadUserToken
DmGetAadUserToken
DmRequestAadUserToken
OmaDmRegistrySetBinary
OmaDmRegistrySetDWORD
OmaDmRegistryGetString
DmGetCurrentUserSid
CopyString
OmaDmRegistryGetDWORD
DmGetUserSidFromToken
DmDeleteTask
DmGetCurrentUserToken
DmRunTask
MBToUnicode
DmImpersonate
OmaDmRegistryGetBinary
DmRevertToSelf
DmIsSystemOrUserIsAdmin
DmGetActiveUserSid

combase

ord167
ord168
ord69

api-ms-win-core-url-l1-1-0

UrlEscapeW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
LoadLibraryExA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
DisableThreadLibraryCalls
LoadStringW
GetModuleHandleExW
FreeLibrary
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

SetEvent
ResetEvent
ReleaseSemaphore
AcquireSRWLockShared
OpenSemaphoreW
WaitForSingleObject
InitializeSRWLock
ReleaseSRWLockShared
CreateSemaphoreExW
CreateEventW
LeaveCriticalSection
TryAcquireSRWLockShared
EnterCriticalSection
DeleteCriticalSection
CreateEventA
CreateMutexExW
OpenEventW
ReleaseMutex
CreateEventExW
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
OpenThreadToken
TerminateProcess
OpenProcessToken
GetExitCodeProcess
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
HSTRING_UserSize
WindowsDuplicateString
WindowsStringHasEmbeddedNull
HSTRING_UserFree64
WindowsGetStringLen
WindowsIsStringEmpty
HSTRING_UserSize64
HSTRING_UserFree
HSTRING_UserMarshal64
WindowsDeleteString
WindowsCreateStringReference
WindowsConcatString
HSTRING_UserUnmarshal
HSTRING_UserMarshal
HSTRING_UserUnmarshal64
WindowsGetStringRawBuffer

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
CreateThreadpoolWork
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns
SetThreadpoolTimer
SubmitThreadpoolWork
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
SetRestrictedErrorInfo
GetRestrictedErrorInfo
RoTransformError
RoOriginateError

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-com-l1-1-0

StringFromCLSID
CoWaitForMultipleHandles
CoGetApartmentType
CoRegisterClassObject
CoCreateFreeThreadedMarshaler
CoMarshalInterface
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CreateStreamOnHGlobal
CoInitializeSecurity
StringFromGUID2
CoReleaseMarshalData
CoGetInterfaceAndReleaseStream
CoCreateGuid
CoImpersonateClient
CoRevertToSelf
IIDFromString
CoTaskMemFree
CoReleaseServerProcess
CoAddRefServerProcess
CLSIDFromString
CoRevokeClassObject
CoResumeClassObjects

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoActivateInstance
RoInitialize
RoGetActivationFactory
RoRegisterActivationFactories
RoUninitialize

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
Sleep
InitOnceComplete
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceExecuteOnce

api-ms-win-service-core-l1-1-0

SetServiceStatus

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerA

rpcrt4

NdrDllGetClassObject
NdrOleFree
UuidToStringW
UuidFromStringW
UuidCreate
RpcStringFreeW
I_RpcBindingInqLocalClientPID
NdrDllCanUnloadNow
NdrOleAllocate

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo
GetSystemTime
GetTickCount
GetLocalTime
GetTickCount64

api-ms-win-core-file-l1-1-0

GetFileSizeEx
FindFirstFileW
CreateFileW
FindNextFileW
ReadFile
GetFileAttributesW
FindClose
DeleteFileW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCreateKeyExW
RegNotifyChangeKeyValue
RegSetValueExW
RegDeleteTreeW
RegOpenKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyExW
RegOpenCurrentUser
RegDeleteValueW
RegGetValueW
RegCloseKey

api-ms-win-security-base-l1-1-0

FreeSid
AllocateAndInitializeSid
IsWellKnownSid
DuplicateTokenEx
GetTokenInformation

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
RoReportFailedDelegate

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
OpenProcess

oleaut32

SafeArrayGetLBound
SafeArrayLock
SafeArrayUnlock
SafeArrayCreate
VariantChangeType
SafeArrayGetUBound
SysAllocStringLen
SafeArrayDestroy
VariantClear
SysAllocString
VariantInit
SysFreeString

ws2_32

WSAIoctl
WSACleanup
WSAStartup
WSAGetLastError
socket
closesocket

iphlpapi

Icmp6CreateFile
Icmp6SendEcho2
IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchCombine
PathCchAppend
PathCchCanonicalizeEx
PathCchCombineEx
PathCchFindExtension
PathCchAppendEx

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegOpenKeyW

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask

ntdll

RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlIsStateSeparationEnabled
RtlIsMultiSessionSku
RtlIsMultiUsersInSessionSku
RtlPublishWnfStateData
RtlSubscribeWnfStateChangeNotification

api-ms-win-oobe-notification-l1-1-0

OOBEComplete

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA
lstrcmpW

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileEx
SHCreateMemStream
SHCreateStreamOnFileW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
ServiceMain

Sections

.text
Size: 816KB - Virtual size: 813KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 268KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.Internal.Shell.CloudDesktop.TransitionScreen.dll
.dll windows:10 windows x64 arch:x64

e199026a48d82e94b6fc0f9cf7b65f88

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.Internal.Shell.CloudDesktop.TransitionScreen.pdb

Imports

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o_abort
_o_ceilf
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_wcscat_s
_o_wcscpy_s
__CxxFrameHandler4
__std_terminate
memcpy
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
memcmp
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
memmove
__CxxFrameHandler3
__C_specific_handler
_CxxThrowException

api-ms-win-crt-string-l1-1-0

wcscmp
memset
strlen
strncmp
strcmp
wcslen

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

msvcp_win

_Cnd_broadcast
_Cnd_destroy_in_situ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Mtx_init_in_situ
_Mtx_unlock
_Mtx_destroy_in_situ
?_Syserror_map@std@@YAPEBDH@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?_Xbad_function_call@std@@YAXXZ
_Cnd_wait
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Mtx_lock
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Throw_C_error@std@@YAXH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Cnd_init_in_situ
_Thrd_yield
?__ExceptionPtrCreate@@YAXPEAX@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

user32

GetForegroundWindow
RemovePropW
SetPropW
MonitorFromPoint
GetMonitorInfoW
EnumDisplayMonitors
IsWindowVisible
LockSetForegroundWindow
SetWindowTextW

ext-ms-win-devmgmt-policy-l1-1-0

PolicyManager_GetPolicyInt

ext-ms-win-ntuser-private-l1-1-1

SetWindowCompositionAttribute

dwmapi

DwmGetWindowAttribute

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
TrySubmitThreadpoolCallback

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleExW
GetProcAddress
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-synch-l1-1-0

CreateMutexExW
ReleaseMutex
CreateEventW
DeleteCriticalSection
CreateSemaphoreExW
ReleaseSemaphore
ResetEvent
SetEvent
WaitForSingleObjectEx
InitializeCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
InitializeCriticalSectionAndSpinCount
AcquireSRWLockShared
LeaveCriticalSection
OpenSemaphoreW
EnterCriticalSection

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead
InterlockedFlushSList

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoGetObjectContext
CoGetApartmentType
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoTaskMemRealloc

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

d2d1

ord1

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

oleaut32

SetErrorInfo
SysAllocString
GetErrorInfo
SysFreeString
SysStringLen

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-util-l1-1-0

EncodePointer

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory

Sections

.text
Size: 417KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.Internal.Shell.XamlInputViewHost.dll
.dll windows:10 windows x64 arch:x64

95dc1544c5cb0b8f818174c41b756d70

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.Internal.Shell.XamlInputViewHost.pdb

Imports

msvcp_win

?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@M@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Random_device@std@@YAIXZ
_Thrd_yield
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
?_Throw_Cpp_error@std@@YAXH@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
??Bid@locale@std@@QEAA_KXZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__wcsicmp
_o_abort
_o_ceilf
_o_floorf
_o_free
_o_isspace
_o_iswspace
_o_malloc
_o_pow
_o_realloc
_o_sqrt
_o_terminate
_o_wcstol
_o_wcstoul
wcsrchr
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__beginthreadex
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o__get_errno
_o___std_exception_destroy
_o___std_exception_copy
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
memmove
__std_terminate
__CxxFrameHandler4
_o__execute_onexit_table
memcmp
memcpy
wcschr

api-ms-win-crt-string-l1-1-0

wcscspn
memset
strncmp

kernel32

RaiseFailFastException
ResolveDelayLoadedAPI
DelayLoadFailureHook
OpenEventW
GlobalGetAtomNameW
GetModuleHandleExA
CloseState
OpenStateExplicit
GetSystemAppDataKey
InterlockedFlushSList
LoadLibraryW
InterlockedPushEntrySList
FreeLibrary
Sleep
K32GetProcessImageFileNameW
OpenProcess
K32EnumProcesses
RegisterWaitUntilOOBECompleted
UnregisterWaitUntilOOBECompleted
GetTickCount64
GetProductInfo
OOBEComplete
CompareStringOrdinal
WaitForThreadpoolWaitCallbacks
VerifyVersionInfoW
VerSetConditionMask
InitializeSRWLock
LocalAlloc
TryAcquireSRWLockShared
LoadLibraryExW
LocalFree
DisassociateCurrentThreadFromCallback
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
CreateEventExW
TerminateThread
CreateThreadpoolWait
CreateThread
SetThreadpoolWait
CloseThreadpoolWait
QueryPerformanceFrequency
MulDiv
GetCurrentThread
SetThreadDescription
GetFileAttributesW
RegisterWaitForSingleObject
UnregisterWait
InitializeCriticalSection
RaiseException
WideCharToMultiByte
MultiByteToWideChar
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EncodePointer
CreateThreadpoolTimer
InitOnceExecuteOnce
DecodePointer
InitOnceComplete
InitOnceBeginInitialize
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetThreadpoolTimer
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
CreateMutexExW
GetProcAddress
HeapAlloc
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
TrySubmitThreadpoolCallback
GetSystemTimePreciseAsFileTime
GetProcessId

user32

ord2521
GetThreadDesktop
GetUserObjectInformationW
MonitorFromWindow
GetMonitorInfoW
IntersectRect
DefWindowProcW
RegisterClassExW
GetSystemMetrics
GetWindowLongPtrW
SetWindowLongPtrW
InflateRect
PostThreadMessageW
SetWindowFeedbackSetting
SystemParametersInfoW
IsWindowVisible
GetPropW
ShowWindow
MoveWindow
GetClientRect
GetWindowRect
OffsetRect
GetForegroundWindow
ShowWindowAsync
SetWindowCompositionAttribute
ord2507
CreateWindowInBand
GetDpiForWindow
UnhookWinEvent
GetSysColor
SetWinEventHook
SetWindowLongW
GetWindowLongW
SetWindowRgn
CreateWindowExW
GetAncestor
GetGUIThreadInfo
MonitorFromRect
SetRectEmpty
GetWindowThreadProcessId
SetPropW
GetPointerDevices
MonitorFromPoint
GetDpiForSystem
RegisterClassW
LoadCursorW
SetWindowPos
UnregisterClassW
DestroyWindow
GetCursorPos
GetAutoRotationState
GetPointerDeviceRects

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo
RoOriginateErrorW
RoTransformError

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventRegister
EventSetInformation
EventWriteTransfer

api-ms-win-core-winrt-string-l1-1-0

WindowsSubstringWithSpecifiedLength
WindowsDeleteString
WindowsDuplicateString
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty

api-ms-win-core-com-l1-1-0

PropVariantClear
CoTaskMemAlloc
CoCreateInstance
CoGetStdMarshalEx
CoGetApartmentType
CoGetMalloc
CoTaskMemRealloc
StringFromGUID2
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoGetCallContext
CoWaitForMultipleHandles
CoGetObjectContext

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegGetValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
RegNotifyChangeKeyValue

api-ms-win-security-base-l1-1-0

EqualSid
GetTokenInformation

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-service-management-l1-1-0

CloseServiceHandle
StartServiceW
OpenSCManagerW
OpenServiceW

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

oleaut32

SysFreeString
VariantClear
VariantInit
SetErrorInfo
GetErrorInfo
SafeArrayDestroy
SysStringLen
SysAllocString

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-gdi-dpiinfo-l1-1-0

GetCurrentDpiInfo

coremessaging

CreateDispatcherQueueController
CoreUICreate

ntdll

NtQueryInformationProcess
RtlFreeHeap
NtQueryInformationToken
RtlInitUnicodeString
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
RtlGetDeviceFamilyInfoEnum
RtlPublishWnfStateData

coreuicomponents

CoreUIFactoryCreate
CoreUIClientCreate

api-ms-win-shcore-scaling-l1-1-1

UnregisterScaleChangeEvent
RegisterScaleChangeEvent
GetDpiForMonitor
GetScaleFactorForMonitor

shcore

IStream_Write
SHGetThreadRef
ord222
SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask
IUnknown_QueryService
ord262
ord249

gdi32

DeleteObject
CreateRectRgn
CombineRgn

d3d11

D3D11CreateDevice

d2d1

ord1

magnification

MagGetFullscreenTransform
MagInitialize
MagUninitialize

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

combase

ord140

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
XamlIslandMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
.dll windows:10 windows x64 arch:x64

460362b1d8d120d1bacef04c00b7fedf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.Management.EnrollmentStatusTracking.ConfigProvider.pdb

Imports

msvcp_win

?uncaught_exception@std@@YA_NXZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___std_exception_copy
_o___std_exception_destroy
_o___std_type_info_destroy_list
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o_free
_o_malloc
_o_memcpy_s
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
__std_terminate
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExA
GetProcAddress
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
WaitForSingleObject
CreateMutexExW
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

VariantClear
SysFreeString
VariantInit
SysAllocStringByteLen
SysAllocString

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegCloseKey
RegGetValueW
RegOpenKeyExW
RegEnumValueW

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW

ntdll

RtlIsStateSeparationEnabled

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.Management.InprocObjects.dll
.dll windows:10 windows x64 arch:x64

c2613226adecee65435cf853f8171f4e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.Management.InprocObjects.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
memmove
_o_free
_o_malloc
_o_terminate
_o_wcstoul
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__execute_onexit_table
_o__errno
wcschr
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
DisableThreadLibraryCalls
GetProcAddress
GetModuleFileNameW
GetModuleHandleW
GetModuleFileNameA
FreeLibrary

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

CreateEventW
CreateSemaphoreExW
DeleteCriticalSection
LeaveCriticalSection
AcquireSRWLockShared
CreateMutexExW
EnterCriticalSection
ReleaseSRWLockShared
ReleaseSemaphore
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateEventExW
InitializeCriticalSectionEx
SetEvent
InitializeCriticalSectionAndSpinCount
ReleaseMutex
WaitForSingleObject

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
RaiseException
UnhandledExceptionFilter
GetLastError

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateString
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsDuplicateString
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoCreateFreeThreadedMarshaler
CoMarshalInterface
CoReleaseMarshalData
CreateStreamOnHGlobal
CoWaitForMultipleHandles
CoTaskMemAlloc

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
OpenProcessToken
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError
GetRestrictedErrorInfo
RoTransformError
SetRestrictedErrorInfo

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess
GetProcessMitigationPolicy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntdll

RtlIsStateSeparationEnabled

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegEnumValueW
RegDeleteTreeW
RegSetValueExW
RegOpenKeyExW
RegGetValueW
RegDeleteValueW
RegCreateKeyExW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 220KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.Management.ModernDeployment.ConfigProviders.dll
.dll windows:10 windows x64 arch:x64

9a503457e463ff657ace92c222f60aa3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.Management.ModernDeployment.ConfigProviders.pdb

Imports

msvcp_win

??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o_free
_o_malloc
_o_memcpy_s
__C_specific_handler
_CxxThrowException
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
_o__crt_atexit
_o__configure_narrow_argv
memchr
memcmp
memcpy
__CxxFrameHandler3

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExA
LoadLibraryExA
GetModuleFileNameA
LoadLibraryExW
GetModuleHandleW
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleExW
FreeLibrary

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
ResetEvent
EnterCriticalSection
CreateEventW
DeleteCriticalSection
LeaveCriticalSection
SetEvent
OpenSemaphoreW
WaitForSingleObjectEx
CreateEventExW
InitializeCriticalSectionEx
AcquireSRWLockShared
ReleaseMutex
ReleaseSRWLockExclusive
WaitForSingleObject
ReleaseSRWLockShared
ReleaseSemaphore
CreateMutexExW
AcquireSRWLockExclusive
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

SysAllocString
SysAllocStringByteLen
SysFreeString
VariantInit
VariantClear

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-com-l1-1-0

CoCreateGuid
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles
CoTaskMemAlloc
IIDFromString

ntdll

RtlIsStateSeparationEnabled
RtlPublishWnfStateData
RtlReleasePrivilege
RtlAcquirePrivilege

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-core-winrt-string-l1-1-0

WindowsPromoteStringBuffer
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsPreallocateStringBuffer
WindowsCreateString
WindowsDeleteStringBuffer
WindowsCreateStringReference

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

winhttp

WinHttpCloseHandle

api-ms-win-core-firmware-l1-1-0

SetFirmwareEnvironmentVariableW
GetFirmwareEnvironmentVariableW

api-ms-win-core-file-l1-1-0

SetFilePointerEx
ReadFile
CreateDirectoryW
GetFileSizeEx
GetFileAttributesW
CreateFileW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

userenv

ExpandEnvironmentStringsForUserW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW
OpenServiceW
StartServiceW

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.Management.Service.dll
.dll windows:10 windows x64 arch:x64

7badaf114bd897c092d5911392b6a35e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.Management.Service.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o___std_exception_destroy
_o__wcsicmp
_o__wcsnicmp
memmove
_o__wtoi
_o_abort
_o_ceilf
_o_free
_o_isalnum
_o_isdigit
_o_malloc
_o_mbstowcs
_o_realloc
_o_terminate
_o_wcstol
_o_wcstoul
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__get_errno
_o__cexit
_o__callnewh
_o___acrt_iob_func
wcschr
strchr
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o____lc_codepage_func
__std_terminate
__CxxFrameHandler4
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
memcmp
_o___std_type_info_destroy_list
memcpy

api-ms-win-crt-string-l1-1-0

wcsnlen
memset
wcscmp

api-ms-win-core-com-l1-1-0

CoReleaseMarshalData
CoReleaseServerProcess
CoTaskMemAlloc
CoInitializeEx
CoSetProxyBlanket
CoInitializeSecurity
CoCreateInstance
CoTaskMemFree
CoRegisterClassObject
CoDisconnectContext
CoWaitForMultipleHandles
CLSIDFromString
CoGetInterfaceAndReleaseStream
IIDFromString
StringFromGUID2
CoCreateGuid
CoResumeClassObjects
CreateStreamOnHGlobal
CoAddRefServerProcess
CoMarshalInterface
CoCreateFreeThreadedMarshaler
CoDecrementMTAUsage
CoTaskMemRealloc
CoRevokeClassObject

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleExA
FreeLibraryAndExitThread
LoadStringW
GetModuleHandleW
FreeLibrary
DisableThreadLibraryCalls
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
ResetEvent
DeleteCriticalSection
CreateEventExW
ReleaseSRWLockShared
ReleaseMutex
AcquireSRWLockShared
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
AcquireSRWLockExclusive
SetEvent
CreateEventW
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
InitializeSRWLock
OpenSemaphoreW
TryEnterCriticalSection
CreateMutexExW
WaitForSingleObjectEx

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize
WakeByAddressAll
WaitOnAddress
Sleep

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsPreallocateStringBuffer
WindowsCompareStringOrdinal
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsGetStringLen
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsPromoteStringBuffer
WindowsDeleteString
WindowsDeleteStringBuffer

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventActivityIdControl
EventUnregister

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegDeleteValueW
RegDeleteTreeW
RegOpenKeyExW
RegCopyTreeW
RegSetValueExW
RegEnumValueW
RegCreateKeyExW
RegCloseKey

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-file-l1-1-0

WriteFile
ReadFile
GetFileAttributesW
DeleteFileW
GetFileSizeEx
FileTimeToLocalFileTime
CreateDirectoryW
CreateFileW
SetFilePointerEx

api-ms-win-core-processthreads-l1-1-0

GetExitCodeProcess
CreateThread
GetCurrentProcess
CreateProcessW
GetCurrentProcessId
GetCurrentThreadId
OpenProcessToken
ExitThread
TerminateProcess

api-ms-win-core-winrt-l1-1-0

RoRegisterActivationFactories
RoRevokeActivationFactories
RoActivateInstance
RoUninitialize
RoGetActivationFactory
RoInitialize

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError
GetRestrictedErrorInfo
RoOriginateErrorW
SetRestrictedErrorInfo

api-ms-win-core-localization-l1-2-0

FormatMessageW
FormatMessageA

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime
GetSystemTime
GetTickCount64
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlReleasePrivilege
RtlAcquirePrivilege
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlPublishWnfStateData
RtlIsStateSeparationEnabled

combase

ord66
ord69
ord68
ord67

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-firmware-l1-1-0

SetFirmwareEnvironmentVariableW
GetFirmwareEnvironmentVariableW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-oobe-notification-l1-1-0

OOBEComplete

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

profapi

ord104

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId

msvcp_win

?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Xlength_error@std@@YAXPEBD@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Xbad_alloc@std@@YAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
??0task_continuation_context@Concurrency@@AEAA@XZ
?__ExceptionPtrCreate@@YAXPEAX@Z
_Cnd_init_in_situ
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Cnd_wait
_Cnd_broadcast
_Cnd_destroy_in_situ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??Bios_base@std@@QEBA_NXZ
?_Random_device@std@@YAIXZ
_Wcscoll
?id@?$collate@G@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@G@std@@2V0locale@2@A
_Wcsxfrm
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
_Mtx_destroy_in_situ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
_Mtx_unlock
_Mtx_lock
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
_Mtx_init_in_situ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Throw_C_error@std@@YAXH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo
SetSystemTime

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

api-ms-win-core-datetime-l1-1-1

GetTimeFormatEx
GetDateFormatEx

api-ms-win-core-file-l1-2-0

GetTempPathW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
ServiceMain

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.Media.Audio.dll
.dll windows:10 windows x64 arch:x64

43f673008a09f632ca73da9ae0db4168

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.Media.Audio.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__nextafter
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_atan2f
_o_cos
_o_cosf
_o_floorf
_o_free
_o_log10f
_o_malloc
_o_pow
_o_powf
_o_realloc
_o_sin
_o_sinf
_o_sqrt
_o_sqrtf
_o_tanf
_o_terminate
_o_wcscpy_s
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
strncmp
strcmp
strnlen

mmdevapi

ord17

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleW
FreeLibraryAndExitThread
FreeLibrary
GetModuleHandleExW
GetProcAddress

api-ms-win-core-synch-l1-1-0

SetEvent
CreateEventW
AcquireSRWLockExclusive
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReleaseMutex
TryEnterCriticalSection
CreateEventA
ResetEvent
WaitForSingleObject
WaitForSingleObjectEx
InitializeSRWLock
OpenSemaphoreW
ReleaseSemaphore
CreateSemaphoreExW
CreateEventExW
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc
HeapSize

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
GetThreadPriority
CreateThread
TlsAlloc
GetCurrentThread
GetCurrentProcess
SetThreadPriority
TlsFree
GetCurrentProcessId
TerminateProcess
OpenProcessToken
GetCurrentThreadId
ResumeThread
TlsGetValue

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringA
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-com-l1-1-0

StringFromGUID2
PropVariantClear
CoUninitialize
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoCreateInstance
CoMarshalInterface
CoTaskMemAlloc
CreateStreamOnHGlobal
CoReleaseMarshalData
CoIncrementMTAUsage
CoDecrementMTAUsage
CoCreateFreeThreadedMarshaler
CoCreateGuid
CoWaitForMultipleHandles
CoTaskMemFree
CoInitializeEx
CoGetApartmentType

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation
EventWriteTransfer

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo
RoTransformError
SetRestrictedErrorInfo
RoSetErrorReportingFlags
RoOriginateError
RoGetErrorReportingFlags
RoOriginateErrorW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
InitOnceExecuteOnce
Sleep
SleepConditionVariableCS
InitializeConditionVariable
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCompareStringOrdinal
WindowsDeleteString
WindowsCreateString
WindowsGetStringRawBuffer

rpcrt4

NdrDllGetClassObject
NdrDllCanUnloadNow
NdrOleAllocate
NdrOleFree

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
RoReportFailedDelegate

api-ms-win-core-threadpool-l1-2-0

TrySubmitThreadpoolCallback
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
FreeLibraryWhenCallbackReturns
CreateThreadpoolTimer
CloseThreadpoolTimer
CallbackMayRunLong
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx

propsys

PropVariantToUInt32
PropVariantToInt64

api-ms-win-shcore-thread-l1-1-0

SHSetThreadRef
GetProcessReference
SHGetThreadRef
SetProcessReference

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW
WaitForMultipleObjects

hrtfapo

ord1

api-ms-win-core-registry-l1-1-0

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

msvcp_win

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-math-l1-1-0

_finite

resampledmo

ord1

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-devices-config-l1-1-1

CM_MapCrToWin32Err
CM_Get_Device_Interface_PropertyW

rtworkq

RtwqLockSharedWorkQueue
RtwqStartup
RtwqCancelWorkItem
RtwqShutdown
RtwqCreateAsyncResult
RtwqUnlockWorkQueue
RtwqPutWaitingWorkItem

avrt

AvSetMmThreadCharacteristicsA
AvRevertMmThreadCharacteristics

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 784KB - Virtual size: 780KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 324KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.Media.Streaming.dll
.dll windows:10 windows x64 arch:x64

2c2136637817b15cd672f99a47dda740

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.Media.Streaming.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__ltow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
memmove
_o__ui64tow_s
_o__wcsicmp
_o__wcsnicmp
_o__wcstoui64
_o__wsplitpath_s
_o__wtol
_o_floor
_o_free
_o_iswalpha
_o_iswdigit
_o_malloc
_o_qsort
_o_realloc
_o_strncpy_s
_o_towupper
_o_wcstoul
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__ultow_s
wcsstr
wcschr
__CxxFrameHandler4
__std_terminate
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

strnlen
wcsncmp
wcspbrk
memset
wcscmp

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep
InitOnceExecuteOnce

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
TraceMessage
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
EnterCriticalSection
InitializeCriticalSectionEx
InitializeSRWLock
AcquireSRWLockShared
CreateEventW
LeaveCriticalSection
ReleaseSRWLockShared
DeleteCriticalSection
CreateEventExW
ReleaseSRWLockExclusive
CreateMutexExW
ReleaseSemaphore
SetEvent
ResetEvent
OpenSemaphoreW
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
AcquireSRWLockExclusive
WaitForSingleObjectEx

api-ms-win-core-libraryloader-l1-2-0

FindStringOrdinal
FreeLibrary
GetModuleFileNameA
FreeLibraryAndExitThread
LoadStringW
GetModuleHandleExW
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TlsAlloc
ResumeThread
OpenProcessToken
SetThreadPriority
CreateThread
OpenThreadToken
GetCurrentThread
GetCurrentProcessId
GetCurrentThreadId
TlsSetValue
TlsFree
GetCurrentProcess
TerminateProcess
GetThreadPriority
TlsGetValue

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetComputerNameExW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-threadpool-l1-2-0

TrySubmitThreadpoolCallback
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
FreeLibraryWhenCallbackReturns
IsThreadpoolTimerSet
CloseThreadpoolTimer
CallbackMayRunLong

api-ms-win-core-kernel32-legacy-l1-1-1

PowerSetRequest
PowerCreateRequest
PowerClearRequest

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileInformationByHandle
WriteFile
GetFinalPathNameByHandleW
SetFilePointerEx
GetFullPathNameW
DeleteFileW
SetEndOfFile

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-shcore-thread-l1-1-0

GetProcessReference
SHGetThreadRef
SetProcessReference
SHSetThreadRef

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-featurestaging-l1-1-0

UnsubscribeFeatureStateChangeNotification
RecordFeatureUsage
SubscribeFeatureStateChangeNotification

api-ms-win-core-localization-l1-2-0

FormatMessageW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 1016KB - Virtual size: 1014KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.Media.dll
.dll windows:10 windows x64 arch:x64

0aaa1d6eb6e9b69f62771718101bb374

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

71:9b:bf:62:88:c8:9b:d3:87:2c:f5:2d:ba:80:ba:56:a7:2c:41:02:fb:87:a3:5d:d9:41:db:5e:b8:c5:f2:bc
Signer

Actual PE Digest

71:9b:bf:62:88:c8:9b:d3:87:2c:f5:2d:ba:80:ba:56:a7:2c:41:02:fb:87:a3:5d:d9:41:db:5e:b8:c5:f2:bc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.Media.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__gmtime64
_o__i64toa_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__ltoa_s
_o__ltow_s
_o__mkgmtime64
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__strdup
_o__stricmp
_o__strnicmp
_o__strtoui64
_o__ui64tow_s
_o__ultoa_s
_o__ultow_s
_o__wcsicmp
_o__wcslwr_s
memmove
_o__wcsnicmp
_o__wcstoui64
_o__wtoi
_o__wtoi64
_o_atof
_o_atoi
_o_atol
_o_calloc
_o_ceil
_o_ceilf
_o_cos
_o_floor
_o_floorf
_o_free
_o_isdigit
_o_isspace
_o_iswalpha
_o_iswdigit
_o_iswspace
_o_log
_o_log10
_o_malloc
_o_qsort
_o_rand
_o_realloc
_o_sin
_o_sqrt
_o_srand
_o_strncpy_s
_o_strtok_s
_o_strtoul
_o_terminate
_o_tolower
_o_toupper
_o_towlower
_o_towupper
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstol
__current_exception
__current_exception_context
__CxxFrameHandler3
_o__gcvt_s
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__atoi64
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__C_specific_handler
__std_terminate
__CxxFrameHandler4
__C_specific_handler_noexcept
memcmp
memcpy
_CxxThrowException
strchr
strstr
wcsrchr
wcsstr
wcschr

api-ms-win-crt-string-l1-1-0

memmove_s
strnlen
wcsncmp
strncmp
wcscmp
strcmp
wcscspn
memset

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleFileNameW
FreeLibraryAndExitThread
FreeLibrary
LoadLibraryExW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-processthreads-l1-1-0

ResumeThread
TerminateProcess
GetCurrentThreadId
GetProcessId
GetCurrentProcess
GetCurrentThread
TlsFree
TlsGetValue
CreateThread
OpenProcessToken
SetThreadPriority
GetCurrentProcessId
TlsAlloc
GetThreadPriority
TlsSetValue

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
IsValidLocaleName
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventActivityIdControl
EventSetInformation
EventWriteTransfer

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
CreateEventExW
DeleteCriticalSection
WaitForSingleObject
CreateEventW
SetEvent
CreateWaitableTimerExW
InitializeCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
ResetEvent
AcquireSRWLockShared
ReleaseSRWLockShared
WaitForSingleObjectEx
CreateSemaphoreExW
ReleaseMutex
CreateMutexExW
ReleaseSemaphore
SetWaitableTimer
OpenSemaphoreW
WaitForMultipleObjectsEx
InitializeSRWLock
TryAcquireSRWLockExclusive

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
WaitForThreadpoolTimerCallbacks
CallbackMayRunLong
TrySubmitThreadpoolCallback
CloseThreadpoolWait
CreateThreadpoolWait
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
TraceMessage

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
Sleep
InitOnceComplete
InitOnceExecuteOnce

rpcrt4

NdrDllCanUnloadNow
UuidFromStringW
NdrStubForwardingFunction
NdrOleAllocate
NdrOleFree
NdrDllGetClassObject

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GlobalMemoryStatusEx
GetSystemTimeAsFileTime
GetLocalTime
GetTickCount
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorDacl
GetTokenInformation

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrSpnW
QISearch
StrTrimW
StrStrIW
StrChrW
StrCmpCW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegEnumKeyExW
RegGetValueW
RegCreateKeyExW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegSetValueExW
RegCloseKey

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-url-l1-1-0

UrlHashW

api-ms-win-core-path-l1-1-0

PathIsUNCEx
PathCchFindExtension

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalAlloc
LocalFree

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

msvcp_win

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-math-l1-1-0

_isnan
_finite

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.Shell.BlueLightReduction.dll
.dll windows:10 windows x64 arch:x64

d73c1456f213ff5f4d223f1f3170a38d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.Shell.BlueLightReduction.pdb

Imports

msvcp_win

?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Throw_C_error@std@@YAXH@Z
_Cnd_init_in_situ
?__ExceptionPtrCreate@@YAXPEAX@Z
??0task_continuation_context@Concurrency@@AEAA@XZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Xlength_error@std@@YAXPEBD@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
_Mtx_destroy_in_situ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Mtx_lock
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Mtx_init_in_situ
_Cnd_wait
_Mtx_unlock
_Cnd_broadcast
_Cnd_destroy_in_situ
?_Xout_of_range@std@@YAXPEBD@Z
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_abort
_o_acos
_o_asin
_o_ceilf
_o_cos
_o_floor
_o_fmod
_o_free
_o_iswspace
_o_malloc
_o_pow
_o_sin
__C_specific_handler
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_type_info_compare
__CxxFrameHandler3
_CxxThrowException
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExA
GetModuleFileNameA
FreeLibrary
GetModuleHandleW
GetModuleHandleExW
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
Sleep
InitOnceComplete

api-ms-win-core-synch-l1-1-0

CreateEventW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ResetEvent
SetEvent
WaitForSingleObjectEx
OpenSemaphoreW
CreateEventExW
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount
ReleaseMutex
CreateSemaphoreExW
ReleaseSemaphore
ReleaseSRWLockShared
WaitForSingleObject
EnterCriticalSection
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventActivityIdControl
EventUnregister
EventSetInformation

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW
SetRestrictedErrorInfo

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetTickCount64
GetSystemTimeAsFileTime
GetSystemTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoWaitForMultipleHandles
CoCreateInstance

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize
RoActivateInstance
RoGetActivationFactory

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-dx-d3dkmt-l1-1-0

D3DKMTOpenAdapterFromHdc

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

oleaut32

GetErrorInfo
SetErrorInfo
SysAllocString
SysFreeString
SysStringLen

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 240KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.StateRepository.dll
.dll windows:10 windows x64 arch:x64

4f9630765052ac48de6de6c0795afe78

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:c4:3d:f8:ed:89:bb:56:87:e2:2d:35:25:63:0d:43:0f:3d:c5:99:16:12:43:75:89:6e:e8:f8:94:7f:2b:26
Signer

Actual PE Digest

4e:c4:3d:f8:ed:89:bb:56:87:e2:2d:35:25:63:0d:43:0f:3d:c5:99:16:12:43:75:89:6e:e8:f8:94:7f:2b:26

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.StateRepository.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__itow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__ui64tow_s
memmove
_o_free
_o_malloc
_o_memcpy_s
_o_realloc
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcsrchr
wcschr
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

strcmp
memset
memmove_s

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
GetModuleHandleW
GetModuleHandleExW
GetModuleHandleExA
LoadLibraryExW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseMutex
SleepEx
ReleaseSemaphore
ReleaseSRWLockExclusive
InitializeSRWLock
AcquireSRWLockExclusive
WaitForSingleObjectEx
CreateEventW
SetEvent
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
GetLastError
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

SetThreadToken
GetCurrentProcessId
ProcessIdToSessionId
OpenProcessToken
GetCurrentProcess
TerminateProcess
OpenThreadToken
GetCurrentThread
GetCurrentThreadId
GetProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
Sleep
InitOnceBeginInitialize

ntdll

RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlDowncaseUnicodeString
RtlLengthSid
RtlEnumerateGenericTableWithoutSplayingAvl
RtlDeleteCriticalSection
NtAccessCheck
RtlFreeHeap
RtlInitializeGenericTableAvl
RtlNtStatusToDosErrorNoTeb
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
NtSetInformationThread
RtlCompareUnicodeString
RtlValidSid
RtlEqualSid
NtQueryInformationFile
RtlFreeUnicodeString
RtlInitUnicodeString
RtlConvertSidToUnicodeString
RtlGetDeviceFamilyInfoEnum
RtlCopySid
NtQueryInformationToken
RtlExpandEnvironmentStrings
RtlDetermineDosPathNameType_U
RtlAllocateHeap
RtlIsMultiUsersInSessionSku
NtQueryInformationThread
NtQueryInformationProcess
RtlInsertElementGenericTableAvl
RtlAcquireSRWLockExclusive

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureStackBackTrace
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemTimeAsFileTime
GetSystemTime
GlobalMemoryStatusEx

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

combase

ord69
ord168
ord66
ord67
ord68

staterepository.core

sqlite3_file_control
sqlite3_extended_result_codes
sqlite3_get_autocommit
sqlite3_db_config
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint_v2
sqlite3_changes
sqlite3_last_insert_rowid
sqlite3_initialize
sqlite3_shutdown
sqlite3_enable_shared_cache
sqlite3_log
sqlite3_db_handle
sqlite3_close
sqlite3_errmsg
sqlite3_open_v2
sqlite3_vfs_unregister
sqlite3_vfs_register
sqlite3_vfs_find
sqlite3_expanded_sql
sqlite3_snprintf
sqlite3_profile
sqlite3_trace
sqlite3_config
sqlite3_status
sqlite3_step
sqlite3_reset
sqlite3_finalize
sqlite3_sql
sqlite3_column_type
sqlite3_column_blob
sqlite3_column_text16
sqlite3_column_bytes
sqlite3_column_text
sqlite3_column_int64
sqlite3_column_int
sqlite3_bind_blob
sqlite3_bind_text16
sqlite3_bind_int64
sqlite3_bind_int
sqlite3_bind_null
sqlite3_clear_bindings
sqlite3_exec
sqlite3_stmt_busy
sqlite3_prepare_v2
sqlite3_value_text
sqlite3_result_text16
sqlite3_value_int64
sqlite3_free
sqlite3_result_blob
sqlite3_malloc
sqlite3_value_bytes
sqlite3_value_blob
sqlite3_value_int
sqlite3_value_text16
sqlite3_value_type
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_error_code
sqlite3_result_error16
sqlite3_result_error_nomem
sqlite3_user_data
sqlite3_create_function_v2
sqlite3_errcode
sqlite3_next_stmt
sqlite3_db_status
sqlite3_busy_timeout
sqlite3_db_filename
sqlite3_extended_errcode

api-ms-win-security-base-l1-1-0

GetTokenInformation
IsWellKnownSid
DuplicateTokenEx
EqualSid
CopySid
IsValidSid
GetLengthSid
CreateWellKnownSid

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW
QueryServiceStatusEx

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
CloseServiceHandle

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
RegDeleteTreeW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-file-l1-1-0

CreateFileW
DeleteFileW
WriteFile
GetFileAttributesW

api-ms-win-security-accesshlpr-l1-1-0

BuildSecurityDescriptorForSharingAccess
FreeTransientObjectSecurityDescriptor

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx
MoveFileExW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-windowserrorreporting-l1-1-1

WerRegisterCustomMetadata

api-ms-win-core-path-l1-1-0

PathCchCombine

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ServiceMain
StateRepository_DataAccessLayer_DatabaseCache_Add
StateRepository_DataAccessLayer_DatabaseCache_Get
StateRepository_Initialize
StateRepository_Service_UpdateStatus
StateRepository_Shutdown
SvchostPushServiceGlobals

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.StateRepositoryBroker.dll
.dll windows:10 windows x64 arch:x64

6f2b8a472b1ae3ce8357505c6a89b3b5

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:b0:12:e7:c0:ed:33:4b:db:d4:08:63:e0:e5:46:3a:c0:c9:e4:a2:52:7e:e3:69:a3:1b:61:27:6f:b8:43:01
Signer

Actual PE Digest

2a:b0:12:e7:c0:ed:33:4b:db:d4:08:63:e0:e5:46:3a:c0:c9:e4:a2:52:7e:e3:69:a3:1b:61:27:6f:b8:43:01

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.StateRepositoryBroker.pdb

Imports

msvcrt

_lock
wcsncmp
__CxxFrameHandler3
_vsnwprintf
_callnewh
__C_specific_handler
_initterm
malloc
_amsg_exit
_XcptFilter
free
__dllonexit
_onexit
_purecall
_unlock
memcpy_s
memset

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceExecuteOnce
InitOnceComplete

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoRevertToSelf

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation
EventWriteTransfer

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
OpenProcessToken
OpenThreadToken
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-1-0

SetEvent
CreateEventExW
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockShared

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent

rpcrt4

NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleFree
NdrOleAllocate

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
RaiseException
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

combase

ord168

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
GetTokenInformation

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.StateRepositoryClient.dll
.dll windows:10 windows x64 arch:x64

7f01981f3b33412d7b73a6acdee04594

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

72:19:d3:a2:c2:14:d6:66:78:2a:be:cc:d4:51:e8:e0:ca:e3:43:51:a6:f3:25:21:54:8b:89:79:89:fd:1b:47
Signer

Actual PE Digest

72:19:d3:a2:c2:14:d6:66:78:2a:be:cc:d4:51:e8:e0:ca:e3:43:51:a6:f3:25:21:54:8b:89:79:89:fd:1b:47

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.StateRepositoryClient.pdb

Imports

msvcrt

__C_specific_handler
__CxxFrameHandler3
malloc
_lock
_unlock
__dllonexit
_onexit
memcpy
_amsg_exit
memcmp
_initterm
_callnewh
memmove_s
_ui64tow_s
_XcptFilter
free
_purecall
memcpy_s
_vsnwprintf
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleExA
GetProcAddress
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce
Sleep

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
InitializeSRWLock
WaitForSingleObject
LeaveCriticalSection
ReleaseMutex
OpenEventW
DeleteCriticalSection
WaitForSingleObjectEx
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
ResetEvent
InitializeCriticalSectionEx
OpenSemaphoreW
AcquireSRWLockExclusive
CreateSemaphoreExW
ReleaseSRWLockExclusive
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
SetRestrictedErrorInfo
RoOriginateError
RoOriginateErrorW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

NdrOleFree
NdrOleAllocate
NdrClientCall3
NdrDllGetClassObject
NdrDllCanUnloadNow
RpcBindingFree
RpcBindingCreateW
RpcBindingBind

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoGetApartmentType

api-ms-win-security-base-l1-1-0

InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AddAccessAllowedAceEx
GetLengthSid
GetTokenInformation
EqualSid

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW

ntdll

RtlConvertSidToUnicodeString
RtlInitUnicodeString
RtlCopySid
NtQueryInformationToken
RtlFreeHeap
RtlAllocateHeap
RtlLengthSid
RtlValidSid
RtlFreeUnicodeString

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolWaitCallbacks
WaitForThreadpoolTimerCallbacks
SetThreadpoolWait
SetThreadpoolTimer
CreateThreadpoolWait
CloseThreadpoolWait
CreateThreadpoolTimer

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
RoReportFailedDelegate

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
SRAddPackageDependency
SRAppExtensionIterator_Close
SRAppExtensionIterator_GetNext
SRAppExtension_FindByUserAndName
SRCacheCheckIntegrity
SRCheckIntegrity
SRCheckIntegrity2
SRDeletePackageDependency
SRDictionaryFree
SRDictionaryToPropertySet
SREnsureCacheIsInitialized
SRGetEffectivePackageStatusForUserFromToken
SRGetEffectivePackageStatusForUserSid
SRGetExternalLocation
SRGetIdForPackageDependencyContext
SRGetIsEffectiveSupportedUsersMultiple
SRGetPackageOriginForUser
SRGetPackageStatus
SRGetPackageStatusForUserFromToken
SRGetPackageStatusForUserSid
SRGetResolvedPackageFullNameForPackageDependency
SRGetStagedPackageOrigin
SRImportPackageUserStatus
SRPackageDependencyExistsByUserAndPackageFullName
SRPropertySetToDictionary
SRRemovePackageDependency
SRRemovePackageStatus
SRRemovePackageStatusForUserFromToken
SRRemovePackageStatusForUserSid
SRRepair
SRTryCreatePackageDependency
SRUpdatePackageStatus
SRUpdatePackageStatusForUserFromToken
SRUpdatePackageStatusForUserSid
StateRepositoryDoMaintenanceTasks

Sections

.text
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.StateRepositoryCore.dll
.dll windows:10 windows x64 arch:x64

13e74f848ae87f18744b91b95fd08cb3

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:9d:3c:4b:7e:3b:5c:34:a6:7a:3e:fd:81:64:1b:59:b1:03:48:a9:7d:e8:18:3b:47:2e:22:57:1f:ff:4a:da
Signer

Actual PE Digest

1b:9d:3c:4b:7e:3b:5c:34:a6:7a:3e:fd:81:64:1b:59:b1:03:48:a9:7d:e8:18:3b:47:2e:22:57:1f:ff:4a:da

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.StateRepositoryCore.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_free
_o_malloc
_o_wcstoll
__C_specific_handler
_o___stdio_common_vswprintf
_o__cexit
_o__callnewh
_o__configure_narrow_argv
_o___std_type_info_destroy_list
wcschr
__CxxFrameHandler3
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleHandleExW
GetProcAddress
GetModuleHandleExA
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
LeaveCriticalSection
WaitForSingleObject
ReleaseMutex
ReleaseSemaphore
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
CreateMutexExW
CreateSemaphoreExW
OpenSemaphoreW
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetWindowsDirectoryW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteTreeW
RegDeleteKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-security-base-l1-1-0

CreateWellKnownSid

api-ms-win-security-lsalookup-l1-1-0

LsaLookupGetDomainInfo
LsaLookupFreeMemory
LsaLookupOpenLocalPolicy
LsaLookupClose

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

ntdll

RtlFreeHeap
RtlAllocateHeap

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

SRCacheContext_AddToCache
SRCacheContext_CacheInitialize
SRCacheContext_CacheShutdown
SRCacheContext_Close
SRCacheContext_Create
SRCacheContext_CreateSubContext
SRCacheContext_Delete
SRCacheContext_DeleteField
SRCacheContext_DeleteIfEmpty
SRCacheContext_EnumerateData
SRCacheContext_EnumerateIndex
SRCacheContext_GetField_Binary
SRCacheContext_GetField_MultiString
SRCacheContext_GetField_String
SRCacheContext_GetField_UInt32
SRCacheContext_GetField_UInt64
SRCacheContext_HasSubKeys
SRCacheContext_IsEmpty
SRCacheContext_Open
SRCacheContext_OpenSubContext
SRCacheContext_SetField_Binary
SRCacheContext_SetField_MultiString
SRCacheContext_SetField_String
SRCacheContext_SetField_UInt32
SRCacheContext_SetField_UInt64
SRCacheManager_Close
SRCacheManager_DeleteContext
SRCacheManager_GetProperty_UInt32
SRCacheManager_GetProperty_UInt64
SRCacheManager_GetRevision
SRCacheManager_Open
SRCacheManager_SetProperty_UInt32
SRCacheManager_SetProperty_UInt64
SRCache_AllocBuffer
SRCache_AllocStringBuffer
SRCache_DuplicateBuffer
SRCache_DuplicateString
SRCache_ExpandMacros
SRCache_Free
SRCache_GetDefaultAccountSid

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.StateRepositoryPS.dll
.dll windows:10 windows x64 arch:x64

7c2ebb166c0afe83d0a17a9336c556fb

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:0c:b7:e2:bf:69:12:6f:59:0f:ef:f5:a6:09:80:a0:e2:76:81:17:bf:9e:da:70:25:cc:af:3d:72:ab:0d:6e
Signer

Actual PE Digest

a1:0c:b7:e2:bf:69:12:6f:59:0f:ef:f5:a6:09:80:a0:e2:76:81:17:bf:9e:da:70:25:cc:af:3d:72:ab:0d:6e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.StateRepositoryPS.pdb

Imports

msvcrt

malloc
free
_amsg_exit
__C_specific_handler
_XcptFilter
_initterm

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserFree64
HSTRING_UserFree
HSTRING_UserMarshal64
HSTRING_UserSize
HSTRING_UserMarshal
HSTRING_UserUnmarshal64
HSTRING_UserUnmarshal
HSTRING_UserSize64

rpcrt4

NdrDllCanUnloadNow
NdrOleAllocate
NdrDllGetClassObject
NdrOleFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 856KB - Virtual size: 855KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.StateRepositoryUpgrade.dll
.dll windows:10 windows x64 arch:x64

8edefbdf84027fb35199b207e536ed90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.StateRepositoryUpgrade.pdb

Imports

msvcrt

wcschr
_stricmp
_vsnprintf
realloc
_purecall
free
_XcptFilter
_amsg_exit
malloc
_initterm
__C_specific_handler
_lock
_unlock
__dllonexit
_onexit
memset
_vsnwprintf
memmove
memcpy
_callnewh
memcmp
__CxxFrameHandler3
memmove_s
memcpy_s
strcmp

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleW
FreeLibrary
GetModuleHandleExA
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
CreateSemaphoreExW
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
DeleteCriticalSection
WaitForSingleObject
ReleaseMutex
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
ProcessIdToSessionId
TerminateProcess
GetCurrentThread
OpenProcessToken
OpenThreadToken
SetThreadToken
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlCaptureStackBackTrace
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetLocalTime
GetTickCount

ntdll

RtlConvertSidToUnicodeString
RtlFreeUnicodeString
RtlExpandEnvironmentStrings
RtlDetermineDosPathNameType_U
RtlLookupElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
RtlCompareUnicodeString
NtQueryInformationThread
NtQueryInformationProcess
RtlNtStatusToDosErrorNoTeb
NtQueryInformationFile
NtSetInformationThread
RtlAllocateHeap
RtlAcquireSRWLockExclusive
RtlDeriveCapabilitySidsFromName
RtlInitUnicodeString
RtlGetDeviceFamilyInfoEnum
RtlFreeHeap

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegDeleteTreeW
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-security-base-l1-1-0

EqualSid
CopySid
GetLengthSid
GetTokenInformation
CreateWellKnownSid

staterepository.core

sqlite3_vfs_unregister
sqlite3_status
sqlite3_expanded_sql
sqlite3_snprintf
sqlite3_config
sqlite3_step
sqlite3_reset
sqlite3_finalize
sqlite3_sql
sqlite3_column_blob
sqlite3_column_text16
sqlite3_column_bytes
sqlite3_column_int64
sqlite3_column_int
sqlite3_bind_blob
sqlite3_bind_text16
sqlite3_bind_int64
sqlite3_bind_int
sqlite3_clear_bindings
sqlite3_exec
sqlite3_stmt_busy
sqlite3_prepare_v2
sqlite3_free
sqlite3_errcode
sqlite3_next_stmt
sqlite3_db_status
sqlite3_db_filename
sqlite3_last_insert_rowid
sqlite3_changes
sqlite3_get_autocommit
sqlite3_errmsg
sqlite3_close
sqlite3_shutdown
sqlite3_db_handle
sqlite3_log

windows.staterepository

StateRepository_DataAccessLayer_DatabaseCache_Get
StateRepository_Service_UpdateStatus
StateRepository_DataAccessLayer_DatabaseCache_Add

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-file-l1-1-0

WriteFile
CreateFileW
GetFileAttributesW

api-ms-win-security-lsalookup-l1-1-0

LsaLookupClose
LsaLookupFreeMemory
LsaLookupGetDomainInfo
LsaLookupOpenLocalPolicy

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-windowserrorreporting-l1-1-1

WerRegisterCustomMetadata

api-ms-win-core-path-l1-1-0

PathCchCombine

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-appmodel-runtime-l1-1-1

GetApplicationUserModelIdFromToken

Exports

Exports

StateRepository_Migrate

Sections

.text
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.UI.Accessibility.dll
.dll windows:10 windows x64 arch:x64

79011a0159d1a17e7baec132e7b60e52

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.UI.Accessibility.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_abort
_o_free
_o_iswspace
_o_malloc
_o_pow
_o_round
_o_terminate
__C_specific_handler
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_CxxThrowException
__CxxFrameHandler3
__std_type_info_compare
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetExitCodeThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleExW
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameA
GetProcAddress

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
RaiseException
SetLastError

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedFlushSList
InterlockedPushEntrySList

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
AcquireSRWLockShared
CreateMutexExW
CreateEventW
CreateSemaphoreExW
EnterCriticalSection
AcquireSRWLockExclusive
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
SetEvent
InitializeCriticalSectionAndSpinCount
ReleaseMutex
ReleaseSRWLockExclusive
WaitForSingleObjectEx
ReleaseSemaphore
DeleteCriticalSection
ResetEvent
OpenSemaphoreW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsCreateStringReference
WindowsCreateString
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
TrySubmitThreadpoolCallback
CloseThreadpoolTimer

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoInitializeEx
CoCreateFreeThreadedMarshaler
IIDFromString
CoCreateGuid

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventRegister
EventWriteTransfer

ntdll

RtlPublishWnfStateData
RtlIsMultiSessionSku
RtlGetDeviceFamilyInfoEnum
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-core-psapi-l1-1-0

K32GetModuleBaseNameW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW

api-ms-win-core-file-l1-1-0

CreateDirectoryW
WriteFile
CreateFileW

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

api-ms-win-security-base-l1-1-0

DestroyPrivateObjectSecurity
CreateWellKnownSid
GetTokenInformation

api-ms-win-security-lsalookup-l1-1-0

LsaLookupFreeMemory
LsaLookupGetDomainInfo
LsaLookupClose
LsaLookupOpenLocalPolicy

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_QueryService

msvcp_win

?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory

Sections

.text
Size: 216KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.UI.Core.TextInput.dll
.dll windows:10 windows x64 arch:x64

d351e301b8d9b5f8086a3f293da8df0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.UI.Core.TextInput.pdb

Imports

msvcrt

_initterm
free
_amsg_exit
_XcptFilter
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
__dllonexit
_unlock
??0exception@@QEAA@AEBQEBD@Z
memmove
memcpy
_lock
__CxxFrameHandler3
_CxxThrowException
?terminate@@YAXXZ
_callnewh
malloc
??1type_info@@UEAA@XZ
_onexit
memmove_s
_purecall
__CxxFrameHandler4
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
towlower
iswspace
wcstoul
iswalnum
wcsrchr
towupper
realloc
_wcsicmp
vswprintf_s
wcstok_s
wcsnlen
swscanf
tolower
sprintf_s
??0bad_cast@@QEAA@AEBV0@@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
localeconv
strcspn
_wcsnicmp
swscanf_s
strcpy_s
iswalpha
strrchr
__uncaught_exception
setlocale
___mb_cur_max_func
___lc_handle_func
___lc_codepage_func
_ismbblead
__pctype_func
isupper
calloc
islower
abort
memset
_wcsdup
__crtLCMapStringA
_wsetlocale
memcmp
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
__C_specific_handler
pow

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
GetModuleHandleExW
LoadStringW
GetModuleHandleW
DisableThreadLibraryCalls
FreeLibrary
LoadLibraryExW
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
ReleaseMutex
SetEvent
ReleaseSRWLockExclusive
InitializeSRWLock
AcquireSRWLockExclusive
OpenSemaphoreW
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseSRWLockShared
InitializeCriticalSection
CreateSemaphoreExW
WaitForSingleObject
ReleaseSemaphore
AcquireSRWLockShared
ResetEvent
CreateMutexExW
CreateEventW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapReAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
RaiseException
SetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
CreateThread
OpenProcessToken
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW
ResolveLocaleName
GetLocaleInfoW
LCMapStringW
GetLocaleInfoEx

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsDeleteString
WindowsDeleteStringBuffer
WindowsCompareStringOrdinal
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsPreallocateStringBuffer
WindowsPromoteStringBuffer
WindowsGetStringLen
WindowsCreateString
WindowsCreateStringReference

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo
RoTransformError
RoOriginateErrorW
SetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
WakeAllConditionVariable
InitOnceComplete
Sleep
SleepConditionVariableSRW
InitOnceBeginInitialize

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-com-l1-1-0

CoUninitialize
StringFromCLSID
CoCreateInstance
CLSIDFromString
CoTaskMemFree
CoTaskMemAlloc
CoGetApartmentType
CoReleaseMarshalData
CreateStreamOnHGlobal
CoGetMalloc
CoMarshalInterface
CoGetInterfaceAndReleaseStream
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
CoInitializeEx

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureStackBackTrace

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTime
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryValueW
GetPersistedRegistryLocationW

api-ms-win-core-registry-l1-1-0

RegOpenCurrentUser
RegOpenKeyExW
RegGetValueW
RegQueryValueExW
RegCloseKey

api-ms-win-core-string-l1-1-0

GetStringTypeExW
CompareStringOrdinal
CompareStringW

api-ms-win-core-file-l1-1-0

CreateDirectoryW
GetFileAttributesW

api-ms-win-core-errorhandling-l1-1-3

TerminateProcessOnMemoryExhaustion

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

ntdll

RtlDllShutdownInProgress
NtQueryInformationProcess
RtlIsMultiUsersInSessionSku

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW
StrRChrW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 292KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.UI.Cred.dll
.dll windows:10 windows x64 arch:x64

99e80f83ae7ca4ffd586bdb01f2346a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.UI.Cred.pdb

Imports

wincorlib

?Equals@Object@Platform@@QE$AAA_NPE$AAV12@@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
?get@FullName@Type@Platform@@QE$AAAPE$AAVString@3@XZ
?GetTypeCode@Type@Platform@@SA?AW4TypeCode@2@PE$AAV12@@Z
?GetIBoxVtable@Details@Platform@@YAPEAXPEAX@Z
?CreateValue@Details@Platform@@YAPE$AAVObject@2@W4TypeCode@2@PEBX@Z
?ReCreateException@Exception@Platform@@SAPE$AAV12@H@Z
?ResolveWeakReference@Details@Platform@@YAPE$AAVObject@2@AEBU_GUID@@PEAPEAU__abi_IUnknown@@@Z
??0DisconnectedException@Platform@@QE$AAA@XZ
??0Delegate@Platform@@QE$AAA@XZ
??0ChangedStateException@Platform@@QE$AAA@XZ
??0OutOfBoundsException@Platform@@QE$AAA@XZ
??0FailureException@Platform@@QE$AAA@XZ
??0OutOfMemoryException@Platform@@QE$AAA@XZ
??0NullReferenceException@Platform@@QE$AAA@XZ
?GetWeakReference@Details@Platform@@YAPEAU__abi_IUnknown@@QE$ADVObject@2@@Z
??0NotImplementedException@Platform@@QE$AAA@XZ
?CreateException@Exception@Platform@@SAPE$AAV12@H@Z
?__abi_ObjectToString@__abi_details@@YAPE$AAVString@Platform@@PE$AAVObject@3@_N@Z
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z
?__abi_cast_Object_to_String@__abi_details@@YAPE$AAVString@Platform@@_NPE$AAVObject@3@@Z
?__abi_make_type_id@@YAPE$AAVType@Platform@@AEBU__abi_type_descriptor@@@Z
??BType@Platform@@SA?AVTypeName@Interop@Xaml@UI@Windows@@PE$AAV01@@Z
?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?Free@Heap@Details@Platform@@SAXPEAX@Z
??0Object@Platform@@QE$AAA@XZ
?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z
?__abi_FailFast@@YAXXZ
?UninitializeData@Details@Platform@@YAXH@Z
?InitializeData@Details@Platform@@YAJH@Z
?__abi_WinRTraiseFailureException@@YAXXZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ
?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
??0InvalidArgumentException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0InvalidArgumentException@Platform@@QE$AAA@XZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z

msvcrt

_XcptFilter
wcslen
memset
_amsg_exit
free
_CxxThrowException
__CxxFrameHandler3
wcsstr
_lock
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
?terminate@@YAXXZ
??3@YAXPEAX@Z
memcpy_s
_unlock
__C_specific_handler
_vsnwprintf
__CxxFrameHandler4
malloc
_initterm
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_purecall
_wsetlocale
__crtLCMapStringW
__crtCompareStringW
_wcsdup
_vsnprintf_s
abort
memcmp
___lc_collate_cp_func
calloc
__pctype_func
_ismbblead
___lc_codepage_func
___lc_handle_func
___mb_cur_max_func
setlocale
_callnewh
memmove
memcpy
??0exception@@QEAA@AEBQEBDH@Z
iswdigit
realloc
strchr
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
wcstol
_errno
__ExceptionPtrCopy
__ExceptionPtrDestroy
__ExceptionPtrCreate
__ExceptionPtrRethrow
__ExceptionPtrCurrentException
memmove_s
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBD@Z
wcsrchr

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleExW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
CreateEventExW
ReleaseMutex
SetEvent
InitializeCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
ReleaseSRWLockExclusive
EnterCriticalSection
ReleaseSemaphore
AcquireSRWLockShared
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
LeaveCriticalSection
ReleaseSRWLockShared
CreateMutexExW
CreateSemaphoreExW
ResetEvent

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsStringHasEmbeddedNull
WindowsGetStringLen
WindowsDeleteString
WindowsCreateStringReference
WindowsCreateString
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsConcatString
WindowsCompareStringOrdinal

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventActivityIdControl
EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetThreadUILanguage

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
StringFromGUID2
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoTaskMemRealloc
CoGetApartmentType
CoGetObjectContext
CoTaskMemFree

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-string-l1-1-0

GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 828KB - Virtual size: 825KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.UI.FileExplorer.dll
.dll windows:10 windows x64 arch:x64

9d20a61a7392f29db2edee538d6b90e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

windows.ui.fileexplorer.pdb

Imports

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o_abort
_o_ceil
_o_ceilf
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_strncpy_s
_o_terminate
_o_towlower
__CxxFrameHandler4
__std_terminate
memcpy
memcmp
memmove
strchr
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__get_errno
_CxxThrowException
__current_exception_context
__current_exception
__C_specific_handler
_o__execute_onexit_table
_o__errno
__CxxFrameHandler3
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy

api-ms-win-crt-string-l1-1-0

wcslen
strncmp
wcsncmp
wcsnlen
wcsncpy
wcscmp
strcmp
memset
strlen

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

msvcp_win

?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
_Mtx_unlock
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Mtx_lock
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?_Xbad_function_call@std@@YAXXZ
_Thrd_yield
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?_Throw_C_error@std@@YAXH@Z
?__ExceptionPtrCreate@@YAXPEAX@Z

dwmapi

DwmSetWindowAttribute

coremessaging

CreateDispatcherQueueController

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExA
FindResourceExW
FindStringOrdinal
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
LoadResource
LoadLibraryExW
FreeLibrary
GetProcAddress
LockResource

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-com-l1-1-0

CoGetApartmentType
CoCreateInstance
PropVariantClear
CoCreateFreeThreadedMarshaler
CoGetObjectContext
StringFromGUID2
CoTaskMemRealloc
CoGetMalloc
CoTaskMemAlloc
CoWaitForMultipleHandles
CoTaskMemFree

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetLastError
SetLastError

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
CreateMutexExW
InitializeCriticalSectionAndSpinCount
OpenSemaphoreW
ReleaseMutex
CreateEventW
ReleaseSRWLockShared
InitializeCriticalSectionEx
InitializeCriticalSection
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreExW
DeleteCriticalSection
SetEvent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
ResetEvent
LeaveCriticalSection
WaitForSingleObjectEx
CreateEventExW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FindNLSStringEx
FormatMessageW

api-ms-win-core-url-l1-1-0

PathIsURLW

api-ms-win-core-threadpool-l1-2-0

TrySubmitThreadpoolCallback
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWait
CloseThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegSetValueExW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey

oleaut32

VariantInit
VariantClear
SysAllocString
SetErrorInfo
GetErrorInfo
SafeArrayGetDim
SysFreeString
SysStringLen

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-shcore-registry-l1-1-0

SHQueryValueExW
SHDeleteKeyW
SHDeleteValueW

api-ms-win-shcore-sysinfo-l1-1-0

IsOS

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-shcore-stream-l1-1-0

IStream_Write
IStream_Reset
IStream_Read
IStream_Size
SHCreateMemStream

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

rpcrt4

UuidCreate

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsUNCW
PathFindNextComponentW
PathFindExtensionW
PathParseIconLocationW
PathSkipRootW

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor
GetScaleFactorForMonitor

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-shcore-unicodeansi-l1-1-0

SHAnsiToUnicode

api-ms-win-shcore-stream-winrt-l1-1-0

CreateStreamOverRandomAccessStream
CreateRandomAccessStreamOverStream

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

api-ms-win-shcore-registry-l1-1-1

SHRegGetValueFromHKCUHKLM

api-ms-win-core-registry-l2-1-0

RegCreateKeyW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoFailFastWithErrorContext
GetRestrictedErrorInfo

api-ms-win-core-file-l1-1-0

GetFullPathNameW

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedFlushSList
InterlockedPushEntrySList

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_SetSite
IUnknown_GetSite
IUnknown_QueryService
IUnknown_Set

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch
StrCmpICW
StrDupW
StrCmpNIW
StrStrIW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

ntdll

NtQueryWnfStateData
NtQueryKey

api-ms-win-shcore-thread-l1-1-0

SHCreateThreadWithHandle

api-ms-win-shell-shellcom-l1-1-0

SHCoCreateInstance

api-ms-win-storage-exports-internal-l1-1-0

Global_WindowsStorage_esServerMode
SHGetKnownFolderItem
SHGetSpecialFolderLocation
GetRegDataDrivenCommand

shcore

ord123
ord142
ord120
ord190

propsys

PSPropertyBag_WriteDWORD
PSPropertyBag_WritePropertyKey
PSPropertyBag_WriteStream
PSPropertyBag_ReadGUID
PSPropertyBag_WriteBSTR
PSPropertyBag_ReadStream
PSPropertyBag_ReadPropertyKey
PSPropertyBag_ReadInt
PSPropertyBag_ReadBSTR
InitVariantFromBuffer
PSGetNameFromPropertyKey
PSPropertyBag_WriteBOOL
PropVariantToBoolean
PropVariantToUInt32
VariantToInt32WithDefault
PSCreateMemoryPropertyStore

oleacc

LresultFromObject
CreateStdAccessibleObject

shlwapi

ord168

shell32

ord727
ord18
ord941
Shell_GetCachedImageIndexW
SHParseDisplayName
SHGetItemFromObject
ord939
ord777
ord6
ord923
SHCreateShellItemArrayFromIDLists
SHCreateItemFromParsingName
SHCreateShellItemArrayFromShellItem
SHGetKnownFolderPath
ord17
ord850
ord907
ord21
SHGetIDListFromObject
SHShowManageLibraryUI
ord155
SHCreateItemFromIDList
ord16
ord68
ord866
SHBindToParent
ord764
AssocElemCreateForKey

winuicohabitation

WinAppSDKCohabitation_RegisterWASDKThread
WinAppSDKCohabitation_EnsureWASDKFrameworkPackageRegistered

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-util-l1-1-0

EncodePointer

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 1023KB - Virtual size: 1022KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.UI.Logon.dll
.dll windows:10 windows x64 arch:x64

174463489cd8ab04a4569b672be20f5a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.UI.Logon.pdb

Imports

wincorlib

?GetObjectContext@Details@Platform@@YAPEAUIUnknown@@XZ
?ResolveWeakReference@Details@Platform@@YAPE$AAVObject@2@AEBU_GUID@@PEAPEAU__abi_IUnknown@@@Z
??0DisconnectedException@Platform@@QE$AAA@XZ
??0Delegate@Platform@@QE$AAA@XZ
?Allocate@Heap@Details@Platform@@SAPEAX_K@Z
?ReCreateException@Exception@Platform@@SAPE$AAV12@H@Z
?GetProxyImpl@Details@Platform@@YAJPEAUIUnknown@@AEBU_GUID@@0PEAPEAU3@@Z
?ReleaseInContextImpl@Details@Platform@@YAJPEAUIUnknown@@0@Z
?GetTypeCode@Type@Platform@@SA?AW4TypeCode@2@PE$AAV12@@Z
?CreateValue@Details@Platform@@YAPE$AAVObject@2@W4TypeCode@2@PEBX@Z
?GetIBoxVtable@Details@Platform@@YAPEAXPEAX@Z
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z
?Equals@Object@Platform@@QE$AAA_NPE$AAV12@@Z
??0InvalidArgumentException@Platform@@QE$AAA@PE$AAVString@1@@Z
?get@FullName@Type@Platform@@QE$AAAPE$AAVString@3@XZ
?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ
?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z
??0ChangedStateException@Platform@@QE$AAA@XZ
??0NullReferenceException@Platform@@QE$AAA@XZ
??0OutOfBoundsException@Platform@@QE$AAA@XZ
??0FailureException@Platform@@QE$AAA@XZ
??0OutOfMemoryException@Platform@@QE$AAA@XZ
?CreateException@Exception@Platform@@SAPE$AAV12@H@Z
?__abi_cast_Object_to_String@__abi_details@@YAPE$AAVString@Platform@@_NPE$AAVObject@3@@Z
?__abi_make_type_id@@YAPE$AAVType@Platform@@AEBU__abi_type_descriptor@@@Z
??BType@Platform@@SA?AVTypeName@Interop@Xaml@UI@Windows@@PE$AAV01@@Z
??0NotImplementedException@Platform@@QE$AAA@XZ
?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z
??0InvalidArgumentException@Platform@@QE$AAA@XZ
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
?GetWeakReference@Details@Platform@@YAPEAU__abi_IUnknown@@QE$ADVObject@2@@Z
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?Free@Heap@Details@Platform@@SAXPEAX@Z
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseNotImplementedException@@YAXXZ
??0Object@Platform@@QE$AAA@XZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?__abi_WinRTraiseFailureException@@YAXXZ
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?UninitializeData@Details@Platform@@YAXH@Z
?InitializeData@Details@Platform@@YAJH@Z
?__abi_FailFast@@YAXXZ
?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
?get@Right@Rect@Foundation@Windows@@QEAAMXZ
?get@Bottom@Rect@Foundation@Windows@@QEAAMXZ
?__abi_ObjectToString@__abi_details@@YAPE$AAVString@Platform@@PE$AAVObject@3@_N@Z
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__wcsicmp
memmove
_o_abort
_o_atan2
_o_ceilf
_o_free
_o_iswdigit
_o_iswspace
_o_malloc
_o_memcpy_s
_o_realloc
_o_sqrt
_o_terminate
_o_wcstol
__CxxFrameHandler3
__C_specific_handler
__current_exception
__current_exception_context
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_CxxThrowException
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcslen

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsCompareStringOrdinal
WindowsDuplicateString
WindowsCreateStringReference
WindowsCreateString
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsConcatString
WindowsGetStringLen

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError
RoOriginateErrorW
GetRestrictedErrorInfo
SetRestrictedErrorInfo

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
ReleaseSRWLockShared
InitializeSRWLock
ReleaseSRWLockExclusive
CreateEventExW
CreateSemaphoreExW
ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
SetEvent

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleW
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleExW
FreeLibrary
GetModuleHandleExA

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
TerminateProcess
OpenThreadToken
GetCurrentProcessId
OpenProcessToken

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventWriteTransfer
EventActivityIdControl
EventUnregister

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-localization-l1-2-0

GetUserDefaultLocaleName
FormatMessageW

api-ms-win-core-com-l1-1-0

CoGetContextToken
StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoRevertToSelf
CoGetMalloc
CoGetCallContext
CoWaitForMultipleHandles
CoMarshalInterface
CoCreateFreeThreadedMarshaler
CoReleaseMarshalData
CreateStreamOnHGlobal
PropVariantClear
CoTaskMemAlloc

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
EqualSid
IsValidSid
GetTokenInformation
RevertToSelf

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegGetValueW
RegOpenCurrentUser
RegEnumValueW
RegQueryValueExW
RegOpenKeyExW

ntdll

RtlWakeAllConditionVariable
RtlSleepConditionVariableSRW
RtlNtStatusToDosErrorNoTeb
RtlPublishWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
wcsstr
strchr
wcsrchr
_vsnprintf_s
_vsnwprintf
EtwTraceMessage
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-string-l1-1-0

GetStringTypeExW
CompareStringOrdinal

api-ms-win-core-registryuserspecific-l1-1-0

SHRegGetUSValueW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

kernel32

CreateEventW

msvcp_win

_Cnd_wait
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?__ExceptionPtrRethrow@@YAXPEBX@Z
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_IsNonBlockingThread@_Task_impl_base@details@Concurrency@@SA_NXZ
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Wcscoll
_Wcsxfrm
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$collate@_W@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?is@?$ctype@_W@std@@QEBA_NF_W@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?GetNextAsyncId@platform@details@Concurrency@@YAIXZ
_Cnd_destroy_in_situ
_Cnd_init_in_situ
_Mtx_unlock
_Cnd_broadcast
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Xlength_error@std@@YAXPEBD@Z
?_Throw_C_error@std@@YAXH@Z

api-ms-win-crt-math-l1-1-0

_copysign

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640KB - Virtual size: 639KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.UI.Xaml.InkControls.dll
.dll windows:10 windows x64 arch:x64

66b69d83ab2909a660c13095fac1a47b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.UI.Xaml.InkControls.pdb

Imports

msvcp_win

_Mtx_lock
_Mtx_unlock
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_init_in_situ
?_Throw_C_error@std@@YAXH@Z
?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA
?_Xbad_function_call@std@@YAXXZ
_Mtx_destroy_in_situ

api-ms-win-crt-runtime-l1-1-0

_invoke_watson
_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_atan2f
_o_ceilf
_o_cosf
_o_fmodf
_o_free
_o_malloc
_o_realloc
_o_sinf
_o_sqrtf
__C_specific_handler
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcsstr
__std_terminate
__CxxFrameHandler4
_o__execute_onexit_table
_CxxThrowException
memcpy

api-ms-win-crt-string-l1-1-0

wcscmp
memset

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleExA
LoadLibraryExW
FindResourceExW
DisableThreadLibraryCalls
LockResource
LoadResource
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA
GetProcAddress

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
SetEvent
ResetEvent
CreateEventW
ReleaseSemaphore
AcquireSRWLockShared
CreateMutexExW
EnterCriticalSection
WaitForSingleObject
ReleaseSRWLockShared
ReleaseMutex
DeleteCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitializeSRWLock
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
HeapSize
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TlsFree
TlsAlloc
TlsSetValue
TerminateProcess
GetCurrentProcess
TlsGetValue
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

SetProcessPreferredUILanguages
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateErrorW
RoTransformError
RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceExecuteOnce
InitOnceComplete

api-ms-win-core-winrt-errorprivate-l1-1-0

RoFailFastWithErrorContextInternal2

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsCreateString
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsCreateStringReference
WindowsGetStringLen
WindowsDeleteString

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureStackBackTrace

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoCreateInstance
CoGetApartmentType

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-eventing-classicprovider-l1-1-0

TraceEvent

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegGetValueW
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-errorhandling-l1-1-3

TerminateProcessOnMemoryExhaustion

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-core-winrt-error-l1-1-1

RoClearError
RoGetMatchingRestrictedErrorInfo

bcp47langs

LanguageListAsMuiForm
GetApplicationLanguages

combase

ord90
ord157

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
GetDependencyLocatorStorage
XamlTestHookFreeInkControlsResourceLibrary

Sections

.text
Size: 796KB - Virtual size: 792KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.UI.Xaml.Maps.dll
.dll windows:10 windows x64 arch:x64

013bc7d1bf26c776837dcb1433de0cc8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.UI.Xaml.Maps.pdb

Imports

msvcp_win

?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_init_in_situ
?_Throw_C_error@std@@YAXH@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_invoke_watson
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsnicmp
_o_atan
_o_atan2
_o_ceilf
_o_cos
_o_floor
_o_fmod
_o_free
_o_malloc
_o_realloc
_o_sin
_o_sqrt
_o_tan
__C_specific_handler
_o__cexit
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___std_type_info_destroy_list
_o__crt_atexit
wcsstr
_o__configure_narrow_argv
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

LoadResource
FindResourceExW
FreeLibrary
LockResource
GetModuleFileNameA
GetProcAddress
GetModuleHandleW
LoadLibraryExW
DisableThreadLibraryCalls
GetModuleHandleExW

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
AcquireSRWLockExclusive
ReleaseSRWLockShared
InitializeCriticalSectionEx
CreateMutexExW
AcquireSRWLockShared
CreateSemaphoreExW
WaitForSingleObjectEx
ReleaseSRWLockExclusive
ReleaseMutex
CreateEventExW
WaitForSingleObject
CreateEventW
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
InitializeSRWLock

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc
HeapSize

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
OpenProcessToken
TlsFree
GetCurrentThreadId
TlsGetValue
TlsSetValue
TlsAlloc

api-ms-win-core-localization-l1-2-0

SetProcessPreferredUILanguages
GetLocaleInfoEx
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation
EventActivityIdControl
EventWriteTransfer

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo
RoTransformError
RoOriginateError
SetRestrictedErrorInfo
RoOriginateErrorW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-winrt-errorprivate-l1-1-0

RoFailFastWithErrorContextInternal2

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsCreateString
WindowsDeleteString
WindowsCreateStringReference
WindowsIsStringEmpty
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsCompareStringOrdinal
WindowsConcatString

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoClearError
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-com-l1-1-0

CoCreateGuid
CoReleaseMarshalData
CoMarshalInterface
CoGetApartmentType
CoCreateInstance
CoTaskMemRealloc
CoWaitForMultipleHandles
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CreateStreamOnHGlobal

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-eventing-classicprovider-l1-1-0

TraceEvent

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegGetValueW

api-ms-win-core-errorhandling-l1-1-3

TerminateProcessOnMemoryExhaustion

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-core-psm-app-l1-1-0

PsmUnregisterAppStateChangeNotification
PsmRegisterAppStateChangeNotification

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

bcp47langs

LanguageListAsMuiForm
GetApplicationLanguages

combase

ord157
ord90

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
GetDependencyLocatorStorage
XamlTestHookFreeMapsResourceLibrary

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.UI.Xaml.Phone.dll
.dll windows:10 windows x64 arch:x64

6f160f5cb09db6591b47a9efcd140db6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.UI.Xaml.Phone.pdb

Imports

msvcp_win

??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA
_Mtx_init_in_situ
?_Xbad_function_call@std@@YAXXZ
_Mtx_unlock
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_invoke_watson

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_ceilf
_o_floor
_o_free
_o_malloc
_o_realloc
__C_specific_handler
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__crt_atexit
_o__configure_narrow_argv
_CxxThrowException
memcmp
memcpy
__std_terminate
__CxxFrameHandler4
wcsstr

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FindResourceExW
GetModuleHandleW
LoadResource
DisableThreadLibraryCalls
FreeLibrary
LoadLibraryExW
GetProcAddress
GetModuleHandleExW
LockResource

api-ms-win-core-featurestaging-l1-1-0

UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification
RecordFeatureUsage
GetFeatureEnabledState

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
AcquireSRWLockShared
InitializeCriticalSectionEx
ReleaseSRWLockShared
ReleaseSemaphore
CreateSemaphoreExW
OpenSemaphoreW
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
WaitForSingleObjectEx
AcquireSRWLockExclusive
CreateEventW
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSize
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
TlsFree
TlsGetValue
TlsSetValue

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetProcessPreferredUILanguages

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
SetRestrictedErrorInfo
RoOriginateError
RoTransformError

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-winrt-errorprivate-l1-1-0

RoFailFastWithErrorContextInternal2

api-ms-win-core-winrt-string-l1-1-0

WindowsConcatString
WindowsCreateStringReference
WindowsDeleteString
WindowsCreateString
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDuplicateString
WindowsCompareStringOrdinal

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoClearError
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoGetApartmentType

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-eventing-classicprovider-l1-1-0

TraceEvent

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlCaptureStackBackTrace

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegGetValueW

api-ms-win-core-errorhandling-l1-1-3

TerminateProcessOnMemoryExhaustion

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-rtcore-ntuser-private-l1-1-7

IsOneCoreTransformMode

bcp47langs

GetApplicationLanguages
LanguageListAsMuiForm

combase

ord157
ord90

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CreateApplicationBarProxy
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
GetDependencyLocatorStorage
SendTelemetryOnSuspend
XamlControlsCalculateFlyoutPlacement
XamlControlsGetDatePickerSelection
XamlControlsGetListPickerSelection
XamlControlsGetPlatformMetadataProvider
XamlControlsGetPlatformResourcesModuleHandle
XamlControlsGetTimePickerSelection
XamlControlsTestHookCreateLoopingSelector
XamlTestHookFreePhoneResourceLibrary

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.UI.Xaml.Resources.Common.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows.UI.Xaml.dll
.dll windows:10 windows x64 arch:x64

37465290763c61c135d2f72b2f10e4fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

windows.ui.xaml.pdb

Imports

msvcp_win

?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
_Mtx_destroy_in_situ
?id@?$collate@G@std@@2V0locale@2@A
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
_Mtx_init_in_situ
??0_Locinfo@std@@QEAA@PEBD@Z
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
_Wcscoll
_Mtx_lock
??Bid@locale@std@@QEAA_KXZ
?widen@?$ctype@G@std@@QEBAGD@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?setf@ios_base@std@@QEAAHHH@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?id@?$ctype@G@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_C_error@std@@YAXH@Z
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
_Mtx_unlock
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
_Wcsxfrm
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_N@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGD@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?put@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@G@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Xbad_function_call@std@@YAXXZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA

api-ms-win-crt-runtime-l1-1-0

_invoke_watson
_initterm
_initterm_e

api-ms-win-crt-string-l1-1-0

wcscmp
memset
wcsncmp
wcscspn

api-ms-win-crt-math-l1-1-0

fmaxf
fminf
_finite
_isnan

api-ms-win-crt-private-l1-1-0

_o__free_base
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__malloc_base
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wcsnicmp
_o__wcstoi64
_o__wsplitpath_s
_o__wtoi
_o_abort
_o_atan2f
_o_calloc
_o_ceil
_o_ceilf
_o_cos
_o_cosf
_o_exp
_o_floor
_o_floorf
_o_fmod
_o_fmodf
_o_free
_o_isalpha
_o_isspace
_o_iswalnum
_o_iswblank
_o_iswcntrl
_o_iswdigit
_o_iswgraph
_o_iswprint
_o_iswpunct
_o_iswspace
_o_log
_o_log2f
_o_logf
_o_lroundf
_o_malloc
_o_memcpy_s
_o_pow
_o_powf
_o_realloc
_o_round
_o_roundf
_o_sin
_o_sinf
_o_sqrt
_o_sqrtf
_o_tanf
_o_terminate
_o_tolower
_o_towlower
_o_towupper
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstod
_o_wcstol
_o_wcstoll
_o_wcstoul
_o_wcstoull
wcsstr
__std_type_info_compare
wcschr
strchr
__C_specific_handler
wcsrchr
__current_exception
__current_exception_context
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__beginthreadex
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o__execute_onexit_table
__std_terminate
__CxxFrameHandler4
_o__errno
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameW
FindStringOrdinal
LoadResource
FindResourceExW
GetModuleHandleExA
SizeofResource
GetProcAddress
LockResource
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

WaitForMultipleObjectsEx
OpenEventW
SetEvent
CreateSemaphoreExW
InitializeCriticalSectionAndSpinCount
CreateEventExW
AcquireSRWLockShared
CreateMutexExW
EnterCriticalSection
LeaveCriticalSection
ReleaseSRWLockShared
OpenMutexW
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitializeCriticalSection
ReleaseSRWLockExclusive
DeleteCriticalSection
ResetEvent
ReleaseMutex
CreateEventW
InitializeCriticalSectionEx
WaitForSingleObject
TryAcquireSRWLockExclusive
CreateMutexW
ReleaseSemaphore
InitializeSRWLock

api-ms-win-core-heap-l1-1-0

HeapFree
HeapSize
HeapCreate
GetProcessHeap
HeapAlloc
HeapReAlloc

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
SetThreadpoolTimer
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWait
CreateThreadpoolTimer
CloseThreadpoolWait
CreateThreadpoolWork
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
OpenProcessToken
TlsFree
SwitchToThread
TlsGetValue
TlsAlloc
GetCurrentThreadId
SetThreadPriority
GetCurrentThread
GetThreadPriority
TlsSetValue
GetProcessId
GetCurrentProcess
SetPriorityClass
CreateThread
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
GetPriorityClass

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetVersionExW
GetSystemInfo
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetThreadUILanguage
GetLocaleInfoW
ResolveLocaleName
LCMapStringEx
GetLocaleInfoEx
SetProcessPreferredUILanguages
FindNLSStringEx
GetUserDefaultLCID
LocaleNameToLCID

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventSetInformation
EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-wow64-l1-1-0

Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureStackBackTrace
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegQueryInfoKeyW
RegGetValueW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW

api-ms-win-core-string-l1-1-0

CompareStringEx
MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte
GetStringTypeExW

api-ms-win-core-synch-l1-2-0

InitOnceInitialize
InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce
Sleep

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-core-shlwapi-legacy-l1-1-0

PathRemoveFileSpecW
PathAddBackslashW
PathFindExtensionW
PathCombineW

api-ms-win-core-kernel32-legacy-l1-1-1

PowerCreateRequest
PowerClearRequest
PowerSetRequest

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-oobe-notification-l1-1-0

OOBEComplete

ntdll

RtlNtStatusToDosError
ZwQueryWnfStateData
RtlInitUnicodeString
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQuerySecurityObject
RtlIsMultiSessionSku
RtlGetDeviceFamilyInfoEnum
RtlFreeHeap
RtlAllocateHeap
NtPowerInformation
NtQueryWnfStateData
RtlQueryPackageClaims
RtlCopyUnicodeString
NtQuerySecurityAttributesToken
RtlCompareMemory
NtSetSecurityObject
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
RtlAddAce
RtlPublishWnfStateData
RtlGetAce
RtlCreateAcl
RtlUnsubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlLengthSid
RtlQueryInformationAcl
RtlGetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSubscribeWnfStateChangeNotification

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
AccessCheck
DuplicateToken
GetAce
GetSidSubAuthorityCount
GetSidSubAuthority
EqualSid
RevertToSelf
GetTokenInformation

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetThreadTimes
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-processtopology-obsolete-l1-1-0

GetProcessAffinityMask

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW
K32GetProcessMemoryInfo
QueryFullProcessImageNameW

api-ms-win-core-file-l1-1-0

WriteFile
GetTempFileNameW
CreateFileW
GetFileAttributesW
SetEndOfFile
GetFileSize
GetFileTime
ReadFile
SetFilePointerEx
GetFileSizeEx

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
SearchPathW
GetEnvironmentVariableW

api-ms-win-core-url-l1-1-0

UrlCanonicalizeW
PathCreateFromUrlW
UrlCreateFromPathW

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-timezone-l1-1-0

GetDynamicTimeZoneInformation
SystemTimeToFileTime

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage
GetUserDefaultUILanguage

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-provider-l1-1-0

GetSecurityInfo

api-ms-win-core-errorhandling-l1-1-3

TerminateProcessOnMemoryExhaustion

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

combase

ord134
ord147
ord157
ord90

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchAddExtension
PathCchAddBackslash

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCSpnW
QISearch

Exports

Exports

CalculateAvailableMonitorRect
CreateString
CreateXamlUIPresenter
DeleteString
DisableDeferredInvoke
DllCanUnloadNow
DllGetActivationFactory
DllMain
GetDependencyObjectAddress
GetErrorContextIndex
GetGlobalModuleParams
GetStringLen
GetStringRawBuffer
InitializeXamlDiagnosticsEx
OverrideXamlMetadataProvider
OverrideXamlResourcePropertyBag

Sections

.text
Size: 13.0MB - Virtual size: 13.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 808KB - Virtual size: 805KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 520KB - Virtual size: 517KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WindowsManagementServiceWinRt.ProxyStub.dll
.dll windows:10 windows x64 arch:x64

8b06d0005ebbc15f5e467f4faa3f3c7d

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:bb:08:d7:e4:c9:db:5b:9d:1f:bb:4d:1b:0e:ea:21:09:12:b7:78:da:a2:ad:69:6f:50:2c:37:88:9d:0f:fc
Signer

Actual PE Digest

39:bb:08:d7:e4:c9:db:5b:9d:1f:bb:4d:1b:0e:ea:21:09:12:b7:78:da:a2:ad:69:6f:50:2c:37:88:9d:0f:fc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WindowsManagementServiceWinRt.ProxyStub.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
__C_specific_handler
_o___std_type_info_destroy_list

api-ms-win-crt-string-l1-1-0

memset

rpcrt4

NdrOleFree
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrOleAllocate

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserMarshal64
HSTRING_UserUnmarshal
HSTRING_UserFree64
HSTRING_UserMarshal
HSTRING_UserUnmarshal64
HSTRING_UserSize64
HSTRING_UserFree
HSTRING_UserSize

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetProxyDllInfo

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Wldap32.dll
.dll windows:10 windows x64 arch:x64

d5e572c3801d038a7bb1c6263baecfc4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wldap32.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
wcsnlen

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__itow
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsupr_s
_o_free
_o_wmemcpy_s
_o__crt_atexit
_o___std_type_info_destroy_list
_o__configure_narrow_argv
_o__cexit
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
wcsrchr
__C_specific_handler
_local_unwind
memcmp
memcpy

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
LeaveCriticalSection
SetEvent
CreateSemaphoreExW
ReleaseSemaphore
InitializeCriticalSectionEx
WaitForSingleObject
CreateMutexA
CreateEventA
ResetEvent
ReleaseMutex
InitializeCriticalSection
ReleaseSRWLockExclusive
DeleteCriticalSection
EnterCriticalSection
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
OpenThreadToken
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
GetCurrentThread
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
OpenProcessToken

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA
LoadStringW
GetProcAddress
GetModuleFileNameW
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW
FreeLibrary

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegGetValueW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTickCount64
GetVersionExW
GetComputerNameExW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-realtime-l1-1-0

QueryThreadCycleTime

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetThreadTimes

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-perfcounters-l1-1-0

PerfDeleteInstance
PerfCreateInstance
PerfStartProviderEx
PerfSetCounterRefValue
PerfSetCounterSetInfo
PerfStopProvider

ntdll

EtwEventRegister
RtlIpv4AddressToStringW
EtwEventWrite
RtlAcquireResourceShared
RtlReleaseResource
EtwEventUnregister
RtlInitializeResource
RtlDeleteResource
RtlNtStatusToDosError
RtlGetNtProductType
RtlInitUnicodeString
RtlAcquireResourceExclusive
RtlIpv6AddressToStringW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

LdapGetLastError
LdapMapErrorToWin32
LdapUTF8ToUnicode
LdapUnicodeToUTF8
ber_alloc_t
ber_bvdup
ber_bvecfree
ber_bvfree
ber_first_element
ber_flatten
ber_free
ber_init
ber_next_element
ber_peek_tag
ber_printf
ber_scanf
ber_skip_tag
cldap_open
cldap_openA
cldap_openW
ldap_abandon
ldap_add
ldap_addA
ldap_addW
ldap_add_ext
ldap_add_extA
ldap_add_extW
ldap_add_ext_s
ldap_add_ext_sA
ldap_add_ext_sW
ldap_add_s
ldap_add_sA
ldap_add_sW
ldap_bind
ldap_bindA
ldap_bindW
ldap_bind_s
ldap_bind_sA
ldap_bind_sW
ldap_check_filterA
ldap_check_filterW
ldap_cleanup
ldap_close_extended_op
ldap_compare
ldap_compareA
ldap_compareW
ldap_compare_ext
ldap_compare_extA
ldap_compare_extW
ldap_compare_ext_s
ldap_compare_ext_sA
ldap_compare_ext_sW
ldap_compare_s
ldap_compare_sA
ldap_compare_sW
ldap_conn_from_msg
ldap_connect
ldap_control_free
ldap_control_freeA
ldap_control_freeW
ldap_controls_free
ldap_controls_freeA
ldap_controls_freeW
ldap_count_entries
ldap_count_references
ldap_count_values
ldap_count_valuesA
ldap_count_valuesW
ldap_count_values_len
ldap_create_page_control
ldap_create_page_controlA
ldap_create_page_controlW
ldap_create_sort_control
ldap_create_sort_controlA
ldap_create_sort_controlW
ldap_create_vlv_controlA
ldap_create_vlv_controlW
ldap_delete
ldap_deleteA
ldap_deleteW
ldap_delete_ext
ldap_delete_extA
ldap_delete_extW
ldap_delete_ext_s
ldap_delete_ext_sA
ldap_delete_ext_sW
ldap_delete_s
ldap_delete_sA
ldap_delete_sW
ldap_dn2ufn
ldap_dn2ufnA
ldap_dn2ufnW
ldap_encode_sort_controlA
ldap_encode_sort_controlW
ldap_err2string
ldap_err2stringA
ldap_err2stringW
ldap_escape_filter_element
ldap_escape_filter_elementA
ldap_escape_filter_elementW
ldap_explode_dn
ldap_explode_dnA
ldap_explode_dnW
ldap_extended_operation
ldap_extended_operationA
ldap_extended_operationW
ldap_extended_operation_sA
ldap_extended_operation_sW
ldap_first_attribute
ldap_first_attributeA
ldap_first_attributeW
ldap_first_entry
ldap_first_reference
ldap_free_controls
ldap_free_controlsA
ldap_free_controlsW
ldap_get_dn
ldap_get_dnA
ldap_get_dnW
ldap_get_next_page
ldap_get_next_page_s
ldap_get_option
ldap_get_optionA
ldap_get_optionW
ldap_get_paged_count
ldap_get_values
ldap_get_valuesA
ldap_get_valuesW
ldap_get_values_len
ldap_get_values_lenA
ldap_get_values_lenW
ldap_init
ldap_initA
ldap_initW
ldap_memfree
ldap_memfreeA
ldap_memfreeW
ldap_modify
ldap_modifyA
ldap_modifyW
ldap_modify_ext
ldap_modify_extA
ldap_modify_extW
ldap_modify_ext_s
ldap_modify_ext_sA
ldap_modify_ext_sW
ldap_modify_s
ldap_modify_sA
ldap_modify_sW
ldap_modrdn
ldap_modrdn2
ldap_modrdn2A
ldap_modrdn2W
ldap_modrdn2_s
ldap_modrdn2_sA
ldap_modrdn2_sW
ldap_modrdnA
ldap_modrdnW
ldap_modrdn_s
ldap_modrdn_sA
ldap_modrdn_sW
ldap_msgfree
ldap_next_attribute
ldap_next_attributeA
ldap_next_attributeW
ldap_next_entry
ldap_next_reference
ldap_open
ldap_openA
ldap_openW
ldap_parse_extended_resultA
ldap_parse_extended_resultW
ldap_parse_page_control
ldap_parse_page_controlA
ldap_parse_page_controlW
ldap_parse_reference
ldap_parse_referenceA
ldap_parse_referenceW
ldap_parse_result
ldap_parse_resultA
ldap_parse_resultW
ldap_parse_sort_control
ldap_parse_sort_controlA
ldap_parse_sort_controlW
ldap_parse_vlv_controlA
ldap_parse_vlv_controlW
ldap_perror
ldap_rename_ext
ldap_rename_extA
ldap_rename_extW
ldap_rename_ext_s
ldap_rename_ext_sA
ldap_rename_ext_sW
ldap_result
ldap_result2error
ldap_sasl_bindA
ldap_sasl_bindW
ldap_sasl_bind_sA
ldap_sasl_bind_sW
ldap_search
ldap_searchA
ldap_searchW
ldap_search_abandon_page
ldap_search_ext
ldap_search_extA
ldap_search_extW
ldap_search_ext_s
ldap_search_ext_sA
ldap_search_ext_sW
ldap_search_init_page
ldap_search_init_pageA
ldap_search_init_pageW
ldap_search_s
ldap_search_sA
ldap_search_sW
ldap_search_st
ldap_search_stA
ldap_search_stW
ldap_set_dbg_flags
ldap_set_dbg_routine
ldap_set_option
ldap_set_optionA
ldap_set_optionW
ldap_simple_bind
ldap_simple_bindA
ldap_simple_bindW
ldap_simple_bind_s
ldap_simple_bind_sA
ldap_simple_bind_sW
ldap_sslinit
ldap_sslinitA
ldap_sslinitW
ldap_start_tls_sA
ldap_start_tls_sW
ldap_startup
ldap_stop_tls_s
ldap_ufn2dn
ldap_ufn2dnA
ldap_ufn2dnW
ldap_unbind
ldap_unbind_s
ldap_value_free
ldap_value_freeA
ldap_value_freeW
ldap_value_free_len

Sections

.text
Size: 272KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WordBreakers.dll
.dll windows:10 windows x64 arch:x64

099be735f6c40d62deb2d257bd61ee14

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WordBreakers.pdb

Imports

msvcrt

?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
_vsnprintf_s
_XcptFilter
memcpy_s
_CxxThrowException
??0exception@@QEAA@AEBV0@@Z
iswalnum
??0exception@@QEAA@AEBQEBDH@Z
memmove_s
_initterm
iswspace
memcmp
__CxxFrameHandler3
free
_onexit
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
memcpy
_amsg_exit
__CxxFrameHandler4
__dllonexit
_purecall
_vsnwprintf
__C_specific_handler
_callnewh
_unlock
?terminate@@YAXXZ
malloc
??3@YAXPEAX@Z
_lock
memmove
??1type_info@@UEAA@XZ
memset

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExW
DisableThreadLibraryCalls
GetProcAddress
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
Sleep
InitOnceComplete

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-registry-l1-1-0

RegCloseKey

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
DeleteCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockShared
AcquireSRWLockExclusive
OpenSemaphoreW
AcquireSRWLockShared
EnterCriticalSection
ReleaseSemaphore
ReleaseSRWLockExclusive
CreateSemaphoreExW
ReleaseMutex
CreateMutexExW
LeaveCriticalSection
WaitForSingleObject

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CloseThreadpoolTimer
CloseThreadpoolWait
WaitForThreadpoolTimerCallbacks

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

GetStringTypeExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WpcTok.exe
.exe windows:10 windows x64 arch:x64

d9ecc55cbdc90794f62cf16807f075df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wpctok.pdb

Imports

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
_Wcsxfrm
_Wcscoll
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$ctype@G@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?tolower@?$ctype@G@std@@QEBAGG@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$collate@G@std@@2V0locale@2@A
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__i64tow_s
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itoa_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_errno
_o__set_fmode
_o__set_new_mode
_o__ui64tow_s
_o__wcstoui64
memmove
_o_exit
_o_free
_o_malloc
_o_realloc
_o_strncpy_s
_o_strtol
_o_terminate
_o_towlower
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o___stdio_common_vfwprintf
_o___std_type_info_name
_o___std_exception_destroy
_o___std_exception_copy
_o__exit
_o___p__commode
_o__errno
_o__get_initial_wide_environment
_o___p___wargv
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___p___argc
_o___stdio_common_vswprintf
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler4
_o___stdio_common_vsnprintf_s
memcmp
memcpy
__CxxFrameHandler3
__std_type_info_compare
strchr

api-ms-win-crt-string-l1-1-0

memset
wcscmp

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
TlsAlloc
TlsFree
GetCurrentProcessId
GetCurrentThread
GetCurrentProcess
TerminateProcess
TlsGetValue
OpenThreadToken
GetCurrentThreadId
OpenProcessToken

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DeleteCriticalSection
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeSRWLock
SleepEx
WaitForSingleObject
OpenSemaphoreW
SetEvent
CreateEventExW
WaitForSingleObjectEx
LeaveCriticalSection
ReleaseMutex
EnterCriticalSection
ReleaseSemaphore
CreateSemaphoreExW
CreateMutexExW
InitializeCriticalSection

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventActivityIdControl
EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString

ntdll

EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage

api-ms-win-service-management-l1-1-0

OpenServiceW
OpenSCManagerW

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceComplete

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegEnumKeyExW
RegGetValueW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegDeleteTreeW

api-ms-win-security-base-l1-1-0

GetTokenInformation
CreateWellKnownSid
CopySid

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-url-l1-1-0

UrlEscapeW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-threadpool-l1-2-0

CloseThreadpool

Sections

.text
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
acppage.dll
.dll windows:10 windows x64 arch:x64

933a8964155be2ea2e6c85c5283de581

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

acppage.pdb

Imports

msvcrt

sscanf_s
wcschr
wcsrchr
wcsncmp
wcscat_s
memset
_wcslwr
memcmp
memcpy
memmove
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
wcscpy_s
_callnewh
malloc
free
_wcsnicmp
wcsstr
_wcsupr
_wcsicmp
memmove_s
_purecall
memcpy_s
_vsnwprintf
__C_specific_handler

ntdll

RtlUpcaseUnicodeChar
RtlGetNativeSystemInformation
RtlInitUnicodeStringEx
ZwQueryValueKey
ZwOpenKey
ZwQuerySystemInformation
ZwClose
ZwEnumerateKey
RtlReAllocateHeap
NtQuerySection
RtlNtStatusToDosError
NtCreateSection
RtlImageDirectoryEntryToData
RtlFreeHeap
RtlAllocateHeap
NtOpenThreadToken
NtClose
NtQueryInformationToken
NtOpenProcessToken
RtlIsPartialPlaceholder
RtlImageRvaToVa
RtlInitUnicodeString
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

GetLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
GetFileTime
GetVersionExW
QueryActCtxW
ResolveDelayLoadedAPI
DelayLoadFailureHook
FreeLibrary
LoadLibraryExW
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
ReleaseSemaphore
GetModuleHandleExW
LeaveCriticalSection
InitializeCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
DisableThreadLibraryCalls
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
RaiseException
GetModuleFileNameW
HeapAlloc
GetProcAddress
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
FindFirstFileW
FindClose
lstrcmpiA
ReadFile
GetFileSizeEx
RegQueryValueExW
BasepGetExeArchType
ExpandEnvironmentStringsW
EncodePointer
RegOpenKeyExW
SetFilePointer
CreateFileW
GetSystemDirectoryW
UnmapViewOfFile
LoadLibraryW
DecodePointer
CheckElevationEnabled
LocalFree
RegCloseKey
CreateFileMappingW
MapViewOfFile
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
ReleaseActCtx
CreateActCtxW
DeactivateActCtx
CreateThreadpoolTimer
ActivateActCtx

user32

LoadStringA
EnableWindow
GetParent
GetDlgItem
InsertMenuW
SetWindowLongPtrW
LoadStringW
DialogBoxParamW
SendMessageW
EndDialog
GetSystemMetrics
SetWindowTextW
GetWindowLongPtrW
SetDlgItemTextW
SendDlgItemMessageW
SetThreadDpiAwarenessContext
IsWindowEnabled

shlwapi

UrlEscapeW
PathFindExtensionW
ord176
StrCmpIW
PathFindFileNameW

advapi32

EventUnregister
EventRegister
EventWriteTransfer
EventSetInformation

shell32

SHGetPathFromIDListW
ShellExecuteExW
SHParseDisplayName
ord155
ShellExecuteW
SHGetNameFromIDList
SHChangeNotify
SHGetItemFromDataObject

ole32

HWND_UserSize
HWND_UserSize64
HWND_UserFree64
HWND_UserFree
HWND_UserUnmarshal
HWND_UserMarshal
HWND_UserMarshal64
HWND_UserUnmarshal64
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoGetObject

rpcrt4

NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree

sfc

SfcIsFileProtected

apphelp

SdbFindFirstTag
SdbGetStringTagPtr
SdbTagRefToTagID
SdbQueryFlagMask
SdbReleaseDatabase
SdbGetPathSystemSdb
SdbGetMatchingExe
SdbFindNextTag
SdbInitDatabase

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetExeFromLnk

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aeinv.dll
.dll windows:10 windows x64 arch:x64

59ae424637f8ad3bb3d0a1febac6303c

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

82:02:5f:5e:22:65:d3:19:c4:bb:f8:23:a5:73:62:07:56:1f:eb:f8:dc:b3:2d:9b:34:17:1b:87:dd:11:b3:81
Signer

Actual PE Digest

82:02:5f:5e:22:65:d3:19:c4:bb:f8:23:a5:73:62:07:56:1f:eb:f8:dc:b3:2d:9b:34:17:1b:87:dd:11:b3:81

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

aeinv.pdb

Imports

msvcrt

___lc_collate_cp_func
memcmp
_wcsdup
__crtCompareStringW
__crtLCMapStringW
_wsetlocale
abort
memset
_wtoi
strncmp
toupper
wcsncmp
wcsrchr
__uncaught_exception
strcpy_s
_wcslwr
wcscat_s
calloc
wcstoul
_wsplitpath_s
iswalpha
wcspbrk
__pctype_func
setlocale
_wfsopen
fseek
_ismbblead
___lc_codepage_func
___lc_handle_func
___mb_cur_max_func
memmove_s
isdigit
wcstok_s
realloc
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
fclose
fwrite
wcsspn
__mb_cur_max
fgetpos
_fseeki64
fsetpos
??1type_info@@UEAA@XZ
setvbuf
fflush
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_wcsnicmp
_vsnprintf
wcsstr
?what@exception@@UEBAPEBDXZ
_wcsicmp
wcscpy_s
_vsnwprintf_s
_vscwprintf
tolower
iscntrl
isspace
iswcntrl
iswspace
ungetwc
ungetc
fputwc
towlower
fgetc
wcschr
_wtoi64
strchr
_set_errno
strtol
_errno
strncpy_s
sprintf_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
fgetwc
__CxxFrameHandler3
wcscmp

ntdll

ZwOpenKey
LdrResSearchResource
ZwQueryInformationFile
ZwOpenFile
ZwQueryValueKey
RtlFormatCurrentUserKeyPath
ZwMapViewOfSection
RtlUnicodeStringToAnsiString
RtlInitUnicodeStringEx
ZwSetInformationProcess
ZwQueryDirectoryFile
RtlVerifyVersionInfo
RtlSecondsSince1970ToTime
RtlGetNativeSystemInformation
RtlpEnsureBufferSize
ZwQueryInformationProcess
RtlxAnsiStringToUnicodeSize
RtlFreeUnicodeString
ZwCreateSection
RtlUpcaseUnicodeString
RtlUpcaseUnicodeChar
RtlTimeToTimeFields
ZwCreateFile
RtlAppendUnicodeToString
RtlNtPathNameToDosPathName
RtlAppendUnicodeStringToString
ZwUnmapViewOfSection
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
RtlAnsiStringToUnicodeString
ZwClose
EtwEventRegister
EtwEventWrite
EtwTraceMessage
RtlComputeCrc32
RtlCompareMemory
EtwEventUnregister
RtlLeaveCriticalSection
RtlFreeHeap
RtlInitializeCriticalSection
ZwEnumerateKey
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlReAllocateHeap
RtlEqualString
RtlAllocateHeap
RtlDeleteCriticalSection
RtlDosPathNameToNtPathName_U_WithStatus
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlAllocateAndInitializeSid
RtlNtStatusToDosError
ZwEnumerateValueKey
RtlRunOnceExecuteOnce
RtlCopyUnicodeString
RtlFreeSid
EtwEventWriteNoRegistration
WinSqmIsOptedInEx
VerSetConditionMask
RtlInitUnicodeString
LdrGetDllHandle
RtlInitString
LdrGetProcedureAddress
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtCreateFile
NtQueryInformationFile
NtClose
RtlGetVersion

advapi32

CryptAcquireContextW
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
TraceEvent
CryptCreateHash
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
EventUnregister
RegDeleteValueW
EventWriteTransfer
RegOpenKeyW
RegSetKeyValueW
RegDeleteKeyValueW
GetTokenInformation
ConvertSidToStringSidW
OpenThreadToken
OpenProcessToken
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegGetValueW
EventRegister
RegLoadAppKeyW

kernel32

GetCommandLineW
DeviceIoControl
GetVolumeInformationByHandleW
GetSystemInfo
LocaleNameToLCID
FileTimeToSystemTime
LocalAlloc
InitOnceExecuteOnce
TryAcquireSRWLockExclusive
InitializeSRWLock
GetCurrentDirectoryW
GetFileTime
K32EnumProcesses
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleHandleW
WriteFile
ExpandEnvironmentStringsW
OutputDebugStringA
GetModuleFileNameW
CreateFileW
GetModuleHandleExA
DebugBreak
RaiseException
HeapFree
SetLastError
GetModuleHandleExW
WaitForThreadpoolTimerCallbacks
GetCurrentThreadId
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetThreadpoolTimer
ReleaseSRWLockShared
HeapAlloc
GetProcAddress
AcquireSRWLockShared
GetProcessHeap
FreeLibrary
GetTickCount
QueryThreadCycleTime
GetCurrentThread
Sleep
VerifyVersionInfoW
LoadLibraryW
LoadLibraryExW
CloseHandle
UnmapViewOfFile
ReleaseMutex
SetEvent
WaitForSingleObject
SignalObjectAndWait
HeapReAlloc
OutputDebugStringW
IsDebuggerPresent
WaitForSingleObjectEx
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCurrentProcessId
CreateMutexExW
SetWaitableTimer
ReleaseSemaphore
WaitForMultipleObjects
GetSystemTimeAsFileTime
OpenProcess
QueryFullProcessImageNameW
InitializeCriticalSection
GetSystemDirectoryW
GetFileAttributesW
CreateEventW
CreateMutexW
CreateThreadpoolTimer
GetModuleFileNameA
CreateSemaphoreExW
OpenSemaphoreW
LoadLibraryExA
DelayLoadFailureHook
MultiByteToWideChar
QueryUnbiasedInterruptTime
GetSystemPowerStatus
LocalFree
CreateWaitableTimerW
OpenWaitableTimerW
CreateSemaphoreW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
WideCharToMultiByte
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
EncodePointer
DecodePointer
WakeAllConditionVariable
SleepConditionVariableSRW
FindFirstFileW
FindNextFileW
GetLongPathNameW
CloseThreadpoolTimer
CreateActCtxW
QueryActCtxW
ReleaseActCtx
GetLogicalDriveStringsW
QueryDosDeviceW
FindClose

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

oleaut32

VariantCopy
VariantChangeType
SysStringLen
SysAllocString
VariantInit
VariantClear
SysFreeString

rpcrt4

UuidCreate

msi

ord141
ord113
ord8
ord92
ord32
ord159
ord166
ord115
ord118
ord217
ord248
ord160
ord294
ord173

shlwapi

PathCommonPrefixW
ord487
PathFileExistsW
PathIsNetworkPathW
PathUnExpandEnvStringsW
SHCreateStreamOnFileEx
PathFindFileNameW

Exports

Exports

CreateAppxPackageInventory
CreateAppxPackageInventoryExtracted
CreateSoftwareInventory
GetAppInfo
GetAppInfo2
GetAppInventory
GetApplicationKBsTC2
GetCachedAppInventory
GetDetailedAppInventory
GetDetailedAppInventoryFile
GetDetailedAppInventoryOrphanFile
UpdateSoftwareInventoryW

Sections

.text
Size: 776KB - Virtual size: 773KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aemarebackup.dll
.dll windows:10 windows x64 arch:x64

0aff68a24eaf01abbb8c059ab0ae14a0

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

dd:b6:9e:84:84:7b:69:02:1a:13:8c:00:c7:93:4d:73:a0:94:3b:58:88:4e:ad:07:fc:f1:42:f9:6c:41:e8:ef
Signer

Actual PE Digest

dd:b6:9e:84:84:7b:69:02:1a:13:8c:00:c7:93:4d:73:a0:94:3b:58:88:4e:ad:07:fc:f1:42:f9:6c:41:e8:ef

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AeMareBackup.pdb

Imports

msvcrt

iswcntrl
iswspace
_wcslwr
__CxxFrameHandler3
_wtoi64
tolower
wcstol
_errno
swprintf_s
wcstoul
_wcstoui64
_wcsnicmp
_wtof
memcpy
isspace
_wtoi
wcsrchr
strcspn
memmove
_wsetlocale
islower
iscntrl
localeconv
fwrite
fgetpos
_fseeki64
setvbuf
__uncaught_exception
fflush
__mb_cur_max
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
localtime
strftime
_vscwprintf
??0exception@@QEAA@AEBQEBD@Z
wcsstr
setlocale
___mb_cur_max_func
?what@exception@@UEBAPEBDXZ
ungetwc
ungetc
___lc_handle_func
fputwc
fgetwc
fgetc
_wcsicmp
fwprintf_s
_wfopen_s
towlower
wcschr
fclose
__CxxFrameHandler4
___lc_codepage_func
_ismbblead
_Getmonths
wcscpy_s
_W_Getdays
sprintf_s
__pctype_func
strchr
isupper
__crtLCMapStringA
_CxxThrowException
__crtLCMapStringW
calloc
??0exception@@QEAA@AEBQEBDH@Z
strncmp
realloc
_vsnprintf
?terminate@@YAXXZ
wcscat_s
strcpy_s
isdigit
fseek
_wfsopen
ldexp
memset
___lc_collate_cp_func
isalnum
memchr
_Strftime
wcsncmp
time
_Gettnames
_Wcsftime
_wsplitpath_s
memcmp
??1type_info@@UEAA@XZ
_onexit
abort
__dllonexit
_unlock
_lock
_initterm
_wcsdup
malloc
__crtCompareStringW
free
fsetpos
__crtCompareStringA
_amsg_exit
_XcptFilter
__C_specific_handler
_W_Gettnames
_W_Getmonths
_vsnwprintf_s
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
_Getdays
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
FreeLibrary
GetModuleHandleExA
LoadLibraryExW
GetProcAddress

ntdll

RtlInitUnicodeStringEx
ZwMapViewOfSection
ZwQueryValueKey
RtlSecondsSince1970ToTime
ZwQueryInformationFile
LdrResSearchResource
RtlGetNativeSystemInformation
ZwOpenKey
RtlxAnsiStringToUnicodeSize
RtlFreeUnicodeString
ZwCreateSection
RtlDosPathNameToNtPathName_U_WithStatus
RtlUpcaseUnicodeChar
ZwCreateFile
RtlAppendUnicodeToString
EtwTraceMessage
RtlAppendUnicodeStringToString
ZwUnmapViewOfSection
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
RtlAnsiStringToUnicodeString
ZwClose
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlLeaveCriticalSection
RtlInitializeCriticalSection
ZwEnumerateKey
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlEqualString
RtlDeleteCriticalSection
RtlGetDeviceFamilyInfoEnum
RtlAllocateAndInitializeSid
RtlNtStatusToDosError
RtlFreeSid
WinSqmIsOptedInEx
RtlTimeToTimeFields
LdrGetProcedureAddress
LdrGetDllHandle
RtlDosPathNameToRelativeNtPathName_U_WithStatus
RtlInitUnicodeString
NtClose
NtQueryInformationFile
RtlInitString
NtCreateFile
RtlAllocateHeap
RtlFreeHeap
RtlVerifyVersionInfo

api-ms-win-core-synch-l1-1-0

CreateMutexExW
OpenSemaphoreW
ReleaseSRWLockExclusive
LeaveCriticalSection
SetEvent
AcquireSRWLockShared
CreateMutexW
CreateEventW
InitializeSRWLock
OpenWaitableTimerW
SetWaitableTimer
DeleteCriticalSection
CreateSemaphoreExW
ReleaseSRWLockShared
EnterCriticalSection
WaitForSingleObjectEx
ReleaseSemaphore
ReleaseMutex
TryAcquireSRWLockExclusive
InitializeCriticalSectionEx
WaitForSingleObject
CreateEventExW
AcquireSRWLockExclusive
InitializeCriticalSection

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetLastError
SetLastError

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
ExitProcess
GetCurrentThread

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
InitOnceComplete
SignalObjectAndWait
InitOnceBeginInitialize
SleepConditionVariableSRW
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize
CoEnableCallCancellation
CoDisableCallCancellation
CoCancelCall
RoGetAgileReference
CoReleaseMarshalData
CoGetInterfaceAndReleaseStream
CoCreateGuid
CoGetClassObject
CoInitializeEx
PropVariantClear

ext-ms-win-session-wtsapi32-l1-1-0

WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory

aepic

ord101
ord109
ord100
ord104
ord102
ord103
ord107
ord105
ord106
ord108

psapi

GetDeviceDriverBaseNameW
EnumDeviceDrivers

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegOpenKeyExW
RegLoadAppKeyW
RegDeleteTreeW
RegSetValueExW
RegGetValueW
RegCloseKey
RegCreateKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
RegDeleteValueW

rpcrt4

UuidCreate

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalFree
LocalAlloc

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW
CreateWaitableTimerW

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RevertToSelf
IsWellKnownSid

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-file-l1-1-0

QueryDosDeviceW
GetLogicalDriveStringsW
GetVolumeInformationByHandleW
CreateFileW
FindClose
GetLongPathNameW
FindNextFileW
FindFirstFileW
CreateDirectoryW
GetFileAttributesW
CompareFileTime
GetFileAttributesExW
WriteFile

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW
GetCurrentDirectoryW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpConnect
WinHttpGetProxyForUrl
WinHttpGetDefaultProxyConfiguration
WinHttpSetOption
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpQueryAuthSchemes
WinHttpSetCredentials
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpReceiveResponse

api-ms-win-security-credentials-l1-1-0

CredReadW
CredFree

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId

api-ms-win-core-realtime-l1-1-0

QueryThreadCycleTime

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchCanonicalizeEx

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-shlwapi-legacy-l1-1-0

PathUnExpandEnvStringsW
PathFileExistsW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-security-cryptoapi-l1-1-0

CryptAcquireContextW
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptReleaseContext

api-ms-win-core-sidebyside-l1-1-0

QueryActCtxW
ReleaseActCtx
CreateActCtxW

api-ms-win-eventing-classicprovider-l1-1-0

TraceEvent

Exports

Exports

BackupMareDataTC2

Sections

.text
Size: 656KB - Virtual size: 653KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aepic.dll
.dll windows:10 windows x64 arch:x64

ec4301c94188a245d431db7ee51c4645

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:e5:df:88:19:32:52:c1:65:c8:28:be:7b:16:c6:29:ac:3d:e5:dd:32:1e:22:2a:42:1a:79:fc:78:b0:d4:2c
Signer

Actual PE Digest

a1:e5:df:88:19:32:52:c1:65:c8:28:be:7b:16:c6:29:ac:3d:e5:dd:32:1e:22:2a:42:1a:79:fc:78:b0:d4:2c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

aepic.pdb

Imports

msvcrt

setlocale
___mb_cur_max_func
___lc_handle_func
___lc_codepage_func
_ismbblead
__pctype_func
fwrite
fputwc
calloc
fgetwc
__uncaught_exception
___lc_collate_cp_func
memcmp
ungetc
fseek
_wfsopen
abort
fgetc
ungetwc
memset
_wcsdup
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
fflush
setvbuf
_vscwprintf
wcscmp
_wsplitpath_s
__crtCompareStringW
tolower
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
iscntrl
isspace
iswcntrl
iswspace
?terminate@@YAXXZ
_initterm
_amsg_exit
_fseeki64
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_vsnwprintf_s
__crtLCMapStringW
?what@exception@@UEBAPEBDXZ
_wsetlocale
strchr
fgetpos
_set_errno
strtol
_errno
wcstoul
fsetpos
strncpy_s
sprintf_s
realloc
fclose
free
malloc
__C_specific_handler
wcsrchr
wcscpy_s
_wcsicmp
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
__mb_cur_max
memcpy_s
_vsnwprintf
__CxxFrameHandler4
_wcsnicmp
wcschr
_vsnprintf
strcpy_s
wcsstr
wcscat_s
strncmp
_wcslwr
towlower
_wtoi
_wtoi64

ntdll

NtLoadKeyEx
RtlDosPathNameToRelativeNtPathName_U
RtlStringFromGUID
RtlRandomEx
RtlFreeSid
RtlAllocateAndInitializeSid
RtlNtStatusToDosError
RtlAdjustPrivilege
EtwTraceMessage
RtlImageDirectoryEntryToData
RtlVerifyVersionInfo
LdrResSearchResource
RtlTimeToTimeFields
ZwMapViewOfSection
ZwUnmapViewOfSection
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlEqualString
RtlDeleteCriticalSection
RtlSecondsSince1970ToTime
ZwCreateSection
ZwQueryInformationFile
ZwCreateFile
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwEnumerateKey
ZwOpenKey
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
ZwClose
RtlReleaseRelativeName
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlReAllocateHeap
RtlInitUnicodeString
LdrGetDllHandle
RtlInitString
LdrGetProcedureAddress
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtCreateFile
NtQueryInformationFile
NtClose
RtlFreeHeap
RtlAllocateHeap
WinSqmIsOptedInEx
VerSetConditionMask

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
LoadLibraryExW
GetModuleFileNameA
GetProcAddress
GetModuleHandleExW
GetModuleFileNameW
GetModuleHandleExA

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
AcquireSRWLockShared
TryAcquireSRWLockExclusive
CreateMutexExW
ReleaseSRWLockShared
SetEvent
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CreateMutexW
ReleaseSRWLockExclusive
OpenWaitableTimerW
ReleaseMutex
WaitForSingleObject
SetWaitableTimer
InitializeSRWLock
CreateEventW
InitializeCriticalSectionEx
LeaveCriticalSection
SleepEx
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
SetLastError

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
OpenThreadToken
GetCurrentThread
GetCurrentProcessId
OpenProcessToken
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

LocaleNameToLCID
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsCreateStringReference
WindowsDuplicateString
WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoInitialize
RoActivateInstance
RoUninitialize

api-ms-win-core-memory-l1-1-0

OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-synch-l1-2-0

Sleep
SignalObjectAndWait
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegDeleteValueW
RegGetValueW
RegDeleteTreeW
RegLoadKeyW
RegQueryInfoKeyW
RegLoadAppKeyW
RegSaveKeyExW
RegCloseKey
RegUnLoadKeyW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyExW
RegCreateKeyExW
RegSetKeySecurity

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW
WaitForMultipleObjects
CreateWaitableTimerW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemInfo
GetSystemWindowsDirectoryW
GetSystemDirectoryW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-file-l1-1-0

GetFileAttributesW
FindClose
GetVolumeInformationByHandleW
FindNextFileW
FindFirstFileW
WriteFile
GetLongPathNameW
QueryDosDeviceW
CreateFileW
GetLogicalDriveStringsW

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError
RoOriginateErrorW
GetRestrictedErrorInfo
RoTransformError

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW
StartServiceW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoGetApartmentType
CoReleaseMarshalData
CoGetCallContext
CoInitializeEx
CoUninitialize
CoCreateFreeThreadedMarshaler
CoGetInterfaceAndReleaseStream
CoMarshalInterface
CreateStreamOnHGlobal

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorOwner
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
DuplicateTokenEx
GetTokenInformation

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime
QueryThreadCycleTime

api-ms-win-core-string-l1-1-0

GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
GetCurrentDirectoryW
ExpandEnvironmentStringsW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchCanonicalizeEx
PathCchRemoveFileSpec

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathUnExpandEnvStringsW

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-core-featurestaging-l1-1-0

UnsubscribeFeatureStateChangeNotification
RecordFeatureUsage
GetFeatureEnabledState
SubscribeFeatureStateChangeNotification

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-eventing-classicprovider-l1-1-0

TraceEvent

api-ms-win-core-sidebyside-l1-1-0

CreateActCtxW
QueryActCtxW
ReleaseActCtx

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
GetAppInventoryCore
GetPrivacyLevel
PicAmiClose
PicAmiInitialize
PicFreeFileInfo
PicRetrieveFileInfo
PicRetrieveFileInfoAppx
PicRetrieveFileLastRunTime
PicUpdateFileLastRunTime
UpdateSoftwareInventoryTC2

Sections

.text
Size: 468KB - Virtual size: 465KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
apphelp.dll
.dll windows:10 windows x64 arch:x64

6f66e449d30903db2484b2245fdf5206

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ba:82:2f:f7:bd:a9:45:28:4d:15:22:c5:11:42:95:08:d9:cc:23:8f:d6:fa:43:04:1e:41:bc:20:c8:93:e7:f1
Signer

Actual PE Digest

ba:82:2f:f7:bd:a9:45:28:4d:15:22:c5:11:42:95:08:d9:cc:23:8f:d6:fa:43:04:1e:41:bc:20:c8:93:e7:f1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

apphelp.pdb

Imports

ntdll

RtlCreateEnvironmentEx
RtlSetEnvironmentVar
RtlSizeHeap
RtlDestroyEnvironment
NtReadFile
ZwQuerySystemTime
NtWriteFile
qsort
wcsspn
_vscwprintf
RtlGetFileMUIPath
NtQueryInformationFile
RtlCreateUnicodeString
RtlDoesFileExists_U
NtSetValueKey
NtDeleteValueKey
ZwEnumerateValueKey
RtlGetVersion
RtlDosPathNameToNtPathName_U
RtlRunOnceExecuteOnce
RtlDuplicateUnicodeString
NtCreateKey
NtSetInformationKey
wcsstr
NtApphelpCacheControl
_wtoi
ZwQueryKey
RtlUnicodeStringToInteger
ZwSetValueKey
RtlExpandEnvironmentStrings
RtlCompareMemory
RtlSetEnvironmentVariable
RtlFreeAnsiString
RtlWow64GetProcessMachines
LdrFindEntryForAddress
RtlInitializeCriticalSection
RtlDeleteCriticalSection
strrchr
_stricmp
_vsnprintf
RtlTryEnterCriticalSection
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlCaptureStackBackTrace
RtlInitAnsiStringEx
LdrInitShimEngineDynamic
RtlGetNtSystemRoot
EtwEventWriteNoRegistration
NtQueryAttributesFile
NtQueryObject
RtlAddVectoredExceptionHandler
strcpy_s
_wcslwr
RtlNtStatusToDosError
RtlAllocateAndInitializeSid
RtlCheckTokenMembership
RtlFreeSid
LdrLoadDll
sprintf_s
sscanf_s
LdrGetProcedureAddressEx
LdrGetProcedureAddress
RtlLengthRequiredSid
RtlCreateServiceSid
NtOpenFile
NtQuerySecurityObject
RtlGetOwnerSecurityDescriptor
RtlEqualSid
NtProtectVirtualMemory
RtlInitializeSRWLock
LdrEnumerateLoadedModules
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
ZwOpenKey
LdrGetDllHandle
wcsncmp
ZwClose
LdrResSearchResource
ZwQueryInformationFile
ZwOpenFile
VerSetConditionMask
ZwQueryValueKey
RtlInitString
ZwOpenProcessToken
ZwEnumerateKey
wcschr
swprintf_s
RtlInitAnsiString
strncmp
ZwMapViewOfSection
ZwQueryInformationToken
RtlUnicodeStringToAnsiString
ZwSetInformationProcess
ZwQueryDirectoryFile
RtlQueryEnvironmentVariable_U
RtlReAllocateHeap
RtlVerifyVersionInfo
RtlGetFullPathName_UEx
wcscat_s
wcscpy_s
RtlSecondsSince1970ToTime
RtlGetNativeSystemInformation
ZwCreateKey
RtlInitUnicodeString
RtlpEnsureBufferSize
ZwQueryInformationProcess
RtlxAnsiStringToUnicodeSize
ZwCreateSection
RtlUpcaseUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
RtlUpcaseUnicodeChar
RtlTimeToTimeFields
ZwCreateFile
RtlNtPathNameToDosPathName
toupper
RtlAppendUnicodeStringToString
RtlGUIDFromString
ZwUnmapViewOfSection
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
RtlAnsiStringToUnicodeString
__C_specific_handler
_wcsicmp
RtlFreeUnicodeString
RtlFreeHeap
NtCreateFile
EtwEventRegister
EtwEventEnabled
EtwEventUnregister
_wcsnicmp
_vsnwprintf
memset
RtlVirtualUnwind
RtlLookupFunctionEntry
NtClose
RtlCaptureContext
wcsrchr
EtwEventWrite
RtlStringFromGUID
RtlAppendUnicodeToString
RtlCopyUnicodeString
RtlAllocateHeap
RtlEqualString
RtlMultiByteToUnicodeN
strchr
RtlExpandEnvironmentStrings_U
NtQueryValueKey
NtDeleteKey
NtOpenKey
RtlFormatCurrentUserKeyPath
RtlInitUnicodeStringEx
memcmp
memcpy
memmove
strcmp

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW

api-ms-win-core-appcompat-l1-1-1

BaseReadAppCompatDataForProcess
BaseFreeAppCompatDataForProcess

api-ms-win-core-appcompat-l1-1-0

BaseFlushAppcompatCache
BaseIsAppcompatInfrastructureDisabled

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

SetFilePointer
WriteFile
GetFileAttributesW
FindFirstFileW
DeleteFileW
FindClose
FindNextFileW
GetLongPathNameW
CreateFileW
GetFinalPathNameByHandleW
GetDriveTypeW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-processthreads-l1-1-0

ProcessIdToSessionId
CreateProcessW
GetProcessTimes
TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTickCount64
GetSystemDirectoryW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventWriteTransfer
EventRegister

kernel32

ResolveDelayLoadedAPI
GetOverlappedResult
CancelIo
PackageIdFromFullName
DelayLoadFailureHook
QueryFullProcessImageNameW
GetPackageFullName

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
DeleteCriticalSection
OpenMutexW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExW
GetModuleHandleExA
GetModuleFileNameW
DisableThreadLibraryCalls
LockResource
LoadResource
LoadLibraryExW
GetProcAddress
FreeLibrary
SizeofResource

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
ExpandEnvironmentStringsW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-localization-l1-2-0

VerLanguageNameW
IsDBCSLeadByte

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
IsDebuggerPresent
DebugBreak

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AllowPermLayer
ApphelpCheckExe
ApphelpCheckIME
ApphelpCheckInstallShieldPackage
ApphelpCheckModule
ApphelpCheckMsiPackage
ApphelpCheckRunApp
ApphelpCheckRunAppEx
ApphelpCheckShellObject
ApphelpChpeModSettingsFromQueryResult
ApphelpCreateAppcompatData
ApphelpFixMsiPackage
ApphelpFixMsiPackageExe
ApphelpFreeFileAttributes
ApphelpGetFileAttributes
ApphelpGetMsiProperties
ApphelpGetNTVDMInfo
ApphelpGetShimDebugLevel
ApphelpIsPortMonAllowed
ApphelpNotifyPcaOfProblem
ApphelpParseModuleData
ApphelpQueryModSettingsAlloc
ApphelpQueryModuleData
ApphelpQueryModuleDataEx
ApphelpShowDialog
ApphelpUpdateCacheEntry
GetPermLayers
SE_AddHookset
SE_CALLBACK_AddHook
SE_CALLBACK_Lookup
SE_COM_AddHook
SE_COM_AddServer
SE_COM_HookInterface
SE_COM_HookObject
SE_COM_Lookup
SE_DllLoaded
SE_DllUnloaded
SE_DynamicShim
SE_GetHookAPIs
SE_GetMaxShimCount
SE_GetProcAddressForCaller
SE_GetProcAddressIgnoreIncExc
SE_GetProcAddressLoad
SE_GetShimCount
SE_GetShimId
SE_InitializeEngine
SE_InstallAfterInit
SE_InstallBeforeInit
SE_IsShimDll
SE_LdrEntryRemoved
SE_LdrResolveDllName
SE_LookupAddress
SE_LookupCaller
SE_ProcessDying
SE_ShimDPF
SE_ShimDllLoaded
SE_WINRT_AddHook
SE_WINRT_HookObject
SdbAddLayerTagRefToQuery
SdbApphelpNotify
SdbApphelpNotifyEx
SdbApphelpNotifyEx2
SdbBeginWriteListTag
SdbBuildCompatEnvVariables
SdbCloseApphelpInformation
SdbCloseDatabase
SdbCloseDatabaseWrite
SdbCloseLocalDatabase
SdbCommitIndexes
SdbCreateDatabase
SdbCreateHelpCenterURL
SdbCreateMsiTransformFile
SdbDeclareIndex
SdbDeletePermLayerKeys
SdbDumpSearchPathPartCaches
SdbEndWriteListTag
SdbEnumMsiTransforms
SdbEscapeApphelpURL
SdbFindCustomActionForPackage
SdbFindFirstDWORDIndexedTag
SdbFindFirstGUIDIndexedTag
SdbFindFirstMsiPackage
SdbFindFirstMsiPackage_Str
SdbFindFirstNamedTag
SdbFindFirstStringIndexedTag
SdbFindFirstTag
SdbFindFirstTagRef
SdbFindMsiPackageByID
SdbFindNextDWORDIndexedTag
SdbFindNextGUIDIndexedTag
SdbFindNextMsiPackage
SdbFindNextStringIndexedTag
SdbFindNextTag
SdbFindNextTagRef
SdbFormatAttribute
SdbFreeDatabaseInformation
SdbFreeFileAttributes
SdbFreeFileInfo
SdbFreeFlagInfo
SdbGUIDFromString
SdbGUIDToString
SdbGetAppCompatDataSize
SdbGetAppPatchDir
SdbGetBinaryTagData
SdbGetDatabaseGUID
SdbGetDatabaseID
SdbGetDatabaseInformation
SdbGetDatabaseInformationByName
SdbGetDatabaseMatch
SdbGetDatabaseVersion
SdbGetDllPath
SdbGetEntryFlags
SdbGetFileAttributes
SdbGetFileImageType
SdbGetFileImageTypeEx
SdbGetFileInfo
SdbGetFirstChild
SdbGetImageType
SdbGetIndex
SdbGetItemFromItemRef
SdbGetLayerName
SdbGetLayerTagRef
SdbGetLocalPDB
SdbGetMatchingExe
SdbGetMsiPackageInformation
SdbGetNamedLayer
SdbGetNextChild
SdbGetNthUserSdb
SdbGetPDBFromGUID
SdbGetPathCustomSdb
SdbGetPathSystemSdb
SdbGetPermLayerKeys
SdbGetShowDebugInfoOption
SdbGetShowDebugInfoOptionValue
SdbGetStandardDatabaseGUID
SdbGetStringTagPtr
SdbGetTagDataSize
SdbGetTagFromTagID
SdbGrabMatchingInfo
SdbGrabMatchingInfoEx
SdbInitDatabase
SdbInitDatabaseEx
SdbIsDbRuntimePlatformSupportedOnHost
SdbIsNullGUID
SdbIsStandardDatabase
SdbIsTagrefFromLocalDB
SdbIsTagrefFromMainDB
SdbIsTagrefFromMergeStubDB
SdbLoadString
SdbMakeIndexKeyFromString
SdbOpenApphelpDetailsDatabase
SdbOpenApphelpDetailsDatabaseSP
SdbOpenApphelpInformation
SdbOpenApphelpInformationByID
SdbOpenApphelpResourceFile
SdbOpenDatabase
SdbOpenDbFromGuid
SdbOpenLocalDatabase
SdbPackAppCompatData
SdbQueryApphelpInformation
SdbQueryBlockUpgrade
SdbQueryContext
SdbQueryData
SdbQueryDataEx
SdbQueryDataExTagID
SdbQueryFlagInfo
SdbQueryFlagMask
SdbQueryName
SdbQueryReinstallUpgrade
SdbReadApphelpData
SdbReadApphelpDetailsData
SdbReadBYTETag
SdbReadBYTETagRef
SdbReadBinaryTag
SdbReadDWORDTag
SdbReadDWORDTagRef
SdbReadEntryInformation
SdbReadMsiTransformInfo
SdbReadPatchBits
SdbReadQWORDTag
SdbReadQWORDTagRef
SdbReadStringTag
SdbReadStringTagRef
SdbReadWORDTag
SdbReadWORDTagRef
SdbRegisterDatabase
SdbRegisterDatabaseEx
SdbReleaseDatabase
SdbReleaseMatchingExe
SdbResolveDatabase
SdbSetApphelpDebugParameters
SdbSetEntryFlags
SdbSetImageType
SdbSetPermLayerKeys
SdbShowApphelpDialog
SdbShowApphelpFromQuery
SdbStartIndexing
SdbStopIndexing
SdbStringDuplicate
SdbStringReplace
SdbStringReplaceArray
SdbTagIDToTagRef
SdbTagRefToTagID
SdbTagToString
SdbUnpackAppCompatData
SdbUnpackQueryResult
SdbUnregisterDatabase
SdbWriteBYTETag
SdbWriteBinaryTag
SdbWriteBinaryTagFromFile
SdbWriteDWORDTag
SdbWriteNULLTag
SdbWriteQWORDTag
SdbWriteStringRefTag
SdbWriteStringTag
SdbWriteStringTagDirect
SdbWriteWORDTag
SetPermLayerState
SetPermLayerStateEx
SetPermLayers
ShimDbgPrint
ShimDumpCache
ShimFlushCache

Sections

.text
Size: 328KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
appraiser.dll
.dll windows:10 windows x64 arch:x64

aa008ce80fa9948f48d9fc737b882a0f

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e6:6a:1d:c7:82:61:c4:21:2e:ad:3d:c3:57:1f:8d:05:d2:80:b8:3d:f2:c5:fb:38:55:93:74:4e:99:bb:66:29
Signer

Actual PE Digest

e6:6a:1d:c7:82:61:c4:21:2e:ad:3d:c3:57:1f:8d:05:d2:80:b8:3d:f2:c5:fb:38:55:93:74:4e:99:bb:66:29

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Appraiser.pdb

Imports

msvcrt

memset
abort
_wcsnicmp
strchr
strcpy_s
_snwscanf_s
_wcsupr
wcsnlen
_vsnwprintf_s
_ultow_s
qsort
wcsspn
iswalpha
wcspbrk
_lseek
_write
_close
_read
_wfsopen
_get_osfhandle
_vsnprintf
wcschr
_wcsicmp
wcsrchr
fseek
islower
calloc
isupper
__pctype_func
wcscpy_s
_ismbblead
___lc_codepage_func
___mb_cur_max_func
__uncaught_exception
wcscat_s
___lc_handle_func
_wsetlocale
_wcslwr
wcsstr
__crtLCMapStringA
__crtLCMapStringW
wcsncmp
toupper
strncmp
strncpy_s
_errno
strtol
_set_errno
strrchr
_wmkdir
rand_s
??3@YAXPEAX@Z
??8type_info@@QEBAHAEBV0@@Z
_wcsdup
towlower
_wcslwr_s
_strnicmp
swscanf_s
_stricmp
strtok_s
strcspn
fclose
localeconv
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
fwrite
fgetpos
_fseeki64
fsetpos
setvbuf
fflush
localtime
memcmp
strftime
time
swprintf_s
_wsplitpath_s
strnlen
ungetc
fputc
fgetc
_wtol
setlocale
strcmp
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
_wtoi64
_unlock
_lock
__C_specific_handler
_initterm
wcstoul
_wtof
sprintf
_wtoi
free
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
strstr
sprintf_s
??_V@YAXPEAX@Z
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
_wopen
__CxxFrameHandler3
wcstok_s
_wcstoui64
wcscmp

ntdll

NtSetInformationProcess
RtlGetVersion
RtlAllocateAndInitializeSid
RtlNtStatusToDosError
RtlFreeSid
NtQueryInformationProcess
RtlVerifyVersionInfo
LdrResSearchResource
RtlTimeToTimeFields
ZwMapViewOfSection
ZwUnmapViewOfSection
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
WinSqmIsOptedInEx
RtlGetNativeSystemInformation
RtlNtPathNameToDosPathName
RtlpEnsureBufferSize
ZwQueryDirectoryFile
RtlUpcaseUnicodeChar
RtlUnicodeStringToAnsiString
RtlUpcaseUnicodeString
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
RtlGUIDFromString
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlSecondsSince1970ToTime
ZwSetInformationProcess
ZwQueryInformationProcess
ZwCreateSection
ZwQueryInformationFile
ZwCreateFile
ZwCreateKey
RtlFormatCurrentUserKeyPath
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQueryValueKey
ZwDeleteKey
RtlInitUnicodeStringEx
ZwEnumerateKey
ZwOpenKey
RtlFreeUnicodeString
ZwOpenFile
RtlDosPathNameToNtPathName_U_WithStatus
ZwClose
RtlRunOnceExecuteOnce
NtWriteFile
RtlDoesFileExists_U
NtOpenKey
ZwEnumerateValueKey
RtlCopyUnicodeString
ZwQueryKey
ZwSetValueKey
RtlExpandEnvironmentStrings
RtlStringFromGUID
ZwWaitForSingleObject
ZwReleaseMutant
ZwOpenMutant
ZwQueryAttributesFile
RtlLengthSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetDaclSecurityDescriptor
ZwLoadKey
RtlAddAccessAllowedAceEx
RtlLengthSid
ZwDeleteValueKey
RtlCreateAcl
ZwSetSecurityObject
ZwUnloadKey
RtlCreateSecurityDescriptor
ZwOpenProcess
NtQuerySystemInformation
ZwQuerySymbolicLinkObject
ZwDeviceIoControlFile
ZwQueryDirectoryObject
ZwOpenSymbolicLinkObject
ZwOpenDirectoryObject
ZwAllocateUuids
NtAdjustPrivilegesToken
NtOpenProcessTokenEx
NtSetInformationThread
NtOpenThreadTokenEx
RtlImpersonateSelf
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
NtDeviceIoControlFile
NtOpenFile
NtQueryValueKey
NtQueryBootEntryOrder
NtQueryBootOptions
NtTranslateFilePath
NtOpenDirectoryObject
NtQueryDirectoryObject
NtEnumerateBootEntries
RtlTimeToSecondsSince1970
NtQuerySystemTime
RtlLeaveCriticalSection
RtlFreeHeap
RtlInitializeCriticalSection
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlReAllocateHeap
RtlEqualString
RtlAllocateHeap
RtlDeleteCriticalSection
EtwTraceMessage
NtEnumerateValueKey
NtEnumerateKey
NtQueryKey
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlInitUnicodeString
LdrGetDllHandle
RtlInitString
LdrGetProcedureAddress
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtCreateFile
NtQueryInformationFile
NtClose
VerSetConditionMask

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW
UuidFromStringW

wdscore

CurrentIP
ConstructPartialMsgVW
ConstructPartialMsgVA
WdsSetupLogMessageA
WdsSetupLogMessageW

kernel32

GetProcAddress
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
LeaveCriticalSection
GetModuleHandleExW
FreeLibrary
LoadLibraryW
LoadLibraryExW
VerifyVersionInfoW
ReleaseSemaphore
TerminateThread
QueryUnbiasedInterruptTime
HeapReAlloc
EnterCriticalSection
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
CreateProcessW
WriteFile
ExpandEnvironmentStringsW
OutputDebugStringA
GetModuleFileNameW
CreateFileW
GetModuleHandleExA
InitializeSRWLock
TryAcquireSRWLockExclusive
GetEnvironmentStringsW
LocalAlloc
SetLastError
HeapFree
CreateSemaphoreExW
DosDateTimeToFileTime
GetModuleFileNameA
FreeEnvironmentStringsW
LocalFileTimeToFileTime
SetWaitableTimer
WaitForMultipleObjects
GetFileInformationByHandle
SetFileAttributesW
GetSystemTime
LocalFree
CreateWaitableTimerW
OpenWaitableTimerW
CreateSemaphoreW
CreateEventW
GetSystemWindowsDirectoryW
GetSystemFirmwareTable
SetEvent
GetFileSizeEx
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
FindFirstFileW
DeleteFileW
GetFileAttributesW
FindNextFileW
SleepConditionVariableSRW
FindClose
WakeAllConditionVariable
GetFileSize
ReadFile
GetFullPathNameW
DecodePointer
FindResourceW
HeapAlloc
CloseHandle
LockResource
EncodePointer
SetFilePointer
CreateEventExW
ExitProcess
GlobalFree
GetQueuedCompletionStatus
CreateIoCompletionPort
IsWow64Process
GetStringTypeW
CreateJobObjectW
MoveFileExW
QueryFullProcessImageNameW
SetInformationJobObject
WTSGetActiveConsoleSessionId
DelayLoadFailureHook
LoadLibraryExA
GetTempPathW
SystemTimeToFileTime
RaiseException
CompareStringOrdinal
GetPrivateProfileStringW
GetPrivateProfileSectionW
InitOnceExecuteOnce
AssignProcessToJobObject
GetSystemDirectoryW
ResumeThread
MultiByteToWideChar
CreateMutexW
UnlockFileEx
InitializeCriticalSection
CreateDirectoryW
PostQueuedCompletionStatus
IsProcessorFeaturePresent
K32EnumDeviceDrivers
K32GetDeviceDriverBaseNameW
DeviceIoControl
ResetEvent
CopyFileW
GetComputerNameW
SetThreadAffinityMask
GetCurrentThread
TryEnterCriticalSection
CreateThread
GetProductInfo
GetNativeSystemInfo
OpenProcess
SetPriorityClass
VirtualAlloc
GetSystemPowerStatus
LockFileEx
FlushFileBuffers
VirtualProtect
WideCharToMultiByte
FlushInstructionCache
VirtualFree
UnmapViewOfFile
SignalObjectAndWait
GetActiveProcessorCount
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetDiskFreeSpaceExW
GetFileTime
OpenSemaphoreW
EnumUILanguagesW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CloseThreadpoolTimer
OutputDebugStringW
ReleaseSRWLockExclusive
GetLastError
RtlCompareMemory
FormatMessageW
CreateThreadpoolTimer
ReleaseSRWLockShared
LoadResource
GetLongPathNameW
GetDriveTypeW
CreateActCtxW
QueryActCtxW
ReleaseActCtx
GetVolumeInformationByHandleW
SetThreadpoolTimer
FileTimeToSystemTime
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
SizeofResource
InitializeCriticalSectionEx
SetFileTime

advapi32

EventUnregister
RegOpenKeyW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
RegCreateKeyTransactedW
RegDeleteValueW
CopySid
LookupAccountNameW
ConvertSidToStringSidW
IsWellKnownSid
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
RegEnumKeyW
ConvertStringSidToSidW
RegEnumValueW
CreateWellKnownSid
RegQueryValueExW
CredFree
CredReadW
RevertToSelf
StartServiceW
EventRegister
CloseServiceHandle
RegLoadAppKeyW
OpenServiceW
OpenSCManagerW
ProcessTrace
CloseTrace
EnableTrace
OpenTraceW
StartTraceW
ControlTraceW
ImpersonateLoggedOnUser
RegEnumKeyExW
RegQueryInfoKeyW
ControlService
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegGetValueW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegDeleteTreeW
RegSetValueExW
RegOpenKeyExW
EventWriteTransfer

ole32

CoWaitForMultipleHandles
StringFromCLSID
CoCreateGuid
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
PropVariantClear
CoInitializeEx

shlwapi

PathStripPathW
StrStrW
PathFileExistsW
PathUnquoteSpacesW
ord219
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathAppendW
PathRemoveBlanksW
SHCreateStreamOnFileEx
UrlGetPartW

oleaut32

SysAllocString
VariantClear
SysStringLen
VariantInit
SysFreeString

user32

CharUpperBuffW
GetIconInfo
GetSystemMetrics
DestroyIcon
LoadStringW
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
CharLowerBuffW

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

crypt32

CertVerifyCertificateChainPolicy

gdi32

DeleteObject
GetDIBits
CreateDIBSection
GetObjectW
DeleteDC
CreateCompatibleDC

netapi32

NetUserEnum
NetUserGetInfo
NetApiBufferFree

ws2_32

freeaddrinfo
WSACleanup
gethostname
WSAStartup
getaddrinfo
WSAGetLastError

xmllite

CreateXmlWriterOutputWithEncodingName
CreateXmlReaderInputWithEncodingName
CreateXmlWriter
CreateXmlReader

shell32

SHGetFileInfoW
ExtractIconExW

tdh

TdhGetEventInformation

cabinet

ord23
ord22
ord20

iphlpapi

GetIfTable2
FreeMibTable

setupapi

SetupInstallServicesFromInfSectionW
SetupTermDefaultQueueCallback
SetupInstallFromInfSectionW
SetupInitDefaultQueueCallbackEx
SetupOpenInfFileW
SetupDefaultQueueCallbackW
SetupCloseInfFile

bcrypt

BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptCreateHash
BCryptGetProperty
BCryptFinishHash

Exports

Exports

ContainerSetupFunction
ContainerSetupWrapper
DoProcessRestoreApps
DoScheduledTelemetryRun
DoScheduledTelemetryRunTC
GetCtacProvider
GetProvider
GetTargetVersionList
ProcessRestoreApps
RunTest
RunXml
Sgd
UpdateAvStatus
UpdateCacheCompatStatuses
UpdateExperienceIndicators

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 628KB - Virtual size: 625KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
archiveint.dll
.dll windows:10 windows x64 arch:x64

b0991593171e7d90bfe4e99f6c1702e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

archiveint.pdb

Imports

api-ms-win-crt-string-l1-1-0

strcspn
strncpy
strspn
strcmp
strncmp
memset
wcsncmp
strnlen
wcsncpy

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__close
_o__configure_narrow_argv
_o__ctime64_s
_o__errno
_o__execute_onexit_table
_o__fileno
_o__fseeki64
_o__get_osfhandle
_o__get_timezone
_o__gmtime64_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__localtime64_s
_o__lseeki64
_o__mkgmtime64
_o__mktime64
_o__open_osfhandle
_o__seh_filter_dll
_o__setmode
_o__sopen_s
_o__beginthreadex
_o__strdup
memchr
_o__umask
_o__wcsdup
_o__wrename
_o__wrmdir
_o__wsopen_s
_o__wunlink
_o_abort
_o_atoi
_o_bsearch
_o_calloc
_o_exit
_o_ferror
_o_fread
_o_free
_o_fwrite
_o_getenv
_o_isalnum
_o_isdigit
_o_isprint
_o_isspace
_o_isupper
_o_malloc
_o_mbstowcs
_o_qsort
_o_realloc
_o_setlocale
_o_strftime
_o_strtol
_o_strtoul
_o_tolower
_o_toupper
_o_wcrtomb
__C_specific_handler
_o__cexit
_o___stdio_common_vsprintf
_o___stdio_common_vfprintf
_o___std_type_info_destroy_list
_o___acrt_iob_func
_o____mb_cur_max_func
strstr
wcsrchr
wcschr
strchr
strrchr
memcpy
memmove
memcmp

bcrypt

BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGenerateSymmetricKey
BCryptDestroyKey
BCryptDeriveKeyPBKDF2
BCryptCreateHash
BCryptFinishHash
BCryptHashData
BCryptEncrypt

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-security-cryptoapi-l1-1-0

CryptGenRandom
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptGetHashParam
CryptReleaseContext
CryptHashData

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

FindFirstFileW
FindFirstFileA
FindClose
ReadFile
FindNextFileW
GetDiskFreeSpaceW
SetEndOfFile
GetVolumePathNameW
CreateDirectoryW
SetFilePointer
CreateFileW
GetFileInformationByHandle
CreateFileA
SetFileAttributesW
GetDriveTypeW
GetFileAttributesA
WriteFile
SetFileTime
GetFileType
GetFullPathNameW
GetFileAttributesW

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
CreateEventW
ResetEvent
InitializeCriticalSection

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle
SetHandleInformation

api-ms-win-core-namedpipe-l1-1-0

CreatePipe
PeekNamedPipe

api-ms-win-core-synch-l1-2-0

WakeConditionVariable
SleepConditionVariableCS
WakeAllConditionVariable
Sleep
InitializeConditionVariable

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleW
GetProcAddress

api-ms-win-core-localization-l1-2-0

IsValidCodePage
GetACP
GetOEMCP

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-processthreads-l1-1-0

CreateProcessA
GetExitCodeProcess
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
GetStdHandle

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-processenvironment-l1-2-0

SearchPathA

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

Exports

Exports

archive_bzlib_version
archive_clear_error
archive_compression
archive_compression_name
archive_copy_error
archive_entry_acl
archive_entry_acl_add_entry
archive_entry_acl_add_entry_w
archive_entry_acl_clear
archive_entry_acl_count
archive_entry_acl_from_text
archive_entry_acl_from_text_w
archive_entry_acl_next
archive_entry_acl_reset
archive_entry_acl_text
archive_entry_acl_text_w
archive_entry_acl_to_text
archive_entry_acl_to_text_w
archive_entry_acl_types
archive_entry_atime
archive_entry_atime_is_set
archive_entry_atime_nsec
archive_entry_birthtime
archive_entry_birthtime_is_set
archive_entry_birthtime_nsec
archive_entry_clear
archive_entry_clone
archive_entry_copy_bhfi
archive_entry_copy_fflags_text
archive_entry_copy_fflags_text_w
archive_entry_copy_gname
archive_entry_copy_gname_w
archive_entry_copy_hardlink
archive_entry_copy_hardlink_w
archive_entry_copy_link
archive_entry_copy_link_w
archive_entry_copy_mac_metadata
archive_entry_copy_pathname
archive_entry_copy_pathname_w
archive_entry_copy_sourcepath
archive_entry_copy_sourcepath_w
archive_entry_copy_stat
archive_entry_copy_symlink
archive_entry_copy_symlink_w
archive_entry_copy_uname
archive_entry_copy_uname_w
archive_entry_ctime
archive_entry_ctime_is_set
archive_entry_ctime_nsec
archive_entry_dev
archive_entry_dev_is_set
archive_entry_devmajor
archive_entry_devminor
archive_entry_digest
archive_entry_fflags
archive_entry_fflags_text
archive_entry_filetype
archive_entry_free
archive_entry_gid
archive_entry_gname
archive_entry_gname_utf8
archive_entry_gname_w
archive_entry_hardlink
archive_entry_hardlink_utf8
archive_entry_hardlink_w
archive_entry_ino
archive_entry_ino64
archive_entry_ino_is_set
archive_entry_is_data_encrypted
archive_entry_is_encrypted
archive_entry_is_metadata_encrypted
archive_entry_linkify
archive_entry_linkresolver_free
archive_entry_linkresolver_new
archive_entry_linkresolver_set_strategy
archive_entry_mac_metadata
archive_entry_mode
archive_entry_mtime
archive_entry_mtime_is_set
archive_entry_mtime_nsec
archive_entry_new
archive_entry_new2
archive_entry_nlink
archive_entry_partial_links
archive_entry_pathname
archive_entry_pathname_utf8
archive_entry_pathname_w
archive_entry_perm
archive_entry_rdev
archive_entry_rdevmajor
archive_entry_rdevminor
archive_entry_set_atime
archive_entry_set_birthtime
archive_entry_set_ctime
archive_entry_set_dev
archive_entry_set_devmajor
archive_entry_set_devminor
archive_entry_set_fflags
archive_entry_set_filetype
archive_entry_set_gid
archive_entry_set_gname
archive_entry_set_gname_utf8
archive_entry_set_hardlink
archive_entry_set_hardlink_utf8
archive_entry_set_ino
archive_entry_set_ino64
archive_entry_set_is_data_encrypted
archive_entry_set_is_metadata_encrypted
archive_entry_set_link
archive_entry_set_link_utf8
archive_entry_set_mode
archive_entry_set_mtime
archive_entry_set_nlink
archive_entry_set_pathname
archive_entry_set_pathname_utf8
archive_entry_set_perm
archive_entry_set_rdev
archive_entry_set_rdevmajor
archive_entry_set_rdevminor
archive_entry_set_size
archive_entry_set_symlink
archive_entry_set_symlink_type
archive_entry_set_symlink_utf8
archive_entry_set_uid
archive_entry_set_uname
archive_entry_set_uname_utf8
archive_entry_size
archive_entry_size_is_set
archive_entry_sourcepath
archive_entry_sourcepath_w
archive_entry_sparse_add_entry
archive_entry_sparse_clear
archive_entry_sparse_count
archive_entry_sparse_next
archive_entry_sparse_reset
archive_entry_stat
archive_entry_strmode
archive_entry_symlink
archive_entry_symlink_type
archive_entry_symlink_utf8
archive_entry_symlink_w
archive_entry_uid
archive_entry_uname
archive_entry_uname_utf8
archive_entry_uname_w
archive_entry_unset_atime
archive_entry_unset_birthtime
archive_entry_unset_ctime
archive_entry_unset_mtime
archive_entry_unset_size
archive_entry_update_gname_utf8
archive_entry_update_hardlink_utf8
archive_entry_update_link_utf8
archive_entry_update_pathname_utf8
archive_entry_update_symlink_utf8
archive_entry_update_uname_utf8
archive_entry_xattr_add_entry
archive_entry_xattr_clear
archive_entry_xattr_count
archive_entry_xattr_next
archive_entry_xattr_reset
archive_errno
archive_error_string
archive_file_count
archive_filter_bytes
archive_filter_code
archive_filter_count
archive_filter_name
archive_format
archive_format_name
archive_free
archive_liblz4_version
archive_liblzma_version
archive_libzstd_version
archive_match_exclude_entry
archive_match_exclude_pattern
archive_match_exclude_pattern_from_file
archive_match_exclude_pattern_from_file_w
archive_match_exclude_pattern_w
archive_match_excluded
archive_match_free
archive_match_include_date
archive_match_include_date_w
archive_match_include_file_time
archive_match_include_file_time_w
archive_match_include_gid
archive_match_include_gname
archive_match_include_gname_w
archive_match_include_pattern
archive_match_include_pattern_from_file
archive_match_include_pattern_from_file_w
archive_match_include_pattern_w
archive_match_include_time
archive_match_include_uid
archive_match_include_uname
archive_match_include_uname_w
archive_match_new
archive_match_owner_excluded
archive_match_path_excluded
archive_match_path_unmatched_inclusions
archive_match_path_unmatched_inclusions_next
archive_match_path_unmatched_inclusions_next_w
archive_match_set_inclusion_recursion
archive_match_time_excluded
archive_position_compressed
archive_position_uncompressed
archive_read_add_callback_data
archive_read_add_passphrase
archive_read_append_callback_data
archive_read_append_filter
archive_read_append_filter_program
archive_read_append_filter_program_signature
archive_read_close
archive_read_data
archive_read_data_block
archive_read_data_into_fd
archive_read_data_skip
archive_read_disk_can_descend
archive_read_disk_current_filesystem
archive_read_disk_current_filesystem_is_remote
archive_read_disk_current_filesystem_is_synthetic
archive_read_disk_descend
archive_read_disk_entry_from_file
archive_read_disk_gname
archive_read_disk_new
archive_read_disk_open
archive_read_disk_open_w
archive_read_disk_set_atime_restored
archive_read_disk_set_behavior
archive_read_disk_set_gname_lookup
archive_read_disk_set_matching
archive_read_disk_set_metadata_filter_callback
archive_read_disk_set_standard_lookup
archive_read_disk_set_symlink_hybrid
archive_read_disk_set_symlink_logical
archive_read_disk_set_symlink_physical
archive_read_disk_set_uname_lookup
archive_read_disk_uname
archive_read_extract
archive_read_extract2
archive_read_extract_set_progress_callback
archive_read_extract_set_skip_file
archive_read_finish
archive_read_format_capabilities
archive_read_free
archive_read_has_encrypted_entries
archive_read_header_position
archive_read_new
archive_read_next_header
archive_read_next_header2
archive_read_open
archive_read_open1
archive_read_open2
archive_read_open_FILE
archive_read_open_fd
archive_read_open_file
archive_read_open_filename
archive_read_open_filename_w
archive_read_open_filenames
archive_read_open_memory
archive_read_open_memory2
archive_read_prepend_callback_data
archive_read_set_callback_data
archive_read_set_callback_data2
archive_read_set_close_callback
archive_read_set_filter_option
archive_read_set_format
archive_read_set_format_option
archive_read_set_open_callback
archive_read_set_option
archive_read_set_options
archive_read_set_passphrase_callback
archive_read_set_read_callback
archive_read_set_seek_callback
archive_read_set_skip_callback
archive_read_set_switch_callback
archive_read_support_compression_all
archive_read_support_compression_bzip2
archive_read_support_compression_compress
archive_read_support_compression_gzip
archive_read_support_compression_lzip
archive_read_support_compression_lzma
archive_read_support_compression_none
archive_read_support_compression_program
archive_read_support_compression_program_signature
archive_read_support_compression_rpm
archive_read_support_compression_uu
archive_read_support_compression_xz
archive_read_support_filter_all
archive_read_support_filter_by_code
archive_read_support_filter_bzip2
archive_read_support_filter_compress
archive_read_support_filter_grzip
archive_read_support_filter_gzip
archive_read_support_filter_lrzip
archive_read_support_filter_lz4
archive_read_support_filter_lzip
archive_read_support_filter_lzma
archive_read_support_filter_lzop
archive_read_support_filter_none
archive_read_support_filter_program
archive_read_support_filter_program_signature
archive_read_support_filter_rpm
archive_read_support_filter_uu
archive_read_support_filter_xz
archive_read_support_filter_zstd
archive_read_support_format_7zip
archive_read_support_format_all
archive_read_support_format_ar
archive_read_support_format_by_code
archive_read_support_format_cab
archive_read_support_format_cpio
archive_read_support_format_empty
archive_read_support_format_gnutar
archive_read_support_format_iso9660
archive_read_support_format_lha
archive_read_support_format_mtree
archive_read_support_format_rar
archive_read_support_format_rar5
archive_read_support_format_raw
archive_read_support_format_tar
archive_read_support_format_warc
archive_read_support_format_xar
archive_read_support_format_zip
archive_read_support_format_zip_seekable
archive_read_support_format_zip_streamable
archive_seek_data
archive_set_error
archive_utility_string_sort
archive_version_details
archive_version_number
archive_version_string
archive_write_add_filter
archive_write_add_filter_b64encode
archive_write_add_filter_by_name
archive_write_add_filter_bzip2
archive_write_add_filter_compress
archive_write_add_filter_grzip
archive_write_add_filter_gzip
archive_write_add_filter_lrzip
archive_write_add_filter_lz4
archive_write_add_filter_lzip
archive_write_add_filter_lzma
archive_write_add_filter_lzop
archive_write_add_filter_none
archive_write_add_filter_program
archive_write_add_filter_uuencode
archive_write_add_filter_xz
archive_write_add_filter_zstd
archive_write_close
archive_write_data
archive_write_data_block
archive_write_disk_gid
archive_write_disk_new
archive_write_disk_set_group_lookup
archive_write_disk_set_options
archive_write_disk_set_skip_file
archive_write_disk_set_standard_lookup
archive_write_disk_set_user_lookup
archive_write_disk_uid
archive_write_fail
archive_write_finish
archive_write_finish_entry
archive_write_free
archive_write_get_bytes_in_last_block
archive_write_get_bytes_per_block
archive_write_header
archive_write_new
archive_write_open
archive_write_open2
archive_write_open_FILE
archive_write_open_fd
archive_write_open_file
archive_write_open_filename
archive_write_open_filename_w
archive_write_open_memory
archive_write_set_bytes_in_last_block
archive_write_set_bytes_per_block
archive_write_set_compression_bzip2
archive_write_set_compression_compress
archive_write_set_compression_gzip
archive_write_set_compression_lzip
archive_write_set_compression_lzma
archive_write_set_compression_none
archive_write_set_compression_program
archive_write_set_compression_xz
archive_write_set_filter_option
archive_write_set_format
archive_write_set_format_7zip
archive_write_set_format_ar_bsd
archive_write_set_format_ar_svr4
archive_write_set_format_by_name
archive_write_set_format_cpio
archive_write_set_format_cpio_bin
archive_write_set_format_cpio_newc
archive_write_set_format_cpio_odc
archive_write_set_format_cpio_pwb
archive_write_set_format_filter_by_ext
archive_write_set_format_filter_by_ext_def
archive_write_set_format_gnutar
archive_write_set_format_iso9660
archive_write_set_format_mtree
archive_write_set_format_mtree_classic
archive_write_set_format_option
archive_write_set_format_pax
archive_write_set_format_pax_restricted
archive_write_set_format_raw
archive_write_set_format_shar
archive_write_set_format_shar_dump
archive_write_set_format_ustar
archive_write_set_format_v7tar
archive_write_set_format_warc
archive_write_set_format_xar
archive_write_set_format_zip
archive_write_set_option
archive_write_set_options
archive_write_set_passphrase
archive_write_set_passphrase_callback
archive_write_set_skip_file
archive_write_zip_set_compression_deflate
archive_write_zip_set_compression_store
archive_zlib_version

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
audiodg.exe
.exe windows:10 windows x64 arch:x64

6f42b8942e82d0be00748f2dc071ae89

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:a6:38:7a:2e:f6:85:6a:68:a0:2d:9d:3e:03:43:75:41:76:01:6e:8e:57:ef:c4:80:31:fa:c0:e1:a0:89:d2
Signer

Actual PE Digest

b9:a6:38:7a:2e:f6:85:6a:68:a0:2d:9d:3e:03:43:75:41:76:01:6e:8e:57:ef:c4:80:31:fa:c0:e1:a0:89:d2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

AudioDG.pdb

Imports

msvcp_win

_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_unlock
?_Xlength_error@std@@YAXPEBD@Z
?_Throw_C_error@std@@YAXH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-math-l1-1-0

_isnan

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
memmove
_o__wcstoui64
_o_abort
_o_calloc
_o_ceilf
_o_exit
_o_floor
_o_free
_o_malloc
_o_powf
_o_realloc
_o_sqrt
_o_terminate
_o_wcsncpy_s
_o_wmemcpy_s
__current_exception
__current_exception_context
__CxxFrameHandler3
__C_specific_handler_noexcept
memcpy
_CxxThrowException
memcmp
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o__exit
_o__errno
_o___p__commode
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
__std_type_info_compare
_o__callnewh
__std_terminate
__C_specific_handler
__CxxFrameHandler4

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadLibraryExW
FindResourceExW
LockResource
SizeofResource
FreeLibrary
GetModuleFileNameA
GetModuleFileNameW
GetProcAddress
GetModuleHandleExW
GetModuleHandleExA
LoadResource

api-ms-win-core-synch-l1-1-0

ReleaseMutex
WaitForSingleObjectEx
WaitForMultipleObjectsEx
OpenSemaphoreW
CreateWaitableTimerExW
WaitForSingleObject
InitializeCriticalSection
TryEnterCriticalSection
ReleaseSemaphore
CancelWaitableTimer
SetEvent
InitializeCriticalSectionEx
CreateEventExW
SetWaitableTimer
InitializeSRWLock
EnterCriticalSection
CreateEventW
LeaveCriticalSection
DeleteCriticalSection
CreateMutexExW
InitializeCriticalSectionAndSpinCount
ResetEvent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapDestroy
HeapReAlloc
HeapSize
HeapAlloc
HeapFree
HeapSetInformation

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
RaiseException
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
GetProcessId
GetCurrentThread
CreateThread
GetThreadId
TlsFree
OpenProcessToken
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
GetHandleInformation
CloseHandle

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
WakeByAddressSingle
WaitOnAddress
Sleep
InitOnceExecuteOnce
WakeByAddressAll
InitOnceComplete

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegCreateKeyExW
RegGetValueW
RegQueryInfoKeyW
RegDeleteValueW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetLogicalProcessorInformationEx
GetTickCount64

api-ms-win-core-fibers-l1-1-0

FlsFree
FlsSetValue

api-ms-win-devices-config-l1-1-1

CM_Locate_DevNodeW
CM_Open_DevNode_Key
CM_Unregister_Notification
CM_MapCrToWin32Err
CM_Register_Notification

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError
SetRestrictedErrorInfo
RoTransformError

api-ms-win-core-featurestaging-l1-1-0

UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification
RecordFeatureUsage

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
CreateThreadpoolWork
CloseThreadpoolCleanupGroup
CloseThreadpool
CreateThreadpoolCleanupGroup
WaitForThreadpoolTimerCallbacks
TrySubmitThreadpoolCallback
CloseThreadpoolTimer
SetThreadpoolThreadMaximum
CloseThreadpoolWork
SetThreadpoolThreadMinimum
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolTimer
SetThreadpoolTimer
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CreateThreadpool
CreateThreadpoolWait
CloseThreadpoolWait

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlReportException
NtSetTimerResolution
NtClose
NtQueryWnfStateData
NtQueryInformationProcess
EtwEventActivityIdControl
EtwLogTraceEvent
NtSetInformationProcess
NtSetInformationThread
NtSetSystemInformation
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQuerySystemInformation
EtwEventRegister
EtwEventUnregister
EtwEventWriteTransfer
NtAlpcSendWaitReceivePort
EtwUnregisterTraceGuids
EtwEventSetInformation
AlpcGetMessageAttribute
EtwGetTraceEnableFlags
EtwTraceMessage
NtCreateWnfStateName
NtDeleteWnfStateName
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
NtAlpcCreatePort
EtwRegisterTraceGuidsW
AlpcInitializeMessageAttribute
NtAlpcAcceptConnectPort
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlInitUnicodeStringEx
NtAlpcOpenSenderProcess
NtAlpcConnectPort
RtlRandomEx
RtlExtendMemoryBlockLookaside
RtlDestroyMemoryBlockLookaside
RtlCreateMemoryZone
RtlNtStatusToDosError
RtlLockCurrentThread
RtlFreeMemoryBlockLookaside
RtlLockMemoryZone
RtlUnlockCurrentThread
RtlLockMemoryBlockLookaside
RtlUnlockModuleSection
RtlLockModuleSection
RtlSubscribeWnfStateChangeNotification
RtlCreateMemoryBlockLookaside
RtlUnlockMemoryBlockLookaside
RtlDestroyMemoryZone
RtlUnlockMemoryZone
ShipAssert
RtlConvertHostPerfCounterToPerfCounter
RtlAllocateMemoryBlockLookaside
RtlPublishWnfStateData
RtlAllocateMemoryZone

mmdevapi

ord29
ord33
ord4
ord26
ord8
ord2
ord9
ord7

api-ms-win-core-memory-l1-1-1

SetProcessWorkingSetSizeEx
GetProcessWorkingSetSizeEx

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-winrt-string-l1-1-0

WindowsCompareStringOrdinal
WindowsCreateString
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsDuplicateString
WindowsCreateStringReference

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterMemoryBlock

api-ms-win-eventing-classicprovider-l1-1-0

TraceEvent

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 636KB - Virtual size: 633KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 4KB - Virtual size: 314B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
audioresourceregistrar.dll
.dll windows:10 windows x64 arch:x64

291cf19194ec4c7d8e669fedc450f923

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AudioResourceRegistrar.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o___std_type_info_destroy_list
memmove
_o__callnewh
_o__wcsicmp
_o__wcsnicmp
_o_calloc
_o_free
_o_malloc
_o_wcstoul
_o_wmemcpy_s
__C_specific_handler
_o___std_exception_destroy
_CxxThrowException
_o___std_exception_copy
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
__std_terminate
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp
wcsnlen

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegGetValueW
RegEnumValueW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
OpenMutexW
CreateMutexW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameA
GetProcAddress
GetModuleHandleW
GetModuleHandleExW
SizeofResource
LockResource
LoadResource
FindResourceExW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc
HeapDestroy
HeapSize

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

GetKeywordDetectorRequiredResources
Register

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
audiosrv.dll
.dll windows:10 windows x64 arch:x64

79ad82b1e013f3141eded03990f37562

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AudioSrv.pdb

Imports

audiosrvpolicymanager

PbmReportHostedAppStateChange_2
HHOSTEDAPPMANAGERCONTEXTRundown
ActivatePolicyManager
PbmReportAppInteractivityChange
PbmReportAppClosing
PbmAllowMediaPlaybackForApp
PbmRegisterPlaybackManagerNotifications
PbmUnregisterPlaybackManagerNotifications
PbmSetSmtcSubscriptionState
PbmGetSoundLevel
PbmIsPlaying
PbmRegisterAppManagerNotification
PbmUnregisterAppManagerNotification
PbmRegisterAppClosureNotification
PbmUnregisterAppClosureNotification
PbmPlayToStreamStateChanged
PbmCastingAppStateChanged
PbmSetScreenReaderState
PbmReportHostedAppStateChange
PbmSwitchSoftNonInteractiveAppsToHardNonInteractive
PbmReportApplicationState
PbmLaunchBackgroundTask
TS_SessionChanged
TS_SessionGetAudioProtocol
TS_RegisterAudioProtocolNotification
TS_UnregisterAudioProtocolNotification
TS_AudioProtocolNotifyRundown

msvcp_win

?_Xbad_function_call@std@@YAXXZ
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_unlock
?_Xout_of_range@std@@YAXPEBD@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ

api-ms-win-crt-string-l1-1-0

wcscmp
wcsnlen
wcscspn
memset
wcsncmp
wcsspn

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
_o__wcsupr_s
_o__wtof
_o_calloc
_o_ceilf
_o_floorf
_o_free
_o_log10
_o_malloc
_o_pow
_o_roundf
_o_sinf
_o_terminate
_o_towlower
_o_wcscpy_s
_o_wcstoul
_o_wmemcpy_s
__current_exception
__current_exception_context
__CxxFrameHandler3
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcsstr
wcsrchr
__C_specific_handler
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
_CxxThrowException
__C_specific_handler_noexcept
memmove

ntdll

EtwEventWriteTransfer
EtwEventUnregister
EtwUnregisterTraceGuids
RtlDllShutdownInProgress
RtlGetCurrentServiceSessionId
RtlGetActiveConsoleId
RtlQueryWnfStateData
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
EtwEventRegister
RtlNtStatusToDosError
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwEventActivityIdControl
RtlAcquireResourceShared
RtlPublishWnfStateData
RtlGetDeviceFamilyInfoEnum
NtQueryInformationProcess
NtDeleteWnfStateName
NtCreateWnfStateName
EtwTraceMessage
RtlFreeSid
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlInitUnicodeString
RtlInitializeResource
RtlDeleteResource
RtlAcquireResourceExclusive
RtlReleaseResource
EtwGetTraceLoggerHandle
EtwEventSetInformation
EtwGetTraceEnableFlags

api-ms-win-core-libraryloader-l1-2-0

LoadResource
FindResourceExW
FreeLibrary
GetModuleHandleW
GetModuleHandleExA
LockResource
SizeofResource
GetModuleFileNameW
GetProcAddress
GetModuleFileNameA
LoadStringW
DisableThreadLibraryCalls
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
SetEvent
CreateMutexExW
LeaveCriticalSection
ResetEvent
ReleaseSRWLockShared
AcquireSRWLockShared
EnterCriticalSection
ReleaseSRWLockExclusive
OpenEventW
InitializeCriticalSection
ReleaseSemaphore
WaitForSingleObject
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForMultipleObjectsEx
TryEnterCriticalSection
WaitForSingleObjectEx
CreateMutexW
CreateEventW
AcquireSRWLockExclusive
CreateEventExW
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapAlloc
HeapSize
GetProcessHeap
HeapFree
HeapDestroy

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
RaiseException
SetLastError

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentProcessId
GetProcessId
GetCurrentThread
GetProcessTimes
OpenThreadToken
GetCurrentProcess
GetExitCodeProcess
TerminateProcess
GetCurrentThreadId
ProcessIdToSessionId
CreateProcessW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

rpcrt4

NdrServerCall2
NdrServerCallAll
RpcServerUnregisterIfEx
RpcServerRegisterIf3
RpcServerUseProtseqEpW
RpcBindingVectorFree
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcServerInqBindings
I_RpcBindingInqTransportType
UuidCreate
I_RpcBindingInqLocalClientPID
RpcRevertToSelf
RpcImpersonateClient
RpcBindingFree
I_RpcExceptionFilter
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcStringFreeW
NdrClientCall3
UuidEqual

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount64
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-synch-l1-2-0

InitOnceComplete
WaitOnAddress
WakeByAddressAll
Sleep
InitOnceExecuteOnce
InitOnceBeginInitialize

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegSetValueExW
RegDeleteTreeW
RegQueryValueExW
RegDeleteKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegOpenCurrentUser
RegCloseKey
RegGetValueW
RegNotifyChangeKeyValue
RegEnumValueW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
CompareStringOrdinal

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolThreadMaximum
CloseThreadpool
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CloseThreadpoolWait
SetThreadpoolThreadMinimum
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpool
SubmitThreadpoolWork
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
CreateThreadpoolCleanupGroup
SetEventWhenCallbackReturns
CreateThreadpoolWork
CreateThreadpoolWait
IsThreadpoolTimerSet

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime
CreateFileW
CompareFileTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoUninitialize
RoRevokeActivationFactories
RoRegisterActivationFactories

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-processthreads-l1-1-1

OpenProcess
GetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus
RegisterWaitForSingleObject

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer
UnregisterWaitEx

api-ms-win-core-io-l1-1-0

PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatus

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-marshal-l1-1-0

HWND_UserSize
HWND_UserFree64
HWND_UserMarshal
HWND_UserSize64
HWND_UserFree
HWND_UserMarshal64
HWND_UserUnmarshal
HWND_UserUnmarshal64

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

combase

ord67
ord69
ord168
ord68
ord66
ord167

api-ms-win-core-memory-l1-1-1

GetProcessWorkingSetSizeEx
VirtualUnlock
SetProcessWorkingSetSizeEx
VirtualLock

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 388KB - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
auditcse.dll
.dll windows:10 windows x64 arch:x64

c924200769001bf300cd2c34153c10fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

auditcse.pdb

Imports

msvcp110_win

?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Orphan_all@_Container_base0@std@@QEAAXXZ
?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ

msvcrt

??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
_callnewh
malloc
tolower
memmove_s
_vsnprintf_s
memcpy_s
_vsnwprintf
memmove
memcpy
memset
??0exception@@QEAA@AEBQEBDH@Z
fclose
_wfopen_s
feof
fgetws
_wtoi
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_purecall
__CxxFrameHandler4
??3@YAXPEAX@Z
??0exception@@QEAA@XZ
_CxxThrowException
__RTDynamicCast
memcmp

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
FreeLibraryAndExitThread
LoadLibraryExW
FreeLibrary
GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleHandleW
GetProcAddress

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
TraceMessage
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
CreateThread
OpenThreadToken
GetCurrentThread

api-ms-win-core-handle-l1-1-0

CloseHandle

userenv

ProcessGroupPolicyCompletedEx

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

GetLengthSid
CopySid
PrivilegeCheck
RevertToSelf
AdjustTokenPrivileges
ImpersonateSelf
GetSecurityDescriptorSacl

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
EnterCriticalSection
WaitForSingleObjectEx
AcquireSRWLockExclusive
OpenSemaphoreW
AcquireSRWLockShared
DeleteCriticalSection
CreateSemaphoreExW
LeaveCriticalSection
InitializeCriticalSection
ReleaseSRWLockExclusive
ReleaseMutex
ReleaseSemaphore
ReleaseSRWLockShared
WaitForSingleObject
CreateMutexExW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

rpcrt4

UuidToStringW
UuidFromStringW
RpcStringFreeW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l2-1-2

CopyFileW

oleaut32

SafeArrayPutElement
VariantInit
SafeArrayDestroy
SysFreeString
SafeArrayCreate
SysAllocString
SysStringByteLen
VariantClear
SysAllocStringByteLen

api-ms-win-core-com-l1-1-0

CoCreateGuid

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventEnabled
EventUnregister
EventRegister

advapi32

AuditLookupSubCategoryNameW
AuditEnumerateSubCategories
AuditFree
AuditSetSystemPolicy
AuditSetPerUserPolicy
AuditSetGlobalSaclW
LsaSetCAPs

shell32

SHCreateDirectoryExW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

GenerateGroupPolicy
GenerateGroupPolicyCap
ProcessGroupPolicyEx
ProcessGroupPolicyExCap

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
autopilot.dll
.dll regsvr32 windows:10 windows x64 arch:x64

9ecc1113444a089dd752c215920605d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

autopilot.pdb

Imports

msvcp_win

?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?exceptions@ios_base@std@@QEAAXH@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?get@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEBA?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBG4@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsdup
_o__wcsicmp
memmove
_o__wcsnicmp
_o_free
_o_malloc
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memchr
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
FreeLibraryAndExitThread
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
FreeLibrary

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
CreateSemaphoreExW
EnterCriticalSection
WaitForSingleObject
ReleaseSRWLockExclusive
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateMutexExW
ReleaseMutex
SetEvent
ResetEvent
InitializeCriticalSectionEx
CreateEventW
ReleaseSRWLockShared
LeaveCriticalSection
CreateEventExW
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoCreateInstance
IIDFromString
CoTaskMemFree
StringFromGUID2
CoCreateGuid
CoWaitForMultipleHandles

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventActivityIdControl
EventWriteTransfer
EventRegister

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteStringBuffer
WindowsDuplicateString
WindowsPreallocateStringBuffer
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsPromoteStringBuffer
WindowsCreateString

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
CreateThread
OpenProcessToken
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
ResumeThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegEnumValueW
RegDeleteTreeW
RegGetValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

rpcrt4

UuidCreate

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlReleasePrivilege
RtlIsStateSeparationEnabled
RtlAcquirePrivilege

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

ncrypt

NCryptGetProperty
NCryptOpenStorageProvider

winhttp

WinHttpReadData
WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpConnect
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpOpenRequest

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateDirectoryW
ReadFile
CreateFileW
WriteFile
GetFileSizeEx
SetFilePointerEx

api-ms-win-core-firmware-l1-1-0

SetFirmwareEnvironmentVariableW
GetFirmwareEnvironmentVariableW

api-ms-win-core-sysinfo-l1-2-0

GetSystemFirmwareTable

userenv

ExpandEnvironmentStringsForUserW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-service-management-l1-1-0

StartServiceW
OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AutoPilotGetOobeSettingsOverride
AutoPilotGetPolicyDwordByName
AutoPilotGetPolicyStringByName
AutoPilotIsLocalProfileAvailable
AutoPilotIsNetworkRequired
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
autopilotdiag.dll
.dll windows:10 windows x64 arch:x64

f629bb8789eda421161863c0a2e9ff9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

autopilotdiag.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___std_type_info_destroy_list
_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
__C_specific_handler

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
avrt.dll
.dll windows:10 windows x64 arch:x64

9559d57c55d442418a908480f763176b

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d7:f7:82:3b:3e:75:3f:97:79:5e:7f:60:f9:97:54:42:61:5a:2b:b5:95:4d:83:9b:92:93:b4:15:e8:35:59:66
Signer

Actual PE Digest

d7:f7:82:3b:3e:75:3f:97:79:5e:7f:60:f9:97:54:42:61:5a:2b:b5:95:4d:83:9b:92:93:b4:15:e8:35:59:66

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

avrt.pdb

Imports

ntdll

RtlUnhandledExceptionFilter
NtDeviceIoControlFile
RtlNtStatusToDosError
LdrDisableThreadCalloutsForDll
RtlVirtualUnwind
NtTerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlMultiByteToUnicodeN
NtClose
NtSetInformationThread
NtCreateFile
memset

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-service-management-l1-1-0

StartServiceW
CloseServiceHandle
OpenServiceW
OpenSCManagerW

Exports

Exports

AvCreateTaskIndex
AvQuerySystemResponsiveness
AvQueryTaskIndexValue
AvRevertMmThreadCharacteristics
AvRtCreateThreadOrderingGroup
AvRtCreateThreadOrderingGroupExA
AvRtCreateThreadOrderingGroupExW
AvRtDeleteThreadOrderingGroup
AvRtJoinThreadOrderingGroup
AvRtLeaveThreadOrderingGroup
AvRtWaitOnThreadOrderingGroup
AvSetMmMaxThreadCharacteristicsA
AvSetMmMaxThreadCharacteristicsW
AvSetMmThreadCharacteristicsA
AvSetMmThreadCharacteristicsW
AvSetMmThreadPriority
AvSetMultimediaMode
AvTaskIndexYield
AvTaskIndexYieldCancel
AvThreadOpenTaskIndex

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bcastdvruserservice.dll
.dll windows:10 windows x64 arch:x64

c1069a8115649ed00af19dedf29b7fd8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bcastdvruserservice.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
_o__wfopen_s
memmove
_o_fclose
_o_fgetws
_o_free
_o_iswupper
_o_malloc
_o_memcpy_s
_o_realloc
_o_terminate
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcstol
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__errno
_o__initialize_narrow_environment
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_name
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcschr
wcsstr
wcsrchr
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsncmp
memset

bcastdvrcommon

?PrintGuid@GameDVRUtility@Internal@Capture@Media@Windows@@YAJU_GUID@@PEAVString@25@@Z
FireCallerManagerEvent
?OutputString@BcastDVR_OutputDebug@@QEAAXXZ
?LogError@BcastDVRLogProviderBase@@SAXJPEBD0H_N@Z
?PrintType@BcastDVR_OutputDebug@@QEAAXPEBDK@Z
?GetGuidStringFromGuid@GameDVRUtility@Internal@Capture@Media@Windows@@YAJAEBU_GUID@@_NPEAVString@25@@Z
??0BcastDVR_OutputDebug@@QEAA@PEBD@Z
?PrintType@BcastDVR_OutputDebug@@QEAAXPEBD0@Z
?Uninitialize@BcastDVR_OutputDebug@@SAXXZ
?GetPlugInPackageFullName@PlugInUtility@Internal@Capture@Media@Windows@@YAJAEBU_GUID@@PEAVString@25@@Z
?PrintType@BcastDVR_OutputDebug@@QEAAXPEBDN@Z
?LogErrorEx@BcastDVRLogProviderBase@@SAXJPEBD0H00_N@Z
?RegGetDwordValue@GameDVRUtility@Internal@Capture@Media@Windows@@YAXPEAUHKEY__@@PEBG1KPEAK@Z
?RegSetDwordValue@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAUHKEY__@@PEBG1K@Z
?RegSetStringValue@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAUHKEY__@@PEBG1PEAVString@25@@Z
GetBroadcastSharedMemoryWriter
?RegSetQwordValue@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAUHKEY__@@PEBG1_K@Z
?RegGetQwordValue@GameDVRUtility@Internal@Capture@Media@Windows@@YAXPEAUHKEY__@@PEBG1_KPEA_K@Z
?PrintType@BcastDVR_OutputDebug@@QEAAXPEBDPEBG@Z
?GetUserGameDVRConfigFolderPath@EnvironmentManager@Internal@Capture@Media@Windows@@YAJPEAVString@25@PEBG@Z
?Initialize@BcastDVR_OutputDebug@@SAXPEBGW4BcastDVR_OutputDebug_TraceToFileType@@0@Z
?GetOSVersionString@GameDVRUtility@Internal@Capture@Media@Windows@@YAXPEAVString@25@@Z
?Printf@BcastDVRLogProviderBase@@SAX_N0PEBD1HPEBGZZ
?RegGetStringValue@GameDVRUtility@Internal@Capture@Media@Windows@@YAXPEAUHKEY__@@PEBG1PEAVString@25@@Z
?GetHKeyCurrentUserForIUser@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAUIUser@System@5@PEAPEAUHKEY__@@@Z
??0ImpersonateHelper@Internal@Capture@Media@Windows@@QEAA@XZ
??1ImpersonateHelper@Internal@Capture@Media@Windows@@QEAA@XZ
?ImpersonateUser@ImpersonateHelper@Internal@Capture@Media@Windows@@QEAAJPEAUIUser@System@5@@Z
?CleanupObsoletePlugIns@PlugInUtility@Internal@Capture@Media@Windows@@YAJPEAUHKEY__@@@Z
?MostRecentErrorInHistory@BcastDVRLogProviderBase@@SAJXZ
?GetBroadcastSebEventIds@PlugInUtility@Internal@Capture@Media@Windows@@YAJPEAKPEAPEAU_GUID@@@Z
?FreeBroadcastSebEventIds@PlugInUtility@Internal@Capture@Media@Windows@@YAXPEAPEAU_GUID@@@Z
?GetDefaultPlugIn@PlugInUtility@Internal@Capture@Media@Windows@@YAJPEAUHKEY__@@PEAU_GUID@@@Z
?SetDefaultPlugIn@PlugInUtility@Internal@Capture@Media@Windows@@YAJPEAUHKEY__@@AEBU_GUID@@@Z
?GetPlugInInfo@PlugInUtility@Internal@Capture@Media@Windows@@YAJPEAUHKEY__@@AEBU_GUID@@PEAVString@25@22@Z
CreateCallerManagerInstance
?CloseDuplicatedHandle@GameDVRUtility@Internal@Capture@Media@Windows@@YAJKPEAX@Z
?GetErrorHistoryCount@BcastDVRLogProviderBase@@SAKXZ
?CloseDuplicatedHandles@GameDVRUtility@Internal@Capture@Media@Windows@@YAJKKQEAPEAX@Z
?AppendPath@EnvironmentManager@Internal@Capture@Media@Windows@@YAJAEBVString@25@0PEAV625@@Z
?PrintType@BcastDVR_OutputDebug@@QEAAXPEBDE@Z
CreateMetadataManagerInstance
?PrintType@BcastDVR_OutputDebug@@QEAAXPEBDH@Z
?GetBroadcastPlugInRegistryPathFromSebEventId@EnvironmentManager@Internal@Capture@Media@Windows@@YAJAEBU_GUID@@PEAVString@25@@Z
?PrintType@BcastDVR_OutputDebug@@QEAAXPEBD_K@Z
ActiveMetadataManagerInstances
?MapConstantToString@GameDVRUtility@Internal@Capture@Media@Windows@@YAPEBGQEAPEBGKKKK@Z
GetPreviewSharedMemoryWriter
?PrintType@BcastDVR_OutputDebug@@QEAAXPEBDI@Z
?PrintHRESULT@BcastDVR_OutputDebug@@QEAAXJ@Z
?PrintType@BcastDVR_OutputDebug@@QEAAXPEBDPEAX@Z
?GetIUserSID@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAUIUser@System@5@PEAVString@25@@Z
?GetCallersSebEventId@PlugInUtility@Internal@Capture@Media@Windows@@YAJPEAU_GUID@@@Z
?GetFormattedErrorHistory@BcastDVRLogProviderBase@@SAKPEAVString@Internal@Windows@@@Z
?GetKnownFolderSubFolder@EnvironmentManager@Internal@Capture@Media@Windows@@YAJAEBU_GUID@@PEBGPEAVString@25@@Z

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FreeLibrary
LoadLibraryExW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

CreateEventExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
CreateMutexExW
InitializeSRWLock
DeleteCriticalSection
TryEnterCriticalSection
AcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockExclusive
AcquireSRWLockShared
WaitForSingleObject
CreateSemaphoreExW
InitializeCriticalSectionEx
ReleaseSemaphore
ResetEvent
ReleaseSRWLockShared
CreateEventW
SetEvent
LeaveCriticalSection
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer
WindowsCompareStringOrdinal
WindowsGetStringLen
WindowsConcatString
WindowsCreateString
WindowsDeleteString
WindowsReplaceString
WindowsDuplicateString
WindowsCreateStringReference

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
CreateThread
GetCurrentThreadId
TerminateProcess
GetProcessId
OpenProcessToken
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

PropVariantClear
CoDisconnectContext
CoTaskMemAlloc
CoTaskMemFree
CoReleaseMarshalData
CreateStreamOnHGlobal
CoMarshalInterface
CoWaitForMultipleHandles
CoGetCallContext
CoDecrementMTAUsage
CoCreateGuid
CoCreateFreeThreadedMarshaler
CoReleaseServerProcess
CoResumeClassObjects
CoRegisterClassObject
CoInitializeSecurity
CoCreateInstance
CoAddRefServerProcess
CoRevokeClassObject

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolWork
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CreateThreadpool
CloseThreadpool
SubmitThreadpoolWork
CloseThreadpoolWork

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateErrorW
GetRestrictedErrorInfo
SetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoRevokeActivationFactories
RoGetActivationFactory
RoInitialize
RoRegisterActivationFactories
RoActivateInstance

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-base-l1-1-0

GetTokenInformation
MakeAbsoluteSD
DuplicateTokenEx

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GlobalMemoryStatusEx
GetSystemTime
GetSystemTimeAsFileTime
GetLocalTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

mfplat

MFTEnumEx
MFCreateDXGISurfaceBuffer
MFCreateDXGIDeviceManager
MFShutdown
MFCreateSample
MFCreateMemoryBuffer
MFStartup
MFCreateAttributes
MFCreateFile
MFCreateMediaType
MFCreateAlignedMemoryBuffer

api-ms-win-shcore-scaling-l1-1-1

SetProcessDpiAwareness

dwmapi

ord157
ord158
ord175
ord176
ord173

dcomp

ord2002
ord1060
DCompositionCreateDevice2
ord2000

api-ms-win-appmodel-runtime-l1-1-1

GetApplicationUserModelIdFromToken
ParseApplicationUserModelId
GetPackageFullNameFromToken
FindPackagesByPackageFamily

policymanager

PolicyManager_GetPolicyInt

systemeventsbrokerclient

SebEnumerateEventsByType
SebSignalEvent

audioses

ord1
ord3
ord2

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenCurrentUser
RegCloseKey

api-ms-win-rtcore-ntuser-window-l1-1-0

GetWindowRect
IsWindowVisible
EnumWindows
GetWindowTextW
GetPropW
GetDesktopWindow
GetForegroundWindow
GetWindowLongW
GetWindowThreadProcessId
GetClientRect
ScreenToClient
DispatchMessageW
TranslateMessage
SendMessageW
PeekMessageW
GetAncestor

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

ntdll

RtlQueryPackageClaims
RtlUpcaseUnicodeChar
RtlPublishWnfStateData
ZwQuerySystemInformation
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
ZwClose
ZwOpenKey
RtlInitUnicodeString
RtlFreeHeap
RtlGetNativeSystemInformation
ZwEnumerateKey
RtlReAllocateHeap
NtQueryInformationProcess
RtlAllocateHeap
RtlInitUnicodeStringEx
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
NtQueryInformationToken
ZwQueryValueKey

api-ms-win-core-kernel32-legacy-l1-1-0

PulseEvent
RegisterWaitForSingleObject

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem
UnregisterWaitEx

api-ms-win-core-file-l1-1-0

CreateFileW
DeleteFileW
CreateDirectoryW
WriteFile
FindFirstFileW
FindClose
ReadFile
GetFileAttributesW
GetFileSizeEx
GetTempFileNameW
GetDiskFreeSpaceExW
FindNextFileW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-core-com-l1-1-1

RoGetAgileReference

rpcrt4

UuidCreate
RpcRevertToSelf
RpcImpersonateClient

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW
WaitForMultipleObjects

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

oleaut32

VariantInit

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOverStream

dxgi

CreateDXGIFactory1
CreateDXGIFactory2

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-ntuser-rectangle-l1-1-0

IntersectRect
PtInRect

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

api-ms-win-security-cryptoapi-l1-1-0

CryptReleaseContext
CryptAcquireContextW
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptCreateHash

d3d11

D3D11CreateDevice

api-ms-win-core-datetime-l1-1-1

GetTimeFormatEx
GetDateFormatEx

bcrypt

BCryptGetProperty
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptCreateHash

mfreadwrite

MFCreateSinkWriterFromURL
MFCreateSinkWriterFromMediaSink
MFCreateSourceReaderFromMediaSource

api-ms-win-core-memory-l1-1-0

ReadProcessMemory

crypt32

CryptBinaryToStringW

api-ms-win-core-path-l1-1-0

PathCchCombine

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-file-l2-1-2

CopyFileW

combase

ord69
ord66
ord68
ord67

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-math-l1-1-0

_finite

aepic

PicRetrieveFileInfo
PicFreeFileInfo

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

gdi32

GetDIBits
DeleteObject
CreateCompatibleDC
DeleteDC

shell32

ShellExecuteW
ShellExecuteExW

user32

GetClassLongPtrW
GetCursorInfo
MonitorFromWindow
GetIconInfo
DestroyIcon

setupapi

SetupDiGetDevicePropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

Exports

Exports

ServiceMain

Sections

.text
Size: 1016KB - Virtual size: 1013KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 416KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bcryptprimitives.dll
.dll windows:10 windows x64 arch:x64

39ad65c22ee924ce5251a7d370c63dcc

Code Sign

33:00:00:04:5b:f6:31:bc:00:f4:fc:37:45:00:00:00:00:04:5b
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 18:20

Not After

04/09/2024, 18:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e3:42:33:f4:4c:27:f7:d3:d9:a4:33:9d:38:ff:d1:57:e0:f5:b4:27:bb:5c:2d:e2:ef:98:3b:fa:5f:36:14:cd
Signer

Actual PE Digest

e3:42:33:f4:4c:27:f7:d3:d9:a4:33:9d:38:ff:d1:57:e0:f5:b4:27:bb:5c:2d:e2:ef:98:3b:fa:5f:36:14:cd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bcryptprimitives.pdb

Imports

ntdll

NtTerminateProcess
RtlGetCurrentProcessorNumberEx
RtlAllocateHeap
RtlFreeHeap
RtlCaptureContext
__C_specific_handler
wcscpy_s
_wcsicmp
RtlImageNtHeader
qsort
NtOpenFile
RtlInitUnicodeString
RtlLookupFunctionEntry
RtlGetSystemGlobalData
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwTraceMessage
EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
RtlVirtualUnwind
EtwGetTraceEnableLevel
RtlUnhandledExceptionFilter
memset
NtQueryInformationProcess
_vsnwprintf
__chkstk
_local_unwind
memcmp
memcpy
memmove
wcscmp

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameW
GetModuleHandleExW
GetProcAddress

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
SetThreadStackGuarantee
GetCurrentProcessId

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualAlloc
VirtualQuery

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo

api-ms-win-core-xstate-l2-1-0

GetEnabledXStateFeatures

Exports

Exports

GetAsymmetricEncryptionInterface
GetCipherInterface
GetHashInterface
GetKeyDerivationInterface
GetRngInterface
GetSecretAgreementInterface
GetSignatureInterface
MSCryptConvertRsaPrivateBlobToFullRsaBlob
ProcessPrng
ProcessPrngGuid

Sections

.text
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bthserv.dll
.dll windows:10 windows x64 arch:x64

79582b14229fadfdf3aa3b5e9ee3a8cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bthserv.pdb

Imports

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wcstoi64
_o_free
_o_malloc
_o_memcpy_s
_o_wcscpy_s
_o_wcstok_s
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__configure_narrow_argv
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o__cexit
_o__callnewh
_o___stdio_common_vsnprintf_s
__C_specific_handler
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o__crt_atexit
__std_terminate
_o___std_exception_copy
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
memmove_s

ntdll

RtlPublishWnfStateData
RtlRbInsertNodeEx
RtlGetPersistedStateLocation
RtlNtStatusToDosError
RtlRbRemoveNode
RtlNtStatusToDosErrorNoTeb
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlInitUnicodeString
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
LdrAddRefDll
RtlCaptureContext
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
RtlGUIDFromString
EtwUnregisterTraceGuids

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleExA
GetModuleHandleW
GetProcAddress
FreeLibrary

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
AcquireSRWLockShared
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
CreateSemaphoreExW
WaitForSingleObjectEx
CreateMutexW
ReleaseMutex
ReleaseSemaphore
CreateEventExW
ResetEvent
OpenSemaphoreW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateEventW
SetEvent
InitializeCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
CreateMutexExW
WaitForSingleObject

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

GetThreadLocale
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

rpcrt4

RpcEpRegisterW
RpcServerInqBindings
RpcServerUnregisterIfEx
RpcStringFreeW
RpcEpUnregister
RpcServerInqDefaultPrincNameW
RpcServerUseProtseqW
RpcServerRegisterIfEx
NdrServerCall2
NdrServerCallAll
RpcRaiseException
RpcBindingInqAuthClientW
RpcImpersonateClient
RpcServerRegisterAuthInfoW
RpcRevertToSelf
RpcBindingVectorFree

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-threadpool-l1-2-0

FreeLibraryWhenCallbackReturns
CloseThreadpoolCleanupGroup
SetThreadpoolTimerEx
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
SubmitThreadpoolWork
CreateThreadpoolWork
SetThreadpoolTimer
TrySubmitThreadpoolCallback
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegSetValueExW

api-ms-win-core-io-l1-1-0

DeviceIoControl
CancelIoEx
GetOverlappedResult

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-devices-config-l1-1-1

CM_Unregister_Notification
CM_Register_Notification

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
CloseServiceHandle

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx
NotifyServiceStatusChangeW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-devices-query-l1-1-0

DevCloseObjectQuery
DevCreateObjectQuery

wpprecorderum

WppAutoLogTrace
WppAutoLogStop
WppAutoLogStart

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

bthtelemetry

BthProcessEventOccurrenceBthaddr
BthCollectFingerprintInfo
BthProcessEventOccurrenceResultBthaddr

policymanager

PolicyManager_GetPolicyString
PolicyManager_GetPolicyInt
PolicyManager_FreeStringValue

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-devices-query-l1-1-1

DevCreateObjectQueryEx

devobj

DevObjCreateDeviceInfoList
DevObjOpenDevRegKey
DevObjGetDeviceInstanceId
DevObjGetClassDevs
DevObjUninstallDevice
DevObjDestroyDeviceInfoList
DevObjEnumDeviceInterfaces
DevObjGetDeviceInterfaceDetail
DevObjEnumDeviceInfo

Exports

Exports

ServiceMain

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
catsrvut.dll
.dll regsvr32 windows:10 windows x64 arch:x64

c186623e2958aee17ecf0414f0b016ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

catsrvut.pdb

Imports

msvcrt

_initterm
_lock
_unlock
__dllonexit
_amsg_exit
_XcptFilter
_onexit
memset
memcpy
_wcsnicmp
_ltow
memcmp
_waccess
_vsnwprintf
_local_unwind
_wcsicmp
_purecall
wcsncmp
towupper
_itow
iswspace
iswprint
__isascii
wcsrchr
wcschr
wcscpy_s
?terminate@@YAXXZ
realloc
wcscat_s
malloc
free
__C_specific_handler
__CxxFrameHandler4
wcscmp

ntdll

WinSqmSetDWORD
RtlFreeHeap
RtlImageNtHeader
RtlAllocateHeap
RtlGetVersion
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-synch-l1-1-0

CreateEventW
InitializeCriticalSectionAndSpinCount
ReleaseMutex
OpenMutexW
LeaveCriticalSection
InitializeCriticalSection
OpenEventW
EnterCriticalSection
WaitForSingleObject
SetEvent
DeleteCriticalSection

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
GetModuleFileNameW
FreeLibraryAndExitThread
LoadStringW
LockResource
GetModuleHandleW
FreeLibrary
SizeofResource
LoadResource
LoadLibraryExW
GetModuleHandleExW
GetProcAddress
DisableThreadLibraryCalls

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoGetObjectContext
CoInitializeEx
CoCreateInstance
CLSIDFromString
CoCreateInstanceEx
StringFromCLSID
CoUninitialize
IIDFromString
CoCreateGuid
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoGetCallContext
CoImpersonateClient
CoRevertToSelf
StringFromIID

api-ms-win-core-string-l2-1-0

CharPrevW
CharNextW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetErrorMode

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegDeleteTreeW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegQueryInfoKeyW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
OpenFileMappingW
UnmapViewOfFile
CreateFileMappingW
VirtualProtect
VirtualAlloc
VirtualQuery

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemDirectoryW
GetTickCount
GetLocalTime
GetSystemTimeAsFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapDestroy

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

CreateProcessAsUserW
TerminateProcess
GetCurrentProcess
OpenThreadToken
GetCurrentThread
CreateProcessW
GetCurrentProcessId
GetCurrentThreadId
ExitProcess
CreateThread
GetExitCodeProcess
OpenProcessToken
SetThreadStackGuarantee
SetThreadToken

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-file-l1-1-0

DeleteFileW
CreateDirectoryW
FindFirstFileW
FindNextFileW
GetLongPathNameW
FindClose
SetFileAttributesW
GetShortPathNameW
CreateFileW

api-ms-win-security-base-l1-1-0

AllocateLocallyUniqueId
EqualSid
CreateWellKnownSid
CopySid
IsValidSid
CheckTokenMembership
SetSecurityDescriptorDacl
GetTokenInformation
AddAccessAllowedAce
AdjustTokenPrivileges
DuplicateTokenEx
GetSecurityDescriptorLength
IsValidSecurityDescriptor
AddAce
DestroyPrivateObjectSecurity
CreatePrivateObjectSecurityEx
GetSecurityDescriptorDacl
FreeSid
IsWellKnownSid
GetSidLengthRequired
GetSidSubAuthority
AllocateAndInitializeSid
GetSidSubAuthorityCount
GetLengthSid
InitializeAcl
InitializeSecurityDescriptor

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
LocalReAlloc

api-ms-win-core-wow64-l1-1-1

GetSystemWow64DirectoryW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l2-1-0

CopyFileExW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

kernel32

LocalSize
OpenFile
lstrcmpiW
lstrcpynW
lstrcpyW
GetComputerNameW

mfcsubs

??H@YA?AVCString@@AEBV0@0@Z
??H@YA?AVCString@@AEBV0@PEBG@Z
??1CString@@QEAA@XZ
??4CString@@QEAAAEBV0@PEBG@Z
??0CString@@QEAA@XZ
??0CString@@QEAA@PEBG@Z
??0CString@@QEAA@PEBD@Z
??YCString@@QEAAAEBV0@AEBV0@@Z
??4CString@@QEAAAEBV0@AEBV0@@Z

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-com-private-l1-1-0

CoGetModuleType
UpdateDCOMSettings

api-ms-win-core-shlwapi-legacy-l1-1-0

PathStripPathW

Exports

Exports

??0CComPlusComponent@@QEAA@$$QEAV0@@Z
??0CComPlusComponent@@QEAA@AEBV0@@Z
??0CComPlusInterface@@QEAA@$$QEAV0@@Z
??0CComPlusInterface@@QEAA@AEBV0@@Z
??0CComPlusMethod@@QEAA@AEBV0@@Z
??0CComPlusObject@@QEAA@AEBV0@@Z
??1CComPlusComponent@@UEAA@XZ
??1CComPlusInterface@@UEAA@XZ
??4CComPlusComponent@@QEAAAEAV0@$$QEAV0@@Z
??4CComPlusComponent@@QEAAAEAV0@AEBV0@@Z
??4CComPlusInterface@@QEAAAEAV0@$$QEAV0@@Z
??4CComPlusInterface@@QEAAAEAV0@AEBV0@@Z
??4CComPlusMethod@@QEAAAEAV0@AEBV0@@Z
??4CComPlusObject@@QEAAAEAV0@AEBV0@@Z
??4CComPlusTypelib@@QEAAAEAV0@AEBV0@@Z
??_7CComPlusComponent@@6B@
??_7CComPlusInterface@@6B@
??_7CComPlusMethod@@6B@
??_7CComPlusObject@@6B@
?GetITypeLib@CComPlusTypelib@@QEAAPEAUITypeLib@@XZ
CGMIsAdministrator
COMPlusUninstallActionW
CreateComRegDBWriter
DestroyComRegDBWriter
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
FindAssemblyModulesW
ManagedRequestW
QueryUserDllW
RegDBBackup
RegDBRestore
RunMTSToCom
StartMTSTOCOM
SysprepComplus
SysprepComplus2
WinlogonHandlePendingInfOperations

Sections

.text
Size: 392KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cdd.dll
.dll windows:10 windows x64 arch:x64

69e843be2037c00a4405eaec64eba4b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cdd.pdb

Imports

ntoskrnl.exe

KeEnterCriticalRegion
KeLeaveCriticalRegion
ExReleasePushLockExclusiveEx
RtlInitUnicodeString
IoGetDeviceObjectPointer
IoBuildDeviceIoControlRequest
IofCallDriver
ObReferenceObjectByHandle
ObDuplicateObject
ObCloseHandle
ExAcquirePushLockExclusiveEx
KeQueryTimeIncrement
IoAllocateMdl
IoFreeMdl
KeInvalidateRangeAllCaches
EtwWriteTransfer
MmMapViewOfSection
KeReleaseMutex
ZwSetSystemInformation
RtlQueryFeatureConfiguration
RtlRegisterFeatureConfigurationChangeNotification
RtlQueryFeatureConfigurationChangeStamp
KeUnstackDetachProcess
KeStackAttachProcess
PsGetCurrentProcessSessionId
EtwActivityIdControl
ZwClose
KeWaitForSingleObject
PsCreateSystemThread
ObOpenObjectByPointer
KeCancelTimer
vsprintf_s
DbgPrintEx
KeClearEvent
KeReadStateEvent
KeWaitForMultipleObjects
KeSetTimer
KeInitializeTimer
KeSetActualBasePriorityThread
KeDelayExecutionThread
ObfReferenceObject
ExFreeToLookasideListEx
ExAllocateFromLookasideListEx
RtlCopyMemoryNonTemporal
MmUnmapViewOfSection
_purecall
PsGetCurrentProcess
PsGetProcessImageFileName
MmProbeAndLockPages
MmSizeOfMdl
MmMapViewInSessionSpace
MmCreateSection
MmUnmapViewInSessionSpace
MmUnlockPages
ExDeleteLookasideListEx
ObfDereferenceObject
DbgkWerCaptureLiveKernelDump
ExEnterCriticalRegionAndAcquireFastMutexUnsafe
ExReleaseFastMutexUnsafeAndLeaveCriticalRegion
RtlQueryRegistryValuesEx
KeInitializeEvent
ExFreePoolWithTag
ExInitializeLookasideListEx
ExAllocatePool2
RtlUnregisterFeatureConfigurationChangeNotification
DbgPrint
KdDebuggerEnabled
KeGetRecommendedSharedDataAlignment
ExIsProcessorFeaturePresent
KeGetCurrentIrql
KeSetEvent
ExQueryWnfStateData
KeInitializeMutex
KeInitializeSemaphore
EtwUnregister
EtwRegister
EtwSetInformation
ZwQuerySystemInformation
KeReleaseSemaphore
__C_specific_handler

watchdog.sys

WdLogNewEntry5_WdTrace
WdLogSingleEntry3
WdLogSingleEntry4
WdLogSingleEntry5
WdLogNewEntry5_WdLowResource
SMgrGdiCallout
WdLogSingleEntry1
WdLogNewEntry5_WdWarning
WdLogNewEntry5_WdEvent
WdLogSingleEntry2
WdLogNewEntry5_WdAssertion
WdLogSingleEntry0
WdLogNewEntry5_WdError

win32k.sys

XLATEOBJ_iXlate
EngBitBlt
EngStrokePath
PATHOBJ_vGetBounds
EngEqualRgn
EngAcquireSemaphoreSharedNoWait
EngIsSemaphoreSharedByCurrentThread
EngAcquireSemaphoreNoWait
EngUpdateDeviceSurface
EngCopyBits
PALOBJ_cGetColors
EngCreatePalette
EngDeletePalette
EngQueryW32kCddInterface
EngIsSemaphoreOwnedByCurrentThread
EngCreateDeviceBitmap
EngCreateRedirectionDeviceBitmap
EngCTGetGammaTable
EngIsSemaphoreOwned
EngRectInRgn
EngGetRgnBox
EngCombineRgn
EngGetRgnData
CLIPOBJ_bEnum
CLIPOBJ_cEnumStart
EngSetRectRgn
EngAssociateSurface
EngLockSurface
EngCreateBitmap
EngCreateDeviceSurface
EngReleaseSemaphore
EngAcquireSemaphore
EngModifySurface
EngDeleteSurface
EngUnlockSurface
EngDeleteRgn
EngCreateRectRgn
EngDeleteSemaphore
EngCreateSemaphore
EngAllocMem
EngFreeMem
EngTransparentBlt
EngAlphaBlend
EngGradientFill
EngStretchBlt
EngCopyRgn
EngOffsetRgn
EngTextOut
EngCTGetCurrentGamma
EngLineTo
EngFillPath
EngStrokeAndFillPath
EngStretchBltROP
EngPlgBlt
EngIsCddDeviceBitmap
EngBugCheckEx

Sections

.text
Size: 208KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 314B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 4KB - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cdp.dll
.dll regsvr32 windows:10 windows x64 arch:x64

538c176ed37c63342a1e408236cb3ca9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cdp.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__gmtime64_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__localtime64_s
_o__mkgmtime64
_o__mktime64
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__stricmp
_o__strnicmp
_o__strtoui64
_o__wcsicmp
memmove
_o_abort
_o_atoi
_o_ceilf
_o_free
_o_iswspace
_o_malloc
_o_modf
_o_pow
_o_rand
_o_realloc
_o_strcpy_s
_o_strftime
_o_strncpy_s
_o_strtol
_o_strtoul
_o_terminate
_o_tolower
_o_toupper
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
_o__difftime64
_o__dclass
_o__crt_atexit
_o__configure_narrow_argv
strstr
_o__cexit
_o__callnewh
_o__beginthreadex
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsscanf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
memchr
memcmp
memcpy
_CxxThrowException
__CxxFrameHandler3
wcschr
strchr
__std_type_info_compare
__std_terminate
__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

memset
strncmp
strpbrk
wcsncmp

combase

SetErrorInfo
ord154
ord2
ord4
ord5
GetErrorInfo

ntdll

NtDeleteWnfStateName
NtCreateWnfStateName
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlNtStatusToDosError
RtlPublishWnfStateData
RtlFreeUnicodeString
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlGetTokenNamedObjectPath
NtCreateSemaphore
RtlInitUnicodeString
RtlSidDominates
RtlGetDeviceFamilyInfoEnum
NtOpenMutant
RtlIsMultiUsersInSessionSku
NtOpenSemaphore

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
DisableThreadLibraryCalls
GetModuleHandleA
FreeLibrary
GetProcAddress
GetModuleHandleExW
LoadResource
FindResourceExW
GetModuleHandleW
LockResource
GetModuleFileNameA
FindStringOrdinal
GetModuleHandleExA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
OpenThreadToken
SetThreadToken
OpenProcessToken
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemTime
GetTickCount64
GetVersionExW
GetSystemTimeAsFileTime
GetComputerNameExW

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

msvcp_win

_Cnd_register_at_thread_exit
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
_Thrd_sleep
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
?setf@ios_base@std@@QEAAHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
_Cnd_unregister_at_thread_exit
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?setf@ios_base@std@@QEAAHHH@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Thrd_detach
_Cnd_wait
_Cnd_do_broadcast_at_thread_exit
_Cnd_broadcast
_Thrd_hardware_concurrency
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?is@?$ctype@D@std@@QEBA_NFD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?id@?$collate@D@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?id@?$ctype@D@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
?_Random_device@std@@YAIXZ
_Thrd_yield
_Mtx_trylock
??0_Locinfo@std@@QEAA@PEBD@Z
_Mtx_unlock
_Mtx_init_in_situ
?_Throw_C_error@std@@YAXH@Z
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??1_Lockit@std@@QEAA@XZ
??1_Locinfo@std@@QEAA@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
_Mtx_destroy_in_situ
_Strcoll
_Strxfrm
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
_Unlock_shared_ptr_spin_lock
_Lock_shared_ptr_spin_lock
?_Syserror_map@std@@YAPEBDH@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
_Mtx_lock
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
_Thrd_id
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Xlength_error@std@@YAXPEBD@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
_Thrd_join
?good@ios_base@std@@QEBA_NXZ
?uncaught_exception@std@@YA_NXZ
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
??7ios_base@std@@QEBA_NXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
_Cnd_signal
_Query_perf_counter
_Query_perf_frequency
_Cnd_timedwait
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_current_owns
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Xtime_get_ticks
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ

api-ms-win-crt-time-l1-1-0

clock
_time64

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
FormatMessageW
GetSystemPreferredUILanguages

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetEvent
ReleaseSemaphore
CreateEventExW
CreateSemaphoreExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
ResetEvent
InitializeSRWLock
InitializeCriticalSection
OpenMutexW
CreateMutexW
InitializeCriticalSectionAndSpinCount
CreateEventW
TryAcquireSRWLockExclusive

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
SubmitThreadpoolWork
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
CloseThreadpool
CreateThreadpool
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
SetThreadpoolWait
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyA
RegGetValueW
RegCloseKey
RegSetValueExW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegCreateKeyExA
RegGetValueA
RegOpenKeyExA
RegEnumKeyExA
RegCreateKeyExW

api-ms-win-security-base-l1-1-0

GetLengthSid
GetTokenInformation
RevertToSelf
ImpersonateLoggedOnUser
CopySid
CreateWellKnownSid

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l1-1-0

FindNextFileW
RemoveDirectoryW
GetFullPathNameW
CreateFileW
GetFileSizeEx
WriteFile
SetFilePointer
SetEndOfFile
GetFileAttributesW
FindFirstFileW
CreateDirectoryA
FlushFileBuffers
SetFilePointerEx
DeleteFileW
SetFileInformationByHandle
CreateDirectoryW
ReadFile
SetFileAttributesW
FindClose

api-ms-win-core-file-l1-2-0

CreateFile2

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
UnregisterWait

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-file-l2-1-0

MoveFileExW
GetFileInformationByHandleEx

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchSkipRoot

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-io-l1-1-0

PostQueuedCompletionStatus
GetQueuedCompletionStatus
CancelIoEx
CreateIoCompletionPort
DeviceIoControl

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

kernelbase

BaseFormatObjectAttributes

oleaut32

SysFreeString
SysStringLen
SysAllocString

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

CDPAccountFromWebAccount
CDPAcquireNetworkingInternal
CDPCreateAFSRegistrationClientInternal
CDPCreateAFSUserSettingsInternal
CDPCreateAccountInternalForUser
CDPCreateAccountInternalWithStableUserId
CDPCreateAccountProviderInternal
CDPCreateActivity
CDPCreateActivityAsset
CDPCreateActivityInternal
CDPCreateActivityStoreInfoInternal
CDPCreateActivityStoreInfoWatcher
CDPCreateActivityStoreInfoWatcherForUser
CDPCreateActivityStoreInfoWatcherInternal
CDPCreateActivityStoreReader
CDPCreateActivityStoreReaderForUser
CDPCreateActivityStoreReaderInternal
CDPCreateAllDevicesQuery
CDPCreateAllDevicesQueryForUser
CDPCreateAnonymousAccount
CDPCreateAnonymousAccountInternal
CDPCreateAppControlClient
CDPCreateAppControlClientInternal
CDPCreateAppId
CDPCreateAppRegistrationManager
CDPCreateAppRegistrationManagerForUser
CDPCreateAppRegistrationManagerInternal
CDPCreateAzureActiveDirectoryAccount
CDPCreateBeaconControl
CDPCreateBeaconControlInternal
CDPCreateBinaryClient
CDPCreateBinaryClientInternal
CDPCreateBinaryHost
CDPCreateBinaryHostInternal
CDPCreateBinaryHostWithSettings
CDPCreateCallbackNotifierInternal
CDPCreateCloudNotification
CDPCreateComObjectInternal
CDPCreateCrossPlatformAppId
CDPCreateCrossPlatformAppIdFromAppId
CDPCreateCurrentCrossPlatformAppId
CDPCreateDedupedDevice
CDPCreateDedupedDeviceQuery
CDPCreateDedupedDeviceQueryForUser
CDPCreateDedupedDeviceQueryInternal
CDPCreateDedupedDeviceQueryParameters
CDPCreateDeviceInternal
CDPCreateDeviceQuery
CDPCreateDeviceQueryForSessionInternal
CDPCreateDeviceQueryForUser
CDPCreateDeviceQueryInternal
CDPCreateDeviceQueryWithIdentity
CDPCreateDirectNotificationHost
CDPCreateEmptyAccountSettings
CDPCreateEnvironmentManagerInternal
CDPCreateHttpRequestInternal
CDPCreateLoggedOnUserChangedNotifier
CDPCreateLoggedOnUserFamilyChangedNotifier
CDPCreateMessagingHost
CDPCreateMessagingHostInternal
CDPCreateMicrosoftAccount
CDPCreateOrGetDdsRegistrationUserObjectInternal
CDPCreatePlatformSettingsInternal
CDPCreateRemoteUserInternal
CDPCreateResource
CDPCreateResourceCollection
CDPCreateSettingsInteropInternal
CDPCreateTask
CDPCreateTaskInternal
CDPCreateTelemetryTask
CDPCreateTelemetryTaskInternal
CDPCreateTestActivityAsset
CDPCreateUserInternal
CDPCreateUserNotificationClientInternal
CDPCreateUserServiceNotificationClient
CDPCreateUserServiceNotificationClientForUser
CDPCreateUuid
CDPFixAccounts
CDPGetAFCInitializer
CDPGetAccountProviderInternal
CDPGetAccountsNeedAttention
CDPGetAccountsSettings
CDPGetActivityStore
CDPGetActivityStoreForAccount
CDPGetActivityStoreForAccountInternal
CDPGetActivityStoreForStoreInfo
CDPGetActivityStoreForStoreInfoAndUser
CDPGetActivityStoreForStoreInfoInternal
CDPGetActivityStoreForUser
CDPGetActivityStoreInternal
CDPGetCloudNotificationProviderInternal
CDPGetCoreInitializer
CDPGetDeviceCache
CDPGetDeviceCacheInternal
CDPGetHost
CDPGetInProcActivityStoreForUserToken
CDPGetLogger
CDPGetNearShareAuthorizationPolicyOfInteractiveUser
CDPGetRelayInitializer
CDPGetResourceHandler
CDPGetResourceManager
CDPGetSDKAuthorizationPolicyOfInteractiveUser
CDPGetSGSocket
CDPGetSystemAppId
CDPGetUserActivitySettings
CDPGetUserActivitySettingsForUser
CDPGetUserActivitySettingsInternal
CDPGetUserCollectionInternal
CDPInitialize
CDPInitializeForService
CDPInitializeSGPowerOnPacket
CDPInitializeUserService
CDPInitializeUserServicePhase2
CDPIsEnabled
CDPPreShutdown
CDPRegisterActivityConflictResolverInternal
CDPReleaseNetworkingInternal
CDPResume
CDPSetAccountProviderInternal
CDPSetAppControlHostCallback
CDPSetExtendedLocalDeviceStatus
CDPSetResourceConfigProvider
CDPSetServicePid
CDPShutdown
CDPShutdownBluetooth
CDPStartCCSPolling
CDPStopCCSPolling
CDPSuspend
CDPUninitializeUserService
CDPWriteAccountSettings
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 232KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cdprt.dll
.dll windows:10 windows x64 arch:x64

fada29bcdbb85c0b4353da74104e1a61

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cdprt.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__mkgmtime64
_o__mktime64
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__stricmp
_o__ui64tow_s
_o__crt_atexit
_o__wcsicmp
_o__wcstoui64
memmove
_o_atoi
_o_ceil
_o_ceilf
_o_free
_o_malloc
_o_modf
_o_realloc
_o_strcpy_s
_o_strncpy_s
_o_strtol
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
strstr
_o__configure_narrow_argv
_CxxThrowException
__CxxFrameHandler3
wcsrchr
wcschr
__std_type_info_compare
strchr
_o__cexit
_o__callnewh
_o__beginthreadex
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o__execute_onexit_table
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__errno
__std_terminate
_o__dclass
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcsspn

cdp

CDPCreateDeviceQuery
CDPCreateResourceCollection
CDPCreateUuid
CDPCreateTelemetryTask
CDPGetSystemAppId
CDPCreateAppControlClient
CDPCreateActivityStoreReader
CDPCreateAppRegistrationManager
CDPGetLogger
CDPShutdown
CDPInitialize
CDPCreateAppRegistrationManagerForUser
CDPCreateDedupedDevice
CDPCreateBinaryHost
CDPCreateAppId
CDPCreateBinaryClient
CDPCreateBinaryHostInternal
CDPCreateCrossPlatformAppId
CDPCreateActivityStoreInfoInternal
CDPGetActivityStoreForStoreInfoAndUser
CDPGetActivityStore
CDPGetActivityStoreForAccount
CDPGetActivityStoreForStoreInfo
CDPGetActivityStoreForUser
CDPCreateUserServiceNotificationClient
CDPGetUserActivitySettings
CDPCreateActivityStoreInfoWatcher
CDPAccountFromWebAccount
CDPCreateActivity
CDPCreateDedupedDeviceQueryParameters
CDPCreateDedupedDeviceQueryForUser
CDPCreateAllDevicesQuery
CDPCreateAccountInternalWithStableUserId

windows.storage

SHCreateItemFromParsingName

kernelbase

GetPackageFullName
Sleep
GetPackageFamilyName
GetCurrentPackageFamilyName
GetCurrentPackageFullName
GetApplicationUserModelIdFromToken
CouldMultiUserAppsBehaviorBePossibleForPackage
GetPackageFullNameFromToken
GetSystemAppDataKey
OpenStateExplicit
CloseState

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameW
GetModuleHandleW
LoadStringW
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
SetEvent
InitializeSRWLock
CreateEventExW
ReleaseMutex
InitializeCriticalSection
WaitForMultipleObjectsEx
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CreateEventW
ReleaseSRWLockExclusive
ResetEvent
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError
RaiseException

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsDeleteString
WindowsDuplicateString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsCompareStringOrdinal
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsGetStringLen

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventWriteTransfer
EventActivityIdControl
EventRegister

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetProcessId
GetCurrentThreadId
GetProcessTimes
TerminateProcess
GetCurrentProcessId
OpenThreadToken
OpenProcessToken
GetCurrentThread

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo
SetRestrictedErrorInfo
RoOriginateErrorW
RoTransformError
RoOriginateError

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetLocalTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoGetInterfaceAndReleaseStream
CoCreateInstance
CoMarshalInterface
CoReleaseMarshalData
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CoWaitForMultipleHandles
CoCreateGuid
CoGetCallContext
CoCreateFreeThreadedMarshaler
PropVariantClear
CoTaskMemRealloc

api-ms-win-security-base-l1-1-0

GetTokenInformation

ws2_32

GetAddrInfoW
WSAGetLastError
FreeAddrInfoW
inet_ntoa

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolAllowThreadReuse
SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegOpenKeyExA
RegGetValueA
RegCloseKey
RegCreateKeyExW
RegSetValueExW

ntdll

NtQueryInformationToken
RtlInitUnicodeString
RtlFreeHeap
RtlQueryPackageClaims
RtlPublishWnfStateData
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlGetDeviceFamilyInfoEnum

rpcrt4

I_RpcBindingInqLocalClientPID

api-ms-win-rtcore-ntuser-window-l1-1-0

GetActiveWindow

api-ms-win-core-kernel32-legacy-l1-1-1

PowerCreateRequest
PowerSetRequest

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

api-ms-win-security-capability-l1-1-0

RpcClientCapabilityCheck
CapabilityCheck

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

combase

ord90
ord157

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?uncaught_exception@std@@YA_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
_Mtx_destroy_in_situ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
_Thrd_detach
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?setf@ios_base@std@@QEAAHHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAK@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Cnd_signal
_Mtx_current_owns
_Thrd_yield
_Query_perf_frequency
_Cnd_timedwait
_Query_perf_counter
_Xtime_get_ticks
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?_Throw_C_error@std@@YAXH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Cnd_init_in_situ
?__ExceptionPtrCreate@@YAXPEAX@Z
_Cnd_unregister_at_thread_exit
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_Xlength_error@std@@YAXPEBD@Z
_Cnd_destroy_in_situ
_Cnd_broadcast
_Mtx_unlock
?_Xbad_alloc@std@@YAXXZ
_Cnd_wait
_Mtx_init_in_situ
_Cnd_register_at_thread_exit
_Mtx_lock
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??7ios_base@std@@QEBA_NXZ
?__ExceptionPtrDestroy@@YAXPEAX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?setf@ios_base@std@@QEAAHH@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 380KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cdpusersvc.dll
.dll windows:10 windows x64 arch:x64

6bfde4dd0061757d083843cca3c7430d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cdpusersvc.pdb

Imports

msvcp_win

?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?setf@ios_base@std@@QEAAHHH@Z
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
??7ios_base@std@@QEBA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?setf@ios_base@std@@QEAAHH@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_signal
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Xbad_alloc@std@@YAXXZ
?_Throw_C_error@std@@YAXH@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
_Thrd_yield
?_Xbad_function_call@std@@YAXXZ
_Thrd_detach
?uncaught_exception@std@@YA_NXZ
_Cnd_do_broadcast_at_thread_exit
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
_Query_perf_frequency
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
_Cnd_destroy_in_situ
_Cnd_broadcast
_Mtx_unlock
_Xtime_get_ticks
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Cnd_init_in_situ
_Query_perf_counter
_Cnd_wait
_Cnd_register_at_thread_exit
_Mtx_init_in_situ
_Mtx_lock
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Mtx_destroy_in_situ
?__ExceptionPtrToBool@@YA_NPEBX@Z
_Cnd_timedwait
?__ExceptionPtrCreate@@YAXPEAX@Z
_Cnd_unregister_at_thread_exit
_Mtx_current_owns
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_abort
_o_ceilf
_o_free
_o_iswspace
_o_malloc
_o_modf
_o_strcpy_s
_o_strncpy_s
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_o___stdio_common_vswprintf
_CxxThrowException
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o__dclass
_o___stdio_common_vsnprintf_s
_o__execute_onexit_table
_o__errno
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o__crt_atexit
_o___std_exception_copy
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__beginthreadex
__std_type_info_compare
__std_terminate
__CxxFrameHandler4
strstr
wcschr
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

strpbrk
memset

ntdll

NtQueryInformationToken
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlGetDeviceFamilyInfoEnum
RtlAllocateHeap
RtlInitUnicodeString
RtlPublishWnfStateData
VerSetConditionMask
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlFreeHeap

api-ms-win-core-libraryloader-l1-2-0

FreeLibraryAndExitThread
GetModuleHandleW
GetProcAddress
FreeLibrary
GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
ResetEvent
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
CreateMutexExW
CreateEventExW
InitializeSRWLock
CreateEventW
WaitForSingleObjectEx
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSemaphore
ReleaseSRWLockShared
AcquireSRWLockExclusive
WaitForSingleObject
ReleaseMutex
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SetEvent
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsCreateString
WindowsPreallocateStringBuffer
WindowsDeleteString
WindowsDeleteStringBuffer
WindowsDuplicateString
WindowsPromoteStringBuffer
WindowsGetStringLen

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo
RoTransformError

api-ms-win-core-com-l1-1-0

CoImpersonateClient
CoCreateInstance
CoGetMalloc
CoTaskMemFree
CoRevokeClassObject
CoRevertToSelf
CoInitializeEx
CoIncrementMTAUsage
CoCreateFreeThreadedMarshaler
CoUninitialize
CoTaskMemAlloc
CoWaitForMultipleHandles
CoGetCallContext
CoDisconnectContext
CoRegisterClassObject
CoDecrementMTAUsage
CoResumeClassObjects

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentThreadId
GetCurrentProcessId
ProcessIdToSessionId
GetProcessId
GetCurrentThread
OpenThreadToken
GetCurrentProcess
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSize
ReadFile

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventActivityIdControl
EventRegister
EventUnregister
EventSetInformation

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolWait
SetThreadpoolTimer
CloseThreadpoolWait
WaitForThreadpoolTimerCallbacks
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCloseKey
RegNotifyChangeKeyValue
RegCreateKeyExW
RegGetValueA
RegOpenKeyExA

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-core-kernel32-legacy-l1-1-0

UnregisterWait

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

oleaut32

SysFreeString
SysStringLen
SysAllocString

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-debug-l1-1-1

CheckRemoteDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

cdp

CDPCreateActivityInternal
CDPCreateActivityStoreInfoInternal
CDPCreateTestActivityAsset
CDPGetActivityStoreInternal
CDPGetActivityStoreForAccountInternal
CDPCreateAppId
CDPCreateCallbackNotifierInternal
CDPGetActivityStoreForStoreInfoInternal
CDPCreateActivityAsset
CDPCreateActivityStoreReaderInternal
CDPCreateAppRegistrationManagerInternal
CDPGetResourceHandler
CDPCreateRemoteUserInternal
CDPCreateResourceCollection
CDPInitializeForService
CDPShutdown
CDPInitializeUserServicePhase2
CDPGetUserActivitySettingsInternal
CDPCreateActivityStoreInfoWatcherInternal
CDPSetAccountProviderInternal
CDPResume
CDPSuspend
CDPRegisterActivityConflictResolverInternal
CDPPreShutdown
CDPGetLogger
CDPCreateAccountProviderInternal
CDPInitializeUserService
CDPUninitializeUserService
CDPGetAccountProviderInternal
CDPGetResourceManager
CDPReleaseNetworkingInternal
CDPCreateCrossPlatformAppId
CDPAcquireNetworkingInternal
CDPCreateAccountInternalForUser

api-ms-win-devices-config-l1-1-1

CM_Register_Notification
CM_Unregister_Notification

api-ms-win-devices-query-l1-1-0

DevCloseObjectQuery

api-ms-win-devices-query-l1-1-1

DevCreateObjectQueryEx

api-ms-win-security-capability-l1-1-0

RpcClientCapabilityCheck
CapabilityCheck

api-ms-win-security-base-l1-1-0

CheckTokenMembership

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

combase

GetErrorInfo
SetErrorInfo

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 420KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
certprop.dll
.dll windows:10 windows x64 arch:x64

25f7d9f34232c2d2c71254ce170d60d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

certprop.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

wcsnlen
memset
wcscmp
strcmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__seh_filter_dll
memmove
_o_free
_o_malloc
_CxxThrowException
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o__execute_onexit_table
_o__errno
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
__std_terminate
__CxxFrameHandler4
__C_specific_handler
memcmp
memcpy

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventWriteTransfer
EventSetInformation
EventWrite
EventRegister

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWait
CreateThreadpoolWork
SetEventWhenCallbackReturns
CloseThreadpoolCleanupGroupMembers
SetThreadpoolWait
CreateThreadpoolWait
SubmitThreadpoolWork
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroup
CallbackMayRunLong
CloseThreadpoolWork

api-ms-win-core-registry-l1-1-0

RegDeleteValueA
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA
RegCreateKeyExA
RegCreateKeyExW
RegOpenKeyExA
RegSetValueExW
RegCloseKey
RegEnumValueW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-synch-l1-1-0

SetEvent
CreateEventA
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObject
CreateEventW
WaitForMultipleObjectsEx
EnterCriticalSection
ResetEvent

api-ms-win-core-processthreads-l1-1-0

SetThreadToken
GetCurrentThread
GetCurrentThreadId
CreateThread
ResumeThread
OpenThreadToken
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

GetLengthSid
AllocateAndInitializeSid
IsValidSid
CopySid
EqualSid
FreeSid
DuplicateTokenEx
RevertToSelf
GetTokenInformation
CheckTokenMembership

api-ms-win-core-heap-l2-1-0

GlobalFree
GlobalAlloc
LocalFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleW
GetModuleFileNameA
LoadStringW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l1-1-0

CreateDirectoryW
CreateFileW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

rpcrt4

RpcEpRegisterA
RpcServerRegisterIf3
RpcServerUnregisterIf
RpcServerUseProtseqW
I_RpcBindingIsClientLocal
RpcBindingVectorFree
RpcImpersonateClient
RpcRevertToSelf
RpcServerListen
RpcEpUnregister
RpcServerInqBindings
NdrServerCallAll
NdrServerCall2
UuidCreate
RpcStringFreeW
UuidToStringW
RpcServerUnregisterIfEx

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-com-l1-1-0

CreateStreamOnHGlobal

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

kernel32

VirtualQuery
GlobalLock
GlobalUnlock
VirtualProtect
VirtualAlloc
GetSystemInfo
SetThreadStackGuarantee
UnregisterWaitEx

ntdll

RtlNtStatusToDosError
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
RtlInitAnsiString
RtlInitializeCriticalSection
RtlEqualSid
RtlGetActiveConsoleId
RtlImageNtHeader

winscard

SCardConnectW
SCardReconnect
SCardDisconnect
SCardTransmit
g_rgSCardT0Pci
SCardReleaseStartedEvent
SCardGetDeviceTypeIdW
SCardReleaseContext
SCardEstablishContext
SCardAccessStartedEvent
SCardEndTransaction
g_rgSCardT1Pci
SCardBeginTransaction
SCardListCardsW
SCardGetStatusChangeW
SCardListReadersW
SCardCancel
SCardGetReaderIconW
SCardFreeMemory
SCardGetCardTypeProviderNameW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CertPropServiceMain
ScPolicyServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cfgbkend.dll
.dll regsvr32 windows:10 windows x64 arch:x64

9fbefca17223906eae7b496727caf1cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cfgbkend.pdb

Imports

ntdll

memmove
memmove_s
wcstok_s
wcschr
_wcsicmp
wcscat_s
memcpy_s
wcsncpy_s
wcscpy_s
__C_specific_handler
__chkstk
memcpy
memset

msvcrt

_purecall
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
_initterm
_amsg_exit
_XcptFilter
malloc
_callnewh
free

kernel32

SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
RaiseException
InitializeCriticalSection
DisableThreadLibraryCalls
EnterCriticalSection
LeaveCriticalSection
LocalAlloc
LocalFree
CompareStringW
SetLastError
Sleep
lstrcmpiW
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
GetModuleHandleW
LoadLibraryExW
GetProcAddress
GetLastError
FreeLibrary
MultiByteToWideChar
ResolveDelayLoadedAPI
DelayLoadFailureHook
DeleteCriticalSection
RtlCaptureContext

advapi32

IsValidSecurityDescriptor
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
GetTrusteeNameW
ConvertSidToStringSidW
LookupAccountSidW
BuildSecurityDescriptorW
GetSecurityDescriptorOwner
BuildExplicitAccessWithNameW
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
MakeSelfRelativeSD
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
InitializeAcl
BuildTrusteeWithSidW
EqualSid
CreateWellKnownSid
GetExplicitEntriesFromAclW
LookupAccountNameW
RegDeleteKeyW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegEnumKeyW
GetSecurityDescriptorLength

Exports

Exports

CLSID_CfgComp
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IID_ICfgComp
IID_ISettingsComp
IID_ISettingsComp2

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ci.dll
.dll windows:10 windows x64 arch:x64

5bdd8ed2c586a4b0c1a1f1c0b65651e1

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f4:c3:9a:41:75:6c:1a:07:1b:cb:e1:e3:a4:ad:5b:9a:98:07:e7:af:f0:89:c8:0b:d8:a5:35:01:cf:7c:7d:6f
Signer

Actual PE Digest

f4:c3:9a:41:75:6c:1a:07:1b:cb:e1:e3:a4:ad:5b:9a:98:07:e7:af:f0:89:c8:0b:d8:a5:35:01:cf:7c:7d:6f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ci.pdb

Imports

ntoskrnl.exe

ExQueueWorkItem
ZwCreateKey
RtlCheckTokenMembership
KeInitializeTimer
RtlCopyUnicodeString
ExAcquirePushLockExclusiveEx
MmProtectDriverSection
RtlQueryFeatureConfigurationChangeStamp
ExReleasePushLockExclusiveEx
KeStackAttachProcess
PsGetCurrentProcessId
RtlImageNtHeader
ExAllocatePool2
RtlUnregisterFeatureConfigurationChangeNotification
EtwUnregister
ZwDeleteKey
ExReleasePushLockSharedEx
PsGetCurrentProcess
ExAcquirePushLockSharedEx
EtwRegister
ZwQueryValueKey
PsGetProcessSectionBaseAddress
ExFreePoolWithTag
ZwOpenFile
ExGetPreviousMode
ZwQuerySystemEnvironmentValueEx
KeExpandKernelStackAndCalloutEx
SeSinglePrivilegeCheck
ExSystemExceptionFilter
RtlDuplicateUnicodeString
ZwClose
ZwSetValueKey
SeExports
KeUnstackDetachProcess
ZwOpenKey
RtlNotifyFeatureUsage
KeLeaveCriticalRegion
KeSetCoalescableTimer
EtwWriteTransfer
PsIsSystemProcess
PsIsProtectedProcessLight
ZwCreateFile
ObfDereferenceObject
IoFileObjectType
ObReferenceObjectByHandle
KeQuerySystemTimePrecise
qsort_s
bsearch_s
LdrResSearchResource
RtlCompareMemory
ZwPowerInformation
ZwFsControlFile
FsRtlQueryKernelEaFile
PsGetProcessServerSilo
ObQueryNameString
RtlEqualString
IoGetRelatedDeviceObject
IoQueryVolumeInformation
ZwCreateSection
ExAllocateFromPagedLookasideList
ExInitializePagedLookasideList
PsAttachSiloToCurrentThread
ExFreeToPagedLookasideList
PsGetProcessProtection
IoGetDeviceAttachmentBaseRef
IoGetDiskDeviceObject
ObOpenObjectByPointer
RtlUTF8ToUnicodeN
IoQueryFileInformation
RtlUnicodeToUTF8N
FsRtlKernelFsControlFile
PsDetachSiloFromCurrentThread
FsRtlSetKernelEaFile
IoConvertFileHandleToKernelHandle
ZwSetInformationVirtualMemory
RtlCompareUnicodeString
ZwUnmapViewOfSection
RtlAvlInsertNodeEx
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ExDeleteResourceLite
ZwQueryDirectoryObject
ZwQueryWnfStateData
ExAcquireResourceExclusiveLite
ZwQueryInformationThread
ExIsResourceAcquiredExclusiveLite
ExAcquireResourceSharedLite
qsort
MmUserProbeAddress
ZwQueryDirectoryFile
ZwMapViewOfSection
ZwSetInformationThread
ExReleaseResourceLite
ZwOpenDirectoryObject
bsearch
PsGetCurrentServerSilo
ExRaiseDatatypeMisalignment
ZwQueryInformationFile
RtlAvlRemoveNode
ExInitializeResourceLite
ExConvertExclusiveToSharedLite
KeDelayExecutionThread
RtlRunOnceExecuteOnce
KeInitializeEvent
KeWaitForSingleObject
MmSectionObjectType
MmUnmapViewInSystemSpace
MmMapViewInSystemSpaceEx
ExEnterCriticalRegionAndAcquireResourceShared
ExReleaseResourceAndLeaveCriticalRegion
PsProcessType
PsSetCreateProcessNotifyRoutineEx
_vsnprintf
RtlCreateUnicodeString
ZwEnumerateValueKey
RtlIsStateSeparationEnabled
RtlImageNtHeaderEx
DbgPrint
KeQueryActiveProcessorCountEx
PsIsProtectedProcess
PsQueryProcessAttributesByToken
IoClearActivityIdThread
RtlPrefixUnicodeString
LdrResFindResource
PsIsCurrentThreadPrefetching
EtwActivityIdControl
PsGetProcessSignatureLevel
IoSetActivityIdThread
RtlFindUnicodeSubstring
RtlTimeFieldsToTime
NtQuerySystemInformation
RtlTimeToTimeFields
ZwReadFile
EtwEventEnabled
SeReportSecurityEventWithSubCategory
IoGetActivityIdThread
FsRtlGetFileNameInformation
EtwWrite
SeLocateProcessImageName
FsRtlReleaseFileNameInformation
ZwQueryVolumeInformationFile
IoVolumeDeviceToDosName
ZwQuerySecurityObject
SeQuerySecureBootPlatformManifest
RtlGUIDFromString
RtlQueryPackageClaims
ZwEnumerateKey
KeQueryTimeIncrement
RtlCapabilityCheck
wcsncpy_s
ZwUpdateWnfStateData
RtlGetPersistedStateLocation
RtlWriteRegistryValue
_wcsicmp
SeQuerySecurityAttributesToken
_stricmp
PsReferenceProcessFilePointer
wcsrchr
KeBugCheckEx
PsGetPermanentSiloContext
PsUnregisterSiloMonitor
PsGetSiloMonitorContextSlot
PsRegisterSiloMonitor
PsCreateSiloContext
PsStartSiloMonitor
PsInsertPermanentSiloContext
PsDereferenceSiloContext
RtlDeleteRegistryValue
ZwWriteFile
RtlImageDirectoryEntryToData
RtlInterlockedSetClearRun
RtlInterlockedClearBitRun
RtlInitializeBitMap
ExConvertPushLockExclusiveToShared
ExReleasePushLockEx
__chkstk
FsRtlGetFileSize
RtlFreeUnicodeString
_ultow_s
KeEnterCriticalRegion
RtlCheckRegistryKey
KdDebuggerNotPresent
SeQuerySecureBootPolicyValue
RtlEqualUnicodeString
EtwSetInformation
DbgPrintEx
KeInitializeDpc
RtlInitUnicodeString
RtlQueryFeatureConfiguration
RtlRegisterFeatureConfigurationChangeNotification
KdDebuggerEnabled
ZwQuerySystemInformation
ZwQueryLicenseValue
KeRestoreExtendedProcessorState
RtlGetEnabledExtendedFeatures
KeSaveExtendedProcessorState
RtlGetVersion
atoi
isdigit
RtlAnsiStringToUnicodeString
RtlGetAce
RtlGetOwnerSecurityDescriptor
RtlGetNtSystemRoot
RtlInitializeSidEx
RtlEqualSid
RtlGetDaclSecurityDescriptor
RtlStringFromGUID
ZwDeleteFile
FsRtlIsNameInUnUpcasedExpression
RtlUnicodeStringToAnsiString
_vsnwprintf
RtlCompareUnicodeStrings
PsReferencePrimaryToken
RtlQueryPackageIdentity
PsDereferencePrimaryToken
RtlUnicodeStringToInteger
PsCreateSystemThread
RtlInitAnsiString
wcschr
PsSetCreateProcessNotifyRoutine
IoGetCurrentProcess
NtSetInformationThread
PsInitialSystemProcess
NtQueryInformationThread
KeSetPriorityThread
PsTerminateSystemThread
wcsncmp
KeIsExecutingDpc
ExSetTimer
ExReleaseSpinLockExclusive
ExDeleteTimer
KeGetCurrentIrql
ExAllocateTimer
ExTryAcquirePushLockExclusiveEx
ExReleaseSpinLockSharedFromDpcLevel
ExReleaseSpinLockShared
ExAcquireSpinLockShared
KeSetEvent
ExAcquireSpinLockSharedAtDpcLevel
ExAcquireSpinLockExclusive
ExAllocatePoolWithTag
ExEnterCriticalRegionAndAcquireResourceExclusive
__C_specific_handler
ExDeletePagedLookasideList
_local_unwind

hal

KeQueryPerformanceCounter

msrpc.sys

RpcBindingUnbind
RpcAsyncCancelCall
RpcAsyncCompleteCall
RpcAsyncGetCallStatus
I_RpcExceptionFilter
RpcBindingBind
RpcAsyncInitializeHandle
RpcBindingCreateW
RpcBindingFree
Ndr64AsyncClientCall

ext-ms-win-ci-xbox-l1-1-0

XciValidateImageHeader
XciQueryInformation
XciInitialize
XciSupported
XciValidateImageData

Exports

Exports

CiCheckSignedFile
CiFindPageHashesInCatalog
CiFindPageHashesInSignedFile
CiFreePolicyInfo
CiGetCertPublisherName
CiGetPEInformation
CiInitialize
CiSetTrustedOriginClaimId
CiValidateFileObject
CiVerifyHashInCatalog

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CiPolicy
Size: 4KB - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 540KB - Virtual size: 538KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGEDATA
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGECONS
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cloudAP.dll
.dll windows:10 windows x64 arch:x64

5bbcc168cac156273c8374b7d3b90493

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cloudAP.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

wcscmp
memset
wcsnlen

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__wcsicmp
memmove
_o_free
_o_iswascii
_o_iswprint
_o_malloc
_o_memcpy_s
_o_tolower
_o_wcscpy_s
__CxxFrameHandler3
_CxxThrowException
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__beginthreadex
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
wcschr
__C_specific_handler
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleHandleExA
FreeLibrary
DisableThreadLibraryCalls
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
TryAcquireSRWLockExclusive
ReleaseSemaphore
CreateSemaphoreExW
EnterCriticalSection
InitializeCriticalSectionEx
InitializeSRWLock
LeaveCriticalSection
WaitForSingleObject
ReleaseMutex
InitializeCriticalSection
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
SetThreadStackGuarantee
SetThreadToken
TlsFree
TlsAlloc
TlsSetValue
TlsGetValue

api-ms-win-core-localization-l1-2-0

GetACP
LCMapStringEx
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventRegister
EventWriteTransfer
EventSetInformation

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize

userenv

GetUserProfileDirectoryW
ord217
GetProfileType

api-ms-win-core-file-l1-1-0

GetFileTime
ReadFile
FindFirstFileW
FindClose
WriteFile
DeleteFileW
RemoveDirectoryW
GetFileSizeEx
FindFirstFileExW
SetFileAttributesW
CreateFileW
CompareFileTime
GetFileAttributesW
CreateDirectoryW
FindNextFileW

bcrypt

BCryptFinishHash
BCryptDestroyHash
BCryptFinalizeKeyPair
BCryptHashData
BCryptCreateHash
BCryptDestroyKey
BCryptKeyDerivation
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptVerifySignature
BCryptImportKeyPair
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptGenerateKeyPair
BCryptDecrypt
BCryptDeriveKeyPBKDF2
BCryptGetProperty
BCryptExportKey
BCryptGenRandom

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW
GetComputerNameW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegFlushKey
RegGetValueW
RegDeleteKeyExW
RegQueryValueExW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

rpcrt4

RpcStringBindingComposeW
I_RpcMapWin32Status
RpcBindingFromStringBindingW
RpcExceptionFilter
RpcBindingFree
MesEncodeFixedBufferHandleCreate
MesBufferHandleReset
I_RpcExceptionFilter
MesDecodeBufferHandleCreate
NdrMesTypeDecode3
RpcStringFreeW
UuidToStringW
NdrMesTypeEncode3
UuidCreate
NdrMesTypeAlignSize3
UuidEqual
NdrClientCall3
MesHandleFree
UuidFromStringW

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

sspicli

SspiIsAuthIdentityEncrypted
LsaFreeReturnBuffer
SspiDecryptAuthIdentityEx
SspiFreeAuthIdentity
SspiUnmarshalAuthIdentity
LsaConnectUntrusted
LsaLookupAuthenticationPackage
LsaLogonUser
LsaDeregisterLogonProcess
SspiCopyAuthIdentity
SeciAllocateAndSetCallFlags
LsaCallAuthenticationPackage
SeciFreeCallContext

api-ms-win-security-base-l1-1-0

CheckTokenMembership
GetLengthSid
CreateWellKnownSid
CopySid
RevertToSelf

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo

crypt32

CertGetCertificateContextProperty
CertCloseStore
CertSetCertificateContextProperty
CertFindCertificateInStore
CertOpenStore
CertCompareCertificateName
CertGetNameStringW
CryptExportPublicKeyInfoFromBCryptKeyHandle
CryptAcquireCertificatePrivateKey
CertGetPublicKeyLength
CertCreateCertificateContext
CertComparePublicKeyInfo
CertFreeCertificateContext
CryptImportPublicKeyInfoEx2

ncrypt

NCryptImportKey
NCryptSetProperty
NCryptDeriveKey
NCryptExportKey
NCryptSecretAgreement
NCryptDeleteKey
NCryptSignHash
NCryptOpenKey
NCryptGetProperty
NCryptFreeObject
NCryptOpenStorageProvider

api-ms-win-security-cryptoapi-l1-1-0

CryptGetHashParam
CryptGetProvParam
CryptCreateHash
CryptDeriveKey
CryptDecrypt
CryptHashData
CryptSetProvParam
CryptSignHashW
CryptEncrypt
CryptAcquireContextW
CryptGetKeyParam
CryptGetUserKey
CryptSetHashParam
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-security-credentials-l1-1-0

CredIsProtectedW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

ntdll

RtlInitializeResource
NtQueryInformationToken
RtlLengthSid
RtlCopySid
RtlEqualSid
RtlValidSid
RtlInitUnicodeString
RtlEqualUnicodeString
RtlIsMultiSessionSku
RtlAcquireResourceShared
RtlAvlRemoveNode
RtlAvlInsertNodeEx
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlConvertSharedToExclusive
RtlConvertExclusiveToShared
NtAllocateLocallyUniqueId
NtClose
NtOpenThreadToken
RtlInitString
NtSetInformationThread
NtDuplicateToken
RtlNtStatusToDosError
RtlReleaseResource
RtlAcquireResourceExclusive
RtlCompareUnicodeString
RtlDeleteResource
RtlGetDeviceFamilyInfoEnum
RtlIsMultiUsersInSessionSku
RtlFreeHeap
RtlImageNtHeader
RtlAllocateHeap

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-security-credentials-l2-1-1

CredUnprotectEx

lsasrv

LsarClose
LsaICallPackage
LsapDbLookupGetDomainInfo
LsaIFlushIdentityCacheForSid
LsaISanitizeSAMName
LsaIAddNamesToLogonSession
LsaICheckRestrictedMode
LsaIWasLogonNotifiedOfProfileLoad
LsaISetLogonInfo
LsaIFree_LSAPR_CR_CIPHER_VALUE
LsarQuerySecret
LsarDeleteObject
LsarSetSecret
LsarCreateSecret
LsarOpenSecret
LsaIGetNameFromLuid
LsaIOpenPolicyTrusted
LsaINotifyNewPassword

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualQuery
VirtualProtect

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrlenA

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-security-lsalookup-l1-1-2

LsaLookupUserAccountType

cryptdll

CDGenerateRandomBits
CDLocateCSystem

msasn1

ASN1intx_free
ASN1_CloseDecoder
ASN1BERDecOpenType2
ASN1BERDecSXVal
ASN1_Decode
ASN1octetstring_free
ASN1DecSetError
ASN1BERDecExplicitTag
ASN1charstring_free
ASN1BERDecObjectIdentifier
ASN1DEREncOctetString
ASN1BERDecU32Val
ASN1DEREncGeneralizedTime
ASN1BERDecGeneralizedTime
ASN1BERDecPeekTag
ASN1BEREncU32
ASN1_CreateModule
ASN1BERDecCharString
ASN1bitstring_free
ASN1BERDecS32Val
ASN1BERDecOctetString
ASN1BEREncOpenType
ASN1DEREncBitString
ASN1BERDecZeroCharString
ASN1_CreateDecoder
ASN1BERDecNotEndOfContents
ASN1BEREncExplicitTag
ASN1BERDecEndOfContents
ASN1BERDecBool
ASN1objectidentifier_free
ASN1EncSetError
ASN1BEREncS32
ASN1DEREncCharString
ASN1BEREncEndOfContents
ASN1BEREncBool
ASN1BERDecSkip
ASN1Free
ASN1DecAlloc
ASN1BEREncObjectIdentifier
ASN1ztcharstring_free
ASN1BERDecBitString
ASN1BEREncSX

api-ms-win-eventlog-legacy-l1-1-0

DeregisterEventSource
RegisterEventSourceW
ReportEventW

Exports

Exports

SpLsaModeInitialize
SpUserModeInitialize

Sections

.text
Size: 524KB - Virtual size: 522KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
comsvcs.dll
.dll regsvr32 windows:10 windows x64 arch:x64

fa89322a0f7b197e1e13092a6120f4b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

comsvcs.pdb

Imports

msvcrt

memset
memcmp
_onexit
_local_unwind
??1exception@@UEAA@XZ
_ultow
_purecall
_vsnprintf_s
wcscat_s
__dllonexit
__CxxFrameHandler4
realloc
_wtoi
wcschr
free
_unlock
_waccess
iswalpha
memmove_s
wcscpy_s
_lock
?terminate@@YAXXZ
_initterm
sqrt
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
_XcptFilter
_wcsicmp
memcpy_s
memmove
memcpy
malloc
_wcsdup
wcstombs
wcsrchr
mbstowcs
time
_beginthreadex
wcsstr
__doserrno
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
iswdigit
_vsnwprintf
_wcsupr
_vsnprintf
_amsg_exit
exp
wcstok_s
__C_specific_handler
??1type_info@@UEAA@XZ
wcscmp

ntdll

RtlDeleteCriticalSection
RtlInitializeCriticalSectionAndSpinCount
RtlSplay
RtlFreeHeap
RtlImageNtHeader
RtlAllocateHeap
RtlReportException
RtlDllShutdownInProgress
WinSqmSetDWORD
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwNotificationUnregister
ShipAssertMsgA
EtwNotificationRegister
EtwGetTraceLoggerHandle
EtwTraceMessage
RtlDelete
EtwGetTraceEnableFlags
RtlNtStatusToDosError
EtwUnregisterTraceGuids
NtQuerySystemInformation
RtlCreateServiceSid
RtlInitUnicodeString
EtwLogTraceEvent

oleaut32

SafeArrayDestroy
SysAllocStringLen
VariantCopy
VARIANT_UserUnmarshal64
VARIANT_UserFree64
VariantInit
SysAllocString
SafeArrayUnaccessData
SafeArrayCreateVector
SafeArrayAccessData
VariantClear
LoadRegTypeLi
SysFreeString
BSTR_UserSize
VARIANT_UserMarshal
CreateErrorInfo
GetErrorInfo
BSTR_UserFree
SafeArrayCreate
BSTR_UserUnmarshal64
BSTR_UserUnmarshal
BSTR_UserMarshal
SysStringLen
LPSAFEARRAY_UserSize64
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserUnmarshal64
LPSAFEARRAY_UserMarshal64
LPSAFEARRAY_UserFree64
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserSize
BSTR_UserFree64
BSTR_UserSize64
BSTR_UserMarshal64
VarUI4FromStr
VARIANT_UserUnmarshal
VARIANT_UserFree
VARIANT_UserMarshal64
VARIANT_UserSize64
LoadTypeLi
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
SetErrorInfo
VARIANT_UserSize

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LockResource
SizeofResource
GetModuleHandleExW
LoadLibraryExW
GetModuleFileNameW
GetProcAddress
LoadStringW
FreeLibraryAndExitThread
GetModuleHandleW
FindResourceExW
LoadResource
GetModuleFileNameA

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoDisconnectObject
CoTaskMemFree
CoGetDefaultContext
CoGetObjectContext
CoUnmarshalInterface
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoTaskMemAlloc
CoInitializeEx
GetHGlobalFromStream
CoCreateInstanceEx
CoUninitialize
StringFromCLSID
CoRevertToSelf
CoImpersonateClient
StringFromIID
IIDFromString
CoReleaseMarshalData
CreateStreamOnHGlobal
CoGetCallContext
CLSIDFromProgID
CoFreeUnusedLibraries
CoWaitForMultipleHandles
CoCreateGuid
CoMarshalInterface
CoGetMarshalSizeMax
CoGetClassObject
CLSIDFromString
ProgIDFromCLSID
StringFromGUID2
CoGetCurrentLogicalThreadId
CoSetProxyBlanket

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
RegNotifyChangeKeyValue
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegGetValueW

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualProtect
VirtualQuery

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapDestroy
HeapFree
GetProcessHeap

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSemaphore
ResetEvent
SetWaitableTimerEx
WaitForMultipleObjectsEx
SetEvent
InitializeCriticalSection
ReleaseSRWLockShared
LeaveCriticalSection
ReleaseSRWLockExclusive
InitializeCriticalSectionAndSpinCount
OpenSemaphoreW
WaitForSingleObjectEx
CreateEventW
OpenEventW
DeleteCriticalSection
ReleaseMutex
CreateMutexExW
EnterCriticalSection
AcquireSRWLockShared
CreateSemaphoreExW
InitializeCriticalSectionEx
WaitForSingleObject

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l1-1-0

CompareFileTime
WriteFile
FindFirstFileW
CreateFileW
FindNextFileW
FindClose
GetFileAttributesW
GetDiskFreeSpaceExW
DeleteFileW
GetLongPathNameW
GetVolumeInformationW
CreateDirectoryW
GetFileAttributesExW
GetDriveTypeW
SetFileAttributesW
SetFilePointer

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
SetThreadPriority
SetThreadStackGuarantee
TlsAlloc
SetThreadToken
CreateThread
GetExitCodeThread
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
TlsSetValue
GetCurrentThread
TlsFree
OpenThreadToken
GetThreadPriority
CreateProcessAsUserW
OpenProcessToken
GetExitCodeProcess
ExitProcess
TlsGetValue
GetCurrentThreadId

api-ms-win-core-string-l2-1-0

CharNextW
CharPrevW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

GetThreadLocale
FormatMessageW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetSystemWindowsDirectoryW
GetTickCount64
GetSystemInfo
GlobalMemoryStatusEx
GetTickCount
GetLocalTime
GetSystemTimeAsFileTime

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalFree
LocalAlloc
GlobalAlloc

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
DebugBreak
IsDebuggerPresent

api-ms-win-core-synch-l1-2-1

CreateWaitableTimerW
CreateSemaphoreW
WaitForMultipleObjects

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-security-base-l1-1-0

DeleteAce
IsValidSid
AddAce
GetSecurityDescriptorDacl
AddAccessAllowedAceEx
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetAclInformation
EqualSid
AccessCheck
GetAce
SetSecurityDescriptorDacl
CheckTokenMembership
InitializeAcl
SetKernelObjectSecurity
AddAccessAllowedAce
CopySid
DuplicateTokenEx
RevertToSelf
ImpersonateSelf
GetTokenInformation
IsValidSecurityDescriptor
GetSecurityDescriptorLength
GetSidSubAuthorityCount
AllocateAndInitializeSid
GetSidSubAuthority
FreeSid
GetLengthSid
GetSidIdentifierAuthority
InitializeSecurityDescriptor
SetSecurityDescriptorControl

rpcrt4

RpcStringFreeA
CStdStubBuffer_DebugServerQueryInterface
RpcStringFreeW
UuidToStringW
NdrOleFree
IUnknown_Release_Proxy
UuidToStringA
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
MesDecodeBufferHandleCreate
NdrStubCall3
NdrOleAllocate
MesHandleFree
MesEncodeDynBufferHandleCreate
NdrClientCall3
UuidCreate
I_RpcBindingInqTransportType
CStdStubBuffer_DebugServerRelease
I_RpcBindingInqLocalClientPID
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
UuidCreateSequential
NdrMesTypeDecode3
IUnknown_AddRef_Proxy
I_RpcTurnOnEEInfoPropagation
NdrMesTypeEncode3
CStdStubBuffer_Connect
CStdStubBuffer_Invoke
CStdStubBuffer_AddRef
NdrCStdStubBuffer2_Release
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrStubForwardingFunction
UuidFromStringW

api-ms-win-core-path-l1-1-0

PathCchRemoveExtension
PathCchStripToRoot

api-ms-win-core-io-l1-1-0

PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatus
DeviceIoControl

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SubmitThreadpoolWork
SetThreadpoolTimer
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
StartTraceW

api-ms-win-eventing-consumer-l1-1-0

CloseTrace
OpenTraceW
ProcessTrace

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient3
ObjectStublessClient5
ObjectStublessClient6
ObjectStublessClient7
ObjectStublessClient11
ObjectStublessClient4
ObjectStublessClient12
ObjectStublessClient14
NdrProxyForwardingFunction7
NdrProxyForwardingFunction12
ObjectStublessClient18
NdrProxyForwardingFunction9
ObjectStublessClient15
NdrProxyForwardingFunction6
ObjectStublessClient13
ObjectStublessClient19
NdrProxyForwardingFunction4
NdrProxyForwardingFunction10
NdrProxyForwardingFunction5
ObjectStublessClient8
ObjectStublessClient9
NdrProxyForwardingFunction11
ObjectStublessClient17
NdrProxyForwardingFunction8
ObjectStublessClient10
ObjectStublessClient16
ObjectStublessClient25
NdrProxyForwardingFunction3
ObjectStublessClient24
ObjectStublessClient22
ObjectStublessClient27
ObjectStublessClient28
ObjectStublessClient20
ObjectStublessClient23
ObjectStublessClient26
ObjectStublessClient21

api-ms-win-core-string-obsolete-l1-1-0

lstrcpyW
lstrcmpiW
lstrcpynW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-core-com-private-l1-1-0

CoDeactivateObject
CoReactivateObject
CoGetApartmentID
CoPopServiceDomain
CoGetProcessIdentifier
CoRetireServer
CoPushServiceDomain

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

kernel32

ChangeTimerQueueTimer
UnregisterWaitEx
DeleteTimerQueueTimer
CreateTimerQueueTimer
GetCurrentPackageId
RegisterWaitForSingleObject
GetComputerNameW
MoveFileW
UnregisterWait
QueueUserWorkItem

ole32

MkParseDisplayName
CreateAntiMoniker
MonikerCommonPrefixWith
MonikerRelativePathTo
CoGetObject
CoGetInterceptor
CreateBindCtx
OleSaveToStream
OleLoadFromStream
CreateGenericComposite

combase

ord155

api-ms-win-core-shlwapi-legacy-l1-1-0

PathRemoveFileSpecW
PathStripToRootW
PathStripPathW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
DeactivateActCtx
ReleaseActCtx
CreateActCtxW

Exports

Exports

CoCreateActivity
CoEnterServiceDomain
CoLeaveServiceDomain
CoLoadServices
ComSvcsExceptionFilter
ComSvcsLogError
CosGetCallContext
DispManGetContext
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetMTAThreadPoolMetrics
GetManagedExtensions
GetObjectContext
GetTrkSvrObject
MTSCreateActivity
MiniDumpW
RecycleSurrogate
SafeRef

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 480KB - Virtual size: 478KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
configmanager2.dll
.dll windows:10 windows x64 arch:x64

3be703fc5aeedb69dab4c398e468abb3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

configmanager2.pdb

Imports

msvcp110_win

??Bid@locale@std@@QEAA_KXZ
?uncaught_exception@std@@YA_NXZ
?_BADOFF@std@@3_JB
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Add_vtordisp1@?$basic_ios@GU?$char_traits@G@std@@@std@@UEAAXXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Add_vtordisp2@?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAAXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?endl@std@@YAAEAV?$basic_ostream@GU?$char_traits@G@std@@@1@AEAV21@@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Add_vtordisp1@?$basic_istream@GU?$char_traits@G@std@@@std@@UEAAXXZ
??Bios_base@std@@QEBAPEAXXZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Add_vtordisp2@?$basic_ios@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Orphan_all@_Container_base12@std@@QEAAXXZ
??1_Container_base12@std@@QEAA@XZ
??0_Container_base12@std@@QEAA@XZ
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?_Getcat@?$codecvt@DDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDH@std@@QEBAHAEAHPEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?in@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Add_vtordisp2@?$basic_ios@DU?$char_traits@D@std@@@std@@UEAAXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Add_vtordisp1@?$basic_istream@DU?$char_traits@D@std@@@std@@UEAAXXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z
?_Orphan_all@_Container_base0@std@@QEAAXXZ
??0id@locale@std@@QEAA@_K@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?good@ios_base@std@@QEBA_NXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

msvcrt

fsetpos
ungetc
setvbuf
fgetpos
fwrite
fgetc
fclose
fflush
fputc
??0bad_cast@@QEAA@AEBV0@@Z
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
swprintf_s
sprintf_s
strrchr
strtol
_set_errno
strncpy_s
strchr
memset
memmove
memcpy
memcmp
_CxxThrowException
_fseeki64
??3@YAXPEAX@Z
realloc
__CxxFrameHandler3
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_callnewh
towlower
free
malloc
wcsncpy_s
wcschr
_errno
wcstoul
wcsstr
wcsnlen
_wtoi
_wcsicmp
memmove_s
__C_specific_handler
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
__CxxFrameHandler4
wcscmp

api-ms-win-core-libraryloader-l1-2-0

FindStringOrdinal
GetModuleFileNameA
GetProcAddress
LoadLibraryExW
GetModuleHandleExW
GetModuleHandleExA
FreeLibrary
GetModuleFileNameW
SizeofResource
LoadResource
DisableThreadLibraryCalls
GetModuleHandleW
FindResourceExW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

oleaut32

SafeArrayUnaccessData
SysStringByteLen
SysAllocStringByteLen
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayUnlock
SafeArrayAccessData
SafeArrayCreate
SysFreeString
SafeArrayLock
SafeArrayGetLBound
SysStringLen
VariantInit
VariantClear
VariantCopy
VarUI4FromStr
SysAllocStringLen
VariantChangeType
SystemTimeToVariantTime
VariantChangeTypeEx
SysAllocString

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA
DebugBreak

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventWriteTransfer
EventRegister
EventActivityIdControl

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
InitializeCriticalSection
OpenSemaphoreW
WaitForSingleObject
ReleaseMutex
AcquireSRWLockShared
AcquireSRWLockExclusive
CreateSemaphoreExW
EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
SetEvent
OpenEventW
ReleaseSRWLockShared
OpenMutexW
ReleaseSRWLockExclusive
WaitForSingleObjectEx
CreateMutexExW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalFree
LocalAlloc
LocalReAlloc
GlobalAlloc

api-ms-win-core-com-l1-1-0

CoRevertToSelf
StringFromGUID2
CoTaskMemRealloc
CLSIDFromString
CoCreateInstance
GetHGlobalFromStream
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemFree

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

rpcrt4

RpcBindingBind
UuidCreate
NdrClientCall3
UuidFromStringW
RpcBindingFree
I_RpcExceptionFilter
RpcBindingCreateW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetTickCount64
GetSystemTime
GetSystemTimeAsFileTime

api-ms-win-core-file-l1-1-0

GetTempFileNameW
DeleteFileW
CreateFileW
WriteFile
CreateDirectoryW
SetFilePointer
ReadFile
GetFileAttributesW

api-ms-win-core-string-l2-1-0

CharLowerW
CharNextW

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegDeleteTreeW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegGetValueW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryInfoKeyW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
Sleep
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

dmcmnutils

SafeMultiByteToWideChar
MBToUnicode
Hash_Create
Hash_Destroy
OmaDmRegistryGetDWORD
DmIsRunningInSystemContext
Hash_Get
Hash_Insert
Hash_EnumCallback
InvStrCmpIW
DmRevertToSelf
DmImpersonate
SafeStringToDword
InvStrCmpNIW
OmaDmRegistrySetBinary
OmaDmRegistrySetString
OmDmRegistryAllocAndGetString
OmaDmRegistryGetAllSubKeys
UnicodeToMB
DmGetEnrollmentTypeName
DmIsSystemOrUserIsAdmin
DmGetActiveUserSid
CopyString
BigStrcat
OmaDmRegistrySetDWORD
InvStrCmpW
Hash_DestroyCallback
SafeWideCharToMultiByte

dmiso8601utils

ISO8601StringToSystemTime

dmoleaututils

ReadVariantFromStream
MultiStringToSafeArray
Base64StrToSafeArray
WriteVariantToStream
WriteBSTRToStreamEx
ReadVariantFromStreamEx
ReadBSTRFromStreamEx
WriteVariantToStreamEx

enterpriseresourcemanager

EnterpriseResourceManagerStore_DeleteResource
EnterpriseResourceManagerStore_IsResourceProvisioned
EnterpriseResourceManagerStore_DeleteTrackedResourcesForEnrollment
EnterpriseResourceManagerStore_NormalizeURI
EnterpriseResourceManagerStore_GenerateWmiResourcePath
EnterpriseResourceManagerStore_ReplaceResourceNodePath
EnterpriseResourceManager_ScopeData_IsValid

dmenrollengine

GetEnrollmentLinkedEnrollmentId
GetEnrollmentType
GetFirstEnrollmentGuidOfTypes
GetEnrollmentState
ord10

ntdll

NtDeleteWnfStateName
NtCreateWnfStateName
RtlNtStatusToDosErrorNoTeb
RtlIsStateSeparationEnabled

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfigW
QueryServiceStatusEx

api-ms-win-service-management-l1-1-0

CloseServiceHandle
StartServiceW
OpenSCManagerW
OpenServiceW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

xmllite

CreateXmlReaderInputWithEncodingName
CreateXmlReader

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

umpdc

Pdcv2ActivationClientRegister
Pdcv2ActivationClientDeactivate
Pdcv2ActivationClientRenewActivation
Pdcv2ActivationClientUnregister
Pdcv2ActivationClientActivate

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteStringBuffer
WindowsDeleteString
WindowsPromoteStringBuffer
WindowsPreallocateStringBuffer
WindowsGetStringRawBuffer

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchAppend
PathCchSkipRoot

api-ms-win-core-firmware-l1-1-0

GetFirmwareEnvironmentVariableW
SetFirmwareEnvironmentVariableW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CmLockSvcDeinit
CmLockSvcInit
DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 532KB - Virtual size: 528KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
coreglobconfig.dll
.dll windows:10 windows x64 arch:x64

6da7abefcb3a6d95d59c22189fac4d27

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

46:ec:62:89:a3:6c:e8:c6:9b:b2:7a:56:00:fd:f2:c3:cb:35:b1:3b:2f:7f:cb:a6:07:69:d1:a7:d1:e5:b1:19
Signer

Actual PE Digest

46:ec:62:89:a3:6c:e8:c6:9b:b2:7a:56:00:fd:f2:c3:cb:35:b1:3b:2f:7f:cb:a6:07:69:d1:a7:d1:e5:b1:19

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

CoreGlobConfig.pdb

Imports

msvcp_win

?_Throw_C_error@std@@YAXH@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
_Cnd_broadcast
_Cnd_destroy_in_situ
_Cnd_init_in_situ
_Cnd_wait
_Mtx_init_in_situ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
_Mtx_unlock
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
??0task_continuation_context@Concurrency@@AEAA@XZ
?__ExceptionPtrRethrow@@YAXPEBX@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
_Mtx_lock
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
_Mtx_destroy_in_situ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsdup
_o_abort
_o_free
_o_malloc
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__callnewh
__std_type_info_compare
wcschr
__std_terminate
__CxxFrameHandler4
_o___stdio_common_vswprintf
_o__cexit
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

ntdll

NtGetMUIRegistryInfo
RtlpSetPreferredUILanguages
NtSetDefaultUILanguage
RtlPublishWnfStateData
RtlGetUILanguageInfo
NtDeleteKey
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlIsMultiSessionSku

kernelbase

GetUserDefaultLocaleName
QueryGlobalizationUserSettingsStatus
LocalAlloc
OpenGlobalizationUserSettingsKey
GetSystemDefaultLocaleName
EnumUILanguagesW
NotifyRedirectedStringChange
Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA
FreeLibraryAndExitThread
FreeLibrary
GetProcAddress

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
LeaveCriticalSection
SetEvent
ReleaseSRWLockShared
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DeleteCriticalSection
WaitForSingleObjectEx
OpenSemaphoreW
InitializeSRWLock
ResetEvent
ReleaseSemaphore
CreateEventW
WaitForSingleObject
CreateSemaphoreExW
CreateMutexExW
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
ResumeThread
GetCurrentProcess
OpenProcessToken
TerminateProcess
GetCurrentThread
OpenThreadToken
GetCurrentThreadId
CreateThread

api-ms-win-core-localization-l1-2-0

FormatMessageW
LocaleNameToLCID
IsValidLocaleName
GetUserPreferredUILanguages
GetSystemPreferredUILanguages

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree
CoCreateFreeThreadedMarshaler

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegGetValueW
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegEnumValueW
RegDeleteTreeW
RegQueryValueExW

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
WaitOnAddress
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize
RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringLen
WindowsDeleteString
WindowsIsStringEmpty

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister
EventActivityIdControl

api-ms-win-core-localization-private-l1-1-0

NlsUpdateLocale
NlsUpdateSystemLocale

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-security-base-l1-1-0

GetLengthSid
IsWellKnownSid
GetTokenInformation
IsValidSid
CopySid

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-localization-l1-2-3

SetUserGeoName
GetUserDefaultGeoName

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CreateUserSpecificGlobalizationSettings
DllCanUnloadNow
DllGetClassObject
GetDisplayLanguageLocalizedName
GetDisplayLanguageNativeName
GetSupportedDisplayLanguages
SetDisplayLanguageCore
SetUserDisplayLanguageCore
SyncLanguageDataFromCloud
SyncLanguageDataToCloud
SyncLanguageDataToCloudSynchronous
UpdateDefaultGlobalizationSettings

Sections

.text
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
credprovhost.dll
.dll windows:10 windows x64 arch:x64

56586e707ab3b52f0b78cf45f95e0696

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

credprovhost.pdb

Imports

msvcrt

_purecall
_callnewh
_set_errno
sprintf_s
time
difftime
wcstok_s
memcpy_s
_vsnwprintf
_CxxThrowException
memcmp
_get_errno
memcpy
memmove
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
wcschr
memmove_s
__CxxFrameHandler3
free
malloc
_amsg_exit
__CxxFrameHandler4
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_XcptFilter
memset

shcore

SHStrDupW
ord190
SHCreateMemStream
CreateRandomAccessStreamOverStream

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetProcAddress
LoadResource
LockResource
GetModuleHandleExW
DisableThreadLibraryCalls
GetModuleHandleExA
FindResourceExW
LoadStringW

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
InitializeSRWLock
WaitForSingleObjectEx
SetEvent
DeleteCriticalSection
OpenSemaphoreW
ReleaseMutex
ReleaseSemaphore
CreateEventW
CreateSemaphoreExW
LeaveCriticalSection
CreateMutexExW
WaitForSingleObject
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
EnterCriticalSection
AcquireSRWLockShared
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount
ResetEvent

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
SleepConditionVariableSRW
InitOnceExecuteOnce
InitOnceBeginInitialize
WakeAllConditionVariable

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
CreateThread
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetLocalTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-com-l1-1-0

PropVariantClear
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoGetMalloc
StringFromCLSID
CoUninitialize
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoInitializeEx
CoWaitForMultipleHandles
CLSIDFromString

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage
GetUserDefaultLCID

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegDeleteValueW
RegGetValueW
RegCloseKey
RegOpenKeyExW
RegLoadKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegUnLoadKeyW
RegCreateKeyExW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW

rpcrt4

UuidCreate

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-security-base-l1-1-0

GetSidSubAuthority
IsValidSid
GetLengthSid
CopySid
GetSidSubAuthorityCount

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsCreateStringReference

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

ntdll

RtlInitString
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlGetDeviceFamilyInfoEnum
RtlNtStatusToDosError
RtlPublishWnfStateData
NtQueryWnfStateData

credprovcommoncore

ord3
ord27
ord4
ord5
ord26
ord22
ord23
ord24
ord25
ord2
ord7
ord11
ord9
ord8
ord10
ord13
ord12
ord16
ord15
ord14
ord1
ord17
ord6
ord20
ord19
ord21

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-misc-l1-1-0

lstrcmpiW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
credprovs.dll
.dll windows:10 windows x64 arch:x64

b56e3c91401eaab9869c692cf42ae795

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

credprovs.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o__wcserror
_o_free
_o_iswspace
_o_malloc
_o_memcpy_s
_o_realloc
_o_wcsncpy_s
__C_specific_handler
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o__execute_onexit_table
_o__errno
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
_CxxThrowException
__CxxFrameHandler3
wcsstr
strchr
wcschr

api-ms-win-crt-string-l1-1-0

wcsnlen
wcscmp
memset

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventActivityIdControl
EventUnregister
EventWriteTransfer

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleExA
GetModuleHandleExW
LoadResource
LockResource
GetProcAddress
SizeofResource
FindResourceExW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
SetEvent
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockShared
AcquireSRWLockShared
CreateSemaphoreExW
ResetEvent
CreateEventW
ReleaseSemaphore
WaitForSingleObject
LeaveCriticalSection
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
ReleaseSRWLockExclusive

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
TerminateThread

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoInitializeEx
CLSIDFromString
StringFromCLSID
CoGetMalloc
CoTaskMemAlloc
CoUninitialize
PropVariantClear

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalFree
LocalAlloc

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegUnLoadKeyW
RegGetValueW
RegCloseKey
RegSetValueExW
RegOpenCurrentUser
RegLoadKeyW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW
CompareStringEx

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-security-base-l1-1-0

GetSidSubAuthorityCount
CopySid
GetLengthSid
RevertToSelf
ImpersonateLoggedOnUser
GetSidSubAuthority

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW
PowerCreateRequest

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrChrW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

ntdll

NtPowerInformation
RtlNtStatusToDosError
RtlInitString
RtlInitUnicodeString
RtlGetDeviceFamilyInfoEnum
RtlIsMultiSessionSku
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlGetPersistedStateLocation
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification

msvcp_win

?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Wcscoll
_Wcsxfrm
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$ctype@G@std@@2V0locale@2@A
?id@?$collate@G@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ

credprovcommoncore

ord31
ord17
ord2
ord23
ord20
ord4
ord34
ord30
ord19
ord32
ord33
ord21
ord5
ord24
ord22

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

Exports

Exports

CreatePasswordProviderWrapperInstance
DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 276KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
credssp.dll
.dll windows:10 windows x64 arch:x64

a6427f1c016b552451fa1d617f1f57f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

credssp.pdb

Imports

msvcrt

free
wcscpy_s
malloc
_initterm
_wcsicmp
_amsg_exit
_XcptFilter
__C_specific_handler
wcsncpy_s
_wcsnicmp
memmove
memcpy
memset

sspicli

InitializeSecurityContextW
QuerySecurityPackageInfoW
VerifySignature
DecryptMessage
FreeCredentialsHandle
AcquireCredentialsHandleW
QueryContextAttributesW
DeleteSecurityContext
ImpersonateSecurityContext
AcceptSecurityContext
EncryptMessage
MakeSignature
QuerySecurityContextToken
SetCredentialsAttributesW
FreeContextBuffer
ApplyControlToken
RevertSecurityContext

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

ntasn1

ord37

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

InitSecurityInterfaceW
SpAcceptSecurityContext
SpAcquireCredentialsHandleW
SpAddCredentialsW
SpApplyControlToken
SpChangeAccountPasswordW
SpCompleteAuthToken
SpDecryptMessage
SpDeleteSecurityContext
SpEncryptMessage
SpEnumerateSecurityPackagesW
SpExportSecurityContext
SpFreeContextBuffer
SpFreeCredentialsHandle
SpImpersonateSecurityContext
SpImportSecurityContextW
SpInitializeSecurityContextW
SpMakeSignature
SpQueryContextAttributesW
SpQueryCredentialsAttributesW
SpQuerySecurityContextToken
SpQuerySecurityPackageInfoW
SpRevertSecurityContext
SpSetContextAttributesW
SpSetCredentialsAttributesW
SpVerifySignature

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cryptngc.dll
.dll windows:10 windows x64 arch:x64

8b61c469da798ec89b311212bdd48078

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cryptngc.pdb

Imports

msvcp_win

?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?do_length@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBD1_K@Z
?do_unshift@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?do_out@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?do_encoding@?$codecvt@GDU_Mbstatet@@@std@@MEBAHXZ
?do_max_length@?$codecvt@GDU_Mbstatet@@@std@@MEBAHXZ
?do_always_noconv@?$codecvt@GDU_Mbstatet@@@std@@MEBA_NXZ
?_Incref@facet@locale@std@@UEAAXXZ
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
??Bid@locale@std@@QEAA_KXZ
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?do_in@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcserror
memmove
_o_free
_o_malloc
_o_memcpy_s
_o_terminate
_o_wcsncpy_s
_o_wcstoull
__current_exception
__current_exception_context
_CxxThrowException
_o__crt_atexit
_o__configure_narrow_argv
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o__cexit
_o___std_exception_copy
__CxxFrameHandler3
wcsrchr
_o__callnewh
wcsstr
__C_specific_handler
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsnlen
memset
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
InitializeSRWLock
OpenEventW
InitializeCriticalSectionEx
WaitForSingleObject
CreateEventW
SetEvent
InitializeCriticalSectionAndSpinCount
ReleaseMutex
CreateSemaphoreExW
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventRegister
EventWriteTransfer
EventSetInformation

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

CopySid
GetTokenInformation
IsValidSid
GetLengthSid

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegUnLoadKeyW
RegCloseKey
RegOpenCurrentUser
RegGetValueW
RegLoadKeyW
RegOpenKeyExW
RegEnumKeyExW

api-ms-win-core-sysinfo-l1-2-0

GetSystemFirmwareTable

api-ms-win-core-psapi-l1-1-0

K32GetProcessImageFileNameW

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-string-l1-1-0

CompareStringEx
CompareStringOrdinal

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

ntdll

NtQuerySystemInformation
RtlUnhandledExceptionFilter
NtTerminateProcess
RtlIsMultiSessionSku
RtlGetPersistedStateLocation

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

Exports

Exports

FidoCreateCredential
FidoGetCredential
FidoSignWithCredential
NgcAddBioProtector
NgcAddCompanionDeviceProtector
NgcAddPrebootProtector
NgcCancelPendingUIRequest
NgcChangePin
NgcChangePinSilent
NgcCreateContainer
NgcCreateContainerSilent
NgcCreateTicketForSmartCardKeyOperation
NgcCreateTicketForSmartCardVpn
NgcCreateUserIdKey
NgcCreateUserIdKeyEx
NgcCreateUserIdKeyHandle
NgcDecryptWithSymmetricGcmPopKey
NgcDecryptWithSymmetricPopKey
NgcDecryptWithUserIdKey
NgcDecryptWithUserIdKeySilent
NgcDeleteContainer
NgcDeleteContainerEx
NgcDeleteSymmetricPopKeyTransportKey
NgcDeleteUserIdKey
NgcEncryptWithAsymmetricKey
NgcEncryptWithSymmetricGcmPopKey
NgcEncryptWithSymmetricPopKey
NgcEnumContainers
NgcEnumUserIdKeys
NgcFreeEnumState
NgcGetDefaultDecryptionKeyName
NgcGetEventInterface
NgcGetKeyAttestationForContainerService
NgcGetKeyAttestationForUserIdKey
NgcGetKeyAttestationForUserIdKey2
NgcGetKeyImplType
NgcGetLogonDecryptionKeyName
NgcGetLogonDecryptionKeyNameForFirstLogonAfterUpgradeFromThreshold
NgcGetPkcs7ChainBlobFromCertificateBlob
NgcGetPolicy
NgcGetPregenKeyState
NgcGetPregenUserKey
NgcGetSymmetricPopKeyTransportKey
NgcGetSymmetricPopKeyTransportKeyName
NgcGetUserIdKeyCertificate
NgcGetUserIdKeyContainerStatus
NgcGetUserIdKeyName
NgcGetUserIdKeyPublicKey
NgcImportSymmetricPopKey
NgcIsAnyContainerInVsm
NgcIsPinRemovable
NgcNotifyVscProvisioned
NgcOpenUserIdKey
NgcPackAuthBuffer
NgcPackPasswordChangeAuthBuffer
NgcQueryEffectiveCertPolicy
NgcQueryEnabled
NgcQueryHardwarePolicy
NgcRemoveBioProtector
NgcRemoveCompanionDeviceProtector
NgcRemovePrebootProtector
NgcRenewKeyAttestation
NgcSignWithSymmetricPopKey
NgcSignWithUserIdKey
NgcSignWithUserIdKeyAndPadding
NgcSignWithUserIdKeyEx
NgcSignWithUserIdKeySilent
NgcUnpackAuthBuffer
NgcUnpackCredData
NgcUnpackPasswordChangeAuthBuffer
NgcVerifyWithSymmetricPopKey

Sections

.text
Size: 300KB - Virtual size: 297KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dafBth.dll
.dll windows:10 windows x64 arch:x64

40ca83e672a408d21200cd8da604d2f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dafBth.pdb

Imports

msvcp_win

_Thrd_join
?_Throw_Cpp_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id

api-ms-win-crt-string-l1-1-0

strnlen
memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__ui64tow_s
memmove
_o__wcsicmp
_o_abort
_o_calloc
_o_free
_o_iswspace
_o_malloc
_o_pow
_o_realloc
_o_terminate
_o_wcstombs_s
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__execute_onexit_table
_o__errno
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
_o__configure_narrow_argv
wcschr
__std_terminate
__CxxFrameHandler4
memcmp
_o__cexit
_o__callnewh
_o__beginthreadex
memcpy

ntdll

EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
NtSetInformationProcess
EtwCheckCoverage
EtwTraceMessage
RtlQueryPackageIdentity
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlNtStatusToDosError

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExA
GetModuleHandleExW
GetProcAddress
DisableThreadLibraryCalls
GetModuleFileNameA
FreeLibrary
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
ReleaseMutex
OpenSemaphoreW
WaitForSingleObject
InitializeCriticalSectionEx
CreateEventW
LeaveCriticalSection
WaitForMultipleObjectsEx
SetEvent
ResetEvent
ReleaseSemaphore
EnterCriticalSection
CreateMutexW
CreateEventExW
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
CreateThreadpoolWork
WaitForThreadpoolWorkCallbacks
TrySubmitThreadpoolCallback
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
SetThreadpoolWait
DisassociateCurrentThreadFromCallback
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SubmitThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentProcessId
GetCurrentThreadId
OpenProcessToken
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventWriteTransfer
EventActivityIdControl
EventRegister

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WaitOnAddress
Sleep

api-ms-win-devices-config-l1-1-1

CM_Unregister_Notification
CM_Register_Notification
CM_MapCrToWin32Err

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegGetValueW

api-ms-win-core-io-l1-1-0

CancelIoEx
GetOverlappedResult
DeviceIoControl

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

bcrypt

BCryptGenRandom

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-security-base-l1-1-0

IsValidSid
GetLengthSid
GetTokenInformation
AdjustTokenPrivileges

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
OpenServiceW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles
CoCreateInstance
CoCreateGuid
CoSetProxyBlanket

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW

api-ms-win-core-processthreads-l1-1-5

QueueUserAPC2

api-ms-win-core-quirks-l1-1-1

QuirkIsEnabledForPackage3

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize
RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-com-l1-1-1

RoGetAgileReference

ws2_32

WSALookupServiceNextW
WSAAddressToStringW
WSALookupServiceBeginW
WSALookupServiceEnd
WSAStartup
WSAGetLastError
WSACleanup

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-devices-query-l1-1-0

DevCloseObjectQuery
DevCreateObjectQuery

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

cryptsp

CryptGenRandom
CryptReleaseContext
CryptAcquireContextW

bthtelemetry

BthProcessEventOccurrenceResultBthaddr

wpprecorderum

WppAutoLogTrace

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

devobj

DevObjCreateDeviceInfoList
DevObjEnumDeviceInterfaces
DevObjGetDeviceInstanceId
DevObjGetDeviceProperty
DevObjEnumDeviceInfo
DevObjUninstallDevice
DevObjGetClassDevs
DevObjDestroyDeviceInfoList
DevObjGetDeviceInterfaceDetail

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

oleaut32

SetErrorInfo
SysStringLen
SysAllocString
GetErrorInfo
SysFreeString

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 284KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
das.dll
.dll windows:10 windows x64 arch:x64

0429ccfb35dc4d0bc3c2cae7de16edf0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

das.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__ultow_s
_o__wcsicmp
_o__wcsnicmp
memmove
_o_free
_o_malloc
_o_realloc
_o_terminate
_o_wcstoul
__current_exception
__current_exception_context
_o__execute_onexit_table
_o__errno
__CxxFrameHandler3
_CxxThrowException
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___acrt_iob_func
wcsstr
wcsrchr
wcschr
__std_terminate
__C_specific_handler
__CxxFrameHandler4
__C_specific_handler_noexcept
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcscmp
memset

ntdll

RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
LdrGetDllHandle
RtlInitAnsiString
LdrGetProcedureAddress
RtlCompareMemory
RtlNtStatusToDosError
NtQueryValueKey
NtSetValueKey
NtDeleteValueKey
NtEnumerateValueKey
NtEnumerateKey
NtSetSecurityObject
NtQueryKey
NtDeleteKey
NtCreateKey
NtOpenKey
RtlFormatCurrentUserKeyPath
RtlCopySid
RtlGetDaclSecurityDescriptor
NtSetInformationThread
NtAdjustPrivilegesToken
NtDuplicateToken
NtQuerySecurityObject
NtOpenProcessToken
NtOpenThreadToken
RtlTimeToTimeFields
RtlPrefixUnicodeString
RtlAppendUnicodeStringToString
RtlConvertSidToUnicodeString
RtlEqualSid
NtQueryInformationToken
NtOpenProcessTokenEx
NtOpenThreadTokenEx
NtClose
RtlGetVersion
RtlAbsoluteToSelfRelativeSD
RtlValidSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAceEx
RtlEnumerateGenericTableAvl
RtlInsertElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlCreateAcl
RtlAddAccessAllowedAce
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlGUIDFromString
WinSqmIsOptedIn
RtlAddAce
RtlLengthSid
RtlValidSid
RtlSubAuthoritySid
RtlInitializeSid
RtlEqualUnicodeString
RtlFreeUnicodeString
RtlCreateUnicodeString
RtlValidRelativeSecurityDescriptor
RtlVirtualUnwind
RtlReleaseSRWLockExclusive
RtlLookupFunctionEntry
RtlAcquireSRWLockExclusive
RtlCaptureContext
RtlInitUnicodeString
RtlFreeHeap
RtlInitializeSRWLock
RtlAllocateHeap
RtlUnicodeStringToInteger
RtlInitUnicodeStringEx
RtlLengthSecurityDescriptor

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
GetProcAddress
FreeLibrary
GetModuleHandleExA
LoadLibraryExW
GetModuleFileNameA
DisableThreadLibraryCalls

wpprecorderum

WppAutoLogStart
WppAutoLogTrace
WppAutoLogStop

api-ms-win-core-synch-l1-1-0

ResetEvent
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
CreateEventExW
InitializeSRWLock
WaitForSingleObjectEx
CreateMutexExW
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
OpenEventW
SleepEx
ReleaseSemaphore
ReleaseMutex
CreateSemaphoreExW
OpenSemaphoreW
ReleaseSRWLockShared
SetEvent
InitializeCriticalSectionAndSpinCount
CreateEventW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException
GetLastError

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
UnregisterTraceGuids
RegisterTraceGuidsW
TraceMessage
GetTraceEnableLevel
GetTraceLoggerHandle

api-ms-win-core-processthreads-l1-1-0

SetThreadToken
CreateProcessAsUserW
GetCurrentProcessId
OpenThreadToken
GetCurrentProcess
OpenProcessToken
TerminateProcess
GetCurrentThreadId
GetCurrentThread
GetExitCodeProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CompareObjectHandles
CloseHandle

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InitializeSListHead
InterlockedPushEntrySList

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

rpcrt4

RpcAsyncInitializeHandle
RpcImpersonateClient
RpcAsyncAbortCall
RpcRevertToSelf
RpcServerInterfaceGroupDeactivate
RpcBindingFree
RpcServerInqBindingHandle
RpcStringFreeW
RpcAsyncCompleteCall
RpcStringBindingComposeW
I_RpcExceptionFilter
RpcServerSubscribeForNotification
RpcBindingFromStringBindingW
RpcBindingSetOption
RpcSsDestroyClientContext
RpcExceptionFilter
RpcServerUnsubscribeForNotification
MesHandleFree
I_RpcBindingInqLocalClientPID
UuidCreate
MesEncodeIncrementalHandleCreate
MesIncrementalHandleReset
MesDecodeIncrementalHandleCreate
MesEncodeDynBufferHandleCreate
MesDecodeBufferHandleCreate
RpcServerInterfaceGroupClose
UuidFromStringW
RpcServerInterfaceGroupCreateW
Ndr64AsyncServerCallAll
NdrAsyncServerCall
NdrServerCall2
NdrServerCallAll
Ndr64AsyncClientCall
NdrMesTypeAlignSize3
NdrMesTypeEncode3
NdrMesTypeDecode3
NdrClientCall3
RpcAsyncCancelCall
RpcServerInterfaceGroupActivate

api-ms-win-core-threadpool-l1-2-0

DisassociateCurrentThreadFromCallback
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
SetThreadpoolWait
CallbackMayRunLong
CreateThreadpoolWait
FreeLibraryWhenCallbackReturns
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolWorkCallbacks
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
OpenSCManagerW

api-ms-win-service-management-l2-1-0

ChangeServiceConfigW
ChangeServiceConfig2W

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventActivityIdControl
EventUnregister

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-com-l1-1-0

PropVariantClear
CoTaskMemAlloc
CoGetApartmentType
StringFromGUID2
CoCreateInstance

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-security-base-l1-1-0

RevertToSelf
SetSecurityDescriptorOwner
CreateWellKnownSid
AdjustTokenPrivileges
GetKernelObjectSecurity
ImpersonateLoggedOnUser
DuplicateTokenEx
GetTokenInformation
InitializeSecurityDescriptor
AllocateAndInitializeSid
SetSecurityDescriptorDacl
IsWellKnownSid
FreeSid
DuplicateToken

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegGetValueW
RegEnumKeyExW

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

bcrypt

BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptHashData
BCryptGetProperty
BCryptFinishHash

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-service-core-l1-1-3

GetServiceRegistryStateKey

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateDirectoryW
GetFullPathNameW

Exports

Exports

ServiceMain

Sections

.text
Size: 460KB - Virtual size: 458KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dcsvc.dll
.dll windows:10 windows x64 arch:x64

ab48872901d17893860da3dc05c92c7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dcsvc.pdb

Imports

msvcp110_win

?_Add_vtordisp2@?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAAXXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?_Add_vtordisp1@?$basic_istream@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_BADOFF@std@@3_JB
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1_Container_base12@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Syserror_map@std@@YAPEBDH@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z

msvcrt

wcschr
_fpclass
_wtof
swprintf_s
towlower
_wcslwr
wcsstr
_wcsnicmp
wcsncmp
memmove_s
??_V@YAXPEAX@Z
_CxxThrowException
__RTDynamicCast
memcmp
memcpy
memmove
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
_callnewh
malloc
_purecall
_wcsicmp
_vsnprintf_s
memcpy_s
_vsnwprintf
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
sprintf_s
__CxxFrameHandler4
??3@YAXPEAX@Z
__CxxFrameHandler3
wcstol
memset

ntdll

RtlIsStateSeparationEnabled
RtlNtStatusToDosError
RtlPublishWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentProcess
GetCurrentThreadId
GetCurrentThread
CreateProcessW
TerminateThread
GetCurrentProcessId
TerminateProcess
OpenThreadToken

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleW
GetProcAddress
FindStringOrdinal
LoadLibraryExW
GetModuleHandleExW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
InitializeCriticalSectionEx
OpenSemaphoreW
ReleaseSRWLockShared
WaitForSingleObject
CreateMutexExW
WaitForSingleObjectEx
InitializeCriticalSection
OpenEventW
CreateEventW
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockExclusive
AcquireSRWLockShared
DeleteCriticalSection
CreateMutexW
SetEvent
CreateSemaphoreExW
ReleaseSemaphore
ReleaseMutex

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteTreeW
RegEnumKeyExW
RegGetValueW
RegOpenKeyExW
RegOpenCurrentUser
RegCloseKey
RegEnumValueW
RegDeleteValueW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventSetInformation
EventUnregister

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

rpcrt4

RpcServerInterfaceGroupClose
RpcRevertToSelf
RpcImpersonateClient
RpcServerInterfaceGroupDeactivate
UuidCreate
NdrServerCallAll
RpcServerInqCallAttributesW
UuidCreateSequential
RpcBindingFree
RpcServerInterfaceGroupActivate
UuidFromStringW
NdrServerCall2
RpcServerInterfaceGroupCreateW

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
Sleep

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTime
GetTickCount
GetLocalTime
GetSystemTimeAsFileTime

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-security-accesshlpr-l1-1-0

QueryTransientObjectSecurityDescriptor
FreeTransientObjectSecurityDescriptor

policymanager

PolicyManager_IsPolicySetByMobileDeviceManager

api-ms-win-core-com-l1-1-0

CoInitializeEx
CreateStreamOnHGlobal
StringFromCLSID
CoCreateInstance
CoTaskMemFree
CLSIDFromString
StringFromGUID2
CoUninitialize
CoTaskMemAlloc
CoCreateGuid

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx

api-ms-win-security-base-l1-1-0

MakeAbsoluteSD
MakeSelfRelativeSD
SetSecurityDescriptorDacl
FreeSid
GetSecurityDescriptorDacl
CreateWellKnownSid
AllocateAndInitializeSid

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-path-l1-1-0

PathCchSkipRoot

api-ms-win-core-file-l1-1-0

WriteFile
CompareFileTime
ReadFile
CreateDirectoryW
CreateFileW
FindFirstFileW
DeleteFileW
FindClose

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

crypt32

CertCreateCertificateContext
CertFreeCertificateContext

bcrypt

BCryptCreateHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptOpenAlgorithmProvider

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-registry-l2-1-0

RegEnumKeyW
RegDeleteKeyW

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW
GetExplicitEntriesFromAclW

xmllite

CreateXmlWriterOutputWithEncodingName
CreateXmlWriter
CreateXmlReader
CreateXmlReaderInputWithEncodingName

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

api-ms-win-shcore-registry-l1-1-0

SHCopyKeyW

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA

dmiso8601utils

FileTimeToISO8601String
SystemTimeToISO8601String

omadmapi

ord104
ord79

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 692KB - Virtual size: 689KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
declaredconfiguration.dll
.dll windows:10 windows x64 arch:x64

52bba0be3d5973d54f901841266b54c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

declaredconfiguration.pdb

Imports

msvcrt

_initterm
_lock
_onexit
_XcptFilter
_unlock
_amsg_exit
malloc
free
__dllonexit
__C_specific_handler

rpcrt4

NdrClientCall3
RpcBindingFree
RpcBindingBind
RpcBindingCreateW
I_RpcExceptionFilter

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
StartServiceW
CloseServiceHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

Exports

Exports

DMOrchestratorConfig
DMOrchestratorDelete
DMOrchestratorDeletePerEnrollmentScenario
DMOrchestratorGetStatus
DMOrchestratorProcessPreviouslyRanDocs
DMOrchestratorRefresh
DMOrchestratorRefreshPerDocument
DMOrchestratorRefreshPerEnrollment
DMOrchestratorSvcDeinit
DMOrchestratorSvcInit
DMOrchestratorUpdate
DMOrchestratorUpdateDocStatus

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
default_error_stack-000000-000000.txt
desktopimgdownldr.exe
.exe windows:10 windows x64 arch:x64

42f92d2a7592cb75be2bde3c4bc27707

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

desktopimgdownldr.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm_e
_c_exit
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_exit
_o_free
_o_isalnum
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__cexit
_o___std_exception_destroy
_o___std_exception_copy
_o__callnewh
_o___p__commode
_o___p___wargv
_o___p___argc
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

CreateEventW
EnterCriticalSection
InitializeCriticalSection
InitializeCriticalSectionEx
ReleaseSemaphore
LeaveCriticalSection
WaitForSingleObject
SetEvent
AcquireSRWLockShared
ReleaseMutex
ReleaseSRWLockExclusive
DeleteCriticalSection
CreateSemaphoreExW
CreateMutexExW
AcquireSRWLockExclusive
ReleaseSRWLockShared
WaitForSingleObjectEx
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenProcessToken
TerminateProcess
GetCurrentThread
GetCurrentProcessId
OpenThreadToken
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-security-base-l1-1-0

IsValidSid
GetTokenInformation
GetSecurityDescriptorDacl
GetLengthSid

crypt32

CryptBinaryToStringW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-file-l1-1-0

CreateFileW
FindClose
FindFirstFileExW
GetFileSize
DeleteFileW
FindNextFileW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoTaskMemAlloc
CoCreateGuid
CoUninitialize
CoCreateInstance
PropVariantClear
CoTaskMemFree
CoDisconnectObject

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
SHExpandEnvironmentStringsW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

oleaut32

SysStringLen
SysFreeString

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCreateKeyExW
RegCloseKey

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

ntdll

RtlPublishWnfStateData

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW
GetPersistedFileLocationW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-shell-shdirectory-l1-1-0

ord292

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW
SetNamedSecurityInfoW

api-ms-win-core-path-l1-1-0

PathCchCombine

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
diagtrack.dll
.dll windows:10 windows x64 arch:x64

290ae3a68652d3e79804fba729e53ab9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

diagtrack.pdb

Imports

msvcp_win

_Query_perf_counter
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
_Cnd_signal
?_Throw_C_error@std@@YAXH@Z
_Query_perf_frequency
_Mtx_lock
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
_Cnd_timedwait
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Throw_Cpp_error@std@@YAXH@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
_Mtx_current_owns
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
_Mtx_trylock
_Xtime_get_ticks
?widen@?$ctype@_W@std@@QEBA_WD@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
_Thrd_id
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$collate@_W@std@@2V0locale@2@A
_Wcscoll
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??Bid@locale@std@@QEAA_KXZ
?id@?$ctype@_W@std@@2V0locale@2@A
_Mtx_unlock
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??0_Locinfo@std@@QEAA@PEBD@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??1_Lockit@std@@QEAA@XZ
??1_Locinfo@std@@QEAA@XZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Incref@facet@locale@std@@UEAAXXZ
?is@?$ctype@_W@std@@QEBA_NF_W@Z
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
_Wcsxfrm
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Xinvalid_argument@std@@YAXPEBD@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
_Cnd_init_in_situ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
_Cnd_destroy_in_situ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W0@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
_Mtx_init_in_situ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
_Mtx_destroy_in_situ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QEBA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?flags@ios_base@std@@QEBAHXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Xbad_alloc@std@@YAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
?swap@?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?swap@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA_W_W@Z
?setf@ios_base@std@@QEAAHHH@Z
?setf@ios_base@std@@QEAAHH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?_Xbad_function_call@std@@YAXXZ
_Cnd_wait
?_Syserror_map@std@@YAPEBDH@Z
?_Random_device@std@@YAIXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
_Cnd_broadcast
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
??0task_continuation_context@Concurrency@@AEAA@XZ
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ

api-ms-win-crt-string-l1-1-0

strnlen
strpbrk
wcscmp
wcsnlen
strcspn
memset
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__strnicmp
_o__strtoi64
_o__strtoui64
_o__ui64tow_s
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
_o__initialize_onexit_table
_o__wcstoi64
_o__wcstoui64
_o__wtof
_o__wtoi
_o_abort
memmove
_o_atof
_o_ceil
_o_ceilf
_o_exp
_o_floor
_o_free
_o_fwrite
_o_isalpha
_o_isdigit
_o_isspace
_o_iswalnum
_o_iswspace
_o_isxdigit
_o_localeconv
_o_log
_o_log2
_o_lround
_o_malloc
_o_memcpy_s
_o_pow
_o_rand
_o_realloc
_o_round
_o_sqrt
_o_srand
_o_strtod
_o_strtoll
_o_strtoull
_o_terminate
_o_tolower
_o_towlower
_o_towupper
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstod
_o_wcstoll
_o_wcstoull
__current_exception
__current_exception_context
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
wcschr
wcsstr
_o__initialize_narrow_environment
_o__execute_onexit_table
_o__errno
_o__dsign
_o__dclass
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
strchr
__std_type_info_compare
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler4
strstr
memchr
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
SizeofResource
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
LoadStringW
FreeLibrary
LockResource
FindResourceExW
DisableThreadLibraryCalls
FreeResource
LoadResource
GetProcAddress

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-core-synch-l1-1-0

CreateWaitableTimerExW
SetWaitableTimerEx
ResetEvent
AcquireSRWLockShared
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
EnterCriticalSection
DeleteCriticalSection
CreateSemaphoreExW
InitializeCriticalSectionAndSpinCount
CreateEventExW
SetWaitableTimer
ReleaseSemaphore
InitializeSRWLock
WaitForSingleObject
AcquireSRWLockExclusive
CreateEventW
SetEvent
ReleaseSRWLockExclusive
LeaveCriticalSection
InitializeCriticalSectionEx
CreateMutexExW
InitializeCriticalSection
ReleaseMutex
OpenEventW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapReAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolIoCallbacks
CancelThreadpoolIo
StartThreadpoolIo
CreateThreadpoolWork
CreateThreadpoolIo
CreateThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpool
SetThreadpoolThreadMaximum
SubmitThreadpoolWork
CloseThreadpool
CloseThreadpoolIo
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CreateThreadpoolWait

api-ms-win-core-processthreads-l1-1-0

InitializeProcThreadAttributeList
SetThreadPriority
UpdateProcThreadAttribute
GetCurrentProcessId
CreateProcessW
GetExitCodeProcess
GetCurrentProcess
GetProcessId
OpenProcessToken
SuspendThread
ResumeThread
OpenThread
GetExitCodeThread
OpenThreadToken
GetCurrentThreadId
GetCurrentThread
SetThreadPriorityBoost
CreateProcessAsUserW
TerminateProcess
GetThreadId
CreateThread
DeleteProcThreadAttributeList

api-ms-win-core-localization-l1-2-0

GetSystemPreferredUILanguages
GetSystemDefaultLCID
LCMapStringEx
FormatMessageW
GetUserGeoID
GetThreadLocale

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

ntdll

RtlSubscribeWnfStateChangeNotification
RtlIsDosDeviceName_U
RtlFreeHeap
RtlReleaseRelativeName
RtlDosPathNameToRelativeNtPathName_U
RtlAllocateAndInitializeSid
NtDeviceIoControlFile
RtlGetDeviceFamilyInfoEnum
NtCreateFile
NtClose
EtwTraceMessage
RtlIpv6AddressToStringExA
RtlIpv4AddressToStringExA
RtlInitUnicodeString
RtlNtStatusToDosError
NtQueryInformationThread
NtSetInformationThread
RtlGetCurrentServiceSessionId
NtSystemDebugControl
NtQueryInformationProcess
NtSetInformationFile
NtQuerySecurityPolicy
NtQueryLicenseValue
RtlIsMultiSessionSku
ZwQueryWnfStateData
RtlReportExceptionEx
RtlIsStateSeparationEnabled
RtlGetPersistedStateLocation
NtSetInformationProcess
EtwCheckCoverage
RtlCompareUnicodeString
NtOpenProcessToken
NtQueryInformationToken
NtOpenThreadToken
RtlAllocateHeap
NtOpenSymbolicLinkObject
NtOpenKey
NtQuerySymbolicLinkObject
NtOpenFile
NtQueryValueKey
NtQueryBootEntryOrder
NtQueryBootOptions
NtTranslateFilePath
NtOpenDirectoryObject
NtQueryDirectoryObject
NtEnumerateBootEntries
NtAdjustPrivilegesToken
NtOpenProcessTokenEx
NtOpenThreadTokenEx
RtlImpersonateSelf
RtlNtStatusToDosErrorNoTeb
RtlCheckSystemBootStatusIntegrity
RtlCreateBootStatusDataFile
NtPowerInformation
RtlRestoreSystemBootStatusDefaults
RtlCheckPortableOperatingSystem
RtlGetSystemBootStatus
NtQuerySystemTime
RtlComputeCrc32
RtlSetSystemBootStatus
NtQuerySystemInformationEx
NtQuerySystemInformation
RtlConvertDeviceFamilyInfoToString
RtlPublishWnfStateData
RtlGetVersion
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegGetValueW
RegCopyTreeW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegCloseKey
RegDeleteTreeW
RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegOpenCurrentUser
RegDeleteValueW
RegOpenKeyExW
RegEnumValueW

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentVariableW
ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
OpenProcess
IsProcessorFeaturePresent
SetProcessMitigationPolicy
GetThreadTimes
GetThreadContext

api-ms-win-core-file-l1-1-0

FindFirstFileW
GetFullPathNameW
CreateFileW
GetFileAttributesW
SetFileAttributesW
GetDiskFreeSpaceExW
GetTempFileNameW
FindVolumeClose
QueryDosDeviceW
FindNextVolumeW
DeleteFileW
ReadFile
CreateDirectoryW
GetFileTime
FindFirstVolumeW
FindNextFileW
SetFileInformationByHandle
RemoveDirectoryW
SetFilePointerEx
GetFileAttributesExW
GetDriveTypeW
GetVolumePathNameW
GetVolumeInformationW
FindClose
GetFileSize
FindFirstChangeNotificationW
WriteFile
FindNextChangeNotification
FindCloseChangeNotification
CompareFileTime
SetEndOfFile
GetFinalPathNameByHandleW
SetFileTime
GetFileSizeEx
FindFirstFileExW

api-ms-win-core-file-l2-1-0

CopyFileExW
GetFileInformationByHandleEx
MoveFileExW

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalFree
LocalAlloc

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchCanonicalizeEx
PathAllocCombine
PathCchAppendEx

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount64
GetTickCount
GetSystemTime
GetSystemDirectoryW
GetLocalTime
GlobalMemoryStatusEx
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList
InterlockedFlushSList

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime
QueryProcessCycleTime
QueryThreadCycleTime

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo
GetSystemTimePreciseAsFileTime
VerSetConditionMask
GetProductInfo

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime
GetDynamicTimeZoneInformation

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-sysinfo-l1-2-1

GetPhysicallyInstalledSystemMemory

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-wow64-l1-1-1

GetSystemWow64Directory2W
IsWow64Process2

api-ms-win-core-url-l1-1-0

UrlEscapeW

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
ReadProcessMemory
MapViewOfFile
CreateFileMappingW

api-ms-win-core-pcw-l1-1-0

PcwCollectData
PcwAddQueryItem
PcwCreateQuery

api-ms-win-core-psapi-l1-1-0

K32EnumProcesses
K32GetProcessImageFileNameW
K32GetPerformanceInfo

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-util-l1-1-0

EncodePointer

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-crt-math-l1-1-0

_finite

api-ms-win-core-string-l2-1-0

CharLowerBuffW

Exports

Exports

RunDll32Main
ServiceMain
SvchostPushServiceGlobals
UtcSysprepGeneralize

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 888KB - Virtual size: 886KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 152KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
directxdatabasehelper.dll
.dll windows:10 windows x64 arch:x64

d71ac523a3d4b416589e7df1524ba012

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fd:f1:e8:a8:f6:79:55:7f:0e:c4:ea:e0:29:e3:b3:7f:16:59:de:6a:5a:c4:21:24:71:73:c3:7c:66:7e:31:ff
Signer

Actual PE Digest

fd:f1:e8:a8:f6:79:55:7f:0e:c4:ea:e0:29:e3:b3:7f:16:59:de:6a:5a:c4:21:24:71:73:c3:7c:66:7e:31:ff

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

directxdatabasehelper.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
_o__wtoi
_o_free
_o_malloc
_o_qsort
_o_toupper
_o_wcscat_s
_o_wcscpy_s
_o_wcstoul
__C_specific_handler
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
__CxxFrameHandler4
wcschr
__std_terminate
wcsstr
wcsrchr
_CxxThrowException
_o__crt_atexit
_o__configure_narrow_argv
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__callnewh
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsncmp
strncmp
wcsspn
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleA
LoadLibraryExW
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
FreeLibrary
GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleFileNameW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetWindowsDirectoryW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
RtlCompareMemory

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

CreateMutexExW
ReleaseSRWLockExclusive
OpenSemaphoreW
ReleaseMutex
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
AcquireSRWLockShared
DeleteCriticalSection
AcquireSRWLockExclusive
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
WaitForSingleObjectEx
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegDeleteKeyExW
RegDeleteValueW

ntdll

ZwCreateSection
NtClose
ZwQueryInformationFile
ZwCreateFile
RtlFormatCurrentUserKeyPath
ZwEnumerateValueKey
NtQueryInformationFile
ZwQueryKey
RtlUnicodeStringToInteger
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlCopyUnicodeString
ZwQueryValueKey
RtlInitUnicodeStringEx
RtlRunOnceExecuteOnce
RtlxAnsiStringToUnicodeSize
RtlFreeUnicodeString
ZwOpenFile
RtlDosPathNameToNtPathName_U_WithStatus
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
RtlInitUnicodeString
ZwClose
RtlFreeHeap
ZwEnumerateKey
RtlReAllocateHeap
RtlAllocateHeap
RtlGetVersion
ZwQueryInformationProcess
RtlImageDirectoryEntryToData
RtlInitString
RtlVerifyVersionInfo
ZwSetInformationProcess
LdrResSearchResource
ZwMapViewOfSection
ZwUnmapViewOfSection
NtQueryWnfStateData
NtQueryInformationProcess
RtlPublishWnfStateData
RtlNtPathNameToDosPathName
RtlUnicodeStringToAnsiString
RtlUpcaseUnicodeString
RtlpEnsureBufferSize
NtQueryValueKey
ZwQueryDirectoryFile
RtlGUIDFromString
RtlAnsiStringToUnicodeString
ZwOpenKey

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-security-base-l1-1-0

FreeSid
IsValidSid
CreateWellKnownSid
EqualSid

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-file-l1-1-0

FindNextFileW
FindClose
GetDriveTypeW
FindFirstFileW
GetLongPathNameW

api-ms-win-core-processenvironment-l1-1-0

FreeEnvironmentStringsW
GetEnvironmentStringsW
ExpandEnvironmentStringsW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dlnashext.dll
.dll windows:10 windows x64 arch:x64

b1bac076f4e668928031ffd0a6668634

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dlnashext.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__ui64tow_s
memmove
_o__wtoi
_o_calloc
_o_free
_o_iswalpha
_o_iswdigit
_o_malloc
_o_realloc
_o_terminate
_o_towupper
_o_wmemcpy_s
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
wcsstr
wcschr
wcsrchr
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
__C_specific_handler_noexcept
memcpy

api-ms-win-crt-string-l1-1-0

wcscspn
wcspbrk
wcscmp
memset

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
CoGetMalloc
PropVariantClear
CoGetApartmentType
CoCreateInstance
CoUninitialize
CoInitializeEx
CLSIDFromString
CoTaskMemFree
CoTaskMemAlloc

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage

api-ms-win-core-synch-l1-1-0

CreateEventW
LeaveCriticalSection
InitializeCriticalSection
OpenSemaphoreW
EnterCriticalSection
SetEvent
AcquireSRWLockShared
DeleteCriticalSection
ReleaseSRWLockShared
AcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockExclusive
ResetEvent
InitializeSRWLock
WaitForSingleObjectEx
WaitForSingleObject
CreateSemaphoreExW
CreateEventExW
ReleaseMutex
ReleaseSemaphore
CreateMutexExW

api-ms-win-core-libraryloader-l1-2-0

LockResource
LoadResource
SizeofResource
FreeLibraryAndExitThread
FindStringOrdinal
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA
FreeLibrary
FindResourceExW
DisableThreadLibraryCalls
GetModuleHandleW
LoadStringW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
TlsFree
CreateThread
TlsGetValue
GetThreadPriority
GetCurrentThreadId
TlsAlloc
TlsSetValue
GetCurrentProcessId
SetThreadPriority
ResumeThread
GetCurrentThread

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetTickCount
GetComputerNameExW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-shell-associations-l1-1-0

AssocGetDetailsOfPropKey
AssocCreateForClasses

api-ms-win-shell-changenotify-l1-1-0

SHChangeNotify

api-ms-win-shell-dataobject-l1-1-0

SHCreateDataObject

api-ms-win-shell-namespace-l1-1-0

SHBindToFolderIDListParent
ILClone
ILGetSize
ILCloneFirst
SHCreateItemFromIDList
ILCombine
SHParseDisplayName
SHGetIDListFromObject
ILIsEqual
ILFree
SHGetNameFromIDList

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

api-ms-win-core-path-l1-1-0

PathCchFindExtension
PathCchRemoveExtension
PathCchCombine

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW
MultiByteToWideChar

api-ms-win-core-url-l1-1-0

UrlIsW

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalFree
LocalAlloc

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW
QISearch
StrRChrW

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapDestroy
GetProcessHeap
HeapAlloc
HeapFree
HeapSize

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegGetValueW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
TrySubmitThreadpoolCallback
WaitForThreadpoolTimerCallbacks
FreeLibraryWhenCallbackReturns
CloseThreadpoolTimer
CallbackMayRunLong

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
FileTimeToDosDateTime

api-ms-win-core-string-l2-1-0

CharUpperBuffW
CharLowerBuffW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-featurestaging-l1-1-0

SubscribeFeatureStateChangeNotification
RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification

api-ms-win-core-localization-l1-2-0

FormatMessageW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dmcmnutils.dll
.dll windows:10 windows x64 arch:x64

fa2b4da471593a63b4724cd4e7a6fecb

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9a:95:7e:84:a5:71:42:b6:fc:b0:66:9f:f8:4a:c5:9d:df:2d:fd:70:c3:ce:26:d1:44:7b:5a:4a:23:08:de:a6
Signer

Actual PE Digest

9a:95:7e:84:a5:71:42:b6:fc:b0:66:9f:f8:4a:c5:9d:df:2d:fd:70:c3:ce:26:d1:44:7b:5a:4a:23:08:de:a6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dmcmnutils.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__i64toa_s
_o__i64tow_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__isctype_l
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__ui64toa_s
_o__ui64tow_s
_o__wcsicmp
_o__wcsnicmp
_o__wcstod_l
memmove
_o__wsplitpath_s
_o__wtoi
_o__wtoi64
_o_abort
_o_free
_o_isalpha
_o_isdigit
_o_isspace
_o_iswdigit
_o_iswspace
_o_malloc
_o_terminate
_o_tolower
_o_toupper
_o_wcscat_s
_o_wcscpy_s
_o_wcstod
_o_wcstok_s
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
_o__free_locale
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__create_locale
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___pctype_func
_CxxThrowException
__CxxFrameHandler3
__std_type_info_compare
wcsstr
wcschr
__std_terminate
__CxxFrameHandler4
memchr
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
strnlen
wcsnlen

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadStringW
DisableThreadLibraryCalls
GetModuleHandleA
LoadLibraryExW
FreeLibrary
GetProcAddress
GetModuleHandleExW
GetModuleFileNameA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentThread
CreateThread
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
OpenThreadToken
ProcessIdToSessionId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetLocalTime
GetVersionExW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-com-l1-1-0

CoRevertToSelf
CoTaskMemFree
CoTaskMemAlloc
PropVariantClear
CoInitializeEx
CoCreateInstance
CoUninitialize
CoCreateGuid
StringFromGUID2
CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
ReleaseMutex
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
AcquireSRWLockExclusive
ReleaseSemaphore
EnterCriticalSection
CreateEventExW
SetEvent
CreateSemaphoreExW
ReleaseSRWLockShared
WaitForSingleObjectEx
OpenSemaphoreW
CreateEventW
ResetEvent
InitializeCriticalSection
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWork
SubmitThreadpoolWork
SetThreadpoolTimer
CreateThreadpoolWork

api-ms-win-core-localization-l1-2-0

IsDBCSLeadByte
FormatMessageW
FormatMessageA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegGetValueW
RegDeleteValueW
RegOpenCurrentUser
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW

ntdll

RtlNtStatusToDosError
RtlIsStateSeparationEnabled
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlIsMultiSessionSku
RtlGetPersistedStateLocation
RtlQueryWnfStateData
RtlAllocateHeap
NtSetInformationToken
RtlInitUnicodeString
RtlFreeHeap
NtQuerySecurityAttributesToken
RtlCompareMemory
RtlPublishWnfStateData
RtlSubscribeWnfStateChangeNotification

api-ms-win-core-file-l1-1-0

FindFirstFileW
CreateFileW
GetFileAttributesW
CompareFileTime
GetFinalPathNameByHandleW
DeleteFileW
FindNextFileW
GetFileInformationByHandle
FindClose
GetFileAttributesExW
CreateDirectoryW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW
PathFindNextComponentW
PathFileExistsW

api-ms-win-core-path-l1-1-0

PathCchRemoveExtension
PathAllocCombine
PathCchCombine
PathCchRenameExtension

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrNIW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-sysinfo-l1-2-0

GetSystemFirmwareTable
GetProductInfo

ncrypt

NCryptFreeObject
NCryptIsAlgSupported
NCryptOpenStorageProvider
NCryptSetProperty
NCryptGetProperty
NCryptOpenKey
NCryptExportKey
NCryptCreateClaim

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsCreateString
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize
RoGetActivationFactory

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-security-base-l1-1-0

GetLengthSid
CopySid
AllocateAndInitializeSid
EqualSid
RevertToSelf
FreeSid
CheckTokenMembership
ImpersonateLoggedOnUser
GetTokenInformation

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetEnvironmentVariableW

api-ms-win-core-kernel32-legacy-l1-1-1

SetDllDirectoryW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

msvcp_win

?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?bad@ios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?setf@ios_base@std@@QEAAHHH@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$ctype@G@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?_Xbad_alloc@std@@YAXXZ
?classic@locale@std@@SAAEBV12@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?fail@ios_base@std@@QEBA_NXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
?_Syserror_map@std@@YAPEBDH@Z
?__ExceptionPtrCompare@@YA_NPEBX0@Z
?_Winerror_map@std@@YAHH@Z
?eof@ios_base@std@@QEBA_NXZ
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAH@Z
?_Xlength_error@std@@YAXPEBD@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?_Xoverflow_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrToBool@@YA_NPEBX@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?imbue@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

bcrypt

BCryptDecrypt
BCryptGenerateSymmetricKey
BCryptEncrypt
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptDestroyKey
BCryptSetProperty

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

tbs

Tbsip_Context_Close
Tbsi_Is_Tpm_Present
Tbsip_Submit_Command
Tbsi_Context_Create
Tbsi_GetDeviceInfo
Tbsi_Get_TCG_Log_Ex

Exports

Exports

BigStrcat
BinaryToHexString
ComputeHmac
CopyString
CreateBstrArray
DMGetClientHardwareUID
DMGetDeviceClientID
DMSetDeviceClientID
DecodeBase64W
DmCancelGetUserPermissionAsync
DmCheckIfAadAccountLoggedOn
DmCopyDirectoryRecursive
DmCreateFileSafe
DmCreateTask
DmDeleteTask
DmDisableTask
DmEnableTask
DmEnumUsers
DmExecuteProcessAndCollect
DmGenerateAttestationClaims
DmGenerateMaaAttestationClaims
DmGetAadDeviceMdmEnrollmentResourceUrlWithDiscovery
DmGetAadDeviceToken
DmGetAadDeviceTokenWithDiscovery
DmGetAadEnrollmentResource
DmGetAadUserToken
DmGetActiveUserSid
DmGetCurrentUserSid
DmGetCurrentUserToken
DmGetEnrollmentTypeName
DmGetEnrollmentTypeValue
DmGetFileSize
DmGetIMEI
DmGetKeyFromContext
DmGetKeyNameFromContext
DmGetSmbiosSerialNumber
DmGetTargetAik
DmGetTpmInfo
DmGetTpmIsAlgorithmSupported
DmGetTpmState
DmGetUserEditFieldInput
DmGetUserPermission
DmGetUserPermissionAsync
DmGetUserSidFromToken
DmGetUserTokenFromSid
DmImpersonate
DmInformUser
DmInitializeContainer
DmInvalidateAadDeviceToken
DmInvalidateAadUserToken
DmIsDeviceConnected
DmIsDeviceRoaming
DmIsRunningInSystemContext
DmIsSystemOrAdmin
DmIsSystemOrUserIsAdmin
DmIsTaskScheduled
DmIsTaskScheduledAndEnabled
DmMdmSign
DmPlayNotificationSound
DmRaiseToastNotification
DmRaiseToastNotificationAndWait
DmRegisterRoamingNotification
DmReleaseContainer
DmRemoveToastNotification
DmRemoveToastNotificationByExecutablePath
DmRequestAadUserToken
DmRevertToSelf
DmRunTask
DmSetWindowsAIKStorageLocation
DmStartContainerActivity
DmStopContainerActivity
DmStringCchPrintfAllStrings
DmUnregisterRoamingNotification
DmWnfGetNotification
DmWnfPublish
DmWnfQuery
EncodeBase64
EncodeBase64W
EscapeStringW
GetHeader
GetICCID
GetIMEI
GetIMSI
GetIMSIByIccID
GetPGListRegKeyName
GetPhoneNumber
GetPhoneUID
Hash_Create
Hash_Delete
Hash_Destroy
Hash_DestroyCallback
Hash_EnumCallback
Hash_Get
Hash_Insert
Hash_SetBucketThreshold
HexStringToBinary
InitializeCVForLocalConfigSession
InvStrCmpIW
InvStrCmpNIW
InvStrCmpNW
InvStrCmpW
IsDesktopSku
IsServerVersionOrAbove
IsWvdFeatureAllowed
IsWvdSku
MBToUnicode
OmDmRegistryAllocAndGetString
OmaDmRegistryDeleteValue
OmaDmRegistryGetAllSubKeys
OmaDmRegistryGetAllValues
OmaDmRegistryGetBinary
OmaDmRegistryGetDWORD
OmaDmRegistryGetString
OmaDmRegistryRetrieveCurrentUsersHKCU
OmaDmRegistrySetBinary
OmaDmRegistrySetDWORD
OmaDmRegistrySetString
QueryPolicy
SafeMultiByteToWideChar
SafeStringToDword
SafeWideCharToMultiByte
SetConnectionPriority
SetPolicy
UnicodeToMB

Sections

.text
Size: 560KB - Virtual size: 557KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dmenrollengine.dll
.dll windows:10 windows x64 arch:x64

7570e2241e1f243751b2a190cb4b3711

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dmenrollengine.pdb

Imports

msvcp110_win

?_Xbad_alloc@std@@YAXXZ
?_Orphan_all@_Container_base0@std@@QEAAXXZ
??0id@locale@std@@QEAA@_K@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?_BADOFF@std@@3_JB
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?_Add_vtordisp2@?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAAXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Add_vtordisp1@?$basic_istream@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z

msvcrt

memmove
memcpy
memcmp
_CxxThrowException
memset
??3@YAXPEAX@Z
__CxxFrameHandler4
_vsnwprintf
memcpy_s
_purecall
??1exception@@UEAA@XZ
__CxxFrameHandler3
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
wcstod
wcsstr
wcstoul
swscanf_s
wcsrchr
isspace
_errno
_wtol
_itow_s
strncpy_s
_set_errno
strtol
strchr
strrchr
sprintf_s
_wtof
wcscmp
wcsnlen
_vsnwprintf_s
_vscwprintf
_wtoi
wcschr
wcscpy_s
wcstok_s
free
_wcsdup
wcsncmp
_wcsicmp
??_V@YAXPEAX@Z
_wcsnicmp
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ

ntdll

RtlIsStateSeparationEnabled
RtlNtStatusToDosError
RtlPublishWnfStateData
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlGetDeviceFamilyInfoEnum

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExA
GetModuleHandleW
DisableThreadLibraryCalls
LoadLibraryExW
GetProcAddress
GetModuleHandleExW
FreeLibrary
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
ResetEvent
WaitForSingleObjectEx
OpenSemaphoreW
AcquireSRWLockShared
ReleaseSRWLockExclusive
SetEvent
CreateEventW
CreateEventExW
AcquireSRWLockExclusive
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSection
ReleaseMutex
CreateMutexExW
CreateSemaphoreExW
WaitForSingleObject
EnterCriticalSection
ReleaseSemaphore
InitializeCriticalSectionEx
OpenEventW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateThread
GetExitCodeProcess
CreateThread
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
CreateProcessW
GetCurrentProcessId
CreateProcessAsUserW

api-ms-win-core-localization-l1-2-0

GetUserDefaultLocaleName
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

GetHandleInformation
CloseHandle
DuplicateHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalFree
LocalAlloc

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize
RoGetActivationFactory
RoActivateInstance

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsIsStringEmpty
WindowsCreateString
WindowsDeleteString
WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime
GetComputerNameExW
GetTickCount
GetVersionExW
GetSystemWindowsDirectoryW

api-ms-win-core-com-l1-1-0

CoInitializeEx
StringFromGUID2
CoCreateGuid
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoRevertToSelf
CoTaskMemFree
CLSIDFromString
CoUninitialize
IIDFromString
CoCreateInstance
StringFromCLSID

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegGetValueW
RegOpenCurrentUser
RegQueryInfoKeyW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyExW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegDeleteTreeW
RegEnumKeyExW
RegNotifyChangeKeyValue

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceComplete
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceBeginInitialize
Sleep
InitOnceExecuteOnce

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-core-file-l1-1-0

RemoveDirectoryW
FindNextFileW
WriteFile
CompareFileTime
CreateFileW
SetFileAttributesW
FindFirstFileW
SetFileInformationByHandle
FindClose
GetFullPathNameW
DeleteFileW
GetFileAttributesW
GetFileSize
ReadFile

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchCombine
PathAllocCombine

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrlenA

api-ms-win-core-url-l1-1-0

UrlEscapeW

api-ms-win-core-apiquery-l2-1-0

IsApiSetImplemented

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

profapi

ord104

Exports

Exports

AutoEnrollMDM
BeginEnrollmentScope
CleanupExpiredOMADMSessions
DiscoverEndpoint
DiscoverEndpointEx
DiscoverEndpointEx2
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
EnableLogging
EnrollEngineInitialize
FindDiscoveryService
FindDiscoveryServiceEx
FreeMmpcDiscoveryResultsData
GetCertificatePolicy
GetDatabaseManagerInstance
GetEnrollmentAadResourceUrl
GetEnrollmentAadSendDeviceToken
GetEnrollmentAltitude
GetEnrollmentAuthPolicy
GetEnrollmentCertStore
GetEnrollmentClientCertThumbprint
GetEnrollmentClientContext
GetEnrollmentCurCryptoProvider
GetEnrollmentDiscoveryService
GetEnrollmentEntDmId
GetEnrollmentForceAadToken
GetEnrollmentLinkedEnrollmentHasPriority
GetEnrollmentLinkedEnrollmentId
GetEnrollmentLinkedEnrollmentLockedToMMPC
GetEnrollmentPartnerOpaqueID
GetEnrollmentSID
GetEnrollmentState
GetEnrollmentTenantID
GetEnrollmentType
GetEnrollmentUPN
GetEnrollmentsOfTypes
GetFirstEnrollmentGuidOfTypes
GetIsRecoveryAllowed
GetMmpcEnrollmentFlag
GetProviderID
GetRecoveryInitiatedByServer
GetRecoveryRetryCount
GetRecoveryStatusEnum
IsLockedToMmpc
MmpcDiscoverEndpoint
OpenEnrollmentsHKEY
SetEnrollState
SetEnrollmentAadResourceUrl
SetEnrollmentAadSendDeviceToken
SetEnrollmentDormant
SetEnrollmentForceAadToken
SetEnrollmentPartnerOpaqueID
SetEnrollmentUPN
SetIsRecoveryAllowed
SetMmpcEnrollmentFlag
SetProviderID
SetRecoveryInitiatedByServer
SetRecoveryRetryCount
SetRecoveryStateAndErrorCode
SwitchAADLinkedEnrollment
SysprepGeneralize
VerifyServerIsMmpcEx
_IsManagementRegistrationAllowed

Sections

.text
Size: 596KB - Virtual size: 593KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 236KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dmenterprisediagnostics.dll
.dll windows:10 windows x64 arch:x64

5fdf4735331363f2b97f8a7da613127a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dmenterprisediagnostics.pdb

Imports

msvcrt

_amsg_exit
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
free
_initterm
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_XcptFilter
_callnewh
__C_specific_handler
wcscpy_s
vswprintf_s
memmove_s
_vscwprintf
_errno
_gmtime64
wcsnlen
wcsncpy_s
_ultow_s
wcsncmp
wcschr
_wcsnicmp
_wcsicmp
wcsrchr
_stricmp
memmove
wcsspn
wcscspn
iswdigit
wcstol
calloc
towlower
strrchr
wcsstr
realloc
_memicmp
malloc
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
memset
_wcslwr_s
memchr
__CxxFrameHandler4
??_V@YAXPEAX@Z
memcpy
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
DisableThreadLibraryCalls
LockResource
GetModuleFileNameA
GetModuleHandleW
LoadResource
FindResourceExW
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
SizeofResource

oleaut32

VariantClear
SysFreeString
VariantInit
SysAllocString

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey

api-ms-win-core-synch-l1-1-0

CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseSemaphore
CreateSemaphoreExW
DeleteCriticalSection
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapSize
GetProcessHeap
HeapFree
HeapAlloc
HeapDestroy
HeapReAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-com-l1-1-0

CoCreateInstance
StringFromGUID2
CoUninitialize
CoCreateGuid
CoTaskMemFree
CoInitializeEx
CoTaskMemAlloc

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
TraceEvent

api-ms-win-core-processthreads-l1-1-0

GetExitCodeProcess
CreateProcessW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentThread
GetCurrentProcess
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemDirectoryW
GetVersionExW
GetSystemTimeAsFileTime
GetTickCount
GetSystemWindowsDirectoryW
GetWindowsDirectoryW

ntdll

RtlGetVersion
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlIsStateSeparationEnabled
RtlImageDirectoryEntryToData
RtlImageRvaToVa

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
StartTraceW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-eventing-consumer-l1-1-0

OpenTraceW
ProcessTrace
CloseTrace

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-file-l1-1-0

DeleteFileW
GetFullPathNameW
FindFirstVolumeW
FindNextFileW
GetTempFileNameW
GetFileAttributesW
WriteFile
FindFirstFileW
GetFileSize
SetFilePointer
QueryDosDeviceW
FindClose
ReadFile
SetFilePointerEx
CreateDirectoryW
FindVolumeClose
GetFinalPathNameByHandleW
CreateFileW
FindNextVolumeW

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetTempPathW

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFileEx

api-ms-win-core-wow64-l1-1-0

Wow64RevertWow64FsRedirection
IsWow64Process
Wow64DisableWow64FsRedirection

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CollectDiagnosticsAutoLog
GatherAutoLogEventsFromMobile
RecordDiagnosticsError
SetupAutoLog
SetupAutoLogWithTraceLevel
StartAutoLog
StopAutoLog
TearDownAutoLog

Sections

.text
Size: 200KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dmwappushsvc.dll
.dll windows:10 windows x64 arch:x64

0b4f2e218b627a6ab1e562bfa8a4de7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dmwappushsvc.pdb

Imports

msvcp110_win

?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??0id@locale@std@@QEAA@_K@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Orphan_all@_Container_base0@std@@QEAAXXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
??Bid@locale@std@@QEAA_KXZ
?good@ios_base@std@@QEBA_NXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?_Add_vtordisp2@?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?flags@ios_base@std@@QEBAHXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?width@ios_base@std@@QEBA_JXZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?_Add_vtordisp1@?$basic_istream@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?width@ios_base@std@@QEAA_J_J@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?_Xbad_alloc@std@@YAXXZ
?_Add_vtordisp1@?$basic_istream@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?uncaught_exception@std@@YA_NXZ
?_BADOFF@std@@3_JB
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Add_vtordisp2@?$basic_ios@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?_Getcat@?$codecvt@DDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDH@std@@QEBAHAEAHPEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?in@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ

msvcrt

memmove
memcpy
memcmp
_CxxThrowException
??1type_info@@UEAA@XZ
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
??0bad_cast@@QEAA@AEBV0@@Z
fputc
fflush
fclose
fgetc
fwrite
fgetpos
setvbuf
ungetc
fsetpos
_fseeki64
memmove_s
wcsncmp
_wcsnicmp
memset
?terminate@@YAXXZ
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_wcsicmp
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
_vsnprintf_s
_vsnwprintf
_purecall
memcpy_s
wcscpy_s
??_V@YAXPEAX@Z
__CxxFrameHandler4
??3@YAXPEAX@Z

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

CreateEventW
CreateSemaphoreExW
WaitForSingleObjectEx
InitializeCriticalSectionEx
InitializeCriticalSection
ReleaseMutex
ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockExclusive
LeaveCriticalSection
AcquireSRWLockShared
ReleaseSRWLockExclusive
EnterCriticalSection
ReleaseSemaphore
WaitForSingleObject
DeleteCriticalSection
SetEvent
OpenSemaphoreW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister

api-ms-win-core-com-l1-1-0

CoGetClassObject
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
OpenProcessToken
TerminateProcess

api-ms-win-security-base-l1-1-0

GetTokenInformation
GetLengthSid
IsValidSid
AdjustTokenPrivileges
CopySid

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegQueryValueExW
RegOpenKeyExW
RegGetValueW
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

dmcmnutils

QueryPolicy

dmpushroutercore

PrSvcSetMessageCount
InitializePushRouter
ShutDownPushRouterSynchronously
RegisterRPCInterface
UnregisterRPCInterface
PrAreAllClientsHandled
PrSvcGetMessageCount
PrSvcDecMessageCount
PrSvcIncMessageCount
PushRouter_SubmitPushLocal

eventaggregation

EaDeleteAggregation
EaCreateAggregatedEvent

api-ms-win-core-file-l1-1-0

ReadFile
CreateFileW

oleaut32

SysAllocString
SysFreeString

rpcrt4

UuidFromStringW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-path-l1-1-0

PathCchAppend
PathAllocCombine

api-ms-win-core-firmware-l1-1-0

SetFirmwareEnvironmentVariableW
GetFirmwareEnvironmentVariableW

profapi

ord104

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

ntdll

RtlIsStateSeparationEnabled

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dpapisrv.dll
.dll windows:10 windows x64 arch:x64

efb0a41088916d0206c97e6d159c25f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dpapisrv.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
memmove
_o_wcscat_s
_o_wcscpy_s
_o_wcsncat_s
_o_wcsncpy_s
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
__std_terminate
__CxxFrameHandler4
__C_specific_handler
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_CxxThrowException
_o___std_exception_copy
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

rpcrt4

RpcServerInqDefaultPrincNameW
RpcServerRegisterIfEx
RpcBindingInqAuthClientW
RpcRevertToSelf
RpcServerInqCallAttributesW
RpcServerRegisterAuthInfoW
UuidCreate
UuidFromStringW
RpcServerRegisterIf3
RpcServerUnregisterIf
RpcBindingToStringBindingW
RpcServerUseProtseqEpW
RpcBindingFree
RpcEpResolveBinding
RpcStringFreeW
RpcNetworkIsProtseqValidW
RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
UuidCompare
RpcServerUnregisterIfEx
RpcStringBindingParseW
RpcImpersonateClient
RpcRevertToSelfEx
NdrClientCall3
NdrServerCall2
NdrServerCallAll
UuidToStringW

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
GetTokenInformation
FreeSid
AllocateAndInitializeSid
GetLengthSid
AdjustTokenPrivileges
GetSidSubAuthorityCount
EqualSid
ImpersonateSelf
CreateWellKnownSid
CopySid
SetTokenInformation
RevertToSelf
ImpersonateLoggedOnUser
IsValidSid
CheckTokenMembership
AllocateLocallyUniqueId
DuplicateToken

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegUnLoadKeyW
RegSetValueExW
RegLoadKeyW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegNotifyChangeKeyValue

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
SetThreadToken
GetCurrentThread
OpenThreadToken
GetCurrentProcess
OpenProcessToken

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalReAlloc
LocalAlloc

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetComputerNameExW
GetSystemDirectoryW
GetSystemTime
GetSystemTimeAsFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

bcrypt

BCryptGenerateSymmetricKey
BCryptGenRandom
BCryptGetProperty
BCryptDestroyKey
BCryptEncrypt
BCryptFinishHash
BCryptDestroyHash
BCryptHashData
BCryptKeyDerivation
BCryptFinalizeKeyPair
BCryptGenerateKeyPair
BCryptExportKey
BCryptImportKeyPair
BCryptDeriveKeyCapi
BCryptDecrypt
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptOpenAlgorithmProvider

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
InitializeCriticalSectionEx
ReleaseSemaphore
LeaveCriticalSection
WaitForSingleObject
CreateMutexW
EnterCriticalSection
OpenEventW
ReleaseMutex
CreateEventW
SetEvent
WaitForSingleObjectEx
DeleteCriticalSection
OpenSemaphoreW
CreateMutexExW
AcquireSRWLockShared
OpenMutexW
ReleaseSRWLockShared
InitializeSRWLock
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSection

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
VirtualQuery

api-ms-win-core-file-l1-1-0

CompareFileTime
FlushFileBuffers
GetFileSize
FindNextFileW
SetEndOfFile
FindClose
CreateFileW
WriteFile
ReadFile
FindFirstFileW
DeleteFileW
SetFilePointer

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

cryptbase

SystemFunction040
SystemFunction041

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameW
GetModuleHandleExW
GetModuleFileNameA
GetProcAddress

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

ncrypt

NCryptOpenStorageProvider
NCryptFinalizeKey
NCryptCreatePersistedKey
NCryptSetProperty
NCryptFreeObject

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

lsasrv

LsaILookupUserAccountType
LsaIDeriveCredentialKey

ntasn1

ord4
ord5

lsass.exe

LsaGetInterface

ntdll

RtlLeaveCriticalSection
NtOpenEvent
NtCreateEvent
RtlDosPathNameToRelativeNtPathName_U
RtlReleaseRelativeName
RtlFreeHeap
NtCreateFile
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
EtwEventUnregister
RtlEnterCriticalSection
RtlImageNtHeader
RtlDeleteCriticalSection
RtlGetCurrentServiceSessionId
NtQueryInformationProcess
EtwEventWriteTransfer
EtwEventActivityIdControl
RtlEqualDomainName
RtlNtStatusToDosError
RtlFreeUnicodeString
RtlUpcaseUnicodeString
RtlInitUnicodeString
RtlIsStateSeparationEnabled
EtwTraceMessage
RtlInitializeCriticalSection
NtPrivilegeCheck
NtOpenThreadToken
NtClose
EtwEventRegister
NtQueryInformationToken
RtlEqualSid

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation
EventWriteTransfer

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

InitializeLsaExtension
QueryLsaInterface

Sections

.text
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drvinst.exe
.exe windows:10 windows x64 arch:x64

55e58b8efedf7dc9bbf10b3b22ba9c77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

drvinst.pdb

Imports

msvcrt

strncmp
wcsstr
memcmp
memcpy
memmove
?terminate@@YAXXZ
_onexit
__dllonexit
qsort
wcsrchr
_wcslwr
_lock
_resetstkoflw
_commode
toupper
_fmode
_unlock
wcschr
_initterm
_wcsnicmp
__setusermatherr
_vsnprintf
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
swscanf
_vsnwprintf
_wcsicmp
__C_specific_handler
memmove_s
_purecall
??3@YAXPEAX@Z
memcpy_s
wcsncmp
memset

ntdll

EtwEventWriteTransfer
EtwEventSetInformation
RtlIsStateSeparationEnabled
NtFlushBuffersFileEx
NtDeleteValueKey
NtSetValueKey
NtQueryValueKey
NtQueryKey
NtCreateKey
NtOpenKey
RtlInitUnicodeString
RtlFreeUnicodeString
RtlFormatCurrentUserKeyPath
RtlUpcaseUnicodeString
RtlRandomEx
RtlPrefixUnicodeString
RtlInitUnicodeStringEx
NtClose
NtSetInformationFile
NtQueryInformationFile
RtlGetVersion
RtlNtStatusToDosErrorNoTeb
RtlUpcaseUnicodeChar
ZwQueryValueKey
ZwOpenKey
ZwQuerySystemInformation
ZwClose
RtlFreeHeap
RtlReAllocateHeap
RtlAllocateHeap
RtlAppendUnicodeToString
ZwEnumerateValueKey
NtSystemDebugControl
RtlAppendUnicodeStringToString
RtlDosPathNameToNtPathName_U_WithStatus
ZwCreateFile
RtlRunOnceExecuteOnce
RtlCopyUnicodeString
ZwOpenFile
ZwEnumerateKey
ZwQueryInformationFile
ZwCreateSection
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwQueryDirectoryFile
RtlpEnsureBufferSize
RtlNtPathNameToDosPathName
RtlGetNativeSystemInformation
RtlInitString
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
RtlUnicodeStringToAnsiString
LdrResSearchResource
VerSetConditionMask
RtlVerifyVersionInfo
RtlImageDirectoryEntryToData
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtQuerySystemInformation
EtwEventRegister
EtwEventUnregister
RtlNtStatusToDosError
NtQueryInformationProcess
DbgPrintEx
RtlGUIDFromString

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA
GetModuleHandleExA
GetModuleHandleExW
GetModuleFileNameA
LoadResource
GetModuleHandleW
LoadLibraryExW
GetProcAddress
FreeLibrary
LockResource

api-ms-win-core-synch-l1-1-0

ReleaseMutex
SetEvent
CreateMutexW
WaitForSingleObject
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
SleepEx
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
CreateMutexExW
WaitForMultipleObjectsEx
CreateEventW
DeleteCriticalSection
AcquireSRWLockShared
OpenEventW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapSetInformation
HeapReAlloc
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
GetLastError
SetUnhandledExceptionFilter
SetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
ExitProcess
TerminateProcess
CreateThread
GetExitCodeThread
GetCurrentProcessId
OpenProcessToken
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

LCMapStringW
GetThreadLocale
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

api-ms-win-devices-config-l1-1-1

CM_Set_DevNode_PropertyW
CM_Get_DevNode_Status
CM_Locate_DevNodeW
CM_Get_Sibling
CM_MapCrToWin32Err
CM_Get_DevNode_Registry_PropertyW
CM_Get_Class_PropertyW
CM_Set_DevNode_Registry_PropertyW
CM_Get_Child
CM_Get_DevNode_PropertyW
CM_Open_DevNode_Key
CM_Setup_DevNode
CM_Get_Device_IDW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW
GetCommandLineA

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemTime
GetSystemWindowsDirectoryW
GetWindowsDirectoryW
GetTickCount64
GetSystemInfo

api-ms-win-security-base-l1-1-0

InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
IsValidSid
DuplicateTokenEx
AddAccessAllowedAceEx
GetLengthSid
GetTokenInformation
FreeSid
CheckTokenMembership
AllocateAndInitializeSid

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateDirectoryW
FindClose
FindFirstFileW
FlushFileBuffers
SetEndOfFile
SetFilePointer
FindNextFileW
SetFileAttributesW
GetFileSize
GetFileInformationByHandle
GetTempFileNameW
CreateFileW
GetFileAttributesExW
WriteFile
DeleteFileW
GetFullPathNameW
GetFinalPathNameByHandleW
FileTimeToLocalFileTime

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegEnumValueW
RegDeleteTreeW
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegCreateKeyExW
RegFlushKey
RegCloseKey

api-ms-win-core-file-l2-1-0

CopyFileExW
CreateHardLinkW
MoveFileExW

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-security-provider-l1-1-0

SetSecurityInfo
SetEntriesInAclW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterFile

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-apiquery-l2-1-0

IsApiSetImplemented

Sections

.text
Size: 248KB - Virtual size: 246KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dsreg.dll
.dll windows:10 windows x64 arch:x64

4630f1f4cf14597542f909a5af9ae2ba

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:ec:7d:f3:a8:ea:6e:d3:30:33:9f:2f:f1:f4:e9:89:12:d9:42:44:e2:50:22:61:e2:82:35:9b:7c:70:ce:8b
Signer

Actual PE Digest

05:ec:7d:f3:a8:ea:6e:d3:30:33:9f:2f:f1:f4:e9:89:12:d9:42:44:e2:50:22:61:e2:82:35:9b:7c:70:ce:8b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dsreg.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__fseeki64
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__lock_file
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__unlock_file
_o__wcserror
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
memmove
_o__wfopen_s
_o__wtof
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fgetwc
_o_fputwc
_o_free
_o_fsetpos
_o_fwrite
_o_getchar
_o_isalpha
_o_isdigit
_o_iswspace
_o_isxdigit
_o_malloc
_o_memcpy_s
_o_realloc
_o_setvbuf
_o_strncpy_s
_o_strtol
_o_terminate
_o_ungetc
_o_ungetwc
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok_s
__C_specific_handler
__current_exception
__current_exception_context
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf_s
_o___stdio_common_vfwprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__difftime64
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswscanf
_o___acrt_iob_func
_o___stdio_common_vswprintf
_CxxThrowException
__CxxFrameHandler4
__std_terminate
wcschr
wcsstr
strchr
wcsrchr
__CxxFrameHandler3
memcmp
_o___stdio_common_vsprintf_s
memcpy

api-ms-win-crt-string-l1-1-0

wcsnlen
wcscspn
wcscmp
memset
wcsncpy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
ExitThread
GetCurrentProcess
OpenProcessToken
GetCurrentThreadId
GetCurrentProcessId
CreateThread
GetCurrentThread
OpenThreadToken

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetComputerNameExW
GetSystemTime
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
FreeLibraryAndExitThread
FreeLibrary
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExA

msvcp_win

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?clear@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEBA?AVlocale@2@XZ
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGD@Z
?put@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@G@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?widen@?$ctype@G@std@@QEBAGD@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?unshift@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
_Wcsxfrm
?id@?$ctype@G@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$collate@G@std@@2V0locale@2@A
?_Xbad_alloc@std@@YAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Wcscoll
?_Xout_of_range@std@@YAXPEBD@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?_Random_device@std@@YAIXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z

api-ms-win-crt-time-l1-1-0

_time32
_time64

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventActivityIdControl
EventRegister
EventSetInformation
EventUnregister

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalFree
LocalAlloc

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
WaitForSingleObjectEx
CreateSemaphoreExW
InitializeCriticalSection
ReleaseSRWLockExclusive
OpenSemaphoreW
ResetEvent
WaitForMultipleObjectsEx
InitializeCriticalSectionAndSpinCount
ReleaseMutex
CreateEventW
WaitForSingleObject
CreateMutexW
InitializeCriticalSectionEx
SetEvent
LeaveCriticalSection
ReleaseSRWLockShared
ReleaseSemaphore
EnterCriticalSection
CreateMutexExW
AcquireSRWLockShared
OpenMutexW
CreateEventExW
DeleteCriticalSection

api-ms-win-security-base-l1-1-0

GetLengthSid
AllocateAndInitializeSid
IsValidSid
FreeSid
CopySid
CheckTokenMembership
DuplicateToken
GetTokenInformation
AdjustTokenPrivileges
EqualSid

api-ms-win-core-registry-l1-1-0

RegFlushKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyExW
RegDeleteValueW
RegCloseKey
RegEnumKeyExW
RegSetValueExW
RegDeleteTreeW
RegQueryValueExW
RegQueryInfoKeyW
RegGetValueW
RegLoadKeyW
RegUnLoadKeyW
RegOpenCurrentUser

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-localization-l1-2-0

FormatMessageW

ntdll

RtlIsMultiSessionSku
RtlGetDeviceFamilyInfoEnum
ZwQueryLicenseValue
RtlPublishWnfStateData
RtlGetVersion
RtlGetPersistedStateLocation

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW
StrChrNW
StrRStrIW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringEx
MultiByteToWideChar
CompareStringW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-file-l1-1-0

DeleteFileW
GetTempFileNameW
CompareFileTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-console-l1-2-0

FreeConsole

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DsrBeginDelegatedWorkplaceJoin
DsrBeginDeviceAndResourceAccountJoin
DsrBeginDeviceAndResourceAccountJoinEx
DsrBeginDeviceJoin
DsrBeginDeviceJoinEx
DsrBeginDeviceUnjoin
DsrBeginDeviceUpdate
DsrBeginDiscover
DsrBeginPreprovisionedDeviceJoin
DsrBeginPreprovisionedDeviceJoinEx
DsrBeginRecovery
DsrBeginWorkplaceJoin
DsrBeginWorkplaceUnjoin
DsrBeginWorkplaceUpdate
DsrCLI
DsrCanCurrentUserProvisionNgcKey
DsrCanCurrentUserResetNgcKey
DsrDeviceHostNameUpdate
DsrEndRecovery
DsrFreeCxhScenarioInfo
DsrFreeDiscoveryMetadata
DsrFreeDomainRegistrationData
DsrFreeJoinInfo
DsrFreeJoinInfoEx
DsrGetCurrentUserNgcProvisionStatus
DsrGetCxhScenarioInfo
DsrGetDomainRegistrationData
DsrGetJoinInfo
DsrGetJoinInfoEx
DsrGetPrtAuthorityInfo
DsrGetResourceAccount
DsrIsDeviceJoined
DsrIsDeviceJoinedEx
DsrIsWorkplaceJoined
DsrSaveDeviceTokenProperties
DsrSaveWorkplaceTokenProperties
DsrWriteAutoJoinSvcAdminEvent
DsrWriteAutoJoinSvcDebugEvent
DsrWriteAutoJoinSvcTriggerEvent
FidoDeregisterKey
FidoRegisterKey
NgcDeregisterKey
NgcGetKeyId
NgcGetLogonCertPolicy
NgcGetStatistics
NgcIncrementPinRetryAttempts
NgcNeedProvision
NgcNeedProvisionForAccount
NgcReadRegistryValue
NgcRegisterKey
NgcResetPinRetryAttempts
NgcUpdateCertEnrollStatistics
NgcUpdateStatistics

Sections

.text
Size: 692KB - Virtual size: 691KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 436KB - Virtual size: 433KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dsregcmd.exe
.exe windows:10 windows x64 arch:x64

573605d3b41edde239167a3c72371f8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

dsregcmd.pdb

Imports

msvcp_win

??0_Lockit@std@@QEAA@H@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?widen@?$ctype@G@std@@QEBAGD@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Random_device@std@@YAIXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_J@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPEBD@Z
?id@?$ctype@G@std@@2V0locale@2@A
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??1_Lockit@std@@QEAA@XZ

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm
_register_thread_local_exe_atexit_callback
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__get_initial_wide_environment
_o__gmtime64_s
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__mbsinc
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__cexit
_o__strlwr_s
_o__ultoa_s
_o__errno
_o__wcsicmp
_o__wcslwr_s
memmove
_o__wtoi
_o__wtol
_o_calloc
_o_ceilf
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsftime
_o_wcsncpy_s
_o_wmemcpy_s
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_o__callnewh
_o__beginthreadex
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
_o__difftime64
_o__crt_atexit
__std_terminate
__CxxFrameHandler4
_o__configure_wide_argv
_o__configthreadlocale
wcschr
wcsstr
__std_type_info_compare
_o__exit
_CxxThrowException
__C_specific_handler_noexcept
__RTDynamicCast
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsnlen
wcspbrk
wcsspn
wcsncmp
memset
strncmp
wcscspn
wcscmp

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentThread
OpenProcessToken
GetCurrentThreadId
TerminateThread
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetExitCodeThread

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
FlushInstructionCache

api-ms-win-core-libraryloader-l1-2-0

LoadResource
FindResourceExW
GetModuleHandleW
GetModuleFileNameW
GetProcAddress
LockResource
SizeofResource
LoadLibraryExA

dsreg

DsrCLI

oleaut32

VariantCopy
VariantChangeType
LoadTypeLi
DispCallFunc
SysAllocStringLen
VariantInit
VarBstrCmp
VariantClear
SysStringByteLen
OleCreateFontIndirect
GetErrorInfo
SysAllocString
LoadRegTypeLi
SysFreeString
SysStringLen

api-ms-win-core-com-l1-1-0

CoGetClassObject
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemAlloc
CLSIDFromString
CoCreateGuid
CoUninitialize
CoInitializeEx
StringFromGUID2
CLSIDFromProgID

winhttp

WinHttpSetCredentials
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpSetStatusCallback
WinHttpCloseHandle
WinHttpOpen
WinHttpReceiveResponse
WinHttpCrackUrl
WinHttpConnect

wininet

InternetOpenW
InternetCloseHandle
InternetSetOptionW

crypt32

CryptFindOIDInfo
CryptAcquireCertificatePrivateKey
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CertOpenStore

bcrypt

BCryptDestroyHash
BCryptGetProperty
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptOpenAlgorithmProvider

ncrypt

NCryptFreeObject
NCryptDeleteKey
NCryptSignHash

gdi32

GetObjectW
GetStockObject
DeleteDC
BitBlt
SelectObject
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
GetDeviceCaps

userenv

UnloadUserProfile

secur32

GetUserNameExW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
GlobalAlloc

api-ms-win-core-synch-l1-1-0

SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ResetEvent
WaitForSingleObjectEx
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
CreateEventW

api-ms-win-rtcore-ntuser-window-l1-1-0

DestroyWindow
ClientToScreen
GetClassNameW
IsWindow
SendMessageW
GetMessageW
TranslateMessage
DispatchMessageW
SetWindowPos
PostThreadMessageW
ScreenToClient
MoveWindow
GetClientRect
GetWindow
RegisterWindowMessageW
GetDesktopWindow
GetWindowTextW
SetWindowTextW
GetWindowLongW
SetWindowLongW
CallWindowProcW
GetParent
IsChild
GetFocus
SetFocus
CreateWindowExW
PostMessageW
PostQuitMessage
DefWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
GetClassInfoExW
RegisterClassExW
SetTimer

api-ms-win-rtcore-ntuser-draw-l1-1-0

RedrawWindow

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-security-cryptoapi-l1-1-0

CryptDestroyHash
CryptSignHashW
CryptReleaseContext
CryptHashData
CryptCreateHash

api-ms-win-eventlog-legacy-l1-1-0

DeregisterEventSource
RegisterEventSourceW
ReportEventW

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCreateKeyExW
RegCloseKey

api-ms-win-core-handle-l1-1-0

CloseHandle

wkscli

NetGetJoinInformation

netutils

NetApiBufferFree

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-security-base-l1-1-0

GetTokenInformation
CopySid
GetLengthSid
EqualDomainSid
IsValidSid

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapFree
HeapAlloc
HeapSize
GetProcessHeap
HeapDestroy

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-crt-time-l1-1-0

_time64

user32

GetWindowTextLengthW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
BeginPaint
LoadIconW
GetKeyState
UnregisterClassA
EndPaint
GetDlgItem
GetSysColor
CreateAcceleratorTableW
SetCapture
ReleaseCapture
FillRect
InvalidateRgn
InvalidateRect
LoadCursorW
DestroyAcceleratorTable
ReleaseDC
GetDC

ole32

OleLockRunning
OleUninitialize
OleRun
OleInitialize

Sections

.text
Size: 292KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dsregtask.dll
.dll regsvr32 windows:10 windows x64 arch:x64

188a17cbd89822508de24339fe70be7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dsregtask.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsdup
_o_free
_o_malloc
__C_specific_handler
_o___stdio_common_vswprintf
_o___std_type_info_destroy_list

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-com-l1-1-0

StringFromCLSID
CoTaskMemFree

api-ms-win-core-synch-l1-1-0

SetEvent
WaitForSingleObject
CreateEventExW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleFileNameW
FreeLibraryAndExitThread
DisableThreadLibraryCalls
GetModuleHandleExW

api-ms-win-core-registry-l1-1-0

RegDeleteKeyExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW

api-ms-win-rtcore-ntuser-window-l1-1-0

PeekMessageW
DispatchMessageW
TranslateMessage

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
ResumeThread
TerminateProcess
GetCurrentProcess
CreateThread
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjects

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

dsreg

DsrBeginDeviceUpdate

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-string-l1-1-0

CompareStringEx

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dtdump.exe
.exe windows:10 windows x64 arch:x64

80a2be6c8bc4364d8eed8759fefbe837

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

dtdump.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

strcspn
memset

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsicmp
_o__wcsnicmp
_o__wcstoi64
_o__wcstoui64
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o___std_exception_destroy
_o___stdio_common_vsnprintf_s
_o___std_exception_copy
_o___p__commode
__std_terminate
__CxxFrameHandler4
_o___p___wargv
_o___p___argc
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
EnterCriticalSection
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSemaphore
ReleaseSRWLockExclusive
ReleaseMutex
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dwmredir.dll
.dll windows:10 windows x64 arch:x64

f9e23fa7b80b1fd04b768580b28e5f14

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dwmredir.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__crt_atexit
__C_specific_handler
_o__errno
_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o___stdio_common_vswprintf
_o___std_type_info_destroy_list
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleFileNameA
DisableThreadLibraryCalls
LoadLibraryExA
GetModuleHandleExW
FreeLibrary

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
CreateSemaphoreExW
ReleaseMutex
ReleaseSRWLockExclusive
EnterCriticalSection
InitializeCriticalSection
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
AcquireSRWLockExclusive
OpenSemaphoreW
WaitForSingleObjectEx
WaitForSingleObject

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetThreadId
GetCurrentProcessId
ProcessIdToSessionId
TerminateProcess
TerminateThread
GetCurrentThread
CreateThread
GetCurrentThreadId
SetThreadPriority
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount64
GetTickCount

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead
InterlockedFlushSList

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-3

TerminateProcessOnMemoryExhaustion

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

ntdll

EtwEventRegister
RtlEnumerateGenericTableWithoutSplaying
RtlLookupElementGenericTable
RtlInsertElementGenericTable
RtlDeleteElementGenericTable
EtwEventSetInformation
EtwEventUnregister
RtlInitUnicodeString
NtCreateWaitablePort
NtReplyPort
RtlNumberGenericTableElements
RtlIsGenericTableEmpty
NtAlpcSendWaitReceivePort
NtAcceptConnectPort
NtCompleteConnectPort
NtReplyWaitReceivePort
EtwEventWriteTransfer
NtQuerySystemInformation
DbgPrintEx
DbgPrompt
RtlInitializeGenericTable

user32

DwmValidateWindow
SignalRedirectionStartComplete
EnableSessionForMMCSS
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
IntersectRect
GetSystemMetrics
GetWindowThreadProcessId
ord2572
ReleaseDC
GetDC
ord2635
PostMessageW
IsWindowInDestroy
IsWindow
GetWindowRect
GetWindowDpiAwarenessContext
SetThreadDpiAwarenessContext
EqualRect
GetWindowCompositionAttribute
CheckProcessSession
GetGuiResources

gdi32

CombineRgn
GetRegionData
GetDCDpiScaleValue
CreateRectRgn
CreateCompatibleDC
CreateDIBSection
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
ExtCreateRegion
DeleteObject
ord1007

dwmcore

MilCompositionEngine_CreateChannel

win32u

NtCreateImplicitCompositionInputSink

dcomp

ord1060

coremessaging

CoreUICreateEx

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DwmInitializePort
DwmRedirectionManagerInitialize
DwmRedirectionManagerShutdown

Sections

.text
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 716B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dxgi.dll
.dll windows:10 windows x64 arch:x64

afa6d600f7e60e10922da7444d5c669f

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:8b:94:0f:5d:22:f0:44:9a:fd:0e:7d:e5:85:1a:ff:3c:8a:44:12:00:88:3b:bb:61:cc:43:b1:0f:43:7b:a8
Signer

Actual PE Digest

27:8b:94:0f:5d:22:f0:44:9a:fd:0e:7d:e5:85:1a:ff:3c:8a:44:12:00:88:3b:bb:61:cc:43:b1:0f:43:7b:a8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dxgi.pdb

Imports

msvcp_win

_Mtx_init_in_situ
_Mtx_destroy_in_situ
?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_lock
?_Xbad_function_call@std@@YAXXZ
_Mtx_unlock

api-ms-win-crt-string-l1-1-0

strncmp
wcsspn
memset
wcsncmp
wcscspn

api-ms-win-crt-math-l1-1-0

_finite

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__wcsicmp
memmove
_o__wcsnicmp
_o_atoi
_o_ceil
_o_ceilf
_o_free
_o_malloc
_o_pow
_o_powf
_o_terminate
_o_tolower
_o_wcstombs_s
__current_exception
__current_exception_context
_CxxThrowException
wcschr
wcsrchr
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o__execute_onexit_table
_o__errno
_o___std_exception_copy
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
__C_specific_handler_noexcept
memchr
_o___stdio_common_vsnprintf_s
memcmp
memcpy

ntdll

RtlReAllocateHeap
RtlAllocateHeap
ZwEnumerateValueKey
RtlDosPathNameToNtPathName_U_WithStatus
ZwCreateFile
NtQueryInformationFile
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlRunOnceExecuteOnce
NtQueryWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlPublishWnfStateData
EtwEventWriteNoRegistration
ZwClose
EtwEventUnregister
EtwEventRegister
RtlIsMultiSessionSku
RtlCaptureStackBackTrace
EtwEventWrite
EtwEventWriteTransfer
ZwOpenKey
ZwQueryValueKey
ZwQuerySystemInformation
RtlGetVersion
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlInitUnicodeString
EtwEventSetInformation
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUpcaseUnicodeChar
RtlGetNativeSystemInformation
RtlFreeUnicodeString
ZwQueryDirectoryFile
RtlpEnsureBufferSize
RtlNtPathNameToDosPathName
ZwOpenFile
ZwEnumerateKey
RtlInitUnicodeStringEx
ZwQueryInformationFile
ZwCreateSection
RtlInitString
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
ZwUnmapViewOfSection
ZwMapViewOfSection
LdrResSearchResource
VerSetConditionMask
RtlVerifyVersionInfo
RtlImageDirectoryEntryToData
RtlFreeHeap
RtlIsCriticalSectionLockedByThread

win32u

NtQueryCompositionSurfaceStatistics
NtUnBindCompositionSurface
NtBindCompositionSurface

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
GetProcAddress
GetModuleHandleW
GetModuleHandleExW
GetModuleHandleExA
GetModuleHandleA
GetModuleFileNameA
GetModuleFileNameW
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

OpenMutexW
CreateMutexW
ResetEvent
CreateSemaphoreExW
EnterCriticalSection
ReleaseSemaphore
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
InitializeCriticalSection
InitializeSRWLock
TryEnterCriticalSection
CreateEventA
SetEvent
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
InitializeCriticalSectionEx
CreateEventExW
WaitForSingleObject
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolWait
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
CreateThread
GetCurrentProcess
GetProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

GetHandleInformation
CompareObjectHandles
DuplicateHandle
CloseHandle

api-ms-win-security-base-l1-1-0

GetSidLengthRequired
AddMandatoryAce
CheckTokenMembership
GetSidSubAuthority
IsValidSid
AllocateLocallyUniqueId
AddAccessAllowedAce
InitializeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
SetKernelObjectSecurity
GetLengthSid
FreeSid
InitializeAcl

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA
LoadLibraryW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpA
lstrcmpW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetVersionExA
GlobalMemoryStatusEx
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-registry-l1-1-0

RegQueryValueExA
RegEnumKeyExA
RegGetValueA
RegGetValueW
RegOpenKeyExW
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegNotifyChangeKeyValue
RegQueryValueExW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-core-psapi-l1-1-0

K32GetModuleInformation

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-atoms-l1-1-0

GlobalAddAtomA

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

kernelbase

BaseFormatObjectAttributes

api-ms-win-core-file-l1-1-0

CreateFileA
GetFileSize

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ApplyCompatResolutionQuirking
CompatString
CompatValue
CreateDXGIFactory
CreateDXGIFactory1
CreateDXGIFactory2
DXGID3D10CreateDevice
DXGID3D10CreateLayeredDevice
DXGID3D10GetLayeredDeviceSize
DXGID3D10RegisterLayers
DXGIDeclareAdapterRemovalSupport
DXGIDisableVBlankVirtualization
DXGIDumpJournal
DXGIGetDebugInterface1
DXGIReportAdapterConfiguration
PIXBeginCapture
PIXEndCapture
PIXGetCaptureState
SetAppCompatStringPointer
UpdateHMDEmulationStatus

Sections

.text
Size: 636KB - Virtual size: 634KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
edgehtml.dll
.dll windows:10 windows x64 arch:x64

0de968ca1f68c5f4df7cd0ac037ffdd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

edgehtml.pdb

Imports

msvcrt

wcstol
wcsrchr
iswalnum
_wcslwr_s
_wcslwr
_ui64tow_s
_wcstoui64
_itow_s
_wcsupr_s
sprintf_s
__ExceptionPtrCreate
__ExceptionPtrDestroy
__ExceptionPtrToBool
__ExceptionPtrRethrow
__ExceptionPtrCopy
_i64tow_s
abort
modf
_isnan
_fpclass
strncmp
_ltow
_aligned_free
_aligned_malloc
strstr
iswcntrl
tolower
_wcsupr
_wcsrev
wcstok_s
towlower
_stricmp
_wtoi64
time
_set_errno
_errno
_controlfp_s
malloc
free
realloc
iswpunct
iswascii
_resetstkoflw
_ultoa_s
mbstowcs
calloc
_mbscmp
strncpy_s
_ismbcdigit
_mbschr
strtol
strchr
_mbsstr
_mbsspn
_mbscspn
_mbsicmp
wcsncat_s
floor
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
iswspace
swscanf_s
isalpha
isxdigit
isdigit
??0exception@@QEAA@AEBQEBD@Z
__mb_cur_max
?what@exception@@UEBAPEBDXZ
_strlwr_s
strcpy_s
wcstombs_s
strrchr
wcsstr
iswxdigit
_wcsdup
??8type_info@@QEBAHAEBV0@@Z
__crtCompareStringW
__crtCompareStringA
__crtLCMapStringW
__crtLCMapStringA
_wsetlocale
___lc_handle_func
setlocale
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
___mb_cur_max_func
___lc_codepage_func
_ismbblead
ldexp
strcspn
??0bad_cast@@QEAA@PEBD@Z
localeconv
??0bad_cast@@QEAA@AEBV0@@Z
??1bad_cast@@UEAA@XZ
memset
__pctype_func
isupper
islower
_Getdays
_Getmonths
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
_Gettnames
_Strftime
isspace
memchr
___lc_collate_cp_func
memcmp
sqrt
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
wcscat_s
wcscpy_s
vswprintf_s
isalnum
expf
exp
cosf
cos
ceilf
ceil
tan
wcstod
wcstoul
qsort
bsearch_s
qsort_s
iswalpha
iswdigit
_finite
_ltow_s
_ultow_s
wcsnlen
_wtol
swprintf_s
bsearch
_wtof
_wtoi
sqrtf
sinf
_HUGE
_wcsnicmp
wcsncmp
wcschr
tanf
sin
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_vsnprintf
powf
pow
_unlock
_lock
_wcsicmp
__C_specific_handler
memmove_s
_vsnwprintf
wcsncpy_s
memcpy_s
_purecall
log10f
iswprint
_statusfp
_clearfp
iswlower
strtoul
wcsspn
wcscspn
fwrite
strnlen
__uncaught_exception
wcstok
log
towupper
floorf
fmodf
fmod
__CxxFrameHandler4
logf
__iob_func
acos
acosf
asin
asinf
atan
atan2
atan2f
atanf
wcscmp

chakra

MemProtectHeapUnrootAndZero
JsQueueBackgroundParse
RecyclerNativeHeapAllocTraced
RecyclerNativeHeapAllocTracedFinalized
MemProtectHeapNotifyCurrentThreadDetach
RecyclerNativeHeapAddExternalMemoryUsage
MemProtectHeapDestroy
RecyclerNativeHeapRootAddRef
RecyclerNativeHeapRootRelease
RecyclerNativeHeapGetStrongReference
JsVarToExtension
MemProtectHeapRootAlloc
MemProtectHeapCreate
RecyclerNativeHeapCreateWeakReference
MemProtectHeapReportHeapSize
RecyclerNativeHeapGetRealAddressFromInterior
MemProtectHeapDisableCollection
MemProtectHeapRootRealloc
RecyclerNativeHeapCollectGarbageInThread
MemProtectHeapProtectCurrentThread
MemProtectHeapUnprotectCurrentThread
MemProtectHeapSynchronizeWithCollector
JsCreateThreadService
JsDiscardBackgroundParse

ntdll

RtlReleaseSRWLockExclusive
NtQueryInformationProcess
NtQuerySystemInformation
NtPowerInformation
RtlAcquireSRWLockExclusive
RtlGetSuiteMask
RtlCaptureContext
RtlGetDeviceFamilyInfoEnum
NtClose
RtlIpv6AddressToStringExW
RtlIpv4AddressToStringExW
RtlDllShutdownInProgress
VerSetConditionMask
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlNtStatusToDosError

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
LockResource
LoadLibraryExA
FreeLibrary
LoadResource
FreeLibraryAndExitThread
GetModuleHandleW
GetProcAddress
LoadStringW
SizeofResource
GetModuleHandleExA
FindResourceExW
GetModuleFileNameA
GetModuleHandleExW
LoadLibraryExW

api-ms-win-core-localization-l1-2-0

IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoEx
GetCPInfo
GetUserDefaultLangID
GetLocaleInfoW
GetUserGeoID
GetGeoInfoW
IsValidLocaleName
GetUserDefaultLocaleName
FormatMessageW
ResolveLocaleName
IsDBCSLeadByte
LCMapStringEx
LocaleNameToLCID
SetThreadPreferredUILanguages
GetACP
IsDBCSLeadByteEx
GetThreadUILanguage
GetSystemDefaultLCID

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA
DebugBreak

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventUnregister
EventRegister
EventWriteTransfer
EventSetInformation
EventWriteEx
EventActivityIdControl

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
LeaveCriticalSection
OpenEventW
OpenSemaphoreW
WaitForSingleObject
CreateMutexW
InitializeCriticalSection
WaitForSingleObjectEx
InitializeCriticalSectionEx
CreateEventW
ReleaseSRWLockShared
SetEvent
ReleaseMutex
ReleaseSemaphore
TryEnterCriticalSection
EnterCriticalSection
ReleaseSRWLockExclusive
InitializeSRWLock
CreateEventExW
CreateSemaphoreExW
ResetEvent
DeleteCriticalSection
WaitForMultipleObjectsEx
AcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
CreateMutexExW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
SetErrorMode
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TlsFree
TlsSetValue
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
OpenProcessToken
TlsGetValue
ProcessIdToSessionId
TerminateProcess
GetProcessIdOfThread
GetProcessId
CreateThread
ResumeThread
ExitProcess
OpenThread
GetExitCodeProcess
CreateProcessAsUserW
OpenThreadToken
CreateProcessW
SetThreadPriority
GetCurrentThread
GetThreadPriority
TlsAlloc
QueueUserAPC
GetProcessTimes

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSize
HeapDestroy
HeapSetInformation
HeapAlloc
HeapFree
HeapReAlloc

api-ms-win-core-fibers-l1-1-0

FlsSetValue
FlsFree
FlsAlloc

api-ms-win-core-memory-l1-1-0

FlushViewOfFile
MapViewOfFileEx
MapViewOfFile
OpenFileMappingW
VirtualProtect
VirtualQuery
CreateFileMappingW
VirtualFree
VirtualAlloc
UnmapViewOfFile

api-ms-win-core-atoms-l1-1-0

DeleteAtom
AddAtomW
FindAtomW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemInfo
GetSystemTime
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetLocalTime
GetVersionExW
GetSystemTimeAdjustment
GetSystemDirectoryW
GetVersionExA
GetLogicalProcessorInformation
GetTickCount
GlobalMemoryStatusEx

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceInitialize
SleepConditionVariableSRW
WakeByAddressAll
WakeAllConditionVariable
InitOnceExecuteOnce
SleepConditionVariableCS
WaitOnAddress
InitOnceComplete
InitOnceBeginInitialize
InitializeConditionVariable

api-ms-win-core-path-l1-1-0

PathCchAddExtension
PathCchCanonicalize
PathCchRemoveExtension
PathCchAppendEx
PathCchCombine
PathCchCombineEx
PathAllocCombine
PathCchAppend
PathCchCanonicalizeEx

api-ms-win-core-shlwapi-legacy-l1-1-0

PathStripPathW
PathSearchAndQualifyW
PathFileExistsW
PathMatchSpecW
PathFindFileNameW
PathUnquoteSpacesW
SHExpandEnvironmentStringsW
PathIsFileSpecW
PathFindExtensionW
PathIsRelativeW
IsCharSpaceW
PathGetCharTypeW
PathRemoveFileSpecW
PathGetDriveNumberW
PathIsUNCW

api-ms-win-core-file-l1-1-0

FindNextFileW
SetFileAttributesW
CompareFileTime
CreateDirectoryW
SetEndOfFile
GetFileTime
FileTimeToLocalFileTime
GetDiskFreeSpaceExW
SetFilePointerEx
FindFirstChangeNotificationW
GetFullPathNameW
FindFirstFileW
RemoveDirectoryW
GetFileSizeEx
GetFileAttributesW
GetLongPathNameW
FindClose
FindNextChangeNotification
GetFileAttributesExW
GetFileSize
GetFullPathNameA
FindCloseChangeNotification
ReadFile
WriteFile
SetFilePointer
GetFileType
CreateFileW
FindFirstFileExW
GetTempFileNameW
DeleteFileW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrA
StrCmpICA
StrStrIA
StrCmpNCW
StrToIntA
StrCmpNIW
StrCmpNICW
StrChrA
StrTrimW
StrToIntW
StrToInt64ExW
StrCmpNW
StrChrNW
StrStrIW
StrCmpNICA
StrCSpnW
StrPBrkW
StrCmpIW
StrStrW
StrChrNIW
StrRStrIW
QISearch
StrCmpCW
StrToIntExW
StrChrW
StrCmpW
StrCmpICW
StrDupW

api-ms-win-ntuser-sysparams-l1-1-0

SystemParametersInfoW
GetMonitorInfoW
GetSystemMetrics
EnumDisplaySettingsW

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId
RegisterWaitForSingleObject
GetComputerNameW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolTimer
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolTimer
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolCleanupGroup
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolWait
CallbackMayRunLong
CreateThreadpool
CloseThreadpoolCleanupGroupMembers
TrySubmitThreadpoolCallback
CloseThreadpool
SetThreadpoolThreadMinimum
CreateThreadpoolCleanupGroup
SetThreadpoolThreadMaximum

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-string-l2-1-0

CharUpperW
CharLowerW
CharLowerBuffW
CharNextW
IsCharAlphaNumericW

api-ms-win-core-url-l1-1-0

UrlCombineW
UrlCanonicalizeW
UrlIsW
GetAcceptLanguagesW
UrlEscapeW
UrlIsNoHistoryW
UrlCreateFromPathW
UrlApplySchemeW
UrlGetPartW
UrlGetLocationW
PathIsURLW
UrlUnescapeW
PathCreateFromUrlW
HashData
ParseURLW

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName
GetSystemDefaultLocaleName

api-ms-win-security-base-l1-1-0

GetTokenInformation
InitializeAcl
GetLengthSid
DuplicateTokenEx
IsValidSid
GetSidSubAuthority
CopySid
AddAccessAllowedAce
GetSidSubAuthorityCount
AllocateLocallyUniqueId

api-ms-win-core-kernel32-legacy-l1-1-1

PowerSetRequest
PowerClearRequest
VerifyVersionInfoW
PowerCreateRequest

api-ms-win-core-processthreads-l1-1-1

OpenProcess
GetProcessMitigationPolicy

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalFree
LocalReAlloc
GlobalFree
LocalAlloc

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
LoadLibraryA
FindResourceW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegDeleteTreeW
RegOpenKeyExA
RegCreateKeyExW
RegGetValueW
RegCloseKey
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiA
lstrcmpiW
lstrlenW
lstrcmpW
lstrcmpA

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
CreateTimerQueueTimer
QueueUserWorkItem
DeleteTimerQueueTimer

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringEx
WideCharToMultiByte
GetStringTypeW
CompareStringW
CompareStringOrdinal

api-ms-win-core-processenvironment-l1-2-0

SearchPathA

api-ms-win-core-heap-obsolete-l1-1-0

GlobalReAlloc
LocalSize
GlobalSize
GlobalLock
GlobalUnlock
GlobalFlags

api-ms-win-core-sidebyside-l1-1-0

ReleaseActCtx
ActivateActCtx
CreateActCtxW
DeactivateActCtx

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
GetCurrentDirectoryW
SetEnvironmentVariableW
GetEnvironmentVariableW
ExpandEnvironmentStringsW

api-ms-win-core-privateprofile-l1-1-0

GetProfileIntA
GetProfileIntW
WritePrivateProfileStringW

api-ms-win-core-com-private-l1-1-0

CoRegisterInitializeSpy
CoRegisterMessageFilter
CoRevokeInitializeSpy

api-ms-win-core-file-l1-2-0

GetTempPathW
CreateFile2

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-mm-time-l1-1-0

timeEndPeriod
timeBeginPeriod

api-ms-win-core-job-l1-1-0

IsProcessInJob

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-systemtopology-l1-1-0

GetNumaHighestNodeNumber

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime
GetNativeSystemInfo

api-ms-win-core-file-l2-1-0

MoveFileExW
GetFileInformationByHandleEx

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedFlushSList
InterlockedPopEntrySList
InitializeSListHead
QueryDepthSList

api-ms-win-core-processtopology-obsolete-l1-1-0

GetActiveProcessorCount

api-ms-win-core-fibers-l2-1-0

SwitchToFiber
CreateFiber
DeleteFiber
ConvertFiberToThread
ConvertThreadToFiber

api-ms-win-core-marshal-l1-1-0

HWND_UserUnmarshal64
CLIPFORMAT_UserFree
HWND_UserMarshal64
HWND_UserUnmarshal
CLIPFORMAT_UserMarshal64
CLIPFORMAT_UserFree64
HWND_UserMarshal
CLIPFORMAT_UserSize64
CLIPFORMAT_UserUnmarshal64
HWND_UserFree
HWND_UserFree64
CLIPFORMAT_UserUnmarshal
CLIPFORMAT_UserMarshal
CLIPFORMAT_UserSize
HWND_UserSize
HWND_UserSize64

api-ms-win-core-localization-obsolete-l1-2-0

GetNumberFormatW
GetUserDefaultUILanguage
EnumUILanguagesW
GetSystemDefaultUILanguage

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW

api-ms-win-core-realtime-l1-1-0

QueryThreadCycleTime
QueryProcessCycleTime

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo

api-ms-win-core-interlocked-l1-2-0

InterlockedPushListSListEx

api-ms-win-core-stringansi-l1-1-0

CharLowerA

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadsFromDll
ResolveDelayLoadedAPI

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation
SetThreadDescription

api-ms-win-core-errorhandling-l1-1-3

TerminateProcessOnMemoryExhaustion

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

rometadata

MetaDataGetDispenser

api-ms-win-ole32-ie-l1-1-0

ReleaseStgMedium
OleRun
CreateBindCtx
CoInitialize

kernelbase

OpenGlobalizationUserSettingsKey

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-namedpipe-l1-1-0

CreatePipe

api-ms-win-core-localization-ansi-l1-1-0

GetStringTypeExA

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-memory-l1-1-1

VirtualUnlock

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterMemoryBlock
WerUnregisterMemoryBlock

Exports

Exports

CIGTestHookLoadLibraryWorkerThread
ClearPhishingFilterData
ClearTemporaryWebDataAsync
ConvertAndEscapePostData
CreateCoreWebView
CreateDiagnosticsToolObject
CreateHTMLPropertyPage
DllCanUnloadNow
DllEnumClassObjects
DllGetClassObject
Fetch_CreateOriginAgnosticFetch
GetColorValueFromString
GetWebPlatformObject
InitializeLocalHtmlEngine
MatchExactGetIDsOfNames
ShowHTMLDialog
ShowHTMLDialogEx
ShowModalDialog
ShowModelessHTMLDialog
Streams_CreateByteChunk
Streams_CreateDefaultSizedByteChunk
Streams_CreateDefaultSizedWideCharChunk
Streams_CreateReadableStream
Streams_CreateReadableStreamFromFileHandle
Streams_CreateReadableStreamFromFilePath
Streams_CreateWideCharChunk
Streams_CreateWritableStream
TravelLogCreateInstance
UninitializeLocalHtmlEngine

Sections

.text
Size: 18.5MB - Virtual size: 18.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 144KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 636KB - Virtual size: 635KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
energy.dll
.dll windows:10 windows x64 arch:x64

1e0b283717ec142ba98775afbfee8e27

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

energy.pdb

Imports

msvcp_win

?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?clear@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGD@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?put@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@G@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?setf@ios_base@std@@QEAAHH@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_J@Z
?swap@?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAAXAEAV12@@Z
?swap@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXAEAV12@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
_Mtx_unlock
_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?setf@ios_base@std@@QEAAHHH@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??Bid@locale@std@@QEAA_KXZ
?widen@?$ctype@G@std@@QEBAGD@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPEBD@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
?_Xlength_error@std@@YAXPEBD@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?_Throw_C_error@std@@YAXH@Z
?width@ios_base@std@@QEAA_J_J@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?_Xbad_alloc@std@@YAXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?exceptions@ios_base@std@@QEAAXH@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@M@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?uncaught_exception@std@@YA_NXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ

api-ms-win-crt-string-l1-1-0

memset
wcsnlen
__isascii
wcscmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
__doserrno

api-ms-win-crt-private-l1-1-0

memcpy
memcmp
_CxxThrowException
__current_exception_context
__current_exception
__C_specific_handler
_o_wcstoul
__CxxFrameHandler4
__std_terminate
wcsrchr
_o___acrt_iob_func
_o___std_exception_copy
_o___std_exception_destroy
_o___std_type_info_destroy_list
_o___stdio_common_vfwprintf
_o___stdio_common_vfwprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vswprintf_s
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__execute_onexit_table
_o__fseeki64
_o__get_stream_buffer_pointers
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo_noreturn
_o__lock_file
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__unlock_file
_o__wcsicmp
_o__wcsnicmp
_o__wfopen_s
_o_ceilf
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fgetwc
_o_floor
_o_fputc
_o_fputwc
_o_fread
_o_free
_o_fsetpos
_o_fwrite
_o_iswprint
_o_malloc
_o_setvbuf
_o_terminate
_o_ungetc
_o_ungetwc

api-ms-win-core-processtopology-obsolete-l1-1-0

GetActiveProcessorCount

api-ms-win-ole32-ie-l1-1-0

CoInitialize

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus
FindResourceW

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlCopySid
RtlLengthSid
NtQueryWnfStateData
NtPowerInformation
RtlAdjustPrivilege
RtlNtStatusToDosError
RtlGetPersistedStateLocation
RtlLoadString

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister
EventWrite

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
EnterCriticalSection
SetEvent
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
ResetEvent
CreateEventW

api-ms-win-core-file-l1-1-0

GetFileSizeEx
ReadFile
CreateFileW
FindClose
FindNextFileW
FileTimeToLocalFileTime
CompareFileTime
FindFirstFileW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoCreateGuid
CoUninitialize
CoTaskMemFree
CoCreateInstance

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetComputerNameExW
GetVersionExW
GetSystemTimeAsFileTime

rpcrt4

UuidCreate
UuidHash

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-eventing-consumer-l1-1-0

OpenTraceW
CloseTrace
ProcessTrace

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
DisableThreadLibraryCalls
LoadResource
LockResource
GetModuleHandleW
SizeofResource
GetModuleHandleExA
LoadStringW
LoadLibraryExW
FreeLibrary

api-ms-win-core-heap-l1-1-0

HeapCreate
GetProcessHeap
HeapDestroy
HeapAlloc
HeapFree

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchRemoveBackslash

api-ms-win-power-setting-l1-1-0

PowerGetActiveScheme

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
TraceSetInformation
StartTraceW
ControlTraceW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-eventing-tdh-l1-1-0

TdhUnloadManifest
TdhGetProperty
TdhGetPropertySize
TdhGetEventInformation
TdhGetEventMapInformation

powrprof

PowerEnumerate
PowerReadACValueIndex
PowerReadDCValueIndexEx
PowerEnumerateSettings
PowerReadDCValueIndex
PowerReadACValueIndexEx

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

oleaut32

GetErrorInfo
SysAllocString
SysFreeString
VariantClear

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

Exports

Exports

CreateProvisioningXml
EnergyWizard_Analyze
EnergyWizard_CancelTrace
EnergyWizard_CollectTrace
EnergyWizard_CreateEnergyWizard
EnergyWizard_DefaultTraceDuration
EnergyWizard_DestroyEnergyWizard
EnergyWizard_GetLogEntryCounts
EnergyWizard_SaveReport
EnergyWizard_SqmAnalysis
EnergyWizard_TransformReport
SaveBatteryReport
SaveSleepStudyReport
SaveSystemSleepDiagnosticsReport
SendScreenOnTelemetry
TransformBatteryReport
TransformSleepStudyReport
TransformSystemSleepDiagnosticsReport

Sections

.text
Size: 536KB - Virtual size: 533KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
enrollmentapi.dll
.dll windows:10 windows x64 arch:x64

cd8b2514b5692a6db37eedd2287ce1e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

enrollmentapi.pdb

Imports

msvcp110_win

?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z

msvcrt

_callnewh
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
memcpy
memcmp
_lock
_unlock
__dllonexit
_CxxThrowException
memset
free
malloc
??3@YAXPEAX@Z
__CxxFrameHandler4
__C_specific_handler
_vsnwprintf
memcpy_s
_onexit
_purecall
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
??1type_info@@UEAA@XZ
memmove_s

ntdll

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry
RtlIsStateSeparationEnabled

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
GetProcAddress

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
DeleteCriticalSection
ReleaseSRWLockExclusive
ReleaseSemaphore
CreateSemaphoreExW
AcquireSRWLockShared
AcquireSRWLockExclusive
OpenSemaphoreW
LeaveCriticalSection
WaitForSingleObjectEx
InitializeCriticalSectionEx
CreateMutexExW
ReleaseMutex
WaitForSingleObject
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter

oleaut32

VariantClear

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

dmenrollengine

ord10

Exports

Exports

IsDeviceEnrolled

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
enterprisecsps.dll
.dll windows:10 windows x64 arch:x64

0d90977e755011526db298cfbf3c8755

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

enterprisecsps.pdb

Imports

dmenterprisediagnostics

RecordDiagnosticsError

msvcp110_win

??Bios_base@std@@QEBAPEAXXZ
?id@?$codecvt@GDH@std@@2V0locale@2@A
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Orphan_all@_Container_base0@std@@QEAAXXZ
?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z
?_Xbad_function_call@std@@YAXXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Orphan_all@_Container_base12@std@@QEAAXXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_BADOFF@std@@3_JB
?in@?$codecvt@GDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAG3AEAPEAG@Z
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
??0?$codecvt@GDH@std@@QEAA@_K@Z
??1?$codecvt@GDH@std@@MEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
_Wcsxfrm
?id@?$ctype@G@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?_Add_vtordisp1@?$basic_ios@GU?$char_traits@G@std@@@std@@UEAAXXZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?endl@std@@YAAEAV?$basic_ostream@GU?$char_traits@G@std@@@1@AEAV21@@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Add_vtordisp2@?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Add_vtordisp1@?$basic_istream@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1_Container_base12@std@@QEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?_Getcat@?$codecvt@DDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?_Add_vtordisp1@?$basic_istream@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Add_vtordisp2@?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Add_vtordisp2@?$basic_ios@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Add_vtordisp1@?$basic_ios@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0_Container_base12@std@@QEAA@XZ
_Wcscoll
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$collate@G@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?swap@?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
?swap@?$basic_istream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?out@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDH@std@@QEBAHAEAHPEAD1AEAPEAD@Z
?_Getcat@?$codecvt@GDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

msvcrt

??3@YAXPEAX@Z
__CxxFrameHandler4
??_V@YAXPEAX@Z
_vsnwprintf
memcpy_s
_purecall
??1exception@@UEAA@XZ
wcscmp
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
__C_specific_handler
wcsncpy_s
malloc
free
memmove_s
_wcsicmp
_wcsnicmp
swscanf
wcschr
wcsstr
__ExceptionPtrCreate
__ExceptionPtrCopy
wcstok_s
__ExceptionPtrDestroy
?what@exception@@UEBAPEBDXZ
?terminate@@YAXXZ
__ExceptionPtrCurrentException
__ExceptionPtrRethrow
??8type_info@@QEBAHAEBV0@@Z
wcsrchr
toupper
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
??0bad_cast@@QEAA@AEBV0@@Z
realloc
strchr
swprintf_s
mbstowcs_s
srand
rand
??0exception@@QEAA@AEBQEBD@Z
_errno
sprintf_s
wcsncmp
_wcslwr
towlower
wcstol
_itow_s
_wtof
_fpclass
fputc
fflush
fclose
fgetc
fwrite
fgetpos
setvbuf
ungetc
fsetpos
_fseeki64
wcscpy_s
_callnewh
__CxxFrameHandler3
_XcptFilter
_amsg_exit
_initterm
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_CxxThrowException
__RTDynamicCast
memcmp
memcpy
memmove
memset
_wtoi

ntdll

RtlNtStatusToDosErrorNoTeb
RtlVirtualUnwind
NtDeleteWnfStateName
RtlCaptureContext
RtlIsMultiUsersInSessionSku
NtQuerySystemInformation
RtlNtStatusToDosError
RtlGetDeviceFamilyInfoEnum
WinSqmSetDWORD
WinSqmStartSession
WinSqmEndSession
RtlIsStateSeparationEnabled
NtCreateWnfStateName
RtlLookupFunctionEntry
RtlPublishWnfStateData

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
FindStringOrdinal
GetModuleHandleExW
FindResourceExW
LoadLibraryExA
LoadResource
GetProcAddress
GetModuleFileNameA
GetModuleHandleExA
SizeofResource
LoadStringW
LoadLibraryExW
GetModuleHandleW
FreeLibrary
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
OpenSemaphoreW
InitializeCriticalSection
CreateEventExW
AcquireSRWLockExclusive
CreateMutexExW
ReleaseMutex
ResetEvent
WaitForSingleObject
SetEvent
ReleaseSemaphore
WaitForSingleObjectEx
EnterCriticalSection
CreateSemaphoreExW
LeaveCriticalSection
CreateEventW
OpenEventW
DeleteCriticalSection
InitializeCriticalSectionEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
CreateThread
OpenThreadToken
GetCurrentProcessId
TerminateThread
CreateProcessAsUserW
GetCurrentProcess
GetCurrentThreadId
OpenProcessToken
TerminateProcess
CreateProcessW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

oleaut32

VariantCopy
SafeArrayGetElement
VariantTimeToSystemTime
SafeArrayGetDim
SysFreeString
VariantChangeType
SysAllocStringByteLen
VarUI4FromStr
SafeArrayCreate
SafeArrayLock
VariantChangeTypeEx
SafeArrayDestroy
SysAllocString
SafeArrayGetUBound
VariantClear
VariantInit
SysStringByteLen
SafeArrayGetLBound
SysAllocStringLen
SysStringLen
SafeArrayUnlock
SystemTimeToVariantTime
SafeArrayAccessData
SafeArrayUnaccessData

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-string-l2-1-0

CharLowerBuffW
CharNextW

api-ms-win-core-registry-l1-1-0

RegDeleteKeyExW
RegOpenCurrentUser
RegQueryValueExW
RegGetValueW
RegCreateKeyExW
RegSetValueExW
RegEnumValueW
RegDeleteTreeW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteValueW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
SetThreadpoolTimer

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
GlobalFree

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

crypt32

CryptSetKeyIdentifierProperty
CryptBinaryToStringW
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CryptAcquireCertificatePrivateKey
CryptUnprotectData
CryptProtectData
CertGetCertificateContextProperty
CertAddCertificateContextToStore
CertDeleteCertificateFromStore
CertAddEncodedCertificateToStore
CryptHashCertificate2
CertGetNameStringW
CertRDNValueToStrW
CryptDecodeObjectEx
CertFindExtension
CertCreateCertificateContext
CryptDecryptMessage
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore
CertCloseStore
CryptExportPublicKeyInfo

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetComputerNameExW
GetTickCount
GetSystemTime
GetSystemInfo
GetTickCount64
GetSystemTimeAsFileTime
GetLocalTime
GetWindowsDirectoryW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
WakeAllConditionVariable
InitOnceComplete
Sleep
SleepConditionVariableSRW

rpcrt4

RpcBindingFree
NdrClientCall3
RpcBindingCreateW
I_RpcExceptionFilter
UuidCreate
RpcBindingBind
UuidFromStringW
RpcStringFreeW
UuidToStringW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoInitialize
RoUninitialize
RoGetActivationFactory

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-realtime-l1-1-1

QueryUnbiasedInterruptTimePrecise

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

api-ms-win-security-base-l1-1-0

GetTokenInformation
CreateWellKnownSid
AdjustTokenPrivileges

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError

ncrypt

NCryptGetProperty
NCryptDeleteKey
NCryptOpenStorageProvider
NCryptCreatePersistedKey
NCryptSetProperty
NCryptFreeObject
NCryptOpenKey

iphlpapi

GetAdaptersAddresses
GetIfEntry2

ws2_32

InetNtopW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-file-l1-1-0

GetFullPathNameW
FindFirstFileW
CreateFileW
DeleteFileW
CompareFileTime
ReadFile
GetFileAttributesW
FindNextFileW
FileTimeToLocalFileTime
SetFileAttributesW
WriteFile
FindClose
SetFileInformationByHandle
RemoveDirectoryW
CreateDirectoryW

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchSkipRoot
PathCchAppend
PathCchCombine
PathAllocCombine

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-firmware-l1-1-0

SetFirmwareEnvironmentVariableW
GetFirmwareEnvironmentVariableW

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

cryptsp

CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptHashData
CryptDestroyHash
CryptGetHashParam

api-ms-win-core-registry-l2-1-0

RegEnumKeyW
RegDeleteKeyW

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus
GetNamedPipeClientProcessId

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA
lstrcmpiW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

omadmapi

ord104
ord44
ord52
ord22
ord47
ord53
ord56
ord27
ord54
ord23
ord166
ord79
ord24

dmcmnutils

OmaDmRegistryGetString
OmaDmRegistryGetDWORD
OmaDmRegistrySetDWORD
OmaDmRegistryDeleteValue
OmaDmRegistrySetString
HexStringToBinary
DecodeBase64W
EncodeBase64W
BinaryToHexString
DmRaiseToastNotification
DMGetClientHardwareUID
SafeWideCharToMultiByte
OmDmRegistryAllocAndGetString
DmDisableTask
BigStrcat
DmEnableTask
CopyString
DmDeleteTask
DmGetTargetAik
DmGetTpmInfo
IsWvdFeatureAllowed
CreateBstrArray
DmGetTpmState
DmRevertToSelf
InvStrCmpIW
DmGetActiveUserSid
DmImpersonate
DmGetCurrentUserSid
OmaDmRegistrySetBinary
OmaDmRegistryGetBinary
OmaDmRegistryGetAllSubKeys
OmaDmRegistryGetAllValues
UnicodeToMB
MBToUnicode
DmGenerateAttestationClaims

dmcfgutils

SyncGetDeviceUniqueID

policymanager

EnterprisePolicyManagerStore_EvaluatePoliciesUpdateCurrent
EnterprisePolicyManagerStore_GetEnrollmentTypeFromEnrollment
EnterprisePolicyManagerStore_DeleteProvider
EnterprisePolicyManagerStore_DoesProviderExist
EnterprisePolicyManagerStore_CreateProviderHive
EnterprisePolicyManagerStore_GetAllProviderContextSidAreas
EnterprisePolicyManagerStore_CSPConfigSourceDeleteChild
EnterprisePolicyManagerStore_CSPConfigSourceAreaCreateNodeInstance
EnterprisePolicyManagerStore_EnsureProviderContextSidAreaExist
EnterprisePolicyManagerStore_CSPConfigSourceAreaGetChildNodeNames
EnterprisePolicyManagerStore_IsValidArea
EnterprisePolicyManagerStore_CSPConfigSourceAreaDeleteChild
EnterprisePolicyManagerStore_CSPConfigSourceAreaPolicyCreateNodeInstance
EnterprisePolicyManagerStore_CSPConfigSourceAreaPolicyGetValue
EnterprisePolicyManagerStore_IsValidPolicy
EnterprisePolicyManagerStore_CSPResultAreaPolicyGetValue
EnterprisePolicyManagerStore_IsPolicyAreaForIngestedAdmx
EnterprisePolicyManagerStore_DeleteEnrollmentAdmxMetadata
EnterprisePolicyManagerStore_IsADMXIngestionAllowed
EnterprisePolicyManagerStore_DeleteEnrollmentAppAdmxMetadata
EnterprisePolicyManagerStore_CSPConfigSourceAreaPolicySetValue
EnterprisePolicyManagerStore_GetPolicyTypeFromMetadata
EnterprisePolicyManagerStore_CSPResultGetAreaChildNodeNames
EnterprisePolicyManagerStore_DeleteEnrollmentAppSettingTypeAdmxMetadata
EnterprisePolicyManagerStore_GetAdmxFileData
EnterprisePolicyManagerStore_VerifyAdmxPoliciesAreNotSet
EnterprisePolicyManagerStore_IngestAdmxTextBlob
EnterprisePolicyManagerStore_DoesProviderContextSidAreaPolicyValueExist
EnterprisePolicyManagerStore_SetProviderContextSidAreaPolicyValue
EnterprisePolicyManagerStore_GetCurrentPolicyValue
EnterprisePolicyManagerStore_CSPResultAreaGetChildNodeNames
EnterprisePolicyManagerStore_GetAllCurrentSidAreaPolicies
EnterprisePolicyManagerStore_GetAllProviderContextSidAreaPolicies
EnterprisePolicyManagerStore_DeleteProviderContextSidAreaPolicy
EnterprisePolicyManagerStore_GetProviderContextSidAreaPolicyValue
PolicyManager_IsPolicySetByMobileDeviceManager
EnterprisePolicyManagerStore_PublishAnyDelayedWnfs

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

xmllite

CreateXmlWriter
CreateXmlReader
CreateXmlReaderInputWithEncodingName
CreateXmlWriterOutputWithEncodingName

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW
SHCreateMemStream

combase

ord154

api-ms-win-shcore-registry-l1-1-0

SHCopyKeyW

sspicli

GetUserNameExW

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-service-management-l1-1-0

OpenSCManagerW
StartServiceW
OpenServiceW
CloseServiceHandle

api-ms-win-core-namedpipe-l1-1-0

CreateNamedPipeW
ConnectNamedPipe

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

certenroll

ord45

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetPushStatus
SetPushPFN

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 436KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
enterpriseresourcemanager.dll
.dll windows:10 windows x64 arch:x64

c3667d034578385644eff193c5e1ac37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

enterpriseresourcemanager.pdb

Imports

msvcp110_win

??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?_Xbad_alloc@std@@YAXXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Syserror_map@std@@YAPEBDH@Z
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
??Bios_base@std@@QEBAPEAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Add_vtordisp1@?$basic_istream@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Add_vtordisp2@?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAAXXZ

msvcrt

memcpy
memcmp
_CxxThrowException
memmove
??0exception@@QEAA@AEBV0@@Z
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__CxxFrameHandler3
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
_callnewh
malloc
memmove_s
wcschr
_vsnprintf_s
memset
sprintf_s
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
wcscat_s
_wcsicmp
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
__CxxFrameHandler4

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlIsStateSeparationEnabled

oleaut32

SysStringLen
SysFreeString

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleW
LoadLibraryExA
GetModuleHandleExW
GetModuleFileNameA
FreeLibrary
GetProcAddress

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegDeleteKeyExW
RegDeleteTreeW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW
RegGetValueW
RegEnumValueW
RegDeleteValueW
RegQueryInfoKeyW
RegOpenKeyExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
RaiseException
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo
GetSystemTime
GetTickCount

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

rpcrt4

UuidFromStringW
UuidCreate

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSectionEx
CreateSemaphoreExW
DeleteCriticalSection
AcquireSRWLockShared
ReleaseMutex
CreateMutexExW
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
WaitForSingleObject
OpenSemaphoreW
WaitForSingleObjectEx

api-ms-win-core-com-l1-1-0

CoCreateInstance

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW

dmcmnutils

UnicodeToMB

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

Exports

Exports

EnterpriseResourceManagerStore_DeleteResource
EnterpriseResourceManagerStore_DeleteTrackedResourcesForEnrollment
EnterpriseResourceManagerStore_GenerateWmiResourcePath
EnterpriseResourceManagerStore_IsResourceProvisioned
EnterpriseResourceManagerStore_NormalizeURI
EnterpriseResourceManagerStore_RemoveAllIgnoredUri
EnterpriseResourceManagerStore_ReplaceResourceNodePath
EnterpriseResourceManagerStore_SaveIgnoredURI
EnterpriseResourceManagerStore_WriteResourceNodePath
EnterpriseResourceManager_ScopeData_IsValid

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
facecredentialprovider.dll
.dll windows:10 windows x64 arch:x64

d1fe88e87e9be9faf20ec8c7fd11026f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

facecredentialprovider.pdb

Imports

msvcp_win

?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?width@ios_base@std@@QEBA_JXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?unshift@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?uncaught_exception@std@@YA_NXZ
?flags@ios_base@std@@QEBAHXZ
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?good@ios_base@std@@QEBA_NXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEBA?AVlocale@2@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?_Throw_Cpp_error@std@@YAXH@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
_Thrd_id
_Thrd_join
_Cnd_do_broadcast_at_thread_exit
_Query_perf_counter
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?imbue@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAK@Z
_Cnd_init_in_situ
_Cnd_broadcast
_Mtx_current_owns
_Cnd_timedwait
_Xtime_get_ticks
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGD@Z
??Bid@locale@std@@QEAA_KXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setf@ios_base@std@@QEAAHHH@Z
?fail@ios_base@std@@QEBA_NXZ
?clear@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??Bios_base@std@@QEBA_NXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
_Query_perf_frequency
?_Xbad_function_call@std@@YAXXZ
_Mtx_init_in_situ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
_Cnd_destroy_in_situ
_Mtx_unlock
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__beginthreadex
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__fseeki64
_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__lock_file
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o__unlock_file
_o__wcsicmp
_o__wcsnicmp
_o__wtoi
_o_ceilf
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fgetwc
_o_fputwc
_o_free
_o_fsetpos
_o_fwrite
_o_malloc
_o_setvbuf
_o_terminate
_o_ungetc
_o_ungetwc
_o_wcscpy_s
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

strcmp
wcscmp
memset

dsreg

DsrGetJoinInfo
DsrFreeJoinInfo

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameA
LoadResource
FindResourceExW
GetModuleHandleW
SizeofResource
GetProcAddress
GetModuleHandleExA
FreeLibrary
LoadLibraryExW
LoadStringW
LockResource
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

SetEvent
CreateEventW
InitializeSRWLock
ResetEvent
ReleaseSemaphore
CreateSemaphoreExW
InitializeCriticalSection
WaitForSingleObjectEx
OpenSemaphoreW
InitializeCriticalSectionEx
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
ReleaseMutex
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
CreateEventExW
CreateMutexW
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
GetLastError
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
ProcessIdToSessionId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
CreateProcessW

api-ms-win-core-localization-l1-2-0

GetThreadPreferredUILanguages
SetThreadPreferredUILanguages
GetThreadUILanguage
FormatMessageW
SetThreadUILanguage

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchAppend

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegDeleteTreeW
RegQueryInfoKeyW
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegEnumValueW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventActivityIdControl
EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoTaskMemAlloc
CoGetMalloc
CLSIDFromString
CoCreateFreeThreadedMarshaler
CoCreateGuid
CoUninitialize
CoWaitForMultipleHandles
CoCreateInstance
CoTaskMemFree
CoInitializeEx

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-security-base-l1-1-0

EqualSid
GetLengthSid
CopySid
IsValidSid
GetTokenInformation
IsWellKnownSid

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-synch-l1-2-0

InitializeConditionVariable
SleepConditionVariableCS
WakeConditionVariable
InitOnceBeginInitialize
InitOnceComplete
Sleep
InitOnceExecuteOnce

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError
GetRestrictedErrorInfo
RoOriginateErrorW
RoTransformError

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-core-file-l1-1-0

GetDiskFreeSpaceExW
CompareFileTime
GetFileAttributesW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
RtlGetDeviceFamilyInfoEnum
RtlUnsubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlAllocateWnfSerializationGroup
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData

api-ms-win-downlevel-shlwapi-l1-1-0

QISearch
PathFileExistsW

api-ms-win-downlevel-kernel32-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-downlevel-kernel32-l2-1-0

WTSGetActiveConsoleSessionId
GetSystemPowerStatus

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedFileLocationW
GetPersistedRegistryLocationW

credprovcommoncore

ord30

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx

mfplat

MFStartup
MFShutdown

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 416KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fcon.dll
.dll windows:10 windows x64 arch:x64

2eefaed9c9d49ea11505f3f2abf2f933

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fcon.pdb

Imports

msvcp_win

?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?flags@ios_base@std@@QEBAHXZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$ctype@G@std@@2V0locale@2@A
?widen@?$ctype@G@std@@QEBAGD@Z
?_Xbad_function_call@std@@YAXXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Xbad_alloc@std@@YAXXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__wcsdup
_o__wcsicmp
_o_abort
_o_ceilf
_o_free
_o_iswspace
_o_malloc
_o_qsort
_o_realloc
_o_terminate
_o_wcscpy_s
_o_wcstol
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o__crt_atexit
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o__execute_onexit_table
_o__cexit
_o___std_exception_copy
_o__configure_narrow_argv
__CxxFrameHandler3
memmove
_o__errno
__std_terminate
__CxxFrameHandler4
_o__callnewh
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
GetModuleHandleW
GetModuleHandleExW
FreeLibrary
FreeLibraryAndExitThread

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
ReleaseSemaphore
SetEvent
CreateEventExW
InitializeSRWLock
InitializeCriticalSectionAndSpinCount
ResetEvent
CreateEventW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
CreateMutexExW
CreateSemaphoreExW
DeleteCriticalSection
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
RaiseException
SetLastError

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
CreateThread
GetCurrentProcessId
GetCurrentProcess
ResumeThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsCreateStringReference
WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCompareStringOrdinal

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
StringFromGUID2
CoCreateFreeThreadedMarshaler
CoGetApartmentType
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
CoCreateInstance

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW
RoTransformError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

ntdll

NtQueryWnfStateData
RtlQueryFeatureConfigurationChangeStamp
RtlEqualUnicodeString
RtlInitUnicodeString
RtlIntegerToUnicodeString
ZwQueryKey
ZwOpenKeyEx
RtlAllocateHeap
ZwEnumerateValueKey
ZwEnumerateKey
RtlFreeHeap
RtlPublishWnfStateData
ZwClose
RtlQueryAllFeatureConfigurations
RtlSubscribeWnfStateChangeNotification
RtlGetSystemBootStatus
RtlSetSystemBootStatus
RtlQueryFeatureUsageNotificationSubscriptions
RtlQueryFeatureConfiguration
RtlSetFeatureConfigurations
RtlSubscribeForFeatureUsageNotification
RtlUnsubscribeFromFeatureUsageNotifications
RtlIsStateSeparationEnabled
ZwQueryValueKey
RtlUnsubscribeWnfNotificationWaitForCompletion

api-ms-win-core-registry-l1-1-0

RegDeleteKeyExW
RegEnumKeyExW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegEnumValueW
RegQueryInfoKeyW
RegGetValueW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegFlushKey

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

rpcrt4

RpcBindingFromStringBindingW
RpcStringFreeW
RpcBindingFree
NdrClientCall3
RpcStringBindingComposeW
RpcExceptionFilter

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-path-l1-1-0

PathAllocCombine

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-registry-l2-1-0

RegEnumKeyW
RegOpenKeyW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

oleaut32

SysAllocString
SysFreeString
SysStringLen
SetErrorInfo
GetErrorInfo

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
GetCtacPropertyAlloc
ModifyStagingControlVariants
ModifyStagingControls
SubscribeFeatureReporting
UnsubscribeFeatureReporting

Sections

.text
Size: 328KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fodhelper.exe
.exe windows:10 windows x64 arch:x64

3d211f37c0bd7fbab2d5afa344c97fc2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

FodHelper.pdb

Imports

advapi32

RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyW
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW

kernel32

HeapFree
GetModuleHandleExW
HeapAlloc
GetProcAddress
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
SetEvent
InitializeCriticalSectionAndSpinCount
GetLastError
DeleteCriticalSection
InitializeCriticalSectionEx
FormatMessageW
GetCurrentThreadId
GetModuleFileNameA
DebugBreak
GetModuleHandleW
IsDebuggerPresent
OutputDebugStringW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
SetLastError
CloseHandle
ReleaseSemaphore
ReleaseMutex
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForSingleObjectEx
WaitForSingleObject
OpenSemaphoreW
CreateThreadpoolTimer
HeapSetInformation
GetCommandLineW
CreateThread
ResumeThread
RaiseException
EncodePointer
GetCurrentProcessId
CreateMutexExW
CreateEventW
CreateSemaphoreExW
GetSystemDirectoryW
DecodePointer
WaitForMultipleObjects
GetFileAttributesW
GetModuleFileNameW
VirtualQuery

msvcrt

_commode
__C_specific_handler
_lock
_unlock
__dllonexit
_onexit
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
towupper
_fmode
_wcsicmp
memmove_s
?terminate@@YAXXZ
memset
_XcptFilter
_amsg_exit
wcschr
_acmdln
_purecall
__getmainargs
memmove
memcpy
memcpy_s
_vsnwprintf
__set_app_type
memcmp
wcscmp

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoSuspendClassObjects
CoReleaseServerProcess
CoAddRefServerProcess
CoTaskMemAlloc
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoResumeClassObjects
CoInitializeEx

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoInitialize
RoUninitialize

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateStringReference

rpcrt4

UuidToStringW
RpcStringFreeW

oleaut32

RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
LoadResource
LockResource

ntdll

RtlPublishWnfStateData

shell32

ShellExecuteExW
CommandLineToArgvW

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fsutil.exe
.exe windows:10 windows x64 arch:x64

44298c6bce4726053bb090f3e745b8e7

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:02:44:8b:1d:70:3e:a2:82:5a:38:94:0a:44:fb:10:3d:8f:40:34:98:21:5d:d0:33:ea:e4:e5:a9:03:3d:a0
Signer

Actual PE Digest

0d:02:44:8b:1d:70:3e:a2:82:5a:38:94:0a:44:fb:10:3d:8f:40:34:98:21:5d:d0:33:ea:e4:e5:a9:03:3d:a0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

fsutil.pdb

Imports

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_initterm
memset
_cexit
memcpy
_local_unwind
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
wcstol
wcstok_s
__setusermatherr
wcstoul
iswctype
_errno
exit
calloc
wcschr
_pclose
fgetws
_wpopen
mbstowcs_s
_wcsdup
wcsncpy_s
memcpy_s
wcscpy_s
realloc
towupper
_wtoi
wcsrchr
wcscat_s
isalpha
isdigit
toupper
setlocale
_vsnwprintf
wprintf
swprintf_s
malloc
free
_wcsnicmp
__C_specific_handler
_wcsicmp
_wcstoui64
wcscmp

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlNumberOfSetBits
RtlInitializeBitMap
RtlSetBits
RtlSetBit
NtFlushBuffersFileEx
NtClose
RtlVerifyVersionInfo
VerSetConditionMask
RtlGetLastNtStatus
NtQuerySystemInformation
RtlTimeToTimeFields
RtlStringFromGUID
NtEnumerateTransactionObject
RtlGetOwnerSecurityDescriptor
RtlAllocateHeap
NtQuerySecurityObject
RtlConvertSidToUnicodeString
NtCreateFile
RtlFreeHeap
RtlDosPathNameToNtPathName_U
RtlVirtualUnwind
RtlGetCurrentTransaction
NtSetQuotaInformationFile
RtlInitializeCriticalSection
NtQueryQuotaInformationFile
RtlLengthSid
NtSetVolumeInformationFile
NtOpenFile
RtlInitUnicodeString
NtQueryVolumeInformationFile
NtQueryEaFile
NtQueryInformationFile
NtSetInformationFile
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlWriteRegistryValue
RtlDeleteRegistryValue
RtlFreeUnicodeString
RtlQueryRegistryValuesEx
RtlNtStatusToDosError
RtlGetVersion
RtlSetCurrentTransaction

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW

api-ms-win-core-file-l1-1-0

GetVolumePathNameW
CreateFileW
GetFileInformationByHandle
GetLogicalDriveStringsW
GetVolumeInformationW
QueryDosDeviceW
GetDriveTypeW
SetEndOfFile
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetFileSizeEx
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameW
FindClose
CreateDirectoryW
ReadFile
SetFilePointerEx
GetTempFileNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
DeleteFileW
GetDiskFreeSpaceExW
WriteFile

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemDirectoryW
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetTickCount
GetComputerNameExW
GetSystemInfo

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError
RaiseException

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processtopology-obsolete-l1-1-0

GetActiveProcessorCount

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleExA
GetModuleHandleW
LoadLibraryExA
GetProcAddress

api-ms-win-core-sysinfo-l1-2-6

GetDeveloperDriveEnablementState

fltlib

FilterVolumeInstanceFindNext
FilterVolumeInstanceFindFirst
FilterFindClose

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
CheckTokenMembership
FreeSid
AdjustTokenPrivileges

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
CreateProcessW
GetCurrentProcessId
OpenProcessToken
TerminateProcess

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW
LookupAccountSidW
LookupAccountNameW

api-ms-win-core-com-l1-1-0

CoTaskMemFree
StringFromIID
IIDFromString
StringFromGUID2

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
SetThreadUILanguage
FormatMessageW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-file-l2-1-0

CreateHardLinkW
GetFileInformationByHandleEx

api-ms-win-core-file-l2-1-1

OpenFileById

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-file-l1-2-2

FindNextFileNameW
FindFirstFileNameW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSetInformation
GetProcessHeap
HeapFree

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObject

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW
LookupAccountNameLocalW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
WriteConsoleW
GetConsoleMode
SetConsoleCtrlHandler

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetCurrentDirectoryW
ExpandEnvironmentStringsW
GetEnvironmentVariableW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-namedpipe-l1-1-0

CreatePipe

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW

api-ms-win-security-lsapolicy-l1-1-0

LsaFreeMemory
LsaLookupSids
LsaOpenPolicy

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

fmifs

CreatePerMachineFileSystemStateKey
ClearPerMachineFileSystemState

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

Sections

.text
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fveapi.dll
.dll windows:10 windows x64 arch:x64

44913915533a43dceb65d56c06c52ff1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fveapi.pdb

Imports

msvcrt

_onexit
_strnicmp
_wtempnam
__dllonexit
_unlock
_lock
_initterm
??1type_info@@UEAA@XZ
_local_unwind
free
iswdigit
_wcsicmp
_amsg_exit
_XcptFilter
memset
memmove
wcscpy_s
wcsncpy_s
wcsncat_s
_stricmp
wcschr
iswascii
?terminate@@YAXXZ
printf
memcpy
wcstok_s
vswprintf_s
memcmp
ceil
_vsnwprintf
memmove_s
memcpy_s
__C_specific_handler
mbstowcs_s
wcstombs_s
_vsnprintf_s
__CxxFrameHandler4
__CxxFrameHandler3
_errno
_CxxThrowException
sprintf_s
?what@exception@@UEBAPEBDXZ
strcmp
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
wcstoul
time
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_wcsupr
??_V@YAXPEAX@Z
??0exception@@QEAA@XZ
??3@YAXPEAX@Z
_purecall
_callnewh
malloc
_scwprintf
wcscmp

ntdll

NtOpenFile
RtlSystemTimeToLocalTime
RtlTimeToTimeFields
RtlUnicodeStringToCountedOemString
RtlGenerate8dot3Name
ZwOpenKey
ZwQueryValueKey
RtlGetDeviceFamilyInfoEnum
RtlCreateSystemVolumeInformationFolder
RtlDosPathNameToNtPathName_U_WithStatus
NtPowerInformation
RtlCheckPortableOperatingSystem
RtlUnsubscribeWnfStateChangeNotification
NtQueryInformationFile
NtQuerySystemEnvironmentValueEx
RtlInitUnicodeString
RtlCompareMemory
WinSqmSetDWORD
WinSqmAddToStreamEx
RtlPublishWnfStateData
NtQueryWnfStateData
RtlFreeUnicodeString
RtlStringFromGUID
NtClose
NtQueryValueKey
NtOpenKey
EtwEventWrite
EtwEventUnregister
EtwEventRegister
NtQueryVolumeInformationFile
NtQuerySystemInformation
RtlSetThreadErrorMode
RtlNtStatusToDosError
RtlSubscribeWnfStateChangeNotification
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlIsMultiSessionSku
RtlLengthSid
NtQueryInformationProcess

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
GetTraceLoggerHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventSetInformation
EventWrite
EventUnregister

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleExA
FreeLibrary
GetProcAddress
LoadStringW
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleW
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
WaitForSingleObjectEx
CreateMutexExW
InitializeSRWLock
CreateEventW
InitializeCriticalSectionEx
DeleteCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
SetEvent
EnterCriticalSection
LeaveCriticalSection
CreateSemaphoreExW
InitializeCriticalSection

api-ms-win-security-base-l1-1-0

CopySid
AdjustTokenPrivileges
DuplicateTokenEx
CheckTokenMembership
RevertToSelf
GetLengthSid
GetTokenInformation
ImpersonateSelf
FreeSid
AllocateAndInitializeSid

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
Sleep
InitOnceComplete
InitOnceExecuteOnce

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TlsAlloc
TerminateProcess
OpenThreadToken
TlsFree
TlsGetValue
TlsSetValue
GetCurrentProcessId
OpenProcessToken
SetThreadToken
GetCurrentThreadId
GetCurrentProcess
GetCurrentThread

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetVersionExW
GetSystemTimeAsFileTime
GetTickCount
GetSystemWindowsDirectoryW
GetLocalTime
GetComputerNameExW
GetSystemTime

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegDeleteKeyExW
RegUnLoadKeyW
RegLoadKeyW
RegEnumKeyExW
RegDeleteValueW
RegGetValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegGetValueA
RegQueryInfoKeyW
RegFlushKey

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

SetFilePointerEx
GetFileSize
RemoveDirectoryW
SetFilePointer
GetVolumeInformationW
ReadFile
GetDiskFreeSpaceW
GetFileAttributesW
GetDriveTypeW
GetFileSizeEx
WriteFile
SetFileAttributesW
SetEndOfFile
FindFirstFileW
DeleteFileW
FindNextFileW
CreateDirectoryW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetVolumePathNameW
FileTimeToLocalFileTime
GetFileInformationByHandle
FlushFileBuffers
GetLogicalDrives
CreateFileW
FindClose

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte
CompareStringW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap
HeapSize

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-localization-l1-2-0

FormatMessageW
IsDBCSLeadByte

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW
GetTempPathW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
VirtualAlloc
UnmapViewOfFile
CreateFileMappingW
VirtualFree

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-com-l1-1-0

CLSIDFromString
CoCreateGuid
CoGetCallContext
CoUninitialize
CoInitializeEx
StringFromGUID2

api-ms-win-core-path-l1-1-0

PathCchCombine

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

ws2_32

htons
sendto
setsockopt
WSAGetLastError
recvfrom
socket
WSACleanup
bind
closesocket
inet_pton
WSAStartup
inet_ntop

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

FveAddAuthMethodInformation
FveAddAuthMethodSid
FveAddPredictiveTpmProtector
FveApplyGroupPolicy
FveApplyNkpCertChanges
FveAttemptAutoUnlock
FveAuthElementFromPassPhraseW
FveAuthElementFromPinW
FveAuthElementFromRecoveryPasswordW
FveAuthElementGetKeyFileNameW
FveAuthElementReadExternalKeyW
FveAuthElementToRecoveryPasswordW
FveAuthElementWriteExternalKeyExW
FveAuthElementWriteExternalKeyW
FveBackupRecoveryInformationToAD
FveBackupRecoveryInformationToADEx
FveBindDataVolume
FveCanPinExceptionPolicyBeApplied
FveCanStandardUsersChangePassphraseByProxy
FveCanStandardUsersChangePin
FveCheckADRecoveryInfoBackupPolicy
FveCheckADRecoveryInfoBackupPolicyEx
FveCheckPassphrasePolicy
FveCheckTpmCapability
FveClearUserFlags
FveCloseHandle
FveCloseVolume
FveCommitChanges
FveCommitChangesEx
FveControl
FveConversionDecrypt
FveConversionDecryptEx
FveConversionEncrypt
FveConversionEncryptEx
FveConversionEncryptPendingReboot
FveConversionEncryptPendingRebootEx
FveConversionPause
FveConversionResume
FveConversionStop
FveConversionStopEx
FveDecrementClearKeyCounter
FveDeleteAuthMethod
FveDeleteDeviceEncryptionOptOutForVolumeW
FveDisableDeviceLockoutState
FveDiscardChanges
FveDraCertPresentInRegistry
FveEnableRawAccess
FveEnableRawAccessEx
FveEnableRawAccessW
FveEraseDrive
FveEscrowEncryptedRecoveryKeyForRetailUnlock
FveFindFirstVolume
FveFindNextVolume
FveFlagsToProtectorType
FveGenerateNbp
FveGenerateNkpSessionKeys
FveGetAllowKeyExport
FveGetAuthMethodGuids
FveGetAuthMethodInformation
FveGetAuthMethodSid
FveGetAuthMethodSidInformation
FveGetClearKeyCounter
FveGetDataSet
FveGetDescriptionW
FveGetDeviceLockoutData
FveGetExternalKeyBlob
FveGetFipsAllowDisabled
FveGetFveMethod
FveGetFveMethodEDrv
FveGetFveMethodEx
FveGetIdentificationFieldW
FveGetIdentity
FveGetKeyPackage
FveGetRecoveryPasswordBackupInformation
FveGetSecureBootBindingState
FveGetStatus
FveGetStatusW
FveGetUserFlags
FveGetVolumeNameW
FveInitVolume
FveInitVolumeEx
FveInitializeDeviceEncryption
FveInitializeDeviceEncryption2
FveIsAnyDataVolumeBoundToOSVolume
FveIsBoundDataVolume
FveIsBoundDataVolumeToOSVolume
FveIsDeviceLockable
FveIsDeviceLockedOut
FveIsHardwareReadyForConversion
FveIsHybridVolume
FveIsHybridVolumeW
FveIsPassphraseCompatibleW
FveIsRecoveryPasswordGroupValidW
FveIsRecoveryPasswordValidW
FveIsSchemaExtInstalled
FveIsVolumeEncryptable
FveKeyManagement
FveLockDevice
FveLockVolume
FveLogRecoveryReason
FveNeedsDiscoveryVolumeUpdate
FveNotifyVolumeAfterFormat
FveOpenVolumeByHandle
FveOpenVolumeExW
FveOpenVolumeW
FveProtectorTypeToFlags
FveQuery
FveQueryDeviceEncryptionSupport
FveRecalculateOffsetsAndMoveMetadata
FveRegenerateNbpSessionKey
FveResetTpmDictionaryAttackParameters
FveRevertVolume
FveSaveRecoveryPasswordBackupFlag
FveSelectBestRecoveryPasswordByBackupInformation
FveServiceDiscoveryVolume
FveSetAllowKeyExport
FveSetDescriptionW
FveSetFipsAllowDisabled
FveSetFveMethod
FveSetIdentificationFieldW
FveSetRecoveryPasswordBackupInformation
FveSetUserFlags
FveSetupTpmCallback
FveSysClearUserFlags
FveSysCloseVolume
FveSysGetUserFlags
FveSysOpenVolumeW
FveSysSetUserFlags
FveUnbindAllDataVolumeFromOSVolume
FveUnbindDataVolume
FveUnlockVolume
FveUnlockVolumeAuthMethodSid
FveUnlockVolumeWithAccessMode
FveUpdateBandIdBcd
FveUpdateDeviceLockoutState
FveUpdateDeviceLockoutStateEx
FveUpdatePinW
FveUpgradeVolume
FveValidateDeviceLockoutState
FveValidateExistingPassphraseW
FveValidateExistingPinW
InternalFveIsVolumeEncrypted
NgscbCheckDmaSecurity
NgscbCheckDmaSecurityEx
NgscbCheckHSTIPrerequisitesVerified
NgscbCheckIsAOACDevice
NgscbCheckIsHSTIVerified
NgscbCheckPreventDeviceEncryption
NgscbCheckPreventDeviceEncryptionForAad
NgscbGetWinReConfiguration
NgscbIsHostOsOnRoamableDrive

Sections

.text
Size: 816KB - Virtual size: 815KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fveapibase.dll
.dll windows:10 windows x64 arch:x64

f57cc2f21e2a860d78cc47a71f3b7028

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fveapibase.pdb

Imports

msvcrt

memmove_s
_purecall
iswdigit
wcstoul
_strnicmp
_stricmp
wcschr
__CxxFrameHandler4
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
__CxxFrameHandler3
memcpy_s
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_CxxThrowException
_vsnwprintf
__C_specific_handler
memcmp
memcpy
memset
strcmp
_onexit
__dllonexit
_unlock
_lock
_initterm
free
_amsg_exit
_XcptFilter
_callnewh
malloc
_wcsicmp
wcscmp

ntdll

RtlCreateSystemVolumeInformationFolder
RtlDosPathNameToNtPathName_U_WithStatus
NtOpenFile
NtPowerInformation
RtlCheckPortableOperatingSystem
ZwOpenKey
ZwQueryValueKey
NtQuerySystemEnvironmentValueEx
RtlInitUnicodeString
RtlCompareMemory
NtQueryInformationFile
RtlPublishWnfStateData
NtQueryWnfStateData
RtlFreeUnicodeString
RtlStringFromGUID
NtClose
NtQueryValueKey
NtOpenKey
EtwEventWrite
EtwEventUnregister
EtwEventRegister
NtQueryVolumeInformationFile
NtQuerySystemInformation
RtlSetThreadErrorMode
RtlNtStatusToDosError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWrite
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-synch-l1-1-0

ReleaseMutex
WaitForSingleObjectEx
CreateMutexExW
CreateSemaphoreExW
InitializeCriticalSectionEx
LeaveCriticalSection
OpenSemaphoreW
InitializeCriticalSection
DeleteCriticalSection
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSemaphore
EnterCriticalSection
WaitForSingleObject

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
TlsSetValue
GetCurrentThread
OpenThreadToken
OpenProcessToken
TlsAlloc
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
SetThreadToken
GetCurrentProcess
TlsFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetTickCount64
GetSystemTimeAsFileTime
GetTickCount
GetSystemWindowsDirectoryW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

bcd

BcdCloseObject
BcdOpenObject
BcdGetElementData
BcdOpenSystemStore
BcdQueryObject
SyspartGetSystemPartition
BcdCloseStore

bcrypt

BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptEncrypt
BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptGetFipsAlgorithmMode
BCryptFinishHash
BCryptDestroyHash
BCryptHashData
BCryptCreateHash
BCryptDecrypt
BCryptSetProperty
BCryptGenerateSymmetricKey
BCryptDestroyKey

tbs

Tbsip_Context_Close
Tbsi_Context_Create
Tbsi_Get_TCG_Log
Tbsip_Submit_Command_NonBlocking
Tbsi_GetDeviceInfo

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegUnLoadKeyW
RegOpenKeyExW
RegLoadKeyW
RegGetValueW
RegQueryInfoKeyW
RegGetValueA
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW

api-ms-win-security-base-l1-1-0

FreeSid
AllocateAndInitializeSid
RevertToSelf
AdjustTokenPrivileges
DuplicateTokenEx

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

GetLogicalDrives
GetDriveTypeW
CreateFileW
GetDiskFreeSpaceW
ReadFile
RemoveDirectoryW
GetVolumeInformationW
CreateDirectoryW
WriteFile
SetFilePointerEx
GetFileSizeEx
FindClose
SetFileAttributesW
FindFirstFileW
GetFileAttributesW
FlushFileBuffers
DeleteFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FreeLibrary
GetModuleHandleExA
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
GetProcAddress

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree
HeapSize

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
ControlTraceW
StartTraceW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

ncrypt

NCryptUnprotectSecret
NCryptCloseProtectionDescriptor
NCryptProtectSecret
NCryptCreateProtectionDescriptor
NCryptGetProtectionDescriptorInfo

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

crypt32

CryptDecodeObjectEx
CertGetEnhancedKeyUsage
CertVerifyCertificateChainPolicy

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-com-l1-1-0

CLSIDFromString
CoCreateGuid

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-security-lsapolicy-l1-1-0

LsaQueryInformationPolicy
LsaFreeMemory
LsaClose
LsaOpenPolicy

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

Exports

Exports

FveAuthElementFromPassPhraseW
FveAuthElementFromPinW
FveAuthElementFromRecoveryPasswordW
FveAuthElementGetKeyFileNameW
FveAuthElementReadExternalKeyW
FveAuthElementToRecoveryPasswordW
FveAuthElementWriteExternalKeyExW
FveAuthElementWriteExternalKeyW
FveCanPinExceptionPolicyBeApplied
FveClearUserFlags
FveCloseHandle
FveCloseVolume
FveCommitChanges
FveCommitChangesEx
FveConversionDecrypt
FveConversionDecryptEx
FveConversionPause
FveConversionResume
FveConversionStop
FveConversionStopEx
FveDiscardChanges
FveEnableRawAccess
FveEraseDrive
FveFindFirstVolume
FveFindNextVolume
FveGetAllowKeyExport
FveGetAuthMethodGuids
FveGetAuthMethodInformation
FveGetDataSet
FveGetFipsAllowDisabled
FveGetFveMethod
FveGetFveMethodEDrv
FveGetFveMethodEx
FveGetIdentity
FveGetKeyPackage
FveGetStatus
FveGetStatusW
FveGetUserFlags
FveGetVolumeNameW
FveIsHardwareReadyForConversion
FveIsRecoveryPasswordGroupValidW
FveIsRecoveryPasswordValidW
FveIsVolumeEncryptable
FveLockVolume
FveNotifyVolumeAfterFormat
FveOpenVolumeByHandle
FveOpenVolumeExW
FveOpenVolumeW
FveQuery
FveRevertVolume
FveSelectBestRecoveryPasswordByBackupInformation
FveSetAllowKeyExport
FveSetFipsAllowDisabled
FveSetFveMethod
FveSetRecoveryPasswordBackupInformation
FveSetUserFlags
FveUpgradeVolume
InternalFveIsVolumeEncrypted

Sections

.text
Size: 368KB - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fwbase.dll
.dll windows:10 windows x64 arch:x64

bd9c984c9df7e324aa3aaf289ee1666c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fwbase.pdb

Imports

msvcrt

??1type_info@@UEAA@XZ
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_purecall
memmove_s
_unlock
_vsnprintf_s
_lock
__dllonexit
_onexit
??3@YAXPEAX@Z
??0exception@@QEAA@AEBV0@@Z
wcscpy_s
??1exception@@UEAA@XZ
memmove
memcpy
memcmp
__CxxFrameHandler4
towupper
wcspbrk
iswalpha
wcstok_s
qsort
wcsstr
_vsnwprintf
wcsncmp
wcschr
wcstoul
iswdigit
_wcsnicmp
_ultow
_wcsicmp
wcsncpy_s
_CxxThrowException
memcpy_s
??0exception@@QEAA@XZ
memset

ntdll

RtlIpv4AddressToStringW
RtlIpv4StringToAddressW
NtQueryInformationProcess
RtlContractHashTable
RtlExpandHashTable
RtlEndEnumerationHashTable
RtlEnumerateEntryHashTable
RtlInitEnumerationHashTable
RtlGetNextEntryHashTable
RtlLookupEntryHashTable
RtlRemoveEntryHashTable
RtlInsertEntryHashTable
RtlDeleteHashTable
RtlCreateHashTable
EtwEventWrite
RtlCanonicalizeDomainName
RtlNtStatusToDosError
RtlCreateServiceSid
NtQueryObject
NtClose
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlInitUnicodeString
EtwTraceMessage
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlFreeUnicodeString

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleA
LoadLibraryExW
LoadStringW
FreeLibrary

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegEnumValueW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteTreeW

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
AcquireSRWLockExclusive
CreateEventW
WaitForSingleObject
SetEvent
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
LeaveCriticalSection
ReleaseSRWLockExclusive
OpenSemaphoreW
InitializeCriticalSectionEx
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
AcquireSRWLockShared
ReleaseSRWLockShared
CreateMutexExW
EnterCriticalSection

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem
UnregisterWaitEx

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime
GetComputerNameExW
GetTickCount

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-shlwapi-legacy-l1-1-0

PathCanonicalizeW
PathSkipRootW
PathFindNextComponentW
PathIsRelativeW

api-ms-win-core-file-l1-1-0

GetLongPathNameW
CreateDirectoryW
CreateFileW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

GetTokenInformation
FreeSid
GetAce
GetSecurityDescriptorDacl
IsValidSecurityDescriptor
AllocateAndInitializeSid
AdjustTokenPrivileges
DuplicateTokenEx

api-ms-win-core-processthreads-l1-1-0

SetThreadToken
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
OpenThreadToken
GetCurrentThread
OpenProcessToken
TerminateProcess

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWait
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
SetThreadpoolWait

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

FWIndicatePortInUse_Helper
FwAddrChangeSourceInitialize
FwAddrChangeSourceShutdown
FwAddrChangeSourceSignal
FwAlloc
FwAllocArray
FwAllocCheckSize
FwArrayAppend
FwArrayCat
FwArrayCopy
FwArrayCreateFromRegistry
FwArrayDestroy
FwArrayErase
FwAuthSuiteEmpty
FwAuthSuiteEmptyByVersion
FwAuthorizedAppEncode
FwBaseAlloc
FwBaseAllocCheckSize
FwBaseFree
FwBoolIsEqual
FwBuildIndirectString
FwCanonizeAuthorizedApps
FwChangeSinkCreate
FwChangeSinkDestroy
FwChangeSourceInitialize
FwChangeSourceShutdown
FwChangeSourceSignal
FwChangeSourceSignalStart
FwCloseHandle
FwConstructRemoteMachineSPN
FwCreateDirectory
FwCreateSDDLStringFromPolicyAppId
FwCriticalSectionCreate
FwCriticalSectionDestroy
FwCriticalSectionEnter
FwCriticalSectionLeave
FwDWordMultiply
FwEnableMemTracing
FwEnablePrivilege
FwExpandEnvironmentStrings
FwExtractPortNumber
FwFieldNameMatchStringBegining
FwFinalHash
FwFree
FwFreeCertCriteria
FwFreeRpcCallersProcessInfo
FwGetAppBlockList
FwGetAuthorizedApp
FwGetExpandedCanonicalLongPathName
FwGetIcmpSettings
FwGetLongPathName
FwGetPolicyAppIdFromSDDLString
FwGetProfileIndexFromProfileType
FwGetProfileTypeFromProfileIndex
FwGetRemoteAdminSettings
FwGetRpcCallersProcessImageName
FwGetRpcCallersProcessInfo
FwGetService
FwGetServiceTypes
FwGetServices
FwGetStaticFwPort
FwGetStringId
FwGetStringIdForStatusCode
FwGetSysPathName
FwGetTokenInformation
FwHResultToWindowsError
FwHashtableCreate
FwHashtableDestroy
FwHashtableEmpty
FwHashtableFind
FwHashtableGetNext
FwHashtableInsert
FwHashtableIsEmpty
FwHashtableRemove
FwIOReadPortUseIndications
FwIOWritePortUseIndications
FwIcfAuthBypassServicesDestroy
FwIcfAuthBypassSubNetsDestroy
FwIcfAuthorizedAppCopy
FwIcfAuthorizedAppsCopy
FwIcfAuthorizedAppsDestroy
FwIcfDynamicFwPortDestroy
FwIcfIpV4SubNetsCanonize
FwIcfIpV6SubNetsCanonize
FwIcfSubNetsCopy
FwIcfSubNetsDestroy
FwIcfSubNetsGetScope
FwIcfSubNetsIsEqual
FwImageListDestroy
FwImageListHasImage
FwInitMemoryMgr
FwInitializeHashContext
FwIpV4SubNetDecode
FwIsBuiltInPort
FwIsMachineLocalHost
FwIsValidPorts
FwLicensingIsIoT
FwLicensingIsNetIsolationOnly
FwLicensingIsVAILContainer
FwLicensingIsXbox
FwLoadIndirectString
FwLoadString
FwLookupAccountSid
FwMarshalledMetaDataCopy
FwMarshalledMetaDataInitialize
FwMetaDataAddEnforcementState
FwMetaDataCopy
FwMetaDataFree
FwMetaDataIsEnforcementStatePresent
FwModifySDDLStringWithPolicyAppId
FwMultiByteToWideChar
FwNtStatusToHResult
FwParseEdpCloudResourceStringToNrptRuleList
FwPortsToString
FwProfileTypesToString
FwRegCloseKey
FwRegCreateKey
FwRegDeleteAllValues
FwRegDeleteKey
FwRegDeleteValue
FwRegEnumValueNameAndValueData
FwRegNotifyCreate
FwRegNotifyDestroy
FwRegOpenKey
FwRegQueryDWord
FwRegQueryNumKeys
FwRegQueryNumValues
FwRegQueryString
FwRegSetDWord
FwRegSetString
FwReleasePrivilege
FwRemovePolicyAppIdFromSDDLString
FwReplacePolicyAppIdInSDDLString
FwReportErrorAsNtStatus
FwReportErrorAsWinError
FwReportReturnError
FwResolveIndirectString
FwRestructureHashtable
FwServiceSidCreateInPlace
FwSetMemLeakPolicy
FwShutdownMemoryMgr
FwSidCreate
FwSidDestroy
FwSizeTAdd
FwSizeTMultiply
FwSortAddresses
FwSortInterfaceLUIDs
FwStaticFwPortEncode
FwStaticFwPortEncodeValueName
FwStringArrayCopy
FwStringBuild
FwStringBuildWithPrefix
FwStringCanonicalizeCopy
FwStringConcat
FwStringCopy
FwStringCopyA
FwStringCopyAtoWAlloc
FwStringCopyWtoAAlloc
FwStringPrefixConcat
FwStringPrefixCopy
FwSubNetsEncode
FwSubstituteDeviceName
FwTriggerGetEventForSource
FwTriggerRearm
FwTriggerRegisterWait
FwTriggerUnregisterWait
FwUpdateHash
FwVerifyAuthenticationSet
FwVerifyAuthenticationSetQuery
FwVerifyConnectionSecurityRule
FwVerifyConnectionSecurityRuleQuery
FwVerifyCryptoSet
FwVerifyCryptoSetQuery
FwVerifyFirewallRule
FwVerifyFirewallRuleQuery
FwVerifyMainModeRule
FwVerifyMainModeRuleQuery
FwVerifyNoHeapLeaks
FwWcsICmp
Int_FWVerifyAuthenticationSet
Int_FWVerifyConnectionSecurityRule
Int_FWVerifyCryptoSet
Int_FWVerifyFirewallRule
Int_FWVerifyHyperVRule
Int_FWVerifyMainModeRule
Int_FwIPV4RangeContainsMulticast
Int_FwIPV6RangeContainsMulticast
Int_FwIsV6AddrLoopback
Int_FwValidateAndMigrateSecurityDescriptor
Int_FwValidateComplianceAndReduceAuthSetToVersion
Int_FwValidateComplianceAndReduceConnSecRuleToVersion
Int_FwValidateComplianceAndReduceCryptoSetToVersion
Int_FwValidateComplianceAndReduceFirewallRuleToVersion
Int_FwValidateComplianceAndReduceHyperVRuleToVersion
Int_FwValidateComplianceAndReduceMainModeRuleToVersion
Int_FwValidateSecurityDescriptor
IsAddressesEmpty
IsCSRuleTunnelMode
IsRuleOldAuthApp
IsRuleOldGlobalOpenPort
IsRuleOldv1Compliant
IsRuleOpenPortOrAuthApp
Isv4AddressesEmpty
Isv6AddressesEmpty

Sections

.text
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fwmdmcsp.dll
.dll windows:10 windows x64 arch:x64

8558741a3237ac391338765ef0fed339

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FWMDMCSP.pdb

Imports

msvcrt

__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
memmove
memcpy
__CxxFrameHandler3
??1type_info@@UEAA@XZ
_callnewh
malloc
wcstok_s
isalnum
_wcsicmp
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
__CxxFrameHandler4
_onexit
_CxxThrowException
memcmp
??3@YAXPEAX@Z
memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleExA
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

ReleaseMutex
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
CreateMutexExW
ReleaseSemaphore
TryAcquireSRWLockExclusive
DeleteCriticalSection
InitializeCriticalSectionEx
InitializeSRWLock
AcquireSRWLockShared
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

VariantClear
SysAllocString
SysFreeString
VariantChangeTypeEx
VariantInit
VariantCopy

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
TraceMessage
GetTraceEnableFlags
RegisterTraceGuidsW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-com-l1-1-0

CLSIDFromString
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

ntdll

EtwEventEnabled
EtwEventUnregister
EtwEventRegister
EtwEventWrite
RtlFreeSid

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-appmodel-runtime-l1-1-1

VerifyPackageFamilyName

api-ms-win-appmodel-identity-l1-2-0

AppContainerDeriveSidFromMoniker

fwpolicyiomgr

CalculateOpenPortOrAuthAppAddrStringSize2
OpenPortOrAuthAppAddrToStringInt2
StringToOpenPortOrAuthAppAddress2

firewallapi

FWEnumHyperVRules1
FWFreeHyperVVMCreators0
FWGetHyperVProfileConfig0
FWGetHyperVVMConfig0
FWEnumHyperVVMCreators0
FWEnumDynamicKeywordAddresses_Int
FWFreeDynamicKeywordAddressData0
FwBstrToInterfaceTypes
FwInterfaceTypesToBstr
FwStringToAddresses
FwEmptyWFAddresses
FwGetAddressesAsString
FwBstrToIcmp
FWFreeHyperVRules1
FwBstrToPorts
FWSetHyperVRule1
FWAddHyperVRule1
FWDeleteHyperVRule0
FWSetHyperVProfileConfig0
FWSetHyperVVMConfig0
FWUpdateDynamicKeywordAddress_Int
FWAddDynamicKeywordAddress_Int
FWDeleteDynamicKeywordAddress_Int
FWSetGlobalConfig2
FWSetFirewallRule
FWAddFirewallRule
FWDeleteFirewallRule
FWClosePolicyStore
FWFreeFirewallRulesByHandle
FWOpenPolicyStore
FwIcmpToBstr
FWEnumFirewallRules
FWSetConfig
FWGetGlobalConfig3
FWGetConfig

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 200KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fwpolicyiomgr.dll
.dll windows:10 windows x64 arch:x64

debb28d54e134c5c7b10db8642685233

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FWPolicyIOMgr.pdb

Imports

msvcrt

?terminate@@YAXXZ
wcstok
__C_specific_handler
_initterm
malloc
free
_lock
_amsg_exit
_unlock
_wcsnicmp
wcsncmp
wcstoul
iswdigit
_purecall
__dllonexit
_onexit
_ultow
_wcsicmp
memcpy
??1type_info@@UEAA@XZ
wcsnlen
wcsstr
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
_vsnprintf_s
memcmp
_vsnwprintf
_CxxThrowException
??3@YAXPEAX@Z
??1exception@@UEAA@XZ
memmove_s
__CxxFrameHandler4
memcpy_s
_XcptFilter
memset

ntdll

RtlIpv4StringToAddressW
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlCopySid
RtlLengthSid
RtlIpv6StringToAddressW
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
LoadLibraryExW
DisableThreadLibraryCalls
GetModuleHandleExA
GetModuleHandleW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
TryAcquireSRWLockExclusive
InitializeSRWLock
ReleaseSemaphore
AcquireSRWLockExclusive
OpenSemaphoreW
CreateMutexExW
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
EnterCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForSingleObject
LeaveCriticalSection
ReleaseMutex
CreateSemaphoreExW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CalculateOpenPortOrAuthAppAddrStringSize
CalculateOpenPortOrAuthAppAddrStringSize2
CopyIcmpSettings
CopyIcmpV4Rules
CopyIcmpV6Rules
CreateDefaultAuthAppRule
CreateDefaultIcmpRule
CreateDefaultOpenPortRule
CreateDefaultPerInterfaceIcmpRule
CreateDefaultPerInterfaceOpenPortRule
CreateDefaultRemoteAdminRule
CreateDefaultRule
FWDestroyExtensionDllCriticalSection
FWGPLock
FWGPOCleanup
FWGPOSave
FWGPUnlockEx
FWInitExtensionDllCriticalSection
FWOpenGPOAndGetRegKey
FWPrimitivesSetGPHelperFnPtrs
FWResolveGPONames
FWSetGPHelperFnPtrs
FreeAbsoluteInterfaces
FwAddDynamicKeywordAddressInRegistry
FwAddHyperVVMCreatorToRegistry
FwAddRule
FwAddSet
FwAdvPolicyDecodeFirewallRule
FwAdvPolicyEncodeRule
FwAdvPolicyVerifyFirewallRule
FwAppContainerChangeFree
FwAreAllContainedInAddresses
FwAuthSetFree
FwBinariesFree
FwCSRuleEmpty
FwCSRuleEmptyByBinaryVersion
FwCSRuleFree
FwCSRuleVerify
FwChkBuildSidAndAttributesFree
FwCleanupPhase1Sa
FwClosePolicyStore
FwCompareCSRule
FwCompareFWRule
FwConvertFwRuleToHyperVRule
FwConvertIPv6SubNetToRange
FwCopyAuthSetListToLowerVersion
FwCopyAuthSetToLowerVersion
FwCopyAuthsetToHigherVersion
FwCopyCSRule
FwCopyCryptoSet
FwCopyHyperVPort
FwCopyHyperVRule
FwCopyHyperVVMCreator
FwCopyICMPTypeCode
FwCopyInterfaceIndexes
FwCopyInterfaceLuids
FwCopyLUID
FwCopyMMRule
FwCopyPlatform
FwCopyPortRange
FwCopyPortsContents
FwCopyRule
FwCountAuthAppRules
FwCountGlobalOpenPortRules
FwCreateLocalTempStore
FwCryptoSetFree
FwDecodeDynamicKeywordAddress
FwDeleteAllRules
FwDeleteAllSets
FwDeleteDynamicKeywordAddressInRegistry
FwDeleteHyperVVMCreatorFromRegistry
FwDeleteRule
FwDeleteSet
FwDestroyLocalTempStore
FwDoNothingOnObject
FwDownlevelAuthSetFree
FwDownlevelFirewallRuleEmpty
FwDynamicKeywordAddressIsStringValid
FwEmptyWFRule
FwEncodeDynamicKeywordAddress
FwEncodeSyntacticallyImportantFields
FwEncodeSyntacticallyImportantFieldsInt
FwEnumAllDynamicKeywordAddressesInRegistry
FwEnumHyperVVMCreatorsFromRegistry
FwEnumRules
FwEnumSets
FwEraseGPOStoreBaseKey
FwFindMatchingOpenPortRule
FwFreeDynamicKeywordAddressDataBySchemaVersion
FwFreeDynamicKeywordAddressesInternal
FwFreeHyperVPortsBySchemaVersion
FwFreeHyperVRulesBySchemaVersion
FwFreeHyperVVMCreatorsBySchemaVersion
FwFreeObjects
FwFreeRules
FwFreeSets
FwFreeWFRule
FwGetConfig
FwGetDynamicKeywordOriginFromStoreType
FwGetGlobalConfig
FwGetGlobalConfigFromLocalTempStore
FwGetHyperVProfileConfigFromRegistry
FwGetHyperVVMConfigFromRegistry
FwGetHyperVVMCreatorIdsFromRegistry
FwGetRule
FwGetStoreTypeFromDynamicKeywordOriginType
FwHyperVRuleVerify
FwICFProfileToWfProfile
FwICFProtocolToWfProtocol
FwIPV4RangeContainsMulticast
FwIPV6RangeContainsMulticast
FwInvertAddresses
FwIsV6AddrLoopback
FwMMRuleFree
FwMMRuleVerify
FwMigrateLegacyAuthenticatedBypassSddl
FwMigrateLegacySettings
FwNegateAddresses
FwOpenAppCDbPolicyStore
FwOpenOfflinePolicyStore
FwOpenPolicyStore
FwParseAddressToken
FwParseAllPortVersions
FwParseICMPTypeCodes
FwParseInterfaceType
FwPolioConvertIPv6SubNetToRange
FwPolioCopyAuthSet
FwPolioCopyWFAddressesContents
FwPolioEmptyWFAddresses
FwPolioMergeAddresses
FwReduceHyperVRulesToVersion
FwReduceObjectsToVersion
FwRemoveDuplicateAddresses
FwRuleResolveFlags
FwSddlStringVerify
FwSetConfig
FwSetGlobalConfig
FwSetGlobalConfigInLocalTempStore
FwSetHyperVProfileConfigInRegistry
FwSetHyperVVMConfigInRegistry
FwSetResolveFlags
FwSetRule
FwSetSet
FwSidAndAttributesCopy
FwSidAndAttributesFree
FwSidCopy
FwSidsToString
FwStringToSids
FwSubtractAddresses
FwUniteWFAddressesContents
FwUpdateDynamicKeywordAddressInRegistry
FwUpgradeHyperVVMConfigToProfileConfig
FwVerifyWFRuleSemantics
FwWfProtocolToICFProtocol
GetOpenPortOrAuthAppAddrScope
GetOpenPortorAuthAppAddrAsString
GetOpenPortorAuthAppAsBSTR
GetRemoteAdminSettings
IsEqualAddresses
IsEqualFwPorts
IsFwRuleHyperVApplicable
IsPortsEmpty
IsRuleLegacyICMPSettings
IsRulePerInterfaceIcmp
IsRulePerInterfaceOpenPort
IsUnicastExplicitAddressesEmpty
Isv4Orv6AddressesEmpty
LoadGPExtensionDll
MakeAbsoluteInterfaces
OpenPortOrAuthAppAddrToString
OpenPortOrAuthAppAddrToStringInt2
OpenPortOrAuthAppAddrToStringInt3
SanitizeForPrivacy
StringArrayToOpenPortOrAuthAppAddress
StringToOpenPortOrAuthAppAddress
StringToOpenPortOrAuthAppAddress2
ValidatePortOrAppAddressString

Sections

.text
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gdi32full.dll
.dll windows:10 windows x64 arch:x64

e33ae94957f6d74d63e42e99e12c1cbb

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:39:49:42:11:d1:1c:ea:f3:2a:16:8e:a7:b7:6f:b5:cb:51:d1:7c:c0:af:0a:dd:cd:89:ab:e5:e4:19:71:b5
Signer

Actual PE Digest

60:39:49:42:11:d1:1c:ea:f3:2a:16:8e:a7:b7:6f:b5:cb:51:d1:7c:c0:af:0a:dd:cd:89:ab:e5:e4:19:71:b5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

gdi32full.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Random_device@std@@YAIXZ

api-ms-win-crt-string-l1-1-0

strnlen
strncpy
wcscmp
memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__strnicmp
_o__wcsicmp
_o__wcsnicmp
_o_ceilf
_o_floor
_o_free
memmove
_o_malloc
_o_wcscat_s
_o_wcscpy_s
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__crt_atexit
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_narrow_argv
wcsrchr
wcschr
__std_terminate
__CxxFrameHandler4
__C_specific_handler
memcmp
memcpy

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

GetACP
IsValidLocale
FormatMessageW
GetOEMCP
GetUserDefaultLCID
GetLocaleInfoW
ConvertDefaultLocale
IsDBCSLeadByte
IsDBCSLeadByteEx

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
LocalReAlloc
GlobalAlloc
GlobalFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
LoadLibraryExA
FindResourceExW
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
LoadResource
LoadLibraryExW
GetModuleHandleExA
GetProcAddress
LockResource
FreeLibrary

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
InitializeSRWLock
InitializeCriticalSectionAndSpinCount
CreateEventA
DeleteCriticalSection
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
AcquireSRWLockShared
ReleaseSRWLockShared
SetEvent

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW
K32EnumProcessModulesEx
K32GetModuleBaseNameW
K32GetModuleInformation

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
GetCurrentProcess
ProcessIdToSessionId
GetCurrentThreadId
TlsAlloc
GetCurrentProcessId
GetCurrentThread
TlsFree
TlsGetValue
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemInfo
GetWindowsDirectoryW
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetLocalTime
GetSystemDirectoryW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
SearchPathW

api-ms-win-core-file-l1-1-0

GetFullPathNameW
ReadFile
GetFileSizeEx
DeleteFileW
WriteFile
SetFilePointerEx
GetTempFileNameW
CreateFileW
GetDriveTypeW
SetFilePointer

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegQueryValueExW
RegCloseKey
RegOpenKeyExA
RegOpenKeyExW
RegEnumValueW
RegQueryValueExA
RegQueryInfoKeyW
RegEnumKeyExW

api-ms-win-core-file-l2-1-0

CopyFileExW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-heap-l1-1-0

HeapSize
HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-memory-l1-1-1

VirtualUnlock

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-rtlsupport-l1-1-0

RtlCompareMemory
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlRaiseException

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-security-base-l1-1-0

GetSidSubAuthorityCount
GetSidSubAuthority

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv

api-ms-win-core-heap-obsolete-l1-1-0

GlobalSize
GlobalLock
GlobalUnlock

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrlenA
lstrcmpiW

api-ms-win-core-stringansi-l1-1-0

CharUpperBuffA

gdi32

GdiBatchLimit
CloseFigure
CreateDCA
CreateRectRgn
EndDoc
EndPage
EndPath
ExtTextOutA
ExtTextOutW
FillPath
GetClipBox
GetDeviceCaps
GetFontData
GetRegionData
GetRgnBox
GetTextMetricsA
IntersectClipRect
LineTo
MoveToEx
PolyBezierTo
Rectangle
RestoreDC
SaveDC
SelectClipPath
SelectClipRgn
SelectObject
SetBkMode
SetPolyFillMode
SetStretchBltMode
SetTextAlign
SetTextColor
SetWorldTransform
StartDocW
StartPage
StretchDIBits
pGdiSharedMemory
PolylineTo
PolyDraw
StrokePath
SetMiterLimit
InternalDeleteDC
CreateDCW
SetICMMode
AbortDoc
Escape
CreateScalableFontResourceW
RemoveFontResourceW
LpkGetEditControl
ghICM
LpkpInitializeEditControl
DeleteDC
g_systemCallFilterId
BeginPath
ExtSelectClipRgn
hGetPEBHandle
vSetPldc
bCreateDCW
bDeleteLDC
fpClosePrinter
ExtEscape
pGdiDevCaps
pldcGet
gCookie
gW32PID
GdiGetEntry
gMaxGdiHandleCount
pGdiSharedHandleTable
GdiSetLastError
DeleteObject

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterMemoryBlock

ntdll

RtlpEnsureBufferSize
NtUnmapViewOfSection
NtMapViewOfSection
NtCreateSection
NtOpenThreadToken
RtlNtPathNameToDosPathName
RtlNtStatusToDosError
NtOpenProcessToken
NtQueryInformationToken
RtlQueryActivationContextApplicationSettings
NtVdmControl
NtQuerySystemInformation
NtQueryInformationProcess
TpSimpleTryPost
RtlLengthSid
NtRequestWaitReplyPort
RtlCopySid
NtSecureConnectPort
TpCallbackSetEventOnCompletion
NtRegisterThreadTerminatePort
RtlCaptureStackBackTrace
wcsnlen
LdrFindResourceEx_U
LdrAccessResource
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlAllocateHeap
RtlFreeHeap
RtlUnicodeToMultiByteSize
RtlUnicodeToMultiByteN
RtlDecodePointer
RtlCreateUnicodeStringFromAsciiz
RtlFreeUnicodeString
RtlMultiByteToUnicodeN
RtlInitUnicodeString
NtOpenKey
NtQueryValueKey
NtClose
RtlInitializeCriticalSection
RtlEncodePointer
RtlDeleteCriticalSection
RtlDosPathNameToNtPathName_U
NtOpenFile
NtQueryInformationFile

user32

InflateRect
SetWindowLongPtrW
SendMessageW
GetSystemMetrics
MessageBeep
GetWindowLongPtrW
CreateCaret
GetKeyboardLayoutList
GetKeyboardLayout
SendMessageA
CheckMenuItem
GetClientRect
EnableMenuItem
InvalidateRect
SetProcessDefaultLayout
CharUpperW
GetSysColor
SetRect
GetGuiResources
GetActiveWindow
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
TranslateMessage
PostQuitMessage
GetAppCompatFlags2
GetThreadDpiAwarenessContext
ord2713
GetDC
ReleaseDC
GetWindowRect
InitializeLpkHooks
UserRealizePalette
GetAppCompatFlags
IntersectRect
IsThreadDesktopComposited

win32u

NtGdiCreateBitmapFromDxSurface2
NtGdiCreateClientObj
NtGdiCreateColorSpace
NtGdiCreateColorTransform
NtGdiCreateCompatibleBitmap
NtGdiCreateCompatibleDC
NtGdiCreateDIBBrush
NtGdiCreateDIBSection
NtGdiCreateDIBitmapInternal
NtGdiCreateEllipticRgn
NtGdiCreateHatchBrushInternal
NtGdiCreateMetafileDC
NtGdiCreateOPMProtectedOutput
NtGdiCreateOPMProtectedOutputs
NtGdiCreatePaletteInternal
NtGdiCreatePatternBrushInternal
NtGdiCreatePen
NtGdiCreateRectRgn
NtGdiCreateRoundRectRgn
NtGdiCreateServerMetaFile
NtGdiCreateSessionMappedDIBSection
NtGdiCreateSolidBrush
NtGdiDDCCIGetCapabilitiesString
NtGdiDDCCIGetCapabilitiesStringLength
NtGdiDDCCIGetTimingReport
NtGdiDDCCIGetVCPFeature
NtGdiDDCCISaveCurrentSettings
NtGdiDDCCISetVCPFeature
NtGdiDdCreateFullscreenSprite
NtGdiDdDestroyFullscreenSprite
NtGdiDdNotifyFullscreenSpriteUpdate
NtGdiDdQueryVisRgnUniqueness
NtGdiDeleteClientObj
NtGdiDeleteColorSpace
NtGdiDeleteColorTransform
NtGdiDeleteObjectApp
NtGdiDescribePixelFormat
NtGdiDestroyOPMProtectedOutput
NtGdiDestroyPhysicalMonitor
NtGdiDoBanding
NtGdiDoPalette
NtGdiDrawEscape
NtGdiDrawStream
NtGdiDwmCreatedBitmapRemotingOutput
NtGdiEllipse
NtGdiEnableEudc
NtGdiEndDoc
NtGdiEndGdiRendering
NtGdiEndPage
NtGdiEndPath
NtGdiEngAlphaBlend
NtGdiEngAssociateSurface
NtGdiEngBitBlt
NtGdiEngCheckAbort
NtGdiEngComputeGlyphSet
NtGdiEngCopyBits
NtGdiEngCreateClip
NtGdiEngDeleteClip
NtGdiEngDeletePath
NtGdiEngEraseSurface
NtGdiEngFillPath
NtGdiEngGradientFill
NtGdiEngLineTo
NtGdiEngLockSurface
NtGdiEngMarkBandingSurface
NtGdiEngPaint
NtGdiEngPlgBlt
NtGdiEngStretchBlt
NtGdiEngStretchBltROP
NtGdiEngStrokeAndFillPath
NtGdiEngStrokePath
NtGdiEngTextOut
NtGdiEngTransparentBlt
NtGdiEngUnlockSurface
NtGdiEnsureDpiDepDefaultGuiFontForPlateau
NtGdiEnumFonts
NtGdiEnumObjects
NtGdiEqualRgn
NtGdiEudcLoadUnloadLink
NtGdiExcludeClipRect
NtGdiExtCreatePen
NtGdiExtCreateRegion
NtGdiExtEscape
NtGdiExtFloodFill
NtGdiExtGetObjectW
NtGdiExtSelectClipRgn
NtGdiExtTextOutW
NtGdiFONTOBJ_cGetAllGlyphHandles
NtGdiFONTOBJ_cGetGlyphs
NtGdiFONTOBJ_pQueryGlyphAttrs
NtGdiFONTOBJ_pfdg
NtGdiFONTOBJ_pifi
NtGdiFONTOBJ_pvTrueTypeFontFile
NtGdiFONTOBJ_pxoGetXform
NtGdiFONTOBJ_vGetInfo
NtGdiFillPath
NtGdiFillRgn
NtGdiFlattenPath
NtGdiFlush
NtGdiFontIsLinked
NtGdiForceUFIMapping
NtGdiFrameRgn
NtGdiFullscreenControl
NtGdiGetAndSetDCDword
NtGdiGetAppClipBox
NtGdiGetBitmapBits
NtGdiGetBitmapDimension
NtGdiGetBitmapDpiScaleValue
NtGdiGetBoundsRect
NtGdiGetCOPPCompatibleOPMInformation
NtGdiGetCertificate
NtGdiGetCertificateByHandle
NtGdiGetCertificateSize
NtGdiGetCertificateSizeByHandle
NtGdiGetCharABCWidthsW
NtGdiGetCharSet
NtGdiGetCharWidthInfo
NtGdiGetCharWidthW
NtGdiGetCharacterPlacementW
NtGdiGetColorAdjustment
NtGdiGetColorSpaceforBitmap
NtGdiGetCurrentDpiInfo
NtGdiGetDCDpiScaleValue
NtGdiGetDCDword
NtGdiGetDCObject
NtGdiGetDCPoint
NtGdiGetDCforBitmap
NtGdiGetDIBitsInternal
NtGdiGetDeviceCaps
NtGdiGetDeviceCapsAll
NtGdiGetDeviceWidth
NtGdiGetDhpdev
NtGdiGetETM
NtGdiGetEmbUFI
NtGdiGetEmbedFonts
NtGdiGetEntry
NtGdiGetEudcTimeStampEx
NtGdiGetFontData
NtGdiCreateBitmapFromDxSurface
NtGdiGetFontFileInfo
NtGdiGetFontResourceInfoInternalW
NtGdiGetGlyphIndicesW
NtGdiGetGlyphIndicesWInternal
NtGdiGetGlyphOutline
NtGdiGetKerningPairs
NtGdiGetLinkedUFIs
NtGdiGetMiterLimit
NtGdiGetMonitorID
NtGdiGetNearestColor
NtGdiGetNearestPaletteIndex
NtGdiGetNumberOfPhysicalMonitors
NtGdiGetOPMInformation
NtGdiGetOPMRandomNumber
NtGdiGetObjectBitmapHandle
NtGdiGetOutlineTextMetricsInternalW
NtGdiGetPath
NtGdiGetPerBandInfo
NtGdiGetPhysicalMonitorDescription
NtGdiGetPhysicalMonitors
NtGdiGetPixel
NtGdiGetRandomRgn
NtGdiGetRasterizerCaps
NtGdiGetRealizationInfo
NtGdiGetRegionData
NtGdiGetRgnBox
NtGdiGetServerMetaFileBits
NtGdiGetSpoolMessage
NtGdiGetStats
NtGdiGetStringBitmapW
NtGdiGetSuggestedOPMProtectedOutputArraySize
NtGdiGetSystemPaletteUse
NtGdiGetTextExtent
NtGdiGetTextExtentExW
NtGdiGetTextFaceW
NtGdiGetTextMetricsW
NtGdiGetTransform
NtGdiGetUFI
NtGdiGetUFIPathname
NtGdiGetWidthTable
NtGdiGradientFill
NtGdiHLSurfGetInformation
NtGdiHLSurfSetInformation
NtGdiHT_Get8BPPFormatPalette
NtGdiHT_Get8BPPMaskPalette
NtGdiHfontCreate
NtGdiIcmBrushInfo
NtGdiInit
NtGdiInitSpool
NtGdiIntersectClipRect
NtGdiInvertRgn
NtGdiLineTo
NtGdiMakeFontDir
NtGdiMakeInfoDC
NtGdiMakeObjectUnXferable
NtGdiMakeObjectXferable
NtGdiMaskBlt
NtGdiMirrorWindowOrg
NtGdiModifyWorldTransform
NtGdiMonoBitmap
NtGdiMoveTo
NtGdiOffsetClipRgn
NtGdiOffsetRgn
NtGdiOpenDCW
NtGdiPATHOBJ_bEnum
NtGdiPATHOBJ_bEnumClipLines
NtGdiPATHOBJ_vEnumStart
NtGdiPATHOBJ_vEnumStartClipLines
NtGdiPATHOBJ_vGetBounds
NtGdiPatBlt
NtGdiPathToRegion
NtGdiPlgBlt
NtGdiPolyDraw
NtGdiPolyPatBlt
NtGdiPolyPolyDraw
NtGdiPolyTextOutW
NtGdiPtInRegion
NtGdiPtVisible
NtGdiQueryFontAssocInfo
NtGdiQueryFonts
NtGdiRectInRegion
NtGdiRectVisible
NtGdiRectangle
NtGdiRemoveFontMemResourceEx
NtGdiRemoveFontResourceW
NtGdiRemoveMergeFont
NtGdiResetDC
NtGdiResizePalette
NtGdiRestoreDC
NtGdiRoundRect
NtGdiSTROBJ_bEnum
NtGdiSTROBJ_bEnumPositionsOnly
NtGdiSTROBJ_bGetAdvanceWidths
NtGdiSTROBJ_dwGetCodePage
NtGdiSTROBJ_vEnumStart
NtGdiSaveDC
NtGdiScaleRgn
NtGdiScaleValues
NtGdiScaleViewportExtEx
NtGdiScaleWindowExtEx
NtGdiSelectBitmap
NtGdiSelectBrush
NtGdiSelectClipPath
NtGdiSelectFont
NtGdiSelectPen
NtGdiSetBitmapAttributes
NtGdiSetBitmapBits
NtGdiSetBitmapDimension
NtGdiSetBoundsRect
NtGdiSetBrushAttributes
NtGdiSetBrushOrg
NtGdiSetColorAdjustment
NtGdiSetColorSpace
NtGdiSetDIBitsToDeviceInternal
NtGdiSetFontEnumeration
NtGdiSetFontXform
NtGdiSetIcmMode
NtGdiSetLayout
NtGdiSetLinkedUFIs
NtGdiSetMagicColors
NtGdiSetMetaRgn
NtGdiSetMiterLimit
NtGdiSetOPMSigningKeyAndSequenceNumbers
NtGdiSetPUMPDOBJ
NtGdiSetPixel
NtGdiSetPixelFormat
NtGdiSetRectRgn
NtGdiSetSizeDevice
NtGdiSetSystemPaletteUse
NtGdiSetTextJustification
NtGdiSetUMPDSandboxState
NtGdiSetVirtualResolution
NtGdiStartDoc
NtGdiStartPage
NtGdiStretchBlt
NtGdiStretchDIBitsInternal
NtGdiStrokeAndFillPath
NtGdiStrokePath
NtGdiSwapBuffers
NtGdiTransformPoints
NtGdiTransparentBlt
NtGdiUMPDEngFreeUserMem
NtGdiUnloadPrinterDriver
NtGdiUnmapMemFont
NtGdiUnrealizeObject
NtGdiUpdateColors
NtGdiUpdateTransform
NtGdiWidenPath
NtGdiXFORMOBJ_bApplyXform
NtGdiXFORMOBJ_iGetXform
NtGdiXLATEOBJ_cGetPalette
NtGdiXLATEOBJ_hGetColorTransform
NtGdiXLATEOBJ_iXlate
NtUserSelectPalette
NtGdiGetPublicFontTableChangeCookie
NtGdiGetProcessSessionFonts
NtGdiDdDDIEscape
NtGdiEngDeleteSurface
NtGdiEngCreateDeviceSurface
NtGdiEngDeletePalette
NtGdiEngCreateDeviceBitmap
NtGdiEngCreatePalette
NtGdiEngCreateBitmap
NtGdiCreateHalftonePalette
NtGdiCreateBitmap
NtGdiConvertMetafileRect
NtGdiConfigureOPMProtectedOutput
NtGdiComputeXformCoefficients
NtGdiCombineTransform
NtGdiCombineRgn
NtGdiColorCorrectPalette
NtGdiCloseFigure
NtGdiClearBrushAttributes
NtGdiClearBitmapAttributes
NtGdiCheckBitmapBits
NtGdiChangeGhostFont
NtGdiCancelDC
NtGdiCLIPOBJ_ppoGetPath
NtGdiCLIPOBJ_cEnumStart
NtGdiCLIPOBJ_bEnum
NtGdiBitBlt
NtGdiBeginPath
NtGdiBeginGdiRendering
NtGdiBRUSHOBJ_ulGetBrushColor
NtGdiBRUSHOBJ_pvGetRbrush
NtGdiBRUSHOBJ_pvAllocRbrush
NtGdiBRUSHOBJ_hGetColorTransform
NtGdiBRUSHOBJ_DeleteRbrush
NtGdiArcInternal
NtGdiAnyLinkedFonts
NtGdiAngleArc
NtGdiAlphaBlend
NtGdiAddRemoteMMInstanceToDC
NtGdiAddRemoteFontToDC
NtGdiAddFontResourceW
NtGdiAddFontMemResourceEx
NtGdiAddEmbFontToDC
NtGdiAbortPath
NtGdiAbortDoc
NtGdiGetTextCharsetInfo
NtGdiGetFontUnicodeRanges
NtGdiWaitForTextReady
NtGdiAddInitialFonts
NtGdiGetFontFileData

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-privateprofile-l1-1-0

GetProfileIntW
GetProfileStringW

api-ms-win-core-localization-private-l1-1-0

NlsGetCacheUpdateCount

Exports

Exports

AbortDocImpl
AbortPath
AddFontMemResourceEx
AddFontResourceA
AddFontResourceExA
AddFontResourceExW
AddFontResourceTracking
AddFontResourceWImpl
AngleArc
AnimatePalette
AnyLinkedFonts
Arc
ArcTo
BeginPath
BeginPathImpl
BitBlt
CancelDC
CheckColorsInGamut
ChoosePixelFormat
Chord
ClearBitmapAttributes
ClearBrushAttributes
CloseEnhMetaFile
CloseFigure
CloseFigureImpl
CloseMetaFile
ColorCorrectPalette
ColorMatchToTarget
CombineTransform
CopyEnhMetaFileA
CopyEnhMetaFileW
CopyMetaFileA
CopyMetaFileW
CreateBitmap
CreateBitmapIndirect
CreateBrushIndirect
CreateColorSpaceA
CreateColorSpaceW
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDCAImpl
CreateDCExW
CreateDCW
CreateDIBPatternBrush
CreateDIBPatternBrushPt
CreateDIBSection
CreateDIBitmap
CreateDPIScaledDIBSection
CreateDiscardableBitmap
CreateEllipticRgn
CreateEllipticRgnIndirect
CreateEnhMetaFileA
CreateEnhMetaFileW
CreateFontA
CreateFontIndirectA
CreateFontIndirectExA
CreateFontIndirectExW
CreateFontIndirectW
CreateFontIndirectWImpl
CreateFontW
CreateHalftonePalette
CreateHatchBrush
CreateICA
CreateICW
CreateMetaFileA
CreateMetaFileW
CreatePalette
CreatePatternBrush
CreatePen
CreatePenIndirect
CreatePolyPolygonRgn
CreateRectRgn
CreateRoundRectRgn
CreateScalableFontResourceA
CreateScalableFontResourceWImpl
CreateScaledCompatibleBitmap
CreateSessionMappedDIBSection
CreateSolidBrush
DPtoLP
DeleteColorSpace
DeleteDC
DeleteEMFSpoolData
DeleteEnhMetaFile
DeleteFont
DeleteHDCCFont
DeleteMetaFile
DescribePixelFormat
DeviceCapabilitiesExA
DocumentEventEx
DrawEscape
DwmCreatedBitmapRemotingOutput
DwmGetDirtyRgnImpl
Ellipse
EndDoc
EndDocImpl
EndFormPage
EndPage
EndPageImpl
EndPath
EndPathImpl
EngAcquireSemaphore
EngComputeGlyphSet
EngCreateBitmap
EngCreateDeviceBitmap
EngCreateDeviceSurface
EngCreatePalette
EngCreateSemaphore
EngDeletePalette
EngDeleteSemaphore
EngDeleteSurface
EngFindResource
EngFreeModule
EngGetCurrentCodePage
EngGetDriverName
EngGetPrinterDataFileName
EngLoadModule
EngMultiByteToUnicodeN
EngMultiByteToWideChar
EngQueryEMFInfo
EngQueryLocalTime
EngReleaseSemaphore
EngUnicodeToMultiByteN
EngWideCharToMultiByte
EnumEnhMetaFile
EnumFontFamiliesA
EnumFontFamiliesExA
EnumFontFamiliesExW
EnumFontFamiliesW
EnumFontsA
EnumFontsW
EnumICMProfilesA
EnumICMProfilesW
EnumMetaFile
EnumObjects
EscapeImpl
EudcLoadLinkW
EudcUnloadLinkW
ExcludeClipRect
ExtCreatePen
ExtEscapeImpl
ExtFloodFill
ExtSelectClipRgnImpl
ExtTextOutA
ExtTextOutAImpl
ExtTextOutW
ExtTextOutWImpl
FillPath
FillPathImpl
FillRgn
FixBrushOrgEx
FlattenPath
FloodFill
FontIsLinked
FrameRgn
GdiAddFontResourceW
GdiAddGlsBounds
GdiAddGlsRecord
GdiAddInitialFonts
GdiAlphaBlend
GdiArtificialDecrementDriver
GdiCleanCacheDC
GdiComment
GdiConsoleTextOut
GdiConvertAndCheckDC
GdiConvertBitmap
GdiConvertBitmapV5
GdiConvertBrush
GdiConvertDC
GdiConvertEnhMetaFile
GdiConvertFont
GdiConvertMetaFilePict
GdiConvertPalette
GdiConvertRegion
GdiConvertToDevmodeW
GdiCreateLocalEnhMetaFile
GdiCreateLocalMetaFilePict
GdiCurrentProcessSplWow64
GdiDeleteLocalDC
GdiDeleteSpoolFileHandle
GdiDescribePixelFormat
GdiDisableUMPDSandboxing
GdiDllInitialize
GdiDllInitializeWrapper
GdiDrawStream
GdiEndDocEMF
GdiEndPageEMF
GdiEntry1
GdiEntry10
GdiEntry11
GdiEntry12
GdiEntry14
GdiEntry15
GdiEntry16
GdiEntry2
GdiEntry3
GdiEntry4
GdiEntry5
GdiEntry6
GdiEntry7
GdiEntry8
GdiEntry9
GdiFixUpHandle
GdiFlush
GdiGetBatchLimit
GdiGetBitmapBitsSize
GdiGetCharDimensions
GdiGetDC
GdiGetDevmodeForPage
GdiGetLocalBrush
GdiGetLocalDC
GdiGetLocalFont
GdiGetPageCount
GdiGetPageHandle
GdiGetSpoolFileHandle
GdiGetVariationStoreDelta
GdiGradientFill
GdiHandleBeingTracked
GdiInitializeLanguagePack
GdiIsMetaFileDC
GdiIsMetaPrintDC
GdiIsPlayMetafileDC
GdiIsScreenDC
GdiIsUMPDSandboxingEnabled
GdiLoadType1Fonts
GdiPlayDCScript
GdiPlayEMF
GdiPlayJournal
GdiPlayPageEMF
GdiPlayPrivatePageEMF
GdiPlayScript
GdiPrinterThunk
GdiProcessSetup
GdiQueryTable
GdiRealizationInfo
GdiReleaseLocalDC
GdiResetDCEMF
GdiSetAttrs
GdiSetBatchLimit
GdiSetPixelFormat
GdiSetServerAttr
GdiStartDocEMF
GdiStartPageEMF
GdiSupportsFontChangeEvent
GdiSwapBuffers
GdiTrackHCreate
GdiTrackHDelete
GdiTransparentBlt
GdiValidateHandle
GdiWaitForTextReady
GditGetCallerTLStorage
GditPopCallerInfo
GditPushCallerInfo
GetArcDirection
GetAspectRatioFilterEx
GetBitmapAttributes
GetBitmapBits
GetBitmapDimensionEx
GetBkColor
GetBkMode
GetBoundsRect
GetBrushAttributes
GetBrushOrgEx
GetCharABCWidthsA
GetCharABCWidthsFloatA
GetCharABCWidthsFloatI
GetCharABCWidthsFloatW
GetCharABCWidthsI
GetCharABCWidthsW
GetCharWidth32A
GetCharWidth32W
GetCharWidthA
GetCharWidthFloatA
GetCharWidthFloatW
GetCharWidthI
GetCharWidthW
GetCharacterPlacementA
GetCharacterPlacementW
GetClipBox
GetClipBoxImpl
GetClipRgn
GetCodePage
GetColorAdjustment
GetColorSpace
GetCurrentObject
GetCurrentPositionEx
GetDCBrushColor
GetDCDpiScaleValue
GetDCOrgEx
GetDCPenColor
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetDeviceGammaRamp
GetETM
GetEUDCTimeStamp
GetEUDCTimeStampExW
GetEnhMetaFileA
GetEnhMetaFileBits
GetEnhMetaFileDescriptionA
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetEnhMetaFilePixelFormat
GetEnhMetaFileW
GetFontAssocStatus
GetFontData
GetFontDataImpl
GetFontFileData
GetFontFileInfo
GetFontLanguageInfo
GetFontRealizationInfo
GetFontResourceInfoW
GetFontUnicodeRanges
GetGlyphIndicesA
GetGlyphIndicesW
GetGlyphOutlineA
GetGlyphOutlineW
GetGlyphOutlineWow
GetGraphicsMode
GetHFONT
GetICMProfileA
GetICMProfileW
GetKerningPairsA
GetKerningPairsW
GetLayout
GetLogColorSpaceA
GetLogColorSpaceW
GetMapMode
GetMetaFileA
GetMetaFileBitsEx
GetMetaFileW
GetMetaRgn
GetMiterLimit
GetNearestColor
GetNearestPaletteIndex
GetObjectA
GetObjectType
GetObjectW
GetOutlineTextMetricsA
GetOutlineTextMetricsW
GetPaletteEntries
GetPath
GetPixel
GetPixelFormat
GetPolyFillMode
GetProcessSessionFonts
GetROP2
GetRandomRgn
GetRasterizerCaps
GetRegionData
GetRelAbs
GetRgnBox
GetStockObject
GetStretchBltMode
GetStringBitmapA
GetSystemPaletteEntries
GetSystemPaletteUse
GetTextAlign
GetTextCharacterExtra
GetTextCharset
GetTextCharsetInfo
GetTextColor
GetTextExtentExPointA
GetTextExtentExPointI
GetTextExtentExPointW
GetTextExtentExPointWPri
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentPointA
GetTextExtentPointI
GetTextExtentPointW
GetTextFaceA
GetTextFaceAliasW
GetTextFaceW
GetTextMetricsA
GetTextMetricsAImpl
GetTextMetricsW
GetTransform
GetViewportExtEx
GetViewportOrgEx
GetWinMetaFileBits
GetWindowExtEx
GetWindowOrgEx
GetWorldTransform
IcmDeleteLocalDC
IcmReleaseCachedColorSpace
IntersectClipRect
IntersectClipRectImpl
InvertRgn
IsValidEnhMetaRecord
IsValidEnhMetaRecordOffExt
LPtoDP
LineDDA
LineTo
LineToImpl
LpkDrawTextEx
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkPresent
LpkTabbedTextOut
LpkUseGDIWidthCache
MF_DeleteObjectHelper
MaskBlt
MirrorRgn
ModerncoreCreateICW
ModerncoreDeleteDC
ModerncoreGdiInit
ModifyWorldTransform
MoveToEx
MoveToExImpl
NamedEscape
NtGdiAbortDoc
NtGdiAbortPath
NtGdiAddEmbFontToDC
NtGdiAddFontMemResourceEx
NtGdiAddFontResourceW
NtGdiAddRemoteFontToDC
NtGdiAddRemoteMMInstanceToDC
NtGdiAlphaBlend
NtGdiAngleArc
NtGdiAnyLinkedFonts
NtGdiArcInternal
NtGdiBRUSHOBJ_DeleteRbrush
NtGdiBRUSHOBJ_hGetColorTransform
NtGdiBRUSHOBJ_pvAllocRbrush
NtGdiBRUSHOBJ_pvGetRbrush
NtGdiBRUSHOBJ_ulGetBrushColor
NtGdiBeginGdiRendering
NtGdiBeginPath
NtGdiBitBlt
NtGdiCLIPOBJ_bEnum
NtGdiCLIPOBJ_cEnumStart
NtGdiCLIPOBJ_ppoGetPath
NtGdiCancelDC
NtGdiChangeGhostFont
NtGdiCheckBitmapBits
NtGdiClearBitmapAttributes
NtGdiClearBrushAttributes
NtGdiCloseFigure
NtGdiColorCorrectPalette
NtGdiCombineRgn
NtGdiCombineTransform
NtGdiComputeXformCoefficients
NtGdiConfigureOPMProtectedOutput
NtGdiConvertMetafileRect
NtGdiCreateBitmap
NtGdiCreateBitmapFromDxSurface
NtGdiCreateBitmapFromDxSurface2
NtGdiCreateClientObj
NtGdiCreateColorSpace
NtGdiCreateColorTransform
NtGdiCreateCompatibleBitmap
NtGdiCreateCompatibleDC
NtGdiCreateDIBBrush
NtGdiCreateDIBSection
NtGdiCreateDIBitmapInternal
NtGdiCreateEllipticRgn
NtGdiCreateHalftonePalette
NtGdiCreateHatchBrushInternal
NtGdiCreateMetafileDC
NtGdiCreateOPMProtectedOutput
NtGdiCreateOPMProtectedOutputs
NtGdiCreatePaletteInternal
NtGdiCreatePatternBrushInternal
NtGdiCreatePen
NtGdiCreateRectRgn
NtGdiCreateRoundRectRgn
NtGdiCreateServerMetaFile
NtGdiCreateSessionMappedDIBSection
NtGdiCreateSolidBrush
NtGdiD3dContextCreate
NtGdiD3dContextDestroy
NtGdiD3dContextDestroyAll
NtGdiD3dDrawPrimitives2
NtGdiD3dValidateTextureStageState
NtGdiDDCCIGetCapabilitiesString
NtGdiDDCCIGetCapabilitiesStringLength
NtGdiDDCCIGetTimingReport
NtGdiDDCCIGetVCPFeature
NtGdiDDCCISaveCurrentSettings
NtGdiDDCCISetVCPFeature
NtGdiDdAddAttachedSurface
NtGdiDdAlphaBlt
NtGdiDdAttachSurface
NtGdiDdBeginMoCompFrame
NtGdiDdBlt
NtGdiDdCanCreateD3DBuffer
NtGdiDdCanCreateSurface
NtGdiDdColorControl
NtGdiDdCreateD3DBuffer
NtGdiDdCreateDirectDrawObject
NtGdiDdCreateFullscreenSprite
NtGdiDdCreateMoComp
NtGdiDdCreateSurface
NtGdiDdCreateSurfaceEx
NtGdiDdCreateSurfaceObject

Sections

.text
Size: 664KB - Virtual size: 660KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 324KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
generaltel.dll
.dll windows:10 windows x64 arch:x64

e2ccfe4220d00488eebcf36f01195139

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

eb:9f:0a:10:b4:6f:88:6e:8e:78:d5:70:a8:36:00:b1:ee:c5:ce:51:79:ad:77:56:1f:29:7e:8b:e7:f5:f7:a0
Signer

Actual PE Digest

eb:9f:0a:10:b4:6f:88:6e:8e:78:d5:70:a8:36:00:b1:ee:c5:ce:51:79:ad:77:56:1f:29:7e:8b:e7:f5:f7:a0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

GeneralTel.pdb

Imports

msvcrt

_unlock
_lock
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
fclose
iswdigit
fread
_wfopen_s
malloc
strstr
_wtof
_wtol
_wcsnicmp
__dllonexit
free
wcscpy_s
strchr
_set_errno
strtol
_errno
strncpy_s
_vsnprintf
??_V@YAXPEAX@Z
_wtoi
_wcslwr_s
_wcsicmp
wcsstr
wcsrchr
sprintf_s
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_onexit
memcmp
_vsnwprintf
__CxxFrameHandler3
?terminate@@YAXXZ
strnlen
isspace
strcpy_s
_wcslwr
strncmp
wcscat_s
wcsncmp
_vscwprintf
wcschr
??1type_info@@UEAA@XZ
memset
??3@YAXPEAX@Z
_wcstoui64
wcscmp

rpcrt4

UuidCreate
UuidFromStringW

wdscore

ConstructPartialMsgVW
WdsSetupLogMessageW
CurrentIP

bcrypt

BCryptCreateHash
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptGetProperty
BCryptDestroyHash
BCryptHashData
BCryptCloseAlgorithmProvider

kernel32

WakeAllConditionVariable
LoadLibraryExA
DelayLoadFailureHook
QueryDosDeviceW
GetLogicalDriveStringsW
LocalAlloc
TryAcquireSRWLockExclusive
InitializeSRWLock
RtlCompareMemory
GetModuleHandleExA
OutputDebugStringA
WriteFile
VirtualFree
VirtualAlloc
InitializeCriticalSection
QueryPerformanceCounter
SleepConditionVariableSRW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetPriorityClass
SetPriorityClass
GetCurrentThread
lstrcmpiW
GetComputerNameW
GetSystemFirmwareTable
GetFileAttributesExW
CreateSemaphoreW
OpenWaitableTimerW
CreateWaitableTimerW
GetSystemWindowsDirectoryW
SystemTimeToFileTime
GetLocalTime
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
ReleaseSemaphore
GetModuleHandleExW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
HeapAlloc
GetProcAddress
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
SetWaitableTimer
WaitForMultipleObjects
VerifyVersionInfoW
VerSetConditionMask
CreateFileW
ReadFile
DeviceIoControl
GetSystemTimeAsFileTime
GetSystemTime
GetComputerNameExW
GetVersionExW
GetProductInfo
LoadLibraryExW
FreeLibrary
RaiseException
GetTickCount
WTSGetActiveConsoleSessionId
GetModuleFileNameW
QueryUnbiasedInterruptTime
LocalFree
GetCurrentProcess
UnmapViewOfFile
SetEvent
SignalObjectAndWait
HeapReAlloc
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
LoadLibraryW
GetSystemDirectoryW
GetFileAttributesW
Sleep
CreateEventW
CreateMutexW
CreateEventExW
ExpandEnvironmentStringsW
FindNextFileW
FindClose
MultiByteToWideChar
FindFirstFileW

ntdll

ZwUnmapViewOfSection
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwCreateFile
RtlUpcaseUnicodeChar
ZwCreateSection
RtlxAnsiStringToUnicodeSize
RtlGetNativeSystemInformation
RtlVerifyVersionInfo
RtlReAllocateHeap
RtlInitUnicodeStringEx
ZwMapViewOfSection
RtlInitAnsiString
ZwQuerySystemInformation
ZwQueryValueKey
ZwQueryInformationFile
LdrResSearchResource
ZwClose
ZwOpenKey
RtlDeleteCriticalSection
RtlEqualString
RtlEnterCriticalSection
RtlMultiByteToUnicodeN
RtlInitializeCriticalSection
RtlLeaveCriticalSection
EtwEventUnregister
EtwEventWrite
EtwEventRegister
RtlTimeToSecondsSince1970
ZwEnumerateKey
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
RtlFreeHeap
RtlAllocateHeap
RtlSetThreadErrorMode
RtlGetThreadErrorMode
RtlInitUnicodeString
LdrGetDllHandle
RtlInitString
LdrGetProcedureAddress
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtCreateFile
NtQueryInformationFile
NtClose
RtlAllocateAndInitializeSid
RtlFreeSid
RtlComputeCrc32
RtlDecompressBuffer
WinSqmIsOptedInEx
RtlNtStatusToDosError
RtlImageDirectoryEntryToData

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

CalculateCensusId
DoCensusRun
EnumerateOfficeAddins
EnumerateOfficeDocuments
GetCITDataApr
GetCITTelemetryPoints
RunGeneralTelemetry
RunInUserCxtW
SysprepCleanupEnableCustomTrigger

Sections

.text
Size: 364KB - Virtual size: 362KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hascsp.dll
.dll regsvr32 windows:10 windows x64 arch:x64

e0601c4298aa293fb99e58393efd67c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

hascsp.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o_free
_o_malloc
_o_memcpy_s
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o__cexit
_o__callnewh
__CxxFrameHandler4
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp

oleaut32

SysAllocStringLen
VariantClear
SysAllocString
SysFreeString
VariantInit

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegGetValueW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
CreateProcessW
GetCurrentProcess
TerminateProcess

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
GetModuleHandleW
FreeLibrary
GetModuleHandleExA

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

ReleaseMutex
ReleaseSemaphore
OpenSemaphoreW
CreateSemaphoreExW
WaitForSingleObjectEx
WaitForSingleObject
CreateMutexExW

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc

ncrypt

NCryptFreeObject
NCryptOpenStorageProvider

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventRegister
EventWriteTransfer

crypt32

CryptBinaryToStringW
CryptStringToBinaryW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlPublishWnfStateData
RtlGetPersistedStateLocation

tpmcoreprovisioning

TpmGet_IsTpmVersion20
TpmCertGetHealthStatusRequestBlob
TpmCreateHealthStatusClaim
TpmCertGetWindowsAik
TpmCertGetHealthEndpoint
TpmGet_IsTpmPresent
TpmCertSetHealthForceRetrieve
TpmCertSetHealthEndpoint
TpmCertGetHealthForceRetrieve
TpmCertGetIsActiveZeroExhaust
TpmCertGetHealthCorrelationId
TpmCertGetMaximumSupportedProtocolVersion
TpmCertSetPreferredMaximumProtocolVersion
TpmCertGetPreferredMaximumProtocolVersion
TpmCertGetCurrentProtocolVersion
TpmCertGetHealthStatusCode
TpmCertSetHealthStatusCode
TpmCertGetHealthCert
TpmIsReadyInformation

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetForceRetrieve
GetHealthCert
GetNonce
PolicyManager_PreCheck
SetForceRetrieve
SetNonce

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hmkd.dll
.dll windows:10 windows x64 arch:x64

1677c54969f9e0f007e4a70459e756b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

hmkd.pdb

Imports

msvcrt

free
_amsg_exit
_XcptFilter
??1type_info@@UEAA@XZ
_onexit
memmove
memcpy
__dllonexit
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
wcscmp
??0exception@@QEAA@AEBQEBD@Z
_unlock
_lock
_purecall
_callnewh
_initterm
malloc
memcpy_s
memset
??3@YAXPEAX@Z

tbs

Tbsi_Context_Create
Tbsip_Context_Close
Tbsip_Submit_Command

ncrypt

BCryptDuplicateKey
BCryptImportKey
BCryptEncrypt
BCryptDestroyHash
BCryptFinishHash
BCryptGetProperty
BCryptHashData
BCryptDestroyKey
BCryptDestroySecret
BCryptExportKey
BCryptSecretAgreement
BCryptFinalizeKeyPair
BCryptGenerateKeyPair
BCryptImportKeyPair
BCryptGenRandom
BCryptCreateHash
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
NCryptGetProperty
BCryptDeriveKey

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

Exports

Exports

HMKDCreateHmacKey
HMKDDeriveKey
HMKDGetHmacStatus
HMKDImportHmacKey

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hspfw.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

96:5a:6f:97:81:16:27:f0:89:a4:38:6f:2c:7a:f6:8e:0b:8f:4f:59:ab:a0:70:ef:9a:8f:82:5b:91:9c:16:f8
Signer

Actual PE Digest

96:5a:6f:97:81:16:27:f0:89:a4:38:6f:2c:7a:f6:8e:0b:8f:4f:59:ab:a0:70:ef:9a:8f:82:5b:91:9c:16:f8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
hvax64.exe
.exe windows:10 windows x64 arch:x64

d5aec1c1f764856cfb4155cee3321234

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

17:3d:2d:d5:e6:5d:19:6d:ad:91:bb:b1:68:2f:75:0a:f6:59:4c:cb:f4:3a:e0:62:60:aa:92:3f:78:73:e2:b0
Signer

Actual PE Digest

17:3d:2d:d5:e6:5d:19:6d:ad:91:bb:b1:68:2f:75:0a:f6:59:4c:cb:f4:3a:e0:62:60:aa:92:3f:78:73:e2:b0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

hvax64.pdb

Imports

kdstub

KdInitializeLibrary

Exports

Exports

HvImageInfo
SvmBootInfo

Sections

.rdata
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 114B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CONST
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 95B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

GFIDS
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 772KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Pad1
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Pad2
Size: - Virtual size: 564KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hvix64.exe
.exe windows:10 windows x64 arch:x64

d5aec1c1f764856cfb4155cee3321234

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:81:12:77:1f:8b:ee:9b:14:ab:65:e9:94:c3:43:d3:70:e8:9e:59:67:4e:3f:0e:f1:89:29:de:9d:3c:8c:83
Signer

Actual PE Digest

a1:81:12:77:1f:8b:ee:9b:14:ab:65:e9:94:c3:43:d3:70:e8:9e:59:67:4e:3f:0e:f1:89:29:de:9d:3c:8c:83

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

hvix64.pdb

Imports

kdstub

KdInitializeLibrary

Exports

Exports

HvImageInfo
VmxBootInfo

Sections

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 114B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CONST
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 95B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

GFIDS
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 783KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Pad1
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Pad2
Size: - Virtual size: 396KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hvloader.dll
.dll windows:10 windows x64 arch:x64

741ebb5772463c962280d974916446d4

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:21:60:86:e6:a8:12:07:15:2d:6a:fe:20:80:1a:d8:49:02:4b:05:35:16:b1:d8:6e:9c:e2:53:bc:7d:99:91
Signer

Actual PE Digest

03:21:60:86:e6:a8:12:07:15:2d:6a:fe:20:80:1a:d8:49:02:4b:05:35:16:b1:d8:6e:9c:e2:53:bc:7d:99:91

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

hvloader.pdb

Imports

winload.sys

BlImgGetSigningPolicy
BlMmMapPhysicalAddress
SbArePolicyOptionsSet
RtlIpv6StringToAddressW
OslGenRandomBytes
BlBdGetMacAddressFromSmBiosUuid
SbIsEnabled
RtlAppendUnicodeToString
_wcsicmp
BlGetApplicationEntry
BlImgSetRestrictedSigning
BlGetExecutionEnvironment
BlMmAllocateHeap
BlEnNotifyEvent
_wcsupr
_snwscanf_s
BlSiPaRecordConfigEvent
KdNetGetParameters
BlBdSetupDebugDevice
BlMmReleaseMemoryMap
BlImgSetSigningPolicy
RtlImageNtHeaderEx
RtlUnicodeStringToAnsiString
strncmp
RtlInitAnsiString
BlBdInitializeTransportExtension
BlMmAllocatePhysicalPages
swprintf_s
BlImgQueryCodeIntegrityBootOptions
BlMmEnumerateAllocations
BlMmFreeHeap
BlGetBootOptionBoolean
BlMmTranslateVirtualAddress
BlGetBootOptionString
strstr
KdNetGetNetDataSize
BlMmInitMemoryMapHandle
_wcstoui64
BlGetBootOptionInteger
SbIsDebugPolicyActive
OslGetExportRoutineInModule
OslIsRunningInSecureKernel
BlMmAllocatePages
BlMmUnmapVirtualAddress
BlMmFreePhysicalPages
BlMmFreePages
BlSetVirtualizationLaunched
BlBdGetBootDebugDevice
OslLoadMicrocodeUpdate
BlBdStart
BlBdStop
BlBdGetHvDebugDevice
BlMmGetMemoryMap
BlLogEtwWrite
BlArchIsFiveLevelPagingActive
BlMmAllocatePagesInRange
BlMmRegisterPledgedType
BlMmUnprotectAllocation
BlMmGetAllocationPages
BlPltReadPciConfig
memcpy
BlImgFindSection
BlMmUnpersistAllocations
BlMmAllocatePartitionPhysicalPagesInRangeNuma
OslGetLocalApicId
BlBdGetExtensionName
BlUtlGetAcpiTable
BlMmClosePartition
BlMmPersistAllocation
RtlFreeUnicodeString
_vsnprintf
wcscpy_s
BlBdSetupDebuggingDevice
BlBdGetPciDevicePath
BlLdrPreloadImage
qsort
BlUtlPopulateAcpiTableCache
BlMmOpenPartition
BlMmUnpersistAllocation
BlLdrLoadImage
BlGetProcessorApicIds
BlBdInitializeDeviceDescriptor
BlPltWritePciConfig
BlGetLogicalProcessorCount
_wcsnicmp
BlBdDebuggerConnected
BlTimeQueryPerformanceCounter
DbgPrint
BlArchGetPerformanceCounter
OslGetControlSubkey
OslGetStringValueAtKey
OslGetValueAtKey
OslGetSubkeyAtKey
HvlQueryConnection
BlAmdSlGetTaParameterRegisters
BlTxtGetTprArray
BlAmdSlGetTaCommands
BlAmdSlGetEnabledFeatures
BlTxtGetRlpParkPage
RtlFindClearBits
RtlInitializeBitMap
RtlSetBits
RtlSetBit
__GSHandlerCheck
memset

Exports

Exports

HvlCancelHypervisorLaunch
HvlExchangeDispatchInterface
HvlLaunchHypervisor
HvlLoadHypervisor
HvlPreloadHypervisor
HvlRegisterRuntimeRange
HvlRescindVsm
HvlUpdateMcUpdateStatus

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
icfupgd.dll
.dll regsvr32 windows:10 windows x64 arch:x64

74689acd07936f231d91226a1809f4a6

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

96:cf:03:b7:a8:39:4f:8a:24:5f:c6:54:cc:55:4b:d7:79:1d:d0:92:9c:8a:28:4f:cd:41:fe:6c:2e:90:f6:cd
Signer

Actual PE Digest

96:cf:03:b7:a8:39:4f:8a:24:5f:c6:54:cc:55:4b:d7:79:1d:d0:92:9c:8a:28:4f:cd:41:fe:6c:2e:90:f6:cd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

IcfUpgd.pdb

Imports

msvcrt

_wcsupr_s
wcsstr
wcsncpy_s
malloc
free
wcscpy_s
wcscat_s
_purecall
calloc
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
??3@YAXPEAX@Z
_CxxThrowException
memcpy
memmove
memmove_s
_amsg_exit
_initterm
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_vsnprintf_s
memcpy_s
_vsnwprintf
??1exception@@UEAA@XZ
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler3
_lock
_unlock
_wtol
__dllonexit
_onexit
_errno
wcschr
realloc
_wcsicmp
??0exception@@QEAA@AEBV0@@Z
_XcptFilter
??0exception@@QEAA@XZ
memcmp
memset

kernel32

VirtualQuery
GetSystemInfo
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
VirtualProtect
GetModuleHandleExA
OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
LocalFree
HeapDestroy
HeapReAlloc
HeapSize
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetThreadLocale
GetThreadLocale
GetModuleFileNameW
MultiByteToWideChar
RaiseException
LoadLibraryExW
FreeLibrary
CreateSemaphoreExW
FormatMessageW
GetCurrentThreadId
HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
GetModuleHandleW
GetProcAddress
GetLastError
IsDebuggerPresent
OutputDebugStringW
SetLastError
CloseHandle
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
WaitForSingleObject
OpenSemaphoreW
lstrcmpiW
CreateFileW
WriteFile
WritePrivateProfileStringW
GetVersion
SizeofResource
LockResource
LoadResource
FindResourceExW
GetPrivateProfileSectionW
GetCurrentProcessId
CreateMutexExW

oleaut32

LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
VarUI4FromStr
SysFreeString
SysAllocString
LoadRegTypeLi
SysStringLen
GetErrorInfo

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage
GetTraceEnableFlags
GetTraceLoggerHandle
GetTraceEnableLevel

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance
StringFromGUID2
StringFromCLSID
CoTaskMemRealloc
CoTaskMemAlloc

shlwapi

ord487

ntdll

EtwTraceMessage

api-ms-win-service-management-l1-1-0

CloseServiceHandle
StartServiceW
OpenSCManagerW
OpenServiceW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus
ControlService

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
icsunattend.exe
.exe windows:10 windows x64 arch:x64

000a1ab01b6fc837af5a26b5a9854a1c

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:3e:00:bf:41:f8:cc:f1:2e:a7:fb:dd:12:36:4d:a0:ba:c3:d1:ab:b8:47:09:2c:31:8a:3e:cb:1a:62:ab:2b
Signer

Actual PE Digest

57:3e:00:bf:41:f8:cc:f1:2e:a7:fb:dd:12:36:4d:a0:ba:c3:d1:ab:b8:47:09:2c:31:8a:3e:cb:1a:62:ab:2b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

icsunattend.pdb

Imports

msvcrt

swprintf_s
__getmainargs
__set_app_type
exit
_exit
_cexit
_callnewh
_amsg_exit
malloc
free
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
_XcptFilter
__setusermatherr
memset

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
StringFromCLSID
CoCreateInstance
CoTaskMemFree
CLSIDFromString

api-ms-win-core-synch-l1-1-0

CreateEventW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-ole32-ie-l1-1-0

CoInitialize

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ieframe.dll
.dll regsvr32 windows:10 windows x64 arch:x64

318d90e5fa0986b2f350418ecf12b40d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ieframe.pdb

Imports

shlwapi

ord158
StrRetToStrW
StrCmpNA
ord596
SHRegCreateUSKeyW
SHRegWriteUSValueW
PathMakeSystemFolderW
UrlIsNoHistoryW
ord433
ColorHLSToRGB
ColorRGBToHLS
ord225
PathMakePrettyW
PathIsContentTypeW
GetMenuPosFromID
PathCompactPathExW
PathCompactPathW
StrFromTimeIntervalW
StrFormatKBSizeW
StrRetToBSTR
StrRetToBufW
AssocQueryStringByKeyW
StrFormatByteSizeW
AssocGetPerceivedType
UrlCanonicalizeA
AssocCreate
AssocIsDangerous
ord168
ord172
PathIsDirectoryW
PathIsNetworkPathW
AssocQueryKeyW
AssocQueryStringW
ord354
PathUndecorateW
ord388
ord157
SHCreateShellPalette

msvcrt

sprintf_s
rand_s
wcsncpy_s
_vsnwprintf_s
strnlen
fgets
_wfopen
fclose
strrchr
isalpha
strtol
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
memmove
_ui64tow_s
iswalnum
_snwscanf_s
_isnan
_wcsdup
swscanf_s
wcscmp
_onexit
__C_specific_handler
memcpy_s
bsearch_s
_vsnwprintf
acosf
ceil
ceilf
cosf
expf
floor
floorf
memcmp
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
bsearch
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
wcstol
_wcslwr
wcscspn
__CxxFrameHandler4
_stricmp
atoi
isxdigit
towlower
qsort
_wtol
_wtof
_wmakepath_s
_wsplitpath_s
_ultow_s
iswxdigit
_difftime64
_time64
_i64tow_s
wcstoul
isalnum
isdigit
srand
rand
_wcstoui64
strchr
strncpy_s
realloc
iswdigit
iswascii
iswalpha
wcspbrk
wcscat_s
wcscpy_s
wcsrchr
malloc
strstr
_wcsicmp
wcschr
wcstok_s
wcsncmp
iswspace
powf
sin
sinf
sqrt
sqrtf
_itow_s
_wtoi
wcsstr
wcsnlen
free
memmove_s
_vsnprintf
_wcsnicmp
strcmp
_errno

kernel32

QueueUserWorkItem
GetModuleHandleExA
LoadLibraryA
GetThreadPriority
CompareFileTime
GetCurrentProcess
DuplicateHandle
SetEvent
MoveFileExW
CreateFileW
OpenProcess
OpenThread
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Thread32First
Thread32Next
Sleep
CreateProcessW
UnmapViewOfFile
OpenEventW
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
GetFileAttributesExW
FindFirstFileW
GlobalAlloc
GlobalFree
GetShortPathNameW
GetLongPathNameW
GlobalLock
GlobalUnlock
GetSystemDirectoryA
lstrcmpiA
AcquireSRWLockShared
ReleaseSRWLockShared
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
GetFullPathNameW
GlobalSize
GetSystemDirectoryW
CreateMutexW
WideCharToMultiByte
MultiByteToWideChar
CopyFileW
GetTempPath2W
GetTempFileNameW
GetFileSize
ReadFile
GetPackagesByPackageFamily
SystemTimeToFileTime
GetSystemDefaultLCID
GetVersionExW
GetProductInfo
LocalReAlloc
GetSystemTimeAsFileTime
InitializeCriticalSection
CompareStringOrdinal
GetWindowsDirectoryW
ExpandEnvironmentStringsW
FindFirstStreamW
FindNextStreamW
FindClose
OpenMutexW
CreateEventW
ResetEvent
WriteFile
CreateThread
GetSystemInfo
GetSystemDefaultLocaleName
GetUserDefaultLocaleName
MulDiv
GlobalReAlloc
GetUserDefaultLCID
SetCurrentDirectoryW
RegisterApplicationRestart
RaiseException
InitializeSRWLock
GetTickCount64
TryEnterCriticalSection
WaitForMultipleObjectsEx
InitializeCriticalSectionAndSpinCount
QueryFullProcessImageNameW
GetExitCodeThread
FindFirstFileExW
FindNextFileW
GetProcessIdOfThread
GetFileTime
SetFileTime
SetThreadPriority
ReOpenFile
GetFileAttributesW
GetPrivateProfileIntW
CreateEventExW
GetSystemTime
HeapDestroy
VirtualProtect
VirtualAlloc
VirtualQuery
GetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDateFormatW
IsWow64Process
GetSystemWow64DirectoryA
LocalSize
CreateMutexA
SetThreadExecutionState
GetFileSizeEx
TerminateThread
TlsGetValue
GetComputerNameW
GetProcessId
WaitForMultipleObjects
CreateFileMappingW
MapViewOfFile
GetTimeFormatW
HeapReAlloc
MoveFileW
SetFileAttributesW
GetThreadUILanguage
EncodePointer
WerRegisterCustomMetadata
SetUnhandledExceptionFilter
SetProcessShutdownParameters
GetExitCodeProcess
TlsSetValue
HeapSetInformation
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
lstrcmpiW
lstrcmpW
QueryPerformanceFrequency
QueryPerformanceCounter
FindResourceW
LoadResource
LockResource
SizeofResource
CreateSemaphoreW
VerSetConditionMask
VerifyVersionInfoW
CompareStringW
GetStringScripts
CreateWaitableTimerW
SetWaitableTimerEx
CancelWaitableTimer
LocaleNameToLCID
GetSystemPreferredUILanguages
ResolveLocaleName
GetUserDefaultLangID
GetSystemDefaultLangID
SetEnvironmentVariableW
ResumeThread
TerminateProcess
CheckRemoteDebuggerPresent
GetGeoInfoW
GetUserGeoID
lstrlenW
lstrlenA
GetFileInformationByHandle
SetWaitableTimer
WaitForThreadpoolWorkCallbacks
GetAtomNameW
InitOnceComplete
InitOnceBeginInitialize
RtlCaptureStackBackTrace
GetThreadLocale
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
GetDateFormatEx
GetTimeFormatEx
SetFilePointer
FindNLSStringEx
GetNumberFormatEx
CreateEventA
RtlCaptureContext
GetNativeSystemInfo
GetVersionExA
OpenFileMappingW
GetCommandLineW
WritePrivateProfileStringW
QueryDosDeviceW
GetLogicalDriveStringsW
EnumUILanguagesW
GetLocaleInfoW
FreeResource
CreateTimerQueueTimer
DeleteTimerQueueTimer
GetPrivateProfileStringW
LoadLibraryW
GetTempPathW
LoadLibraryExA
VirtualFree
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
WakeAllConditionVariable
SleepConditionVariableSRW
IsDBCSLeadByte
CompareStringEx
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RegisterWaitForSingleObject
InitializeSListHead
UnlockFile
LockFile
SetFileInformationByHandle
GetUserPreferredUILanguages
K32EnumProcessModules
CreateProcessA
WinExec
K32EnumProcesses
Wow64RevertWow64FsRedirection
K32GetModuleFileNameExW
Wow64DisableWow64FsRedirection
GetSystemWow64DirectoryW
GetCurrentDirectoryW
GetTimeZoneInformationForYear
TzSpecificLocalTimeToSystemTime
VirtualQueryEx
SetThreadPreferredUILanguages
GetThreadPreferredUILanguages
FreeLibraryAndExitThread
GetVersion
FindAtomW
DeleteAtom
AddAtomW
SetProcessWorkingSetSizeEx
FindResourceExW
GetLocaleInfoEx
SearchPathW
CopyFile2
WritePrivateProfileSectionW
CreateFile2
GetCurrentThread
GetUserDefaultUILanguage
GlobalDeleteAtom
GlobalAddAtomW
GetTickCount
ReleaseActCtx
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GetModuleFileNameW
LocalAlloc
LocalFree
DecodePointer
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitOnceExecuteOnce
IsDebuggerPresent
DebugBreak
TlsFree
FreeLibrary
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
CreateMutexExW
HeapAlloc
CloseHandle
OpenSemaphoreW
TlsAlloc
WaitForSingleObjectEx
DisableThreadLibraryCalls
OutputDebugStringW
GetLastError
FormatMessageW
GetACP
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
LoadLibraryExW
GetProcAddress
GetDiskFreeSpaceExW
LCMapStringW
SetEndOfFile
FlushFileBuffers
FlushViewOfFile
LocalFileTimeToFileTime
GetStringTypeW
SetErrorMode
GetEnvironmentVariableW
PackageNameAndPublisherIdFromFamilyName
GetFinalPathNameByHandleW

api-ms-win-downlevel-advapi32-l1-1-0

RegEnumValueA
DeleteAce
AddAce
RegQueryValueExW
GetAclInformation
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
GetSecurityDescriptorDacl
RegEnumValueW
OpenProcessToken
EventWriteTransfer
RegGetValueW
InitializeAcl
RegDeleteTreeW
RegEnumKeyExW
RegOpenKeyExA
RegQueryInfoKeyW
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
IsValidSid
MakeAbsoluteSD
GetTokenInformation
RegDeleteValueW
RegSetValueExW
RegOpenCurrentUser
OpenThreadToken
RegOpenKeyExW
RegCreateKeyExW
TraceEvent
RegCloseKey
EventWriteEx
EventUnregister
EventRegister
EventWrite
CreateProcessAsUserW
CheckTokenMembership
GetLengthSid
GetSecurityDescriptorSacl
GetAce
CopySid
GetKernelObjectSecurity
AddAccessAllowedAceEx

api-ms-win-downlevel-user32-l1-1-0

LoadStringA
LoadStringW
IsCharAlphaNumericW
CharLowerBuffW
CharUpperA
CharPrevW
CharNextW
CharLowerW
CharUpperW

api-ms-win-downlevel-shlwapi-l1-1-0

UrlUnescapeA
PathIsFileSpecW
StrChrNW
PathIsRelativeW
StrCmpLogicalW
UrlCombineA
SHRegSetUSValueW
PathIsRootW
PathIsUNCServerShareW
PathIsUNCServerW
PathGetArgsW
StrCmpNICW
UrlApplySchemeW
StrPBrkW
PathFindNextComponentW
SHRegEnumUSKeyW
SHLoadIndirectString
SHRegQueryUSValueW
SHRegOpenUSKeyA
PathIsUNCW
SHRegGetUSValueW
StrStrIA
PathRemoveFileSpecA
StrStrIW
StrToInt64ExW
StrCmpW
StrToIntExW
StrCmpNCW
StrCmpNIW
PathFindFileNameA
StrCmpNIA
StrCmpIW
PathUnquoteSpacesW
StrSpnW
ParseURLW
UrlCreateFromPathW
PathSearchAndQualifyW
PathParseIconLocationW
PathFileExistsW
UrlGetPartW
UrlIsW
UrlCombineW
StrTrimA
StrCmpCW
PathRemoveBlanksW
PathStripPathW
StrChrW
PathRemoveFileSpecW
PathFindExtensionW
StrCmpNICA
PathFindExtensionA
IsInternetESCEnabled
PathStripToRootW
PathIsPrefixW
PathRemoveExtensionW
StrTrimW
StrCmpNW
StrRStrIW
StrStrW
StrChrIW
StrToIntW
StrStrA
StrCmpCA
UrlGetLocationW
UrlEscapeW
PathRemoveBackslashW
HashData
PathCreateFromUrlAlloc
SHRegGetBoolUSValueW
SHRegOpenUSKeyW
SHRegDeleteUSValueW
SHRegCloseUSKey
UrlCanonicalizeW
PathQuoteSpacesW
StrDupA
StrDupW
PathFindFileNameW
QISearch
PathCreateFromUrlW
PathGetDriveNumberW
GetAcceptLanguagesW
StrRChrW
PathIsURLW
UrlUnescapeW

api-ms-win-downlevel-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-downlevel-normaliz-l1-1-0

IdnToAscii

ntdll

RtlFreeAnsiString
NtClose
RtlIpv6AddressToStringExW
NtQuerySystemInformation
RtlPublishWnfStateData
RtlUnicodeStringToAnsiString
RtlGetDeviceFamilyInfoEnum
RtlIpv4StringToAddressExW
RtlIpv6StringToAddressExW
RtlIpv4AddressToStringExW

advapi32

EventSetInformation
IsTextUnicode
SetNamedSecurityInfoW
GetNamedSecurityInfoW
RegQueryValueW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
RegSetKeyValueW
RegOpenKeyW
CryptGenRandom
RegCreateKeyA
RegDeleteKeyW
CryptAcquireContextW
CryptReleaseContext
RegEnumKeyW
RegDeleteKeyA
CryptSetHashParam
CryptVerifySignatureW
CryptDestroyKey
CryptEncrypt
CryptGetKeyParam
CryptDeriveKey
CryptSetKeyParam
GetSecurityInfo
SetSecurityInfo

gdi32

PatBlt
CreateSolidBrush
CreatePen
CreateDIBSection
CreateFontIndirectA
GetObjectA
GetRgnBox
OffsetRgn
ExtCreateRegion
GetRegionData
RectVisible
GetDCBrushColor
GetDIBits
GetBrushOrgEx
DeleteEnhMetaFile
SetPixel
GdiTransparentBlt
GdiGradientFill
PlayEnhMetaFile
SetStretchBltMode
GdiAlphaBlend
GetCurrentObject
GetClipRgn
CreateHalftonePalette
ExcludeClipRect
GetTextAlign
SetTextAlign
GetTextExtentPointW
SetViewportExtEx
CombineRgn
SetRectRgn
EqualRgn
PtInRegion
CreateRoundRectRgn
StretchBlt
GdiFlush
SetLayout
GetClipBox
SetDCPenColor
SetDCBrushColor
GetTextColor
GetBkMode
GetTextExtentExPointW
ExtTextOutW
CreateBitmap
OffsetWindowOrgEx
GetPixel
GetLayout
SelectClipRgn
CreateDIBPatternBrushPt
CreatePatternBrush
StretchDIBits
SetBrushOrgEx
GetBkColor
CreatePolygonRgn
DeleteObject
SelectObject
GetTextExtentPoint32W
GetObjectW
GetDeviceCaps
SetBkColor
CreateFontIndirectW
GetTextMetricsW
SetTextColor
SetBkMode
TextOutW
DeleteDC
RestoreDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
CreateDCW
IntersectClipRect
CreateDCA
CreateEnhMetaFileA
CloseEnhMetaFile
CreateMetaFileW
SetWindowExtEx
CloseMetaFile
CreateRectRgnIndirect
GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetPaletteEntries
SetPaletteEntries
SelectPalette
RealizePalette
CreatePalette
Rectangle
MoveToEx
LineTo
CreateFontW
CreateRectRgn

user32

SendMessageTimeoutW
FindWindowExW
IsWindow
GetWindowLongW
UnhookWindowsHookEx
DestroyWindow
CallNextHookEx
GetFocus
SetWindowsHookExW
InsertMenuW
SetMenuDefaultItem
GetClassNameW
GetPropW
SetDlgItemTextW
ShowWindow
SetFocus
GetWindowRect
SetWindowTextW
GetClientRect
GetWindowInfo
AdjustWindowRect
SetWindowPos
GetComboBoxInfo
MonitorFromWindow
GetMonitorInfoW
GetDlgItemTextW
SetPropW
RemovePropW
SetThreadDpiAwarenessContext
GetDesktopWindow
RegisterWindowMessageA
RegisterClassExW
ClientToScreen
MoveWindow
GetKeyState
TranslateMessage
DispatchMessageW
WaitMessage
GetAsyncKeyState
IsDialogMessageW
MapWindowPoints
DestroyIcon
CheckDlgButton
CopyIcon
InvalidateRect
LoadMenuW
SetMenuItemInfoW
TrackPopupMenu
GetDlgCtrlID
SetTimer
SetWindowLongW
GetShellWindow
SetForegroundWindow
GetLastActivePopup
MonitorFromRect
OffsetRect
IntersectRect
InsertMenuItemW
GetMessagePos
TrackPopupMenuEx
AppendMenuW
SetRectEmpty
IsRectEmpty
CheckRadioButton
GetSysColor
DrawIconEx
DeleteMenu
GetMenuItemID
WinHelpW
PeekMessageW
MsgWaitForMultipleObjectsEx
PostQuitMessage
GetMessageTime
AttachThreadInput
GetWindow
EndPaint
BeginPaint
DestroyAcceleratorTable
GetMessageW
TranslateAcceleratorW
CopyAcceleratorTableW
GetWindowTextW
MessageBeep
KillTimer
LoadAcceleratorsW
GetCursorPos
CreateMenu
CheckMenuRadioItem
UnionRect
PtInRect
CallWindowProcW
EqualRect
SetWindowRgn
ScreenToClient
GetDoubleClickTime
GetCapture
DrawTextW
SetClipboardViewer
ChangeClipboardChain
WindowFromPoint
GetClassInfoExW
wsprintfW
FillRect
GetWindowTextLengthW
GetSystemMenu
IsIconic
FlashWindowEx
GetClipboardFormatNameW
LockSetForegroundWindow
DdeCreateDataHandle
DdeQueryStringW
DdeGetData
GetForegroundWindow
DdeConnect
DdeClientTransaction
DdeDisconnect
DdeCreateStringHandleW
DdeFreeStringHandle
DdeFreeDataHandle
DdeInitializeW
DdeUninitialize
DdeNameService
SetCursorPos
SetCapture
ReleaseCapture
EnumWindows
GetActiveWindow
IsHungAppWindow
GetWindowLongPtrA
GetWindowDC
GetSysColorBrush
GetWindowThreadProcessId
DrawFocusRect
TrackMouseEvent
SendInput
SetRect
GetGUIThreadInfo
SetProcessDpiAwarenessContext
CopyImage
ShowOwnedPopups
PostThreadMessageW
GetWindowPlacement
MonitorFromPoint
CopyRect
GetTitleBarInfo
IsZoomed
EnumThreadWindows
GetKeyboardState
SetKeyboardState
PrintWindow
InSendMessage
GetMenuState
GetQueueStatus
RedrawWindow
WaitForInputIdle
ChildWindowFromPointEx
NotifyWinEvent
GetMessageExtraInfo
LoadBitmapW
SystemParametersInfoA
GetDialogBaseUnits
GetScrollInfo
SetScrollInfo
ShowScrollBar
SetScrollPos
GetLastInputInfo
SetWindowPlacement
ReplyMessage
AnimateWindow
SetActiveWindow
ChangeWindowMessageFilterEx
GetClassWord
EnumDesktopWindows
EnumDisplayMonitors
OpenClipboard
GetClipboardData
CloseClipboard
GetKeyboardLayout
GetDpiForWindow
GetDpiForSystem
SystemParametersInfoForDpi
GetSystemMetricsForDpi
FindWindowW
wvsprintfW
VkKeyScanExW
DrawEdge
GetClipCursor
GetNextDlgTabItem
GetMenuStringW
AdjustWindowRectEx
GetUpdateRect
ValidateRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
UpdateLayeredWindow
SetClipboardData
DrawTextExW
ShowCaret
HideCaret
GetCaretBlinkTime
EndMenu
ScrollWindowEx
UpdateWindow
SetLayeredWindowAttributes
GetRawInputData
DrawFrameControl
RegisterRawInputDevices
GetCursor
SendNotifyMessageW
SetMenu
ChildWindowFromPoint
VkKeyScanW
GetMenuItemRect
GetTopWindow
GetDlgItemInt
SetDlgItemInt
CreateIconIndirect
EnumDisplaySettingsW
EmptyClipboard
CharPrevA
CharNextA
PostMessageW
GetParent
DestroyMenu
SendMessageW
ReleaseDC
GetDC
GetSystemMetrics
UnregisterClassW
SendDlgItemMessageW
LoadIconW
RegisterWindowMessageW
LoadImageW
RegisterClipboardFormatW
IsWindowVisible
AllowSetForegroundWindow
EnableWindow
GetAncestor
SetWindowLongA
GetWindowLongA
SendMessageA
SetParent
SystemParametersInfoW
FindWindowA
CreateWindowExW
DefWindowProcW
GetMenuDefaultItem
CreatePopupMenu
LoadCursorW
SetCursor
IsChild
MsgWaitForMultipleObjects
DialogBoxParamW
MessageBoxW
IsDlgButtonChecked
GetWindowLongPtrW
SetWindowLongPtrW
EndDialog
GetDlgItem
RegisterClassW
GetClassInfoW
CheckMenuItem
EnableMenuItem
RemoveMenu
GetSubMenu
GetMenuItemCount
CreateDialogParamW
MessageBoxIndirectW
MapVirtualKeyW
GetKeyNameTextW
FrameRect
GetIconInfo
LoadCursorFromFileW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetClassLongW
GetWindowRgnBox
SubtractRect
CreateCaret
DestroyCaret
SetCaretPos
GetPropA
SetPropA
RemovePropA
IsWindowEnabled
GetMenuItemInfoW
InflateRect
EnumChildWindows

ole32

StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoGetObject
CoInitialize
CreateBindCtx
ReleaseStgMedium
CoAllowSetForegroundWindow
OleRegGetUserType
MkParseDisplayName
OleGetClipboard
OleInitialize
DoDragDrop
OleUninitialize
OleDraw
StgCreateDocfile
OleCreateFromData
OleRun
OleRegGetMiscStatus
CreateOleAdviseHolder
OleRegEnumVerbs
WriteClassStm
OleSaveToStream
OleLoadFromStream
OleSave
CreateDataAdviseHolder
RevokeDragDrop
RegisterDragDrop
GetRunningObjectTable
OleSetClipboard
CoFileTimeNow
OleFlushClipboard
ReadClassStm
HBITMAP_UserSize
HBITMAP_UserMarshal
HBITMAP_UserUnmarshal
OleSetContainedObject
RoGetAgileReference
PropVariantCopy
CoTaskMemRealloc

oleaut32

SafeArrayCreate
SafeArrayGetElement
OleCreatePropertyFrameIndirect
SafeArrayPutElement
SysAllocStringByteLen
VariantChangeType
LoadRegTypeLi
VariantCopyInd
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayCopy
SafeArrayGetDim
SafeArrayRedim
SafeArrayGetUBound
VariantCopy
SysReAllocStringLen
SysStringByteLen
SysAllocStringLen
VariantClear
SysReAllocString
SafeArrayDestroy
SysStringLen
SysAllocString
SysFreeString
OleCreatePropertyFrame
VariantInit
SystemTimeToVariantTime
LoadTypeLi
SafeArrayUnlock
VariantTimeToSystemTime
VarBstrCmp
SafeArrayGetVartype

shell32

ord18
ord129
ord134
ord22
SHGetKnownFolderItem
ord136
ord747
SHPathPrepareForWriteW
SHGetFolderPathAndSubDirW
SHSetLocalizedName
DuplicateIcon
SHGetKnownFolderIDList
ord98
SHCreateItemInKnownFolder
ord100
ord176
ord16
ord19
ord190
ord165
SHGetPathFromIDListW
SHGetDesktopFolder
SHParseDisplayName
ord75
ord6
ord162
ord74
ord171
SHChangeNotify
SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW
ord77
SHGetFileInfoW
Shell_GetCachedImageIndexW
SHGetFolderPathW
ord88
SHBindToParent
SHGetKnownFolderPath
ord21
ord132
ord147
ord102
ord164
SHOpenWithDialog
SHBindToFolderIDListParent
SHCreateItemWithParent
ord727
ord71
SHGetSpecialFolderLocation
SHCreateItemFromIDList
ord155
ord24
ord153
ord67
ord68
ord193
SHCreateShellItemArrayFromDataObject
SHBrowseForFolderW
ord73
ord174
ord196
ord195
ExtractIconW
ord62
DragQueryFileW
SHCreateDirectoryExW
ord59
ord152
ord680
ord846
ord27
ShellAboutW
ord4
ord2
SHAppBarMessage
SHCreateDefaultExtractIcon
ord83
SHGetFolderLocation
SHOpenFolderAndSelectItems
SHBindToObject
ord85
SHGetInstanceExplorer
SHCreateShellItemArrayFromIDLists
ord23
ord17
ExtractIconExW
ord43
SHCreateItemFromParsingName
ord644
ord645
ShellExecuteA
ord25
SHFileOperationW
Shell_NotifyIconA
Shell_NotifyIconW
SHGetFolderPathA

iertutil

ord799
ord33
ord688
ord281
ord282
ord140
ord302
ord687
ord301
ord397
ord601
ord681
ord98
ord82
ord683
ord36
ord174
ord72
ord62
ord231
ord157
ord50
ord311
ord312
ord314
ord175
ord230
ord201
ord205
ord97
ord88
ord86
ord700
ord73
ord46
ord93
ord209
ord87
ord685
ord39
ord608
ord609
ord466
ord820
ord660
ord202
ord66
ord60
ord203
ord204
ord206
IntlPercentEncodeNormalize
ord163
ord57
ord99
ord37
ord686
ord684
ResetIDNLanguageData
ord764
ord775
ord795
GetIUriPriv
ord794
CreateUriWithFragment
ord77
ord139
ord40
ord96
ord137
ord41
ord76
CreateIUriBuilder
ord679
ord91
ord89
ord28
ord24
ord100
ord49
ord59
ord155
ord67
ord80
ord916
ord150
ord701
ord95
ord70
ord61
ord64
ord68
ord63
ord153
ord20
ord151
ord793
ord398
ord166
ord792
ord682
ord790
ord58
ord138
ord32
ord44
ord304
ord303
ord42
CreateUri
ord81
ord74
ord79
ord85
ord796
ord232
ord791
ord663
ord652
ord662
ord71
ord668
ord170
ord78
ord90
ord56
ord654
ord54
ord65
ord45
ord35
ord134
ord55
ord658
ord672
ord677
ord653
ord669
ord678
ord34
ord670
ord650
ord657
ord655
ord651
ord665
ord661
ord675
ord656
ord690
ord84
ord597
ord594
ord172
ord17
ord124
ord30
ord300
ord16

rpcrt4

UuidCreateSequential
I_RpcBindingInqLocalClientPID
RpcServerInqBindingHandle
UuidEqual

version

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

kernelbase

GetEffectivePackageStatusForUser
ChrCmpIW
OpenGlobalizationUserSettingsKey
GetSystemDefaultUILanguage
LCIDToLocaleName
lstrcmpA
GetStagedPackageOrigin

userenv

GetProfileType

winhttp

WinHttpGetIEProxyConfigForCurrentUser

Exports

Exports

AddUrlToFavorites
CORLockDownProvider
CreateExtensionGuidEnumerator
DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllInstall
DllRegisterServer
DllUnregisterServer
DoAddToFavDlg
DoAddToFavDlgW
DoBlobDownload
DoFileDownload
DoFileDownloadEx
DoOrganizeFavDlg
DoOrganizeFavDlgW
DoPrivacyDlg
ExportCookieFileByProcessW
HlinkFindFrame
HlinkFrameNavigate
HlinkFrameNavigateNHL
IEAssociateThreadWithTab
IECancelSaveFile
IECreateDirectory
IECreateFile
IEDeleteFile
IEDisassociateThreadWithTab
IEFindFirstFile
IEGetFileAttributesEx
IEGetProtectedModeCookie
IEGetWriteableFolderPath
IEGetWriteableHKCU
IEInPrivateFilteringEnabled
IEIsInPrivateBrowsing
IEIsProtectedModeProcess
IEIsProtectedModeURL
IELaunchManageAddOnsUI
IELaunchURL
IEMoveFileEx
IERefreshElevationPolicy
IERegCreateKeyEx
IERegSetValueEx
IERegisterWritableRegistryKey
IERegisterWritableRegistryValue
IERemoveDirectory
IESaveFile
IESetProtectedModeCookie
IESetProtectedModeCookieEx
IEShowOpenFileDialog
IEShowSaveFileDialog
IETrackingProtectionEnabled
IEUnregisterWritableRegistry
ImportCookieFileByProcessW
ImportPrivacySettings
OpenURL
SHAddSubscribeFavorite
SetQueryNetSessionCount
SoftwareUpdateMessageBox
TriggerFileDownload
URLQualifyA
URLQualifyW

Sections

.text
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 324KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ExtTel
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iemigplugin.dll
.dll regsvr32 windows:10 windows x64 arch:x64

86d4e273412b109e699e3781e0b0ea26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

IEMigPlugin.pdb

Imports

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx

kernel32

DisableThreadLibraryCalls
InitOnceExecuteOnce
GetCommandLineA
FlsSetValue
GetVersionExW
EncodePointer
GetLastError
SetLastError
FlsAlloc
FlsGetValue
FlsFree
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
GetProcAddress
HeapCreate
HeapDestroy
HeapSetInformation
GetStdHandle
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapReAlloc
DecodePointer
OutputDebugStringA
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
Sleep
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointer
MultiByteToWideChar
GetStringTypeW
LCMapStringW
LoadLibraryExW
SetStdHandle
WriteConsoleW
IsProcessorFeaturePresent
SetThreadStackGuarantee
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
CreateFileW
CloseHandle
FlushFileBuffers
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
HeapSize

oleaut32

SysFreeString
SysAllocString

shlwapi

ord219

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
imm32.dll
.dll windows:10 windows x64 arch:x64

97278064c7a4a349de4072067abef899

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

23:73:0a:06:2d:66:ee:1f:ca:c2:50:13:25:32:d7:a2:71:fb:f2:84:99:08:68:1f:79:ab:ff:a4:56:aa:39:10
Signer

Actual PE Digest

23:73:0a:06:2d:66:ee:1f:ca:c2:50:13:25:32:d7:a2:71:fb:f2:84:99:08:68:1f:79:ab:ff:a4:56:aa:39:10

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

imm32.pdb

Imports

ntdll

RtlUnicodeStringToInteger
_wcsicmp
RtlIntegerToUnicodeString
NtQuerySystemInformation
wcstol
RtlDeleteCriticalSection
_vsnwprintf
__C_specific_handler
RtlInitializeCriticalSection
RtlIsThreadWithinLoaderCallout
RtlLookupFunctionEntry
RtlCaptureContext
RtlDllShutdownInProgress
RtlVirtualUnwind
RtlLeaveCriticalSection
memcpy
RtlEnterCriticalSection
RtlUnicodeToMultiByteSize
memcmp
RtlSetLastWin32Error
memset

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree

api-ms-win-core-processthreads-l1-1-0

TlsAlloc
GetCurrentProcess
TlsFree
GetCurrentThreadId
TlsSetValue
TlsGetValue
GetCurrentProcessId
CreateThread
TerminateProcess

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

FreeSid
CheckTokenMembership
AllocateAndInitializeSid

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx

api-ms-win-core-heap-l2-1-0

LocalFree
LocalUnlock
LocalLock
GlobalAlloc
GlobalFree
LocalReAlloc
LocalAlloc

api-ms-win-core-localization-l1-2-0

IsDBCSLeadByteEx
GetSystemDefaultLCID
GetLocaleInfoW
GetThreadLocale
IsDBCSLeadByte
GetACP

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExW
LoadLibraryExW
GetProcAddress
FreeLibrary

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW

api-ms-win-core-file-l1-1-0

GetFullPathNameW
CreateFileW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-wow64-l1-1-1

GetSystemWow64DirectoryW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
OpenFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-kernel32-legacy-l1-1-0

OpenFile

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrlenA
lstrlenW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalSize
GlobalUnlock
LocalFlags
LocalSize
GlobalLock

api-ms-win-core-privateprofile-l1-1-0

GetProfileIntW

api-ms-win-core-appcompat-l1-1-0

BaseCheckAppcompatCache

win32u

NtUserDestroyInputContext
NtUserAssociateInputContext
NtUserCreateInputContext
NtUserGetImeHotKey
NtUserSetImeInfoEx
NtUserQueryWindow
NtUserDisableThreadIme
NtUserUpdateInputContext
NtUserGetImeInfoEx
NtUserGetAppImeLevel
NtUserSetAppImeLevel
NtUserSetThreadLayoutHandles
NtUserBuildHimcList
NtUserQueryInputContext
NtUserMapDesktopObject
NtUserValidateHandleSecure
NtUserGetThreadState
NtUserNotifyIMEStatus

Exports

Exports

CtfImmAppCompatEnableIMEonProtectedCode
CtfImmCoUninitialize
CtfImmDispatchDefImeMessage
CtfImmEnterCoInitCountSkipMode
CtfImmGenerateMessage
CtfImmGetCompatibleKeyboardLayout
CtfImmGetGlobalIMEStatus
CtfImmGetGuidAtom
CtfImmGetIMEFileName
CtfImmGetTMAEFlags
CtfImmHideToolbarWnd
CtfImmIsCiceroEnabled
CtfImmIsCiceroStartedInThread
CtfImmIsComStartedInThread
CtfImmIsGuidMapEnable
CtfImmIsTextFrameServiceDisabled
CtfImmLastEnabledWndDestroy
CtfImmLeaveCoInitCountSkipMode
CtfImmNotify
CtfImmRestoreToolbarWnd
CtfImmSetAppCompatFlags
CtfImmSetCiceroStartInThread
CtfImmSetDefaultRemoteKeyboardLayout
CtfImmTIMActivate
GetKeyboardLayoutCP
ImmActivateLayout
ImmAssociateContext
ImmAssociateContextEx
ImmCallImeConsoleIME
ImmConfigureIMEA
ImmConfigureIMEW
ImmCreateContext
ImmCreateIMCC
ImmCreateSoftKeyboard
ImmDestroyContext
ImmDestroyIMCC
ImmDestroySoftKeyboard
ImmDisableIME
ImmDisableIme
ImmDisableLegacyIME
ImmDisableTextFrameService
ImmEnumInputContext
ImmEnumRegisterWordA
ImmEnumRegisterWordW
ImmEscapeA
ImmEscapeW
ImmFreeLayout
ImmGenerateMessage
ImmGetAppCompatFlags
ImmGetCandidateListA
ImmGetCandidateListCountA
ImmGetCandidateListCountW
ImmGetCandidateListW
ImmGetCandidateWindow
ImmGetCompositionFontA
ImmGetCompositionFontW
ImmGetCompositionStringA
ImmGetCompositionStringW
ImmGetCompositionWindow
ImmGetContext
ImmGetConversionListA
ImmGetConversionListW
ImmGetConversionStatus
ImmGetDefaultIMEWnd
ImmGetDescriptionA
ImmGetDescriptionW
ImmGetGuideLineA
ImmGetGuideLineW
ImmGetHotKey
ImmGetIMCCLockCount
ImmGetIMCCSize
ImmGetIMCLockCount
ImmGetIMEFileNameA
ImmGetIMEFileNameW
ImmGetImeInfoEx
ImmGetImeMenuItemsA
ImmGetImeMenuItemsW
ImmGetOpenStatus
ImmGetProperty
ImmGetRegisterWordStyleA
ImmGetRegisterWordStyleW
ImmGetStatusWindowPos
ImmGetVirtualKey
ImmIMPGetIMEA
ImmIMPGetIMEW
ImmIMPQueryIMEA
ImmIMPQueryIMEW
ImmIMPSetIMEA
ImmIMPSetIMEW
ImmInstallIMEA
ImmInstallIMEW
ImmIsIME
ImmIsUIMessageA
ImmIsUIMessageW
ImmLoadIME
ImmLoadLayout
ImmLockClientImc
ImmLockIMC
ImmLockIMCC
ImmLockImeDpi
ImmNotifyIME
ImmProcessKey
ImmPutImeMenuItemsIntoMappedFile
ImmReSizeIMCC
ImmRegisterClient
ImmRegisterWordA
ImmRegisterWordW
ImmReleaseContext
ImmRequestMessageA
ImmRequestMessageW
ImmSendIMEMessageExA
ImmSendIMEMessageExW
ImmSetActiveContext
ImmSetActiveContextConsoleIME
ImmSetCandidateWindow
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmSetCompositionStringW
ImmSetCompositionWindow
ImmSetConversionStatus
ImmSetHotKey
ImmSetOpenStatus
ImmSetStatusWindowPos
ImmShowSoftKeyboard
ImmSimulateHotKey
ImmSystemHandler
ImmTranslateMessage
ImmUnlockClientImc
ImmUnlockIMC
ImmUnlockIMCC
ImmUnlockImeDpi
ImmUnregisterWordA
ImmUnregisterWordW
ImmWINNLSEnableIME
ImmWINNLSGetEnableStatus
ImmWINNLSGetIMEHotkey

Sections

.text
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
immersivetpmvscmgrsvr.exe
.exe windows:10 windows x64 arch:x64

30e06e4a84d544725801993d6c1fac32

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ImmersiveTpmVscMgrSvr.pdb

Imports

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey

kernel32

GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
InitializeCriticalSection
GetCommandLineW
SetEvent
DeleteCriticalSection
RaiseException
Sleep
GetModuleFileNameW
LoadLibraryExW
CreateEventW
CreateThread
RaiseFailFastException
ResolveDelayLoadedAPI
DelayLoadFailureHook

user32

PostThreadMessageW
CharUpperW
GetMessageW
TranslateMessage
DispatchMessageW
GetSystemMetrics
UnregisterClassA
CharNextW

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
__current_exception
__current_exception_context
_CxxThrowException
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
__C_specific_handler_noexcept
_o___stdio_common_vswprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___stdio_common_vsnprintf_s
memcpy
_o___p__commode
memmove

oleaut32

SysAllocString
LoadTypeLi
SysStringLen
SysFreeString
RegisterTypeLi
UnRegisterTypeLi

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoResumeClassObjects
StringFromGUID2
CoGetMalloc
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoSuspendClassObjects
CoSetProxyBlanket
CoTaskMemFree
CoCreateGuid

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-libraryloader-l1-2-0

LockResource
FindResourceExW
FreeLibrary
LoadResource

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchRemoveFileSpec

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

api-ms-win-security-base-l1-1-0

CreateWellKnownSid

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-file-l1-1-0

CreateDirectoryW

bcrypt

BCryptDestroyKey
BCryptEncrypt
BCryptOpenAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptGetProperty
BCryptCloseAlgorithmProvider

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventActivityIdControl

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-heap-l1-1-0

HeapReAlloc

profapi

ord104

ntdll

RtlNtStatusToDosErrorNoTeb
RtlNtStatusToDosError

setupapi

SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInfoW
SetupGetInfDriverStoreLocationW
SetupDiGetDevicePropertyW
SetupDiCreateDeviceInfoList
SetupDiSetDevicePropertyW

winscard

SCardEstablishContext
SCardGetReaderDeviceInstanceIdW
SCardReleaseStartedEvent
SCardListReadersW
SCardAccessStartedEvent
SCardListReadersWithDeviceInstanceIdW
SCardDisconnect
SCardConnectW
SCardReleaseContext
SCardGetStatusChangeW
SCardListCardsW
SCardGetCardTypeProviderNameW
SCardBeginTransaction
SCardReconnect
SCardEndTransaction
SCardFreeMemory

Sections

.text
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
invagent.dll
.dll regsvr32 windows:10 windows x64 arch:x64

edac57b569d99a3fd5882a0c95ad3baa

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a8:75:0f:7c:c1:1a:eb:f1:54:14:c4:78:94:3c:85:0f:87:0b:76:a6:0b:5e:88:05:b9:20:8c:63:80:67:a4:36
Signer

Actual PE Digest

a8:75:0f:7c:c1:1a:eb:f1:54:14:c4:78:94:3c:85:0f:87:0b:76:a6:0b:5e:88:05:b9:20:8c:63:80:67:a4:36

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

invagent.pdb

Imports

msvcrt

___lc_collate_cp_func
memcmp
abort
memset
_wcsdup
__crtCompareStringW
__crtLCMapStringW
_wsetlocale
_wtoi64
towlower
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
wprintf
_snwscanf_s
_wtoi
rand
strcpy_s
_wcslwr
_vsnprintf
wcsrchr
_wcsnicmp
wcsstr
_vscwprintf
strncmp
calloc
_wcsicmp
__uncaught_exception
__pctype_func
_ismbblead
___lc_codepage_func
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
malloc
free
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
__C_specific_handler
_vsnwprintf_s
wcsncmp
strchr
_set_errno
strtol
_errno
strncpy_s
wcscpy_s
sprintf_s
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
wcstoul
iswalpha
wcspbrk
_wsplitpath_s
tolower
___lc_handle_func
___mb_cur_max_func
setlocale
realloc
wcscat_s
wcschr
memcpy_s
_vsnwprintf
__CxxFrameHandler3
wcscmp

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyExW
RegLoadAppKeyW
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
TraceEvent
RegDeleteKeyValueW
RegSetKeyValueW
CreateProcessAsUserW
OpenThreadToken
RegDeleteValueW
EventWriteTransfer
RegOpenKeyW
RegSetValueExW
RegCloseKey
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
EventUnregister
RegGetValueW
EventRegister

kernel32

LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
HeapAlloc
GetProcAddress
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
FreeLibrary
LoadLibraryW
LoadLibraryExW
VerifyVersionInfoW
VerSetConditionMask
LocalFree
SetWaitableTimer
MultiByteToWideChar
OpenWaitableTimerW
CreateSemaphoreW
CreateEventW
SetEvent
UnmapViewOfFile
SignalObjectAndWait
HeapReAlloc
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
WaitForMultipleObjects
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetFileAttributesW
Sleep
GetModuleHandleExW
QueryUnbiasedInterruptTime
TerminateProcess
GetCurrentProcess
RaiseException
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetStringTypeW
InitOnceExecuteOnce
CreateThread
ExitProcess
OpenProcess
InitializeCriticalSection
RtlCompareMemory
EncodePointer
DecodePointer
WakeAllConditionVariable
SleepConditionVariableSRW
ReleaseActCtx
QueryActCtxW
CreateActCtxW
LocaleNameToLCID
QueryThreadCycleTime
GetCurrentThread
TryAcquireSRWLockExclusive
InitializeSRWLock
GetModuleHandleExA
CreateFileW
GetModuleFileNameW
OutputDebugStringA
ReleaseSemaphore
EnterCriticalSection
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
DeviceIoControl
WideCharToMultiByte
FileTimeToSystemTime
GetCommandLineW
GetVolumeInformationByHandleW
HeapSize
LocalAlloc
MoveFileExW
GetSystemTime
CreateMutexW
WriteFile
GetExitCodeProcess
CreateWaitableTimerW
DeleteFileW
FindClose
ExpandEnvironmentStringsW
FindNextFileW
FindFirstFileW

ntdll

RtlDeleteCriticalSection
RtlEqualString
RtlEnterCriticalSection
RtlMultiByteToUnicodeN
RtlInitializeCriticalSection
RtlLeaveCriticalSection
EtwEventUnregister
EtwEventWrite
EtwEventRegister
NtQueryInformationProcess
ZwClose
LdrResSearchResource
ZwQueryInformationFile
ZwQueryValueKey
ZwEnumerateKey
RtlInitAnsiString
ZwMapViewOfSection
RtlInitUnicodeStringEx
RtlVerifyVersionInfo
RtlSecondsSince1970ToTime
RtlGetNativeSystemInformation
ZwOpenKey
RtlxAnsiStringToUnicodeSize
RtlFreeUnicodeString
ZwCreateSection
RtlDosPathNameToNtPathName_U_WithStatus
RtlUpcaseUnicodeChar
RtlTimeToTimeFields
ZwCreateFile
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwUnmapViewOfSection
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
RtlAnsiStringToUnicodeString
RtlFreeHeap
RtlReAllocateHeap
EtwTraceMessage
NtQueryInformationToken
RtlComputeCrc32
RtlAllocateHeap
RtlInitUnicodeString
LdrGetDllHandle
RtlInitString
LdrGetProcedureAddress
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtCreateFile
NtQueryInformationFile
NtClose
RtlAllocateAndInitializeSid
RtlNtStatusToDosError
RtlFreeSid
WinSqmIsOptedInEx

ole32

CoUninitialize
CoRevertToSelf
CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoImpersonateClient

oleaut32

VariantChangeType
VariantClear
VariantInit
SysFreeString
SysStringLen
SysAllocString
SysStringByteLen

rpcrt4

UuidCreate

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

devinv

CreateDeviceInventory
GetAndSendSigningInfo

aepic

PicRetrieveFileInfo
PicFreeFileInfo
ord100
ord102
ord103
ord107
ord108
ord106
ord105
ord104
ord109
ord101

aeinv

GetDetailedAppInventory
GetAppInventory
CreateSoftwareInventory
GetDetailedAppInventoryOrphanFile
GetCachedAppInventory

shcore

CommandLineToArgvW

shell32

SHFileOperationW
SHGetKnownFolderPath

shlwapi

PathUnExpandEnvStringsW

wer

WerReportCreate
WerReportAddFile
WerReportSubmit
WerReportCloseHandle
WerReportSetParameter

winhttp

WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpOpen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetDetailedAppInventoryReport
GetFileSigningInfoTC
RunUpdate
RunUpdateTC

Sections

.text
Size: 404KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ipnathlp.dll
.dll windows:10 windows x64 arch:x64

0c74c77d08e570fbb80ddb6ccb620afd

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bc:2e:7e:ff:11:3e:be:c0:17:99:6c:a0:cd:cd:7c:c6:86:9f:df:ba:cc:b0:04:88:66:f2:51:55:86:62:9c:96
Signer

Actual PE Digest

bc:2e:7e:ff:11:3e:be:c0:17:99:6c:a0:cd:cd:7c:c6:86:9f:df:ba:cc:b0:04:88:66:f2:51:55:86:62:9c:96

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ipnathlp.pdb

Imports

dhcpcsvc6

Dhcpv6ReleasePrefixEx
Dhcpv6CancelOperation
Dhcpv6RequestPrefixEx
Dhcpv6RenewPrefixEx

msvcrt

memmove
memcpy
memcmp
memset
_initterm
__C_specific_handler
_purecall
memcpy_s
wcstombs
sprintf_s
_wcsicmp
mbstowcs
fclose
_open_osfhandle
_fdopen
fgets
feof
strpbrk
_strnicmp
atoi
fputc
fputs
fprintf
time
_vsnwprintf
free
malloc
difftime
strtok_s
_wcsdup
_vsnprintf
qsort
wcsncmp
realloc
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_callnewh
_CxxThrowException
__CxxFrameHandler3
_XcptFilter
_amsg_exit
wcscmp
??1type_info@@UEAA@XZ
_itow

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle

api-ms-win-core-heap-l1-1-0

HeapSize
HeapFree
HeapDestroy
GetProcessHeap
HeapAlloc

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ResetEvent
InitializeCriticalSection
CreateEventA
SetEvent
CreateEventW
WaitForSingleObject
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetProcAddress
LoadStringW
LockResource
GetModuleHandleExW
LoadResource
DisableThreadLibraryCalls
SizeofResource
FreeResource
FreeLibrary

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister

iphlpapi

CreateUnicastIpAddressEntry
GetIfTable
ConvertInterfaceLuidToIndex
ConvertIpv4MaskToLength
GetIfEntry
GetAdapterIndex
DeleteUnicastIpAddressEntry
ConvertInterfaceIndexToLuid
InitializeUnicastIpAddressEntry
NotifyUnicastIpAddressChange
SendARP
GetIpNetTable
CreateIpNetEntry2
DeleteIpNetEntry
GetIfEntry2
ConvertInterfaceGuidToLuid
GetAdaptersAddresses
ConvertInterfaceLuidToGuid
CancelIPChangeNotify
NotifyIpInterfaceChange
CancelMibChangeNotify2
NotifyAddrChange
GetIpAddrTable
ConvertInterfaceLuidToNameW

dnsapi

DnsFreeConfigStructure
Dns_FreeMsgBuf
Dns_BuildPacket
Dns_ParseMessage
DnsNameCompare_W
DnsQuery_W
DnsGetPrimaryDomainName_A
DnsFree
DnsQueryConfigAllocEx

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

mswsock

AcceptEx

api-ms-win-security-base-l1-1-0

InitializeSecurityDescriptor
CreateWellKnownSid
SetSecurityDescriptorDacl
SetKernelObjectSecurity
CheckTokenMembership
AddAccessAllowedAce
InitializeAcl
GetLengthSid
DuplicateToken
RevertToSelf

api-ms-win-core-file-l1-1-0

WriteFile
ReadFile
CreateFileA

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW
LoadLibraryA

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetVersionExW
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetComputerNameExW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCompareMemory

winhttp

WinHttpDetectAutoProxyConfigUrl

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalFree
LocalAlloc

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
CreateThreadpoolWork
CallbackMayRunLong
SubmitThreadpoolWork
SetThreadpoolThreadMaximum
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
CreateThreadpool
CloseThreadpoolCleanupGroup
CloseThreadpool
WaitForThreadpoolWorkCallbacks

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

rpcrt4

NdrServerCallAll
NdrServerCall2
RpcRevertToSelfEx
UuidCreate
RpcBindingVectorFree
RpcServerInqBindings
RpcEpRegisterW
UuidToStringW
RpcServerUseProtseqW
RpcEpUnregister
RpcServerUnregisterIf
RpcImpersonateClient
RpcServerRegisterIf3
RpcStringFreeW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
TerminateProcess
OpenThreadToken
SetThreadToken
GetCurrentThread
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
SetThreadPriority

api-ms-win-core-processthreads-l1-1-1

OpenProcess
GetProcessMitigationPolicy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
GetComputerNameW
UnregisterWait
BindIoCompletionCallback

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueue
DeleteTimerQueueEx
UnregisterWaitEx
QueueUserWorkItem

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA
lstrlenW
lstrcmpiA
lstrcmpiW
lstrcmpW

nsi

NsiCancelChangeNotification
NsiRequestChangeNotification
NsiSetAllParametersEx
NsiGetParameterEx
NsiGetAllParameters
NsiFreeTable
NsiSetAllParameters
NsiAllocateAndGetTable

winnsi

NsiRpcSetAllParameters
NsiRpcRegisterChangeNotification
NsiConnectToServer
NsiDisconnectFromServer
NsiRpcDeregisterChangeNotification

cryptsp

CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

dhcpcsvc

DhcpEnableDhcp

ntdll

RtlInitUnicodeString
NtOpenKey
NtClose
NtQueryValueKey
RtlNtStatusToDosError
RtlDeregisterWaitEx
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlInitAnsiString
NtSetEvent
RtlStringFromGUID
RtlFreeUnicodeString
RtlRegisterWait
NtCreateEvent
NtNotifyChangeKey
RtlEnumerateGenericTable
RtlLookupElementGenericTable
RtlInsertElementGenericTable
RtlDeleteElementGenericTable
RtlGetElementGenericTable
RtlNumberGenericTableElements
RtlInitializeGenericTable
RtlDeregisterWait
RtlPublishWnfStateData
RtlRandom
RtlQueueWorkItem
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
NtUnloadDriver
RtlImpersonateSelf
RtlAdjustPrivilege
NtOpenFile
NtLoadDriver
RtlFindSetBits
RtlClearBits
RtlClearAllBits
RtlInitializeBitMap
NtDeviceIoControlFile
RtlAnsiStringToUnicodeString
RtlAllocateHeap
RtlGetPersistedStateLocation
RtlFreeHeap
RtlInitString
RtlIpv4StringToAddressW
RtlDeleteTimer
RtlCreateTimer
RtlDeleteTimerQueueEx
NtCreateFile
RtlFindClearBitsAndSet
RtlUpdateTimer
RtlCreateTimerQueue

firewallapi

FWQueryFirewallRules
FWClosePolicyStore
FWFreeFirewallRules
FWSetFirewallRule
FWAddFirewallRule
FWDeleteFirewallRule
FWOpenPolicyStore

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

rtutils

TraceRegisterExW
TraceDeregisterW

api-ms-win-core-io-l1-1-0

DeviceIoControl

Exports

Exports

NatAcquirePortReservation
NatCancelDynamicRedirect
NatCancelRedirect
NatCreateDynamicFullRedirect
NatCreateDynamicRedirect
NatCreateDynamicRedirectEx
NatCreateRedirect
NatCreateRedirectEx
NatInitializePortReservation
NatInitializeTranslator
NatLookupAndQueryInformationSessionMapping
NatQueryInformationRedirect
NatQueryInformationRedirectHandle
NatReleasePortReservation
NatShutdownPortReservation
NatShutdownTranslator
NhAcceptStreamSocket
NhAcquireFixedLengthBuffer
NhAcquireVariableLengthBuffer
NhCreateDatagramSocket
NhCreateStreamSocket
NhDeleteSocket
NhInitializeBufferManagement
NhInitializeTraceManagement
NhReadDatagramSocket
NhReadStreamSocket
NhReleaseBuffer
NhWriteDatagramSocket
NhWriteStreamSocket
RegisterProtocol
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 528KB - Virtual size: 524KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
jscript9Legacy.dll
.dll regsvr32 windows:10 windows x64 arch:x64

73df1c6b179b45b8f92954fb7ef065df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Jscript9Legacy.pdb

Imports

ntdll

RtlCaptureContext

msvcrt

qsort_s
modf
_tzset
_ui64tow_s
_itow_s
_beginthreadex
fwprintf
_flushall
fflush
fwprintf_s
fclose
rand
srand
atan
wcsncat_s
_snwprintf_s
_wfsopen
_wsplitpath_s
wcsstr
wcstoul
_stricmp
vswprintf_s
_i64tow_s
_wcsicmp
_localtime64_s
swprintf_s
_ltow
wcscat_s
_vsnwprintf_s
_ltow_s
_ultow_s
_controlfp_s
__C_specific_handler
_wcsnicmp
wcsncmp
realloc
_wcsdup
wcschr
free
malloc
wcscpy_s
_wcslwr_s
wcsrchr
_wcsnset
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
atan2
_vscwprintf
_wasctime_s
cos
exp
log
sin
tan
strncmp
wcspbrk
iswalpha
_callnewh
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
sqrt
wcscmp
_purecall
memcpy_s
_vsnwprintf
isalpha
isdigit
qsort
memcmp
acos
wcsncpy_s
asin
__iob_func
_CxxThrowException
memset
tolower
__CxxFrameHandler3
sqrtf
wcstok_s
ceil
floor
fmod
memcpy
memmove
pow

api-ms-win-downlevel-advapi32-l1-1-0

EventWriteTransfer
RegSetValueExW
RegCreateKeyExW
EventWrite
RegCloseKey
RegOpenKeyExW
EventUnregister
EventRegister
RegGetValueW
RegDeleteKeyExW
EventWriteEx
RegQueryValueExW

api-ms-win-downlevel-shlwapi-l1-1-0

PathGetDriveNumberW
PathIsUNCW
PathIsLFNFileSpecW
PathIsFileSpecW
PathFindFileNameW
StrStrIW
StrCmpICW
PathRemoveFileSpecW
StrTrimW
StrCmpLogicalW
PathFileExistsW

api-ms-win-downlevel-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

kernel32

ResumeThread
LoadLibraryExA
GetModuleHandleW
MapViewOfFile
CreateFileMappingW
LCIDToLocaleName
UnmapViewOfFile
CreateFileW
GetUserDefaultUILanguage
GetLocaleInfoEx
GetSystemDefaultUILanguage
SearchPathW
SleepConditionVariableSRW
WakeAllConditionVariable
SetUnhandledExceptionFilter
FlushInstructionCache
ResetEvent
SetThreadStackGuarantee
GetSystemTimeAdjustment
QueryPerformanceFrequency
CompareStringEx
GetUserDefaultLocaleName
ResolveLocaleName
QueryThreadCycleTime
GetProcessIoCounters
Sleep
GetNumberFormatW
GetTimeFormatW
GetDateFormatW
GetSystemTime
LCMapStringW
CompareStringW
RtlVirtualUnwind
RtlLookupFunctionEntry
GetTimeZoneInformation
GetStringTypeW
SizeofResource
LockResource
LoadResource
FindResourceExW
UnhandledExceptionFilter
TerminateProcess
RtlAddFunctionTable
RtlDeleteFunctionTable
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
VirtualAlloc
VirtualFree
GlobalMemoryStatusEx
ResetWriteWatch
FreeLibraryAndExitThread
SetThreadPriority
WaitForMultipleObjectsEx
GetWriteWatch
GetCurrentThread
GetThreadContext
SetEvent
CreateEventW
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
GetTimeZoneInformationForYear
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetStdHandle
GetVersionExW
GetSystemInfo
EncodeSystemPointer
QueryPerformanceCounter
WerGetFlags
VirtualProtect
WerSetFlags
LocalAlloc
LocalFree
GetSystemDirectoryW
RaiseException
MultiByteToWideChar
GetComputerNameA
IsValidCodePage
GetLocaleInfoW
IsValidLocale
VirtualQuery
GetEnvironmentVariableW
LoadLibraryExW
GetACP
GetUserDefaultLCID
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
GetSystemTimeAsFileTime
RaiseFailFastException
DeleteAtom
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
GetCurrentProcess
K32GetModuleInformation
GetTickCount
GetModuleFileNameW
FreeLibrary
IsDebuggerPresent
DebugBreak
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
GetProcAddress
HeapAlloc
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
CloseHandle
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
ReleaseSemaphore
GetModuleHandleExW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
DelayLoadFailureHook

bcrypt

BCryptGenRandom

rpcrt4

CStdStubBuffer_Invoke
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
NdrDllCanUnloadNow
CStdStubBuffer_Connect
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
NdrCStdStubBuffer_Release
IUnknown_QueryInterface_Proxy
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_IsIIDSupported
NdrDllGetClassObject
CStdStubBuffer_Disconnect

advapi32

CryptReleaseContext

iertutil

ord793
ord791
ord796
ord594
ord398
ord597

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
JsAddRef
JsBoolToBoolean
JsBooleanToBool
JsCallFunction
JsCollectGarbage
JsConstructObject
JsConvertValueToBoolean
JsConvertValueToNumber
JsConvertValueToObject
JsConvertValueToString
JsCreateArray
JsCreateContext
JsCreateError
JsCreateExternalObject
JsCreateExternalType
JsCreateFunction
JsCreateObject
JsCreateRangeError
JsCreateReferenceError
JsCreateRuntime
JsCreateSyntaxError
JsCreateTypeError
JsCreateTypedExternalObject
JsCreateURIError
JsDefineProperty
JsDeleteIndexedProperty
JsDeleteProperty
JsDisableRuntimeExecution
JsDisposeRuntime
JsDoubleToNumber
JsEnableRuntimeExecution
JsEnumerateHeap
JsEquals
JsGetAndClearException
JsGetCurrentContext
JsGetDefaultTypeDescription
JsGetExtensionAllowed
JsGetExternalData
JsGetExternalType
JsGetFalseValue
JsGetGlobalObject
JsGetIndexedProperty
JsGetNullValue
JsGetOwnPropertyDescriptor
JsGetOwnPropertyNames
JsGetProperty
JsGetPropertyIdFromName
JsGetPropertyNameFromId
JsGetPrototype
JsGetRuntime
JsGetRuntimeMemoryLimit
JsGetRuntimeMemoryUsage
JsGetStringLength
JsGetTrueValue
JsGetUndefinedValue
JsGetValueType
JsHasException
JsHasExternalData
JsHasIndexedProperty
JsHasProperty
JsIdle
JsIntToNumber
JsIsEnumeratingHeap
JsIsRuntimeExecutionDisabled
JsNumberToDouble
JsParseScript
JsParseSerializedScript
JsPointerToString
JsPreventExtension
JsRelease
JsRunScript
JsRunSerializedScript
JsSerializeScript
JsSetCurrentContext
JsSetException
JsSetExternalData
JsSetIndexedProperty
JsSetProperty
JsSetPrototype
JsSetRuntimeBeforeCollectCallback
JsSetRuntimeMemoryAllocationCallback
JsSetRuntimeMemoryLimit
JsStartDebugging
JsStartProfiling
JsStopProfiling
JsStrictEquals
JsStringToPointer
JsValueToVariant
JsVarAddRef
JsVarRelease
JsVarToExtension
JsVarToScriptDirect
JsVariantToValue

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 788KB - Virtual size: 787KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 192KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kdhvcom.dll
.dll windows:10 windows x64 arch:x64

ec08a9a2320ab0e99cb34576fe536887

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ab:9f:b1:bb:32:0a:b2:6f:e6:7a:cf:c0:31:e5:3e:35:49:07:14:36:ff:4c:ea:84:74:39:b1:52:4c:46:c1:23
Signer

Actual PE Digest

ab:9f:b1:bb:32:0a:b2:6f:e6:7a:cf:c0:31:e5:3e:35:49:07:14:36:ff:4c:ea:84:74:39:b1:52:4c:46:c1:23

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

kdhvcom.pdb

Imports

ntoskrnl.exe

MmGetPhysicalAddress
RtlSetSystemGlobalData
KdDebuggerNotPresent
RtlGetSystemGlobalData
__C_specific_handler
PoSetHiberRange

Exports

Exports

KdInitialize
KdPower
KdReceivePacket
KdSendPacket
KdSetHiberRange

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 54B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kerberos.dll
.dll windows:10 windows x64 arch:x64

4a71183cef855b185cc72f9d6dd0fe9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

KERBEROS.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__ultow
_o__wcsicmp
_o__wcsnicmp
memmove
_o__wsplitpath_s
_o_ceilf
_o_free
_o_malloc
_o_qsort
_o_strcpy_s
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok
_o_wcstok_s
_o_wcstol
_o_wcstoul
__C_specific_handler
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsscanf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
_CxxThrowException
__CxxFrameHandler3
wcsrchr
wcschr

api-ms-win-crt-string-l1-1-0

strncmp
wcsncmp
memset
wcscmp
strcmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleExA
FreeLibrary
DisableThreadLibraryCalls
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
GetModuleFileNameA
LoadLibraryExA

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
SetThreadToken
GetCurrentThreadId
SetThreadStackGuarantee
GetCurrentProcess
TerminateProcess
SwitchToThread

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetACP

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA
DebugBreak
OutputDebugStringW

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
UnregisterTraceGuids

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
RtlCompareMemory

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW
GetTickCount64
GetWindowsDirectoryW
GetSystemInfo
GetComputerNameExW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-heap-l2-1-0

LocalAlloc
GlobalFree
LocalFree

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegEnumKeyExW
RegCreateKeyExW
RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
EqualSid
CheckTokenMembership
IsTokenRestricted
AdjustTokenPrivileges
GetTokenInformation
FreeSid
RevertToSelf

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
ReleaseSRWLockShared
WaitForSingleObject
ReleaseSemaphore
OpenSemaphoreW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
CreateEventW
ResetEvent
SetEvent
CreateMutexExW
ReleaseMutex
CreateSemaphoreExW
InitializeCriticalSection
WaitForSingleObjectEx
AcquireSRWLockShared
OpenEventW
InitializeSRWLock
TryAcquireSRWLockExclusive

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
ExpandEnvironmentStringsW
SetCurrentDirectoryW
GetCurrentDirectoryW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime
CreateDirectoryW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

userenv

RegisterGPNotification
UnregisterGPNotification

msasn1

ASN1intx_free
ASN1intxisuint32
ASN1intx2uint32
ASN1intx2int32
ASN1_CloseEncoder
ASN1_Encode
ASN1_FreeDecoded
ASN1_FreeEncoded
ASN1_CreateEncoder
ASN1_Decode
ASN1intx_setuint32
ASN1_CreateDecoder
ASN1ztcharstring_free
ASN1bitstring_free
ASN1BERDecCharString
ASN1_CreateModule
ASN1BERDecU32Val
ASN1DEREncBitString
ASN1BERDecZeroCharString
ASN1BEREncObjectIdentifier
ASN1BERDecObjectIdentifier
ASN1BERDecBitString
ASN1charstring_free
ASN1DEREncOctetString
ASN1BERDecS32Val
ASN1BEREncOpenType
ASN1BEREncSX
ASN1DecAlloc
ASN1Free
ASN1BERDecSkip
ASN1BEREncBool
ASN1BEREncEndOfContents
ASN1DEREncCharString
ASN1BEREncS32
ASN1EncSetError
ASN1objectidentifier_free
ASN1BERDecBool
ASN1BERDecEndOfContents
ASN1BEREncExplicitTag
ASN1BERDecNotEndOfContents
ASN1BERDecOctetString
ASN1BEREncU32
ASN1BERDecPeekTag
ASN1BERDecGeneralizedTime
ASN1DEREncGeneralizedTime
ASN1BERDecExplicitTag
ASN1DecSetError
ASN1octetstring_free
ASN1BERDecSXVal
ASN1BERDecOpenType2
ASN1_CloseDecoder

api-ms-win-service-private-l1-1-0

I_QueryTagInformation

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
ChangeTimerQueueTimer
UnregisterWaitEx
QueueUserWorkItem
CreateTimerQueueTimer

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
UnregisterWait

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrlenA
lstrcmpiA
lstrcmpW

ntdll

RtlDeleteTimerQueueEx
RtlImageNtHeader
RtlInitializeCriticalSection
RtlGetElementGenericTable
RtlInsertElementGenericTable
RtlDeleteElementGenericTable
RtlInitializeGenericTable
RtlLengthRequiredSid
RtlSubAuthorityCountSid
RtlTimeToTimeFields
RtlTimeFieldsToTime
RtlValidSid
RtlNtStatusToDosError
NtSetEvent
EtwUnregisterTraceGuids
RtlFreeHeap
RtlAllocateHeap
RtlEqualComputerName
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
RtlDuplicateUnicodeString
RtlEraseUnicodeString
RtlAnsiStringToUnicodeString
EtwLogTraceEvent
RtlRunDecodeUnicodeString
RtlCopyUnicodeString
RtlCopyLuid
NtOpenProcess
RtlAvlInsertNodeEx
RtlAvlRemoveNode
RtlAppendUnicodeStringToString
RtlInitUnicodeStringEx
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlEnterCriticalSection
WinSqmSetDWORD
EtwEventRegister
EtwEventUnregister
RtlValidateUnicodeString
RtlPrefixUnicodeString
NtSetInformationThread
RtlInitAnsiString
RtlCompareUnicodeString
RtlIntegerToUnicodeString
RtlRegisterWait
RtlUpcaseUnicodeString
NtQuerySystemTime
RtlDeregisterWait
RtlDowncaseUnicodeString
RtlSystemTimeToLocalTime
RtlEqualUnicodeString
RtlInitializeGenericTableAvl
RtlIpv6AddressToStringExW
RtlIpv4AddressToStringExW
RtlIpv6StringToAddressExW
RtlIpv4StringToAddressExW
NtClose
NtWaitForSingleObject
NtOpenEvent
NtCreateEvent
RtlInitUnicodeString
RtlInitializeResource
WinSqmIncrementDWORD
EtwTraceMessage
RtlDeleteResource
RtlEnumerateGenericTableAvl
RtlEqualDomainName
RtlFreeUnicodeString
RtlDeleteElementGenericTableAvl
RtlConvertSharedToExclusive
RtlLookupElementGenericTableAvl
RtlAcquireResourceShared
RtlReleaseResource
RtlInsertElementGenericTableAvl
RtlAcquireResourceExclusive
RtlDeleteTimerQueue
RtlCreateTimer
RtlCreateTimerQueue
NtSetSecurityObject
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
NtOpenProcessToken
RtlAllocateAndInitializeSid
NtOpenThreadToken
EtwEventWriteTransfer
EtwEventActivityIdControl
NtAllocateLocallyUniqueId
NtDuplicateToken
RtlCopySid
RtlEqualSid
RtlLengthSid
RtlSubAuthoritySid
RtlInitializeSid
NtQueryInformationToken
NtDuplicateObject
RtlUniform
RtlFreeSid
NtQuerySystemInformation
RtlDeleteCriticalSection
RtlLeaveCriticalSection

msvcp_win

??Bios_base@std@@QEBA_NXZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
EnableTraceEx2
StartTraceW

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualProtect
MapViewOfFileEx
VirtualQuery
CreateFileMappingW
UnmapViewOfFile
OpenFileMappingW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-security-activedirectoryclient-l1-1-0

DsCrackNamesW
DsBindWithSpnExW
DsFreeNameResultW
DsUnBindW

Exports

Exports

DllMain
KerbCreateTokenFromTicketForKdc
KerbDomainChangeCallback
KerbIsInitialized
KerbKdcCallBack
KerbMakeKdcCall
Kerberos
SpInitialize
SpInstanceInit
SpLsaModeInitialize
SpUserModeInitialize

Sections

.text
Size: 916KB - Virtual size: 912KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kernel32.dll
.dll windows:10 windows x64 arch:x64

9f44b19ce54fbcb3e12c77bd72b0ee39

Code Sign

33:00:00:04:5b:f6:31:bc:00:f4:fc:37:45:00:00:00:00:04:5b
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 18:20

Not After

04/09/2024, 18:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

28:cf:14:20:5f:e2:9c:32:f6:6b:53:38:8e:a6:e6:9a:ac:3a:64:66:60:54:84:1b:12:c3:c1:3c:c7:80:dc:5b
Signer

Actual PE Digest

28:cf:14:20:5f:e2:9c:32:f6:6b:53:38:8e:a6:e6:9a:ac:3a:64:66:60:54:84:1b:12:c3:c1:3c:c7:80:dc:5b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

kernel32.pdb

Imports

api-ms-win-core-rtlsupport-l1-1-0

RtlCompareMemory
RtlRaiseException
RtlDeleteFunctionTable
RtlUnwindEx
RtlInstallFunctionTableCallback
RtlCaptureContext
RtlAddFunctionTable
RtlVirtualUnwind
RtlPcToFileHeader
RtlUnwind
RtlRestoreContext
RtlLookupFunctionEntry

api-ms-win-core-rtlsupport-l1-2-2

RtlVirtualUnwind2

ntdll

RtlUnicodeStringToInteger
RtlGetUILanguageInfo
EtwEventEnabled
RtlpConvertLCIDsToCultureNames
NtEnumerateKey
RtlIntegerToUnicodeString
RtlTimeToTimeFields
RtlTimeFieldsToTime
RtlUnhandledExceptionFilter
NtTerminateProcess
TpSetPoolStackInformation
TpAllocWait
NtDeleteValueKey
NtSetValueKey
towlower
RtlLCIDToCultureName
RtlSizeHeap
RtlpConvertCultureNamesToLCIDs
NtQueryInstallUILanguage
EtwEventUnregister
EtwEventWrite
EtwEventRegister
RtlPublishWnfStateData
_wcslwr
NtQueryLicenseValue
_wtol
memmove_s
RtlGUIDFromString
sin
TpAllocTimer
TpAllocIoCompletion
TpAllocWork
wcsncmp
wcsncpy
LdrFindResourceEx_U
RtlReadThreadProfilingData
RtlQueryThreadProfiling
RtlEnableThreadProfiling
RtlDisableThreadProfiling
RtlNtStatusToDosErrorNoTeb
NtMapUserPhysicalPagesScatter
RtlDecodeSystemPointer
bsearch
RtlComputeImportTableHash
RtlFindActivationContextSectionGuid
RtlCreateActivationContext
NtMapViewOfSection
RtlDoesFileExists_U
NtUnmapViewOfSection
RtlReleaseActivationContext
LdrResFindResourceDirectory
RtlQueryInformationActivationContext
RtlSetThreadPreferredUILanguages
swprintf_s
RtlImageNtHeaderEx
RtlDetermineDosPathNameType_U
RtlQueryPackageClaims
RtlZombifyActivationContext
RtlSubAuthorityCountSid
RtlActivateActivationContext
RtlpEnsureBufferSize
RtlpApplyLengthFunction
RtlQueryActivationContextApplicationSettings
RtlGetActiveActivationContext
RtlDosPathNameToNtPathName_U_WithStatus
NtCreateSection
DbgPrintEx
RtlGetLengthWithoutLastFullDosOrNtPathElement
RtlGetFullPathName_U
RtlDeactivateActivationContext
TpCallbackMayRunLong
RtlAddRefActivationContext
isdigit
atol
tolower
toupper
RtlUnicodeStringToOemString
CsrAllocateCaptureBuffer
RtlCreateEnvironmentEx
wcsrchr
RtlCreateUnicodeString
RtlDestroyEnvironment
NtQueryVolumeInformationFile
RtlCreateEnvironment
CsrFreeCaptureBuffer
NtQueryEvent
RtlFreeOemString
NtRaiseHardError
RtlGetCurrentDirectory_U
CsrAllocateMessagePointer
RtlFreeAnsiString
RtlEqualUnicodeString
RtlUnicodeStringToAnsiString
RtlExitUserThread
RtlQueryProtectedPolicy
RtlAddIntegrityLabelToBoundaryDescriptor
NtReplacePartitionUnit
NtQueryValueKey
RtlEqualSid
NtOpenThreadToken
EtwEventWriteNoRegistration
RtlFormatCurrentUserKeyPath
RtlInitUnicodeStringEx
NtQueryInformationToken
RtlAcquireSRWLockExclusive
LdrLoadDll
NtSetInformationThread
RtlReleaseSRWLockExclusive
LdrUnloadDll
NtOpenKey
RtlAppendUnicodeToString
RtlSubAuthoritySid
RtlQueryPackageIdentity
RtlWow64LogMessageInEventLogger
RtlExitUserProcess
RtlAppendUnicodeStringToString
LdrGetProcedureAddress
RtlInitializeSid
NtOpenProcessToken
RtlQueryRegistryValuesEx
RtlCompareUnicodeString
RtlxAnsiStringToUnicodeSize
RtlInitAnsiStringEx
RtlAnsiStringToUnicodeString
RtlIsNameLegalDOS8Dot3
RtlGetCurrentProcessorNumberEx
NtWaitForSingleObject
NtCreateEvent
RtlSetSearchPathMode
LdrGetDllDirectory
RtlLockHeap
RtlUnlockHeap
RtlGetUserInfoHeap
_wcsnicmp
strncmp
_strnicmp
RtlCompactHeap
RtlDeregisterSecureMemoryCacheCallback
RtlRegisterSecureMemoryCacheCallback
NtOpenFile
NtFsControlFile
NtClose
LdrAddRefDll
NtQueryInformationFile
wcscpy_s
NtSetInformationFile
RtlGetActiveConsoleId
RtlNtStatusToDosError
RtlDeactivateActivationContextUnsafeFast
RtlActivateActivationContextUnsafeFast
RtlFreeUnicodeString
NtSetInformationDebugObject
DbgUiGetThreadDebugObject
RtlWow64GetThreadSelectorEntry
DbgUiIssueRemoteBreakin
NtSetSystemInformation
RtlGetCurrentTransaction
NtQueryInformationProcess
RtlSetCurrentTransaction
RtlSetLastWin32Error
TpAllocCleanupGroup
TpSimpleTryPost
TpQueryPoolStackInformation
TpSetPoolMinThreads
TpAllocPool
RtlMultiAppendUnicodeStringBuffer
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlGetPersistedStateLocation
CsrVerifyRegion
RtlCharToInteger
RtlInitAnsiString
RtlUpcaseUnicodeChar
RtlUnicodeToMultiByteSize
RtlDestroyAtomTable
NtFindAtom
NtQueryInformationAtom
RtlAddAtomToAtomTable
NtAddAtomEx
NtDeleteAtom
RtlCreateAtomTable
RtlDeleteAtomFromAtomTable
RtlLookupAtomInAtomTable
RtlQueryAtomInAtomTable
RtlDnsHostNameToComputerName
RtlPrefixString
NtFlushKey
_memicmp
RtlxUnicodeStringToAnsiSize
RtlEnterCriticalSection
wcschr
wcsstr
RtlLeaveCriticalSection
NtCreateKey
NtCreateFile
RtlCreateUnicodeStringFromAsciiz
wcsncpy_s
wcscspn
NtCreateJobSet
RtlReleasePrivilege
NtSetInformationJobObject
NtQueryInformationJobObject
NtCreateJobObject
RtlAcquirePrivilege
NtAssignProcessToJobObject
NtTerminateJobObject
NtOpenJobObject
RtlLengthSecurityDescriptor
NtSetEaFile
NtSetSecurityObject
NtQueryEaFile
NtQuerySecurityObject
LdrQueryImageFileKeyOption
LdrOpenImageFileOptionsKey
RtlQueryElevationFlags
NtSetInformationProcess
RtlRaiseStatus
NtQuerySection
NtFreeVirtualMemory
NtWriteFile
NtEnumerateValueKey
RtlEqualString
RtlUnicodeToMultiByteN
strncpy_s
NtUnlockFile
RtlDosPathNameToNtPathName_U
NtReadFile
NtLockFile
RtlCopyUnicodeString
CsrCaptureMessageString
RtlIsTextUnicode
NtAllocateVirtualMemory
RtlGetLongestNtPathLength
RtlPrefixUnicodeString
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
RtlDosPathNameToRelativeNtPathName_U
RtlReleaseRelativeName
RtlSetIoCompletionCallback
RtlDeregisterWait
RtlRegisterWait
RtlImageDirectoryEntryToData
NtQueryVirtualMemory
RtlCreateBoundaryDescriptor
NtProtectVirtualMemory
RtlGetThreadErrorMode
NtCreateMailslotFile
RtlDestroyQueryDebugBuffer
RtlQueryProcessDebugInformation
RtlCreateQueryDebugBuffer
NtQueryDirectoryFile
strcpy_s
RtlFindActivationContextSectionString
LdrSetDllDirectory
LdrFindResource_U
RtlSwitchedVVI
NtIsSystemResumeAutomatic
NtQueryWnfStateData
NtPowerInformation
NtInitiatePowerAction
NtGetDevicePowerState
NtSetThreadExecutionState
NtSetSystemEnvironmentValueEx
NtQuerySystemEnvironmentValueEx
RtlInitString
NtSetVolumeInformationFile
NtQuerySystemInformationEx
NtDeviceIoControlFile
RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
strchr
RtlSetEnvironmentStrings
RtlOemStringToUnicodeString
wcscat_s
RtlAllocateAndInitializeSid
RtlQueryEnvironmentVariable_U
NtQueryAttributesFile
RtlFreeSid
strrchr
NtQueryFullAttributesFile
NtQueryInformationThread
TpCaptureCaller
_stricmp
NtSetTimerResolution
NtQueryTimerResolution
RtlGetAppContainerSidType
RtlConvertSidToUnicodeString
RtlSetEnvironmentVariable
RtlGetAppContainerParent
RtlQueryEnvironmentVariable
CsrCaptureMessageMultiUnicodeStringsInPlace
wcsnlen
strcat_s
strnlen
NlsMbCodePageTag
RtlRunOnceExecuteOnce
RtlInitializeCriticalSection
RtlGetThreadPreferredUILanguages
NtReadVirtualMemory
LdrResSearchResource
RtlTryAcquirePebLock
RtlReleasePebLock
RtlEncodeSystemPointer
RtlGetNtSystemRoot
NtWaitForMultipleObjects
NtClearEvent
RtlWerpReportException
DbgPrint
RtlGetDeviceFamilyInfoEnum
RtlHashUnicodeString
RtlReAllocateHeap
NtApphelpCacheControl
RtlGetFullPathName_UEx
ZwClose
ZwOpenFile
ZwOpenKey
ZwEnumerateKey
ZwQueryValueKey
ZwCreateFile
ZwQueryInformationFile
ZwCreateSection
ZwQueryDirectoryFile
RtlNtPathNameToDosPathName
RtlUpcaseUnicodeString
RtlGetNativeSystemInformation
ZwQuerySystemInformation
ZwUnmapViewOfSection
ZwMapViewOfSection
VerSetConditionMask
RtlVerifyVersionInfo
RtlGetVersion
ZwEnumerateValueKey
RtlGetCurrentServiceSessionId
CsrClientCallServer
RtlSetProtectedPolicy
RtlGetSuiteMask
RtlImageNtHeader
LdrDisableThreadCalloutsForDll
RtlInitUnicodeString
RtlSetThreadPoolStartFunc
LdrQueryImageFileExecutionOptions
_vsnwprintf
LdrSetDllManifestProber
RtlCreateSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlCreateAcl
RtlFreeHeap
RtlAddAccessAllowedAce
RtlSetDaclSecurityDescriptor
NtQuerySystemInformation
RtlAllocateHeap
RtlSetOwnerSecurityDescriptor
_wcsicmp
__C_specific_handler
memmove
__chkstk
_local_unwind
cos
floor
memcmp
memcpy
memset
wcscmp

kernelbase

NlsIsUserDefaultLocale
BaseFormatObjectAttributes
GetVolumeNameForVolumeMountPointW
lstrcmpiW
lstrcmpW
GetRegistryExtensionFlags
KernelBaseGetGlobalData
GlobalFree
LoadStringBaseExW
CompareStringA
GetUnicodeStringToEightBitStringRoutine
GetUnicodeStringToEightBitSizeRoutine
GetNamedPipeAttribute
AppXReleaseAppXContext
ReleasePackagedDataForFile
AppXPostSuccessExtension
GetPackagedDataForFile
AppXPreCreationExtension
AreFileApisANSI
AppContainerLookupMoniker
AppContainerFreeMemory
PrivCopyFileExW
EnumLanguageGroupLocalesW
LocalLock
BasepNotifyTrackingService
MoveFileWithProgressTransactedW
lstrlenW
lstrcpynW
PackageIdFromFullName
GetPackageFullName
GetCurrentPackageFullName
CheckIsMSIXPackage
ClosePackageInfo
AppXGetOSMaxVersionTested
GetPackageTargetPlatformProperty
GetTargetPlatformContext
OpenPackageInfoByFullNameForUser
BasepAdjustObjectAttributesForPrivateNamespace
GetEightBitStringToUnicodeStringRoutine
GetStringTableEntry
CheckGroupPolicyEnabled
OpenRegKey
InternalLcidToName
GetSystemDefaultUILanguage
GetPtrCalDataArray
GetUserOverrideString
GetPtrCalData
Internal_EnumCalendarInfo
Internal_EnumLanguageGroupLocales
Internal_EnumSystemCodePages
Internal_EnumDateFormats
Internal_EnumUILanguages
Internal_EnumSystemLanguageGroups
NlsValidateLocale
Internal_EnumTimeFormats
GetNamedLocaleHashNode
GetUserOverrideWord
GetLocaleInfoHelper
GetCalendar
BaseDllFreeResourceId
BaseDllMapResourceIdW
LocalUnlock
GetStringTypeA
SetFileApisToANSI
BaseGetNamedObjectDirectory
CreateProcessAsUserA
LocalReAlloc
CreateProcessInternalA
lstrcpynA
SetFileApisToOEM
CheckAllowDecryptedRemoteDestinationPolicy
FatalAppExitW
GlobalAlloc
PulseEvent
NotifyMountMgr
FatalAppExitA
EnumSystemLocalesEx
EnumSystemLanguageGroupsW
Sleep
HeapSummary
GetProcAddressForCaller
LCIDToLocaleName
GetSystemDefaultLocaleName
MapViewOfFileExNuma
LocalAlloc
GetEraNameCountedString
lstrlenA
EnumUILanguagesW
GetUserDefaultUILanguage
CreateProcessAsUserW
CreateProcessInternalW
GetUserDefaultLocaleName

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetProcessIdOfThread
SetProcessShutdownParameters
GetProcessId
SetThreadPriority
GetProcessVersion
SuspendThread
SetPriorityClass
TlsSetValue
SetProcessAffinityUpdateMode
GetThreadPriorityBoost
UpdateProcThreadAttribute
CreateRemoteThreadEx
GetStartupInfoW
GetExitCodeProcess
InitializeProcThreadAttributeList
OpenProcessToken
CreateRemoteThread
GetCurrentProcessId
GetCurrentProcess
TerminateThread
ResumeThread
OpenThread
GetExitCodeThread
ProcessIdToSessionId
DeleteProcThreadAttributeList
TlsAlloc
GetThreadPriority
QueueUserAPC
SwitchToThread
SetThreadPriorityBoost
GetPriorityClass
GetThreadId
SetThreadStackGuarantee
GetProcessTimes
CreateProcessW
QueryProcessAffinityUpdateMode
TlsFree
CreateProcessA

api-ms-win-core-processthreads-l1-1-3

SetThreadIdealProcessor
GetProcessInformation
GetProcessShutdownParameters
SetProcessInformation

api-ms-win-core-processthreads-l1-1-2

GetThreadInformation
GetThreadIOPendingFlag
GetProcessPriorityBoost
GetSystemTimes
SetProcessPriorityBoost
SetThreadInformation

api-ms-win-core-processthreads-l1-1-1

GetThreadContext
SetThreadContext
GetProcessHandleCount
FlushInstructionCache
IsProcessorFeaturePresent
OpenProcess
GetProcessMitigationPolicy
SetProcessMitigationPolicy
GetThreadTimes
SetThreadIdealProcessorEx
GetThreadIdealProcessorEx

api-ms-win-core-registry-l1-1-0

RegQueryValueExA
RegSaveKeyExA
RegGetValueA
RegQueryInfoKeyW
RegOpenCurrentUser
RegCreateKeyExA
RegFlushKey
RegCreateKeyExW
RegUnLoadKeyA
RegDeleteKeyExW
RegGetKeySecurity
RegDeleteKeyExA
RegEnumKeyExW
RegSetKeySecurity
RegSaveKeyExW
RegDeleteTreeW
RegLoadMUIStringW
RegSetValueExW
RegNotifyChangeKeyValue
RegDisablePredefinedCacheEx
RegDeleteTreeA
RegLoadAppKeyW
RegSetValueExA
RegCopyTreeW
RegLoadKeyA
RegUnLoadKeyW
RegQueryInfoKeyA
RegLoadKeyW
RegOpenKeyExA
RegRestoreKeyW
RegEnumValueA
RegDeleteValueW
RegRestoreKeyA
RegDeleteValueA
RegEnumValueW
RegQueryValueExW
RegEnumKeyExA
RegLoadMUIStringA
RegOpenKeyExW
RegGetValueW
RegOpenUserClassesRoot
RegCloseKey

api-ms-win-core-heap-l1-1-0

HeapCompact
HeapSetInformation
HeapReAlloc
HeapUnlock
HeapQueryInformation
GetProcessHeaps
HeapFree
HeapAlloc
GetProcessHeap
HeapCreate
HeapLock
HeapWalk
HeapValidate
HeapDestroy

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-memory-l1-1-1

CreateMemoryResourceNotification
GetLargePageMinimum
GetWriteWatch
SetSystemFileCacheSize
VirtualLock
VirtualUnlock
SetProcessWorkingSetSizeEx
CreateFileMappingNumaW
GetSystemFileCacheSize
GetProcessWorkingSetSizeEx
QueryMemoryResourceNotification
GetProcessWorkingSetSize
SetProcessWorkingSetSize
ResetWriteWatch

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
FlushViewOfFile
VirtualProtectEx
VirtualQuery
OpenFileMappingW
ReadProcessMemory
VirtualFreeEx
WriteProcessMemory
CreateFileMappingW
VirtualProtect
VirtualFree
VirtualAlloc
MapViewOfFile
MapViewOfFileEx
VirtualAllocEx
VirtualQueryEx

api-ms-win-core-memory-l1-1-2

GetMemoryErrorHandlingCapabilities
FreeUserPhysicalPages
AllocateUserPhysicalPages
RegisterBadMemoryNotification
VirtualAllocExNuma
AllocateUserPhysicalPagesNuma
MapUserPhysicalPages
UnregisterBadMemoryNotification

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle
GetHandleInformation
SetHandleInformation

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
WaitForSingleObjectEx
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WaitForMultipleObjectsEx
SleepEx
SetWaitableTimer
SetEvent
ResetEvent
ReleaseSemaphore
CancelWaitableTimer
CreateEventA
CreateEventExA
CreateEventExW
CreateEventW
CreateMutexA
CreateMutexExA
CreateMutexExW
CreateMutexW
CreateSemaphoreExW
ReleaseMutex
CreateWaitableTimerExW
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
OpenEventA
OpenEventW
OpenMutexW
OpenSemaphoreW
OpenWaitableTimerW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitializeSynchronizationBarrier
DeleteSynchronizationBarrier
SignalObjectAndWait
EnterSynchronizationBarrier

api-ms-win-core-file-l1-1-0

GetFullPathNameA
GetFinalPathNameByHandleW
GetFinalPathNameByHandleA
GetFileType
GetFileTime
GetFileSizeEx
FlushFileBuffers
GetFileSize
FindNextVolumeW
GetFileInformationByHandle
GetFileAttributesW
GetFileAttributesExW
GetFileAttributesExA
FindNextFileW
FindNextFileA
FindNextChangeNotification
FindFirstVolumeW
FindFirstFileW
FindFirstFileExW
FindFirstFileExA
FindFirstFileA
FindFirstChangeNotificationW
FindFirstChangeNotificationA
FindCloseChangeNotification
FindClose
FileTimeToLocalFileTime
DeleteVolumeMountPointW
DeleteFileW
DeleteFileA
GetLogicalDriveStringsW
CreateFileW
CreateFileA
CreateDirectoryW
CreateDirectoryA
CompareFileTime
GetVolumePathNameW
LocalFileTimeToFileTime
LockFile
LockFileEx
QueryDosDeviceW
ReadFile
ReadFileEx
ReadFileScatter
RemoveDirectoryA
RemoveDirectoryW
SetEndOfFile
SetFileAttributesA
SetFileAttributesW
SetFileInformationByHandle
SetFilePointer
SetFilePointerEx
SetFileTime
SetFileValidData
UnlockFile
UnlockFileEx
WriteFile
WriteFileEx
WriteFileGather
GetFileAttributesA
GetFullPathNameW
GetTempFileNameW
GetVolumeInformationByHandleW
DefineDosDeviceW
GetVolumeInformationW
GetDriveTypeW
GetDriveTypeA
GetDiskFreeSpaceW
GetDiskFreeSpaceExW
GetDiskFreeSpaceExA
FindVolumeClose
GetDiskFreeSpaceA

api-ms-win-core-file-l1-2-0

GetTempPathW
GetVolumePathNamesForVolumeNameW
CreateFile2

api-ms-win-core-file-l1-2-2

FindNextFileNameW
GetTempFileNameA
GetVolumeInformationA
FindFirstStreamW
FindFirstFileNameW
GetTempPathA

api-ms-win-core-file-l1-2-4

GetTempPath2A
GetTempPath2W

api-ms-win-core-file-l1-2-1

SetFileIoOverlappedRange
GetCompressedFileSizeA
GetCompressedFileSizeW

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-io-l1-1-0

CancelIoEx
GetQueuedCompletionStatusEx
GetOverlappedResult
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
DeviceIoControl

api-ms-win-core-io-l1-1-1

CancelIo
CancelSynchronousIo

api-ms-win-core-job-l1-1-0

IsProcessInJob

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
UnregisterWaitEx
ChangeTimerQueueTimer
DeleteTimerQueue
CreateTimerQueueTimer
DeleteTimerQueueEx
QueueUserWorkItem
CreateTimerQueue

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-libraryloader-l1-2-3

EnumResourceNamesA

api-ms-win-core-libraryloader-l1-2-2

EnumResourceNamesW

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA
LockResource
GetModuleHandleW
EnumResourceLanguagesExA
FreeLibraryAndExitThread
GetModuleHandleExW
FindStringOrdinal
GetModuleHandleA
GetModuleFileNameA
EnumResourceTypesExA
LoadLibraryExW
GetProcAddress
FreeLibrary
EnumResourceLanguagesExW
SizeofResource
FreeResource
GetModuleHandleExA
EnumResourceTypesExW
EnumResourceNamesExA
EnumResourceNamesExW
LoadResource
GetModuleFileNameW
DisableThreadLibraryCalls
FindResourceExW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW
LoadLibraryA

api-ms-win-core-libraryloader-l2-1-0

LoadPackagedLibrary

api-ms-win-core-namedpipe-l1-2-2

CallNamedPipeW

api-ms-win-core-namedpipe-l1-1-0

ConnectNamedPipe
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
DisconnectNamedPipe
PeekNamedPipe
GetNamedPipeClientComputerNameW
CreatePipe

api-ms-win-core-namedpipe-l1-2-1

GetNamedPipeHandleStateW

api-ms-win-core-datetime-l1-1-1

GetTimeFormatEx
GetDateFormatEx

api-ms-win-core-datetime-l1-1-0

GetTimeFormatA
GetDateFormatW
GetTimeFormatW
GetDateFormatA

api-ms-win-core-datetime-l1-1-2

GetDurationFormatEx

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo
GetSystemTimePreciseAsFileTime
EnumSystemFirmwareTables
SetSystemTime
GetSystemFirmwareTable
GetNativeSystemInfo
SetComputerNameExW

api-ms-win-core-sysinfo-l1-2-1

SetComputerNameEx2W
GetPhysicallyInstalledSystemMemory
DnsHostnameToComputerNameExW

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryA
GetLocalTime
GetWindowsDirectoryW
GetVersionExA
GetSystemTimeAsFileTime
GetComputerNameExA
GetLogicalProcessorInformation
GetSystemTime
GetVersion
GetComputerNameExW
GetVersionExW
GetSystemTimeAdjustment
GetLogicalProcessorInformationEx
GetTickCount
SetLocalTime
GetSystemInfo
GlobalMemoryStatusEx

api-ms-win-core-sysinfo-l1-2-3

SetComputerNameW
SetComputerNameExA
SetComputerNameA

api-ms-win-core-timezone-l1-1-0

TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SetDynamicTimeZoneInformation
SetTimeZoneInformation
GetTimeZoneInformationForYear
GetDynamicTimeZoneInformation
FileTimeToSystemTime

api-ms-win-core-localization-l1-2-0

IdnToUnicode
GetFileMUIInfo
SetThreadPreferredUILanguages
FormatMessageA
LocaleNameToLCID
IsValidLanguageGroup
IsValidLocale
IsValidLocaleName
GetCalendarInfoEx
GetCalendarInfoW
GetCPInfoExW
IsValidNLSVersion
GetNLSVersion
SetThreadLocale
GetSystemDefaultLCID
IsDBCSLeadByteEx
FindNLSString
GetCPInfo
LCMapStringA
GetUserDefaultLangID
GetThreadLocale
SetThreadUILanguage
GetLocaleInfoEx
GetThreadPreferredUILanguages
GetFileMUIPath
IdnToAscii
GetLocaleInfoW
IsNLSDefinedString
GetUserPreferredUILanguages
GetSystemPreferredUILanguages
GetUILanguageInfo
GetLocaleInfoA
GetSystemDefaultLangID
GetACP
GetOEMCP
IsValidCodePage
EnumSystemLocalesA
ResolveLocaleName
FormatMessageW
LCMapStringEx
SetCalendarInfoW
ConvertDefaultLocale
GetThreadUILanguage
VerLanguageNameA
GetUserDefaultLCID
VerLanguageNameW
SetProcessPreferredUILanguages
FindNLSStringEx
IsDBCSLeadByte
EnumSystemLocalesW
GetNLSVersionEx
GetProcessPreferredUILanguages
SetLocaleInfoW
LCMapStringW

api-ms-win-core-processsnapshot-l1-1-0

PssQuerySnapshot
PssCaptureSnapshot
PssWalkSnapshot
PssWalkMarkerCreate
PssWalkMarkerSeekToBeginning
PssFreeSnapshot
PssWalkMarkerGetPosition
PssWalkMarkerFree
PssWalkMarkerSetPosition
PssDuplicateSnapshot

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
SetEnvironmentStringsW
SetCurrentDirectoryA
GetCommandLineA
SetStdHandle
FreeEnvironmentStringsW
SetCurrentDirectoryW
GetCurrentDirectoryA
GetEnvironmentStrings
GetEnvironmentVariableW
SearchPathW
FreeEnvironmentStringsA
GetCommandLineW
GetStdHandle
ExpandEnvironmentStringsW
SetEnvironmentVariableW
ExpandEnvironmentStringsA
GetEnvironmentVariableA
SetStdHandleEx
GetEnvironmentStringsW
SetEnvironmentVariableA

api-ms-win-core-processenvironment-l1-2-0

SearchPathA
NeedCurrentDirectoryForExePathA
NeedCurrentDirectoryForExePathW

api-ms-win-core-string-l1-1-0

GetStringTypeW
WideCharToMultiByte
CompareStringEx
MultiByteToWideChar
FoldStringW
CompareStringW
CompareStringOrdinal
GetStringTypeExW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-debug-l1-1-1

DebugActiveProcessStop
ContinueDebugEvent
DebugActiveProcess
CheckRemoteDebuggerPresent
WaitForDebugEvent

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
SetLastError
SetUnhandledExceptionFilter
RaiseException
GetLastError
GetErrorMode
UnhandledExceptionFilter

api-ms-win-core-errorhandling-l1-1-3

GetThreadErrorMode
SetThreadErrorMode

api-ms-win-core-fibers-l1-1-0

FlsFree
FlsAlloc
FlsSetValue
FlsGetValue

api-ms-win-core-util-l1-1-0

Beep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-security-base-l1-1-0

DuplicateToken
CreateWellKnownSid
FreeSid
EqualSid
GetSidSubAuthorityCount
GetSidSubAuthority
InitializeSid
GetTokenInformation
AllocateAndInitializeSid
AccessCheck

api-ms-win-security-base-l1-2-0

SetCachedSigningLevel
CheckTokenMembershipEx
GetCachedSigningLevel
CheckTokenCapability
GetAppContainerAce
AddResourceAttributeAce
AddScopedPolicyIDAce

api-ms-win-security-appcontainer-l1-1-0

GetAppContainerNamedObjectPath

api-ms-win-core-comm-l1-1-0

ClearCommError
SetCommTimeouts
GetCommConfig
GetCommMask
SetCommMask
GetCommProperties
GetCommState
GetCommTimeouts
PurgeComm
SetCommBreak
ClearCommBreak
GetCommModemStatus
SetCommState
SetupComm
TransmitCommChar
WaitCommEvent
EscapeCommFunction
SetCommConfig

api-ms-win-core-realtime-l1-1-0

QueryIdleProcessorCycleTime
QueryIdleProcessorCycleTimeEx
QueryThreadCycleTime
QueryUnbiasedInterruptTime
QueryProcessCycleTime

api-ms-win-core-wow64-l1-1-1

GetSystemWow64Directory2W
IsWow64Process2
GetSystemWow64DirectoryW
GetSystemWow64DirectoryA

api-ms-win-core-wow64-l1-1-0

IsWow64Process
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
Wow64EnableWow64FsRedirection

api-ms-win-core-wow64-l1-1-3

Wow64SuspendThread
Wow64GetThreadContext
Wow64SetThreadContext

api-ms-win-core-systemtopology-l1-1-1

GetNumaProximityNodeEx

api-ms-win-core-systemtopology-l1-1-0

GetNumaHighestNodeNumber
GetNumaNodeProcessorMaskEx

api-ms-win-core-processtopology-l1-1-0

GetThreadGroupAffinity
SetThreadGroupAffinity
GetProcessGroupAffinity

api-ms-win-core-namespace-l1-1-0

CreatePrivateNamespaceW
OpenPrivateNamespaceW
CreateBoundaryDescriptorW
ClosePrivateNamespace
AddSIDToBoundaryDescriptor
DeleteBoundaryDescriptor

api-ms-win-core-file-l2-1-2

CopyFileW
CreateHardLinkA

api-ms-win-core-file-l2-1-0

MoveFileExW
ReplaceFileW
MoveFileWithProgressW
CreateHardLinkW
CopyFile2
CreateSymbolicLinkW
CopyFileExW
GetFileInformationByHandleEx
CreateDirectoryExW
ReadDirectoryChangesW
ReOpenFile

api-ms-win-core-file-l2-1-1

OpenFileById

api-ms-win-core-file-l2-1-3

ReadDirectoryChangesExW

api-ms-win-core-xstate-l2-1-0

GetXStateFeaturesMask
InitializeContext
SetXStateFeaturesMask
GetEnabledXStateFeatures
LocateXStateFeature
CopyContext

api-ms-win-core-xstate-l2-1-1

InitializeContext2

api-ms-win-core-xstate-l2-1-2

EnableProcessOptionalXStateFeatures
GetThreadEnabledXStateFeatures

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx
EnumDateFormatsW
EnumSystemCodePagesW
GetCurrencyFormatEx
EnumTimeFormatsW
EnumTimeFormatsEx
EnumCalendarInfoExEx
EnumCalendarInfoW
EnumDateFormatsExW
EnumDateFormatsExEx
EnumCalendarInfoExW

api-ms-win-core-normalization-l1-1-0

GetStringScripts
VerifyScripts
IdnToNameprepUnicode
NormalizeString
IsNormalizedString

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock
GlobalHandle
GlobalFlags
GlobalSize
LocalSize
LocalFlags
GlobalReAlloc

api-ms-win-core-fibers-l2-1-0

ConvertThreadToFiber
SwitchToFiber
CreateFiber
DeleteFiber
ConvertFiberToThread

api-ms-win-core-fibers-l2-1-1

ConvertThreadToFiberEx
CreateFiberEx

api-ms-win-core-localization-private-l1-1-0

NlsUpdateSystemLocale
NlsCheckPolicy
NlsUpdateLocale
NlsGetCacheUpdateCount

api-ms-win-core-sidebyside-l1-1-0

AddRefActCtx
ZombifyActCtx
GetCurrentActCtx
ReleaseActCtx
CreateActCtxW
ActivateActCtx
FindActCtxSectionGuid
FindActCtxSectionStringW
DeactivateActCtx
QueryActCtxW
QueryActCtxSettingsW

api-ms-win-core-appcompat-l1-1-0

BaseCleanupAppcompatCacheSupport
BaseCheckAppcompatCacheEx
BaseInitAppcompatCacheSupport
BaseCheckAppcompatCache
BaseFlushAppcompatCache
BaseDumpAppcompatCache
BaseUpdateAppcompatCache

api-ms-win-core-windowserrorreporting-l1-1-1

WerUnregisterExcludedMemoryBlock
WerUnregisterAdditionalProcess
WerRegisterExcludedMemoryBlock
WerUnregisterCustomMetadata
WerRegisterCustomMetadata
WerRegisterAdditionalProcess

api-ms-win-core-windowserrorreporting-l1-1-2

WerUnregisterAppLocalDump
WerRegisterAppLocalDump

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterRuntimeExceptionModule
GetApplicationRestartSettings
WerUnregisterRuntimeExceptionModule
WerRegisterFile
WerUnregisterMemoryBlock
WerRegisterMemoryBlock
WerUnregisterFile
GetApplicationRecoveryCallback

api-ms-win-core-windowserrorreporting-l1-1-3

UnregisterApplicationRestart
RegisterApplicationRestart

api-ms-win-core-console-l1-1-0

AllocConsole
WriteConsoleW
SetConsoleMode
SetConsoleCtrlHandler
ReadConsoleW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetNumberOfConsoleInputEvents
ReadConsoleInputW
WriteConsoleA
ReadConsoleA
ReadConsoleInputA

api-ms-win-core-console-l1-2-0

AttachConsole
FreeConsole
PeekConsoleInputA
PeekConsoleInputW

api-ms-win-core-console-l1-2-1

ResizePseudoConsole
ClosePseudoConsole
CreatePseudoConsole

api-ms-win-core-console-l2-1-0

CreateConsoleScreenBuffer
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FillConsoleOutputCharacterW
FlushConsoleInputBuffer
GenerateConsoleCtrlEvent
GetConsoleCursorInfo
WriteConsoleOutputAttribute
WriteConsoleOutputCharacterA
GetConsoleScreenBufferInfo
GetConsoleScreenBufferInfoEx
WriteConsoleOutputCharacterW
WriteConsoleOutputW
GetLargestConsoleWindowSize
ReadConsoleOutputA
ReadConsoleOutputAttribute
ReadConsoleOutputCharacterA
ReadConsoleOutputW
ScrollConsoleScreenBufferA
ScrollConsoleScreenBufferW
SetConsoleActiveScreenBuffer
SetConsoleCP
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleOutputCP
ReadConsoleOutputCharacterW
WriteConsoleOutputA
WriteConsoleInputW
WriteConsoleInputA
SetConsoleWindowInfo
SetConsoleTextAttribute
SetConsoleScreenBufferSize
SetConsoleScreenBufferInfoEx

api-ms-win-core-console-l2-2-0

GetConsoleTitleA
GetConsoleOriginalTitleW
GetConsoleOriginalTitleA
SetConsoleTitleW
SetConsoleTitleA
GetConsoleTitleW

api-ms-win-core-console-l3-2-0

GetConsoleCommandHistoryLengthW
GetConsoleCommandHistoryLengthA
GetConsoleCommandHistoryA
GetConsoleAliasesW
GetConsoleAliasesLengthW
GetConsoleAliasesLengthA
GetConsoleAliasesA
GetConsoleAliasW
GetConsoleAliasExesW
GetConsoleAliasExesLengthW
GetConsoleAliasExesLengthA
GetConsoleCommandHistoryW
GetConsoleAliasA
ExpungeConsoleCommandHistoryW
ExpungeConsoleCommandHistoryA
AddConsoleAliasW
GetCurrentConsoleFontEx
GetNumberOfConsoleMouseButtons
SetConsoleDisplayMode
GetConsoleDisplayMode
GetConsoleFontSize
SetConsoleHistoryInfo
SetConsoleNumberOfCommandsA
SetConsoleNumberOfCommandsW
SetCurrentConsoleFontEx
GetConsoleHistoryInfo
GetConsoleProcessList
GetConsoleSelectionInfo
GetConsoleWindow
GetConsoleAliasExesA
GetCurrentConsoleFont
AddConsoleAliasA

api-ms-win-core-psapi-l1-1-0

K32QueryWorkingSet
K32InitializeProcessForWsWatch
K32EnumProcesses
K32GetMappedFileNameW
QueryFullProcessImageNameW
K32GetProcessMemoryInfo
K32GetModuleInformation
K32EnumProcessModulesEx
K32GetModuleBaseNameW
K32GetDeviceDriverBaseNameW
K32EnumProcessModules
K32GetPerformanceInfo
K32EnumDeviceDrivers
K32GetDeviceDriverFileNameW
K32GetModuleFileNameExW
K32GetWsChangesEx
K32EnumPageFilesW
K32EmptyWorkingSet
K32GetProcessImageFileNameW
K32QueryWorkingSetEx
K32GetWsChanges

api-ms-win-core-psapi-ansi-l1-1-0

K32GetDeviceDriverBaseNameA
K32GetDeviceDriverFileNameA
K32GetMappedFileNameA
K32GetModuleFileNameExA
QueryFullProcessImageNameA
K32GetModuleBaseNameA
K32GetProcessImageFileNameA
K32EnumPageFilesA

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-appcompat-l1-1-1

BaseReadAppCompatDataForProcess
BaseFreeAppCompatDataForProcess

Exports

Exports

AcquireSRWLockExclusive
AcquireSRWLockShared
ActivateActCtx
ActivateActCtxWorker
ActivatePackageVirtualizationContext
AddAtomA
AddAtomW
AddConsoleAliasA
AddConsoleAliasW
AddDllDirectory
AddIntegrityLabelToBoundaryDescriptor
AddLocalAlternateComputerNameA
AddLocalAlternateComputerNameW
AddRefActCtx
AddRefActCtxWorker
AddResourceAttributeAce
AddSIDToBoundaryDescriptor
AddScopedPolicyIDAce
AddSecureMemoryCacheCallback
AddVectoredContinueHandler
AddVectoredExceptionHandler
AdjustCalendarDate
AllocConsole
AllocateUserPhysicalPages
AllocateUserPhysicalPagesNuma
AppPolicyGetClrCompat
AppPolicyGetCreateFileAccess
AppPolicyGetLifecycleManagement
AppPolicyGetMediaFoundationCodecLoading
AppPolicyGetProcessTerminationMethod
AppPolicyGetShowDeveloperDiagnostic
AppPolicyGetThreadInitializationType
AppPolicyGetWindowingModel
AppXGetOSMaxVersionTested
ApplicationRecoveryFinished
ApplicationRecoveryInProgress
AreFileApisANSI
AreShortNamesEnabled
AssignProcessToJobObject
AttachConsole
BackupRead
BackupSeek
BackupWrite
BaseCheckAppcompatCache
BaseCheckAppcompatCacheEx
BaseCheckAppcompatCacheExWorker
BaseCheckAppcompatCacheWorker
BaseCheckElevation
BaseCleanupAppcompatCacheSupport
BaseCleanupAppcompatCacheSupportWorker
BaseDestroyVDMEnvironment
BaseDllReadWriteIniFile
BaseDumpAppcompatCache
BaseDumpAppcompatCacheWorker
BaseElevationPostProcessing
BaseFlushAppcompatCache
BaseFlushAppcompatCacheWorker
BaseFormatObjectAttributes
BaseFormatTimeOut
BaseFreeAppCompatDataForProcessWorker
BaseGenerateAppCompatData
BaseGetNamedObjectDirectory
BaseInitAppcompatCacheSupport
BaseInitAppcompatCacheSupportWorker
BaseIsAppcompatInfrastructureDisabled
BaseIsAppcompatInfrastructureDisabledWorker
BaseIsDosApplication
BaseQueryModuleData
BaseReadAppCompatDataForProcessWorker
BaseSetLastNTError
BaseThreadInitThunk
BaseUpdateAppcompatCache
BaseUpdateAppcompatCacheWorker
BaseUpdateVDMEntry
BaseVerifyUnicodeString
BaseWriteErrorElevationRequiredEvent
Basep8BitStringToDynamicUnicodeString
BasepAllocateActivationContextActivationBlock
BasepAnsiStringToDynamicUnicodeString
BasepAppContainerEnvironmentExtension
BasepAppXExtension
BasepCheckAppCompat
BasepCheckWebBladeHashes
BasepCheckWinSaferRestrictions
BasepConstructSxsCreateProcessMessage
BasepCopyEncryption
BasepFinishPackageActivation
BasepFinishPackageActivationForSxS
BasepFreeActivationContextActivationBlock
BasepFreeAppCompatData
BasepGetAppCompatData
BasepGetComputerNameFromNtPath
BasepGetExeArchType
BasepGetPackageActivationTokenForFilePath
BasepGetPackageActivationTokenForSxS
BasepGetPackagedAppInfoForFile
BasepInitAppCompatData
BasepIsProcessAllowed
BasepMapModuleHandle
BasepNotifyLoadStringResource
BasepPostSuccessAppXExtension
BasepProcessInvalidImage
BasepQueryAppCompat
BasepQueryModuleChpeSettings
BasepReleaseAppXContext
BasepReleasePackagedAppInfo
BasepReleaseSxsCreateProcessUtilityStruct
BasepReportFault
BasepSetFileEncryptionCompression
Beep
BeginUpdateResourceA
BeginUpdateResourceW
BindIoCompletionCallback
BuildCommDCBA
BuildCommDCBAndTimeoutsA
BuildCommDCBAndTimeoutsW
BuildCommDCBW
BuildIoRingCancelRequest
BuildIoRingFlushFile
BuildIoRingReadFile
BuildIoRingRegisterBuffers
BuildIoRingRegisterFileHandles
BuildIoRingWriteFile
CallNamedPipeA
CallNamedPipeW
CallbackMayRunLong
CancelDeviceWakeupRequest
CancelIo
CancelIoEx
CancelSynchronousIo
CancelThreadpoolIo
CancelTimerQueueTimer
CancelWaitableTimer
CeipIsOptedIn
ChangeTimerQueueTimer
CheckAllowDecryptedRemoteDestinationPolicy
CheckElevation
CheckElevationEnabled
CheckForReadOnlyResource
CheckForReadOnlyResourceFilter
CheckNameLegalDOS8Dot3A
CheckNameLegalDOS8Dot3W
CheckRemoteDebuggerPresent
CheckTokenCapability
CheckTokenMembershipEx
ClearCommBreak
ClearCommError
CloseConsoleHandle
CloseHandle
CloseIoRing
ClosePackageInfo
ClosePrivateNamespace
CloseProfileUserMapping
ClosePseudoConsole
CloseState
CloseThreadpool
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolIo
CloseThreadpoolTimer
CloseThreadpoolWait
CloseThreadpoolWork
CmdBatNotification
CommConfigDialogA
CommConfigDialogW
CompareCalendarDates
CompareFileTime
CompareStringA
CompareStringEx
CompareStringOrdinal
CompareStringW
ConnectNamedPipe
ConsoleMenuControl
ContinueDebugEvent
ConvertCalDateTimeToSystemTime
ConvertDefaultLocale
ConvertFiberToThread
ConvertNLSDayOfWeekToWin32DayOfWeek
ConvertSystemTimeToCalDateTime
ConvertThreadToFiber
ConvertThreadToFiberEx
CopyContext
CopyFile2
CopyFileA
CopyFileExA
CopyFileExW
CopyFileTransactedA
CopyFileTransactedW
CopyFileW
CopyLZFile
CreateActCtxA
CreateActCtxW
CreateActCtxWWorker
CreateBoundaryDescriptorA
CreateBoundaryDescriptorW
CreateConsoleScreenBuffer
CreateDirectoryA
CreateDirectoryExA
CreateDirectoryExW
CreateDirectoryTransactedA
CreateDirectoryTransactedW
CreateDirectoryW
CreateEnclave
CreateEventA
CreateEventExA
CreateEventExW
CreateEventW
CreateFiber
CreateFiberEx
CreateFile2
CreateFileA
CreateFileMappingA
CreateFileMappingFromApp
CreateFileMappingNumaA
CreateFileMappingNumaW
CreateFileMappingW
CreateFileTransactedA
CreateFileTransactedW
CreateFileW
CreateHardLinkA
CreateHardLinkTransactedA
CreateHardLinkTransactedW
CreateHardLinkW
CreateIoCompletionPort
CreateIoRing
CreateJobObjectA
CreateJobObjectW
CreateJobSet
CreateMailslotA
CreateMailslotW
CreateMemoryResourceNotification
CreateMutexA
CreateMutexExA
CreateMutexExW
CreateMutexW
CreateNamedPipeA
CreateNamedPipeW
CreatePackageVirtualizationContext
CreatePipe
CreatePrivateNamespaceA
CreatePrivateNamespaceW
CreateProcessA
CreateProcessAsUserA
CreateProcessAsUserW
CreateProcessInternalA
CreateProcessInternalW
CreateProcessW
CreatePseudoConsole
CreateRemoteThread
CreateRemoteThreadEx
CreateSemaphoreA
CreateSemaphoreExA
CreateSemaphoreExW
CreateSemaphoreW
CreateSymbolicLinkA
CreateSymbolicLinkTransactedA
CreateSymbolicLinkTransactedW
CreateSymbolicLinkW
CreateTapePartition
CreateThread
CreateThreadpool
CreateThreadpoolCleanupGroup
CreateThreadpoolIo
CreateThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolWork
CreateTimerQueue
CreateTimerQueueTimer
CreateToolhelp32Snapshot
CreateUmsCompletionList
CreateUmsThreadContext
CreateWaitableTimerA
CreateWaitableTimerExA
CreateWaitableTimerExW
CreateWaitableTimerW
CtrlRoutine
DeactivateActCtx
DeactivateActCtxWorker
DeactivatePackageVirtualizationContext
DebugActiveProcess
DebugActiveProcessStop
DebugBreak
DebugBreakProcess
DebugSetProcessKillOnExit
DecodePointer
DecodeSystemPointer
DefineDosDeviceA
DefineDosDeviceW
DelayLoadFailureHook
DeleteAtom
DeleteBoundaryDescriptor
DeleteCriticalSection
DeleteFiber
DeleteFileA
DeleteFileTransactedA
DeleteFileTransactedW
DeleteFileW
DeleteProcThreadAttributeList
DeleteSynchronizationBarrier
DeleteTimerQueue
DeleteTimerQueueEx
DeleteTimerQueueTimer
DeleteUmsCompletionList
DeleteUmsThreadContext
DeleteVolumeMountPointA
DeleteVolumeMountPointW
DequeueUmsCompletionListItems
DeviceIoControl
DisableThreadLibraryCalls
DisableThreadProfiling
DisassociateCurrentThreadFromCallback
DiscardVirtualMemory
DisconnectNamedPipe
DnsHostnameToComputerNameA
DnsHostnameToComputerNameExW
DnsHostnameToComputerNameW
DosDateTimeToFileTime
DosPathToSessionPathA
DosPathToSessionPathW
DuplicateConsoleHandle
DuplicateEncryptionInfoFileExt
DuplicateHandle
DuplicatePackageVirtualizationContext
EnableProcessOptionalXStateFeatures
EnableThreadProfiling
EncodePointer
EncodeSystemPointer
EndUpdateResourceA
EndUpdateResourceW
EnterCriticalSection
EnterSynchronizationBarrier
EnterUmsSchedulingMode
EnumCalendarInfoA
EnumCalendarInfoExA
EnumCalendarInfoExEx
EnumCalendarInfoExW
EnumCalendarInfoW
EnumDateFormatsA
EnumDateFormatsExA
EnumDateFormatsExEx
EnumDateFormatsExW
EnumDateFormatsW
EnumLanguageGroupLocalesA
EnumLanguageGroupLocalesW
EnumResourceLanguagesA
EnumResourceLanguagesExA
EnumResourceLanguagesExW
EnumResourceLanguagesW
EnumResourceNamesA
EnumResourceNamesExA
EnumResourceNamesExW
EnumResourceNamesW
EnumResourceTypesA
EnumResourceTypesExA
EnumResourceTypesExW
EnumResourceTypesW
EnumSystemCodePagesA
EnumSystemCodePagesW
EnumSystemFirmwareTables
EnumSystemGeoID
EnumSystemGeoNames
EnumSystemLanguageGroupsA
EnumSystemLanguageGroupsW
EnumSystemLocalesA
EnumSystemLocalesEx
EnumSystemLocalesW
EnumTimeFormatsA
EnumTimeFormatsEx
EnumTimeFormatsW
EnumUILanguagesA
EnumUILanguagesW
EnumerateLocalComputerNamesA
EnumerateLocalComputerNamesW
EraseTape
EscapeCommFunction
ExecuteUmsThread
ExitProcess
ExitThread
ExitVDM
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
ExpungeConsoleCommandHistoryA
ExpungeConsoleCommandHistoryW
FatalAppExitA
FatalAppExitW
FatalExit
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FillConsoleOutputCharacterW
FindActCtxSectionGuid
FindActCtxSectionGuidWorker
FindActCtxSectionStringA
FindActCtxSectionStringW
FindActCtxSectionStringWWorker
FindAtomA
FindAtomW
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExA
FindFirstFileExW
FindFirstFileNameTransactedW
FindFirstFileNameW
FindFirstFileTransactedA
FindFirstFileTransactedW
FindFirstFileW
FindFirstStreamTransactedW
FindFirstStreamW
FindFirstVolumeA
FindFirstVolumeMountPointA
FindFirstVolumeMountPointW
FindFirstVolumeW
FindNLSString
FindNLSStringEx
FindNextChangeNotification
FindNextFileA
FindNextFileNameW
FindNextFileW
FindNextStreamW
FindNextVolumeA
FindNextVolumeMountPointA
FindNextVolumeMountPointW
FindNextVolumeW
FindPackagesByPackageFamily
FindResourceA
FindResourceExA
FindResourceExW
FindResourceW
FindStringOrdinal
FindVolumeClose
FindVolumeMountPointClose
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushConsoleInputBuffer
FlushFileBuffers
FlushInstructionCache
FlushProcessWriteBuffers
FlushViewOfFile
FoldStringA
FoldStringW
FormatApplicationUserModelId
FormatMessageA
FormatMessageW
FreeConsole
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
FreeLibraryWhenCallbackReturns
FreeMemoryJobObject
FreeResource
FreeUserPhysicalPages
GenerateConsoleCtrlEvent
GetACP
GetActiveProcessorCount
GetActiveProcessorGroupCount
GetAppContainerAce
GetAppContainerNamedObjectPath
GetApplicationRecoveryCallback
GetApplicationRecoveryCallbackWorker
GetApplicationRestartSettings
GetApplicationRestartSettingsWorker
GetApplicationUserModelId
GetAtomNameA
GetAtomNameW
GetBinaryType
GetBinaryTypeA
GetBinaryTypeW
GetCPInfo
GetCPInfoExA
GetCPInfoExW
GetCachedSigningLevel
GetCalendarDateFormat
GetCalendarDateFormatEx
GetCalendarDaysInMonth
GetCalendarDifferenceInDays
GetCalendarInfoA
GetCalendarInfoEx
GetCalendarInfoW
GetCalendarMonthsInYear
GetCalendarSupportedDateRange
GetCalendarWeekNumber
GetComPlusPackageInstallStatus
GetCommConfig
GetCommMask
GetCommModemStatus
GetCommProperties
GetCommState
GetCommTimeouts
GetCommandLineA
GetCommandLineW
GetCompressedFileSizeA
GetCompressedFileSizeTransactedA

Sections

.text
Size: 516KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
localspl.dll
.dll windows:10 windows x64 arch:x64

783a9436c2a361f8cf428bade62f4bb4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

localspl.pdb

Imports

msvcrt

__dllonexit
_unlock
__CxxFrameHandler3
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
_time64
rand
srand
wcstol
isxdigit
_vsnprintf
isupper
isprint
_wtoi
isdigit
isspace
free
_wcslwr
wcscpy_s
_wcsdup
swscanf
wcsnlen
_wsplitpath_s
memmove_s
wcsncpy_s
wcsncmp
wcsstr
wcsrchr
_wcsnicmp
wcschr
wcspbrk
wcstok_s
_wcsicmp
__C_specific_handler
_purecall
memcpy_s
_stricmp
swprintf_s
_open
_errno
_read
_write
_close
_lseek
remove
_wopen
iswdigit
swscanf_s
sqrt
memset
memmove
memcpy
memcmp
_vsnwprintf
_onexit
_lock
wcscmp

ntdll

TpReleasePool
TpCallbackMayRunLong
TpSetWait
TpSimpleTryPost
TpAllocWork
TpPostWork
TpAllocWait
TpAllocTimer
TpSetTimer
TpAllocIoCompletion
TpStartAsyncIoOperation
TpAllocAlpcCompletion
TpWaitForWork
TpReleaseWork
TpWaitForWait
TpReleaseWait
TpWaitForTimer
TpReleaseTimer
TpWaitForIoCompletion
TpReleaseIoCompletion
TpWaitForAlpcCompletion
EtwEventWrite
TpSetPoolMaxThreads
TpSetPoolMinThreads
TpAllocPool
RtlAllocateHeap
NtSetInformationToken
RtlFreeHeap
WinSqmIncrementDWORD
WinSqmAddToStreamEx
WinSqmSetDWORD
WinSqmIsOptedIn
RtlIsThreadWithinLoaderCallout
TpReleaseAlpcCompletion
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlNtStatusToDosError
RtlImageNtHeaderEx
RtlEqualSid
RtlGetNtProductType
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
NtQueryValueKey
NtCreateFile
VerSetConditionMask
EtwUnregisterTraceGuids
NtClose
EtwGetTraceEnableFlags
RtlInitUnicodeString
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtOpenKey
EtwGetTraceLoggerHandle
EtwEventActivityIdControl
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
NtSetInformationThread
NtQuerySystemInformation
RtlCopySid
RtlLengthSid
EtwTraceMessage
NtSetInformationProcess
EtwCheckCoverage
EtwEventRegister
EtwEventUnregister
EtwEventWriteTransfer
EtwEventSetInformation
EtwEventEnabled

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
LoadLibraryExW
DisableThreadLibraryCalls
SizeofResource
GetModuleHandleExW
LoadResource
LoadStringW
LockResource
GetModuleHandleW
FreeLibrary
GetModuleFileNameW
GetProcAddress

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
EnterCriticalSection
CreateMutexExW
LeaveCriticalSection
WaitForSingleObjectEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
OpenSemaphoreW
ReleaseMutex
DeleteCriticalSection
CreateEventW
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
ReleaseSemaphore
AcquireSRWLockShared
TryEnterCriticalSection
CreateSemaphoreExW
ResetEvent
SetEvent
WaitForMultipleObjectsEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
SetThreadPriority
GetExitCodeProcess
SetThreadToken
ExitThread
CreateThread
OpenThreadToken
GetCurrentThreadId
GetCurrentProcess
TlsAlloc
GetCurrentThread
OpenProcessToken
TlsFree
TlsGetValue
TerminateProcess
GetThreadId
GetThreadPriority
CreateProcessW
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

GetThreadUILanguage
FormatMessageW
IsDBCSLeadByte

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegOpenKeyExW
RegGetValueW
RegQueryValueExW
RegDeleteValueW
RegCloseKey
RegDeleteTreeW
RegDeleteKeyExW
RegEnumValueW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW

api-ms-win-core-file-l1-1-0

DefineDosDeviceW
SetFilePointerEx
CreateDirectoryW
FlushFileBuffers
GetFileSize
GetFullPathNameW
SetFileInformationByHandle
FindFirstFileExW
GetFinalPathNameByHandleW
RemoveDirectoryW
FindNextFileW
CreateFileA
GetTempFileNameW
SetFileAttributesW
DeleteFileW
CreateFileW
SetEndOfFile
GetFileAttributesW
FindClose
QueryDosDeviceW
SetFilePointer
SetFileTime
FindFirstFileW
CompareFileTime
GetFileAttributesExW
ReadFile
GetFileSizeEx
WriteFile

api-ms-win-security-base-l1-1-0

GetAce
ObjectDeleteAuditAlarmW
SetSecurityDescriptorSacl
GetSecurityDescriptorControl
GetTokenInformation
AddAce
AddAccessDeniedAce
InitializeSecurityDescriptor
InitializeAcl
CheckTokenMembership
MapGenericMask
GetSecurityDescriptorLength
AddAccessAllowedAceEx
GetSecurityDescriptorOwner
DuplicateTokenEx
AddAccessAllowedAce
MakeAbsoluteSD
SetSecurityDescriptorGroup
DeleteAce
AreAllAccessesGranted
CreatePrivateObjectSecurity
ObjectCloseAuditAlarmW
IsValidSecurityDescriptor
CreateWellKnownSid
DestroyPrivateObjectSecurity
MakeSelfRelativeSD
ImpersonateLoggedOnUser
GetAclInformation
AllocateAndInitializeSid
RevertToSelf
GetLengthSid
FreeSid
AreAnyAccessesGranted
AccessCheck
GetSecurityDescriptorGroup
SetTokenInformation
EqualSid
GetSidSubAuthorityCount
IsWellKnownSid
SetSecurityDescriptorOwner
CreatePrivateObjectSecurityEx
GetSecurityDescriptorDacl
SetPrivateObjectSecurity
AdjustTokenPrivileges
CopySid
ObjectOpenAuditAlarmW
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSidSubAuthority
ImpersonateSelf

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalAlloc
LocalAlloc

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetLogicalProcessorInformation
GetVersion
GetWindowsDirectoryW
GetSystemWindowsDirectoryW
GetSystemInfo
GetVersionExW
GetSystemTimeAsFileTime
GetSystemTime
GetSystemDirectoryW
GetLocalTime

rpcrt4

RpcBindingFree
RpcBindingServerFromClient
NdrMesProcEncodeDecode3
I_RpcBindingInqTransportType
RpcBindingToStringBindingW
UuidCreateNil
RpcStringFreeW
RpcStringBindingParseW
MesEncodeIncrementalHandleCreate
I_RpcExceptionFilter
MesHandleFree
MesDecodeIncrementalHandleCreate
RpcServerInqCallAttributesW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
MultiByteToWideChar
CompareStringEx

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec

api-ms-win-core-string-l2-1-0

CharLowerW
CharUpperW

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
SetCurrentDirectoryW
ExpandEnvironmentStringsW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-datetime-l1-1-0

GetTimeFormatA
GetDateFormatA

api-ms-win-core-namedpipe-l1-1-0

ImpersonateNamedPipeClient
DisconnectNamedPipe
CreateNamedPipeW
ConnectNamedPipe

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId
GetComputerNameW
DosDateTimeToFileTime
GlobalMemoryStatus

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage

api-ms-win-core-processtopology-obsolete-l1-1-0

GetActiveProcessorCount

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileIntW

api-ms-win-security-activedirectoryclient-l1-1-0

DsFreeNameResultW
DsUnBindW
DsCrackNamesW

spoolss

EnumPortsW
SplUnregisterForDeviceEvents
MIDL_user_free1
MIDL_user_allocate1
EnumPrintersW
GetPrinterDriverW
SplRegisterForDeviceEvents
SplIsUpgrade
RouterRegisterForPrintAsyncNotifications
RouterUnregisterForPrintAsyncNotifications
AppendPrinterNotifyInfoData
ReplyPrinterChangeNotification
PartialReplyPrinterChangeNotification
WaitForPrinterChange
ProvidorFindFirstPrinterChangeNotification
RouterCreatePrintAsyncNotificationChannel
ProvidorFindClosePrinterChangeNotification
DllFreeSplStr
SplUalCollectData
RouterAllocPrinterNotifyInfo
AddPrinterW
MarshallUpStructure
MarshallDownStructure
AllowRemoteCalls
GetPrinterDataW
SetPrinterDataW
DllFreeSplMem
GetServerPolicy
WaitForSpoolerInitialization
AddMonitorW
SplInitializeWinSpoolDrv
CacheCreateAndAddNode
GetSpoolerTlsIndexes
EnumPrinterDriversW
DllAllocSplMem
SplGetUserSidStringFromToken
RouterBroadcastMessage
CacheIsNameInNodeList
CallDrvDevModeConversion
GetPrinterDriverDirectoryW
MakePTR
MakeOffset
PackStringToEOB
AddJobW
ScheduleJob
RevertToPrinterSelf
UpdatePrinterRegAllEx
StartDocPrinterW
EndDocPrinter
AbortPrinter
WritePrinter
ReadPrinter
ClosePrinter
ReallocSplMem
ReallocSplStr
GetJobW
SetJobW
bGetDevModePerUser
EnumJobsW
PackStrings
GetPrinterW
SetPrinterW
OpenPrinterPortWithClientInfo
IsNamedPipeRpcCall
CacheAddName
OpenPrinterW
ImpersonatePrinterClient
DeletePortW
OpenPrinterPort2W
AllocSplStr
RouterFreePrinterNotifyInfo
XcvDataW
OpenPrinter2W
CheckLocalCall

kernelbase

GetPackageFullName
GetPackageFamilyName
GetIsEdpEnabled

kernel32

GetTempPath2W
UnregisterWaitUntilOOBECompleted
SetDefaultCommConfigW
GetDefaultCommConfigW
SetCommState
GetCommState
BuildCommDCBW
GetNamedPipeInfo
SetCommTimeouts
GetCommTimeouts
GetProfileIntW
DeviceIoControl
PowerClearRequest
GetTickCount64
PowerSetRequest
PowerCreateRequest
LocalFileTimeToFileTime
GetFileAttributesA
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileInformationByHandle
ExitProcess
InitializeCriticalSection
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
SubmitThreadpoolWork
CreateThreadpoolWork
RegOpenCurrentUser
RegisterWaitUntilOOBECompleted

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

ClosePrintProcessor
ControlPrintProcessor
DllMain
EnumPrintProcessorDatatypesW
GetPrintProcessorCapabilities
InitializePrintMonitor2
InitializePrintProvidor
LclIsSessionZero
LclPromptUIPerSessionUser
LocalAddForm
LocalDeleteForm
LocalEnumForms
LocalReadPrinter
LocalSetForm
OpenPrintProcessor
PrintDocumentOnPrintProcessor
SplAbortPrinter
SplAddCSRPrinter
SplAddForm
SplAddJob
SplAddMonitor
SplAddPort
SplAddPortEx
SplAddPrintProcessor
SplAddPrinter
SplAddPrinterDriverEx
SplClosePrinter
SplCloseSpooler
SplConfigChange
SplCopyFileEvent
SplCopyNumberOfFiles
SplCreatePrinterIC
SplCreateSpooler
SplDeleteForm
SplDeleteJobNamedProperty
SplDeleteMonitor
SplDeletePort
SplDeletePrintProcCacheData
SplDeletePrintProcessor
SplDeletePrinter
SplDeletePrinterData
SplDeletePrinterDataEx
SplDeletePrinterDriverEx
SplDeletePrinterIC
SplDeletePrinterKey
SplDeletePrinterWithJobs
SplDeleteSpooler
SplDoesCSRPrinterDevnodeExist
SplDriverEvent
SplEnableCSRPrinterDeviceInterface
SplEndDocPrinter
SplEndPagePrinter
SplEnumForms
SplEnumJobNamedProperties
SplEnumJobs
SplEnumMonitors
SplEnumPorts
SplEnumPrintProcCacheData
SplEnumPrintProcessorDatatypes
SplEnumPrintProcessors
SplEnumPrinterData
SplEnumPrinterDataEx
SplEnumPrinterDrivers
SplEnumPrinterKey
SplEnumPrinters
SplGetDriverDir
SplGetDriverUpdateStatus
SplGetForm
SplGetJob
SplGetJobExtra
SplGetJobNamedPropertyValue
SplGetLocalDevMode
SplGetPrintClassObject
SplGetPrintClassObject_4CSR
SplGetPrintProcCacheData
SplGetPrintProcessorDirectory
SplGetPrinter
SplGetPrinterData
SplGetPrinterDataEx
SplGetPrinterDriver
SplGetPrinterDriverDirectory
SplGetPrinterDriverEx
SplGetPrinterExtra
SplGetPrinterExtraEx
SplGetUserPropertyBag
SplIppCreateJobOnPrinter
SplIppCreateJobOnPrinterWithAttributes
SplIppGetJobAttributes
SplIppGetPrinterAttributes
SplIppSetJobAttributes
SplIppSetPrinterAttributes
SplIsCompatibleDriver
SplIsDriverInstalled
SplIsLocalDriverAvailable
SplIsValidUserPropertyBag
SplLoadLibraryTheCopyFileModule
SplMonitorIsInstalled
SplNotifyServerStatus
SplOpenPrinter
SplPlayGdiScriptOnPrinterIC
SplPrintSupportOperation
SplReenumeratePorts
SplRegeneratePrintDeviceCapabilities
SplReportJobProcessingProgress
SplResetPrinter
SplScheduleJob
SplSetCSRPrinterDevnode
SplSetDriverUpdateStatus
SplSetForm
SplSetJob
SplSetJobError
SplSetJobExtra
SplSetJobNamedProperty
SplSetPrintProcCacheData
SplSetPrinter
SplSetPrinterData
SplSetPrinterDataEx
SplSetPrinterExtra
SplSetPrinterExtraEx
SplStartDocPrinter
SplStartPagePrinter
SplWritePrinter
SplXcvData

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
localui.dll
.dll windows:10 windows x64 arch:x64

81c3400d0a51b8e3555eb75be371870e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

localui.pdb

Imports

msvcrt

free
malloc
_initterm
__C_specific_handler
_vsnwprintf
_amsg_exit
_XcptFilter
_wcsnicmp
memcpy
memset

kernel32

QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
DisableThreadLibraryCalls
FormatMessageW
LocalFree
SetLastError
GetLastError
CommConfigDialogW
GlobalAlloc
GlobalFree
Sleep
RtlCaptureContext
RtlLookupFunctionEntry

user32

GetDlgItemTextW
SendDlgItemMessageW
GetDlgItem
SetDlgItemInt
IsWindow
CharUpperBuffW
DialogBoxParamW
SetWindowLongPtrW
EndDialog
GetDlgItemInt
LoadStringW
MessageBoxW
SetForegroundWindow
GetWindowLongPtrW

comctl32

ord17
InitCommonControlsEx

winspool.drv

ClosePrinter
OpenPrinterW
XcvDataW

Exports

Exports

InitializePrintMonitorUI

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lsm.dll
.dll windows:10 windows x64 arch:x64

d0760ad5224e188eb596716af681ece1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

lsm.pdb

Imports

msvcp_win

_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Xout_of_range@std@@YAXPEBD@Z
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
memmove
_o_free
_o_malloc
_o_qsort
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcsrchr
wcsstr
__C_specific_handler
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp

ntdll

NtOpenSymbolicLinkObject
RtlAcquireResourceExclusive
RtlReleaseResource
RtlAcquireResourceShared
NtDuplicateToken
RtlCompareUnicodeString
RtlSendMsgToSm
RtlConnectToSm
NtQuerySystemInformation
RtlCaptureStackBackTrace
RtlVerifyVersionInfo
NtSetSecurityObject
NtQueryDirectoryObject
VerSetConditionMask
NtQuerySecurityObject
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtOpenEvent
NtQueryInformationProcess
NtDuplicateObject
RtlCreateUserSecurityObject
NtQueryWnfStateData
RtlAdjustPrivilege
NtQueryInformationToken
RtlLeaveCriticalSection
RtlEnterCriticalSection
DbgPrint
NtAlpcCreatePort
AlpcInitializeMessageAttribute
TpReleaseAlpcCompletion
TpWaitForAlpcCompletion
NtAlpcDisconnectPort
TpAllocAlpcCompletion
NtAlpcQueryInformation
NtAlpcAcceptConnectPort
NtAlpcSendWaitReceivePort
RtlNumberGenericTableElements
NtQueryValueKey
NtOpenKey
NtFreeVirtualMemory
NtAllocateVirtualMemory
NtSetSystemInformation
NtClose
NtCreateEvent
RtlConvertSharedToExclusive
RtlConvertExclusiveToShared
NtQuerySystemTime
RtlInsertElementGenericTable
RtlLookupElementGenericTable
RtlInitializeGenericTable
RtlEnumerateGenericTable
RtlDeleteElementGenericTable
NtOpenSession
RtlInitUnicodeString
NtNotifyChangeSession
RtlEqualSid
EtwEventActivityIdControl
RtlGetCurrentServiceSessionId
EtwEventWriteFull
RtlNtStatusToDosError
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
NtDelayExecution
RtlFreeSid
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
RtlAllocateAndInitializeSid
RtlUnhandledExceptionFilter
RtlInitializeResource
RtlDeleteResource
EtwEventWriteTransfer
EtwEventRegister
EtwEventUnregister
NtTerminateProcess
NtWaitForSingleObject
RtlInitUnicodeStringEx
NtGetNextProcess
RtlDeleteSecurityObject
RtlGetPersistedStateLocation
NtCreateDirectoryObject
RtlGetDaclSecurityDescriptor
RtlDeleteAce
RtlQueryInformationAcl
RtlGetAce
AlpcGetMessageAttribute
RtlCopySecurityDescriptor

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
TlsFree
TlsSetValue
GetCurrentProcessId
OpenThreadToken
GetCurrentThread
OpenProcessToken
GetCurrentProcess
SwitchToThread
CreateProcessW
ProcessIdToSessionId
TlsAlloc
GetCurrentThreadId
SetThreadToken
GetProcessId
CreateThread
TerminateProcess

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapSetInformation
HeapFree

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleW
GetModuleHandleExA
GetModuleHandleExW
FreeLibrary
GetProcAddress
GetModuleFileNameA

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
DebugBreak
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
CreateSemaphoreExW
CreateMutexExW
WaitForMultipleObjectsEx
OpenEventW
CreateEventW
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeCriticalSection
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
AcquireSRWLockShared
AcquireSRWLockExclusive
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
CreateMutexW
OpenSemaphoreW
SleepEx

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
SubmitThreadpoolWork
CreateThreadpoolWork
CloseThreadpoolWait
CloseThreadpoolWork
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWait

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCloseKey
RegNotifyChangeKeyValue
RegGetValueW
RegEnumKeyExW
RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW
RegOpenCurrentUser
RegCreateKeyExW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
Sleep
InitOnceComplete

rpcrt4

I_RpcMapWin32Status
I_RpcBindingIsClientLocal
RpcServerTestCancel
RpcServerRegisterAuthInfoW
RpcServerInqDefaultPrincNameW
RpcServerRegisterIf3
RpcServerSubscribeForNotification
RpcServerUnsubscribeForNotification
RpcAsyncCompleteCall
UuidCreate
RpcRevertToSelf
RpcImpersonateClient
RpcServerInqCallAttributesW
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcServerUnregisterIfEx
RpcServerRegisterIfEx
RpcServerUseProtseqEpW
I_RpcBindingInqLocalClientPID
UuidToStringW
RpcRaiseException
RpcBindingServerFromClient
NdrClientCall3
RpcBindingFree
RpcStringBindingComposeW
RpcBindingFromStringBindingW
Ndr64AsyncServerCallAll
NdrAsyncServerCall
NdrServerCall2
NdrServerCallAll
RpcStringFreeW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTime
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetVersionExW
GetSystemDirectoryW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoTaskMemFree
CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoCreateGuid
StringFromCLSID

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueEx
CreateTimerQueue
QueueUserWorkItem
DeleteTimerQueueTimer
CreateTimerQueueTimer
UnregisterWaitEx

api-ms-win-core-toolhelp-l1-1-0

CreateToolhelp32Snapshot
Process32FirstW
Process32NextW

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-perfcounters-l1-1-0

PerfSetCounterSetInfo
PerfStartProvider
PerfCreateInstance
PerfSetCounterRefValue
PerfStopProvider

api-ms-win-core-windowserrorreporting-l1-1-1

WerRegisterAdditionalProcess
WerRegisterCustomMetadata
WerUnregisterCustomMetadata

kernelbase

WTSIsServerContainer
WTSGetServiceSessionId

api-ms-win-oobe-notification-l1-1-0

UnregisterWaitUntilOOBECompleted
OOBEComplete
RegisterWaitUntilOOBECompleted

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation
EventWriteTransfer

api-ms-win-core-sysinfo-l1-2-0

GetOsSafeBootMode

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-file-l1-1-0

CreateDirectoryW
CreateFileW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
UnregisterTraceGuids
TraceMessage
RegisterTraceGuidsW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-path-l1-1-0

PathCchAppend

Exports

Exports

ServiceMain

Sections

.text
Size: 592KB - Virtual size: 588KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mdmmigrator.dll
.dll windows:10 windows x64 arch:x64

5e84da7ddab84ece9b8a53c1a62692ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mdmmigrator.pdb

Imports

msvcrt

__C_specific_handler
_unlock
__dllonexit
_initterm
_amsg_exit
_XcptFilter
malloc
free
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
_onexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
__CxxFrameHandler3
sprintf_s
memmove_s
memmove
memcmp
memcpy
_lock
??_V@YAXPEAX@Z
_purecall
memcpy_s
swprintf_s
wcschr
_wcsicmp
_callnewh
_vsnwprintf
__CxxFrameHandler4
_CxxThrowException
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA
GetProcAddress

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockShared
DeleteCriticalSection
OpenEventW
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockExclusive
CreateSemaphoreExW
ReleaseSemaphore
WaitForSingleObject
ReleaseSRWLockShared
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime
GetTickCount

dmenrollengine

ord10
GetEnrollmentCertStore
GetEnrollmentType
GetEnrollmentSID

msvcp110_win

?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Winerror_map@std@@YAPEBDH@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Add_vtordisp2@?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Add_vtordisp1@?$basic_istream@GU?$char_traits@G@std@@@std@@UEAAXXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_BADOFF@std@@3_JB
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString
SysStringLen

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CLSIDFromString
CoCreateInstance
StringFromGUID2

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegOpenCurrentUser
RegCreateKeyExW
RegCloseKey
RegQueryInfoKeyW
RegGetValueW
RegEnumValueW
RegSetValueExW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

ntdll

RtlIsStateSeparationEnabled

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW

dmcmnutils

UnicodeToMB
DmRevertToSelf
OmaDmRegistryGetDWORD
DmImpersonate
IsWvdFeatureAllowed
DmDeleteTask
HexStringToBinary
InvStrCmpIW
OmaDmRegistryGetString

rpcrt4

UuidCreate
UuidFromStringW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchAppend

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

crypt32

CertFreeCertificateContext
CertOpenStore
CertFindCertificateInStore
CertCloseStore

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

Exports

Exports

MigrateBlueToThreshold
MigrateBlueToThresholdNeeded

Sections

.text
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mdmregistration.dll
.dll windows:10 windows x64 arch:x64

908b658ed6be64b79f8786336629060b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MDMRegistration.pdb

Imports

msvcrt

memcpy
_initterm
memmove
_amsg_exit
_XcptFilter
wcschr
memset
__C_specific_handler
__CxxFrameHandler3
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
memcmp
_onexit
wcstok_s
wcscpy_s
_wcsicmp
_wtoi
wcsncmp
_wtol
_errno
isspace
wcsrchr
swscanf_s
wcstoul
wcsstr
_vsnwprintf_s
_wcsnicmp
strchr
strncpy_s
_set_errno
strtol
strrchr
sprintf_s
_callnewh
malloc
memmove_s
free
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
_CxxThrowException
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
wcsnlen
__CxxFrameHandler4
??3@YAXPEAX@Z
wcscmp

ntdll

RtlNtStatusToDosError
RtlPublishWnfStateData
RtlLookupFunctionEntry
RtlCaptureContext
RtlIsStateSeparationEnabled
RtlVirtualUnwind

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleExW
FreeLibrary
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleW
GetModuleHandleExA
GetModuleFileNameA
LoadStringW
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CreateSemaphoreExW
ReleaseSRWLockExclusive
ReleaseMutex
WaitForSingleObject
WaitForMultipleObjectsEx
InitializeCriticalSectionEx
CreateEventExW
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
SetEvent

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegSetValueExW
RegGetValueW
RegCreateKeyExW
RegDeleteTreeW
RegQueryValueExW
RegCloseKey

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalFree
LocalAlloc

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

GetUserDefaultLocaleName
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetVersionExW
GetSystemTimeAsFileTime
GetComputerNameExW
GetSystemTime

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
Sleep
SleepConditionVariableSRW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-file-l1-1-0

WriteFile
CreateFileW

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

rpcrt4

UuidCreate
UuidFromStringW

msvcp110_win

?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DiscoverManagementService
DiscoverManagementServiceEx
FindDiscoveryService
GetDeviceManagementConfigInfo
GetDeviceRegistrationInfo
GetManagementAppHyperlink
IsDeviceRegisteredWithManagement
IsManagementRegistrationAllowed
IsMdmUxWithoutAadAllowed
RegisterDeviceWithManagement
RegisterDeviceWithManagementUsingAADCredentials
RegisterDeviceWithManagementUsingAADDeviceCredentials
RegisterDeviceWithManagementUsingAADDeviceCredentials2
SetDeviceManagementConfigInfo
SetManagedExternally
UnregisterDeviceWithManagement

Sections

.text
Size: 284KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mf.dll
.dll windows:10 windows x64 arch:x64

c839fd83d035292c6cfe47aaf38f93b8

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:60:e0:66:88:0a:32:b4:33:4a:c9:6b:c1:bd:83:33:e8:aa:e0:e4:b4:c5:e0:f5:0e:20:07:a6:4a:65:07:99
Signer

Actual PE Digest

19:60:e0:66:88:0a:32:b4:33:4a:c9:6b:c1:bd:83:33:e8:aa:e0:e4:b4:c5:e0:f5:0e:20:07:a6:4a:65:07:99

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mf.pdb

Imports

api-ms-win-crt-string-l1-1-0

wcsnlen
memset
wcsncmp
strnlen

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wcsnicmp
_o_free
_o_malloc
_o_qsort
_o_realloc
_o_strncpy_s
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
wcsrchr
__CxxFrameHandler3
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswprintf
_o___std_type_info_destroy_list
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
__C_specific_handler
memchr
memcmp
memcpy

ntdll

RtlDeleteFunctionTable
RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry
RtlNtStatusToDosError
RtlGetPersistedStateLocation
NtQuerySystemInformation
RtlAddFunctionTable

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
SizeofResource
GetProcAddress
LoadResource
FindResourceExW
LoadStringW
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameW
GetModuleHandleExW
GetModuleFileNameA

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSemaphore
InitializeCriticalSection
CreateSemaphoreExW
LeaveCriticalSection
WaitForSingleObjectEx
InitializeSRWLock
CreateEventW
EnterCriticalSection
OpenSemaphoreW
CreateMutexExW
SetEvent
ReleaseMutex
WaitForSingleObject

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
CreateThread
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
TerminateProcess
ProcessIdToSessionId
TlsSetValue
GetCurrentProcess

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
VirtualAlloc
UnmapViewOfFile
VirtualFree
MapViewOfFile

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-localization-l1-2-0

GetUserDefaultLCID
FormatMessageW

api-ms-win-core-file-l1-1-0

GetFileSize
GetFinalPathNameByHandleW
ReadFile
CreateFileW
WriteFile
GetFullPathNameW
GetDiskFreeSpaceW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathSkipRootW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-processenvironment-l1-1-0

FreeEnvironmentStringsA
GetEnvironmentStringsW
FreeEnvironmentStringsW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GlobalMemoryStatusEx
GetVersionExW
GetSystemTimeAsFileTime
GetTickCount
GetLocalTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

rpcrt4

UuidFromStringW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AppendPropVariant
ConvertPropVariant
CopyPropertyStore
CreateNamedPropertyStore
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
ExtractPropVariant
MFCreate3GPMediaSink
MFCreateAC3MediaSink
MFCreateADTSMediaSink
MFCreateASFByteStreamPlugin
MFCreateASFContentInfo
MFCreateASFIndexer
MFCreateASFIndexerByteStream
MFCreateASFMediaSink
MFCreateASFMediaSinkActivate
MFCreateASFMultiplexer
MFCreateASFProfile
MFCreateASFProfileFromPresentationDescriptor
MFCreateASFSplitter
MFCreateASFStreamSelector
MFCreateASFStreamingMediaSink
MFCreateASFStreamingMediaSinkActivate
MFCreateAggregateSource
MFCreateAppSourceProxy
MFCreateAudioRenderer
MFCreateAudioRendererActivate
MFCreateByteCacheFile
MFCreateCacheManager
MFCreateCredentialCache
MFCreateDeviceSource
MFCreateDeviceSourceActivate
MFCreateDrmNetNDSchemePlugin
MFCreateEncryptedMediaExtensionsStoreActivate
MFCreateFMPEG4MediaSink
MFCreateFileBlockMap
MFCreateFileSchemePlugin
MFCreateHttpSchemePlugin
MFCreateLPCMByteStreamPlugin
MFCreateMP3ByteStreamPlugin
MFCreateMP3MediaSink
MFCreateMPEG4MediaSink
MFCreateMediaProcessor
MFCreateMediaSession
MFCreateMuxSink
MFCreateNSCByteStreamPlugin
MFCreateNetSchemePlugin
MFCreatePMPHost
MFCreatePMPMediaSession
MFCreatePMPServer
MFCreatePresentationClock
MFCreatePresentationDescriptorFromASFProfile
MFCreateProtectedEnvironmentAccess
MFCreateProxyLocator
MFCreateRemoteDesktopPlugin
MFCreateSAMIByteStreamPlugin
MFCreateSampleCopierMFT
MFCreateSampleGrabberSinkActivate
MFCreateSecureHttpSchemePlugin
MFCreateSequencerSegmentOffset
MFCreateSequencerSource
MFCreateSequencerSourceRemoteStream
MFCreateSimpleTypeHandler
MFCreateSoundEventSchemePlugin
MFCreateSourceResolver
MFCreateStandardQualityManager
MFCreateTopoLoader
MFCreateTopology
MFCreateTopologyNode
MFCreateTranscodeProfile
MFCreateTranscodeSinkActivate
MFCreateTranscodeTopology
MFCreateTranscodeTopologyFromByteStream
MFCreateUrlmonSchemePlugin
MFCreateVideoRenderer
MFCreateVideoRendererActivate
MFCreateWMAEncoderActivate
MFCreateWMVEncoderActivate
MFEnumDeviceSources
MFGetLocalId
MFGetMultipleServiceProviders
MFGetService
MFGetSupportedMimeTypes
MFGetSupportedSchemes
MFGetSystemId
MFGetTopoNodeCurrentType
MFLoadSignedLibrary
MFRR_CreateActivate
MFReadSequencerSegmentOffset
MFRequireProtectedEnvironment
MFShutdownObject
MFTranscodeGetAudioOutputAvailableTypes
MergePropertyStore

Sections

.text
Size: 352KB - Virtual size: 350KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mfcore.dll
.dll regsvr32 windows:10 windows x64 arch:x64

64922848c7de2d29ccdbcafcaa28fa8f

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4a:b0:cf:10:c5:f7:96:bf:e6:03:bc:22:2f:ed:0c:ab:97:db:3a:14:36:4c:ec:48:d1:72:75:d1:12:31:85:67
Signer

Actual PE Digest

4a:b0:cf:10:c5:f7:96:bf:e6:03:bc:22:2f:ed:0c:ab:97:db:3a:14:36:4c:ec:48:d1:72:75:d1:12:31:85:67

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mfcore.pdb

Imports

api-ms-win-crt-string-l1-1-0

strnlen
memset
wcsncmp
wcscmp
memmove_s

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__i64toa_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__ltoa_s
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
_o__ui64tow_s
_o__ultoa_s
_o__ultow_s
memmove
_o__wcsicmp
_o__wcslwr_s
_o__wcsnicmp
_o__wsplitpath_s
_o_ceil
_o_cos
_o_floor
_o_free
_o_isprint
_o_iswalpha
_o_iswdigit
_o_malloc
_o_memcpy_s
_o_qsort
_o_rand
_o_sin
_o_sqrt
_o_sqrtf
_o_srand
_o_strncpy_s
_o_towlower
_o_towupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
wcsstr
__CxxFrameHandler4
__std_terminate
__CxxFrameHandler3
_o__gcvt_s
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__C_specific_handler
_CxxThrowException
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleA
GetModuleFileNameA
SizeofResource
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
DisableThreadLibraryCalls
LoadResource
FindResourceExW
LoadLibraryExA

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
DeleteCriticalSection
OpenSemaphoreW
TryEnterCriticalSection
ResetEvent
EnterCriticalSection
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
InitializeSRWLock
CreateEventExW
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjectsEx
ReleaseSRWLockExclusive
OpenEventW
AcquireSRWLockExclusive
InitializeCriticalSection
ReleaseSRWLockShared
LeaveCriticalSection
AcquireSRWLockShared
CreateEventW
CreateMutexExW
SetEvent

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegCreateKeyExW
RegGetValueW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventEnabled
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-memory-l1-1-0

MapViewOfFile
VirtualAlloc
VirtualFree
MapViewOfFileEx
CreateFileMappingW
OpenFileMappingW
UnmapViewOfFile
VirtualQueryEx

api-ms-win-core-processthreads-l1-1-0

CreateThread
CreateProcessW
GetExitCodeProcess
OpenProcessToken
ProcessIdToSessionId
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TlsSetValue
TerminateProcess
TlsGetValue

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlDeleteFunctionTable
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-heap-l1-1-0

HeapFree
HeapSize
HeapAlloc
GetProcessHeap

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-localization-l1-2-0

IsValidLocaleName
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalFree
GlobalAlloc
LocalAlloc

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetVersionExA

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetEnvironmentVariableW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-wow64-l1-1-0

IsWow64Process
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection

api-ms-win-core-file-l1-1-0

GetFullPathNameW
GetFileSize
GetFinalPathNameByHandleW
ReadFile
CreateFileW
CreateFileA

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-security-base-l1-1-0

PrivilegeCheck
EqualSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid

api-ms-win-core-debug-l1-1-1

CheckRemoteDebuggerPresent

api-ms-win-core-io-l1-1-0

CancelIoEx
DeviceIoControl
GetOverlappedResult

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

NtQueryInformationProcess
NtQuerySystemInformation
RtlNtStatusToDosError

api-ms-win-crt-time-l1-1-0

_time32

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-file-l2-1-0

CopyFileExW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AppendPropVariant
ConvertPropVariant
CopyPropertyStore
CreateNamedPropertyStore
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ExtractPropVariant
MFCopyMFMetadata
MFCopyPropertyStore
MFCopyStreamMetadata
MFCreateAggregateSource
MFCreateAppSourceProxy
MFCreateAudioRenderer
MFCreateAudioRendererActivate
MFCreateDeviceSource
MFCreateDeviceSourceActivate
MFCreateEncryptedMediaExtensionsStoreActivate
MFCreateExtendedCameraIntrinsicModel
MFCreateExtendedCameraIntrinsics
MFCreateFileSchemePlugin
MFCreateMFMetadataOnPropertyStore
MFCreateMediaProcessor
MFCreateMediaSession
MFCreatePMPHost
MFCreatePMPMediaSession
MFCreatePMPServer
MFCreatePresentationClock
MFCreatePresentationClockAsyncTimeSource
MFCreateSampleCopierMFT
MFCreateSampleGrabberSinkActivate
MFCreateSequencerSegmentOffset
MFCreateSequencerSource
MFCreateSequencerSourceRemoteStream
MFCreateSimpleTypeHandler
MFCreateSoundEventSchemePlugin
MFCreateStandardQualityManager
MFCreateTopoLoader
MFCreateTopology
MFCreateTopologyNode
MFCreateTransformWrapper
MFCreateWMAEncoderActivate
MFCreateWMVEncoderActivate
MFEnumDeviceSources
MFGetMultipleServiceProviders
MFGetService
MFGetTopoNodeCurrentType
MFReadSequencerSegmentOffset
MFRequireProtectedEnvironment
MFShutdownObject
MergePropertyStore

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 368KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mfds.dll
.dll regsvr32 windows:10 windows x64 arch:x64

92a5d8cc572971a7f8f04992ae2073dd

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d0:6e:81:98:eb:46:3e:c6:de:ab:70:06:b8:d3:01:40:92:13:83:ce:d1:3c:bc:36:03:1b:e9:a5:19:7f:3b:9f
Signer

Actual PE Digest

d0:6e:81:98:eb:46:3e:c6:de:ab:70:06:b8:d3:01:40:92:13:83:ce:d1:3c:bc:36:03:1b:e9:a5:19:7f:3b:9f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MFDS.pdb

Imports

api-ms-win-crt-string-l1-1-0

wcslen
wcscmp
memset
memmove_s
wcsncmp
strnlen

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__i64toa_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__ltoa_s
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
_o__ultoa_s
_o__wcsicmp
_o__gcvt_s
_o__wcsnicmp
_o__wtoi
_o_calloc
_o_free
_o_iswalpha
_o_iswdigit
_o_malloc
_o_qsort
_o_strncpy_s
_o_towlower
_o_towupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o___stdio_common_vswprintf_s
__std_terminate
__CxxFrameHandler4
wcsstr
wcsrchr
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___std_type_info_destroy_list
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
memmove
_o__cexit
__C_specific_handler
_o__callnewh
memcpy
memcmp
_o__wcslwr

oleaut32

SysFreeString
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayCreate
VarUI4FromStr
SysAllocStringLen
VariantClear
SafeArrayAccessData

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
ResetEvent
WaitForSingleObject
EnterCriticalSection
InitializeSRWLock
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SetEvent
ReleaseSemaphore
CreateSemaphoreExW
OpenSemaphoreW
CreateMutexExW
ReleaseMutex
WaitForMultipleObjectsEx
WaitForSingleObjectEx
ReleaseSRWLockShared
OpenEventW
AcquireSRWLockShared

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
TlsSetValue
CreateThread
TerminateProcess
GetThreadPriority
GetCurrentProcessId
GetCurrentThreadId
TlsGetValue
GetCurrentProcess
GetCurrentThread

api-ms-win-core-com-l1-1-0

PropVariantCopy
CoUninitialize
StringFromGUID2
IIDFromString
CoTaskMemAlloc
StringFromCLSID
CreateStreamOnHGlobal
CoTaskMemRealloc
CoInitializeEx
PropVariantClear
CoTaskMemFree
CoCreateInstance
CoFreeUnusedLibraries
CoCreateGuid

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
DisableThreadLibraryCalls
GetModuleHandleExW
FreeLibrary
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
FindResourceExW
LoadLibraryExW
GetProcAddress
LoadResource

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegCreateKeyExW
RegQueryValueExW
RegGetValueW
RegEnumValueW
RegCloseKey
RegEnumKeyExW
RegSetValueExW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW
lstrlenW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetVersionExW
GetSystemTimeAsFileTime
GetTickCount64
GetTickCount

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-mm-time-l1-1-0

timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeGetTime

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWait
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsRelativeW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
GlobalAlloc

api-ms-win-core-file-l1-1-0

WriteFile
CreateFileW
GetFullPathNameW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-security-trustee-l1-1-0

BuildTrusteeWithSidW

api-ms-win-security-base-l1-1-0

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
AllocateAndInitializeSid

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-featurestaging-l1-1-0

UnsubscribeFeatureStateChangeNotification
RecordFeatureUsage
SubscribeFeatureStateChangeNotification

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-io-l1-1-0

CreateIoCompletionPort
GetQueuedCompletionStatus

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
OpenFileMappingW
VirtualAlloc
VirtualFree
MapViewOfFile

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch

api-ms-win-appmodel-runtime-l1-1-0

GetCurrentPackageFamilyName

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
InitAACAudioStream_
InitAC3AudioStream_
InitAC4AudioStream_
InitBDAVLPCMAudioStream_
InitDDPlusAudioStream_
InitDTSAudioStream_
InitH264Stream_
InitHEVCStream_
InitLPCMAudioStream_
InitLPCMMiracastAudioStream_
InitMpeg1VideoStream_
InitMpeg2VideoStream_
InitMpegAudioStream_
InitTrueHDAudioStream_
PESHeaderLength
PESPacketLength
PESPacketPTSinPCR
PackMuxRate
PackSCR
xCreateCannedMediaType
xMediaSubTypeTransform

Sections

.text
Size: 1008KB - Virtual size: 1004KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mfpmp.exe
.exe windows:10 windows x64 arch:x64

4026f56715ff1b2a293fa3e6fadb2a72

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:32:b3:9c:3b:b5:6a:7b:9f:5e:0e:0c:9a:40:dc:66:7b:a0:09:31:33:67:82:6a:09:bb:c5:0b:11:fe:2f:33
Signer

Actual PE Digest

05:32:b3:9c:3b:b5:6a:7b:9f:5e:0e:0c:9a:40:dc:66:7b:a0:09:31:33:67:82:6a:09:bb:c5:0b:11:fe:2f:33

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MFPMP.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o_exit
_o_free
_o_iswalpha
_o_iswdigit
_o_malloc
_o_qsort
_o_strncpy_s
_o_terminate
_o_towupper
__C_specific_handler
__current_exception
__current_exception_context
_o___p__commode
_o__callnewh
_o__cexit

api-ms-win-crt-string-l1-1-0

memset
strnlen

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapSetInformation
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
SetErrorMode
GetErrorMode
GetLastError
RaiseException

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentVariableW
GetCommandLineW

api-ms-win-core-com-l1-1-0

CoInitializeSecurity
CoTaskMemFree
CoCreateInstance
IIDFromString
CoFreeUnusedLibraries
CoCreateFreeThreadedMarshaler
CoInitializeEx
StringFromCLSID
CoUninitialize

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-synch-l1-1-0

OpenEventW
CreateEventW
DeleteCriticalSection
ResetEvent
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEvent
WaitForMultipleObjectsEx

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TlsGetValue
TlsSetValue
TerminateProcess
GetStartupInfoW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
GetModuleHandleExW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-appmodel-runtime-l1-1-2

AppPolicyGetMediaFoundationCodecLoading

mfcore

MFCreatePMPHost

mfplat

MFStartup
MFGetCallStackTracingWeakReference
MFGetSystemTime
MFShutdown

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mfps.dll
.dll regsvr32 windows:10 windows x64 arch:x64

38cb612a53a6b5410024c3f7e7e27491

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d7:e2:4c:63:7b:ae:5e:cb:37:5a:0a:07:b7:d7:6c:d9:ca:67:28:ca:09:5a:a5:cf:2b:0a:14:1c:f4:80:b6:37
Signer

Actual PE Digest

d7:e2:4c:63:7b:ae:5e:cb:37:5a:0a:07:b7:d7:6c:d9:ca:67:28:ca:09:5a:a5:cf:2b:0a:14:1c:f4:80:b6:37

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MFPS.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
strnlen

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memcpy
_o_free
_o_malloc
_o_qsort
_o_strncpy_s
__C_specific_handler
_o__configure_narrow_argv
_o___std_type_info_destroy_list
_o__cexit
_o__callnewh

rpcrt4

IUnknown_QueryInterface_Proxy
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrStubForwardingFunction
NdrClientCall3
IUnknown_AddRef_Proxy
NdrOleAllocate
NdrStubCall3
IUnknown_Release_Proxy
NdrOleFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
DisableThreadLibraryCalls
FreeLibrary

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient5
ObjectStublessClient7
ObjectStublessClient15
ObjectStublessClient6
ObjectStublessClient8
ObjectStublessClient22
ObjectStublessClient17
ObjectStublessClient3
ObjectStublessClient16
ObjectStublessClient23
NdrProxyForwardingFunction7
ObjectStublessClient4
ObjectStublessClient12
ObjectStublessClient14
ObjectStublessClient18
ObjectStublessClient20
ObjectStublessClient11
NdrProxyForwardingFunction6
ObjectStublessClient13
NdrProxyForwardingFunction4
NdrProxyForwardingFunction5
ObjectStublessClient10
NdrProxyForwardingFunction9
NdrProxyForwardingFunction3
ObjectStublessClient9
NdrProxyForwardingFunction8
ObjectStublessClient21
NdrProxyForwardingFunction25
ObjectStublessClient19
NdrProxyForwardingFunction24

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserMarshal64
HSTRING_UserFree
HSTRING_UserUnmarshal64
HSTRING_UserFree64
HSTRING_UserMarshal
HSTRING_UserSize
HSTRING_UserSize64
HSTRING_UserUnmarshal

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
TlsSetValue
GetCurrentProcessId
GetCurrentThreadId
TlsGetValue

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mfsensorgroup.dll
.dll windows:10 windows x64 arch:x64

62f0c0cf4f34c355fa9f72edf62dd30e

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e3:af:c0:4b:44:d2:3c:db:b4:1e:4e:19:87:2a:0a:e1:c4:57:6c:f6:ff:57:e0:d2:b9:46:0e:4a:04:45:4e:ce
Signer

Actual PE Digest

e3:af:c0:4b:44:d2:3c:db:b4:1e:4e:19:87:2a:0a:e1:c4:57:6c:f6:ff:57:e0:d2:b9:46:0e:4a:04:45:4e:ce

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mfsensorgroup.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wcslwr_s
_o__wcsnicmp
_o__wcstoui64
_o__wcsupr_s
_o__wtol
_o_free
_o_iswdigit
_o_malloc
_o_tolower
_o_wcscpy_s
_o_wcsncpy_s
__C_specific_handler
__CxxFrameHandler3
_o__configure_narrow_argv
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___std_type_info_destroy_list
_o__cexit
_o__callnewh
_o__crt_atexit
wcsstr
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcsnlen

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureUsage
SubscribeFeatureStateChangeNotification
UnsubscribeFeatureStateChangeNotification
GetFeatureEnabledState

api-ms-win-core-synch-l1-1-0

ReleaseMutex
WaitForSingleObject
CreateEventExW
ReleaseSemaphore
InitializeCriticalSection
SetEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateSemaphoreExW
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError
RaiseException

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
GetTraceEnableFlags
RegisterTraceGuidsW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-devices-swdevice-l1-1-0

SwDeviceInterfaceSetState
SwMemFree
SwDeviceClose
SwDeviceInterfaceRegister
SwDeviceCreate
SwDeviceInterfacePropertySet

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-devices-swdevice-l1-1-1

SwDeviceSetLifetime

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegDeleteTreeW
RegOpenKeyExW
RegEnumValueW
RegDeleteKeyExW
RegDeleteValueW
RegQueryValueExW
RegEnumKeyExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW

api-ms-win-devices-config-l1-1-1

CM_Uninstall_DevNode
CM_Open_DevNode_Key
CM_Open_Device_Interface_KeyW
CM_Get_Device_Interface_PropertyW
CM_MapCrToWin32Err
CM_Locate_DevNodeW
CM_Get_DevNode_PropertyW
CM_Set_Device_Interface_PropertyW
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW
CM_Query_And_Remove_SubTreeW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

cfgmgr32

CM_Get_Device_Interface_AliasW

rpcrt4

UuidFromStringW

api-ms-win-security-base-l1-1-0

EqualSid
GetTokenInformation
AllocateAndInitializeSid
CheckTokenMembership
FreeSid

api-ms-win-core-synch-l1-2-0

Sleep

ntdll

NtQuerySystemInformation
RtlCapabilityCheck
RtlInitUnicodeString
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlAllocateWnfSerializationGroup
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsCreateString

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-devices-query-l1-1-0

DevFindProperty
DevGetObjectProperties

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime

bcrypt

BCryptOpenAlgorithmProvider
BCryptDestroyHash
BCryptFinishHash
BCryptCreateHash
BCryptHashData
BCryptGetProperty
BCryptCloseAlgorithmProvider

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-appmodel-runtime-l1-1-0

GetCurrentPackageFamilyName
GetPackageFamilyName

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

MFCheckProcessCapabilities
MFCleanupVirtualCameraEntries
MFCloneSensorProfile
MFCreateCameraControlMonitor
MFCreateCameraOcclusionStateMonitor
MFCreateConfigurationEntry
MFCreatePackageFamilyNameTag
MFCreatePassthroughTranslatedMediaType
MFCreateRelativePanelWatcher
MFCreateSensorActivityMonitor
MFCreateSensorDeviceBlobByObject
MFCreateSensorGroup
MFCreateSensorGroupById
MFCreateSensorGroupCollection
MFCreateSensorGroupIdManager
MFCreateSensorGroupWithOptions
MFCreateSensorProfile
MFCreateSensorProfileCollection
MFCreateSensorProfileWithFlags
MFCreateSensorStream
MFCreateTranslatedMediaType
MFCreateTranslatedMediaType2
MFCreateTranslatedMediaType3
MFCreateVirtualCamera
MFDeleteSensorGroupById
MFGenerateAndPublishCameraTelemetry
MFGetDeviceFromFSUniqueId
MFGetDeviceFromSGHash
MFGetSGCH
MFGetSensorDeviceProperty
MFGetSensorDeviceRegistryProperty
MFGetSensorGroupAttributesFromId
MFGetSensorGroupPropertyName
MFGetSensorOrientation
MFInitializeSensorGroupStore
MFIsSensorGroupName
MFIsStreamAvailableToAppPackage
MFIsVirtualCameraTypeSupported
MFLoadSensorGroupFromRegistry
MFLoadSensorProfiles
MFPublishSensorProfiles
MFSensorProfileParseFilterSetString
MFValidateSensorProfile
MFWriteSensorGroupDataToRegistry

Sections

.text
Size: 396KB - Virtual size: 394KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mfsvr.dll
.dll windows:10 windows x64 arch:x64

0b77a0d10bfbee4775cd644ca249c57b

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

89:ef:34:22:38:52:3f:72:f1:71:0a:d2:b1:cb:dc:54:d0:27:69:29:7a:4a:40:62:99:8f:51:69:d3:c3:35:bc
Signer

Actual PE Digest

89:ef:34:22:38:52:3f:72:f1:71:0a:d2:b1:cb:dc:54:d0:27:69:29:7a:4a:40:62:99:8f:51:69:d3:c3:35:bc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MFSVR.pdb

Imports

msvcp_win

?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?_Xlength_error@std@@YAXPEBD@Z
?flags@ios_base@std@@QEBAHXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?width@ios_base@std@@QEAA_J_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Unlock_shared_ptr_spin_lock
_Lock_shared_ptr_spin_lock
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QEBA_NXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?width@ios_base@std@@QEBA_JXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z

api-ms-win-crt-string-l1-1-0

wcsncmp
wcscmp
strnlen
memset

api-ms-win-crt-math-l1-1-0

_finite

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__ltoa_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__ultoa_s
memmove
_o__i64toa_s
_o_ceilf
_o_floor
_o_free
_o_malloc
_o_qsort
_o_rand
_o_realloc
_o_sqrt
_o_sqrtf
_o_srand
_o_strncpy_s
_o_wcscat_s
_o_wcscpy_s
__CxxFrameHandler4
__std_terminate
__std_type_info_compare
__C_specific_handler
__CxxFrameHandler3
_o__gcvt_s
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_CxxThrowException
memcmp
memcpy

mfplat

MFCreateAttributes
MFPutWorkItem2
MFCreateCollection
MFllMulDiv
MFPutWorkItem
MFGetCallStackTracingWeakReference
MFCreateVideoSampleAllocatorEx
MFLockWorkQueue
MFCreateEMEStoreObject
MFGetSystemTime
MFCreateMediaEvent
MFUnlockWorkQueue
MFDeserializeAttributesFromStream
MFCancelWorkItem
MFCreateDXGISurfaceBuffer
MFCreateWICBitmapBuffer
MFCopyImage
MFCreateSample
MFSerializeAttributesToStream
MFCreateEventQueue
MFInitVideoFormat_RGB
MFUnlockDXGIDeviceManager
MFLockSharedWorkQueue
MFCreateAsyncResult
MFScheduleWorkItem
MFPutWaitingWorkItem
MFLockDXGIDeviceManager
MFGetPlaneSize
MFCreateTelemetrySession
MFCreateMediaType
MFScheduleWorkItemEx
MFMapDXGIFormatToDX9Format
MFCreateVideoMediaType
MFCreateDXGIDeviceManager
MFAllocateSerialWorkQueue

bcrypt

BCryptGetProperty
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptVerifySignature
BCryptDestroyKey
BCryptImportKeyPair
BCryptCreateHash
BCryptHashData

ntdll

RtlVirtualUnwind
NtPowerInformation
RtlCaptureContext
RtlLookupFunctionEntry
RtlNtStatusToDosError

rpcrt4

IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
NdrDllGetClassObject
NdrOleAllocate
NdrDllCanUnloadNow
NdrOleFree
IUnknown_Release_Proxy

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient21
NdrProxyForwardingFunction5
NdrProxyForwardingFunction4
NdrProxyForwardingFunction3
ObjectStublessClient19
ObjectStublessClient5
ObjectStublessClient8
ObjectStublessClient13
NdrProxyForwardingFunction7
ObjectStublessClient16
NdrProxyForwardingFunction25
ObjectStublessClient29
ObjectStublessClient10
NdrProxyForwardingFunction26
ObjectStublessClient24
ObjectStublessClient12
ObjectStublessClient14
ObjectStublessClient11
ObjectStublessClient4
ObjectStublessClient17
ObjectStublessClient22
ObjectStublessClient3
ObjectStublessClient27
ObjectStublessClient9
ObjectStublessClient18
ObjectStublessClient28
ObjectStublessClient20
ObjectStublessClient15
ObjectStublessClient23
ObjectStublessClient7
NdrProxyForwardingFunction6

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
LoadLibraryExW
GetModuleFileNameA
GetModuleFileNameW
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
GetLastError
SetLastError
SetUnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceEnableFlags
TraceMessage
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceLoggerHandle

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
LeaveCriticalSection
CreateEventW
AcquireSRWLockExclusive
CreateEventExW
InitializeCriticalSection
InitializeSRWLock
ReleaseSRWLockShared
EnterCriticalSection
CancelWaitableTimer
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockExclusive
SetEvent
SetWaitableTimer
ResetEvent
CreateSemaphoreExW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
OpenSemaphoreW
CreateWaitableTimerExW

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
OpenProcessToken
GetProcessTimes
GetCurrentProcessId
TlsSetValue
GetCurrentProcess
GetExitCodeThread
CreateThread
GetCurrentThreadId
TerminateProcess

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak
OutputDebugStringA

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapReAlloc
HeapAlloc

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle
CompareObjectHandles
DuplicateHandle

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GlobalMemoryStatusEx
GetSystemTimeAsFileTime
GetTickCount64
GetSystemInfo

api-ms-win-core-com-l1-1-0

CreateStreamOnHGlobal
CoCreateInstance
StringFromGUID2
PropVariantClear
PropVariantCopy
CoTaskMemFree
CoTaskMemAlloc
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler

api-ms-win-security-systemfunctions-l1-1-0

SystemFunction036

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsDeleteString
WindowsCreateString
WindowsDuplicateString

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegNotifyChangeKeyValue
RegQueryValueExA
RegGetValueW
RegSetValueExA
RegCreateKeyExA
RegQueryValueExW
RegCloseKey

crypt32

CryptBinaryToStringA

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification
PowerReadDCValue
PowerGetActiveScheme
PowerSettingUnregisterNotification

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-power-base-l1-1-0

CallNtPowerInformation

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy
OpenProcess

api-ms-win-core-kernel32-legacy-l1-1-0

PulseEvent
GetSystemPowerStatus

api-ms-win-mm-time-l1-1-0

timeBeginPeriod
timeEndPeriod

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiA

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-file-l1-1-0

WriteFile
ReadFile
CreateFileW
GetFileSize
SetFilePointer
FlushFileBuffers
SetFilePointerEx
CreateFileA

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-console-l1-1-0

AllocConsole

api-ms-win-core-console-l2-2-0

SetConsoleTitleW

api-ms-win-appmodel-runtime-l1-1-2

AppPolicyGetWindowingModel

api-ms-win-dx-d3dkmt-l1-1-0

GdiEntry13
D3DKMTCloseAdapter
D3DKMTQueryAdapterInfo

api-ms-win-dx-d3dkmt-l1-1-1

D3DKMTOpenAdapterFromLuid

api-ms-win-crt-time-l1-1-0

_ctime32
_time32

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
MFCreateHDCPStatus
MFCreateMediaEngineVideoOTA
MFCreateOPMHelper
MFCreateTimedTextRenderer

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
microsoft-windows-kernel-processor-power-events.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

68:3f:09:47:81:b3:d5:0a:8b:73:9e:5f:98:be:15:ba:4d:6c:0b:b3:c4:eb:4f:4a:bc:fc:00:bf:d7:1f:79:58
Signer

Actual PE Digest

68:3f:09:47:81:b3:d5:0a:8b:73:9e:5f:98:be:15:ba:4d:6c:0b:b3:c4:eb:4f:4a:bc:fc:00:bf:d7:1f:79:58

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
msctf.dll
.dll regsvr32 windows:10 windows x64 arch:x64

91e3ccf6a4330dca7672dd9c6c64a751

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:50:2a:c9:6a:e7:7e:c7:1d:47:88:67:ec:0f:cb:a8:64:ce:d5:28:12:cf:9b:d2:a7:41:80:3a:22:d7:39:95
Signer

Actual PE Digest

27:50:2a:c9:6a:e7:7e:c7:1d:47:88:67:ec:0f:cb:a8:64:ce:d5:28:12:cf:9b:d2:a7:41:80:3a:22:d7:39:95

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

msctf.pdb

Imports

msvcrt

??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
_amsg_exit
_wcsnicmp
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
_initterm
_wtoi
rand_s
_CxxThrowException
setlocale
__pctype_func
___lc_handle_func
___lc_codepage_func
___mb_cur_max_func
_errno
__mb_cur_max
__CxxFrameHandler4
__crtLCMapStringW
abort
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
malloc
_unlock
_vsnwprintf
free
wcsrchr
__dllonexit
wcsncpy
wcstoul
_onexit
__CxxFrameHandler3
wcsstr
memset
memmove
strnlen
_vsnprintf
wcscpy_s
wcsncpy_s
wcsnlen
memcpy
memcmp
__C_specific_handler
??1exception@@UEAA@XZ
__crtGetStringTypeW
_XcptFilter
memmove_s
memcpy_s
_wcsicmp
sqrt

ntdll

RtlDllShutdownInProgress
WinSqmIsOptedIn
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
NtAlpcQueryInformation
NtAlpcConnectPortEx
AlpcInitializeMessageAttribute
NtAlpcAcceptConnectPort
NtAlpcOpenSenderProcess
NtAlpcCreatePort
NtAlpcDeleteSectionView
NtAlpcCancelMessage
NtAlpcSendWaitReceivePort
NtAlpcDeletePortSection
NtAlpcCreateSectionView
NtAlpcCreatePortSection
AlpcGetMessageAttribute
RtlPublishWnfStateData
NtQueryWnfStateData
VerSetConditionMask
NtQueryInformationProcess
NtWriteFile
RtlFreeUnicodeString
NtCreateFile
RtlDosPathNameToNtPathName_U
NtQueryValueKey
NtOpenKey
RtlInitUnicodeString
RtlFormatCurrentUserKeyPath
RtlUnhandledExceptionFilter
NtClose
WinSqmAddToStream

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FindStringOrdinal
GetModuleHandleExW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetModuleFileNameA
LoadStringW
FreeLibrary

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-synch-l1-1-0

CreateEventW
WaitForSingleObject
OpenEventW
SetEvent
ResetEvent
CreateMutexW
ReleaseMutex
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
LeaveCriticalSection
OpenSemaphoreW
CreateEventExW
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateSemaphoreExW
AcquireSRWLockShared
CreateMutexExW
OpenMutexW
AcquireSRWLockExclusive
ReleaseSRWLockShared
WaitForSingleObjectEx
WaitForMultipleObjectsEx
InitializeCriticalSection
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapReAlloc
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
TlsGetValue
TlsAlloc
OpenProcessToken
OpenThread
TlsFree
GetProcessIdOfThread
CreateProcessW
ProcessIdToSessionId
CreateThread
ExitThread
GetCurrentProcess
ResumeThread

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetSystemDefaultLangID
LCMapStringW
GetACP
GetSystemDefaultLCID
IsDBCSLeadByteEx
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegGetValueW
RegSetValueExW
RegCreateKeyExW
RegEnumValueW
RegOpenCurrentUser
RegOpenKeyExW
RegDeleteKeyExW
RegCloseKey
RegQueryValueExW
RegDeleteValueW
RegQueryInfoKeyW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar
CompareStringW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
ExpandEnvironmentStringsW

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetTickCount
GetTickCount64
GetSystemInfo
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-file-l1-1-0

GetFullPathNameW
SetFilePointer

api-ms-win-core-processthreads-l1-1-1

OpenProcess
GetProcessMitigationPolicy

api-ms-win-core-psapi-l1-1-0

K32GetProcessImageFileNameW
K32GetModuleFileNameExW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-fibers-l1-1-0

FlsFree
FlsAlloc
FlsSetValue

api-ms-win-core-heap-l2-1-0

LocalAlloc
GlobalAlloc
LocalReAlloc
LocalFree

api-ms-win-security-base-l1-1-0

GetSidSubAuthority
GetSidSubAuthorityCount
CreateWellKnownSid
GetTokenInformation
FreeSid
InitializeSid
EqualSid
CheckTokenMembership
AllocateAndInitializeSid

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance
CoGetApartmentType

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
OpenFileMappingW
MapViewOfFile
CreateFileMappingW

api-ms-win-core-errorhandling-l1-1-3

TerminateProcessOnMemoryExhaustion

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrlenW

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA
GetUserDefaultUILanguage

api-ms-win-core-atoms-l1-1-0

GetAtomNameW
AddAtomW
FindAtomW
DeleteAtom

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch
StrStrIW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-sidebyside-l1-1-0

CreateActCtxW
ActivateActCtx
DeactivateActCtx
ReleaseActCtx

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

CtfImeAssociateFocus
CtfImeConfigure
CtfImeConversionList
CtfImeCreateInputContext
CtfImeCreateThreadMgr
CtfImeDestroy
CtfImeDestroyInputContext
CtfImeDestroyThreadMgr
CtfImeDispatchDefImeMessage
CtfImeEnumRegisterWord
CtfImeEscape
CtfImeEscapeEx
CtfImeGetGuidAtom
CtfImeGetRegisterWordStyle
CtfImeInquire
CtfImeInquireExW
CtfImeIsGuidMapEnable
CtfImeIsIME
CtfImeProcessCicHotkey
CtfImeProcessKey
CtfImeRegisterWord
CtfImeSelect
CtfImeSelectEx
CtfImeSetActiveContext
CtfImeSetCompositionString
CtfImeSetFocus
CtfImeToAsciiEx
CtfImeUnregisterWord
CtfNotifyIME
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetHandwritingStrokeIdForPointer
GetLogonUserSid
HasDeferredInputForCoreDispatcher
InputFocusMonitorCreate
RegisterHandwritingInputRoutingCallback
SetInputScope
SetInputScopeXML
SetInputScopes
SetInputScopes2
TF_CUASAppFix
TF_CanUninitialize
TF_CleanUpPrivateMessages
TF_CreateCategoryMgr
TF_CreateCicLoadMutex
TF_CreateCicLoadWinStaMutex
TF_CreateDisplayAttributeMgr
TF_CreateInputProcessorProfiles
TF_CreateLangBarItemMgr
TF_CreateLangBarMgr
TF_CreateThreadMgr
TF_GetAppCompatFlags
TF_GetCompatibleKeyboardLayout
TF_GetGlobalCompartment
TF_GetInitSystemFlags
TF_GetInputScope
TF_GetShowFloatingStatus
TF_GetThreadFlags
TF_GetThreadMgr
TF_InitSystem
TF_InvalidAssemblyListCacheIfExist
TF_IsCtfmonRunning
TF_IsLanguageBarEnabled
TF_IsThreadWithFlags
TF_MapCompatibleHKL
TF_MapCompatibleKeyboardTip
TF_Notify
TF_PostAllThreadMsg
TF_RunInputCPL
TF_SendLangBandMsg
TF_SetDefaultRemoteKeyboardLayout
TF_SetShowFloatingStatus
TF_SetThreadFlags
TF_UninitSystem
TF_WaitForInitialized
TextInputClientWrapperCreate

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mshtml.dll
.dll windows:10 windows x64 arch:x64

d3ad5f80cd210af89454c17d526b1b78

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mshtml.pdb

Imports

msvcrt

??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_vsnprintf_s
wcspbrk
strncpy_s
_lock
_unlock
__dllonexit
_onexit
__CxxFrameHandler3
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_XcptFilter
_amsg_exit
_statusfp
_beginthreadex
fwprintf
_flushall
fclose
rand_s
fflush
strnlen
__CxxFrameHandler4
malloc
free
realloc
strtoul
strpbrk
bsearch_s
modf
wcstod
wcstok_s
towlower
_wtoi64
_aligned_free
_aligned_malloc
_stricmp
iswgraph
_itoa_s
swprintf_s
bsearch
_finite
_wtoi
_isnan
_ui64tow_s
_wcstoui64
_wtof
iswalnum
iswdigit
iswalpha
_wcslwr_s
_i64tow_s
wcscat_s
_ultow_s
__C_specific_handler
qsort
wcscpy_s
_vsnprintf
_wcsupr
_wcslwr
tolower
wcsncpy_s
strstr
strchr
strncmp
wcsrchr
_wcsupr_s
_itow_s
abort
wcstol
wcsncmp
_wtol
_wcsnicmp
_errno
wcstoul
wcsstr
wcschr
wcscspn
wcstombs_s
towupper
iswlower
strrchr
_strnicmp
isalpha
isxdigit
isdigit
wcsncat_s
_fpclass
_mbsicmp
_mbscspn
_mbsspn
_mbsstr
isspace
_mbschr
_ismbcdigit
_mbscmp
iswcntrl
_ultoa_s
swscanf_s
_wcsrev
wcsspn
exit
fprintf
_fileno
_isatty
fwrite
atof
atoi
strtol
qsort_s
rand
_ltow
_ltow_s
_clearfp
_controlfp_s
iswascii
memmove
memcpy
memcmp
memmove_s
calloc
_resetstkoflw
_wcsicmp
wcsnlen
_initterm
tanf
memset
powf
sin
sinf
sqrt
sqrtf
strcmp
tan
??0exception@@QEAA@AEBV0@@Z
memcpy_s
_vsnwprintf
__iob_func
iswspace
iswpunct
_purecall
_HUGE
fmodf
_CxxThrowException
_setjmp
acosf
asinf
atan2
atan2f
ceil
ceilf
cos
cosf
floor
floorf
fmod
wcscmp

kernel32

TlsGetValue
TlsSetValue
AddAtomW
TlsAlloc
InitializeCriticalSection
FlsAlloc
HeapCreate
GetCurrentProcessId
OpenFileMappingW
MapViewOfFile
HeapDestroy
FlsSetValue
CreateMutexExW
CreateSemaphoreExW
CreateThreadpoolTimer
InitializeSRWLock
RaiseException
QueryPerformanceCounter
GetProfileIntA
GlobalFree
GetTickCount
PowerSetRequest
PowerClearRequest
PowerCreateRequest
LoadLibraryExW
MulDiv
GetTickCount64
GetSystemTimeAsFileTime
WideCharToMultiByte
GlobalSize
GlobalLock
GlobalUnlock
IsDBCSLeadByteEx
MultiByteToWideChar
OpenProcess
GetCPInfo
GetSystemInfo
GetSystemDefaultLocaleName
GetUserDefaultLocaleName
GetModuleFileNameW
CreateThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
SubmitThreadpoolWork
GetFullPathNameW
SetFilePointer
WriteFile
ReadFile
GlobalAlloc
GetTempPath2W
GetTempFileNameW
CreateFileW
GetFileSize
DeleteFileW
GetSystemTime
SystemTimeToFileTime
FindFirstFileW
FindClose
CopyFileW
GetFileType
WaitForMultipleObjectsEx
CreateEventExW
QueryPerformanceFrequency
Sleep
ResolveLocaleName
GetLocaleInfoEx
GetUserGeoID
GetGeoInfoW
IsValidLocaleName
GetEnvironmentVariableW
SetEnvironmentVariableW
InitializeCriticalSectionAndSpinCount
CreateMutexW
GetFileAttributesW
InitOnceExecuteOnce
CompareStringEx
GetSystemTimeAdjustment
GetVersionExW
TrySubmitThreadpoolCallback
InitializeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
LoadLibraryW
ResumeThread
GetUserDefaultLCID
GetLocalTime
GetACP
LocaleNameToLCID
LCIDToLocaleName
GetUserDefaultUILanguage
IsValidCodePage
GetExitCodeThread
ResetEvent
lstrcmpiA
lstrcmpA
InitOnceInitialize
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
QueryDepthSList
CompareFileTime
GetTempPathW
TerminateThread
GetActiveProcessorCount
GetFileTime
DeleteFiber
SwitchToFiber
CreateFiber
ConvertThreadToFiber
ConvertFiberToThread
CompareStringOrdinal
SetEndOfFile
CreateFileMappingW
FlushViewOfFile
lstrcmpW
GetLocaleInfoW
GetDiskFreeSpaceW
FileTimeToSystemTime
CompareStringW
LCMapStringW
GetFileSizeEx
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetCurrentThread
lstrcmpiW
VerSetConditionMask
VerifyVersionInfoW
SetThreadPreferredUILanguages
GetCommandLineW
GlobalDeleteAtom
GlobalAddAtomW
GlobalFindAtomW
HeapSetInformation
GetStringTypeExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
SleepConditionVariableSRW
LocalFree
FindAtomW
DeleteAtom
UnmapViewOfFile
TlsFree
FlsFree
RaiseFailFastException
OpenSemaphoreW
LocalAlloc
DeleteCriticalSection
InitializeCriticalSectionEx
WaitForSingleObjectEx
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
ReleaseMutex
ReleaseSemaphore
SetLastError
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
OutputDebugStringW
IsDebuggerPresent
GetLastError
GetProcAddress
GetModuleHandleW
DebugBreak
GetModuleFileNameA
HeapFree
GetProcessHeap
HeapAlloc
FormatMessageW
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
SetEvent
FreeLibrary
CreateThread
CreateEventW
GetModuleHandleExW
FreeLibraryAndExitThread
CloseHandle
WaitForSingleObject
GetCurrentProcess
WerSetFlags
WerGetFlags
ActivateActCtx
DeactivateActCtx
CreateActCtxW
ReleaseActCtx
QueueUserWorkItem
GlobalFlags
FindResourceExA
LocalSize
GlobalReAlloc
WTSGetActiveConsoleSessionId
LCMapStringEx
ResolveDelayLoadedAPI
DelayLoadFailureHook
GlobalMemoryStatusEx

api-ms-win-downlevel-advapi32-l1-1-0

EventWriteEx
EventActivityIdControl
OpenProcessToken
EventWrite
RegGetValueW
RegQueryInfoKeyW
OpenThreadToken
EventUnregister
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
EventWriteTransfer
RegCreateKeyExW
EventRegister
RegOpenKeyExW
RegCloseKey
RegDeleteTreeW
GetTokenInformation
RegOpenKeyExA
DuplicateTokenEx
CreateProcessAsUserW

api-ms-win-downlevel-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

api-ms-win-downlevel-shlwapi-l1-1-0

IsInternetESCEnabled
PathCreateFromUrlW
UrlCanonicalizeW
PathRemoveFileSpecW
StrCmpIW
StrToIntExW
StrStrIW
StrCmpCW
UrlCombineW
PathQuoteSpacesW
StrCmpNIW
UrlEscapeW
PathFindFileNameW
StrCmpCA
StrCSpnW
StrChrNIW
UrlUnescapeW
PathGetArgsW
StrCmpNIA
PathRemoveBlanksW
PathUnquoteSpacesW
HashData
UrlIsW
UrlCreateFromPathW
UrlApplySchemeW
QISearch
StrChrW
PathStripPathW
StrCmpW
StrCmpICW
StrStrW
StrDupW
StrCmpNW
StrCmpNCW
PathIsFileSpecW
ParseURLW
PathFileExistsW
StrStrA
StrCpyNW
StrTrimW
PathFindExtensionW
UrlGetLocationW
SHLoadIndirectString
PathIsRelativeW
StrPBrkW
StrToInt64ExW
PathSearchAndQualifyW
PathGetCharTypeW
StrCmpNICA
IsCharSpaceW
StrStrIA
PathIsUNCW
PathIsURLW
StrCmpNICW
StrToIntW
StrChrA
GetAcceptLanguagesW
UrlGetPartW
PathGetDriveNumberW
StrCmpICA

api-ms-win-downlevel-user32-l1-1-0

CharLowerA
CharLowerBuffW
CharLowerW
IsCharAlphaNumericW
LoadStringW
IsCharAlphaW
CharNextW
CharUpperW

gdi32

DeleteDC
SetWorldTransform
SetGraphicsMode
CreateDIBSection
ExtTextOutW
SetTextAlign
GetTextColor
GetBkColor
SetStretchBltMode
StretchDIBits
SetDIBits
GetCurrentObject
GetClipRgn
ExtSelectClipRgn
SetBrushOrgEx
CreatePatternBrush
CreateBitmap
Ellipse
Polyline
Polygon
LineTo
MoveToEx
PatBlt
CreatePen
SetDCPenColor
ExtCreatePen
UnrealizeObject
SetBkMode
CreateHatchBrush
SetDCBrushColor
SetROP2
GetFontUnicodeRanges
GetGlyphOutlineW
GetCharWidthW
GetFontData
GetOutlineTextMetricsW
AddFontMemResourceEx
GetTextFaceW
RemoveFontMemResourceEx
StretchBlt
GdiFlush
Rectangle
CreateSolidBrush
GetTextCharsetInfo
TranslateCharsetInfo
CreateEnhMetaFileW
CloseEnhMetaFile
GetEnhMetaFileW
EqualRgn
ExtCreateRegion
GetRegionData
OffsetViewportOrgEx
RealizePalette
SelectPalette
GetPaletteEntries
DeleteObject
SelectObject
GetObjectType
GetDeviceCaps
CreateRectRgn
BitBlt
GetPixel
CreateCompatibleBitmap
CreateCompatibleDC
CreateRectRgnIndirect
GetRandomRgn
OffsetRgn
GetClipBox
SetViewportOrgEx
CombineRgn
ExtEscape
EndDoc
GetRgnBox
RestoreDC
SaveDC
GetViewportOrgEx
CreatePolygonRgn
EnumFontFamiliesExW
EnumFontsW
CreateFontIndirectW
GetTextCharset
SelectClipRgn
DeleteMetaFile
CreateMetaFileW
SetMapMode
SetWindowOrgEx
SetWindowExtEx
CloseMetaFile
SetViewportExtEx
PlayMetaFile
GetWindowOrgEx
GetWindowExtEx
LPtoDP
SetTextColor
SetBkColor
GetStockObject
IntersectClipRect
GetTextMetricsW
GetTextExtentPoint32W
GetObjectW
GetDIBits
GetNearestPaletteIndex
EnumObjects
GetEnhMetaFileHeader
GetDIBColorTable
SetDIBColorTable
SetMetaFileBitsEx
SetEnhMetaFileBits
GetEnhMetaFilePaletteEntries
PlayEnhMetaFile
DeleteEnhMetaFile
AbortDoc
StartPage
EndPage
CreateICW
CreateDCW
StartDocW

user32

UnhookWindowsHookEx
CallNextHookEx
PostThreadMessageW
RegisterClassW
CheckMenuRadioItem
CreatePopupMenu
AppendMenuW
GetMenuStringW
ToUnicodeEx
SubtractRect
UnionRect
MsgWaitForMultipleObjects
GetCaretBlinkTime
GetComboBoxInfo
DrawFocusRect
SendMessageA
ScrollDC
GetLayeredWindowAttributes
CreateCaret
DestroyCaret
SetCaretPos
GetLastInputInfo
EnumDisplaySettingsW
SetWindowsHookExW
GetDisplayConfigBufferSizes
QueryDisplayConfig
GetWindowTextW
FindWindowW
GetLastActivePopup
DrawFrameControl
ShowCaret
HideCaret
GetCaretPos
GetKeyboardLayout
InsertMenuItemW
GetMenuItemInfoW
GetMessageTime
FindWindowExW
WaitMessage
RegisterClassExW
GetSystemMenu
ValidateRgn
GetSysColorBrush
IsDlgButtonChecked
CallWindowProcW
RemovePropW
MoveWindow
DisplayConfigGetDeviceInfo
GetUpdateRect
IsWindowVisible
CopyRect
InflateRect
GetUpdateRgn
InvalidateRgn
GetWindowDC
LockWindowUpdate
DestroyIcon
GetWindowLongA
SetWindowLongA
GetShellWindow
GetKeyboardLayoutList
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
RegisterClipboardFormatA
GetClassInfoExW
UnregisterClassW
GetDpiForSystem
LoadBitmapW
TrackPopupMenu
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
SetRect
GetKeyboardLayoutNameW
DestroyCursor
GetIconInfo
ChildWindowFromPoint
MessageBeep
UpdateLayeredWindow
GetClassInfoW
SetCursorPos
SetRectEmpty
GetWindowRgn
EndDeferWindowPos
BeginDeferWindowPos
DeferWindowPos
InSendMessage
SetMenuItemInfoW
ShowCursor
TrackPopupMenuEx
DestroyAcceleratorTable
TranslateAcceleratorW
AttachThreadInput
IsClipboardFormatAvailable
GetClipboardFormatNameW
GetWindowPlacement
GetWindowLongPtrA
GetTopWindow
AdjustWindowRectEx
BringWindowToTop
RemoveMenu
UnregisterClassA
GetWindowLongW
LoadIconW
SendDlgItemMessageW
LoadImageW
GetWindow
SetWindowLongPtrW
DefWindowProcW
PostMessageW
GetParent
SetActiveWindow
GetWindowLongPtrW
GetKeyState
GetWindowThreadProcessId
GetDCEx
ReleaseDC
RegisterClipboardFormatW
RegisterWindowMessageW
GetDoubleClickTime
IsWindow
DestroyWindow
GetClientRect
FillRect
AllowSetForegroundWindow
GetClassNameW
IsWinEventHookInstalled
NotifyWinEvent
SetTimer
GetDesktopWindow
TranslateMessage
MessageBoxW
DialogBoxParamW
SetWindowTextW
EndDialog
GetFocus
ValidateRect
SetCursor
LoadCursorW
SendMessageW
KillTimer
EnumChildWindows
IsIconic
GetAncestor
GetSystemMetrics
GetMessageExtraInfo
GetCursorInfo
ChildWindowFromPointEx
ScreenToClient
GetCursorPos
WindowFromPoint
IsChild
MapWindowPoints
GetAsyncKeyState
GetMenuState
InsertMenuW
DeleteMenu
LoadMenuW
GetSubMenu
EnableMenuItem
DestroyMenu
GetCapture
ReleaseCapture
IsWindowUnicode
UpdateWindow
EnableWindow
SendMessageTimeoutW
EnumWindows
GetSysColor
GetForegroundWindow
WinHelpW
SetDlgItemTextW
CheckDlgButton
GetDlgItemTextW
InSendMessageEx
ShowWindow
SetWindowPos
SetForegroundWindow
SetFocus
ClientToScreen
SystemParametersInfoW
MonitorFromWindow
GetActiveWindow
GetWindowRect
GetMessagePos
PtInRect
GetKeyboardState
MapVirtualKeyExW
ToAsciiEx
IsRectEmpty
IntersectRect
LoadAcceleratorsW
CopyAcceleratorTableW
VkKeyScanW
GetMenuItemCount
GetMenuItemID
CheckMenuItem
MonitorFromRect
GetMonitorInfoW
GetMessageW
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
PostQuitMessage
MonitorFromPoint
GetDC
RedrawWindow
CreateAcceleratorTableW
OffsetRect
EqualRect
SetWindowRgn
SetPropW
SetParent
CreateWindowExW
SetLayeredWindowAttributes
SetCapture
WindowFromDC
SetWindowLongW
IsWindowEnabled
GetCursor
LoadCursorA
GetPropW
InvalidateRect
GetDlgItem
BeginPaint
EndPaint

iertutil

GetIUriPriv
ord681
ord25
ord21
ord690
ord58
CreateIUriBuilder
ord174
ord793
ord916
ord700
ord32
ord682
ord764
ord775
ord209
ord56
ord398
ord19
ord18
ord96
ord820
ord26
ord791
CreateUriWithFragment
ord688
ord606
ord139
ord796
ord656
ord661
CreateUri
ord651
ord655
ord657
ord667
ord650
ord678
ord660
ord677
ord658
ord662
ord652
ord663
ord654
ord54
ord110
ord151
ord111
ord17
ord44
ord30
ord134
IntlPercentEncodeNormalize
ord466
ord597
ord594
ord325
ord792
ord177
ord603
ord779
ord781
ord774
ord765
ord701
ord49
ord665
ord600
ord605
ord679
ord82
ord50
ord210
GetPortFromUrlScheme
ord42
ord35
ord282
ord281
ord607
ord138

ntdll

RtlGetDeviceFamilyInfoEnum
RtlDllShutdownInProgress
NtClose
NtQuerySystemInformation

rpcrt4

RpcAsyncInitializeHandle
Ndr64AsyncClientCall
NdrClientCall3
RpcBindingBind
RpcBindingFree
RpcBindingCreateW
RpcAsyncCompleteCall
I_RpcExceptionFilter
UuidCreate
RpcAsyncCancelCall

api-ms-win-core-path-l1-1-0

PathCchCanonicalize
PathCchCombine
PathCchAddBackslash
PathCchAppend

sspicli

GetUserNameExW

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-core-file-l1-1-0

SetFilePointerEx
CreateDirectoryW
FileTimeToLocalFileTime
GetFileAttributesExW
GetLongPathNameW
GetFullPathNameA
GetDiskFreeSpaceExW

api-ms-win-core-sysinfo-l1-1-0

GetLogicalProcessorInformation
GetSystemWindowsDirectoryW
GetVersionExA

api-ms-win-core-libraryloader-l1-2-0

LockResource
FindResourceExW
LoadLibraryExA
SizeofResource
LoadResource

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA
GetStdHandle
GetCurrentDirectoryW
SearchPathW

api-ms-win-core-localization-l1-2-0

GetUserPreferredUILanguages
GetThreadUILanguage
GetThreadPreferredUILanguages
GetUserDefaultLangID
GetSystemDefaultLCID
IsDBCSLeadByte

api-ms-win-core-string-l1-1-0

GetStringTypeW

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualFree
VirtualProtect
VirtualAlloc

api-ms-win-core-processenvironment-l1-2-0

SearchPathA

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode

api-ms-win-core-com-l1-1-0

CoGetStandardMarshal
IIDFromString
ProgIDFromCLSID
CoGetPSClsid

api-ms-win-core-handle-l1-1-0

DuplicateHandle

api-ms-win-core-memory-l1-1-1

GetWriteWatch
VirtualUnlock
ResetWriteWatch

api-ms-win-core-string-l2-1-0

CharPrevW
IsCharLowerW
IsCharUpperW

api-ms-win-core-processthreads-l1-1-0

OpenThread
SuspendThread
SwitchToThread
ProcessIdToSessionId
SetThreadPriority
GetProcessId
GetProcessTimes
GetProcessIdOfThread

api-ms-win-core-synch-l1-1-0

OpenEventW
TryEnterCriticalSection

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapUnlock
HeapLock
HeapSize

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo
GetNativeSystemInfo

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW

api-ms-win-core-heap-l2-1-0

LocalReAlloc

api-ms-win-core-threadpool-l1-2-0

CloseThreadpool
CreateThreadpool
SetThreadpoolThreadMaximum

api-ms-win-power-base-l1-1-0

CallNtPowerInformation

api-ms-win-core-realtime-l1-1-0

QueryProcessCycleTime
QueryThreadCycleTime

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-datetime-l1-1-2

GetDurationFormatEx

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegEnumValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadsFromDll

winhttp

WinHttpGetIEProxyConfigForCurrentUser

api-ms-win-core-wow64-l1-1-0

IsWow64Process

wkscli

NetGetJoinInformation

netutils

NetApiBufferFree

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-processthreads-l1-1-1

GetThreadContext

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo
SetConsoleTextAttribute

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

kernelbase

EnumUILanguagesW
StrToIntA
lstrlenW
lstrlenA
OpenGlobalizationUserSettingsKey
GetSystemDefaultUILanguage
GetNumberFormatW

api-ms-win-downlevel-shell32-l1-1-0

CommandLineToArgvW

Exports

Exports

ClearPhishingFilterData
ConvertAndEscapePostData
CreateCoreWebView
CreateHTMLPropertyPage
DllCanUnloadNow
DllEnumClassObjects
DllGetClassObject
GetColorValueFromString
GetWebPlatformObject
IEIsXMLNSRegistered
IERegisterXMLNS
InitializeLocalHtmlEngine
MatchExactGetIDsOfNames
PrintHTML
RunHTMLApplication
ShowHTMLDialog
ShowHTMLDialogEx
ShowModalDialog
ShowModelessHTMLDialog
TravelLogCreateInstance
TravelLogStgCreateInstance
UninitializeLocalHtmlEngine

Sections

.text
Size: 15.9MB - Virtual size: 15.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 180KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 816KB - Virtual size: 812KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 532KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msmpeg2vdec.dll
.dll regsvr32 windows:10 windows x64 arch:x64

7b1bb9bbcb8d5d493c162fd303bd3dba

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:74:b3:85:ac:b9:06:ee:c3:af:f7:08:6a:06:98:2d:de:9a:60:f5:64:7d:86:17:6d:fe:3b:f6:29:05:69:19
Signer

Actual PE Digest

90:74:b3:85:ac:b9:06:ee:c3:af:f7:08:6a:06:98:2d:de:9a:60:f5:64:7d:86:17:6d:fe:3b:f6:29:05:69:19

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

msmpeg2vdec.pdb

Imports

api-ms-win-crt-time-l1-1-0

_time32
_time64

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memcmp
_o_calloc
_o_fclose
_o_fopen
_o_free
_o_fwrite
_o_iswctype
_o_log
_o_malloc
_o_qsort
_o_rand
_o_srand
_o_strncpy_s
_o_terminate
__current_exception
__current_exception_context
_o__cexit
_o__callnewh
_o__beginthreadex
_o__beginthread
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf
_o__execute_onexit_table
_o__errno
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcsstr
memcpy
memmove
__CxxFrameHandler3
_o__crt_atexit
_o__configure_narrow_argv
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_CxxThrowException

api-ms-win-crt-string-l1-1-0

wcsncmp
wcscmp
strnlen
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadLibraryExW
FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryExA
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-synch-l1-1-0

ResetEvent
EnterCriticalSection
CreateMutexExW
LeaveCriticalSection
InitializeCriticalSectionEx
ReleaseMutex
WaitForMultipleObjectsEx
CreateMutexW
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreExW
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ReleaseSRWLockExclusive
OpenSemaphoreW
CreateEventW
SetEvent
AcquireSRWLockExclusive
WaitForSingleObjectEx

api-ms-win-core-memory-l1-1-0

VirtualFree
UnmapViewOfFile
VirtualAlloc
MapViewOfFileEx
CreateFileMappingW
VirtualQueryEx

api-ms-win-core-com-l1-1-0

StringFromCLSID
CoCreateGuid
CoCreateFreeThreadedMarshaler
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
PropVariantClear
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoFreeUnusedLibraries

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventWrite
EventUnregister
EventRegister
EventSetInformation

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegOpenKeyExA
RegQueryValueExA

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
GetCurrentThreadId
TlsGetValue
CreateThread
GetExitCodeThread
GetThreadPriority
SetThreadPriority
GetCurrentProcess
ResumeThread
TerminateProcess
GetCurrentProcessId
GetCurrentThread

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

CreateFileA

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetLocalTime
GetTickCount
GetVersionExA
GetSystemInfo
GetVersionExW
GetSystemTime
GetTickCount64

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent
DebugBreak

api-ms-win-core-largeinteger-l1-1-0

MulDiv

ntdll

RtlNtStatusToDosError
NtQuerySystemInformation

api-ms-win-core-rtlsupport-l1-1-0

RtlDeleteFunctionTable
RtlLookupFunctionEntry
RtlAddFunctionTable
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
SetThreadIdealProcessorEx

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InitializeSListHead
InterlockedPushEntrySList
QueryDepthSList

mfperfhelper

ord4
ord7
ord3
ord2
ord5
ord6
ord8
ord13
ord9
ord10
ord14
ord11
ord12
ord21
ord20
ord15
ord19
ord18
ord17
ord16
ord23
ord22
ord1

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-processtopology-l1-1-0

GetThreadGroupAffinity

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-processtopology-obsolete-l1-1-0

SetThreadAffinityMask
GetProcessAffinityMask

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

rtworkq

RtwqPutWaitingWorkItem
RtwqCreateAsyncResult

Exports

Exports

?GetSurface@CVIDEOfilter@@QEAAJHPEAEJ@Z
?GetSurfaceSize@CVIDEOfilter@@QEAAJHPEAJ@Z
?LoadSurface@CVIDEOfilter@@QEAAJHPEAEK@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetH264DecoderFunctionTable

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 4KB - Virtual size: 364B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 4KB - Virtual size: 280B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 4KB - Virtual size: 268B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 4KB - Virtual size: 280B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 4KB - Virtual size: 460B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 4KB - Virtual size: 292B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 4KB - Virtual size: 316B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 4KB - Virtual size: 268B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 4KB - Virtual size: 268B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 272KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mstsc.exe
.exe windows:10 windows x64 arch:x64

6e2a23a42e5e177b23099091d574c61f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mstsc.pdb

Imports

user32

IsRectEmpty
PtInRect
GetClassInfoW
DefDlgProcW
MonitorFromWindow
MessageBoxW
GetMenuItemCount
InsertMenuItemW
AllowSetForegroundWindow
CreateDialogParamW
DialogBoxParamW
LoadAcceleratorsW
CharNextW
MsgWaitForMultipleObjectsEx
PeekMessageW
SystemParametersInfoW
LoadStringW
RegisterClassW
SetProcessDPIAware
GetKeyboardLayout
CharLowerW
EnumDisplayDevicesW
FillRect
CheckRadioButton
DrawIconEx
GetWindow
MapDialogRect
ScreenToClient
SubtractRect
GetMonitorInfoW
GetWindowDC
GetFocus
DrawTextW
EnumDisplayMonitors
IsDlgButtonChecked
GetDlgItemTextW
CreateDialogIndirectParamW
EndPaint
DrawIcon
BeginPaint
SendDlgItemMessageW
MapWindowPoints
ReleaseDC
GetDC
IsWindowEnabled
RedrawWindow
UnregisterClassA
GetMenu
KillTimer
ShowWindowAsync
AdjustWindowRectEx
EnumDisplaySettingsExW
GetCursorPos
GetTitleBarInfo
SendInput
EqualRect
EnableWindow
IsWindowVisible
SetWindowRgn
SetWindowLongW
LockWindowUpdate
UpdateWindow
InvalidateRect
SetWindowTextW
EnableMenuItem
CheckMenuItem
SetMenuItemInfoW
UnregisterClassW
GetClassInfoExW
ShowWindow
MoveWindow
GetClientRect
SetWindowPlacement
GetWindowLongW
IsZoomed
LoadCursorW
SetCursor
ModifyMenuW
GetSystemMenu
GetMenuItemInfoW
DeleteMenu
CreateMenu
InsertMenuW
AppendMenuW
PostQuitMessage
IsWindow
DestroyIcon
LoadImageW
RegisterWindowMessageW
SetRect
CopyRect
GetDesktopWindow
SetWindowPos
IntersectRect
OffsetRect
SystemParametersInfoA
GetWindowRect
GetWindowPlacement
IsIconic
GetSystemMetrics
LoadIconW
SetForegroundWindow
DefWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
RegisterClassExW
IsChild
CreateWindowExW
DestroyWindow
GetDlgItem
SetFocus
SetDlgItemTextW
EndDialog
CheckDlgButton
SendMessageW
PostMessageW
PostThreadMessageW
IsDialogMessageW
TranslateAcceleratorW
DispatchMessageW
TranslateMessage
GetMessageW
CharUpperW
SetTimer

msvcrt

memcmp
?terminate@@YAXXZ
wcstok
realloc
_errno
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_acmdln
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
memmove
_amsg_exit
memcpy
calloc
_callnewh
iswdigit
towupper
_ltow_s
__CxxFrameHandler3
_wcslwr_s
towlower
wcstol
iswspace
toupper
wcstombs_s
_itow_s
wcstoul
wcschr
_wcsnicmp
_vsnprintf
swscanf_s
wcsstr
wcsftime
gmtime
_wtoi
wcsrchr
memset
pow
__getmainargs
wcsncmp
_wtol
wcstok_s
_wcsicmp
_purecall
wcscat_s
wcscpy_s
free
malloc
wcsncpy_s
__C_specific_handler
memcpy_s
_vsnwprintf
_XcptFilter
wcsncat_s
time
wcscmp

shlwapi

PathAppendW
PathFindFileNameW
StrStrIW
PathFindExtensionW
ShellMessageBoxW
PathRemoveFileSpecW
PathStripPathW

ntdll

RtlInitString
VerSetConditionMask
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlNtStatusToDosError

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureUsage
GetFeatureEnabledState
SubscribeFeatureStateChangeNotification
UnsubscribeFeatureStateChangeNotification

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shcore

SHStrDupW
SHCreateMemStream

dwmapi

DwmGetWindowAttribute

wtsapi32

WTSQuerySessionInformationW
WTSOpenServerW
WTSFreeMemory
WTSCloseServer

kernel32

GetModuleHandleW
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
CreateThreadpool
InitializeCriticalSectionAndSpinCount
FindResourceW
LoadLibraryA
GetProcessId
TerminateThread
ProcessIdToSessionId
GetComputerNameW
InitOnceExecuteOnce
ExpandEnvironmentStringsW
LockResource
GetOverlappedResult
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
DisconnectNamedPipe
CreateThreadpoolIo
CancelThreadpoolIo
StartThreadpoolIo
CloseThreadpoolIo
WaitForThreadpoolIoCallbacks
QueueUserWorkItem
ResetEvent
CreateSemaphoreW
FreeLibraryAndExitThread
GetExitCodeThread
WaitForMultipleObjects
CancelWaitableTimer
SetWaitableTimer
CreateWaitableTimerExW
OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
WideCharToMultiByte
K32GetModuleFileNameExW
Sleep
HeapSetInformation
GetSystemDirectoryW
CreateProcessW
GetCurrentThread
GetTickCount64
WriteFile
VerifyVersionInfoW
FindClose
FindNextFileW
FindFirstFileW
GetFileAttributesExW
GetTempPathW
CompareStringW
SetFilePointer
GetACP
GetFullPathNameW
CreateThreadpoolTimer
CompareStringOrdinal
GetFileAttributesW
LocalAlloc
CreateDirectoryW
SearchPathW
GetCurrentDirectoryW
LocalFree
LoadLibraryW
GetCurrentProcess
TerminateProcess
GetStartupInfoA
MulDiv
lstrcmpW
GetVersionExA
GetVersionExW
ReadFile
GetFileSize
CreateFileW
GetDateFormatW
GetTimeFormatW
GetLocalTime
DeleteFileW
CreateThread
CreateEventW
DeleteCriticalSection
SetEvent
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetCommandLineW
GetModuleHandleExA
GetModuleFileNameW
FindResourceExW
SystemTimeToFileTime
MapViewOfFile
CreateFileMappingW
LCIDToLocaleName
UnmapViewOfFile
GetLocaleInfoW
GetUserDefaultUILanguage
GetLocaleInfoEx
GetSystemDefaultUILanguage
DelayLoadFailureHook
ResolveDelayLoadedAPI
LoadResource
SizeofResource
MultiByteToWideChar
RaiseException
lstrcmpiW
LoadLibraryExW
FreeLibrary
IsDebuggerPresent
DebugBreak
GetProcessHeap
GetCurrentProcessId
CreateMutexExW
GetProcAddress
HeapAlloc
SetThreadpoolTimer
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CloseThreadpoolTimer
OutputDebugStringW
ReleaseSRWLockExclusive
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
CloseThreadpool
TrySubmitThreadpoolCallback
GetSystemTime
QueryPerformanceFrequency
TlsSetValue
OpenThread
TlsFree
TlsGetValue
SwitchToThread
GetSystemInfo
TlsAlloc
CloseThreadpoolCleanupGroup

normaliz

IdnToAscii

api-ms-win-core-path-l1-1-0

PathCchRemoveExtension
PathAllocCombine

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mstscax.dll
.dll regsvr32 windows:10 windows x64 arch:x64

9f7719b597ca1aff1108c1464c791424

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mstscax.pdb

Imports

msvcrt

ceil
cos
exp
__RTDynamicCast
isalpha
ceilf
atan2
floor
floorf
log
log10
_CxxThrowException
vswprintf_s
swscanf_s
_snprintf_s
printf
towupper
tolower
gmtime
wcsftime
wcstoul
wcsncat_s
_ultow
_ltow
_itow_s
isdigit
fclose
_vscwprintf
_wfopen_s
fwrite
fprintf
_waccess_s
_wfopen
_strnicmp
_strlwr_s
srand
time
rand
memcpy_s
_vsnprintf
calloc
wcschr
wcstol
iswdigit
iswspace
toupper
wcstombs_s
wcsncpy_s
_wcslwr_s
__CxxFrameHandler3
memmove_s
wcstok_s
wcsrchr
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
realloc
wcsnlen
wcscat_s
_wcsnicmp
wcsncmp
vsprintf_s
wcsstr
towlower
swprintf_s
_aligned_free
_aligned_malloc
_errno
_time64
_gmtime64_s
_wtoi
_itoa_s
wcscpy_s
wcscspn
sprintf_s
_ltow_s
_stricmp
_resetstkoflw
memmove
memset
pow
sin
sqrt
_onexit
__dllonexit
_unlock
strtok_s
_lock
__C_specific_handler
_initterm
_amsg_exit
_wtol
strncmp
iswalnum
wcspbrk
_XcptFilter
_wcslwr
free
_callnewh
_snwprintf_s
malloc
_wcsicmp
strnlen
_vsnwprintf
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
memcpy
memcmp
memchr
_purecall
log10f
wcscmp

ntdll

RtlAreBitsSet
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlGetLastNtStatus
RtlFreeUnicodeString
NtClose
RtlStringFromGUID
NtSetInformationFile
RtlInitializeGenericTable
RtlAppendUnicodeToString
RtlFindClearBitsAndSet
NtReadFile
NtWriteFile
RtlInitializeBitMap
RtlEnumerateGenericTableWithoutSplaying
RtlLookupElementGenericTable
RtlDeleteElementGenericTable
RtlInsertElementGenericTable
RtlEnumerateGenericTable
NtDeviceIoControlFile
RtlClearBits
RtlNtStatusToDosError
RtlInitString
NtOpenSection

kernel32

GetVersionExW
SetCommState
GetCommState
EscapeCommFunction
UnlockFile
LockFile
LockFileEx
MoveFileW
SetFileTime
GetFileAttributesExW
GetFileInformationByHandle
GetVolumeInformationW
FindNextChangeNotification
LoadLibraryW
FindFirstChangeNotificationW
VerSetConditionMask
VerifyVersionInfoW
QueryDosDeviceW
FindCloseChangeNotification
DeviceIoControl
FlushFileBuffers
GetDriveTypeW
WaitCommEvent
InterlockedFlushSList
TlsSetValue
GetModuleHandleExW
PostQueuedCompletionStatus
GlobalDeleteAtom
SetupComm
IsDBCSLeadByte
GlobalAddAtomW
GetCommMask
SetCommMask
PurgeComm
GetCommModemStatus
ClearCommError
GetCommProperties
GetCommConfig
TlsGetValue
GetDefaultCommConfigW
FindFirstVolumeW
FindNextVolumeW
TlsFree
GetSystemDefaultLangID
TlsAlloc
GetCPInfo
BindIoCompletionCallback
TransmitCommChar
SetCommTimeouts
InitializeSListHead
TerminateThread
TryAcquireSRWLockExclusive
CreateTimerQueueTimer
DeleteTimerQueueTimer
LoadLibraryExW
GlobalHandle
LoadLibraryA
GetACP
ExpandEnvironmentStringsW
LocalAlloc
CompareStringOrdinal
GetCommandLineW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
GetThreadId
GetVersionExA
ChangeTimerQueueTimer
LocalFree
CreateDirectoryW
DeleteTimerQueue
CreateTimerQueue
GetTempPathW
CreateFileW
WriteFile
lstrcmpA
GetVersion
GetModuleHandleA
GetModuleFileNameW
DuplicateHandle
DeleteFileW
GetFileAttributesW
SetFileAttributesW
SetFilePointer
ReadFile
CreateMutexW
GetDiskFreeSpaceW
InitOnceExecuteOnce
GetSystemFirmwareTable
LoadResource
LockResource
GetComputerNameA
FormatMessageW
SetErrorMode
GetVolumePathNamesForVolumeNameW
CreateFileMappingW
CloseHandle
FindVolumeClose
GetModuleHandleW
HeapAlloc
GetProcessHeap
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
HeapFree
SetThreadpoolTimer
OutputDebugStringW
IsDebuggerPresent
CreateThreadpoolTimer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
SetLastError
CreateSemaphoreExW
WaitForSingleObject
ReleaseSemaphore
OpenSemaphoreW
ReleaseMutex
WaitForSingleObjectEx
CreateMutexExW
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
GetModuleFileNameA
DebugBreak
GetLastError
OpenProcess
GetNamedPipeClientProcessId
CreateNamedPipeW
ConnectNamedPipe
SetNamedPipeHandleState
GetModuleHandleExA
GlobalAlloc
GlobalLock
GlobalUnlock
GetProcAddress
FreeLibrary
GetCommTimeouts
CancelIo
GlobalFree
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
CreateEventW
SetEvent
ResetEvent
CreateThread
UnhandledExceptionFilter
GetTickCount
CreateWaitableTimerW
SetWaitableTimer
QueryPerformanceFrequency
WaitForMultipleObjectsEx
CancelWaitableTimer
GetSystemDirectoryW
GetComputerNameExW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
HeapSize
HeapReAlloc
HeapDestroy
GetWindowsDirectoryW
CreateIoCompletionPort
GetQueuedCompletionStatus
GetTempFileNameW
CreateProcessW
GlobalSize
K32GetModuleFileNameExW
CreateThreadpoolIo
SleepConditionVariableSRW
WakeAllConditionVariable
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
DecodePointer
EncodePointer
VirtualAlloc
VirtualFree
LoadLibraryExA
VirtualProtect
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
ProcessIdToSessionId
SetThreadPriority
CompareStringW
DisableThreadLibraryCalls
SizeofResource
lstrcmpiW
GetTimeZoneInformation
GetLocalTime
OpenThread
SwitchToThread
GetComputerNameW
Beep
GetDynamicTimeZoneInformation
TrySubmitThreadpoolCallback
CloseThreadpool
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
CreateThreadpool
InitializeCriticalSectionAndSpinCount
GetOverlappedResult
GetTickCount64
DisconnectNamedPipe
CancelThreadpoolIo
SearchPathW
GetSystemDefaultUILanguage
GetLocaleInfoEx
GetUserDefaultUILanguage
GetLocaleInfoW
UnmapViewOfFile
LCIDToLocaleName
MultiByteToWideChar
FindResourceExW
MapViewOfFile
FindFirstFileW
FindNextFileW
FindClose
WideCharToMultiByte
GetSystemTime
SystemTimeToFileTime
RaiseException
InitializeCriticalSection
DeactivateActCtx
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
QueryActCtxW
OutputDebugStringA
PowerCreateRequest
PowerSetRequest
PowerClearRequest
NormalizeString
MulDiv
lstrcmpW
GetExitCodeThread
SuspendThread
ResumeThread
VirtualQuery
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CreateEventExW
CreateThreadpoolWait
InitializeSRWLock
GetFileSize
OpenEventW
OpenMutexW
OpenFileMappingW
GetSystemInfo
GetActiveProcessorCount
GetProcessAffinityMask
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
SetEndOfFile
GetFileSizeEx
SetFilePointerEx
CompareStringEx
RemoveDirectoryW
GetNativeSystemInfo
WaitForMultipleObjects
IsProcessorFeaturePresent
CreateWaitableTimerExW
FreeLibraryAndExitThread
CreateSemaphoreW
QueueUserWorkItem
WaitForThreadpoolIoCallbacks
CloseThreadpoolIo
StartThreadpoolIo

gdi32

EqualRgn
CreateSolidBrush
TextOutW
GetRegionData
RestoreDC
SetViewportOrgEx
SetWindowOrgEx
GetSystemPaletteEntries
SetMapMode
SaveDC
DeleteMetaFile
CloseMetaFile
SetWindowExtEx
CreateMetaFileW
GdiDrawStream
GetDeviceCaps
CreateRectRgn
SetRectRgn
CombineRgn
DeleteObject
LPtoDP
DeleteDC
SelectObject
CreateDIBitmap
CreateCompatibleDC
SelectPalette
RealizePalette
SelectClipRgn
SetBrushOrgEx
GetBrushOrgEx
SetBkMode
GetBkMode
SetBkColor
SetTextColor
SetTextAlign
GetTextAlign
StretchDIBits
BitBlt
GetStockObject
ExtCreateRegion
PatBlt
SetROP2
MoveToEx
LineTo
Rectangle
SetPolyFillMode
Ellipse
Polygon
FrameRgn
FillRgn
GetCurrentObject
GetObjectW
CreateDIBSection
CreateCompatibleBitmap
CreateBitmap
SetBitmapBits
CreatePen
CreateBrushIndirect
CreateDIBPatternBrushPt
CreatePalette
GetNearestPaletteIndex
SetDIBColorTable
GetNearestColor
GetClipBox
GetPaletteEntries
CreateDCW
GetDIBColorTable
PtInRegion
CreateFontIndirectW
SetStretchBltMode
StretchBlt
SetPixel
GetTextExtentPoint32W
ExtTextOutW
CreatePolygonRgn
GetMapMode
GetTextExtentPointW
GetClipRgn
UpdateColors
GetPixel
SetWorldTransform
GetWorldTransform
OffsetWindowOrgEx
PlayMetaFile
DeleteEnhMetaFile
SetGraphicsMode
GetRgnBox
CreateRectRgnIndirect
IntersectClipRect
DPtoLP
SetDCBrushColor
OffsetRgn
SetMetaFileBitsEx
GetMetaFileBitsEx

user32

IntersectRect
SetTimer
LoadCursorW
SetWindowPos
ShowWindow
KillTimer
DestroyWindow
UnregisterClassW
GetClassInfoW
RegisterClassW
CreateWindowExW
SetPropW
GetKeyState
SetParent
MoveWindow
GetKeyboardType
ScreenToClient
GetCapture
GetSystemMetrics
SetCursorPos
ClientToScreen
SetFocus
MapVirtualKeyW
GetKeyboardState
keybd_event
GetCursorPos
GetRawInputData
GetAncestor
CreateCursor
FindWindowW
IsWindowVisible
GetWindow
RegisterWindowMessageW
IsZoomed
IsIconic
SetActiveWindow
SetWindowRgn
IsWindow
MapWindowPoints
EqualRect
LoadImageW
DestroyIcon
IsWindowEnabled
RemovePropW
GetLastActivePopup
GetParent
GetWindowLongW
SendMessageTimeoutW
FindWindowExW
GetActiveWindow
SetForegroundWindow
GetClassNameW
BeginDeferWindowPos
GetGUIThreadInfo
DeferWindowPos
EndDeferWindowPos
GetWindowTextLengthW
GetWindowTextW
EnumWindows
GetCaretBlinkTime
SetWinEventHook
UnhookWinEvent
GetLastInputInfo
UpdateLayeredWindow
RedrawWindow
SetWindowDisplayAffinity
GetIconInfo
DrawIconEx
RegisterHotKey
UnregisterHotKey
RegisterDeviceNotificationW
UnregisterDeviceNotification
GetTopWindow
OffsetRect
TranslateMessage
UnionRect
CopyIcon
PostThreadMessageW
MsgWaitForMultipleObjectsEx
CharNextW
IsChild
CallWindowProcW
DrawTextW
SetWindowLongW
EnumThreadWindows
EnumChildWindows
AllowSetForegroundWindow
MonitorFromPoint
UnregisterClassA
CharLowerW
GetWindowDC
GetKeyboardLayoutNameW
TrackMouseEvent
DefWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
GetAsyncKeyState
AttachThreadInput
GetWindowThreadProcessId
SetWindowsHookExW
SetCursor
UnhookWindowsHookEx
BeginPaint
CharNextA
EndPaint
GetWindowRect
FlashWindow
GetClientRect
MessageBeep
DispatchMessageW
GetMessageW
PostQuitMessage
ValidateRect
SetWindowTextW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EnableWindow
UpdateWindow
RegisterClassExW
GetClassInfoExW
IsRectEmpty
SetRectEmpty
LoadMenuW
SendMessageW
DialogBoxParamW
ReleaseDC
GetDC
GetMessageExtraInfo
SetKeyboardState
SetCapture
ReleaseCapture
InvalidateRect
RegisterClipboardFormatW
GetForegroundWindow
GetFocus
PostMessageW
CreateDialogParamW
MsgWaitForMultipleObjects
GetClipboardOwner
LoadStringW
GetKeyboardLayoutNameA
GetKeyboardLayout
GetClipboardData
IsClipboardFormatAvailable
DisplayConfigGetDeviceInfo
QueryDisplayConfig
GetDisplayConfigBufferSizes
LoadIconW
GetSystemMenu
EnableMenuItem
SetWindowPlacement
EnumDisplaySettingsW
CloseWindow
EnumDisplayMonitors
GetWindowPlacement
SystemParametersInfoA
LockWindowUpdate
GetSysColor
SetScrollPos
AdjustWindowRect
ShowScrollBar
SetScrollInfo
GetCursorInfo
EnumDisplayDevicesW
CheckDlgButton
EndDialog
IsDlgButtonChecked
SetDlgItemTextW
GetDlgItem
DefDlgProcW
GetProcessDefaultLayout
GetDlgCtrlID
MonitorFromRect
SetLayeredWindowAttributes
GetSubMenu
TrackPopupMenuEx
SetClassLongPtrW
GetClassLongPtrW
GetMenuItemInfoW
SetMenuItemInfoW
DestroyMenu
CopyRect
AnimateWindow
SetRect
GetMonitorInfoW
SendDlgItemMessageW
GetNextDlgTabItem
GetDlgItemTextW
InflateRect
GetSysColorBrush
MonitorFromWindow
SystemParametersInfoW
GetWindowRgn
CallNextHookEx
PtInRect
GetClipboardFormatNameW
FillRect
FlashWindowEx
CreateIconIndirect
GetDesktopWindow
CharPrevA
RegisterRawInputDevices
ShowCursor
DestroyCursor
PeekMessageW
SendInput

shlwapi

SHDeleteKeyW
UrlGetPartW
StrChrW
PathRemoveFileSpecW
UrlCombineW
ShellMessageBoxW
ord12
PathFindFileNameW
PathIsFileSpecW

setupapi

CM_Get_Parent
SetupDiEnumDeviceInfo
CM_Get_Device_ID_Size
CM_Get_Device_IDW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
CM_Locate_DevNodeW
CM_Get_DevNode_Status

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

imm32

ImmAssociateContext
ImmGetContext

ncrypt

NCryptFinalizeKey
NCryptCreatePersistedKey
NCryptExportKey
NCryptSetProperty
NCryptSignHash
NCryptFreeObject
NCryptOpenStorageProvider

uiautomationcore

UiaHostProviderFromHwnd
UiaReturnRawElementProvider

devobj

DevObjOpenClassRegKey
DevObjOpenDeviceInterface
DevObjOpenDevRegKey
DevObjGetDeviceInstanceId
DevObjEnumDeviceInfo
DevObjGetDeviceInterfaceDetail
DevObjEnumDeviceInterfaces
DevObjGetClassDevs
DevObjGetDeviceProperty
DevObjDestroyDeviceInfoList
DevObjGetDeviceRegistryProperty
DevObjOpenDeviceInfo
DevObjCreateDeviceInfoList

pdh

PdhGetFormattedCounterValue
PdhAddEnglishCounterW
PdhOpenQueryW
PdhRemoveCounter
PdhCollectQueryData
PdhCloseQuery

shcore

GetFeatureEnabledState
RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetTscCtlVer
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msv1_0.dll
.dll windows:10 windows x64 arch:x64

7d0785101542c183618c07c85f31eeed

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8f:9b:8c:ba:75:db:cb:38:58:44:2a:2d:5a:84:80:73:98:62:8f:ae:71:21:77:c7:18:20:6e:ed:78:76:31:3b
Signer

Actual PE Digest

8f:9b:8c:ba:75:db:cb:38:58:44:2a:2d:5a:84:80:73:98:62:8f:ae:71:21:77:c7:18:20:6e:ed:78:76:31:3b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

msv1_0.pdb

Imports

api-ms-win-crt-string-l1-1-0

wcsncmp
memset
strncmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__ultow
memmove
_o__wcsicmp
_o__wcsnicmp
_o__wsplitpath_s
_o_free
_o_malloc
_o_strcpy_s
_o_towupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncat_s
_o_wcsncpy_s
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf_s
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o__crt_atexit
_o__configure_narrow_argv
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__callnewh
wcsrchr
__std_terminate
wcschr
__CxxFrameHandler4
__C_specific_handler
memcmp
memcpy

api-ms-win-security-base-l1-1-0

CheckTokenMembership
RevertToSelf
AdjustTokenPrivileges
ImpersonateAnonymousToken
GetLengthSid
IsValidSid
GetTokenInformation

api-ms-win-core-file-l1-1-0

SetFilePointer
FlushFileBuffers
CreateFileW
CompareFileTime
WriteFile

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

SetThreadStackGuarantee
GetCurrentThread
SetThreadToken
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryW
GetVersionExW
GetSystemTimeAsFileTime
GetComputerNameExW
GetSystemInfo
GetTickCount64
GetLocalTime

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleExW
FreeLibrary
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExA
GetModuleHandleExA

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
RtlCompareMemory

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegOpenKeyExA
RegQueryValueExW
RegQueryValueExA
RegNotifyChangeKeyValue
RegDeleteValueW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-localization-l1-2-0

FormatMessageA
FormatMessageW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
OpenEventW
InitializeSRWLock
TryAcquireSRWLockExclusive
CreateEventW
LeaveCriticalSection
AcquireSRWLockShared
ReleaseSRWLockExclusive
SetEvent
AcquireSRWLockExclusive
ReleaseSRWLockShared
InitializeCriticalSection
EnterCriticalSection

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualAlloc
VirtualQuery

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-security-activedirectoryclient-l1-1-0

DsCrackNamesW
DsFreeNameResultW
DsBindWithSpnExW
DsUnBindW

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-service-private-l1-1-0

I_QueryTagInformation

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-privateprofile-l1-1-0

GetProfileIntW

ntlmshared

MsvpPutClearOwfsInPrimaryCredential
MsvpGMSACred
MsvpComputeSaltedHashedPassword
MsvpCachePasswordsToCredential
MsvpValidateSupplementalCreds
MsvpPasswordValidate
MsvpMakeSecretPasswordNT5
NtlmSharedFree
NtlmSharedInit
NtLmAlterRtlEqualUnicodeString
MsvpLm20GetNtlm3ChallengeResponse
MsvpDecryptDpapiMasterKey
MsvpCompareCredentials
MsvpDeriveSecureCredKey
MsvpCredentialToCachePasswords
MsvpUpdateSharedConfiguration
MsvpLm3Response

ntdll

RtlSubAuthoritySid
RtlIdentifierAuthoritySid
RtlSubAuthorityCountSid
RtlLengthSid
RtlLengthRequiredSid
RtlDowncaseUnicodeString
EtwLogTraceEvent
RtlEqualSid
WinSqmIncrementDWORD
RtlIntegerToChar
RtlInitializeResource
RtlAcquireResourceExclusive
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
NtAllocateLocallyUniqueId
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
NtOpenEvent
RtlUpcaseUnicodeString
RtlGetNtProductType
RtlCopyUnicodeString
RtlPrefixUnicodeString
RtlCheckTokenMembershipEx
EtwEventWriteTransfer
RtlCopySid
NtCreateEvent
RtlConvertSharedToExclusive
NtWaitForSingleObject
RtlAvlInsertNodeEx
RtlAvlRemoveNode
RtlDeleteResource
NtDeleteValueKey
RtlInitializeSid
RtlIntegerToUnicodeString
DbgPrint
NtSetValueKey
NtQueryValueKey
EtwEventActivityIdControl
NtQuerySystemInformation
NtOpenKey
RtlCreateServiceSid
RtlUpperChar
WinSqmSetDWORD
RtlFreeOemString
RtlInitializeCriticalSection
RtlUpcaseUnicodeStringToOemString
EtwEventUnregister
EtwEventRegister
RtlOemStringToUnicodeString
RtlNtStatusToDosError
NtOpenProcessToken
RtlSetDaclSecurityDescriptor
NtQueryInformationToken
NtSetSecurityObject
RtlAddAccessAllowedAce
NtDuplicateObject
RtlCreateAcl
RtlCreateSecurityDescriptor
RtlIpv6StringToAddressExW
RtlInitializeGenericTable
NtDuplicateToken
NtQueryInformationProcess
NtOpenProcess
RtlDeleteElementGenericTable
RtlNumberGenericTableElements
RtlEnterCriticalSection
RtlInsertElementGenericTable
RtlLeaveCriticalSection
RtlGetElementGenericTable
RtlLookupElementGenericTable
RtlSystemTimeToLocalTime
RtlEqualString
RtlTimeToTimeFields
EtwEventEnabled
EtwEventWrite
RtlAllocateHeap
RtlFreeHeap
RtlImageNtHeader
EtwTraceMessage
NtQuerySystemTime
RtlEraseUnicodeString
RtlImpersonateSelf
RtlDuplicateUnicodeString
RtlEqualDomainName
NtOpenThreadToken
NtFilterToken
RtlFreeSid
NtClose
RtlReleaseResource
RtlRunDecodeUnicodeString
RtlAcquireResourceShared
RtlAllocateAndInitializeSid
NtSetInformationThread
RtlFreeUnicodeString
RtlEqualUnicodeString
RtlInitString
RtlInitUnicodeString
NtCreateKey

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllMain
LsaApCallPackage
LsaApCallPackagePassthrough
LsaApCallPackageUntrusted
LsaApInitializePackage
LsaApLogonTerminated
LsaApLogonUserEx2
Msv1_0ExportSubAuthenticationRoutine
Msv1_0SubAuthenticationPresent
MsvGetLogonAttemptCount
MsvIsIpAddressLocal
MsvIsLocalhostAliases
MsvSamLogoff
MsvSamValidate
MsvValidateTarget
SpInitialize
SpInstanceInit
SpLsaModeInitialize
SpUserModeInitialize

Sections

.text
Size: 416KB - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msvcp_win.dll
.dll windows:10 windows x64 arch:x64

f394c801aabd87f69502b2f4c12f71c8

Code Sign

33:00:00:04:5c:3d:56:72:66:6c:b7:54:17:00:00:00:00:04:5c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 18:20

Not After

04/09/2024, 18:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

be:77:9e:26:81:a9:8f:2b:71:06:d1:c4:29:38:5b:6b:7b:e3:39:9d:b0:4f:22:70:c2:b7:65:89:49:d2:3c:19
Signer

Actual PE Digest

be:77:9e:26:81:a9:8f:2b:71:06:d1:c4:29:38:5b:6b:7b:e3:39:9d:b0:4f:22:70:c2:b7:65:89:49:d2:3c:19

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

msvcp_win.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
wcsnlen
__strncnt
strcspn

api-ms-win-crt-locale-l1-1-0

_lock_locales
_unlock_locales

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__endthreadex
_o__errno
_o__execute_onexit_table
_o__free_base
_o__fseeki64
_o__fsopen
_o__get_stream_buffer_pointers
_o__Getdays
_o__Getmonths
_o__Gettnames
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo_noreturn
_o__lock_file
_o__malloc_base
_o__purecall
_o__realloc_base
_o__register_onexit_function
_o__seh_filter_dll
_o__set_new_handler
_o__Strftime
memmove
_o__unlock_file
_o__W_Getdays
_o__W_Getmonths
_o__W_Gettnames
_o__wchdir
_o__wcsdup
_o__Wcsftime
_o__wfsopen
_o__wgetcwd
_o__wremove
_o__wrename
_o__wrmdir
_o_abort
_o_btowc
_o_calloc
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fgetwc
_o_fputc
_o_fputs
_o_fputwc
_o_fread
_o_free
_o_frexp
_o_fseek
_o_fsetpos
_o_fwrite
_o_isalnum
_o_isdigit
_o_islower
_o_isspace
_o_isupper
_o_iswalnum
_o_iswdigit
_o_iswspace
_o_iswxdigit
_o_isxdigit
_o_ldexp
_o_localeconv
_o_log
_o_logf
_o_malloc
_o_pow
_o_powf
_o_rand_s
_o_setlocale
_o_setvbuf
_o_strtod
_o_strtof
_o_terminate
_o_tolower
_o_ungetc
_o_ungetwc
_o_wcscpy_s
__C_specific_handler
__current_exception_context
_o___pctype_func
_CxxThrowException
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__calloc_base
_o__callnewh
_o__beginthreadex
_o___acrt_iob_func
_o____mb_cur_max_func
_o____lc_locale_name_func
_o____lc_collate_cp_func
_o____lc_codepage_func
__GetPlatformExceptionInfo
__AdjustPointer
__current_exception
__uncaught_exceptions
__uncaught_exception
__std_terminate
_o___stdio_common_vsprintf_s
__CxxFrameHandler3
memchr
memcmp
memcpy
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
ReleaseSRWLockExclusive
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitializeSRWLock
TryAcquireSRWLockExclusive
LeaveCriticalSection

api-ms-win-core-file-l1-1-0

FindNextFileW
SetFileAttributesW
GetFileInformationByHandle
FindFirstFileExW
SetEndOfFile
GetFileAttributesExW
GetDiskFreeSpaceExW
FindClose
CreateDirectoryW
SetFileTime
SetFilePointerEx
CreateFileW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-file-l2-1-0

CopyFile2
CreateHardLinkW
CreateSymbolicLinkW

api-ms-win-core-string-l1-1-0

CompareStringEx
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

api-ms-win-core-localization-l1-2-0

FormatMessageA
GetCPInfo
GetLocaleInfoEx
LCMapStringEx

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep
WakeAllConditionVariable
WakeConditionVariable
SleepConditionVariableSRW
InitializeConditionVariable

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlCaptureStackBackTrace
RtlVirtualUnwind
RtlPcToFileHeader

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
SwitchToThread
GetExitCodeThread
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime
GetNativeSystemInfo

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-threadpool-l1-2-0

FreeLibraryWhenCallbackReturns
SubmitThreadpoolWork
CreateThreadpoolWork
CloseThreadpoolWork

api-ms-win-core-libraryloader-l1-1-0

DisableThreadLibraryCalls
GetModuleHandleExW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

Exports

Exports

??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??0?$_Yarn@D@std@@QEAA@AEBV01@@Z
??0?$_Yarn@D@std@@QEAA@PEBD@Z
??0?$_Yarn@D@std@@QEAA@XZ
??0?$_Yarn@G@std@@QEAA@AEBV01@@Z
??0?$_Yarn@G@std@@QEAA@PEBG@Z
??0?$_Yarn@G@std@@QEAA@XZ
??0?$_Yarn@_W@std@@QEAA@AEBV01@@Z
??0?$_Yarn@_W@std@@QEAA@PEB_W@Z
??0?$_Yarn@_W@std@@QEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$codecvt@DDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@DDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@KW4_Codecvt_mode@1@_K@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@KW4_Codecvt_mode@1@_K@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$ctype@D@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@D@std@@QEAA@PEBF_N_K@Z
??0?$ctype@G@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@G@std@@QEAA@_K@Z
??0?$ctype@_W@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@_W@std@@QEAA@_K@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0Init@ios_base@std@@QEAA@XZ
??0_Facet_base@std@@QEAA@AEBV01@@Z
??0_Facet_base@std@@QEAA@XZ
??0_Init_locks@std@@QEAA@XZ
??0_Locimp@locale@std@@AEAA@AEBV012@@Z
??0_Locimp@locale@std@@AEAA@_N@Z
??0_Locinfo@std@@QEAA@HPEBD@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
??0_Lockit@std@@QEAA@XZ
??0_Timevec@std@@QEAA@AEBV01@@Z
??0_Timevec@std@@QEAA@PEAX@Z
??0_UShinit@std@@QEAA@XZ
??0_Winit@std@@QEAA@XZ
??0codecvt_base@std@@QEAA@_K@Z
??0ctype_base@std@@QEAA@_K@Z
??0facet@locale@std@@IEAA@_K@Z
??0id@locale@std@@QEAA@_K@Z
??0ios_base@std@@IEAA@XZ
??0task_continuation_context@Concurrency@@AEAA@XZ
??0time_base@std@@QEAA@_K@Z
??1?$_Yarn@D@std@@QEAA@XZ
??1?$_Yarn@G@std@@QEAA@XZ
??1?$_Yarn@_W@std@@QEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$codecvt@DDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@_SDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@_UDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??1?$ctype@D@std@@MEAA@XZ
??1?$ctype@G@std@@MEAA@XZ
??1?$ctype@_W@std@@MEAA@XZ
??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1Init@ios_base@std@@QEAA@XZ
??1_Facet_base@std@@UEAA@XZ
??1_Init_locks@std@@QEAA@XZ
??1_Locimp@locale@std@@MEAA@XZ
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??1_Timevec@std@@QEAA@XZ
??1_UShinit@std@@QEAA@XZ
??1_Winit@std@@QEAA@XZ
??1codecvt_base@std@@UEAA@XZ
??1ctype_base@std@@UEAA@XZ
??1facet@locale@std@@MEAA@XZ
??1ios_base@std@@UEAA@XZ
??1time_base@std@@UEAA@XZ
??4?$_Iosb@H@std@@QEAAAEAV01@$$QEAV01@@Z
??4?$_Iosb@H@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??4?$_Yarn@G@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@G@std@@QEAAAEAV01@PEBG@Z
??4?$_Yarn@_W@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@_W@std@@QEAAAEAV01@PEB_W@Z
??4?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4Init@ios_base@std@@QEAAAEAV012@AEBV012@@Z
??4_Crt_new_delete@std@@QEAAAEAU01@$$QEAU01@@Z
??4_Crt_new_delete@std@@QEAAAEAU01@AEBU01@@Z
??4_Facet_base@std@@QEAAAEAV01@AEBV01@@Z
??4_Init_locks@std@@QEAAAEAV01@AEBV01@@Z
??4_Timevec@std@@QEAAAEAV01@AEBV01@@Z
??4_UShinit@std@@QEAAAEAV01@AEBV01@@Z
??4_Winit@std@@QEAAAEAV01@AEBV01@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@GU?$char_traits@G@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@GU?$char_traits@G@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
??7ios_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??Bios_base@std@@QEBA_NXZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_iostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_iostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_istream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_istream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$codecvt@DDU_Mbstatet@@@std@@6B@
??_7?$codecvt@GDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_SDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_UDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_WDU_Mbstatet@@@std@@6B@
??_7?$ctype@D@std@@6B@
??_7?$ctype@G@std@@6B@
??_7?$ctype@_W@std@@6B@
??_7?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7_Facet_base@std@@6B@
??_7_Locimp@locale@std@@6B@
??_7codecvt_base@std@@6B@
??_7ctype_base@std@@6B@
??_7facet@locale@std@@6B@
??_7ios_base@std@@6B@
??_7time_base@std@@6B@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_istream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_ostream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_istream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_ostream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_istream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_istream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_istream@_WU?$char_traits@_W@std@@@std@@7B@
??_8?$basic_ostream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_ostream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_ostream@_WU?$char_traits@_W@std@@@std@@7B@
??_D?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_F?$codecvt@DDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@GDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@_SDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@_UDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@_WDU_Mbstatet@@@std@@QEAAXXZ
??_F?$ctype@D@std@@QEAAXXZ
??_F?$ctype@G@std@@QEAAXXZ
??_F?$ctype@_W@std@@QEAAXXZ
??_F?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F_Locinfo@std@@QEAAXXZ
??_F_Timevec@std@@QEAAXXZ
??_Fcodecvt_base@std@@QEAAXXZ
??_Fctype_base@std@@QEAAXXZ
??_Ffacet@locale@std@@QEAAXXZ
??_Fid@locale@std@@QEAAXXZ
??_Ftime_base@std@@QEAAXXZ
?CaptureCallstack@platform@details@Concurrency@@YA_KPEAPEAX_K1@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?GetNextAsyncId@platform@details@Concurrency@@YAIXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Addcats@_Locinfo@std@@QEAAAEAV12@HPEBD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Addstd@ios_base@std@@SAXPEAV12@@Z
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?_Atexit@@YAXP6AXXZ@Z
?_BADOFF@std@@3_JB
?_C_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_C_str@?$_Yarn@G@std@@QEBAPEBGXZ
?_C_str@?$_Yarn@_W@std@@QEBAPEB_WXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Callfns@ios_base@std@@AEAAXW4event@12@@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Clocptr@_Locimp@locale@std@@0PEAV123@EA
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Donarrow@?$ctype@G@std@@IEBADGD@Z
?_Donarrow@?$ctype@_W@std@@IEBAD_WD@Z
?_Dowiden@?$ctype@G@std@@IEBAGD@Z
?_Dowiden@?$ctype@_W@std@@IEBA_WD@Z
?_Empty@?$_Yarn@D@std@@QEBA_NXZ
?_Empty@?$_Yarn@G@std@@QEBA_NXZ
?_Empty@?$_Yarn@_W@std@@QEBA_NXZ
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Ffmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Ffmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Ffmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Findarr@ios_base@std@@AEAAAEAU_Iosarray@12@H@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Fput@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBD_K@Z
?_Fput@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@GU?$char_traits@G@std@@@2@V32@AEAVios_base@2@GPEBD_K@Z
?_Fput@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AEAVios_base@2@_WPEBD_K@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_SDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_UDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@facet@locale@std@@SA_KPEAPEBV123@PEBV23@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Getctype@_Locinfo@std@@QEBA?AU_Ctypevec@@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getdateorder@_Locinfo@std@@QEBAHXZ
?_Getdays@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getffld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getfmt@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getfmt@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getfmt@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Getifld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1HAEBVlocale@2@@Z
?_Getifld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1HAEBVlocale@2@@Z
?_Getifld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1HAEBVlocale@2@@Z
?_Getint@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@0HHAEAHAEBV?$ctype@D@2@@Z
?_Getint@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@0HHAEAHAEBV?$ctype@G@2@@Z
?_Getint@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@0HHAEAHAEBV?$ctype@_W@2@@Z
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_Getmonths@_Locinfo@std@@QEBAPEBDXZ
?_Getname@_Locinfo@std@@QEBAPEBDXZ
?_Getptr@_Timevec@std@@QEBAPEAXXZ
?_Gettnames@_Locinfo@std@@QEBA?AV_Timevec@2@XZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gnavail@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBA_JXZ
?_Gnavail@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBA_JXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Gnpreinc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnpreinc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gnpreinc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Id_cnt@id@locale@std@@0HA
?_Ifmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAPEADPEADPEBDH@Z
?_Ifmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAPEADPEADPEBDH@Z
?_Ifmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAPEADPEADPEBDH@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Index@ios_base@std@@0HA

Sections

.text
Size: 328KB - Virtual size: 327KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ncsi.dll
.dll windows:10 windows x64 arch:x64

7aaaadef07002050ab8bc5266ec18c60

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ncsi.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Wcscoll
_Wcsxfrm
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xbad_alloc@std@@YAXXZ
?id@?$ctype@G@std@@2V0locale@2@A
?id@?$collate@G@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o___stdio_common_vsnprintf_s
memmove
_o__wcsicmp
_o__wcslwr_s
_o__wcsnicmp
_o_free
_o_iswdigit
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
_o_wcscat_s
_o_wcstok_s
__std_type_info_compare
wcschr
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__callnewh
strchr
_o___std_type_info_destroy_list
_o__beginthreadex
_o___std_exception_destroy
_o___std_exception_copy
_o___stdio_common_vswprintf
_o__crt_atexit
_o__configure_narrow_argv
_o___stdio_common_vsprintf
__std_terminate
__CxxFrameHandler4
_o__cexit
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcscmp
memset

ntdll

EtwEventSetInformation
EtwGetTraceEnableFlags
EtwTraceMessage
EtwGetTraceLoggerHandle
EtwEventRegister
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
EtwEventWriteTransfer
RtlIpv4StringToAddressW
RtlIpv6StringToAddressW
RtlPublishWnfStateData
EtwUnregisterTraceGuids
EtwCheckCoverage
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlNtStatusToDosError
EtwEventActivityIdControl
EtwEventWrite
RtlIpv4AddressToStringA
RtlIpv6AddressToStringA
RtlCaptureContext
NtSetInformationProcess
RtlLookupFunctionEntry
RtlVirtualUnwind
EtwEventUnregister

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleExA
GetModuleHandleExW
GetProcAddress
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegGetValueW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-heap-l1-1-0

HeapSize
HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CloseThreadpoolCleanupGroupMembers
SubmitThreadpoolWork
CloseThreadpoolWork
CloseThreadpoolCleanupGroup
CloseThreadpool
CreateThreadpoolWork
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
CreateThreadpool
CallbackMayRunLong
CreateThreadpoolTimer
CreateThreadpoolCleanupGroup
TrySubmitThreadpoolCallback
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolWait
IsThreadpoolTimerSet
CreateThreadpoolWait
WaitForThreadpoolWorkCallbacks

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetExitCodeThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
CreateEventW
InitializeCriticalSectionEx
ResetEvent
SetEvent
AcquireSRWLockExclusive
WaitForSingleObject
DeleteCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
CreateSemaphoreExW
ReleaseSemaphore
OpenSemaphoreW
ReleaseMutex
CreateMutexExW
WaitForSingleObjectEx
CreateEventExW
LeaveCriticalSection
EnterCriticalSection
InitializeSRWLock
TryAcquireSRWLockExclusive

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
Sleep
InitOnceComplete

api-ms-win-core-heap-l2-1-0

LocalAlloc
GlobalFree
LocalFree

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetTickCount64

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-service-private-l1-1-0

SubscribeServiceChangeNotifications
UnsubscribeServiceChangeNotifications

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-security-base-l1-1-0

InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetLengthSid

Exports

Exports

NcsiAllocateAndGetConnectivityStatusSet
NcsiDeregisterConnectivityStatusChange
NcsiDeregisterDiagnosticsInfoChange
NcsiFreeConnectivityStatusSet
NcsiGetCaptivePortalHosts
NcsiGetWebProbeConfig
NcsiIdentifyUserSpecificProxies
NcsiNotifySessionChange
NcsiPerformRefresh
NcsiPerformReprobe
NcsiRegisterConnectivityStatusChange
NcsiRegisterDiagnosticsInfoChange
NcsiUpdateClientPresence

Sections

.text
Size: 476KB - Virtual size: 474KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
negoexts.dll
.dll windows:10 windows x64 arch:x64

0073adcb796ce8197cee9c06eaefd6f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

negoexts.pdb

Imports

msvcrt

memcpy
memset
memcmp
_initterm
free
_amsg_exit
_XcptFilter
_callnewh
malloc
wcschr
wcsrchr
__C_specific_handler
_vsnprintf
tolower

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameW
DisableThreadLibraryCalls

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

cryptbase

SystemFunction036

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
SetThreadToken
TerminateProcess
GetCurrentProcess
SetThreadStackGuarantee

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo
GetTickCount

ntdll

RtlAnsiStringToUnicodeString
RtlImageNtHeader
NtDuplicateObject
NtQueryInformationToken
RtlGUIDFromString
RtlFreeUnicodeString
RtlCreateUnicodeStringFromAsciiz
RtlInitializeGenericTableAvl
RtlEnumerateGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlConvertSharedToExclusive
RtlLookupElementGenericTableAvl
RtlGetElementGenericTable
RtlDeleteCriticalSection
RtlInsertElementGenericTable
RtlCompareUnicodeString
RtlAcquireResourceExclusive
RtlEqualUnicodeString
RtlReleaseResource
RtlAcquireResourceShared
RtlInitializeResource
NtClose
RtlLookupElementGenericTable
RtlLeaveCriticalSection
RtlDeleteElementGenericTable
RtlEnumerateGenericTable
RtlEnterCriticalSection
RtlNumberGenericTableElements
RtlInitializeGenericTable
RtlInitializeCriticalSection
RtlIpv6StringToAddressExW
RtlInitUnicodeString
RtlDeleteResource

crypt32

CertGetCertificateContextProperty
CryptAcquireCertificatePrivateKey
CertCloseStore
CertFreeCertificateContext
CertOpenStore
CertFindCertificateInStore

api-ms-win-security-base-l1-1-0

RevertToSelf

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualProtect
VirtualQuery

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

cryptsp

CryptGetProvParam
CryptReleaseContext

Exports

Exports

SpLsaModeInitialize
SpUserModeInitialize

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
netlogon.dll
.dll windows:10 windows x64 arch:x64

ba759b5d2f2ab7a4ea30b1db3103b7e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

netlogon.pdb

Imports

api-ms-win-crt-string-l1-1-0

wcscmp
memset
wcsspn

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__itoa_s
_o__ltoa
_o__seh_filter_dll
_o__stricmp
_o__strnicmp
_o__ultoa_s
_o__ultow
_o__ultow_s
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
_o___stdio_common_vsnwprintf_s
memmove
_o_free
_o_isprint
_o_malloc
_o_qsort
_o_rand_s
_o_strcat_s
_o_strcpy_s
_o_towupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstoul
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__configure_narrow_argv
_o__cexit
_o__callnewh
strchr
_o___std_type_info_destroy_list
_o___stdio_common_vswprintf_s
_o__execute_onexit_table
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
wcsstr
wcsrchr
wcschr
__C_specific_handler
_o___stdio_common_vsprintf
_local_unwind
memcmp
memcpy

gmsaclient

GMSAGetPassword
GMSAAdd
GMSAInit
GMSARefreshPasswords
GMSACheckIfExistsInAD
GMSACleanup
GMSADelete

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
SetThreadStackGuarantee
CreateThread
TerminateProcess
GetCurrentThread
OpenThreadToken

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-synch-l1-1-0

WaitForMultipleObjectsEx
WaitForSingleObject
ResetEvent
CreateEventW
EnterCriticalSection
LeaveCriticalSection
OpenEventW
SetEvent
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeSRWLock
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSemaphore
CreateSemaphoreExW
ReleaseSRWLockExclusive

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
FreeLibrary
DisableThreadLibraryCalls
LoadStringW
GetModuleFileNameW
LoadLibraryExW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalReAlloc
LocalFree
GlobalFree

api-ms-win-core-registry-l1-1-0

RegDeleteKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegSetValueExW
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemWindowsDirectoryW
GetLocalTime
GetVersionExW
GetComputerNameExW
GetTickCount64
GetSystemInfo

api-ms-win-core-file-l1-1-0

CreateFileW
CreateDirectoryW
SetFilePointer
WriteFile
ReadFile
GetFileAttributesW
DeleteFileW
GetFileSize

rpcrt4

NdrServerCall2
NdrServerCallAll
RpcImpersonateClient
RpcRevertToSelf
RpcServerInqCallAttributesW
I_RpcMapWin32Status
RpcBindingInqMaxCalls
RpcServerInqBindings
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcBindingFree
RpcStringFreeW
RpcBindingVectorFree
RpcEpRegisterW
RpcServerUseProtseqEpExA
RpcServerUseProtseqExW
RpcServerRegisterAuthInfoW
RpcServerUseProtseqEpW
RpcServerRegisterIf3
RpcStringBindingComposeW
RpcBindingFromStringBindingW
UuidToStringA
RpcStringFreeA
RpcErrorStartEnumeration
RpcErrorGetNextRecord
RpcBindingFromStringBindingA
RpcBindingSetAuthInfoExW
RpcStringBindingComposeA
I_RpcExceptionFilter
UuidCreate
UuidEqual
RpcExceptionFilter
NdrClientCall3
RpcServerUnregisterIf
RpcBindingSetAuthInfoW
RpcMgmtSetCancelTimeout
RpcCancelThread
RpcBindingInqAuthClientW
I_RpcServerInqRemoteConnAddress
RpcBindingServerFromClient
RpcErrorEndEnumeration

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolTimer
CreateThreadpoolCleanupGroup
CreateThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualAlloc
VirtualQuery

api-ms-win-core-localization-l1-2-0

LCMapStringEx
FormatMessageW

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
AccessCheck
FreeSid

api-ms-win-core-sysinfo-l1-2-0

SetComputerNameExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-security-activedirectoryclient-l1-1-0

DsBindWithSpnExW
DsFreeDomainControllerInfoW
DsUnBindW
DsGetDomainControllerInfoW
DsFreeNameResultW
DsCrackNamesW

api-ms-win-core-perfcounters-l1-1-0

PerfStopProvider
PerfSetCounterSetInfo
PerfCreateInstance
PerfDeleteInstance
PerfSetCounterRefValue
PerfStartProviderEx
PerfIncrementULongCounterValue
PerfIncrementULongLongCounterValue
PerfDecrementULongCounterValue

samsrv

SampDsIsRunning
SamIQueryCapabilities
SamIConnect
SamrOpenDomain
SamrCloseHandle
SamIMixedDomain
SamrQueryInformationDomain
SamIFree_SAMPR_DOMAIN_INFO_BUFFER
SamIResetBadPwdCountOnPdc
SamIGetUserLogonInformation2
SamIUpdateLogonStatistics
SamIFree_UserInternal6Information
SamIFreeSidAndAttributesList
SamIQueryAccountSecretsCachability
SamISetPasswordInfoOnDc
SamISetMachinePassword
SamrSetInformationUser
SamrGetAliasMembership
SamIFree_SAMPR_ULONG_ARRAY
SamINetLogonPing
SamIGetResourceGroupMembershipsTransitive
SamIFreeSidArray
SamIGetUserLogonInformationEx
SamIFree_SAMPR_USER_INFO_BUFFER

api-ms-win-security-activedirectoryclient-l1-1-1

DsReadNgcKeyW
DsWriteNgcKeyW
DsFreeNgcKey

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem
UnregisterWaitEx

api-ms-win-core-kernel32-legacy-l1-1-0

CreateMailslotA
SetMailslotInfo

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpA

lsasrv

LsaIGetNbAndDnsDomainNames
LsaIValidateTargetInfo
LsaIFreeFilterInboundNamespaceResult
LsaIFreeHeap
LsaIFilterInboundNamespace
LsaIExtractTargetInfo
LsaICallPackagePassthrough
LsaIFilterSids
LsaIFreeReturnBuffer
LsaICallPackage
LsaIGetCcgClient
LsarDeleteObject
LsaIIsContainerized
LsarSetSecret
LsarCreateSecret
LsaIFree_LSAPR_CR_CIPHER_VALUE
LsarQuerySecret
LsarOpenSecret
LsaIGetForestTrustInformation
LsaIUpdateForestTrustInformation
LsarOpenPolicy
LsaIVerifyCachability
LsarClose
LsaIFree_LSAPR_POLICY_INFORMATION
LsarQueryInformationPolicy
LsaIOpenPolicyTrusted
LsaIFree_LSAP_SITE_INFO
LsaIQuerySiteInfo
LsaIRegisterPolicyChangeNotificationCallback
LsaIUnregisterAllPolicyChangeNotificationCallback
LsaIFree_LSAPR_TRUSTED_DOMAIN_INFO
LsarSetTrustedDomainInfoByName
LsaISafeMode
LsaINotifyNetlogonParametersChangeW
LsaIIsDsPaused
LsaIInitializeNetlogonFuncPtrs
LsaIGetSiteName
LsaIQuerySubnetInfo
LsaIFree_LSAP_SUBNET_INFO
LsaIFree_LSAP_SITENAME_INFO
LsaINoMoreWin2KDomain
LsaIReplicateClientObject
LsaIGetClientOsInfo
LsaIIsInEmulatedDomainJoinMode
LsarSetInformationPolicy
LsaIFree_LSAPR_TRUSTED_ENUM_BUFFER_EX
LsarEnumerateTrustedDomainsEx
LsaIQueryForestTrustInfo
LsaIFreeForestTrustInfo
LsaIForestTrustFindMatch
LsaIFree_LSAPR_UNICODE_STRING_BUFFER
LsarQueryTrustedDomainInfoByName
LsaISetClientDnsHostName

lsass.exe

LsaGetInterface

ntdll

RtlDuplicateUnicodeString
NtOpenThreadToken
NtQueryInformationToken
RtlSubAuthoritySid
RtlSubAuthorityCountSid
NtClose
RtlTimeToSecondsSince1970
RtlInitUnicodeStringEx
NtOpenFile
RtlOemToUnicodeN
NtCancelIoFile
NtCreateFile
NtDeviceIoControlFile
RtlUpcaseUnicodeStringToOemString
EtwEventUnregister
EtwEventRegister
EtwEventSetInformation
EtwTraceMessage
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
NtCreateEvent
NtOpenEvent
NtSetEvent
RtlInitializeResource
RtlCopyUnicodeString
RtlSystemTimeToLocalTime
RtlTimeToTimeFields
RtlConvertSidToUnicodeString
DbgPrint
RtlEqualUnicodeString
RtlIntegerToUnicodeString
RtlCompareUnicodeString
EtwEventWriteTransfer
WinSqmSetDWORD
RtlCopySid
RtlDowncaseUnicodeString
RtlCompareUnicodeStrings
RtlIpv4AddressToStringExW
RtlIpv6AddressToStringExW
NtImpersonateAnonymousToken
NtSetInformationThread
RtlNtStatusToDosError
RtlAcquireResourceShared
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlNumberGenericTableElementsAvl
RtlCompareMemoryUlong
RtlxUnicodeStringToOemSize
RtlInitString
RtlxOemStringToUnicodeSize
RtlOemStringToUnicodeString
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
NtQuerySystemTime
RtlUniform
RtlLengthRequiredSid
RtlInitializeSid
RtlCreateAcl
RtlAddAce
RtlCreateSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetSaclSecurityDescriptor
NtOpenProcessToken
RtlNewSecurityObject
RtlDeleteSecurityObject
RtlTimeToSecondsSince1980
RtlInitAnsiString
RtlAllocateHeap
RtlFreeHeap
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlImageNtHeader
RtlDeleteResource
EtwUnregisterTraceGuids
RtlUpcaseUnicodeToOemN
RtlUpcaseUnicodeString
RtlReleaseResource
RtlAcquireResourceExclusive
RtlEqualComputerName
RtlEqualDomainName
RtlLeaveCriticalSection
RtlCreateUnicodeString
RtlEnterCriticalSection
RtlFreeUnicodeString
RtlEqualSid
RtlGetNtProductType
RtlInitUnicodeString
RtlLengthSid
RtlInitializeGenericTableAvl
RtlValidSid
EtwLogTraceEvent

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DsrGetDcNameEx2
I_NetLogonAddressToSiteName
I_NetLogonAppendChangeLog
I_NetLogonCloseChangeLog
I_NetLogonFree
I_NetLogonGetAuthDataEx
I_NetLogonGetSerialNumber
I_NetLogonLdapLookupEx
I_NetLogonMixedDomain
I_NetLogonNewChangeLog
I_NetLogonReadChangeLog
I_NetLogonSendToSamOnDc
I_NetLogonSetServiceBits
I_NetNotifyDelta
I_NetNotifyDsChange
I_NetNotifyMachineAccount
I_NetNotifyNetlogonDllHandle
I_NetNotifyNtdsDsaDeletion
I_NetNotifyRole
I_NetNotifyTrustedDomain
InitSecurityInterfaceW
NetIGetEncTypes
NetILogonSamLogon
NlNetlogonMain

Sections

.text
Size: 436KB - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 364KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
netprofmsvc.dll
.dll windows:10 windows x64 arch:x64

ae8a1913373168c51473153705747bfb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

netprofmsvc.pdb

Imports

msvcp_win

?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA_W_W@Z
?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W0@Z
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Random_device@std@@YAIXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?good@ios_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?setf@ios_base@std@@QEAAHHH@Z
?uncaught_exception@std@@YA_NXZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Xlength_error@std@@YAXPEBD@Z
?setf@ios_base@std@@QEAAHH@Z
?_Xbad_function_call@std@@YAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ
?put@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AEAVios_base@2@_WPEBUtm@@PEB_W4@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?id@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
memmove
_o_abort
_o_calloc
_o_free
_o_malloc
_o_strcpy_s
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcstod
_o_wcstoul
_o_wcstoull
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__execute_onexit_table
__std_type_info_compare
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcspbrk
wcscmp
wcsspn
memset
wcsncmp

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlQueryWnfStateData
RtlStringFromGUID
RtlFreeUnicodeString
RtlNtStatusToDosError
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
EtwEventWriteTransfer
RtlUnsubscribeWnfNotificationWaitForCompletion
EtwEventUnregister
EtwEventRegister
RtlIpv4StringToAddressExW
RtlIpv6StringToAddressExW
RtlGetCurrentServiceSessionId
RtlGetDeviceFamilyInfoEnum
RtlPublishWnfStateData
NtDeleteWnfStateName
NtCreateWnfStateName
RtlInitUnicodeString
RtlGUIDFromString
RtlCaptureContext

api-ms-win-core-libraryloader-l1-2-0

LoadResource
SizeofResource
FreeResource
FindResourceExW
LoadStringW
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleExA
DisableThreadLibraryCalls
GetModuleHandleExW
LockResource
GetModuleFileNameW
FreeLibrary
GetProcAddress
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

CreateMutexExW
WaitForSingleObject
InitializeCriticalSection
ReleaseSemaphore
AcquireSRWLockShared
ReleaseSRWLockShared
CreateSemaphoreExW
SetEvent
AcquireSRWLockExclusive
ReleaseMutex
CreateEventW
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockExclusive
ResetEvent
WaitForSingleObjectEx
InitializeCriticalSectionEx
DeleteCriticalSection
InitializeSRWLock
LeaveCriticalSection
TryAcquireSRWLockExclusive
EnterCriticalSection
WaitForMultipleObjectsEx
CreateEventExW
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentProcess
TerminateProcess
GetExitCodeThread
GetProcessId
GetCurrentProcessId
CreateThread
GetCurrentThread
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister
EventEnabled
EventUnregister

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
CloseThreadpoolWait
CreateThreadpoolWait
SubmitThreadpoolWork
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer
SetThreadpoolWait
CreateThreadpool
CloseThreadpool
CreateThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
DisassociateCurrentThreadFromCallback
FreeLibraryWhenCallbackReturns
WaitForThreadpoolWaitCallbacks

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegEnumKeyExW
RegGetValueW
RegQueryValueExA
RegQueryInfoKeyW
RegQueryValueExW
RegDeleteKeyExW
RegCloseKey

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceInitialize
WaitOnAddress
WakeByAddressAll
InitOnceExecuteOnce
InitOnceBeginInitialize
Sleep

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeEx
IIDFromString
CoSetProxyBlanket
StringFromGUID2
CoRevokeClassObject
CoGetCallContext
CoUninitialize
StringFromIID
CoRevertToSelf
CoResumeClassObjects
CoDisconnectContext
CoTaskMemAlloc
CoRegisterClassObject
CoImpersonateClient
CoCreateGuid
CoTaskMemFree

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoRegisterActivationFactories

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-kernel32-legacy-l1-1-0

UnregisterWait

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsDeleteString
WindowsIsStringEmpty
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetTickCount64
GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueue
CreateTimerQueueTimer
DeleteTimerQueueTimer
DeleteTimerQueueEx
UnregisterWaitEx

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

dnsapi

DnsFlushResolverCache
DnsNotifyResolverEx

api-ms-win-security-base-l1-1-0

InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
CheckTokenMembership
SetSecurityDescriptorDacl
FreeSid
GetTokenInformation

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime
GetFileSize
WriteFile
CreateFileW
SetFileAttributesW
GetFileAttributesW
ReadFile
DeleteFileW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-security-grouppolicy-l1-1-0

RegisterGPNotificationInternal
EnterCriticalPolicySectionInternal
LeaveCriticalPolicySectionInternal
UnregisterGPNotificationInternal

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-security-capability-l1-1-0

RpcClientCapabilityCheck

combase

ord68
ord67
ord66
ord69

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

Exports

Exports

DllMain
ServiceMain
SvchostPushServiceGlobalsEx

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 332KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ngccredprov.dll
.dll windows:10 windows x64 arch:x64

cae476e5d14139cb8de97685530044e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ngccredprov.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcserror
_o__wcsicmp
memmove
_o_abort
_o_free
_o_iswascii
_o_iswcntrl
_o_iswdigit
_o_iswlower
_o_iswprint
_o_iswpunct
_o_iswspace
_o_iswupper
_o_malloc
_o_memcpy_s
_o_terminate
_o_wcsncpy_s
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcschr
wcsstr
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

strcmp
wcsnlen
memset

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleHandleW
LoadStringW
LockResource
LoadResource
FindResourceExW
FreeLibrary
GetModuleFileNameA
SizeofResource
GetProcAddress

api-ms-win-core-synch-l1-1-0

CreateEventW
ReleaseSemaphore
InitializeSRWLock
ResetEvent
SetEvent
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
TryAcquireSRWLockExclusive
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
CreateSemaphoreExW
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation
EventActivityIdControl

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetComputerNameExW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoGetMalloc
CoInitializeEx
CoTaskMemAlloc
CoUninitialize

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-base-l1-1-0

IsValidSid
GetLengthSid
EqualSid
CopySid
GetTokenInformation

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-libraryloader-l2-1-0

QueryOptionalDelayLoadedAPI

api-ms-win-core-registry-l1-1-0

RegUnLoadKeyW
RegDeleteValueW
RegOpenCurrentUser
RegFlushKey
RegLoadKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegGetValueW
RegSetValueExW
RegDeleteTreeW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW

rpcrt4

UuidFromStringW
UuidCreate
RpcStringFreeW
UuidToStringW
RpcBindingFree
UuidIsNil
RpcBindingBind
RpcBindingCreateW
NdrClientCall3
RpcExceptionFilter

api-ms-win-security-lsapolicy-l1-1-0

LsaOpenPolicy
LsaFreeMemory
LsaQueryInformationPolicy
LsaClose
LsaLookupSids2

ntdll

RtlUnicodeStringToAnsiString
RtlFreeAnsiString
RtlNtStatusToDosError
RtlInitString
RtlIsMultiUsersInSessionSku
RtlInitUnicodeString
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlPublishWnfStateData
RtlNtStatusToDosErrorNoTeb
RtlIsMultiSessionSku
RtlGetPersistedStateLocation

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?do_length@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBD1_K@Z
?do_unshift@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?do_out@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?do_in@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?do_encoding@?$codecvt@GDU_Mbstatet@@@std@@MEBAHXZ
?do_max_length@?$codecvt@GDU_Mbstatet@@@std@@MEBAHXZ
?do_always_noconv@?$codecvt@GDU_Mbstatet@@@std@@MEBA_NXZ
?_Incref@facet@locale@std@@UEAAXXZ
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
??Bid@locale@std@@QEAA_KXZ
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z

api-ms-win-core-string-l1-1-0

CompareStringEx

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-security-credentials-l1-1-0

CredUnmarshalCredentialW
CredIsMarshaledCredentialW
CredFree

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-security-lsalookup-l1-1-2

LsaLookupUserAccountType

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW
LookupAccountNameLocalW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 384KB - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ngcksp.dll
.dll windows:10 windows x64 arch:x64

3e84db8125fd9580e44d5a0859beb029

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ngcksp.pdb

Imports

msvcp_win

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o_free
_o_malloc
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__C_specific_handler
__CxxFrameHandler4
__std_terminate
memcpy

api-ms-win-crt-string-l1-1-0

wcscmp
memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockShared
LeaveCriticalSection
CreateMutexExW
ReleaseMutex
InitializeCriticalSectionEx
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
ReleaseSemaphore
SetEvent
ResetEvent
CreateSemaphoreExW
CreateEventW
DeleteCriticalSection
InitializeSRWLock
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapSize
HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

RpcAsyncInitializeHandle
RpcBindingCreateW
RpcAsyncCancelCall
RpcAsyncCompleteCall
UuidFromStringW
RpcBindingFree
RpcExceptionFilter
Ndr64AsyncClientCall
NdrClientCall3
RpcBindingBind

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-synch-l1-2-0

Sleep

ncrypt

NCryptEncrypt
NCryptFreeObject
NCryptOpenStorageProvider
NCryptImportKey

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-security-base-l1-1-0

IsValidSid
CopySid
GetLengthSid

api-ms-win-ntuser-ie-message-l1-1-0

DispatchMessageW
PeekMessageW
TranslateMessage
MsgWaitForMultipleObjects

Exports

Exports

GetKeyStorageInterface

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ngclocal.dll
.dll windows:10 windows x64 arch:x64

a1cafb5f5eb2d33f3d703de1e50d6c3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ngclocal.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_free
_o_malloc
__C_specific_handler
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_CxxThrowException
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
WaitForSingleObjectEx
CreateMutexExW
AcquireSRWLockShared
ReleaseMutex
ReleaseSRWLockExclusive
WaitForSingleObject
AcquireSRWLockExclusive
ReleaseSemaphore
InitializeSRWLock
ReleaseSRWLockShared
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
RaiseException
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventActivityIdControl
EventWriteTransfer
EventUnregister

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
Sleep
InitOnceComplete

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

rpcrt4

NdrClientCall3
RpcBindingBind
RpcBindingFree
RpcBindingCreateW
RpcExceptionFilter

api-ms-win-security-base-l1-1-0

GetLengthSid
IsValidSid
CopySid

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

NgcLocalAddCredential
NgcLocalAddCredentialSilent
NgcLocalChangeCredential
NgcLocalFindCredential
NgcLocalRemoveCredential

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ngcrecovery.dll
.dll windows:10 windows x64 arch:x64

972d786766b000552c986484afe1d541

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

NgcRecovery.pdb

Imports

msvcp_win

?do_unshift@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?do_out@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?do_in@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?do_encoding@?$codecvt@GDU_Mbstatet@@@std@@MEBAHXZ
?do_max_length@?$codecvt@GDU_Mbstatet@@@std@@MEBAHXZ
?do_always_noconv@?$codecvt@GDU_Mbstatet@@@std@@MEBA_NXZ
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
??Bid@locale@std@@QEAA_KXZ
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Xbad_function_call@std@@YAXXZ
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
_Query_perf_counter
?_Xout_of_range@std@@YAXPEBD@Z
_Query_perf_frequency
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?do_length@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBD1_K@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Incref@facet@locale@std@@UEAAXXZ

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__malloc_base
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__errno
_o__wcsicmp
_o__free_base
memmove
_o_free
_o_malloc
_o_strncpy_s
_o_strtol
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
strrchr
strchr
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o__execute_onexit_table
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
strcmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
GetModuleHandleExA
GetModuleHandleExW
GetModuleHandleW

winhttp

WinHttpAddRequestHeaders
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpOpenRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpSendRequest
WinHttpReceiveResponse

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
ResetEvent
ReleaseSemaphore
InitializeSRWLock
CreateEventW
DeleteCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
SetEvent
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
CreateEventExW
WaitForSingleObject
ReleaseMutex
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

RpcExceptionFilter
NdrClientCall3
RpcBindingFree
RpcBindingCreateW
RpcStringFreeW
UuidToStringW
UuidFromStringW
RpcBindingBind
UuidCreate

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventActivityIdControl
EventSetInformation
EventWriteTransfer

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep

crypt32

CertCreateCertificateContext
CertGetEnhancedKeyUsage
CertGetCertificateChain
CertFreeCertificateContext
CryptExportPublicKeyInfoEx
CryptStringToBinaryW
CryptStringToBinaryA
CryptBinaryToStringA
CryptBinaryToStringW
CertVerifyCertificateChainPolicy
CertOpenStore
CertFindCertificateInStore
CertFreeCertificateChain
CertCloseStore
CertAddCertificateContextToStore

bcrypt

BCryptGenerateSymmetricKey
BCryptGenRandom
BCryptEncrypt
BCryptDestroyKey

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoUninitialize
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoTaskMemAlloc
CoWaitForMultipleHandles

ntdll

NtQuerySystemInformation

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegDeleteTreeW
RegCloseKey
RegQueryValueExW
RegGetValueW

ncrypt

NCryptOpenStorageProvider
NCryptFreeObject
NCryptEncrypt
NCryptOpenKey
NCryptImportKey
NCryptGetProperty

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-security-base-l1-1-0

CopySid
GetTokenInformation
GetLengthSid
IsValidSid
EqualSid

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW

api-ms-win-security-lsapolicy-l1-1-0

LsaLookupSids2
LsaFreeMemory
LsaOpenPolicy
LsaClose

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-security-lsalookup-l1-1-2

LsaLookupUserAccountType

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

umpdc

Pdcv2ActivationClientDeactivate
Pdcv2ActivationClientRenewActivation
Pdcv2ActivationClientRegister
Pdcv2ActivationClientActivate
Pdcv2ActivationClientUnregister

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

NgcGetPinRecoveryParams
NgcIsPinRecoveryEnabled
NgcProtectPinRecoverySecret
NgcRecoverPin
NgcRecoverPinSilent
NgcRecoverPinSilentWithToken
NgcVerifyPinRecoverySecret

Sections

.text
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ngcsvc.dll
.dll windows:10 windows x64 arch:x64

ae62f6b1e147f22259b445f1e62040b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ngcsvc.pdb

Imports

msvcp_win

_Mtx_unlock
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Xbad_function_call@std@@YAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?do_length@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBD1_K@Z
?do_unshift@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?do_out@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?do_in@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?do_encoding@?$codecvt@GDU_Mbstatet@@@std@@MEBAHXZ
?do_max_length@?$codecvt@GDU_Mbstatet@@@std@@MEBAHXZ
?do_always_noconv@?$codecvt@GDU_Mbstatet@@@std@@MEBA_NXZ
?_Incref@facet@locale@std@@UEAAXXZ
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
??Bid@locale@std@@QEAA_KXZ
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?setf@ios_base@std@@QEAAHHH@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?good@ios_base@std@@QEBA_NXZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?width@ios_base@std@@QEAA_J_J@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__wcserror
_o__wcsicmp
_o__wcsicmp_l
_o__free_locale
memmove
_o_free
_o_iswascii
_o_iswcntrl
_o_iswdigit
_o_iswlower
_o_iswpunct
_o_iswspace
_o_iswupper
_o_malloc
_o_memcpy_s
_o_terminate
_o_wcsncpy_s
_o_wcstoull
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__difftime64
_o__crt_atexit
_o__create_locale
_o__configure_narrow_argv
_o__cexit
_o__callnewh
wcsstr
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsnlen
memset
wcscmp

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExA
LoadLibraryExA
DisableThreadLibraryCalls
LoadStringW
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
CreateSemaphoreExW
EnterCriticalSection
OpenEventW
ReleaseSemaphore
LeaveCriticalSection
InitializeSRWLock
TryAcquireSRWLockExclusive
InitializeCriticalSectionEx
CreateEventExW
WaitForSingleObject
ReleaseMutex
SetEvent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
OpenSemaphoreW
ResetEvent
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
CreateEventW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapSize
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolCleanupGroup
SetThreadpoolTimer
TrySubmitThreadpoolCallback
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
CreateProcessAsUserW
GetCurrentThreadId
OpenThreadToken
GetCurrentProcess
OpenProcessToken
GetCurrentThread
SetPriorityClass
GetCurrentProcessId
GetPriorityClass

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventRegister
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-file-l1-1-0

FindClose
GetLongPathNameW
FindFirstFileW
FindNextFileW
CompareFileTime

api-ms-win-security-base-l1-1-0

IsValidSid
GetTokenInformation
DuplicateTokenEx
AdjustTokenPrivileges
GetLengthSid
AccessCheck
MapGenericMask
RevertToSelf
ImpersonateLoggedOnUser
AllocateAndInitializeSid
EqualSid
CopySid
FreeSid
IsWellKnownSid

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-string-l1-1-0

CompareStringEx
WideCharToMultiByte

api-ms-win-core-registry-l1-1-0

RegFlushKey
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegLoadKeyW
RegDeleteKeyExW
RegQueryValueExW
RegOpenCurrentUser
RegCloseKey
RegUnLoadKeyW
RegDeleteTreeW
RegGetValueW
RegDeleteValueW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTime
GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoInitializeEx
CoCreateGuid
CoCreateInstance
CLSIDFromString
StringFromCLSID
CoTaskMemFree
CoGetMalloc
CoTaskMemAlloc
CoUninitialize

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx
CheckTokenCapability

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-sysinfo-l1-2-0

GetSystemFirmwareTable

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoInitialize
RoUninitialize

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsCreateString
WindowsGetStringRawBuffer

api-ms-win-core-kernel32-legacy-l1-1-0

UnregisterWait
WTSGetActiveConsoleSessionId

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

ntdll

RtlGetPersistedStateLocation
NtQueryInformationToken
RtlInitAnsiString
RtlGetDeviceFamilyInfoEnum
RtlHashUnicodeString
RtlQueryPackageIdentity
RtlDeriveCapabilitySidsFromName
RtlNtStatusToDosError
RtlUnicodeStringToAnsiString
RtlPublishWnfStateData
RtlFreeAnsiString
NtQuerySystemInformation
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlInitUnicodeString
RtlIsMultiSessionSku

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

Exports

Exports

NgcServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 744KB - Virtual size: 740KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 304KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nlaapi.dll
.dll windows:10 windows x64 arch:x64

412848b1594a61e521a543b05981d632

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

nlaapi.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__cexit
_o__configure_narrow_argv
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__seh_filter_dll
memcpy
_o_free
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
__C_specific_handler
_CxxThrowException

api-ms-win-crt-string-l1-1-0

memset

rpcrt4

RpcMgmtInqServerPrincNameW
RpcBindingSetAuthInfoW
NdrClientCall3
I_RpcExceptionFilter
RpcBindingSetOption
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingFree
RpcStringFreeW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExA

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

Exports

Exports

NlaGetCaptivePortalHosts
NlaIndicateReprobe

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nlmproxy.dll
.dll regsvr32 windows:10 windows x64 arch:x64

0c06645148dc364192d5ed56fa3e5676

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

nlmproxy.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
__C_specific_handler
_o___std_type_info_destroy_list

api-ms-win-crt-string-l1-1-0

memset

oleaut32

BSTR_UserUnmarshal
BSTR_UserSize64
BSTR_UserMarshal
BSTR_UserSize
BSTR_UserUnmarshal64
BSTR_UserFree
BSTR_UserFree64
BSTR_UserMarshal64

rpcrt4

NdrDllGetClassObject
NdrDllRegisterProxy
NdrDllUnregisterProxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrStubCall3
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
NdrDllCanUnloadNow
NdrStubForwardingFunction
NdrOleAllocate

api-ms-win-core-com-midlproxystub-l1-1-0

NdrProxyForwardingFunction3
ObjectStublessClient19
ObjectStublessClient14
ObjectStublessClient12
ObjectStublessClient16
ObjectStublessClient11
ObjectStublessClient13
ObjectStublessClient7
ObjectStublessClient10
ObjectStublessClient17
NdrProxyForwardingFunction6
ObjectStublessClient9
ObjectStublessClient15
ObjectStublessClient8
NdrProxyForwardingFunction5
ObjectStublessClient18
NdrProxyForwardingFunction4
ObjectStublessClient20

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nlmsprep.dll
.dll windows:10 windows x64 arch:x64

e049c4e9170c88b605b1a923abb6348a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

nlmsprep.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vswprintf
_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
__C_specific_handler
_o___std_type_info_destroy_list

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegCloseKey
RegDeleteTreeW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-file-l1-1-0

DeleteFileW

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

NetworkListManager_Generalize

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nltest.exe
.exe windows:10 windows x64 arch:x64

e6d22ecaa5772b23183363959c9f82b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

nltest.pdb

Imports

msvcrt

__iob_func
qsort
_wsetlocale
fwprintf
_vsnprintf
memcpy
_vsnwprintf
memset
?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
sprintf_s
strchr
strcat_s
_stricmp
printf
strtol
strcpy_s
_strnicmp
fprintf
strtoul
wcscat_s
wcscpy_s
iswctype
strncpy_s
__C_specific_handler

ntdsapi

DsFreeDomainControllerInfoW
DsUnBindW
DsBindW
DsGetDomainControllerInfoW

logoncli

NetLogonGetTimeServiceParentDomain
DsDeregisterDnsHostRecordsA
I_NetlogonGetTrustRid
DsGetForestTrustInformationW
I_NetlogonComputeServerSignature
DsAddressToSiteNamesExA
DsGetDcOpenA
DsGetDcSiteCoverageA
DsGetDcNameA
I_NetlogonComputeClientDigest
DsEnumerateDomainTrustsA
DsGetSiteNameA
DsGetDcCloseW
I_NetLogonControl2
DsGetDcNextA
I_NetLogonControl
I_NetlogonComputeServerDigest
DsGetDcNameW
DsGetDcNameWithAccountW
I_NetGetDCList
NetGetDCName
I_NetlogonComputeClientSignature

rpcrt4

UuidToStringA
UuidToStringW
RpcStringFreeW
UuidFromStringA
RpcStringFreeA

ws2_32

freeaddrinfo
ntohs
WSAGetLastError
htonl
WSACleanup
WSAStringToAddressA
getaddrinfo
WSAStartup
WSAAddressToStringA

ntdll

RtlInitAnsiString
RtlAllocateHeap
RtlFreeHeap
RtlCompareUnicodeString
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
RtlOemStringToUnicodeString
RtlInitString
RtlLengthSid
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlSystemTimeToLocalTime
RtlInitUnicodeString
RtlFreeUnicodeString
RtlConvertSidToUnicodeString
RtlTimeToTimeFields

netutils

NetApiBufferAllocate
NetApiBufferFree
NetpwNameCompare

kernel32

SetEvent
GetLocalTime
Sleep
CreateEventW
GetOverlappedResult
CloseHandle
CreateThread
GetProcAddress
LocalFree
DeleteCriticalSection
WaitForSingleObject
GetComputerNameW
GetModuleHandleW
InitializeCriticalSection
LeaveCriticalSection
FreeLibrary
SetMailslotInfo
WaitForMultipleObjects
LoadLibraryExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
EnterCriticalSection
GetCurrentThreadId
ReadFile
WideCharToMultiByte
GetSystemTimeAsFileTime
GetTickCount
LocalAlloc
HeapFree
GetConsoleOutputCP
GetStdHandle
WriteFile
SetThreadUILanguage
HeapAlloc
GetProcessHeap
MultiByteToWideChar
CreateFileW
CreateMailslotA
GetLastError

advapi32

TraceMessage
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
RegQueryValueExW
LsaClose
InitiateSystemShutdownExW
LsaOpenPolicy
SystemFunction025
SystemFunction027
RegConnectRegistryW
GetSecurityDescriptorDacl
RegGetKeySecurity
RegCloseKey
CryptAcquireContextW
GetAclInformation
RegOpenKeyExA
FreeSid
AbortSystemShutdownW
LsaFreeMemory
RegSetValueExA
LsaQueryForestTrustInformation
GetAce
RegSetKeySecurity
AllocateAndInitializeSid
RegQueryValueExA
EqualSid

user32

LoadStringW

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 332KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nonarpinv.dll
.dll windows:10 windows x64 arch:x64

2686b0854a5279a38eba3cdc9454cc86

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

93:0c:b3:6c:00:8e:5d:00:99:cf:86:57:b0:3d:f5:fa:fe:0f:f2:51:11:ab:ea:85:af:98:60:eb:50:9a:84:bd
Signer

Actual PE Digest

93:0c:b3:6c:00:8e:5d:00:99:cf:86:57:b0:3d:f5:fa:fe:0f:f2:51:11:ab:ea:85:af:98:60:eb:50:9a:84:bd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

NONARPINV.pdb

Imports

msvcrt

wcscmp
_wsetlocale
__crtLCMapStringW
__crtCompareStringW
_wcsdup
memset
abort
memcmp
calloc
__pctype_func
_ismbblead
___lc_codepage_func
___lc_handle_func
___mb_cur_max_func
_errno
___lc_collate_cp_func
setlocale
_vscwprintf
tolower
_wtoi64
towlower
realloc
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
_wtol
_wtof
_wtoi
sprintf_s
wcsrchr
_wcsnicmp
strchr
wcsstr
wcschr
strcpy_s
_wcslwr
wcscat_s
wcscpy_s
_vsnprintf
_wcsicmp
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
malloc
free
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
__C_specific_handler
_vsnwprintf_s
?what@exception@@UEBAPEBDXZ
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
__CxxFrameHandler4

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleFileNameA
GetProcAddress
GetModuleHandleExW
GetModuleFileNameW
LoadLibraryExW
GetModuleHandleExA
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

CreateMutexW
CreateSemaphoreExW
DeleteCriticalSection
EnterCriticalSection
ReleaseSemaphore
OpenWaitableTimerW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
SetWaitableTimer
ReleaseMutex
InitializeCriticalSection
CreateEventW
SetEvent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
InitializeSRWLock
OpenSemaphoreW
TryAcquireSRWLockExclusive
CreateMutexExW
ReleaseSRWLockShared
CreateEventExW
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
SetLastError

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetExitCodeProcess
GetCurrentThreadId
CreateThread
ExitProcess
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

ntdll

RtlAllocateAndInitializeSid
RtlNtStatusToDosError
RtlFreeSid
WinSqmIsOptedInEx
ZwOpenKey
ZwQueryValueKey
RtlInitUnicodeStringEx
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQuerySystemInformation
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlLeaveCriticalSection
RtlInitializeCriticalSection
ZwEnumerateKey
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlEqualString
RtlDeleteCriticalSection
RtlFreeHeap
RtlReAllocateHeap
RtlAllocateHeap
RtlInitUnicodeString
LdrGetDllHandle
RtlInitString
LdrGetProcedureAddress
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtCreateFile
NtQueryInformationFile
NtClose
ZwClose

api-ms-win-core-com-l1-1-0

CoTaskMemFree
PropVariantClear
CoWaitForMultipleHandles
CoTaskMemAlloc
CoUninitialize
CoInitializeEx

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
Sleep
SignalObjectAndWait
WakeAllConditionVariable

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
OpenFileMappingW

api-ms-win-core-string-l1-1-0

GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount

ext-ms-win-session-wtsapi32-l1-1-0

WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW

aepic

PicRetrieveFileInfo
ord109
ord104
ord105
ord106
ord108
PicFreeFileInfo
ord100
ord102
ord103
ord107
ord101

api-ms-win-core-file-l1-1-0

CreateFileW
WriteFile
GetFileAttributesW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCloseKey
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteTreeW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW
CreateWaitableTimerW
WaitForMultipleObjects

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

rpcrt4

UuidCreate

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

InitializeSecurityDescriptor
ImpersonateLoggedOnUser
RevertToSelf
SetSecurityDescriptorDacl

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

winhttp

WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpQueryAuthSchemes
WinHttpSetOption
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetCredentials
WinHttpOpen
WinHttpConnect
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpGetDefaultProxyConfiguration
WinHttpOpenRequest
WinHttpCloseHandle

api-ms-win-security-credentials-l1-1-0

CredReadW
CredFree

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateString
WindowsCreateStringReference
WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
EnableTraceEx2
StartTraceW

api-ms-win-eventing-consumer-l1-1-0

ProcessTrace
OpenTraceW
CloseTrace

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-eventing-tdh-l1-1-0

TdhGetPropertySize
TdhGetProperty

api-ms-win-core-shlwapi-legacy-l1-1-0

PathUnExpandEnvStringsW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

Exports

Exports

SendNonArpTelemetry
StartNonArpMonitor
StopNonArpMonitor

Sections

.text
Size: 356KB - Virtual size: 353KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nshwfp.dll
.dll windows:10 windows x64 arch:x64

f4b63ff71d2d7f1d6965868490a98d76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

nshwfp.pdb

Imports

msvcrt

memset
bsearch
_tempnam
remove
_lseek
_close
_write
_read
_errno
_open
strcpy_s
_wcsnicmp
qsort
_ui64toa_s
_i64toa_s
_ltoa_s
isprint
sprintf_s
strstr
strpbrk
_ultoa_s
_get_errno
wcstoul
_set_errno
wcsncmp
swprintf_s
_ultow_s
_snwprintf_s
_wcsicmp
wcstol
wprintf
_vsnwprintf
_vsnprintf
memcmp
memcpy
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter

netsh.exe

PrintMessageFromModule
MatchEnumTag
PreprocessCommand
RegisterHelper
RegisterContext
PrintMessage

ntdll

RtlIpv6AddressToStringW
RtlEthernetAddressToStringA
RtlIpv6AddressToStringA
RtlIpv4AddressToStringA
RtlIpv6StringToAddressW
EtwEventWriteTransfer
RtlApplicationVerifierStop
RtlNtStatusToDosError
EtwTraceMessage
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlIpv4StringToAddressW

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleExW
GetProcAddress
LoadStringW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetExitCodeProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
ExitProcess
CreateProcessW

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapCreate
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
HeapDestroy

rpcrt4

UuidCreate
MesEncodeDynBufferHandleCreate
MesHandleFree
I_RpcExceptionFilter
MesDecodeBufferHandleCreate
NdrMesTypeDecode3
UuidFromStringW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
CreateEventW
OpenEventW
WaitForSingleObject

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

firewallapi

FWEnumDynamicKeywordAddressesByType0
FWFreeDynamicKeywordAddressData0

fwpuclnt

FwpmCalloutGetByKey0
FwpmFilterGetByKey0
FwpmEngineSetSecurityInfo0
IkeextSaDbSetSecurityInfo0
FwpmCalloutGetSecurityInfoByKey0
FwpmProviderContextDeleteByKey0
FwpmSubLayerGetByKey0
FwpmProviderContextGetByKey3
IPsecDospStateCreateEnumHandle0
IPsecDospGetStatistics0
FwpmNetEventsGetSecurityInfo0
FwpmGetAppIdFromFileName0
FwpmEngineSetOption0
FwpmProviderGetByKey0
FwpmCalloutSetSecurityInfoByKey0
FwpmProviderUnsubscribeChanges0
FwpmEngineGetOption0
FwpmSubLayerGetSecurityInfoByKey0
FwpmProviderContextUnsubscribeChanges0
FwpmFilterGetSecurityInfoByKey0
FwpmFreeMemory0
FwpmSubLayerUnsubscribeChanges0
FwpmCalloutUnsubscribeChanges0
FwpmTransactionAbort0
FwpmTransactionCommit0
FwpmTransactionBegin0
FwpmFilterUnsubscribeChanges0
FwpmEngineGetSecurityInfo0
FwpmProviderContextAdd3
FwpmProviderGetSecurityInfoByKey0
FwpmNetEventUnsubscribe0
FwpmNetEventsLost0
FwpmNetEventSubscribe4
FwpmFilterSubscribeChanges0
FwpmCalloutSubscribeChanges0
FwpmSubLayerSubscribeChanges0
FwpmProviderContextSubscribeChanges0
FwpmProviderSubscribeChanges0
FwpmNetEventDestroyEnumHandle0
IPsecSaDbSetSecurityInfo0
FwpmNetEventEnum5
FwpmNetEventCreateEnumHandleEx
IPsecGetStatistics1
IkeextGetStatistics1
FwpmSubLayerSubscriptionsGet0
IPsecSaDbGetSecurityInfo0
FwpmProviderContextSubscriptionsGet0
FwpmProviderSubscriptionsGet0
FwpmNetEventSubscriptionsGet0
FwpmFilterSubscriptionsGet0
FwpmCalloutSubscriptionsGet0
FwpsAleEndpointDestroyEnumHandle0
FwpsAleEndpointEnum0
FwpsAleEndpointCreateEnumHandle0
IPsecSaContextDestroyEnumHandle0
IPsecSaContextEnum1
IPsecSaContextCreateEnumHandle0
IkeextSaDestroyEnumHandle0
IkeextSaEnum2
IkeextSaCreateEnumHandle0
FwpmSubLayerDestroyEnumHandle0
FwpmSubLayerEnum0
FwpmSubLayerCreateEnumHandle0
FwpmSessionDestroyEnumHandle0
FwpmSessionEnum0
FwpmSessionCreateEnumHandle0
FwpmProviderDestroyEnumHandle0
FwpmProviderEnum0
FwpmFilterDeleteByKey0
FwpmEngineClose0
FwpmLayerGetSecurityInfoByKey0
FwpmFilterAdd0
FwpmProviderContextSetSecurityInfoByKey0
FwpmNetEventsSetSecurityInfo0
FwpmProviderCreateEnumHandle0
FwpmLayerDestroyEnumHandle0
FwpmLayerEnum0
FwpmLayerCreateEnumHandle0
FwpmCalloutDestroyEnumHandle0
FwpmCalloutEnum0
FwpmCalloutCreateEnumHandle0
FwpmProviderContextDestroyEnumHandle0
FwpmProviderContextEnum3
FwpmProviderContextCreateEnumHandle0
FwpmEngineOpen0
FwpmFilterEnum0
FwpmFilterCreateEnumHandle0
IPsecDospStateDestroyEnumHandle0
FwpmSubLayerSetSecurityInfoByKey0
FwpmLayerSetSecurityInfoByKey0
IPsecDospStateEnum0
FwpmSystemPortsGet0
IkeextSaDbGetSecurityInfo0
FwpmProviderSetSecurityInfoByKey0
FwpmProviderContextGetSecurityInfoByKey0
FwpmFilterSetSecurityInfoByKey0
FwpmFilterDestroyEnumHandle0

nsi

NsiSetAllParameters
NsiGetAllParameters

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-file-l1-1-0

WriteFile
GetFileInformationByHandle
CreateFileA
DeleteFileW
DeleteFileA
CreateFileW
GetFileAttributesA
FileTimeToLocalFileTime

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
OpenServiceW

api-ms-win-security-base-l1-1-0

GetLengthSid

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-console-l1-2-0

AttachConsole

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW
ConvertSecurityDescriptorToStringSecurityDescriptorW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW

iphlpapi

GetAdaptersAddresses

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

crypt32

CertGetNameStringW
CertFreeCertificateContext
CertCreateCertificateContext
CertNameToStrW

api-ms-win-security-lsapolicy-l1-1-0

LsaOpenPolicy
LsaClose
LsaFreeMemory
LsaQueryInformationPolicy

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
StartTraceW

api-ms-win-eventing-legacy-l1-1-0

EnableTrace

cabinet

ord13
ord11
ord10
ord14

api-ms-win-core-kernel32-legacy-l1-1-0

FileTimeToDosDateTime

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegCloseKey

Exports

Exports

IdpConfigAddPolicy
IdpConfigAllocateAndGetPolicy
IdpConfigFreePolicy
IdpConfigInitDefaultPolicy
IdpConfigRemovePolicy
InitHelperDll
WfpCaptureExportedW
WfpCaptureStop

Sections

.text
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 456KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ntdll.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:04:5b:f6:31:bc:00:f4:fc:37:45:00:00:00:00:04:5b
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 18:20

Not After

04/09/2024, 18:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

93:5f:34:1a:2b:91:07:cf:ae:7c:91:d0:1e:f8:99:15:d9:b2:fd:35:ca:68:5e:07:ad:21:bf:81:29:33:1f:d1
Signer

Actual PE Digest

93:5f:34:1a:2b:91:07:cf:ae:7c:91:d0:1e:f8:99:15:d9:b2:fd:35:ca:68:5e:07:ad:21:bf:81:29:33:1f:d1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ntdll.pdb

Exports

Exports

A_SHAFinal
A_SHAInit
A_SHAUpdate
AlpcAdjustCompletionListConcurrencyCount
AlpcFreeCompletionListMessage
AlpcGetCompletionListLastMessageInformation
AlpcGetCompletionListMessageAttributes
AlpcGetHeaderSize
AlpcGetMessageAttribute
AlpcGetMessageFromCompletionList
AlpcGetOutstandingCompletionListMessageCount
AlpcInitializeMessageAttribute
AlpcMaxAllowedMessageLength
AlpcRegisterCompletionList
AlpcRegisterCompletionListWorkerThread
AlpcRundownCompletionList
AlpcUnregisterCompletionList
AlpcUnregisterCompletionListWorkerThread
ApiSetQueryApiSetPresence
ApiSetQueryApiSetPresenceEx
CsrAllocateCaptureBuffer
CsrAllocateMessagePointer
CsrCaptureMessageBuffer
CsrCaptureMessageMultiUnicodeStringsInPlace
CsrCaptureMessageString
CsrCaptureTimeout
CsrClientCallServer
CsrClientConnectToServer
CsrFreeCaptureBuffer
CsrGetProcessId
CsrIdentifyAlertableThread
CsrSetPriorityClass
CsrVerifyRegion
DbgBreakPoint
DbgPrint
DbgPrintEx
DbgPrintReturnControlC
DbgPrompt
DbgQueryDebugFilterState
DbgSetDebugFilterState
DbgUiConnectToDbg
DbgUiContinue
DbgUiConvertStateChangeStructure
DbgUiConvertStateChangeStructureEx
DbgUiDebugActiveProcess
DbgUiGetThreadDebugObject
DbgUiIssueRemoteBreakin
DbgUiRemoteBreakin
DbgUiSetThreadDebugObject
DbgUiStopDebugging
DbgUiWaitStateChange
DbgUserBreakPoint
EtwCheckCoverage
EtwCreateTraceInstanceId
EtwDeliverDataBlock
EtwEnumerateProcessRegGuids
EtwEventActivityIdControl
EtwEventEnabled
EtwEventProviderEnabled
EtwEventRegister
EtwEventSetInformation
EtwEventUnregister
EtwEventWrite
EtwEventWriteEndScenario
EtwEventWriteEx
EtwEventWriteFull
EtwEventWriteNoRegistration
EtwEventWriteStartScenario
EtwEventWriteString
EtwEventWriteTransfer
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwLogTraceEvent
EtwNotificationRegister
EtwNotificationUnregister
EtwProcessPrivateLoggerRequest
EtwRegisterSecurityProvider
EtwRegisterTraceGuidsA
EtwRegisterTraceGuidsW
EtwReplyNotification
EtwSendNotification
EtwSetMark
EtwTraceEventInstance
EtwTraceMessage
EtwTraceMessageVa
EtwUnregisterTraceGuids
EtwWriteUMSecurityEvent
EtwpCreateEtwThread
EtwpGetCpuSpeed
EvtIntReportAuthzEventAndSourceAsync
EvtIntReportEventAndSourceAsync
ExpInterlockedPopEntrySListEnd
ExpInterlockedPopEntrySListFault
ExpInterlockedPopEntrySListResume
KiRaiseUserExceptionDispatcher
KiUserApcDispatcher
KiUserCallbackDispatcher
KiUserExceptionDispatcher
KiUserInvertedFunctionTable
LdrAccessResource
LdrAddDllDirectory
LdrAddLoadAsDataTable
LdrAddRefDll
LdrAppxHandleIntegrityFailure
LdrCallEnclave
LdrControlFlowGuardEnforced
LdrCreateEnclave
LdrDeleteEnclave
LdrDisableThreadCalloutsForDll
LdrEnumResources
LdrEnumerateLoadedModules
LdrFastFailInLoaderCallout
LdrFindEntryForAddress
LdrFindResourceDirectory_U
LdrFindResourceEx_U
LdrFindResource_U
LdrFlushAlternateResourceModules
LdrGetDllDirectory
LdrGetDllFullName
LdrGetDllHandle
LdrGetDllHandleByMapping
LdrGetDllHandleByName
LdrGetDllHandleEx
LdrGetDllPath
LdrGetFailureData
LdrGetFileNameFromLoadAsDataTable
LdrGetKnownDllSectionHandle
LdrGetProcedureAddress
LdrGetProcedureAddressEx
LdrGetProcedureAddressForCaller
LdrHotPatchNotify
LdrInitShimEngineDynamic
LdrInitializeEnclave
LdrInitializeThunk
LdrIsModuleSxsRedirected
LdrLoadAlternateResourceModule
LdrLoadAlternateResourceModuleEx
LdrLoadDll
LdrLoadEnclaveModule
LdrLockLoaderLock
LdrOpenImageFileOptionsKey
LdrProcessInitializationComplete
LdrProcessRelocationBlock
LdrProcessRelocationBlockEx
LdrQueryImageFileExecutionOptions
LdrQueryImageFileExecutionOptionsEx
LdrQueryImageFileKeyOption
LdrQueryModuleServiceTags
LdrQueryOptionalDelayLoadedAPI
LdrQueryProcessModuleInformation
LdrRegisterDllNotification
LdrRemoveDllDirectory
LdrRemoveLoadAsDataTable
LdrResFindResource
LdrResFindResourceDirectory
LdrResGetRCConfig
LdrResRelease
LdrResSearchResource
LdrResolveDelayLoadedAPI
LdrResolveDelayLoadsFromDll
LdrRscIsTypeExist
LdrSetAppCompatDllRedirectionCallback
LdrSetDefaultDllDirectories
LdrSetDllDirectory
LdrSetDllManifestProber
LdrSetImplicitPathOptions
LdrSetMUICacheType
LdrShutdownProcess
LdrShutdownThread
LdrStandardizeSystemPath
LdrSystemDllInitBlock
LdrUnloadAlternateResourceModule
LdrUnloadAlternateResourceModuleEx
LdrUnloadDll
LdrUnlockLoaderLock
LdrUnregisterDllNotification
LdrUpdatePackageSearchPath
LdrVerifyImageMatchesChecksum
LdrVerifyImageMatchesChecksumEx
LdrpResGetMappingSize
LdrpResGetResourceDirectory
MD4Final
MD4Init
MD4Update
MD5Final
MD5Init
MD5Update
MicrosoftTelemetryAssertTriggeredUM
NlsAnsiCodePage
NlsMbCodePageTag
NlsMbOemCodePageTag
NtAcceptConnectPort
NtAccessCheck
NtAccessCheckAndAuditAlarm
NtAccessCheckByType
NtAccessCheckByTypeAndAuditAlarm
NtAccessCheckByTypeResultList
NtAccessCheckByTypeResultListAndAuditAlarm
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
NtAcquireCrossVmMutant
NtAcquireProcessActivityReference
NtAddAtom
NtAddAtomEx
NtAddBootEntry
NtAddDriverEntry
NtAdjustGroupsToken
NtAdjustPrivilegesToken
NtAdjustTokenClaimsAndDeviceGroups
NtAlertResumeThread
NtAlertThread
NtAlertThreadByThreadId
NtAllocateLocallyUniqueId
NtAllocateReserveObject
NtAllocateUserPhysicalPages
NtAllocateUserPhysicalPagesEx
NtAllocateUuids
NtAllocateVirtualMemory
NtAllocateVirtualMemoryEx
NtAlpcAcceptConnectPort
NtAlpcCancelMessage
NtAlpcConnectPort
NtAlpcConnectPortEx
NtAlpcCreatePort
NtAlpcCreatePortSection
NtAlpcCreateResourceReserve
NtAlpcCreateSectionView
NtAlpcCreateSecurityContext
NtAlpcDeletePortSection
NtAlpcDeleteResourceReserve
NtAlpcDeleteSectionView
NtAlpcDeleteSecurityContext
NtAlpcDisconnectPort
NtAlpcImpersonateClientContainerOfPort
NtAlpcImpersonateClientOfPort
NtAlpcOpenSenderProcess
NtAlpcOpenSenderThread
NtAlpcQueryInformation
NtAlpcQueryInformationMessage
NtAlpcRevokeSecurityContext
NtAlpcSendWaitReceivePort
NtAlpcSetInformation
NtApphelpCacheControl
NtAreMappedFilesTheSame
NtAssignProcessToJobObject
NtAssociateWaitCompletionPacket
NtCallEnclave
NtCallbackReturn
NtCancelIoFile
NtCancelIoFileEx
NtCancelSynchronousIoFile
NtCancelTimer
NtCancelTimer2
NtCancelWaitCompletionPacket
NtChangeProcessState
NtChangeThreadState
NtClearEvent
NtClose
NtCloseObjectAuditAlarm
NtCommitComplete
NtCommitEnlistment
NtCommitRegistryTransaction
NtCommitTransaction
NtCompactKeys
NtCompareObjects
NtCompareSigningLevels
NtCompareTokens
NtCompleteConnectPort
NtCompressKey
NtConnectPort
NtContinue
NtContinueEx
NtConvertBetweenAuxiliaryCounterAndPerformanceCounter
NtCopyFileChunk
NtCreateCpuPartition
NtCreateCrossVmEvent
NtCreateCrossVmMutant
NtCreateDebugObject
NtCreateDirectoryObject
NtCreateDirectoryObjectEx
NtCreateEnclave
NtCreateEnlistment
NtCreateEvent
NtCreateEventPair
NtCreateFile
NtCreateIRTimer
NtCreateIoCompletion
NtCreateIoRing
NtCreateJobObject
NtCreateJobSet
NtCreateKey
NtCreateKeyTransacted
NtCreateKeyedEvent
NtCreateLowBoxToken
NtCreateMailslotFile
NtCreateMutant
NtCreateNamedPipeFile
NtCreatePagingFile
NtCreatePartition
NtCreatePort
NtCreatePrivateNamespace
NtCreateProcess
NtCreateProcessEx
NtCreateProcessStateChange
NtCreateProfile
NtCreateProfileEx
NtCreateRegistryTransaction
NtCreateResourceManager
NtCreateSection
NtCreateSectionEx
NtCreateSemaphore
NtCreateSymbolicLinkObject
NtCreateThread
NtCreateThreadEx
NtCreateThreadStateChange
NtCreateTimer
NtCreateTimer2
NtCreateToken
NtCreateTokenEx
NtCreateTransaction
NtCreateTransactionManager
NtCreateUserProcess
NtCreateWaitCompletionPacket
NtCreateWaitablePort
NtCreateWnfStateName
NtCreateWorkerFactory
NtDebugActiveProcess
NtDebugContinue
NtDelayExecution
NtDeleteAtom
NtDeleteBootEntry
NtDeleteDriverEntry
NtDeleteFile
NtDeleteKey
NtDeleteObjectAuditAlarm
NtDeletePrivateNamespace
NtDeleteValueKey
NtDeleteWnfStateData
NtDeleteWnfStateName
NtDeviceIoControlFile
NtDirectGraphicsCall
NtDisableLastKnownGood
NtDisplayString
NtDrawText
NtDuplicateObject
NtDuplicateToken
NtEnableLastKnownGood
NtEnumerateBootEntries
NtEnumerateDriverEntries
NtEnumerateKey
NtEnumerateSystemEnvironmentValuesEx
NtEnumerateTransactionObject
NtEnumerateValueKey
NtExtendSection
NtFilterBootOption
NtFilterToken
NtFilterTokenEx
NtFindAtom
NtFlushBuffersFile
NtFlushBuffersFileEx
NtFlushInstallUILanguage
NtFlushInstructionCache
NtFlushKey
NtFlushProcessWriteBuffers
NtFlushVirtualMemory
NtFlushWriteBuffer
NtFreeUserPhysicalPages
NtFreeVirtualMemory
NtFreezeRegistry
NtFreezeTransactions
NtFsControlFile
NtGetCachedSigningLevel
NtGetCompleteWnfStateSubscription
NtGetContextThread
NtGetCurrentProcessorNumber
NtGetCurrentProcessorNumberEx
NtGetDevicePowerState
NtGetMUIRegistryInfo
NtGetNextProcess
NtGetNextThread
NtGetNlsSectionPtr
NtGetNotificationResourceManager
NtGetTickCount
NtGetWriteWatch
NtImpersonateAnonymousToken
NtImpersonateClientOfPort
NtImpersonateThread
NtInitializeEnclave
NtInitializeNlsFiles
NtInitializeRegistry
NtInitiatePowerAction
NtIsProcessInJob
NtIsSystemResumeAutomatic
NtIsUILanguageComitted
NtListenPort
NtLoadDriver
NtLoadEnclaveData
NtLoadKey
NtLoadKey2
NtLoadKey3
NtLoadKeyEx
NtLockFile
NtLockProductActivationKeys
NtLockRegistryKey
NtLockVirtualMemory
NtMakePermanentObject
NtMakeTemporaryObject
NtManageHotPatch
NtManagePartition
NtMapCMFModule
NtMapUserPhysicalPages
NtMapUserPhysicalPagesScatter
NtMapViewOfSection
NtMapViewOfSectionEx
NtModifyBootEntry
NtModifyDriverEntry
NtNotifyChangeDirectoryFile
NtNotifyChangeDirectoryFileEx
NtNotifyChangeKey
NtNotifyChangeMultipleKeys
NtNotifyChangeSession
NtOpenCpuPartition
NtOpenDirectoryObject
NtOpenEnlistment
NtOpenEvent
NtOpenEventPair
NtOpenFile
NtOpenIoCompletion
NtOpenJobObject
NtOpenKey
NtOpenKeyEx
NtOpenKeyTransacted
NtOpenKeyTransactedEx
NtOpenKeyedEvent
NtOpenMutant
NtOpenObjectAuditAlarm
NtOpenPartition
NtOpenPrivateNamespace
NtOpenProcess
NtOpenProcessToken
NtOpenProcessTokenEx
NtOpenRegistryTransaction
NtOpenResourceManager
NtOpenSection
NtOpenSemaphore
NtOpenSession
NtOpenSymbolicLinkObject
NtOpenThread
NtOpenThreadToken
NtOpenThreadTokenEx
NtOpenTimer
NtOpenTransaction
NtOpenTransactionManager
NtPlugPlayControl
NtPowerInformation
NtPrePrepareComplete
NtPrePrepareEnlistment
NtPrepareComplete
NtPrepareEnlistment
NtPrivilegeCheck
NtPrivilegeObjectAuditAlarm
NtPrivilegedServiceAuditAlarm
NtPropagationComplete
NtPropagationFailed
NtProtectVirtualMemory
NtPssCaptureVaSpaceBulk
NtPulseEvent
NtQueryAttributesFile
NtQueryAuxiliaryCounterFrequency
NtQueryBootEntryOrder
NtQueryBootOptions
NtQueryDebugFilterState
NtQueryDefaultLocale
NtQueryDefaultUILanguage
NtQueryDirectoryFile
NtQueryDirectoryFileEx
NtQueryDirectoryObject
NtQueryDriverEntryOrder
NtQueryEaFile
NtQueryEvent
NtQueryFullAttributesFile
NtQueryInformationAtom
NtQueryInformationByName
NtQueryInformationCpuPartition
NtQueryInformationEnlistment
NtQueryInformationFile
NtQueryInformationJobObject
NtQueryInformationPort
NtQueryInformationProcess
NtQueryInformationResourceManager
NtQueryInformationThread
NtQueryInformationToken
NtQueryInformationTransaction
NtQueryInformationTransactionManager
NtQueryInformationWorkerFactory
NtQueryInstallUILanguage
NtQueryIntervalProfile
NtQueryIoCompletion
NtQueryIoRingCapabilities
NtQueryKey

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT
Size: 4KB - Virtual size: 463B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 312KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mrdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 472KB - Virtual size: 470KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ntfsres.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 728KB - Virtual size: 727KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ntlanman.dll
.dll windows:10 windows x64 arch:x64

e1ab2bad5cfdd43ffa651c5e9a5f5bc5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ntlanman.pdb

Imports

msvcrt

__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_lock
free
_callnewh
memcmp
malloc
__RTDynamicCast
_unlock
__dllonexit
_ultow
towupper
_wcsnicmp
??1type_info@@UEAA@XZ
_onexit
strcpy_s
_wcsicmp
_itow_s
memmove_s
memcpy_s
_vsnwprintf
memmove
wcschr
_purecall
wcscat_s
_wcsupr
wcscpy_s
wcsrchr
memcpy
memset

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlCopyLuid
NtQueryInformationToken
NtOpenProcessToken
DbgPrint
NtCreateFile
NtQueryInformationFile
RtlDeleteResource
RtlReleaseResource
RtlGetLastNtStatus
RtlVirtualUnwind
RtlAcquireResourceExclusive
NtClose
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlInitUnicodeStringEx
RtlEqualUnicodeString
RtlCompareUnicodeString
NtOpenFile
RtlInitUnicodeString
NtFsControlFile
RtlNtStatusToDosError
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlDeleteCriticalSection
RtlInitializeResource

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadStringW
DisableThreadLibraryCalls
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
FreeLibrary

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalReAlloc
LocalFree

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetComputerNameExW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
DeleteCriticalSection
EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockShared
WaitForSingleObject
CreateMutexExW
ReleaseMutex
ReleaseSRWLockExclusive
CreateSemaphoreExW
OpenSemaphoreW
AcquireSRWLockExclusive
WaitForSingleObjectEx

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-console-l1-1-0

SetConsoleMode
GetConsoleMode
ReadConsoleW
WriteConsoleW

api-ms-win-core-file-l1-1-0

GetFileType
GetDriveTypeW
WriteFile
CreateFileW
GetLogicalDrives

api-ms-win-security-base-l1-1-0

EqualSid

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllMain
I_SystemFocusDialog
NPAddConnection
NPAddConnection3
NPAddConnection4
NPCancelConnection
NPCancelConnection2
NPCloseEnum
NPEnumResource
NPFormatNetworkName
NPGetCaps
NPGetConnection
NPGetConnection3
NPGetConnectionPerformance
NPGetPersistentUseOptionsForConnection
NPGetPersistentUseOptionsForConnection2
NPGetReconnectFlags
NPGetResourceInformation
NPGetResourceParent
NPGetUniversalName
NPGetUser
NPOpenEnum
QueryAppInstanceVersion
RegisterAppInstance
RegisterAppInstanceVersion
ResetAllAppInstanceVersions
SetAppInstanceCsvFlags

Sections

.text
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ntoskrnl.exe
.sys windows:10 windows x64 arch:x64

8a6a24dc179d1d583e1d3b5fddaea3d6

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

be:d8:3b:2e:53:b5:dc:7e:12:3c:5e:0c:64:78:86:b5:f9:6a:0a:2d:7c:27:22:5a:1d:84:33:3e:db:bd:83:4f
Signer

Actual PE Digest

be:d8:3b:2e:53:b5:dc:7e:12:3c:5e:0c:64:78:86:b5:f9:6a:0a:2d:7c:27:22:5a:1d:84:33:3e:db:bd:83:4f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ntkrnlmp.pdb

Imports

ext-ms-win-ntos-processparameters-l1-1-0

PsDestroyProcessParameterOverrides
PsGetProcessParameterOverrides

ext-ms-win-ntos-tm-l1-1-0

TmIsKTMCommitCoordinator
TmInitializeTransactionManager
TmGetTransactionId
TmFreezeTransactions
TmEndPropagationRequest
TmEnableCallbacks
TmDereferenceEnlistmentKey
TmCurrentTransaction
TmCreateEnlistment
TmCommitTransaction
TmCommitEnlistment
TmCommitComplete
TmCancelPropagationRequest
NtThawTransactions
NtSetInformationTransaction
NtSetInformationResourceManager
NtSetInformationEnlistment
NtRollbackTransaction
NtRollbackEnlistment
NtRollbackComplete
NtRecoverTransactionManager
NtRecoverResourceManager
NtRecoverEnlistment
NtRegisterProtocolAddressInformation
TmIsTransactionActive
TmInitSystemPhase2
TmInitSystem
NtCommitComplete
NtCommitEnlistment
TmPrePrepareComplete
TmRecoverEnlistment
TmRecoverResourceManager
TmRecoverTransactionManager
TmReferenceEnlistmentKey
TmRenameTransactionManager
TmRequestOutcomeEnlistment
TmRollbackComplete
TmRollbackEnlistment
TmRollbackTransaction
TmSetCurrentTransaction
TmSinglePhaseReject
NtCommitTransaction
TmShutdownSystem
NtRollforwardTransactionManager
NtSinglePhaseReject
NtCreateEnlistment
NtCreateResourceManager
NtSetInformationTransactionManager
NtRenameTransactionManager
NtCreateTransaction
TmThawTransactions
NtCreateTransactionManager
NtEnumerateTransactionObject
NtFreezeTransactions
NtGetNotificationResourceManager
NtOpenEnlistment
NtOpenResourceManager
NtOpenTransaction
NtOpenTransactionManager
NtPrePrepareComplete
TmPrePrepareEnlistment
TmPrepareComplete
TmPrepareEnlistment
TmPropagationComplete
TmReadOnlyEnlistment
TmPropagationFailed
NtReadOnlyEnlistment
NtQueryInformationTransactionManager
NtQueryInformationTransaction
NtQueryInformationResourceManager
NtQueryInformationEnlistment
NtPropagationFailed
NtPropagationComplete
NtPrepareEnlistment
NtPrepareComplete
NtPrePrepareEnlistment

pshed

PshedGetBootErrorPacket
PshedInitialize
PshedGetAllErrorSources
PshedAttemptErrorRecovery
PshedWriteErrorRecord
PshedBugCheckSystem
PshedFreeMemory
PshedDoPluginCtl
PshedAllocateMemory
PshedDoPfa
PshedEnableErrorSource
PshedGetInjectionCapabilities
PshedInjectError
PshedSetErrorSourceInfo
PshedSetHalEnlightenments
PshedMarkHiberPhase
PshedInitProc
PshedIsSystemWheaEnabled
PshedClearErrorRecord
PshedArePluginsPresent
PshedReadErrorRecord
PshedInitGlobal
PshedDisableErrorSource
PshedInitAvailable
PshedGetErrorSourceInfo
PshedFinalizeErrorRecord
PshedRetrieveErrorInfo

bootvid

VidInitialize
VidBitBltEx
VidDisplayString
VidSetScrollRegion
VidSetTextColor
VidCleanUp
VidBitBlt
VidScreenToBufferBlt
VidBufferToScreenBlt
VidSolidColorFill
VidResetDisplay

ext-ms-win-ntos-clipsp-l1-1-0

ClipSpInitialize

kdcom

KdSetHiberRange
KdInitialize
KdSendPacket
KdReceivePacket
KdPower

ext-ms-win-ntos-kcminitcfg-l1-1-0

CmCompleteInitMachineConfig
CmSetInitMachineConfig

ext-ms-win-ntos-ksr-l1-1-4

KsrCleanupPageDatabase
KsrInitPageDatabase
KsrFreePersistedMemory
KsrInitSystem
KsrMdlToMemoryRuns
KsrFreePersistedMemoryBlock
KsrQueryMetadata
KsrEnumeratePersistedMemory
KsrGetFirmwareInformation
KsrClaimPersistedMemory
KsrPersistMemoryWithMetadata

ext-ms-win-ntos-trace-l1-1-0

TraceInitSystem

ext-ms-win-ntos-ksecurity-l1-1-1

QueryUpdateFileEaAllowedExt

ext-ms-win-ntos-werkernel-l1-1-1

WerLiveKernelCancelReport
WerLiveKernelSubmitReport
WerLiveKernelInitSystem
WerLiveKernelCreateReport
WerLiveKernelCloseHandle
WerLiveKernelOpenDumpFile

ext-ms-win-ntos-ucode-l1-1-0

ExpMicrocodeInformationLoad
ExpMicrocodeInformationUnload
ExpMicrocodeInitialization

ext-ms-win-ntos-runlevels-l1-1-0

ExpInitializeRunLevel0

ext-ms-win-ntos-stateseparation-l1-1-0

ExpInitializeStateSeparationPhase1
ExpInitializeStateSeparationPhase0
ExpInitializeStateSeparationPhase2

ext-ms-win-fs-clfs-l1-1-0

ClfsMgmtInstallPolicy
ClfsCloseLogFileObject
ClfsMgmtDeregisterManagedClient
ClfsMgmtRegisterManagedClient
ClfsCreateLogFile
ClfsGetLogFileInformation
ClfsReadRestartArea
ClfsLsnEqual
ClfsReadLogRecord
ClfsReadNextLogRecord
ClfsTerminateReadLog
ClfsWriteRestartArea
ClfsDeleteLogByPointer
ClfsDeleteMarshallingArea
ClfsReserveAndAppendLog
ClfsLsnInvalid
ClfsFlushToLsn
ClfsLsnContainer
ClfsLsnLess
ClfsCreateMarshallingArea
ClfsAddLogContainer
ClfsLsnDifference

ci

CiInitialize

msrpc.sys

MesIncrementalHandleReset
NdrMesTypeDecode3
MesEncodeIncrementalHandleCreate
NdrMesTypeEncode3
MesDecodeBufferHandleCreate
MesHandleFree
RpcExceptionFilter

cng.sys

BCryptExportKey

ext-ms-win-ntos-globmerger-l1-1-0

CimfsMountBootVolume

Exports

Exports

AlpcCreateSecurityContext
AlpcGetHeaderSize
AlpcGetMessageAttribute
AlpcInitializeMessageAttribute
AsanWrapperMemcmp
BgkDisplayCharacter
BgkGetConsoleState
BgkGetCursorState
BgkSetCursor
CarCopyRuleViolationDetails
CarCreateRuleViolationDetails
CarDeleteRuleViolationDetails
CarDeregisterRuleClassConfiguration
CarDeregisterRuleOverride
CarInitializeRuleViolationDetails
CarQueryReportAction
CarQueryReportActionForTriage
CarRegisterDefaultRuleClassConfiguration
CarRegisterRuleClassConfiguration
CarRegisterRuleOverride
CarRegisterRuleOverrideAllContexts
CarRegisterRuleOverridesAllContexts
CarReportRuleViolation
CarReportRuleViolationForTriage
CarSetCustomIdInRuleOverride
CarSetCustomRuleIdRange
CcAddDirtyPagesToExternalCache
CcAsyncCopyRead
CcCanIWrite
CcCoherencyFlushAndPurgeCache
CcCopyRead
CcCopyReadEx
CcCopyWrite
CcCopyWriteEx
CcCopyWriteWontFlush
CcDeductDirtyPagesFromExternalCache
CcDeferWrite
CcErrorCallbackRoutine
CcFastCopyRead
CcFastCopyWrite
CcFastMdlReadWait
CcFlushCache
CcFlushCacheToLsn
CcGetCachedDirtyPageCountForFile
CcGetDirtyPages
CcGetFileObjectFromBcb
CcGetFileObjectFromSectionPtrs
CcGetFileObjectFromSectionPtrsRef
CcGetFlushedValidData
CcGetLsnForFileObject
CcGetNumberOfMappedPages
CcInitializeCacheMap
CcInitializeCacheMapEx
CcInitializeCacheMapEx2
CcIsCacheManagerCallbackNeeded
CcIsThereDirtyData
CcIsThereDirtyDataEx
CcIsThereDirtyLoggedPages
CcMapData
CcMdlRead
CcMdlReadComplete
CcMdlWriteAbort
CcMdlWriteComplete
CcPinMappedData
CcPinRead
CcPrepareMdlWrite
CcPreparePinWrite
CcPurgeCacheSection
CcRegisterExternalCache
CcRemapBcb
CcRepinBcb
CcScheduleReadAhead
CcScheduleReadAheadEx
CcSetAdditionalCacheAttributes
CcSetAdditionalCacheAttributesEx
CcSetBcbOwnerPointer
CcSetDirtyPageThreshold
CcSetDirtyPinnedData
CcSetFileSizes
CcSetFileSizesEx
CcSetLogHandleForFile
CcSetLogHandleForFileEx
CcSetLoggedDataThreshold
CcSetParallelFlushFile
CcSetReadAheadGranularity
CcSetReadAheadGranularityEx
CcTestControl
CcUninitializeCacheMap
CcUnmapFileOffsetFromSystemCache
CcUnpinData
CcUnpinDataForThread
CcUnpinRepinnedBcb
CcUnregisterExternalCache
CcWaitForCurrentLazyWriterActivity
CcZeroData
CcZeroDataOnDisk
CmCallbackGetKeyObjectID
CmCallbackGetKeyObjectIDEx
CmCallbackReleaseKeyObjectIDEx
CmGetBoundTransaction
CmGetCallbackVersion
CmKeyObjectType
CmRegisterCallback
CmRegisterCallbackEx
CmRegisterMachineHiveLoadedNotification
CmSetCallbackObjectContext
CmUnRegisterCallback
CmUnregisterMachineHiveLoadedNotification
DbgBreakPoint
DbgBreakPointWithStatus
DbgCommandString
DbgLoadImageSymbols
DbgPrint
DbgPrintEx
DbgPrintReturnControlC
DbgPrompt
DbgQueryDebugFilterState
DbgSetDebugFilterState
DbgSetDebugPrintCallback
DbgkLkmdRegisterCallback
DbgkLkmdUnregisterCallback
DbgkWerCaptureLiveKernelDump
DbgkWerCaptureLiveKernelDump2
DifFindThreadContextData
DifGetPluginPerDriverData
DifPluginSimplePerfControl
DifPopThreadContextData
DifPushThreadContextData
DifRegisterPlugin
DifUtilDbgPrint
EmClientQueryRuleState
EmClientRuleDeregisterNotification
EmClientRuleEvaluate
EmClientRuleRegisterNotification
EmProviderDeregister
EmProviderDeregisterEntry
EmProviderRegister
EmProviderRegisterEntry
EmpProviderRegister
EtwActivityIdControl
EtwEnableTrace
EtwEventEnabled
EtwProviderEnabled
EtwRegister
EtwRegisterClassicProvider
EtwSendTraceBuffer
EtwSetInformation
EtwTelemetryCoverageReport
EtwUnregister
EtwWrite
EtwWriteEndScenario
EtwWriteEx
EtwWriteStartScenario
EtwWriteString
EtwWriteTransfer
EtwpDisableStackWalkApc
EtwpReenableStackWalkApc
ExAcquireAutoExpandPushLockExclusive
ExAcquireAutoExpandPushLockShared
ExAcquireCacheAwarePushLockExclusive
ExAcquireCacheAwarePushLockExclusiveEx
ExAcquireCacheAwarePushLockSharedEx
ExAcquireFastMutex
ExAcquireFastMutexUnsafe
ExAcquireFastResourceExclusive
ExAcquireFastResourceShared
ExAcquireFastResourceSharedStarveExclusive
ExAcquireFastResourceWithFlags
ExAcquirePushLockExclusiveEx
ExAcquirePushLockSharedEx
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
ExAcquireRundownProtection
ExAcquireRundownProtectionCacheAware
ExAcquireRundownProtectionCacheAwareEx
ExAcquireRundownProtectionEx
ExAcquireSharedStarveExclusive
ExAcquireSharedWaitForExclusive
ExAcquireSpinLockExclusive
ExAcquireSpinLockExclusiveAtDpcLevel
ExAcquireSpinLockShared
ExAcquireSpinLockSharedAtDpcLevel
ExActivationObjectType
ExAllocateAutoExpandPushLock
ExAllocateCacheAwarePushLock
ExAllocateCacheAwareRundownProtection
ExAllocateFromLookasideListEx
ExAllocateFromNPagedLookasideList
ExAllocateFromPagedLookasideList
ExAllocatePool
ExAllocatePool2
ExAllocatePool3
ExAllocatePoolWithQuota
ExAllocatePoolWithQuotaTag
ExAllocatePoolWithTag
ExAllocatePoolWithTagPriority
ExAllocateTimer
ExBlockOnAddressPushLock
ExBlockPushLock
ExCancelDpcEventWait
ExCancelTimer
ExCleanupAutoExpandPushLock
ExCleanupRundownProtectionCacheAware
ExCompositionObjectType
ExConvertExclusiveToSharedLite
ExConvertFastResourceExclusiveToShared
ExConvertPushLockExclusiveToShared
ExCoreMessagingObjectType
ExCreateCallback
ExCreateDpcEvent
ExCreatePool
ExDeleteDpcEvent
ExDeleteFastResource
ExDeleteLookasideListEx
ExDeleteNPagedLookasideList
ExDeletePagedLookasideList
ExDeleteResourceLite
ExDeleteTimer
ExDesktopObjectType
ExDestroyPool
ExDisableResourceBoostLite
ExDisownFastResource
ExEnterCriticalRegionAndAcquireFastMutexUnsafe
ExEnterCriticalRegionAndAcquireResourceExclusive
ExEnterCriticalRegionAndAcquireResourceShared
ExEnterCriticalRegionAndAcquireSharedWaitForExclusive
ExEnterPriorityRegionAndAcquireResourceExclusive
ExEnterPriorityRegionAndAcquireResourceShared
ExEnumHandleTable
ExEnumerateSystemFirmwareTables
ExEventObjectType
ExExtendZone
ExFetchLicenseData
ExFlushLookasideListEx
ExFreeAutoExpandPushLock
ExFreeCacheAwarePushLock
ExFreeCacheAwareRundownProtection
ExFreePool
ExFreePool2
ExFreePoolWithTag
ExFreeToLookasideListEx
ExFreeToNPagedLookasideList
ExFreeToPagedLookasideList
ExGetCurrentProcessorCounts
ExGetCurrentProcessorCpuUsage
ExGetExclusiveWaiterCount
ExGetFirmwareEnvironmentVariable
ExGetFirmwareType
ExGetLicenseTamperState
ExGetPreviousMode
ExGetSharedWaiterCount
ExGetSystemFirmwareTable
ExInitializeAutoExpandPushLock
ExInitializeDeviceAts
ExInitializeFastOwnerEntry
ExInitializeFastResource
ExInitializeFastResourceAcquired
ExInitializeLookasideListEx
ExInitializeNPagedLookasideList
ExInitializePagedLookasideList
ExInitializePushLock
ExInitializeResourceLite
ExInitializeRundownProtection
ExInitializeRundownProtectionCacheAware
ExInitializeRundownProtectionCacheAwareEx
ExInitializeZone
ExInterlockedAddLargeInteger
ExInterlockedAddUlong
ExInterlockedExtendZone
ExInterlockedInsertHeadList
ExInterlockedInsertTailList
ExInterlockedPopEntryList
ExInterlockedPushEntryList
ExInterlockedRemoveHeadList
ExIsFastResourceContended
ExIsFastResourceHeld
ExIsFastResourceHeldExclusive
ExIsManufacturingModeEnabled
ExIsProcessorFeaturePresent
ExIsResourceAcquiredExclusiveLite
ExIsResourceAcquiredSharedLite
ExIsSoftBoot
ExLocalTimeToSystemTime
ExMoveFastResourceOwnershipWithFlags
ExNotifyBootDeviceRemoval
ExNotifyCallback
ExQueryDepthSList
ExQueryFastCacheDevLicense
ExQueryPoolBlockSize
ExQueryTimerResolution
ExQueryWnfStateData
ExQueueDpcEventWait
ExQueueWorkItem
ExRaiseAccessViolation
ExRaiseDatatypeMisalignment
ExRaiseException
ExRaiseHardError
ExRaiseStatus
ExRawInputManagerObjectType
ExReInitializeRundownProtection
ExReInitializeRundownProtectionCacheAware
ExRealTimeIsUniversal
ExRegisterBootDevice
ExRegisterCallback
ExRegisterExtension
ExReinitializeFastResource
ExReinitializeResourceLite
ExReleaseAutoExpandPushLockExclusive
ExReleaseAutoExpandPushLockShared
ExReleaseCacheAwarePushLockExclusive
ExReleaseCacheAwarePushLockExclusiveEx
ExReleaseCacheAwarePushLockSharedEx
ExReleaseDisownedFastResource
ExReleaseDisownedFastResourceExclusive
ExReleaseDisownedFastResourceShared
ExReleaseFastMutex
ExReleaseFastMutexUnsafe
ExReleaseFastMutexUnsafeAndLeaveCriticalRegion
ExReleaseFastResource
ExReleaseFastResourceExclusive
ExReleaseFastResourceShared
ExReleasePushLockEx
ExReleasePushLockExclusiveEx
ExReleasePushLockSharedEx
ExReleaseResourceAndLeaveCriticalRegion
ExReleaseResourceAndLeavePriorityRegion
ExReleaseResourceForThreadLite
ExReleaseResourceLite
ExReleaseRundownProtection
ExReleaseRundownProtectionCacheAware
ExReleaseRundownProtectionCacheAwareEx
ExReleaseRundownProtectionEx
ExReleaseSpinLockExclusive
ExReleaseSpinLockExclusiveFromDpcLevel
ExReleaseSpinLockShared
ExReleaseSpinLockSharedFromDpcLevel
ExRundownCompleted
ExRundownCompletedCacheAware
ExSecurePoolUpdate
ExSecurePoolValidate
ExSemaphoreObjectType
ExSetFirmwareEnvironmentVariable
ExSetLicenseTamperState
ExSetResourceOwnerPointer
ExSetResourceOwnerPointerEx
ExSetTimer
ExSetTimerResolution
ExShareAddressSpaceWithDevice
ExShareUltraSpaceWithDevice
ExSizeOfAutoExpandPushLock
ExSizeOfRundownProtectionCacheAware
ExSubscribeWnfStateChange
ExSvmBeginDeviceReset
ExSvmFinalizeDeviceReset
ExSystemExceptionFilter
ExSystemTimeToLocalTime
ExTimedWaitForUnblockPushLock
ExTimerObjectType
ExTryAcquireAutoExpandPushLockExclusive
ExTryAcquireAutoExpandPushLockShared
ExTryAcquireCacheAwarePushLockExclusiveEx
ExTryAcquireCacheAwarePushLockSharedEx
ExTryAcquirePushLockExclusiveEx
ExTryAcquirePushLockSharedEx
ExTryAcquireSpinLockExclusiveAtDpcLevel
ExTryAcquireSpinLockSharedAtDpcLevel
ExTryConvertPushLockSharedToExclusiveEx
ExTryConvertSharedSpinLockExclusive
ExTryQueueWorkItem
ExTryToAcquireFastMutex
ExTryToAcquireResourceExclusiveLite
ExTryToConvertFastResourceSharedToExclusive
ExUnblockOnAddressPushLockEx
ExUnblockPushLockEx
ExUnregisterCallback
ExUnregisterExtension
ExUnsubscribeWnfStateChange
ExUpdateLicenseData
ExUuidCreate
ExVerifySuite
ExWaitForRundownProtectionRelease
ExWaitForRundownProtectionReleaseCacheAware
ExWaitForUnblockPushLock
ExWindowStationObjectType
ExfAcquirePushLockExclusive
ExfAcquirePushLockShared
ExfReleasePushLock
ExfReleasePushLockExclusive
ExfReleasePushLockShared
ExfTryAcquirePushLockShared
ExfTryToWakePushLock
ExfUnblockPushLock
ExpInterlockedFlushSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
FirstEntrySList
FsRtlAcknowledgeEcp
FsRtlAcquireEofLock
FsRtlAcquireFileExclusive
FsRtlAcquireHeaderMutex
FsRtlAddBaseMcbEntry
FsRtlAddBaseMcbEntryEx
FsRtlAddLargeMcbEntry
FsRtlAddMcbEntry
FsRtlAddToTunnelCache
FsRtlAddToTunnelCacheEx
FsRtlAllocateAePushLock
FsRtlAllocateExtraCreateParameter
FsRtlAllocateExtraCreateParameterFromLookasideList
FsRtlAllocateExtraCreateParameterList
FsRtlAllocateFileLock
FsRtlAllocatePool
FsRtlAllocatePoolWithQuota
FsRtlAllocatePoolWithQuotaTag
FsRtlAllocatePoolWithTag
FsRtlAllocateResource
FsRtlAreNamesEqual
FsRtlAreThereCurrentOrInProgressFileLocks
FsRtlAreThereWaitingFileLocks
FsRtlAreVolumeStartupApplicationsComplete
FsRtlBalanceReads
FsRtlCancellableWaitForMultipleObjects
FsRtlCancellableWaitForSingleObject
FsRtlChangeBackingFileObject
FsRtlCheckLockForOplockRequest
FsRtlCheckLockForReadAccess
FsRtlCheckLockForWriteAccess
FsRtlCheckOplock
FsRtlCheckOplockEx
FsRtlCheckOplockEx2
FsRtlCheckOplockForFsFilterCallback
FsRtlCheckUpperOplock
FsRtlCopyRead
FsRtlCopyWrite
FsRtlCreateSectionForDataScan
FsRtlCurrentBatchOplock
FsRtlCurrentOplock
FsRtlCurrentOplockH
FsRtlDedupChangeInit
FsRtlDedupChangeLogOverwriteOrFree
FsRtlDedupChangeLogWrite
FsRtlDedupChangeUninit
FsRtlDeleteExtraCreateParameterLookasideList
FsRtlDeleteKeyFromTunnelCache
FsRtlDeleteTunnelCache
FsRtlDeregisterUncProvider
FsRtlDisallowLegacyFilterOnDevice
FsRtlDismountComplete
FsRtlDissectDbcs
FsRtlDissectName
FsRtlDoesDbcsContainWildCards
FsRtlDoesNameContainWildCards
FsRtlFastCheckLockForRead
FsRtlFastCheckLockForWrite
FsRtlFastUnlockAll
FsRtlFastUnlockAllByKey
FsRtlFastUnlockSingle
FsRtlFindExtraCreateParameter
FsRtlFindInTunnelCache
FsRtlFindInTunnelCacheEx
FsRtlFreeAePushLock
FsRtlFreeExtraCreateParameter
FsRtlFreeExtraCreateParameterList
FsRtlFreeFileLock
FsRtlGetCurrentProcessLoaderList
FsRtlGetEcpListFromIrp
FsRtlGetFileNameInformation
FsRtlGetFileSize
FsRtlGetIoAtEof
FsRtlGetNextBaseMcbEntry
FsRtlGetNextExtraCreateParameter
FsRtlGetNextFileLock
FsRtlGetNextLargeMcbEntry
FsRtlGetNextMcbEntry
FsRtlGetSectorSizeInformation
FsRtlGetSupportedFeatures
FsRtlGetVirtualDiskNestingLevel
FsRtlHeatInit
FsRtlHeatLogIo
FsRtlHeatLogTierMove
FsRtlHeatUninit
FsRtlIncrementCcFastMdlReadWait
FsRtlIncrementCcFastReadNoWait
FsRtlIncrementCcFastReadNotPossible
FsRtlIncrementCcFastReadResourceMiss
FsRtlIncrementCcFastReadWait
FsRtlInitExtraCreateParameterLookasideList
FsRtlInitializeBaseMcb
FsRtlInitializeBaseMcbEx
FsRtlInitializeEofLock
FsRtlInitializeExtraCreateParameter
FsRtlInitializeExtraCreateParameterList
FsRtlInitializeFileLock
FsRtlInitializeLargeMcb
FsRtlInitializeMcb
FsRtlInitializeOplock
FsRtlInitializeTunnelCache
FsRtlInsertExtraCreateParameter
FsRtlInsertPerFileContext
FsRtlInsertPerFileObjectContext

Sections

.rdata
Size: 832KB - Virtual size: 830KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 456KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PROTDATA
Size: 4KB - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

GFIDS
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Pad1
Size: - Virtual size: 588KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGELK
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

POOLCODE
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEKD
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEVRFY
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEHDLS
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEBGFX
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRACESUP
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGECMRC
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

KVASCODE
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RETPOL
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INITKDBG
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

MINIEX
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 600KB - Virtual size: 599KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Pad2
Size: - Virtual size: 340KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ALMOSTRO
Size: 8KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CACHEALI
Size: 4KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEDATA
Size: 12KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEVRFD
Size: 40KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INITDATA
Size: 4KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Pad3
Size: - Virtual size: 392KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CFGRO
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Pad4
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ole32.dll
.dll regsvr32 windows:10 windows x64 arch:x64

918e752ea7094cc9175df30c14ebecf2

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ac:66:32:1b:7b:23:bf:fa:84:4e:54:5e:2c:29:db:cc:cd:8e:44:3b:66:22:1d:62:fb:75:3f:ce:d2:f7:db:e7
Signer

Actual PE Digest

ac:66:32:1b:7b:23:bf:fa:84:4e:54:5e:2c:29:db:cc:cd:8e:44:3b:66:22:1d:62:fb:75:3f:ce:d2:f7:db:e7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ole32.pdb

Imports

msvcp_win

?_Throw_C_error@std@@YAXH@Z
_Query_perf_counter
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Query_perf_frequency

api-ms-win-crt-string-l1-1-0

memset
strcmp
wcscmp
strcspn
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
_o__wtoi
memmove
_o_fmod
_o_free
_o_malloc
_o_strcpy_s
_o_wcscpy_s
_o_wcsncat_s
_o_wcsncpy_s
_o_wcstol
_o_wcstoul
__C_specific_handler
wcschr
wcsrchr
__CxxFrameHandler4
__std_terminate
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_CxxThrowException
_local_unwind
memcmp
memcpy

ntdll

RtlInitializeCriticalSection
RtlInitializeCriticalSectionAndSpinCount
NtQuerySystemInformation
EtwEventRegister
EtwEventUnregister
EtwEventWriteTransfer
EtwUnregisterTraceGuids
EtwEventSetInformation
EtwGetTraceEnableFlags
EtwTraceMessage
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
RtlAllocateHeap
RtlImageNtHeader
RtlFreeHeap
NtQuerySystemInformationEx
NtQuerySecurityAttributesToken
NtSetInformationFile
ZwClose
EtwRegisterTraceGuidsW
ZwDeleteKey
RtlInitUnicodeString
ZwDeleteValueKey
RtlCompareUnicodeString
RtlDeleteCriticalSection
WinSqmSetDWORD
NtQueryWnfStateData
RtlQueryPackageClaims
RtlPublishWnfStateData
RtlGetNtSystemRoot
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlNtStatusToDosError
RtlLoadString
ZwCreateKey
ZwOpenKey
ZwEnumerateKey
ZwQueryValueKey
RtlWriteRegistryValue
RtlIsCriticalSectionLockedByThread
RtlAnsiStringToUnicodeString

kernelbase

lstrcmpiW
AreFileApisANSI
GlobalAlloc
GlobalFree
LocalLock
LocalAlloc
lstrcmpW
LocalUnlock
Sleep
GetPackageFullName
lstrlenW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
LoadLibraryExW
FreeLibrary
LoadResource
GetModuleFileNameW
LockResource
GetProcAddress
GetModuleHandleExW
LoadStringW
GetModuleHandleW
LoadLibraryExA

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InitializeSRWLock
InitializeCriticalSectionAndSpinCount
CreateMutexExW
ReleaseSRWLockExclusive
CreateEventW
SetEvent
OpenSemaphoreW
WaitForSingleObjectEx
ResetEvent
CreateEventExW
ReleaseMutex
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseSRWLockShared
ReleaseSemaphore
AcquireSRWLockShared
AcquireSRWLockExclusive
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapCreate
HeapAlloc
GetProcessHeap
HeapFree
HeapDestroy

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetProcessId
GetCurrentThread
OpenProcessToken
TlsAlloc
TerminateProcess
GetCurrentProcess
SetThreadToken
GetCurrentThreadId
CreateProcessW
TlsSetValue
GetCurrentProcessId
CreateThread
TlsFree

api-ms-win-core-wow64-l1-1-1

Wow64SetThreadDefaultGuestMachine
GetSystemWow64DirectoryW

api-ms-win-core-localization-l1-2-0

LCMapStringW
GetLocaleInfoW
GetUserDefaultLCID
GetSystemDefaultLCID
FormatMessageW
GetThreadLocale
IsDBCSLeadByte

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegDeleteKeyExA
RegQueryValueExW
RegCloseKey
RegDeleteKeyExW
RegQueryInfoKeyA
RegDeleteValueW
RegCreateKeyExW
RegQueryInfoKeyW
RegFlushKey
RegSetValueExW
RegOpenKeyExA
RegGetValueW
RegEnumValueW
RegEnumKeyExA
RegLoadMUIStringW
RegOpenKeyExW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-file-l1-1-0

GetTempFileNameW
GetFileAttributesW
GetDriveTypeW
CreateFileA
ReadFile
CreateFileW
GetFileAttributesExW
GetFullPathNameA
DeleteFileW
GetShortPathNameW
FindFirstFileW
FindClose
SetFilePointer
GetFullPathNameW

api-ms-win-core-string-l2-1-0

IsCharAlphaW
IsCharAlphaNumericW
CharPrevW
CharUpperW
CharNextW

api-ms-win-core-string-l1-1-0

GetStringTypeW
WideCharToMultiByte
CompareStringOrdinal
CompareStringW
MultiByteToWideChar

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetWindowsDirectoryW
GetVersion
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA
FindResourceW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
OpenFileMappingW

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
GetCommandLineW
ExpandEnvironmentStringsW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
SetThreadpoolWait
CreateThreadpoolWait
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolWait
WaitForThreadpoolWorkCallbacks
SubmitThreadpoolWork
CreateThreadpoolWork

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-debug-l1-1-1

CheckRemoteDebuggerPresent

api-ms-win-security-base-l1-1-0

GetTokenInformation
RevertToSelf
GetSidSubAuthority
GetSidSubAuthorityCount
CreateWellKnownSid
DuplicateToken
ImpersonateLoggedOnUser

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-processenvironment-l1-2-0

SearchPathA

api-ms-win-core-wow64-l1-1-0

Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
IsWow64Process

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv
DosDateTimeToFileTime
FileTimeToDosDateTime

api-ms-win-core-kernel32-private-l1-1-0

_lwrite
CheckElevationEnabled
_lclose
_lread
_llseek

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalHandle
GlobalLock
GlobalSize
GlobalReAlloc

api-ms-win-core-stringansi-l1-1-0

CharNextA
CharLowerA
CharPrevA
CharUpperA

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW
GlobalDeleteAtom
GlobalGetAtomNameA
GlobalAddAtomW
GlobalFindAtomA
GlobalFindAtomW
GlobalAddAtomA

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-sidebyside-l1-1-0

FindActCtxSectionGuid

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW

gdi32

GetDIBits
CreateDIBSection
SetDIBits
BitBlt
OffsetViewportOrgEx
GetWindowOrgEx
SetBkColor
SetStretchBltMode
StretchBlt
GetObjectType
GetCurrentObject
PatBlt
GetTextFaceW
GetTextMetricsW
EnumFontFamiliesExW
CreateHalftonePalette
CreateCompatibleBitmap
CreateDIBitmap
GetPaletteEntries
StretchDIBits
RealizePalette
CreatePalette
SetEnhMetaFileBits
GetEnhMetaFilePaletteEntries
DeleteDC
CreateCompatibleDC
PlayEnhMetaFileRecord
DeleteMetaFile
DeleteObject
CreateBitmap
GetObjectW
SetBitmapBits
GetBitmapBits
CopyMetaFileW
DeleteEnhMetaFile
CopyEnhMetaFileW
GetBitmapDimensionEx
SetBitmapDimensionEx
GetMetaFileBitsEx
SelectObject
CreateMetaFileA
CloseMetaFile
CreateFontIndirectW
GetTextMetricsA
SetMapMode
SetWindowOrgEx
SetWindowExtEx
Escape
SetTextColor
SetBkMode
GetTextExtentPointA
SetTextAlign
ExtTextOutA
GetDeviceCaps
SaveDC
IntersectClipRect
GetGraphicsMode
CreateEnhMetaFileW
PlayMetaFile
CloseEnhMetaFile
PlayEnhMetaFile
LPtoDP
SetViewportOrgEx
SetViewportExtEx
EnumMetaFile
GetStockObject
SelectPalette
RestoreDC
CreateMetaFileW
PlayMetaFileRecord
GetEnhMetaFileHeader
GetEnhMetaFileBits
SetWinMetaFileBits
GetWinMetaFileBits
SetMetaFileBitsEx
EnumEnhMetaFile
GetTextExtentPointW

user32

GetDlgItem
SendDlgItemMessageW
SetDlgItemTextW
MessageBoxW
GetActiveWindow
IsWindowEnabled
EnableWindow
DialogBoxParamW
CreateDialogParamW
SetWindowLongPtrW
GetWindowLongPtrW
GetShellWindow
GetWindowThreadProcessId
UnpackDDElParam
PackDDElParam
KillTimer
IsWindow
WaitForInputIdle
CreateWindowExW
PostMessageW
FreeDDElParam
DefWindowProcW
RegisterClassW
UnregisterClassW
GetClassNameW
GetWindow
SetWindowWord
GetWindowWord
RegisterClipboardFormatW
PostQuitMessage
GetClipboardFormatNameW
RegisterClipboardFormatA
GetClipboardFormatNameA
RegisterWindowMessageW
SetPropW
RemovePropW
GetPropW
SetCapture
ReleaseCapture
IsClipboardFormatAvailable
ShowWindow
SetClipboardData
GetClipboardSequenceNumber
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardOwner
EnumClipboardFormats
CountClipboardFormats
GetOpenClipboardWindow
SetCursor
LoadCursorW
SetForegroundWindow
GetKeyState
GetWindowLongW
IsIconic
SetThreadDpiAwarenessContext
GetWindowDpiAwarenessContext
GetCursor
GetCursorPos
GetForegroundWindow
RealChildWindowFromPoint
WindowFromPoint
SetRectEmpty
DrawIcon
GetSysColor
CreateCursor
CreateIcon
GetIconInfo
CopyIcon
CopyImage
GetFocus
GetMessageA
GetMessageW
DispatchMessageA
SetActiveWindow
GetWindowTextA
GetDialogBaseUnits
GetTopWindow
IsWindowUnicode
WinHelpW
SendMessageW
DestroyWindow
MoveWindow
GetDesktopWindow
GetClientRect
GetWindowRect
SetWindowTextW
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
GetClipboardData
PeekMessageW
ord2716
ord2715
ord2550
GetParent
AllowSetForegroundWindow
SetTimer
WaitMessage
MsgWaitForMultipleObjectsEx
CallMsgFilterW
GetThreadDpiAwarenessContext
ScreenToClient
CopyAcceleratorTableW
GetSubMenu
GetMenuItemID
InSendMessage
ReplyMessage
CallWindowProcW
SetFocus
SetWindowsHookExW
UnhookWindowsHookEx
GetMenuState
CallNextHookEx
ord2521
ReleaseDC
GetDC
DestroyIcon
LoadIconW
GetSystemMetrics
SystemParametersInfoW

combase

ord207
ord192
ord212
ord190
ord210
ord189
ord209
ord191
ord205
ord196
ord216
ord194
ord214
ord193
ord213
ord195
ord215
ord200
ord220
ord198
ord218
ord197
ord217
ord199
ord219
ord204
ord224
ord202
ord222
ord201
ord221
ord203
ord223
ord101
ord104
ord102
ord103
ord185
ord206
ord186
ord208
ord188
ord187
ord211

api-ms-win-core-psm-key-l1-1-0

PsmGetKeyFromToken

kernel32

VirtualProtect
VirtualAlloc
SetThreadStackGuarantee
VirtualQuery
RegOpenUserClassesRoot
GetModuleHandleExA
TryAcquireSRWLockExclusive

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

BindMoniker
CLIPFORMAT_UserFree
CLIPFORMAT_UserFree64
CLIPFORMAT_UserFreeExt
CLIPFORMAT_UserMarshal
CLIPFORMAT_UserMarshal64
CLIPFORMAT_UserMarshalExt
CLIPFORMAT_UserSize
CLIPFORMAT_UserSize64
CLIPFORMAT_UserSizeExt
CLIPFORMAT_UserUnmarshal
CLIPFORMAT_UserUnmarshal64
CLIPFORMAT_UserUnmarshalExt
CLSIDFromOle1Class
CLSIDFromProgID
CLSIDFromProgIDEx
CLSIDFromString
CStdAsyncStubBuffer2_Connect
CStdAsyncStubBuffer2_Disconnect
CStdAsyncStubBuffer2_Release
CStdAsyncStubBuffer_AddRef
CStdAsyncStubBuffer_Connect
CStdAsyncStubBuffer_Disconnect
CStdAsyncStubBuffer_Invoke
CStdAsyncStubBuffer_QueryInterface
CStdAsyncStubBuffer_Release
CStdStubBuffer2_Connect
CStdStubBuffer2_CountRefs
CStdStubBuffer2_Disconnect
CStdStubBuffer2_QueryInterface
CheckInitDde
CleanROTForApartment
ClipboardProcessUninitialize
CoAddRefServerProcess
CoAicGetTokenForCOM
CoAllowSetForegroundWindow
CoAllowUnmarshalerCLSID
CoBuildVersion
CoCancelCall
CoCheckElevationEnabled
CoCopyProxy
CoCreateFreeThreadedMarshaler
CoCreateGuid
CoCreateInstance
CoCreateInstanceEx
CoCreateInstanceFromApp
CoCreateObjectInContext
CoDeactivateObject
CoDecodeProxy
CoDecrementMTAUsage
CoDisableCallCancellation
CoDisconnectContext
CoDisconnectObject
CoDosDateTimeToFileTime
CoEnableCallCancellation
CoFileTimeNow
CoFileTimeToDosDateTime
CoFreeAllLibraries
CoFreeLibrary
CoFreeUnusedLibraries
CoFreeUnusedLibrariesEx
CoGetActivationState
CoGetApartmentID
CoGetApartmentType
CoGetCallContext
CoGetCallState
CoGetCallerTID
CoGetCancelObject
CoGetClassObject
CoGetClassVersion
CoGetComCatalog
CoGetContextToken
CoGetCurrentLogicalThreadId
CoGetCurrentProcess
CoGetDefaultContext
CoGetInstanceFromFile
CoGetInstanceFromIStorage
CoGetInterceptor
CoGetInterceptorForOle32
CoGetInterceptorFromTypeInfo
CoGetInterfaceAndReleaseStream
CoGetMalloc
CoGetMarshalSizeMax
CoGetModuleType
CoGetObject
CoGetObjectContext
CoGetPSClsid
CoGetProcessIdentifier
CoGetStandardMarshal
CoGetStdMarshalEx
CoGetSystemSecurityPermissions
CoGetSystemWow64DirectoryW
CoGetTreatAsClass
CoHandlePriorityEventsFromMessagePump
CoImpersonateClient
CoIncrementMTAUsage
CoInitialize
CoInitializeEx
CoInitializeSecurity
CoInitializeWOW
CoInstall
CoInvalidateRemoteMachineBindings
CoIsHandlerConnected
CoIsOle1Class
CoLoadLibrary
CoLockObjectExternal
CoMarshalHresult
CoMarshalInterThreadInterfaceInStream
CoMarshalInterface
CoPopServiceDomain
CoPushServiceDomain
CoQueryAuthenticationServices
CoQueryClientBlanket
CoQueryProxyBlanket
CoQueryReleaseObject
CoReactivateObject
CoRegisterActivationFilter
CoRegisterChannelHook
CoRegisterClassObject
CoRegisterInitializeSpy
CoRegisterMallocSpy
CoRegisterMessageFilter
CoRegisterPSClsid
CoRegisterSurrogate
CoRegisterSurrogateEx
CoReleaseMarshalData
CoReleaseServerProcess
CoResumeClassObjects
CoRetireServer
CoRevertToSelf
CoRevokeClassObject
CoRevokeInitializeSpy
CoRevokeMallocSpy
CoSetCancelObject
CoSetMessageDispatcher
CoSetProxyBlanket
CoSetState
CoSuspendClassObjects
CoSwitchCallContext
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoTestCancel
CoTreatAsClass
CoTryGetInterceptorForAppModelVirtualization
CoUninitialize
CoUnloadingWOW
CoUnmarshalHresult
CoUnmarshalInterface
CoVrfCheckThreadState
CoVrfGetThreadState
CoVrfReleaseThreadState
CoWaitForMultipleHandles
CoWaitForMultipleObjects
ComPs_NdrDllCanUnloadNow
ComPs_NdrDllGetClassObject
ComPs_NdrDllRegisterProxy
ComPs_NdrDllUnregisterProxy
CreateAntiMoniker
CreateBindCtx
CreateClassMoniker
CreateDataAdviseHolder
CreateDataCache
CreateErrorInfo
CreateFileMoniker
CreateGenericComposite
CreateILockBytesOnHGlobal
CreateItemMoniker
CreateObjrefMoniker
CreateOleAdviseHolder
CreatePointerMoniker
CreateStdProgressIndicator
CreateStreamOnHGlobal
DcomChannelSetHResult
DdeBindToObject
DeletePatternAndExtensionTables
DestroyRunningObjectTable
DllDebugObjectRPCHook
DllGetClassObject
DllGetClassObjectWOW
DllRegisterServer
DoDragDrop
DragDropSetFDT
EnableHookObject
FindExt
FmtIdToPropStgName
FreePropVariantArray
GetActiveObjectExt
GetClassFile
GetConvertStg
GetDocumentBitStg
GetErrorInfo
GetHGlobalFromILockBytes
GetHGlobalFromStream
GetHookInterface
GetObjectFromRotByPath
GetRunningObjectTable
HACCEL_UserFree
HACCEL_UserFree64
HACCEL_UserMarshal
HACCEL_UserMarshal64
HACCEL_UserSize
HACCEL_UserSize64
HACCEL_UserUnmarshal
HACCEL_UserUnmarshal64
HBITMAP_UserFree
HBITMAP_UserFree64
HBITMAP_UserMarshal
HBITMAP_UserMarshal64
HBITMAP_UserSize
HBITMAP_UserSize64
HBITMAP_UserUnmarshal
HBITMAP_UserUnmarshal64
HBRUSH_UserFree
HBRUSH_UserFree64
HBRUSH_UserMarshal
HBRUSH_UserMarshal64
HBRUSH_UserSize
HBRUSH_UserSize64
HBRUSH_UserUnmarshal
HBRUSH_UserUnmarshal64
HDC_UserFree
HDC_UserFree64
HDC_UserMarshal
HDC_UserMarshal64
HDC_UserSize
HDC_UserSize64
HDC_UserUnmarshal
HDC_UserUnmarshal64
HENHMETAFILE_UserFree
HENHMETAFILE_UserFree64
HENHMETAFILE_UserMarshal
HENHMETAFILE_UserMarshal64
HENHMETAFILE_UserSize
HENHMETAFILE_UserSize64
HENHMETAFILE_UserUnmarshal
HENHMETAFILE_UserUnmarshal64
HGLOBAL_UserFree
HGLOBAL_UserFree64
HGLOBAL_UserMarshal
HGLOBAL_UserMarshal64
HGLOBAL_UserSize
HGLOBAL_UserSize64
HGLOBAL_UserUnmarshal
HGLOBAL_UserUnmarshal64
HICON_UserFree
HICON_UserFree64
HICON_UserMarshal
HICON_UserMarshal64
HICON_UserSize
HICON_UserSize64
HICON_UserUnmarshal
HICON_UserUnmarshal64
HMENU_UserFree
HMENU_UserFree64
HMENU_UserMarshal
HMENU_UserMarshal64
HMENU_UserSize
HMENU_UserSize64
HMENU_UserUnmarshal
HMENU_UserUnmarshal64
HMETAFILEPICT_UserFree
HMETAFILEPICT_UserFree64
HMETAFILEPICT_UserMarshal
HMETAFILEPICT_UserMarshal64
HMETAFILEPICT_UserSize
HMETAFILEPICT_UserSize64
HMETAFILEPICT_UserUnmarshal
HMETAFILEPICT_UserUnmarshal64
HMETAFILE_UserFree
HMETAFILE_UserFree64
HMETAFILE_UserMarshal
HMETAFILE_UserMarshal64
HMETAFILE_UserSize
HMETAFILE_UserSize64
HMETAFILE_UserUnmarshal
HMETAFILE_UserUnmarshal64
HMONITOR_UserFree
HMONITOR_UserFree64
HMONITOR_UserMarshal
HMONITOR_UserMarshal64
HMONITOR_UserSize
HMONITOR_UserSize64
HMONITOR_UserUnmarshal
HMONITOR_UserUnmarshal64
HPALETTE_UserFree
HPALETTE_UserFree64
HPALETTE_UserFreeExt
HPALETTE_UserMarshal
HPALETTE_UserMarshal64
HPALETTE_UserMarshalExt
HPALETTE_UserSize
HPALETTE_UserSize64
HPALETTE_UserSizeExt
HPALETTE_UserUnmarshal
HPALETTE_UserUnmarshal64
HPALETTE_UserUnmarshalExt
HRGN_UserFree
HRGN_UserMarshal
HRGN_UserSize
HRGN_UserUnmarshal
HWND_UserFree
HWND_UserFree64
HWND_UserFree64Ext
HWND_UserFreeExt
HWND_UserMarshal
HWND_UserMarshal64
HWND_UserMarshal64Ext
HWND_UserMarshalExt
HWND_UserSize
HWND_UserSize64
HWND_UserSize64Ext
HWND_UserSizeExt
HWND_UserUnmarshal
HWND_UserUnmarshal64
HWND_UserUnmarshal64Ext
HWND_UserUnmarshalExt
HkOleRegisterObject
IIDFromString
IsAccelerator
IsEqualGUID
IsRoInitializeASTAAllowedInDesktop
IsValidIid
IsValidInterface
IsValidPtrIn
IsValidPtrOut
MkParseDisplayName
MonikerCommonPrefixWith
MonikerLoadTypeLib
MonikerRelativePathTo
NdrOleInitializeExtension
NdrProxyForwardingFunction10
NdrProxyForwardingFunction11
NdrProxyForwardingFunction12
NdrProxyForwardingFunction13
NdrProxyForwardingFunction14
NdrProxyForwardingFunction15
NdrProxyForwardingFunction16
NdrProxyForwardingFunction17
NdrProxyForwardingFunction18
NdrProxyForwardingFunction19
NdrProxyForwardingFunction20
NdrProxyForwardingFunction21
NdrProxyForwardingFunction22
NdrProxyForwardingFunction23
NdrProxyForwardingFunction24
NdrProxyForwardingFunction25
NdrProxyForwardingFunction26
NdrProxyForwardingFunction27
NdrProxyForwardingFunction28
NdrProxyForwardingFunction29
NdrProxyForwardingFunction3
NdrProxyForwardingFunction30
NdrProxyForwardingFunction31
NdrProxyForwardingFunction32
NdrProxyForwardingFunction4
NdrProxyForwardingFunction5
NdrProxyForwardingFunction6
NdrProxyForwardingFunction7
NdrProxyForwardingFunction8
NdrProxyForwardingFunction9
ObjectStublessClient10
ObjectStublessClient11
ObjectStublessClient12
ObjectStublessClient13
ObjectStublessClient14
ObjectStublessClient15
ObjectStublessClient16
ObjectStublessClient17
ObjectStublessClient18
ObjectStublessClient19
ObjectStublessClient20
ObjectStublessClient21
ObjectStublessClient22
ObjectStublessClient23
ObjectStublessClient24
ObjectStublessClient25
ObjectStublessClient26
ObjectStublessClient27
ObjectStublessClient28
ObjectStublessClient29
ObjectStublessClient3
ObjectStublessClient30
ObjectStublessClient31
ObjectStublessClient32
ObjectStublessClient4
ObjectStublessClient5
ObjectStublessClient6
ObjectStublessClient7
ObjectStublessClient8
ObjectStublessClient9
Ole32DllGetClassObject
OleBuildVersion
OleConvertIStorageToOLESTREAM
OleConvertIStorageToOLESTREAMEx
OleConvertOLESTREAMToIStorage
OleConvertOLESTREAMToIStorage2
OleConvertOLESTREAMToIStorageEx
OleConvertOLESTREAMToIStorageEx2
OleCreate
OleCreateDefaultHandler
OleCreateEmbeddingHelper
OleCreateEx
OleCreateFontIndirectExt
OleCreateFromData
OleCreateFromDataEx
OleCreateFromFile
OleCreateFromFileEx
OleCreateLink
OleCreateLinkEx
OleCreateLinkFromData
OleCreateLinkFromDataEx
OleCreateLinkToFile
OleCreateLinkToFileEx
OleCreateMenuDescriptor
OleCreatePictureIndirectExt
OleCreatePropertyFrameIndirectExt
OleCreateStaticFromData
OleDestroyMenuDescriptor
OleDoAutoConvert
OleDraw
OleDuplicateData
OleFlushClipboard
OleGetAutoConvert
OleGetClipboard
OleGetClipboardWithEnterpriseInfo
OleGetIconOfClass
OleGetIconOfFile
OleGetPackageClipboardOwner
OleIconToCursorExt
OleInitialize
OleInitializeWOW
OleIsCurrentClipboard
OleIsRunning
OleLoad
OleLoadFromStream
OleLoadPictureExt
OleLoadPictureFileExt
OleLoadPicturePathExt
OleLockRunning
OleMetafilePictFromIconAndLabel
OleNoteObjectVisible
OleQueryCreateFromData
OleQueryLinkFromData
OleRegEnumFormatEtc
OleRegEnumVerbs
OleRegGetMiscStatus
OleRegGetUserType
OleReleaseEnumVerbCache
OleRun
OleSave
OleSavePictureFileExt
OleSaveToStream
OleSetAutoConvert
OleSetClipboard
OleSetContainedObject
OleSetMenuDescriptor
OleTranslateAccelerator
OleTranslateColorExt
OleUninitialize
OpenOrCreateStream
ProgIDFromCLSID
PropStgNameToFmtId
PropSysAllocString
PropSysFreeString
PropVariantChangeType
PropVariantClear
PropVariantCopy
ReadClassStg
ReadClassStm
ReadFmtUserTypeStg
ReadOleStg
ReadStorageProperties
ReadStringStream
RegisterActiveObjectExt
RegisterDragDrop
ReleaseStgMedium
RevokeActiveObjectExt
RevokeDragDrop
RoGetAgileReference
SNB_UserFree
SNB_UserFree64
SNB_UserMarshal
SNB_UserMarshal64
SNB_UserSize
SNB_UserSize64
SNB_UserUnmarshal
SNB_UserUnmarshal64
STGMEDIUM_UserFree
STGMEDIUM_UserFree64
STGMEDIUM_UserFreeExt
STGMEDIUM_UserMarshal
STGMEDIUM_UserMarshal64
STGMEDIUM_UserMarshalExt
STGMEDIUM_UserSize
STGMEDIUM_UserSize64
STGMEDIUM_UserSizeExt
STGMEDIUM_UserUnmarshal
STGMEDIUM_UserUnmarshal64
STGMEDIUM_UserUnmarshalExt

Sections

.text
Size: 904KB - Virtual size: 902KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 480KB - Virtual size: 479KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
omadmapi.dll
.dll windows:10 windows x64 arch:x64

e9254e5090fde968e0236e18df86fb49

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d3:31:47:88:b7:1c:f9:b6:e2:a9:62:d5:80:d4:7b:2d:9c:ef:8c:c4:6a:e5:c4:89:92:7e:9d:ed:b4:80:cf:74
Signer

Actual PE Digest

d3:31:47:88:b7:1c:f9:b6:e2:a9:62:d5:80:d4:7b:2d:9c:ef:8c:c4:6a:e5:c4:89:92:7e:9d:ed:b4:80:cf:74

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

omadmapi.pdb

Imports

msvcp110_win

?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Syserror_map@std@@YAPEBDH@Z

msvcrt

memmove
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
_callnewh
malloc
wcstod
_purecall
_wcsupr_s
_ultow_s
towlower
memmove_s
??_V@YAXPEAX@Z
wcsrchr
wcschr
_wcsicmp
wcstoul
memcpy
memcmp
_CxxThrowException
strncpy_s
_set_errno
_errno
strtol
strchr
strrchr
sprintf_s
iswspace
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
__CxxFrameHandler4
__CxxFrameHandler3
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
DisableThreadLibraryCalls
GetModuleHandleExW
FreeLibrary
GetModuleFileNameW
LoadLibraryExA
GetModuleFileNameA
GetProcAddress

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegDeleteValueW
RegDeleteTreeW
RegCloseKey
RegGetValueW
RegQueryInfoKeyW

api-ms-win-core-synch-l1-1-0

CreateMutexW
LeaveCriticalSection
ReleaseSemaphore
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
WaitForSingleObjectEx
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseMutex
WaitForSingleObject
CreateMutexExW
CreateSemaphoreExW
OpenSemaphoreW
SetEvent
ResetEvent
CreateEventW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CLSIDFromString
StringFromGUID2
CoCreateGuid
CoInitializeEx
CoUninitialize
CoCreateInstance

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-security-base-l1-1-0

IsWellKnownSid

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-synch-l1-2-0

Sleep
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

RtlIsStateSeparationEnabled
RtlCaptureStackBackTrace

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

Exports

Exports

AcquireConfigRefreshMutex
AcquireOmaDmClientMutex
Base64StringToHexString
CalcHash
DmCreateSecurityAccount
DmGetHighestTemplateGroup
DmSecGroupSIDToRole
DmSecRoleToGroupSID
DmSecurityAccountInGroup
DmSecurityRoleFromAccountName
FindEndOfHeader
FindHeaderValue
FreeCommandLineOptions
GetStructFromRegistry
HashCert
HexStringToBase64String
IsConfigRefreshSemaphoreSignaled
MdmSendAlert
OmaDmAbortSession
OmaDmAbortSession_Impl
OmaDmCalcTriggerDigest
OmaDmClearAcctInfo
OmaDmClearAcctInfoValues
OmaDmCloseSession
OmaDmCloseSession_Impl
OmaDmCreateInternalAcctID
OmaDmCreateSecurityAccount
OmaDmCreateSessionPolicy
OmaDmDeleteAcctInfo
OmaDmDeleteAcctInfoWaitForCompletion
OmaDmDeleteAcctInfo_Impl
OmaDmDeleteSecurityAccount
OmaDmDeleteSessionPolicy
OmaDmDeleteUserInfo
OmaDmEnumerateAccounts
OmaDmEnumerateInitiationInfo
OmaDmEnumerateSessions
OmaDmFindAppAuthIndex
OmaDmFreeAcctInfo
OmaDmFreeAlertInfo
OmaDmFreeInitiationInfo
OmaDmFreeUserInfo
OmaDmGetAcctIDFromAcctUID
OmaDmGetAcctInfo
OmaDmGetAcctInfoFromKey
OmaDmGetAcctMemberInfo
OmaDmGetAllAcctInfo
OmaDmGetDefaultAcctUID
OmaDmGetFirstMatchingAccountID
OmaDmGetInitiationInfo
OmaDmGetInternalAcctID
OmaDmGetInternalAcctSID
OmaDmGetNextSessionIDToUse
OmaDmGetUserInfo
OmaDmGetValueFromStruct
OmaDmInitiateSession
OmaDmInitiateSessionAsDevice
OmaDmInitiateSessionAsUser
OmaDmInitiateSessionEx
OmaDmInitiateSessionFullSync
OmaDmInitiateSessionWithSessionID
OmaDmInitiateSession_Impl
OmaDmIsInformativeServerSessionActive
OmaDmIsNodePresent
OmaDmIsNodeValuePresent
OmaDmSaveAcctInfoToKey
OmaDmSendAlertNotification
OmaDmSendAlertNotification3
OmaDmSendAlertNotificationEx
OmaDmSetAcctInfo
OmaDmSetAcctInfoAllowed_Impl
OmaDmSetAcctInfoEx
OmaDmSetAcctInfo_Impl
OmaDmSetInitiationInfo
OmaDmSetNodePresence
OmaDmSetNodeValuePresence
OmaDmSetUserInfo
OmaDmSetUserInfoNodeValuePresence
OmaDmSetUserInfoValueInStruct
OmaDmSetValueInStruct
OmaDmUnsetNodePresence
OmaDmValidateSslCertCriteria
OmaDmWaitForAllSessionsCompletion
ProcessCommandLine
ProcessCommandLineOption
ReadBSTRFromStream
ReadStringFromStream
ReadVariantFromStream
ReleaseConfigRefreshMutex
ReleaseOmaDmClientMutex
SaveStructInRegistry
SyncDmGroupMembershipToPolicy
Trim
TruncateTextToLength
URIEncodeSegment
ValidateStringAsFloat
WriteBSTRToStream
WriteStringToStream
WriteVariantToStream

Sections

.text
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
omadmclient.exe
.exe windows:10 windows x64 arch:x64

7f314b5a9568e601c86b49c82b87a53c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

omadmclient.pdb

Imports

msvcp110_win

?_Xinvalid_argument@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ

msvcrt

strstr
wcschr
swscanf_s
iswspace
_wtoi
_wtol
wcsrchr
_wcsupr_s
wcstod
_strnicmp
_ultow_s
wcstol
wcsncmp
wcsncpy_s
_wcsnicmp
__CxxFrameHandler3
wcsstr
sprintf_s
strrchr
strchr
strtol
_errno
_set_errno
strncpy_s
memset
memmove
memcpy
memcmp
_CxxThrowException
_wcsicmp
??3@YAXPEAX@Z
__CxxFrameHandler4
??_V@YAXPEAX@Z
_vsnwprintf
memcpy_s
_purecall
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
memmove_s
malloc
_callnewh
wcscmp
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
_ismbblead
__setusermatherr
_initterm
__C_specific_handler
_acmdln
_fmode
_commode
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
FindStringOrdinal
GetModuleHandleExA
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
GetProcAddress
LoadStringW
LoadLibraryExW

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegQueryValueExW
RegDeleteValueW
RegGetValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegNotifyChangeKeyValue
RegEnumKeyExW
RegCloseKey
RegSetValueExW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
CreateEventW
CreateSemaphoreExW
EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
CreateEventExW
DeleteCriticalSection
WaitForMultipleObjectsEx
WaitForSingleObject
ReleaseMutex
OpenSemaphoreW
ReleaseSRWLockShared
ResetEvent
InitializeCriticalSection
SetEvent
ReleaseSRWLockExclusive
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitializeCriticalSectionEx
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles
CoGetApartmentType
CLSIDFromString
GetHGlobalFromStream
CoCreateInstanceEx
CreateStreamOnHGlobal
CoInitializeSecurity

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWork
CreateThreadpoolWork
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
GetCurrentThread
CreateProcessAsUserW
GetStartupInfoW
OpenThreadToken
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
Sleep

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemTime
GetTickCount64
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

crypt32

CertCompareCertificateName
CertGetCertificateChain
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CryptHashCertificate
CertStrToNameW
CertGetNameStringW
CertOpenStore
CryptSignMessage
CryptVerifyMessageSignature
CryptEncryptMessage
CryptDecryptMessage
CertVerifyCertificateChainPolicy

xmllite

CreateXmlWriterOutputWithEncodingName
CreateXmlWriter
CreateXmlReaderInputWithEncodingName
CreateXmlReader

coredpus

ord10
ord12
ord8
ord4
ord13
ord6
ord3
ord14
ord11
ord7
ord5
ord9

cryptsp

CryptGenRandom
CryptReleaseContext
CryptDestroyHash
CryptCreateHash
CryptAcquireContextW
CryptHashData
CryptGetHashParam

dmcmnutils

EncodeBase64
DmCreateTask
DmIsTaskScheduled
BigStrcat
DmWnfQuery
CopyString
DmCancelGetUserPermissionAsync
QueryPolicy
DmIsDeviceConnected
MBToUnicode
UnicodeToMB
OmaDmRegistryGetDWORD
DmInformUser
DmGetUserPermissionAsync
DmGetUserPermission
OmaDmRegistrySetDWORD
DmPlayNotificationSound
DmMdmSign
DmCheckIfAadAccountLoggedOn
DmRevertToSelf
DmImpersonate
DmGetActiveUserSid
DmIsDeviceRoaming
InvStrCmpNIW
SetConnectionPriority
OmaDmRegistryGetBinary
OmaDmRegistryGetString
InvStrCmpIW
HexStringToBinary
BinaryToHexString
DmInitializeContainer
DmUnregisterRoamingNotification
DmStartContainerActivity
DmStopContainerActivity
DmRegisterRoamingNotification
DmReleaseContainer
DmGetAadDeviceToken
EncodeBase64W
DmGetAadEnrollmentResource
IsWvdSku
SafeStringToDword
DecodeBase64W
InvStrCmpW
DmGetAadUserToken

omadmapi

ord52
ord53
ord89
ord90
ord91
ord87
ord86
ord51
ord100
ord40
ord47
ord24
ord27
ord48
ord54
ord115
ord38
ord23
ord39
ord114
ord44
ord56
ord116
ord64
ord22
ord41
ord55

dmiso8601utils

ISO8601StringToSystemTime
FileTimeToISO8601String
ISO8601StringToFileTime
SystemTimeToISO8601String

profapi

ord104

api-ms-win-shcore-stream-l1-1-0

IStream_Size
SHCreateStreamOnFileEx
SHCreateMemStream

umpdc

Pdcv2ActivationClientRegister
Pdcv2ActivationClientDeactivate
Pdcv2ActivationClientRenewActivation
Pdcv2ActivationClientUnregister
Pdcv2ActivationClientActivate

dmenrollengine

GetEnrollmentState
GetEnrollmentForceAadToken
SetEnrollState
GetEnrollmentClientCertThumbprint
GetEnrollmentAadSendDeviceToken
GetEnrollmentPartnerOpaqueID
GetEnrollmentType
ord9
GetEnrollmentCertStore
GetEnrollmentAadResourceUrl
GetEnrollmentSID
GetEnrollmentAuthPolicy
GetRecoveryInitiatedByServer
GetIsRecoveryAllowed
SetRecoveryRetryCount
GetRecoveryRetryCount

dmenterprisediagnostics

RecordDiagnosticsError

ntdll

RtlFreeHeap
RtlAllocateHeap
RtlIsStateSeparationEnabled

api-ms-win-core-processthreads-l1-1-1

OpenProcess

rpcrt4

UuidCreate
UuidFromStringW

api-ms-win-core-file-l1-1-0

GetFullPathNameW
GetFileSizeEx
CreateFileW
WriteFile
CompareFileTime
ReadFile
GetTempFileNameW
GetFileAttributesW
DeleteFileW
CreateDirectoryW

oleaut32

SafeArrayCreate
VariantClear
SafeArrayUnaccessData
SafeArrayDestroy
SysFreeString
VariantChangeType
VariantInit
SysAllocString
SafeArrayAccessData

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoActivateInstance

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification
PowerSettingUnregisterNotification

iphlpapi

ConvertInterfaceGuidToLuid
ConvertInterfaceLuidToIndex

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchCombine
PathCchSkipRoot
PathCchAppend

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-oobe-notification-l1-1-0

OOBEComplete

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 340KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pacjsworker.exe
.exe windows:10 windows x64 arch:x64

84970980433aae64352684fdbfe4e420

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:7e:13:cc:b2:72:66:ff:0d:84:59:39:82:47:29:6c:7d:00:e0:b1:94:4a:8d:e3:36:2d:26:bf:33:22:99:cb
Signer

Actual PE Digest

b9:7e:13:cc:b2:72:66:ff:0d:84:59:39:82:47:29:6c:7d:00:e0:b1:94:4a:8d:e3:36:2d:26:bf:33:22:99:cb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

pacjsworker.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___p___wargv
_o___p__commode
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o___p___argc
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context

api-ms-win-crt-string-l1-1-0

memset

winhttp

WinHttpPacJsWorkerMain

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pcadm.dll
.dll windows:10 windows x64 arch:x64

9423e5d25d89fd1a739d21fd5e0e3c9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

pcadm.pdb

Imports

msvcrt

wcscpy_s
_vsnwprintf
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
??0bad_cast@@QEAA@AEBV0@@Z
wcstol
memcpy_s
fflush
fclose
fputwc
ungetwc
fgetc
??3@YAXPEAX@Z
_purecall
__mb_cur_max
?what@exception@@UEBAPEBDXZ
??1type_info@@UEAA@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
memcmp
_wsetlocale
__crtLCMapStringW
_wcsdup
memset
sprintf_s
abort
_ismbblead
___mb_cur_max_func
calloc
___lc_codepage_func
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBV0@@Z
fgetwc
fwrite
swprintf_s
strchr
wcschr
wcscat_s
___lc_handle_func
__pctype_func
_wfsopen
fseek
??0exception@@QEAA@AEBQEBDH@Z
__uncaught_exception
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
setlocale
_unlock
_lock
_callnewh
malloc
memmove_s
_fseeki64
fsetpos
ungetc
free
setvbuf
fgetpos
_vsnprintf_s
_errno
_vsnprintf
strcpy_s
_wcsicmp
__CxxFrameHandler4
_wcslwr
wcsstr
_wcsnicmp
wcsrchr

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtCreateFile
EtwEventWriteNoRegistration
ZwQuerySystemInformation
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlUpcaseUnicodeChar
RtlGetNativeSystemInformation
RtlInitUnicodeStringEx
RtlInitAnsiString
ZwEnumerateKey
RtlGetNtSystemRoot
ZwClose
ZwOpenKey
RtlDeleteCriticalSection
RtlEqualString
RtlEnterCriticalSection
RtlMultiByteToUnicodeN
RtlInitializeCriticalSection
RtlLeaveCriticalSection
EtwEventUnregister
EtwEventWrite
EtwEventRegister
RtlInitString
NtQueryInformationFile
NtClose
RtlInitUnicodeString
RtlDosPathNameToRelativeNtPathName_U_WithStatus
LdrGetDllHandle
LdrGetProcedureAddress
ZwQueryValueKey
RtlAllocateHeap
RtlFreeHeap
RtlDoesFileExists_U

advapi32

RegSetValueExW
EventRegister
EventUnregister
RegCreateKeyExW
RegFlushKey
RegCloseKey
EventWriteTransfer

kernel32

ExpandEnvironmentStringsW
OutputDebugStringA
GetModuleFileNameW
GetModuleHandleExA
HeapFree
GetTickCount64
HeapReAlloc
CreateDirectoryW
GetModuleFileNameA
GetFileSizeEx
CreateSemaphoreExW
SetLastError
EnterCriticalSection
ReleaseSemaphore
WriteFile
GetModuleHandleExW
LockFile
LeaveCriticalSection
SetFilePointer
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
CreateFileW
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
HeapAlloc
GetSystemTime
ReleaseSRWLockExclusive
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DecodePointer
EncodePointer
Sleep
WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar
CreateProcessW
IsDebuggerPresent
LoadLibraryExW
GetFileTime
DebugBreak
OutputDebugStringW
FreeLibrary
GetModuleHandleW
SystemTimeToFileTime
GetCurrentProcessId
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
GetProcAddress
GetWindowsDirectoryW
UnlockFile
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CloseThreadpoolTimer
GetProcessHeap

wdi

WdiGetParameterData
WdiSetResolution
WdiAddParameter
WdiSetProblemDetectionResult
WdiGetParameterDataLength
WdiGetEvent
WdiGetDiagnosticModuleId
WdiGetParameterByName

pcacli

PcaIsPcaDisabled
PcaSendToService

aepic

PicFreeFileInfo
PicRetrieveFileInfo

api-ms-win-security-base-l1-1-0

GetTokenInformation
GetLengthSid

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory

Exports

Exports

PcaPldAddGenDbRecord
PcaPldGetAppsLaunchedWithinPeriod
PcaPldGetValueInDictionary
PcaPldParseGenDbRecord
PcaPldRecordAppLaunch
PcaPldSetValueInDictionary
WdiDiagnosticModuleMain
WdiGetDiagnosticModuleInterfaceVersion
WdiHandleInstance

Sections

.text
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pcasvc.dll
.dll windows:10 windows x64 arch:x64

caaec298377048744420b4030cf52ebc

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:4c:44:5a:9e:69:d9:09:93:e6:25:bc:1b:36:38:71:67:ea:88:f9:d9:e4:97:0b:92:c7:83:0f:38:40:ea:ed
Signer

Actual PE Digest

2a:4c:44:5a:9e:69:d9:09:93:e6:25:bc:1b:36:38:71:67:ea:88:f9:d9:e4:97:0b:92:c7:83:0f:38:40:ea:ed

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

pcasvc.pdb

Imports

msvcrt

swscanf_s
wcsstr
_wcsnicmp
_wcsicmp
toupper
wcsrchr
wcsncmp
memchr
memcmp
memset
strcmp
??1type_info@@UEAA@XZ
_onexit
qsort
_unlock
_lock
_vsnprintf
?terminate@@YAXXZ
sscanf_s
towlower
__C_specific_handler
strcpy_s
_initterm
_itoa_s
_wsplitpath_s
_wtoi
free
wcscpy_s
_wtof
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
wcstoul
_vsnwprintf_s
_wcslwr_s
?what@exception@@UEBAPEBDXZ
_wcslwr
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
wcsncpy_s
_itow_s
sprintf_s
malloc
_wfopen_s
fclose
strncmp
fwprintf_s
memmove_s
__CxxFrameHandler4
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
wcscat_s
strerror
wcschr
swprintf_s
strchr
wcsspn
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
memcpy_s
__dllonexit
_vsnwprintf
wcscmp

ntdll

RtlCaptureContext
RtlValidSid
RtlEqualString
RtlFreeSid
RtlMultiByteToUnicodeN
EtwEventUnregister
EtwEventWrite
EtwEventRegister
RtlGetVersion
ZwEnumerateValueKey
RtlRunOnceExecuteOnce
RtlAllocateAndInitializeSid
RtlImageNtHeaderEx
NtQueryInformationFile
RtlCopyUnicodeString
NtSetValueKey
NtDeleteValueKey
RtlTryEnterCriticalSection
RtlInitializeSRWLock
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
NtSuspendProcess
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlEnterCriticalSection
NtResumeProcess
RtlDeleteCriticalSection
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlPublishWnfStateData
NtQuerySystemInformation
RtlSubscribeWnfStateChangeNotification
RtlComputeCrc32
RtlGetPersistedStateLocation
RtlNtStatusToDosErrorNoTeb
RtlGetDeviceFamilyInfoEnum
RtlIsCriticalSectionLockedByThread
RtlDoesFileExists_U
RtlNtStatusToDosError
RtlStringFromGUID
RtlGetNtSystemRoot
WinSqmIsOptedInEx
RtlCompareMemory
NtQuerySystemTime
EtwEventWriteNoRegistration
ZwOpenKey
NtQueryValueKey
ZwClose
LdrResSearchResource
ZwQueryInformationFile
ZwOpenFile
ZwQueryValueKey
RtlInitString
NtOpenProcessToken
NtQueryInformationToken
NtOpenThreadToken
RtlImageRvaToVa
NtCreateSection
NtQuerySection
EtwTraceMessage
RtlDosPathNameToNtPathName_U
NtOpenFile
RtlFreeHeap
ZwEnumerateKey
RtlFormatCurrentUserKeyPath
RtlInitAnsiString
ZwMapViewOfSection
RtlUnicodeStringToAnsiString
RtlInitUnicodeStringEx
NtClose
ZwSetInformationProcess
ZwQueryDirectoryFile
RtlReAllocateHeap
RtlVerifyVersionInfo
RtlGetFullPathName_UEx
RtlSecondsSince1970ToTime
RtlGetNativeSystemInformation
ZwCreateKey
RtlInitUnicodeString
RtlpEnsureBufferSize
ZwQueryInformationProcess
RtlxAnsiStringToUnicodeSize
RtlFreeUnicodeString
ZwCreateSection
RtlUpcaseUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
RtlUpcaseUnicodeChar
RtlTimeToTimeFields
ZwCreateFile
RtlAppendUnicodeToString
RtlNtPathNameToDosPathName
RtlAllocateHeap
RtlAppendUnicodeStringToString
ZwUnmapViewOfSection
NtApphelpCacheControl
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
RtlAnsiStringToUnicodeString
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExA
FreeLibrary
LoadResource
GetModuleHandleExW
GetProcAddress
GetModuleFileNameW
GetModuleFileNameA
SizeofResource
LockResource
LoadLibraryExW
FindResourceExW

rpcrt4

RpcRevertToSelfEx
I_RpcBindingInqLocalClientPID
NdrServerCall2
RpcImpersonateClient
RpcServerInqBindings
RpcEpRegisterW
RpcEpUnregister
RpcServerRegisterIfEx
UuidCreate
RpcServerUnregisterIf
NdrServerCallAll
RpcBindingVectorFree
RpcServerUseProtseqW

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
EnterCriticalSection
WaitForSingleObjectEx
CreateEventExW
ReleaseSRWLockShared
SetEvent
CreateEventW
ReleaseSemaphore
InitializeCriticalSection
TryEnterCriticalSection
ReleaseSRWLockExclusive
InitializeSRWLock
CreateMutexW
AcquireSRWLockShared
ResetEvent
OpenSemaphoreW
OpenWaitableTimerW
AcquireSRWLockExclusive
CreateMutexExW
SetWaitableTimer
ReleaseMutex
TryAcquireSRWLockExclusive
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
OpenEventW
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetErrorMode
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegGetValueW
RegQueryInfoKeyW
RegEnumValueW
RegLoadAppKeyW
RegNotifyChangeKeyValue
RegEnumKeyExW
RegDeleteKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteTreeW
RegQueryValueExW
RegDeleteValueW

api-ms-win-power-base-l1-1-0

PowerRegisterSuspendResumeNotification
PowerUnregisterSuspendResumeNotification

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
CloseThreadpool
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolWork
SetThreadpoolThreadMinimum
CreateThreadpool
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
SetThreadpoolThreadMaximum
CloseThreadpoolWait

api-ms-win-core-processthreads-l1-1-0

GetExitCodeProcess
CreateThread
CreateProcessAsUserW
TerminateProcess
GetCurrentProcess
CreateProcessA
OpenProcessToken
GetProcessId
CreateProcessW
GetCurrentThread
GetCurrentThreadId
GetCurrentProcessId
ProcessIdToSessionId
SetThreadPriority
ResumeThread
ExitProcess

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
InitOnceComplete
WakeAllConditionVariable
Sleep
InitOnceBeginInitialize
SignalObjectAndWait

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetLocalTime
GlobalMemoryStatusEx
GetSystemInfo
GetSystemDirectoryW
GetTickCount64
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetVersionExW

api-ms-win-core-kernel32-legacy-l1-1-0

UnregisterWait
WTSGetActiveConsoleSessionId
GetSystemPowerStatus

api-ms-win-core-file-l1-1-0

FindClose
GetLogicalDriveStringsW
GetFileSize
GetDiskFreeSpaceExW
ReadFile
CreateFileW
GetShortPathNameW
GetFileAttributesW
GetTempFileNameW
SetFilePointer
GetDriveTypeW
DeleteFileW
QueryDosDeviceW
CreateDirectoryW
GetVolumeInformationW
GetFileInformationByHandle
WriteFile
FindFirstFileW
GetVolumeInformationByHandleW
GetFileTime
CreateFileA
GetFileSizeEx
FindNextFileW
GetLongPathNameW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentStringsW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask
GetNativeSystemInfo

api-ms-win-core-job-l2-1-0

CreateJobObjectW
AssignProcessToJobObject
QueryInformationJobObject
SetInformationJobObject

api-ms-win-core-kernel32-private-l1-1-0

CheckElevationEnabled

aepic

ord102
PicFreeFileInfo
ord100
ord107
ord101
ord105
ord106
ord108
ord109
PicRetrieveFileInfo
ord103
ord104

user32

LoadStringW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess
GetThreadTimes

api-ms-win-power-setting-l1-1-0

PowerGetActiveScheme
PowerSettingRegisterNotification
PowerSettingUnregisterNotification

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W
ChangeServiceConfigW
QueryServiceConfig2W

winhttp

WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpReceiveResponse
WinHttpGetDefaultProxyConfiguration
WinHttpCrackUrl
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpCloseHandle
WinHttpQueryAuthSchemes
WinHttpSetOption
WinHttpSetCredentials
WinHttpGetIEProxyConfigForCurrentUser
WinHttpConnect

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-com-l1-1-0

CoCreateGuid
StringFromGUID2
CoUninitialize
CoWaitForMultipleHandles
CoInitializeEx
StringFromCLSID
CoGetClassObject
CoReleaseMarshalData
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
CoEnableCallCancellation
CoCancelCall
CoCreateInstance
CoGetInterfaceAndReleaseStream
CoDisableCallCancellation

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-security-base-l1-1-0

InitializeSecurityDescriptor
ImpersonateLoggedOnUser
SetSecurityDescriptorDacl
GetTokenInformation
RevertToSelf
SetSecurityDescriptorOwner
GetLengthSid
AllocateAndInitializeSid
FreeSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorGroup

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

oleaut32

SysAllocString
VariantInit
SysFreeString

api-ms-win-security-credentials-l1-1-0

CredReadW
CredFree

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
GlobalFree

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-file-l2-1-2

CopyFileW

crypt32

CertVerifyCertificateChainPolicy

api-ms-win-core-memory-l1-1-0

WriteProcessMemory
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsDeleteString
WindowsCreateString

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoUninitialize
RoInitialize
RoGetActivationFactory

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathIsUNCEx

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW
QueryFullProcessImageNameW

api-ms-win-core-io-l1-1-0

CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus

api-ms-win-core-job-l1-1-0

IsProcessInJob

api-ms-win-core-processthreads-l1-1-2

SetThreadInformation

api-ms-win-core-synch-l1-2-1

CreateWaitableTimerW
WaitForMultipleObjects
CreateSemaphoreW

api-ms-win-devices-config-l1-1-1

CM_Get_Parent
CM_Get_Device_IDW
CM_Unregister_Notification
CM_Register_Notification

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
EnableTraceEx2
StartTraceW

api-ms-win-eventing-consumer-l1-1-0

CloseTrace
ProcessTrace
OpenTraceW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
ChangeTimerQueueTimer
QueueUserWorkItem
CreateTimerQueueTimer

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathGetDriveNumberW
PathFindExtensionW
PathFileExistsW
PathRemoveExtensionW
PathAppendW
PathStripPathW
PathFindFileNameW
PathSkipRootW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegDeleteKeyW

api-ms-win-core-appcompat-l1-1-1

BaseFreeAppCompatDataForProcess
BaseReadAppCompatDataForProcess

tdh

TdhGetProperty
TdhGetPropertySize

setupapi

SetupIterateCabinetW

api-ms-win-oobe-notification-l1-1-0

OOBEComplete

api-ms-win-core-url-l1-1-0

UrlGetPartW

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

apphelp

SetPermLayerState
ord27

apisampling

APISamplingUninitialize
APISamplingSetValue
APISamplingInitialize

api-ms-win-core-sidebyside-l1-1-0

QueryActCtxW
CreateActCtxW
ReleaseActCtx

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

userenv

ExpandEnvironmentStringsForUserW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW

api-ms-win-security-cryptoapi-l1-1-0

CryptDestroyHash
CryptAcquireContextW
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptGetHashParam

Exports

Exports

PcaPatchSdbTask
QueryEncapsulationSettings
QueryEncapsulationSettingsTC
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 660KB - Virtual size: 656KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 260KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pcaui.dll
.dll windows:10 windows x64 arch:x64

c90668328ca7c8264f66d07b28f3c10a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

pcaui.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
memmove
_o_abort
_o_free
_o_iswspace
_o_malloc
_o_strcpy_s
_o_wcscat_s
_o_wcscpy_s
__CxxFrameHandler3
_CxxThrowException
strchr
wcsstr
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o__execute_onexit_table
_o__errno
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcschr
wcsrchr
__C_specific_handler
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp

ntdll

EtwEventUnregister
EtwEventWrite
EtwEventRegister
RtlInitializeCriticalSection
RtlMultiByteToUnicodeN
RtlInitUnicodeStringEx
RtlEnterCriticalSection
RtlReAllocateHeap
RtlGetNativeSystemInformation
RtlEqualString
RtlDeleteCriticalSection
ZwOpenKey
ZwClose
RtlUpcaseUnicodeChar
RtlLeaveCriticalSection
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtCreateFile
ZwQueryValueKey
ZwEnumerateKey
RtlAppendUnicodeToString
RtlInitString
NtQueryInformationFile
RtlInitAnsiString
NtClose
RtlInitUnicodeString
RtlDosPathNameToRelativeNtPathName_U_WithStatus
LdrGetDllHandle
LdrGetProcedureAddress
RtlNtStatusToDosError
RtlFreeHeap
ZwQuerySystemInformation
RtlAppendUnicodeStringToString
RtlAllocateHeap
EtwEventWriteNoRegistration

apphelp

SetPermLayerState
ord24
ord23
SdbFreeFileAttributes
SdbGetFileAttributes
SdbGetEntryFlags
SdbSetEntryFlags
SdbTagToString

api-ms-win-security-base-l1-1-0

CheckTokenMembership
GetTokenInformation
AllocateAndInitializeSid
FreeSid
CreateWellKnownSid

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegSetValueExW
RegCloseKey

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
OpenProcessToken
TlsFree
ProcessIdToSessionId
TlsSetValue
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TlsAlloc
TerminateProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-appmodel-runtime-internal-l1-1-7

AddDependencyToProcessPackageGraph

kernel32

ReleaseMutex
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
LeaveCriticalSection
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
MultiByteToWideChar
InitializeSListHead
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
GetModuleHandleExA
CreateFileW
WriteFile
InterlockedPushEntrySList
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
HeapReAlloc
GetSystemDirectoryW
Sleep
InitializeCriticalSection
ExpandEnvironmentStringsW
LoadLibraryExW
FreeLibrary
LoadLibraryW
QueryActCtxW
DeactivateActCtx
FindActCtxSectionStringW
GetModuleFileNameW
OutputDebugStringA
ActivateActCtx
CreateActCtxW
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
DeleteCriticalSection
AcquireSRWLockShared
LocalFree
CreateMutexExW
GetProcAddress
HeapAlloc
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
CloseHandle

shell32

ShellExecuteExW

shlwapi

PathAppendW
PathQuoteSpacesW
PathRemoveArgsW
PathFindFileNameW
PathUnquoteSpacesW
PathFindExtensionW

user32

MsgWaitForMultipleObjects
GetMessageW
DefWindowProcW
GetWindowRect
GetDpiForWindow
CreateWindowExW
UnregisterClassW
GetMonitorInfoW
ShowWindow
DispatchMessageW
PeekMessageW
MoveWindow
SetFocus
TranslateMessage
GetClientRect
PostQuitMessage
UpdateWindow
SetWindowPos
SendMessageW
LoadIconW
LoadStringW
AllowSetForegroundWindow
LoadCursorW
SetCursor
RegisterClassExW

api-ms-win-core-com-l1-1-0

PropVariantClear
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoCreateFreeThreadedMarshaler
CoCreateGuid
CoTaskMemAlloc

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation

oleaut32

SysFreeString
VariantClear
SysAllocStringLen
VariantInit
GetErrorInfo
SetErrorInfo
SysStringLen
SysAllocString

dwmapi

DwmSetWindowAttribute

rpcrt4

RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcAsyncCancelCall
RpcAsyncInitializeHandle
RpcAsyncCompleteCall
I_RpcExceptionFilter
RpcBindingFromStringBindingW
RpcBindingFree
RpcStringBindingComposeW
Ndr64AsyncClientCall

api-ms-win-shcore-scaling-l1-1-1

GetProcessDpiAwareness

mpr

WNetGetConnectionW

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
StartServiceW
OpenSCManagerW

api-ms-win-core-heap-l2-1-0

LocalAlloc

api-ms-win-core-synch-l1-1-0

CreateEventW

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-sysinfo-l1-1-0

GetTickCount

api-ms-win-core-wow64-l1-1-0

IsWow64Process

ext-ms-win-ntuser-windowstation-l1-1-0

GetThreadDesktop
GetUserObjectInformationW
GetProcessWindowStation

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DisplayApphelpDialog
PcaLaunchApplicationWithConsent
PcaPersistSettingsAndLaunchApplication
PcaShowDialog

Sections

.text
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pcaui.exe
.exe windows:10 windows x64 arch:x64

5ccc1a5afbeb461551efad97af334d41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

pcaui.pdb

Imports

msvcp_win

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm_e
_initterm
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcslwr
_o__wcsnicmp
_o__wsplitpath_s
_o__wtoi
_o_exit
_o_free
_o_malloc
_o_memcpy_s
_o_strcpy_s
_o_terminate
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcstoul
__current_exception
__current_exception_context
__CxxFrameHandler3
_o___std_exception_destroy
_CxxThrowException
_o___std_exception_copy
wcsrchr
strchr
wcsstr
wcschr
_o___p__commode
_o__crt_atexit
_o__exit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
__C_specific_handler
__std_terminate
__CxxFrameHandler4
memcpy
memcmp
_o__wcsicmp

api-ms-win-crt-string-l1-1-0

memset
strncmp
wcscmp

ntdll

RtlMultiByteToUnicodeN
ZwEnumerateKey
RtlInitializeCriticalSection
RtlLeaveCriticalSection
EtwEventUnregister
EtwEventWrite
EtwEventRegister
ZwClose
RtlAnsiStringToUnicodeString
RtlImageDirectoryEntryToData
ZwQuerySystemInformation
ZwUnmapViewOfSection
RtlEnterCriticalSection
RtlAppendUnicodeToString
ZwCreateFile
RtlTimeToTimeFields
RtlUpcaseUnicodeChar
RtlDosPathNameToNtPathName_U_WithStatus
ZwCreateSection
RtlFreeUnicodeString
RtlxAnsiStringToUnicodeSize
RtlGetNativeSystemInformation
RtlSecondsSince1970ToTime
RtlVerifyVersionInfo
RtlInitUnicodeStringEx
ZwMapViewOfSection
ZwQueryValueKey
ZwQueryInformationFile
LdrResSearchResource
ZwOpenKey
EtwTraceMessage
RtlReAllocateHeap
RtlEqualString
RtlDeleteCriticalSection
NtQueryInformationFile
NtClose
NtCreateFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
LdrGetProcedureAddress
RtlInitString
LdrGetDllHandle
RtlInitUnicodeString
RtlAllocateHeap
RtlFreeHeap
RtlGUIDFromString
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlInitAnsiString
RtlAppendUnicodeStringToString

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW
LoadLibraryExW
GetProcAddress
GetModuleFileNameA
FreeLibrary

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
ReleaseMutex
SetEvent
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
CreateMutexExW
ReleaseSemaphore
EnterCriticalSection
CreateEventExW
DeleteCriticalSection
CreateSemaphoreExW
InitializeCriticalSectionAndSpinCount
ResetEvent
AcquireSRWLockShared
CreateEventW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
HeapSetInformation
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
RaiseException
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

ProcessIdToSessionId
TerminateProcess
GetStartupInfoW
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentVariableW

userenv

GetUserProfileDirectoryW

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-sidebyside-l1-1-0

QueryActCtxW
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
DeactivateActCtx

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegGetValueW
RegLoadAppKeyW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-file-l1-1-0

GetFileAttributesW

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-shlwapi-legacy-l1-1-0

PathAppendW
PathFindFileNameW

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize
RoActivateInstance

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

kernel32

FindFirstFileW
GetModuleHandleExA
CreateFileW
FindClose
WriteFile
FileTimeToSystemTime
GetVolumeInformationByHandleW
RegOpenKeyExW
VerSetConditionMask
ExpandEnvironmentStringsW
ReleaseActCtx

apphelp

SdbSetEntryFlags
ord31
SdbIsNullGUID
SdbFreeFileAttributes
SdbGetEntryFlags
SdbGetFileAttributes
SdbTagToString

gdiplus

GdiplusShutdown
GdipSaveImageToFile
GdipBitmapSetPixel
GdipCreateBitmapFromScan0
GdiplusStartup
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromHICON
GdipGetImageEncoders
GdipGetImageEncodersSize

comctl32

ImageList_GetIcon

pcaui

PcaShowDialog
DisplayApphelpDialog

gdi32

DeleteObject
GetDIBits
CreateDIBSection
CreateCompatibleDC
GetObjectW
DeleteDC

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec

api-ms-win-security-cryptoapi-l1-1-0

CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
CryptDestroyHash
CryptHashData
CryptCreateHash

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pcwutl.dll
.dll windows:10 windows x64 arch:x64

ac25af3890b231ad9addfe0d87fbb1f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

pcwutl.pdb

Imports

msvcrt

strncmp
wcscmp
_vsnprintf
sscanf_s
wcsncmp
wcschr
_wcslwr
strcpy_s
strchr
sprintf_s
_wtof
memcmp
_wtoi
wcscpy_s
??3@YAXPEAX@Z
_vsnwprintf
wcsstr
_wcsnicmp
wcsrchr
_wcsdup
free
_itow_s
malloc
_callnewh
_purecall
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
_XcptFilter
_amsg_exit
_initterm
__C_specific_handler
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
memset
wcscat_s
_wcsicmp

aepic

PicFreeFileInfo
PicRetrieveFileInfo

apphelp

SdbGrabMatchingInfoEx

advapi32

RegQueryInfoKeyW
EventWriteTransfer
EventRegister
EventUnregister
RevertToSelf
ImpersonateLoggedOnUser
RegDeleteTreeW
RegCreateKeyExW
RegCloseKey
RegEnumValueW
RegOpenKeyExW
CredFree
CredReadW
RegSetValueExW
RegGetValueW

kernel32

ExpandEnvironmentStringsW
CreateDirectoryW
QueryActCtxW
GetVersionExW
GetFileTime
MapViewOfFile
ReleaseActCtx
CreateFileMappingW
GetLocalTime
TerminateProcess
CreateFileW
CreateActCtxW
SystemTimeToFileTime
GetTickCount
GetCurrentThreadId
SetLastError
UnmapViewOfFile
WriteFile
GetModuleHandleExW
OutputDebugStringA
GetModuleFileNameW
GetModuleHandleExA
DebugBreak
IsDebuggerPresent
QueryPerformanceCounter
GetSystemDirectoryW
FileTimeToSystemTime
GetLastError
HeapAlloc
GetProcessHeap
CloseHandle
HeapFree
HeapReAlloc
MultiByteToWideChar
VerSetConditionMask
VerifyVersionInfoW
FreeLibrary
ReleaseMutex
GetSystemTimeAsFileTime
LoadLibraryExW
GetProcAddress
GlobalFree
ExitProcess
WTSGetActiveConsoleSessionId
CreateMutexW
WaitForSingleObject
LoadLibraryW
GetTempPath2W
GetTempFileNameW
GetModuleHandleW
GetDriveTypeW
GetTickCount64
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
GetCurrentProcessId

ntdll

RtlLeaveCriticalSection
EtwEventUnregister
EtwEventWrite
EtwEventRegister
RtlInitializeCriticalSection
RtlMultiByteToUnicodeN
RtlEnterCriticalSection
RtlEqualString
RtlDeleteCriticalSection
ZwOpenKey
ZwClose
LdrResSearchResource
ZwQueryInformationFile
ZwQueryValueKey
ZwEnumerateKey
RtlInitAnsiString
ZwMapViewOfSection
RtlInitUnicodeStringEx
RtlVerifyVersionInfo
RtlGetNativeSystemInformation
RtlxAnsiStringToUnicodeSize
RtlFreeUnicodeString
ZwCreateSection
RtlDosPathNameToNtPathName_U_WithStatus
RtlUpcaseUnicodeChar
ZwCreateFile
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwUnmapViewOfSection
ZwQuerySystemInformation
RtlAnsiStringToUnicodeString
NtQuerySection
RtlNtStatusToDosError
NtCreateSection
RtlImageRvaToVa
RtlImageDirectoryEntryToData
RtlFreeHeap
RtlAllocateHeap
EtwEventWriteNoRegistration
LdrGetDllHandle
RtlInitString
LdrGetProcedureAddress
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtCreateFile
NtQueryInformationFile
RtlStringFromGUID
NtClose
WinSqmIsOptedInEx
RtlInitUnicodeString

shell32

ShellExecuteExW

shlwapi

PathUnquoteSpacesW
PathRemoveFileSpecW
PathIsRootW
PathGetDriveNumberW
PathFileExistsW
PathRemoveExtensionW
PathFindFileNameW

user32

LoadStringW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winhttp

WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpQueryAuthSchemes
WinHttpGetDefaultProxyConfiguration
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSetCredentials
WinHttpCloseHandle
WinHttpOpen
WinHttpConnect
WinHttpSetOption
WinHttpOpenRequest
WinHttpSendRequest

ext-ms-win-session-wtsapi32-l1-1-0

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW

api-ms-win-core-com-l1-1-0

CoCreateGuid

wer

WerReportCloseHandle
WerReportSubmit
WerReportSetParameter
WerReportAddFile
WerReportCreate

Exports

Exports

GetAppInformationFromCloud
GetLayerFromGenome
GetMatchingInfo
GetTempFile
LaunchApplicationW
LogAeEvent
LogPCWDebugEvent
RetrieveFileAndProgramId
SanitizeFullPath
SendPcwWerReport

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
perfc009.dat
perfh009.dat
pku2u.dll
.dll windows:10 windows x64 arch:x64

cb2c48b92d9508fb4ee65df50e1c68aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

pku2u.pdb

Imports

msvcrt

_callnewh
memmove
wcscpy_s
wcscat_s
strstr
strncpy_s
sprintf_s
wcsncmp
memmove_s
_wcsicmp
memcpy_s
_vsnwprintf
wcschr
_purecall
_XcptFilter
_onexit
__dllonexit
_unlock
memcpy
tolower
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
memcmp
memset

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
SetThreadStackGuarantee
SetThreadToken
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCompareMemory
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
TraceMessage

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleFileNameW
GetProcAddress
GetModuleHandleExA
GetModuleHandleW
GetModuleHandleExW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

sspicli

SspiGetTargetHostName
CredUnmarshalTargetInfo
SspiLocalFree
FreeContextBuffer
QuerySecurityPackageInfoW
CredMarshalTargetInfo
SspiFreeAuthIdentity

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
CreateSemaphoreExW
ReleaseMutex
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
CreateMutexExW
ReleaseSemaphore
DeleteCriticalSection
OpenSemaphoreW
WaitForSingleObject
AcquireSRWLockExclusive
LeaveCriticalSection
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

FreeSid
AllocateAndInitializeSid
RevertToSelf
CheckTokenMembership

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

bcrypt

BCryptCreateHash
BCryptHashData
BCryptGenRandom
BCryptFinishHash
BCryptDestroyHash

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

rpcrt4

NdrMesTypeEncode3
NdrMesTypeDecode3
MesIncrementalHandleReset
MesDecodeIncrementalHandleCreate
NdrMesTypeAlignSize3
MesEncodeIncrementalHandleCreate
MesHandleFree
MesDecodeBufferHandleCreate
MesBufferHandleReset
MesEncodeDynBufferHandleCreate
I_RpcMapWin32Status
UuidCreate

msasn1

ASN1BEREncExplicitTag
ASN1intx_free
ASN1_CreateEncoder
ASN1_CreateDecoder
ASN1_CloseEncoder
ASN1_CloseDecoder
ASN1_Encode
ASN1_FreeEncoded
ASN1ztcharstring_free
ASN1bitstring_free
ASN1BERDecCharString
ASN1_CreateModule
ASN1BERDecU32Val
ASN1DEREncBitString
ASN1BERDecZeroCharString
ASN1BEREncObjectIdentifier
ASN1BERDecObjectIdentifier
ASN1BERDecBitString
ASN1charstring_free
ASN1DEREncOctetString
ASN1BERDecS32Val
ASN1BEREncOpenType
ASN1BEREncSX
ASN1DecAlloc
ASN1Free
ASN1BERDecSkip
ASN1BEREncBool
ASN1BEREncEndOfContents
ASN1DEREncCharString
ASN1BEREncS32
ASN1EncSetError
ASN1objectidentifier_free
ASN1BERDecBool
ASN1BERDecEndOfContents
ASN1BERDecNotEndOfContents
ASN1BERDecOctetString
ASN1BEREncU32
ASN1BERDecPeekTag
ASN1BERDecGeneralizedTime
ASN1DEREncGeneralizedTime
ASN1BERDecExplicitTag
ASN1DecSetError
ASN1octetstring_free
ASN1BERDecSXVal
ASN1BERDecOpenType2
ASN1_FreeDecoded
ASN1_Decode
ASN1intx_setuint32

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA
lstrcmpiA

ntdll

RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtSetSecurityObject
RtlCompareUnicodeString
RtlAddAccessAllowedAce
RtlImageNtHeader
NtOpenProcessToken
RtlFreeSid
RtlIdentifierAuthoritySid
RtlEqualSid
RtlGetLastNtStatus
NtQueryInformationToken
RtlSubAuthoritySid
RtlCopySid
RtlLengthRequiredSid
RtlSubAuthorityCountSid
RtlEqualDomainName
RtlLengthSid
RtlValidSid
RtlTimeToTimeFields
RtlTimeFieldsToTime
RtlAllocateAndInitializeSid
RtlInsertElementGenericTable
RtlDeleteElementGenericTable
RtlGetElementGenericTable
RtlInitializeGenericTable
NtDuplicateObject
RtlSystemTimeToLocalTime
NtSetInformationThread
NtOpenThreadToken
NtAllocateLocallyUniqueId
NtQuerySystemTime
RtlInitializeResource
RtlInitializeGenericTableAvl
RtlDeleteResource
RtlEnumerateGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlAcquireResourceExclusive
RtlInsertElementGenericTableAvl
RtlConvertSharedToExclusive
RtlReleaseResource
RtlLookupElementGenericTableAvl
RtlAcquireResourceShared
RtlFreeUnicodeString
RtlFreeHeap
NtQueryWnfStateData
RtlEqualUnicodeString
NtClose
RtlInitUnicodeString
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlCreateAcl

cryptdll

CDLocateCSystem
CDFindCommonCSystem
CDLocateCheckSum
CDGenerateRandomBits
CDBuildIntegrityVect

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualQuery
VirtualProtect

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllMain
SpLsaModeInitialize
SpUserModeInitialize

Sections

.text
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
policymanager.dll
.dll windows:10 windows x64 arch:x64

23465f829629a3a786b84fe3d0ca3abe

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

34:62:a1:39:45:0e:c5:1c:76:22:ef:c7:d2:0d:f1:18:9b:34:00:f1:d2:b6:58:43:5e:88:7f:d3:89:18:86:2e
Signer

Actual PE Digest

34:62:a1:39:45:0e:c5:1c:76:22:ef:c7:d2:0d:f1:18:9b:34:00:f1:d2:b6:58:43:5e:88:7f:d3:89:18:86:2e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

policymanager.pdb

Imports

msvcp110_win

??0id@locale@std@@QEAA@_K@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xbad_alloc@std@@YAXXZ
??0_Container_base12@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
??1_Container_base12@std@@QEAA@XZ
?_Orphan_all@_Container_base12@std@@QEAAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Orphan_all@_Container_base0@std@@QEAAXXZ

msvcrt

memmove
memcpy
memcmp
_CxxThrowException
memset
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
__CxxFrameHandler4
??_V@YAXPEAX@Z
_vsnwprintf
_onexit
__dllonexit
_unlock
_wcsicmp
_purecall
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__CxxFrameHandler3
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
memcpy_s
_callnewh
malloc
iswupper
_wtoi
wcschr
free
wcsncmp
_errno
wcstoul
_ultow_s
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
wcscmp
wcsncpy_s
wcstok_s
wcsstr
_wcsnicmp
sprintf_s
wcsrchr
towlower

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventActivityIdControl
EventWriteTransfer
EventUnregister

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
FreeLibrary
GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleFileNameW
GetModuleHandleExW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
GlobalFree

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenCurrentUser
RegOpenKeyExW
RegDeleteKeyExW
RegEnumValueW
RegEnumKeyExW
RegDeleteTreeW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegGetValueW
RegCloseKey
RegQueryInfoKeyW

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
OpenProcessToken
GetCurrentThread
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
ReleaseSRWLockShared
WaitForSingleObjectEx
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
CreateMutexExW
OpenSemaphoreW
LeaveCriticalSection
ReleaseMutex
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
AcquireSRWLockShared
OpenMutexW
WaitForSingleObject

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetTickCount
GetSystemTimeAsFileTime
GetSystemTime

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
ExpandEnvironmentStringsW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-file-l1-1-0

CreateDirectoryW
GetFullPathNameW
FindClose
GetLongPathNameW
FindNextFileW
FindFirstFileW
GetFileSizeEx
GetFileAttributesW
GetFinalPathNameByHandleW
SetFileInformationByHandle
WriteFile
CreateFileW
GetFileInformationByHandle
SetFileAttributesW
ReadFile
DeleteFileW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
SleepConditionVariableSRW
WakeAllConditionVariable
InitOnceBeginInitialize

api-ms-win-core-datetime-l1-1-1

GetTimeFormatEx
GetDateFormatEx

api-ms-win-core-rtlsupport-l1-1-0

RtlCompareMemory
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock
GlobalSize

ntdll

RtlFreeHeap
RtlAllocateHeap
RtlPublishWnfStateData
NtSetInformationFile
RtlIsStateSeparationEnabled
NtSetInformationToken
RtlInitUnicodeString
NtQuerySecurityAttributesToken
RtlNtStatusToDosError
NtCreateWnfStateName
RtlQueryWnfMetaNotification
RtlWaitForWnfMetaNotification

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-security-base-l1-1-0

GetLengthSid
CheckTokenMembership
AdjustTokenPrivileges
GetTokenInformation
ImpersonateLoggedOnUser
RevertToSelf
CopySid

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DeviceManagement_CompareSettingValues
EnterprisePolicyManagerStore_AcquireMergeLock
EnterprisePolicyManagerStore_CSPConfigSourceAreaCreateNodeInstance
EnterprisePolicyManagerStore_CSPConfigSourceAreaDeleteChild
EnterprisePolicyManagerStore_CSPConfigSourceAreaGetChildNodeNames
EnterprisePolicyManagerStore_CSPConfigSourceAreaPolicyCreateNodeInstance
EnterprisePolicyManagerStore_CSPConfigSourceAreaPolicyGetValue
EnterprisePolicyManagerStore_CSPConfigSourceAreaPolicySetValue
EnterprisePolicyManagerStore_CSPConfigSourceDeleteChild
EnterprisePolicyManagerStore_CSPResultAreaGetChildNodeNames
EnterprisePolicyManagerStore_CSPResultAreaPolicyGetValue
EnterprisePolicyManagerStore_CSPResultGetAreaChildNodeNames
EnterprisePolicyManagerStore_CreateProviderHive
EnterprisePolicyManagerStore_DeleteEnrollmentAdmxMetadata
EnterprisePolicyManagerStore_DeleteEnrollmentAppAdmxMetadata
EnterprisePolicyManagerStore_DeleteEnrollmentAppSettingTypeAdmxMetadata
EnterprisePolicyManagerStore_DeleteProvider
EnterprisePolicyManagerStore_DeleteProviderContextSidArea
EnterprisePolicyManagerStore_DeleteProviderContextSidAreaPolicy
EnterprisePolicyManagerStore_DeleteProviderIdAndMerge
EnterprisePolicyManagerStore_DeleteProviderIdAndMergeScopeData
EnterprisePolicyManagerStore_DeleteVirtuallyDeletedHive
EnterprisePolicyManagerStore_DoesProviderContextNameExist
EnterprisePolicyManagerStore_DoesProviderContextSidAreaExist
EnterprisePolicyManagerStore_DoesProviderContextSidAreaPolicyValueExist
EnterprisePolicyManagerStore_DoesProviderExist
EnterprisePolicyManagerStore_EDPCSPConfigSourceAreaDeleteChild
EnterprisePolicyManagerStore_EDPCSPConfigSourceAreaPolicyGetValue
EnterprisePolicyManagerStore_EDPCSPConfigSourceAreaPolicySetValue
EnterprisePolicyManagerStore_EnsureProviderContextNameExist
EnterprisePolicyManagerStore_EnsureProviderContextSidAreaExist
EnterprisePolicyManagerStore_EvaluatePoliciesUpdateCurrent
EnterprisePolicyManagerStore_FreeURIsOfProviders
EnterprisePolicyManagerStore_GetAdmxFileData
EnterprisePolicyManagerStore_GetAllCurrentSidAreaPolicies
EnterprisePolicyManagerStore_GetAllCurrentSidAreas
EnterprisePolicyManagerStore_GetAllCurrentSids
EnterprisePolicyManagerStore_GetAllDefaultAreaPolicies
EnterprisePolicyManagerStore_GetAllDefaultAreas
EnterprisePolicyManagerStore_GetAllProviderContextSidAreaPolicies
EnterprisePolicyManagerStore_GetAllProviderContextSidAreas
EnterprisePolicyManagerStore_GetAllProviderContextSids
EnterprisePolicyManagerStore_GetAllProviderIds
EnterprisePolicyManagerStore_GetAllProviderPolicyStringValues
EnterprisePolicyManagerStore_GetAllURIsOfProviders
EnterprisePolicyManagerStore_GetBinaryPolicyValue
EnterprisePolicyManagerStore_GetCurrentPolicyValue
EnterprisePolicyManagerStore_GetEnrollmentState
EnterprisePolicyManagerStore_GetEnrollmentTypeFromEnrollment
EnterprisePolicyManagerStore_GetIntPolicyValue
EnterprisePolicyManagerStore_GetPolicyDoNotAllowFromMetadata
EnterprisePolicyManagerStore_GetPolicyLowHighRangeFromMetadata
EnterprisePolicyManagerStore_GetPolicyTypeFromMetadata
EnterprisePolicyManagerStore_GetProviderContextSidAreaPolicyValue
EnterprisePolicyManagerStore_GetSnapshotOfPolicyValue
EnterprisePolicyManagerStore_GetStringPolicyValue
EnterprisePolicyManagerStore_GetTrueArea
EnterprisePolicyManagerStore_GetWinningProvider
EnterprisePolicyManagerStore_IngestAdmxTextBlob
EnterprisePolicyManagerStore_IsADMXIngestionAllowed
EnterprisePolicyManagerStore_IsAreaPolicySLAPIAllowed
EnterprisePolicyManagerStore_IsAreaPolicySLAPIAllowedGivenSLAPIPolicyString
EnterprisePolicyManagerStore_IsPolicyAreaForIngestedAdmx
EnterprisePolicyManagerStore_IsPolicySetByMobileDeviceManager
EnterprisePolicyManagerStore_IsURISetByProvider
EnterprisePolicyManagerStore_IsValidArea
EnterprisePolicyManagerStore_IsValidPolicy
EnterprisePolicyManagerStore_PerformEvaluatorMerge
EnterprisePolicyManagerStore_PublishAnyDelayedWnfs
EnterprisePolicyManagerStore_PublishPolicyWNFCache
EnterprisePolicyManagerStore_ReadPolicyMetadata
EnterprisePolicyManagerStore_RefreshAll
EnterprisePolicyManagerStore_ReleaseMergeLock
EnterprisePolicyManagerStore_RemoveRegistryKeypathEASPoliciesIfExchangeDeviceLockPoliciesNotSet
EnterprisePolicyManagerStore_SetEnrollmentDormantState
EnterprisePolicyManagerStore_SetGlobalValueChangedDirtyFlagInCurrentForArea
EnterprisePolicyManagerStore_SetProviderContextSidAreaPolicyValue
EnterprisePolicyManagerStore_VerifyAdmxPoliciesAreNotSet
MDMWinsOverGP_IsGPPolicySetByMDMEx
PolicyManager_FreeBinaryValue
PolicyManager_FreeGetPolicyData
PolicyManager_FreeGroupAreaPolicyCollection
PolicyManager_FreeStringValue
PolicyManager_FreeStringValues
PolicyManager_GetAboveLockPolicy_AllowActionCenterNotifications
PolicyManager_GetAccountsPolicy_AllowAddingNonMicrosoftAccountsManually
PolicyManager_GetAccountsPolicy_AllowMicrosoftAccountConnection
PolicyManager_GetApplicationManagementPolicy_AllowStore
PolicyManager_GetApplicationManagementPolicy_ApplicationRestrictions
PolicyManager_GetBrowserPolicy_AllowBrowser
PolicyManager_GetCameraPolicy_AllowCamera
PolicyManager_GetConnectivityPolicy_AllowNFC
PolicyManager_GetConnectivityPolicy_AllowUSBConnection
PolicyManager_GetDeviceLockPolicy_AllowIdleReturnWithoutPassword
PolicyManager_GetDeviceLockPolicy_AllowSimpleDevicePassword
PolicyManager_GetDeviceLockPolicy_AlphanumericDevicePasswordRequired
PolicyManager_GetDeviceLockPolicy_DevicePasswordEnabled
PolicyManager_GetDeviceLockPolicy_DevicePasswordExpiration
PolicyManager_GetDeviceLockPolicy_DevicePasswordHistory
PolicyManager_GetDeviceLockPolicy_MaxDevicePasswordFailedAttempts
PolicyManager_GetDeviceLockPolicy_MaxInactivityTimeDeviceLock
PolicyManager_GetDeviceLockPolicy_MinDevicePasswordComplexCharacters
PolicyManager_GetDeviceLockPolicy_MinDevicePasswordLength
PolicyManager_GetExperiencePolicy_AllowCopyPaste
PolicyManager_GetExperiencePolicy_AllowCortana
PolicyManager_GetExperiencePolicy_AllowScreenCapture
PolicyManager_GetExperiencePolicy_AllowSyncMySettings
PolicyManager_GetExperiencePolicy_AllowVoiceRecording
PolicyManager_GetGroupAreaPolicyCollectionGivenGroupName
PolicyManager_GetPolicy
PolicyManager_GetPolicyBinary
PolicyManager_GetPolicyBinaryGivenEnrollmentId
PolicyManager_GetPolicyInt
PolicyManager_GetPolicyIntGivenEnrollmentId
PolicyManager_GetPolicyString
PolicyManager_GetPolicyStringGivenEnrollmentId
PolicyManager_GetPolicyStringValues
PolicyManager_GetSearchPolicy_AllowSearchToUseLocation
PolicyManager_GetSearchPolicy_SafeSearchPermissions
PolicyManager_GetSecurityPolicy_AllowManualRootCertificateInstallation
PolicyManager_GetSecurityPolicy_RequireDeviceEncryption
PolicyManager_GetSystemPolicy_AllowLocation
PolicyManager_GetSystemPolicy_AllowStorageCard
PolicyManager_GetSystemPolicy_AllowUserToResetPhone
PolicyManager_GetWiFiPolicy_AllowAutoConnectToWiFiSenseHotspots
PolicyManager_GetWiFiPolicy_AllowInternetSharing
PolicyManager_GetWiFiPolicy_AllowManualWiFiConfiguration
PolicyManager_GetWiFiPolicy_AllowWiFi
PolicyManager_IsPolicySetByMobileDeviceManager
PolicyManager_PublishPolicyWNFCache
SettingsManagerStore_GetWnfsForSettingPath
SettingsManagerStore_ReleaseWnfNames

Sections

.text
Size: 504KB - Virtual size: 501KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
powercfg.exe
.exe windows:10 windows x64 arch:x64

e85330399b67b18f4577e432ca6ce70d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

powercfg.pdb

Imports

msvcrt

memcpy
memmove
?terminate@@YAXXZ
_CxxThrowException
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
??1type_info@@UEAA@XZ
__wgetmainargs
_amsg_exit
_XcptFilter
free
_callnewh
malloc
fprintf
fflush
_wtoi
_wcstoui64
_wcsnicmp
_ui64tow_s
_itow_s
_vsnwprintf
_purecall
wcstoul
wcscat_s
wcscpy_s
_wcsicmp
__CxxFrameHandler4
__iob_func
swprintf_s
__set_app_type
memset

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtCreateFile
NtQueryObject
RtlFreeHeap
RtlInitUnicodeString
RtlAllocateHeap
RtlNtStatusToDosError
NtPowerInformation
RtlLoadString

rpcrt4

UuidEqual
UuidFromStringW
UuidToStringW
RpcStringFreeW

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-file-l1-1-0

GetFinalPathNameByHandleW
GetFileType
FindFirstFileW
CreateFileW
GetFileAttributesW
GetFullPathNameW
DeleteFileW
FindClose
FileTimeToLocalFileTime

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegEnumValueW
RegGetValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
GetTokenInformation

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
OpenProcessToken

api-ms-win-power-setting-l1-1-0

PowerGetActiveScheme
PowerWriteACValueIndex
PowerSetActiveScheme
PowerWriteDCValueIndex

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal

api-ms-win-power-base-l1-1-0

GetPwrCapabilities

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapFree
HeapSetInformation
HeapAlloc
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
LoadLibraryExW
LoadStringW
LoadLibraryExA
GetModuleHandleW

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-console-l1-1-0

GetConsoleMode
GetConsoleOutputCP
WriteConsoleW
SetConsoleCtrlHandler

api-ms-win-core-path-l1-1-0

PathCchRemoveBackslash
PathCchAppend

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-registry-l2-1-0

RegSaveKeyW

powrprof

PowerGetActualOverlayScheme
PowerApplyPowerRequestOverride
PowerGetAdaptiveStandbyDiagnostics
PowerEnumerate
PowerReadValueIncrement
PowerReadFriendlyName
PowerGetOverlaySchemes
PowerPolicyToGUIDFormat
PowerWriteDCDefaultIndex
PowerGetProfiles
PowerWriteACProfileIndex
PowerReadValueMin
PowerRemovePowerSetting
PowerCleanupOverrides
PowerRestoreIndividualDefaultPowerScheme
ReadPwrScheme
PowerReadValueUnitsSpecifier
PowerRestoreDefaultPowerSchemes
PowerReadValueMax
PowerReadProfileAlias
PowerReadACValueIndexEx
PowerWriteValueMax
PowerReplaceDefaultPowerSchemes
PowerSetActiveOverlayScheme
PowerReadPossibleFriendlyName
PowerWritePossibleValue
PowerReadPossibleValue
PowerWriteValueIncrement
PowerDeleteScheme
PowerWriteValueMin
PowerWriteDescription
PowerReadSecurityDescriptor
PowerWriteSecurityDescriptor
PowerDuplicateScheme
PowerReadDCValueIndexEx
PowerWriteDCProfileIndex
PowerWriteACDefaultIndex
GetActivePwrScheme
PowerWriteSettingAttributes
PowerWriteFriendlyName
DevicePowerOpen
DevicePowerEnumDevices
PowerReadDCValueIndex
PowerImportPowerScheme
DevicePowerClose
PowerReadACValueIndex
PowerOpenUserPowerKey
PowerReadSettingAttributes
DevicePowerSetDeviceState
PowerInformationWithPrivileges

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-service-private-l1-1-0

I_QueryTagInformation

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
powrprof.dll
.dll windows:10 windows x64 arch:x64

0eaa2d25e8cdd79256fd6a7e2979b042

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:69:d5:bd:c7:90:78:73:56:42:05:8f:c4:56:42:ad:d4:b7:85:ba:16:24:96:07:79:7e:4c:7e:a9:7c:b9:96
Signer

Actual PE Digest

1f:69:d5:bd:c7:90:78:73:56:42:05:8f:c4:56:42:ad:d4:b7:85:ba:16:24:96:07:79:7e:4c:7e:a9:7c:b9:96

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

powrprof.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__itow_s
_o__seh_filter_dll
memcpy
_o__wcsicmp
_o_wcscpy_s
_o___stdio_common_vswprintf
_o___acrt_iob_func
_o___stdio_common_vfprintf
_o___std_type_info_destroy_list
__C_specific_handler
memcmp

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlAcquireSRWLockExclusive
LdrUnloadDll
RtlUnsubscribeWnfNotificationWithCompletionCallback
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlInitializeSRWLock
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlWnfDllUnloadCallback
LdrAddRefDll
RtlGetActiveConsoleId
RtlFreeHeap
RtlAllocateHeap
RtlNtStatusToDosError
NtInitiatePowerAction
RtlPublishWnfStateData
NtPowerInformation
RtlUnsubscribeWnfStateChangeNotification
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlAllocateWnfSerializationGroup
RtlReleaseSRWLockExclusive

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegDeleteKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegGetValueW
RegOpenKeyExW
RegOpenCurrentUser

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

ProcessIdToSessionId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
OpenThreadToken
GetCurrentThread

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
RevertToSelf
FreeSid
AllocateAndInitializeSid
ImpersonateSelf
CheckTokenMembership

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
CreateEventW
SetEvent
ResetEvent
InitializeCriticalSection

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

RpcBindingFromStringBindingW
NdrClientCall3
RpcBindingFree
UuidToStringW
RpcStringFreeW
UuidCreate
I_RpcExceptionFilter
RpcStringBindingComposeW
UuidEqual

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-localization-private-l1-1-0

LoadStringByReference

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-realtime-l1-1-1

QueryInterruptTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CallNtPowerInformation
CanUserWritePwrScheme
DeletePwrScheme
DevicePowerClose
DevicePowerEnumDevices
DevicePowerOpen
DevicePowerSetDeviceState
EnumPwrSchemes
GUIDFormatToGlobalPowerPolicy
GUIDFormatToPowerPolicy
GetActivePwrScheme
GetCurrentPowerPolicies
GetPwrCapabilities
GetPwrDiskSpindownRange
IsAdminOverrideActive
IsPwrHibernateAllowed
IsPwrShutdownAllowed
IsPwrSuspendAllowed
LoadCurrentPwrScheme
MergeLegacyPwrScheme
PowerApplyPowerRequestOverride
PowerApplySettingChanges
PowerCanRestoreIndividualDefaultPowerScheme
PowerCleanupOverrides
PowerClearUserAwayPrediction
PowerCloseEnvironmentalMonitor
PowerCloseLimitsMitigation
PowerCloseLimitsPolicy
PowerCreatePossibleSetting
PowerCreateSetting
PowerDebugDifPowerPolicies
PowerDebugDifSystemPowerPolicies
PowerDebugDumpPowerPolicy
PowerDebugDumpPowerScheme
PowerDebugDumpSystemPowerCapabilities
PowerDebugDumpSystemPowerPolicy
PowerDeleteScheme
PowerDeterminePlatformRole
PowerDeterminePlatformRoleEx
PowerDuplicateScheme
PowerEnumerate
PowerEnumerateSettings
PowerGetActiveScheme
PowerGetActualOverlayScheme
PowerGetAdaptiveStandbyDiagnostics
PowerGetEffectiveOverlayScheme
PowerGetOverlaySchemes
PowerGetProfiles
PowerGetUserAwayMinPredictionConfidence
PowerGetUserConfiguredOverlayScheme
PowerImportPowerScheme
PowerInformationWithPrivileges
PowerIsSettingRangeDefined
PowerOpenSystemPowerKey
PowerOpenUserPowerKey
PowerPolicyToGUIDFormat
PowerReadACDefaultIndex
PowerReadACValue
PowerReadACValueIndex
PowerReadACValueIndexEx
PowerReadDCDefaultIndex
PowerReadDCValue
PowerReadDCValueIndex
PowerReadDCValueIndexEx
PowerReadDescription
PowerReadFriendlyName
PowerReadIconResourceSpecifier
PowerReadPossibleDescription
PowerReadPossibleFriendlyName
PowerReadPossibleValue
PowerReadProfileAlias
PowerReadSecurityDescriptor
PowerReadSettingAttributes
PowerReadValueIncrement
PowerReadValueMax
PowerReadValueMin
PowerReadValueUnitsSpecifier
PowerReapplyActiveScheme
PowerRefreshProfileSettings
PowerRegisterEnvironmentalMonitor
PowerRegisterForEffectivePowerModeNotifications
PowerRegisterLimitsMitigation
PowerRegisterLimitsPolicy
PowerRegisterSuspendResumeNotification
PowerRemovePowerSetting
PowerReplaceDefaultPowerSchemes
PowerReportLimitsEvent
PowerReportThermalEvent
PowerRestoreACDefaultIndex
PowerRestoreACProfileIndex
PowerRestoreDCDefaultIndex
PowerRestoreDCProfileIndex
PowerRestoreDefaultPowerSchemes
PowerRestoreIndividualDefaultPowerScheme
PowerSetActiveOverlayScheme
PowerSetActiveScheme
PowerSetAlsBrightnessOffset
PowerSetBrightnessAndTransitionTimes
PowerSetUserAwayPrediction
PowerSetUserConfiguredOverlayScheme
PowerSettingAccessCheck
PowerSettingAccessCheckEx
PowerSettingRegisterNotification
PowerSettingRegisterNotificationEx
PowerSettingUnregisterNotification
PowerUnregisterFromEffectivePowerModeNotifications
PowerUnregisterSuspendResumeNotification
PowerUpdateEnvironmentalMonitorState
PowerUpdateEnvironmentalMonitorThresholds
PowerUpdateLimitsMitigation
PowerWriteACDefaultIndex
PowerWriteACProfileIndex
PowerWriteACValueIndex
PowerWriteDCDefaultIndex
PowerWriteDCProfileIndex
PowerWriteDCValueIndex
PowerWriteDescription
PowerWriteFriendlyName
PowerWriteIconResourceSpecifier
PowerWritePossibleDescription
PowerWritePossibleFriendlyName
PowerWritePossibleValue
PowerWriteSecurityDescriptor
PowerWriteSettingAttributes
PowerWriteValueIncrement
PowerWriteValueMax
PowerWriteValueMin
PowerWriteValueUnitsSpecifier
ReadGlobalPwrPolicy
ReadProcessorPwrScheme
ReadPwrScheme
SetActivePwrScheme
SetSuspendState
ValidatePowerPolicies
WriteGlobalPwrPolicy
WriteProcessorPwrScheme
WritePwrScheme

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
profapi.dll
.dll windows:10 windows x64 arch:x64

b8dd128776ae0dc1c388281dae19746f

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

92:95:c7:34:60:42:b2:2f:98:17:eb:6d:0f:a6:be:d5:cf:fb:bf:8a:de:8a:33:fa:12:a3:43:85:d1:5d:7d:02
Signer

Actual PE Digest

92:95:c7:34:60:42:b2:2f:98:17:eb:6d:0f:a6:be:d5:cf:fb:bf:8a:de:8a:33:fa:12:a3:43:85:d1:5d:7d:02

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

profapi.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memcpy
_o__wcsicmp
_o_free
__C_specific_handler
_o__cexit
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
wcsstr
__std_terminate
__CxxFrameHandler4
_CxxThrowException
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleExW
FreeLibrary
LoadLibraryExW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
ReleaseMutex
ReleaseSRWLockExclusive
WaitForSingleObject
InitializeSRWLock
ReleaseSemaphore
CreateSemaphoreExW
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapReAlloc
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-0

SetThreadToken
OpenThreadToken
GetCurrentProcessId
GetCurrentThreadId
OpenProcessToken
TerminateProcess
GetCurrentProcess
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-registry-l1-1-0

RegLoadKeyW
RegEnumValueW
RegGetKeySecurity
RegCopyTreeW
RegSetKeySecurity
RegQueryInfoKeyW
RegOpenCurrentUser
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegEnumKeyExW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-base-l1-1-0

CopySid
GetAce
AddAce
GetLengthSid
GetTokenInformation
IsWellKnownSid
RevertToSelf
GetSecurityDescriptorDacl
ImpersonateSelf
ImpersonateLoggedOnUser
SetFileSecurityW
PrivilegeCheck
MakeAbsoluteSD

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l1-1-0

GetShortPathNameW
CreateFileW
DeleteFileW
SetFileAttributesW
ReadFile
WriteFile
FindFirstFileW
FindNextFileW
GetFileAttributesW
CreateDirectoryW
FindClose

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlAdjustPrivilege
RtlCreateEnvironment
RtlDestroyEnvironment
RtlExpandEnvironmentStrings
RtlSetEnvironmentVar
RtlNtStatusToDosError
RtlQueryEnvironmentVariable
RtlGetAppContainerParent
RtlGetAppContainerSidType
RtlFreeSid
RtlQueryPackageClaims
RtlEqualSid
NtQueryInformationToken

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
profext.dll
.dll windows:10 windows x64 arch:x64

dcf24ab21c0b442472b9090c1d389e8b

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fe:00:a0:f7:e1:da:96:ca:b3:94:15:f3:36:ef:cb:5a:4c:46:7c:aa:a8:4f:f3:7a:89:1e:ab:af:d6:8a:b7:83
Signer

Actual PE Digest

fe:00:a0:f7:e1:da:96:ca:b3:94:15:f3:36:ef:cb:5a:4c:46:7c:aa:a8:4f:f3:7a:89:1e:ab:af:d6:8a:b7:83

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

profext.pdb

Imports

msvcrt

memmove
_XcptFilter
memcpy
??1type_info@@UEAA@XZ
_amsg_exit
?terminate@@YAXXZ
_onexit
_initterm
__C_specific_handler
__CxxFrameHandler4
__dllonexit
_unlock
_lock
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
wcsncmp
_wcsnicmp
_get_errno
_set_errno
??_V@YAXPEAX@Z
wcsrchr
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
free
memset

api-ms-win-security-base-l1-1-0

GetSidSubAuthorityCount
AddAccessDeniedAce
GetSecurityDescriptorSacl
AllocateAndInitializeSid
GetLengthSid
AddAccessAllowedAce
GetSidSubAuthority
AddAccessAllowedAceEx
InitializeAcl
GetTokenInformation
DestroyPrivateObjectSecurity
CopySid

api-ms-win-core-file-l1-1-0

GetFinalPathNameByHandleW
RemoveDirectoryW
GetFileAttributesW
CreateFileW
FindNextFileW
DeleteFileW
SetFileAttributesW
CreateDirectoryW
FindClose
FindFirstFileW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LockResource
GetModuleHandleW
GetProcAddress
FindResourceExW
LoadResource
FindStringOrdinal
GetModuleHandleExA
DisableThreadLibraryCalls
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

ReleaseMutex
ReleaseSemaphore
CreateMutexExW
WaitForSingleObjectEx
OpenSemaphoreW
WaitForSingleObject
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentProcess
GetCurrentProcessId
OpenProcessToken
GetCurrentThread
GetCurrentThreadId
TerminateProcess

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegDeleteTreeW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l2-1-0

CreateSymbolicLinkW
GetFileInformationByHandleEx

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
SearchPathW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-path-l1-1-0

PathCchRemoveBackslash
PathAllocCanonicalize
PathCchRemoveFileSpec

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-shlwapi-legacy-l1-1-0

PathGetArgsW
PathUnquoteSpacesW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

kernelbase

GetStateRootFolder
AppContainerLookupMoniker
OpenStateExplicit
GetPackageFamilyNameFromToken
CloseState
AppContainerUnregisterSid
AppContainerLookupDisplayNameMrtReference
AppContainerRegisterSid
AppContainerFreeMemory
AppContainerDeriveSidFromMoniker

ntdll

RtlNtStatusToDosErrorNoTeb
RtlNtStatusToDosError
EtwEventSetInformation
EtwEventRegister
EtwEventWrite
EtwEventUnregister
EtwEventWriteTransfer
RtlFreeSid
RtlDowncaseUnicodeString
RtlQueryPackageClaims
NtQueryInformationToken
RtlInitUnicodeString
RtlGetAppContainerSidType
EtwEventActivityIdControl
RtlExpandEnvironmentStrings

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

CreateAppContainerProfileWorker
CreateDirectoryJunctionsForSystemWorker
CreateDirectoryJunctionsForUserProfileWorker
CreateGroupExWorker
CreateLinkFileExWorker
DeleteAppContainerProfileWorker
DeleteGroupWorker
DeleteLinkFileWorker
DeriveAppContainerSidFromAppContainerNameWorker
DeriveRestrictedAppContainerSidFromAppContainerSidAndRestrictedNameWorker
GetAppContainerFolderPathWorker
GetAppContainerRegistryLocationWorker
IsAppContainerProfilePresentWorker
LookupAppContainerDisplayNameWorker
ProcessGroupPolicyCompletedExWorker
ProcessGroupPolicyCompletedWorker
RsopAccessCheckByTypeWorker
RsopFileAccessCheckWorker
RsopResetPolicySettingStatusWorker
RsopSetPolicySettingStatusWorker
UpdateAppContainerProfileWorker

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
profprov.dll
.dll regsvr32 windows:10 windows x64 arch:x64

072dbb0abd84f148edb52e49c11c8562

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

profprov.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memcpy
_o_free
_o_malloc
_o_terminate
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__C_specific_handler
__std_terminate
__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

memset

atl

ord30

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
GetModuleFileNameW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapReAlloc
GetProcessHeap

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentProcess
TerminateProcess
OpenThreadToken
GetCurrentProcessId
SetThreadToken
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseMutex
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ReleaseSemaphore
CreateSemaphoreExW
OpenSemaphoreW
WaitForSingleObjectEx
CreateMutexExW

api-ms-win-core-com-l1-1-0

StringFromCLSID
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoGetCallContext
CoRevertToSelf
CoSetProxyBlanket

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegDeleteValueW
RegEnumValueW
RegSetValueExW
RegDeleteKeyExW
RegOpenCurrentUser
RegCreateKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW

oleaut32

VariantInit
VariantChangeType
SafeArrayDestroy
SysFreeString
SysStringByteLen
VariantClear
SysStringLen
SysAllocString
VariantCopy
SysAllocStringLen
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayCreate
SafeArrayCopy
VariantCopyInd
SafeArrayLock
SafeArrayRedim
SafeArrayUnlock
SafeArrayGetVartype

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-file-l1-1-0

CompareFileTime
FindFirstFileW
FindClose

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

userenv

DeleteProfileW
ord208

rpcrt4

I_RpcExceptionFilter
NdrClientCall3
RpcStringBindingComposeW
RpcStringFreeW
RpcBindingFromStringBindingW
RpcBindingFree

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-security-base-l1-1-0

IsValidSid
RevertToSelf
GetTokenInformation
ImpersonateLoggedOnUser

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-core-heap-l2-1-0

LocalFree

profapi

ord104

ntdll

RtlNtStatusToDosError
RtlExpandEnvironmentStrings
EtwTraceMessage

shlwapi

SHDeleteKeyW
StrToInt64ExW

wtsapi32

WTSQueryUserToken

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
profsvc.dll
.dll windows:10 windows x64 arch:x64

6ad42da9f2b7db371c20ed8e53da2f35

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

profsvc.pdb

Imports

msvcp_win

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset
strncmp
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__wcsicmp
_o__wcslwr
memmove
_o__wcsnicmp
_o_ceilf
_o_free
_o_malloc
_o_realloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o__crt_atexit
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_narrow_argv
_o__cexit
_o__callnewh
__C_specific_handler
wcschr
__std_terminate
__CxxFrameHandler4
wcsrchr
wcsstr
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
FreeLibrary
LoadLibraryExW
FindStringOrdinal
GetModuleHandleW
DisableThreadLibraryCalls
FindResourceExW
LockResource
GetProcAddress
LoadResource

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
CreateEventW
WaitForSingleObject
ReleaseMutex
InitializeCriticalSection
ResetEvent
SetEvent
WaitForSingleObjectEx
CreateEventExW
OpenSemaphoreW
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseSRWLockShared
AcquireSRWLockShared
CreateMutexExW
InitializeSRWLock
CreateSemaphoreExW
WaitForMultipleObjectsEx
ReleaseSRWLockExclusive
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapReAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentThreadId
SetThreadToken
GetCurrentProcess
TerminateProcess
GetCurrentThread
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegFlushKey
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyExW
RegQueryValueExW
RegGetValueW
RegSaveKeyExW
RegCopyTreeW
RegDeleteTreeW
RegEnumKeyExW
RegGetKeySecurity
RegSetKeySecurity
RegOpenKeyExW
RegQueryInfoKeyW
RegOpenCurrentUser

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
CompareStringW

api-ms-win-security-base-l1-1-0

GetSidSubAuthorityCount
GetSidIdentifierAuthority
GetSidSubAuthority
AllocateAndInitializeSid
InitializeAcl
ImpersonateLoggedOnUser
RevertToSelf
CreateWellKnownSid
MakeAbsoluteSD
GetAce
AddAce
GetTokenInformation
GetLengthSid
CopySid
EqualSid
DeleteAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorControl
GetSecurityDescriptorControl
IsValidSid
DuplicateTokenEx
CheckTokenMembership
GetSecurityDescriptorSacl
ImpersonateSelf
GetFileSecurityW
GetSecurityDescriptorDacl
AddAccessAllowedAce

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetTickCount64
GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalAlloc
LocalFree

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-core-file-l1-1-0

CreateFileW
DeleteFileW
GetFileTime
SetFileAttributesW
FindClose
FindNextFileW
RemoveDirectoryW
GetFileAttributesW
FindFirstFileW
CreateDirectoryW
GetFileAttributesExW
CompareFileTime
GetShortPathNameW
WriteFile

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-threadpool-l1-2-0

TrySubmitThreadpoolCallback
CloseThreadpoolCleanupGroup
CreateThreadpoolCleanupGroup
CallbackMayRunLong
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolCleanupGroupMembers

api-ms-win-core-path-l1-1-0

PathCchAddBackslashEx
PathAllocCanonicalize

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsUNCServerW
PathRemoveFileSpecW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

ntdll

RtlGetActiveConsoleId
NtQueryInformationFile
NtClose
NtQueryValueKey
NtDeleteKey
NtSetValueKey
NtCreateKey
RtlFreeSid
RtlAllocateAndInitializeSid
NtUnloadKey2
NtUnloadKeyEx
NtOpenKey
NtUnloadKey
NtLoadKeyEx
NtLoadKey3
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
RtlFreeUnicodeString
NtQueryOpenSubKeysEx
RtlDestroyEnvironment
RtlLengthSid
RtlQueryEnvironmentVariable
RtlSetEnvironmentVar
RtlCreateEnvironment
NtQueryObject
RtlAdjustPrivilege
RtlNtStatusToDosError
RtlExpandEnvironmentStrings
EtwEventActivityIdControl
RtlEqualSid
RtlSubAuthorityCountSid
RtlIdentifierAuthoritySid
RtlSubAuthoritySid
EtwEventWriteTransfer
EtwEventSetInformation
EtwEventRegister
NtCreateFile
NtSetInformationFile
RtlUpcaseUnicodeChar
RtlAllocateHeap
RtlReAllocateHeap
RtlFreeHeap
ZwEnumerateKey
ZwClose
RtlGetNativeSystemInformation
ZwQuerySystemInformation
ZwOpenKey
RtlInitUnicodeStringEx
ZwQueryValueKey
EtwEventUnregister
EtwTraceMessage

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWriteTransfer

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

GetExclusionListFromRegistry
GetUserChoiceForSlowLink
GetUserPreferenceValue
UserProfileServiceMain

Sections

.text
Size: 384KB - Virtual size: 382KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
profsvcext.dll
.dll windows:10 windows x64 arch:x64

f02d6d171d9b47981e2b15de9869f2b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

profsvcext.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o__wcsnicmp
_o_free
_o_malloc
_o_rand
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o__crt_atexit
_o___stdio_common_vswprintf
_o__configure_narrow_argv
_o___stdio_common_vsnprintf_s
_o__cexit
_o__execute_onexit_table
_o__errno
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__callnewh
__std_terminate
__CxxFrameHandler4
_CxxThrowException
__CxxFrameHandler3
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW
GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
CreateSemaphoreExW
LeaveCriticalSection
ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
EnterCriticalSection
WaitForSingleObjectEx
DeleteCriticalSection
AcquireSRWLockShared
OpenSemaphoreW
ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockExclusive
CreateEventExW
SetEvent
InitializeCriticalSectionEx

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapReAlloc
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
SetThreadToken
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentThread
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoRevokeClassObject
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoRegisterClassObject
CoGetCallContext
CoRevertToSelf
CoInitializeEx
CoUninitialize

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalFree
GlobalFree
LocalReAlloc
LocalAlloc

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemTimeAsFileTime
GetVersionExW
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
RevertToSelf
DuplicateTokenEx
GetLengthSid
ImpersonateSelf
PrivilegeCheck
GetTokenInformation
CopySid

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegDeleteValueW
RegGetValueW
RegEnumValueW
RegSetValueExW
RegCloseKey
RegSaveKeyExW
RegOpenCurrentUser
RegQueryValueExW
RegCreateKeyExW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-file-l1-1-0

GetFileAttributesExW
DeleteFileW
GetFileAttributesW
CreateFileW
GetFileTime
SetFileTime
CreateDirectoryW
SetFileAttributesW
RemoveDirectoryW
FlushFileBuffers

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l2-1-0

CharUpperBuffW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-security-activedirectoryclient-l1-1-0

DsCrackNamesW
DsUnBindW
DsBindWithSpnExW
DsFreeNameResultW

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW
WritePrivateProfileStringW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathRemoveFileSpecW
PathIsUNCServerW
PathStripToRootW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

ntdll

RtlUnsubscribeWnfNotificationWaitForCompletion
EtwEventSetInformation
NtCreateFile
EtwTraceMessage
NtQueryInformationFile
EtwEventWriteTransfer
EtwEventUnregister
EtwEventRegister
RtlAppendUnicodeStringToString
RtlSubscribeWnfStateChangeNotification
RtlInitUnicodeString
RtlNtStatusToDosError
RtlQueryWnfStateData
NtFsControlFile
RtlAdjustPrivilege
NtClose
RtlFreeUnicodeString
RtlStringFromGUID
NtReadFile
NtWriteFile

user32

MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
PeekMessageW

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

profsvc

GetUserChoiceForSlowLink
GetUserPreferenceValue

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-kernel32-private-l1-1-1

PrivCopyFileExW

Exports

Exports

ConnectToRoamingVhdProfile
CreateRoamingProviderInstance
InitializeSuspendFolderPolicyAndUploadTaskConfig
RefreshSuspendFolderPolicyAndUploadTaskConfig
StartRoamingClassFactories
StopRoamingClassFactories
WaitForNetworkForRoamingProfile

Sections

.text
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
proquota.exe
.exe windows:10 windows x64 arch:x64

3f32c4f6ebfec67c604916772e1803f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

proquota.pdb

Imports

advapi32

RegQueryValueExW
SetSecurityInfo
RegOpenKeyExW
GetAce
RegCloseKey
GetSecurityInfo

kernel32

CompareStringW
CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
FindNextFileW
GetCurrentProcess
ReleaseSemaphore
GetModuleHandleExW
ExpandEnvironmentStringsW
WaitForMultipleObjects
SetProcessShutdownParameters
CompareStringOrdinal
SetThreadPriority
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetEnvironmentVariableW
FindClose
WaitForSingleObject
LocalAlloc
GetCurrentThreadId
OpenEventW
FindFirstFileW
ResumeThread
ExitThread
FindFirstChangeNotificationW
CreateEventW
Sleep
FormatMessageW
GetTickCount64
GetLastError
OutputDebugStringW
SetEvent
FindCloseChangeNotification
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
CreateThread
HeapSetInformation
HeapAlloc
FindNextChangeNotification
GetProcAddress
CreateMutexExW
LocalFree
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
LocalReAlloc
DebugBreak
IsDebuggerPresent
GetModuleFileNameA
ReleaseMutex

user32

PostQuitMessage
CheckDlgButton
KillTimer
GetDlgItem
GetClientRect
LoadIconW
TranslateMessage
IsDlgButtonChecked
SendDlgItemMessageW
ShutdownBlockReasonCreate
RegisterClassW
SetDlgItemTextW
DestroyIcon
SetTimer
GetDesktopWindow
LoadStringW
GetSystemMetrics
EndDialog
SendMessageW
CreateWindowExW
MessageBoxW
SetWindowPos
GetWindowRect
PostMessageW
DefWindowProcW
GetMessageW
GetWindowLongW
GetParent
DialogBoxParamW
SetForegroundWindow
LoadImageW
DispatchMessageW
ShutdownBlockReasonDestroy

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit

api-ms-win-crt-private-l1-1-0

_o___p__commode
_o___std_exception_copy
_o___std_exception_destroy
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__cexit
_o__configthreadlocale
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_free
_o_terminate
__current_exception
__current_exception_context
__std_terminate
__C_specific_handler
__CxxFrameHandler4
_CxxThrowException
memcpy

api-ms-win-crt-string-l1-1-0

memset

shell32

SHGetFileInfoW
Shell_NotifyIconW
ord60

userenv

UnregisterGPNotification
RegisterGPNotification

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

comctl32

ord17

ole32

CoInitialize

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
psr.exe
.exe windows:10 windows x64 arch:x64

40f897d97992716cae54b98881ae2902

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

psr.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
RegGetValueW
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW
RegGetValueA

kernel32

DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
GetFullPathNameW
LocalFree
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateThreadpoolTimer
SetThreadpoolTimer
MultiByteToWideChar
WideCharToMultiByte
AcquireSRWLockShared
ReleaseSRWLockShared
LeaveCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsW
GetFileAttributesW
CreateDirectoryW
CreateEventExW
SetEvent
DeleteFileW
MoveFileExW
Wow64DisableWow64FsRedirection
GetCommandLineW
GetSystemDirectoryW
CreateMutexExW
CreateEventW
CreateMutexW
RegisterWaitForSingleObject
HeapSetInformation
IsWow64Process
GetCurrentProcess
UnregisterWait
RaiseException
InitOnceBeginInitialize
InitializeCriticalSectionEx
InitializeCriticalSection
GetModuleFileNameW
LoadLibraryExW
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
GetSystemTime
SystemTimeToTzSpecificLocalTime
CopyFileW
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
GetSystemTimeAsFileTime
Sleep
LockResource
LoadResource
FindResourceW
EncodePointer
GetProcAddress
HeapAlloc
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
OpenEventW
LoadLibraryExA
VirtualAlloc
VirtualFree
lstrcmpiW
lstrcmpiA
GetModuleHandleExW
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
ResetEvent
QueryPerformanceCounter
InitializeSListHead
GetStartupInfoW
FileTimeToLocalFileTime
CreateFileW
OpenProcess
GetCurrentDirectoryW
SetCurrentDirectoryW
DeleteFileA
GetLocaleInfoEx
TlsAlloc
TlsSetValue
GlobalHandle
WaitForSingleObject
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
InitOnceComplete
GlobalFree
TlsFree
TlsGetValue
lstrlenA
CreateFileA
ReadFile
IsDBCSLeadByte
FileTimeToDosDateTime
FindClose
GlobalReAlloc
lstrcmpA
WriteFile
GetFileAttributesExA
ReplaceFileW
SetFilePointer
DecodePointer
GetFileInformationByHandle
SetFileAttributesW
GetFileAttributesExW
GetDriveTypeA
FindFirstFileA
FindNextFileA
LoadLibraryW
FreeLibrary

gdi32

CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
DeleteDC
GetStockObject
GetObjectW
GetDeviceCaps

user32

GetDlgItemInt
EndDialog
SetDlgItemTextW
EnableWindow
SetDlgItemInt
SendDlgItemMessageW
SetForegroundWindow
DialogBoxParamW
UnregisterClassW
KillTimer
SetTimer
GetWindowRect
GetTitleBarInfo
GetProcessDefaultLayout
LoadCursorW
GetMessageW
CharLowerA
UnregisterClassA
MessageBoxW
SetLayeredWindowAttributes
GetDpiForWindow
DispatchMessageW
AdjustWindowRectExForDpi
PeekMessageA
DispatchMessageA
CharNextA
OemToCharBuffA
CharToOemBuffA
CharPrevA
CharUpperBuffA
RegisterClassExW
CharUpperW
CharNextW
PostThreadMessageW
GetDlgItemTextW
DestroyIcon
TranslateMessage
GetWindowLongW
GetWindowLongPtrW
SetWindowLongPtrW
DestroyAcceleratorTable
GetDesktopWindow
ReleaseDC
GetDC
InvalidateRect
CallWindowProcW
InvalidateRgn
GetClientRect
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
SetWindowLongW
LoadAcceleratorsW
PostQuitMessage
MapDialogRect
SetWindowContextHelpId
TranslateAcceleratorW
LoadIconW
PostMessageW
TrackPopupMenu
EnableMenuItem
DestroyMenu
GetSubMenu
LoadMenuW
DefWindowProcW
GetParent
ClientToScreen
CreateAcceleratorTableW
DestroyWindow
CreateWindowExW
GetClassInfoExW
RedrawWindow
SetWindowPos
GetSysColor
GetClassNameW
IsWindow
SendMessageW
GetDlgItem
GetWindow
SetFocus
GetFocus
IsChild
EndPaint
BeginPaint
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
LoadStringW
GetSystemMetrics
GetSysColorBrush
SystemParametersInfoW
ShowWindow
MapWindowPoints
UpdateWindow

msvcp_win

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

api-ms-win-crt-string-l1-1-0

memset
strncmp

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__getdrive
_o__gmtime32
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__localtime32
_o__mktemp
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__callnewh
_o__wcsicmp
_o__wtoi
_o_abort
_o_calloc
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_mbstowcs_s
_o_qsort
_o_realloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
__current_exception
__current_exception_context
__CxxFrameHandler3
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__C_specific_handler
__std_terminate
__CxxFrameHandler4
strstr
_CxxThrowException
__C_specific_handler_noexcept
memcmp
memcpy
_o__cexit
_o__set_new_mode
memmove

uireng

UirInitializeEngine
UirStopRecordingSession
UirOutCreateOutputFile
UirGetRecordedActionInfo
UirWriteRecordedActionListXml
UirWriteRecordedActionAndCommentListMht
UirWriteUserComments
UirFreeRecordedActionInfo
UirPauseRecordingSession
UirResumeRecordingSession
UirUpdateRecordingSession
UirStartRecordingSession

comctl32

ImageList_Destroy
ImageList_GetIcon
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_Create
ord381

ntdll

EtwEventWriteNoRegistration
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

oleaut32

UnRegisterTypeLi
SysAllocString
LoadTypeLi
RegisterTypeLi
SysStringLen
VarBstrCmp
OleCreateFontIndirect
LoadRegTypeLi
SysStringByteLen
VariantClear
VariantInit
SysAllocStringLen
SysFreeString
GetErrorInfo
SetErrorInfo

ole32

CoCreateInstance
CoInitialize
CreateStreamOnHGlobal
OleLockRunning
CoCreateFreeThreadedMarshaler
CLSIDFromProgID
CLSIDFromString
OleInitialize
OleUninitialize
CoTaskMemAlloc
CoUninitialize
CoTaskMemFree
StringFromGUID2
CoCreateGuid
CoGetClassObject
CoInitializeEx

shell32

SHFileOperationW
ShellExecuteExW
ord171
SHCreateItemInKnownFolder
ShellAboutW
CommandLineToArgvW

shlwapi

PathFindExtensionW
PathAppendW
PathGetArgsW
PathRemoveExtensionW
PathFindFileNameW
PathCombineW
PathRemoveFileSpecW
PathFileExistsW
SHAutoComplete
PathFindExtensionA
PathIsSameRootW
ord216
ord218
PathMatchSpecExA

api-ms-win-crt-time-l1-1-0

_time32

Sections

.text
Size: 252KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ptpprov.dll
.dll windows:10 windows x64 arch:x64

74f3cd00066a272438b2e52f0d94699f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

PtpProv.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_dll
_o__callnewh
memmove
_o_free
_o_log
_o_malloc
_o_rand
_o_srand
_o_wcstoul
_o__crt_atexit
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_CxxThrowException
_set_se_translator
_o___std_type_info_destroy_list
_o___std_exception_destroy
wcschr
_o___std_exception_copy
_o__configure_narrow_argv
_o__cexit
__C_specific_handler
__CxxFrameHandler3
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscspn

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
CreateTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWrite
EventWriteTransfer
EventUnregister

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
CreateSemaphoreExW
ReleaseSemaphore
AcquireSRWLockShared
SetEvent
WaitForMultipleObjectsEx
ReleaseSRWLockExclusive
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
ReleaseMutex
WaitForSingleObjectEx
WaitForSingleObject
OpenSemaphoreW
CreateEventW
DeleteCriticalSection
ReleaseSRWLockShared
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentProcess
GetCurrentThreadId
TerminateProcess
SetThreadStackGuarantee
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle
GetHandleInformation
SetHandleInformation

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlConvertSharedToExclusive
RtlConvertExclusiveToShared
RtlDeleteResource
RtlAllocateHeap
RtlFreeHeap
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlInitializeCriticalSection
RtlInitializeGenericTableAvl
RtlEnterCriticalSection
RtlInsertElementGenericTableAvl
RtlLeaveCriticalSection
RtlLookupElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlDeleteCriticalSection
RtlInitUnicodeString
RtlAcquireResourceShared
RtlReleaseResource
RtlInitializeResource
RtlAcquireResourceExclusive
RtlImageNtHeader

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime
CreateFileW
GetFileSizeEx
WriteFile

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegCloseKey

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

ws2_32

WSAEventSelect
GetAddrInfoW
WSAStartup
setsockopt
WSAGetLastError
socket
WSAAddressToStringW
closesocket
WSAIoctl
FreeAddrInfoW
bind
WSACleanup

iphlpapi

CaptureInterfaceHardwareCrossTimestamp
GetAdaptersAddresses
GetInterfaceActiveTimestampCapabilities

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

nsi

NsiGetAllParameters

msvcp_win

?__ExceptionPtrRethrow@@YAXPEBX@Z
?_Xlength_error@std@@YAXPEBD@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery
VirtualAlloc

Exports

Exports

TimeProvClose
TimeProvCommand
TimeProvOpen

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdpclip.exe
.exe windows:10 windows x64 arch:x64

e0421433defcad674f59db8672487c3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rdpclip.pdb

Imports

user32

MsgWaitForMultipleObjectsEx
PostThreadMessageW
UnregisterClassW
IsClipboardFormatAvailable
GetWindowThreadProcessId
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
EmptyClipboard
GetClipboardOwner
UnionRect
CharNextA
CharPrevA
GetClipboardFormatNameW
ChangeDisplaySettingsExW
GetMessageW
GetWindowRect
IsWindowVisible
EqualRect
EnumChildWindows
EnumDisplayMonitors
IsWindow
CloseDesktop
DispatchMessageW
SetTimer
GetMonitorInfoW
GetLayeredWindowAttributes
IsChild
EnumWindows
TranslateMessage
GetUserObjectInformationW
SetRectEmpty
GetClientRect
KillTimer
GetDesktopWindow
OpenDesktopW
GetParent
GetAncestor
GetWindowRgn
GetWindowTextW
MonitorFromWindow
OffsetRect
CopyRect
ClientToScreen
IntersectRect
GetClassNameW
SetRect
DestroyWindow
SendMessageW
RegisterClipboardFormatW
GetSystemMetrics
EnumDisplayDevicesW
EnumDisplaySettingsW
RegisterDeviceNotificationW
RegisterClassW
UnregisterDeviceNotification
LoadStringW
DefWindowProcW
PostMessageW
SetWindowLongPtrW
CreateWindowExW
GetWindowLongPtrW
RegisterClassExW
PeekMessageW
LoadCursorW
PostQuitMessage
SystemParametersInfoW
SetWinEventHook
GetClassInfoExW
GetWindowTextLengthW
UnhookWinEvent

msvcrt

?terminate@@YAXXZ
memset
memmove
malloc
__getmainargs
__set_app_type
exit
_exit
_cexit
_ismbblead
wcschr
free
__setusermatherr
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
wcsrchr
swprintf_s
_vscwprintf
_wcsnicmp
__CxxFrameHandler4
_initterm
_acmdln
memcpy
memcmp
_CxxThrowException
_fmode
_commode
_lock
_XcptFilter
_callnewh
_unlock
__dllonexit
__C_specific_handler
_errno
_wcsicmp
_wsplitpath_s
_wmakepath_s
memmove_s
_purecall
memcpy_s
_vsnwprintf
_onexit
isalpha
_strnicmp
wcsnlen
strnlen
_amsg_exit
??1type_info@@UEAA@XZ
__CxxFrameHandler3
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FreeLibraryAndExitThread
GetModuleHandleW
GetModuleHandleExW
GetModuleHandleExA
LoadLibraryExW
FreeLibrary
GetProcAddress

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetLastError
SetLastError

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventActivityIdControl
EventRegister

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
CreateEventW
ReleaseMutex
CreateEventExW
ReleaseSRWLockExclusive
WaitForSingleObject
WaitForMultipleObjectsEx
LeaveCriticalSection
AcquireSRWLockExclusive
WaitForSingleObjectEx
ReleaseSemaphore
OpenSemaphoreW
ResetEvent
InitializeCriticalSectionEx
AcquireSRWLockShared
DeleteCriticalSection
InitializeCriticalSection
CreateSemaphoreExW
CreateMutexW
ReleaseSRWLockShared
SetEvent
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapSetInformation
HeapAlloc
GetProcessHeap

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
TlsGetValue
OpenThread
SwitchToThread
GetStartupInfoW
CreateThread
GetCurrentProcess
TlsAlloc
GetCurrentProcessId
GetCurrentThread
OpenThreadToken
QueueUserAPC
ProcessIdToSessionId
TlsSetValue
OpenProcessToken
TlsFree

api-ms-win-core-localization-l1-2-0

IsDBCSLeadByte
FormatMessageW
GetCPInfo

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW
K32GetModuleFileNameExW

api-ms-win-core-file-l1-1-0

CreateFileW
ReadFileEx
WriteFile
SetFilePointerEx
QueryDosDeviceW
GetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
ReadFile
GetTempFileNameW
DefineDosDeviceW
DeleteFileW
GetFileInformationByHandle
CreateDirectoryW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegGetValueW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegEnumValueW

api-ms-win-core-com-l1-1-0

CoUninitialize
CoTaskMemAlloc
CoSetProxyBlanket
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoInitializeEx

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-security-isolatedcontainer-l1-1-1

IsProcessInWDAGContainer

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo
GetVersionExW

rpcrt4

RpcStringBindingParseW
RpcBindingToStringBindingW
NdrServerCall2
RpcServerListen
RpcRevertToSelf
RpcImpersonateClient
RpcServerRegisterIfEx
RpcServerUnregisterIfEx
RpcServerUseProtseqEpW
NdrServerCallAll
RpcStringFreeW
RpcBindingInqAuthClientW

api-ms-win-security-base-l1-1-0

CheckTokenMembership
AllocateAndInitializeSid
FreeSid
DestroyPrivateObjectSecurity
GetTokenInformation
GetLengthSid
CopySid

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
InitOnceInitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

NtCreateFile
EtwEventActivityIdControl
RtlNtStatusToDosError
NtClose
RtlMultiByteToUnicodeN
RtlInitUnicodeString

gdi32

DeleteEnhMetaFile
GetStockObject
DeleteMetaFile
ExtEscape
DeleteDC
CreateDCW
GetRgnBox
CombineRgn
DeleteObject
GetRegionData
CreateRectRgn
OffsetRgn
EqualRgn
CreateRectRgnIndirect
SetRectRgn
GetObjectW
GetPaletteEntries
CreatePalette
CreateMetaFileW
SetMetaFileBitsEx
GetMetaFileBitsEx
CloseMetaFile
PlayMetaFile

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-heap-l2-1-0

LocalAlloc
GlobalAlloc
LocalFree
GlobalFree

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-kernel32-legacy-l1-1-0

GetNamedPipeClientProcessId

api-ms-win-core-namedpipe-l1-1-0

DisconnectNamedPipe
CreateNamedPipeW
ConnectNamedPipe
SetNamedPipeHandleState

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringW

api-ms-win-security-systemfunctions-l1-1-0

SystemFunction036

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString

api-ms-win-core-heap-obsolete-l1-1-0

GlobalSize
GlobalLock
GlobalUnlock

api-ms-win-core-path-l1-1-0

PathCchCanonicalize

Sections

.text
Size: 436KB - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdpcorets.dll
.dll regsvr32 windows:10 windows x64 arch:x64

1ed819de0ea0b33769d7a94918b3bd93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

RdpCoreTS.pdb

Imports

msvcrt

_errno
realloc
swscanf
ceilf
calloc
_callnewh
wcscat_s
free
malloc
sqrtf
vsprintf_s
_onexit
_unlock
_XcptFilter
_amsg_exit
_wtoi
_stricmp
memmove_s
?terminate@@YAXXZ
wcschr
_wfopen
wcsnlen
__dllonexit
_aligned_free
sqrt
wcstombs
vswprintf_s
_wcsnicmp
wcsncmp
_snprintf_s
fprintf
fwrite
fclose
floorf
rand
memcpy
srand
wcsrchr
wcscpy_s
_vsnwprintf
qsort
strnlen
strncpy_s
sprintf_s
isalpha
_strnicmp
__CxxFrameHandler3
_lock
_initterm
log
memcpy_s
memcmp
__C_specific_handler
__CxxFrameHandler4
_aligned_malloc
pow
memset
_purecall
_wcsicmp
swprintf_s
wcsncpy_s
memmove
printf
_wfopen_s
wcscmp

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
ReleaseSemaphore
ReleaseMutex
AcquireSRWLockExclusive
AcquireSRWLockShared
LeaveCriticalSection
ReleaseSRWLockExclusive
DeleteCriticalSection
InitializeCriticalSection
ReleaseSRWLockShared
WaitForSingleObjectEx
InitializeCriticalSectionEx
OpenSemaphoreW
CreateEventW
SetEvent
WaitForSingleObject
ResetEvent
InitializeSRWLock
WaitForMultipleObjectsEx
CreateSemaphoreExW
CreateMutexExW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetVersionExW
GetSystemTime
GetTickCount64
GetSystemDirectoryW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetErrorMode

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetExitCodeThread
GetCurrentThread
GetCurrentThreadId
GetCurrentProcess
SuspendThread
GetCurrentProcessId
OpenThreadToken
TerminateProcess
ResumeThread

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
InitializeConditionVariable
InitOnceExecuteOnce
Sleep
SleepConditionVariableCS
WakeAllConditionVariable

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleW
FreeLibrary
FindResourceExW
GetModuleHandleExW
GetProcAddress
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleExA
SizeofResource
LoadResource
DisableThreadLibraryCalls

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegGetValueW
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegFlushKey
RegNotifyChangeKeyValue
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW

api-ms-win-core-com-l1-1-0

IIDFromString
PropVariantCopy
CoTaskMemRealloc
PropVariantClear
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
CLSIDFromString
CoCreateInstance
StringFromGUID2

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
WideCharToMultiByte

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWrite
EventActivityIdControl
EventWriteTransfer
EventSetInformation

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-file-l1-1-0

FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
DeleteFileW
SetFilePointerEx
WriteFileEx
WriteFile
CreateDirectoryW
ReadFile
GetFileInformationByHandle
GetTempFileNameW
ReadFileEx
CreateFileW

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
BindIoCompletionCallback
MoveFileW

ntdll

RtlNtStatusToDosError
RtlInitializeGenericTable
RtlEnumerateGenericTable
RtlDeleteElementGenericTable
WinSqmAddToStream
WinSqmSetDWORD
WinSqmEndSession
WinSqmStartSession
WinSqmIsOptedIn
RtlIpv4StringToAddressW
NtCreateFile
RtlInitUnicodeString
NtQuerySystemInformation
RtlInsertElementGenericTable
RtlLookupElementGenericTable
RtlIpv6StringToAddressW

api-ms-win-core-io-l1-1-0

GetOverlappedResult
CancelIoEx
DeviceIoControl

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer
ChangeTimerQueueTimer
UnregisterWaitEx

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
GlobalAlloc
GlobalFree

api-ms-win-security-base-l1-1-0

GetTokenInformation
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
SetSecurityDescriptorDacl
MakeSelfRelativeSD
GetSecurityDescriptorLength
AccessCheckAndAuditAlarmW
InitializeSecurityDescriptor
IsValidSid
RevertToSelf
ImpersonateLoggedOnUser

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetCPInfo
IsDBCSLeadByte

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA
DebugBreak

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-rtlsupport-l1-1-0

RtlCompareMemory
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-security-sddl-ansi-l1-1-0

ConvertSidToStringSidA

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids
TraceMessage
RegisterTraceGuidsW
GetTraceLoggerHandle

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-stringansi-l1-1-0

CharPrevA
CharNextA

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

advapi32

ConvertSecurityDescriptorToStringSecurityDescriptorA

rdpbase

PAL_System_CritSecEnter
PAL_System_CritSecTerminate
PAL_System_AtomicDecrement
PAL_System_AtomicIncrement
PAL_System_CritSecLeave
CAPAPI_GetCapSet
RDPENCHLPREG_ReadValueDWORD
RDPAPI_GetGlobalObject
RDPENCORE_AddGlobalObject
PAL_System_CritSecInit
RDPWSStreamConnector_CreateInstance
RDPServerStackDiagnostics_LogCheckpoint
ICETransportContext_CreateInstance
PAL_System_ConvertToAndFromWideChar
RDPServerStackDiagnostics_LogFailure
RDPServerStackDiagnostics_GetSymbolicNameFromCode
RDPServerStackDiagnostics_LogDisconnect
RDPServerStackDiagnostics_LogContext
PAL_System_AtomicCompareAndExchangePointer
RdpX_AtomicIncrement32
RdpX_AtomicDecrement32
RdpX_Threading_CreateCriticalSection
RDPServerStackDiagnostics_Register
?RdpPerfLoggerStaticInitialize@@YAXXZ
RDPServerStackDiagnostics_Unregister
?RdpPerfLoggerStaticTerminate@@YAXXZ
RDPBASE_CreateInstance
PAL_System_GetNumberOfProcessors
PAL_System_ThreadGetId
PAL_System_Sleep
PAL_System_SwitchToThread
PAL_System_AtomicCompareAndExchange
TSCreateCoreEvents
TSAlloc
TSFree
TRC_TraceBufferW
MemCopyAligned_SSE
MemMoveReverseAligned_SSE
GetSupportedSSELevel_SSE
?NSRunLengthDecode@@YAKPEBEKPEAEK@Z
PAL_System_MemAlloc
PAL_System_MemFree
RdpX_GetActivityIdPrefix
RgnlibBA_CreateInstance
RDPAPI_GetGenericCounter
PAL_System_CritSecIsLockedByCurrentThread
RDPAPI_GetLongCounter

rdpserverbase

ImgClassifierTrainingDataProvider_Unregister
?LogRDPGraphicsErrorStrings@RDPGraphicsTraceLogging@@YAXPEAD0IJ@Z
?RDPServerStackQOE_Unregister@@YAXXZ
?RDPGraphicsTraceLogging_Unregister@RDPGraphicsTraceLogging@@YAXXZ
RDPEncryptionTraceLogging_Unregister
?LogRDPGraphicsFirstNonBlackFramePostLogon@RDPGraphicsTraceLogging@@YAXI@Z
ImgClassifierTrainingDataProvider_Register
?RDPServerStackQOE_Register@@YAJXZ
?LogRDPGraphicsSubsampleAdapter@RDPGraphicsTraceLogging@@YAXPEBGII@Z
?GetGfxPipeSettingUINT@@YAJPEAGIPEAI@Z
?RDPGraphicsTraceLogging_Register@RDPGraphicsTraceLogging@@YAJXZ
RDPEncryptionTraceLogging_Register
?LogRDPGraphicsFirstNonBlackFrame@RDPGraphicsTraceLogging@@YAX_K@Z
?GetGfxPipeSettingBOOL@@YAJPEAGHPEAH@Z
?LogRDPGraphicsSubsampleFailure@RDPGraphicsTraceLogging@@YAXJI@Z
?LogRDPGraphicsVOBRHint@RDPGraphicsTraceLogging@@YAXI_KII@Z
?GetGraphicsSourceContext@RdpSurface@@QEAAJPEAPEAUIRdpGFXSourceUpdateContext@@@Z
RDPSERVERBASE_CreateInstance
?GetEncodingPixelMap@RdpSurface@@QEAAJPEAPEAVPixelMap@@@Z

api-ms-win-core-namedpipe-l1-1-0

ConnectNamedPipe
CreateNamedPipeW
PeekNamedPipe
DisconnectNamedPipe
SetNamedPipeHandleState

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW
PathGetDriveNumberW
PathSkipRootW
PathUnquoteSpacesW
PathIsUNCW
PathQuoteSpacesW

api-ms-win-core-url-l1-1-0

UrlIsW

api-ms-win-core-perfcounters-l1-1-0

PerfCreateInstance
PerfDeleteInstance
PerfStartProviderEx
PerfSetCounterSetInfo
PerfSetULongCounterValue
PerfIncrementULongCounterValue
PerfStopProvider

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalSize
GlobalLock

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

tlscsp

ord1
ord3
ord4
ord7
ord2

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString

api-ms-win-core-path-l1-1-0

PathCchCanonicalize

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RFX_CreatePluginFactory

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 284KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdpcredentialprovider.dll
.dll windows:10 windows x64 arch:x64

9bf0b16692bd7a0d297aa496e395b5b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

RdpCredentialProvider.pdb

Imports

msvcrt

_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
_amsg_exit
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_initterm
__C_specific_handler
_lock
__CxxFrameHandler3
_callnewh
_purecall
free
malloc
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
memcpy
memmove
_XcptFilter
??0exception@@QEAA@AEBV0@@Z
??3@YAXPEAX@Z
memset

advapi32

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CredUnmarshalCredentialW
EventWriteTransfer
EventSetInformation
EventRegister
EventUnregister

kernel32

ReleaseSRWLockShared
EncodePointer
InitOnceExecuteOnce
GetSystemTimeAsFileTime
GetTickCount
AcquireSRWLockShared
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
Sleep
QueryPerformanceCounter
RtlCaptureContext
GetCurrentProcessId
HeapFree
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DecodePointer
GetLastError
DisableThreadLibraryCalls
GetProcessHeap
HeapAlloc

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

crypt32

CertCloseStore
CertGetCertificateContextProperty
CertFindCertificateInStore
CertOpenStore
CertFreeCertificateContext

api-ms-win-core-com-l1-1-0

CoGetMalloc
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc

sspicli

LsaDeregisterLogonProcess
LsaLookupAuthenticationPackage
LsaConnectUntrusted

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdpserverbase.dll
.dll windows:10 windows x64 arch:x64

acd3706d0d761e7efd66c293bc26a2b8

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f5:01:94:79:74:98:df:8b:5a:15:86:90:d0:a1:da:95:91:2e:07:29:34:b6:96:5d:06:c9:a2:d2:cf:fc:37:c0
Signer

Actual PE Digest

f5:01:94:79:74:98:df:8b:5a:15:86:90:d0:a1:da:95:91:2e:07:29:34:b6:96:5d:06:c9:a2:d2:cf:fc:37:c0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

rdpserverbase.pdb

Imports

msvcrt

rand
time
srand
__CxxFrameHandler4
vsprintf_s
towupper
wcstok_s
_wcsicmp
_wcsnicmp
_vsnprintf
sprintf_s
vswprintf_s
qsort
_snwprintf_s
memcpy_s
_vsnwprintf
memcmp
__RTDynamicCast
_aligned_free
_aligned_malloc
calloc
_purecall
wcstombs
_strlwr
strncmp
strtok_s
_stricmp
_strnicmp
_callnewh
__CxxFrameHandler3
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
strcmp
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
memset
memmove
memcpy
wcscmp

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation
EventActivityIdControl
EventWriteTransfer

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
GetTraceEnableLevel

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
GetModuleHandleExA
DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleFileNameA
LoadLibraryExW
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
Sleep
InitOnceExecuteOnce
SleepConditionVariableSRW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
CreateThread
ProcessIdToSessionId
TerminateProcess
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetTickCount
GetVersionExW
GetComputerNameExW
GetSystemInfo
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter

rdpbase

?GetMillisecondCount64@PipelineClock@@QEAA_KXZ
?CreateInstance@CRdpGfxCapsSet@@SAJPEAXKPEAPEAUIRdpGfxCapsSet@@@Z
?SetDecodeBuffer@RdpGfxProtocolBaseDecoder@@IEAAXPEBEI@Z
??1RdpGfxProtocolBaseDecoder@@IEAA@XZ
??0RdpGfxProtocolBaseDecoder@@IEAA@XZ
CAPAPI_InitializeCombinedCaps
CAPAPI_MergeCombinedCaps
CAPAPI_AddCapSet
DecryptData
CAPAPI_GetCapSet
EncryptData
UpdateSessionKey
RDP_RC4AllocKey
MakeSessionKeys
RDP_RC4FreeKey
RDPCompressEx
RDPDecompress
RDPDeCompress_GetContextSize
?ProcessAlignedData_SSE2@SSECBCHash2@@AEAAXPEBIIII@Z
RDPCompress_GetContextSize
RdpUnionRect
RDPServerStackDiagnostics_LogContext
?IsSupportedVersion@CRdpGfxCaps@@SAHK@Z
PAL_System_AtomicCompareAndExchangePointer
RDPAPI_GetGlobalObject
?GetTimeHNS@PipelineClock@@QEAA_JXZ
?AlphaCompressor__CreateInstance@@YAJPEAPEAUIRdpImageCompressor@@@Z
?CreateInstance@PlanarCompressor@@SAJGGEHHHPEAPEAUIRdpImageCompressor@@@Z
CRDPCacCodecEncoder_CreateInstance
?ProcessAlignedData_AVX@SSECBCHash2@@AEAAXPEBIIII@Z
?ProcessUnalignedData_REG@SSECBCHash2@@AEAAXPEBIIII@Z
CRDPNsCodec_CreateInstance
?GetTickCount@PipelineClock@@QEAAIXZ
RDPCompress_InitSendContext
RDPCompress_InitRecvContext
?UpdateKeys@SSECBCHash2@@AEBAXXZ
CRDPCacVideoCodecForHardwareClient_CreateInstance
RDPServerStackDiagnostics_LogCheckpoint
PAL_System_MemAlloc
GridBA_CreateInstance
GetSupportedSSELevel_SSE
SubtractRects
RDPBASE_CreateInstance
CRdpFIPSEncryption_CreateInstance
MemEqual
?Compress@NSCodecCompressor@@QEAA_NAEBVPixelMap@@_NPEAEIAEAI@Z
?CreateInstance@NSCodecCompressor@@SA_N_N00EAEAV?$TCntPtr@VNSCodecCompressor@@@@@Z
MemMoveReverseAligned_SSE
RDPAPI_GetLongCounter
?DecompressRdp8__CreateInstance@@YAJPEAPEAVIRdpPipeDecompress@@@Z
RDP_RsaBCryptPubKeyToBSafePubKey
RDP_RsaBCryptGenerateRsaKeyPair
RDP_MD5Init
RDP_MD5Final
RDP_RsaBCryptDecryptPrivate
RDP_MD5Update
RDPENCHLPREG_ReadValueDWORD
RdpIntersectRect
PAL_System_CritSecIsLockedByCurrentThread
ApplySobelFilterOnLum
??0RdpEncodeBuffer@@QEAA@PEAVITSObjectPool@@@Z
?CreateInstance@RdpEncodeBuffer@@SAJPEAVRdpEncodeBufferPool@@KPEAPEAV1@@Z
?RdpGfxProtocolServerEncoder_CreateInstance@@YAJPEAVIRdpEncoderIO@@PEAPEAVIRdpPipeProtocolEncoderEx@@@Z
?HintCoconet__CreateInstance@@YAJPEAPEAVIRdpPipeCompressHintProvider@@@Z
?CompressRdp8__CreateInstance@@YAJPEAPEAVIRdpPipeCompress@@I@Z
DrawHLine
DrawVLine
DrawBox
??0SSECBCHash2@@QEAA@XZ
?InsertEntry@Evict@@QEAAXPEAU_SCORE_ENTRY@@K@Z
?GetFreeEntry@Evict@@QEAAPEAU_SCORE_ENTRY@@XZ
?ParkEntry@Evict@@QEAAXPEAU_SCORE_ENTRY@@@Z
PAL_System_AtomicDecrement
PAL_System_AtomicIncrement
PAL_System_GetNumberOfProcessors
MemCopyAligned_SSE
ApplyLuminanceFilter
ExpandRectForSSE
PAL_System_CritSecEnter
PAL_System_CritSecLeave
?SearchCache@CRDPCache@@UEAAJIIPEAPEAUIUnknown@@PEAI@Z
RdpX_GetActivityIdPrefix
??0CRDPCache@@QEAA@XZ
?CreateInstance@HashTable@@SAJKKPEAPEAUIHashBucket@@@Z
?CreateInstance@Evict@@SAJKKKKKPEAPEAV1@@Z
?ProcessAlignedData_SSE41@SSECBCHash2@@AEAAXPEBIIII@Z
??1Evict@@QEAA@XZ
?PromoteEntry@Evict@@QEAAXKK@Z
??1CRDPCache@@UEAA@XZ
PAL_System_CritSecTerminate
PAL_System_CritSecInit
?GetInstance@PipelineClock@@SAAEAV1@XZ
?GetMillisecondCount@PipelineClock@@QEAAIXZ
RgnlibBA_CreateInstance
PAL_System_MemFree
RdpX_DateTime_GetHighResolutionTimeSinceReboot
RDPAPI_GetGenericCounter
PAL_System_SemaphoreAlloc
?UnevictEntry@Evict@@QEAAXPEAU_SCORE_ENTRY@@@Z
?EvictEntry@Evict@@QEAAPEAU_SCORE_ENTRY@@XZ
PAL_System_SemaphoreAcquire
PAL_System_SemaphoreRelease
PAL_System_HandleFree
?SetCacheEntry@CRDPCache@@UEAAJIIPEAUIUnknown@@PEAI@Z
PAL_System_ThreadGetId
PAL_System_AtomicCompareAndExchange
PAL_System_SwitchToThread
PAL_System_Sleep
?ClearCache@CRDPCache@@UEAAJXZ
?Reset@CRDPCache@@UEAAJI@Z

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegGetValueW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
WaitForSingleObject
OpenSemaphoreW
InitializeCriticalSection
LeaveCriticalSection
ReleaseSemaphore
AcquireSRWLockExclusive
ReleaseMutex
CreateMutexExW
InitializeSRWLock
CreateSemaphoreExW
ReleaseSRWLockShared
DeleteCriticalSection
ReleaseSRWLockExclusive
WaitForSingleObjectEx
CreateEventW
ResetEvent
CreateMutexW
InitializeCriticalSectionAndSpinCount
SetEvent
EnterCriticalSection

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformation

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

api-ms-win-core-memory-l1-1-0

VirtualFree
MapViewOfFileEx
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
VirtualAlloc
OpenFileMappingW

api-ms-win-security-base-l1-1-0

GetLengthSid
CopySid
AddAce
IsValidSid

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-com-l1-1-0

CLSIDFromString
StringFromGUID2
CoTaskMemFree
StringFromIID
CoCreateGuid
CoTaskMemAlloc

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask
GetNativeSystemInfo

api-ms-win-core-threadpool-l1-2-0

StartThreadpoolIo
WaitForThreadpoolIoCallbacks
CloseThreadpoolIo
CreateThreadpoolWork
CreateThreadpoolIo
CloseThreadpoolWork
CancelThreadpoolIo
SubmitThreadpoolWork

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoInitialize
RoActivateInstance
RoUninitialize

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
RegisterWaitForSingleObject

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

ntdll

NtQuerySystemInformation
NtSetInformationThread
RtlVerifyVersionInfo
RtlIpv6StringToAddressW

api-ms-win-security-lsapolicy-l1-1-0

LsaFreeMemory
LsaOpenPolicy
LsaQueryInformationPolicy
LsaClose

Exports

Exports

?GetEncodingPixelMap@RdpSurface@@QEAAJPEAPEAVPixelMap@@@Z
?GetGfxPipeSettingBOOL@@YAJPEAGHPEAH@Z
?GetGfxPipeSettingUINT@@YAJPEAGIPEAI@Z
?GetGraphicsSourceContext@RdpSurface@@QEAAJPEAPEAUIRdpGFXSourceUpdateContext@@@Z
?GetTileFirst@Tiler@@QEAAJPEBURdpRect@@PEAU2@@Z
?GetTileNext@Tiler@@QEAAJPEAURdpRect@@@Z
?Initialize@Tiler@@QEAAJPEBURdpRect@@0@Z
?LogRDPGraphicsErrorStrings@RDPGraphicsTraceLogging@@YAXPEAD0IJ@Z
?LogRDPGraphicsFirstNonBlackFrame@RDPGraphicsTraceLogging@@YAX_K@Z
?LogRDPGraphicsFirstNonBlackFramePostLogon@RDPGraphicsTraceLogging@@YAXI@Z
?LogRDPGraphicsSubsampleAdapter@RDPGraphicsTraceLogging@@YAXPEBGII@Z
?LogRDPGraphicsSubsampleFailure@RDPGraphicsTraceLogging@@YAXJI@Z
?LogRDPGraphicsVOBRHint@RDPGraphicsTraceLogging@@YAXI_KII@Z
?RDPGraphicsTraceLogging_Register@RDPGraphicsTraceLogging@@YAJXZ
?RDPGraphicsTraceLogging_Unregister@RDPGraphicsTraceLogging@@YAXXZ
?RDPServerStackQOE_Register@@YAJXZ
?RDPServerStackQOE_Unregister@@YAXXZ
CCompressedUpdateContext_CreateInstance
CUpdateContext_CreateInstance
CUpdateDataAccumulator_CreateInstance
ImgClassifierTrainingDataProvider_Register
ImgClassifierTrainingDataProvider_Unregister
RDPEncryptionTraceLogging_Register
RDPEncryptionTraceLogging_Unregister
RDPSERVERBASE_CreateInstance

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 636KB - Virtual size: 632KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdpsharercom.dll
.dll regsvr32 windows:10 windows x64 arch:x64

0b37e852af069d2c34baea13f37956fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

rdpsharercom.pdb

Imports

msvcrt

__C_specific_handler
swprintf_s
rand
sqrtf
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
_initterm
_amsg_exit
qsort
printf
wcstombs
strncpy_s
sprintf_s
_wcsnicmp
isalpha
_strnicmp
_wfopen_s
_XcptFilter
wcscpy_s
_callnewh
wcsncpy_s
_ftime64
_aligned_free
malloc
fclose
_aligned_malloc
free
_wcsicmp
_purecall
memcpy_s
_vsnwprintf
wcsnlen
wcschr
_wcsicoll
__CxxFrameHandler4
?terminate@@YAXXZ
vswprintf_s
fwrite
wcsrchr
calloc
__CxxFrameHandler3
fprintf
wcstoul
strnlen
_resetstkoflw
wcscat_s
log
memcmp
memcpy
memmove
memset
pow
sqrt
wcscmp

oleaut32

UnRegisterTypeLi
RegisterTypeLi
SysAllocString
VarUI4FromStr
SysAllocStringLen
SafeArrayLock
SysStringByteLen
VariantInit
VarBstrCat
SysStringLen
VariantClear
LoadRegTypeLi
SafeArrayCreate
VarBstrCmp
SafeArrayDestroy
LoadTypeLi
SysFreeString
SafeArrayUnlock
VariantCopy
SafeArrayUnaccessData
VariantChangeType
SafeArrayAccessData
SysAllocStringByteLen

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleFileNameW
LoadResource
LoadLibraryExW
SizeofResource
GetModuleFileNameA
FindResourceExW
GetModuleHandleExW
FreeLibrary
DisableThreadLibraryCalls
GetModuleHandleExA

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
LeaveCriticalSection
SetWaitableTimer
AcquireSRWLockShared
CreateSemaphoreExW
CreateWaitableTimerExW
CreateMutexExW
ReleaseSemaphore
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
DeleteCriticalSection
CreateEventW
OpenSemaphoreW
ReleaseSRWLockShared
InitializeSRWLock
WaitForSingleObjectEx
ResetEvent
OpenEventW
WaitForMultipleObjectsEx
EnterCriticalSection
ReleaseMutex
WaitForSingleObject
SetEvent

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
StringFromGUID2
CoInitializeEx

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegQueryInfoKeyW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
GetLastError
SetErrorMode
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW

api-ms-win-core-stringansi-l1-1-0

CharPrevA
CharNextA

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
Sleep
InitOnceExecuteOnce
InitializeConditionVariable
SleepConditionVariableSRW
SleepConditionVariableCS

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
OpenProcessToken
ProcessIdToSessionId
TlsAlloc
GetCurrentProcess
TlsFree
GetCurrentThreadId
CreateThread
GetCurrentProcessId
GetCurrentThread
OpenThreadToken
TlsGetValue
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetVersionExW
GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
OutputDebugStringW
IsDebuggerPresent
DebugBreak

rdpbase

PAL_System_SemaphoreRelease
PAL_System_SemaphoreAcquire
PAL_System_SemaphoreAlloc
RDPAPI_GetLongCounter
GridBA_CreateInstance
DrawBox
RgnlibBA_CreateInstance
GetSupportedSSELevel_SSE
MemMoveReverseAligned_SSE
MemCopyAligned_SSE
TSCreateCoreEvents
TSAlloc
PAL_System_HandleFree
PAL_System_CritSecLeave
PAL_System_CritSecEnter
PAL_System_CritSecInit
PAL_System_CritSecTerminate
RDPAPI_GetGenericCounter
RDPBASE_CreateInstance
PAL_System_AtomicCompareAndExchange
PAL_System_SwitchToThread
PAL_System_Sleep
PAL_System_ThreadGetId
PAL_System_GetNumberOfProcessors
PAL_System_AtomicIncrement
PAL_System_AtomicDecrement
TSFree
RdpTiledSurface_CreateInstance

rdpserverbase

?GetTileNext@Tiler@@QEAAJPEAURdpRect@@@Z
CCompressedUpdateContext_CreateInstance
?GetGfxPipeSettingUINT@@YAJPEAGIPEAI@Z
?GetTileFirst@Tiler@@QEAAJPEBURdpRect@@PEAU2@@Z
?GetGfxPipeSettingBOOL@@YAJPEAGHPEAH@Z
?GetEncodingPixelMap@RdpSurface@@QEAAJPEAPEAVPixelMap@@@Z
?GetGraphicsSourceContext@RdpSurface@@QEAAJPEAPEAUIRdpGFXSourceUpdateContext@@@Z
CUpdateContext_CreateInstance
RDPSERVERBASE_CreateInstance
?Initialize@Tiler@@QEAAJPEBURdpRect@@0@Z

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
LoadLibraryA

api-ms-win-security-base-l1-1-0

GetTokenInformation
SetTokenInformation

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-file-l1-1-0

ReadFile
GetFileInformationByHandle
FindClose
FindNextFileW
FindFirstFileW
CreateFileW
GetTempFileNameW
DeleteFileW
WriteFile
SetFilePointerEx
CreateDirectoryW
GetFileAttributesW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation
EventActivityIdControl

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId
PulseEvent

api-ms-win-security-isolatedcontainer-l1-1-1

IsProcessInWDAGContainer

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-memory-l1-1-0

VirtualQuery

ws2_32

GetHostNameW

api-ms-win-core-psapi-l1-1-0

K32EnumProcessModules
K32GetModuleBaseNameW
K32GetModuleFileNameExW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

crypt32

CryptBinaryToStringW

api-ms-win-security-cryptoapi-l1-1-0

CryptGetHashParam
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptDestroyHash
CryptAcquireContextW
CryptGenRandom

api-ms-win-core-localization-l1-2-0

GetCPInfo
FormatMessageW
IsDBCSLeadByte

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-heap-l2-1-0

GlobalAlloc
GlobalFree

api-ms-win-core-heap-obsolete-l1-1-0

GlobalSize
GlobalUnlock
GlobalLock

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-ntuser-sysparams-l1-1-0

EnumDisplayMonitors
EnumDisplayDevicesW
GetSystemMetrics
GetMonitorInfoW
SystemParametersInfoW
EnumDisplaySettingsExW
EnumDisplaySettingsW

d3d11

D3D11CreateDevice

dxgi

CreateDXGIFactory1

msacm32

acmStreamSize
acmDriverClose
acmStreamClose
acmStreamConvert
acmDriverEnum
acmStreamOpen
acmStreamUnprepareHeader
acmFormatSuggest
acmDriverOpen
acmFormatTagDetailsW
acmStreamPrepareHeader

avrt

AvSetMmThreadCharacteristicsW
AvRevertMmThreadCharacteristics

api-ms-win-ntuser-rectangle-l1-1-0

EqualRect
PtInRect
InflateRect
SetRectEmpty
SetRect
OffsetRect
IsRectEmpty
CopyRect
IntersectRect
UnionRect

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-atoms-l1-1-0

GlobalAddAtomW
GlobalDeleteAtom

api-ms-win-core-path-l1-1-0

PathCchCanonicalize

api-ms-win-rtcore-ole32-clipboard-l1-1-0

OleSetClipboard
OleIsCurrentClipboard
OleGetClipboard

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdpudd.dll
.dll windows:10 windows x64 arch:x64

77d0321ac809c65c16b7c58fc5159792

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cf:1f:84:4c:bf:1e:e5:79:eb:11:67:5b:d1:52:11:b8:69:15:3f:48:8a:48:21:3c:31:71:62:36:15:70:59:c4
Signer

Actual PE Digest

cf:1f:84:4c:bf:1e:e5:79:eb:11:67:5b:d1:52:11:b8:69:15:3f:48:8a:48:21:3c:31:71:62:36:15:70:59:c4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

RDPUDD.pdb

Imports

win32k.sys

EngBugCheckEx
EngAssociateSurface
EngDeletePalette
EngDeleteSurface
EngFreeMem
EngUnlockSurface
EngLockSurface
EngAllocMem
EngCreateDeviceSurface
EngCreateBitmap
EngDeviceIoControl
EngGetCurrentThreadId
EngGetCurrentProcessId
EngCreatePalette
EngStrokePath
EngTextOut
EngBitBlt
EngCopyBits
PATHOBJ_bEnum
PATHOBJ_vGetBounds
PATHOBJ_vEnumStart
XLATEOBJ_iXlate
EngQueryPerformanceCounter
CLIPOBJ_cEnumStart
CLIPOBJ_bEnum
EngQueryPerformanceFrequency
RtlAnsiCharToUnicodeChar

ntoskrnl.exe

ZwOpenProcessTokenEx
ZwQueryInformationToken
ZwClose
ZwOpenSection
RtlInitializeSid
RtlMapGenericMask
RtlSubAuthoritySid
RtlSetDaclSecurityDescriptor
MmUnmapViewInSystemSpace
IoGetFileObjectGenericMapping
KeWaitForMultipleObjects
ObfDereferenceObject
ZwCreateSection
MmMapViewInSystemSpace
RtlInitUnicodeString
IoGetDeviceObjectPointer
RtlLengthSid
RtlLengthRequiredSid
RtlAddAccessAllowedAce
KeSetEvent
ExAllocatePool2
ObReferenceObjectByHandle
PsGetCurrentProcessSessionId
RtlCreateAcl
ExFreePoolWithTag
RtlCreateSecurityDescriptor
SeExports
IoCreateSynchronizationEvent
ZwOpenProcess
RtlLookupElementGenericTableAvl

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 4KB - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdsdwmdr.dll
.dll windows:10 windows x64 arch:x64

3c0777df2b56f3ed0c3a0cb048e7a214

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

rdsdwmdr.pdb

Imports

msvcrt

malloc
memcpy
free
_vsnwprintf
fclose
fwrite
_purecall
_aligned_free
_aligned_malloc
_XcptFilter
memmove_s
_callnewh
memcpy_s
_amsg_exit
_initterm
_lock
_unlock
__dllonexit
__C_specific_handler
_wfopen_s
_onexit
memmove
memcmp
memset

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
GetTraceEnableLevel
RegisterTraceGuidsW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventActivityIdControl
EventRegister
EventUnregister

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount64
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

ResetEvent
ReleaseSRWLockExclusive
EnterCriticalSection
WaitForSingleObjectEx
LeaveCriticalSection
AcquireSRWLockExclusive
DeleteCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
CreateMutexExW
ReleaseSemaphore
ReleaseMutex
InitializeCriticalSectionEx
CreateSemaphoreExW
InitializeCriticalSection
WaitForSingleObject
OpenSemaphoreW
SetEvent
CreateEventW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
ProcessIdToSessionId
GetCurrentProcessId
TerminateProcess
TlsAlloc
SwitchToThread
GetCurrentThreadId
TlsSetValue
TlsFree
GetCurrentProcess
QueueUserAPC
OpenThread
CreateThread

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
FreeLibrary
GetModuleFileNameA
FreeLibraryAndExitThread
GetModuleHandleExA
GetModuleHandleExW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-memory-l1-1-0

CreateFileMappingW

api-ms-win-security-base-l1-1-0

AddAce
CopySid
GetLengthSid
FreeSid
AllocateAndInitializeSid

api-ms-win-core-file-l1-1-0

ReadFileEx
CreateFileW
WriteFile

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-com-l1-1-0

StringFromGUID2

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW
WaitForMultipleObjects

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

user32

DefWindowProcW
CreateWindowExW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
IntersectRect
EqualRect
UnionRect
SetRect
IsWindowVisible
GetWindowLongPtrW
OffsetRect
CopyRect
EnumDisplayDevicesW
IsRectEmpty
DisplayConfigGetDeviceInfo
QueryDisplayConfig
GetDisplayConfigBufferSizes
PostMessageW
DestroyWindow
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
PostThreadMessageW

ntdll

RtlMultiByteToUnicodeN
NtCreateFile
RtlStringFromGUIDEx
NtClose
RtlFreeUnicodeString
RtlAppendUnicodeToString
NtCreateSection
RtlAppendUnicodeStringToString
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification

gdi32

ord1014
D3DKMTVailPromoteCompositionSurface
D3DKMTVailConnect
D3DKMTVailDisconnect
GetObjectW
GetCurrentObject
CombineRgn
ExtEscape
CreateDCW
LineTo
MoveToEx
Polyline
GetRegionData
BitBlt
SelectClipRgn
GetRgnBox
CreatePen
CreateRectRgn
SelectObject
CreateDIBSection
CreateCompatibleDC
ord2000
DeleteDC
DeleteObject

dxgi

CreateDXGIFactory1

api-ms-win-security-provider-l1-1-0

SetSecurityInfo
GetSecurityInfo

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

devobj

DevObjCreateDeviceInfoList
DevObjGetClassDevs
DevObjDestroyDeviceInfoList
DevObjGetDeviceInterfaceDetail
DevObjEnumDeviceInterfaces

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW

winsta

WinStationGetConnectionProperty
WinStationFreePropertyValue
WinStationVirtualOpenEx

wtsapi32

WTSVirtualChannelOpen
WTSVirtualChannelClose
WTSVirtualChannelQuery
WTSFreeMemory

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DwmIndirectCreate
DwmIndirectOutput
DwmIndirectSetDebugFlag

Sections

.text
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
readCloudDataSettings.exe
.exe windows:10 windows x64 arch:x64

952778e7951347b92084f804a66ed621

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

readCloudDataSettings.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm_e
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsnicmp
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_terminate
_o_towlower
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
WaitForSingleObject
ReleaseSemaphore
ReleaseMutex
SetEvent
CreateEventExW
CreateSemaphoreExW
OpenSemaphoreW
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
CoUninitialize
CoInitializeEx
CoCreateFreeThreadedMarshaler

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetStartupInfoW
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InitializeSListHead

oleaut32

SysAllocString
SysStringLen
GetErrorInfo
SetErrorInfo
SysFreeString

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
regapi.dll
.dll windows:10 windows x64 arch:x64

dd757b97d2ed795ec785bed383ee3579

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

regapi.pdb

Imports

msvcrt

wcschr
memmove
_initterm
malloc
free
_amsg_exit
memset
_vsnwprintf
wcscpy_s
_XcptFilter
wcstoul
swscanf
_wcsicmp
_vsnprintf
__C_specific_handler
_wtol
memcpy
wcscmp

ntdll

RtlUnicodeToMultiByteN
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlRunDecodeUnicodeString
RtlRunEncodeUnicodeString
RtlCompareMemory
RtlInitUnicodeString
RtlSelfRelativeToAbsoluteSD
RtlNtStatusToDosError
RtlMakeSelfRelativeSD
RtlMultiByteToUnicodeN

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyExW
RegDeleteTreeW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetVersionExW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
FreeLibrary
GetProcAddress
GetModuleFileNameW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-synch-l1-1-0

CreateEventW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CheckStringForAsciiConversion
GetDomainName
QueryUserConfig
QueryUserProperty
RegBuildNumberQuery
RegCdCreateA
RegCdCreateW
RegCdDeleteA
RegCdDeleteW
RegCdEnumerateA
RegCdEnumerateW
RegCdQueryA
RegCdQueryW
RegCloseServer
RegConsoleShadowQueryA
RegConsoleShadowQueryW
RegCreateMonitorConfigW
RegCreateUserConfigW
RegDefaultUserConfigQueryA
RegDefaultUserConfigQueryW
RegDenyTSConnectionsPolicy
RegFreeUtilityCommandList
RegGetLicensePolicyID
RegGetLicensingModePolicy
RegGetMachinePolicyEx
RegGetMachinePolicyNew
RegGetTServerVersion
RegGetUserConfigFromUserParameters
RegGetUserPolicy
RegIsMachineInHelpMode
RegIsMachinePolicyAllowHelp
RegIsSrcAcceptingConnections
RegIsTServer
RegIsTimeZoneRedirectionEnabled
RegMergeMachineAndProtocolPolicy
RegMergeOnlyMachinePolicy
RegMergeUserConfigWithUserParameters
RegOpenServerA
RegOpenServerW
RegPdCreateA
RegPdCreateW
RegPdDeleteA
RegPdDeleteW
RegPdEnumerateA
RegPdEnumerateW
RegPdQueryA
RegPdQueryW
RegQueryConnectionSettings
RegQueryListenerStart
RegQueryMonitorSettings
RegQueryOEMId
RegQuerySessionSettings
RegQueryUtilityCommandList
RegSAMUserConfig
RegSetLicensePolicyID
RegSetSrcAcceptConnections
RegUserConfigDelete
RegUserConfigQuery
RegUserConfigRename
RegUserConfigSet
RegWdCreateA
RegWdCreateW
RegWdDeleteA
RegWdDeleteW
RegWdEnumerateA
RegWdEnumerateW
RegWdQueryA
RegWdQueryW
RegWinStationAccessCheck
RegWinStationCreateA
RegWinStationCreateW
RegWinStationDeleteA
RegWinStationDeleteW
RegWinStationEnumerateA
RegWinStationEnumerateW
RegWinStationQueryA
RegWinStationQueryDefaultSecurity
RegWinStationQueryEx
RegWinStationQueryExNew
RegWinStationQueryExW
RegWinStationQueryExtendedSettingsW
RegWinStationQueryNumValueW
RegWinStationQuerySecurityA
RegWinStationQuerySecurityW
RegWinStationQueryValueW
RegWinStationQueryW
RegWinStationSetDefaultSecurity
RegWinStationSetExtendedSettingsW
RegWinStationSetNumValueW
RegWinStationSetSecurityA
RegWinStationSetSecurityW
RegWinstationQuerySecurityConfig_Machine
RegWinstationQuerySecurityConfig_Merged
RegWinstationSetSecurityConfig
SetUserProperty
UsrPropGetString
UsrPropGetValue
UsrPropSetString
UsrPropSetValue
WaitForTSConnectionsPolicyChanges

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
remoteaudioendpoint.dll
.dll regsvr32 windows:10 windows x64 arch:x64

7c0f5bc110b566410bbfd50dcd7012e4

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e9:7c:43:ec:c1:7d:dd:8e:bc:a7:06:ed:6d:5b:d2:bb:d4:7c:f3:d5:ff:89:84:e1:d7:42:e4:c2:60:46:f2:f7
Signer

Actual PE Digest

e9:7c:43:ec:c1:7d:dd:8e:bc:a7:06:ed:6d:5b:d2:bb:d4:7c:f3:d5:ff:89:84:e1:d7:42:e4:c2:60:46:f2:f7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

RemoteAudioEndpoint.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
memcpy
_o_free
_o_malloc
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o__execute_onexit_table
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__errno
_o___std_type_info_destroy_list
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_CxxThrowException
__C_specific_handler_noexcept

ntdll

EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

avrt

AvRevertMmThreadCharacteristics
AvCreateTaskIndex
AvSetMmThreadCharacteristicsW
AvSetMmThreadPriority

combase

ord139

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString

rpcrt4

NdrDllCanUnloadNow
NdrDllGetClassObject
NdrDllRegisterProxy
NdrOleAllocate
NdrDllUnregisterProxy
NdrOleFree

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
GetTraceEnableFlags
UnregisterTraceGuids
RegisterTraceGuidsW

api-ms-win-core-libraryloader-l1-2-0

LoadResource
GetProcAddress
FindResourceExW
SizeofResource
FreeLibrary
GetModuleHandleW
LoadLibraryExW
GetModuleFileNameW

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoTaskMemFree
PropVariantClear
CoUninitialize
CoInitializeEx
CoCreateInstance

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryInfoKeyW
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-synch-l1-1-0

CreateEventW
OpenSemaphoreW
OpenEventW
EnterCriticalSection
WaitForSingleObject
CreateSemaphoreExW
ResetEvent
CreateEventExW
InitializeCriticalSection
ReleaseSemaphore
SetEvent
DeleteCriticalSection
LeaveCriticalSection
WaitForMultipleObjectsEx

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

GetThreadLocale
SetThreadLocale

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString

api-ms-win-core-processthreads-l1-1-0

CreateThread
TlsFree
TlsAlloc
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
TlsGetValue
GetCurrentThreadId
TlsSetValue

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-fibers-l1-1-0

FlsFree
FlsSetValue
FlsAlloc

api-ms-win-security-base-l1-1-0

CreateWellKnownSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-memory-l1-1-0

MapViewOfFileEx
VirtualQueryEx
UnmapViewOfFile
OpenFileMappingW
CreateFileMappingW

rtworkq

RtwqCreateAsyncResult
RtwqInvokeCallback

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 32B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_CONST
Size: 4KB - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
remotepg.dll
.dll regsvr32 windows:10 windows x64 arch:x64

14b3ec120fdd647419221ed325cbabf4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

remotepg.pdb

Imports

msvcrt

memcpy
memset
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
wcscpy_s
_callnewh
malloc
_wcsnicmp
wcschr
swprintf_s
vswprintf_s
_wcsicmp
_vsnwprintf
wcscat_s
free
wcscmp

ntdll

WinSqmAddToStream
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

SetLastError
GetCurrentProcess
LocalAlloc
GetVersionExW
FormatMessageW
CloseHandle
GlobalLock
LocalFree
GetComputerNameW
CreateProcessW
FreeLibrary
GetSystemWindowsDirectoryW
GlobalUnlock
GetLastError
Sleep
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
LoadLibraryExW
SetUnhandledExceptionFilter
TerminateProcess
RaiseException
GetProcessHeap
GetModuleFileNameW
UnhandledExceptionFilter
HeapFree
GetProcAddress
HeapAlloc
GetProcessMitigationPolicy
GetModuleHandleExW

user32

MessageBoxW
SendMessageW
EndDialog
GetSystemMetrics
SetWindowTextW
GetWindowLongPtrW
LoadStringW
ShowWindow
OffsetRect
DestroyIcon
CopyRect
RegisterClipboardFormatW
IsWindowEnabled
IsDlgButtonChecked
SetFocus
LoadCursorW
SetCursor
SetWindowLongW
GetDlgItem
CheckDlgButton
GetDesktopWindow
GetParent
LoadImageW
EnableWindow
GetWindowRect
GetFocus
GetDlgCtrlID
SetWindowPos
DialogBoxParamW
SetWindowLongPtrW

oleaut32

SafeArrayUnaccessData
SafeArrayGetElemsize
SafeArrayGetDim
SysFreeString
SafeArrayAccessData
SysAllocString

ole32

CoUninitialize
ReleaseStgMedium
CoTaskMemFree
StringFromCLSID
CoCreateInstance
CoInitializeEx

advapi32

IsValidSid
CopySid
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
OpenProcessToken
RegCloseKey
FreeSid
RegGetValueW
GetTokenInformation
RegQueryValueExW
LookupAccountSidW
GetLengthSid
DuplicateToken
RegEnumKeyExW
AccessCheck
EqualSid
AllocateAndInitializeSid

comctl32

ImageList_ReplaceIcon
DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_Create

shell32

ShellExecuteW
SHGetKnownFolderPath

samcli

NetLocalGroupDelMembers
NetLocalGroupGetMembers
NetUserGetInfo
NetLocalGroupAddMembers

powrprof

GetPwrCapabilities
PowerGetActiveScheme
PowerReadACValue

regapi

RegGetMachinePolicyNew
RegWinstationQuerySecurityConfig_Merged
RegWinstationSetSecurityConfig

netutils

NetApiBufferFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
LaunchRemoteUsersDialog

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
reseteng.dll
.dll windows:10 windows x64 arch:x64

50c1f08323ad64dd2ba615b2ceb2eb57

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ResetEng.pdb

Imports

msvcrt

_snwprintf_s
iswalpha
_vsnprintf
wcsrchr
_set_errno
wcsncmp
_errno
_XcptFilter
memmove
memcpy
_amsg_exit
_initterm
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
_wcsnicmp
_vscwprintf
fflush
fwrite
??3@YAXPEAX@Z
fclose
fread
__CxxFrameHandler3
_CxxThrowException
_onexit
memset
memcmp
?what@exception@@UEBAPEBDXZ
memmove_s
memcpy_s
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
wcsstr
_atoi64
atol
swscanf_s
_wcslwr_s
__C_specific_handler
_purecall
fwprintf_s
sprintf_s
wcsnlen
_wcsicmp
_wfopen_s
_vsnwprintf
malloc
free
??_V@YAXPEAX@Z
__CxxFrameHandler4
wcscpy_s
wcscat_s
_wcsdup
towupper
wcstol
wprintf
wcschr
wcscmp

ntdll

NtSetInformationFile
NtOpenFile
NtQueryInformationFile
RtlAppendUnicodeStringToString
RtlCheckPortableOperatingSystem
RtlAppendUnicodeToString
RtlFreeUnicodeString
RtlAllocateHeap
NtQuerySystemInformation
RtlAdjustPrivilege
NtQueryDirectoryFile
WinSqmEndSession
WinSqmSetString
WinSqmSetDWORD64
WinSqmSetDWORD
WinSqmStartSession
RtlDosPathNameToNtPathName_U
RtlGetVersion
RtlInitUnicodeString
NtClose
RtlRaiseStatus
RtlFreeHeap
RtlNtStatusToDosErrorNoTeb
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlNtStatusToDosError
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

dbghelp

ImageNtHeader

kernel32

GetFileAttributesW
GetTickCount64
GetLocalTime
SystemTimeToFileTime
PowerCreateRequest
PowerSetRequest
ExpandEnvironmentStringsW
GetSystemPowerStatus
GetDiskFreeSpaceExW
GetSystemTimeAsFileTime
Sleep
SetErrorMode
FindFirstVolumeW
GetDriveTypeW
FindNextVolumeW
FindVolumeClose
GetEnvironmentVariableW
SetLastError
MultiByteToWideChar
GetWindowsDirectoryW
GetSystemDirectoryW
CompareStringW
WaitForMultipleObjects
TerminateProcess
GetExitCodeProcess
CreateEventW
CreateThread
SetEvent
WaitForSingleObject
GetVersionExW
GetModuleFileNameW
lstrcmpiW
GetSystemInfo
DeviceIoControl
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
GetFileSize
GetFirmwareEnvironmentVariableW
GetVolumePathNamesForVolumeNameW
GetDiskFreeSpaceW
HeapAlloc
GetProcessHeap
FindFirstFileW
FindNextFileW
FindClose
HeapFree
CreateDirectoryW
SetFileAttributesW
CreatePipe
CreateProcessW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetCurrentDirectoryW
AddDllDirectory
LoadLibraryExW
GetProcAddress
FreeLibrary
GetFinalPathNameByHandleW
SetVolumeMountPointW
LocalAlloc
LocalFree
SetFileTime
CopyFile2
GetFileTime
SetFirmwareEnvironmentVariableW
GetCurrentProcess
RemoveDirectoryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
DeleteFileW
ReadFile
CreateFileW
SetFilePointer
GetFileSizeEx
GetModuleHandleExA
GetVersionExA
OpenEventW
GetFullPathNameW
FindFirstFileExW
RaiseException
HeapSize
IsDebuggerPresent
DebugBreak
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CloseThreadpoolTimer
OutputDebugStringW
ReleaseSRWLockExclusive
FormatMessageW
ReleaseMutex
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
InitializeCriticalSection
LeaveCriticalSection
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
GetModuleFileNameA
MoveFileExW
GetModuleHandleW
GetVolumeInformationW
CreateHardLinkW
GetThreadPreferredUILanguages
WideCharToMultiByte
SleepConditionVariableSRW
SetCurrentDirectoryW
GetSystemWindowsDirectoryW
CopyFileW
GetLastError
WriteFile
CloseHandle
HeapReAlloc
HeapDestroy
WakeAllConditionVariable

reagent

WinReRestoreLogFiles
WinReInstallOnTargetOS
WinReIsWimBootEnabled
WinReGetConfig
WinReSetRecoveryAction
WinReDeleteLogFiles

bcrypt

BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptDestroyHash

wimgapi

WIMLoadImage
WIMGetImageInformation
WIMRegisterMessageCallback
WIMGetAttributes
WIMApplyImage
WIMCloseHandle
WIMExtractImagePath
WIMSetTemporaryPath
WIMCreateFile
WIMSetReferenceFile

wofutil

WofEnumEntries

user32

UnregisterClassA
LoadStringW

shell32

ShellExecuteExW

ole32

CoCreateGuid
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoSetProxyBlanket

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
SysStringLen
VariantCopy
SysAllocStringLen
SysFreeString
VariantClear
VariantInit
SysStringByteLen
SysAllocString

setupapi

SetupDiGetDeviceInterfacePropertyW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDevicePropertyW
SetupDiOpenDeviceInfoW

imagehlp

ImageLoad
ImageUnload

servicingcommon

RtlCreateMicrodom
RtlFreeLUtf8String
RtlConcatenateLUtf8Strings

rpcrt4

RpcStringFreeW
UuidCompare
UuidToStringW

advapi32

EventWrite
SetSecurityInfo
GetSecurityInfo
RegCopyTreeW
RegDeleteTreeW
SetNamedSecurityInfoW
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
ConvertStringSecurityDescriptorToSecurityDescriptorW
TraceMessage
InitiateSystemShutdownExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
GetFileSecurityW
CryptGenRandom
CryptAcquireContextW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExW
StopTraceW
CloseTrace
EnableTraceEx
StartTraceW
RegSetValueExW
RegUnLoadKeyW
RegCloseKey
RegOpenKeyExW
RegSetKeyValueW
RegGetValueW
RegLoadKeyW
EventWriteTransfer
EventSetInformation
EventRegister
EventUnregister

shlwapi

StrCmpIW

bcd

BcdCloseObject
BcdQueryObject
BcdGetElementDataWithFlags
BcdDeleteElement
BcdCloseStore
BcdOpenObject
BcdOpenSystemStore
BcdDeleteSystemStore
BcdImportStore
BcdExportStore
BcdSetElementData
BcdGetElementData
BcdOpenStoreFromFile
SyspartGetSystemPartition
BcdDeleteObject

dismapi

DismDelete
DismCloseSession
_DismAddDriverEx
_DismGetCurrentEdition
DismMountImage
DismUnmountImage
_DismGetOsInfo
DismOpenSession
DismInitialize
_DismSetProductKey
DismShutdown

vssapi

CreateVssBackupComponentsInternal
VssFreeSnapshotPropertiesInternal

tbs

Tbsi_Physical_Presence_Command
Tbsi_GetDeviceInfo
Tbsi_Context_Create
Tbsip_Context_Close

virtdisk

GetStorageDependencyInformation

version

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

wdscore

WdsSetupLogMessageW
WdsGenericSetupLogInit
WdsSetupLogDestroy
ConstructPartialMsgVA
WdsGetSetupLog
ConstructPartialMsgVW
CurrentIP
WdsSetupLogMessageA

Exports

Exports

RjvApplyData
RjvApplyDataEntryPoint
RjvBareMetalResetAvailable
RjvBasicReset
RjvBasicResetChecks
RjvCheckBattery
RjvCheckBitLocker
RjvCheckDiskSpace
RjvCheckOsHealth
RjvCheckWinRE
RjvCleanup
RjvCommitReset
RjvCreateSuccessTaskEntryPoint
RjvDelayedCleanup
RjvDelayedCleanupEntryPoint
RjvFactoryImageAvailable
RjvFactoryReset
RjvFactoryResetChecks
RjvFinalize
RjvGenerateImageBasedBMRConfigData
RjvGenerateReconstructionBMRConfigData
RjvGetCloudRecInfo
RjvGetVolumeInfo
RjvInitializeEngine
RjvInitializeSystemPartitionInfo
RjvIsCloudRec
RjvLoadState
RjvLogFailureEntryPoint
RjvLogSuccessEntryPoint
RjvOfflineCleanup
RjvPDeleteFilesFromVolumeBeforeWimApply
RjvPEraseVolume
RjvPolicyAllowsReset
RjvPostApplyDataEntryPoint
RjvPreApplyDataEntryPoint
RjvPrepareForReset
RjvReInitializeEngine
RjvRePartitionSystemDisk
RjvRePartitionSystemDiskEx
RjvRollBack
RjvSaveState
RjvSendCancelEvent
RjvSetCloudRecInfo
RjvStageBasicReset
RjvStartLogging
RjvStopLogging
RjvSysResetErrBasicEntryPoint
RjvSysResetErrFactoryEntryPoint
RjvTestFunction
RjvUndoPrepareForReset
RjvUninitializeEngine
RjvVerifySystemDiskInfo

Sections

.text
Size: 380KB - Virtual size: 379KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rmttpmvscmgrsvr.exe
.exe windows:10 windows x64 arch:x64

3664857ad048c7ceba1010fc935afc6a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

RmtTpmVscMgrSvr.pdb

Imports

advapi32

RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW
EventWriteTransfer
EventActivityIdControl

kernel32

GetModuleFileNameA
HeapFree
GetModuleHandleExW
GetCurrentThreadId
FormatMessageW
HeapAlloc
GetProcAddress
GetProcessHeap
GetModuleHandleW
DebugBreak
InitializeCriticalSection
GetCommandLineW
SetEvent
DeleteCriticalSection
RaiseException
RaiseFailFastException
OutputDebugStringW
IsDebuggerPresent
Sleep
CloseHandle
WaitForSingleObject
GetLastError
GetModuleFileNameW
LoadLibraryExW
CreateEventW
CreateThread
CreateSemaphoreExW
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
ReleaseSemaphore

user32

CharNextW
PostThreadMessageW
GetSystemMetrics
GetMessageW
CharUpperW
TranslateMessage
DispatchMessageW
UnregisterClassA

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm
_initterm_e
_c_exit

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
__current_exception
__current_exception_context
_CxxThrowException
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__configure_wide_argv
_o__configthreadlocale
_o__callnewh
_o___stdio_common_vswprintf
_o___p__commode
_o___stdio_common_vsnprintf_s
__C_specific_handler
__std_terminate
__CxxFrameHandler4
__C_specific_handler_noexcept
memcpy
memmove

oleaut32

SysFreeString
SysStringLen
UnRegisterTypeLi
LoadTypeLi
RegisterTypeLi
SysAllocString

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoRevertToSelf
CoUninitialize
CoInitializeEx
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoCreateGuid
CoImpersonateClient
CoSuspendClassObjects
CoResumeClassObjects
CoGetMalloc
CoTaskMemAlloc

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetCurrentProcessId

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary

api-ms-win-core-registry-l1-1-0

RegQueryValueExW

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchRemoveFileSpec

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

api-ms-win-security-base-l1-1-0

CreateWellKnownSid

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-file-l1-1-0

CreateDirectoryW

bcrypt

BCryptGetProperty
BCryptEncrypt
BCryptDestroyKey
BCryptCloseAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptOpenAlgorithmProvider

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-heap-l1-1-0

HeapReAlloc

profapi

ord104

ntdll

RtlNtStatusToDosErrorNoTeb
RtlNtStatusToDosError

setupapi

SetupDiGetDevicePropertyW
SetupDiOpenDeviceInfoW
SetupGetInfDriverStoreLocationW
SetupDiCreateDeviceInfoList
SetupDiSetDevicePropertyW
SetupDiDestroyDeviceInfoList

winscard

SCardEndTransaction
SCardReconnect
SCardBeginTransaction
SCardGetCardTypeProviderNameW
SCardGetStatusChangeW
SCardConnectW
SCardDisconnect
SCardListReadersWithDeviceInstanceIdW
SCardAccessStartedEvent
SCardReleaseStartedEvent
SCardReleaseContext
SCardEstablishContext
SCardListCardsW
SCardFreeMemory
SCardListReadersW

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
schannel.dll
.dll windows:10 windows x64 arch:x64

d04cc788037d9eced8eaa791a9617eec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

schannel.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
memmove
_o__wcsicmp
_o__wcsnicmp
_o__wsplitpath_s
_o_free
_o_malloc
_o_memcpy_s
_o_strcat_s
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___std_type_info_destroy_list
wcsrchr
wcsstr
wcschr
__C_specific_handler
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

strcmp
memset
wcscmp
wcsncmp
wcsnlen
memmove_s

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
LocalReAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-security-base-l1-1-0

RevertToSelf
CreateWellKnownSid
AllocateLocallyUniqueId
GetTokenInformation
EqualSid
GetLengthSid

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegFlushKey
RegCreateKeyExW
RegOpenKeyExA
RegNotifyChangeKeyValue
RegQueryValueExW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetProcAddress
DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleW
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualFree
VirtualAlloc
VirtualProtect

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-wow64-l1-1-1

GetSystemWow64DirectoryW

api-ms-win-core-synch-l1-1-0

SetEvent
ResetEvent
TryAcquireSRWLockExclusive
InitializeSRWLock
EnterCriticalSection
CreateEventA
WaitForSingleObjectEx
DeleteCriticalSection
ReleaseMutex
OpenSemaphoreW
WaitForSingleObject
CreateMutexExW
ReleaseSemaphore
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
ReleaseSRWLockShared
CreateEventW
AcquireSRWLockShared
ReleaseSRWLockExclusive
LeaveCriticalSection
AcquireSRWLockExclusive
InitializeCriticalSectionEx

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlCompareMemory
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
OpenThreadToken
GetCurrentThread
GetCurrentThreadId
TerminateProcess
SetThreadStackGuarantee

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetTickCount64
GetComputerNameExW
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedFlushSList
InterlockedPopEntrySList
InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-service-private-l1-1-0

I_QueryTagInformation

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

ntdll

EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlDeleteResource
NtFreeVirtualMemory
NtAllocateVirtualMemory
NtSetInformationThread
RtlIpv4StringToAddressExW
RtlIpv6StringToAddressExW
RtlPublishWnfStateData
RtlCompareUnicodeString
NtEnumerateKey
RtlAllocateHeap
RtlAppendUnicodeToString
NtOpenKey
RtlFreeHeap
NtQueryValueKey
RtlValidSid
RtlSubAuthorityCountSid
RtlImageNtHeader
EtwTraceMessage
WinSqmSetDWORD
RtlRegisterWait
RtlDeregisterWait
RtlFreeUnicodeString
RtlInitAnsiString
RtlInitializeResource
RtlEqualUnicodeString
RtlGetNtProductType
RtlCopySid
RtlLengthSid
RtlSubAuthoritySid
RtlInitializeSid
RtlInitString
RtlAcquireResourceExclusive
EtwEventWrite
EtwEventUnregister
EtwEventRegister
RtlReleaseResource
RtlAcquireResourceShared
RtlNtStatusToDosErrorNoTeb
NtClose
NtDuplicateObject
RtlNtStatusToDosError
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
EtwEventWriteTransfer
RtlConvertSharedToExclusive

api-ms-win-crt-time-l1-1-0

_time32

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AcceptSecurityContext
AcquireCredentialsHandleA
AcquireCredentialsHandleW
ApplyControlToken
CompleteAuthToken
DeleteSecurityContext
EnumerateSecurityPackagesA
EnumerateSecurityPackagesW
FreeContextBuffer
FreeCredentialsHandle
ImpersonateSecurityContext
InitSecurityInterfaceA
InitSecurityInterfaceW
InitializeSecurityContextA
InitializeSecurityContextW
MakeSignature
QueryContextAttributesA
QueryContextAttributesW
QuerySecurityPackageInfoA
QuerySecurityPackageInfoW
RevertSecurityContext
SealMessage
SpLsaModeInitialize
SpUserModeInitialize
SslCrackCertificate
SslDeserializeCertificateStore
SslEmptyCacheA
SslEmptyCacheW
SslFreeCertificate
SslFreeCustomBuffer
SslGenerateRandomBits
SslGetExtensions
SslGetMaximumKeySize
SslGetServerIdentity
SslLoadCertificate
UnsealMessage
VerifySignature

Sections

.text
Size: 524KB - Virtual size: 523KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
securekernel.exe
.sys windows:10 windows x64 arch:x64

797ff62f023f301099b3d49caba68f45

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ed:a4:2b:d8:df:07:ec:38:c2:58:a3:94:a3:21:31:25:c5:23:66:03:aa:78:61:ac:23:e8:a1:e0:52:4f:63:77
Signer

Actual PE Digest

ed:a4:2b:d8:df:07:ec:38:c2:58:a3:94:a3:21:31:25:c5:23:66:03:aa:78:61:ac:23:e8:a1:e0:52:4f:63:77

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

securekernel.pdb

Imports

skci

SkciInitialize
SkciValidateAmeCertChain
SkciTransferVersionResource
SkciValidateDynamicCodePages
SkciValidateImageData
SkciQueryImageUniqueID
SkciQueryImageAuthorID
SkciCompareSigningLevels
SkciCreateSecureImage
SkciSetCodeIntegrityPolicy
SkciCreateCodeCatalog
SkciMatchHotPatch
SkciQueryInformation
SkciFreeImageContext
SkciFinishImageValidation
SkciFinalizeSecureImageHash

cng.sys

BCryptHashData
BCryptDestroyHash
BCryptGetProperty
BCryptFinishHash
BCryptCreateHash
CngGetFipsAlgorithmMode
SystemPrng
BCryptKeyDerivation
BCryptDecrypt
BCryptGenerateSymmetricKey
BCryptImportKeyPair
BCryptEncrypt
EntropyRegisterSource
BCryptVerifySignature
BCryptDestroyKey
BCryptSignHash
BCryptSetProperty
EntropyProvideData
EntropyPoolTriggerReseedForIum
BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider

ext-ms-win-ntos-ksr-l1-1-0

KsrSkInitSystem

ext-ms-win-ntos-vmsvc-l1-1-0

SvcSkInitSystem

Exports

Exports

DbgPrintEx
EtwRegister
EtwSetInformation
EtwUnregister
EtwWrite
EtwWriteTransfer
ExAcquireFastMutex
ExAcquirePushLockExclusiveEx
ExAcquirePushLockSharedEx
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
ExAllocateFromLookasideListEx
ExAllocateFromNPagedLookasideList
ExAllocateFromPagedLookasideList
ExAllocatePool2
ExAllocatePoolWithTag
ExAllocateTimer
ExCreateCallback
ExDeletePagedLookasideList
ExDeleteResourceLite
ExEventObjectType
ExFreePoolWithTag
ExFreeToLookasideListEx
ExFreeToNPagedLookasideList
ExFreeToPagedLookasideList
ExInitializePagedLookasideList
ExInitializeResourceLite
ExIsResourceAcquiredSharedLite
ExNotifyCallback
ExQueryDepthSList
ExRegisterExtension
ExReleaseFastMutex
ExReleasePushLockExclusiveEx
ExReleasePushLockSharedEx
ExReleaseResourceLite
ExSetTimer
ExSubscribeWnfStateChange
ExUnsubscribeWnfStateChange
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
IoAllocateIrp
IoAllocateWorkItem
IoBuildDeviceIoControlRequest
IoCreateDevice
IoDeleteDevice
IoGetDeviceObjectPointer
IoQueueWorkItem
IoQueueWorkItemEx
IoRegisterPlugPlayNotification
IoReuseIrp
IoUnregisterPlugPlayNotificationEx
IoWMIRegistrationControl
IofCallDriver
IofCompleteRequest
IumDebugNumToString
IumDebugPrintNt
KeAcquireSpinLockRaiseToDpc
KeBugCheck
KeBugCheckEx
KeDelayExecutionThread
KeEnterCriticalRegion
KeEnterGuardedRegion
KeGetCurrentIrql
KeGetCurrentProcessorNumberEx
KeGetCurrentThread
KeInitializeEvent
KeInitializeMutex
KeInitializeSpinLock
KeLeaveCriticalRegion
KeLeaveGuardedRegion
KeQueryPerformanceCounter
KeQueryUnbiasedInterruptTime
KeReleaseMutex
KeReleaseSpinLock
KeResetEvent
KeRestoreExtendedProcessorState
KeSaveExtendedProcessorState
KeSetEvent
KeWaitForSingleObject
MmAllocateMappingAddress
MmFreeMappingAddress
MmFreePagesFromMdl
MmGetSystemRoutineAddress
MmMapLockedPagesSpecifyCache
MmMapLockedPagesWithReservedMapping
MmUnmapLockedPages
MmUnmapReservedMapping
NtQuerySystemInformation
ObReferenceObjectByHandle
ObSetSecurityObjectByPointer
ObfDereferenceObject
ObfReferenceObject
PsGetCurrentProcess
PsGetProcessCreateTimeQuadPart
PsLookupProcessByProcessId
PsSetCreateProcessNotifyRoutine
RtlAnsiStringToUnicodeString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlAssert
RtlAvlInsertNodeEx
RtlAvlRemoveNode
RtlClearAllBits
RtlClearBit
RtlCompareExchangePointerMapping
RtlCompareExchangePropertyStore
RtlCompareMemory
RtlCompareUnicodeString
RtlCompareUnicodeStrings
RtlCopyUnicodeString
RtlDuplicateUnicodeString
RtlEqualUnicodeString
RtlFindClearBitsAndSet
RtlFindExportedRoutineByName
RtlFindNextForwardRunClear
RtlFindSetBits
RtlFreeUnicodeString
RtlGetEnabledExtendedFeatures
RtlGetPersistedStateLocation
RtlGetSystemGlobalData
RtlGetVersion
RtlImageNtHeaderEx
RtlInitUnicodeString
RtlInitUnicodeStringEx
RtlInitializeBitMap
RtlIntegerToUnicodeString
RtlNtStatusToDosError
RtlNtStatusToDosErrorNoTeb
RtlNumberOfSetBits
RtlPrefixUnicodeString
RtlQueryPointerMapping
RtlQueryPropertyStore
RtlQueryRegistryValuesEx
RtlRbInsertNodeEx
RtlRbRemoveNode
RtlRemovePointerMapping
RtlRemovePropertyStore
RtlSetBit
RtlSetBits
RtlSetSystemGlobalData
RtlTimeFieldsToTime
RtlUTF8StringToUnicodeString
RtlUTF8ToUnicodeN
RtlUnicodeStringToInteger
RtlUnicodeStringToUTF8String
RtlUnicodeToUTF8N
RtlUpcaseUnicodeChar
SeAuditFipsCryptoSelftests
SeCaptureSubjectContext
SeLockSubjectContext
SeQueryAuthenticationIdToken
SeQuerySecureBootPlatformManifest
SeQuerySecureBootPolicyValue
SeReleaseSubjectContext
SeReportSecurityEventWithSubCategory
SeSetAuditParameter
SeUnlockSubjectContext
ShvlCompleteIntercept
ShvlCompleteIsolatedImport
ShvlEnableVpVtlForPartition
ShvlGetInterceptData
ShvlGetPartitionProperty
ShvlGetVpRegisters
ShvlLockSparseGpaPageMapping
ShvlModifySparseSpaPageHostAccess
ShvlSetPartitionProperty
ShvlSetVpRegisters
ShvlUnlockSparseGpaPageMapping
SkAcquirePushLockExclusive
SkAcquirePushLockShared
SkAllocateNormalModePool
SkAllocatePool
SkFreeNormalModePool
SkFreePool
SkGetIdkSignatureForData
SkInitializePushLock
SkIsSecureKernel
SkQuerySecureKernelInformation
SkQuerySystemTime
SkReleasePushLockExclusive
SkReleasePushLockShared
SkSystemExceptionFilter
SkciCreateSecureImage
SkciFinalizeSecureImageHash
SkciFinishImageValidation
SkciFreeImageContext
SkeCacheInvalidatePage
SkeEnterCriticalRegion
SkeLeaveCriticalRegion
SkeZeroPages
SkmmCancelPreRegisterHvImage
SkmmCommitPreRegisterHvImage
SkmmFreeReservedMapping
SkmmFreeSecureAllocation
SkmmMapMdl
SkmmMapMdlWithReservedMapping
SkmmPreRegisterHvImage
SkmmReleasePageRestriction
SkmmReserveMappingAddress
SkmmRestrictPage
SkmmUnmapMdl
SkobCreateHandle
SkobCreateObject
SkobDereferenceObject
SkobReferenceObject
SkobReferenceObjectByHandle
VslExchangeEntropy
ZwClose
ZwCreateKey
ZwDeleteKey
ZwDeleteValueKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwLoadDriver
ZwOpenKey
ZwQueryInformationProcess
ZwQueryKey
ZwQuerySystemInformation
ZwQueryValueKey
ZwSetSystemInformation
ZwSetValueKey
ZwUnloadDriver
__C_specific_handler
__GSHandlerCheck
__GSHandlerCheck_SEH
__chkstk
_invalid_parameter
_local_unwind
_ultow_s
_vsnwprintf
_wcsicmp
_wcsnicmp
atoi
atol
bsearch
bsearch_s
isdigit
memcmp
memcpy
memmove
memset
qsort
qsort_s
strnlen
wcscmp
wcscpy_s
wcsncmp

Sections

.text
Size: 744KB - Virtual size: 743KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

KVASCODE
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRNS
Size: 4KB - Virtual size: 728B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGELK
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ZEROPAGE
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

TABLERO
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ALMOSTRO
Size: 4KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nlsdata
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

FUNCTBL
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CFGRO
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
shell32.dll
.dll regsvr32 windows:10 windows x64 arch:x64

6fe52b249ec45b0b32d8dab0efaa96a7

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e1:2a:47:cd:b4:99:39:e4:7d:79:e7:a3:04:a4:1c:d3:9c:a2:b2:3c:ce:bd:49:b9:76:d0:38:de:83:52:48:46
Signer

Actual PE Digest

e1:2a:47:cd:b4:99:39:e4:7d:79:e7:a3:04:a4:1c:d3:9c:a2:b2:3c:ce:bd:49:b9:76:d0:38:de:83:52:48:46

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

shell32.pdb

Imports

msvcp_win

?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?tellp@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?uncaught_exception@std@@YA_NXZ
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Xbad_function_call@std@@YAXXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
_Thrd_yield
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?good@ios_base@std@@QEBA_NXZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z

api-ms-win-crt-string-l1-1-0

wcscspn
wcsncmp
strncmp
wcsspn
memset
wcspbrk
wcscmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o_isalpha
_o_isdigit
_o_iswspace
_o_log
_o_logf
_o_malloc
_o_pow
_o_qsort
_o_rand
_o_realloc
_o_sqrt
_o_sqrtf
_o_srand
_o_strncpy_s
_o_strtol
_o_terminate
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstol
_o_wcstoul
memmove
strchr
wcsrchr
__CxxFrameHandler3
__current_exception
__current_exception_context
_o_ceilf
_o_ceil
_o_calloc
_o_abort
_o__wtoi
_o__wcstoui64
_o__wcsnicmp
_o__wcsicmp
_o__ui64tow_s
_o_free
_o__strnicmp
_o__set_errno
_o__seh_filter_dll
_o__resetstkoflw
_o__register_onexit_function
_o__purecall
_o__itow
_o_floorf
_o_floor
_o_expf
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__get_errno
_o__execute_onexit_table
_o__errno
_o__difftime64
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
wcschr
wcsstr
__C_specific_handler
_o_powf
_CxxThrowException
memcmp
memcpy

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalAlloc
LocalReAlloc
GlobalFree
LocalFree

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegEnumValueW
RegGetValueW
RegDeleteKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyExW
RegNotifyChangeKeyValue
RegQueryInfoKeyA
RegDeleteTreeW
RegGetKeySecurity
RegOpenCurrentUser

api-ms-win-core-libraryloader-l1-2-0

LockResource
FreeResource
GetModuleHandleExA
LoadLibraryExA
LoadResource
GetModuleHandleExW
GetModuleFileNameW
LoadStringW
LoadStringA
GetModuleFileNameA
LoadLibraryExW
EnumResourceNamesExW
SizeofResource
GetProcAddress
FindStringOrdinal
FreeLibrary
GetModuleHandleW
DisableThreadLibraryCalls
FindResourceExW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetSystemTime
GetSystemInfo
GetComputerNameExW
GetTickCount64
GetVersionExW
GlobalMemoryStatusEx
GetLocalTime
GetTickCount
GetSystemDirectoryW
GetWindowsDirectoryW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
VirtualQuery
OpenFileMappingW
VirtualProtect
MapViewOfFile
VirtualFree
WriteProcessMemory
ReadProcessMemory
VirtualAlloc

api-ms-win-core-file-l1-1-0

FindFirstFileExW
GetFullPathNameW
GetShortPathNameW
GetTempFileNameW
GetLongPathNameW
GetFileInformationByHandle
GetFileSize
ReadFile
DefineDosDeviceW
CompareFileTime
FindFirstVolumeW
FindNextFileW
SetFileTime
FindNextVolumeW
CreateFileW
GetFileSizeEx
QueryDosDeviceW
FindVolumeClose
WriteFile
RemoveDirectoryW
SetFileAttributesW
DeleteFileW
SetFilePointerEx
FlushFileBuffers
GetDriveTypeW
SetEndOfFile
GetVolumePathNameW
FindFirstFileW
GetDiskFreeSpaceExW
SetFileInformationByHandle
GetFinalPathNameByHandleW
CreateDirectoryW
GetDiskFreeSpaceW
GetLogicalDrives
GetVolumeInformationW
LocalFileTimeToFileTime
GetFileAttributesExW
FindClose
FileTimeToLocalFileTime
SetFilePointer
GetFileAttributesW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
GetStringTypeExW
MultiByteToWideChar
CompareStringEx
GetStringTypeW
CompareStringOrdinal

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
LeaveCriticalSection
CreateSemaphoreExW
InitializeCriticalSection
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount
TryAcquireSRWLockExclusive
WaitForMultipleObjectsEx
OpenMutexW
WaitForSingleObject
InitializeSRWLock
EnterCriticalSection
AcquireSRWLockShared
ReleaseMutex
ReleaseSRWLockExclusive
ResetEvent
CreateMutexW
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CreateEventExW
TryAcquireSRWLockShared
SetEvent
ReleaseSRWLockShared
CreateEventW
OpenEventW
TryEnterCriticalSection
CreateMutexExW
DeleteCriticalSection

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError
SetUnhandledExceptionFilter
SetErrorMode

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetThreadPriority
SetThreadPriority
GetCurrentThread
ProcessIdToSessionId
GetProcessId
OpenThreadToken
GetCurrentProcessId
OpenProcessToken
TlsFree
TlsAlloc
SetThreadToken
TlsGetValue
TlsSetValue
ExitProcess
DeleteProcThreadAttributeList
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
SetPriorityClass
CreateProcessW
GetThreadId
GetCurrentProcess
GetExitCodeThread
CreateThread
ResumeThread
OpenThread
CreateProcessAsUserW
GetExitCodeProcess
TerminateProcess

api-ms-win-core-string-l2-1-0

CharLowerW
CharPrevW
CharUpperBuffW
IsCharAlphaW
CharUpperW
CharNextW
CharLowerBuffW

api-ms-win-core-file-l2-1-0

MoveFileExW
ReplaceFileW
CreateHardLinkW
CopyFile2
GetFileInformationByHandleEx

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
GetCommandLineW
GetCurrentDirectoryW
SetCurrentDirectoryW
SearchPathW

api-ms-win-security-base-l1-1-0

DeleteAce
IsWellKnownSid
DuplicateTokenEx
FreeSid
ImpersonateSelf
RevertToSelf
GetSidIdentifierAuthority
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSidSubAuthorityCount
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
GetSecurityDescriptorControl
DuplicateToken
SetFileSecurityW
SetSecurityDescriptorOwner
AllocateAndInitializeSid
AddAccessDeniedAceEx
InitializeAcl
AddAccessAllowedAceEx
AddAce
GetAce
GetAclInformation
CopySid
GetLengthSid
IsValidSid
AccessCheck
GetFileSecurityW
CheckTokenMembership
CreateWellKnownSid
EqualSid
GetTokenInformation
SetTokenInformation
GetSecurityDescriptorOwner
AdjustTokenPrivileges

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
Sleep
InitOnceComplete

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapReAlloc
HeapDestroy
HeapFree
HeapAlloc

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolWork
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWait
SetThreadpoolWait
CreateThreadpoolTimer
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWork
SubmitThreadpoolWork
TrySubmitThreadpoolCallback
CloseThreadpoolWait

api-ms-win-core-localization-l1-2-0

LCMapStringW
GetUserDefaultLangID
IsValidLocaleName
GetLocaleInfoW
FormatMessageW
GetSystemDefaultLangID
GetThreadLocale
GetSystemDefaultLCID
GetCPInfo
ResolveLocaleName
FindNLSString
GetThreadUILanguage
VerLanguageNameW
GetSystemPreferredUILanguages
IsDBCSLeadByte
GetLocaleInfoEx
LocaleNameToLCID
GetUserPreferredUILanguages
GetACP
GetUserDefaultLCID
FindNLSStringEx
LCMapStringEx

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformationForYear
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-psapi-l1-1-0

K32GetProcessImageFileNameW
K32GetModuleFileNameExW
QueryFullProcessImageNameW

api-ms-win-core-path-l1-1-0

PathAllocCanonicalize
PathCchCombineEx
PathCchRemoveExtension
PathCchAddBackslashEx
PathIsUNCEx
PathCchRenameExtension
PathAllocCombine
PathCchStripPrefix
PathCchStripToRoot
PathCchAddBackslash
PathCchAddExtension
PathCchSkipRoot
PathCchCanonicalize
PathCchRemoveBackslash
PathCchAppendEx
PathCchCombine
PathCchRemoveFileSpec
PathCchAppend

api-ms-win-core-file-l1-2-0

GetTempPathW
GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-io-l1-1-0

CreateIoCompletionPort
GetQueuedCompletionStatus
DeviceIoControl
CancelIoEx
GetOverlappedResult

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask
GetSystemTimePreciseAsFileTime
GetNativeSystemInfo
GetProductInfo

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-file-l1-2-1

GetCompressedFileSizeW

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-wow64-l1-1-0

Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection

api-ms-win-core-wow64-l1-1-1

Wow64SetThreadDefaultGuestMachine
IsWow64Process2
GetSystemWow64DirectoryW

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache
IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

api-ms-win-core-io-l1-1-1

CancelSynchronousIo

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

api-ms-win-core-sysinfo-l1-2-3

GetIntegratedDisplaySize

api-ms-win-core-memory-l1-1-1

PrefetchVirtualMemory

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation
EventActivityIdControl
EventWriteTransfer

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
UnregisterTraceGuids
GetTraceEnableFlags
RegisterTraceGuidsW
GetTraceEnableLevel

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNA
StrToIntW
StrPBrkW
StrCmpNCW
StrStrW
QISearch
StrDupA
StrToIntA
StrCmpICA
StrCmpNW
StrCmpNIW
StrRChrA
StrRChrIA
StrStrIW
StrStrIA
StrCmpW
StrCmpCW
StrCSpnW
StrTrimW
StrCmpLogicalW
StrChrIA
StrChrA
StrSpnW
StrStrA
StrChrIW
StrRStrIW
StrDupW
StrRChrW
StrCmpIW
StrRStrIA
StrToIntExW
StrCmpNIA
StrCmpNICW
StrRChrIW
StrChrW
StrCmpICW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiA
lstrcmpW
lstrcmpA
lstrcmpiW
lstrlenA
lstrlenW

api-ms-win-core-stringansi-l1-1-0

CharNextA
CharPrevA

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalFlags
GlobalSize

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetNumberFormatW
EnumUILanguagesW

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileSectionW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetProfileSectionW

api-ms-win-core-atoms-l1-1-0

GlobalAddAtomW
GlobalGetAtomNameW
FindAtomW
GetAtomNameW
GlobalDeleteAtom

api-ms-win-core-shlwapi-legacy-l1-1-0

PathQuoteSpacesW
PathMatchSpecW
PathFindFileNameW
PathIsUNCW
PathRemoveExtensionW
PathStripToRootW
PathIsRootW
PathIsRelativeW
PathAppendW
PathParseIconLocationW
PathMatchSpecExW
PathCombineW
PathAddBackslashW
PathGetDriveNumberW
PathFileExistsW
PathUnExpandEnvStringsW
PathCommonPrefixW
PathIsSameRootW
PathIsPrefixW
IsCharSpaceW
SHExpandEnvironmentStringsA
PathUnquoteSpacesW
PathRemoveBlanksW
PathIsUNCServerShareW
PathAppendA
PathIsRootA
PathIsUNCServerW
PathFindExtensionW
PathRemoveFileSpecA
SHExpandEnvironmentStringsW
PathGetArgsW
PathStripPathW
PathIsValidCharW
PathRemoveBackslashW
PathIsFileSpecW
PathRemoveFileSpecW
PathSkipRootW
PathGetCharTypeW
PathFindNextComponentW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
MulDiv
GetShortPathNameA
SetVolumeLabelW
UnregisterWait
GetSystemPowerStatus
RegisterWaitForSingleObject
WTSGetActiveConsoleSessionId

api-ms-win-core-kernel32-legacy-l1-1-1

PowerCreateRequest
VerifyVersionInfoW
PowerClearRequest
PowerSetRequest

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
DeleteTimerQueueTimer
CreateTimerQueueTimer
QueueUserWorkItem

api-ms-win-core-kernel32-legacy-l1-1-2

GetBinaryTypeW

api-ms-win-core-url-l1-1-0

PathIsURLW
UrlIsW
PathCreateFromUrlW
ParseURLW
UrlGetPartW
HashData
UrlFixupW
UrlCanonicalizeW
UrlCreateFromPathW
UrlCompareW
UrlEscapeW
UrlApplySchemeW
PathCreateFromUrlAlloc
UrlUnescapeW
UrlUnescapeA

api-ms-win-core-registryuserspecific-l1-1-0

SHRegEnumUSKeyW
SHRegOpenUSKeyW
SHRegQueryUSValueW
SHRegGetUSValueW
SHRegGetBoolUSValueW
SHRegOpenUSKeyA
SHRegCloseUSKey

api-ms-win-core-kernel32-private-l1-1-0

CheckElevationEnabled
CheckElevation

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
CreateActCtxW
QueryActCtxW
ReleaseActCtx
DeactivateActCtx

api-ms-win-shell-shellcom-l1-1-0

SHCoCreateInstance

kernelbase

GetCurrentPackageInfo
GetPackageFullName
SHLoadIndirectStringInternal
OpenState
OpenStateExplicit
GetStateFolder
CloseState
ParseApplicationUserModelId
PackageNameAndPublisherIdFromFamilyName
GetEffectivePackageStatusForUser
NotifyRedirectedStringChange
GetStagedPackagePathByFullName2
IsMrtResourceRedirectionEnabled
OpenPackageInfoByFullName
GetPackageInfo
ClosePackageInfo
GetSystemAppDataKey
GetPackagesByPackageFamily

user32

UnhookWinEvent
SetWinEventHook
SetSysColors
SetShellWindow
SystemParametersInfoForDpi
DisplayConfigGetDeviceInfo
wsprintfW
UnpackDDElParam
DdeInitializeW
DdeUninitialize
DdeNameService
DdeDisconnect
DdeQueryStringW
DdeFreeStringHandle
DdeCreateStringHandleW
DdeCreateDataHandle
DdeGetLastError
DdeGetData
DdeQueryConvInfo
WaitMessage
LockWindowUpdate
EnumDisplaySettingsW
GetClassLongPtrW
SetShellWindowEx
EnumDisplayMonitors
ord2707
CreateAcceleratorTableW
GetMessageTime
CheckRadioButton
GetDlgItemInt
SetDlgItemInt
ClientToScreen
IsRectEmpty
SetParent
WindowFromPoint
GetSystemMenu
PostThreadMessageW
SetDialogDpiChangeBehavior
IsDialogMessageW
SetCapture
ReleaseCapture
GetCapture
TrackPopupMenuEx
GetClassInfoExW
SetMenuInfo
SetCoalescableTimer
CallNextHookEx
CallWindowProcW
SetScrollPos
ord2705
ShowScrollBar
SetScrollInfo
SetWindowRgn
SetWindowsHookExW
UnhookWindowsHookEx
GetDialogBaseUnits
GetLastInputInfo
SystemParametersInfoA
WinHelpW
CreateWindowExW
FindWindowExW
RegisterWindowMessageA
DrawTextExW
ActivateKeyboardLayout
AdjustWindowRectExForDpi
SubtractRect
CreateWindowIndirect
SetLayeredWindowAttributes
GetWindowDC
GetPointerDevices
SetRectEmpty
DialogBoxParamW
GetDpiForWindow
BroadcastSystemMessageW
GetShellWindow
GetWindowPlacement
MsgWaitForMultipleObjects
EnumChildWindows
CloseClipboard
SetClipboardData
GetClipboardData
OpenClipboard
RedrawWindow
IsWindowEnabled
SetClipboardViewer
TranslateAcceleratorW
CreateMenu
EndMenu
GetMessageExtraInfo
SetGestureConfig
CloseGestureInfoHandle
GetGestureInfo
ChangeClipboardChain
CheckMenuItem
CheckMenuRadioItem
AppendMenuW
SetMessageExtraInfo
NotifyWinEvent
CloseDesktop
OpenInputDesktop
CreateWindowInBand
GetDpiForSystem
GetSystemMetricsForDpi
EndDeferWindowPos
BeginDeferWindowPos
AdjustWindowRect
GetDlgCtrlID
SetDlgItemTextA
MessageBoxW
DeferWindowPos
DestroyAcceleratorTable
CopyAcceleratorTableW
LoadAcceleratorsW
MoveWindow
GetWindowDpiAwarenessContext
SetThreadDpiAwarenessContext
AttachThreadInput
DefWindowProcA
IsWindowUnicode
RegisterShellHookWindow
DeregisterShellHookWindow
SetTaskmanWindow
GetTaskmanWindow
GetClassInfoW
GetWindowTextLengthW
CopyImage
MapDialogRect
GetComboBoxInfo
SetActiveWindow
DrawIconEx
IsProcessDPIAware
GetProcessDefaultLayout
MonitorFromRect
AllowSetForegroundWindow
EnumPropsExW
GetWindowBand
SystemParametersInfoW
IsSETEnabled
EqualRect
GetMenuInfo
MonitorFromWindow
GetAsyncKeyState
ord2521
UpdateLayeredWindow
GetDoubleClickTime
IsChild
UnionRect
EnumDisplayDevicesW
SetWindowCompositionAttribute
RegisterClassExW
GetScrollInfo
GetDesktopWindow
ReleaseDC
GetDC
SendNotifyMessageW
SendMessageTimeoutW
IsIconic
CopyIcon
EnumWindows
GetPropW
RemovePropW
SetPropW
PtInRect
DrawTextW
SetMenuItemInfoW
IsMenu
MessageBeep
GetMenuItemID
SetMenuDefaultItem
ModifyMenuW
GetMenuState
CountClipboardFormats
IsHungAppWindow
GetClipboardOwner
EnableMenuItem
GetMenuStringW
ExitWindowsEx
GetFocus
LoadImageW
SetRect
CopyRect
GetMonitorInfoW
MonitorFromPoint
GetUserObjectInformationW
GetThreadDesktop
GetProcessWindowStation
ChangeWindowMessageFilterEx
RegisterWindowMessageW
TrackPopupMenu
InsertMenuItemW
InsertMenuW
GetWindowThreadProcessId
GetMessagePos
GetMenuItemInfoW
GetMenuItemCount
GetForegroundWindow
GetKeyboardLayout
MapWindowPoints
OffsetRect
IsWindow
WaitForInputIdle
GetMenuDefaultItem
GetLastActivePopup
SwitchToThisWindow
GetCursorPos
RegisterClipboardFormatW
GetWindow
FindWindowW
GetClassNameW
GetAncestor
EnableWindow
MsgWaitForMultipleObjectsEx
PeekMessageW
PostQuitMessage
SetForegroundWindow
ShutdownBlockReasonDestroy
ShutdownBlockReasonCreate
LoadMenuW
GetSubMenu
RemoveMenu
GetParent
IsDlgButtonChecked
CheckDlgButton
DeleteMenu
DestroyMenu
CreatePopupMenu
PostMessageW
SetProcessDPIAware
DispatchMessageW
TranslateMessage
GetMessageW
SetFocus
IsWindowVisible
DrawEdge
GetSysColorBrush
FillRect
EndPaint
BeginPaint
GetUpdateRect
TrackMouseEvent
UpdateWindow
GetWindowRect
DefWindowProcW
RegisterClassW
KillTimer
GetKeyState
InflateRect
AdjustWindowRectEx
DestroyWindow
SetWindowLongW
GetWindowLongW
DrawFocusRect
DrawIcon
GetSysColor
EndDialog
GetWindowLongPtrW
SetWindowLongPtrW
GetWindowTextW
SetWindowPos
GetClientRect
ShowWindow
SetWindowTextW
GetDlgItem
InvalidateRect
LoadCursorW
SetCursor
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
ScreenToClient
SendMessageW
LookupIconIdFromDirectory
CreateIconIndirect
GetIconInfo
DestroyIcon
PrivateExtractIconsW
LoadIconW
GetSystemMetrics
IsWinEventHookInstalled
EmptyClipboard
UnregisterPowerSettingNotification
GetCurrentInputMessageSource
AnimateWindow
GetCursor
HideCaret
CreateDialogParamW
WindowFromDC
ChildWindowFromPoint
RegisterPowerSettingNotification
GetClassLongW
AreDpiAwarenessContextsEqual
SetMenu
LockSetForegroundWindow
ShowCaret
GetDisplayConfigBufferSizes
QueryDisplayConfig
IntersectRect
SetTimer

ntdll

RtlAreLongPathsEnabled
RtlQueryResourcePolicy
EtwEventWriteTransfer
RtlInitUnicodeString
RtlPrefixString
NtQueryInformationFile
RtlNtStatusToDosError
NtCreateFile
NtClose
NtFsControlFile
RtlUnicodeStringToOemString
NtSetInformationFile
NtOpenFile
RtlFreeHeap
NtOpenThreadToken
EtwLogTraceEvent
NtQuerySystemInformationEx
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
RtlInitializeResource
RtlAcquireResourceExclusive
RtlReleaseResource
RtlDeleteResource
RtlAllocateHeap
NtSetInformationToken
NtUnmapViewOfSection
RtlImageNtHeaderEx
NtMapViewOfSection
RtlQueryWnfStateData
RtlGetNtSystemRoot
RtlQueryRegistryValuesEx
RtlCheckRegistryKey
NtQuerySystemInformation
NtQueryObject
RtlIsPartialPlaceholder
NtQueryKey
NtSetSecurityObject
NtQuerySecurityObject
RtlDosPathNameToNtPathName_U
ShipAssert
RtlIsNonEmptyDirectoryReparsePointAllowed
ZwQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlRandomEx
RtlCreateUnicodeString
RtlIsThreadWithinLoaderCallout
RtlCreateServiceSid
RtlLengthRequiredSid
RtlGetNtProductType
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
NtPowerInformation
WinSqmSetDWORD
NtQueryInformationProcess
NtQueryAttributesFile
RtlDosPathNameToRelativeNtPathName_U
RtlPublishWnfStateData
NtQueryWnfStateData
NtOpenProcessToken
NtQueryInformationToken
RtlDllShutdownInProgress
WinSqmAddToStreamEx
WinSqmAddToStream
NtSetCachedSigningLevel
NtCompareSigningLevels
NtGetCachedSigningLevel
RtlMapGenericMask
WinSqmIncrementDWORD
EtwTraceMessage
EtwEventWrite
EtwEventEnabled
EtwEventActivityIdControl
EtwEventRegister
EtwEventUnregister
EtwEventSetInformation
RtlDestroyEnvironment
RtlSetCurrentEnvironment
RtlCreateEnvironment
NtQueryInformationThread
RtlExpandEnvironmentStrings_U
RtlSetEnvironmentVariable
RtlQueryEnvironmentVariable_U
RtlInitUnicodeStringEx
RtlGetLastNtStatus
RtlFreeUnicodeString
RtlReleaseRelativeName
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtQueryVolumeInformationFile
RtlDosPathNameToNtPathName_U_WithStatus

gdi32

DeleteObject
GetLayout
SetLayout
GetStockObject
ExcludeClipRect
SetBkMode
SelectObject
SetTextColor
OffsetWindowOrgEx
SetWindowOrgEx
GetObjectW
GetTextExtentPointW
GetDeviceCaps
CreateDIBSection
CreateCompatibleDC
DeleteDC
CreateDCW
GdiAlphaBlend
BitBlt
CreateFontIndirectW
CreateCompatibleBitmap
CreateBitmap
CreateSolidBrush
GetDIBits
StretchBlt
GdiTransparentBlt
GetTextColor
GetCurrentObject
CreatePen
Rectangle
GetTextMetricsW
GetTextExtentPoint32W
SetTextAlign
SetStretchBltMode
PatBlt
MoveToEx
LineTo
CreatePolygonRgn
GetTextAlign
SetMapMode
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
StretchDIBits
GetClipBox
CreateRectRgn
GetClipRgn
IntersectClipRect
SelectClipRgn
LPtoDP
SetMetaFileBitsEx
PlayMetaFile
DeleteMetaFile
GetViewportOrgEx
ExtSelectClipRgn
SetDCBrushColor
CreateRectRgnIndirect
SetBkColor
RestoreDC
SaveDC
CombineRgn
GetRgnBox
GetRegionData
GetWindowOrgEx
GetObjectType
ExtTextOutW
GetDIBColorTable
GetPixel
CreateFontW
GetTextExtentPoint32A
TextOutA

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-job-l2-1-0

CreateJobObjectW
SetInformationJobObject
AssignProcessToJobObject

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AppCompat_RunDLLW
AssocCreateForClasses
AssocElemCreateForKey
AssocGetDetailsOfPropKey
CDefFolderMenu_Create2
CIDLData_CreateFromIDArray
CStorageItem_GetValidatedStorageItemObject
CallFileCopyHook
CheckEscapesW
CommandLineToArgvW
Control_RunDLL
Control_RunDLLA
Control_RunDLLAsUserW
Control_RunDLLW
CreateStorageItemFromPath_FullTrustCaller
CreateStorageItemFromPath_FullTrustCaller_ForPackage
CreateStorageItemFromPath_PartialTrustCaller
CreateStorageItemFromShellItem_FullTrustCaller
CreateStorageItemFromShellItem_FullTrustCaller_ForPackage
CreateStorageItemFromShellItem_FullTrustCaller_ForPackage_WithProcessHandle
CreateStorageItemFromShellItem_FullTrustCaller_UseImplicitFlagsAndPackage
DAD_AutoScroll
DAD_DragEnterEx
DAD_DragEnterEx2
DAD_DragLeave
DAD_DragMove
DAD_SetDragImage
DAD_ShowDragImage
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllGetVersion
DllInstall
DllRegisterServer
DllUnregisterServer
DoEnvironmentSubstA
DoEnvironmentSubstW
DragAcceptFiles
DragFinish
DragQueryFile
DragQueryFileA
DragQueryFileAorW
DragQueryFileW
DragQueryPoint
DriveType
DuplicateIcon
ExtractAssociatedIconA
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractAssociatedIconW
ExtractIconA
ExtractIconEx
ExtractIconExA
ExtractIconExW
ExtractIconW
FindExecutableA
FindExecutableW
FreeIconList
GetCurrentProcessExplicitAppUserModelID
GetFileNameFromBrowse
GetSystemPersistedStorageItemList
ILAppendID
ILClone
ILCloneFirst
ILCombine
ILCreateFromPath
ILCreateFromPathA
ILCreateFromPathW
ILFindChild
ILFindLastID
ILFree
ILGetNext
ILGetSize
ILIsEqual
ILIsParent
ILLoadFromStreamEx
ILRemoveLastID
ILSaveToStream
InitNetworkAddressControl
InternalExtractIconListA
InternalExtractIconListW
IsDesktopExplorerProcess
IsLFNDrive
IsLFNDriveA
IsLFNDriveW
IsNetDrive
IsProcessAnExplorer
IsUserAnAdmin
LaunchMSHelp_RunDLLW
OpenAs_RunDLL
OpenAs_RunDLLA
OpenAs_RunDLLW
OpenRegStream
Options_RunDLL
Options_RunDLLA
Options_RunDLLW
PathCleanupSpec
PathGetShortPath
PathIsExe
PathIsSlowA
PathIsSlowW
PathMakeUniqueName
PathQualify
PathResolve
PathYetAnotherMakeUniqueName
PickIconDlg
PifMgr_CloseProperties
PifMgr_GetProperties
PifMgr_OpenProperties
PifMgr_SetProperties
PrepareDiscForBurnRunDllW
PrintersGetCommand_RunDLL
PrintersGetCommand_RunDLLA
PrintersGetCommand_RunDLLW
ReadCabinetState
RealDriveType
RealShellExecuteA
RealShellExecuteExA
RealShellExecuteExW
RealShellExecuteW
RegenerateUserEnvironment
RestartDialog
RestartDialogEx
RunAsNewUser_RunDLLW
SHAddDefaultPropertiesByExt
SHAddFromPropSheetExtArray
SHAddToRecentDocs
SHAlloc
SHAppBarMessage
SHAssocEnumHandlers
SHAssocEnumHandlersForProtocolByApplication
SHBindToFolderIDListParent
SHBindToFolderIDListParentEx
SHBindToObject
SHBindToParent
SHBrowseForFolder
SHBrowseForFolderA
SHBrowseForFolderW
SHCLSIDFromString
SHChangeNotification_Lock
SHChangeNotification_Unlock
SHChangeNotify
SHChangeNotifyDeregister
SHChangeNotifyRegister
SHChangeNotifyRegisterThread
SHChangeNotifySuspendResume
SHCloneSpecialIDList
SHCoCreateInstance
SHCoCreateInstanceWorker
SHCreateAssociationRegistration
SHCreateCategoryEnum
SHCreateDataObject
SHCreateDefaultContextMenu
SHCreateDefaultExtractIcon
SHCreateDefaultPropertiesOp
SHCreateDirectory
SHCreateDirectoryExA
SHCreateDirectoryExW
SHCreateDrvExtIcon
SHCreateFileExtractIconW
SHCreateItemFromIDList
SHCreateItemFromParsingName
SHCreateItemFromRelativeName
SHCreateItemInKnownFolder
SHCreateItemWithParent
SHCreateLocalServerRunDll
SHCreateProcessAsUserW
SHCreatePropSheetExtArray
SHCreateQueryCancelAutoPlayMoniker
SHCreateShellFolderView
SHCreateShellFolderViewEx
SHCreateShellItem
SHCreateShellItemArray
SHCreateShellItemArrayFromDataObject
SHCreateShellItemArrayFromIDLists
SHCreateShellItemArrayFromShellItem
SHCreateStdEnumFmtEtc
SHDefExtractIconA
SHDefExtractIconW
SHDestroyPropSheetExtArray
SHDoDragDrop
SHELL32_AddToBackIconTable
SHELL32_AddToFrontIconTable
SHELL32_AreAllItemsAvailable
SHELL32_CCommonPlacesFolder_CreateInstance
SHELL32_CDBurn_CloseSession
SHELL32_CDBurn_DriveSupportedForDataBurn
SHELL32_CDBurn_Erase
SHELL32_CDBurn_GetCDInfo
SHELL32_CDBurn_GetLiveFSDiscInfo
SHELL32_CDBurn_GetStagingPathOrNormalPath
SHELL32_CDBurn_GetTaskInfo
SHELL32_CDBurn_IsBlankDisc
SHELL32_CDBurn_IsBlankDisc2
SHELL32_CDBurn_IsLiveFS
SHELL32_CDBurn_OnDeviceChange
SHELL32_CDBurn_OnEject
SHELL32_CDBurn_OnMediaChange
SHELL32_CDefFolderMenu_Create2
SHELL32_CDefFolderMenu_Create2Ex
SHELL32_CDefFolderMenu_MergeMenu
SHELL32_CDrivesContextMenu_Create
SHELL32_CDrivesDropTarget_Create
SHELL32_CDrives_CreateSFVCB
SHELL32_CFSDropTarget_CreateInstance
SHELL32_CFSFolderCallback_Create
SHELL32_CFillPropertiesTask_CreateInstance
SHELL32_CLibraryDropTarget_CreateInstance
SHELL32_CLocationContextMenu_Create
SHELL32_CLocationFolderUI_CreateInstance
SHELL32_CMountPoint_DoAutorun
SHELL32_CMountPoint_DoAutorunPrompt
SHELL32_CMountPoint_IsAutoRunDriveAndEnabledByPolicy
SHELL32_CMountPoint_ProcessAutoRunFile
SHELL32_CMountPoint_WantAutorunUI
SHELL32_CMountPoint_WantAutorunUIGetReady
SHELL32_CNetFolderUI_CreateInstance
SHELL32_CPL_CategoryIdArrayFromVariant
SHELL32_CPL_IsLegacyCanonicalNameListedUnderKey
SHELL32_CPL_ModifyWowDisplayName
SHELL32_CRecentDocsContextMenu_CreateInstance
SHELL32_CTransferConfirmation_CreateInstance
SHELL32_CallFileCopyHooks
SHELL32_CanDisplayWin8CopyDialog
SHELL32_CloseAutoplayPrompt
SHELL32_CommandLineFromMsiDescriptor
SHELL32_CopySecondaryTiles
SHELL32_CreateConfirmationInterrupt
SHELL32_CreateConflictInterrupt
SHELL32_CreateDefaultOperationDataProvider
SHELL32_CreateFileFolderContextMenu
SHELL32_CreateLinkInfoW
SHELL32_CreateQosRecorder
SHELL32_CreateSharePointView
SHELL32_Create_IEnumUICommand
SHELL32_DestroyLinkInfo
SHELL32_EncryptDirectory
SHELL32_EncryptedFileKeyInfo
SHELL32_EnumCommonTasks
SHELL32_FreeEncryptedFileKeyInfo
SHELL32_GenerateAppID
SHELL32_GetAppIDRoot
SHELL32_GetCommandProviderForFolderType
SHELL32_GetDPIAdjustedLogicalSize
SHELL32_GetDiskCleanupPath
SHELL32_GetFileNameFromBrowse
SHELL32_GetIconOverlayManager
SHELL32_GetLinkInfoData
SHELL32_GetRatingBucket
SHELL32_GetSqmableFileName
SHELL32_GetThumbnailAdornerFromFactory
SHELL32_GetThumbnailAdornerFromFactory2
SHELL32_HandleUnrecognizedFileSystem
SHELL32_IconCacheCreate
SHELL32_IconCacheDestroy
SHELL32_IconCacheHandleAssociationChanged
SHELL32_IconCacheRestore
SHELL32_IconCache_AboutToExtractIcons
SHELL32_IconCache_DoneExtractingIcons
SHELL32_IconCache_ExpandEnvAndSearchPath
SHELL32_IconCache_RememberRecentlyExtractedIconsW
SHELL32_IconOverlayManagerInit
SHELL32_IsGetKeyboardLayoutPresent
SHELL32_IsSystemUpgradeInProgress
SHELL32_IsValidLinkInfo
SHELL32_LegacyEnumSpecialTasksByType
SHELL32_LegacyEnumTasks
SHELL32_LookupBackIconIndex
SHELL32_LookupFrontIconIndex
SHELL32_NormalizeRating
SHELL32_NotifyLinkTrackingServiceOfMove
SHELL32_PifMgr_CloseProperties
SHELL32_PifMgr_GetProperties
SHELL32_PifMgr_OpenProperties
SHELL32_PifMgr_SetProperties
SHELL32_Printers_CreateBindInfo
SHELL32_Printjob_GetPidl
SHELL32_PurgeSystemIcon
SHELL32_RefreshOverlayImages
SHELL32_ResolveLinkInfoW
SHELL32_SHAddSparseIcon
SHELL32_SHCreateByValueOperationInterrupt
SHELL32_SHCreateDefaultContextMenu
SHELL32_SHCreateLocalServer
SHELL32_SHCreateShellFolderView
SHELL32_SHDuplicateEncryptionInfoFile
SHELL32_SHEncryptFile
SHELL32_SHFormatDriveAsync
SHELL32_SHGetThreadUndoManager
SHELL32_SHGetUserNameW
SHELL32_SHIsVirtualDevice
SHELL32_SHLaunchPropSheet
SHELL32_SHLogILFromFSIL
SHELL32_SHOpenWithDialog
SHELL32_SHStartNetConnectionDialogW
SHELL32_SHUICommandFromGUID
SHELL32_SendToMenu_InvokeTargetedCommand
SHELL32_SendToMenu_VerifyTargetedCommand
SHELL32_ShowHideIconOnlyOnDesktop
SHELL32_SimpleRatingToFilterCondition
SHELL32_StampIconForFile
SHELL32_SuspendUndo
SHELL32_TryVirtualDiscImageDriveEject
SHELL32_VerifySaferTrust
SHEmptyRecycleBinA
SHEmptyRecycleBinW
SHEnableServiceObject
SHEnumerateUnreadMailAccountsW
SHEvaluateSystemCommandTemplate
SHExecuteErrorMessageBox
SHExtractIconsW
SHFileOperation
SHFileOperationA
SHFileOperationW
SHFindFiles
SHFind_InitMenuPopup
SHFlushSFCache
SHFormatDrive
SHFree
SHFreeNameMappings
SHGetAttributesFromDataObject
SHGetDataFromIDListA
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetDiskFreeSpaceA
SHGetDiskFreeSpaceExA
SHGetDiskFreeSpaceExW
SHGetDriveMedia
SHGetFileInfo
SHGetFileInfoA
SHGetFileInfoW
SHGetFolderLocation
SHGetFolderPathA
SHGetFolderPathAndSubDirA
SHGetFolderPathAndSubDirW
SHGetFolderPathEx
SHGetFolderPathW
SHGetIDListFromObject
SHGetIconOverlayIndexA
SHGetIconOverlayIndexW
SHGetImageList
SHGetInstanceExplorer
SHGetItemFromDataObject
SHGetItemFromObject
SHGetKnownFolderIDList
SHGetKnownFolderItem
SHGetKnownFolderPath
SHGetLocalizedName
SHGetMalloc
SHGetNameFromIDList
SHGetNewLinkInfo
SHGetNewLinkInfoA
SHGetNewLinkInfoW
SHGetPathFromIDList
SHGetPathFromIDListA
SHGetPathFromIDListEx
SHGetPathFromIDListW
SHGetPropertyStoreForWindow
SHGetPropertyStoreFromIDList
SHGetPropertyStoreFromParsingName
SHGetRealIDL
SHGetSetFolderCustomSettings
SHGetSetSettings
SHGetSettings
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHGetStockIconInfo
SHGetTemporaryPropertyForItem
SHGetUnreadMailCountW
SHHandleUpdateImage
SHHelpShortcuts_RunDLL
SHHelpShortcuts_RunDLLA
SHHelpShortcuts_RunDLLW
SHILCreateFromPath
SHInvokePrinterCommandA
SHInvokePrinterCommandW
SHIsFileAvailableOffline
SHLimitInputEdit
SHLoadInProc
SHLoadNonloadedIconOverlayIdentifiers
SHMapPIDLToSystemImageListIndex
SHMultiFileProperties
SHObjectProperties
SHOpenFolderAndSelectItems
SHOpenOrGetFolderView
SHOpenPropSheetW
SHOpenWithDialog
SHParseDisplayName
SHPathPrepareForWriteA
SHPathPrepareForWriteW
SHPropStgCreate
SHPropStgReadMultiple
SHPropStgWriteMultiple
SHQueryRecycleBinA
SHQueryRecycleBinW
SHQueryUserNotificationState
SHRemoveLocalizedName
SHReplaceFromPropSheetExtArray
SHResolveLibrary
SHRestricted
SHSetDefaultProperties
SHSetFolderPathA
SHSetFolderPathW
SHSetInstanceExplorer
SHSetKnownFolderPath
SHSetLocalizedName
SHSetTemporaryPropertyForItem
SHSetUnreadMailCountW
SHShellFolderView_Message
SHShowManageLibraryUI
SHSimpleIDListFromPath
SHStartNetConnectionDialogW
SHTestTokenMembership
SHUpdateImageA
SHUpdateImageW
SHUpdateRecycleBinIcon
SHValidateUNC
SetCurrentProcessExplicitAppUserModelID
SheChangeDirA
SheChangeDirExW
SheGetDirA
SheSetCurDrive
ShellAboutA
ShellAboutW
ShellExec_RunDLL
ShellExec_RunDLLA
ShellExec_RunDLLW
ShellExecuteA
ShellExecuteEx
ShellExecuteExA
ShellExecuteExW
ShellExecuteW
ShellHookProc
ShellMessageBoxA
ShellMessageBoxW
Shell_GetCachedImageIndex
Shell_GetCachedImageIndexA
Shell_GetCachedImageIndexW
Shell_GetImageLists
Shell_MergeMenus
Shell_NotifyIcon
Shell_NotifyIconA
Shell_NotifyIconGetRect
Shell_NotifyIconW
SignalFileOpen
StateRepoNewMenuCache_EnsureCacheAsync
StateRepoNewMenuCache_RebuildCacheAsync
StgMakeUniqueName
StrChrA
StrChrIA
StrChrIW
StrChrW
StrCmpNA
StrCmpNIA
StrCmpNIW
StrCmpNW
StrNCmpA
StrNCmpIA
StrNCmpIW
StrNCmpW
StrRChrA
StrRChrIA
StrRChrIW
StrRChrW
StrRStrA
StrRStrIA
StrRStrIW
StrRStrW
StrStrA
StrStrIA
StrStrIW
StrStrW
UsersLibrariesFolderUI_CreateInstance
WOWShellExecute
WaitForExplorerRestartW
Win32DeleteFile
WriteCabinetState

Sections

.text
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 304KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
shutdownux.dll
.dll windows:10 windows x64 arch:x64

0316a9fb4de280f0ad14ee4989cc1be3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

shutdownUX.pdb

Imports

msvcrt

??0exception@@QEAA@AEBQEBD@Z
_CxxThrowException
_vsnwprintf
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
memcpy
memmove
memcmp
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_purecall
??3@YAXPEAX@Z
memcpy_s
_callnewh
_set_errno
_get_errno
realloc
__CxxFrameHandler4
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
__CxxFrameHandler3
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
memset

shell32

ShellExecuteExW
ShellExecuteW
ord100

shlwapi

ord618
ord176
ord560
ord437
ord629
ord630
ord219

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetProcAddress
LoadLibraryExW
GetModuleHandleExW
GetModuleHandleW
LoadResource
GetModuleFileNameA
FreeLibrary
FindResourceExW
LoadStringW
LockResource

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
CreateEventExW
LeaveCriticalSection
AcquireSRWLockShared
DeleteCriticalSection
WaitForMultipleObjectsEx
WaitForSingleObjectEx
CreateMutexExW
InitializeCriticalSection
ReleaseMutex
OpenSemaphoreW
EnterCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockShared
InitializeSRWLock
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetProcessId
GetCurrentProcessId
GetExitCodeProcess
TerminateProcess
GetCurrentThread
OpenProcessToken
GetCurrentProcess
OpenThreadToken

api-ms-win-core-localization-l1-2-0

GetThreadUILanguage
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateErrorW
GetRestrictedErrorInfo
SetRestrictedErrorInfo
RoFailFastWithErrorContext
RoOriginateError

oleaut32

SysFreeString

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventRegister
EventUnregister
EventActivityIdControl

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsCreateStringReference
WindowsDeleteString
WindowsDuplicateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsGetStringRawBuffer

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemWindowsDirectoryW
GetSystemDirectoryW

cfgmgr32

CM_Is_Dock_Station_Present

api-ms-win-core-com-l1-1-0

CoCreateInstance
PropVariantClear
CoTaskMemAlloc
CoGetCallContext
CoCreateFreeThreadedMarshaler
CoTaskMemRealloc
CoGetMalloc
CoTaskMemFree

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyExW
RegQueryValueExW
RegGetValueW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

ntdll

memmove_s
wcschr
RtlFreeHeap
NtQueryInformationToken
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlInitUnicodeString
NtPowerInformation
RtlGetActiveConsoleId
_vsnprintf_s

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-shutdown-l1-1-1

InitiateShutdownW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
GetTokenInformation
DuplicateTokenEx

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics
SystemParametersInfoW

api-ms-win-rtcore-ntuser-window-l1-1-0

ShowWindow
FindWindowW
SendMessageW
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
EnumWindows
GetWindowThreadProcessId
GetWindow
GetParent
GetWindowRect
SetForegroundWindow
SetWindowPos
GetWindowTextW
EnableWindow
SetWindowTextW

api-ms-win-ntuser-rectangle-l1-1-0

OffsetRect
SetRect

winbrand

BrandingLoadImage

user32

DialogBoxParamW
EnableMenuItem
CheckDlgButton
GetDlgItem
IsDlgButtonChecked
SetThreadDpiAwarenessContext
MapWindowPoints
EndDialog
GetWindowTextLengthW
IsSETEnabled
BeginPaint
ReasonCodeNeedsComment
EndPaint
BuildReasonArray
DestroyReasons

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
skci.dll
.dll windows:10 windows x64 arch:x64

75561a7c064204c2127a9b5c3bda7d4e

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:63:a6:8f:ac:2d:80:b6:4b:b1:3a:50:e4:0e:3c:74:77:6f:bb:ba:53:1b:d5:3b:47:ed:71:78:8a:b0:21:1c
Signer

Actual PE Digest

70:63:a6:8f:ac:2d:80:b6:4b:b1:3a:50:e4:0e:3c:74:77:6f:bb:ba:53:1b:d5:3b:47:ed:71:78:8a:b0:21:1c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

skci.pdb

Imports

securekernel.exe

__C_specific_handler
SkeEnterCriticalRegion
SkAllocatePool
RtlAvlInsertNodeEx
SkInitializePushLock
qsort
SkReleasePushLockExclusive
SkAcquirePushLockShared
bsearch
qsort_s
bsearch_s
SkReleasePushLockShared
SkAcquirePushLockExclusive
RtlAvlRemoveNode
RtlCompareMemory
SkFreePool
SkeLeaveCriticalRegion
RtlImageNtHeaderEx
SeQuerySecureBootPlatformManifest
RtlUnicodeToUTF8N
SeQuerySecureBootPolicyValue
_ultow_s
RtlInitUnicodeString
SkQuerySystemTime
RtlFreeUnicodeString
SkSystemExceptionFilter
SkQuerySecureKernelInformation
SkobCreateHandle
SkmmFreeSecureAllocation
SkobCreateObject
SkobDereferenceObject
SkAllocateNormalModePool
SkFreeNormalModePool
KeRestoreExtendedProcessorState
KeBugCheckEx
RtlGetEnabledExtendedFeatures
KeSaveExtendedProcessorState
RtlGetVersion
RtlTimeFieldsToTime
atoi
isdigit
RtlAnsiStringToUnicodeString
RtlUTF8ToUnicodeN
RtlDuplicateUnicodeString
RtlCompareUnicodeString
RtlAppendUnicodeStringToString
RtlEqualUnicodeString
memset
__GSHandlerCheck
_local_unwind
memcmp
memcpy
memmove
wcscmp

Exports

Exports

SkciCompareSigningLevels
SkciCreateCodeCatalog
SkciCreateSecureImage
SkciFinalizeSecureImageHash
SkciFinishImageValidation
SkciFreeImageContext
SkciInitialize
SkciMatchHotPatch
SkciQueryImageAuthorID
SkciQueryImageUniqueID
SkciQueryInformation
SkciSetCodeIntegrityPolicy
SkciTransferVersionResource
SkciValidateAmeCertChain
SkciValidateDynamicCodePages
SkciValidateImageData

Sections

.text
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGEDATA
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGECONS
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 114B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 4KB - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
smartscreen.dll
.dll windows:5 windows x64 arch:x64

fc24141c6bde1caca9cd775e65d3bba0

Code Sign

33:00:00:03:af:30:40:0e:4c:a3:4d:05:41:00:00:00:00:03:af
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:09

Not After

14/11/2024, 19:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3e:94:7c:07:8b:9f:04:93:36:82:91:62:64:84:08:46:e6:ed:97:d7:6d:7e:5e:fb:e3:8d:81:e3:f5:ae:0a:71
Signer

Actual PE Digest

3e:94:7c:07:8b:9f:04:93:36:82:91:62:64:84:08:46:e6:ed:97:d7:6d:7e:5e:fb:e3:8d:81:e3:f5:ae:0a:71

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

smartscreen.pdb

Imports

api-ms-win-core-libraryloader-l1-2-0

FreeLibraryAndExitThread
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
LoadLibraryExW
LoadLibraryExA
DisableThreadLibraryCalls
SizeofResource
GetModuleHandleA
LockResource
LoadResource
GetModuleFileNameW
FreeLibrary

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
GetErrorMode
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree

api-ms-win-core-synch-l1-1-0

CreateMutexExW
WaitForSingleObject
ReleaseMutex
ReleaseSemaphore
AcquireSRWLockShared
CreateMutexA
TryAcquireSRWLockExclusive
CreateSemaphoreExW
EnterCriticalSection
ReleaseSRWLockShared
ReleaseSRWLockExclusive
OpenSemaphoreW
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
CreateEventExW
SetEvent
CreateEventW

api-ms-win-core-processthreads-l1-1-0

GetExitCodeThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
GetProcessTimes
ExitThread
CreateThread
GetStartupInfoW
ExitProcess
TerminateProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
CloseThreadpoolWork
FreeLibraryWhenCallbackReturns
CreateThreadpoolTimer
CreateThreadpoolWork
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-localization-l1-2-0

GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetOEMCP
IsValidCodePage
FormatMessageA
GetUserPreferredUILanguages
GetSystemPreferredUILanguages
GetThreadPreferredUILanguages
GetLocaleInfoEx
EnumSystemLocalesW
GetCPInfo
LCMapStringEx
FormatMessageW
GetACP

api-ms-win-core-featurestaging-l1-1-0

GetFeatureEnabledState
RecordFeatureError
RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification

api-ms-win-core-featurestaging-l1-1-1

GetFeatureVariant

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemInfo
GetSystemDirectoryA
GetTickCount64

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
RtlUnwind
RtlPcToFileHeader

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
GetCurrentDirectoryW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetEnvironmentVariableW
GetStdHandle
SetStdHandle
GetEnvironmentStringsW
GetEnvironmentVariableA
GetCommandLineA

api-ms-win-core-file-l1-1-0

SetFilePointerEx
SetEndOfFile
GetDriveTypeW
RemoveDirectoryW
GetFullPathNameW
GetFileSizeEx
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
FindFirstFileExW
CreateFileW
CreateDirectoryW
CreateFileA
FlushFileBuffers
GetFileAttributesExW
DeleteFileW
GetFileInformationByHandle
ReadFile
WriteFile
GetFileType

api-ms-win-eventlog-legacy-l1-1-0

ReportEventW
RegisterEventSourceW
DeregisterEventSource

api-ms-win-core-string-l1-1-0

CompareStringEx
GetStringTypeW
WideCharToMultiByte
CompareStringW
MultiByteToWideChar

dnsapi

DnsQuery_A
DnsFree

ws2_32

ntohl
ioctlsocket
gethostname
htonl
ntohs
htons
inet_ntop
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
WSAGetLastError
recv
bind
closesocket
connect
getpeername
getsockname
getsockopt
setsockopt
socket
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
accept
listen
recvfrom
sendto

api-ms-win-core-com-l1-1-0

CoCreateGuid
CoRevertToSelf
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoTaskMemFree
CLSIDFromString
StringFromGUID2
CoImpersonateClient

api-ms-win-shcore-stream-winrt-l1-1-0

CreateStreamOverRandomAccessStream

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW
LoadLibraryA

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoActivateInstance

netutils

NetApiBufferFree

wkscli

NetGetJoinInformation

api-ms-win-core-file-l1-2-0

GetTempPathW

ntdll

RtlIpv4StringToAddressExA
RtlIpv6StringToAddressExA

iphlpapi

GetAdaptersAddresses

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalFree
LocalAlloc

winhttp

WinHttpGetIEProxyConfigForCurrentUser

crypt32

PFXImportCertStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
CertDuplicateCertificateContext
CryptStringToBinaryA
CertEnumCertificatesInStore
CryptMsgGetParam
CryptFindOIDInfo
CertGetNameStringA
CertGetNameStringW
CertControlStore
CertFreeCertificateContext
CertFindCertificateInStore
CryptDecodeObject
CertCloseStore
CertOpenStore
CertGetCertificateContextProperty

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpA

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-synch-l1-2-0

InitOnceComplete
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceBeginInitialize
Sleep

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileExA

api-ms-win-core-namedpipe-l1-1-0

PeekNamedPipe

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

wldap32

ord33
ord200
ord32
ord79
ord35
ord27
ord22
ord41
ord50
ord45
ord217
ord46
ord211
ord30
ord60
ord301
ord26
ord143

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo
VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-2

VerifyVersionInfoA

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-file-l1-2-2

AreFileApisANSI

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedFlushSList
InitializeSListHead

api-ms-win-core-console-l1-1-0

ReadConsoleA
SetConsoleCtrlHandler
GetConsoleOutputCP
SetConsoleMode
WriteConsoleW
GetConsoleMode
ReadConsoleW

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FileTimeToSystemTime

api-ms-win-core-fibers-l1-1-0

FlsGetValue
FlsAlloc
FlsFree
FlsSetValue

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-fibers-l2-1-0

ConvertFiberToThread
DeleteFiber

api-ms-win-security-cryptoapi-l1-1-0

CryptGetUserKey
CryptAcquireContextW
CryptSetHashParam
CryptGetProvParam
CryptSignHashW
CryptExportKey
CryptDecrypt
CryptEnumProvidersW

bcrypt

BCryptGenRandom

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
CryptCATAdminAcquireContext
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle

oleaut32

SetErrorInfo
SysFreeString
SysStringLen
SysAllocString
GetErrorInfo

Exports

Exports

CheckAppxPackageReputation
CheckFileReputation
CheckReputation
ClearCache
EventLogger
FreeExperience
GetAppControlEnforcementLevel
GetAppReputationEnforcementLevel
GetEnforcementLevel
GetEnforcementPolicy
RegisterEventLogger
ReportLaunch
ResetLogger
SetAppControlEnforcementLevel
SetAppReputationEnforcementLevel
SetEnforcementLevel
UriReputationFactory

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 792KB - Virtual size: 791KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 620KB - Virtual size: 644KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
smartscreen.exe
.exe windows:10 windows x64 arch:x64

7cdc8023c00d4717d8ca40319ece4551

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

smartscreen.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initialize_wide_environment
_set_app_type
_errno
_get_initial_wide_environment
_initterm
_initterm_e
exit
_exit
__p___argc
_seh_filter_exe
_invalid_parameter_noinfo_noreturn
__p___wargv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
terminate
_invalid_parameter_noinfo
_initialize_onexit_table
_register_onexit_function
_crt_atexit
abort
_configure_wide_argv

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnprintf_s
__stdio_common_vswprintf
__stdio_common_vsscanf
__stdio_common_vsprintf
_set_fmode
__stdio_common_vsprintf_s
__p__commode

api-ms-win-crt-string-l1-1-0

wcsnlen
__strncnt
islower
towlower
strncmp
isspace
tolower
_wcsdup
isupper
strcpy_s
strcspn
_wcsicmp

ntdll

RtlUnwindEx
RtlLookupFunctionEntry
RtlFreeHeap
NtCreateSection
RtlPcToFileHeader
NtQuerySection
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlIpv4AddressToStringExW
RtlIpv6AddressToStringExW

combase

ord69

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameW
FreeLibrary
GetModuleHandleExW
GetModuleFileNameA
LoadLibraryExW
GetModuleHandleExA

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
WaitForSingleObjectEx
SetEvent
CreateMutexExW
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
InitializeSRWLock
AcquireSRWLockExclusive
OpenSemaphoreW
CreateEventExW
AcquireSRWLockShared
WaitForSingleObject
InitializeCriticalSectionEx
DeleteCriticalSection
ReleaseMutex
ReleaseSRWLockExclusive
CreateSemaphoreExW
TryAcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetProcessTimes
GetProcessId
OpenThreadToken
GetCurrentThread
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoEx
LCMapStringEx
GetCPInfo
GetThreadPreferredUILanguages

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsDuplicateString
WindowsCreateString
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolWork
CloseThreadpoolTimer
SubmitThreadpoolWork
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork

api-ms-win-core-featurestaging-l1-1-0

SubscribeFeatureStateChangeNotification
RecordFeatureUsage
GetFeatureEnabledState
UnsubscribeFeatureStateChangeNotification

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
GetRestrictedErrorInfo
RoOriginateError
RoOriginateErrorW
SetRestrictedErrorInfo

api-ms-win-core-com-l1-1-0

CoMarshalInterface
CoTaskMemAlloc
CoResumeClassObjects
CoRegisterClassObject
CreateStreamOnHGlobal
CoCreateInstance
CoReleaseMarshalData
CoGetCallContext
CoGetObjectContext
CoCreateFreeThreadedMarshaler
CoDecrementMTAUsage
CoRevokeClassObject
CoImpersonateClient
CoGetInterfaceAndReleaseStream
CoTaskMemFree
CoAddRefServerProcess
CoReleaseServerProcess
CoWaitForMultipleHandles
CoInitializeSecurity
CoIncrementMTAUsage
CoRevertToSelf

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
InitOnceComplete
WakeConditionVariable
InitOnceExecuteOnce
InitializeConditionVariable
SleepConditionVariableSRW
InitOnceBeginInitialize

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoGetActivationFactory
RoRegisterActivationFactories
RoInitialize
RoUninitialize

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-fibers-l1-1-0

FlsFree
FlsAlloc
FlsGetValue
FlsSetValue

smartscreen

UriReputationFactory
GetEnforcementPolicy
SetEnforcementLevel
GetEnforcementLevel
RegisterEventLogger
FreeExperience
ResetLogger
SetAppReputationEnforcementLevel
GetAppControlEnforcementLevel
SetAppControlEnforcementLevel
CheckReputation
CheckFileReputation
ClearCache
GetAppReputationEnforcementLevel
ReportLaunch
CheckAppxPackageReputation
EventLogger

api-ms-win-crt-locale-l1-1-0

_unlock_locales
_configthreadlocale
setlocale
localeconv
___lc_codepage_func
__pctype_func
___mb_cur_max_func
_lock_locales
___lc_locale_name_func
___lc_collate_cp_func

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
malloc
free
_realloc_base
_free_base
_malloc_base
_calloc_base
realloc
calloc

api-ms-win-crt-convert-l1-1-0

strtod
strtof

api-ms-win-crt-math-l1-1-0

ldexp
pow
powf
frexp
_dclass
ceilf

api-ms-win-crt-time-l1-1-0

_Strftime
_Wcsftime
_Getdays
_Getmonths
_W_Getdays
_Gettnames
_W_Gettnames
_W_Getmonths

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-file-l1-1-0

GetDriveTypeW
CreateFileW
GetLongPathNameW

api-ms-win-core-path-l1-1-0

PathAllocCanonicalize
PathAllocCombine
PathCchStripToRoot
PathCchIsRoot

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled

api-ms-win-rtcore-ntuser-window-l1-1-0

AllowSetForegroundWindow

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
RevertToSelf
GetTokenInformation

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
GetStringTypeW
CompareStringEx
MultiByteToWideChar

crypt32

CryptProtectData
CryptUnprotectData
CryptBinaryToStringW
CryptStringToBinaryW

oleaut32

SysFreeString

ws2_32

ntohs
htons

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

cJSON_AddArrayToObject
cJSON_AddBoolToObject
cJSON_AddFalseToObject
cJSON_AddItemReferenceToArray
cJSON_AddItemReferenceToObject
cJSON_AddItemToArray
cJSON_AddItemToObject
cJSON_AddItemToObjectCS
cJSON_AddNullToObject
cJSON_AddNumberToObject
cJSON_AddObjectToObject
cJSON_AddRawToObject
cJSON_AddStringToObject
cJSON_AddTrueToObject
cJSON_Compare
cJSON_CreateArray
cJSON_CreateArrayReference
cJSON_CreateBool
cJSON_CreateDoubleArray
cJSON_CreateFalse
cJSON_CreateFloatArray
cJSON_CreateIntArray
cJSON_CreateNull
cJSON_CreateNumber
cJSON_CreateObject
cJSON_CreateObjectReference
cJSON_CreateRaw
cJSON_CreateString
cJSON_CreateStringArray
cJSON_CreateStringReference
cJSON_CreateTrue
cJSON_Delete
cJSON_DeleteItemFromArray
cJSON_DeleteItemFromObject
cJSON_DeleteItemFromObjectCaseSensitive
cJSON_DetachItemFromArray
cJSON_DetachItemFromObject
cJSON_DetachItemFromObjectCaseSensitive
cJSON_DetachItemViaPointer
cJSON_Duplicate
cJSON_GetArrayItem
cJSON_GetArraySize
cJSON_GetErrorPtr
cJSON_GetNumberValue
cJSON_GetObjectItem
cJSON_GetObjectItemCaseSensitive
cJSON_GetStringValue
cJSON_HasObjectItem
cJSON_InitHooks
cJSON_InsertItemInArray
cJSON_IsArray
cJSON_IsBool
cJSON_IsFalse
cJSON_IsInvalid
cJSON_IsNull
cJSON_IsNumber
cJSON_IsObject
cJSON_IsRaw
cJSON_IsString
cJSON_IsTrue
cJSON_Minify
cJSON_Parse
cJSON_ParseWithLength
cJSON_ParseWithLengthOpts
cJSON_ParseWithOpts
cJSON_Print
cJSON_PrintBuffered
cJSON_PrintPreallocated
cJSON_PrintUnformatted
cJSON_ReplaceItemInArray
cJSON_ReplaceItemInObject
cJSON_ReplaceItemInObjectCaseSensitive
cJSON_ReplaceItemViaPointer
cJSON_SetNumberHelper
cJSON_SetValuestring
cJSON_Version
cJSON_free
cJSON_malloc

Sections

.text
Size: 452KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
smartscreenps.dll
.dll regsvr32 windows:10 windows x64 arch:x64

79eeb4a42d37c606014ff3ee87e8a3d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

smartscreenps.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
abort
_initialize_narrow_environment
_execute_onexit_table
_register_onexit_function
_cexit
_configure_narrow_argv
_seh_filter_dll
terminate
_initialize_onexit_table
_initterm
_initterm_e
_errno
_invalid_parameter_noinfo

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnprintf_s
__stdio_common_vswprintf

ntdll

RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

CreateMutexExW
ReleaseMutex
WaitForSingleObjectEx
DeleteCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
OpenSemaphoreW
WaitForSingleObject
CreateSemaphoreExW
ReleaseSemaphore
InitializeCriticalSectionEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-featurestaging-l1-1-0

SubscribeFeatureStateChangeNotification
RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-winrt-string-l1-1-0

WindowsCompareStringOrdinal
HSTRING_UserUnmarshal
HSTRING_UserSize64
HSTRING_UserMarshal64
HSTRING_UserUnmarshal64
WindowsCreateStringReference
HSTRING_UserFree
HSTRING_UserSize
HSTRING_UserFree64
HSTRING_UserMarshal

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-com-l1-1-0

CoGetClassObject
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedFlushSList

api-ms-win-core-fibers-l1-1-0

FlsFree
FlsSetValue
FlsGetValue
FlsAlloc

api-ms-win-crt-heap-l1-1-0

_callnewh
_free_base
malloc
_calloc_base
free

api-ms-win-crt-string-l1-1-0

strcpy_s

rpcrt4

NdrOleAllocate
NdrOleFree
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrDllRegisterProxy
NdrDllUnregisterProxy

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
smbwmiv2.dll
.dll regsvr32 windows:10 windows x64 arch:x64

85c4417402caaf079136cf0d8e7550ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

smbwmiv2.pdb

Imports

msvcrt

??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcmp
??3@YAXPEAX@Z
__CxxFrameHandler4
wcstok_s
memcpy
wcscat_s
qsort
_vsnwprintf_s
_vsnwprintf
_CxxThrowException
_vsnprintf_s
memset
_wcsicmp
wcsncmp
wcsncat_s
??1type_info@@UEAA@XZ
_onexit
wcsncpy_s
wcschr
memcpy_s
__dllonexit
_unlock
wcscmp
_lock
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
memmove_s
??0exception@@QEAA@AEBV0@@Z
malloc
free
swprintf_s

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadLibraryExW
GetProcAddress
LoadStringW
DisableThreadLibraryCalls
GetModuleFileNameA
FreeLibrary
GetModuleHandleW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation
EventWriteTransfer

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
CreateSemaphoreExW
InitializeCriticalSectionEx
WaitForSingleObject
InitializeSRWLock
ReleaseSemaphore
ReleaseMutex
DeleteCriticalSection
TryAcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
ReleaseSRWLockShared
CreateMutexExW
OpenSemaphoreW
AcquireSRWLockShared
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorGroup
MakeSelfRelativeSD
AccessCheck
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
EqualSid
MakeAbsoluteSD
AddAccessDeniedAce
GetAce
DeleteAce
AddAce
ImpersonateLoggedOnUser
DuplicateTokenEx
GetLengthSid
FreeSid
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
SetSecurityDescriptorOwner
AllocateAndInitializeSid
AdjustTokenPrivileges

srvcli

LocalServerCertificateMappingRemove
LocalShareGetInfoEx
LocalShareDelEx
LocalServerCertificateMappingEnum
LocalServerCertificateMappingGet
LocalServerCertificateMappingAceRemove
LocalServerCertificateMappingModify
LocalServerCertificateMappingAdd
LocalServerCertificateMappingAceAdd
LocalShareAdd
LocalShareSetInfo
LocalSessionDel
LocalSessionGetInfoEx
LocalSessionEnumEx
LocalShareEnumEx
LocalFileEnumEx
LocalFileClose
LocalFileGetInfoEx

api-ms-win-core-file-l1-1-0

GetDriveTypeW
GetVolumePathNameW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

netutils

NetApiBufferFree

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
OpenThreadToken
TerminateProcess
GetCurrentProcess
GetCurrentThread

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegGetValueW
RegSetValueExW

mpr

WNetEnumResourceW
WNetCloseEnum
WNetOpenEnumW
WNetCancelConnection2W
WNetGetConnectionW
WNetAddConnection4W

wkscli

NetpWkstaClientCertificateMappingEnum
NetpWkstaClientCertificateMappingModify
NetpWkstaClientCertificateMappingRemove
NetWkstaUserGetInfo
NetpWkstaClientCertificateMappingAdd
NetpWkstaClientCertificateMappingGet
NetUseDel
NetUseAdd
NetUseEnum
NetUseGetInfo

sspicli

SspiEncodeStringsAsAuthIdentity
SspiFreeAuthIdentity
SspiLocalFree
SspiMarshalAuthIdentity

samcli

NetUserGetInfo

iphlpapi

GetAdaptersAddresses
ConvertInterfaceGuidToLuid
ConvertInterfaceLuidToGuid
ConvertInterfaceIndexToLuid
ConvertInterfaceLuidToIndex
ConvertInterfaceLuidToAlias
ConvertInterfaceAliasToLuid

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueue
DeleteTimerQueueTimer

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

ntdll

NtCreateEvent
NtFsControlFile
RtlRaiseStatus
RtlFreeUnicodeString
RtlCompareUnicodeString
WinSqmIncrementDWORD
RtlLengthRequiredSid
RtlSubAuthoritySid
RtlInitializeSid
RtlIpv6AddressToStringExW
NtOpenFile
NtCreateFile
RtlIpv4AddressToStringExW
NtClose
RtlLengthSecurityDescriptor
RtlVerifyVersionInfo
RtlGUIDFromString
RtlInitUnicodeString
RtlStringFromGUID
RtlNtStatusToDosError
RtlInt64ToUnicodeString
ZwQueryLicenseValue
RtlGetPersistedStateLocation
RtlIsStateSeparationEnabled
RtlGetNtProductType
NtWaitForSingleObject

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main

Sections

.text
Size: 188KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
spoolss.dll
.dll windows:10 windows x64 arch:x64

85ca1531bf286cabc27fff998438af68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

spoolss.pdb

Imports

msvcrt

??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
wcsrchr
_vsnprintf_s
_purecall
memcpy
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
__CxxFrameHandler3
memcpy_s
_initterm
_amsg_exit
_vsnwprintf
_XcptFilter
free
_callnewh
malloc
__C_specific_handler
??1exception@@UEAA@XZ
memcmp
_CxxThrowException
__CxxFrameHandler4
memmove_s
memset

api-ms-win-security-base-l1-1-0

GetAclInformation
GetSecurityDescriptorLength
AllocateAndInitializeSid
GetSecurityDescriptorDacl
GetTokenInformation
GetLengthSid
GetAce
AddAce
AddAccessAllowedAce
FreeSid
MakeSelfRelativeSD
SetSecurityDescriptorGroup
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetSecurityDescriptorOwner
InitializeAcl

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
TerminateProcess
GetCurrentThreadId
ExitProcess
GetCurrentThread
OpenProcessToken
SetThreadToken
GetCurrentProcessId
GetCurrentProcess
OpenThreadToken

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FreeLibrary
GetProcAddress
GetModuleHandleExW
GetModuleFileNameW
LoadLibraryExW
GetModuleFileNameA

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
InitializeCriticalSection
AcquireSRWLockShared
DeleteCriticalSection
CreateSemaphoreExW
EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSectionEx
CreateMutexExW
ReleaseSRWLockShared
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
OpenSemaphoreW
SetEvent
CreateEventW
InitializeCriticalSectionAndSpinCount

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntdll

EtwEventEnabled
EtwEventUnregister
EtwEventRegister
EtwTraceMessage
EtwEventWrite

Exports

Exports

AbortPrinter
AddFormW
AddJobW
AddMonitorW
AddPerMachineConnectionW
AddPortExW
AddPortW
AddPrintDeviceObject
AddPrintProcessorW
AddPrintProvidorW
AddPrinterConnectionW
AddPrinterDriverExW
AddPrinterDriverW
AddPrinterExW
AddPrinterW
AdjustPointers
AdjustPointersInStructuresArray
AlignKMPtr
AlignRpcPtr
AllocSplStr
AllowRemoteCalls
AppendPrinterNotifyInfoData
BuildOtherNamesFromMachineName
CacheAddName
CacheCreateAndAddNode
CacheCreateAndAddNodeWithIPAddresses
CacheDeleteNode
CacheIsNameCluster
CacheIsNameInNodeList
CallDrvDevModeConversion
CallRouterFindFirstPrinterChangeNotification
CheckLocalCall
ClosePrinter
ConfigurePortW
CreatePrinterIC
DeleteFormW
DeleteJobNamedProperty
DeleteMonitorW
DeletePerMachineConnectionW
DeletePortW
DeletePrintProcessorW
DeletePrintProvidorW
DeletePrinter
DeletePrinterConnectionW
DeletePrinterDataExW
DeletePrinterDataW
DeletePrinterDriverExW
DeletePrinterDriverW
DeletePrinterIC
DeletePrinterKeyW
DllAllocSplMem
DllAllocSplStr
DllFreeSplMem
DllFreeSplStr
DllMain
DllReallocSplMem
DllReallocSplStr
EndDocPrinter
EndPagePrinter
EnumFormsW
EnumJobsW
EnumMonitorsW
EnumPerMachineConnectionsW
EnumPortsW
EnumPrintProcessorDatatypesW
EnumPrintProcessorsW
EnumPrinterDataExW
EnumPrinterDataW
EnumPrinterDriversW
EnumPrinterKeyW
EnumPrintersW
FindClosePrinterChangeNotification
FlushPrinter
FormatPrinterForRegistryKey
FormatRegistryKeyForPrinter
FreeOtherNames
FreePrintPropertyValue
GetFormW
GetJobAttributes
GetJobAttributesEx
GetJobNamedPropertyValue
GetJobW
GetNetworkId
GetPrintProcessorDirectoryW
GetPrinterDataExW
GetPrinterDataW
GetPrinterDriverDirectoryW
GetPrinterDriverExW
GetPrinterDriverW
GetPrinterW
GetServerPolicy
GetShrinkedSize
GetSpoolerTlsIndexes
ImpersonatePrinterClient
InitializeRouter
IsNameTheLocalMachineOrAClusterSpooler
IsNamedPipeRpcCall
MIDL_user_allocate1
MIDL_user_free1
MakeOffset
MakePTR
MarshallDownStructure
MarshallDownStructuresArray
MarshallUpStructure
MarshallUpStructuresArray
OldGetPrinterDriverW
OpenPrinter2W
OpenPrinterExW
OpenPrinterPort2W
OpenPrinterPortWithClientInfo
OpenPrinterW
PackStringToEOB
PackStrings
PartialReplyPrinterChangeNotification
PlayGdiScriptOnPrinterIC
PrinterHandleRundown
PrinterMessageBoxW
ProvidorFindClosePrinterChangeNotification
ProvidorFindFirstPrinterChangeNotification
ReadPrinter
ReallocSplMem
ReallocSplStr
RemoteFindFirstPrinterChangeNotification
RemovePrintDeviceObject
ReplyClosePrinter
ReplyOpenPrinter
ReplyPrinterChangeNotification
ReplyPrinterChangeNotificationEx
ReportJobProcessingProgress
ResetPrinterW
RevertToPrinterSelf
RouterAddPrinterConnection2
RouterAllocBidiMem
RouterAllocBidiResponseContainer
RouterAllocPrinterNotifyInfo
RouterBroadcastMessage
RouterCorePrinterDriverInstalled
RouterCreatePrintAsyncNotificationChannel
RouterDeletePrinterDriverPackage
RouterFindCompatibleDriver
RouterFindFirstPrinterChangeNotification
RouterFindNextPrinterChangeNotification
RouterFreeBidiMem
RouterFreeBidiResponseContainer
RouterFreePrinterNotifyInfo
RouterGetCorePrinterDrivers
RouterGetPrintClassObject
RouterGetPrinterDriverPackagePath
RouterInstallPrinterDriverFromPackage
RouterInstallPrinterDriverPackageFromConnection
RouterInternalGetPrinterDriver
RouterRefreshPrinterChangeNotification
RouterRegisterForPrintAsyncNotifications
RouterReplyPrinter
RouterSpoolerSetPolicy
RouterUnregisterForPrintAsyncNotifications
RouterUploadPrinterDriverPackage
ScheduleJob
SeekPrinter
SendRecvBidiData
SetFormW
SetJobNamedProperty
SetJobW
SetPortW
SetPrinterDataExW
SetPrinterDataW
SetPrinterW
SplCloseSpoolFileHandle
SplCommitSpoolData
SplDriverUnloadComplete
SplGetClientUserHandle
SplGetSpoolFileInfo
SplGetUserSidStringFromToken
SplInitializeWinSpoolDrv
SplIsSessionZero
SplIsUpgrade
SplProcessPnPEvent
SplProcessSessionEvent
SplPromptUIInUsersSession
SplQueryUserInfo
SplReadPrinter
SplRegisterForDeviceEvents
SplRegisterForSessionEvents
SplShutDownRouter
SplUalCollectData
SplUnregisterForDeviceEvents
SplUnregisterForSessionEvents
SpoolerFindClosePrinterChangeNotification
SpoolerFindFirstPrinterChangeNotification
SpoolerFindNextPrinterChangeNotification
SpoolerFreePrinterNotifyInfo
SpoolerHasInitialized
SpoolerInit
SpoolerRefreshPrinterChangeNotification
StartDocPrinterW
StartPagePrinter
UndoAlignKMPtr
UndoAlignRpcPtr
UpdateBufferSize
UpdatePrintDeviceObject
UpdatePrinterRegAll
UpdatePrinterRegAllEx
UpdatePrinterRegUser
WaitForPrinterChange
WaitForSpoolerInitialization
WritePrinter
XcvDataW
bGetDevModePerUser
bSetDevModePerUser

Sections

.text
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
spoolsv.exe
.exe windows:10 windows x64 arch:x64

2b67a6339c3e75b0bca437fa4271db0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

spoolsv.pdb

Imports

user32

TranslateMessage
SendNotifyMessageW
RegisterDeviceNotificationW
UnregisterDeviceNotification
MsgWaitForMultipleObjects
DispatchMessageW
UnregisterPowerSettingNotification
PeekMessageW
RegisterPowerSettingNotification

msvcrt

exit
__set_app_type
_cexit
__setusermatherr
_initterm
_fmode
__getmainargs
_amsg_exit
_commode
_lock
_XcptFilter
_unlock
_exit
free
_callnewh
malloc
_stricmp
__C_specific_handler
memmove_s
_purecall
memcpy_s
_vsnwprintf
_onexit
wcschr
memcmp
_wcsnicmp
wcsstr
memcpy
memmove
towupper
swprintf_s
_strnicmp
towlower
__CxxFrameHandler3
?terminate@@YAXXZ
_wcsicmp
__dllonexit
memset

ntdll

NtQueryValueKey
NtOpenKeyEx
NtDeleteKey
NtQueryLicenseValue
NtSetInformationThread
NtQueryWnfStateData
RtlIsThreadWithinLoaderCallout
NtOpenThreadToken
NtClose
NtOpenProcessToken
RtlFreeHeap
RtlInitUnicodeString
NtSetInformationToken
RtlAllocateHeap
RtlIpv4StringToAddressExW
RtlIpv6StringToAddressExW
EtwEventWrite
EtwEventEnabled
RtlIpv4AddressToStringW
TpAllocPool
TpReleaseAlpcCompletion
TpWaitForAlpcCompletion
TpReleaseIoCompletion
TpWaitForIoCompletion
TpReleaseTimer
TpWaitForTimer
TpReleaseWait
TpWaitForWait
TpReleaseWork
TpWaitForWork
TpAllocAlpcCompletion
TpStartAsyncIoOperation
TpAllocIoCompletion
TpSetTimer
TpAllocTimer
TpAllocWait
TpPostWork
TpAllocWork
RtlNtStatusToDosError
TpSimpleTryPost
TpSetWait
TpCallbackMayRunLong
TpReleasePool
RtlReportException
RtlVirtualUnwind
WinSqmIsOptedIn
WinSqmSetDWORD
WinSqmAddToStreamEx
WinSqmIncrementDWORD
RtlLookupFunctionEntry
RtlCaptureContext
RtlValidRelativeSecurityDescriptor
EtwEventWriteTransfer
NtQuerySystemInformation
EtwEventRegister
EtwEventUnregister
EtwUnregisterTraceGuids
EtwEventSetInformation
EtwGetTraceEnableFlags
EtwTraceMessage
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlIpv6AddressToStringW

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
AcquireSRWLockExclusive
OpenSemaphoreW
ReleaseSRWLockExclusive
ReleaseMutex
ResetEvent
InitializeCriticalSectionEx
ReleaseSemaphore
CreateSemaphoreExW
ReleaseSRWLockShared
OpenEventW
WaitForSingleObject
AcquireSRWLockShared
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateMutexW
CreateEventW
SetEvent
LeaveCriticalSection
CreateMutexExW
EnterCriticalSection
InitializeCriticalSection

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentThreadId
CreateThread
GetCurrentProcessId
TlsSetValue
TlsGetValue
TlsFree
SetPriorityClass
ExitProcess
ExitThread
OpenThreadToken
GetCurrentThread
TerminateProcess
CreateProcessAsUserW
SetThreadToken
TlsAlloc
GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1

OpenProcess
SetProcessMitigationPolicy

api-ms-win-core-errorhandling-l1-1-0

GetErrorMode
SetErrorMode
SetUnhandledExceptionFilter
SetLastError
RaiseException
GetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegGetValueW
RegDeleteKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegDisablePredefinedCacheEx
RegQueryValueExW
RegSetKeySecurity
RegOpenKeyExW
RegGetKeySecurity
RegEnumValueW
RegSetValueExW
RegOpenCurrentUser
RegCloseKey
RegEnumKeyExW
RegDeleteValueW

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime
GetTickCount
GetSystemWindowsDirectoryW
GetSystemTime

api-ms-win-core-synch-l1-2-0

Sleep
SleepConditionVariableSRW
WakeAllConditionVariable
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSetInformation
HeapCreate
HeapDestroy
HeapFree
GetProcessHeap

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

rpcrt4

RpcServerUnsubscribeForNotification
RpcServerSubscribeForNotification
I_RpcExceptionFilter
RpcServerTestCancel
RpcAsyncAbortCall
RpcSsContextLockExclusive
RpcServerInterfaceGroupCreateW
RpcServerRegisterAuthInfoW
RpcServerInqDefaultPrincNameW
RpcMgmtSetServerStackSize
I_RpcBindingIsClientLocal
RpcRevertToSelf
RpcImpersonateClient
RpcSmDestroyClientContext
NdrClientCall3
NdrServerCall2
RpcServerInqCallAttributesW
RpcServerInqBindingHandle
RpcServerInterfaceGroupActivate
RpcBindingFromStringBindingW
I_RpcSessionStrictContextHandle
I_RpcBindingInqTransportType
RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
RpcServerInterfaceGroupDeactivate
RpcBindingToStringBindingW
RpcRaiseException
RpcStringBindingParseW
RpcObjectSetType
RpcBindingVectorFree
Ndr64AsyncClientCall
RpcBindingServerFromClient
RpcBindingInqAuthClientW
RpcEpRegisterW
RpcServerInqBindings
RpcServerRegisterIf
RpcServerRegisterIf2
RpcAsyncCompleteCall
RpcRevertToSelfEx
Ndr64AsyncServerCallAll
RpcBindingFree
RpcStringFreeW
NdrAsyncServerCall
NdrServerCallAll

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SubmitThreadpoolWork
WaitForThreadpoolTimerCallbacks
WaitForThreadpoolWorkCallbacks
CreateThreadpoolTimer
CloseThreadpoolWork
CreateThreadpoolWork
SetThreadpoolTimer

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorDacl
IsWellKnownSid
GetAce
AddAccessDeniedAceEx
CreateWellKnownSid
ImpersonateLoggedOnUser
AddAce
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAceEx
CheckTokenMembership
GetTokenInformation
RevertToSelf
SetTokenInformation
DuplicateTokenEx
DuplicateToken
GetLengthSid
CopySid
FreeSid
AllocateAndInitializeSid
GetAclInformation
EqualSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetSecurityDescriptorDacl

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

gdi32

GdiDisableUMPDSandboxing

kernelbase

LocalAlloc
GetIsEdpEnabled
lstrcmpiW

kernel32

FreeLibrary
LoadLibraryExW
GetTickCount64
AddVectoredExceptionHandler
GetComputerNameW

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

dsrole

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte

api-ms-win-core-file-l1-1-0

GetTempFileNameW
ReadFile
DeleteFileW
CreateFileW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

dnsapi

DnsQuery_W
DnsFree

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

bcrypt

BCryptOpenAlgorithmProvider
BCryptCreateHash
BCryptGetProperty
BCryptDestroyHash
BCryptHashData
BCryptFinishHash
BCryptCloseAlgorithmProvider

Exports

Exports

GetSpoolerTlsIndexes
PrvAbortPrinter
PrvAddFormW
PrvAddJobW
PrvAddMonitorW
PrvAddPerMachineConnectionW
PrvAddPortExW
PrvAddPortW
PrvAddPrintProcessorW
PrvAddPrintProvidorW
PrvAddPrinterConnectionW
PrvAddPrinterDriverExW
PrvAddPrinterDriverW
PrvAddPrinterExW
PrvAddPrinterW
PrvAdjustPointers
PrvAdjustPointersInStructuresArray
PrvAlignKMPtr
PrvAlignRpcPtr
PrvAllocSplStr
PrvAllowRemoteCalls
PrvAppendPrinterNotifyInfoData
PrvBuildOtherNamesFromMachineName
PrvCacheAddName
PrvCacheCreateAndAddNode
PrvCacheCreateAndAddNodeWithIPAddresses
PrvCacheDeleteNode
PrvCacheIsNameCluster
PrvCacheIsNameInNodeList
PrvCallDrvDevModeConversion
PrvCallRouterFindFirstPrinterChangeNotification
PrvCheckLocalCall
PrvClosePrinter
PrvConfigurePortW
PrvCreatePrinterIC
PrvDeleteFormW
PrvDeleteJobNamedProperty
PrvDeleteMonitorW
PrvDeletePerMachineConnectionW
PrvDeletePortW
PrvDeletePrintProcessorW
PrvDeletePrintProvidorW
PrvDeletePrinter
PrvDeletePrinterConnectionW
PrvDeletePrinterDataExW
PrvDeletePrinterDataW
PrvDeletePrinterDriverExW
PrvDeletePrinterDriverW
PrvDeletePrinterIC
PrvDeletePrinterKeyW
PrvDllAllocSplMem
PrvDllAllocSplStr
PrvDllFreeSplMem
PrvDllFreeSplStr
PrvDllReallocSplMem
PrvDllReallocSplStr
PrvEndDocPrinter
PrvEndPagePrinter
PrvEnumFormsW
PrvEnumJobsW
PrvEnumMonitorsW
PrvEnumPerMachineConnectionsW
PrvEnumPortsW
PrvEnumPrintProcessorDatatypesW
PrvEnumPrintProcessorsW
PrvEnumPrinterDataExW
PrvEnumPrinterDataW
PrvEnumPrinterDriversW
PrvEnumPrinterKeyW
PrvEnumPrintersW
PrvFindClosePrinterChangeNotification
PrvFlushPrinter
PrvFormatPrinterForRegistryKey
PrvFormatRegistryKeyForPrinter
PrvFreeOtherNames
PrvFreePrintPropertyValue
PrvGetFormW
PrvGetJobAttributes
PrvGetJobAttributesEx
PrvGetJobNamedPropertyValue
PrvGetJobW
PrvGetNetworkId
PrvGetPrintProcessorDirectoryW
PrvGetPrinterDataExW
PrvGetPrinterDataW
PrvGetPrinterDriverDirectoryW
PrvGetPrinterDriverExW
PrvGetPrinterDriverW
PrvGetPrinterW
PrvGetServerPolicy
PrvGetShrinkedSize
PrvGetSpoolerTlsIndexes
PrvImpersonatePrinterClient
PrvInitializeRouter
PrvIsNameTheLocalMachineOrAClusterSpooler
PrvIsNamedPipeRpcCall
PrvMIDL_user_allocate
PrvMIDL_user_allocate1
PrvMIDL_user_free
PrvMIDL_user_free1
PrvMarshallDownStructure
PrvMarshallDownStructuresArray
PrvMarshallUpStructure
PrvMarshallUpStructuresArray
PrvOldGetPrinterDriverW
PrvOpenPrinter2W
PrvOpenPrinterExW
PrvOpenPrinterPort2W
PrvOpenPrinterPortWithClientInfo
PrvOpenPrinterW
PrvPackStrings
PrvPartialReplyPrinterChangeNotification
PrvPlayGdiScriptOnPrinterIC
PrvPrinterHandleRundown
PrvPrinterMessageBoxW
PrvProvidorFindClosePrinterChangeNotification
PrvProvidorFindFirstPrinterChangeNotification
PrvReadPrinter
PrvReallocSplMem
PrvReallocSplStr
PrvRemoteFindFirstPrinterChangeNotification
PrvReplyClosePrinter
PrvReplyOpenPrinter
PrvReplyPrinterChangeNotification
PrvReplyPrinterChangeNotificationEx
PrvReportJobProcessingProgress
PrvResetPrinterW
PrvRevertToPrinterSelf
PrvRouterAddPrinterConnection2
PrvRouterAllocBidiMem
PrvRouterAllocBidiResponseContainer
PrvRouterAllocPrinterNotifyInfo
PrvRouterBroadcastMessage
PrvRouterCorePrinterDriverInstalled
PrvRouterCreatePrintAsyncNotificationChannel
PrvRouterDeletePrinterDriverPackage
PrvRouterFindCompatibleDriver
PrvRouterFindFirstPrinterChangeNotification
PrvRouterFindNextPrinterChangeNotification
PrvRouterFreeBidiMem
PrvRouterFreeBidiResponseContainer
PrvRouterFreePrinterNotifyInfo
PrvRouterGetCorePrinterDrivers
PrvRouterGetPrintClassObject
PrvRouterGetPrinterDriverPackagePath
PrvRouterInstallPrinterDriverFromPackage
PrvRouterInstallPrinterDriverPackageFromConnection
PrvRouterInternalGetPrinterDriver
PrvRouterRefreshPrinterChangeNotification
PrvRouterRegisterForPrintAsyncNotifications
PrvRouterReplyPrinter
PrvRouterSpoolerSetPolicy
PrvRouterUnregisterForPrintAsyncNotifications
PrvRouterUploadPrinterDriverPackage
PrvScheduleJob
PrvSeekPrinter
PrvSendRecvBidiData
PrvSetFormW
PrvSetJobNamedProperty
PrvSetJobW
PrvSetPortW
PrvSetPrinterDataExW
PrvSetPrinterDataW
PrvSetPrinterW
PrvSplCloseSpoolFileHandle
PrvSplCommitSpoolData
PrvSplDriverUnloadComplete
PrvSplGetClientUserHandle
PrvSplGetSpoolFileInfo
PrvSplGetUserSidStringFromToken
PrvSplInitializeWinSpoolDrv
PrvSplIsSessionZero
PrvSplIsUpgrade
PrvSplProcessPnPEvent
PrvSplProcessSessionEvent
PrvSplPromptUIInUsersSession
PrvSplQueryUserInfo
PrvSplReadPrinter
PrvSplRegisterForDeviceEvents
PrvSplRegisterForSessionEvents
PrvSplShutDownRouter
PrvSplUnregisterForDeviceEvents
PrvSplUnregisterForSessionEvents
PrvSpoolerFindClosePrinterChangeNotification
PrvSpoolerFindFirstPrinterChangeNotification
PrvSpoolerFindNextPrinterChangeNotification
PrvSpoolerFreePrinterNotifyInfo
PrvSpoolerHasInitialized
PrvSpoolerInit
PrvSpoolerRefreshPrinterChangeNotification
PrvStartDocPrinterW
PrvStartPagePrinter
PrvUndoAlignKMPtr
PrvUndoAlignRpcPtr
PrvUpdateBufferSize
PrvUpdatePrinterRegAll
PrvUpdatePrinterRegAllEx
PrvUpdatePrinterRegUser
PrvWaitForPrinterChange
PrvWaitForSpoolerInitialization
PrvWritePrinter
PrvXcvDataW
PrvbGetDevModePerUser
PrvbSetDevModePerUser
RouterLogJobInfoForBranchOffice
ServerGetPrintClassObject
SplUalCollectData
YAbortPrinter
YAddJob
YDriverUnloadComplete
YEndDocPrinter
YEndPagePrinter
YFlushPrinter
YGetPrinter
YGetPrinterDriver2
YGetPrinterDriverDirectory
YReadPrinter
YSeekPrinter
YSetJob
YSetPort
YSetPrinter
YSplReadPrinter
YStartDocPrinter
YStartPagePrinter
YWritePrinter

Sections

.text
Size: 556KB - Virtual size: 553KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 236KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sppc.dll
.dll windows:10 windows x64 arch:x64

99432d02d8bf51b476ab04120f3f05fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sppc.pdb

Imports

msvcrt

_initterm
_XcptFilter
_amsg_exit
_unlock
__dllonexit
malloc
_onexit
memmove
_lock
__C_specific_handler
_vsnwprintf
_purecall
free
memcmp
memcpy
memset

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
GetModuleHandleExW
DisableThreadLibraryCalls
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx
NotifyServiceStatusChangeW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
CreateThread
ProcessIdToSessionId
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetThreadPriority
SetThreadToken
TerminateProcess
GetCurrentProcess
OpenThreadToken

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-synch-l1-1-0

WaitForMultipleObjectsEx
DeleteCriticalSection
ReleaseSemaphore
SetEvent
OpenMutexW
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
CreateMutexW
CreateEventW
ReleaseMutex
LeaveCriticalSection
WaitForSingleObject

api-ms-win-core-memory-l1-1-0

VirtualQuery

api-ms-win-core-psapi-l1-1-0

K32GetModuleInformation
K32EnumProcessModules

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

rpcrt4

UuidCreate
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingFree
I_RpcExceptionFilter
I_RpcMapWin32Status
NdrClientCall3

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

RevertToSelf
FreeSid
AllocateAndInitializeSid

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW
OpenServiceW

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW
WaitForMultipleObjects

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

GetProcessAffinityMask

Exports

Exports

SLCallServer
SLClose
SLConsumeRight
SLDepositMigrationBlob
SLDepositOfflineConfirmationId
SLDepositOfflineConfirmationIdEx
SLDepositStoreToken
SLFireEvent
SLGatherMigrationBlob
SLGatherMigrationBlobEx
SLGenerateOfflineInstallationId
SLGenerateOfflineInstallationIdEx
SLGetActiveLicenseInfo
SLGetApplicationInformation
SLGetApplicationPolicy
SLGetAuthenticationResult
SLGetEncryptedPIDEx
SLGetGenuineInformation
SLGetInstalledProductKeyIds
SLGetLicense
SLGetLicenseFileId
SLGetLicenseInformation
SLGetLicensingStatusInformation
SLGetPKeyId
SLGetPKeyInformation
SLGetPolicyInformation
SLGetPolicyInformationDWORD
SLGetProductSkuInformation
SLGetSLIDList
SLGetServiceInformation
SLInstallLicense
SLInstallProofOfPurchase
SLInstallProofOfPurchaseEx
SLIsGenuineLocalEx
SLLoadApplicationPolicies
SLOpen
SLPersistApplicationPolicies
SLPersistRTSPayloadOverride
SLReArm
SLRegisterEvent
SLRegisterPlugin
SLSetAuthenticationData
SLSetCurrentProductKey
SLSetGenuineInformation
SLUninstallLicense
SLUninstallProofOfPurchase
SLUnloadApplicationPolicies
SLUnregisterEvent
SLUnregisterPlugin
SLpAuthenticateGenuineTicketResponse
SLpBeginGenuineTicketTransaction
SLpClearActivationInProgress
SLpDepositDownlevelGenuineTicket
SLpDepositTokenActivationResponse
SLpGenerateTokenActivationChallenge
SLpGetGenuineBlob
SLpGetGenuineLocal
SLpGetLicenseAcquisitionInfo
SLpGetMSPidInformation
SLpGetMachineUGUID
SLpGetTokenActivationGrantInfo
SLpIAActivateProduct
SLpIsCurrentInstalledProductKeyDefaultKey
SLpProcessVMPipeMessage
SLpSetActivationInProgress
SLpTriggerServiceWorker
SLpVLActivateProduct

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sppcext.dll
.dll windows:10 windows x64 arch:x64

16f2fdfbf515051766f0cf6b4967a637

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sppcext.pdb

Imports

msvcrt

?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_errno
_ultoa_s
_itoa_s
swprintf_s
calloc
_msize
memcpy_s
__CxxFrameHandler4
wcscmp
_CxxThrowException
memcmp
memcpy
memmove
realloc
_ui64toa_s
_wtoi
memmove_s
wcstod
_HUGE
_wcstoui64
_set_errno
_wcstoi64
_get_errno
_fpclass
_gcvt_s
_i64toa_s
iswspace
memset
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
wcsncmp
towlower
wcschr
_wcsnicmp
_wcsicmp
swscanf
_purecall
_vsnwprintf

api-ms-win-core-heap-l1-1-0

HeapDestroy
GetProcessHeap
HeapSize
HeapAlloc
HeapReAlloc
HeapFree

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameW
FreeLibraryAndExitThread
FreeLibrary
GetModuleHandleW
LoadLibraryExW
GetProcAddress
GetModuleHandleExW

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalFree
LocalAlloc
GlobalAlloc

oleaut32

SysStringLen
SafeArrayCreateVector
SafeArrayDestroy
SysAllocStringLen
SysFreeString
SafeArrayUnaccessData
VariantInit
VariantClear
SafeArrayAccessData
SysAllocString

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoCreateInstance

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegSetKeySecurity
RegSetValueExW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey

rpcrt4

RpcStringFreeW
UuidToStringW

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemDirectoryW
GetTickCount64
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
CloseServiceHandle

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorDacl
GetSecurityDescriptorControl

api-ms-win-core-file-l1-1-0

CreateDirectoryW
GetFileAttributesW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
SetThreadPriority
GetCurrentThread
CreateThread
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree
UnmapViewOfFile
VirtualQuery

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
InitializeCriticalSectionAndSpinCount

crypt32

CryptImportPublicKeyInfoEx
CertSaveStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertOpenStore
CertGetCertificateContextProperty
CertGetCertificateChain
CryptDecodeObjectEx
CertCloseStore
CryptAcquireCertificatePrivateKey
CertFreeCertificateChain
CertGetEnhancedKeyUsage
CertFindExtension
CertDuplicateCertificateContext
CertFreeCertificateContext
CryptFindOIDInfo
CertVerifyCertificateChainPolicy

api-ms-win-core-localization-l1-2-0

LCMapStringW
LCMapStringEx

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlAddFunctionTable
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlDeleteFunctionTable

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

sppc

SLpAuthenticateGenuineTicketResponse
SLpGetGenuineBlob
SLpBeginGenuineTicketTransaction
SLpDepositTokenActivationResponse
SLpGenerateTokenActivationChallenge
SLpGetTokenActivationGrantInfo
SLpTriggerServiceWorker
SLGetPKeyInformation
SLGetApplicationInformation
SLpIsCurrentInstalledProductKeyDefaultKey
SLpIAActivateProduct
SLGetPKeyId
SLUninstallProofOfPurchase
SLGetLicenseFileId
SLInstallProofOfPurchase
SLpVLActivateProduct
SLGetSLIDList
SLGetLicensingStatusInformation
SLpClearActivationInProgress
SLOpen
SLpSetActivationInProgress
SLSetGenuineInformation
SLGetGenuineInformation
SLGetProductSkuInformation
SLUninstallLicense
SLInstallLicense
SLCallServer
SLpGetLicenseAcquisitionInfo
SLClose

advapi32

CryptGetUserKey
CryptCreateHash
CryptSetProvParam
CryptHashData
CryptSignHashW
RegDeleteKeyW
RegEnumKeyW
CryptVerifySignatureW
SetNamedSecurityInfoW
DeregisterEventSource
CryptDestroyKey
ReportEventW
CryptGetProvParam
CryptAcquireContextW
CryptGetKeyParam
RegisterEventSourceW
CryptGenRandom
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext

kernel32

CreateEventW
CreateSemaphoreW
RaiseException
ReleaseSemaphore
SetEvent
PackageNameAndPublisherIdFromFamilyName

ntdll

NtQuerySystemInformation

winscard

SCardFreeMemory
SCardEstablishContext
SCardReleaseContext
SCardGetStatusChangeW
SCardListReadersW
SCardListCardsW
SCardGetCardTypeProviderNameW

winhttp

WinHttpReadData
WinHttpReceiveResponse
WinHttpConnect
WinHttpSendRequest
WinHttpCrackUrl
WinHttpSetOption
WinHttpSetTimeouts
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpenRequest

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
SLAcquireGenuineTicket
SLAcquireGenuineTicketForAppId
SLActivateProduct
SLDepositTokenActivationResponse
SLFreeTokenActivationCertificates
SLFreeTokenActivationGrants
SLGenerateTokenActivationChallenge
SLGetGenuineInformationEx
SLGetPackageProductKey
SLGetPackageProperties
SLGetPackageToken
SLGetReferralInformation
SLGetServerStatus
SLGetTokenActivationCertificates
SLGetTokenActivationGrants
SLInitialize
SLInstallPackage
SLSignTokenActivationChallenge
SLUninstallPackage

Sections

.text
Size: 460KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sppobjs.dll
.dll windows:10 windows x64 arch:x64

cb4561798b6fc7502c86573e26233b9c

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:fd:d6:94:f9:39:f2:68:75:30:18:20:0a:bb:2b:db:c7:93:e7:ed:45:40:6c:a4:83:49:e8:ed:b1:f3:f1:d3
Signer

Actual PE Digest

09:fd:d6:94:f9:39:f2:68:75:30:18:20:0a:bb:2b:db:c7:93:e7:ed:45:40:6c:a4:83:49:e8:ed:b1:f3:f1:d3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sppobjs.pdb

Imports

msvcrt

_purecall
memcpy
_vsnwprintf
_wcsicmp
__CxxFrameHandler4
log10
memmove
_wtoi
memcmp
swscanf_s
_wcsnicmp
memset
_onexit
__dllonexit
memcpy_s
_unlock
wcsncmp
wcschr
memchr
_wtol
wcsstr
_itow_s
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
wcscmp

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameW
GetProcAddress
FreeLibrary
GetModuleHandleW
DisableThreadLibraryCalls
FreeLibraryAndExitThread

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-synch-l1-1-0

CreateEventW
AcquireSRWLockExclusive
ReleaseSemaphore
SetEvent
DeleteCriticalSection
WaitForSingleObject
ResetEvent
ReleaseSRWLockExclusive

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree
VirtualQuery
UnmapViewOfFile

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentProcess
OpenProcessToken
GetThreadPriority
OpenThread
SetThreadPriority
SetPriorityClass
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-rtlsupport-l1-1-0

RtlDeleteFunctionTable
RtlLookupFunctionEntry
RtlAddFunctionTable
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
Sleep
SleepConditionVariableSRW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime
GetVersionExA
GetLocalTime
GetSystemDirectoryW
GetTickCount
GetVersionExW
GetComputerNameExW

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegEnumKeyW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

kernel32

RegisterWaitForSingleObject
ChangeTimerQueueTimer
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteTimerQueueTimer
FileTimeToSystemTime
CreateTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueue
OpenProcess
AssignProcessToJobObject
CreateJobObjectW
SetInformationJobObject
GetProcessAffinityMask
InitializeCriticalSection
CreateThread
UnregisterWaitEx

ntdll

RtlIpv6StringToAddressExW
RtlIpv4StringToAddressExW
NtQueryInformationThread
NtSetInformationThread
NtSetInformationProcess
NtQuerySystemInformation

oleaut32

BSTR_UserUnmarshal64
BSTR_UserUnmarshal
LPSAFEARRAY_UserMarshal64
LPSAFEARRAY_UserMarshal
SysAllocString
SysFreeString
LPSAFEARRAY_UserUnmarshal64
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserFree64
LPSAFEARRAY_UserUnmarshal
SysStringByteLen
LPSAFEARRAY_UserFree
BSTR_UserMarshal
SysStringLen
VariantCopy
SafeArrayDestroy
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
GetErrorInfo
BSTR_UserFree64
VariantClear
BSTR_UserSize64
LPSAFEARRAY_UserSize64
BSTR_UserMarshal64
BSTR_UserFree
VariantInit
BSTR_UserSize

clipc

ClipQueryAssociateId
ClipOpen
ClipClose

api-ms-win-core-com-l1-1-0

CoRevokeClassObject
CoFreeUnusedLibraries
CoSetProxyBlanket
CoDisconnectContext
CoRegisterClassObject
CoRegisterPSClsid
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoCreateInstance

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegSetKeySecurity
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
GetTimeZoneInformation

api-ms-win-core-file-l1-1-0

WriteFile
ReadFile
CompareFileTime

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-localization-l1-2-0

GetSystemDefaultLangID
GetUserGeoID
LCMapStringW

api-ms-win-core-io-l1-1-0

GetOverlappedResult

api-ms-win-core-io-l1-1-1

CancelIo

rpcrt4

NdrOleAllocate
NdrDllGetClassObject
UuidCreate
NdrOleFree
RpcImpersonateClient
I_RpcMapWin32Status
UuidFromStringW
RpcRevertToSelfEx
RpcStringFreeW
UuidToStringW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW

api-ms-win-security-base-l1-1-0

EqualSid
GetTokenInformation
AllocateAndInitializeSid
FreeSid
CheckTokenMembership

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

netapi32

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

cryptbase

SystemFunction036

Exports

Exports

SppPluginCanUnloadNow
SppPluginCreateInstance
SppPluginInitialize
SppPluginShutdown
SppPluginVersion

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sppsvc.exe
.exe windows:10 windows x64 arch:x64

148ab879c4e83a056858a141d9ad436b

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:38:fe:6b:30:80:a4:38:2f:f7:fa:48:d7:fd:d2:bd:e8:de:78:42:a1:62:a1:cf:84:49:0d:87:a9:22:dc:b9
Signer

Actual PE Digest

57:38:fe:6b:30:80:a4:38:2f:f7:fa:48:d7:fd:d2:bd:e8:de:78:42:a1:62:a1:cf:84:49:0d:87:a9:22:dc:b9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

sppsvc.pdb

Imports

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
RegCloseKey
RegDeleteValueW
FreeSid
ConvertStringSidToSidW
CheckTokenMembership
AllocateAndInitializeSid
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
SetServiceStatus
EventWriteTransfer
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
RegisterEventSourceW
ReportEventW
CryptGenRandom
DeregisterEventSource
CryptReleaseContext
CryptAcquireContextW
RegFlushKey
RegOpenKeyW
OpenServiceW
OpenSCManagerW
LsaFreeMemory
StartServiceW
CloseServiceHandle
QueryServiceStatusEx
LsaQueryInformationPolicy
LsaOpenPolicy
LsaClose
ConvertSidToStringSidW
LookupAccountNameW
NotifyServiceStatusChangeW
GetTokenInformation
EqualSid
OpenProcessToken
RegEnumKeyExW
EventSetInformation
EventRegister
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptGenKey
CryptEncrypt
CryptDecrypt
CryptSignHashA
CryptVerifySignatureA
CryptExportKey
CryptGetHashParam
EventUnregister

kernel32

UnmapViewOfFile
DeleteTimerQueueEx
CreateTimerQueue
GetEnvironmentVariableW
SetEnvironmentVariableW
TerminateProcess
HeapSetInformation
RegisterWaitForSingleObject
DeleteTimerQueue
UnregisterWaitEx
FreeLibrary
LoadLibraryExW
MultiByteToWideChar
ReadFile
SystemTimeToFileTime
CompareFileTime
DeleteFileW
QueueUserWorkItem
GetFileAttributesW
GetCurrentProcessId
OpenProcess
SetFileAttributesW
WriteFile
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
GetFileSizeEx
ChangeTimerQueueTimer
GetSystemDirectoryW
GetVersionExA
CreateDirectoryW
GetSystemTimeAsFileTime
WideCharToMultiByte
K32GetProcessImageFileNameW
SetLastError
VirtualFree
VirtualAlloc
RtlAddFunctionTable
InitializeCriticalSection
RaiseFailFastException
GetModuleHandleW
RtlDeleteFunctionTable
CreateFileW
EncodePointer
InitializeCriticalSectionAndSpinCount
CreateSemaphoreW
CreateEventW
DeleteCriticalSection
DecodePointer
DeleteTimerQueueTimer
GetSystemInfo
GetVersionExW
LCMapStringW
QueryPerformanceFrequency
QueryPerformanceCounter
GetLocalTime
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
TryAcquireSRWLockExclusive
InitializeSRWLock
SetFilePointer
FlushFileBuffers
GetModuleHandleA
CopyFileW
MoveFileExW
HeapFree
GetModuleHandleExW
HeapAlloc
GetProcAddress
GetProcessHeap
FileTimeToSystemTime
LocalAlloc
LocalFree
CloseHandle
GetLastError
CreateMutexW
OpenMutexW
WaitForSingleObject
ReleaseMutex
OpenThread
GetCurrentThread
DuplicateHandle
GetCurrentProcess
GetThreadPriority
SetThreadPriority
DeviceIoControl
SleepEx
FormatMessageW
VirtualQuery
SetEvent
ReleaseSemaphore
GetModuleFileNameA
DebugBreak
IsDebuggerPresent
OutputDebugStringW
GetLocaleInfoW
GetSystemFirmwareTable
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetNativeSystemInfo
GetFileSize
RaiseException
GetModuleFileNameW
ExpandEnvironmentStringsW
Sleep
LeaveCriticalSection
GetComputerNameW
EnterCriticalSection
GetSystemTime
CreateTimerQueueTimer
GetCurrentThreadId

msvcrt

_ui64tow_s
_itow
_wtoi
malloc
free
__C_specific_handler
swscanf
memchr
memcmp
memcpy
_vsnwprintf
?terminate@@YAXXZ
_onexit
__dllonexit
memmove
_lock
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
wcscmp
swscanf_s
wcstoul
_errno
_wtof
wcsstr
memset
_unlock
_XcptFilter
memcpy_s
_wcsnicmp
_purecall
towlower
wcschr
sscanf_s
wcsncmp
_wcsicmp

rpcrt4

RpcServerInterfaceGroupClose
RpcServerInqCallAttributesW
RpcServerInterfaceGroupActivate
RpcServerInterfaceGroupCreateW
UuidToStringW
I_RpcMapWin32Status
UuidFromStringW
RpcRaiseException
RpcStringFreeW
I_RpcBindingInqLocalClientPID
UuidCreate
RpcRevertToSelfEx
RpcImpersonateClient
NdrServerCall2
NdrServerCallAll
RpcNetworkIsProtseqValidW

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoInitializeSecurity
CreateStreamOnHGlobal

bcrypt

BCryptDestroyKey
BCryptGenRandom

crypt32

CryptQueryObject
CryptImportPublicKeyInfoEx2
CertFreeCertificateContext

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-sysinfo-l1-1-0

GetTickCount

cryptxml

CryptXmlGetReference
CryptXmlVerifySignature
CryptXmlGetDocContext
CryptXmlOpenToDecode
CryptXmlGetStatus
CryptXmlClose
CryptXmlGetSignature

ntdll

NtQueryInformationThread
NtSetInformationThread
RtlQueryPackageClaims
NtQueryObject
RtlInitUnicodeString
RtlEqualUnicodeString
NtQuerySystemInformation
NtLockProductActivationKeys

ole32

CoCreateInstance

oleaut32

SafeArrayDestroy
VariantInit
SysStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopy
VariantClear
SysAllocString

xmllite

CreateXmlReader

pkeyhelper

IsDefaultPKey

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 620KB - Virtual size: 616KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
srvcli.dll
.dll windows:10 windows x64 arch:x64

394f449b593246cfd455ca13d43c340d

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

37:eb:b7:78:39:98:70:6c:9b:78:5d:80:f5:9c:16:4f:9a:2d:b8:07:c5:9d:f3:20:53:7c:e3:04:29:b6:da:48
Signer

Actual PE Digest

37:eb:b7:78:39:98:70:6c:9b:78:5d:80:f5:9c:16:4f:9a:2d:b8:07:c5:9d:f3:20:53:7c:e3:04:29:b6:da:48

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

srvcli.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
wcsnlen

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__itow_s
_o__seh_filter_dll
memcpy
_o__wcsicmp
_o__wcsnicmp
_o_free
_o_isdigit
_o_strcpy_s
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
strchr
_o___std_type_info_destroy_list
__C_specific_handler
__RTDynamicCast

rpcrt4

NdrClientCall3
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcStringFreeW
RpcBindingFree
I_RpcExceptionFilter

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetComputerNameExW
GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
DisableThreadLibraryCalls
FreeLibrary

api-ms-win-core-rtlsupport-l1-1-0

RtlCompareMemory
RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

ntdll

NtOpenThreadToken
RtlAcquireResourceExclusive
NtClose
RtlReleaseResource
RtlAcquireResourceShared
RtlInitAnsiString
RtlOemStringToUnicodeString
RtlUnicodeToOemN
RtlxUnicodeStringToOemSize
NtImpersonateAnonymousToken
NtCreateFile
RtlInitializeResource
NtSetInformationThread
RtlNtStatusToDosError
RtlMakeSelfRelativeSD
RtlInitUnicodeString
RtlValidSecurityDescriptor
RtlDeleteResource
RtlUpcaseUnicodeStringToOemString
RtlGetLastNtStatus
NtFsControlFile

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalAlloc
LocalFree

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation

Exports

Exports

I_NetDfsGetVersion
I_NetServerSetServiceBits
I_NetServerSetServiceBitsEx
LocalAliasGet
LocalFileClose
LocalFileEnum
LocalFileEnumEx
LocalFileGetInfo
LocalFileGetInfoEx
LocalServerCertificateMappingAceAdd
LocalServerCertificateMappingAceRemove
LocalServerCertificateMappingAdd
LocalServerCertificateMappingEnum
LocalServerCertificateMappingGet
LocalServerCertificateMappingModify
LocalServerCertificateMappingRemove
LocalSessionDel
LocalSessionEnum
LocalSessionEnumEx
LocalSessionGetInfo
LocalSessionGetInfoEx
LocalShareAdd
LocalShareDelEx
LocalShareEnum
LocalShareEnumEx
LocalShareGetInfo
LocalShareGetInfoEx
LocalShareSetInfo
NetConnectionEnum
NetFileClose
NetFileEnum
NetFileGetInfo
NetRemoteTOD
NetServerAliasAdd
NetServerAliasDel
NetServerAliasEnum
NetServerComputerNameAdd
NetServerComputerNameDel
NetServerDiskEnum
NetServerGetInfo
NetServerSetInfo
NetServerStatisticsGet
NetServerTransportAdd
NetServerTransportAddEx
NetServerTransportDel
NetServerTransportEnum
NetSessionDel
NetSessionEnum
NetSessionGetInfo
NetShareAdd
NetShareCheck
NetShareDel
NetShareDelEx
NetShareDelSticky
NetShareEnum
NetShareEnumSticky
NetShareGetInfo
NetShareSetInfo
NetpsNameCanonicalize
NetpsNameCompare
NetpsNameValidate
NetpsPathCanonicalize
NetpsPathCompare
NetpsPathType

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
srvsvc.dll
.dll windows:10 windows x64 arch:x64

c81a072e1c733f3dbf38babc076b43c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

srvsvc.pdb

Imports

api-ms-win-crt-string-l1-1-0

strnlen
wcsnlen
wcsncmp
wcscmp
memset
strcmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
_o__strnicmp
_o__wcsicmp
_o__wcslwr_s
memmove
_o__wcsnicmp
_o__wtoi
_o_free
_o_iswxdigit
_o_rand
_o_srand
_o_towupper
_o_wcscat_s
_o_wcscpy_s
_o_wcstok
_o__execute_onexit_table
_o__errno
_o__configure_narrow_argv
_o__cexit
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___std_type_info_destroy_list
__C_specific_handler
wcschr
memcmp
memcpy

api-ms-win-core-path-l1-1-0

PathCchCombineEx
PathCchCanonicalizeEx

api-ms-win-security-base-l1-1-0

SetFileSecurityW
IsValidSecurityDescriptor
GetFileSecurityW
ImpersonateSelf
RevertToSelf
CheckTokenMembership
GetTokenInformation
DuplicateTokenEx
GetLengthSid
AddAccessAllowedAceEx
CreateWellKnownSid
EqualSid
GetAce
GetAclInformation
AccessCheck
GetSecurityDescriptorDacl

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter

rpcrt4

RpcServerInqCallAttributesW
NdrAsyncServerCall
Ndr64AsyncServerCallAll
RpcImpersonateClient
RpcRevertToSelf
RpcBindingVectorFree
RpcServerUseProtseqEpW
RpcBindingToStringBindingW
RpcServerUnregisterIf
NdrServerCallAll
RpcStringBindingParseW
RpcServerRegisterIfEx
RpcBindingServerFromClient
RpcBindingFree
RpcEpUnregister
UuidCreate
RpcEpRegisterW
RpcServerInqBindings
RpcAsyncAbortCall
NdrServerCall2
RpcRevertToSelfEx
RpcStringFreeW
RpcAsyncCompleteCall
RpcServerTestCancel

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
LoadLibraryExW
GetModuleHandleExA
GetModuleHandleW
GetProcAddress
DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleExW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThread
TerminateProcess
OpenThreadToken
GetCurrentThreadId
CreateProcessW
CreateThread

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegDeleteKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegSetValueExW
RegEnumValueW
RegGetValueW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegCreateKeyExW

api-ms-win-core-synch-l1-1-0

SetEvent
CreateEventW
WaitForSingleObject
WaitForMultipleObjectsEx
DeleteCriticalSection
InitializeSRWLock
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetVersionExW
GetSystemTimeAsFileTime
GetSystemTime
GetSystemWindowsDirectoryW
GetSystemInfo
GetComputerNameExW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
Sleep

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-rtlsupport-l1-1-0

RtlCompareMemory
RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-file-l1-1-0

GetDriveTypeW
CreateFileW

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

api-ms-win-core-threadpool-l1-2-0

TrySubmitThreadpoolCallback
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal

api-ms-win-core-localization-l1-2-0

FormatMessageW

bcrypt

BCryptCreateHash
BCryptDuplicateHash
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptHashData

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

ntdll

RtlFreeUnicodeString
RtlGetPersistedStateLocation
RtlGetNtProductType
RtlVerifyVersionInfo
RtlQueryEnvironmentVariable_U
RtlValidSecurityDescriptor
RtlSetEnvironmentVariable
RtlStringFromGUIDEx
RtlCreateEnvironment
RtlIntegerToUnicodeString
RtlDestroyEnvironment
RtlCopyUnicodeString
NtCreateEvent
NtSetEvent
RtlxUnicodeStringToOemSize
RtlUpcaseUnicodeStringToOemString
RtlUnicodeStringToOemString
NtOpenFile
RtlMakeSelfRelativeSD
RtlSetDaclSecurityDescriptor
NtOpenKey
NtQueryValueKey
NtOpenSymbolicLinkObject
RtlUpcaseUnicodeChar
NtQuerySymbolicLinkObject
RtlDosPathNameToNtPathName_U
RtlIsDosDeviceName_U
RtlGetNtSystemRoot
RtlStringFromGUID
NtQueryInformationFile
NtQueryVolumeInformationFile
RtlCheckRegistryKey
EtwGetTraceEnableLevel
RtlInitializeResource
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
RtlUpcaseUnicodeString
NtWaitForSingleObject
NtQuerySystemTime
RtlTimeToSecondsSince1970
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlFreeHeap
RtlUnicodeToUTF8N
RtlNtStatusToDosErrorNoTeb
RtlInitString
RtlFreeOemString
RtlOemStringToUnicodeString
RtlCreateRegistryKey
RtlValidRelativeSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlDeleteResource
RtlAcquireResourceShared
RtlAcquireResourceExclusive
RtlReleaseResource
NtCreateFile
NtFsControlFile
RtlUnicodeStringToInteger
RtlInitUnicodeString
NtQuerySystemInformation
EtwTraceMessage
RtlDeleteSecurityObject
RtlDeleteRegistryValue
RtlCreateSecurityDescriptor
RtlSetGroupSecurityDescriptor
NtOpenThreadToken
RtlGUIDFromString
RtlWriteRegistryValue
RtlQueryRegistryValuesEx
RtlLengthSecurityDescriptor
EtwRegisterTraceGuidsW
RtlAdjustPrivilege
NtAccessCheckAndAuditAlarm
RtlCopySid
RtlLengthSid
RtlCreateAcl
RtlAddAce
RtlSetSaclSecurityDescriptor
NtOpenProcessToken
RtlNewSecurityObject
RtlNtStatusToDosError
NtClose
RtlSetSecurityObject
EtwGetTraceLoggerHandle
RtlCopySecurityDescriptor
RtlNewSecurityObjectEx

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 260KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sscore.dll
.dll windows:10 windows x64 arch:x64

ae903a4d4fe2d4ee84289580eadc4dd4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sscore.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
memcpy
_o__wcsnicmp
_o___stdio_common_vswprintf
_o___std_type_info_destroy_list
__C_specific_handler

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

CreateEventW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForSingleObject
InitializeCriticalSection

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
CreateThread
GetCurrentThreadId

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

ntdll

RtlStringFromGUID
RtlAppendUnicodeStringToString
NtFsControlFile
NtCreateEvent
RtlStringFromGUIDEx
NtWaitForSingleObject
NtOpenFile
RtlNtStatusToDosError
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
RtlReleaseResource
NtClose
RtlAcquireResourceExclusive
RtlDeleteResource
RtlInitializeResource
RtlInitString

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

SsCoreAliasAdd
SsCoreAliasAddEx
SsCoreAliasDel
SsCoreAliasDelEx
SsCoreCertificatesUpdate
SsCoreCloseInstance
SsCoreCompleteCsvVolumeDrain
SsCoreDeregisterNetnameForMultichannel
SsCoreFileDel
SsCoreFileDelForInstance
SsCoreFileEnum
SsCoreFileEnumForInstance
SsCoreFileNotifyClose
SsCoreFileNotifyCloseForInstance
SsCoreFreeBuffer
SsCoreInitialize
SsCoreInitializeEx
SsCoreInvalidationRequest
SsCoreLockVolumes
SsCoreMarkAsClusterSvc
SsCoreNodeResetInfo
SsCoreNodeSetInfo
SsCoreOpenInstance
SsCoreRefreshSrvCredentialHandle
SsCoreRegisterNetnameForMultichannel
SsCoreServerTransportSetInfo
SsCoreSessionDel
SsCoreSessionDelForInstance
SsCoreSessionEnlist
SsCoreSessionEnum
SsCoreSessionEnumForInstance
SsCoreSetInstanceProperties
SsCoreSetMaxClusterDialect
SsCoreSetRdmaState
SsCoreShareAdd
SsCoreShareAddEx
SsCoreShareAddForInstance
SsCoreShareCleanup
SsCoreShareDel
SsCoreShareDelForInstance
SsCoreShareGetInfo
SsCoreShareGetInfoForInstance
SsCoreShareSetInfo
SsCoreShareSetInfoForInstance
SsCoreShareShutdownForScope
SsCoreStartCsvVolumeDrain
SsCoreStartInstance
SsCoreStopInstance
SsCoreUninitialize
SsCoreUnlockVolumes

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
systemreset.exe
.exe windows:10 windows x64 arch:x64

94fa4d853c97ac221db5f1040ddd3965

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8e:c3:29:e6:0e:94:11:ad:a9:d9:52:f7:e8:10:f2:53:8a:7f:1a:92:df:75:35:29:df:03:51:57:1a:59:5f:ed
Signer

Actual PE Digest

8e:c3:29:e6:0e:94:11:ad:a9:d9:52:f7:e8:10:f2:53:8a:7f:1a:92:df:75:35:29:df:03:51:57:1a:59:5f:ed

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

systemreset.pdb

Imports

advapi32

EventRegister
EventWriteTransfer
EventSetInformation
EventUnregister
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
InitiateSystemShutdownExW
RegDeleteKeyExW
RegLoadKeyW
RegUnLoadKeyW
RegEnumValueW
RegDeleteValueW
RegSetValueExW
RegGetValueW
RegEnumKeyExW
RegDeleteTreeW
RegDeleteKeyW
RegCreateKeyExW
RegSetKeySecurity
RegGetKeySecurity
IsWellKnownSid
ConvertStringSidToSidW

kernel32

CreateSemaphoreExW
InitOnceComplete
InitOnceBeginInitialize
GetVolumeInformationW
GetWindowsDirectoryW
GetFinalPathNameByHandleW
GetLongPathNameW
GetFullPathNameW
CopyFileExW
SetFileInformationByHandle
GetFileInformationByHandleEx
MoveFileW
DeleteFileW
QueryDosDeviceW
MoveFileExW
CreateDirectoryW
FindNextFileW
GetCurrentDirectoryW
GetVolumePathNamesForVolumeNameW
SetFileAttributesW
GetFileInformationByHandle
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetFileAttributesW
DeviceIoControl
CreateFileW
GetModuleFileNameA
GetModuleFileNameW
LocalAlloc
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
CreateEventW
SetEvent
GetCommandLineW
CreateMutexW
DecodePointer
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitOnceExecuteOnce
GetSystemWindowsDirectoryW
SizeofResource
LockResource
LoadResource
FindResourceExW
LoadLibraryW
FreeLibrary
CreateThread
GetDiskFreeSpaceExW
GetSystemPowerStatus
CreateWaitableTimerW
SetWaitableTimer
WaitForMultipleObjects
Sleep
LoadLibraryExW
CompareStringEx
GetCurrentThread
GetCurrentProcess
LocalFree
FindClose
FindFirstFileW
GetProcessMitigationPolicy

user32

DispatchMessageW
LoadCursorW
TranslateMessage
CreateWindowExW
GetWindowLongPtrW
GetMessageW
PostMessageW
UnregisterClassA
RegisterClassExW
SetWindowLongPtrW
DefWindowProcW
PostQuitMessage
LoadStringW
KillTimer
SetTimer
FindWindowExW

msvcrt

_wsetlocale
__crtLCMapStringW
_wcsdup
memset
abort
__pctype_func
_ismbblead
___lc_codepage_func
___lc_handle_func
___mb_cur_max_func
_errno
setlocale
__uncaught_exception
_unlock
_lock
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
malloc
__C_specific_handler
strcspn
localeconv
??_V@YAXPEAX@Z
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
sprintf_s
??0exception@@QEAA@AEBQEBD@Z
wcsrchr
_wcsnicmp
wcschr
wcsncmp
_XcptFilter
_amsg_exit
?what@exception@@UEBAPEBDXZ
_wgetenv
wcstok_s
wcsstr
__wgetmainargs
__set_app_type
calloc
vswprintf_s
exit
_cexit
__setusermatherr
_initterm
_wcmdln
_fmode
_commode
?terminate@@YAXXZ
__dllonexit
_vscwprintf
free
memmove_s
_wcsicmp
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
_onexit
??1type_info@@UEAA@XZ
ceil
memcpy_s
??3@YAXPEAX@Z
__CxxFrameHandler4
_vsnwprintf
_exit
wcscmp

ntdll

RtlFreeHeap
RtlAllocateHeap
RtlCaptureContext
NtSetInformationFile
RtlNtStatusToDosError
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoInitializeSecurity
CLSIDFromString
CoCreateInstance

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapSize
HeapDestroy

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InitializeCriticalSectionEx

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-string-l1-1-0

CompareStringW
GetStringTypeW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-util-l1-1-0

EncodePointer

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

shell32

ShellExecuteExW

shlwapi

StrFormatByteSizeW

dui70

?ContentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?CreateString@Value@DirectUI@@SAPEAV12@PEBGPEAUHINSTANCE__@@@Z
?GetChildren@Element@DirectUI@@QEAAPEAV?$DynamicArray@PEAVElement@DirectUI@@$0A@@2@PEAPEAVValue@2@@Z
?GetRoot@Element@DirectUI@@QEAAPEAV12@XZ
?GetContentString@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?UserTextChanged@TouchEditBase@DirectUI@@SA?AVUID@@XZ
?HasContent@Element@DirectUI@@QEAA_NXZ
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?GetCheckedState@TouchCheckBox@DirectUI@@QEAA?AW4CheckedStateFlags@2@XZ
?MultipleClick@TouchButton@DirectUI@@SA?AVUID@@XZ
?SetID@Element@DirectUI@@QEAAJPEBG@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?GetParent@Element@DirectUI@@QEAAPEAV12@XZ
?Remove@Element@DirectUI@@QEAAJPEAV12@@Z
?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z
?Release@Value@DirectUI@@QEAAXXZ
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?Click@TouchButton@DirectUI@@SA?AVUID@@XZ
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?AddListener@Element@DirectUI@@QEAAJPEAUIElementListener@2@@Z
StrToID
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z

resetengine

ResetValidateScenario
ResetNotifyCancel
ResetGetDataVolumes
ResetReleaseSession
ResetTraceClientInfo
ResetCreateSession
ResetPrepareSession
ResetWillSuspendProtection
ResetClearSession
ResetStageOfflineBoot
ResetGetDiskSpaceRequired
ResetGetTelemetrySessionID
ResetUnstageOfflineBoot
ResetGetRestoredApps
ResetNotifyConfirm
ResetDisabledByPolicy

reagent

WinReSetNarratorScheduled

wdscore

ConstructPartialMsgVW
CurrentIP
WdsSetupLogMessageW

crypt32

CertVerifyCertificateChainPolicy

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

Sections

.text
Size: 220KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tcblaunch.exe
.dll windows:0 windows x64 arch:x64

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

43:12:ce:71:49:29:51:ce:0f:0d:65:ab:05:ef:fc:b0:a8:f0:d2:c5:af:fe:62:51:d9:d1:99:80:87:a0:f6:32
Signer

Actual PE Digest

43:12:ce:71:49:29:51:ce:0f:0d:65:ab:05:ef:fc:b0:a8:f0:d2:c5:af:fe:62:51:d9:d1:99:80:87:a0:f6:32

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

tcblaunch.pdb

Exports

Exports

AhCreateLoadOptionsString
AhGetArcDevice
ArchBuildKernelGdt
ArchGetGdtRegister
BlAllocateSlabPages
BlAmdSlGetEnabledFeatures
BlAmdSlGetTaCommands
BlAmdSlGetTaParameterRegisters
BlAppCheckDependency
BlAppSetDependency
BlAppendBootOptionBoolean
BlAppendBootOptionString
BlAppendUnicodeToString
BlArchCpuId
BlArchDetectSmt
BlArchGetCpuVendor
BlArchGetPerformanceCounter
BlArchIsCpuIdFunctionSupported
BlArchIsFiveLevelPagingActive
BlArchIsShadowStackSupported
BlArchKernelSetup
BlArchQueryIoPortAccessSupported
BlArchSetSecrets
BlBdDebugTransitionsEnabled
BlBdDebuggerConnected
BlBdGetBootDebugDevice
BlBdGetExtensionName
BlBdGetHvDebugDevice
BlBdGetMacAddressFromSmBiosUuid
BlBdGetPciDevicePath
BlBdInitializeDeviceDescriptor
BlBdInitializeDeviceDescriptorEx
BlBdInitializeTransportExtension
BlBdLoadImageSymbols
BlBdPatchIdt
BlBdReleaseDebuggingDevice
BlBdSetupDebugDevice
BlBdSetupDebuggingDevice
BlBdStart
BlBdStop
BlBdUpdateSharedHypervisorDebugDevice
BlBootOptionExists
BlBsdCloseLog
BlBsdLogEntry
BlCopyBootOptions
BlCopyStringToUnicodeString
BlCopyStringToWcharString
BlCopyUnicodeStringToUnicodeString
BlCopyWcharStringToString
BlCreateTpmSealedBlob
BlDecryptSealedData
BlDeviceClose
BlDeviceCompare
BlDeviceGetInformation
BlDeviceGetIoInformation
BlDeviceOpen
BlDeviceSetInformation
BlDisplayFreeOemBitmap
BlDisplayGetOemBitmap
BlDisplayInvalidateOemBitmap
BlDrtmSetError
BlEnNotifyEvent
BlFileClose
BlFileCopyFile
BlFileExists
BlFileGetInformation
BlFileLoad
BlFileOpen
BlFileReadAtOffsetEx
BlFileReadEx
BlFileSetInformation
BlFileWrite
BlFveCheckPermission
BlFwGetAcpiMemoryMap
BlFwGetSystemTable
BlFwQueryEfiRuntimeVaRange
BlFwReboot
BlFwServicesAvailable
BlGetApplicationEntry
BlGetApplicationIdentifier
BlGetBootDevice
BlGetBootOptionBoolean
BlGetBootOptionDevice
BlGetBootOptionInteger
BlGetBootOptionString
BlGetDevice
BlGetDeviceIdentifier
BlGetExecutionEnvironment
BlGetLogicalProcessorCount
BlGetProcessorApicIds
BlImgFindSection
BlImgGetNtHeader
BlImgGetPEImageSize
BlImgGetSigningPolicy
BlImgGetWhqlEnforcementDateTime
BlImgIsBootUpgradedPlatform
BlImgIsUpgradeInProgress
BlImgIsUpgradedPlatform
BlImgIsWhqlDeveloperTestModeEnabled
BlImgIsWhqlDisabledBySetting
BlImgIsWhqlEnabledBySetting
BlImgIsWinPE
BlImgLoadImageWithProgress2
BlImgLoadPEImageEx
BlImgLoadPEImageWithPolicyValidatedHash
BlImgParseOsRevocationList
BlImgQueryCodeIntegrityBootOptions
BlImgRegisterCodeIntegrityCatalogDirectory
BlImgRegisterCodeIntegrityCatalogs
BlImgRsaKnownAnswerTest
BlImgSetRestrictedSigning
BlImgSetSigningPolicy
BlImgSetSysDevWhqlPolicy
BlImgSha1KnownAnswerTest
BlImgSha1MonteCarloTest
BlImgTrustCustomSignersForDrivers
BlImgUnLoadImage
BlImgVerifyFontIntegrity
BlIpmiDestroy
BlIpmiGetHwConfig
BlIpmiInitialize
BlIpmiLogCheckPoint
BlLdrBuildImagePath
BlLdrFreeDataTableEntry
BlLdrLoadDll
BlLdrLoadImage
BlLdrPreloadFile
BlLdrPreloadImage
BlLdrUnloadImage
BlLogDestroy
BlLogDiagWrite
BlLogEtwRegister
BlLogEtwWrite
BlLogEtwWriteTransfer
BlLogInitialize
BlLogIsVerboseSELEnabled
BlMmAddEnclavePageRange
BlMmAddPersistentPageRange
BlMmAllocateHeap
BlMmAllocatePages
BlMmAllocatePagesInRange
BlMmAllocatePartitionPhysicalPagesInRangeNuma
BlMmAllocatePhysicalPages
BlMmAllocatePhysicalPagesInRange
BlMmAllocatePhysicalPagesInRangeNuma
BlMmAllocateVirtualPages
BlMmClosePartition
BlMmDisableStaticDescriptors
BlMmDisableUpdates
BlMmEnableStaticDescriptors
BlMmEnableUpdates
BlMmEnumerateAllocations
BlMmFlushTlb
BlMmFreeHeap
BlMmFreePages
BlMmFreePartitionRangeAllocation
BlMmFreePhysicalPages
BlMmFreeVirtualPages
BlMmGetAllocationPages
BlMmGetMemoryMap
BlMmInitMemoryMapHandle
BlMmIsLargePageMapping
BlMmMapIoSpace
BlMmMapPhysicalAddress
BlMmMapPhysicalAddressEx
BlMmOpenPartition
BlMmPersistAllocation
BlMmProcessBadPageList
BlMmQueryLargePageSize
BlMmQueryTranslationType
BlMmRegisterPledgedType
BlMmReleaseMemoryMap
BlMmRemapVirtualAddress
BlMmSetPageProtection
BlMmTranslateEfiMemoryType
BlMmTranslateVirtualAddress
BlMmUnmapVirtualAddress
BlMmUnmapVirtualAddressEx
BlMmUnpersistAllocation
BlMmUnpersistAllocations
BlMmUnprotectAllocation
BlMmUnregisterPledgedType
BlMmUpdatesDisabled
BlMmWalkPageTable
BlMmWriteZeroPte
BlNumaGetNumaMemoryRanges
BlObtainUnusedSlabPages
BlPdAllocateData
BlPdDestroyData
BlPdFreeData
BlPdPersistAllocations
BlPdQueryData
BlPdQueryDataAll
BlPdSaveData
BlPltReadPciConfig
BlPltWritePciConfig
BlRdUnmap
BlRemoveBootOption
BlResourceFindDataFromImage
BlResourceFindMessage
BlResourceGetLanguageMapping
BlSIPolicyCheckPolicyOnDevice
BlSIPolicyDoesActivePolicyGrantPermission
BlSIPolicyLoadAndActivateTemporalPolicy
BlSealSecretToCurrentPcrValues
BlSecureBootGetNonVolatilePrivateVariable
BlSecureBootIgnoreSingleBootOption
BlSecureBootSetVolatilePrivateVariable
BlSetVirtualizationLaunched
BlSiAppLosingTpmAccess
BlSiCloseEnvironment
BlSiDrtmEnvironmentUnsafe
BlSiEnterInsecureStateEx
BlSiEnvironmentReady
BlSiFlushCurrentMeasurements
BlSiHandleHypervisorLaunchEvent
BlSiLeaveEnvironment
BlSiMeasureOsRevocationList
BlSiPaRecordConfigEvent
BlSiPaRecordDrtmConfigEvent
BlSiPaRecordEvent
BlSiSetDrtmEnvironmentUnsafe
BlSlGetSmmIsolationLevel
BlStatusError
BlStatusPrint
BlStatusRegisterErrorHandler
BlSvnGetApplicationSvn
BlSvnGetChainStatus
BlSymCryptGetAesBlockCipher
BlSymCryptGetHmacSha256Algorithm
BlTblSetEntry
BlTcbIsDrtmCapable
BlTcgFwSetAndLockMemoryOverwriteRequestControl
BlTimeGetRelativeTime
BlTimeQueryPerformanceCounter
BlTpmGetRandom
BlTpmShutdown
BlTpmStatus
BlTxtGetRlpParkPage
BlTxtGetTprArray
BlUpdateBootOptions
BlUtlCheckSum
BlUtlGetAcpiTable
BlUtlGetAcpiTableOverrides
BlUtlPopulateAcpiTableCache
BlUtlReleaseAcpiTable
BlUtlSetAcpiTableOverrides
BlUtlValidateMemoryRange
BlValidateAmeCertChain
BlValidateAnsiStringMemory
BlValidateListMemory
BlValidateMemoryRange
BlValidatePhysicalMemoryRange
BlValidateUnicodeStringMemory
BlValidateWideStringMemory
BlVsmCheckSystemPolicy
BlVsmGetSystemPolicy
BlVsmKeysAddNewKeyToArray
BlVsmKeysCreateKeyPkg
BlVsmKeysExplodePkg
BlVsmKeysFindKeyMapByType
BlVsmKeysGetCurrentLKeyRefFromArray
BlVsmKeysGetCurrentLKeyRefFromPkg
BlVsmKeysReadAndUnsealBackupLKeyPkg
BlVsmKeysReadAndUnsealLKeyPkg
BlVsmKeysSupportedByPlatform
BlVsmKeysValidateKeyPkgBuffer
BlpPdQueryData
BlpPdReleaseData
BlpVsmLKeyCheckBootmgrAuthorityInTcgLog
DbgLoadImageSymbols
DbgPrint
EfiGetMemoryAttributesTable
HvlQueryConnection
KdNetGetNetDataSize
KdNetGetParameters
LdrInitSecurityCookie
McGenEventWriteBoot
MinCrypL_HashMemory
MincryptSetWeakCryptoPolicy
OslGenRandomBytes
OslGetControlSubkey
OslGetDrtmSvn
OslGetExportRoutineInModule
OslGetLocalApicId
OslGetStringValueAtKey
OslGetSubkeyAtKey
OslGetValueAtKey
OslIsRunningInSecureKernel
OslLoadMicrocodeUpdate
RtlAnsiStringToUnicodeString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlApplyFunctionOverrideFixupsToImage
RtlApplyHotPatch
RtlAssert
RtlCheckCurrentPatchesApplied
RtlClearAllBits
RtlCompareMemory
RtlCompareUnicodeString
RtlCompareUnicodeStrings
RtlCountRequiredHotPatchAddressTableEntries
RtlEqualUnicodeString
RtlFindClearBits
RtlFindExportedRoutineByName
RtlFindHotPatchBase
RtlFindHotPatchInformation
RtlFindNextForwardRunClear
RtlFreeAnsiString
RtlFreeUnicodeString
RtlGUIDFromString
RtlImageDirectoryEntryToData
RtlImageNtHeaderEx
RtlInitAnsiString
RtlInitFunctionOverrideCapabilities
RtlInitUnicodeString
RtlInitUnicodeStringEx
RtlInitializeBitMap
RtlInitializeBootFeatureConfigurations
RtlInitializeDelayedFeatureUsageReportBuffer
RtlIntegerToUnicodeString
RtlIpv6StringToAddressW
RtlNotifyFeatureUsage
RtlNumberOfSetBits
RtlPrefixUnicodeString
RtlQueryFeatureConfiguration
RtlQueryFeatureConfigurationChangeStamp
RtlRbInsertNodeEx
RtlRbRemoveNode
RtlRegisterFeatureConfigurationChangeNotification
RtlSecureZeroMemory
RtlSetBit
RtlSetBits
RtlSizeOfDelayedFeatureUsageReportBuffer
RtlStringFromGUID
RtlUnicodeStringToAnsiString
RtlUnicodeStringToInteger
RtlUnregisterFeatureConfigurationChangeNotification
RtlUpcaseUnicodeChar
RtlValidateDelayedFeatureUsageReportBuffer
RtlValidateFeatureConfigurationBuffer
RtlValidateFeatureUsageSubscriptionBuffer
RtlValidateHotPatchBase
SIPolicyClearAllActivePolicy
SIPolicyDeletePersistentVariable
SIPolicyGetOptions
SIPolicyGetPolicyHandle
SIPolicyGetPolicyInfoFromType
SIPolicyGetSerializedPolicies
SIPolicyGetSerializedPoliciesSize
SIPolicyHashActiveCodeExecutionPolicies
SIPolicyInvalidateEAsOnRebootEnabled
SIPolicyIsPolicyActive
SIPolicyIsSamePolicyID
SIPolicyIsSignedPolicyRequired
SIPolicySetTrialMode
SIPolicyUmciEnabled
SbArePolicyOptionsSet
SbDoesActivePolicyGrantPermission
SbFreeFileData
SbGetKernelPolicyPackage
SbGetSizeOfKernelPolicyPackage
SbIsDebugPolicyActive
SbIsEnabled
SbIsEnabled2
SbIsPolicyActive
SbIsTestRootTrusted
SbIsTestSigningBlocked
SbLoadFile
SbValidateSkuUnlockToken
SipaGetDataPointers
SipaQueueConfigEntry
SipaQueueConfigEntryToQueue
SipaReadPcrsByMask
SipapAppendEntry
SipapCreateQueue
SymCryptGcmAuthPart
SymCryptGcmDecryptFinal
SymCryptGcmDecryptPart
SymCryptGcmEncryptFinal
SymCryptGcmEncryptPart
SymCryptGcmExpandKey
SymCryptGcmInit
SymCryptHmacSha256
SymCryptHmacSha256ExpandKey
SymCryptHmacSha512Selftest
SymCryptInit
SymCryptMarvin32
SymCryptMarvin32ExpandSeed
SymCryptRdrandGet
SymCryptRdrandStatus
SymCryptRdseedGet
SymCryptRdseedStatus
SymCryptRngAesFips140_2Generate
SymCryptRngAesFips140_2Instantiate
SymCryptRngAesFips140_2Uninstantiate
SymCryptRngAesGenerateSelftest
SymCryptRngAesInstantiateSelftest
SymCryptRngAesReseedSelftest
SymCryptSha1
SymCryptSha256
SymCryptSha256Append
SymCryptSha256Init
SymCryptSha256Result
SymCryptSha512
SymCryptSha512Append
SymCryptSha512Init
SymCryptSha512Result
SymCryptSp800_108
TpmApiCheckSecureNVIndex20
TpmApiCreateSecureNVIndex20
TpmApiCreateSrk20
TpmApiDrtmGetSigningKeys
TpmApiGetKeyPublicProperty20
TpmApiGetTpmVersion
TpmApiIsCurrentStatePolicyAuthorized20
TpmApiReadPublic20
TpmApiSeal20Ex
TpmApiSealPolicyAuthorized20
TpmApiTestAes256Capability20
TpmApiTestRsa3kCapability20
TpmApiUnsealEx
TpmApiUnsealPolicyAuthorized20
__GSHandlerCheck
__chkstk
_snwscanf_s
_stricmp
_strupr
_vsnprintf
_wcsicmp
_wcsnicmp
_wcstoui64
_wcsupr
bsearch
memcmp
memcpy
memmove
memset
qsort
rsa_construction_fips186_3
rsa_decryption
rsa_destruction
rsa_encryption
rsa_export
rsa_export_sizes
sprintf_s
strcat_s
strchr
strcmp
strcpy_s
strncmp
strnlen
strstr
swprintf_s
wcscat_s
wcscmp
wcscpy_s
wcsncmp
wcsnlen
wcsrchr
wcsstr

Sections

.text
Size: 793KB - Virtual size: 792KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRANSIT
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tcbloader.dll
.dll windows:10 windows x64 arch:x64

60399fa202e0e69223554e45a7224dd1

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fc:56:e7:28:81:cc:98:6a:71:b9:ec:31:a2:f1:5a:fa:23:95:e8:2b:eb:c3:22:af:7e:48:55:f3:57:25:31:38
Signer

Actual PE Digest

fc:56:e7:28:81:cc:98:6a:71:b9:ec:31:a2:f1:5a:fa:23:95:e8:2b:eb:c3:22:af:7e:48:55:f3:57:25:31:38

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

tcbloader.pdb

Imports

winload.sys

BlBdStop
RtlAnsiStringToUnicodeString
BlAppendUnicodeToString
BlArchCpuId
BlUtlGetAcpiTable
RtlFreeUnicodeString
RtlInitUnicodeString
BlArchIsFiveLevelPagingActive
RtlInitAnsiString
strcat_s
BlMmMapPhysicalAddress
ArchBuildKernelGdt
BlBdPatchIdt
BlMmAllocatePages
BlArchKernelSetup
BlMmAllocatePhysicalPages
BlMmFreePhysicalPages
BlMmFreePages
BlMmUnmapVirtualAddress
BlMmWriteZeroPte
RtlRbInsertNodeEx
BlMmWalkPageTable
RtlRbRemoveNode
BlBdDebugTransitionsEnabled
BlBdGetHvDebugDevice
BlArchGetPerformanceCounter
BlIpmiLogCheckPoint
wcsnlen
BlImgGetSigningPolicy
BlImgIsUpgradedPlatform
BlImgIsWinPE
BlImgGetWhqlEnforcementDateTime
SbGetSizeOfKernelPolicyPackage
SIPolicyIsSignedPolicyRequired
SbArePolicyOptionsSet
MinCrypL_HashMemory
RtlFindExportedRoutineByName
BlStatusPrint
RtlGUIDFromString
BlGetBootDevice
BlImgSetSysDevWhqlPolicy
BlImgRegisterCodeIntegrityCatalogs
BlDeviceClose
RtlEqualUnicodeString
SIPolicyInvalidateEAsOnRebootEnabled
SbIsEnabled
BlFileClose
_wcsicmp
MincryptSetWeakCryptoPolicy
BlImgRegisterCodeIntegrityCatalogDirectory
BlGetApplicationEntry
BlImgSetRestrictedSigning
BlMmAllocateHeap
SbLoadFile
BlFileReadAtOffsetEx
BlpPdReleaseData
BlFileOpen
wcscpy_s
wcscat_s
BlLdrFreeDataTableEntry
BlpPdQueryData
qsort
SIPolicyGetSerializedPoliciesSize
BlSIPolicyCheckPolicyOnDevice
BlLdrBuildImagePath
BlTpmStatus
BlImgSetSigningPolicy
SIPolicyHashActiveCodeExecutionPolicies
BlImgTrustCustomSignersForDrivers
SIPolicyClearAllActivePolicy
BlDeviceOpen
RtlInitUnicodeStringEx
BlGetBootOptionDevice
SbFreeFileData
BlLdrPreloadFile
SIPolicyIsPolicyActive
swprintf_s
SIPolicyGetOptions
SbIsTestRootTrusted
BlSIPolicyLoadAndActivateTemporalPolicy
BlImgQueryCodeIntegrityBootOptions
BlImgIsWhqlEnabledBySetting
BlMmFreeHeap
BlDeviceCompare
BlGetBootOptionBoolean
BlSecureBootGetNonVolatilePrivateVariable
BlImgIsWhqlDeveloperTestModeEnabled
BlImgUnLoadImage
SIPolicyGetPolicyHandle
BlGetBootOptionString
SbValidateSkuUnlockToken
SIPolicySetTrialMode
BlImgIsBootUpgradedPlatform
SIPolicyUmciEnabled
BlVsmGetSystemPolicy
SIPolicyGetSerializedPolicies
BlGetBootOptionInteger
BlImgIsUpgradeInProgress
BlBdDebuggerConnected
SIPolicyDeletePersistentVariable
BlImgIsWhqlDisabledBySetting
SIPolicyIsSamePolicyID
BlFileGetInformation
SbGetKernelPolicyPackage
SbIsDebugPolicyActive
SIPolicyGetPolicyInfoFromType
BlArchGetCpuVendor
BlMmAddEnclavePageRange
BlArchIsCpuIdFunctionSupported
_strupr
BlLogDestroy
BlBootOptionExists
BlDeviceGetInformation
McGenEventWriteBoot
BlMmMapPhysicalAddressEx
BlMmQueryLargePageSize
BlAppendBootOptionString
BlMmEnableUpdates
BlLogDiagWrite
BlSlGetSmmIsolationLevel
BlTpmShutdown
BlGetExecutionEnvironment
BlMmGetMemoryMap
_wcsupr
BlBsdCloseLog
BlRemoveBootOption
RtlInitFunctionOverrideCapabilities
BlLogEtwWriteTransfer
BlImgLoadImageWithProgress2
BlMmReleaseMemoryMap
BlMmDisableStaticDescriptors
BlMmUpdatesDisabled
wcsstr
BlCopyBootOptions
BlGetApplicationIdentifier
BlMmAllocateVirtualPages
BlLogInitialize
BlImgFindSection
strstr
BlGetDeviceIdentifier
BlMmInitMemoryMapHandle
BlMmAllocatePhysicalPagesInRangeNuma
BlStatusRegisterErrorHandler
SbIsPolicyActive
BlPdDestroyData
BlImgGetPEImageSize
BlImgGetNtHeader
BlSIPolicyDoesActivePolicyGrantPermission
BlMmDisableUpdates
BlNumaGetNumaMemoryRanges
BlArchQueryIoPortAccessSupported
BlUpdateBootOptions
BlFveCheckPermission
BlIpmiGetHwConfig
BlCopyWcharStringToString
BlMmEnumerateAllocations
BlMmTranslateVirtualAddress
BlUtlGetAcpiTableOverrides
BlLogIsVerboseSELEnabled
SbDoesActivePolicyGrantPermission
BlTimeQueryPerformanceCounter
AhCreateLoadOptionsString
BlSecureBootIgnoreSingleBootOption
RtlImageDirectoryEntryToData
BlCopyStringToUnicodeString
RtlApplyFunctionOverrideFixupsToImage
BlLdrPreloadImage
RtlPrefixUnicodeString
BlLdrLoadImage
BlCopyUnicodeStringToUnicodeString
LdrInitSecurityCookie
BlMmEnableStaticDescriptors
BlGetDevice
BlVsmCheckSystemPolicy
BlPdQueryDataAll
SbIsTestSigningBlocked
RtlAppendUnicodeToString
BlObtainUnusedSlabPages
BlFwGetAcpiMemoryMap
BlFileReadEx
BlAllocateSlabPages
BlBdSetupDebuggingDevice
BlValidateAmeCertChain
DbgLoadImageSymbols
BlUtlPopulateAcpiTableCache
BlMmFreeVirtualPages
BlFwGetSystemTable
SbIsEnabled2
KdNetGetNetDataSize
BlVsmKeysGetCurrentLKeyRefFromArray
_wcstoui64
BlSvnGetApplicationSvn
BlSvnGetChainStatus
BlTcgFwSetAndLockMemoryOverwriteRequestControl
SymCryptGcmEncryptPart
SipaQueueConfigEntry
rsa_encryption
SymCryptGcmEncryptFinal
SymCryptGcmDecryptFinal
rsa_construction_fips186_3
TpmApiCheckSecureNVIndex20
SymCryptSha256Append
SymCryptGcmInit
rsa_export_sizes
SymCryptGcmExpandKey
rsa_decryption
TpmApiUnsealEx
BlPdSaveData
BlSealSecretToCurrentPcrValues
SymCryptGcmAuthPart
TpmApiCreateSecureNVIndex20
BlLogEtwWrite
BlSymCryptGetAesBlockCipher
SymCryptSha256Result
SymCryptGcmDecryptPart
rsa_export
SymCryptSha256
SymCryptSha256Init
BlSiFlushCurrentMeasurements
rsa_destruction
TpmApiGetTpmVersion
BlVsmKeysAddNewKeyToArray
TpmApiSealPolicyAuthorized20
TpmApiCreateSrk20
BlSiPaRecordDrtmConfigEvent
BlSiDrtmEnvironmentUnsafe
BlFileLoad
TpmApiDrtmGetSigningKeys
BlCreateTpmSealedBlob
BlValidateMemoryRange
TpmApiIsCurrentStatePolicyAuthorized20
BlVsmKeysValidateKeyPkgBuffer
BlVsmKeysCreateKeyPkg
BlVsmKeysFindKeyMapByType
TpmApiUnsealPolicyAuthorized20
TpmApiTestRsa3kCapability20
BlDecryptSealedData
BlVsmKeysExplodePkg
OslGetDrtmSvn
TpmApiTestAes256Capability20
wcsncmp
TpmApiGetKeyPublicProperty20
TpmApiReadPublic20
BlSiSetDrtmEnvironmentUnsafe
BlLdrLoadDll
BlSiHandleHypervisorLaunchEvent
BlBdGetExtensionName
BlBdInitializeDeviceDescriptorEx
BlBdLoadImageSymbols
BlBdUpdateSharedHypervisorDebugDevice
BlBdInitializeTransportExtension
BlLdrUnloadImage
BlBdReleaseDebuggingDevice
wcsrchr
BlArchDetectSmt
BlSiEnvironmentReady
BlEnNotifyEvent
BlSiPaRecordConfigEvent
SipaGetDataPointers
SipapAppendEntry
SymCryptSha1
SipaQueueConfigEntryToQueue
SipapCreateQueue
BlSiEnterInsecureStateEx
BlSiLeaveEnvironment
BlUtlSetAcpiTableOverrides
BlUtlCheckSum
strcpy_s
_stricmp
_wcsnicmp
RtlCompareUnicodeString
BlTblSetEntry
RtlUnicodeStringToInteger
bsearch
RtlCompareMemory
RtlUnicodeStringToAnsiString
BlPdFreeData
BlFileExists
BlBsdLogEntry
BlResourceFindMessage
BlStatusError
SymCryptRngAesReseedSelftest
BlTpmGetRandom
SymCryptRdseedStatus
SymCryptRngAesInstantiateSelftest
SymCryptRdrandGet
SymCryptSha512Result
SymCryptSha512Append
SymCryptRdrandStatus
SymCryptSha512Init
SymCryptHmacSha512Selftest
SymCryptRngAesFips140_2Generate
SymCryptRngAesFips140_2Uninstantiate
SymCryptRdseedGet
SymCryptSha512
SymCryptRngAesGenerateSelftest
SymCryptRngAesFips140_2Instantiate
RtlValidateFeatureUsageSubscriptionBuffer
RtlInitializeBootFeatureConfigurations
RtlValidateDelayedFeatureUsageReportBuffer
RtlValidateFeatureConfigurationBuffer
RtlApplyHotPatch
BlMmIsLargePageMapping
RtlValidateHotPatchBase
RtlCountRequiredHotPatchAddressTableEntries
RtlFindHotPatchInformation
RtlFindHotPatchBase
RtlInitializeBitMap
RtlClearAllBits
BlPltReadPciConfig
BlFwQueryEfiRuntimeVaRange
EfiGetMemoryAttributesTable
BlLogEtwRegister
BlValidateWideStringMemory
BlMmTranslateEfiMemoryType
BlValidateListMemory
BlValidateUnicodeStringMemory
BlDrtmSetError
BlValidatePhysicalMemoryRange
BlValidateAnsiStringMemory
BlArchSetSecrets
BlImgVerifyFontIntegrity
BlResourceGetLanguageMapping
BlFileSetInformation
BlResourceFindDataFromImage
BlImgLoadPEImageWithPolicyValidatedHash
BlRdUnmap
BlImgLoadPEImageEx
BlDisplayFreeOemBitmap
BlDisplayGetOemBitmap
BlDisplayInvalidateOemBitmap
RtlAppendUnicodeStringToString
RtlStringFromGUID
sprintf_s
SymCryptInit
SymCryptMarvin32ExpandSeed
RtlSetBits
RtlUpcaseUnicodeChar
BlUtlValidateMemoryRange
BlMmUnmapVirtualAddressEx
BlMmRemapVirtualAddress
BlMmFlushTlb
ArchGetGdtRegister
BlVsmKeysGetCurrentLKeyRefFromPkg
BlVsmKeysSupportedByPlatform
SymCryptSp800_108
BlVsmKeysReadAndUnsealLKeyPkg
BlSymCryptGetHmacSha256Algorithm
RtlCompareUnicodeStrings
memset
__GSHandlerCheck
memcmp
memcpy
memmove
wcscmp

Exports

Exports

OslGenRandomBytes
OslGetControlSubkeyCell
OslGetExportRoutineInModule
OslGetStringValue
OslGetSubkey
OslGetValue
OslIsRunningInSecureKernel
TcbLoadEntry
TcbResumeEntry

Sections

.text
Size: 176KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGECMRC
Size: 4KB - Virtual size: 130B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tdhres.dll
.dll windows:10 windows x64 arch:x64

259ee5bba77e520f04127e9c7233f99b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

tdhres.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___std_type_info_destroy_list
_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
__C_specific_handler

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

Exports

Exports

GetNTStatusSymbolicName
GetNdisOidSymbolicName
GetNdisSymbolicName
GetNetEventSymbolicName
GetWinErrorSymbolicName

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 408KB - Virtual size: 406KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
termsrv.dll
.dll windows:10 windows x64 arch:x64

65ca4290bbe47ff948543c5d10a36c18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

termsrv.pdb

Imports

msvcrt

_vscwprintf
_stricmp
_vsnprintf
malloc
qsort
wcsrchr
wcsncpy_s
_wcsnicmp
_callnewh
wcstok_s
_CxxThrowException
__CxxFrameHandler3
free
memmove_s
memcpy
??0exception@@QEAA@AEBV0@@Z
memmove
wcschr
??1exception@@UEAA@XZ
iswspace
_vsnprintf_s
memcpy_s
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_errno
realloc
_vsnwprintf
_wcsicmp
_purecall
__C_specific_handler
??_V@YAXPEAX@Z
swprintf_s
memcmp
_resetstkoflw
wcscpy_s
__CxxFrameHandler4
??3@YAXPEAX@Z
??0exception@@QEAA@XZ
_lock
memset

ntdll

NtOpenProcess
NtOpenProcessToken
RtlDeleteSecurityObject
RtlCopySecurityDescriptor
RtlGetControlSecurityDescriptor
RtlCreateUserSecurityObject
NtQueryInformationProcess
RtlLengthSid
NtDuplicateToken
RtlAcquireResourceExclusive
NtQueryInformationToken
RtlAcquireResourceShared
RtlNtStatusToDosError
DbgPrint
RtlEqualSid
RtlVerifyVersionInfo
RtlCaptureStackBackTrace
NtQuerySystemInformation
NtQueryVirtualMemory
RtlFreeSid
RtlReleaseResource
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
VerSetConditionMask
RtlCompareMemory
RtlInitString
NtCreateFile
RtlInitUnicodeString
RtlAdjustPrivilege
RtlNumberGenericTableElements
RtlGetCurrentServiceSessionId
EtwEventActivityIdControl
NtQuerySystemTime
EtwEventWriteTransfer
RtlEnumerateGenericTable
RtlLookupElementGenericTable
RtlDeleteElementGenericTable
RtlInsertElementGenericTable
RtlInitializeGenericTable
RtlInitializeResource
RtlDeleteResource
EtwEventWriteFull
RtlAllocateAndInitializeSid
EtwEventRegister
EtwEventUnregister
RtlCopySid

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
GetModuleFileNameA
GetModuleFileNameW
LoadStringW
LoadResource
GetModuleHandleExA
GetModuleHandleW
FindResourceExW
DisableThreadLibraryCalls
GetProcAddress
LoadLibraryExW
GetModuleHandleExW
FreeLibrary

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
CreateSemaphoreExW
InitializeCriticalSectionEx
WaitForSingleObjectEx
SetEvent
CreateMutexExW
OpenEventW
ReleaseMutex
ReleaseSemaphore
ResetEvent
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
InitializeCriticalSection
WaitForSingleObject
WaitForMultipleObjectsEx
DeleteCriticalSection
LeaveCriticalSection
OpenSemaphoreW
CreateEventW

api-ms-win-core-processthreads-l1-1-0

ExitThread
CreateThread
OpenProcessToken
TerminateProcess
GetExitCodeThread
CreateProcessAsUserW
GetCurrentProcessId
GetCurrentThreadId
TlsFree
ProcessIdToSessionId
GetCurrentProcess
GetCurrentThread
OpenThreadToken
CreateProcessW
TlsGetValue
TlsAlloc
TlsSetValue

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCreateKeyExW
RegGetValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW
OutputDebugStringA

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolCleanupGroup
WaitForThreadpoolTimerCallbacks
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
TrySubmitThreadpoolCallback
CreateThreadpool
CloseThreadpool
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolTimer
CloseThreadpoolCleanupGroup

api-ms-win-security-base-l1-1-0

EqualSid
CreateWellKnownSid
GetFileSecurityW
GetAce
GetAclInformation
GetSecurityDescriptorDacl
GetTokenInformation
ImpersonateLoggedOnUser
RevertToSelf
InitializeAcl
InitializeSecurityDescriptor
AllocateAndInitializeSid
GetSecurityDescriptorLength
DuplicateTokenEx
AllocateLocallyUniqueId
IsValidSid
MakeSelfRelativeSD
MakeAbsoluteSD
CheckTokenMembership
GetLengthSid
CopySid
DuplicateToken
AccessCheckAndAuditAlarmW
FreeSid
IsValidSecurityDescriptor
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
AddAce

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetVersionExW
GetSystemDirectoryW
GetTickCount64
GetSystemTime

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

rpcrt4

RpcServerListen
RpcServerUnregisterIfEx
RpcBindingToStringBindingW
RpcStringFreeW
RpcServerInqCallAttributesW
RpcImpersonateClient
RpcRevertToSelf
I_RpcBindingInqLocalClientPID
RpcServerInqDefaultPrincNameW
NdrServerCallAll
RpcServerRegisterIf3
I_RpcBindingIsClientLocal
UuidFromStringW
UuidToStringW
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
NdrServerCall2
RpcServerRegisterAuthInfoW
RpcStringBindingParseW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-file-l1-1-0

CompareFileTime
CreateDirectoryW
CreateFileW
QueryDosDeviceW

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW
WaitForMultipleObjects

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
CreateTimerQueueTimer
CreateTimerQueue
DeleteTimerQueueTimer
QueueUserWorkItem
DeleteTimerQueueEx

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
RegisterWaitForSingleObject
UnregisterWait

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-kernel32-private-l1-1-0

CheckElevationEnabled

kernelbase

WTSIsServerContainer

kernel32

OOBEComplete

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventActivityIdControl
EventRegister
EventWriteTransfer

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

K32EnumProcessModules

api-ms-win-security-base-l1-2-2

DeriveCapabilitySidsFromName

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 852KB - Virtual size: 850KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 340KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
themeui.dll
.dll windows:10 windows x64 arch:x64

ae390bcaefac51ee30f7b94165175e3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ThemeUI.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset
wcscspn

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__wcstoui64
_o__wtoi
memmove
_o_abort
_o_iswspace
_o_memcpy_s
_o_sqrtf
_o_towupper
_o_wcsncpy_s
__C_specific_handler
__CxxFrameHandler3
_o__get_errno
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__configure_narrow_argv
_o__cexit
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcsstr
wcschr
__std_terminate
__CxxFrameHandler4
_CxxThrowException
memcmp
memcpy

shcore

ord292
ord142
IStream_Reset
ord109
SHCreateThreadWithHandle
SHGetValueW
ord190
SHCreateStreamOnFileEx
SHStrDupW
SHUnicodeToUnicode
IsOS
ord162
ord290
SHRegSetPathW
SHDeleteValueW
IUnknown_SetSite
SHRegGetValueW
SHSetValueW
SHRegGetPathW
ord222
SHCreateThread
ord123
SHDeleteKeyW
IUnknown_Set
IStream_Size

shell32

ord27
ord723
SHGetFolderPathEx
SHGetKnownFolderPath
SHCreateItemFromParsingName
ord25
ord846
ord152
ord24
SHCreateShellItemArrayFromShellItem
SHCreateShellItemArrayFromIDLists
ord18
SHCreateItemWithParent
SHChangeNotify
SHFileOperationW
SHCreateItemFromIDList
ord28
ord147
SHQueryRecycleBinW
SHParseDisplayName
ord100
SHGetNameFromIDList
ord155
SHGetIDListFromObject
ord92
ExtractIconW
ord102

shlwapi

ord219
ord158
ord154
StrCmpW
ord23
PathFindFileNameW
ord460
PathFileExistsW
StrChrW
StrRChrW
StrToIntExW
StrStrW
PathAppendW
StrToIntW
PathQuoteSpacesW
StrCmpIW
StrDupW
StrCmpNW
UrlCompareW
PathFindExtensionW
PathRemoveFileSpecW
StrRStrIW
PathIsPrefixW
ord487
PathIsRelativeW
StrRChrA
ord456
PathStripPathA
PathRemoveFileSpecA
PathStripToRootW
StrTrimW
StrFormatByteSizeW
PathFindNextComponentW
PathIsDirectoryW
ord448
PathCombineW
PathAddBackslashW
PathIsUNCW
ord433
PathCommonPrefixW
StrStrIW
PathUnExpandEnvStringsW
StrCmpNIW
ord464
PathIsFileSpecW
SHRegGetUSValueW
PathRemoveExtensionW
ord466

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleExW
FreeLibrary
GetModuleFileNameA
LoadLibraryExW
FreeLibraryAndExitThread
FindStringOrdinal
GetModuleHandleExA
GetProcAddress
GetModuleHandleW
LoadStringW
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

CreateMutexW
CreateSemaphoreExW
AcquireSRWLockShared
EnterCriticalSection
ReleaseSemaphore
DeleteCriticalSection
SetEvent
CreateEventW
ResetEvent
OpenEventW
CreateEventExW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
CreateMutexExW
OpenSemaphoreW
AcquireSRWLockExclusive
WaitForSingleObjectEx
InitializeCriticalSection

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
HeapReAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
CloseThreadpoolWork
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

ResumeThread
GetCurrentThreadId
GetCurrentProcessId
GetExitCodeThread
OpenThreadToken
GetCurrentProcess
CreateProcessW
OpenProcessToken
TerminateProcess
CreateThread
GetCurrentThread

api-ms-win-core-localization-l1-2-0

LCMapStringW
GetLocaleInfoW
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-com-l1-1-0

CreateStreamOnHGlobal
CoInitializeEx
CoCreateGuid
CoCreateInstance
CoTaskMemFree
CoGetMalloc
StringFromCLSID
CoTaskMemRealloc
StringFromGUID2
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CLSIDFromString
CoUninitialize
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoReleaseMarshalData
PropVariantClear

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetWindowsDirectoryW

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegGetValueW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegEnumValueW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal

api-ms-win-core-file-l1-1-0

GetTempFileNameW
WriteFile
SetFileTime
SetFileAttributesW
GetDiskFreeSpaceExW
FileTimeToLocalFileTime
CompareFileTime
FindClose
FindNextFileW
FindFirstFileW
GetLongPathNameW
GetFileAttributesExW
SetFilePointer
ReadFile
GetFileSize
FindFirstFileExW
DeleteFileW
CreateFileW
CreateDirectoryW
LocalFileTimeToFileTime

api-ms-win-core-string-l2-1-0

CharLowerW
IsCharUpperW
CharNextW
CharUpperBuffW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-wow64-l1-1-1

GetSystemWow64DirectoryW

api-ms-win-core-winrt-l1-1-0

RoActivateInstance

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchCanonicalize
PathCchAppend
PathCchAddExtension
PathCchRenameExtension

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWriteTransfer

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
DeactivateActCtx
CreateActCtxW
ReleaseActCtx

api-ms-win-core-kernel32-legacy-l1-1-0

DosDateTimeToFileTime
FileTimeToDosDateTime
MulDiv

api-ms-win-core-localization-obsolete-l1-2-0

GetNumberFormatW
GetUserDefaultUILanguage

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrcmpiW

api-ms-win-core-privateprofile-l1-1-1

WritePrivateProfileSectionW

ntdll

EtwEventWriteTransfer
EtwEventUnregister
EtwEventRegister
EtwTraceMessage
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwEventActivityIdControl
WinSqmIncrementDWORD
WinSqmSetDWORD
WinSqmIsOptedIn
WinSqmAddToStream
EtwEventSetInformation

gdi32

DeleteObject
CreateRectRgn
RestoreDC
SaveDC
SetStretchBltMode
GetPixel
ExtFloodFill
StretchBlt
CreateCompatibleBitmap
GetStockObject
SetMagicColors
GetRegionData
GdiAlphaBlend
BitBlt
SetLayout
GetObjectW
SetTextColor
SetBkMode
CreateFontIndirectW
CreateSolidBrush
GetDeviceCaps
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC

user32

EnumWindows
GetClassNameW
FindWindowExW
PostThreadMessageW
MessageBoxW
InflateRect
CopyRect
OpenIcon
FindWindowW
GetShellWindow
GetSysColorBrush
DestroyIcon
GetDlgItemInt
IsDlgButtonChecked
ReleaseDC
GetDC
GetParent
PostMessageW
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
GetSysColor
SetSysColors
SetCursor
LoadCursorW
SendNotifyMessageW
RegisterClassExW
SetWindowLongPtrW
UnregisterClassW
SystemParametersInfoW
GetSystemMetrics
CreateWindowInBand
CreateWindowExW
GetMessageW
GetWindowLongPtrW
SetTimer
DestroyWindow
KillTimer
PostQuitMessage
BeginPaint
EndPaint
DefWindowProcW
GetClientRect
FillRect
ShowWindow
SetForegroundWindow
ValidateRect
MonitorFromPoint
GetMonitorInfoW
OffsetRect
GetWindowLongW
DrawTextW
WaitForInputIdle
GetFocus
SendMessageW
EnableWindow
GetDlgItem
IsWindow
GetWindow
CallWindowProcW
RedrawWindow
GetClassInfoW
RegisterClassW
SendDlgItemMessageW
CheckDlgButton
SetDlgItemInt
SetDlgItemTextW
LoadIconW
SetWindowLongW
SendMessageTimeoutW
EndTask
EnumChildWindows
MoveWindow
DrawIconEx
GetDlgCtrlID
InvalidateRect

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall

Sections

.text
Size: 432KB - Virtual size: 430KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tier2punctuations.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
timesync.dll
.dll windows:10 windows x64 arch:x64

9e5eb1c4d0b130b43edd65f556ad7760

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

timesync.pdb

Imports

msvcp_win

??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Xbad_alloc@std@@YAXXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o___std_exception_copy
_o___std_exception_destroy
_o___std_type_info_destroy_list
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wcsnicmp
_o__wcstoui64
_o_free
_o_malloc
__C_specific_handler
_CxxThrowException
__std_terminate
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
CreateSemaphoreExW
CreateMutexExW
OpenSemaphoreW
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
StartServiceW
OpenServiceW

api-ms-win-service-management-l2-1-0

ChangeServiceConfigW
QueryServiceConfigW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegGetValueW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-service-winsvc-l1-1-0

ControlService
QueryServiceStatus

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetSystemTime

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

Exports

Exports

DisableNTPSync
FreeTimeStatusInfo
GetLastGoodSampleInfo
GetTimeStatusInfo
GetW32timeParameterSz
IsNTPSyncEnabled
ReadLastKnownGoodTimeFromRegistry
SetNTPSync
StartTimeService
SyncW32Time

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tpmvscmgrsvr.exe
.exe windows:10 windows x64 arch:x64

9d92e4aef9a5ac5b0aa7aa865b7f45ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

TpmVscMgrSvr.pdb

Imports

advapi32

EventActivityIdControl
EventUnregister
EventSetInformation
EventRegister
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW
EventWriteTransfer

kernel32

GetModuleFileNameA
HeapFree
GetModuleHandleExW
GetCurrentThreadId
FormatMessageW
HeapAlloc
GetProcAddress
GetProcessHeap
GetModuleHandleW
DebugBreak
InitializeCriticalSection
GetCommandLineW
SetEvent
DeleteCriticalSection
RaiseException
RaiseFailFastException
OutputDebugStringW
IsDebuggerPresent
Sleep
CloseHandle
WaitForSingleObject
GetLastError
GetModuleFileNameW
LoadLibraryExW
CreateEventW
CreateThread
CreateSemaphoreExW
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
ReleaseSemaphore

user32

PostThreadMessageW
CharNextW
GetMessageW
TranslateMessage
CharUpperW
DispatchMessageW
UnregisterClassA
GetSystemMetrics

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm
_initterm_e
_c_exit

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
__current_exception
__current_exception_context
_CxxThrowException
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_wide_argv
_o__callnewh
_o__configthreadlocale
_o___stdio_common_vswprintf
_o___p__commode
_o___stdio_common_vsnprintf_s
_o__cexit
__C_specific_handler
__std_terminate
__CxxFrameHandler4
__C_specific_handler_noexcept
memcpy
memmove

oleaut32

SysFreeString
SysStringLen
UnRegisterTypeLi
LoadTypeLi
SysAllocString
RegisterTypeLi

api-ms-win-core-com-l1-1-0

CoRevokeClassObject
CoInitializeEx
CoTaskMemFree
CoGetMalloc
CoRegisterClassObject
CoSuspendClassObjects
StringFromGUID2
CoTaskMemAlloc
CoCreateGuid
CoUninitialize
CoCreateInstance
CoResumeClassObjects

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetCurrentProcessId

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary

api-ms-win-core-registry-l1-1-0

RegQueryValueExW

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchRemoveFileSpec

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

api-ms-win-security-base-l1-1-0

CreateWellKnownSid

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-file-l1-1-0

CreateDirectoryW

bcrypt

BCryptGetProperty
BCryptEncrypt
BCryptDestroyKey
BCryptCloseAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptOpenAlgorithmProvider

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-heap-l1-1-0

HeapReAlloc

profapi

ord104

ntdll

RtlNtStatusToDosErrorNoTeb
RtlNtStatusToDosError

setupapi

SetupDiCreateDeviceInfoList
SetupDiSetDevicePropertyW
SetupGetInfDriverStoreLocationW
SetupDiDestroyDeviceInfoList
SetupDiGetDevicePropertyW
SetupDiOpenDeviceInfoW

winscard

SCardEndTransaction
SCardReconnect
SCardBeginTransaction
SCardGetCardTypeProviderNameW
SCardGetStatusChangeW
SCardConnectW
SCardDisconnect
SCardListReadersWithDeviceInstanceIdW
SCardAccessStartedEvent
SCardReleaseStartedEvent
SCardReleaseContext
SCardEstablishContext
SCardListCardsW
SCardFreeMemory
SCardListReadersW

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tsgqec.dll
.dll windows:10 windows x64 arch:x64

c461e6e8015f49cd10e01c306938c833

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

tsgQec.pdb

Imports

msvcrt

wcstok
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_purecall
_wcsicmp
free
malloc
??3@YAXPEAX@Z
__C_specific_handler
_initterm
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_XcptFilter
_callnewh
_amsg_exit
__CxxFrameHandler3
memset

ole32

CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree

crypt32

CertCloseStore
CertFreeCertificateContext
CertAddEncodedCertificateToStore
CryptStringToBinaryW
CertOpenStore
CertVerifyCertificateChainPolicy
CryptBinaryToStringW
CryptVerifyMessageSignature
CryptEncryptMessage
CertGetCertificateChain
CertFreeCertificateChain

advapi32

RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegEnumValueW
EventActivityIdControl
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage

rpcrt4

RpcStringBindingParseW
RpcBindingToStringBindingW
RpcBindingServerFromClient
RpcServerInqCallAttributesW
RpcRevertToSelf
RpcImpersonateClient
RpcStringFreeW
RpcServerRegisterAuthInfoW
RpcServerInqDefaultPrincNameW
RpcServerRegisterIfEx
RpcServerUseProtseqW
RpcServerUnregisterIfEx
RpcBindingVectorFree
RpcEpUnregister
RpcServerListen
RpcEpRegisterW
RpcServerInqBindings
I_RpcExceptionFilter
RpcAsyncCompleteCall
NdrServerCall2
Ndr64AsyncServerCallAll
NdrServerCallAll
RpcBindingFree
NdrAsyncServerCall

kernel32

LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetACP
CompareStringOrdinal
ExpandEnvironmentStringsW
RtlLookupFunctionEntry
InitializeCriticalSection
LocalAlloc
LocalFree
LoadLibraryW
TerminateProcess
GetCurrentProcess
FreeLibrary
GetProcAddress
GetModuleHandleExA
GetLastError
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
SetUnhandledExceptionFilter
RtlVirtualUnwind
UnhandledExceptionFilter

ntoskrnl.exe

_vsnwprintf
wcschr

normaliz

IdnToAscii

iphlpapi

ParseNetworkString

Exports

Exports

InitializeQec
UninitializeQec

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
twinapi.appcore.dll
.dll windows:10 windows x64 arch:x64

5d2ed4ef05a3981746482173e187e650

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f2:60:48:ab:f9:0d:34:7e:96:0e:fd:3f:34:a5:96:1d:87:32:34:4a:f5:ef:70:14:04:97:44:12:46:a1:a3:88
Signer

Actual PE Digest

f2:60:48:ab:f9:0d:34:7e:96:0e:fd:3f:34:a5:96:1d:87:32:34:4a:f5:ef:70:14:04:97:44:12:46:a1:a3:88

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

twinapi.appcore.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__ui64tow_s
_o__wcsicmp
memmove
_o_abort
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_strncpy_s
_o_strtol
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcstol
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
__std_type_info_compare
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
LoadStringW
FreeLibrary
GetModuleHandleExA

api-ms-win-core-synch-l1-2-0

InitializeConditionVariable
WakeConditionVariable
InitOnceBeginInitialize
InitOnceExecuteOnce
WakeAllConditionVariable
SleepConditionVariableSRW
Sleep
InitOnceInitialize
WakeByAddressAll
InitOnceComplete
WaitOnAddress
WakeByAddressSingle

api-ms-win-core-synch-l1-1-0

CreateEventExW
ReleaseSRWLockShared
WaitForSingleObjectEx
CreateSemaphoreExW
CreateMutexExW
AcquireSRWLockShared
EnterCriticalSection
DeleteCriticalSection
InitializeSRWLock
AcquireSRWLockExclusive
SetWaitableTimerEx
ReleaseSRWLockExclusive
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
TryAcquireSRWLockExclusive
SetEvent
InitializeCriticalSectionEx
WaitForMultipleObjectsEx
CreateEventW
CreateWaitableTimerExW
OpenEventW
ReleaseSemaphore
LeaveCriticalSection
ResetEvent
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
RaiseException
SetLastError
UnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolTimer
SetThreadpoolWait
CloseThreadpoolWork
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolTimerCallbacks
WaitForThreadpoolWorkCallbacks
DisassociateCurrentThreadFromCallback
CreateThreadpoolWait
TrySubmitThreadpoolCallback
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetProcessId
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
ExitProcess
GetCurrentThread
OpenThread
GetProcessTimes
OpenProcessToken
OpenThreadToken
ProcessIdToSessionId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle
GetHandleInformation

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlCaptureStackBackTrace
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount
GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedFlushSList
InterlockedPushEntrySList

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenCurrentUser
RegGetValueW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-heap-l2-1-0

LocalAlloc
GlobalAlloc
LocalReAlloc
LocalFree
GlobalFree

api-ms-win-security-base-l1-1-0

GetLengthSid
CreateWellKnownSid
GetTokenInformation
DuplicateTokenEx
FreeSid
CopySid

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime
GetProductInfo

api-ms-win-core-localization-l1-2-3

GetUserDefaultGeoName

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
OpenFileMappingW
UnmapViewOfFile
VirtualQueryEx
MapViewOfFileEx
CreateFileMappingW
FlushViewOfFile

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer
QueueUserWorkItem

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
RegisterWaitForSingleObject

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNIW

api-ms-win-core-psm-key-l1-1-0

PsmGetKeyFromToken
PsmGetKeyFromProcess
PsmGetPackageFullNameFromKey

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-apiquery-l2-1-0

IsApiSetImplemented

combase

ord122
ord90
ord157
ord69
ord95
ord168
ord120

ntdll

RtlRunOnceExecuteOnce
RtlFlushHeaps
RtlQueryPackageIdentity
TpTrimPools
RtlUpcaseUnicodeChar
NtOpenProcessTokenEx
RtlUnsubscribeWnfStateChangeNotification
NtWaitForSingleObject
NtDelayExecution
RtlAllocateWnfSerializationGroup
RtlUnsubscribeWnfNotificationWithCompletionCallback
NtIsProcessInJob
NtQueryInformationJobObject
RtlRaiseStatus
RtlInitializeConditionVariable
RtlWakeAllConditionVariable
NtResetEvent
RtlExpandEnvironmentStrings
RtlCompareUnicodeStrings
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlSleepConditionVariableSRW
RtlInitializeSRWLock
NtClose
RtlQueryUnbiasedInterruptTime
RtlFreeHeap
wcschr
NtQueryInformationToken
RtlEqualSid
RtlDeriveCapabilitySidsFromName
RtlInitUnicodeString
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlGetDeviceFamilyInfoEnum
RtlWaitOnAddress
NtQueryInformationProcess
RtlWakeAddressAll
RtlNtStatusToDosError
RtlQueryPackageClaims
RtlLoadString
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
wcsrchr
wcscspn
RtlFreeUnicodeString
RtlGetTokenNamedObjectPath
strncmp
RtlLengthSid
RtlConvertDeviceFamilyInfoToString
strchr
RtlGUIDFromString
RtlQueryWnfStateData
RtlFindLeastSignificantBit
TpSetWait
TpAllocWait
TpReleaseWait
TpWaitForWait
RtlRunOnceBeginInitialize
RtlIsMultiSessionSku

msvcp_win

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?uncaught_exception@std@@YA_NXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Thrd_yield
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

BiActivateWorkItemForUser
BiChangeApplicationStateForPackageName
BiChangeApplicationStateForPackageNameForUser
BiChangeApplicationStateForPsmKey
BiChangeApplicationStateForPsmKeyForUser
BiChangeSessionState
BiChangeUserState
BiEnumerateWorkItemsForPackageNameAndUser
BiGetActiveBackgroundTasksEvent
BiGetActiveBackgroundTasksEventForUser
BiGetCancellationTimeoutInMs
BiIsApplicationTerminateSensitive
BiIsApplicationTerminateSensitiveForUser
BiNotifyNewSession
BiNotifyNewSessionComplete
BiNotifyNewUser
BiPlmFreeMemory
BiPtActivateDeferredWorkItem
BiPtActivateInBackground
BiPtActivateInBackgroundEx
BiPtActivateWorkItem
BiPtAssociateActivationProxy
BiPtAssociateApplicationEntryPoint
BiPtAssociateApplicationExtensionClass
BiPtCancelWorkItem
BiPtCancelWorkItemEx
BiPtCreateEvent
BiPtCreateEventForApp
BiPtCreateEventForPackageName
BiPtDeleteEvent
BiPtDisableWorkItem
BiPtDisassociateWorkItem
BiPtDisassociateWorkItemEx
BiPtEnableWorkItem
BiPtEnumerateBrokeredEvents
BiPtEnumerateBrokeredEventsEx
BiPtEnumerateWorkItemsForPackageName
BiPtEnumerateWorkItemsForPackageNameEx
BiPtFreeMemory
BiPtGetStatusStateNameFromBrokerEventId
BiPtQueryBrokerEventId
BiPtQueryBrokeredEvent
BiPtQuerySystemStateBroadcastChannels
BiPtQueryWorkItem
BiPtQueryWorkItemEx
BiPtQueryWorkItemStatusStateName
BiPtSignalEvent
BiPtSignalEventEx
BiPtSignalMultipleEvents
BiPtSignalTriggerEvent
BiPtSignalTriggerEventEx
BiQueryWorkItemForUser
BiResetActiveSessionForPackage
BiResetActiveUserForPackage
BiSetActiveSessionForPackage
BiSetActiveUserForPackage
BiTerminateApplicationHost
BiTerminateApplicationHost2
BiTerminateApplicationHostForUser
BiUpdateBackgroundAccessApplicationsForUser
BiUpdateLockScreenApplications
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
PsmApplyTaskCompletion
PsmBlockAppStateChangeCompletion
PsmDisconnect
PsmGetSessionInfo
PsmInitializeExtension
PsmIsProcessInApplication
PsmIsProcessInApplication2
PsmQueryApplicationInformation
PsmQueryApplicationInformation2
PsmQueryApplicationInterferenceCount
PsmQueryApplicationInterferenceCount2
PsmQueryApplicationList
PsmQueryApplicationList2
PsmQueryApplicationProperties
PsmQueryApplicationProperties2
PsmQueryApplicationProperties3
PsmQueryApplicationPropertiesByUser
PsmQueryApplicationResourceUsage
PsmQueryApplicationResourceUsage2
PsmQueryApplicationResourceUsageForTimer
PsmQueryCurrentAppState
PsmQueryMaxMemoryUsage
PsmQueryMaxMemoryUsage2
PsmQueryMemoryUsage
PsmQueryMemoryUsage2
PsmQueryMemoryUsageByUser
PsmQueryProcessList
PsmQueryProcessList2
PsmQuerySharedCommitByUser
PsmQueryTaskCompletionInformation
PsmQueryTaskCompletionInformation2
PsmRegisterAppPriorityNotification
PsmRegisterAppStateChangeNotification
PsmRegisterApplicationNotification
PsmRegisterApplicationNotification2
PsmRegisterDynamicProcess
PsmRegisterKeyNotification
PsmRegisterManagerType
PsmResetMaxMemoryUsage
PsmResetMaxMemoryUsage2
PsmResetMaxMemoryUsageByUser
PsmSetApplicationPriority
PsmSetApplicationPriority2
PsmSetApplicationProperties
PsmSetApplicationProperties2
PsmSetApplicationProperties3
PsmSetApplicationPropertiesByUser
PsmSetApplicationState
PsmSetApplicationState2
PsmShutdownApplication
PsmTimerCleanup
PsmTimerElapsedResourceTimeGet
PsmTimerInitialize
PsmTimerRemainingResourceTimeGet
PsmTimerStart
PsmUnblockAppStateChangeCompletion
PsmUnregisterAppStateChangeNotification
PsmWaitForAppResume
RegisterAppConstrainedChangeNotification
RegisterAppStateChangeNotification
UnregisterAppConstrainedChangeNotification
UnregisterAppStateChangeNotification
ValidateSystemShutdown

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 572KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
twinapi.dll
.dll windows:10 windows x64 arch:x64

234674771ba78ab831b6b108a74f3454

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

twinapi.pdb

Imports

msvcrt

memmove
memcpy
memcmp
_CxxThrowException
_callnewh
_onexit
__dllonexit
_unlock
_lock
memset
_initterm
malloc
_amsg_exit
_XcptFilter
free
memcpy_s
??1type_info@@UEAA@XZ
__CxxFrameHandler3
?terminate@@YAXXZ
realloc
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_vsnwprintf
__C_specific_handler
__CxxFrameHandler4
_purecall
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
GetModuleHandleExW
FreeLibrary
GetModuleHandleW
LoadStringW
DisableThreadLibraryCalls
GetModuleFileNameW

api-ms-win-core-synch-l1-2-0

InitOnceInitialize
Sleep
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceExecuteOnce
InitOnceComplete
WakeByAddressAll
WaitOnAddress

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
InitializeSRWLock
ReleaseMutex
WaitForSingleObject
WaitForMultipleObjectsEx
SetEvent
CreateEventExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObjectEx
CreateEventW
OpenSemaphoreW
ReleaseSRWLockShared
DeleteCriticalSection
ResetEvent
ReleaseSemaphore
CreateSemaphoreExW
CreateMutexExW
AcquireSRWLockShared
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapReAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation
EventActivityIdControl
EventWriteTransfer

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
UnregisterTraceGuids
TraceMessage

api-ms-win-core-processthreads-l1-1-0

OpenThread
OpenThreadToken
GetCurrentProcess
TerminateProcess
GetCurrentThread
GetCurrentProcessId
OpenProcessToken
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoW
ResolveLocaleName

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-processthreads-l1-1-1

OpenProcess
GetProcessMitigationPolicy

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-debug-l1-1-1

CheckRemoteDebuggerPresent

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
CloseThreadpoolWait
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SubmitThreadpoolWork
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWork
SetThreadpoolTimer
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
CreateThreadpoolWait

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalReAlloc
LocalFree

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

ntdll

RtlWakeAllConditionVariable
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlFreeHeap
wcschr
NtQueryInformationToken
RtlInitUnicodeString
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlSleepConditionVariableSRW
wcsrchr
RtlNtStatusToDosError
iswalnum
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
memmove_s
NtQueryWnfStateData
NtQuerySystemInformation
_vsnprintf_s
RtlCompareUnicodeString

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
GetMetroMode

Sections

.text
Size: 576KB - Virtual size: 574KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
twinui.appcore.dll
.dll windows:10 windows x64 arch:x64

43621e53fc02a7d669068a6859a4620b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

twinui.appcore.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__ui64tow_s
_o__wcsicmp
memmove
_o_abort
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_strncpy_s
_o_strtol
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__cexit
_o__callnewh
_o__get_errno
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
_o__configure_narrow_argv
wcsrchr
wcschr
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscspn

windows.storage

CStorageItem_GetValidatedStorageItemObject
SHGetFileInfoW
ord942
ShellExecuteExW
SHGetKnownFolderItem
STORAGE_CreateStorageItemFromShellItem_FullTrustCaller_ForPackage
ord923

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleW
LockResource
DisableThreadLibraryCalls
LoadResource
GetProcAddress
LoadStringW
FindResourceExW
GetModuleHandleExW
FreeLibrary
GetModuleHandleExA

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-synch-l1-1-0

CreateMutexW
ReleaseSemaphore
LeaveCriticalSection
AcquireSRWLockShared
EnterCriticalSection
SetEvent
InitializeCriticalSectionEx
CreateSemaphoreExW
WaitForMultipleObjectsEx
WaitForSingleObject
ReleaseMutex
CreateEventW
ReleaseSRWLockExclusive
CreateEventExW
AcquireSRWLockExclusive
InitializeCriticalSection
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
InitializeSRWLock
CreateMutexExW
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsGetStringLen
WindowsDuplicateString
WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsCompareStringOrdinal
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsDeleteString
WindowsSubstringWithSpecifiedLength

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventActivityIdControl
EventSetInformation
EventUnregister

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolWait
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolTimer
CloseThreadpoolWait

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
LocalReAlloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenThreadToken
GetCurrentThread
GetProcessId
ProcessIdToSessionId
OpenProcessToken
TerminateProcess
GetCurrentProcessId
TlsSetValue
GetCurrentThreadId
TlsGetValue
TlsAlloc
TlsFree

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW

api-ms-win-core-localization-l1-2-0

GetSystemDefaultLCID
ResolveLocaleName
GetSystemPreferredUILanguages
LocaleNameToLCID
FindNLSString
LCMapStringW
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-security-base-l1-1-0

GetLengthSid
GetTokenInformation
RevertToSelf
ImpersonateLoggedOnUser
DuplicateTokenEx

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
RegGetValueW
RegOpenCurrentUser

api-ms-win-core-path-l1-1-0

PathCchCombine

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNICW
StrCmpLogicalW
StrTrimW
StrChrW
StrCmpCW
QISearch
StrCmpICW
StrStrIW

ntdll

EtwTraceMessage
wcsstr
RtlQueryResourcePolicy
NtQueryInformationToken
RtlNtStatusToDosError
ZwQueryWnfStateData
RtlFreeHeap
RtlInitUnicodeString
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
strchr
RtlCompareUnicodeString

combase

ord168
ord157
ord90
ord147
ord140

msvcp_win

_Query_perf_frequency
_Query_perf_counter
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-com-private-l1-1-0

CoRegisterInitializeSpy
CoRevokeInitializeSpy

api-ms-win-core-shlwapi-legacy-l1-1-0

PathMatchSpecExW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 556KB - Virtual size: 555KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
twinui.dll
.dll windows:10 windows x64 arch:x64

ea433fe346851b081edda8c2326d1ce6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

twinui.pdb

Imports

msvcrt

__ExceptionPtrCreate
clock
__ExceptionPtrCurrentException
strcspn
??0bad_cast@@QEAA@PEBD@Z
??0bad_cast@@QEAA@AEBV0@@Z
sqrtf
__ExceptionPtrDestroy
__ExceptionPtrCopy
sprintf_s
??1bad_cast@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_errno
strtol
strrchr
strchr
localeconv
??0exception@@QEAA@AEBQEBD@Z
wcstol
_wtoi
calloc
vswprintf_s
wcscspn
sinf
wcsstr
wcsrchr
wcschr
_wcsicmp
_vsnprintf
wcstok_s
qsort_s
_vsnwprintf_s
??0exception@@QEAA@AEBQEBDH@Z
_ultow_s
swprintf_s
_wcsnicmp
wcsncmp
acosf
cosf
floorf
pow
bsearch_s
wcsnlen
wcsncpy_s
_wcslwr_s
iswdigit
swscanf_s
_callnewh
_CxxThrowException
memcpy
memmove
setlocale
__pctype_func
___lc_handle_func
___lc_codepage_func
___mb_cur_max_func
_ismbblead
__uncaught_exception
_wcsdup
??8type_info@@QEBAHAEBV0@@Z
__crtLCMapStringW
_wsetlocale
abort
memset
realloc
_get_errno
__CxxFrameHandler4
_set_errno
sprintf
memcmp
strcmp
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__CxxFrameHandler3
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
strncpy_s
wcscmp

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
LoadResource
FindResourceExW
LoadLibraryExW
FindStringOrdinal
DisableThreadLibraryCalls
GetModuleHandleExW
SizeofResource
GetModuleFileNameW
LockResource
FreeLibrary
GetProcAddress
GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExA

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce
WaitOnAddress
WakeByAddressAll
SleepConditionVariableSRW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
InitializeSRWLock
CreateSemaphoreExW
TryEnterCriticalSection
ReleaseSRWLockExclusive
InitializeCriticalSection
TryAcquireSRWLockExclusive
SetEvent
OpenMutexW
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
LeaveCriticalSection
WaitForMultipleObjectsEx
ReleaseSRWLockShared
ReleaseMutex
OpenEventW
CreateEventExW
CreateEventW
InitializeCriticalSectionEx
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
WaitForSingleObject
EnterCriticalSection
ResetEvent
CreateMutexW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap
HeapReAlloc

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventWriteTransfer
EventRegister
EventActivityIdControl

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
TraceMessage

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
DisassociateCurrentThreadFromCallback
CreateThreadpoolWork
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolWait
CloseThreadpoolTimer
FreeLibraryWhenCallbackReturns
CreateThreadpoolWait
SubmitThreadpoolWork
WaitForThreadpoolTimerCallbacks
IsThreadpoolTimerSet

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetProcessId
OpenThreadToken
TlsFree
OpenThread
SetThreadPriority
GetCurrentThread
GetCurrentProcessId
GetExitCodeThread
OpenProcessToken
TlsSetValue
ProcessIdToSessionId
TlsAlloc
TlsGetValue

api-ms-win-core-localization-l1-2-0

LocaleNameToLCID
GetLocaleInfoEx
LCMapStringW
GetUserPreferredUILanguages
GetThreadPreferredUILanguages
FormatMessageW
GetLocaleInfoW
ResolveLocaleName
GetSystemDefaultLCID
GetThreadUILanguage
GetSystemPreferredUILanguages
FindNLSString

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetWindowsDirectoryW
GetTickCount
GetVersionExW
GetSystemTime
GetSystemTimeAsFileTime
GetLocalTime
GetTickCount64

ntdll

RtlRunOnceExecuteOnce
RtlGetNtProductType
NtOpenKey
WinSqmAddToStream
WinSqmAddToStreamEx
RtlCheckPortableOperatingSystem
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
NtQueryInformationToken
WinSqmSetDWORD
WinSqmIsOptedIn
WinSqmIncrementDWORD
RtlUnsubscribeWnfNotificationWithCompletionCallback
RtlAllocateWnfSerializationGroup
RtlGUIDFromString
RtlRandomEx
RtlFreeUnicodeString
RtlUpcaseUnicodeString
NtCreateFile
NtQueryValueKey
NtPowerInformation
EtwEventWriteTransfer
NtQuerySystemTime
RtlQueryPackageClaims
RtlGetDeviceFamilyInfoEnum
RtlPublishWnfStateData
RtlUnsubscribeWnfStateChangeNotification
RtlNtStatusToDosError
RtlQueryWnfStateData
NtDeviceIoControlFile
NtOpenFile
RtlInitUnicodeString
NtClose
NtQueryObject
RtlAllocateHeap
RtlFreeHeap
EtwTraceMessage
wcsspn
_wcstoui64
NtQuerySystemInformation
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlDosPathNameToNtPathName_U_WithStatus
RtlIsMultiSessionSku

api-ms-win-core-sidebyside-l1-1-0

CreateActCtxW
ReleaseActCtx
DeactivateActCtx
ActivateActCtx
FindActCtxSectionStringW
QueryActCtxW

api-ms-win-ro-typeresolution-l1-1-1

RoCreatePropertySetSerializer

user32

MapWindowPoints
ClipCursor
GetWindowPlacement
RealGetWindowClassW
GetDC
ReleaseDC
SetWindowPlacement
SendInput
EndPaint
CalculatePopupWindowPosition
BeginPaint
FillRect
LoadCursorW
SetLayeredWindowAttributes
UpdateWindow
CopyImage
SetCursor
ChangeWindowMessageFilterEx
IsIconic
GetWindowInfo
MonitorFromWindow
AdjustWindowRectEx
GetSysColor
GetKeyState
ord2514
ord2515
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
CallNextHookEx
MonitorFromPoint
InvalidateRect
GetWindowRgn
MonitorFromRect
DrawTextW
GetPhysicalCursorPos
GetAsyncKeyState
SetCapture
ord2535
WindowFromPhysicalPoint
CreateIconIndirect
SetCoalescableTimer
ReleaseCapture
UnregisterHotKey
RegisterHotKey
GetKeyboardLayout
IsWindowUnicode
DefWindowProcA
LoadAcceleratorsW
DestroyAcceleratorTable
InternalGetWindowText
RegisterRawInputDevices
GetRawInputData
MapVirtualKeyW
GetRawInputDeviceInfoW
DestroyIcon
MapVirtualKeyExW
InjectKeyboardInput
ord2542
ord2671
RegisterPointerDeviceNotifications
GetAutoRotationState
DestroyMenu
GetMenuDefaultItem
CreatePopupMenu
GetDpiForWindow
SetDisplayConfig
ord2521
GetGUIThreadInfo
SetWindowRgn
TrackMouseEvent
GetWindowRgnBox
GetCapture
FlashWindow

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringEx
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
CompareStringW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegDeleteKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegOpenKeyExW
RegGetValueW
RegCloseKey
RegSetKeySecurity
RegOpenCurrentUser
RegNotifyChangeKeyValue
RegEnumValueW
RegDeleteTreeW
RegDeleteValueW
RegEnumKeyExW
RegQueryValueExW

api-ms-win-core-heap-l2-1-0

GlobalFree
GlobalAlloc
LocalFree
LocalReAlloc
LocalAlloc

api-ms-win-security-base-l1-1-0

GetSidSubAuthority
IsValidSid
DuplicateTokenEx
FreeSid
EqualSid
AddAce
InitializeAcl
GetLengthSid
GetTokenInformation
GetSidSubAuthorityCount
CopySid
DeleteAce
GetAce
GetAclInformation

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW
QueryFullProcessImageNameW

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchAppend
PathCchCombine
PathAllocCombine
PathCchRemoveBackslash
PathCchAddBackslash
PathCchStripToRoot
PathCchAddExtension

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabledForPackage

api-ms-win-core-debug-l1-1-1

CheckRemoteDebuggerPresent

api-ms-win-core-file-l1-1-0

CreateFileW
CompareFileTime
FindFirstFileW
GetTempFileNameW
FindClose
FindNextFileW
FindFirstFileExW
CreateDirectoryW
DeleteFileW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-security-base-l1-2-0

SetCachedSigningLevel
GetCachedSigningLevel

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformationForYear
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
OpenFileMappingW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-sysinfo-l1-2-3

GetIntegratedDisplaySize

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

gdi32

StretchDIBits
GdiAlphaBlend
GetOutlineTextMetricsW
GetGlyphOutlineW
SetBkColor
SetTextColor
CreateFontIndirectW
AddFontMemResourceEx
SetBkMode
RemoveFontMemResourceEx
GetDeviceCaps
D3DKMTNetDispStartMiracastDisplayDeviceEx
D3DKMTNetDispQueryMiracastDisplayDeviceSupport
CreateCompatibleBitmap
GetDIBits
PtInRegion
CombineRgn
CreateRectRgn
GetStockObject
CreateDIBSection
DeleteDC
GetClipBox
CreateSolidBrush
CreateCompatibleDC
BitBlt
SelectObject
DeleteObject
GetObjectW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer
QueueUserWorkItem

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW

api-ms-win-core-url-l1-1-0

UrlUnescapeW
PathIsURLW
UrlGetPartW
HashData

api-ms-win-core-atoms-l1-1-0

GlobalAddAtomW
GlobalDeleteAtom
GlobalGetAtomNameW

api-ms-win-oobe-notification-l1-1-0

OOBEComplete

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrlenA
lstrcmpA
lstrcmpiW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx

api-ms-win-shell-shellcom-l1-1-0

SHCoCreateInstance

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-service-private-l1-1-0

UnsubscribeServiceChangeNotifications
SubscribeServiceChangeNotifications

api-ms-win-core-registryuserspecific-l1-1-0

SHRegGetBoolUSValueW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-psm-key-l1-1-0

PsmGetKeyFromToken

combase

ord65
ord157
ord168
ord90
ord140

shell32

ShellExecuteW
ShellExecuteExW
ord6
SHCreateItemInKnownFolder
SHGetPropertyStoreForWindow
SHAppBarMessage
ord940
SHGetItemFromDataObject
Shell_GetCachedImageIndexW
ord782
ord779
ord791
ord942
SHCreateAssociationRegistration
ord764
SHGetPropertyStoreFromIDList
ord930
ord931
SHGetItemFromObject
ord924
ord923
SHCreateItemFromRelativeName
ord68
DuplicateIcon
SHQueryUserNotificationState
ord727
ord714

windows.storage

ord916
ord942
ord915

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 232KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
twinui.pcshell.dll
.dll windows:10 windows x64 arch:x64

a0a31f5ed999e799e38e32b6923eaddc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

twinui.pcshell.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__mkgmtime64
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__towlower_l
_o__unlock_file
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
_o__wtof
_o__wtol
_o_abort
_o_ceil
_o_ceilf
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fgetwc
_o_floorf
_o_fputc
_o_fputwc
_o_fread
_o_free
_o_fsetpos
_o_fwrite
_o_isspace
_o_iswspace
_o_malloc
_o_memcpy_s
_o_pow
_o_realloc
_o_setvbuf
_o_sqrt
_o_strncpy_s
_o_strtol
_o_strtoul
_o_terminate
_o_towlower
_o_ungetc
_o_ungetwc
_o_wcscat_s
_o_wcscpy_s
_o_wcsftime
_o_wcstok_s
_o_wcstol
_o_wcstoul
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__lock_file
_o__itow_s
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__gmtime64_s
_o__get_stream_buffer_pointers
_o__get_errno
_o__fseeki64
_o__free_locale
_o__free_base
_o__execute_onexit_table
_o__errno
_o__difftime64
_o__malloc_base
_o__crt_atexit
_o__create_locale
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__beginthreadex
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___acrt_iob_func
_o____lc_codepage_func
__std_terminate
__CxxFrameHandler4
__std_type_info_compare
strchr
strrchr
wcschr
memcmp
memmove
memcpy
wcsrchr
wcsstr

api-ms-win-crt-string-l1-1-0

wcscmp
memset
wcscspn
wcslen
strncmp
wcsnlen
wcsncmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExA
GetModuleFileNameA
FindResourceExW
LoadResource
GetModuleHandleExW
FindStringOrdinal
LockResource
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
LoadStringW
DisableThreadLibraryCalls
FreeLibrary

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
WakeByAddressAll
WaitOnAddress
InitOnceExecuteOnce
InitOnceBeginInitialize
Sleep
InitOnceComplete

api-ms-win-core-synch-l1-1-0

TryEnterCriticalSection
InitializeSRWLock
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
InitializeCriticalSectionEx
WaitForMultipleObjectsEx
OpenMutexW
TryAcquireSRWLockShared
OpenEventW
CreateEventExW
ReleaseMutex
CreateSemaphoreExW
SetEvent
LeaveCriticalSection
InitializeCriticalSection
ReleaseSRWLockExclusive
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
CreateEventW
EnterCriticalSection
ResetEvent
ReleaseSRWLockShared
ReleaseSemaphore
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDuplicateString
WindowsCreateString
WindowsGetStringLen
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsTrimStringEnd
WindowsCompareStringOrdinal
WindowsConcatString
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsSubstringWithSpecifiedLength

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoWaitForMultipleObjects
CoGetApartmentType
CoGetClassObject
CLSIDFromString
CoGetCallerTID
CoGetMalloc
CoTaskMemRealloc
CoGetContextToken
CoMarshalInterface
CoEnableCallCancellation
CreateStreamOnHGlobal
CoGetStdMarshalEx
CoDisableCallCancellation
CoRevokeClassObject
CoWaitForMultipleHandles
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoReleaseMarshalData
CoTaskMemAlloc
PropVariantClear
IIDFromString
CoCancelCall
CoGetCallContext
CoTaskMemFree
CoGetObjectContext
CoInitializeEx
CoUninitialize
StringFromCLSID
CoCreateGuid
CoCreateInstance
CoIncrementMTAUsage
CoDecrementMTAUsage
CoCreateFreeThreadedMarshaler
CoRegisterClassObject

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventEnabled
EventWrite
EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
WaitForThreadpoolTimerCallbacks
CreateThreadpool
SubmitThreadpoolWork
CloseThreadpoolTimer
CloseThreadpoolWork
SetThreadpoolTimer
CloseThreadpool
CreateThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolIo
CancelThreadpoolIo
WaitForThreadpoolIoCallbacks
CreateThreadpoolIo
StartThreadpoolIo
TrySubmitThreadpoolCallback
DisassociateCurrentThreadFromCallback
FreeLibraryWhenCallbackReturns
IsThreadpoolTimerSet
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks

api-ms-win-core-processthreads-l1-1-0

TlsFree
CreateThread
GetCurrentProcess
TlsGetValue
GetProcessId
GetExitCodeProcess
ResumeThread
ProcessIdToSessionId
GetCurrentThread
OpenProcessToken
OpenThreadToken
TlsSetValue
GetThreadPriority
OpenThread
GetCurrentProcessId
GetCurrentThreadId
TlsAlloc
SetThreadPriority
TerminateProcess

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW
GetRestrictedErrorInfo
SetRestrictedErrorInfo
RoTransformError

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
GetThreadUILanguage
FormatMessageA
LCMapStringEx
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

OpenProcess
GetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount64
GetSystemTime
GetLocalTime
GetSystemTimeAsFileTime
GetWindowsDirectoryW
GetVersionExW
GetTickCount

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-sidebyside-l1-1-0

DeactivateActCtx
CreateActCtxW
ReleaseActCtx
ActivateActCtx

ntdll

RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
NtQueryInformationToken
RtlQueryPackageClaims
ZwOpenKey
RtlUnsubscribeWnfStateChangeNotification
ZwQueryValueKey
NtPowerInformation
NtQuerySystemInformation
RtlInitUnicodeString
NtQueryInformationProcess
RtlDeriveCapabilitySidsFromName
RtlInitUnicodeStringEx
RtlQueryTokenHostIdAsUlong64
NtSetInformationProcess
RtlGetDeviceFamilyInfoEnum
RtlNtStatusToDosError
RtlQueryWnfStateData
RtlGetAppContainerSidType
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlGetNativeSystemInformation
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlPublishWnfStateData
RtlUpcaseUnicodeChar
ZwQuerySystemInformation
ZwClose
RtlFreeHeap
ZwEnumerateKey
RtlReAllocateHeap
RtlAllocateHeap
RtlGetTokenNamedObjectPath
RtlFreeUnicodeString

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegDeleteTreeW
RegCreateKeyExW
RegCloseKey
RegGetValueW
RegEnumValueW
RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegOpenKeyExW
RegDeleteValueW
RegOpenCurrentUser
RegEnumKeyExW
RegQueryValueExW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids

api-ms-win-core-realtime-l1-1-0

QueryProcessCycleTime
QueryUnbiasedInterruptTime

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
LocalReAlloc

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW
GlobalAddAtomW
GlobalDeleteAtom

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory
RoUninitialize
RoInitialize

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSize
SetFilePointer
GetFileAttributesExW
GetFileInformationByHandle
FindClose
FindNextChangeNotification
GetFullPathNameW
FindCloseChangeNotification
CompareFileTime
ReadFile
FindNextFileW
FindFirstFileExW
WriteFile
DeleteFileW
FindFirstChangeNotificationW
GetLongPathNameW
GetFileAttributesW
CreateDirectoryW

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer
UnregisterWaitEx

api-ms-win-core-quirks-l1-1-1

QuirkIsEnabledForPackage4

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW
K32GetModuleFileNameExW
K32EnumProcesses
K32GetProcessImageFileNameW

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathUnquoteSpacesW
PathGetDriveNumberW
SHExpandEnvironmentStringsW
PathRemoveFileSpecW
PathFindFileNameW
PathFindExtensionW
PathIsFileSpecW
PathCommonPrefixW
PathIsRelativeW

api-ms-win-core-url-l1-1-0

HashData
UrlUnescapeW
PathIsURLW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo
VerSetConditionMask
GetSystemTimePreciseAsFileTime

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-debug-l1-1-1

CheckRemoteDebuggerPresent

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-kernel32-legacy-l1-1-0

PulseEvent
RegisterWaitForSingleObject
UnregisterWait

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerGetActiveScheme
PowerSettingRegisterNotification

api-ms-win-security-base-l1-1-0

GetTokenInformation
CreateWellKnownSid
CheckTokenMembership
CopySid
GetLengthSid
GetSecurityDescriptorDacl
DestroyPrivateObjectSecurity
DuplicateTokenEx
EqualSid

api-ms-win-core-processtopology-obsolete-l1-1-0

GetActiveProcessorCount

api-ms-win-core-memory-l1-1-0

VirtualQuery
MapViewOfFile
UnmapViewOfFile
ReadProcessMemory
OpenFileMappingW

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchAppend
PathCchCombine
PathAllocCombine
PathCchRenameExtension

api-ms-win-security-provider-l1-1-0

SetNamedSecurityInfoW
SetSecurityInfo

api-ms-win-core-file-l2-1-0

ReOpenFile
GetFileInformationByHandleEx
MoveFileExW
ReadDirectoryChangesW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-pcw-l1-1-0

PcwAddQueryItem
PcwCreateQuery
PcwCollectData

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabledForPackage

api-ms-win-oobe-notification-l1-1-0

UnregisterWaitUntilOOBECompleted
RegisterWaitUntilOOBECompleted
OOBEComplete

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-sysinfo-l1-2-3

GetIntegratedDisplaySize

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-io-l1-1-0

CancelIoEx

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

msvcp_win

?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
_Thrd_yield
?_Xbad_function_call@std@@YAXXZ
??Bid@locale@std@@QEAA_KXZ
?fail@ios_base@std@@QEBA_NXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?tellg@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?unshift@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Random_device@std@@YAIXZ
??Bios_base@std@@QEBA_NXZ
_Mtx_unlock
_Thrd_join
_Thrd_id
_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
?_Xinvalid_argument@std@@YAXPEBD@Z
?seekg@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@_JH@Z
_Query_perf_frequency
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXXZ
_Query_perf_counter
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Cnd_do_broadcast_at_thread_exit
?__ExceptionPtrRethrow@@YAXPEBX@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_J@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W0@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?tellp@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEBA?AVlocale@2@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?get@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAGXZ
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
_Thrd_detach
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAH@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?uncaught_exception@std@@YA_NXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?get@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEBA?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBG4@Z
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@2V0locale@2@A
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Xout_of_range@std@@YAXPEBD@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Xlength_error@std@@YAXPEBD@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
_Xtime_get_ticks
?_Xbad_alloc@std@@YAXXZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z

api-ms-win-crt-time-l1-1-0

_time64
clock

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-shell-associations-l1-1-2

SHCreateAssocHandler

api-ms-win-shell-changenotify-l1-1-1

SHChangeNotifyRegister

combase

ord167

uxtheme

ord126
ord138

dwmapi

ord187

wincorlib

?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
?UninitializeData@Details@Platform@@YAXH@Z
?InitializeData@Details@Platform@@YAJH@Z
?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z
?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseFailureException@@YAXXZ
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
?Free@Heap@Details@Platform@@SAXPEAX@Z
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z
?GetTypeCode@Type@Platform@@SA?AW4TypeCode@2@PE$AAV12@@Z
?__abi_make_type_id@@YAPE$AAVType@Platform@@AEBU__abi_type_descriptor@@@Z
?CreateValue@Details@Platform@@YAPE$AAVObject@2@W4TypeCode@2@PEBX@Z
??0Object@Platform@@QE$AAA@XZ
?GetIBoxVtable@Details@Platform@@YAPEAXPEAX@Z
?__abi_ObjectToString@__abi_details@@YAPE$AAVString@Platform@@PE$AAVObject@3@_N@Z
?get@Right@Rect@Foundation@Windows@@QEAAMXZ
?GetWeakReference@Details@Platform@@YAPEAU__abi_IUnknown@@QE$ADVObject@2@@Z
?ResolveWeakReference@Details@Platform@@YAPE$AAVObject@2@AEBU_GUID@@PEAPEAU__abi_IUnknown@@@Z
??0Delegate@Platform@@QE$AAA@XZ
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
??0DisconnectedException@Platform@@QE$AAA@XZ
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z
??0OutOfMemoryException@Platform@@QE$AAA@XZ
??0FailureException@Platform@@QE$AAA@XZ
??0OutOfBoundsException@Platform@@QE$AAA@XZ
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
??0ChangedStateException@Platform@@QE$AAA@XZ
?ReleaseInContextImpl@Details@Platform@@YAJPEAUIUnknown@@0@Z
?GetObjectContext@Details@Platform@@YAPEAUIUnknown@@XZ
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
?GetProxyImpl@Details@Platform@@YAJPEAUIUnknown@@AEBU_GUID@@0PEAPEAU3@@Z
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z
?get@Bottom@Rect@Foundation@Windows@@QEAAMXZ
?__abi_FailFast@@YAXXZ

iertutil

ord28
CreateUri

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-shcore-unicodeansi-l1-1-0

SHUnicodeToAnsi
SHAnsiToUnicode

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-shell-dataobject-l1-1-1

DragQueryFileW

api-ms-win-rtcore-ntuser-clipboard-l1-1-0

RegisterClipboardFormatW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 468KB - Virtual size: 467KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tzautoupdate.dll
.dll windows:10 windows x64 arch:x64

c2087a93663a4b06e280f7dee681d71e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

tzautoupdate.pdb

Imports

msvcrt

??1type_info@@UEAA@XZ
__dllonexit
?terminate@@YAXXZ
atan2
_unlock
memset
_initterm
free
__C_specific_handler
_onexit
_wtoi
_itow_s
wcschr
_wcsicmp
_amsg_exit
_XcptFilter
memcmp
_lock
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
cos
_callnewh
__CxxFrameHandler4
malloc
memmove_s
bsearch
swprintf_s
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
wcsnlen
_vsnprintf_s
pow
?name@type_info@@QEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
sin
asin
sqrt

api-ms-win-core-libraryloader-l1-2-0

LoadResource
GetProcAddress
LockResource
GetModuleHandleExW
LoadLibraryExW
GetModuleHandleW
FindResourceExW
GetModuleFileNameA
FreeLibrary
LoadStringW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
ReleaseSRWLockExclusive
DeleteCriticalSection
CreateSemaphoreExW
ReleaseSRWLockShared
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSemaphore
ReleaseMutex
CreateEventW
CreateMutexExW
WaitForSingleObjectEx
OpenSemaphoreW
LeaveCriticalSection
EnterCriticalSection
InitializeSRWLock
WaitForSingleObject
SetEvent

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter

ntdll

RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlIsMultiUsersInSessionSku

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
OpenSCManagerW
StartServiceW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfigW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoDisconnectContext
CoWaitForMultipleHandles

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsIsStringEmpty
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
OpenProcessToken

api-ms-win-service-winsvc-l1-1-0

ControlService
RegisterServiceCtrlHandlerW

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW
SetRestrictedErrorInfo

api-ms-win-service-private-l1-1-0

WaitServiceState

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTimeEx
FileTimeToSystemTime
SetDynamicTimeZoneInformation
EnumDynamicTimeZoneInformation
GetDynamicTimeZoneInformation

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
RegGetValueW
RegCreateKeyExW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-file-l1-1-0

GetFileSizeEx
CreateFileW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
SearchPathW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemTime

api-ms-win-core-localization-l1-2-3

GetUserDefaultGeoName

api-ms-win-service-core-l1-1-0

SetServiceStatus

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-security-base-l1-1-0

CheckTokenMembership
DuplicateToken
AllocateAndInitializeSid
GetTokenInformation
AdjustTokenPrivileges
FreeSid

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

combase

ord154

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AttemptToUpdateTimeZone
AttemptToUpdateTimeZoneAndEnableChangeDetection
DisableTimeZoneAutoUpdate
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
EnableTimeZoneAutoUpdate
IsTimeZoneAutoUpdateEnabled
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tzres.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uDWM.dll
.dll windows:10 windows x64 arch:x64

45fdb45c1279cabe6081cbd49fb3219a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

uDWM.pdb

Imports

msvcp_win

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_invoke_watson
_initterm

api-ms-win-crt-math-l1-1-0

_finite

api-ms-win-crt-string-l1-1-0

strncmp
memset
wcscmp

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
memmove
_o_abort
_o_ceil
_o_ceilf
_o_cosf
_o_floor
_o_floorf
_o_fmodf
_o_free
_o_iswspace
_o_modf
_o_realloc
_o_roundf
_o_sinf
_o_sqrtf
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
wcsstr
__std_terminate
__CxxFrameHandler4
_o__cexit
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
GetModuleHandleW
LoadResource
LockResource
SizeofResource
GetModuleHandleExW
GetModuleHandleExA
DisableThreadLibraryCalls
FreeLibrary
LoadStringW
LoadLibraryExW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

OpenEventW
ReleaseSemaphore
InitializeCriticalSectionAndSpinCount
AcquireSRWLockExclusive
EnterCriticalSection
CreateSemaphoreExW
ReleaseSRWLockShared
OpenSemaphoreW
CreateMutexExW
WaitForSingleObject
InitializeCriticalSectionEx
WaitForSingleObjectEx
CreateEventExW
DeleteCriticalSection
SetEvent
ReleaseMutex
SleepEx
ReleaseSRWLockExclusive
AcquireSRWLockShared
ResetEvent
CreateEventW
InitializeCriticalSection
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapReAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWait
CloseThreadpoolTimer
CreateThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolTimer
WaitForThreadpoolWaitCallbacks
IsThreadpoolTimerSet
SetThreadpoolWait
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

GetThreadId
ProcessIdToSessionId
GetCurrentThreadId
CreateThread
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
TerminateThread
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetUserDefaultLocaleName

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsDuplicateString
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-string-l2-1-0

CharLowerW

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-memory-l1-1-0

CreateFileMappingW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlCaptureStackBackTrace
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-3

TerminateProcessOnMemoryExhaustion

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv

ntdll

EtwEventSetInformation
EtwEventWriteTransfer
EtwEventUnregister
EtwEventRegister
DbgPrompt
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlNumberGenericTableElements
RtlIsGenericTableEmpty
NtQueryWnfStateData
EtwEventActivityIdControl
RtlInsertElementGenericTable
RtlLookupElementGenericTable
RtlEnumerateGenericTableWithoutSplaying
RtlInitializeGenericTable
RtlDeleteElementGenericTable
RtlInitializeBitMap
RtlSetBits
EtwEventEnabled
DbgPrintEx
RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlPublishWnfStateData
NtQuerySystemInformation

user32

ord2621
DwmValidateWindow
GetClassLongW
RegisterWindowMessageW
FindWindowW
CreateWindowExW
SendMessageW
GetWindowRect
DestroyWindow
GetWindowMinimizeRect
IsWindowArranged
FillRect
GetPropW
GetWindowLongPtrW
SetRect
InflateRect
ord2606
PtInRect
GetCursorPos
GetCursorInfo
GetLastInputInfo
EnumDisplayMonitors
UnionRect
NotifyWinEvent
AdjustWindowRectEx
GetWindowPlacement
GetDesktopWindow
DestroyIcon
GetClassNameW
GetWindowThreadProcessId
SetRectEmpty
ord2652
GetDisplayConfigBufferSizes
InternalGetWindowText
DisplayConfigGetDeviceInfo
IsRectEmpty
MonitorFromPoint
PostMessageW
IsWindow
SetCursor
GetGuiResources
SendNotifyMessageW
GetForegroundWindow
SetPropW
RemovePropW
SwitchToThisWindow
GetAncestor
GetLastActivePopup
IsWindowEnabled
DefWindowProcW
LockSetForegroundWindow
SetForegroundWindow
SetWindowPos
UnregisterClassW
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
RegisterClassW
LoadCursorW
GetKeyState
MonitorFromWindow
ReleaseDC
GetDC
PostThreadMessageW
BroadcastSystemMessageW
GetSystemMetrics
SystemParametersInfoW
CopyRect
IntersectRect
GetDesktopID
EqualRect
MonitorFromRect
GetSysColor
OffsetRect
GetMonitorInfoW
QueryDisplayConfig
ChangeWindowMessageFilterEx

gdi32

GetDeviceCaps
SelectObject
DeleteDC
DeleteObject
D3DKMTQueryAdapterInfo
CreateRoundRectRgn
CombineRgn
GetRegionData
CreateRectRgn
ExtCreateRegion
SetBkMode
CreateSolidBrush
CreateBitmap
CreateCompatibleDC

dwmcore

MilCompositionEngine_CreateChannel
MilCompositionEngine_GetComposedEventId

dwmredir

DwmRedirectionManagerInitialize
DwmRedirectionManagerShutdown

win32u

NtDCompositionDuplicateHandleToProcess
NtDCompositionSetMaterialProperty
NtDCompositionCreateSynchronizationObject
NtDCompositionCommitSynchronizationObject

dcomp

ord1040
ord2502
ord2501

dxgi

CreateDXGIFactory
CreateDXGIFactory1

d2d1

ord1

d3d11

D3D11CreateDevice

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

dwrite

DWriteCreateFactory

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

oleaut32

SysAllocString
GetErrorInfo
SysFreeString
SysStringLen
SetErrorInfo

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ucrtbase.dll
.dll windows:10 windows x64 arch:x64

1d85fb9ce80726bda08caf2946ef5f93

Code Sign

33:00:00:04:5c:3d:56:72:66:6c:b7:54:17:00:00:00:00:04:5c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 18:20

Not After

04/09/2024, 18:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f7:eb:09:2e:6d:44:a3:b4:31:12:12:c3:80:08:fd:18:a7:31:7d:4a:74:6e:93:a4:5a:27:1b:23:6e:17:00:f5
Signer

Actual PE Digest

f7:eb:09:2e:6d:44:a3:b4:31:12:12:c3:80:08:fd:18:a7:31:7d:4a:74:6e:93:a4:5a:27:1b:23:6e:17:00:f5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ucrtbase.pdb

Imports

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetErrorMode
SetLastError
RaiseException

api-ms-win-core-heap-l1-1-0

HeapCompact
HeapReAlloc
HeapSize
HeapQueryInformation
HeapAlloc
HeapWalk
HeapValidate
GetProcessHeap
HeapFree

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStartupInfoW
GetCurrentProcess
GetCurrentThread
GetExitCodeProcess
GetCurrentThreadId
CreateThread
ExitProcess
CreateProcessW
ResumeThread
ExitThread
TerminateProcess

api-ms-win-core-libraryloader-l1-1-0

FreeLibraryAndExitThread
GetProcAddress
FreeLibrary
GetModuleHandleW
GetModuleHandleExW
LoadLibraryExW
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetCurrentDirectoryW
GetEnvironmentStringsW
GetCurrentDirectoryW
SetStdHandle
GetStdHandle
GetCommandLineA

api-ms-win-core-file-l1-1-0

GetFullPathNameW
SetFilePointerEx
GetFileType
CreateFileW
FindNextFileW
FindFirstFileExW
GetFileInformationByHandle
GetFileSizeEx
GetDriveTypeW
FindClose
SetFileAttributesW
GetFileAttributesExW
CreateDirectoryW
GetDiskFreeSpaceW
GetLogicalDrives
RemoveDirectoryW
SetFileTime
DeleteFileW
WriteFile
LockFileEx
UnlockFileEx
FlushFileBuffers
SetEndOfFile
ReadFile

api-ms-win-core-string-l1-1-0

GetStringTypeW
WideCharToMultiByte
MultiByteToWideChar
CompareStringW

api-ms-win-core-fibers-l1-1-0

FlsAlloc
FlsGetValue
FlsFree
FlsSetValue

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-localization-l1-2-0

LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
GetLocaleInfoW
GetUserDefaultLCID
GetCPInfo
IsValidLocale
EnumSystemLocalesW

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-sysinfo-l1-1-0

SetLocalTime
GetSystemInfo
GetSystemTimeAsFileTime
GetLocalTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlUnwindEx
RtlUnwind
RtlPcToFileHeader
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-console-l1-1-0

ReadConsoleInputW
SetConsoleCtrlHandler
WriteConsoleW
GetConsoleCP
SetConsoleMode
PeekConsoleInputA
GetConsoleOutputCP
GetNumberOfConsoleInputEvents
ReadConsoleW
GetConsoleMode

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-namedpipe-l1-1-0

PeekNamedPipe
CreatePipe

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
GetTimeZoneInformation

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualProtect
VirtualQuery

api-ms-win-core-util-l1-1-0

Beep
EncodePointer

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedFlushSList

Exports

Exports

_Cbuild
_Cmulcc
_Cmulcr
_CreateFrameInfo
_CxxThrowException
_Exit
_FCbuild
_FCmulcc
_FCmulcr
_FindAndUnlinkFrame
_GetImageBase
_GetThrowImageBase
_Getdays
_Getmonths
_Gettnames
_IsExceptionObjectToBeDestroyed
_LCbuild
_LCmulcc
_LCmulcr
_SetImageBase
_SetThrowImageBase
_SetWinRTOutOfMemoryExceptionCallback
_Strftime
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__C_specific_handler
__C_specific_handler_noexcept
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxFrameHandler4
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__NLG_Dispatch2
__NLG_Return2
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
___lc_codepage_func
___lc_collate_cp_func
___lc_locale_name_func
___mb_cur_max_func
___mb_cur_max_l_func
__acrt_iob_func
__conio_common_vcprintf
__conio_common_vcprintf_p
__conio_common_vcprintf_s
__conio_common_vcscanf
__conio_common_vcwprintf
__conio_common_vcwprintf_p
__conio_common_vcwprintf_s
__conio_common_vcwscanf
__current_exception
__current_exception_context
__daylight
__dcrt_get_wide_environment_from_os
__dcrt_initial_narrow_environment
__doserrno
__dstbias
__fpe_flt_rounds
__fpecode
__initialize_lconv_for_unsigned_char
__intrinsic_setjmp
__intrinsic_setjmpex
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__p___argc
__p___argv
__p___wargv
__p__acmdln
__p__commode
__p__environ
__p__fmode
__p__mbcasemap
__p__mbctype
__p__pgmptr
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__processing_throw
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__setusermatherr
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__stdio_common_vfprintf
__stdio_common_vfprintf_p
__stdio_common_vfprintf_s
__stdio_common_vfscanf
__stdio_common_vfwprintf
__stdio_common_vfwprintf_p
__stdio_common_vfwprintf_s
__stdio_common_vfwscanf
__stdio_common_vsnprintf_s
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf
__stdio_common_vsprintf_p
__stdio_common_vsprintf_s
__stdio_common_vsscanf
__stdio_common_vswprintf
__stdio_common_vswprintf_p
__stdio_common_vswprintf_s
__stdio_common_vswscanf
__strncnt
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__wcserror
__wcserror_s
__wcsncnt
_abs64
_access
_access_s
_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_atoll_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_base
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chgsignf
_chmod
_chsize
_chsize_s
_clearfp
_close
_commit
_configthreadlocale
_configure_narrow_argv
_configure_wide_argv
_control87
_controlfp
_controlfp_s
_copysign
_copysignf
_cputs
_cputws
_creat
_create_locale
_crt_at_quick_exit
_crt_atexit
_ctime32
_ctime32_s
_ctime64
_ctime64_s
_cwait
_d_int
_dclass
_dexp
_difftime32
_difftime64
_dlog
_dnorm
_dpcomp
_dpoly
_dscale
_dsign
_dsin
_dtest
_dunscale
_dup
_dup2
_dupenv_s
_ecvt
_ecvt_s
_endthread
_endthreadex
_eof
_errno
_except1
_execl
_execle
_execlp
_execlpe
_execute_onexit_table
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fclose_nolock
_fcloseall
_fcvt
_fcvt_s
_fd_int
_fdclass
_fdexp
_fdlog
_fdnorm
_fdopen
_fdpcomp
_fdpoly
_fdscale
_fdsign
_fdsin
_fdtest
_fdunscale
_fflush_nolock
_fgetc_nolock
_fgetchar
_fgetwc_nolock
_fgetwchar
_filelength
_filelengthi64
_fileno
_findclose
_findfirst32
_findfirst32i64
_findfirst64
_findfirst64i32
_findnext32
_findnext32i64
_findnext64
_findnext64i32
_finite
_finitef
_flushall
_fpclass
_fpclassf
_fpieee_flt
_fpreset
_fputc_nolock
_fputchar
_fputwc_nolock
_fputwchar
_fread_nolock
_fread_nolock_s
_free_base
_free_locale
_fseek_nolock
_fseeki64
_fseeki64_nolock
_fsopen
_fstat32
_fstat32i64
_fstat64
_fstat64i32
_ftell_nolock
_ftelli64
_ftelli64_nolock
_ftime32
_ftime32_s
_ftime64
_ftime64_s
_fullpath
_futime32
_futime64
_fwrite_nolock
_gcvt
_gcvt_s
_get_FMA3_enable
_get_current_locale
_get_daylight
_get_doserrno
_get_dstbias
_get_errno
_get_fmode
_get_heap_handle
_get_initial_narrow_environment
_get_initial_wide_environment
_get_invalid_parameter_handler
_get_narrow_winmain_command_line
_get_osfhandle
_get_pgmptr
_get_printf_count_output
_get_purecall_handler
_get_stream_buffer_pointers
_get_terminate
_get_thread_local_invalid_parameter_handler
_get_timezone
_get_tzname
_get_unexpected
_get_wide_winmain_command_line
_get_wpgmptr
_getc_nolock
_getch
_getch_nolock
_getche
_getche_nolock
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getwc_nolock
_getwch
_getwch_nolock
_getwche
_getwche_nolock
_getws
_getws_s
_gmtime32
_gmtime32_s
_gmtime64
_gmtime64_s
_heapchk
_heapmin
_heapwalk
_hypot
_hypotf
_i64toa
_i64toa_s
_i64tow
_i64tow_s
_initialize_narrow_environment
_initialize_onexit_table
_initialize_wide_environment
_initterm
_initterm_e
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_invoke_watson
_is_exception_typeof
_isalnum_l
_isalpha_l
_isatty
_isblank_l
_iscntrl_l
_isctype
_isctype_l
_isdigit_l
_isgraph_l
_isleadbyte_l
_islower_l
_ismbbalnum
_ismbbalnum_l
_ismbbalpha
_ismbbalpha_l
_ismbbblank
_ismbbblank_l
_ismbbgraph
_ismbbgraph_l
_ismbbkalnum
_ismbbkalnum_l
_ismbbkana
_ismbbkana_l
_ismbbkprint
_ismbbkprint_l
_ismbbkpunct
_ismbbkpunct_l
_ismbblead
_ismbblead_l
_ismbbprint
_ismbbprint_l
_ismbbpunct
_ismbbpunct_l
_ismbbtrail
_ismbbtrail_l
_ismbcalnum
_ismbcalnum_l
_ismbcalpha
_ismbcalpha_l
_ismbcblank
_ismbcblank_l
_ismbcdigit
_ismbcdigit_l
_ismbcgraph
_ismbcgraph_l
_ismbchira
_ismbchira_l
_ismbckata
_ismbckata_l
_ismbcl0
_ismbcl0_l
_ismbcl1
_ismbcl1_l
_ismbcl2
_ismbcl2_l
_ismbclegal
_ismbclegal_l
_ismbclower
_ismbclower_l
_ismbcprint
_ismbcprint_l
_ismbcpunct
_ismbcpunct_l
_ismbcspace
_ismbcspace_l
_ismbcsymbol
_ismbcsymbol_l
_ismbcupper
_ismbcupper_l
_ismbslead
_ismbslead_l
_ismbstrail
_ismbstrail_l
_isnan
_isnanf
_isprint_l
_ispunct_l
_isspace_l
_isupper_l
_iswalnum_l
_iswalpha_l
_iswblank_l
_iswcntrl_l
_iswcsym_l
_iswcsymf_l
_iswctype_l
_iswdigit_l
_iswgraph_l
_iswlower_l
_iswprint_l
_iswpunct_l
_iswspace_l
_iswupper_l
_iswxdigit_l
_isxdigit_l
_itoa
_itoa_s
_itow
_itow_s
_j0
_j1
_jn
_kbhit
_ld_int
_ldclass
_ldexp
_ldlog
_ldpcomp
_ldpoly
_ldscale
_ldsign
_ldsin
_ldtest
_ldunscale
_lfind
_lfind_s
_loaddll
_local_unwind

Sections

.text
Size: 780KB - Virtual size: 777KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
usbmon.dll
.dll windows:10 windows x64 arch:x64

8810d98c1e4a96951abdf9f5fe818059

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

UsbMon.pdb

Imports

msvcrt

___mb_cur_max_func
___lc_codepage_func
___lc_handle_func
_ismbblead
islower
_wcsdup
??8type_info@@QEBAHAEBV0@@Z
__pctype_func
__uncaught_exception
__crtCompareStringA
setlocale
_unlock
__crtLCMapStringW
_lock
___lc_collate_cp_func
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
__crtLCMapStringA
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
calloc
_wsetlocale
strstr
_wtoi
wcstol
abort
sprintf_s
_wtol
memset
isdigit
strchr
_stricmp
strtol
_errno
swprintf_s
localeconv
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
strcspn
strtoul
tolower
memcmp
_wtof
??1type_info@@UEAA@XZ
_vsnprintf
realloc
isupper
towlower
??0bad_cast@@QEAA@AEBV0@@Z
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
wcsstr
wcstok_s
iswspace
wcsncpy_s
malloc
wcsncmp
memmove_s
_wcsnicmp
free
wcschr
_vsnprintf_s
_onexit
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
_wcsicmp
memcpy_s
toupper
wcsnlen
wcstod
_get_errno
_vsnwprintf
memchr
_XcptFilter
_amsg_exit
_set_errno
wcsrchr
??_V@YAXPEAX@Z
_initterm
?terminate@@YAXXZ
__dllonexit
__C_specific_handler
__CxxFrameHandler4
??3@YAXPEAX@Z
wcscmp

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegSetValueExW
RegGetValueW
RegDeleteKeyExW
RegEnumValueW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventWrite
EventRegister
EventUnregister
EventEnabled
EventActivityIdControl

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CLSIDFromProgID
CoGetClassObject
CoTaskMemFree
CoWaitForMultipleHandles
CoCreateInstance
IIDFromString
CreateStreamOnHGlobal
CoTaskMemRealloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
CreateThread
GetCurrentThreadId
TerminateThread
OpenProcessToken
GetCurrentProcess
ExitProcess
SetThreadToken
GetCurrentThread
OpenThreadToken
ProcessIdToSessionId
TerminateProcess

ntdll

NtOpenProcessToken
NtSetInformationThread
NtOpenThreadToken
RtlFreeHeap
NtSetInformationToken
RtlAllocateHeap
RtlNtStatusToDosError
RtlInitUnicodeString
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlTestBit
RtlSetBits
RtlInitializeBitMap
RtlClearBit
RtlSetBit
RtlFindClearBits
RtlGetDeviceFamilyInfoEnum
TpReleasePool
TpCallbackMayRunLong
TpSetWait
TpSimpleTryPost
TpAllocWork
TpPostWork
TpAllocWait
TpAllocTimer
TpSetTimer
TpAllocIoCompletion
TpStartAsyncIoOperation
TpAllocAlpcCompletion
TpWaitForWork
TpReleaseWork
TpWaitForWait
TpReleaseWait
TpWaitForTimer
TpReleaseTimer
TpWaitForIoCompletion
TpReleaseIoCompletion
TpWaitForAlpcCompletion
TpReleaseAlpcCompletion
TpSetPoolMaxThreads
TpAllocPool
NtClose

spoolss

RouterCreatePrintAsyncNotificationChannel
RouterFreeBidiResponseContainer
RouterFreeBidiMem
SetJobNamedProperty
GetPrinterW
GetPrinterDataW
SetPrinterW
RouterAllocBidiResponseContainer
SetPortW
AllocSplStr
DllFreeSplStr
FreePrintPropertyValue
GetJobNamedPropertyValue
GetPrinterDriverW
GetJobW
SetJobW
OpenPrinterW
ImpersonatePrinterClient
RouterAllocBidiMem
DllAllocSplMem
DllFreeSplMem
ClosePrinter
RevertToPrinterSelf
EnumPrintersW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadLibraryExW
GetProcAddress
FreeLibrary
GetModuleHandleW
GetModuleFileNameA
SizeofResource
GetModuleFileNameW
LockResource
DisableThreadLibraryCalls
FindResourceExW
LoadResource

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
WakeAllConditionVariable
Sleep
SleepConditionVariableSRW

api-ms-win-core-synch-l1-1-0

CreateEventExW
WaitForSingleObject
EnterCriticalSection
InitializeCriticalSectionEx
CreateEventW
CreateSemaphoreExW
AcquireSRWLockShared
InitializeCriticalSection
ReleaseMutex
CreateMutexExW
ReleaseSRWLockExclusive
TryEnterCriticalSection
SetEvent
WaitForMultipleObjectsEx
ResetEvent
LeaveCriticalSection
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
InitializeCriticalSectionAndSpinCount
ReleaseSemaphore
ReleaseSRWLockShared
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetErrorMode
SetUnhandledExceptionFilter
SetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
IsThreadpoolTimerSet

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetUserDefaultLocaleName

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetTickCount

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-io-l1-1-0

CancelIoEx
GetOverlappedResult
DeviceIoControl

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsDeleteString
WindowsCreateString

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

sspicli

GetUserNameExW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-file-l1-1-0

WriteFile
GetFileAttributesW
ReadFile
SetFilePointerEx
GetFileSizeEx
GetTempFileNameW
GetFinalPathNameByHandleW
CreateFileW
GetFileSize

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
RevertToSelf
DuplicateTokenEx
IsWellKnownSid
SetTokenInformation
EqualSid
CreateWellKnownSid
GetTokenInformation

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

api-ms-win-core-misc-l1-1-0

lstrcmpW
lstrcmpiW

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileSectionW
GetPrivateProfileStringW

kernelbase

GetIsEdpEnabled

api-ms-win-eventlog-legacy-l1-1-0

RegisterEventSourceW
DeregisterEventSource
ReportEventW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllMain
InitializePrintMonitor2

Sections

.text
Size: 764KB - Virtual size: 762KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 300KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
user32.dll
.dll windows:10 windows x64 arch:x64

f37b4cf192c000b399c20f4725c61814

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d1:ff:fd:e8:ed:c4:25:f5:b6:06:fb:41:4c:17:5a:7f:ba:13:1e:d2:c8:04:37:d7:47:47:f9:ea:0e:fb:56:7a
Signer

Actual PE Digest

d1:ff:fd:e8:ed:c4:25:f5:b6:06:fb:41:4c:17:5a:7f:ba:13:1e:d2:c8:04:37:d7:47:47:f9:ea:0e:fb:56:7a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

user32.pdb

Imports

win32u

NtUserGetWindowContextHelpId
NtUserSetSysColors
NtUserToUnicodeEx
NtUserLoadKeyboardLayoutEx
NtUserUpdatePerUserImmEnabling
NtUserSetWatermarkStrings
NtUserUpdatePerUserSystemParameters
NtUserEvent
NtUserConvertMemHandle
NtUserCreateLocalMemHandle
NtUserSetWindowsHookEx
NtUserSetWinEventHook
NtUserNotifyWinEvent
NtUserRegisterUserApiHook
NtUserDoInitMessagePumpHook
NtUserDoUninitMessagePumpHook
NtUserDrawCaption
NtUserGetAsyncKeyState
NtUserGetKeyState
NtUserOpenClipboard
NtUserPeekMessage
NtUserSetWindowLong
NtUserTranslateMessage
NtUserSetWindowRgn
NtUserSetWindowRgnEx
NtUserInternalGetWindowText
NtUserInternalGetWindowIcon
NtUserSetWindowStationUser
NtUserSetSystemCursor
NtUserFindExistingCursorIcon
NtUserSetCursorIconDataEx
NtUserDefSetText
NtUserChangeWindowMessageFilter
NtUserModifyWindowTouchCapability
NtUserPaintDesktop
NtUserSetThreadDesktop
NtUserActivateKeyboardLayout
NtUserGetOpenClipboardWindow
NtUserEnableIAMAccess
NtUserHwndQueryRedirectionInfo
NtUserHwndSetRedirectionInfo
NtMITSynthesizeTouchInput
NtMITGetCursorUpdateHandle
NtMITSetLastInputRecipient
NtUserEnableScrollBar
NtUserTestForInteractiveUser
NtUserGetClassName
NtUserSetScrollInfo
NtUserSBGetParms
NtUserUpdateLayeredWindow
NtUserUpdateWindows
NtUserEnableSessionForMMCSS
NtUserDeferredDesktopRotation
NtUserSetCancelRotationDelayHintWindow
NtUserFindWindowEx
NtUserRegisterClassExWOW
NtUserPostThreadMessage
NtUserSetClassLongPtr
NtUserGetClipboardFormatName
NtUserRegisterWindowMessage
NtUserGetKeyNameText
NtUserMapVirtualKeyEx
NtUserEnumDisplayDevices
NtUserGetClassInfoEx
NtUserChangeDisplaySettings
NtUserRemoveProp
NtUserUnregisterClass
NtUserEnumDisplaySettings
NtUserGetAltTabInfo
NtUserSetClassLong
NtUserGetMessage
NtUserGetKeyboardLayoutName
NtUserDrawCaptionTemp
NtUserSetProp
NtUserVkKeyScanEx
NtUserCallMsgFilter
NtUserBroadcastImeShowStatusChange
NtUserSetImeOwnerWindow
NtUserCheckImeShowStatusInThread
NtUserNotifyIMEStatus
NtUserUpdateInputContext
NtUserGetIMEShowStatus
NtUserCountClipboardFormats
NtUserGetPriorityClipboardFormat
NtUserGetClipboardOwner
NtUserGetClipboardSequenceNumber
NtUserGetClipboardViewer
NtUserSetClipboardViewer
NtUserChangeClipboardChain
NtUserAddClipboardFormatListener
NtUserRemoveClipboardFormatListener
NtUserGetUpdatedClipboardFormats
NtUserSetWindowCompositionAttribute
NtUserTranslateAccelerator
NtUserModifyUserStartupInfoFlags
NtUserSetClipboardData
NtUserDrawIconEx
NtUserValidateRgn
NtUserGetUpdateRgn
NtUserGetUpdateRect
NtUserSwitchToThisWindow
NtUserWaitForInputIdle
NtUserThreadMessageQueueAttached
NtUserMsgWaitForMultipleObjectsEx
NtUserSetObjectInformation
NtUserGetWinStationInfo
NtUserCreateWindowStation
NtUserOpenWindowStation
NtUserCreateDesktopEx
NtUserOpenDesktop
NtUserSwitchDesktop
NtUserCreatePopupMenu
NtUserDrawMenuBar
NtUserEnumClipboardFormats
NtUserGetInputDesktop
NtUserGetKeyboardType
NtUserGetUnpredictedMessagePos
NtUserDwmLockScreenUpdates
NtUserGetQueueStatus
NtUserLW_LoadFonts
NtUserNotifyOverlayWindow
NtUserSetShellChangeNotifyHWND
NtUserSetProgmanWindow
NtUserSetTaskmanWindow
NtUserPostQuitMessage
NtUserReplyMessage
NtUserRegisterSystemThread
NtUserSetCaretBlinkTime
NtUserSetDoubleClickTime
NtUserAllowSetForegroundWindow
NtUserLockSetForegroundWindow
NtUserShowOwnedPopups
NtUserShowStartGlass
NtUserSwapMouseButton
NtUserUnhookWindowsHook
NtUserUpdateWindow
NtUserRegisterShellHookWindow
NtUserDeregisterShellHookWindow
NtUserRealizePalette
NtUserUnloadKeyboardLayout
NtUserGetKeyboardLayout
NtUserGetProcessDefaultLayout
NtUserSetProcessDefaultLayout
NtUserCreateWindowEx
NtUserDisableProcessWindowsGhosting
NtUserRegisterGhostWindow
NtUserRegisterSiblingFrostWindow
NtUserGetDpiForMonitor
NtUserGetSendMessageReceiver
NtUserShutdownBlockReasonCreate
NtUserEnableMouseInPointerForThread
NtUserRegisterWindowArrangementCallout
NtUserEnableShellWindowManagementBehavior
NtUserGetWindowTrackInfoAsync
NtUserSetModernAppWindow
NtUserGetModernAppWindow
NtUserSetThreadQueueMergeSetting
NtUserEnableModernAppWindowKeyboardIntercept
NtUserScheduleDispatchNotification
NtUserInitThreadCoreMessagingIocp
NtUserDrainThreadCoreMessagingCompletions
NtUserSetTSFEventState
NtUserForceEnableNumpadTranslation
NtUserSystemParametersInfoForDpi
NtUserCitSetInfo
NtCreateCompositionInputSink
NtUserCreatePalmRejectionDelayZone
NtUserDestroyPalmRejectionDelayZone
NtUserSystemParametersInfo
NtUserGetProp
NtUserGetHDevName
NtUserGetRawInputDeviceInfo
NtUserRegisterLogonProcess
NtUserCreateSystemThreads
NtUserGetCursorPos
NtUserEnableMenuItem
NtUserCallNextHookEx
NtGdiDdDDIEscape
NtUserDisplayConfigGetDeviceInfo
NtUserGetDisplayConfigBufferSizes
NtUserSetDisplayConfig
NtUserQueryDisplayConfig
NtUserDisplayConfigSetDeviceInfo
NtUserFunctionalizeDisplayConfig
NtUserGetMessagePos
NtUserMNDragLeave
NtUserMNDragOver
NtUserDrawMenuBarTemp
NtUserGetSysMenuOffset
NtUserThunkedMenuInfo
NtUserCheckMenuItem
NtUserMinMaximize
NtUserUpdateClientRect
NtUserSetWindowLongPtr
NtUserSetVisible
NtUserClearWindowState
NtUserSetWindowState
NtUserCheckAccessForIntegrityLevel
NtUserArrangeIconicWindows
NtUserScrollWindowEx
NtUserRedrawTitle
NtUserRedrawFrameAndHook
NtUserDeferWindowPosAndBand
NtUserBeginDeferWindowPos
NtUserSetSysMenu
NtUserResetDblClk
NtUserRegisterLPK
NtUserRemoteConnectState
NtUserInitializeClientPfnArrays
NtUserProcessConnect
gDispatchTableValues
NtUserInitAnsiOem
NtUserLoadCursorsAndIcons
NtUserDisableProcessWindowFiltering
NtUserSetProcessUIAccessZorder
NtUserGetRawInputBuffer
NtUserScrollDC
NtUserKillSystemTimer
NtUserSetSystemTimer
NtUserHideCursorNoCapture
NtUserSetCaretPos
NtUserCloseClipboard
NtUserEmptyClipboard
NtUserIsClipboardFormatAvailable
NtUserShowCaret
NtUserCreateCaret
NtUserDestroyCaret
NtUserHideCaret
NtUserGetControlColor
NtUserTransformRect
NtUserTransformPoint
NtUserGetCurrentDpiInfoForWindow
NtUserTraceLoggingSendMixedModeTelemetry
NtUserGetProcessDpiAwarenessContext
NtUserSetProcessDpiAwarenessContext
NtUserSetCursor
NtUserMessageBeep
NtUserSetThreadState
NtUserQueryWindow
NtUserFillWindow
NtUserSetDialogPointer
NtUserZapActiveAndFocus
NtUserSetForegroundWindow
NtUserSetDialogSystemMenu
NtUserSetWindowContextHelpId
NtUserCsDdeUninitialize
NtUserDdeInitialize
NtUserUpdateInstance
NtUserConsoleControl
NtUserSetInformationThread
NtUserPrepareForLogoff
NtUserSetParent
NtUserReleaseDC
NtUserEnableWindow
NtUserPostMessage
NtUserGetTouchInputInfo
NtUserLockCursor
NtUserLinkDpiCursor
NtUserGetRequiredCursorSizes
NtUserGetCursorFrameInfo
NtUserGetIconInfo
NtUserDestroyAcceleratorTable
NtUserReportInertia
NtUserGetHimetricScaleFactorFromPixelLocation
NtUserRegisterEdgy
NtUserRegisterPointerInputTarget
NtUserGetPointerInfoList
NtUserGetCPD
NtUserSetMessageExtraInfo
NtUserValidateTimerCallback
NtUserDispatchMessage
NtUserAutoPromoteMouseInPointer
NtUserGetDManipHookInitFunction
NtUserRedrawFrame
NtUserLoadUserApiHook
NtUserSetMenu
NtUserSetMenuFlagRtoL
NtUserThunkedMenuItemInfo
NtUserCreateMenu
NtUserSetWindowsHookAW
NtUserUnhookWindowsHookEx
NtUserRealWaitMessageEx
NtUserRealInternalGetMessage
NtUserMessageCall
NtUserInjectGesture
NtUserGetGestureExtArgs
NtUserGetGestureInfo
NtUserBuildNameList
NtUserBuildPropList
NtUserBuildHwndList
NtUserGetAtomName
NtUserGetClassIcoCur
NtUserAlterWindowStyle
NtUserSetWindowFNID
NtUserBitBltSysBmp
NtUserGetOemBitmapSize
NtUserGetIconSize
NtUserReleaseCapture
NtUserSetMsgBox
NtUserGetThreadState
NtUserGetDC
NtUserGetControlBrush
NtUserDestroyCursor
NtUserCreateEmptyCursorObject
NtUserSetImeHotKey
NtUserGetImeHotKey
NtUserWindowFromPoint
NtUserWindowFromPhysicalPoint
NtUserWindowFromDC
NtUserWaitMessage
NtUserWaitForRedirectionStartComplete
NtUserWaitAvailableMessageEx
NtUserValidateRect
NtUserUserHandleGrantAccess
NtUserUpdateWindowTrackingInfo
NtUserUpdateWindowInputSinkHints
NtUserUpdateDefaultDesktopThumbnail
NtUserUnregisterUserApiHook
NtUserUnregisterSessionPort
NtUserUnregisterHotKey
NtUserUnlockWindowStation
NtUserUnhookWinEvent
NtUserUndelegateInput
NtUserTrackPopupMenuEx
NtUserTrackMouseEvent
NtUserSoundSentry
NtUserSlicerControl
NtUserDiscardPointerFrameMessages
NtUserSignalRedirectionStartComplete
NtUserShutdownBlockReasonQuery
NtUserShutdownReasonDestroy
NtUserShowWindowAsync
NtUserShowWindow
NtUserShowSystemCursor
NtUserShowScrollBar
NtUserShowCursor
NtUserShellSetWindowPos
NtUserShellRegisterHotKey
NtUserShellMigrateWindow
NtUserShellHandwritingUndelegateInput
NtUserShellHandwritingHandleDelegatedInput
NtUserShellHandwritingDelegateInput
NtUserSetWindowWord
NtUserSetWindowShowState
NtUserSetWindowPos
NtUserSetWindowPlacement
NtUserSetWindowFeedbackSetting
NtUserSetWindowDisplayAffinity
NtUserSetWindowCompositionTransition
NtUserSetWindowBand
NtUserSetThreadInputBlocked
NtUserSetTargetForResourceBrokering
NtUserSetSystemMenu
NtUserSetShellWindowEx
NtSetShellCursorState
NtUserSetProcessWindowStation
NtUserSetProcessRestrictionExemption
NtUserSetProcessMousewheelRoutingMode
NtUserSetProcessLaunchForegroundPolicy
NtUserSetProcessInteractionFlags
NtUserSetPrecisionTouchPadConfiguration
NtSetPointerDeviceInputSpace
NtUserSetMirrorRendering
NtUserSetMenuDefaultItem
NtUserSetMenuContextHelpId
NtUserMagSetContextInformation
NtUserSetMagnificationDesktopMagnifierOffsetsDWMUpdated
NtUserSetLayeredWindowAttributes
NtUserSetKeyboardState
NtUserSetInternalWindowPos
NtUserSetInteractiveCtrlRotationAngle
NtUserSetInteractiveControlFocus
NtUserSetInputServiceState
NtUserSetGestureConfig
NtUserSetFullscreenMagnifierOffsetsDWMUpdated
NtUserSetForegroundWindowForApplication
NtUserSetForegroundRedirectionForActivationObject
NtUserSetFocus
NtUserSetFeatureReportResponse
NtUserSetFallbackForeground
NtUserSetDpiForWindow
NtUserSetDisplayMapping
NtUserSetDisplayAutoRotationPreferences
NtUserSetDialogControlDpiChangeBehavior
NtUserSetDesktopVisualInputSink
NtUserSetDesktopColorTransform
NtUserSetCursorPos
NtSetCursorInputSpace
NtUserSetCoreWindowPartner
NtUserSetCoreWindow
NtUserSetTimer
NtUserSetClassWord
NtUserSetChildWindowNoActivate
NtUserSetCapture
NtUserSetCalibrationData
NtUserSetBrokeredForeground
NtUserSetBridgeWindowChild
NtUserSetAutoRotation
NtUserSetAdditionalForegroundBoostProcesses
NtUserSetActiveWindow
NtUserSetActiveProcessForMonitor
NtUserSetActivationFilter
NtUserSendInteractiveControlHapticsReport
NtUserSendInput
NtUserSendEventMessage
NtUserRestoreWindowDpiChanges
NtUserResolveDesktopForWOW
NtUserRemoveVisualIdentifier
NtUserRemoveMenu
NtUserReleaseDwmHitTestWaiters
NtUserRegisterTouchPadCapable
NtUserRegisterTouchHitTestingWindow
NtUserRegisterTasklist
NtUserRegisterShellPTPListener
NtUserRegisterSessionPort
NtUserRegisterServicesProcess
NtUserRegisterRawInputDevices
NtUserRegisterPointerDeviceNotifications
NtUserRegisterHotKey
NtUserRegisterForTooltipDismissNotification
NtUserRegisterForCustomDockTargets
NtUserRegisterErrorReportingDialog
NtUserRegisterDManipHook
NtUserRegisterBSDRWindow
NtUserRedrawWindow
NtUserRealChildWindowFromPoint
NtRIMUpdateInputObserverRegistration
NtRIMUnregisterForInput
NtRIMSetTestModeStatus
NtRIMSetExtendedDeviceProperty
NtRIMRemoveInputObserver
NtRIMRegisterForInputEx
NtRIMReadInput
NtRIMQueryDevicePath
NtRIMOnTimerNotification
NtRIMOnPnpNotification
NtRIMOnAsyncPnpWorkNotification
NtRIMObserveNextInput
NtRIMGetSourceProcessId
NtRIMGetPhysicalDeviceRect
NtRIMGetDevicePropertiesLockfree
NtRIMGetDeviceProperties
NtRIMGetDevicePreparsedDataLockfree
NtRIMGetDevicePreparsedData
NtRIMFreeInputBuffer
NtRIMEnableMonitorMappingForDevice
NtRIMDeviceIoControl
NtRIMAreSiblingDevices
NtRIMAddInputObserver
NtUserQuerySendMessage
NtUserQueryBSDRWindow
NtUserPromotePointer
NtUserProcessInkFeedbackCommand
NtUserPrintWindow
NtUserPerMonitorDPIPhysicalToLogicalPoint
NtUserPhysicalToLogicalPoint
NtUserPhysicalToLogicalDpiPointForWindow
NtUserPaintMonitor
NtUserPaintMenuBar
NtUserOpenThreadDesktop
NtUserOpenInputDesktop
NtUserNavigateFocus
NtUserMoveWindow
NtUserMenuItemFromPoint
NtMapVisualRelativePoints
NtUserMapPointsByVisualIdentifier
NtUserLogicalToPerMonitorDPIPhysicalPoint
NtUserLogicalToPhysicalPoint
NtUserLogicalToPhysicalDpiPointForWindow
NtUserLockWorkStation
NtUserLockWindowUpdate
NtUserLockWindowStation
NtUserLayoutCompleted
NtUserKillTimer
NtUserIsWindowGDIScaledDpiMessageEnabled
NtUserIsWindowBroadcastingDpiToChildren
NtUserIsTouchWindow
NtUserIsTopLevelWindow
NtUserIsResizeLayoutSynchronizationEnabled
NtIsOneCoreTransformMode
NtUserIsNonClientDpiScalingEnabled
NtUserIsMouseInputEnabled
NtUserIsMouseInPointerEnabled
NtUserIsChildWindowDpiMessageEnabled
NtUserInvalidateRgn
NtUserInvalidateRect
NtUserInteractiveControlQueryUsage
NtInputSpaceRegionFromPoint
NtUserInjectTouchInput
NtUserInjectPointerInput
NtUserInjectMouseInput
NtUserInjectKeyboardInput
NtUserInjectGenericHidInput
NtUserInjectDeviceInput
NtUserInitializeTouchInjection
NtUserInitializePointerDeviceInjectionEx
NtUserInitializePointerDeviceInjection
NtUserInitializeInputDeviceInjection
NtUserInitializeGenericHidInjection
NtUserInheritWindowMonitor

ntdll

__chkstk
memcmp
wcscmp
memcpy
RtlSetLastWin32Error
NlsAnsiCodePage
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
_wtoi
RtlRaiseException
NtYieldExecution
NtDeleteValueKey
NtSetValueKey
NtCreateKey
wcstoul
RtlFreeUnicodeString
RtlCreateUnicodeStringFromAsciiz
NtOpenDirectoryObject
NtSetSecurityObject
NtQuerySecurityObject
NtQueryInformationProcess
wcstol
ZwQueryWnfStateData
wcsncmp
wcsnlen
RtlDeleteHashTable
RtlInitStrongEnumerationHashTable
RtlLookupEntryHashTable
RtlStronglyEnumerateEntryHashTable
strnlen
RtlInsertEntryHashTable
RtlInitEnumerationHashTable
RtlRemoveEntryHashTable
strncmp
RtlEndStrongEnumerationHashTable
RtlCreateHashTable
RtlEndEnumerationHashTable
RtlEnumerateEntryHashTable
RtlQueryPackageClaims
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlCompareUnicodeString
wcsncpy_s
iswspace
qsort
VerSetConditionMask
NtPowerInformation
RtlMultiByteToUnicodeSize
LdrFlushAlternateResourceModules
RtlImageNtHeader
RtlPcToFileHeader
NtRaiseHardError
NtCallbackReturn
wcsncat_s
RtlRetrieveNtUserPfn
RtlInitializeNtUserPfn
_stricmp
RtlGetIntegerAtom
RtlDeleteCriticalSection
RtlResetNtUserPfn
memmove_s
memcpy_s
RtlQueryInformationActiveActivationContext
RtlQueryElevationFlags
NtQuerySystemInformation
RtlInitializeCriticalSection
RtlEqualUnicodeString
LdrQueryImageFileExecutionOptions
isspace
CsrClientConnectToServer
sscanf_s
strrchr
strcpy_s
RtlSizeHeap
RtlGetThreadLangIdByIndex
RtlRunEncodeUnicodeString
RtlRunDecodeUnicodeString
_wcsicmp
RtlReAllocateHeap
RtlNtStatusToDosError
RtlGetActiveConsoleId
CsrFreeCaptureBuffer
wcsrchr
CsrClientCallServer
CsrAllocateMessagePointer
CsrAllocateCaptureBuffer
NtOpenProcessToken
NtOpenThreadToken
RtlFreeSid
RtlAllocateAndInitializeSid
NtQueryInformationToken
NtQueryVirtualMemory
_vsnwprintf
RtlUnicodeToMultiByteSize
RtlIsThreadWithinLoaderCallout
RtlReleaseActivationContext
RtlFindActivationContextSectionString
RtlDeactivateActivationContextUnsafeFast
RtlActivateActivationContextUnsafeFast
RtlUnicodeToMultiByteN
RtlMultiByteToUnicodeN
RtlEnterCriticalSection
RtlLeaveCriticalSection
__C_specific_handler
wcscat_s
wcscpy_s
NtQueryValueKey
NtEnumerateKey
NtClose
NtOpenKey
RtlOpenCurrentUser
RtlUnicodeStringToInteger
RtlInitUnicodeString
swprintf_s
RtlFreeHeap
RtlAllocateHeap
memset
memmove

api-ms-win-core-localization-l1-2-0

GetThreadLocale
ConvertDefaultLocale
IsDBCSLeadByteEx
GetACP
IsDBCSLeadByte
GetSystemDefaultLangID
GetOEMCP
GetCPInfo
FormatMessageW
GetUserDefaultLCID
GetLocaleInfoW
IsValidLocale

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegQueryValueExW
RegEnumValueW
RegDeleteKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalLock
GlobalFree
LocalUnlock
LocalAlloc
LocalReAlloc
LocalFree

api-ms-win-core-libraryloader-l1-2-0

EnumResourceNamesExW
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleExA
GetModuleFileNameA
GetModuleHandleW
FreeLibrary
SizeofResource
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameW
GetModuleHandleA
FindResourceExW
LoadResource

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
ReleaseMutex
LeaveCriticalSection
WaitForSingleObjectEx
CreateMutexExW
EnterCriticalSection
CreateSemaphoreExW
InitializeCriticalSectionEx
OpenEventW
AcquireSRWLockExclusive
WaitForSingleObject
ReleaseSRWLockExclusive
AcquireSRWLockShared
SetEvent
ReleaseSemaphore
InitializeSRWLock
ReleaseSRWLockShared

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister
EventWrite

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
GetCurrentProcessId
ExitThread
GetExitCodeThread
CreateThread
GetCurrentThread
GetCurrentProcess
GetCurrentThreadId
TerminateProcess
ProcessIdToSessionId

api-ms-win-core-string-l1-1-0

GetStringTypeW
CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar
FoldStringW
CompareStringW

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetVersionExW
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-security-base-l1-1-0

CheckTokenMembership
GetTokenInformation

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-string-l2-1-0

CharUpperBuffW
CharLowerBuffW
CharLowerW
CharPrevW
IsCharLowerW
CharNextW
IsCharUpperW
CharUpperW
IsCharAlphaNumericW
IsCharAlphaW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
SetCurrentDirectoryW
GetCurrentDirectoryW
SearchPathW

api-ms-win-core-file-l1-1-0

GetFileSize
FindFirstFileW
ReadFile
FindNextFileW
FindClose
GetLogicalDrives
SetFileTime
CreateFileW

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-memory-l1-1-3

SetProcessValidCallTargets

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW
WritePrivateProfileStringW

api-ms-win-core-atoms-l1-1-0

AddAtomA
GlobalGetAtomNameA
GlobalAddAtomA
GetAtomNameW
GlobalGetAtomNameW
DeleteAtom
GlobalDeleteAtom
AddAtomW
GlobalAddAtomW
GlobalFindAtomA
GlobalFindAtomW
GetAtomNameA

api-ms-win-core-heap-obsolete-l1-1-0

GlobalSize
GlobalLock
GlobalFlags
GlobalReAlloc
LocalSize
GlobalUnlock
GlobalHandle

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrlenA
lstrcmpiW

api-ms-win-core-localization-obsolete-l1-2-0

GetStringTypeA

api-ms-win-core-stringansi-l1-1-0

CharUpperBuffA
IsCharLowerA
CharPrevExA
IsCharUpperA
CharLowerBuffA
IsCharAlphaA
CharPrevA
CharNextExA
CharNextA
CharLowerA
IsCharAlphaNumericA
CharUpperA

api-ms-win-core-sidebyside-l1-1-0

QueryActCtxSettingsW

api-ms-win-core-kernel32-private-l1-1-0

RegisterWaitForInputIdle

kernelbase

WTSGetServiceSessionId
LoadStringBaseExW

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv
FindResourceExA

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-appinit-l1-1-0

LoadAppInitDlls

gdi32

PatBlt
SetBkMode
SelectObject
IntersectClipRect
SetTextAlign
GetTextAlign
GetStockObject
SetBkColor
SetTextColor
GetObjectW
GetBkColor
GetLayout
GdiGetBitmapBitsSize
GetDIBColorTable
GetDeviceCaps
GetMapMode
GetHFONT
ExtSelectClipRgn
GetClipRgn
SetGraphicsMode
GdiPrinterThunk
GdiLoadType1Fonts
GdiAddFontResourceW
GetRgnBox
ExtCreateRegion
GetRegionData
EnableEUDC
TextOutA
GdiReleaseDC
GdiConvertBitmapV5
GdiConvertToDevmodeW
GetClipBox
MirrorRgn
OffsetRgn
CreateRectRgnIndirect
SetRectRgn
CombineRgn
CreateRectRgn
GetBoundsRect
SetLayout
PlayEnhMetaFile
ExcludeClipRect
StretchBlt
Ellipse
CreateEllipticRgn
GetDCOrgEx
GdiTrackHDelete
GdiFixUpHandle
Rectangle
CreatePen
CreateBrushIndirect
PolyPatBlt
SetViewportOrgEx
GetViewportOrgEx
GetCurrentObject
GetTextCharacterExtra
SetTextCharacterExtra
SetLayoutWidth
GdiConvertAndCheckDC
SetBoundsRect
CreateSolidBrush
GdiProcessSetup
GdiDllInitialize
CopyEnhMetaFileW
CopyMetaFileW
SetPaletteEntries
CreatePalette
GetPaletteEntries
DeleteEnhMetaFile
DeleteMetaFile
GetPixel
GetTextCharsetInfo
QueryFontAssocStatus
ExtTextOutA
GetCharWidthInfo
GetCharWidthA
GetTextExtentPointA
GetTextFaceW
GetCharABCWidthsW
GetCharABCWidthsA
SetBrushOrgEx
GetDCDpiScaleValue
GetTextFaceAliasW
EnumFontsW
CreateFontIndirectW
TranslateCharsetInfo
GdiCreateLocalEnhMetaFile
GdiCreateLocalMetaFilePict
GdiConvertEnhMetaFile
GdiConvertMetaFilePict
GetTextColor
GetTextMetricsW
TextOutW
GetWindowExtEx
GetViewportExtEx
GetBkMode
GdiGetCharDimensions
GetTextCharset
GditPopCallerInfo
GditPushCallerInfo
GdiGetCodePage
GetTextExtentPointW
ExtTextOutW
RestoreDC
OffsetWindowOrgEx
SaveDC
GetObjectType
GetDIBits
SetDIBits
SetStretchBltMode
CreateDIBSection
StretchDIBits
CreateCompatibleBitmap
CreateDIBitmap
CreateDCW
GdiTrackHCreate
DeleteDC
BitBlt
CreateCompatibleDC
DeleteObject
CreateBitmap
GdiValidateHandle

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

ActivateKeyboardLayout
AddClipboardFormatListener
AddVisualIdentifier
AdjustWindowRect
AdjustWindowRectEx
AdjustWindowRectExForDpi
AlignRects
AllowForegroundActivation
AllowSetForegroundWindow
AnimateWindow
AnyPopup
AppendMenuA
AppendMenuW
AreDpiAwarenessContextsEqual
ArrangeIconicWindows
AttachThreadInput
BeginDeferWindowPos
BeginPaint
BlockInput
BringWindowToTop
BroadcastSystemMessage
BroadcastSystemMessageA
BroadcastSystemMessageExA
BroadcastSystemMessageExW
BroadcastSystemMessageW
BuildReasonArray
CalcMenuBar
CalculatePopupWindowPosition
CallMsgFilter
CallMsgFilterA
CallMsgFilterW
CallNextHookEx
CallWindowProcA
CallWindowProcW
CancelShutdown
CascadeChildWindows
CascadeWindows
ChangeClipboardChain
ChangeDisplaySettingsA
ChangeDisplaySettingsExA
ChangeDisplaySettingsExW
ChangeDisplaySettingsW
ChangeMenuA
ChangeMenuW
ChangeWindowMessageFilter
ChangeWindowMessageFilterEx
CharLowerA
CharLowerBuffA
CharLowerBuffW
CharLowerW
CharNextA
CharNextExA
CharNextW
CharPrevA
CharPrevExA
CharPrevW
CharToOemA
CharToOemBuffA
CharToOemBuffW
CharToOemW
CharUpperA
CharUpperBuffA
CharUpperBuffW
CharUpperW
CheckBannedOneCoreTransformApi
CheckDBCSEnabledExt
CheckDlgButton
CheckMenuItem
CheckMenuRadioItem
CheckProcessForClipboardAccess
CheckProcessSession
CheckRadioButton
CheckWindowThreadDesktop
ChildWindowFromPoint
ChildWindowFromPointEx
CliImmSetHotKey
ClientThreadSetup
ClientToScreen
ClipCursor
CloseClipboard
CloseDesktop
CloseGestureInfoHandle
CloseTouchInputHandle
CloseWindow
CloseWindowStation
ConsoleControl
ControlMagnification
CopyAcceleratorTableA
CopyAcceleratorTableW
CopyIcon
CopyImage
CopyRect
CountClipboardFormats
CreateAcceleratorTableA
CreateAcceleratorTableW
CreateCaret
CreateCursor
CreateDCompositionHwndTarget
CreateDesktopA
CreateDesktopExA
CreateDesktopExW
CreateDesktopW
CreateDialogIndirectParamA
CreateDialogIndirectParamAorW
CreateDialogIndirectParamW
CreateDialogParamA
CreateDialogParamW
CreateIcon
CreateIconFromResource
CreateIconFromResourceEx
CreateIconIndirect
CreateMDIWindowA
CreateMDIWindowW
CreateMenu
CreatePopupMenu
CreateSyntheticPointerDevice
CreateSystemThreads
CreateWindowExA
CreateWindowExW
CreateWindowInBand
CreateWindowInBandEx
CreateWindowIndirect
CreateWindowStationA
CreateWindowStationW
CsrBroadcastSystemMessageExW
CtxInitUser32
DdeAbandonTransaction
DdeAccessData
DdeAddData
DdeClientTransaction
DdeCmpStringHandles
DdeConnect
DdeConnectList
DdeCreateDataHandle
DdeCreateStringHandleA
DdeCreateStringHandleW
DdeDisconnect
DdeDisconnectList
DdeEnableCallback
DdeFreeDataHandle
DdeFreeStringHandle
DdeGetData
DdeGetLastError
DdeGetQualityOfService
DdeImpersonateClient
DdeInitializeA
DdeInitializeW
DdeKeepStringHandle
DdeNameService
DdePostAdvise
DdeQueryConvInfo
DdeQueryNextServer
DdeQueryStringA
DdeQueryStringW
DdeReconnect
DdeSetQualityOfService
DdeSetUserHandle
DdeUnaccessData
DdeUninitialize
DefDlgProcA
DefDlgProcW
DefFrameProcA
DefFrameProcW
DefMDIChildProcA
DefMDIChildProcW
DefRawInputProc
DefWindowProcA
DefWindowProcW
DeferWindowPos
DeferWindowPosAndBand
DelegateInput
DeleteMenu
DeregisterShellHookWindow
DestroyAcceleratorTable
DestroyCaret
DestroyCursor
DestroyDCompositionHwndTarget
DestroyIcon
DestroyMenu
DestroyReasons
DestroySyntheticPointerDevice
DestroyWindow
DialogBoxIndirectParamA
DialogBoxIndirectParamAorW
DialogBoxIndirectParamW
DialogBoxParamA
DialogBoxParamW
DisableProcessWindowsGhosting
DispatchMessageA
DispatchMessageW
DisplayConfigGetDeviceInfo
DisplayConfigSetDeviceInfo
DisplayExitWindowsWarnings
DlgDirListA
DlgDirListComboBoxA
DlgDirListComboBoxW
DlgDirListW
DlgDirSelectComboBoxExA
DlgDirSelectComboBoxExW
DlgDirSelectExA
DlgDirSelectExW
DoSoundConnect
DoSoundDisconnect
DragDetect
DragObject
DrawAnimatedRects
DrawCaption
DrawCaptionTempA
DrawCaptionTempW
DrawEdge
DrawFocusRect
DrawFrame
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawMenuBarTemp
DrawStateA
DrawStateW
DrawTextA
DrawTextExA
DrawTextExW
DrawTextW
DwmGetDxRgn
DwmGetDxSharedSurface
DwmGetRemoteSessionOcclusionEvent
DwmGetRemoteSessionOcclusionState
DwmKernelShutdown
DwmKernelStartup
DwmLockScreenUpdates
DwmValidateWindow
EditWndProc
EmptyClipboard
EnableMenuItem
EnableMouseInPointer
EnableNonClientDpiScaling
EnableOneCoreTransformMode
EnableScrollBar
EnableSessionForMMCSS
EnableWindow
EndDeferWindowPos
EndDeferWindowPosEx
EndDialog
EndMenu
EndPaint
EndTask
EnterReaderModeHelper
EnumChildWindows
EnumClipboardFormats
EnumDesktopWindows
EnumDesktopsA
EnumDesktopsW
EnumDisplayDevicesA
EnumDisplayDevicesW
EnumDisplayMonitors
EnumDisplaySettingsA
EnumDisplaySettingsExA
EnumDisplaySettingsExW
EnumDisplaySettingsW
EnumPropsA
EnumPropsExA
EnumPropsExW
EnumPropsW
EnumThreadWindows
EnumWindowStationsA
EnumWindowStationsW
EnumWindows
EqualRect
EvaluateProximityToPolygon
EvaluateProximityToRect
ExcludeUpdateRgn
ExitWindowsEx
FillRect
FindWindowA
FindWindowExA
FindWindowExW
FindWindowW
FlashWindow
FlashWindowEx
FrameRect
FreeDDElParam
FrostCrashedWindow
GetActiveWindow
GetAltTabInfo
GetAltTabInfoA
GetAltTabInfoW
GetAncestor
GetAppCompatFlags
GetAppCompatFlags2
GetAsyncKeyState
GetAutoRotationState
GetAwarenessFromDpiAwarenessContext
GetCIMSSM
GetCapture
GetCaretBlinkTime
GetCaretPos
GetClassInfoA
GetClassInfoExA
GetClassInfoExW
GetClassInfoW
GetClassLongA
GetClassLongPtrA
GetClassLongPtrW
GetClassLongW
GetClassNameA
GetClassNameW
GetClassWord
GetClientRect
GetClipCursor
GetClipboardAccessToken
GetClipboardData
GetClipboardFormatNameA
GetClipboardFormatNameW
GetClipboardMetadata
GetClipboardOwner
GetClipboardSequenceNumber
GetClipboardViewer
GetComboBoxInfo
GetCurrentInputMessageSource
GetCursor
GetCursorFrameInfo
GetCursorInfo
GetCursorPos
GetDC
GetDCEx
GetDCompositionHwndBitmap
GetDesktopID
GetDesktopWindow
GetDialogBaseUnits
GetDialogControlDpiChangeBehavior
GetDialogDpiChangeBehavior
GetDisplayAutoRotationPreferences
GetDisplayConfigBufferSizes
GetDlgCtrlID
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
GetDlgItemTextW
GetDoubleClickTime
GetDpiAwarenessContextForProcess
GetDpiForMonitorInternal
GetDpiForSystem
GetDpiForWindow
GetDpiFromDpiAwarenessContext
GetExtendedPointerDeviceProperty
GetFocus
GetForegroundWindow
GetGUIThreadInfo
GetGestureConfig
GetGestureExtraArgs
GetGestureInfo
GetGuiResources
GetIconInfo
GetIconInfoExA
GetIconInfoExW
GetInputDesktop
GetInputLocaleInfo
GetInputState
GetInternalWindowPos
GetKBCodePage
GetKeyNameTextA
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameA
GetKeyboardLayoutNameW
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetLastInputInfo
GetLayeredWindowAttributes
GetListBoxInfo
GetMagnificationDesktopColorEffect
GetMagnificationDesktopMagnification
GetMagnificationDesktopSamplingMode
GetMagnificationLensCtxInformation
GetMenu
GetMenuBarInfo
GetMenuCheckMarkDimensions
GetMenuContextHelpId
GetMenuDefaultItem
GetMenuInfo
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuItemInfoW
GetMenuItemRect
GetMenuState
GetMenuStringA
GetMenuStringW
GetMessageA
GetMessageExtraInfo
GetMessagePos
GetMessageTime
GetMessageW
GetMonitorInfoA
GetMonitorInfoW
GetMouseMovePointsEx
GetNextDlgGroupItem
GetNextDlgTabItem
GetOpenClipboardWindow
GetParent
GetPhysicalCursorPos
GetPointerCursorId
GetPointerDevice
GetPointerDeviceCursors
GetPointerDeviceInputSpace
GetPointerDeviceOrientation
GetPointerDeviceProperties
GetPointerDeviceRects
GetPointerDevices
GetPointerFrameArrivalTimes
GetPointerFrameInfo
GetPointerFrameInfoHistory
GetPointerFramePenInfo
GetPointerFramePenInfoHistory
GetPointerFrameTimes
GetPointerFrameTouchInfo
GetPointerFrameTouchInfoHistory
GetPointerInfo
GetPointerInfoHistory
GetPointerInputTransform
GetPointerPenInfo
GetPointerPenInfoHistory
GetPointerTouchInfo
GetPointerTouchInfoHistory
GetPointerType
GetPriorityClipboardFormat
GetProcessDefaultLayout
GetProcessDpiAwarenessInternal
GetProcessUIContextInformation
GetProcessWindowStation
GetProgmanWindow
GetPropA
GetPropW
GetQueueStatus
GetRawInputBuffer
GetRawInputData
GetRawInputDeviceInfoA
GetRawInputDeviceInfoW
GetRawInputDeviceList
GetRawPointerDeviceData
GetReasonTitleFromReasonCode
GetRegisteredRawInputDevices
GetScrollBarInfo
GetScrollInfo
GetScrollPos
GetScrollRange
GetSendMessageReceiver
GetShellChangeNotifyWindow
GetShellWindow
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemDpiForProcess
GetSystemMenu
GetSystemMetrics
GetSystemMetricsForDpi
GetTabbedTextExtentA
GetTabbedTextExtentW
GetTaskmanWindow
GetThreadDesktop
GetThreadDpiAwarenessContext
GetThreadDpiHostingBehavior
GetTitleBarInfo
GetTopLevelWindow
GetTopWindow
GetTouchInputInfo
GetUnpredictedMessagePos
GetUpdateRect
GetUpdateRgn
GetUpdatedClipboardFormats
GetUserObjectInformationA
GetUserObjectInformationW
GetUserObjectSecurity
GetWinStationInfo
GetWindow
GetWindowBand
GetWindowCompositionAttribute
GetWindowCompositionInfo
GetWindowContextHelpId
GetWindowDC
GetWindowDisplayAffinity
GetWindowDpiAwarenessContext
GetWindowDpiHostingBehavior
GetWindowFeedbackSetting
GetWindowInfo
GetWindowLongA
GetWindowLongPtrA
GetWindowLongPtrW
GetWindowLongW
GetWindowMinimizeRect
GetWindowModuleFileName
GetWindowModuleFileNameA
GetWindowModuleFileNameW
GetWindowPlacement
GetWindowProcessHandle
GetWindowRect
GetWindowRgn

Sections

.text
Size: 596KB - Virtual size: 595KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 932KB - Virtual size: 931KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
userenv.dll
.dll regsvr32 windows:10 windows x64 arch:x64

a0f11d9237200a7b2e454dd4f93f5924

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:30:7a:d9:40:80:2f:2d:06:e2:97:e1:16:b2:9a:54:f2:c7:66:83:c1:69:f0:63:2f:25:e0:2b:ff:ed:cb:26
Signer

Actual PE Digest

1f:30:7a:d9:40:80:2f:2d:06:e2:97:e1:16:b2:9a:54:f2:c7:66:83:c1:69:f0:63:2f:25:e0:2b:ff:ed:cb:26

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

userenv.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memcpy
_o_free
_o_malloc
_o__cexit
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswprintf
_o__crt_atexit
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_narrow_argv
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_CxxThrowException

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
DisableThreadLibraryCalls
LoadResource
GetProcAddress
LockResource

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapReAlloc
GetProcessHeap

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegGetValueW
RegQueryValueExW

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentProcess
SetThreadToken
GetCurrentThread
GetCurrentThreadId
GetCurrentProcessId
OpenThreadToken
TerminateProcess
CreateThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-security-base-l1-1-0

RevertToSelf
AllocateAndInitializeSid
GetFileSecurityW
GetSecurityDescriptorOwner
EqualSid
FreeSid
CopySid
PrivilegeCheck
GetTokenInformation
GetLengthSid
ImpersonateLoggedOnUser
ImpersonateSelf

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

CreateMutexExW
OpenSemaphoreW
CreateEventW
AcquireSRWLockExclusive
WaitForMultipleObjectsEx
EnterCriticalSection
ReleaseSRWLockExclusive
ReleaseMutex
WaitForSingleObject
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
ReleaseSemaphore
WaitForSingleObjectEx
DeleteCriticalSection
CreateSemaphoreExW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal
CompareStringW

rpcrt4

IUnknown_AddRef_Proxy
RpcBindingSetAuthInfoExW
I_RpcExceptionFilter
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingFree
NdrClientCall3
NdrDllUnregisterProxy
UuidCreate
RpcRevertToSelf
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
NdrDllRegisterProxy
CStdStubBuffer_Invoke
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
RpcStringFreeW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-core-file-l1-1-0

FindClose
FindFirstFileW
CreateDirectoryW
FlushFileBuffers
CompareFileTime
GetFileAttributesExW
RemoveDirectoryW
DeleteFileW
SetFileTime
CreateFileW
GetDiskFreeSpaceExW
FindNextFileW
SetFileAttributesW
GetFileAttributesW

api-ms-win-core-file-l2-1-0

MoveFileExW
GetFileInformationByHandleEx

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-path-l1-1-0

PathCchAddBackslashEx

api-ms-win-security-grouppolicy-l1-1-0

LeaveCriticalPolicySectionInternal
GetAppliedGPOListInternalW
GetPreviousFgPolicyRefreshInfoInternal
ForceSyncFgPolicyInternal
RefreshPolicyExInternal
HasPolicyForegroundProcessingCompletedInternal
FreeGPOListInternalA
GetAppliedGPOListInternalA
EnterCriticalPolicySectionInternal
GenerateGPNotificationInternal
AreThereVisibleShutdownScriptsInternal
GetGPOListInternalW
FreeGPOListInternalW
RefreshPolicyInternal
WaitForMachinePolicyForegroundProcessingInternal
GetNextFgPolicyRefreshInfoInternal
GetGPOListInternalA
RegisterGPNotificationInternal
AreThereVisibleLogoffScriptsInternal
WaitForUserPolicyForegroundProcessingInternal
UnregisterGPNotificationInternal
RsopLoggingEnabledInternal

api-ms-win-core-kernel32-private-l1-1-1

PrivCopyFileExW

ntdll

RtlStringFromGUID
NtClose
RtlFreeUnicodeString
EtwEventRegister
EtwEventUnregister
RtlNtStatusToDosError
EtwEventSetInformation
RtlAdjustPrivilege
EtwEventActivityIdControl
EtwEventWriteTransfer

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AreThereVisibleLogoffScripts
AreThereVisibleShutdownScripts
CreateAppContainerProfile
CreateEnvironmentBlock
CreateProfile
DeleteAppContainerProfile
DeleteProfileA
DeleteProfileW
DeriveAppContainerSidFromAppContainerName
DeriveRestrictedAppContainerSidFromAppContainerSidAndRestrictedName
DestroyEnvironmentBlock
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EnterCriticalPolicySection
ExpandEnvironmentStringsForUserA
ExpandEnvironmentStringsForUserW
ForceSyncFgPolicy
FreeGPOListA
FreeGPOListW
GenerateGPNotification
GetAllUsersProfileDirectoryA
GetAllUsersProfileDirectoryW
GetAppContainerFolderPath
GetAppContainerRegistryLocation
GetAppliedGPOListA
GetAppliedGPOListW
GetDefaultUserProfileDirectoryA
GetDefaultUserProfileDirectoryW
GetGPOListA
GetGPOListW
GetNextFgPolicyRefreshInfo
GetPreviousFgPolicyRefreshInfo
GetProfileType
GetProfilesDirectoryA
GetProfilesDirectoryW
GetUserProfileDirectoryA
GetUserProfileDirectoryW
HasPolicyForegroundProcessingCompleted
LeaveCriticalPolicySection
LoadProfileExtender
LoadUserProfileA
LoadUserProfileW
ProcessGroupPolicyCompleted
ProcessGroupPolicyCompletedEx
RefreshPolicy
RefreshPolicyEx
RegisterGPNotification
RsopAccessCheckByType
RsopFileAccessCheck
RsopLoggingEnabled
RsopResetPolicySettingStatus
RsopSetPolicySettingStatus
UnloadProfileExtender
UnloadUserProfile
UnregisterGPNotification
WaitForMachinePolicyForegroundProcessing
WaitForUserPolicyForegroundProcessing

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
usodocked.dll
.dll windows:10 windows x64 arch:x64

67ace03e9f837f9022ff6c36fd326ef9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

UsoDocked.pdb

Imports

msvcp_win

?_Winerror_map@std@@YAHH@Z
?_Xbad_alloc@std@@YAXXZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?widen@?$ctype@G@std@@QEBAGD@Z
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?id@?$ctype@G@std@@2V0locale@2@A
_Thrd_sleep
_Cnd_signal
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?_Random_device@std@@YAIXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_N@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
_Mtx_trylock
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
_Thrd_join
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
_Xtime_get_ticks
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Mtx_current_owns
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_timedwait
_Query_perf_frequency
_Query_perf_counter
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_Xbad_function_call@std@@YAXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
_Cnd_unregister_at_thread_exit
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
_Thrd_yield
?_Syserror_map@std@@YAPEBDH@Z
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
??0task_continuation_context@Concurrency@@AEAA@XZ
?__ExceptionPtrRethrow@@YAXPEBX@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
_Cnd_wait
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
_Cnd_register_at_thread_exit
_Cnd_broadcast
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Cnd_destroy_in_situ
_Cnd_init_in_situ
?_Xout_of_range@std@@YAXPEBD@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?uncaught_exception@std@@YA_NXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
_Wcscoll
_Wcsxfrm
?id@?$collate@G@std@@2V0locale@2@A
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?is@?$ctype@G@std@@QEBA_NFG@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?id@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@2V0locale@2@A
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?get@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEBA?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBG4@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__free_locale
_o__fseeki64
_o__get_stream_buffer_pointers
_o__i64toa_s
_o__i64tow_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__localtime64_s
_o__lock_file
_o__mktime64
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__ui64toa_s
_o__ui64tow_s
_o__unlock_file
_o__wcsicmp
_o__wcsnicmp
_o__wcstod_l
memmove
_o__wtoi
_o__wtol
_o_abort
_o_ceilf
_o_exit
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fputc
_o_fread
_o_free
_o_fsetpos
_o_fwrite
_o_iswspace
_o_malloc
_o_mbstowcs_s
_o_pow
_o_realloc
_o_setvbuf
_o_strncpy_s
_o_strtol
_o_strtoull
_o_terminate
_o_tolower
_o_towlower
_o_ungetc
_o_wcsftime
_o_wcstol
_o_wcstoll
_o_wcstoul
_o_wcstoull
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o__execute_onexit_table
_o__errno
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___pctype_func
_o__crt_atexit
_o__create_locale
_o__configure_narrow_argv
__std_type_info_compare
strchr
strrchr
_o____lc_codepage_func
__std_terminate
__CxxFrameHandler4
_o__cexit
_o__callnewh
memcmp
memcpy
_o__beginthreadex
_o__stricmp

api-ms-win-crt-string-l1-1-0

strnlen
wcsnlen
memset
wcscmp

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
RemoveDllDirectory
AddDllDirectory
GetModuleHandleExW
GetModuleHandleA
FreeLibrary
LoadLibraryExW
GetProcAddress
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
EnterCriticalSection
CreateEventW
ResetEvent
InitializeCriticalSectionAndSpinCount
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexW
ReleaseSRWLockShared
WaitForSingleObject
ReleaseSemaphore
InitializeCriticalSectionEx
CreateMutexExW
SetEvent
AcquireSRWLockShared
DeleteCriticalSection
CreateEventExW
CreateSemaphoreExW
AcquireSRWLockExclusive
OpenEventW
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
GetErrorMode
SetErrorMode
SetUnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-threadpool-l1-2-0

TrySubmitThreadpoolCallback
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentThread
CreateProcessW
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
CreateProcessAsUserW
OpenThreadToken
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageW
FormatMessageA

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

oleaut32

GetErrorInfo
SysStringLen
SysStringByteLen
VarUI8FromDec
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantInit
VariantClear
SysFreeString
SysAllocString
SysAllocStringByteLen
SetErrorInfo

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
AdjustTokenPrivileges
GetLengthSid
RevertToSelf
CheckTokenMembership
FreeSid
CopySid
AllocateAndInitializeSid
GetTokenInformation
DuplicateTokenEx

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsCreateString
WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteTreeW
RegCopyTreeW
RegGetValueW
RegOpenKeyExW
RegCreateKeyExW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
WideCharToMultiByte

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize
CoInitializeEx
CoWaitForMultipleHandles
CoRevertToSelf
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoGetObjectContext
CoGetApartmentType
CoTaskMemFree
CoCreateGuid
StringFromGUID2
CoGetMalloc
CoImpersonateClient

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventActivityIdControl
EventSetInformation
EventWriteTransfer
EventUnregister

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GlobalMemoryStatusEx
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetLocalTime
GetSystemInfo
GetSystemDirectoryW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask
GetSystemTimePreciseAsFileTime
GetProductInfo
GetNativeSystemInfo

api-ms-win-core-localization-l1-2-3

GetUserDefaultGeoName

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
ExpandEnvironmentStringsW
SetEnvironmentVariableW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

ntdll

RtlAllocateHeap
RtlReAllocateHeap
RtlFreeHeap
DbgPrintEx
RtlRaiseStatus
RtlPublishWnfStateData
RtlGetDeviceFamilyInfoEnum
NtPowerInformation
NtIsSystemResumeAutomatic
RtlQueryPackageIdentity
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData

api-ms-win-service-private-l1-1-0

I_QueryTagInformation

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOnFile

umpdc

Pdcv2ActivationClientActivate
Pdcv2ActivationClientDeactivate
PdcTaskClientRegister
PdcTaskClientUnregister
Pdcv2ActivationClientRegister
Pdcv2ActivationClientRenewActivation
PdcTaskClientRequest
Pdcv2ActivationClientUnregister

combase

ord69

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-sysinfo-l1-2-1

GetPhysicallyInstalledSystemMemory

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime

bcrypt

BCryptCreateHash
BCryptGetProperty
BCryptFinishHash
BCryptHashData
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-processtopology-obsolete-l1-1-0

GetActiveProcessorCount

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

wofutil

WofSetFileDataLocation

userenv

CreateEnvironmentBlock
DeriveAppContainerSidFromAppContainerName
DestroyEnvironmentBlock

rpcrt4

UuidCreate
RpcRevertToSelf
RpcImpersonateClient
I_RpcBindingInqLocalClientPID

api-ms-win-core-shutdown-l1-1-1

InitiateShutdownW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW
K32GetModuleFileNameExW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-file-l1-1-0

GetFileInformationByHandle
GetFileAttributesExW
CreateDirectoryW
FindClose
SetFileInformationByHandle
ReadFile
CreateFileW
RemoveDirectoryW
FindFirstFileExW
GetFileAttributesW
GetDiskFreeSpaceExW
DeleteFileW
FindNextFileW

iphlpapi

GetNetworkConnectivityHint

api-ms-win-service-management-l1-1-0

OpenServiceW
OpenSCManagerW
CloseServiceHandle

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

crypt32

CertVerifyCertificateChainPolicy

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx
CreateHardLinkW
CreateSymbolicLinkW
MoveFileExW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-kernel32-legacy-l1-1-1

PowerClearRequest
PowerCreateRequest
VerifyVersionInfoW
PowerSetRequest

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-oobe-notification-l1-1-0

OOBEComplete

winsqlite3

sqlite3_extended_errcode
sqlite3_errmsg
sqlite3_open16
sqlite3_initialize
sqlite3_step
sqlite3_close_v2
sqlite3_shutdown
sqlite3_prepare16_v2
sqlite3_column_int
sqlite3_exec
sqlite3_busy_timeout
sqlite3_bind_text16
sqlite3_bind_int
sqlite3_column_text16
sqlite3_bind_blob
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_finalize

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
ControlTraceW
StartTraceW

api-ms-win-core-path-l1-1-0

PathCchCanonicalize

api-ms-win-eventing-legacy-l1-1-0

QueryTraceW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetDockedComponent

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 336KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
usosvcimpl.dll
.dll windows:10 windows x64 arch:x64

2eac3be2f14089808c8f9b42b04b13c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

USOSvcImpl.pdb

Imports

msvcp_win

?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?uncaught_exception@std@@YA_NXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$ctype@G@std@@2V0locale@2@A
?widen@?$ctype@G@std@@QEBAGD@Z
?_Random_device@std@@YAIXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
_Cnd_register_at_thread_exit
_Cnd_broadcast
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Cnd_wait
_Cnd_unregister_at_thread_exit
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
??0task_continuation_context@Concurrency@@AEAA@XZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??Bid@locale@std@@QEAA_KXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1_Lockit@std@@QEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
_Mtx_current_owns
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Xbad_alloc@std@@YAXXZ
_Cnd_timedwait
?_Xbad_function_call@std@@YAXXZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Incref@facet@locale@std@@UEAAXXZ
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?get@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEBA?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBG4@Z
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?id@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@2V0locale@2@A
_Thrd_sleep
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
_Query_perf_frequency
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Query_perf_counter
_Cnd_init_in_situ
_Cnd_destroy_in_situ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Mtx_unlock
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Cnd_signal
?_Xlength_error@std@@YAXPEBD@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
_Xtime_get_ticks

api-ms-win-crt-string-l1-1-0

memset
wcscmp
wcsnlen
strnlen

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__i64toa_s
_o__i64tow_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__localtime64_s
_o__lock_file
_o__mktime64
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__ui64toa_s
_o__ui64tow_s
_o__unlock_file
_o__wcsicmp
_o__wcsnicmp
_o__wcstod_l
memmove
_o_abort
_o_ceilf
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fputc
_o_fread
_o_free
_o_fsetpos
_o_fwrite
_o_iswspace
_o_malloc
_o_pow
_o_setvbuf
_o_terminate
_o_ungetc
_o_wcsftime
_o_wcsncpy_s
_o_wcstoul
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__fseeki64
_o__free_locale
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__create_locale
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__beginthreadex
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___pctype_func
_o____lc_codepage_func
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_o__get_stream_buffer_pointers
__C_specific_handler_noexcept
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
FreeLibrary
LoadLibraryExW
FindResourceExW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameA
LoadResource
GetProcAddress
SizeofResource

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
CreateSemaphoreExW
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
CreateEventW
AcquireSRWLockExclusive
ReleaseSemaphore
DeleteCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockShared
OpenEventW
WaitForSingleObject
ReleaseSRWLockExclusive
AcquireSRWLockShared
CreateMutexExW
InitializeCriticalSection
CreateEventExW
WaitForMultipleObjectsEx
SetEvent
OpenSemaphoreW
WaitForSingleObjectEx
ResetEvent
ReleaseMutex

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetExitCodeProcess
OpenProcessToken
GetCurrentThreadId
GetCurrentProcessId
GetCurrentThread
CreateProcessW
OpenThreadToken
GetExitCodeThread
GetCurrentProcess
TerminateProcess
CreateThread
CreateProcessAsUserW

api-ms-win-core-localization-l1-2-0

FormatMessageW
FormatMessageA

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

oleaut32

VariantClear
VariantInit
SysFreeString
VariantCopy
VarUI4FromStr
SysAllocString
VariantTimeToSystemTime

api-ms-win-core-com-l1-1-0

CoTaskMemFree
StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitializeEx
CoDisconnectContext
CoRegisterClassObject
CoRevokeClassObject
CoCreateGuid
CoImpersonateClient
CoRevertToSelf

rpcrt4

I_RpcBindingInqLocalClientPID
RpcImpersonateClient
RpcRevertToSelf
UuidCreate

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW
K32GetModuleFileNameExW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
DisassociateCurrentThreadFromCallback
WaitForThreadpoolTimerCallbacks
CloseThreadpool
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpool

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventActivityIdControl
EventRegister
EventUnregister

iphlpapi

CancelMibChangeNotify2
NotifyNetworkConnectivityHintChange
GetNetworkConnectivityHint

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-power-base-l1-1-0

PowerRegisterSuspendResumeNotification
PowerUnregisterSuspendResumeNotification

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegCloseKey
RegCopyTreeW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteTreeW
RegGetValueW
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-sysinfo-l1-1-0

GlobalMemoryStatusEx
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemTime
GetLocalTime
GetSystemDirectoryW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
OpenServiceW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-file-l1-1-0

FindFirstFileExW
CreateDirectoryW
CreateFileW
GetFileAttributesExW
SetFileInformationByHandle
FindClose
GetDiskFreeSpaceExW
FindNextFileW

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-kernel32-legacy-l1-1-0

UnregisterWait

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-service-private-l1-1-0

I_QueryTagInformation

api-ms-win-oobe-notification-l1-1-0

UnregisterWaitUntilOOBECompleted
RegisterWaitUntilOOBECompleted
OOBEComplete

ntdll

RtlQueryPackageIdentity
RtlPublishWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
NtIsSystemResumeAutomatic
RtlGetDeviceFamilyInfoEnum

combase

ord66
ord67
ord68
ord69

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
EnableTraceEx2
StartTraceW

api-ms-win-security-base-l1-1-0

GetTokenInformation
CopySid
DuplicateTokenEx
ImpersonateLoggedOnUser
CheckTokenMembership
GetLengthSid
RevertToSelf
AllocateAndInitializeSid
AdjustTokenPrivileges
FreeSid

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo
VerSetConditionMask

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime

api-ms-win-core-shutdown-l1-1-1

InitiateShutdownW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-sysinfo-l1-2-1

GetPhysicallyInstalledSystemMemory

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

crypt32

CertVerifyCertificateChainPolicy

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-eventing-legacy-l1-1-0

QueryTraceW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW
PowerClearRequest
PowerCreateRequest
PowerSetRequest

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-core-processtopology-obsolete-l1-1-0

GetActiveProcessorCount

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-path-l1-1-0

PathCchCanonicalize

Exports

Exports

DllCanUnloadNow
DllGetClassObject
ServiceMain_Impl
SvchostPushServiceGlobals_Impl

Sections

.text
Size: 608KB - Virtual size: 605KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vbsapi.dll
.dll windows:10 windows x64 arch:x64

f25b4c2a7d1d4f6cd5d7f19d3ed1c6c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

VbsApi.pdb

Imports

msvcrt

free
_initterm
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
_lock
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_unlock
__dllonexit
_callnewh
memcpy
_onexit
memmove
_amsg_exit
wcsncmp
strncmp
wcsrchr
_wcsnicmp
_stricmp
_purecall
??1type_info@@UEAA@XZ
??3@YAXPEAX@Z
_wcsicmp
_XcptFilter
malloc
towlower
__C_specific_handler
__CxxFrameHandler3
memcmp
_CxxThrowException
_vsnwprintf
wcschr
toupper
memset

ntdll

ZwQuerySystemInformation
ZwClose
RtlGetVersion
RtlFreeHeap
RtlReAllocateHeap
RtlAllocateHeap
ZwEnumerateValueKey
RtlDosPathNameToNtPathName_U_WithStatus
ZwCreateFile
NtQueryInformationFile
RtlRunOnceExecuteOnce
RtlCopyUnicodeString
RtlUpcaseUnicodeString
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwOpenFile
RtlFreeUnicodeString
ZwEnumerateKey
ZwOpenKey
RtlFormatCurrentUserKeyPath
ZwQueryInformationFile
ZwCreateSection
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwQueryDirectoryFile
RtlpEnsureBufferSize
RtlNtPathNameToDosPathName
RtlUpcaseUnicodeChar
RtlGetNativeSystemInformation
RtlInitString
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
RtlUnicodeStringToAnsiString
LdrResSearchResource
VerSetConditionMask
RtlVerifyVersionInfo
RtlImageDirectoryEntryToData
RtlInitUnicodeStringEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlDoesFileExists_U
RtlImageNtHeaderEx
NtOpenFile
NtClose
NtDeviceIoControlFile
NtQuerySystemEnvironmentValueEx
RtlInitUnicodeString
NtQuerySystemInformation
ZwQueryValueKey

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-synch-l1-1-0

ReleaseMutex
WaitForSingleObject
CreateMutexW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleW

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo
GetSystemFirmwareTable

api-ms-win-core-sysinfo-l1-2-1

GetPhysicallyInstalledSystemMemory

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l1-1-0

GetFileSizeEx
FindNextFileW
FindClose
GetDiskFreeSpaceExW
CreateFileW
FindFirstFileW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
OpenProcessToken
TerminateProcess

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

HvciGetConfig
HvciGetConfigFromVBSKey
HvciIncompatibilityScanCancel
HvciIncompatibilityScanFree
HvciIncompatibilityScanGetResult
HvciIncompatibilityScanInitialize
HvciIncompatibilityScanInitialize2
HvciIncompatibilityScanOverrideDriverCompatDatabase
HvciIncompatibilityScanOverrideServicesKey
HvciIncompatibilityScanStart
HvciIsActive
KernelShadowStacksGetConfig
KernelShadowStacksGetConfigFromVBSKey
KernelShadowStacksIsActive
VbsGetIssues
VbsIsCapable
VbsIsRecommended
VbsIsScenarioEnabled
VbsSetKernelShadowStacksScenarioEnable
VbsSetKernelShadowStacksScenarioEnableToVBSKey
VbsSetScenarioEnable
VbsSetScenarioEnableToVBSKey

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vertdll.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:04:5c:3d:56:72:66:6c:b7:54:17:00:00:00:00:04:5c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 18:20

Not After

04/09/2024, 18:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ca:f8:00:ad:fd:46:d8:02:b4:f4:03:a5:b0:cf:0b:98:01:8a:37:04:31:9b:ff:df:91:8d:0d:99:ce:b4:30:93
Signer

Actual PE Digest

ca:f8:00:ad:fd:46:d8:02:b4:f4:03:a5:b0:cf:0b:98:01:8a:37:04:31:9b:ff:df:91:8d:0d:99:ce:b4:30:93

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

vertdll.pdb

Exports

Exports

AcquireSRWLockExclusive
AcquireSRWLockShared
CallEnclave
CloseHandle
CreateEventW
DbgPrint
DelayLoadFailureHook
DeleteCriticalSection
DeleteSynchronizationBarrier
DeviceIoControl
DisableThreadLibraryCalls
EnclaveGetAttestationReport
EnclaveGetEnclaveInformation
EnclaveSealData
EnclaveUnsealData
EnclaveVerifyAttestationReport
EnterCriticalSection
EnterSynchronizationBarrier
EtwEventRegister
EtwEventUnregister
EtwEventWrite
EtwEventWriteTransfer
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwTraceMessage
EtwUnregisterTraceGuids
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer
ExpInterlockedPopEntrySListEnd
ExpInterlockedPopEntrySListFault
ExpInterlockedPopEntrySListResume
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnabledXStateFeatures
GetFipsModeFromIumKernelState
GetLastError
GetModuleFileNameW
GetModuleHandleExW
GetProcAddress
GetProcessHeap
GetProcessHeaps
GetSeedFromIumKernelState
GetSystemDirectoryW
GetSystemInfo
GetXStateFeaturesMask
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapLock
HeapReAlloc
HeapSize
HeapUnlock
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
InitializeSRWLock
InitializeSynchronizationBarrier
InterlockedFlushSList
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedPushListSList
InterlockedPushListSListEx
IsProcessorFeaturePresent
KiUserExceptionDispatcher
LdrDisableThreadCalloutsForDll
LdrResolveDelayLoadedAPI
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
LocateXStateFeature
MultiByteToWideChar
NtClose
NtDeviceIoControlFile
NtOpenFile
NtOpenKey
NtQueryInformationProcess
NtQueryValueKey
NtTerminateProcess
OpenProcessToken
OutputDebugStringW
PrivilegeCheck
QueryDepthSList
QueryFullProcess
QueryFullProcessImageNameW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegisterWaitForSingleObjectEx
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ResolveDelayLoadedAPI
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlAllocateHeap
RtlAssert
RtlCallEnclave
RtlCallEnclaveReturn
RtlCaptureContext
RtlCompareUnicodeString
RtlDeleteCriticalSection
RtlDeleteResource
RtlEnclaveCallDispatch
RtlEnclaveCallDispatchReturn
RtlEnterCriticalSection
RtlFreeHeap
RtlGetCurrentProcessorNumberEx
RtlGetLastNtStatus
RtlGetSystemGlobalData
RtlImageNtHeader
RtlInitUnicodeString
RtlInitializeCriticalSection
RtlInitializeResource
RtlLeaveCriticalSection
RtlLookupFunctionEntry
RtlNtStatusToDosError
RtlPcToFileHeader
RtlRaiseStatus
RtlReleaseResource
RtlReleaseResourceShared
RtlTimeFieldsToTime
RtlUnhandledExceptionFilter
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetCriticalSectionSpinCount
SetLastError
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SleepConditionVariableCS
SleepConditionVariableSRW
TerminateEnclave
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
TryAcquireSRWLockShared
TryEnterCriticalSection
UnregisterWaitEx
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitOnAddress
WakeAllConditionVariable
WakeByAddressAll
WakeByAddressSingle
WakeConditionVariable
WideCharToMultiByte
__C_specific_handler
__chkstk
_local_unwind
_vsnwprintf
_wcsicmp
memcmp
memcpy
memmove
memset
qsort
wcscmp
wcscpy_s
wcsncmp

Sections

.text
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mrdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vmrdvcore.dll
.dll windows:10 windows x64 arch:x64

f0d6ed088018bab8839f73fb71fdafc5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

vmrdvcore.pdb

Imports

msvcrt

??_V@YAXPEAX@Z
_purecall
_wcsicmp
_vsnwprintf
wcscspn
_vsnwprintf_s
??3@YAXPEAX@Z
wcsrchr
wcsncmp
_wcsnicmp
iswalpha
wcschr
__CxxFrameHandler4
swprintf_s
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcmp
_onexit
__dllonexit
_unlock
_lock
__CxxFrameHandler3
__C_specific_handler
memcpy
memmove
?terminate@@YAXXZ
_initterm
malloc
free
??1type_info@@UEAA@XZ
_XcptFilter
_amsg_exit
_wtol
memset

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
DisableThreadLibraryCalls
GetProcAddress
FreeLibrary
LoadLibraryExW
GetModuleHandleExW

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetExitCodeThread
GetCurrentThread
GetCurrentProcessId
CreateThread
OpenProcessToken
GetCurrentThreadId
OpenThreadToken
GetExitCodeProcess
CreateProcessW
ResumeThread
SuspendThread
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW
GetTickCount
GetLocalTime
GetComputerNameExW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-synch-l1-1-0

OpenEventW
SetEvent
ResetEvent
DeleteCriticalSection
AcquireSRWLockExclusive
WaitForSingleObject
ReleaseSRWLockExclusive
CreateEventW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
UnregisterTraceGuids
GetTraceEnableFlags
RegisterTraceGuidsW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork
SubmitThreadpoolWork
CallbackMayRunLong

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegDeleteTreeW
RegLoadKeyW
RegUnLoadKeyW
RegQueryValueExW
RegGetValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegDeleteValueW
RegCloseKey

api-ms-win-core-file-l1-1-0

GetShortPathNameW
GetFileAttributesW
CreateDirectoryW
FindFirstVolumeW
DeleteVolumeMountPointW
SetFileAttributesW
CreateFileW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
ReadFile
FindVolumeClose
DeleteFileW
FindNextVolumeW
WriteFile
GetLongPathNameW

api-ms-win-shcore-registry-l1-1-0

SHGetValueW

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW
GetComputerNameW

api-ms-win-security-base-l1-1-0

GetAclInformation
CreateWellKnownSid
DeleteAce
IsValidSid
GetLengthSid
GetSecurityDescriptorDacl
GetAce
SetFileSecurityW
AdjustTokenPrivileges
GetFileSecurityW
MakeAbsoluteSD
SetSecurityDescriptorDacl
EqualSid

api-ms-win-core-string-l1-1-0

CompareStringEx

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW
SetVolumeMountPointW

api-ms-win-core-file-l2-1-0

CreateSymbolicLinkW
GetFileInformationByHandleEx
CopyFileExW
MoveFileWithProgressW

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl

api-ms-win-core-namedpipe-l1-1-0

SetNamedPipeHandleState
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-timezone-l1-1-0

TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

VmRdvCore_CreateInstance
VmRdvCore_GetInstance
VmRdvCore_TerminateInstance

Sections

.text
Size: 324KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
w32time.dll
.dll regsvr32 windows:10 windows x64 arch:x64

d5da5cf09da69c3fdcb7310c4b52f762

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

w32time.pdb

Imports

msvcp_win

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset
wcscmp
wcscspn

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__ultow
memmove
_o__wcsicmp
_o__wcsnicmp
_o_ceil
_o_floor
_o_free
_o_iswspace
_o_log
_o_malloc
_o_qsort
_o_sqrt
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstoul
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__crt_atexit
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_narrow_argv
_o__cexit
_o__callnewh
wcsstr
wcschr
__C_specific_handler
_set_se_translator
__CxxFrameHandler4
_local_unwind
memcmp
memcpy

rpcrt4

RpcStringFreeW
RpcImpersonateClient
RpcServerInqCallAttributesW
RpcRevertToSelf
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcServerInqDefaultPrincNameW
RpcServerRegisterAuthInfoW
RpcServerUnregisterIf
NdrServerCall2
NdrClientCall3
RpcBindingFree
RpcMgmtInqServerPrincNameW
RpcStringBindingComposeW
RpcBindingSetAuthInfoW
RpcBindingFromStringBindingW
NdrServerCallAll

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAdjustment
GetTickCount64
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo
GetSystemTime

api-ms-win-core-synch-l1-1-0

TryEnterCriticalSection
CreateMutexExW
CreateSemaphoreExW
InitializeCriticalSection
SetEvent
CreateEventW
OpenSemaphoreW
WaitForSingleObject
InitializeCriticalSectionEx
EnterCriticalSection
WaitForSingleObjectEx
WaitForMultipleObjectsEx
DeleteCriticalSection
LeaveCriticalSection
ReleaseMutex
ReleaseSemaphore
ResetEvent
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegGetValueA
RegOpenKeyExA
RegCloseKey
RegDeleteValueW
RegGetValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW

api-ms-win-core-handle-l1-1-0

GetHandleInformation
CloseHandle
SetHandleInformation

api-ms-win-core-synch-l1-2-0

Sleep

bcrypt

BCryptDestroyHash
BCryptCreateHash
BCryptFinishHash
BCryptHashData

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameW
FreeLibrary
GetModuleFileNameA
DisableThreadLibraryCalls
GetProcAddress
LoadLibraryExW
GetModuleHandleW
LoadStringW

api-ms-win-core-localization-l1-2-0

FormatMessageW

logoncli

I_NetlogonComputeServerDigest
NetLogonGetTimeServiceParentDomain
I_NetlogonComputeServerSignature
I_NetlogonGetTrustRid
I_NetlogonComputeClientDigest
I_NetlogonComputeClientSignature
DsGetDcNameW
NetLogonSetServiceBits
DsGetSiteNameW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
GetTokenInformation
PrivilegeCheck
GetSecurityDescriptorDacl

api-ms-win-service-management-l1-1-0

OpenServiceW
DeleteService
CreateServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfig2W
ChangeServiceConfigW

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer

api-ms-win-core-processthreads-l1-1-0

GetExitCodeThread
GetCurrentThreadId
OpenProcessToken
GetCurrentProcess
SetThreadPriority
CreateThread
OpenThreadToken
GetCurrentProcessId
TerminateProcess
SetThreadStackGuarantee
GetCurrentThread

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSizeEx
WriteFile
FileTimeToLocalFileTime

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-service-private-l1-1-0

I_ScSetServiceBitsW

api-ms-win-core-perfcounters-l1-1-0

PerfSetCounterSetInfo
PerfStartProvider
PerfStopProvider
PerfSetCounterRefValue
PerfDeleteInstance
PerfCreateInstance

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
QueueUserWorkItem
ChangeTimerQueueTimer
DeleteTimerQueueTimer
CreateTimerQueueTimer

ntdll

RtlAllocateHeap
RtlImageNtHeader
RtlFreeHeap
RtlDeleteResource
NtSetSystemTime
NtSetSystemInformation
NtQuerySystemInformation
RtlIsStateSeparationEnabled
RtlConvertSharedToExclusive
RtlConvertExclusiveToShared
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlInitializeCriticalSection
RtlInitializeGenericTableAvl
RtlEnterCriticalSection
RtlInsertElementGenericTableAvl
RtlLeaveCriticalSection
RtlLookupElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlDeleteCriticalSection
RtlAcquireResourceExclusive
RtlInitializeResource
RtlReleaseResource
RtlAcquireResourceShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlRunOnceExecuteOnce
RtlNtStatusToDosError
RtlInitUnicodeString

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualAlloc
VirtualQuery

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllInstall
DllRegisterServer
DllUnregisterServer
SvchostEntry_W32Time
SvchostPushServiceGlobals
TimeProvClose
TimeProvCommand
TimeProvOpen
W32TimeBufferFree
W32TimeDcPromo
W32TimeDeleteConfig
W32TimeGetNetlogonServiceBits
W32TimeLog
W32TimeQueryConfig
W32TimeQueryConfiguration
W32TimeQueryHardwareProviderStatus
W32TimeQueryNTPProviderStatus
W32TimeQueryNtpProviderConfiguration
W32TimeQuerySource
W32TimeQueryStatus
W32TimeSetConfig
W32TimeSyncNow
W32TimeVerifyJoinConfig
W32TimeVerifyUnjoinConfig
W32TmServiceMain
fnW32TmI_ScSetServiceBits
fnW32TmRegisterServiceCtrlHandlerEx
fnW32TmSetServiceStatus

Sections

.text
Size: 300KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wbiosrvc.dll
.dll windows:10 windows x64 arch:x64

ca6143cae1b4a367a571ad8dc96913dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wbiosrvc.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__strnicmp
_o__wcsicmp
_o__wcsnicmp
memmove
_o_free
_o_iswalpha
_o_iswdigit
_o_iswupper
_o_iswxdigit
_o_localeconv
_o_malloc
_o_terminate
_o_towupper
_o_wcsncpy_s
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__beginthreadex
_o__execute_onexit_table
_o___stdio_common_vswscanf
_o__errno
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
__CxxFrameHandler3
_o___std_exception_destroy
_o___std_exception_copy
_o__dsign
_o__dclass
_o__crt_atexit
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcscmp
strnlen
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
FreeLibraryAndExitThread
LoadLibraryExW
GetModuleHandleW
FreeLibrary
LoadStringW
GetModuleHandleExW
GetModuleHandleExA

api-ms-win-core-synch-l1-1-0

ResetEvent
CancelWaitableTimer
InitializeSRWLock
SetWaitableTimer
CreateEventW
AcquireSRWLockShared
AcquireSRWLockExclusive
EnterCriticalSection
OpenEventW
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
ReleaseSRWLockShared
LeaveCriticalSection
CreateWaitableTimerExW
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
DeleteCriticalSection
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
CreateEventExW
InitializeCriticalSectionAndSpinCount
SetEvent

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
ProcessIdToSessionId
GetPriorityClass
TerminateProcess
GetCurrentThread
OpenThreadToken
ResumeThread
CreateThread
SetPriorityClass
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
UnregisterTraceGuids
TraceMessage
GetTraceEnableFlags
RegisterTraceGuidsW
GetTraceLoggerHandle

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
TrySubmitThreadpoolCallback
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
OpenSCManagerW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfigW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-memory-l1-1-0

ReadProcessMemory

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetSystemTime
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW
WaitForMultipleObjects

api-ms-win-core-io-l1-1-1

CancelSynchronousIo

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegDeleteTreeW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegCopyTreeW
RegCloseKey
RegGetValueW
RegEnumKeyExW
RegQueryValueExW

api-ms-win-core-io-l1-1-0

CancelIoEx
PostQueuedCompletionStatus
GetOverlappedResult
GetQueuedCompletionStatus
CreateIoCompletionPort
DeviceIoControl

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-security-base-l1-1-0

CopySid
GetTokenInformation
GetLengthSid
FreeSid
ImpersonateLoggedOnUser
AdjustTokenPrivileges
AllocateAndInitializeSid
CreateWellKnownSid
InitializeSecurityDescriptor
InitializeAcl
GetSidIdentifierAuthority
AccessCheck
IsValidSecurityDescriptor
GetSidSubAuthority
IsValidSid
AddAccessAllowedAce
GetSidSubAuthorityCount
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
EqualSid
EqualDomainSid

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-core-file-l1-1-0

CompareFileTime
WriteFile
ReadFile
FindNextFileW
GetFileSize
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-namedpipe-l1-1-0

CreatePipe

rpcrt4

RpcServerInterfaceGroupDeactivate
RpcAsyncCompleteCall
RpcServerUnsubscribeForNotification
RpcServerSubscribeForNotification
NdrClientCall3
UuidEqual
RpcImpersonateClient
RpcExceptionFilter
I_RpcExceptionFilter
RpcBindingSetAuthInfoExW
RpcEpResolveBinding
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingFree
RpcStringFreeW
RpcServerInqCallAttributesW
RpcRevertToSelfEx
RpcBindingBind
RpcBindingCreateW
UuidCreate
Ndr64AsyncServerCallAll
NdrServerCallAll
NdrAsyncServerCall
NdrServerCall2
RpcRevertToSelf
I_RpcMapWin32Status
UuidToStringW
RpcServerTestCancel
RpcServerInterfaceGroupCreateW
RpcServerInterfaceGroupClose
RpcServerInterfaceGroupActivate

api-ms-win-service-core-l1-1-4

GetServiceDirectory

bcrypt

BCryptImportKey
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptExportKey
BCryptGetProperty
BCryptHashData
BCryptGenRandom
BCryptDecrypt
BCryptFinishHash
BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptEncrypt
BCryptCreateHash
BCryptDestroyKey
BCryptDestroyHash

ncrypt

NCryptOpenKey
NCryptFreeObject
NCryptSetProperty
NCryptCreatePersistedKey
NCryptOpenStorageProvider
NCryptDeleteKey
NCryptGetProperty
NCryptDecrypt
NCryptEncrypt
NCryptFinalizeKey

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-security-base-l1-2-0

GetCachedSigningLevel
SetCachedSigningLevel

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW

api-ms-win-core-sysinfo-l1-2-0

GetSystemFirmwareTable

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-psapi-l1-1-0

K32EnumProcesses
QueryFullProcessImageNameW

api-ms-win-service-private-l1-1-0

I_ScRegisterDeviceNotification
I_ScUnregisterDeviceNotification

profapi

ord104

api-ms-win-security-lsapolicy-l1-1-0

LsaFreeMemory
LsaClose
LsaOpenPolicy
LsaQueryInformationPolicy

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

ntdll

RtlAllocateWnfSerializationGroup
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlIsStateSeparationEnabled
NtQueryWnfStateData
RtlIsMultiSessionSku
RtlNtStatusToDosError
RtlImageNtHeader
RtlPublishWnfStateData
NtQuerySystemInformation
RtlFreeUnicodeString
RtlCreateProcessParametersEx
NtCreateUserProcess
NtTerminateProcess
NtQueryInformationProcess
RtlSubscribeWnfStateChangeNotification
RtlEqualSid
RtlGetNtProductType
NtGetDevicePowerState
RtlDosPathNameToNtPathName_U_WithStatus

umpdc

PdcSignalClientRegister
PdcSignalClientUnregister
PdcSignalClientPulse

msvcp_win

_Xtime_get_ticks
?_Xout_of_range@std@@YAXPEBD@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_id
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
_Cnd_timedwait
_Query_perf_frequency
_Query_perf_counter
_Cnd_init_in_situ
_Mtx_init_in_situ
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
_Cnd_unregister_at_thread_exit
_Cnd_destroy_in_situ
_Mtx_destroy_in_situ
_Cnd_wait
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Cnd_broadcast
_Cnd_register_at_thread_exit
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
_Thrd_join
_Mtx_current_owns

wintrust

WTGetBioSignatureInfo

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

Exports

Exports

OutOfProcessExceptionEventCallback
OutOfProcessExceptionEventDebuggerLaunchCallback
OutOfProcessExceptionEventSignatureCallback
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 648KB - Virtual size: 647KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wci.dll
.dll windows:10 windows x64 arch:x64

8321b72190902a180668a0ebcabd5c2f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wci.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
memcpy
_o_calloc
_o_free
_o_malloc
_o_wcsncat_s
_o_wcsncpy_s
__C_specific_handler
_o___stdio_common_vfprintf
_o___std_type_info_destroy_list
_o___acrt_iob_func
_local_unwind

api-ms-win-crt-string-l1-1-0

wcsncmp
memset

fltlib

FilterDetach
FilterSendMessage
FilterConnectCommunicationPort

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l1-1-0

CreateFileW
SetFileInformationByHandle
SetFileAttributesW
GetFileAttributesW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

ntdll

RtlDosPathNameToNtPathName_U
NtSetInformationThread
NtDelayExecution
NtClose
NtOpenThreadToken
NtQueryObject
NtCreateFile
NtAdjustPrivilegesToken
NtDeviceIoControlFile
NtFsControlFile
NtWaitForSingleObject
RtlNtStatusToDosError
RtlAllocateHeap
RtlFreeHeap
RtlImpersonateSelf
NtQueryInformationFile

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
OpenProcessToken

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-security-base-l1-1-0

FreeSid
AllocateAndInitializeSid

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetEntriesInAclW

api-ms-win-core-heap-l2-1-0

LocalFree

Exports

Exports

WcAttachFilter
WcDetachFilter
WcRemoveReparseData
WcRemoveTombstoneReparseData
WciConfigureFilter
WciConfigureVolume
WciGenerateFilterConfiguration
WciGetUnions
WciReadReparsePointData
WciRemoveRoot
WciSetReparsePointData
WciSetReparsePointDataEx
WciSetTombstone
WciSetupFilter

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wdigest.dll
.dll windows:10 windows x64 arch:x64

2aba6e4d415b5667ae520457e6dd42c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wdigest.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
strnlen
strncmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__register_onexit_function
_o__seh_filter_dll
_o__strnicmp
memcpy
_o__wcsnicmp
_o__wsplitpath_s
_o_free
_o_isspace
_o_malloc
_o_strcat_s
_o_strcpy_s
_o_strncat_s
_o_strtok_s
_o_wcscat_s
_o_wcscpy_s
_o_wcsncat_s
_o_wcsncpy_s
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcschr
__C_specific_handler
memcmp
_CxxThrowException
__CxxFrameHandler3
__std_terminate
__CxxFrameHandler4

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage

api-ms-win-security-base-l1-1-0

RevertToSelf
GetTokenInformation

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemTimeAsFileTime
GetVersionExW
GetComputerNameExW
GetWindowsDirectoryW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCloseKey
RegNotifyChangeKeyValue
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
SetCurrentDirectoryW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW
GetModuleFileNameW
GetProcAddress
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
CreateEventW
LeaveCriticalSection
ReleaseSRWLockShared
EnterCriticalSection
AcquireSRWLockShared
InitializeCriticalSection
ReleaseSRWLockExclusive
DeleteCriticalSection
TryAcquireSRWLockExclusive
InitializeSRWLock

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
OpenProcessToken
GetCurrentProcess
SetThreadToken

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlCompareMemory
RtlVirtualUnwind

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
OpenFileMappingW
MapViewOfFileEx
UnmapViewOfFile
VirtualAlloc

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-service-private-l1-1-0

I_QueryTagInformation

ntdll

RtlAllocateHeap
RtlFreeHeap
NtQuerySystemTime
NtQuerySystemInformation
NtOpenEvent
RtlFreeUnicodeString
EtwUnregisterTraceGuids
NtCreateEvent
NtSetEvent
RtlNtStatusToDosError
RtlDuplicateUnicodeString
NtWaitForSingleObject
RtlEqualDomainName
RtlDeregisterWaitEx
RtlEqualSid
NtSetSecurityObject
RtlCompareString
RtlAcquireResourceExclusive
RtlInitializeResource
NtClose
RtlReleaseResource
RtlAcquireResourceShared
RtlAllocateAndInitializeSid
RtlGetNtProductType
RtlDeleteResource
RtlDowncaseUnicodeString
RtlInitUnicodeString
RtlLeaveCriticalSection
NtOpenProcessToken
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlEqualUnicodeString
RtlDeleteCriticalSection
RtlInitString
RtlAnsiStringToUnicodeString
NtCreateToken
NtOpenThreadToken
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlAddAccessAllowedAce
NtQueryInformationToken
RtlSetDaclSecurityDescriptor
RtlCompareUnicodeString
NtAllocateLocallyUniqueId
RtlCopyUnicodeString
RtlAppendUnicodeToString
RtlRegisterWait
RtlAppendUnicodeStringToString
RtlLengthSid
RtlCopySid
RtlDeregisterWait
RtlLengthRequiredSid
RtlSubAuthorityCountSid
RtlSubAuthoritySid
RtlUpcaseUnicodeString
RtlCharToInteger
RtlEqualString
RtlValidSid
RtlConvertSharedToExclusive

api-ms-win-core-file-l1-1-0

CreateDirectoryW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
StartTraceW
ControlTraceW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-threadpool-legacy-l1-1-0

ChangeTimerQueueTimer
DeleteTimerQueueTimer
UnregisterWaitEx
CreateTimerQueueTimer

Exports

Exports

CredentialUpdateFree
CredentialUpdateNotify
CredentialUpdateRegister
DllMain
SpInitialize
SpInstanceInit
SpLsaModeInitialize
SpUserModeInitialize
SsiCredentialsUpdateFree
SsiCredentialsUpdateNotify

Sections

.text
Size: 216KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
webauthn.dll
.dll windows:10 windows x64 arch:x64

7f77d33fe21919b9f68d7ea55371b2b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

webauthn.pdb

Imports

msvcp_win

?uncaught_exception@std@@YA_NXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
_Thrd_yield
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset
wcscspn
wcsncmp
wcscmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memcmp
_o__wcsicmp
_o__wcsnicmp
_o__wcstoui64
_o_abort
_o_free
_o_iswspace
_o_malloc
_o_qsort
_o_terminate
_o_towlower
_o_towupper
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
memmove
_o___stdio_common_vswprintf
memcpy
strchr
wcsrchr
wcsstr
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf_s
_o___stdio_common_vfprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler4

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW
LoadStringW
FreeLibrary
GetProcAddress

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
CreateEventExW
LeaveCriticalSection
InitializeSRWLock
ResetEvent
EnterCriticalSection
InitializeCriticalSectionEx
CreateSemaphoreExW
AcquireSRWLockShared
CreateMutexExW
CreateEventW
OpenEventW
ReleaseSRWLockShared
SetEvent
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
WaitForSingleObject
ReleaseSRWLockExclusive
DeleteCriticalSection
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait
SetThreadpoolWait
FreeLibraryWhenCallbackReturns
TrySubmitThreadpoolCallback
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentThread
GetCurrentThreadId
SetThreadToken
OpenProcessToken
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalAlloc
LocalFree

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
Sleep
WaitOnAddress
InitOnceExecuteOnce

bcrypt

BCryptDecrypt
BCryptSignHash
BCryptHash
BCryptGenRandom
BCryptDeriveKey
BCryptSecretAgreement
BCryptKeyDerivation
BCryptImportKey
BCryptSetProperty
BCryptFinalizeKeyPair
BCryptGenerateSymmetricKey
BCryptDestroyKey
BCryptDestroySecret
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptImportKeyPair
BCryptVerifySignature
BCryptGenerateKeyPair
BCryptExportKey
BCryptEncrypt

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetLocalTime
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-file-l1-1-0

WriteFile
CreateFileW
GetFileSize
ReadFile
CompareFileTime
SetFilePointer
SetEndOfFile

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegGetValueW
RegCloseKey
RegGetValueA
RegQueryInfoKeyW
RegSetValueExW
RegDeleteKeyExW
RegCreateKeyExW
RegQueryValueExW
RegDeleteValueA
RegSetValueExA

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-io-l1-1-0

CancelIoEx

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegEnumKeyW

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

ntdll

RtlPublishWnfStateData
RtlIsMultiSessionSku
RtlCompareUnicodeString
NtQueryInformationToken
RtlUnhandledExceptionFilter
NtTerminateProcess

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-datetime-l1-1-0

GetTimeFormatA
GetDateFormatA

oleaut32

SysAllocString
SysFreeString
SysStringLen
GetErrorInfo
SetErrorInfo

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

Exports

Exports

CryptsvcDllCtrl
I_WebAuthNCtapDecodeGetAssertionRpcResponse
I_WebAuthNCtapDecodeMakeCredentialRpcResponse
I_WebAuthNCtapEncodeGetAssertionRpcRequest
I_WebAuthNCtapEncodeMakeCredentialRpcRequest
VirtualChannelGetInstance
WebAuthNAuthenticatorGetAssertion
WebAuthNAuthenticatorMakeCredential
WebAuthNCancelCurrentOperation
WebAuthNCtapChangeClientPin
WebAuthNCtapChangeClientPinForSelectedDevice
WebAuthNCtapFreeSelectedDeviceInformation
WebAuthNCtapGetAssertion
WebAuthNCtapGetSupportedTransports
WebAuthNCtapGetWnfLocalizedString
WebAuthNCtapIsStopSendCommandError
WebAuthNCtapMakeCredential
WebAuthNCtapManageAuthenticatePin
WebAuthNCtapManageCancelEnrollFingerprint
WebAuthNCtapManageChangePin
WebAuthNCtapManageClose
WebAuthNCtapManageDeleteCredential
WebAuthNCtapManageEnableEnterpriseAttestation
WebAuthNCtapManageEnrollFingerprint
WebAuthNCtapManageFreeDisplayCredentials
WebAuthNCtapManageGetDisplayCredentials
WebAuthNCtapManageGetLargeBlobs
WebAuthNCtapManageRemoveFingerprints
WebAuthNCtapManageResetDevice
WebAuthNCtapManageSelect
WebAuthNCtapManageSetAlwaysUv
WebAuthNCtapManageSetLargeBlobs
WebAuthNCtapManageSetMinPinLength
WebAuthNCtapManageSetPin
WebAuthNCtapParseAuthenticatorData
WebAuthNCtapResetDevice
WebAuthNCtapRpcGetAssertionUserList
WebAuthNCtapRpcGetCborCommand
WebAuthNCtapRpcRenderQrCode
WebAuthNCtapRpcSelectGetAssertion
WebAuthNCtapSendCommand
WebAuthNCtapSetClientPin
WebAuthNCtapStartDeviceChangeNotify
WebAuthNCtapStopDeviceChangeNotify
WebAuthNCtapVerifyGetAssertion
WebAuthNDecodeAccountInformation
WebAuthNDeletePlatformCredential
WebAuthNEncodeAccountInformation
WebAuthNFreeAssertion
WebAuthNFreeCredentialAttestation
WebAuthNFreeDecodedAccountInformation
WebAuthNFreeEncodedAccountInformation
WebAuthNFreePlatformCredentialList
WebAuthNFreePlatformCredentials
WebAuthNFreeUserEntityList
WebAuthNGetApiVersionNumber
WebAuthNGetCancellationId
WebAuthNGetCoseAlgorithmIdentifier
WebAuthNGetCredentialIdFromAuthenticatorData
WebAuthNGetErrorName
WebAuthNGetPlatformCredentialList
WebAuthNGetPlatformCredentials
WebAuthNGetW3CExceptionDOMError
WebAuthNIsUserVerifyingPlatformAuthenticatorAvailable

Sections

.text
Size: 612KB - Virtual size: 611KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wfapigp.dll
.dll windows:10 windows x64 arch:x64

192bdeb5d159dbe2ff8aac4ccb8d71d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WFAPIGP.pdb

Imports

msvcrt

_initterm
__C_specific_handler
wcsstr
free
_amsg_exit
_wcsicmp
_XcptFilter
malloc
_vsnwprintf

ntdll

EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids

rpcrt4

RpcRevertToSelf
RpcImpersonateClient

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
DisableThreadLibraryCalls
FreeLibrary
GetProcAddress

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-registry-l1-1-0

RegCloseKey

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
win32kfull.sys
.sys windows:10 windows x64 arch:x64

bccbc962c45016a332b7a33e07ac537f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

win32kfull.pdb

Imports

ntoskrnl.exe

PsReferenceKernelStack
PsSetProcessWin32Process
ExInitializeFastOwnerEntry
PsGetProcessWin32Process
ExFreePoolWithTag
ObfReferenceObject
PsDereferenceKernelStack
ExAllocatePool2
PsGetCurrentProcessId
ExEnterCriticalRegionAndAcquireFastMutexUnsafe
ExReleaseFastMutexUnsafeAndLeaveCriticalRegion
PsSetThreadWin32Thread
ExAcquireFastMutex
ExReleaseFastMutex
KeQueryTimeIncrement
RtlCompareUnicodeStrings
PsDetachSiloFromCurrentThread
ZwQueryInformationJobObject
PsAttachSiloToCurrentThread
PsGetHostSilo
PsIsCurrentThreadInServerSilo
MmUnloadSystemImage
MmLoadSystemImage
RtlFindExportedRoutineByName
KeResetEvent
InitializeSListHead
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
ExpInterlockedFlushSList
ZwQueryInformationThread
ExFreeToPagedLookasideList
ExAllocateFromPagedLookasideList
RtlFindMostSignificantBit
IoBuildAsynchronousFsdRequest
IoQueueThreadIrp
ZwTerminateProcess
MmMapViewInSessionSpaceEx
ZwUnmapViewOfSection
PsGetCurrentThreadPreviousMode
LpcPortObjectType
ZwSecureConnectPort
PsDereferenceImpersonationToken
PsIsThreadImpersonating
RtlRandom
MmAddVerifierThunks
MmIsVerifierEnabled
wcsspn
wcscspn
wcstoul
iswdigit
RtlCreateRegistryKey
wcsstr
KeInitializeMutex
KeInitializeSemaphore
wcscat_s
RtlInitializeGenericTableAvl
RtlAppendStringToString
wcsncpy_s
wcscpy_s
RtlCreateUnicodeString
ZwSetInformationFile
ZwQueryVolumeInformationFile
IoCreateFile
IoSetThreadHardErrorMode
MmHighestUserAddress
RtlPrefixString
RtlInsertElementGenericTableAvl
ZwCreateSection
RtlDeleteElementGenericTableAvl
RtlEnumerateGenericTableAvl
RtlGetCurrentServiceSessionId
RtlEqualSid
PsDereferencePrimaryToken
SeQueryInformationToken
RtlClearBits
RtlSetBits
KeReleaseMutex
ZwDeleteFile
RtlUnicodeToCustomCPN
RtlCustomCPToUnicodeN
RtlInitCodePageTable
ZwReadFile
RtlGetDefaultCodePage
LdrResFindResource
ZwQueryInformationFile
LdrResFindResourceDirectory
KeReadStateEvent
RtlTimeToTimeFields
KeExpandKernelStackAndCallout
PsGetCurrentThreadProcess
MmUnsecureVirtualMemory
MmSecureVirtualMemory
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
DbgPrint
strncmp
RtlNtStatusToDosErrorNoTeb
RtlUpcaseUnicodeString
swprintf_s
wcsnlen
wcsncmp
RtlLookupElementGenericTableAvl
IoGetDeviceProperty
RtlInitializeGenericTable
RtlDeleteElementGenericTable
RtlInsertElementGenericTable
KeExpandKernelStackAndCalloutEx
RtlLookupElementGenericTable
ObDuplicateObject
KeAreApcsDisabled
PsIsWin32KFilterAuditEnabled
PsIsWin32KFilterEnabled
EtwWrite
ZwAlpcConnectPort
ZwQueryWnfStateNameInformation
EtwEventEnabled
ZwAlpcSendWaitReceivePort
ZwWaitForSingleObject
ZwQuerySystemInformation
ZwOpenEvent
RtlWriteRegistryValue
NlsAnsiCodePage
KeIsAttachedProcess
ExAllocatePoolWithTag
ExAcquireSpinLockExclusive
ExAcquireSpinLockSharedAtDpcLevel
ExAcquireSpinLockShared
ExReleaseSpinLockShared
ExQueueWorkItem
ExReleaseSpinLockSharedFromDpcLevel
ExTryAcquirePushLockExclusiveEx
ExAllocateTimer
KeGetCurrentIrql
ExDeleteTimer
ExReleaseSpinLockExclusive
ExSetTimer
KeIsExecutingDpc
ZwCancelIoFile
IoSetDevicePropertyData
ZwFlushBuffersFile
ZwWriteFile
ExRawInputManagerObjectType
DbgPrintEx
ExGetExclusiveWaiterCount
ExGetSharedWaiterCount
MmCommitSessionMappedView
ZwSetInformationVirtualMemory
RtlGetThreadLangIdByIndex
PsGetCurrentThreadProcessId
KeUserModeCallback
RtlUnicodeToMultiByteSize
RtlMultiByteToUnicodeSize
RtlSetActiveConsoleId
RtlQueryRegistryValues
RtlGetNtProductType
PsGetProcessJob
PsReferenceImpersonationToken
ObfDereferenceObjectWithTag
PsGetProcessWow64Process
RtlCompareUnicodeString
KeSetKernelStackSwapEnable
RtlMultiByteToUnicodeN
IoGetStackLimits
ZwPowerInformation
SeImpersonateClientEx
KeInsertQueueApc
KeInitializeApc
ZwCreateFile
IoWMIRegistrationControl
MmGetSystemRoutineAddress
PsSetProcessFaultInformation
PsGetThreadFreezeCount
RtlGUIDFromString
RtlStringFromGUID
RtlFormatCurrentUserKeyPath
ZwDeviceIoControlFile
IoQueryDeviceDescription
PsIsWin32KFilterAuditEnabledForProcess
PsIsWin32KFilterEnabledForProcess
ZwAllocateReserveObject
RtlCapabilityCheck
SeTokenObjectType
RtlQueryElevationFlags
SeCreateClientSecurity
ObfDereferenceObject
RtlIntegerToUnicode
RtlIntegerToUnicodeString
PsGetJobUIRestrictionsClass
PsGetJobLock
PsJobType
SeCaptureSecurityDescriptor
SeReleaseSecurityDescriptor
RtlUnicodeToMultiByteN
PsSetProcessPriorityByClass
SeQueryAuthenticationIdToken
PsGetProcessCreateTimeQuadPart
PsGetProcessInheritedFromUniqueProcessId
IoBuildSynchronousFsdRequest
sqrt
EtwUnregister
EtwRegister
EtwSetInformation
PsSetProcessWindowStation
PsGetProcessWin32WindowStation
ExReleaseRundownProtection
RtlDestroyAtomTable
ObInsertObject
RtlCopySid
SeExports
ExAcquireRundownProtection
ObCreateObject
ZwOpenDirectoryObject
LpcRequestPort
KeSetCoalescableTimer
KeSetTimer
PsWow64GetProcessMachine
RtlAreAnyAccessesGranted
ZwSetSecurityObject
ZwDuplicateObject
ZwFreeVirtualMemory
ZwAllocateVirtualMemory
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwOpenProcess
PsLookupThreadByThreadId
PsGetThreadSessionId
KePulseEvent
PsIsSystemThread
PsGetProcessSessionIdEx
ObFindHandleForObject
PsIsSystemProcess
MmMapViewInSessionSpace
MmCreateSection
ObDeleteCapturedInsertInfo
MmUnmapViewInSessionSpace
RtlDestroyHeap
ObOpenObjectByName
RtlMapGenericMask
ObCheckCreateObjectAccess
PsGetCurrentThreadId
ZwSetInformationProcess
ObQueryNameString
RtlFindSetBits
RtlRandomEx
RtlClearAllBits
RtlInitializeBitMap
RtlFindClearBits
RtlSetBit
RtlClearBit
RtlTestBit
KeBugCheck
RtlIntegerToChar
RtlUnicodeStringToAnsiString
RtlAllocateHeap
PsGetProcessSequenceNumber
RtlGetNtSystemRoot
ZwQueryInformationProcess
PsGetProcessMachine
KeSetPriorityThread
RtlUnregisterFeatureConfigurationChangeNotification
RtlQueryFeatureConfigurationChangeStamp
RtlRegisterFeatureConfigurationChangeNotification
MmPageEntireDriver
ExRaiseHardError
ZwQueryDefaultUILanguage
ZwSetDefaultUILanguage
ZwSetDefaultLocale
ZwQueryKey
ZwQueryDefaultLocale
ZwEnumerateKey
ZwEnumerateValueKey
_wcsicmp
RtlGetIntegerAtom
wcsrchr
PsReleaseProcessExitSynchronization
KeUnstackDetachProcess
KeStackAttachProcess
PsAcquireProcessExitSynchronization
PsIsProtectedProcessLight
PsIsProtectedProcess
SeSinglePrivilegeCheck
MmUnmapViewOfSection
MmMapViewOfSection
ExRaiseStatus
_wcsnicmp
KeDetachProcess
KeAttachProcess
RtlFreeHeap
PsGetWin32KFilterSet
MmSystemRangeStart
RtlUnicodeStringToInteger
PsGetThreadTeb
RtlNtStatusToDosError
ObWaitForMultipleObjects
ZwSetIoCompletionEx
ZwRemoveIoCompletionEx
ZwAssociateWaitCompletionPacket
ZwCancelWaitCompletionPacket
ExRaiseDatatypeMisalignment
KeDelayExecutionThread
PsThreadType
PsProcessType
SeSecurityAttributePresent
PsReferencePrimaryToken
RtlInitUnicodeStringEx
RtlAnsiStringToUnicodeString
PsGetThreadProcess
PsGetProcessImageFileName
RtlInitAnsiString
PsGetProcessExitProcessCalled
PsGetProcessCommonJob
RtlQueryPackageClaims
RtlFreeUnicodeString
IoRegisterPlugPlayNotification
IoUnregisterPlugPlayNotification
PsGetCurrentProcessWow64Process
RtlSetConsoleSessionForegroundProcessId
RtlGetActiveConsoleId
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoGetDeviceObjectPointer
PsReleaseProcessWakeCounter
PsChargeProcessWakeCounter
PsLookupProcessByProcessId
PsGetProcessSessionId
PsGetProcessDebugPort
ExQueryFastCacheDevLicense
SeIsParentOfChildAppContainer
PsIsThreadTerminating
ObWaitForSingleObject
KeClearEvent
ObReferenceObjectByPointer
PoRequestShutdownEvent
ExEventObjectType
KeInitializeTimerEx
KeInitializeTimer
ZwSetSystemInformation
PsGetThreadProcessId
KeReleaseSemaphore
ExReleaseResourceAndLeaveCriticalRegion
ExEnterCriticalRegionAndAcquireResourceExclusive
ZwSetEvent
KeWaitForMultipleObjects
ZwQueryObject
PsCreateSystemThread
ExRundownCompleted
ExWaitForRundownProtectionRelease
KeSetEvent
PoSetUserPresent
rand
KeWaitForSingleObject
LpcSendWaitReceivePort
RtlQueryFeatureConfiguration
RtlNotifyFeatureUsage
qsort
ZwUpdateWnfStateData
IoOpenDeviceRegistryKey
IoGetRelatedDeviceObject
IoFileObjectType
ZwOpenFile
RtlCompareMemory
ProbeForWrite
ExRaiseAccessViolation
ProbeForRead
PsGetProcessPeb
ObSetHandleAttributes
ObQueryNameInfo
ExDesktopObjectType
ObGetObjectType
ObReferenceObjectByHandle
SeReleaseSubjectContext
SeUnlockSubjectContext
SePrivilegeObjectAuditAlarm
SePrivilegeCheck
SeLockSubjectContext
SeCaptureSubjectContext
RtlAreAllAccessesGranted
ObCloseHandle
ExWindowStationObjectType
ObReferenceObjectByName
ZwQueryInformationToken
RtlEqualUnicodeString
ExReleasePushLockSharedEx
ExAcquirePushLockSharedEx
PsGetCurrentProcessWin32Process
_purecall
PsGetProcessId
ExReleasePushLockExclusiveEx
KeLeaveCriticalRegion
KeEnterCriticalRegion
ExAcquirePushLockExclusiveEx
EtwActivityIdControl
EtwWriteTransfer
PsGetCurrentProcess
PsUpdateComponentPower
PsGetThreadId
ExIsResourceAcquiredSharedLite
DbgkWerCaptureLiveKernelDump
PsGetCurrentThreadWin32Thread
MmUserProbeAddress
ExIsResourceAcquiredExclusiveLite
__C_specific_handler
NtClose
ZwCreateEvent
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
RtlInitializeSid
RtlSubAuthoritySid
RtlLengthRequiredSid
ZwSetValueKey
ZwCreateKey
RtlCopyUnicodeString
ZwClose
ZwOpenKey
RtlInitUnicodeString
ZwQueryValueKey
wcschr
_vsnwprintf
MmSectionObjectType
ObOpenObjectByPointer
RtlQueryPackageIdentity
KeBugCheckEx
SeDeleteClientSecurity
PsGetThreadWin32Thread
strcmp

msrpc.sys

Ndr64AsyncClientCall
RpcBindingUnbind
RpcBindingFree
I_RpcGetCompleteAndFreeRoutine
RpcBindingCopy
I_RpcExceptionFilter
RpcBindingBind
RpcAsyncInitializeHandle
RpcBindingCreateW

hidparse.sys

HidP_GetScaledUsageValue
HidP_GetUsageValue
HidP_GetSpecificButtonCaps
HidP_GetCaps
HidP_SetUsageValue
HidP_GetUsages
HidP_GetSpecificValueCaps
HidP_SetUsageValueArray
HidP_SetUsages
HidP_GetLinkCollectionNodes

cng.sys

SystemPrng

wpprecorder.sys

imp_WppRecorderReplay
WppAutoLogStart
WppAutoLogStop
imp_WppRecorderConfigure
imp_WppRecorderLogDelete
WppAutoLogTrace
imp_WppRecorderLogCreate

win32kbase.sys

gfEnableHexNumpad
gfInNumpadHexInput
CheckImEnabled
ProcessTranslatedChar
EtwTraceBeginPointerMessageRetrieve
EtwTraceEndPointerMessageRetrieve
EtwTraceRetrieveInputMessage
EtwTraceIdleStatus
?GetGlobalTickCount@CInputGlobals@@QEBA_KW4INPUT_GLOBALS_TICK_COUNT@@@Z
?GetLastInputTime@CInputGlobals@@QEBA_KXZ
PowerIsDisplayRequired
EtwTraceIdleActionExpiration
?UpdateGlobalTickCount@CInputGlobals@@QEAA_NW4INPUT_GLOBALS_TICK_COUNT@@@Z
PowerIsDisplayIdleExpired
giScreenSaveTimeOutMs
PowerIsDisplayBurstActive
EtwTraceWakeInputIdle
EtwTraceSleepInputIdle
?AssignAttachQueue@tagTHREADINFO@@QEAAPEAUtagQ@@PEAU2@@Z
zzzDestroyQueue
AllocQueue
?AssignQueue@tagTHREADINFO@@QEAAPEAUtagQ@@PEAU2@@Z
RecalculateQueueInfo
?getDLT@DLT_QUEUE@@SA?AW4DomainLockType@@XZ
?getDLT@DLT_POST@@SA?AW4DomainLockType@@XZ
HMDestroyUnlockedObject
gcInHMDestroyUnlockedObjectWorker
?gpStackRefLookAside@@3PEAXEA
?gSmartObjNullRef@@3U_SMARTOBJSTACKREF@@B
gdwHungAppTimeout
NlsKbdSendIMENotification
CreateProfileUserName
FreeProfileUserName
xxxInternalActivateKeyboardLayout
psTcb
SharedAlloc
UserAddAtomEx
ghSectionShared
gpvSharedAlloc
gpvSharedBase
gCallerKernelAbiVersion
?s_atom@CHwndTargetProp@@2GA
szCOMPOSITIONINPUTQUEUE_NAME
guiActivateShellWindow
UserAddAtom
szMIPFLAGS
gatomLastPinned
gInputSinkInfoRetrieval
DCompHitTest
GrePtInRegion
GreGetScaledLogPixels
DrvIsUniformSpaceMapping
GreGetRegionData
GreCreateRectRgn
GreCreateRectRgnIndirect
GreExtCreateRegion
PhysicalToLogicalDPIRect
DCompositionSessionInitialize
gpviCPUserPreferences
EnforceColorDependentSettings
FastGetProfileStringFromIDW
NlsKbdInitializePerSystem
DrvGetLogPixels
GreCreateBitmap
GreCreatePatternBrush
ghbrWhite
GreGetStockObject
ghbrBlack
GreSetBrushOwner
ghbrHungApp
GreCreateSolidBrush
hModuleWin
OpenCacheKeyEx
GreCreateCompatibleDC
GreSetDCOwnerEx
GreSelectBrush
FastGetProfileIntW
IsIMMEnabledSystem
xxxSystemParametersInfo
FastWriteProfileValue
DrvDxgkUpgradeLegacyDpiSettings
CheckDesktopPolicyChange
gdwPolicyFlags
UserRemoteConnectedSessionUsingWddm
DrvInitializeDxgkrnlDpiCache
GreReinitializeDpiSetting
?UpdateWakeOnInputDeviceTypesFromRegistry@CInputGlobals@@QEAAXXZ
xxxODI_ColorInit
FastGetProfileIntsW
EnableMouseAcceleration
GreGetDeviceCaps
FastWriteProfileStringW
UpdateMouseSensitivity
ReadDefaultAccelerationCurves
ResetAccelerationCurves
ReadRawMouseThrottlingThresholds
xxxUpdatePerUserAccessPackSettings
gbUsingDefaultSectionSize
UserLogError
xxxDwmControl
GreReinitializeStockFonts
GreGetSystemFont
?gDomainHookLock@@3UtagDomLock@@A
IsKeyboardDelegationEnabledForThread
IsRestricted
EtwTraceUIPIHookError
SetHardwareInputSource
GetSavedCursorPosition
gppiUserApiHook
gppiDManipHook
InternalMapVirtualKeyEx
_HMPkheFromObject
?getDLT@DLT_HOOK@@SA?AW4DomainLockType@@XZ
GreMarkUndeletableBitmap
GreMarkDeletableBitmap
UserPostNKAPCBuffer
GreIsRendering
EtwTraceWindowRenderingOldToNewRedirectionBitmap
GreIsDynamicModeChangeLocked
GreLockVisRgnWithDmcLockAcquiredEx
GreUnlockVisRgnWithDmcLockAcquiredEx
_GetDCEx
_ReleaseDC
gfade
GreCleanDC
GreSetLayout
GreSelectPen
DCompositionDwmInitialize
UserIsRemoteAndNotDisconnectConnection
gMagnContext
GreLockVisRgnShared
UserSetDCVisRgn
GreMarkDeletableRgn
GreLockVisRgnPublish
GreUnlockVisRgnPublish
GreGetDCOrg
LookupDC
gatomFirstPinned
UserFindAtom
LockObjectAssignment
DestroyCacheDC
?gpUserTypeIsolation@@3PEAPEAEEA
gbDesktopLocked
gDWMCapable
?PopulateDispatcherObjectWithCustomInputEvents@CBaseInput@@QEAAJAEAVCEventBitmap@@PEAVIRegisterInputDispatcherObjects@@@Z
?WaitForMessagesOrCustomInputEventsAndDispatch@LegacyInputDispatcher@@QEAAJXZ
gpkdiStatic
?SetDTEThread@tagTERMINAL@@QEAAXXZ
?ClearDTEThread@tagTERMINAL@@QEAAXXZ
_GetDC
gdwNOIOSectionSize
gdwDesktopSectionSize
?gCookie@@3_KA
GetProcessLuid
CreateDesktopObObject
DesktopMapping
CreateEmptyRgnPublic
W32SetCurrentThreadDpiAwarenessContext
gpEventDiconnectDesktop
UserCreateHeap
?gDomainDesktopLock@@3UtagDomLock@@A
EtwTracexxxUserResetDisplayDeviceBegin
EtwTracexxxUserResetDisplayDeviceEnd
SynchronizeContext
CitDesktopSwitch
GreSuspendDirectDraw
GreResumeDirectDraw
GreDeleteDC
GreCreateDisplayDC
gfIsFadingInProgress
EnterHandleFlagsCrit
LeaveHandleFlagsCrit
szWindowStationDirectory
AllocAce
CreateSecurityDescriptor
?getDLT@DLT_DESKTOP@@SA?AW4DomainLockType@@XZ
SetSwapMouseButton
gpDpiKernelModeMetricsMRUNode
gpDpiKernelModeMetricsCache
gppiList
?gDomainWinEventLock@@3UtagDomLock@@A
EtwTraceUIPIEventHookError
gPendingNotifiesList
gpWinEventHooks
gbLockScreenActive
RegisterCoreMsgProviderPreferences
gPlatformRole
?EnumDevices@CBaseInput@@QEBAXPEAXP6A_NQEAUDEVICEINFO@@0@Z@Z
xxxDisplayDiagBlackScreenDetected
RIMGetLastInvertedPenTime
CancelCapturedMipOverride
gTimerHashTable
gTimerId
EtwTraceKillTimer
EtwTraceTimerDelayStatistics
EtwTraceInternalSetTimer
gcmsLastTimer
HMLockObjectWorker
ThreadUnlockWorker1
EtwTraceTimerProc
gtmrAdjustmentListHead
RIMWatchDog
HMChangeOwnerProcessWorker
UserGetAtomName
_CloseWindowStation
CreateGlobalAtomTable
ApplySecurityAttributesToWinsta
xxxSafeLoadKeyboardLayoutEx
CitUserChange
UserIsDisconnectConnection
EtwTraceBeginTranslateMessage
EtwTraceEndTranslateMessage
EtwTraceBeginDispatchMessage
EtwTraceEndDispatchMessage
UserIsConsoleConnection
RIMIsDefaultUILanguageRTL
RIMFindMonitorForDigitizer
ReadPointerDeviceSettings
SetTouchInputStatus
RIMResetPointerDevices
RIMEndAllActiveContacts
DrvGetHdevName
DrvEnumDisplayDevices
ResolveMouseOrPointerDevice
UserEnterUserCritSec
UserLeaveUserCritSec
IsPrecisionTouchPadEnabled
RIMRevokeConfigurationChange
?OnUserLogin@PTPTelemetry@@SAXXZ
RIMConfigureDeviceFeedback
EtwTraceBeginPointerSetTargetWindows
?SetPointerFrameTargetWindows@CTouchProcessor@@QEAAHPEAUtagTHREADINFO@@_KIPEAH@Z
EtwTraceEndPointerSetTargetWindows
?GetPointerMessageInfo@CTouchProcessor@@QEAAH_KHPEAPEAUHWND__@@PEAH2PEAKPEAI@Z
?AdjustCaptureOnRetrieval@CTouchProcessor@@QEAAXUtagINPUTDEST@@I_KHHHHI@Z
?UpdatePointerInfoTarget@CTouchProcessor@@QEAAH_KUtagINPUTDEST@@HHPEAUtagPOINT@@2@Z
?AddThreadPointerData@CTouchProcessor@@QEAAHPEAUtagTHREADINPUTPOINTERLIST@@GK_KIUtagINPUTDEST@@H@Z
?ReferenceFrameFromPointerMsgId@CTouchProcessor@@QEAAPEBUCPointerInputFrame@@_K@Z
?UnreferenceFrameExternal@CTouchProcessor@@QEAAXPEBUCPointerInputFrame@@@Z
?AddThreadPointerHookData@CTouchProcessor@@QEAAHPEAUtagTHREADINPUTPOINTERLIST@@GK_KIUtagINPUTDEST@@@Z
?UnreferenceMsgDataExternal@CTouchProcessor@@QEAAX_KW4tagPOINTERMSGDATA_REFTYPE@@PEAX@Z
?UpdateThreadPointerList@CTouchProcessor@@QEAAXPEAUtagTHREADINPUTPOINTERLIST@@G@Z
?IsPointerMsgRedirected@CTouchProcessor@@QEAAH_KPEAH@Z
?DelegateImplictCaptureAndReleaseIfNeeded@CTouchProcessor@@QEAAX_K@Z
?PromotePointerDataToMouse@CTouchProcessor@@QEAAH_KK@Z
?Close@IOCPDispatcher@@QEAAX_N@Z
IOCPDispatcher_Destroy
gbInMitRitHandOff
AddThreadWakeEventDispatcherToIOCP
gbNoMoreDITHitTest
?ReleaseAllWaiters@EnterLeaveCritMitRitHandOffHazard@@SAXXZ
EtwTraceDitShutdown
?BreakEditionParentNotifyLoop@CTouchProcessor@@QEAAHPEAX@Z
?CancelActivePointers@CTouchProcessor@@QEAAXXZ
?DoDeferredPointerActivate@CTouchProcessor@@QEAAXUtagINPUTDEST@@_K@Z
?ReferenceMsgDataExternal@CTouchProcessor@@QEAAX_KW4tagPOINTERMSGDATA_REFTYPE@@PEAX@Z
?GetThreadPointerData@CTouchProcessor@@QEAA_KPEAUtagTHREADINPUTPOINTERLIST@@GPEAKPEAHPEAPEAUHWND__@@@Z
?IsPointerPrimary@CTouchProcessor@@QEAAH_K@Z
GetAdjustedPointerPixelLocation
?PrepareMakePointerMessage@CTouchProcessor@@QEAAPEBUtagPOINTER_INFO@@_KPEAUtagPOINT@@PEAH22@Z
?GetHwndReference@CTouchProcessor@@QEAAPEAUHWND__@@_KPEAGPEAI@Z
?IsPointerWindowFrameMessage@CTouchProcessor@@QEAAH_KPEAUHWND__@@I_JH@Z
GetAdjustedPointerLocations
?IsPointerMessageTouchpad@CTouchProcessor@@QEAAHPEAUtagTHREADINFO@@_KG@Z
?GetPointerCapture@CTouchProcessor@@QEAAX_KHPEAPEAXPEAH@Z
?GetPointerDownFrame@CTouchProcessor@@QEAAK_K@Z
?SetPointerInfoNodeFlagFromEdition@CTouchProcessor@@QEAAHKGI@Z
?NotifyCaptureChangedIfCaptured@CTouchProcessor@@QEAAPEAUtagINPUTDEST@@_KPEAU2@@Z
?DelegateCapture@CTouchProcessor@@QEAA?AUtagINPUTDEST@@GKH@Z
?DelegateCoalescePointerMessage@CTouchProcessor@@QEAAH_KHHHI@Z
?DelegateChainingResetAndCoalescePointerMessage@CTouchProcessor@@QEAAH_KHHHI@Z
gHighContrast
gHighContrastDefaultScheme
?SetAccessEnabledFlag@@YAXXZ
FastUpdateWinIni
IsValidMouseSensitivity
GetMouseSensitivity
MouseAccelerationEnabled
CheckDesktopPolicy
gspklBaseLayout
HKLtoPKL
GreLddmProcessLockScreen
g_pWallpaperSettings
gbMKMouseMode
gwMKCurrentButton
?CalculateMouseTable@@YAXXZ
?MKShowMouseCursor@@YAXXZ
?MKHideMouseCursor@@YAXXZ
gSoundSentry
gdwWaitToKillServiceTimeout
gAudioDescription
DrvDisplayConfigGetScaleFactorOverrides
DrvDisplayConfigSetScaleFactorOverride
UpdateInputSettingWnfState
xxxKeyEvent
_GetKeyState
EtwTraceTransformAgeDecay
?UnlockAndRelease@CInputSink@@QEBA_NXZ
?LockForRead@CompositionInputObject@@QEBAJPEAPEBVCInputSink@@@Z
EtwTraceOnInputXformUpdate
?Release@CompositionObject@@QEBA_JXZ
?ResolveHandle@CompositionInputObject@@KAJPEAXKDPEAPEAU1@@Z
UpdateKeyLights
gptiTSRequest
xxxRemoteConnect
ValidateHdesk
TransformPointBetweenCoordinateSpaces
ShouldVirtualizeWindowRect
GreGetHandleCount
GreGetPeakHandleCount
giheCount
giheCountPeak
EtwTraceUiAuditWriteClipboard
EtwTraceUiLimitWriteClipboard
ShouldRunShared
EtwTraceAuditApiSetWindowsHookEx
EtwTraceAuditApiSetWinEventHook
ValidateHmenu
EtwTraceUiAuditReadClipboard
GreIsValidRegion
GreLockRegion
GreUnlockRegion
UserUnsafeIsCurrentProcessDwm
GreGetRgnBox
ValidateHwinsta
xxxUserPowerCalloutWorker
HandleSystemThreadCreationFailure
ValidateHandleSecure
ValidatePwndDesktop
gpJobsList
_GetKeyNameText
??0CHMRefHwndByHandle@@QEAA@PEAUHWND__@@_N111@Z
??1CHMRefHwndByHandle@@QEAA@XZ
?bValid@CHMRefHwndByHandle@@QEBA_NXZ
?rpwnd@CHMRefHwndByHandle@@QEBAPEAUtagWND@@XZ
RIMFillDeviceHealthInfo
EtwTraceAuditApiRegisterRawInputDevices
gpRemoteSessionOcclusionEvent
gbFreezeScreenUpdates
CreateSharedSystemVisualObject
?CreateHandle@CompositionObject@@QEBAJK_NDPEAPEAX@Z
GreLockDwmState
GreUnlockDwmState
EtwTraceUIPIClipboardError
GuessMonitorOverrideForCoordinateConversions
EtwTracePostInjectedGestureMessage
IsPointerDeviceAccessible
RIMGetPointerDeviceProperties
CleanupInputDelegation
CleanupShellHandwritingInputDelegation
UserSessionSwitchEnterCrit
?Enter@EnterLeaveCritMitRitHandOffHazard@@AEAAXXZ
InputExtensibilityCalloutGuard
EtwTraceTouchInjectionStart
EtwTraceTouchInjectionStop
RIMIsCurrentProcessTrusted
RIMRegisterForInputWithCallbacks
TouchTargetingEnabledForInput
_GetDeviceRects
_SetHimetricToPixelRatio
EtwTraceTouchTargetingOffset
EtwTraceTouchTargetingPointerEvent
EtwTraceTouchTargetingPointerTargetStart
EtwTraceTouchTargetingPointerTargetStop
EtwTraceTouchTargetingWindowHitTestStart
EtwTraceTouchTargetingWindowHitTestStop
gpresDitCompositionInputSinkQuery
gcDITLuidHitTestWaiters
gpsemDITLuidHitTestWaiters
AddEdgePalmRejectionZone
RemoveAllEdgePalmRejectionZonesForDevice
InitScancodeMap
UnlockQueue
GetKeyboardInputRoutingPolicy
?ForwardInputToISM@CKeyboardProcessor@@SAX_NGGGPEAXK0_KPEAU_KEYBOARD_VIRTUAL_DEVICE_INFO@@@Z
VKFromVSC
ausNumPadCvt
xxxProcessKeyEvent
?GetPointerInfo@CTouchProcessor@@QEAAPEBUtagPOINTER_INFO@@PEBUCPointerInputFrame@@K@Z
?GetInstance@CInertiaManager@@SAPEAV1@XZ
?QueryInertia@CInertiaManager@@QEBAPEBUINERTIA_INFO_INTERNAL@@UtagPOINT@@W4INERTIA_SOURCE@@@Z
?InertiaSourceFromPointerType@CInertiaManager@@SA?AW4INERTIA_SOURCE@@K@Z
?AdjustEdgyFrameInputDest@CTouchProcessor@@QEAAXPEAXUtagINPUTDEST@@@Z
EtwTraceEdgyDetectionStart
EtwTraceEdgyDetectionStop
?UnreferenceUndispatchedFrame@CTouchProcessor@@QEAAXPEAU_LIST_ENTRY@@@Z
?CleanupManipulationThreadData@CTouchProcessor@@QEAAXXZ
?GetThreadsWithPKL@@YAIPEAPEAPEAUtagTHREADINFO@@PEAU_TL@@PEAUtagKL@@@Z
gpMonitorCached
gbRemoteFxSession
GreRectInRegion
?SetClip@CCursorClip@@QEAAXUtagRECT@@@Z
?EnableSpeedBump@CCursorClip@@QEAAX_N@Z
gNestedWindowLimit
szNull
HdevFromMonitor
ReadPointerDeviceCfgDWORDSetting
GetDWORDSettingValues
WriteSettingValues
GetTouchTimeFromCPLValue
EtwTraceMessageCheckDelay
IsCapturedBySystem
EnterRenderBlock
EnterSharedRenderCrit
LeaveRenderBlock
LeaveRenderCrit
DrvSetMonitorPowerState
EtwTraceChangeDisplayModeBroadcast
?ProcessMouseQueue@CPTPProcessor@@SAXXZ
GetCurrentKbdTables
?EnvironmentChanged@CPTPProcessor@@SAXXZ
EtwTraceTouchPadAAP
?OpenDwmHandle@CompositionObject@@QEBAJPEAPEAX@Z
HasCapture
CheckIntegrityAccessToCapture
gpRemoteBeepDevice
ghrgnSCR
ghrgnSPB2
ghrgnSPB1
gptiLockUpdate
GreIsVisRgnPublishLocked
GreSetPaletteOwner
Win32AllocPagedLookasideList
EtwTraceBeginSendMessage
EtwTraceEndSendMessage
EtwTraceConvertTimeOutToBlocking
EtwTraceBeginRetrieveSendMessage
EtwTraceEndRetrieveSendMessage
FastGetProfileStringW
DrvQueryMDEVPowerState
SafeDisableMDEV
DestroyMonitorDCs
gbGDIOn
DrvDxgkLogCodePointPacket
DrvSetMDEVPowerState
EtwTracePowerOnGdiBegin
SafeEnableMDEV
EtwTracePowerOnGdiEnd
?gDomainPowerTransitionsStateLock@@3UtagDomLock@@A
HMUnlockDestroyObject
GreCreatePalette
gpClipFormatExceptionList
DCompositionCreateSynchronizationObject
IsDwmApiPortRegistered
UnlockUpdatesForDwm
UserIsWddmConnectedSession
gpopupMenu
ShouldSetNoOwner
?LockInitialize@tagObjLock@@QEBAXXZ
?LockUnInitializeThreadCreator@tagObjLock@@QEBAXXZ
W32GetCurrentThreadDpiHostingBehavior
CreateCacheDC
HandleFullWindowDestruction
ReleaseCacheDC
DeleteProperties
?ThreadHasPrimaryCaptureExternal@CTouchProcessor@@QEAAHQEAUtagTHREADINFO@@G@Z
gptiTasklist
g_hbmDesktopPattern
GreGetDCOrgEx
GreSetDCOrg
xxxEnumDisplayMonitors
GreMarkUndeletableBrush
xxxUserChangeDisplaySettings
gpConsoleShadowDisplayChangeEvent
ThinWireCache
gRemoteClientKeyboardType
DrvGetHDEV
SetProtocolType
DrvIsNotUsingGraphicsDevice
gstrBaseWinStationName
gfSessionSwitchBlock
SetConsoleSwitchInProgress
DrvCloseGraphicsDevices
?gPreviousProtocolType@@3GA
OPMDestroyAllProtectedOutputs
SetConnectedState
CitSessionConnectChange
DrvSetGraphicsDevices
gRemotePreviousMonitorsCount
CleanupRemoteHandles
DispBrokerAsyncSessionSwitched
gpThinWireCache
PopulateUMKMHandlePair
gRemoteMouseChannelHandlePair
gRemoteKeyboardChannelHandlePair
gRemoteNumMonitors
gRemotePrimaryMonitor
ghRemoteVideoChannel
ghRemoteBeepChannel
ghRemoteThinwireChannel
ShouldDeferMessage
gRemoteSessionUseWddm
gRemoteDisplayDeviceName
gWinStationInfo
gVideoFileObject
gThinwireFileObject
GreMultiUserInitSession
UserRemoteConnectedSessionUsingXddm
GreDrvConnect
DrvSessionHasAnyGraphicsDevice

dxgkrnl.sys

DxgkReleaseCompositionObjectReference
DxgkOpenDwmHandleForCompositionObjectReference
DxgkReferenceCompositionObject

win32ksgd.sys

gaClipILDef
SGDGetUserGdiSessionState
SGDGetSessionState
SGDGetUserSessionState

hal

KeQueryPerformanceCounter

watchdog.sys

WdLogSingleEntry1
WdLogSingleEntry0
WdSetEventAndWaitForSingleObject

Exports

Exports

AddMagnificationOutputTransform
AdjustLinearity
AllocateCvr
AllocateEditionSessionGlobalsArea
AllocateW32Process
ApplyGatheredDeviceInfoSummaryInformation
ApplyMagInputTransform
AutoRotationUpdateRegistry
BRUSHOBJ_hGetColorTransform
BRUSHOBJ_pvAllocRbrush
BRUSHOBJ_pvGetRbrush
BRUSHOBJ_ulGetBrushColor
BuildHwndList
CLIPOBJ_GetRgn
CLIPOBJ_bEnum
CLIPOBJ_cEnumStart
CLIPOBJ_ppoGetPath
CacheRotationInfo
CalcVisRgn
CalcWindowsFullScreen
CheckAndProcessSurfaceComplete
CheckCursorClipAccess
CheckWinstaAttributeAccess
CheckupHidLeak
CitGetWindowInfo
CleanupDwmInputProcessing
CleanupFeedbackData
CleanupHLSURF
CleanupHidRequestList
CleanupIAMAccess
CleanupInjectedTouchProcess
CleanupMediaChange
CleanupModuleAllocations
CleanupOEMBitmaps
CleanupPlaySound
CleanupW32ThreadLocks
ClearDelegationCapture
ClientCallDitThread
CreateBitmapStrip
CreateInputContext
CreatePhysicalMonitorWrap
CreateSetupNameArray
DCELogicalSpeedTopLevelHitTest
DCompSessionInitialize
DDCCICleanUpWrap
DDCCIInitializeWrap
DEVICE_PFTOBJ_pPFFGetWrap
DEVLOCKOBJ_bDisposeTrgDcoWrap
DEVLOCKOBJ_bPrepareTrgDcoWrap
DbgValidateHooks
DeleteFadeSprite
DeleteHrgnClip
DereferenceClass
DesktopAlloc
DesktopOpenProcedure
DestroyDpiMetricsCache
DestroyEventHook
DestroyPhysicalMonitor
DestroyProcessHidRequests
DestroyProcessInfoEditionRundown
DestroyProcessesClasses
DestroySMWP
DestroyThreadHidObjects
DestroyThreadsHotKeys
DestroyThreadsMessages
DestroyThreadsTimers
DestroyUnlockedCursor
DestroyWindowStation
DisableUserkTraceLogging
DispBrokerGetCurrentModeImpl
DllUnload
DoPrediction
DoesPointerHaveSingleCursor
DrvRealizeHalftonePaletteWrap
DwmAsyncNotifyDisplayModeChange
DwmAsyncNotifySessionConnected
DwmAsyncRegisterSharedThumbnailVisualApiExt
DwmAsyncRegisterSharedVirtualDesktopVisual
DwmAsyncSetBlurredWallpaperSurface
DwmAsyncSetChildRootVisual
DwmDestroyDeviceSpecificResources
DwmSyncFlushForceRenderAndWaitForBatch
DxgkEngAccumD3DPresentBounds
DxgkEngAcquireStableSprite
DxgkEngAcquireStableVisRgn
DxgkEngAddRedirBitmapD3DDirtyRgn
DxgkEngBltViaGDI
DxgkEngColorFillViaGDI
DxgkEngDetectGDIPath
DxgkEngGetClientRect
DxgkEngGetDC
DxgkEngGetRedirBitmapSharedHandle
DxgkEngGetRemoteDeviceCount
DxgkEngGetRgnData
DxgkEngGetWindowRect
DxgkEngIsDwmProcess
DxgkEngIsRedirectionDC
DxgkEngLockVisRgn
DxgkEngQueryWin32InfoPlatform
DxgkEngReleaseDC
DxgkEngReleaseStableSprite
DxgkEngReleaseStableVisRgn
DxgkEngUnlockVisRgn
DxgkEngWatchVisRgnChange
EditionActivateMitInput
EditionAllocAndLinkThreadPointerData
EditionAllocThreadPointerData
EditionAllowProcessLaunchForegroundPolicy
EditionApplyForegroundPolicyStartingApp
EditionAreAllAccessGranted
EditionBaseDriverEntryInitialize
EditionBaseDriverUnloadUninitialize
EditionCallAccessibilityHook
EditionCanSetAdditionalForegroundBoostProcesses
EditionCancelCoolSwitch
EditionChangeForegroundQueueForMouseInput
EditionCheckDesktopPolicy
EditionClearInputTransforms
EditionClientCharToWchar
EditionCloseDesktopEntryPoint
EditionCloseWindowStationEntryPoint
EditionCommitMousePosAndMove
EditionComputeInjectorUIPI
EditionComputeInputSpaceId
EditionContactVisualization
EditionCreateDefaultWindowStation
EditionCreateDesktopEntryPoint
EditionCreateEdgePalmRejectionZones
EditionCreateWindowStationEntryPoint
EditionDeactivateMitInput
EditionDeferWinEventNotify
EditionDelQEntry
EditionDelegateCapturePointers
EditionDestroyEdgePalmRejectionZones
EditionDevicePnpNotification
EditionDoHotKeys
EditionDoPointerDPITransforms
EditionEdgyEnabled
EditionEdgyProcessInertia
EditionEdgyProcessInput
EditionEdgyResetCurrentFrame
EditionEdgyResetDataFrames
EditionEndDeferWinEventNotify
EditionExtensibility_WakeMITForInterceptCallout
EditionFinalizeKoreanImeCompStrOnMouseClick
EditionFindNodeQueuedMessage
EditionFindThreadPointerData
EditionForegroundQAccessibleToMouseProducer
EditionFreeIMEKeyboardLayouts
EditionFreeMoveSizeDataOnThreadDestroy
EditionGetAppImeCompatFlags
EditionGetCompositionInputWindowUIOwner
EditionGetCurrentMonitorTopology
EditionGetDefaultMouseSensitivity
EditionGetExecutionEvironment
EditionGetInputDelegate
EditionGetInputDesktopId
EditionGetInputTransform
EditionGetKeyStateUpdateParamsForRawInput
EditionGetLatestInputTransform
EditionGetLogicalPointForMouseCaptureButtonEvent
EditionGetMouseWheelRoutingMode
EditionGetPointerDeviceConfigurationKey
EditionGetProcessWindowStationEntryPoint
EditionGetThreadDesktopEntryPoint
EditionGetThreadPointerHookData
EditionGetUserObjectInformationEntryPoint
EditionHandleAltTab
EditionHandleAltTabCancel
EditionHandleAndPostKeyEvent
EditionHandleHungWindow
EditionHandleMoveSizeDataOnDestroyMonitor
EditionHandleNonUniformHMonitorDpi
EditionHandleRawInput
EditionHandleRawInputThrottlingTimer
EditionHandleSonarKeyEvent
EditionIVSyncForeground
EditionImmActivateAndUnloadThreadsLayout
EditionImmActivateLayout
EditionImmActivateThreadsLayout
EditionInitGlobalCursorSizes
EditionInitInputHangInfo
EditionInitSystemCharsetInfoForLayout
EditionInitializeMoveSizeList
EditionInitializeWppLogging
EditionInitiateMouseEventProcessing
EditionInputExtensibilityCallout
EditionInternalSetCursorPos
EditionIsAppForeground
EditionIsCompositeAppOrSelfDisabled
EditionIsCompositionInputWindow
EditionIsCurrentProcessWinstaLocked
EditionIsGetAsyncKeyStateBlocked
EditionIsGetKeyStateBlocked
EditionIsGpqForegroundAccessibleCurrent
EditionIsGpqForegroundAccessibleExplicit
EditionIsHotKey
EditionIsPointerInputRedirected
EditionIsPointerQueuedMessageCoalescable
EditionIsRIMInjectionBlocked
EditionIsSAS
EditionIsUsermodeRIMAccessAllowed
EditionIsWinEventsDeferred
EditionKeepMachineUp
EditionKeyEventLLHook
EditionKillAccessibilityTimer
EditionLLMouseButtonHook
EditionLLMouseWheelHook
EditionLegacyTouchPadMouseAllowTap
EditionMagnificationMousePosition
EditionMessageBeep
EditionMouseCaptureHitTest
EditionMouseMoveShellResilience
EditionNeedsTouchTargeting
EditionNonDwmSpeedHitTest
EditionNonDwmTouchHitTest
EditionNotifyDwmForSystemVisualCreation
EditionNotifyDwmForSystemVisualDestruction
EditionNotifyShellLanguageHook
EditionOpenInputDesktopEntryPoint
EditionOpenProfileKey
EditionOverrideDefaultTouchGestureSettings
EditionOverrideUserTouchGestureSettings
EditionParseDesktop
EditionPhysicalToLogicalDPIPointWithInputDestHint
EditionPointerActivate
EditionPointerParentNotify
EditionPointerWindowHitTest
EditionPostAccessibilitySettingChangedEvent
EditionPostAccessibilityShortcutNotification
EditionPostDwmSpeedHitTest
EditionPostInertiaMessage
EditionPostInputEvent
EditionPostInputMessage
EditionPostKeyboardInputMessage
EditionPostMouseMoveToQ
EditionPostMouseWheelToForeground
EditionPostRawMouseInputMessage
EditionPostRitSound
EditionPostShellHookMessages
EditionPostThreadInputEvent
EditionPostUpdateKeyStateEvent
EditionPreserveSystemClippedMouseInput
EditionProcessForegroundPriorityChanged
EditionProcessPointerInputAsMouse
EditionPromotePointer
EditionPushExitingAppForegroundPolicy
EditionPushProcessLaunchForegroundPolicy
EditionQueryInertiaWorker
EditionRawInputRequestedForKeyboard
EditionResetIMEConversionStatus
EditionResetIMELayout
EditionRimDeviceReadNotification
EditionSendCursorSuppressionUpdate
EditionSendIMENotification
EditionSendMiPLeaveForIVMouseInput
EditionSetAccessibilityTimer
EditionSetForegroundCheckNoActivate
EditionSetMouseInputRateLimitingTimer
EditionSetProcessWindowStationAtProcessInit
EditionSetProcessWindowStationEntryPoint
EditionSetThreadDesktopAtThreadInit
EditionShowSystemCursor
EditionStopSonar
EditionSynthesizeMouseWheel
EditionSystemGenerateMove
EditionTouchResizeAction
EditionTransformIvTouchInput
EditionTransformPointForIvSpatialInput
EditionUninitializeWppLogging
EditionUnlinkAndFreeThreadPointerData
EditionUnloadCursorsAndIcons
EditionUpdateAsyncKeyStateThreads
EditionUpdateCurrentMonitorTopology
EditionUpdateCursorAsync
EditionUpdateCursorOnMouseMove
EditionUpdateInputTransformFromHitTest
EditionUpdateModifiersForHotkey
EditionUpdateRawMouseMode
EditionUpdateRemoteLights
EditionUpdateSASModifiers
EditionUserBeep
EditionUserInitialize
EditionWakeSomeone
EditionWakeThreadForInput
EditionxxxBroadcastSPIChange
EditionxxxComputeInputSinkInfo
EditionxxxHandleGhostOnThreadDestroyed
EditionxxxReportMouseBreakToAccessibility
EditionxxxSystemParametersInfoWorker
EditionzzzUpdateCursorSizes
EnableHalftone
EnableUserkTraceLogging
EngAllocPrivateUserMem
EngAlphaBlend
EngBitBlt
EngCTGetCurrentGamma
EngCTGetGammaTable
EngCheckAbort
EngClearEvent
EngComputeGlyphSet
EngControlSprites
EngCopyBits
EngCreateDriverObj
EngCreateEvent
EngCreatePath
EngCreateWnd
EngDeleteEvent
EngDeleteFile
EngDeletePath
EngDeleteWnd
EngDitherColor
EngDxIoctl
EngEnumForms
EngEraseSurface
EngFileIoControl
EngFileWrite
EngFillPath
EngFindImageProcAddress
EngFindResource
EngFntCacheAlloc
EngFntCacheFault
EngFntCacheLookUp
EngFreeModule
EngFreePrivateUserMem
EngGetCurrentCodePage
EngGetDriverName
EngGetFileChangeTime
EngGetFilePath
EngGetForm
EngGetPrinter
EngGetPrinterData
EngGetPrinterDataFileName
EngGetPrinterDriver
EngGetTickCount
EngGetType1FontList
EngGradientFill
EngHangNotification
EngIsCddDeviceBitmap
EngLineTo
EngLoadImage
EngLoadModule
EngLoadModuleForWrite
EngLockDirectDrawSurface
EngLpkInstalled
EngMapEvent
EngMapFile
EngMapFontFile
EngMapFontFileFD
EngMapModule
EngMarkBandingSurface
EngMovePointer
EngMultiByteToWideChar
EngNineGrid
EngPaint
EngPlgBlt
EngQueryDeviceAttribute
EngQueryFileTimeStamp
EngQueryLocalTime
EngQueryPalette
EngReadStateEvent
EngRestoreFloatingPointState
EngSaveFloatingPointState
EngSetEvent
EngSetPointerShape
EngSetPointerTag
EngSetPrinterData
EngSort
EngStretchBlt
EngStretchBltROP
EngStrokeAndFillPath
EngStrokePath
EngTextOut
EngTransparentBlt
EngUnloadImage
EngUnlockDirectDrawSurface
EngUnmapEvent
EngUnmapFile
EngUnmapFontFile
EngUnmapFontFileFD
EngWaitForSingleObject
EngWideCharToMultiByte
EngWritePrinter
EnsurePointerDeviceHasMonitor
EnterEditionCrit
FONTOBJ_cGetAllGlyphHandles
FONTOBJ_cGetGlyphs
FONTOBJ_pQueryGlyphAttrs
FONTOBJ_pfdg
FONTOBJ_pifi
FONTOBJ_pjOpenTypeTablePointer
FONTOBJ_pvTrueTypeFontFile
FONTOBJ_pwszFontFilePaths
FONTOBJ_pxoGetXform
FONTOBJ_vGetInfo
FVisCountable
FadeDesktop
FinishStockFontInit
FinishStockFontReinit
FlushWEFCOMPOSITEDDCEBounds
FontDriverQueryRoutine
FreeAllSpbs
FreeClientOnWindowDestruction
FreeDdeXact
FreeDelayedHooks
FreeDesktop
FreeDeviceInfo
FreeEditionSessionGlobalsArea
FreeHidData
FreeHook
FreeHwndList
FreeImeHotKeys
FreeInputContext
FreeMessageList
FreeNonCachedUserMemWrap
FreePointerDevice
FreePointerDeviceCalData
FreePointerDeviceCalibrationInfo
FreeProcessMessageFilter
FreeSMS
FreeThreadsWinEvents
FreeThreadsWindowHooks
FreeTimer
FreeWindowStation
FreezeThawTimers
GdiMultiUserFontCleanup
GdiThreadCalloutFlushUserBatch
GetAppCompatFlags
GetAppCompatFlags2
GetAppCompatFlags2QuadWord
GetClassPtr
GetColorManagementCapsWrap
GetDbgTagFlags
GetDesktopHeapSize
GetDesktopView
GetDpiSetting
GetDpiSettingWithNoDefault
GetInputSensorThreadingModel
GetInputTransformList
GetJournallingQueue
GetLayeredOrRedirectedParent
GetMAPPER_SignatureTable
GetMaxGdiHandleCount
GetMiPInputTransform
GetNineGridRenderingData
GetPTPShellTarget
GetPanCopyBits
GetPenArbitrationType
GetPenHoldTime
GetPowerTransitionsState
GetRedirectionBitmap
GetRipFlags
GetSMSLookaside
GetStyleWindow
GetTouchHoldTime
GetUndimSourceInputTypeMask
GetUserHandedness
GetWakeSourceInputTypeMask
GetWin8StyleDpiSettingFromRegistry
GetgForceFontAssocCodePage
GetgSystemAnsiCodePage
GetgSystemOemCodePage
GetgbFinishDefGUIFontInit
GetghsemEnableEUDC
GetglpSetupPrograms
GetgpBmpDev
GetgpDefITable
GetgpPFTDeviceWrap
GetgpPublicObjectList
GetgpRedirDev
GetgpastrSetupExe
GetgpfmffTable
GetgpfsTable
GetgpniFontsDirectoryAndScratch
GetgptoWrap
GetgpwszFamilyDefaultFonts
GetgvsStateWrap
GetpbwlCache
GreAssertSystemCriticalProcess
GreDeleteClientObj
GreDeleteWnd
GreDwmDesktopOverlaysEnabled
GreEnsureDpiDepDefaultGuiFontForPlateau
GreFlush
GreGetAspectRatioFilter
GreGetRandomRgn
GreHideSprites
GreHintDCWnd
GreIsCurrentProcessSystemCritical
GreMovePointer
GrePolyBezier
GrePolyBezierTo
GrePolyPolygon
GrePolyPolyline
GrePolylineTo
GreSelectFont
GreSelectRedirectionBitmap
GreSetBitmapBits
GreWaitForTextReady
GrepSfmRemoveSurfaces

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 308KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

NONPAGE
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
win32spl.dll
.dll windows:10 windows x64 arch:x64

87d3ba9584d16cb7475642683c24339c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

win32spl.pdb

Imports

msvcrt

wcsrchr
tolower
_purecall
_wcsnicmp
wcsncmp
_wtol
wcsnlen
wcstok_s
_set_errno
_wcstoi64
wcsstr
_wcsicmp
memmove_s
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
_vsnprintf_s
wcscat_s
strcpy_s
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
_get_errno
wcstol
iswspace
wcscpy_s
_unlock
_lock
__C_specific_handler
wcschr
__CxxFrameHandler4
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_wcsdup
_open
_errno
_read
_write
_close
_lseek
_wopen
_stricmp
swprintf_s
sprintf_s
_wtof
isdigit
isupper
??0bad_cast@@QEAA@AEBV0@@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
localeconv
strcspn
__uncaught_exception
setlocale
___mb_cur_max_func
___lc_handle_func
___lc_codepage_func
_ismbblead
__pctype_func
calloc
islower
??8type_info@@QEBAHAEBV0@@Z
__crtLCMapStringW
__crtLCMapStringA
_wsetlocale
abort
memset
memchr
memcmp
sqrt
free
_amsg_exit
wcstoul
_XcptFilter
_itow_s
qsort
?what@exception@@UEBAPEBDXZ
malloc
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_CxxThrowException
__CxxFrameHandler3
memcpy
__dllonexit
_onexit
memmove
??0exception@@QEAA@AEBQEBD@Z
??3@YAXPEAX@Z
_wcslwr
strchr
wcscmp

ntdll

NtSetInformationThread
NtOpenThreadToken
RtlFreeHeap
NtSetInformationToken
RtlAllocateHeap
WinSqmIncrementDWORD
WinSqmAddToStreamEx
WinSqmSetDWORD
WinSqmIsOptedIn
EtwEventWrite
EtwEventEnabled
EtwEventUnregister
EtwEventRegister
RtlValidRelativeSecurityDescriptor
RtlIsThreadWithinLoaderCallout
NtFsControlFile
RtlInitializeSRWLock
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
TpAllocPool
TpSetPoolMinThreads
TpSetPoolMaxThreads
TpReleaseAlpcCompletion
TpWaitForAlpcCompletion
NtOpenProcessToken
TpWaitForIoCompletion
TpReleaseTimer
TpWaitForTimer
TpReleaseWait
TpWaitForWait
TpReleaseWork
TpWaitForWork
RtlInitAnsiString
RtlOemStringToUnicodeString
RtlUnicodeToOemN
RtlxUnicodeStringToOemSize
NtImpersonateAnonymousToken
NtCreateFile
TpAllocAlpcCompletion
TpStartAsyncIoOperation
TpAllocIoCompletion
TpSetTimer
TpAllocTimer
TpAllocWait
TpPostWork
TpAllocWork
RtlNtStatusToDosError
TpSimpleTryPost
TpSetWait
TpCallbackMayRunLong
TpReleasePool
RtlInitUnicodeString
TpReleaseIoCompletion
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtQuerySystemInformation
VerSetConditionMask
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
NtClose

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
GetLastError
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-file-l1-1-0

RemoveDirectoryW
GetFileSize
GetFileAttributesW
SetFileAttributesW
SetFileTime
LocalFileTimeToFileTime
FindClose
CreateDirectoryW
SetEndOfFile
CompareFileTime
WriteFile
ReadFile
GetFullPathNameW
CreateFileW
SetFilePointerEx
FindNextFileW
FindFirstFileW
DeleteFileW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleW
GetProcAddress
LoadLibraryExW
FreeLibrary
GetModuleHandleExW
DisableThreadLibraryCalls
LoadStringW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-localization-l1-2-0

GetSystemPreferredUILanguages
FormatMessageW

rpcrt4

RpcSmDestroyClientContext
Ndr64AsyncClientCall
RpcStringBindingComposeW
RpcBindingSetObject
RpcEpResolveBinding
RpcAsyncInitializeHandle
NdrClientCall3
RpcAsyncCompleteCall
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingSetOption
MesEncodeIncrementalHandleCreate
MesDecodeIncrementalHandleCreate
MesHandleFree
I_RpcExceptionFilter
RpcBindingFree
NdrMesProcEncodeDecode3

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenCurrentUser
RegQueryInfoKeyW
RegCloseKey
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyExW
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW

api-ms-win-core-processthreads-l1-1-0

ProcessIdToSessionId
SetThreadToken
GetCurrentProcessId
OpenThreadToken
GetCurrentThread
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
OpenProcessToken
ExitProcess

api-ms-win-security-base-l1-1-0

AddAccessAllowedAceEx
InitializeSecurityDescriptor
RevertToSelf
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetTokenInformation
FreeSid
AddAccessDeniedAceEx
GetTokenInformation
InitializeAcl
EqualSid
CheckTokenMembership
GetLengthSid
IsTokenRestricted
IsValidSecurityDescriptor
CopySid
GetSecurityDescriptorLength
DuplicateTokenEx
ImpersonateLoggedOnUser
CreateWellKnownSid
IsWellKnownSid
MakeSelfRelativeSD
AllocateAndInitializeSid

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
ReleaseSemaphore
DeleteCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
OpenSemaphoreW
ReleaseSRWLockShared
EnterCriticalSection
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
CreateMutexExW
CreateSemaphoreExW
LeaveCriticalSection
ReleaseMutex
InitializeCriticalSection
CreateEventExW
CreateEventW
SetEvent
WaitForSingleObject
InitializeCriticalSectionEx

oleaut32

SetErrorInfo
VariantCopyInd
LoadRegTypeLi
LoadTypeLi
GetRecordInfoFromTypeInfo
SysAllocStringLen
BSTR_UserSize
BSTR_UserFree
LPSAFEARRAY_UserSize
BSTR_UserUnmarshal64
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree64
LPSAFEARRAY_UserMarshal64
BSTR_UserUnmarshal
BSTR_UserMarshal
VariantClear
LPSAFEARRAY_UserUnmarshal64
LPSAFEARRAY_UserMarshal
BSTR_UserFree64
BSTR_UserSize64
LPSAFEARRAY_UserSize64
BSTR_UserMarshal64
SafeArrayGetElement
SysStringLen
SafeArrayPutElement
VariantChangeType
SafeArrayGetUBound
VariantCopy
SafeArrayDestroy
SafeArrayCreateVector
SafeArrayPtrOfIndex
VariantInit
SysAllocString
SafeArrayCopyData
SysFreeString

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWorkCallbacks
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
IsThreadpoolTimerSet
CloseThreadpoolTimer
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemInfo
GetVersionExW
GetSystemDirectoryW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processtopology-obsolete-l1-1-0

GetActiveProcessorCount

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

spoolss

AllocSplStr
EnumPrintersW
CacheIsNameInNodeList
GetPrinterW
GetPrinterDriverW
GetServerPolicy
GetJobNamedPropertyValue
FreePrintPropertyValue
RouterAllocPrinterNotifyInfo
RouterFreePrinterNotifyInfo
ReplyPrinterChangeNotificationEx
AllowRemoteCalls
CallDrvDevModeConversion
DllAllocSplMem
CallRouterFindFirstPrinterChangeNotification
ClosePrinter
OpenPrinterW
ImpersonatePrinterClient
RevertToPrinterSelf
AppendPrinterNotifyInfoData
OpenPrinter2W
SpoolerFindFirstPrinterChangeNotification
SpoolerFindClosePrinterChangeNotification
SpoolerRefreshPrinterChangeNotification
PartialReplyPrinterChangeNotification
ReplyPrinterChangeNotification
SplUnregisterForSessionEvents
SplRegisterForSessionEvents
DllFreeSplMem
DeletePrinterConnectionW
SetPortW
GetJobW
GetPrinterDataW
RouterCreatePrintAsyncNotificationChannel
IsNameTheLocalMachineOrAClusterSpooler
MIDL_user_free1
GetPrinterDriverDirectoryW
IsNamedPipeRpcCall
MIDL_user_allocate1
DllFreeSplStr
SetJobW

localspl

SplSetJobError
SplDeleteForm
SplAddForm
SplSetForm
SplEnumJobs
SplAddPrinterDriverEx
SplIsLocalDriverAvailable
SplGetDriverUpdateStatus
SplSetDriverUpdateStatus
SplAddPrinter
SplAddMonitor
SplCopyNumberOfFiles
SplEnumPrinterDrivers
SplIsCompatibleDriver
SplEnumPrinters
SplEnumPorts
SplXcvData
SplIsDriverInstalled
SplOpenPrinter
SplSetJobNamedProperty
SplSetJobExtra
SplGetJobExtra
SplDeleteJobNamedProperty
SplSetCSRPrinterDevnode
SplDoesCSRPrinterDevnodeExist
SplGetUserPropertyBag
SplPrintSupportOperation
SplIppCreateJobOnPrinter
SplIppGetJobAttributes
SplIppSetJobAttributes
SplCloseSpooler
SplDeleteSpooler
SplCreateSpooler
SplNotifyServerStatus
SplGetPrintClassObject_4CSR
SplGetDriverDir
SplSetJob
SplSetPrinter
SplGetPrinter
SplCopyFileEvent
SplLoadLibraryTheCopyFileModule
LocalAddForm
LocalDeleteForm
LocalEnumForms
SplEnumForms
SplGetForm
SplEnumPrinterDataEx
SplMonitorIsInstalled
SplGetPrintClassObject
SplDeletePrintProcCacheData
SplEnumPrintProcCacheData
SplGetLocalDevMode
SplSetPrintProcCacheData
SplGetPrintProcCacheData
SplEnumPrinterKey
SplDeletePrinterWithJobs
SplEnumPrinterData
SplDeletePrinterKey
SplDeletePrinterDataEx
SplDeletePrinterData
SplSetPrinterDataEx
SplSetPrinterData
SplGetPrinterDataEx
SplGetPrinterData
SplGetPrinterDriver
SplGetPrinterDriverEx
SplResetPrinter
SplDeletePrinterIC
SplPlayGdiScriptOnPrinterIC
SplCreatePrinterIC
SplEnumJobNamedProperties
SplGetJobNamedPropertyValue
SplReportJobProcessingProgress
SplGetJob
SplScheduleJob
SplAddJob
SplAbortPrinter
LocalReadPrinter
SplWritePrinter
SplEndDocPrinter
SplEndPagePrinter
SplStartPagePrinter
SplStartDocPrinter
SplClosePrinter
SplAddCSRPrinter
SplEnableCSRPrinterDeviceInterface
SplDriverEvent

sensapi

IsDestinationReachableW

api-ms-win-core-kernel32-legacy-l1-1-0

DosDateTimeToFileTime
GetComputerNameW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

kernelbase

LocalReAlloc
LocalAlloc
GetIsEdpEnabled

print.printsupport.source

IsSameUserContextBySid
CreatePsaSourceStream
IsIppPrinterPsaEnabledForContractAsCurrentUser

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
GetTimeZoneInformation

dsrole

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-eventlog-legacy-l1-1-0

ReportEventW
RegisterEventSourceW
DeregisterEventSource

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW
GetPrivateProfileSectionW

Exports

Exports

DllMain
InitializePrintMonitor2
InitializePrintProvidor

Sections

.text
Size: 920KB - Virtual size: 917KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 296KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winbio.dll
.dll windows:10 windows x64 arch:x64

bc6daef45304b97dfde34bdab7e8fdd5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

winbio.pdb

Imports

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o___stdio_common_vsnprintf_s
memmove
_o_ceilf
_o_free
_o_malloc
_o_terminate
_o_wcsncpy_s
__current_exception
__current_exception_context
_CxxThrowException
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
__C_specific_handler
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleHandleExA
GetModuleHandleExW
FreeLibraryAndExitThread
GetModuleFileNameA
FreeLibrary

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
OpenThreadToken
OpenProcessToken
GetCurrentThread
GetCurrentProcess
TerminateProcess
ResumeThread
CreateThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
EnterCriticalSection
SetEvent
WaitForSingleObject
DeleteCriticalSection
InitializeSRWLock
ReleaseSRWLockExclusive
ResetEvent
LeaveCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSemaphore
WaitForSingleObjectEx
CreateSemaphoreExW
ReleaseMutex
CreateMutexExW
ReleaseSRWLockShared
CreateEventW
AcquireSRWLockShared
OpenSemaphoreW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime

api-ms-win-core-io-l1-1-0

GetQueuedCompletionStatus
CreateIoCompletionPort
PostQueuedCompletionStatus

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-2-0

WakeConditionVariable
Sleep
SleepConditionVariableCS
InitializeConditionVariable

api-ms-win-security-base-l1-1-0

GetLengthSid
IsValidSid
CopySid
GetTokenInformation
ImpersonateLoggedOnUser
RevertToSelf

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-console-l3-2-0

GetConsoleWindow

api-ms-win-core-file-l1-1-0

ReadFile
WriteFile

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegGetValueW
RegQueryInfoKeyW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
UnregisterWait

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

ntdll

RtlImageNtHeader

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

WinBioAcquireFocus
WinBioAsyncEnumBiometricUnits
WinBioAsyncEnumDatabases
WinBioAsyncEnumServiceProviders
WinBioAsyncMonitorFrameworkChanges
WinBioAsyncOpenFramework
WinBioAsyncOpenSession
WinBioCancel
WinBioCaptureSample
WinBioCaptureSampleWithCallback
WinBioCloseFramework
WinBioCloseSession
WinBioConsumeFactorDeletedByService
WinBioControlUnit
WinBioControlUnitPrivileged
WinBioDeleteTemplate
WinBioDiscardTicket
WinBioEnrollAuthorize
WinBioEnrollBegin
WinBioEnrollCapture
WinBioEnrollCaptureWithCallback
WinBioEnrollCommit
WinBioEnrollDiscard
WinBioEnrollRevoke
WinBioEnrollSelect
WinBioEnumBiometricUnits
WinBioEnumDatabases
WinBioEnumEnrollments
WinBioEnumServiceProviders
WinBioFree
WinBioGetCredentialState
WinBioGetCredentialWithTicket
WinBioGetDomainLogonSetting
WinBioGetEnabledSetting
WinBioGetEnrolledFactors
WinBioGetFactorsDeletedByService
WinBioGetGestureMetadata
WinBioGetLastBioUseTime
WinBioGetLogonSetting
WinBioGetPolicyProtectionSupport
WinBioGetProperty
WinBioGetProtectionPolicy
WinBioGetSetting
WinBioIdentify
WinBioIdentifyAndReleaseTicket
WinBioIdentifyWithCallback
WinBioImproveBegin
WinBioImproveEnd
WinBioIsESSCapable
WinBioLocateSensor
WinBioLocateSensorWithCallback
WinBioLockUnit
WinBioLogonIdentifiedUser
WinBioMonitorPresence
WinBioNgcAuthorizeEnrollment
WinBioNgcCloseAuthorizationSession
WinBioNgcGetAuthorizationWithTicket
WinBioNgcOpenAuthorizationSession
WinBioNotifyPasswordChange
WinBioOpenSession
WinBioProtectData
WinBioProtectDataWithPolicy
WinBioRegisterEventMonitor
WinBioRegisterServiceMonitor
WinBioReleaseFocus
WinBioRemoveAllCredentials
WinBioRemoveAllDomainCredentials
WinBioRemoveCredential
WinBioSendTelemetry
WinBioSetCredential
WinBioSetMSACredential
WinBioSetProperty
WinBioSetSetting
WinBioUnlockUnit
WinBioUnprotectData
WinBioUnregisterEventMonitor
WinBioUnregisterServiceMonitor
WinBioVerify
WinBioVerifyAndReleaseTicket
WinBioVerifyWithCallback
WinBioWait
_BioLogonIdentifiedUser

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
windows.internal.shellcommon.shareexperience.dll
.dll windows:10 windows x64 arch:x64

9e15772b98d7976eed40c0a02f57b0f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.Internal.ShellCommon.ShareExperience.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o__wcsicmp
_o__wtoi
_o_abort
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_strncpy_s
_o_strtol
_o_terminate
_o_wcstok_s
__C_specific_handler
__current_exception
__current_exception_context
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o__execute_onexit_table
_o__errno
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
strchr
strrchr
wcsrchr
__CxxFrameHandler3
_CxxThrowException
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

strncmp
wcscmp
wcscspn
memset

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsSubstringWithSpecifiedLength
WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError
RoOriginateErrorW
SetRestrictedErrorInfo
RoFailFastWithErrorContext

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
ReleaseSRWLockShared
ReleaseMutex
CreateMutexExW
ResetEvent
CreateEventW
LeaveCriticalSection
WaitForSingleObjectEx
ReleaseSemaphore
InitializeCriticalSection
DeleteCriticalSection
SetEvent
CreateEventExW
EnterCriticalSection
AcquireSRWLockExclusive
AcquireSRWLockShared
WaitForSingleObject
InitializeSRWLock
InitializeCriticalSectionEx
CreateSemaphoreExW
OpenSemaphoreW
ReleaseSRWLockExclusive

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
GetModuleHandleW
FreeLibrary
GetModuleHandleExA
DisableThreadLibraryCalls
GetModuleHandleExW
LockResource
LoadResource
FindResourceExW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetExitCodeThread

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-rtcore-ntuser-window-l1-1-0

GetForegroundWindow

combase

ord140
ord154

msvcp_win

?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?__ExceptionPtrDestroy@@YAXPEAX@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
??Bid@locale@std@@QEAA_KXZ
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
_Query_perf_counter
_Query_perf_frequency
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
_Thrd_yield
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
CoGetApartmentType
CoGetObjectContext
CoDecrementMTAUsage
CoRevokeClassObject
CoTaskMemRealloc
CoCreateGuid
CoCreateInstance
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoIncrementMTAUsage
CoRegisterClassObject
CoTaskMemFree

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal

api-ms-win-shcore-thread-l1-1-0

SHCreateThreadWithHandle

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation
EventActivityIdControl

api-ms-win-core-threadpool-l1-2-0

TrySubmitThreadpoolCallback
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer

ntdll

RtlNtStatusToDosError
ZwQueryWnfStateData
RtlIsMultiUsersInSessionSku

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegGetValueW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

rpcrt4

UuidCreate

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

oleaut32

SysFreeString
SetErrorInfo
SysStringLen
GetErrorInfo
SysAllocString

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 348KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
windows.storage.dll
.dll regsvr32 windows:10 windows x64 arch:x64

371c249ef7af46cdc1170f769ef180bf

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

34:5e:58:20:7a:e0:99:d9:17:0d:b3:52:12:ef:4e:92:53:4c:d2:44:0f:a4:82:02:9f:68:1f:90:77:67:0f:55
Signer

Actual PE Digest

34:5e:58:20:7a:e0:99:d9:17:0d:b3:52:12:ef:4e:92:53:4c:d2:44:0f:a4:82:02:9f:68:1f:90:77:67:0f:55

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.Storage.pdb

Imports

api-ms-win-crt-string-l1-1-0

wcscmp
memset
wcsncmp
wcscspn
strncmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__set_errno
_o__ui64tow_s
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
_o__wcstoi64
_o__wtoi
_o_abort
_o_calloc
_o_ceilf
_o_free
_o_iswalnum
_o_iswcntrl
_o_iswprint
_o_iswspace
memmove
_o_malloc
_o_memcpy_s
_o_realloc
_o_strncat_s
_o_strncpy_s
_o_strtol
_o_strtoul
_o_terminate
_o_towlower
_o_towupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstol
_o_wcstoll
_o_wcstoul
__current_exception
__current_exception_context
_o__purecall
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__i64tow_s
_o__get_errno
wcschr
wcsstr
wcsrchr
strchr
__CxxFrameHandler3
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__beginthreadex
_o__ltow_s
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_name
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_CxxThrowException
__C_specific_handler_noexcept
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

LoadStringA
LockResource
LoadStringW
DisableThreadLibraryCalls
GetModuleFileNameW
SizeofResource
LoadLibraryExW
FreeLibrary
GetModuleFileNameA
LoadResource
FindResourceExW
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
FindStringOrdinal
GetModuleHandleExA

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
CreateSemaphoreExW
InitializeSRWLock
ResetEvent
WaitForSingleObject
OpenSemaphoreW
SetEvent
ReleaseMutex
TryEnterCriticalSection
ReleaseSemaphore
InitializeCriticalSectionAndSpinCount
TryAcquireSRWLockExclusive
OpenMutexW
CreateMutexW
CreateMutexExW
OpenEventW
AcquireSRWLockExclusive
InitializeCriticalSection
ReleaseSRWLockExclusive
TryAcquireSRWLockShared
CreateEventExW
WaitForMultipleObjectsEx
CreateWaitableTimerExW
SetWaitableTimer
CreateEventW
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseSRWLockShared
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapReAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetErrorMode
RaiseException
SetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
OpenThreadToken
CreateProcessW
TerminateProcess
SetThreadToken
CreateProcessAsUserW
GetCurrentProcess
ResumeThread
UpdateProcThreadAttribute
OpenProcessToken
GetExitCodeProcess
GetCurrentProcessId
TlsAlloc
GetCurrentThreadId
GetProcessId
GetThreadPriority
InitializeProcThreadAttributeList
SetThreadPriority
TlsSetValue
DeleteProcThreadAttributeList
CreateThread
GetExitCodeThread
TlsGetValue
ProcessIdToSessionId
TlsFree
OpenThread

api-ms-win-core-localization-l1-2-0

FindNLSString
GetSystemDefaultLCID
GetLocaleInfoEx
GetThreadUILanguage
LocaleNameToLCID
FindNLSStringEx
LCMapStringW
SetThreadPreferredUILanguages
GetThreadPreferredUILanguages
GetUserDefaultLCID
GetSystemPreferredUILanguages
FormatMessageW
ResolveLocaleName
IsDBCSLeadByte
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CloseThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer
TrySubmitThreadpoolCallback
IsThreadpoolTimerSet

ntdll

RtlGetPersistedStateLocation
RtlQueryRegistryValueWithFallback
NtOpenKey
NtCreateKey
NtOpenThreadToken
RtlCompareUnicodeString
NtSetValueKey
NtQuerySystemInformationEx
RtlIsDosDeviceName_U
RtlNtStatusToDosErrorNoTeb
NtCreateLowBoxToken
RtlGetAppContainerSidType
RtlIsMultiSessionSku
RtlEqualSid
RtlGetOwnerSecurityDescriptor
WinSqmIsOptedIn
RtlCapabilityCheck
EtwEventActivityIdControl
RtlDosPathNameToRelativeNtPathName_U_WithStatus
RtlGetDaclSecurityDescriptor
RtlQueryInformationAcl
RtlLengthSid
RtlCreateAcl
RtlGetLastNtStatus
RtlGetAce
RtlAddAce
RtlAddAccessAllowedAce
RtlIsNonEmptyDirectoryReparsePointAllowed
RtlSetDaclSecurityDescriptor
NtQuerySecurityObject
NtFsControlFile
NtCreateFile
RtlCreateSecurityDescriptor
NtSetInformationFile
NtSetSecurityObject
RtlFreeUnicodeString
NtOpenFile
RtlDosPathNameToNtPathName_U
NtQueryKey
RtlIsMultiUsersInSessionSku
RtlInitUnicodeString
RtlDeriveCapabilitySidsFromName
RtlNtStatusToDosError
NtQueryInformationFile
RtlGetDeviceFamilyInfoEnum
RtlCreateServiceSid
RtlLengthRequiredSid
RtlMapGenericMask
NtQueryWnfStateData
RtlQueryPackageClaims
RtlIsThreadWithinLoaderCallout
WinSqmSetDWORD
WinSqmAddToStream
RtlReleaseRelativeName
RtlFreeHeap
NtQueryAttributesFile
RtlDosPathNameToRelativeNtPathName_U
RtlSetProxiedProcessId
RtlIsPartialPlaceholder
RtlIsCloudFilesPlaceholder
NtSetInformationProcess
EtwCheckCoverage
NtSetCachedSigningLevel
NtCompareSigningLevels
NtGetCachedSigningLevel
NtQueryVolumeInformationFile
NtQueryInformationProcess
NtQueryInformationThread
NtSetInformationThread
NtGetNextThread
RtlReportExceptionEx
RtlUnicodeStringToAnsiString
RtlAreLongPathsEnabled
RtlQueryResourcePolicy
RtlFlushHeaps
RtlAllocateHeap
RtlFreeAnsiString
RtlIsTextUnicode
NtClose
NtOpenProcessToken
NtQueryInformationToken
NtQuerySystemInformation
RtlDllShutdownInProgress
RtlPrefixString
RtlInitString
RtlOemStringToUnicodeString
RtlDowncaseUnicodeString
RtlUnicodeStringToOemString
RtlUnsubscribeWnfNotificationWaitForCompletion
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
RtlpEnsureBufferSize
RtlNtPathNameToDosPathName
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwEventWriteTransfer
EtwEventSetInformation
EtwEventRegister
SbSelectProcedure
EtwEventUnregister
NtQuerySecurityPolicy
WinSqmAddToStreamEx
RtlQueryThreadPlaceholderCompatibilityMode
RtlSetThreadPlaceholderCompatibilityMode
RtlInitUnicodeStringEx
NtQueryDirectoryFile
ZwQueryWnfStateData
RtlSubscribeWnfStateChangeNotification

api-ms-win-core-url-l1-1-0

UrlIsW
UrlCompareW
UrlGetLocationW
PathCreateFromUrlW
UrlApplySchemeW
UrlCreateFromPathW
UrlGetPartW
UrlEscapeW
PathIsURLW
ParseURLW
UrlCombineW
UrlUnescapeW

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegGetValueW
RegOpenKeyExW
RegCloseKey
RegDeleteTreeW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyExW
RegNotifyChangeKeyValue
RegOpenCurrentUser
RegGetKeySecurity

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalReAlloc
GlobalFree
LocalAlloc
LocalFree

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrlenA
lstrcmpiW
lstrcmpiA
lstrcmpW
lstrcmpA

api-ms-win-core-string-l1-1-0

CompareStringEx
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal
GetStringTypeW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrW
StrDupW
StrCmpICW
StrCpyNXW
StrStrNIW
StrCSpnW
StrRChrW
StrPBrkW
StrCmpNIW
StrCmpNICW
StrStrIW
StrToIntW
StrCmpIW
StrChrIW
StrCmpCW
StrCmpLogicalW
StrCmpICA
StrChrW
QISearch
StrDupA
StrCmpW
StrCmpNW
StrToIntExW
StrTrimW

api-ms-win-core-string-l2-1-0

CharPrevW
CharNextW
CharLowerW
CharUpperW
CharUpperBuffW
CharLowerBuffW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
WakeByAddressAll
Sleep
WaitOnAddress
InitOnceBeginInitialize

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
SetRestrictedErrorInfo
RoOriginateError
RoOriginateErrorW
GetRestrictedErrorInfo

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-stringansi-l1-1-0

CharPrevA
CharNextA

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
ExpandEnvironmentStringsW
SearchPathW
SetCurrentDirectoryW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentVariableW

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage
GetUserDefaultUILanguage

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlCompareMemory

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GlobalMemoryStatusEx
GetWindowsDirectoryW
GetSystemInfo
GetSystemTime
GetTickCount64
GetLocalTime
GetComputerNameExW
GetSystemDirectoryW
GetVersionExW
GetSystemWindowsDirectoryW
GetTickCount

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList
InterlockedFlushSList

combase

ord90
SetErrorInfo
ord168
ord140
GetErrorInfo
ord157
ord167
ord148

msvcp_win

_Mtx_init_in_situ
_Thrd_detach
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
_Mtx_destroy_in_situ
?_Xinvalid_argument@std@@YAXPEBD@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Throw_Cpp_error@std@@YAXH@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Throw_C_error@std@@YAXH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Mtx_lock
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Thrd_yield
_Mtx_unlock
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
??0facet@locale@std@@IEAA@_K@Z
?_Xbad_function_call@std@@YAXXZ
??1facet@locale@std@@MEAA@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Wcsxfrm
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?id@?$collate@G@std@@2V0locale@2@A
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
_Wcscoll
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
??Bid@locale@std@@QEAA_KXZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?is@?$ctype@G@std@@QEBA_NFG@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??0_Locinfo@std@@QEAA@PEBD@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-eventing-provider-l1-1-0

EventEnabled
EventWrite
EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabledForProcess
QuirkIsEnabled

api-ms-win-core-shlwapi-legacy-l1-1-0

SHExpandEnvironmentStringsW
PathFindNextComponentW
PathGetArgsA
PathGetDriveNumberA
PathQuoteSpacesW
PathGetCharTypeW
PathStripPathW
PathIsUNCW
PathParseIconLocationW
PathIsFileSpecW
PathRelativePathToW
PathRemoveBlanksW
PathMatchSpecW
PathRemoveBackslashW
PathGetDriveNumberW
PathIsSameRootW
PathFileExistsW
PathCommonPrefixW
PathUnquoteSpacesW
PathIsValidCharW
PathStripToRootW
PathUnExpandEnvStringsW
PathIsUNCServerW
PathRemoveExtensionW
PathRemoveFileSpecW
PathIsPrefixW
PathFindFileNameW
PathIsRootW
PathFindExtensionW
PathIsRelativeW
PathMatchSpecExW
PathSkipRootW
PathIsUNCServerShareW

api-ms-win-core-path-l1-1-0

PathCchSkipRoot
PathAllocCombine
PathCchRenameExtension
PathIsUNCEx
PathCchStripToRoot
PathCchCombine
PathCchCanonicalize
PathCchFindExtension
PathAllocCanonicalize
PathCchAppendEx
PathCchCombineEx
PathCchRemoveFileSpec
PathCchAddBackslash
PathCchAppend
PathCchRemoveBackslash
PathCchCanonicalizeEx
PathCchAddBackslashEx

api-ms-win-core-file-l1-1-0

WriteFile
GetFileAttributesExW
DeleteFileW
FindNextFileW
GetFullPathNameW
SetFileInformationByHandle
GetFileInformationByHandle
FlushFileBuffers
CompareFileTime
FindFirstFileExW
GetFileSizeEx
SetFilePointerEx
FindClose
FindFirstFileW
GetFinalPathNameByHandleW
GetVolumeInformationByHandleW
SetFilePointer
GetLongPathNameW
GetDiskFreeSpaceExW
GetTempFileNameW
SetFileTime
GetVolumePathNameW
GetVolumeInformationW
GetDriveTypeW
GetFileSize
QueryDosDeviceW
GetLogicalDrives
SetFileAttributesW
GetShortPathNameW
GetDiskFreeSpaceW
RemoveDirectoryW
UnlockFile
CreateFileW
GetFileTime
LockFile
GetFileAttributesW
ReadFile
CreateDirectoryW

api-ms-win-core-file-l2-1-0

ReadDirectoryChangesW
ReplaceFileW
CreateHardLinkW
MoveFileExW
CopyFile2
GetFileInformationByHandleEx

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-com-private-l1-1-0

CoRegisterInitializeSpy
CoRevokeInitializeSpy

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW
CreateFile2

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW
QueryFullProcessImageNameW
K32GetProcessImageFileNameW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
GetTimeZoneInformationForYear

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask
GetSystemTimePreciseAsFileTime
GetProductInfo

api-ms-win-shell-shellcom-l1-1-0

SHCoCreateInstance

api-ms-win-core-heap-obsolete-l1-1-0

GlobalSize
GlobalUnlock
GlobalLock
GlobalReAlloc

api-ms-win-core-wow64-l1-1-1

GetSystemWow64DirectoryW
Wow64SetThreadDefaultGuestMachine
IsWow64Process2

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-kernel32-legacy-l1-1-0

SetVolumeLabelW
GetComputerNameW
MoveFileW
FileTimeToDosDateTime
DosDateTimeToFileTime

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-file-l2-1-1

OpenFileById

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer
QueueUserWorkItem

api-ms-win-core-io-l1-1-0

CancelIoEx
DeviceIoControl
GetOverlappedResult

api-ms-win-core-io-l1-1-1

CancelSynchronousIo

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW
PowerClearRequest
PowerCreateRequest
PowerSetRequest

api-ms-win-core-memory-l1-1-0

ReadProcessMemory
MapViewOfFile
CreateFileMappingW
VirtualFree
WriteProcessMemory
UnmapViewOfFile

api-ms-win-core-privateprofile-l1-1-1

WritePrivateProfileSectionW

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileSectionW
WritePrivateProfileStringW
GetPrivateProfileStringW

api-ms-win-core-sysinfo-l1-2-1

GetPhysicallyInstalledSystemMemory

api-ms-win-core-registryuserspecific-l1-1-0

SHRegGetUSValueW
SHRegGetBoolUSValueW

api-ms-win-core-console-l3-2-0

GetConsoleWindow

api-ms-win-core-atoms-l1-1-0

GlobalDeleteAtom
GlobalAddAtomW
GlobalGetAtomNameW

api-ms-win-core-sysinfo-l1-2-3

GetIntegratedDisplaySize

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

api-ms-win-core-kernel32-private-l1-1-0

CheckElevationEnabled
CheckElevation

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-file-l1-2-1

GetCompressedFileSizeW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-ro-typeresolution-l1-1-1

RoCreatePropertySetSerializer

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
DeactivateActCtx
CreateActCtxW
ReleaseActCtx

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

kernelbase

ParseApplicationUserModelId
GetPackageInfo2
GetStagedPackagePathByFullName2
GetPackageFamilyNameFromToken
CheckAllowDecryptedRemoteDestinationPolicy
GetCurrentPackageFamilyName
GetCurrentApplicationUserModelId
PackageNameAndPublisherIdFromFamilyName
SHLoadIndirectStringInternal
GetCurrentPackageId
GetApplicationUserModelIdFromToken
FindPackagesByPackageFamily
IsDeveloperModeEnabled
GetCurrentPackageInfo2
GetPackageApplicationIds
GetCurrentPackageInfo

api-ms-win-core-psm-key-l1-1-0

PsmGetKeyFromToken

Exports

Exports

ApplyProviderSettings
AssocCreateForClasses
AssocGetDetailsOfPropKey
AssocShouldProcessUseAppToAppLaunching
CCachedShellItem_CreateInstance
CCollectionFactory_CreateInstance
CDesktopFolder_CreateInstanceWithBindContext
CFSFolder_AdjustForSlowColumn
CFSFolder_CreateFolder
CFSFolder_IsCommonItem
CFileOperationRecorder_CreateInstance
CFreeThreadedItemContainer_CreateInstance
CMruLongList_CreateInstance
CPrivateProfileCache_Save
CRegFolder_CreateAndInit
CRegFolder_CreateInstance
CShellItemArrayAsCollection_CreateInstance
CShellItemArrayAsVirtualizedObjectArray_CreateInstance
CShellItemArrayWithCommonParent_CreateInstance
CShellItemArray_CreateInstance
CShellItem_CreateInstance
CStorageItem_GetValidatedStorageItemObject
CTaskAddDoc_Create
CViewSettings_CreateInstance
CheckSmartScreenWithAltFile
CopyDefaultLibrariesFromGroupPolicy
CreateExtrinsicPropertyStore
CreateItemArrayFromItemStore
CreateItemArrayFromObjectArray
CreateLocalizationDesktopIni
CreateSortColumnArray
CreateStorageItemFromPath_FullTrustCaller
CreateStorageItemFromPath_FullTrustCaller_ForPackage
CreateStorageItemFromPath_PartialTrustCaller
CreateStorageItemFromShellItem
CreateStorageItemFromShellItem_FullTrustCaller_ForPackage
CreateStorageProviderPropertyStore
CreateVolatilePropertyStore
CustomStatePropertyDescription_CreateWithItemPropertyStore
CustomStatePropertyDescription_CreateWithStateIdentifier
DataAccessCaches_InvalidateForLibrary
DeserializeTextToLink
DetermineFolderDestinationParentAppID
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
DragQueryFileW
EnumShellItemsFromEnumFullIdList
GatherProviderSettings
GetCachedFileUpdateInformation
GetCommandProviderForFolderType
GetFileUndoText
GetFindDataForPath
GetFindDataFromFileInformationByHandle
GetInfoForFileInUse
GetRegDataDrivenCommand
GetRegDataDrivenCommandWithAssociation
GetSelectionStateFromItemArray
GetSystemPersistedStorageItemList
GetSystemPersistedStorageItemListForUser
GetThreadFlags
GetUserChoiceForUrl
Global_WindowsStorage_MaxIcons
Global_WindowsStorage_Untyped_FileClassSRWLock
Global_WindowsStorage_Untyped_MountPoint
Global_WindowsStorage_Untyped_pFileClassCacheTable
Global_WindowsStorage_Untyped_pFileHanderMap
Global_WindowsStorage_Untyped_rgshil
Global_WindowsStorage_afNotRedirected
Global_WindowsStorage_ccIcon
Global_WindowsStorage_csIconCache
Global_WindowsStorage_csSCN
Global_WindowsStorage_dwThreadBindCtx
Global_WindowsStorage_dwThreadInitializing
Global_WindowsStorage_esServerMode
Global_WindowsStorage_fEndInitialized
Global_WindowsStorage_fIconCacheHasBeenSuccessfullyCreated
Global_WindowsStorage_fIconCacheIsValid
Global_WindowsStorage_fNeedsInitBroadcast
Global_WindowsStorage_hwndSCN
Global_WindowsStorage_iLastSysIcon
Global_WindowsStorage_iLastSystemColorDepth
Global_WindowsStorage_iUseLinkPrefix
Global_WindowsStorage_lProcessClassCount
Global_WindowsStorage_lrFlags
Global_WindowsStorage_nImageManagerVersion
Global_WindowsStorage_tlsChangeClientProxy
Global_WindowsStorage_tlsIconCache
Global_WindowsStorage_tlsThreadFlags
Global_WindowsStorage_ulNextID
GrantPathAccess_FullTrustCaller_ForPackage
GrantWorkingDirectoryAccess_FullTrustCaller_ForPackage
HideExtension
ILAppendID
ILClone
ILCloneFirst
ILCombine
ILFindChild
ILFindLastID
ILFree
ILGetNext
ILGetSize
ILIsEqual
ILIsParent
ILLoadFromStreamEx
ILRemoveLastID
ILSaveToStream
IsLFNDriveW
IsLibraryCreatedByPolicy
IsLibraryPolicyEnabled
IsNameListedUnderKey
IsUserAnAdmin
NeverProvidedByJunction
PathCleanupSpec
PathContainedByManifestedKnownFolder_FullTrustCaller_ForPackage
PathIsExe
PathMakeUniqueName
PathYetAnotherMakeUniqueName
QueryStorageAccess_FullTrustCaller_ForPackage
QueryStorageAccess_FullTrustCaller_ForToken
RebaseOnDriveLetter
RebaseOnVolumeID
RegisterChangeNotifications
RegistryVerbs_GetHandlerMultiSelectModel
SHAssocEnumHandlers
SHAssocEnumHandlersForProtocolByApplication
SHBindToFolderIDListParent
SHBindToFolderIDListParentEx
SHBindToObject
SHBindToParent
SHCLSIDFromString
SHChangeNotification_Lock
SHChangeNotification_Unlock
SHChangeNotify
SHChangeNotifyDeregister
SHChangeNotifyRegister
SHChangeNotifyRegisterThread
SHChangeNotifySuspendResume
SHCoCreateInstanceWorker
SHCreateAssocHandler
SHCreateAssociationRegistration
SHCreateDataObject
SHCreateDefaultExtractIcon
SHCreateDirectory
SHCreateDirectoryExA
SHCreateDirectoryExW
SHCreateItemFromIDList
SHCreateItemFromParsingName
SHCreateItemFromRelativeName
SHCreateItemInKnownFolder
SHCreateItemWithParent
SHCreateItemWithParentAndChildId
SHCreateShellItemArray
SHCreateShellItemArrayFromDataObject
SHCreateShellItemArrayFromIDLists
SHCreateShellItemArrayFromShellItem
SHCreateShellItemArrayWithFolderParent
SHCreateStdEnumFmtEtc
SHFileOperationWithAdditionalFlags
SHFindFiles
SHFlushSFCache
SHGetDesktopFolder
SHGetFileInfoW
SHGetFolderLocation
SHGetFolderPathA
SHGetFolderPathAndSubDirA
SHGetFolderPathAndSubDirW
SHGetFolderPathEx
SHGetFolderPathW
SHGetIDListFromObject
SHGetInstanceExplorer
SHGetItemFromObject
SHGetKnownFolderIDList
SHGetKnownFolderIDList_Internal
SHGetKnownFolderItem
SHGetKnownFolderPath
SHGetNameFromIDList
SHGetPathFromIDListEx
SHGetPathFromIDListW
SHGetSetSettings
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHGetStockIconInfo
SHGetTemporaryPropertyForItem
SHHandleUpdateImage
SHILCreateFromPath
SHKnownFolderFromCSIDL
SHKnownFolderToCSIDL
SHOpenFolderAndSelectItems
SHParseDisplayName
SHPrepareKnownFoldersCommon
SHPrepareKnownFoldersUser
SHResolveLibrary
SHRestricted
SHSetFolderPathA
SHSetFolderPathW
SHSetKnownFolderPath
SHSetLocalizedName
SHSetTemporaryPropertyForItem
SHSysErrorMessageBox
SHTestTokenMembership
SHUpdateImageA
SHUpdateImageW
STORAGE_AddItemToRecentDocs
STORAGE_AddNewFolderToFrequentPlaces
STORAGE_CEnumFiles_CreateInstance
STORAGE_CStatusProvider_CreateInstance
STORAGE_CStorageItem_GetValidatedStorageItem
STORAGE_CStorageItem_GetValidatedStorageItemObject
STORAGE_ClearDestinationsForAllApps
STORAGE_CreateSortColumnArrayFromListDesc
STORAGE_CreateStorageItemFromPath_FullTrustCaller
STORAGE_CreateStorageItemFromPath_FullTrustCaller_ForPackage
STORAGE_CreateStorageItemFromPath_PartialTrustCaller
STORAGE_CreateStorageItemFromShellItem_FullTrustCaller
STORAGE_CreateStorageItemFromShellItem_FullTrustCaller_ForPackage
STORAGE_CreateStorageItemFromShellItem_FullTrustCaller_ForPackage_WithProcessHandle
STORAGE_CreateStorageItemFromShellItem_FullTrustCaller_ForPackage_WithProcessHandleAndSecondaryStreamName
STORAGE_CreateStorageItemFromShellItem_FullTrustCaller_UseImplicitFlagsAndPackage
STORAGE_FillResultWithNullForKeys
STORAGE_GetShellItemFromStorageItem
STORAGE_GetSystemPersistedStorageItemList
STORAGE_MakeDestinationItem
STORAGE_PathIsEqualOrSubFolderOfKnownFolders
STORAGE_SHAddToRecentDocs
STORAGE_SHAddToRecentDocsEx
STORAGE_SHConfirmOperation
STORAGE_SHCreateDirectory
STORAGE_SHCreateDirectoryExA
STORAGE_SHCreateDirectoryExWWorker
STORAGE_SHCreateShellItemArray
STORAGE_SHCreateShellItemArrayFromDataObject
STORAGE_SHCreateShellItemArrayFromIDLists
STORAGE_SHCreateShellItemArrayFromShellItem
STORAGE_SHFileOperation
STORAGE_SHFileOperationA
STORAGE_SHFreeNameMappings
STORAGE_SHGetDesktopFolderWorker
STORAGE_SHGetPathFromMsUri
STORAGE_SHOpenFolderAndSelectItems
STORAGE_SHPathPrepareForWriteA
STORAGE_SHPathPrepareForWriteW
STORAGE_SHValidateMSUri
SendNotificationsForLibraryItem
SerializeLinkToText
SetThreadFlags
ShellExecuteA
ShellExecuteExW
ShellExecuteW
StateRepoVerbsCache_Destroy
StateRepoVerbsCache_GetContextMenuVerbs
StateRepoVerbsCache_RebuildCacheAsync
StorageItemHelpers_IsSupportedRemovablePath
Storage_Internal_GetAccessListForPackage
UnregisterChangeNotifications
_CleanRecentDocs
_PredictReasonableImpact

Sections

.text
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 384KB - Virtual size: 383KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
windowsudk.shellcommon.dll
.dll windows:10 windows x64 arch:x64

5ed8660a470e0ca41a869e4839a9ea61

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

windowsudk.shellcommon.pdb

Imports

msvcp_win

?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W0@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?__ExceptionPtrRethrow@@YAXPEBX@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
?setf@ios_base@std@@QEAAHHH@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
??Bid@locale@std@@QEAA_KXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
_Cnd_wait
_Mtx_unlock
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
_Cnd_broadcast
_Mtx_destroy_in_situ
_Cnd_destroy_in_situ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
_Mtx_init_in_situ
_Cnd_init_in_situ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_join
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
_Cnd_register_at_thread_exit
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
_Cnd_unregister_at_thread_exit
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
_Thrd_yield
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Xbad_alloc@std@@YAXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?_Xbad_function_call@std@@YAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??0task_continuation_context@Concurrency@@AEAA@XZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
??Bios_base@std@@QEBA_NXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__localtime64_s
_o__msize
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__wcsicmp
_o__wcsnicmp
_o__wcstoui64
_o__wtoi
_o_abort
_o_ceilf
_o_free
_o_iswspace
_o_log
_o_malloc
_o_memcpy_s
_o_realloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcstok_s
_o_wcstol
_o_wcstombs
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__crt_atexit
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__configure_narrow_argv
_o__initialize_onexit_table
_o__initialize_narrow_environment
strrchr
_o__cexit
_o__callnewh
_o__beginthreadex
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__get_errno
wcsrchr
__std_type_info_compare
wcschr
_o__execute_onexit_table
_o__errno
memmove
memcmp
memcpy
_o____lc_codepage_func
__std_terminate
__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

strcspn
wcsnlen
memset
wcscmp
strcmp
strlen
strncmp
wcslen

api-ms-win-core-libraryloader-l1-2-0

AddDllDirectory
RemoveDllDirectory
LoadLibraryExW
GetModuleHandleW
GetProcAddress
GetModuleHandleExA
FreeLibrary
GetModuleFileNameA
GetModuleHandleExW
LoadStringW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
LeaveCriticalSection
SetEvent
CreateEventExW
CreateSemaphoreExW
AcquireSRWLockExclusive
WaitForSingleObjectEx
TryEnterCriticalSection
WaitForMultipleObjectsEx
InitializeCriticalSectionEx
ResetEvent
EnterCriticalSection
CreateEventW
ReleaseSRWLockShared
OpenSemaphoreW
InitializeCriticalSectionAndSpinCount
CreateMutexExW
InitializeCriticalSection
DeleteCriticalSection
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSize
HeapReAlloc
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentProcess
GetExitCodeProcess
GetCurrentProcessId
ProcessIdToSessionId
GetProcessTimes
TerminateProcess
GetCurrentThreadId
OpenThreadToken
GetProcessId
SetThreadToken
GetCurrentThread

api-ms-win-core-localization-l1-2-0

LocaleNameToLCID
FormatMessageA
ResolveLocaleName
LCMapStringW
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation
EventActivityIdControl

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
Sleep
WakeByAddressAll
WaitOnAddress
WakeAllConditionVariable

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureStackBackTrace

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemDirectoryW
GetSystemTime
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetVersionExW

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedFlushSList
InitializeSListHead

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
TrySubmitThreadpoolCallback

api-ms-win-security-base-l1-1-0

CopySid
IsWellKnownSid
GetLengthSid
EqualSid
DuplicateTokenEx
InitializeAcl
DuplicateToken
CheckTokenMembership
CreateWellKnownSid
ImpersonateLoggedOnUser
IsValidSid
RevertToSelf
GetTokenInformation
GetAce

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegQueryValueExW
RegCloseKey
RegNotifyChangeKeyValue
RegOpenCurrentUser
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteTreeW
RegDeleteKeyExW
RegEnumValueW
RegDisablePredefinedCacheEx
RegCreateKeyExW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal
CompareStringW

api-ms-win-core-file-l1-1-0

LockFileEx
UnlockFileEx
FlushFileBuffers
ReadFile
WriteFile
CreateFileW
SetEndOfFile
DeleteFileW
GetFileAttributesExW
SetFilePointerEx
GetFileAttributesW
CompareFileTime

api-ms-win-core-shlwapi-legacy-l1-1-0

PathParseIconLocationW
PathUnExpandEnvStringsW
PathFileExistsW

userenv

GetProfileType

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics
SystemParametersInfoW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

ntdll

RtlQueryInformationAcl
RtlLengthSid
RtlCreateAcl
RtlGetAce
RtlAddAce
RtlAddAccessAllowedAce
RtlSetDaclSecurityDescriptor
NtSetSecurityObject
NtQuerySecurityObject
NtQueryInformationToken
RtlInitUnicodeString
RtlGetDeviceFamilyInfoEnum
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlCreateSecurityDescriptor
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlIsMultiSessionSku
NtQueryInformationProcess
RtlGetCurrentServiceSessionId
RtlGetDaclSecurityDescriptor

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-shell-namespace-l1-1-0

SHCreateItemFromParsingName
SHCreateItemFromIDList
SHGetIDListFromObject

api-ms-win-shell-changenotify-l1-1-1

SHChangeNotifySuspendResume

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-registry-l2-1-0

RegCreateKeyW
RegOpenKeyW
RegDeleteKeyW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime
GetProductInfo
VerSetConditionMask
GetNativeSystemInfo

api-ms-win-core-apiquery-l2-1-0

IsApiSetImplemented

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-path-l1-1-0

PathCchAppend
PathAllocCombine

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

xmllite

CreateXmlReader

api-ms-win-shell-shdirectory-l1-1-0

ord292

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-file-l1-2-0

CreateFile2

combase

ord168
ord147
ord148
ord167
ord154
ord140

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-memory-l1-1-0

FlushViewOfFile
UnmapViewOfFile

api-ms-win-core-libraryloader-l2-1-0

LoadPackagedLibrary

api-ms-win-core-memory-l1-1-1

CreateFileMappingFromApp
MapViewOfFileFromApp

api-ms-win-core-util-l1-1-0

EncodePointer

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
GetCtacPropertyAlloc
GetExternalFeatureState

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 296KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
windowsudkservices.shellcommon.dll
.dll windows:10 windows x64 arch:x64

20b82569c9480f89cb426080f3d677b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

windowsudkservices.shellcommon.pdb

Imports

msvcp_win

?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Mtx_unlock
_Mtx_init_in_situ
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_destroy_in_situ

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_abort
_o_free
_o_iswspace
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
_o___stdio_common_vswprintf
memcpy

api-ms-win-crt-string-l1-1-0

memset

combase

ord68
GetErrorInfo
SetErrorInfo
ord147
ord66
ord69
ord67

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleFileNameA
FreeLibrary
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
ReleaseSemaphore
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObject
CreateEventExW
SetEvent
OpenSemaphoreW
CreateMutexExW
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-kernel32-legacy-l1-1-0

UnregisterWait

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-util-l1-1-0

EncodePointer

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winhttp.dll
.dll windows:10 windows x64 arch:x64

3daef22c44b8c09810bbe91f782a2ea4

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:ad:19:69:22:15:e2:0c:a4:b8:a0:3c:b2:30:b5:96:21:97:d8:ee:4c:75:8e:73:08:35:ce:2e:30:db:f8:6a
Signer

Actual PE Digest

6a:ad:19:69:22:15:e2:0c:a4:b8:a0:3c:b2:30:b5:96:21:97:d8:ee:4c:75:8e:73:08:35:ce:2e:30:db:f8:6a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

winhttp.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__ltow_s
_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__strtoui64
_o__wcsicmp
_o__wcslwr_s
_o__wcsnicmp
memmove
_o__wtoi
_o_iscntrl
_o_isdigit
_o_isspace
_o_iswdigit
_o_iswspace
_o_qsort
_o_rand
_o_tolower
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok
_o_wcstok_s
__C_specific_handler
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___std_type_info_destroy_list
_o__execute_onexit_table
_o__errno
memcmp
memcpy
wcschr
wcsstr
wcsrchr

api-ms-win-crt-string-l1-1-0

memset
wcscmp

ntdll

RtlUnsubscribeWnfNotificationWaitForCompletion
RtlReportExceptionEx
RtlLengthSid
RtlValidSid
RtlUnsubscribeWnfStateChangeNotification
RtlIpv4StringToAddressExW
RtlSubscribeWnfStateChangeNotification
RtlIpv6StringToAddressExW
RtlPublishWnfStateData
RtlGUIDFromString
NtOpenFile
RtlMoveMemory
RtlIpv4AddressToStringW
RtlIpv6AddressToStringExW
RtlIpv4AddressToStringExW
NtSetInformationObject
NtSetCachedSigningLevel
NtCompareSigningLevels
RtlDllShutdownInProgress
RtlGetPersistedStateLocation
RtlNtStatusToDosError
RtlConvertSidToUnicodeString
NtGetCachedSigningLevel
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwTraceMessageVa
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
NtQueryLicenseValue
RtlGetDeviceFamilyInfoEnum
RtlGetVersion
RtlInitUnicodeString

api-ms-win-security-base-l1-1-0

AddMandatoryAce
RevertToSelf
GetLengthSid
AccessCheck
DuplicateTokenEx
InitializeAcl
GetAce
SetTokenInformation
AddAccessAllowedAce
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
CreateRestrictedToken
EqualSid
ImpersonateLoggedOnUser
CopySid
IsValidSid

api-ms-win-core-synch-l1-1-0

CreateEventExA
WaitForSingleObjectEx
WaitForMultipleObjectsEx
TryAcquireSRWLockExclusive
CreateEventW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateMutexExW
ReleaseSemaphore
CreateSemaphoreExW
CreateEventA
InitializeCriticalSectionEx
OpenSemaphoreW
EnterCriticalSection
SetEvent
ResetEvent
InitializeSRWLock
ReleaseMutex
WaitForSingleObject

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-0

CreateProcessAsUserW
TlsSetValue
GetCurrentProcessId
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
TlsGetValue
GetCurrentProcess
TlsFree
OpenThreadToken
GetCurrentThread
OpenProcessToken
TerminateProcess
GetCurrentThreadId
TlsAlloc
SetThreadToken
ResumeThread
CreateThread

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventRegister
EventWriteTransfer
EventSetInformation
EventWrite

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep
InitOnceInitialize

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
SetProcessMitigationPolicy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetTickCount64
GetSystemDirectoryW
GetSystemTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
LoadLibraryExA
GetModuleFileNameW
FreeLibrary
GetModuleHandleW
GetProcAddress
GetModuleHandleExA
LoadLibraryExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapReAlloc
HeapSize
GetProcessHeap
HeapFree

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalFree
LocalAlloc
GlobalAlloc

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegGetValueA
RegCreateKeyExW
RegQueryInfoKeyA
RegSetValueExA
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegNotifyChangeKeyValue
RegOpenKeyExA

api-ms-win-security-credentials-l1-1-0

CredDeleteW
CredReadW
CredEnumerateW
CredReadDomainCredentialsW
CredWriteW
CredFree

api-ms-win-core-localization-l1-2-0

FormatMessageW
IdnToAscii

api-ms-win-core-threadpool-l1-2-0

CallbackMayRunLong
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CloseThreadpoolWait
CreateThreadpoolWait
WaitForThreadpoolWorkCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SubmitThreadpoolWork
CloseThreadpoolCleanupGroup
CloseThreadpoolWork
CloseThreadpoolTimer

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-wow64-l1-1-1

Wow64SetThreadDefaultGuestMachine

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-file-l1-1-0

FindFirstFileW
SetFileAttributesW
RemoveDirectoryW
DeleteFileW
CreateDirectoryW
FindClose
FindNextFileW
GetFileAttributesW
LocalFileTimeToFileTime
SetEndOfFile
SetFilePointer
CompareFileTime
ReadFile
GetFileSizeEx
WriteFile
CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-memory-l1-1-0

VirtualAlloc
OpenFileMappingW
MapViewOfFile
CreateFileMappingW
VirtualFree
UnmapViewOfFile

api-ms-win-core-string-l2-1-0

CharLowerW

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem
UnregisterWaitEx

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNICA
StrStrIA
StrCmpNCA
StrChrW
StrStrA

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpA

api-ms-win-core-heap-obsolete-l1-1-0

GlobalReAlloc

api-ms-win-core-url-l1-1-0

UrlUnescapeA
UrlCombineW
UrlCanonicalizeW

api-ms-win-core-windowserrorreporting-l1-1-0

WerSetFlags

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-service-private-l1-1-0

WaitServiceState

kernelbase

UnsubscribeWdagEnabledStateChange
GetIsEdpEnabled
AppContainerUnregisterSid
AppContainerRegisterSid
SubscribeWdagEnabledStateChange
GetIsWdagEnabled
UnsubscribeEdpEnabledStateChange
SubscribeEdpEnabledStateChange

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Private1
SvchostPushServiceGlobals
WinHttpAddRequestHeaders
WinHttpAddRequestHeadersEx
WinHttpAutoProxySvcMain
WinHttpCheckPlatform
WinHttpCloseHandle
WinHttpConnect
WinHttpConnectionDeletePolicyEntries
WinHttpConnectionDeleteProxyInfo
WinHttpConnectionFreeNameList
WinHttpConnectionFreeProxyInfo
WinHttpConnectionFreeProxyList
WinHttpConnectionGetNameList
WinHttpConnectionGetProxyInfo
WinHttpConnectionGetProxyList
WinHttpConnectionOnlyConvert
WinHttpConnectionOnlyReceive
WinHttpConnectionOnlySend
WinHttpConnectionSetPolicyEntries
WinHttpConnectionSetProxyInfo
WinHttpConnectionUpdateIfIndexTable
WinHttpCrackUrl
WinHttpCreateProxyResolver
WinHttpCreateUrl
WinHttpDetectAutoProxyConfigUrl
WinHttpFreeProxyResult
WinHttpFreeProxyResultEx
WinHttpFreeProxySettings
WinHttpFreeProxySettingsEx
WinHttpFreeQueryConnectionGroupResult
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpGetProxyForUrlEx
WinHttpGetProxyForUrlEx2
WinHttpGetProxyForUrlHvsi
WinHttpGetProxyResult
WinHttpGetProxyResultEx
WinHttpGetProxySettingsEx
WinHttpGetProxySettingsResultEx
WinHttpGetProxySettingsVersion
WinHttpGetTunnelSocket
WinHttpOpen
WinHttpOpenRequest
WinHttpPacJsWorkerMain
WinHttpProbeConnectivity
WinHttpQueryAuthSchemes
WinHttpQueryConnectionGroup
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpQueryHeadersEx
WinHttpQueryOption
WinHttpReadData
WinHttpReadDataEx
WinHttpReadProxySettings
WinHttpReadProxySettingsHvsi
WinHttpReceiveResponse
WinHttpRegisterProxyChangeNotification
WinHttpResetAutoProxy
WinHttpSaveProxyCredentials
WinHttpSendRequest
WinHttpSetCredentials
WinHttpSetDefaultProxyConfiguration
WinHttpSetOption
WinHttpSetProxySettingsPerUser
WinHttpSetSecureLegacyServersAppCompat
WinHttpSetStatusCallback
WinHttpSetTimeouts
WinHttpTimeFromSystemTime
WinHttpTimeToSystemTime
WinHttpUnregisterProxyChangeNotification
WinHttpWebSocketClose
WinHttpWebSocketCompleteUpgrade
WinHttpWebSocketQueryCloseStatus
WinHttpWebSocketReceive
WinHttpWebSocketSend
WinHttpWebSocketShutdown
WinHttpWriteData
WinHttpWriteProxySettings

Sections

.text
Size: 904KB - Virtual size: 902KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wpp_sf
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winload.efi
.dll windows:0 windows x64 arch:x64

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

98:80:dc:4b:f2:85:37:a8:16:3c:83:94:42:75:bb:5b:e1:e6:42:55:f4:d9:cf:ba:d1:2a:a8:f1:79:94:2e:98
Signer

Actual PE Digest

98:80:dc:4b:f2:85:37:a8:16:3c:83:94:42:75:bb:5b:e1:e6:42:55:f4:d9:cf:ba:d1:2a:a8:f1:79:94:2e:98

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

winload_prod.pdb

Exports

Exports

AhCreateLoadOptionsString
AhGetArcDevice
ArchBuildKernelGdt
ArchGetGdtRegister
BlAllocateSlabPages
BlAmdSlGetEnabledFeatures
BlAmdSlGetTaCommands
BlAmdSlGetTaParameterRegisters
BlAppCheckDependency
BlAppSetDependency
BlAppendBootOptionBoolean
BlAppendBootOptionString
BlAppendUnicodeToString
BlArchCpuId
BlArchDetectSmt
BlArchGetCpuVendor
BlArchGetPerformanceCounter
BlArchIsCpuIdFunctionSupported
BlArchIsFiveLevelPagingActive
BlArchIsShadowStackSupported
BlArchKernelSetup
BlArchQueryIoPortAccessSupported
BlArchSetSecrets
BlBdDebugTransitionsEnabled
BlBdDebuggerConnected
BlBdGetBootDebugDevice
BlBdGetExtensionName
BlBdGetHvDebugDevice
BlBdGetMacAddressFromSmBiosUuid
BlBdGetPciDevicePath
BlBdInitializeDeviceDescriptor
BlBdInitializeDeviceDescriptorEx
BlBdInitializeTransportExtension
BlBdLoadImageSymbols
BlBdPatchIdt
BlBdReleaseDebuggingDevice
BlBdSetupDebugDevice
BlBdSetupDebuggingDevice
BlBdStart
BlBdStop
BlBdUpdateSharedHypervisorDebugDevice
BlBootOptionExists
BlBsdCloseLog
BlBsdLogEntry
BlCopyBootOptions
BlCopyStringToUnicodeString
BlCopyStringToWcharString
BlCopyUnicodeStringToUnicodeString
BlCopyWcharStringToString
BlDeviceClose
BlDeviceCompare
BlDeviceGetInformation
BlDeviceGetIoInformation
BlDeviceOpen
BlDeviceSetInformation
BlDisplayFreeOemBitmap
BlDisplayGetOemBitmap
BlDisplayInvalidateOemBitmap
BlEnNotifyEvent
BlFileClose
BlFileCopyFile
BlFileExists
BlFileGetInformation
BlFileLoad
BlFileOpen
BlFileReadAtOffsetEx
BlFileReadEx
BlFileSetInformation
BlFileWrite
BlFveCheckPermission
BlFwGetAcpiMemoryMap
BlFwGetSystemTable
BlFwQueryEfiRuntimeVaRange
BlFwReboot
BlFwServicesAvailable
BlGetApplicationEntry
BlGetApplicationIdentifier
BlGetBootDevice
BlGetBootOptionBoolean
BlGetBootOptionDevice
BlGetBootOptionInteger
BlGetBootOptionString
BlGetDevice
BlGetDeviceIdentifier
BlGetExecutionEnvironment
BlGetLogicalProcessorCount
BlGetProcessorApicIds
BlImgFindSection
BlImgGetNtHeader
BlImgGetPEImageSize
BlImgGetSigningPolicy
BlImgGetWhqlEnforcementDateTime
BlImgIsBootUpgradedPlatform
BlImgIsUpgradeInProgress
BlImgIsUpgradedPlatform
BlImgIsWhqlDeveloperTestModeEnabled
BlImgIsWhqlDisabledBySetting
BlImgIsWhqlEnabledBySetting
BlImgIsWinPE
BlImgLoadImageWithProgress2
BlImgLoadPEImageEx
BlImgLoadPEImageWithPolicyValidatedHash
BlImgParseOsRevocationList
BlImgQueryCodeIntegrityBootOptions
BlImgRegisterCodeIntegrityCatalogDirectory
BlImgRegisterCodeIntegrityCatalogs
BlImgRsaKnownAnswerTest
BlImgSetRestrictedSigning
BlImgSetSigningPolicy
BlImgSetSysDevWhqlPolicy
BlImgSha1KnownAnswerTest
BlImgSha1MonteCarloTest
BlImgTrustCustomSignersForDrivers
BlImgUnLoadImage
BlImgVerifyFontIntegrity
BlIpmiDestroy
BlIpmiGetHwConfig
BlIpmiInitialize
BlIpmiLogCheckPoint
BlLdrBuildImagePath
BlLdrFreeDataTableEntry
BlLdrLoadDll
BlLdrLoadImage
BlLdrPreloadFile
BlLdrPreloadImage
BlLdrUnloadImage
BlLogDestroy
BlLogDiagWrite
BlLogEtwRegister
BlLogEtwWrite
BlLogEtwWriteTransfer
BlLogInitialize
BlLogIsVerboseSELEnabled
BlMmAddEnclavePageRange
BlMmAddPersistentPageRange
BlMmAllocateHeap
BlMmAllocatePages
BlMmAllocatePagesInRange
BlMmAllocatePartitionPhysicalPagesInRangeNuma
BlMmAllocatePhysicalPages
BlMmAllocatePhysicalPagesInRange
BlMmAllocatePhysicalPagesInRangeNuma
BlMmAllocateVirtualPages
BlMmClosePartition
BlMmDisableStaticDescriptors
BlMmDisableUpdates
BlMmEnableStaticDescriptors
BlMmEnableUpdates
BlMmEnumerateAllocations
BlMmFlushTlb
BlMmFreeHeap
BlMmFreePages
BlMmFreePartitionRangeAllocation
BlMmFreePhysicalPages
BlMmFreeVirtualPages
BlMmGetAllocationPages
BlMmGetMemoryMap
BlMmInitMemoryMapHandle
BlMmIsLargePageMapping
BlMmMapIoSpace
BlMmMapPhysicalAddress
BlMmMapPhysicalAddressEx
BlMmOpenPartition
BlMmPersistAllocation
BlMmProcessBadPageList
BlMmQueryLargePageSize
BlMmQueryTranslationType
BlMmRegisterPledgedType
BlMmReleaseMemoryMap
BlMmRemapVirtualAddress
BlMmSetPageProtection
BlMmTranslateEfiMemoryType
BlMmTranslateVirtualAddress
BlMmUnmapVirtualAddress
BlMmUnmapVirtualAddressEx
BlMmUnpersistAllocation
BlMmUnpersistAllocations
BlMmUnprotectAllocation
BlMmUnregisterPledgedType
BlMmUpdatesDisabled
BlMmWalkPageTable
BlMmWriteZeroPte
BlNumaGetNumaMemoryRanges
BlObtainUnusedSlabPages
BlPdAllocateData
BlPdDestroyData
BlPdFreeData
BlPdPersistAllocations
BlPdQueryData
BlPdQueryDataAll
BlPdSaveData
BlPltReadPciConfig
BlPltWritePciConfig
BlRdUnmap
BlRemoveBootOption
BlResourceFindDataFromImage
BlResourceFindMessage
BlResourceGetLanguageMapping
BlSIPolicyCheckPolicyOnDevice
BlSIPolicyDoesActivePolicyGrantPermission
BlSIPolicyLoadAndActivateTemporalPolicy
BlSealSecretToCurrentPcrValues
BlSecureBootGetNonVolatilePrivateVariable
BlSecureBootIgnoreSingleBootOption
BlSecureBootSetVolatilePrivateVariable
BlSetVirtualizationLaunched
BlSiAppLosingTpmAccess
BlSiCloseEnvironment
BlSiEnterInsecureStateEx
BlSiEnvironmentReady
BlSiFlushCurrentMeasurements
BlSiHandleHypervisorLaunchEvent
BlSiLeaveEnvironment
BlSiMeasureOsRevocationList
BlSiPaRecordConfigEvent
BlSiPaRecordDrtmConfigEvent
BlSiPaRecordEvent
BlSiSetDrtmEnvironmentUnsafe
BlStatusError
BlStatusPrint
BlStatusRegisterErrorHandler
BlSvnGetApplicationSvn
BlSvnGetChainStatus
BlSymCryptGetAesBlockCipher
BlSymCryptGetHmacSha256Algorithm
BlTblSetEntry
BlTcbIsDrtmCapable
BlTcgFwSetAndLockMemoryOverwriteRequestControl
BlTimeGetRelativeTime
BlTimeQueryPerformanceCounter
BlTpmGetRandom
BlTpmShutdown
BlTpmStatus
BlTxtGetRlpParkPage
BlTxtGetTprArray
BlUpdateBootOptions
BlUtlCheckSum
BlUtlGetAcpiTable
BlUtlGetAcpiTableOverrides
BlUtlPopulateAcpiTableCache
BlUtlReleaseAcpiTable
BlUtlSetAcpiTableOverrides
BlUtlValidateMemoryRange
BlValidateAmeCertChain
BlVsmCheckSystemPolicy
BlVsmGetSystemPolicy
BlVsmKeysFindKeyMapByType
BlVsmKeysGetCurrentLKeyRefFromArray
BlVsmKeysGetCurrentLKeyRefFromPkg
BlVsmKeysReadAndUnsealBackupLKeyPkg
BlVsmKeysReadAndUnsealLKeyPkg
BlVsmKeysSupportedByPlatform
BlpPdQueryData
BlpPdReleaseData
BlpVsmLKeyCheckBootmgrAuthorityInTcgLog
DbgLoadImageSymbols
DbgPrint
EfiGetMemoryAttributesTable
HvlQueryConnection
KdNetGetNetDataSize
KdNetGetParameters
LdrInitSecurityCookie
McGenEventWriteBoot
MinCrypL_HashMemory
MincryptSetWeakCryptoPolicy
OslGenRandomBytes
OslGetControlSubkey
OslGetDrtmSvn
OslGetExportRoutineInModule
OslGetLocalApicId
OslGetStringValueAtKey
OslGetSubkeyAtKey
OslGetValueAtKey
OslIsRunningInSecureKernel
OslLoadMicrocodeUpdate
RtlAnsiStringToUnicodeString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlApplyFunctionOverrideFixupsToImage
RtlApplyHotPatch
RtlAssert
RtlCheckCurrentPatchesApplied
RtlClearAllBits
RtlCompareMemory
RtlCompareUnicodeString
RtlCompareUnicodeStrings
RtlCountRequiredHotPatchAddressTableEntries
RtlEqualUnicodeString
RtlFindClearBits
RtlFindExportedRoutineByName
RtlFindHotPatchBase
RtlFindHotPatchInformation
RtlFindNextForwardRunClear
RtlFreeAnsiString
RtlFreeUnicodeString
RtlGUIDFromString
RtlImageDirectoryEntryToData
RtlImageNtHeaderEx
RtlInitAnsiString
RtlInitFunctionOverrideCapabilities
RtlInitUnicodeString
RtlInitUnicodeStringEx
RtlInitializeBitMap
RtlInitializeBootFeatureConfigurations
RtlInitializeDelayedFeatureUsageReportBuffer
RtlIntegerToUnicodeString
RtlIpv6StringToAddressW
RtlNotifyFeatureUsage
RtlNumberOfSetBits
RtlPrefixUnicodeString
RtlQueryFeatureConfiguration
RtlQueryFeatureConfigurationChangeStamp
RtlRbInsertNodeEx
RtlRbRemoveNode
RtlRegisterFeatureConfigurationChangeNotification
RtlSecureZeroMemory
RtlSetBit
RtlSetBits
RtlSizeOfDelayedFeatureUsageReportBuffer
RtlStringFromGUID
RtlUnicodeStringToAnsiString
RtlUnicodeStringToInteger
RtlUnregisterFeatureConfigurationChangeNotification
RtlUpcaseUnicodeChar
RtlValidateDelayedFeatureUsageReportBuffer
RtlValidateFeatureConfigurationBuffer
RtlValidateFeatureUsageSubscriptionBuffer
RtlValidateHotPatchBase
SIPolicyClearAllActivePolicy
SIPolicyDeletePersistentVariable
SIPolicyGetOptions
SIPolicyGetPolicyHandle
SIPolicyGetPolicyInfoFromType
SIPolicyGetSerializedPolicies
SIPolicyGetSerializedPoliciesSize
SIPolicyHashActiveCodeExecutionPolicies
SIPolicyInvalidateEAsOnRebootEnabled
SIPolicyIsPolicyActive
SIPolicyIsSamePolicyID
SIPolicyIsSignedPolicyRequired
SIPolicySetTrialMode
SIPolicyUmciEnabled
SbArePolicyOptionsSet
SbDoesActivePolicyGrantPermission
SbFreeFileData
SbGetKernelPolicyPackage
SbGetSizeOfKernelPolicyPackage
SbIsDebugPolicyActive
SbIsEnabled
SbIsEnabled2
SbIsPolicyActive
SbIsTestRootTrusted
SbIsTestSigningBlocked
SbLoadFile
SbValidateSkuUnlockToken
SipaGetDataPointers
SipaQueueConfigEntry
SipaQueueConfigEntryToQueue
SipaReadPcrsByMask
SipapAppendEntry
SipapCreateQueue
SymCryptGcmAuthPart
SymCryptGcmDecryptFinal
SymCryptGcmDecryptPart
SymCryptGcmEncryptFinal
SymCryptGcmEncryptPart
SymCryptGcmExpandKey
SymCryptGcmInit
SymCryptHmacSha256
SymCryptHmacSha256ExpandKey
SymCryptHmacSha512Selftest
SymCryptInit
SymCryptMarvin32
SymCryptMarvin32ExpandSeed
SymCryptRdrandGet
SymCryptRdrandStatus
SymCryptRdseedGet
SymCryptRdseedStatus
SymCryptRngAesFips140_2Generate
SymCryptRngAesFips140_2Instantiate
SymCryptRngAesFips140_2Uninstantiate
SymCryptRngAesGenerateSelftest
SymCryptRngAesInstantiateSelftest
SymCryptRngAesReseedSelftest
SymCryptSha1
SymCryptSha256
SymCryptSha256Append
SymCryptSha256Init
SymCryptSha256Result
SymCryptSha512
SymCryptSha512Append
SymCryptSha512Init
SymCryptSha512Result
SymCryptSp800_108
TpmApiCheckSecureNVIndex20
TpmApiCreateSecureNVIndex20
TpmApiCreateSrk20
TpmApiGetKeyPublicProperty20
TpmApiGetTpmVersion
TpmApiReadPublic20
TpmApiSeal20Ex
TpmApiTestAes256Capability20
TpmApiTestRsa3kCapability20
TpmApiUnsealEx
__GSHandlerCheck
__chkstk
_snwscanf_s
_stricmp
_strupr
_vsnprintf
_wcsicmp
_wcsnicmp
_wcstoui64
_wcsupr
bsearch
memcmp
memcpy
memmove
memset
qsort
rsa_construction_fips186_3
rsa_decryption
rsa_destruction
rsa_encryption
rsa_export
rsa_export_sizes
sprintf_s
strcat_s
strchr
strcmp
strcpy_s
strncmp
strnlen
strstr
swprintf_s
wcscat_s
wcscmp
wcscpy_s
wcsncmp
wcsnlen
wcsrchr
wcsstr

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGER32C
Size: 1024B - Virtual size: 729B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRANSIT
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGECMRC
Size: 512B - Virtual size: 106B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winload.exe
.dll windows:0 windows x64 arch:x64

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:f0:71:7e:86:bb:ef:6b:ff:df:56:e2:4c:7e:41:d6:29:40:77:6b:16:b6:40:55:7a:cc:47:8f:c5:70:38:b6
Signer

Actual PE Digest

29:f0:71:7e:86:bb:ef:6b:ff:df:56:e2:4c:7e:41:d6:29:40:77:6b:16:b6:40:55:7a:cc:47:8f:c5:70:38:b6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

winload_prod.pdb

Exports

Exports

AhCreateLoadOptionsString
AhGetArcDevice
ArchBuildKernelGdt
ArchGetGdtRegister
BlAllocateSlabPages
BlAmdSlGetEnabledFeatures
BlAmdSlGetTaCommands
BlAmdSlGetTaParameterRegisters
BlAppCheckDependency
BlAppSetDependency
BlAppendBootOptionBoolean
BlAppendBootOptionString
BlAppendUnicodeToString
BlArchCpuId
BlArchDetectSmt
BlArchGetCpuVendor
BlArchGetPerformanceCounter
BlArchIsCpuIdFunctionSupported
BlArchIsFiveLevelPagingActive
BlArchIsShadowStackSupported
BlArchKernelSetup
BlArchQueryIoPortAccessSupported
BlArchSetSecrets
BlBdDebugTransitionsEnabled
BlBdDebuggerConnected
BlBdGetBootDebugDevice
BlBdGetExtensionName
BlBdGetHvDebugDevice
BlBdGetMacAddressFromSmBiosUuid
BlBdGetPciDevicePath
BlBdInitializeDeviceDescriptor
BlBdInitializeDeviceDescriptorEx
BlBdInitializeTransportExtension
BlBdLoadImageSymbols
BlBdPatchIdt
BlBdReleaseDebuggingDevice
BlBdSetupDebugDevice
BlBdSetupDebuggingDevice
BlBdStart
BlBdStop
BlBdUpdateSharedHypervisorDebugDevice
BlBootOptionExists
BlBsdCloseLog
BlBsdLogEntry
BlCopyBootOptions
BlCopyStringToUnicodeString
BlCopyStringToWcharString
BlCopyUnicodeStringToUnicodeString
BlCopyWcharStringToString
BlDeviceClose
BlDeviceCompare
BlDeviceGetInformation
BlDeviceGetIoInformation
BlDeviceOpen
BlDeviceSetInformation
BlDisplayFreeOemBitmap
BlDisplayGetOemBitmap
BlDisplayInvalidateOemBitmap
BlEnNotifyEvent
BlFileClose
BlFileCopyFile
BlFileExists
BlFileGetInformation
BlFileLoad
BlFileOpen
BlFileReadAtOffsetEx
BlFileReadEx
BlFileSetInformation
BlFileWrite
BlFveCheckPermission
BlFwGetAcpiMemoryMap
BlFwGetSystemTable
BlFwQueryEfiRuntimeVaRange
BlFwReboot
BlFwServicesAvailable
BlGetApplicationEntry
BlGetApplicationIdentifier
BlGetBootDevice
BlGetBootOptionBoolean
BlGetBootOptionDevice
BlGetBootOptionInteger
BlGetBootOptionString
BlGetDevice
BlGetDeviceIdentifier
BlGetExecutionEnvironment
BlGetLogicalProcessorCount
BlGetProcessorApicIds
BlImgFindSection
BlImgGetNtHeader
BlImgGetPEImageSize
BlImgGetSigningPolicy
BlImgGetWhqlEnforcementDateTime
BlImgIsBootUpgradedPlatform
BlImgIsUpgradeInProgress
BlImgIsUpgradedPlatform
BlImgIsWhqlDeveloperTestModeEnabled
BlImgIsWhqlDisabledBySetting
BlImgIsWhqlEnabledBySetting
BlImgIsWinPE
BlImgLoadImageWithProgress2
BlImgLoadPEImageEx
BlImgLoadPEImageWithPolicyValidatedHash
BlImgParseOsRevocationList
BlImgQueryCodeIntegrityBootOptions
BlImgRegisterCodeIntegrityCatalogDirectory
BlImgRegisterCodeIntegrityCatalogs
BlImgRsaKnownAnswerTest
BlImgSetRestrictedSigning
BlImgSetSigningPolicy
BlImgSetSysDevWhqlPolicy
BlImgSha1KnownAnswerTest
BlImgSha1MonteCarloTest
BlImgTrustCustomSignersForDrivers
BlImgUnLoadImage
BlImgVerifyFontIntegrity
BlIpmiDestroy
BlIpmiGetHwConfig
BlIpmiInitialize
BlIpmiLogCheckPoint
BlLdrBuildImagePath
BlLdrFreeDataTableEntry
BlLdrLoadDll
BlLdrLoadImage
BlLdrPreloadFile
BlLdrPreloadImage
BlLdrUnloadImage
BlLogDestroy
BlLogDiagWrite
BlLogEtwRegister
BlLogEtwWrite
BlLogEtwWriteTransfer
BlLogInitialize
BlLogIsVerboseSELEnabled
BlMmAddEnclavePageRange
BlMmAddPersistentPageRange
BlMmAllocateHeap
BlMmAllocatePages
BlMmAllocatePagesInRange
BlMmAllocatePartitionPhysicalPagesInRangeNuma
BlMmAllocatePhysicalPages
BlMmAllocatePhysicalPagesInRange
BlMmAllocatePhysicalPagesInRangeNuma
BlMmAllocateVirtualPages
BlMmClosePartition
BlMmDisableStaticDescriptors
BlMmDisableUpdates
BlMmEnableStaticDescriptors
BlMmEnableUpdates
BlMmEnumerateAllocations
BlMmFlushTlb
BlMmFreeHeap
BlMmFreePages
BlMmFreePartitionRangeAllocation
BlMmFreePhysicalPages
BlMmFreeVirtualPages
BlMmGetAllocationPages
BlMmGetMemoryMap
BlMmInitMemoryMapHandle
BlMmIsLargePageMapping
BlMmMapIoSpace
BlMmMapPhysicalAddress
BlMmMapPhysicalAddressEx
BlMmOpenPartition
BlMmPersistAllocation
BlMmProcessBadPageList
BlMmQueryLargePageSize
BlMmQueryTranslationType
BlMmRegisterPledgedType
BlMmReleaseMemoryMap
BlMmRemapVirtualAddress
BlMmSetPageProtection
BlMmTranslateEfiMemoryType
BlMmTranslateVirtualAddress
BlMmUnmapVirtualAddress
BlMmUnmapVirtualAddressEx
BlMmUnpersistAllocation
BlMmUnpersistAllocations
BlMmUnprotectAllocation
BlMmUnregisterPledgedType
BlMmUpdatesDisabled
BlMmWalkPageTable
BlMmWriteZeroPte
BlNumaGetNumaMemoryRanges
BlObtainUnusedSlabPages
BlPdAllocateData
BlPdDestroyData
BlPdFreeData
BlPdPersistAllocations
BlPdQueryData
BlPdQueryDataAll
BlPdSaveData
BlPltReadPciConfig
BlPltWritePciConfig
BlRdUnmap
BlRemoveBootOption
BlResourceFindDataFromImage
BlResourceFindMessage
BlResourceGetLanguageMapping
BlSIPolicyCheckPolicyOnDevice
BlSIPolicyDoesActivePolicyGrantPermission
BlSIPolicyLoadAndActivateTemporalPolicy
BlSealSecretToCurrentPcrValues
BlSecureBootGetNonVolatilePrivateVariable
BlSecureBootIgnoreSingleBootOption
BlSecureBootSetVolatilePrivateVariable
BlSetVirtualizationLaunched
BlSiAppLosingTpmAccess
BlSiCloseEnvironment
BlSiEnterInsecureStateEx
BlSiEnvironmentReady
BlSiFlushCurrentMeasurements
BlSiHandleHypervisorLaunchEvent
BlSiLeaveEnvironment
BlSiMeasureOsRevocationList
BlSiPaRecordConfigEvent
BlSiPaRecordDrtmConfigEvent
BlSiPaRecordEvent
BlSiSetDrtmEnvironmentUnsafe
BlStatusError
BlStatusPrint
BlStatusRegisterErrorHandler
BlSvnGetApplicationSvn
BlSvnGetChainStatus
BlSymCryptGetAesBlockCipher
BlSymCryptGetHmacSha256Algorithm
BlTblSetEntry
BlTcbIsDrtmCapable
BlTcgFwSetAndLockMemoryOverwriteRequestControl
BlTimeGetRelativeTime
BlTimeQueryPerformanceCounter
BlTpmGetRandom
BlTpmShutdown
BlTpmStatus
BlTxtGetRlpParkPage
BlTxtGetTprArray
BlUpdateBootOptions
BlUtlCheckSum
BlUtlGetAcpiTable
BlUtlGetAcpiTableOverrides
BlUtlPopulateAcpiTableCache
BlUtlReleaseAcpiTable
BlUtlSetAcpiTableOverrides
BlUtlValidateMemoryRange
BlValidateAmeCertChain
BlVsmCheckSystemPolicy
BlVsmGetSystemPolicy
BlVsmKeysFindKeyMapByType
BlVsmKeysGetCurrentLKeyRefFromArray
BlVsmKeysGetCurrentLKeyRefFromPkg
BlVsmKeysReadAndUnsealBackupLKeyPkg
BlVsmKeysReadAndUnsealLKeyPkg
BlVsmKeysSupportedByPlatform
BlpPdQueryData
BlpPdReleaseData
BlpVsmLKeyCheckBootmgrAuthorityInTcgLog
DbgLoadImageSymbols
DbgPrint
HvlQueryConnection
KdNetGetNetDataSize
KdNetGetParameters
LdrInitSecurityCookie
McGenEventWriteBoot
MinCrypL_HashMemory
MincryptSetWeakCryptoPolicy
OslGenRandomBytes
OslGetControlSubkey
OslGetDrtmSvn
OslGetExportRoutineInModule
OslGetLocalApicId
OslGetStringValueAtKey
OslGetSubkeyAtKey
OslGetValueAtKey
OslIsRunningInSecureKernel
OslLoadMicrocodeUpdate
RtlAnsiStringToUnicodeString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlApplyFunctionOverrideFixupsToImage
RtlApplyHotPatch
RtlAssert
RtlCheckCurrentPatchesApplied
RtlClearAllBits
RtlCompareMemory
RtlCompareUnicodeString
RtlCompareUnicodeStrings
RtlCountRequiredHotPatchAddressTableEntries
RtlEqualUnicodeString
RtlFindClearBits
RtlFindExportedRoutineByName
RtlFindHotPatchBase
RtlFindHotPatchInformation
RtlFindNextForwardRunClear
RtlFreeAnsiString
RtlFreeUnicodeString
RtlGUIDFromString
RtlImageDirectoryEntryToData
RtlImageNtHeaderEx
RtlInitAnsiString
RtlInitFunctionOverrideCapabilities
RtlInitUnicodeString
RtlInitUnicodeStringEx
RtlInitializeBitMap
RtlInitializeBootFeatureConfigurations
RtlInitializeDelayedFeatureUsageReportBuffer
RtlIntegerToUnicodeString
RtlIpv6StringToAddressW
RtlNotifyFeatureUsage
RtlNumberOfSetBits
RtlPrefixUnicodeString
RtlQueryFeatureConfiguration
RtlQueryFeatureConfigurationChangeStamp
RtlRbInsertNodeEx
RtlRbRemoveNode
RtlRegisterFeatureConfigurationChangeNotification
RtlSecureZeroMemory
RtlSetBit
RtlSetBits
RtlSizeOfDelayedFeatureUsageReportBuffer
RtlStringFromGUID
RtlUnicodeStringToAnsiString
RtlUnicodeStringToInteger
RtlUnregisterFeatureConfigurationChangeNotification
RtlUpcaseUnicodeChar
RtlValidateDelayedFeatureUsageReportBuffer
RtlValidateFeatureConfigurationBuffer
RtlValidateFeatureUsageSubscriptionBuffer
RtlValidateHotPatchBase
SIPolicyClearAllActivePolicy
SIPolicyDeletePersistentVariable
SIPolicyGetOptions
SIPolicyGetPolicyHandle
SIPolicyGetPolicyInfoFromType
SIPolicyGetSerializedPolicies
SIPolicyGetSerializedPoliciesSize
SIPolicyHashActiveCodeExecutionPolicies
SIPolicyInvalidateEAsOnRebootEnabled
SIPolicyIsPolicyActive
SIPolicyIsSamePolicyID
SIPolicyIsSignedPolicyRequired
SIPolicySetTrialMode
SIPolicyUmciEnabled
SbArePolicyOptionsSet
SbDoesActivePolicyGrantPermission
SbFreeFileData
SbGetKernelPolicyPackage
SbGetSizeOfKernelPolicyPackage
SbIsDebugPolicyActive
SbIsEnabled
SbIsEnabled2
SbIsPolicyActive
SbIsTestRootTrusted
SbIsTestSigningBlocked
SbLoadFile
SbValidateSkuUnlockToken
SipaGetDataPointers
SipaQueueConfigEntry
SipaQueueConfigEntryToQueue
SipaReadPcrsByMask
SipapAppendEntry
SipapCreateQueue
SymCryptGcmAuthPart
SymCryptGcmDecryptFinal
SymCryptGcmDecryptPart
SymCryptGcmEncryptFinal
SymCryptGcmEncryptPart
SymCryptGcmExpandKey
SymCryptGcmInit
SymCryptHmacSha256
SymCryptHmacSha256ExpandKey
SymCryptHmacSha512Selftest
SymCryptInit
SymCryptMarvin32
SymCryptMarvin32ExpandSeed
SymCryptRdrandGet
SymCryptRdrandStatus
SymCryptRdseedGet
SymCryptRdseedStatus
SymCryptRngAesFips140_2Generate
SymCryptRngAesFips140_2Instantiate
SymCryptRngAesFips140_2Uninstantiate
SymCryptRngAesGenerateSelftest
SymCryptRngAesInstantiateSelftest
SymCryptRngAesReseedSelftest
SymCryptSha1
SymCryptSha256
SymCryptSha256Append
SymCryptSha256Init
SymCryptSha256Result
SymCryptSha512
SymCryptSha512Append
SymCryptSha512Init
SymCryptSha512Result
SymCryptSp800_108
TpmApiCheckSecureNVIndex20
TpmApiCreateSecureNVIndex20
TpmApiCreateSrk20
TpmApiGetKeyPublicProperty20
TpmApiGetTpmVersion
TpmApiReadPublic20
TpmApiSeal20Ex
TpmApiTestAes256Capability20
TpmApiTestRsa3kCapability20
TpmApiUnsealEx
__GSHandlerCheck
__chkstk
_snwscanf_s
_stricmp
_strupr
_vsnprintf
_wcsicmp
_wcsnicmp
_wcstoui64
_wcsupr
bsearch
memcmp
memcpy
memmove
memset
qsort
rsa_construction_fips186_3
rsa_decryption
rsa_destruction
rsa_encryption
rsa_export
rsa_export_sizes
sprintf_s
strcat_s
strchr
strcmp
strcpy_s
strncmp
strnlen
strstr
swprintf_s
wcscat_s
wcscmp
wcscpy_s
wcsncmp
wcsnlen
wcsrchr
wcsstr

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGER32C
Size: 1024B - Virtual size: 729B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRANSIT
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGECMRC
Size: 512B - Virtual size: 106B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winlogon.exe
.exe windows:10 windows x64 arch:x64

a1e16f982b4e185951a575722a25aec2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

winlogon.pdb

Imports

msvcrt

sprintf_s
_vsnprintf_s
iswspace
wcsrchr
_amsg_exit
__getmainargs
_vsnwprintf
wcstok
free
_onexit
__dllonexit
malloc
_CxxThrowException
_local_unwind
memcmp
__CxxFrameHandler3
?terminate@@YAXXZ
memcpy
memset
memmove
wcscat_s
rand
_vscwprintf
wcschr
__set_app_type
_XcptFilter
_unlock
exit
_lock
_exit
_cexit
_commode
_ismbblead
_fmode
_acmdln
_initterm
__setusermatherr
wcsstr
_wcsdup
_wcslwr_s
_callnewh
??1type_info@@UEAA@XZ
_get_errno
_set_errno
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
__CxxFrameHandler4
_tolower
wcscpy_s
_wcsicmp
_wtoi
_wcsnicmp
_ultow
__C_specific_handler
memmove_s
_purecall
memcpy_s
wcspbrk
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExA
GetModuleFileNameA
LoadStringW
LoadLibraryExW
FreeLibrary
GetModuleFileNameW
FindResourceExW
GetProcAddress
LoadResource
GetModuleHandleExW
GetModuleHandleW
LockResource

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
SleepConditionVariableSRW
InitOnceComplete
WakeAllConditionVariable
InitOnceBeginInitialize
Sleep

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSectionEx
ReleaseSemaphore
CreateMutexExW
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
SleepEx
ReleaseSRWLockShared
ResetEvent
CreateEventW
CreateSemaphoreExW
OpenSemaphoreW
WaitForSingleObjectEx
OpenEventW
AcquireSRWLockExclusive
SetEvent
TryEnterCriticalSection
WaitForSingleObject
CreateMutexW
ReleaseMutex
ReleaseSRWLockExclusive
AcquireSRWLockShared
TryAcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree
HeapSize
HeapSetInformation

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetErrorMode
SetLastError
GetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolCleanupGroup
CreateThreadpoolWork
CloseThreadpoolCleanupGroup
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
TrySubmitThreadpoolCallback
CloseThreadpoolCleanupGroupMembers
CloseThreadpool
SubmitThreadpoolWork
CreateThreadpool
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
CloseThreadpoolWork

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
TerminateProcess
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
GetStartupInfoW
InitializeProcThreadAttributeList
OpenProcessToken
GetCurrentProcessId
GetCurrentThread
SetThreadToken
CreateThread
CreateProcessAsUserW
CreateProcessW
GetExitCodeProcess
SetPriorityClass
SetThreadPriority
CreateRemoteThread
GetProcessId
ResumeThread

api-ms-win-core-localization-l1-2-0

GetThreadUILanguage
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCreateKeyExW
RegFlushKey
RegNotifyChangeKeyValue
RegDeleteTreeW
RegSetKeySecurity
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteValueW
RegDeleteKeyExW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegGetValueA

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
OpenProcess

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
EnableTraceEx2
StartTraceW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
LocalReAlloc

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
CompareStringW

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

api-ms-win-core-memory-l1-1-1

GetProcessWorkingSetSizeEx
VirtualLock
VirtualUnlock
SetProcessWorkingSetSizeEx

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
SetEnvironmentVariableW
SearchPathW
ExpandEnvironmentStringsW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetLocalTime
GetVersionExW
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetSystemTime
GetTickCount

api-ms-win-security-base-l1-1-0

EqualSid
DuplicateToken
CheckTokenMembership
GetSecurityDescriptorDacl
FreeSid
AdjustTokenPrivileges
IsValidSid
CreateWellKnownSid
AllocateLocallyUniqueId
GetSidIdentifierAuthority
CopySid
GetLengthSid
ImpersonateLoggedOnUser
RevertToSelf
SetTokenInformation
GetTokenInformation
DuplicateTokenEx
CreateRestrictedToken

rpcrt4

RpcMgmtIsServerListening
RpcStringFreeW
RpcBindingCopy
RpcAsyncCancelCall
Ndr64AsyncClientCall
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcAsyncInitializeHandle
RpcBindingFree
RpcServerInqCallAttributesW
RpcServerTestCancel
RpcServerUseProtseqEpW
NdrServerCall2
Ndr64AsyncServerCallAll
NdrServerCallAll
NdrAsyncServerCall
RpcRaiseException
RpcServerInqBindings
RpcEpRegisterW
RpcEpUnregister
RpcServerListen
RpcServerRegisterIfEx
RpcServerUnregisterIf
RpcServerUseProtseqW
I_RpcBindingIsClientLocal
RpcBindingVectorFree
RpcServerUnsubscribeForNotification
RpcServerSubscribeForNotification
NdrClientCall3
RpcBindingUnbind
RpcStringBindingComposeW
I_RpcExceptionFilter
RpcBindingBind
UuidFromStringW
RpcBindingCreateW
RpcRevertToSelf
RpcImpersonateClient
I_RpcBindingInqLocalClientPID
UuidCreate
UuidToStringW
RpcAsyncAbortCall
I_RpcMapWin32Status
RpcAsyncCompleteCall

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoGetMalloc
CoUninitialize
CoInitializeEx
StringFromGUID2
CoCreateGuid
CoTaskMemAlloc

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-power-base-l1-1-0

PowerDeterminePlatformRoleEx

api-ms-win-core-file-l1-1-0

GetShortPathNameW
CreateFileW
CompareFileTime
GetFileAttributesW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification
PowerSettingUnregisterNotification

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-shutdown-l1-1-1

InitiateShutdownW

api-ms-win-service-management-l1-1-0

StartServiceW
OpenServiceW
OpenSCManagerW
CloseServiceHandle

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
QueryServiceStatusEx
NotifyServiceStatusChangeW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCompareMemory
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
GetTraceLoggerHandle
UnregisterTraceGuids

api-ms-win-security-credentials-l1-1-0

CredFree
CredUnmarshalCredentialW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW
LookupAccountSidW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-job-l2-1-0

SetInformationJobObject
AssignProcessToJobObject
TerminateJobObject
QueryInformationJobObject
CreateJobObjectW

api-ms-win-security-lsapolicy-l1-1-0

LsaOpenPolicy
LsaFreeMemory
LsaClose
LsaStorePrivateData
LsaQueryInformationPolicy

api-ms-win-core-appcompat-l1-1-0

BaseInitAppcompatCacheSupport

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-security-credentials-l2-1-0

CredReadByTokenHandle

api-ms-win-base-bootconfig-l1-1-0

NotifyBootConfigStatus

api-ms-win-eventlog-legacy-l1-1-0

GetEventLogInformation
DeregisterEventSource
RegisterEventSourceW
ReportEventW

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer
QueueUserWorkItem
UnregisterWaitEx

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
GetComputerNameW
UnregisterWait

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsRelativeW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegCreateKeyW

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

kernelbase

CreateProcessInternalW
AppContainerDeriveSidFromMoniker

ntdll

WinSqmEndSession
WinSqmIsOptedIn
NtCreateEvent
RtlAddAce
RtlSetDaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
NtAdjustPrivilegesToken
NtDuplicateToken
RtlUnhandledExceptionFilter
NtQueryInformationProcess
NtSetInformationThread
NtDeviceIoControlFile
WinSqmStartSession
RtlInitializeResource
RtlAcquireResourceExclusive
RtlReleaseResource
RtlDeleteResource
NtGetCachedSigningLevel
WinSqmSetString
NtOpenEvent
NtSetEvent
RtlGetCurrentServiceSessionId
NtDeleteWnfStateName
NtCreateWnfStateName
RtlQueryResourcePolicy
__isascii
isupper
wcstok_s
_vsnprintf
RtlSetSystemBootStatus
RtlRemovePrivileges
RtlpVerifyAndCommitUILanguageSettings
NtSetInformationProcess
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
NtShutdownSystem
RtlCompareUnicodeString
RtlCreateEnvironment
TpReleaseTimer
TpWaitForTimer
TpAllocTimer
TpSetTimer
NtOpenThreadToken
NtOpenFile
RtlAppendUnicodeToString
NtOpenDirectoryObject
RtlFreeSid
NtSetSecurityObject
RtlSetSaclSecurityDescriptor
RtlAddMandatoryAce
RtlCreateAcl
RtlCreateSecurityDescriptor
RtlAllocateAndInitializeSid
RtlDestroyEnvironment
RtlCopySid
RtlNtStatusToDosErrorNoTeb
RtlSetEnvironmentVariable
RtlQueryEnvironmentVariable_U
RtlExpandEnvironmentStrings_U
RtlInitUnicodeStringEx
RtlGetAce
NtSetIRTimer
NtCreateIRTimer
NtSetInformationToken
NtCreateToken
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
TpAllocWait
WinSqmSetDWORD
TpPostWork
TpAllocWork
RtlUnsubscribeWnfNotificationWaitForCompletion
TpReleaseWork
TpWaitForWork
TpReleaseWait
TpWaitForWait
TpSetWait
NtFilterToken
NtInitiatePowerAction
RtlAdjustPrivilege
RtlPublishWnfStateData
RtlLengthSid
EtwEventWriteStartScenario
EtwEventWriteEndScenario
RtlInitUnicodeString
NtAllocateLocallyUniqueId
RtlDeregisterWait
RtlRegisterWait
RtlTimeToSecondsSince1980
WinSqmAddToStream
TpSimpleTryPost
RtlEqualSid
EtwEventEnabled
EtwEventWrite
RtlCopyLuid
NtPowerInformation
EtwEventActivityIdControl
RtlGetActiveConsoleId
RtlInitString
NtQuerySystemInformation
NtSystemDebugControl
NtQueryInformationToken
NtOpenProcessToken
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlFreeUnicodeString
RtlNtStatusToDosError
RtlDuplicateUnicodeString
NtClose
RtlOpenCurrentUser
EtwTraceMessage
EtwEventRegister
EtwEventUnregister
EtwEventWriteTransfer
EtwEventSetInformation
RtlGetNtProductType

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoActivateInstance

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 664KB - Virtual size: 661KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winresume.efi
.exe windows:0 windows x64 arch:x64

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:a6:3a:76:e7:d1:60:24:7a:dd:c0:a6:eb:62:fa:ab:96:8f:6b:6b:9e:cf:64:7d:f7:b0:db:52:ef:4d:eb:fa
Signer

Actual PE Digest

51:a6:3a:76:e7:d1:60:24:7a:dd:c0:a6:eb:62:fa:ab:96:8f:6b:6b:9e:cf:64:7d:f7:b0:db:52:ef:4d:eb:fa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

winresume.pdb

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRANSIT
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGER32C
Size: 1024B - Virtual size: 729B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winresume.exe
.exe windows:0 windows x64 arch:x64

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

34:4a:56:b1:b0:cf:10:d6:8e:2f:48:74:be:78:c8:71:50:09:5f:21:be:51:b4:90:3e:05:71:fd:92:61:53:43
Signer

Actual PE Digest

34:4a:56:b1:b0:cf:10:d6:8e:2f:48:74:be:78:c8:71:50:09:5f:21:be:51:b4:90:3e:05:71:fd:92:61:53:43

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

PDB Paths

winresume.pdb

Sections

.text
Size: 1009KB - Virtual size: 1008KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRANSIT
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGER32C
Size: 1024B - Virtual size: 729B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winsta.dll
.dll windows:10 windows x64 arch:x64

547ce95956618cb3c4690d17a0340ece

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c2:e9:39:15:ca:0e:23:43:65:0f:4b:08:6d:1f:01:9b:08:33:af:8c:1a:b9:5d:26:e1:a6:38:79:14:80:cf:0b
Signer

Actual PE Digest

c2:e9:39:15:ca:0e:23:43:65:0f:4b:08:6d:1f:01:9b:08:33:af:8c:1a:b9:5d:26:e1:a6:38:79:14:80:cf:0b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

winsta.pdb

Imports

msvcrt

free
_amsg_exit
__C_specific_handler
_callnewh
_onexit
memset
memcmp
_lock
_XcptFilter
malloc
memmove_s
_strnicmp
_purecall
memcpy_s
_vsnwprintf
__dllonexit
rand
??3@YAXPEAX@Z
??_V@YAXPEAX@Z
_initterm
time
??1type_info@@UEAA@XZ
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
srand
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_wcsicmp
_resetstkoflw
_vsnprintf
_unlock
__CxxFrameHandler3
wcscmp

ntdll

RtlFreeSid
RtlCaptureStackBackTrace
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlLeaveCriticalSection
RtlGetSuiteMask
RtlInitializeCriticalSection
RtlUnicodeToMultiByteSize
RtlEnterCriticalSection
RtlDeleteCriticalSection
EtwEventUnregister
NtTerminateProcess
RtlNtStatusToDosError
RtlCopySid
RtlAdjustPrivilege
NtClose
RtlLengthSid
NtQueryInformationToken
NtOpenProcess
NtQueryInformationProcess
RtlUnicodeToMultiByteN
NtQuerySystemInformation
NtQuerySystemTime
NtOpenProcessToken
RtlValidSid
RtlMultiByteToUnicodeN
RtlAllocateAndInitializeSid

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
LoadLibraryExW
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExA
FreeLibrary
GetProcAddress

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
OpenThreadToken
GetCurrentProcess
TerminateProcess
OpenProcessToken
GetCurrentThread
GetCurrentProcessId
ProcessIdToSessionId
CreateThread
GetExitCodeThread

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSRWLockExclusive
InitializeCriticalSection
SetEvent
CreateSemaphoreExW
AcquireSRWLockExclusive
WaitForSingleObject
ReleaseSemaphore
WaitForSingleObjectEx
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
OpenSemaphoreW
ReleaseSRWLockShared
OpenEventW
ReleaseMutex
EnterCriticalSection
CreateEventW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

kernelbase

WTSGetServiceSessionId

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

Exports

Exports

LogonIdFromWinStationNameA
LogonIdFromWinStationNameW
RemoteAssistancePrepareSystemRestore
ServerGetInternetConnectorStatus
ServerLicensingClose
ServerLicensingDeactivateCurrentPolicy
ServerLicensingFreePolicyInformation
ServerLicensingGetAadInfo
ServerLicensingGetAvailablePolicyIds
ServerLicensingGetPolicy
ServerLicensingGetPolicyInformationA
ServerLicensingGetPolicyInformationW
ServerLicensingLoadPolicy
ServerLicensingOpenA
ServerLicensingOpenW
ServerLicensingSetAadInfo
ServerLicensingSetPolicy
ServerLicensingUnloadPolicy
ServerQueryInetConnectorInformationA
ServerQueryInetConnectorInformationW
ServerSetInternetConnectorStatus
WTSRegisterSessionNotificationEx
WTSUnRegisterSessionNotificationEx
WinStationActivateLicense
WinStationAutoReconnect
WinStationBroadcastSystemMessage
WinStationCheckAccess
WinStationCheckLoopBack
WinStationCloseServer
WinStationConnectA
WinStationConnectAndLockDesktop
WinStationConnectCallback
WinStationConnectEx
WinStationConnectW
WinStationConsumeCacheSession
WinStationCreateChildSessionTransport
WinStationDisconnect
WinStationEnableChildSessions
WinStationEnumerateA
WinStationEnumerateContainerSessions
WinStationEnumerateExW
WinStationEnumerateLicenses
WinStationEnumerateProcesses
WinStationEnumerateW
WinStationEnumerate_IndexedA
WinStationEnumerate_IndexedW
WinStationFreeConsoleNotification
WinStationFreeEXECENVDATAEX
WinStationFreeGAPMemory
WinStationFreeMemory
WinStationFreePropertyValue
WinStationFreeSessionNotification
WinStationFreeUserCertificates
WinStationFreeUserCredentials
WinStationFreeUserSessionInfo
WinStationGenerateLicense
WinStationGetAllProcesses
WinStationGetAllSessionsEx
WinStationGetAllSessionsW
WinStationGetAllUserSessions
WinStationGetChildSessionId
WinStationGetConnectionProperty
WinStationGetCurrentSessionCapabilities
WinStationGetCurrentSessionConnectionProperty
WinStationGetCurrentSessionTerminalName
WinStationGetDeviceId
WinStationGetInitialApplication
WinStationGetLanAdapterNameA
WinStationGetLanAdapterNameW
WinStationGetLastWinlogonNotification
WinStationGetLoggedOnCount
WinStationGetMachinePolicy
WinStationGetParentSessionId
WinStationGetProcessSid
WinStationGetRedirectAuthInfo
WinStationGetRestrictedLogonInfo
WinStationGetSessionIds
WinStationGetTermSrvCountersValue
WinStationGetUserCertificates
WinStationGetUserCredentials
WinStationGetUserProfile
WinStationInstallLicense
WinStationIsBoundToCacheTerminal
WinStationIsChildSessionsEnabled
WinStationIsCurrentSessionRemoteable
WinStationIsHelpAssistantSession
WinStationIsSessionPermitted
WinStationIsSessionRemoteable
WinStationNameFromLogonIdA
WinStationNameFromLogonIdW
WinStationNegotiateSession
WinStationNtsdDebug
WinStationOpenServerA
WinStationOpenServerExA
WinStationOpenServerExW
WinStationOpenServerW
WinStationPreCreateGlassReplacementSession
WinStationPreCreateGlassReplacementSessionEx
WinStationQueryAllowConcurrentConnections
WinStationQueryCurrentSessionInformation
WinStationQueryEnforcementCore
WinStationQueryInformationA
WinStationQueryInformationW
WinStationQueryLicense
WinStationQueryLogonCredentialsW
WinStationQuerySessionVirtualIP
WinStationQueryUpdateRequired
WinStationRcmShadow2
WinStationRedirectErrorMessage
WinStationRedirectLogonBeginPainting
WinStationRedirectLogonError
WinStationRedirectLogonMessage
WinStationRedirectLogonStatus
WinStationRegisterConsoleNotification
WinStationRegisterConsoleNotificationEx
WinStationRegisterConsoleNotificationEx2
WinStationRegisterCurrentSessionNotificationEvent
WinStationRegisterNotificationEvent
WinStationRegisterSessionNotification
WinStationRegisterSessionNotificationEx
WinStationRemoveLicense
WinStationRenameA
WinStationRenameW
WinStationReportLoggedOnCompleted
WinStationReportUIResult
WinStationReset
WinStationRevertFromServicesSession
WinStationSendMessageA
WinStationSendMessageW
WinStationSendWindowMessage
WinStationServerPing
WinStationSetAutologonPassword
WinStationSetInformationA
WinStationSetInformationW
WinStationSetLastWinlogonNotification
WinStationSetPoolCount
WinStationSetRenderHint
WinStationShadow
WinStationShadowAccessCheck
WinStationShadowStop
WinStationShadowStop2
WinStationShutdownSystem
WinStationSwitchToServicesSession
WinStationSystemShutdownStarted
WinStationSystemShutdownWait
WinStationTerminateGlassReplacementSession
WinStationTerminateProcess
WinStationUnRegisterConsoleNotification
WinStationUnRegisterNotificationEvent
WinStationUnRegisterSessionNotification
WinStationUserLoginAccessCheck
WinStationVerify
WinStationVirtualOpen
WinStationVirtualOpenEx
WinStationWaitSystemEvent
_NWLogonQueryAdmin
_NWLogonSetAdmin
_WinStationAnnoyancePopup
_WinStationBeepOpen
_WinStationBreakPoint
_WinStationCallback
_WinStationCheckForApplicationName
_WinStationFUSCanRemoteUserDisconnect
_WinStationGetApplicationInfo
_WinStationNotifyDisconnectPipe
_WinStationNotifyLogoff
_WinStationNotifyLogon
_WinStationNotifyNewSession
_WinStationOpenSessionDirectory
_WinStationReInitializeSecurity
_WinStationReadRegistry
_WinStationSessionInitialized
_WinStationShadowTarget
_WinStationShadowTarget2
_WinStationShadowTargetSetup
_WinStationUpdateClientCachedCredentials
_WinStationUpdateSettings
_WinStationUpdateUserConfig
_WinStationWaitForConnect

Sections

.text
Size: 224KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wintrust.dll
.dll regsvr32 windows:10 windows x64 arch:x64

1167817dfc4913935defc67660c3b694

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ab:2c:ce:25:24:91:26:a2:4f:44:27:e2:89:21:92:0a:c5:ec:67:94:85:4d:4c:0e:f5:85:6c:bc:a2:48:c9:00
Signer

Actual PE Digest

ab:2c:ce:25:24:91:26:a2:4f:44:27:e2:89:21:92:0a:c5:ec:67:94:85:4d:4c:0e:f5:85:6c:bc:a2:48:c9:00

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wintrust.pdb

Imports

msvcrt

strcmp
_onexit
__dllonexit
_unlock
_lock
memset
memmove
memcpy
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_wcsicmp
atol
memmove_s
_purecall
memcpy_s
_vsnwprintf
__CxxFrameHandler4
qsort
wcschr
wcstol
_itow_s
_memicmp
_stricmp
_wcsnicmp
wcsrchr
wcscat_s
_wtol
towupper
_vsnprintf
_ltoa
bsearch
qsort_s
__CxxFrameHandler3
memcmp
wcscmp

api-ms-win-core-version-private-l1-1-0

GetFileVersionInfoByHandle

api-ms-win-core-file-l1-1-0

GetFileInformationByHandle
GetFileSizeEx
GetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
SetFilePointerEx
SetEndOfFile
GetFileSize
GetFileAttributesExW
CompareFileTime
CreateFileW
WriteFile
SetFilePointer
ReadFile
SetFileAttributesW
CreateDirectoryW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseMutex
WaitForSingleObjectEx
DeleteCriticalSection
InitializeCriticalSection
OpenSemaphoreW
SetEvent
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockShared
CreateMutexExW
InitializeSRWLock
ReleaseSRWLockExclusive
ResetEvent
WaitForMultipleObjectsEx
WaitForSingleObject
ReleaseSRWLockShared
InitializeCriticalSectionEx
CreateEventA
CreateSemaphoreExW
TryAcquireSRWLockExclusive
ReleaseSemaphore
CreateMutexA

api-ms-win-core-heap-l2-1-0

LocalFree
LocalReAlloc
LocalAlloc

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadResource
GetModuleHandleW
FreeLibrary
LoadLibraryExW
GetModuleFileNameA
GetProcAddress
DisableThreadLibraryCalls
SizeofResource
FreeResource
GetModuleHandleExA
LockResource
LoadLibraryExA

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
OpenThreadToken
OpenProcessToken
TerminateProcess
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableA
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
GetCurrentDirectoryW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryA
LoadLibraryW

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyA
RegQueryValueExA
RegEnumKeyExA
RegSetValueExA
RegQueryValueExW
RegEnumValueA
RegOpenKeyExA
RegOpenKeyExW
RegSetValueExW
RegGetValueW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyExW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetLocalTime
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount64
GetSystemInfo

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-memory-l1-1-1

VirtualUnlock

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventSetInformation
EventUnregister
EventWrite

api-ms-win-core-datetime-l1-1-0

GetTimeFormatA
GetDateFormatA

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-security-base-l1-1-0

GetSidSubAuthority
CopySid
IsValidSid
GetSidIdentifierAuthority
GetTokenInformation
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
SetFileSecurityW
GetAclInformation
GetAce
EqualSid
AllocateAndInitializeSid
AddAce
FreeSid
GetSidSubAuthorityCount
GetFileSecurityW
InitializeSecurityDescriptor
AddAccessAllowedAceEx
InitializeAcl
GetLengthSid

rpcrt4

RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringFreeW
RpcEpResolveBinding
RpcBindingFree
NdrClientCall3
RpcStringBindingComposeW

api-ms-win-core-kernel32-legacy-l1-1-0

FindResourceExA
CreateFileMappingA

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrlenA
lstrcmpA

ntdll

NtQuerySecurityAttributesToken
NtQueryEaFile
RtlGetVersion
RtlCreateUnicodeString
NtQuerySecurityObject
RtlImageNtHeaderEx
RtlInitUnicodeString
RtlFreeUnicodeString
RtlCompareUnicodeString
RtlAppendUnicodeStringToString
RtlEqualUnicodeString
RtlPrefixUnicodeString
RtlAllocateHeap
RtlIsNameInUnUpcasedExpression
RtlGetAce
RtlGetOwnerSecurityDescriptor
RtlCopyUnicodeString
RtlGetNtSystemRoot
RtlInitializeSidEx
RtlEqualSid
RtlGetDaclSecurityDescriptor
LdrResSearchResource
ZwQueryVolumeInformationFile
NtQuerySystemInformation
RtlNtStatusToDosError
RtlFreeHeap
RtlStringFromGUID

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AddPersonalTrustDBPages
CatalogCompactHashDatabase
ComputeFirstPageHash
ConfigCiFinalPolicy
ConfigCiPackageFamilyNameCheck
CryptCATAdminAcquireContext
CryptCATAdminAcquireContext2
CryptCATAdminAddCatalog
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminCalcHashFromFileHandle2
CryptCATAdminCalcHashFromFileHandle3
CryptCATAdminEnumCatalogFromHash
CryptCATAdminPauseServiceForBackup
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATAdminRemoveCatalog
CryptCATAdminResolveCatalogPath
CryptCATAllocSortedMemberInfo
CryptCATCDFClose
CryptCATCDFEnumAttributes
CryptCATCDFEnumAttributesWithCDFTag
CryptCATCDFEnumCatAttributes
CryptCATCDFEnumMembers
CryptCATCDFEnumMembersByCDFTag
CryptCATCDFEnumMembersByCDFTagEx
CryptCATCDFOpen
CryptCATCatalogInfoFromContext
CryptCATClose
CryptCATEnumerateAttr
CryptCATEnumerateCatAttr
CryptCATEnumerateMember
CryptCATFreeSortedMemberInfo
CryptCATGetAttrInfo
CryptCATGetCatAttrInfo
CryptCATGetMemberInfo
CryptCATHandleFromStore
CryptCATOpen
CryptCATPersistStore
CryptCATPutAttrInfo
CryptCATPutCatAttrInfo
CryptCATPutMemberInfo
CryptCATStoreFromHandle
CryptCATVerifyMember
CryptSIPCreateIndirectData
CryptSIPGetCaps
CryptSIPGetInfo
CryptSIPGetRegWorkingFlags
CryptSIPGetSealedDigest
CryptSIPGetSignedDataMsg
CryptSIPPutSignedDataMsg
CryptSIPRemoveSignedDataMsg
CryptSIPVerifyIndirectData
DllRegisterServer
DllUnregisterServer
DriverCleanupPolicy
DriverFinalPolicy
DriverInitializePolicy
FindCertsByIssuer
GenericChainCertificateTrust
GenericChainFinalProv
GetAuthenticodeSha256Hash
HTTPSCertificateTrust
HTTPSFinalProv
IsCatalogFile
MsCatConstructHashTag
MsCatFreeHashTag
OfficeCleanupPolicy
OfficeInitializePolicy
OpenPersonalTrustDBDialog
OpenPersonalTrustDBDialogEx
SetMessageDigestInfo
SoftpubAuthenticode
SoftpubCheckCert
SoftpubCleanup
SoftpubDefCertInit
SoftpubDllRegisterServer
SoftpubDllUnregisterServer
SoftpubDumpStructure
SoftpubFreeDefUsageCallData
SoftpubInitialize
SoftpubLoadDefUsageCallData
SoftpubLoadMessage
SoftpubLoadSignature
SrpCheckSmartlockerEAandProcessToken
TrustDecode
TrustFindIssuerCertificate
TrustFreeDecode
TrustIsCertificateSelfSigned
TrustOpenStores
WTConvertCertCtxToChainInfo
WTGetBioSignatureInfo
WTGetPluginSignatureInfo
WTGetSignatureInfo
WTHelperCertCheckValidSignature
WTHelperCertFindIssuerCertificate
WTHelperCertIsSelfSigned
WTHelperCheckCertUsage
WTHelperGetAgencyInfo
WTHelperGetFileHandle
WTHelperGetFileHash
WTHelperGetFileName
WTHelperGetKnownUsages
WTHelperGetProvCertFromChain
WTHelperGetProvPrivateDataFromChain
WTHelperGetProvSignerFromChain
WTHelperIsChainedToMicrosoft
WTHelperIsChainedToMicrosoftFromStateData
WTHelperIsInRootStore
WTHelperOpenKnownStores
WTHelperProvDataFromStateData
WTIsFirstConfigCiResultPreferred
WTLogConfigCiScriptEvent
WTLogConfigCiSignerEvent
WTValidateBioSignaturePolicy
WVTAsn1CatMemberInfo2Decode
WVTAsn1CatMemberInfo2Encode
WVTAsn1CatMemberInfoDecode
WVTAsn1CatMemberInfoEncode
WVTAsn1CatNameValueDecode
WVTAsn1CatNameValueEncode
WVTAsn1IntentToSealAttributeDecode
WVTAsn1IntentToSealAttributeEncode
WVTAsn1SealingSignatureAttributeDecode
WVTAsn1SealingSignatureAttributeEncode
WVTAsn1SealingTimestampAttributeDecode
WVTAsn1SealingTimestampAttributeEncode
WVTAsn1SpcFinancialCriteriaInfoDecode
WVTAsn1SpcFinancialCriteriaInfoEncode
WVTAsn1SpcIndirectDataContentDecode
WVTAsn1SpcIndirectDataContentEncode
WVTAsn1SpcLinkDecode
WVTAsn1SpcLinkEncode
WVTAsn1SpcMinimalCriteriaInfoDecode
WVTAsn1SpcMinimalCriteriaInfoEncode
WVTAsn1SpcPeImageDataDecode
WVTAsn1SpcPeImageDataEncode
WVTAsn1SpcSigInfoDecode
WVTAsn1SpcSigInfoEncode
WVTAsn1SpcSpAgencyInfoDecode
WVTAsn1SpcSpAgencyInfoEncode
WVTAsn1SpcSpOpusInfoDecode
WVTAsn1SpcSpOpusInfoEncode
WVTAsn1SpcStatementTypeDecode
WVTAsn1SpcStatementTypeEncode
WinVerifyTrust
WinVerifyTrustEx
WintrustAddActionID
WintrustAddDefaultForUsage
WintrustCertificateTrust
WintrustGetDefaultForUsage
WintrustGetRegPolicyFlags
WintrustLoadFunctionPointers
WintrustRemoveActionID
WintrustSetDefaultIncludePEPageHashes
WintrustSetRegPolicyFlags
WintrustUserWriteabilityCheck
mscat32DllRegisterServer
mscat32DllUnregisterServer
mssip32DllRegisterServer
mssip32DllUnregisterServer

Sections

.text
Size: 300KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wkscli.dll
.dll windows:10 windows x64 arch:x64

3f729d8b487c6614270aeecc59f7d05e

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9f:0a:d3:c8:30:72:9d:3a:33:df:e3:3c:13:bd:65:c3:8f:92:28:e5:03:e8:e7:70:e4:93:a4:7d:ca:60:4f:47
Signer

Actual PE Digest

9f:0a:d3:c8:30:72:9d:3a:33:df:e3:3c:13:bd:65:c3:8f:92:28:e5:03:e8:e7:70:e4:93:a4:7d:ca:60:4f:47

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wkscli.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__itow_s
_o__seh_filter_dll
memcpy
_o__wcsicmp
_o__wcsnicmp
_o_free
_o_isdigit
_o_strcpy_s
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o___std_type_info_destroy_list
strchr
__C_specific_handler
__RTDynamicCast

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
DisableThreadLibraryCalls
GetProcAddress
LoadLibraryExW

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalAlloc
LocalFree

rpcrt4

I_RpcExceptionFilter
NdrClientCall3
RpcBindingFree
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcStringFreeW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetComputerNameExW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

ntdll

RtlOemStringToUnicodeString
RtlUnicodeToOemN
RtlxUnicodeStringToOemSize
NtOpenThreadToken
NtImpersonateAnonymousToken
NtCreateFile
NtFsControlFile
NtSetInformationThread
RtlInitAnsiString
RtlGetLastNtStatus
RtlReleaseResource
RtlDeleteResource
NtClose
RtlRunEncodeUnicodeString
RtlInitUnicodeString
RtlInitializeResource
RtlNtStatusToDosError
RtlAcquireResourceExclusive

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation

Exports

Exports

NetAddAlternateComputerName
NetEnumerateComputerNames
NetGetJoinInformation
NetGetJoinableOUs
NetJoinDomain
NetRemoveAlternateComputerName
NetRenameMachineInDomain
NetSetPrimaryComputerName
NetUnjoinDomain
NetUseAdd
NetUseDel
NetUseEnum
NetUseGetInfo
NetValidateName
NetWkstaGetInfo
NetWkstaSetInfo
NetWkstaStatisticsGet
NetWkstaTransportAdd
NetWkstaTransportDel
NetWkstaTransportEnum
NetWkstaUserEnum
NetWkstaUserGetInfo
NetWkstaUserSetInfo
NetpWkstaClientCertificateMappingAdd
NetpWkstaClientCertificateMappingEnum
NetpWkstaClientCertificateMappingGet
NetpWkstaClientCertificateMappingModify
NetpWkstaClientCertificateMappingRemove

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wkssvc.dll
.dll windows:10 windows x64 arch:x64

5d712daba82b2b468bd23d18f8aeef5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wkssvc.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__seh_filter_dll
_o__wcsicmp
memmove
_o__wcsnicmp
_o_free
_o_iswalpha
_o_malloc
_o_tolower
_o_towupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstoul
_o__errno
_o___stdio_common_vswprintf
_CxxThrowException
wcsstr
__std_terminate
__CxxFrameHandler4
_o__cexit
_o__execute_onexit_table
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__callnewh
_o__configure_narrow_argv
__C_specific_handler
wcschr
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp
wcsspn

crypt32

CertGetCertificateContextProperty
CryptBinaryToStringW
CertFindCertificateInStore
CryptStringToBinaryW
CertGetNameStringW
CertOpenStore
CertFreeCertificateContext
CertCloseStore

ntdll

RtlRunDecodeUnicodeString
RtlRunEncodeUnicodeString
NtQueryVolumeInformationFile
NtOpenThreadToken
RtlIpv6AddressToStringW
RtlIpv4StringToAddressW
RtlIpv6StringToAddressW
RtlIpv4AddressToStringExW
RtlIpv6AddressToStringExW
RtlIpv4AddressToStringW
NtQueryInformationFile
NtQueryInformationToken
RtlMapSecurityErrorToNtStatus
RtlAcquireResourceShared
NtOpenFile
DbgPrint
RtlCopyLuid
RtlAppendUnicodeStringToString
RtlInsertElementGenericTable
WinSqmIsOptedIn
RtlLookupElementGenericTable
WinSqmSetDWORD
RtlEnumerateGenericTable
RtlRegisterWait
RtlAppendUnicodeToString
NtCreateFile
RtlInitString
RtlGetPersistedStateLocation
RtlGetNtProductType
RtlValidRelativeSecurityDescriptor
NtDeviceIoControlFile
RtlInitializeGenericTable
RtlDestroyEnvironment
RtlIntegerToUnicodeString
RtlCreateEnvironment
RtlNtStatusToDosError
RtlUnicodeToUTF8N
RtlSetEnvironmentVariable
NtCreateEvent
NtFsControlFile
RtlAcquireResourceExclusive
NtClose
RtlReleaseResource
RtlAdjustPrivilege
NtAccessCheckAndAuditAlarm
RtlDeregisterWaitEx
RtlDeregisterWait
RtlUnicodeStringToInteger
RtlCopySid
RtlLengthSid
RtlCreateAcl
RtlAddAce
RtlCreateSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetSaclSecurityDescriptor
NtOpenProcessToken
RtlNewSecurityObject
RtlDeleteSecurityObject
RtlDeleteResource
RtlQueryEnvironmentVariable_U
RtlInitUnicodeString
RtlFreeUnicodeString
RtlDeleteRegistryValue
NtWaitForSingleObject
RtlQueryRegistryValuesEx
RtlInitializeResource
RtlHashUnicodeString
RtlCompareUnicodeString
NtOpenKey
RtlDeleteElementGenericTable

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegGetKeySecurity
RegDeleteKeyExW
RegFlushKey
RegEnumKeyExW
RegSetKeySecurity
RegQueryInfoKeyW
RegGetValueW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
TraceMessage
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel

api-ms-win-core-synch-l1-1-0

ResetEvent
SetEvent
OpenEventW
WaitForSingleObject
CreateEventW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WaitForMultipleObjectsEx

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameW
FreeLibrary
GetModuleHandleW
GetModuleHandleExW
GetProcAddress

api-ms-win-security-activedirectoryclient-l1-1-0

DsMakePasswordCredentialsW
DsFreePasswordCredentials
DsCrackNamesW
DsFreeDomainControllerInfoW
DsGetDomainControllerInfoW
DsUnBindW
DsBindWithSpnExW
DsFreeNameResultW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
LocalUnlock
LocalReAlloc
LocalLock

api-ms-win-security-base-l1-1-0

RevertToSelf
PrivilegeCheck
CheckTokenMembership
CreateWellKnownSid

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-kernel32-private-l1-1-0

RemoveLocalAlternateComputerNameW
EnumerateLocalComputerNamesW
DosPathToSessionPathW
SetLocalPrimaryComputerNameW

api-ms-win-core-kernel32-legacy-l1-1-0

AddLocalAlternateComputerNameW
RegisterWaitForSingleObject
DnsHostnameToComputerNameW

api-ms-win-core-sysinfo-l1-1-0

GetVersion
GlobalMemoryStatusEx
GetLocalTime
GetTickCount64
GetComputerNameExW
GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

CreateFileW
DefineDosDeviceW
QueryDosDeviceW

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentThread
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
OpenThreadToken
SetThreadToken
GetCurrentProcess

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
CreateThreadpoolWait
TrySubmitThreadpoolCallback
WaitForThreadpoolTimerCallbacks
SetThreadpoolWait
CloseThreadpoolTimer
CreateThreadpoolCleanupGroup

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlCompareMemory
RtlLookupFunctionEntry

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

wkscli

NetUseEnum

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-io-l1-1-0

CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wldp.dll
.dll windows:10 windows x64 arch:x64

fbc7c306a1b8ffdf4ff9361b9ca3cb6b

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

73:b8:92:68:68:fe:d4:a7:9d:87:01:1f:41:10:cf:d2:c7:01:2d:ba:2d:3c:94:ec:9c:56:ba:9b:dd:ee:8a:e7
Signer

Actual PE Digest

73:b8:92:68:68:fe:d4:a7:9d:87:01:1f:41:10:cf:d2:c7:01:2d:ba:2d:3c:94:ec:9c:56:ba:9b:dd:ee:8a:e7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WLDP.pdb

Imports

msvcrt

__CxxFrameHandler4
memset
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
__CxxFrameHandler3
memcpy
malloc
_vsnprintf
memmove
??1type_info@@UEAA@XZ
??_V@YAXPEAX@Z
_onexit
_wcsnicmp
_XcptFilter
wcschr
_wcsicmp
memmove_s
_vsnprintf_s
_amsg_exit
??0exception@@QEAA@AEBV0@@Z
free
_initterm
__C_specific_handler
memcmp
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
_lock
??3@YAXPEAX@Z
memcpy_s
_unlock
_vsnwprintf
wcsnlen
__dllonexit
_stricmp
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExW
GetProcAddress
LoadLibraryExA
GetModuleFileNameA
DisableThreadLibraryCalls
LoadLibraryExW
FreeLibrary
LoadStringW
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
AcquireSRWLockExclusive
ReleaseMutex
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
WaitForSingleObject
OpenSemaphoreW
CreateSemaphoreExW
EnterCriticalSection
ReleaseSemaphore
InitializeCriticalSectionEx
DeleteCriticalSection
TryAcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeCriticalSection
LeaveCriticalSection
CreateMutexExW
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
RaiseException
SetUnhandledExceptionFilter
GetLastError

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventActivityIdControl
EventSetInformation
EventUnregister
EventWrite
EventRegister

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyExW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
OpenThreadToken
GetCurrentProcessId
GetCurrentThreadId
OpenProcessToken
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
CreateWellKnownSid
AccessCheck
GetTokenInformation
DuplicateTokenEx

api-ms-win-core-file-l1-1-0

SetFilePointer
ReadFile
GetFinalPathNameByHandleW
CreateDirectoryW
WriteFile
CreateFileW
DeleteFileW
SetFilePointerEx

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo
GetVersionExW
GetTickCount

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-sysinfo-l1-2-3

GetOsManufacturingMode

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoActivateInstance

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

RtlNtStatusToDosError
ZwFilterBootOption
RtlFindUnicodeSubstring
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
RtlStringFromGUIDEx
NtQuerySecurityPolicy
RtlInitUnicodeString
RtlIsStateSeparationEnabled
RtlGetPersistedStateLocation
NtSetSystemInformation
RtlIsApiSetImplemented
RtlEqualUnicodeString
RtlFindActivationContextSectionGuid
NtQuerySystemInformation
NtQuerySystemEnvironmentValueEx

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-downlevel-advapi32-l1-1-0

RegGetValueA
RegQueryValueExW
TraceMessage
RegOpenKeyExW

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

oleaut32

VariantClear

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

WldpAddDeveloperCertificateForDynamicCodeTrust
WldpCanExecuteBuffer
WldpCanExecuteFile
WldpCanExecuteStream
WldpChangeVulnerableDriverBlocklistState
WldpCheckDeviceEncryptionNotStarted
WldpCheckRetailConfiguration
WldpCheckWcosDeviceEncryptionSecure
WldpDisableDeveloperMode
WldpEnableDeveloperMode
WldpGetLockdownPolicy
WldpIsAllowedEntryPoint
WldpIsAppApprovedByPolicy
WldpIsClassInApprovedList
WldpIsDebugAllowed
WldpIsDynamicCodePolicyEnabled
WldpIsProductionConfiguration
WldpIsProductionConfigurationInProc
WldpIsVulnerableDriverBlocklistDisabled
WldpIsVulnerableDriverBlocklistEligibleToDisable
WldpIsWcosProductionConfiguration
WldpQueryDeviceSecurityInformation
WldpQueryDynamicCodeTrust
WldpQueryPolicySettingEnabled
WldpQueryPolicySettingEnabled2
WldpQueryPolicySettingEnabledInternal
WldpQuerySecurityPolicy
WldpQueryWindowsLockdownMode
WldpQueryWindowsLockdownRestriction
WldpResetProductionConfiguration
WldpResetWcosProductionConfiguration
WldpSendSmartAppControlBlockToast
WldpSendSmartAppControlSwitchEnforceToast
WldpSetDynamicCodeTrust
WldpSetDynamicCodeTrust2
WldpSetWindowsLockdownRestriction
WldpTraceLoggingWDACBlockDialogShown

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wlidsvc.dll
.dll windows:10 windows x64 arch:x64

76b687fa1f763499103425685cfb05af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WLIDSvc.pdb

Imports

api-ms-win-crt-string-l1-1-0

wcscmp
memmove_s
memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__gmtime64_s
_o__i64tow_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__itoa_s
_o__localtime64_s
_o__mbscmp
_o__mbsicmp
_o__mbsinc
_o__mbslwr_s
_o__mbsstr
_o__mbsupr_s
_o__mkgmtime64
_o__mktime64
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__set_errno
_o__wcsicmp
_o__wcslwr_s
memmove
_o__wcstoi64
_o__wcsupr_s
_o__wtoi
_o__wtol
_o_calloc
_o_free
_o_iswspace
_o_malloc
_o_memcpy_s
_o_terminate
_o_toupper
_o_towupper
_o_wcscpy_s
_o_wcsftime
_o_wcstol
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__difftime64
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__wcstoui64
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___acrt_iob_func
strrchr
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventRegister
EventWriteTransfer
EventSetInformation

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError
RaiseException

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
LoadLibraryExW
GetModuleHandleExA
GetProcAddress
LoadResource
LockResource
GetModuleFileNameW
FindResourceExW
FreeLibrary
DisableThreadLibraryCalls
SizeofResource
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
CreateEventW
WaitForMultipleObjectsEx
ReleaseMutex
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
EnterCriticalSection
InitializeSRWLock
DeleteCriticalSection
InitializeCriticalSection
ReleaseSemaphore
CreateMutexW
TryAcquireSRWLockExclusive
ReleaseSRWLockShared
CreateEventExW
SetEvent
ResetEvent
LeaveCriticalSection
CreateSemaphoreExW
CreateMutexExW
WaitForSingleObjectEx
OpenSemaphoreW

api-ms-win-core-com-l1-1-0

StringFromGUID2
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemAlloc
CoGetMalloc
CLSIDFromProgID
CoTaskMemFree
CoGetCallerTID
CoUninitialize
CoInitializeEx
CLSIDFromString

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
TlsAlloc
GetCurrentThreadId
GetCurrentThread
GetProcessIdOfThread
CreateThread
TlsGetValue
OpenThreadToken
OpenThread
OpenProcessToken
TlsSetValue
TlsFree
SetThreadToken
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetThreadPreferredUILanguages
GetUserDefaultLocaleName

api-ms-win-core-heap-l1-1-0

HeapReAlloc
GetProcessHeap
HeapSize
HeapAlloc
HeapDestroy
HeapFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount64
GetVersionExW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-registry-l1-1-0

RegOpenCurrentUser
RegDeleteTreeW
RegSetKeySecurity
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteKeyExW
RegGetValueW
RegOpenKeyExW
RegEnumValueW
RegFlushKey

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-security-base-l1-1-0

EqualSid
CopySid
DuplicateToken
FreeSid
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetSidSubAuthority
ImpersonateSelf
InitializeAcl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
MakeAbsoluteSD
AddAce
GetAclInformation
GetSidIdentifierAuthority
GetSidSubAuthorityCount
InitializeSid
GetSidLengthRequired
SetTokenInformation
SetSecurityDescriptorDacl
GetTokenInformation
DuplicateTokenEx
CreateWellKnownSid
IsValidSid
RevertToSelf
ImpersonateLoggedOnUser
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
AddAccessAllowedAce

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-file-l1-1-0

DeleteFileW
ReadFile
GetFileSizeEx
WriteFile
FileTimeToLocalFileTime
CreateFileW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-path-l1-1-0

PathCchCombine

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-url-l1-1-0

UrlEscapeW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueue
DeleteTimerQueueEx
CreateTimerQueueTimer

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpA

ntdll

RtlWakeAllConditionVariable
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlSleepConditionVariableSRW
RtlNtStatusToDosError
RtlPublishWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlReleaseResource
RtlAcquireResourceExclusive
RtlInitializeResource
RtlDeleteResource
wcsncmp
RtlSubscribeWnfStateChangeNotification
RtlAcquireResourceShared
wcscspn
wcsspn
wcschr
wcsstr

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 608KB - Virtual size: 605KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wosc.dll
.dll windows:10 windows x64 arch:x64

5fa309a238e349b682abcaef5049b773

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wosc.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__wcsdup
memmove
_o__wcstoui64
_o_ceilf
_o_free
_o_malloc
_o_realloc
_o_terminate
_o_wcscpy_s
_o_wcstol
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
strchr
__CxxFrameHandler3
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError
RoOriginateErrorW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
ReleaseMutex
ReleaseSemaphore
CreateEventW
ResetEvent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
OpenSemaphoreW
SetEvent
InitializeCriticalSectionEx
DeleteCriticalSection
InitializeSRWLock
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateSemaphoreExW
CreateMutexExW
CreateEventExW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceExecuteOnce
InitOnceComplete

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsCreateStringReference
WindowsCompareStringOrdinal
WindowsDeleteString
WindowsDeleteStringBuffer
WindowsPromoteStringBuffer
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsPreallocateStringBuffer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
ResumeThread
GetCurrentProcess
GetCurrentThreadId
CreateThread
GetCurrentThread
OpenThreadToken

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
LoadLibraryExW
GetModuleHandleExW
FindStringOrdinal
FreeLibrary
FreeLibraryAndExitThread
GetProcAddress

msvcp_win

?is@?$ctype@G@std@@QEBA_NFG@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Wcscoll
_Wcsxfrm
??0_Locinfo@std@@QEAA@PEBD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0_Lockit@std@@QEAA@H@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?width@ios_base@std@@QEAA_J_J@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?id@?$ctype@G@std@@2V0locale@2@A
??1_Locinfo@std@@QEAA@XZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?good@ios_base@std@@QEBA_NXZ
?width@ios_base@std@@QEBA_JXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?tolower@?$ctype@G@std@@QEBAGG@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
??1_Lockit@std@@QEAA@XZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Incref@facet@locale@std@@UEAAXXZ
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?flags@ios_base@std@@QEBAHXZ
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?id@?$collate@G@std@@2V0locale@2@A
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?uncaught_exception@std@@YA_NXZ

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CLSIDFromString
CoGetMalloc
CoGetApartmentType
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyExW
RegEnumKeyExW
RegDeleteValueW
RegEnumValueW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventActivityIdControl
EventWriteTransfer
EventUnregister
EventSetInformation

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

ReadFile
DeleteFileW
CreateFileW
WriteFile
CreateDirectoryW
FlushFileBuffers
GetFileSizeEx
SetFilePointerEx
RemoveDirectoryW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-string-l2-1-0

CharUpperBuffW

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
FreeSid
CheckTokenMembership
RevertToSelf
ImpersonateLoggedOnUser
GetTokenInformation

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathFindFileNameW

api-ms-win-core-path-l1-1-0

PathCchSkipRoot
PathCchCanonicalize
PathCchCombine

api-ms-win-core-file-l2-1-2

CopyFileW

rpcrt4

RpcExceptionFilter
NdrClientCall3
RpcBindingFromStringBindingW
RpcStringFreeW
RpcStringBindingComposeW
RpcBindingFree

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntdll

NtQueryWnfStateData
RtlPublishWnfStateData
RtlGetDeviceFamilyInfoEnum
EtwTraceMessage

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrA

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-url-l1-1-0

UrlEscapeW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 272KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wpdshext.dll
.dll regsvr32 windows:10 windows x64 arch:x64

1e0f73fe392e1b835ae37b454ba6e3e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wpdshext.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
wcscspn

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__register_onexit_function
_o__seh_filter_dll
_o__ui64tow
_o__wcsicmp
memmove
_o__wsplitpath_s
_o_calloc
_o_free
_o_iswspace
_o_log
_o_malloc
_o_sqrt
_o_wcsncpy_s
_o_wcstok_s
_o_wcstol
_o_wmemcpy_s
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcsstr
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_CxxThrowException
__C_specific_handler_noexcept
memcmp
memcpy

kernel32

TlsFree
FreeLibraryWhenCallbackReturns
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
Sleep
CompareStringOrdinal
LocalFree
DeactivateActCtx
LoadLibraryW
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
GetModuleFileNameW
QueryActCtxW
OutputDebugStringA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventW
SetEvent
InitOnceBeginInitialize
InitOnceComplete
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CompareFileTime
GlobalFree
CreateThread
LocalAlloc
lstrcmpW
lstrcmpiW
LoadLibraryExW
FreeLibrary
SizeofResource
LockResource
LoadResource
FindResourceExW
GetFileAttributesW
GetSystemTime
SystemTimeToTzSpecificLocalTime
CreateTimerQueueTimer
WaitForMultipleObjects
DeleteTimerQueueTimer
FileTimeToSystemTime
AcquireSRWLockShared
TrySubmitThreadpoolCallback
SystemTimeToFileTime
GetTickCount
RaiseException
ExpandEnvironmentStringsW
CreateEventExW
DeleteFileW
CreateFileW
ReadFile
WriteFile
SetFilePointerEx
FlushFileBuffers
GetFileInformationByHandle
GlobalSize
GlobalLock
GlobalUnlock
FileTimeToLocalFileTime
GetDateFormatW
GetTimeFormatW
ReleaseActCtx
SetFileAttributesW
GetLocaleInfoEx
GetUserPreferredUILanguages
CreateThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
SetThreadpoolTimerEx
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
GetDriveTypeW
DisableThreadLibraryCalls
GetSystemDirectoryW
GetNumberFormatW
MulDiv
GetTempPath2W
TzSpecificLocalTimeToSystemTime
QueryPerformanceCounter
QueryPerformanceFrequency
HeapSize
HeapReAlloc
HeapDestroy
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
TlsGetValue
ReleaseSRWLockShared
GetThreadPriority
TlsAlloc
GetCurrentThread
GetTickCount64
ResumeThread
CallbackMayRunLong
GlobalAlloc
FreeLibraryAndExitThread
DelayLoadFailureHook
SetThreadPriority
TlsSetValue
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
ResolveDelayLoadedAPI
GlobalReAlloc
UnhandledExceptionFilter
InitializeSListHead
GetSystemTimeAsFileTime
ResetEvent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter

advapi32

UnregisterTraceGuids
TraceEvent
EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister
RegCloseKey
EventActivityIdControl
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
TraceMessage

gdi32

CreateCompatibleDC
GetDeviceCaps
DeleteDC
GetTextExtentPoint32W
GetStockObject
GetTextExtentPointW
CreateDIBSection
DeleteObject

shlwapi

ord219
ord199
SHStrDupW
PathStripPathW
PathAddBackslashW
PathAppendW
StrCmpIW
StrStrW
StrCSpnW
PathFindFileNameW
StrCmpW
ord388
ord16
StrCmpLogicalW
PathRemoveBlanksW
AssocQueryKeyW
StrFormatByteSizeW
PathRemoveExtensionW
AssocCreate
PathFindExtensionW
ord158
ord176
PathRemoveFileSpecW
SHGetValueW
ord172
PathCombineW
ord168
SHGetThreadRef
ord156
SHCreateStreamOnFileEx
ord8
ord9
ord7
ord10
StrRetToBufW
SHRegGetValueW
ord174

user32

LoadStringW
SetMenuDefaultItem
SendMessageW
SetWindowTextW
SetDlgItemTextW
EndDialog
GetDlgItem
GetWindowLongPtrW
SetWindowLongPtrW
IsDlgButtonChecked
UnhookWindowsHookEx
SendDlgItemMessageW
CheckDlgButton
EnableWindow
ShowWindow
GetWindowLongW
SetWindowLongW
GetClientRect
GetSystemMetrics
LoadImageW
GetParent
IsChild
CallNextHookEx
CreateWindowExW
SetWindowPos
SetWindowsHookExW
GetDC
ReleaseDC
GetWindowRect
ScreenToClient
SetTimer
KillTimer
PostMessageW
GetDlgCtrlID
DestroyIcon
GetWindowTextW
CopyImage
GetSysColor
GetCursorPos
DefWindowProcW
GetClassInfoW
LoadCursorW
RegisterClassW
FindWindowW
GetWindow
GetClassNameW
GetWindowThreadProcessId
SendMessageTimeoutW
SwitchToThisWindow
GetLastActivePopup
DestroyWindow
RegisterClipboardFormatW
GetMenuItemInfoW
GetMenuItemCount
DestroyMenu
LoadMenuW
GetShellWindow
GetForegroundWindow
SetForegroundWindow
SetFocus
TrackPopupMenu
GetSubMenu
RemoveMenu
InsertMenuW
DialogBoxParamW
UnregisterClassA
MsgWaitForMultipleObjectsEx

gdiplus

GdiplusShutdown
GdipDrawImageRectRectI
GdipSetClipRectI
GdipGetPathLastPoint
GdipAddPathArcI
GdipDeletePath
GdipCreatePath
GdipDrawArcI
GdipFillEllipseI
GdipSetSolidFillColor
GdipDeletePen
GdipCreatePen1
GdipFillRectangleI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipSetInterpolationMode
GdipCreateHBITMAPFromBitmap
GdipDrawImageRect
GdipCreateBitmapFromGraphics
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetImageWidth
GdipCreateBitmapFromStream
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToStream
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromHBITMAP
GdipSetCompositingMode
GdipCreateBitmapFromScan0
GdipDrawPieI
GdiplusStartup
GdipFillPieI
GdipDrawEllipseI
GdipCreateFromHDC
GdipDrawLineI

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsDeleteString

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureUsage
SubscribeFeatureStateChangeNotification
UnsubscribeFeatureStateChangeNotification

Exports

Exports

CDefFolderMenu_MergeMenu
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 492KB - Virtual size: 491KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wshbth.dll
.dll windows:10 windows x64 arch:x64

f2ac61bda79b89b388814309db6fcb9b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wshbth.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
memmove
_o__wcsicmp
_o___std_type_info_destroy_list
_o___stdio_common_vswprintf
__C_specific_handler
memcpy

api-ms-win-crt-string-l1-1-0

memset

ntdll

NtDeviceIoControlFile
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
EtwTraceMessage
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlCompareMemory
RtlGetLastNtStatus
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlInitUnicodeString

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-synch-l1-1-0

WaitForMultipleObjectsEx
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
CreateEventW
EnterCriticalSection
DeleteCriticalSection

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-security-base-l1-1-0

FreeSid
AllocateAndInitializeSid

rpcrt4

RpcBindingFromStringBindingW
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
NdrClientCall3
RpcBindingFree

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

NSPStartup
WSHAddressToString
WSHEnumProtocols
WSHGetBroadcastSockaddr
WSHGetProviderGuid
WSHGetSockaddrType
WSHGetSocketInformation
WSHGetWSAProtocolInfo
WSHGetWildcardSockaddr
WSHGetWinsockMapping
WSHIoctl
WSHJoinLeaf
WSHNotify
WSHOpenSocket
WSHOpenSocket2
WSHSetSocketInformation
WSHStringToAddress

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wuapi.dll
.dll regsvr32 windows:10 windows x64 arch:x64

60f0d8be5a07b55860f5fed02db7e473

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c4:9f:2e:30:b2:d8:9c:ed:e6:aa:0a:59:7f:b0:0c:6f:0a:89:59:20:77:08:ed:32:c5:fb:4c:27:8d:d6:7f:bf
Signer

Actual PE Digest

c4:9f:2e:30:b2:d8:9c:ed:e6:aa:0a:59:7f:b0:0c:6f:0a:89:59:20:77:08:ed:32:c5:fb:4c:27:8d:d6:7f:bf

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wuapi.pdb

Imports

api-ms-win-core-libraryloader-l1-2-0

LoadResource
DisableThreadLibraryCalls
LoadLibraryExW
FreeLibrary
GetModuleHandleW
GetProcAddress
GetModuleHandleExW
GetModuleFileNameW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
CreateMutexExW
OpenSemaphoreW
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW
FormatMessageA

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-file-l1-1-0

GetFileAttributesExW
GetFileSizeEx
CreateFileW

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-crt-private-l1-1-0

_o__free_base
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o_abort
_o_free
_o_malloc
_o_mbstowcs_s
_o_terminate
_o_wcscpy_s
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
_o__configure_narrow_argv
_o____lc_codepage_func
_o__cexit
_o__calloc_base
_o__callnewh

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-rtlsupport-l1-1-0

RtlPcToFileHeader
RtlUnwindEx
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InitializeSListHead

api-ms-win-core-fibers-l1-1-0

FlsSetValue
FlsGetValue
FlsAlloc
FlsFree

api-ms-win-core-util-l1-1-0

EncodePointer

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wups.dll
.dll regsvr32 windows:10 windows x64 arch:x64

5f9fb153f4141039b7c309c686c509a0

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4a:2f:96:5f:ae:76:69:ed:2c:cf:16:ad:c9:ca:4f:25:19:fe:9f:4d:91:61:89:17:ed:19:66:61:3e:0d:24:f3
Signer

Actual PE Digest

4a:2f:96:5f:ae:76:69:ed:2c:cf:16:ad:c9:ca:4f:25:19:fe:9f:4d:91:61:89:17:ed:19:66:61:3e:0d:24:f3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wups.pdb

Imports

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
GetProcAddress
LoadResource
DisableThreadLibraryCalls
GetModuleHandleExW
FreeLibrary
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
CreateMutexExW
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
RaiseException
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW
FormatMessageA

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSizeEx
GetFileAttributesExW

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-crt-private-l1-1-0

_o__free_base
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o_abort
_o_free
_o_malloc
_o_mbstowcs_s
_o_terminate
_o_wcscpy_s
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
_o____lc_codepage_func
_o__configure_narrow_argv
_o__cexit
_o__calloc_base
_o__callnewh

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureUsage
SubscribeFeatureStateChangeNotification
UnsubscribeFeatureStateChangeNotification

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-rtlsupport-l1-1-0

RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InitializeSListHead

api-ms-win-core-fibers-l1-1-0

FlsAlloc
FlsSetValue
FlsFree
FlsGetValue

api-ms-win-core-util-l1-1-0

EncodePointer

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-core-memory-l1-1-0

MapViewOfFileEx
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wusys.dll
.dll windows:10 windows x64 arch:x64

7867f3751ddcba32a3b08eddf5473517

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:31:d0:e1:ec:1f:f0:ef:b3:d1:65:eb:90:d0:cc:18:9c:e6:1c:9c:8d:1b:4b:78:cd:78:62:ff:bc:1a:bc:86
Signer

Actual PE Digest

01:31:d0:e1:ec:1f:f0:ef:b3:d1:65:eb:90:d0:cc:18:9c:e6:1c:9c:8d:1b:4b:78:cd:78:62:ff:bc:1a:bc:86

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wusys.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o_free
_o_malloc
_o_memcpy_s
_o_realloc
_o_wcstoul
__C_specific_handler
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
_o___stdio_common_vswprintf
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vsnprintf_s
_o__execute_onexit_table
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__errno

api-ms-win-crt-string-l1-1-0

memset
wcscmp
memmove_s

umpdc

Pdcv2ActivationClientRenewActivation
Pdcv2ActivationClientDeactivate
Pdcv2ActivationClientActivate
Pdcv2ActivationClientUnregister
Pdcv2ActivationClientRegister

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleW
FreeLibrary
DisableThreadLibraryCalls
GetModuleHandleExW
GetProcAddress
GetModuleHandleA
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
WaitForSingleObject
CreateSemaphoreExW
ReleaseSemaphore
CreateEventExW
InitializeCriticalSectionEx
LeaveCriticalSection
SetEvent
ReleaseMutex
AcquireSRWLockExclusive
ReleaseSRWLockShared
DeleteCriticalSection
CreateMutexExW
AcquireSRWLockShared
WaitForSingleObjectEx
ReleaseSRWLockExclusive
OpenSemaphoreW
InitializeSRWLock

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetErrorMode
SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
SetErrorMode

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentThread
OpenProcessToken
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

NtCreateTimer2
RtlRaiseStatus
NtQuerySystemInformation
RtlInitUnicodeString
NtSetInformationThread
RtlIsMultiSessionSku
NtSetInformationProcess
RtlGetDeviceFamilyInfoEnum
DbgPrintEx
RtlFreeHeap
NtQuerySecurityPolicy
NtSetTimer2

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW

api-ms-win-core-winrt-string-l1-1-0

WindowsCompareStringOrdinal
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsDuplicateString
WindowsCreateStringReference
WindowsCreateString

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoWaitForMultipleHandles
CoTaskMemAlloc
CoQueryProxyBlanket
CoCreateFreeThreadedMarshaler
CoSetProxyBlanket
StringFromGUID2
CoCreateGuid
CoTaskMemFree
CoGetMalloc
CoGetApartmentType

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

wintrust

WTGetSignatureInfo

msvcp_win

?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-security-base-l1-1-0

RevertToSelf
ImpersonateLoggedOnUser

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceExecuteOnce
InitOnceComplete

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateDirectoryW
DeleteFileW
RemoveDirectoryW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-file-l1-2-0

GetTempPathW

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

01351d026ed6f51a635178e7776cd3ec

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-synch-l1-2-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

spoolss

api-ms-win-core-string-l1-1-0

api-ms-win-core-file-l1-1-0

ntdll

api-ms-win-core-heap-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-eventlog-legacy-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-privateprofile-l1-1-0

api-ms-win-security-activedirectoryclient-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-util-l1-1-0

Exports

Exports

Sections

.text Size: 852KB - Virtual size: 850KB

.rdata Size: 268KB - Virtual size: 267KB

.data Size: 28KB - Virtual size: 30KB

.pdata Size: 48KB - Virtual size: 45KB

.didat Size: 4KB - Virtual size: 1KB

.rsrc Size: 232KB - Virtual size: 228KB

.reloc Size: 4KB - Virtual size: 3KB

0171c8b34a2862ac3a0bc42087150e58

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5fCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

86:fc:11:4d:8f:d6:1f:8b:87:00:45:84:16:8b:d1:46:15:64:44:f9:68:8d:f3:b5:94:2f:52:b8:d6:58:f1:a4Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

.text
Size: 852KB - Virtual size: 850KB

.rdata
Size: 268KB - Virtual size: 267KB

.data
Size: 28KB - Virtual size: 30KB

.pdata
Size: 48KB - Virtual size: 45KB

.didat
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 232KB - Virtual size: 228KB

.reloc
Size: 4KB - Virtual size: 3KB

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

86:fc:11:4d:8f:d6:1f:8b:87:00:45:84:16:8b:d1:46:15:64:44:f9:68:8d:f3:b5:94:2f:52:b8:d6:58:f1:a4
Signer

.text
Size: 312KB - Virtual size: 308KB

RT_CODE
Size: 4KB - Virtual size: 344B

RT_BSS
Size: - Virtual size: 40B

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 8KB - Virtual size: 11KB

.pdata
Size: 16KB - Virtual size: 13KB

.didat
Size: 4KB - Virtual size: 176B

RT_CONST
Size: 4KB - Virtual size: 3KB

RT_DATA
Size: 4KB - Virtual size: 80B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 2KB