CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode
General
-
Target
briefer_2.0.exe
-
Size
122.9MB
-
MD5
07b0c0652b2b817a49beda1a3292ec9c
-
SHA1
f2aaae1155b32914766565381059ac75eb756b1d
-
SHA256
2ef937ee4268c29c620acb86a2a3dfd538bb54e592d6f7b49cc7cf4ff607bbca
-
SHA512
5f9171674bafc628839bad6782768b0de3967a3f55f4211bc785d5919b9f2da63bb20f7c3684cab2e6a07ef47e0318ef802442c1f9f168edb87783fec75e15d0
-
SSDEEP
3145728:fG1/LmdjWnIbOZStXA/UpaGy+zBhoiuJ/cjhH7:fS/adWIbOZl/yPorOjF
Score
10/10
Malware Config
Signatures
-
Nirsoft 24 IoCs
resource yara_rule static1/unpack001/tools/nirsoft/AppCompatibilityView/AppCompatibilityView.exe Nirsoft static1/unpack001/tools/nirsoft/AppCompatibilityView/AppCompatibilityView64.exe Nirsoft static1/unpack003/out.upx Nirsoft static1/unpack004/out.upx Nirsoft static1/unpack001/tools/nirsoft/Cports/cports64.exe Nirsoft static1/unpack005/out.upx Nirsoft static1/unpack001/tools/nirsoft/DriverView/DriverView64.exe Nirsoft static1/unpack001/tools/nirsoft/ExecutedProgramsList/ExecutedProgramsList.exe Nirsoft static1/unpack006/out.upx Nirsoft static1/unpack001/tools/nirsoft/HashMyFiles/HashMyFiles64.exe Nirsoft static1/unpack007/out.upx Nirsoft static1/unpack001/tools/nirsoft/InstalledPackagesView/InstalledPackagesView.exe Nirsoft static1/unpack001/tools/nirsoft/InstalledPackagesView/InstalledPackagesView64.exe Nirsoft static1/unpack001/tools/nirsoft/JumpListsView/JumpListsView.exe Nirsoft static1/unpack001/tools/nirsoft/LastActivityView/LastActivityView.exe Nirsoft static1/unpack001/tools/nirsoft/LoadedDllsView/LoadedDllsView.exe Nirsoft static1/unpack001/tools/nirsoft/LoadedDllsView/LoadedDllsView64.exe Nirsoft static1/unpack008/out.upx Nirsoft static1/unpack009/out.upx Nirsoft static1/unpack001/tools/nirsoft/RegDllView/RegDllView64.exe Nirsoft static1/unpack001/tools/nirsoft/SimpleWMIView/SimpleWMIView.exe Nirsoft static1/unpack001/tools/nirsoft/SimpleWMIView/SimpleWMIView64.exe Nirsoft static1/unpack001/tools/nirsoft/TaskSchedulerView/TaskSchedulerView.exe Nirsoft static1/unpack001/tools/nirsoft/TaskSchedulerView/TaskSchedulerView64.exe Nirsoft -
resource yara_rule static1/unpack001/tools/avz/avz.exe upx static1/unpack001/tools/nirsoft/AppCrashView/AppCrashView.exe upx static1/unpack001/tools/nirsoft/Cports/cports.exe upx static1/unpack001/tools/nirsoft/DriverView/DriverView.exe upx static1/unpack001/tools/nirsoft/HashMyFiles/HashMyFiles.exe upx static1/unpack001/tools/nirsoft/InjectedDll/InjectedDLL.exe upx static1/unpack001/tools/nirsoft/RecentFilesView/RecentFilesView.exe upx static1/unpack001/tools/nirsoft/RegDllView/RegDllView.exe upx static1/unpack001/tools/nirsoft/ShellBagsView/ShellBagsView.exe upx static1/unpack001/tools/nirsoft/UserAssistView/UserAssistView.exe upx static1/unpack001/tools/nirsoft/UserProfilesView/UserProfilesView.exe upx static1/unpack001/tools/nirsoft/WinUpdatesList/wul.exe upx static1/unpack001/tools/other/ExtractUsnJrnl.exe upx static1/unpack001/tools/other/ExtractUsnJrnl64.exe upx static1/unpack001/tools/other/RawCopy.exe upx static1/unpack001/tools/other/RawCopy64.exe upx -
Unsigned PE 80 IoCs
Checks for missing Authenticode signature.
resource briefer_2.0.exe unpack001/tools/7zip/7za.dll unpack001/tools/7zip/7za.exe unpack001/tools/7zip/7zxa.dll unpack001/tools/7zip/Far/7-ZipFar.dll unpack001/tools/7zip/Far/7-ZipFar64.dll unpack001/tools/7zip/x64/7za.dll unpack001/tools/7zip/x64/7za.exe unpack001/tools/7zip/x64/7zxa.dll unpack001/tools/PrcView/GraphControl.dll unpack001/tools/PrcView/PrcMon.dll unpack001/tools/PrcView/PrcView.exe unpack001/tools/PrcView/pv.exe unpack001/tools/RamCapture/x64/RamCaptureDriver64.sys unpack001/tools/avz/avz.exe unpack002/out.upx unpack003/out.upx unpack004/out.upx unpack005/out.upx unpack006/out.upx unpack001/tools/nirsoft/InjectedDll/InjectedDLL.exe unpack007/out.upx unpack008/out.upx unpack009/out.upx unpack001/tools/nirsoft/UserAssistView/UserAssistView.exe unpack001/tools/other/ExtractUsnJrnl.exe unpack001/tools/other/ExtractUsnJrnl64.exe unpack001/tools/other/RawCopy.exe unpack001/tools/other/RawCopy64.exe unpack001/tools/other/WinAudit.exe unpack001/tools/other/forecopy_handy.exe unpack001/tools/other/md5deep.exe unpack001/tools/other/md5deep64.exe unpack001/tools/other/promiscdetect.exe unpack001/tools/other/sha256deep.exe unpack001/tools/other/sha256deep64.exe unpack001/tools/wmic/x32/winmgmt.exe unpack001/tools/wmic/x32/winmgmtr.dll unpack001/tools/wmic/x32/wmi.dll unpack001/tools/wmic/x32/wmiadap.exe unpack001/tools/wmic/x32/wmiapres.dll unpack001/tools/wmic/x32/wmiaprpl.dll unpack001/tools/wmic/x32/wmiapsrv.exe unpack001/tools/wmic/x32/wmic.exe unpack001/tools/wmic/x32/wmicookr.dll unpack001/tools/wmic/x32/wmidcprv.dll unpack001/tools/wmic/x32/wmimsg.dll unpack001/tools/wmic/x32/wmipcima.dll unpack001/tools/wmic/x32/wmipdskq.dll unpack001/tools/wmic/x32/wmipicmp.dll unpack001/tools/wmic/x32/wmipiprt.dll unpack001/tools/wmic/x32/wmipjobj.dll unpack001/tools/wmic/x32/wmiprov.dll unpack001/tools/wmic/x32/wmiprvsd.dll unpack001/tools/wmic/x32/wmiprvse.exe unpack001/tools/wmic/x32/wmipsess.dll unpack001/tools/wmic/x32/wmisvc.dll unpack001/tools/wmic/x32/wmitimep.dll unpack001/tools/wmic/x64/WMIADAP.exe unpack001/tools/wmic/x64/WMIC.exe unpack001/tools/wmic/x64/WMICOOKR.dll unpack001/tools/wmic/x64/WMIPICMP.dll unpack001/tools/wmic/x64/WMIPIPRT.dll unpack001/tools/wmic/x64/WMIPJOBJ.dll unpack001/tools/wmic/x64/WMIPSESS.dll unpack001/tools/wmic/x64/WMIsvc.dll unpack001/tools/wmic/x64/WmiApRes.dll unpack001/tools/wmic/x64/WmiApRpl.dll unpack001/tools/wmic/x64/WmiApSrv.exe unpack001/tools/wmic/x64/WmiDcPrv.dll unpack001/tools/wmic/x64/WmiPerfClass.dll unpack001/tools/wmic/x64/WmiPerfInst.dll unpack001/tools/wmic/x64/WmiPrvSD.dll unpack001/tools/wmic/x64/WmiPrvSE.exe unpack001/tools/wmic/x64/wmipcima.dll unpack001/tools/wmic/x64/wmipdfs.dll unpack001/tools/wmic/x64/wmipdskq.dll unpack001/tools/wmic/x64/wmiprov.dll unpack001/tools/wmic/x64/wmitimep.dll unpack001/tools/wmic/x64/wmiutils.dll -
NSIS installer 2 IoCs
resource yara_rule sample nsis_installer_1 sample nsis_installer_2
Files
-
briefer_2.0.exe.exe windows:4 windows x86 arch:x86
ced282d9b261d1462772017fe2f6972b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegCreateKeyExA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
RegOpenKeyExA
RegEnumValueA
shell32
SHGetFileInfoA
SHFileOperationA
SHGetPathFromIDListA
ShellExecuteExA
SHGetSpecialFolderLocation
SHBrowseForFolderA
ole32
IIDFromString
OleInitialize
OleUninitialize
CoCreateInstance
CoTaskMemFree
comctl32
ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
user32
SetClipboardData
CharPrevA
CallWindowProcA
PeekMessageA
DispatchMessageA
MessageBoxIndirectA
GetDlgItemTextA
SetDlgItemTextA
GetSystemMetrics
CreatePopupMenu
AppendMenuA
TrackPopupMenu
FillRect
EmptyClipboard
LoadCursorA
GetMessagePos
CheckDlgButton
GetSysColor
SetCursor
GetWindowLongA
SetClassLongA
SetWindowPos
IsWindowEnabled
GetWindowRect
GetSystemMenu
EnableMenuItem
RegisterClassA
ScreenToClient
EndDialog
GetClassInfoA
SystemParametersInfoA
CreateWindowExA
ExitWindowsEx
DialogBoxParamA
CharNextA
SetTimer
DestroyWindow
CreateDialogParamA
SetForegroundWindow
SetWindowTextA
PostQuitMessage
SendMessageTimeoutA
ShowWindow
wsprintfA
GetDlgItem
FindWindowExA
IsWindow
GetDC
SetWindowLongA
LoadImageA
InvalidateRect
ReleaseDC
EnableWindow
BeginPaint
SendMessageA
DefWindowProcA
DrawTextA
GetClientRect
EndPaint
IsWindowVisible
CloseClipboard
OpenClipboard
gdi32
SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject
kernel32
GetExitCodeProcess
WaitForSingleObject
GetProcAddress
GetSystemDirectoryA
WideCharToMultiByte
MoveFileExA
ReadFile
GetTempFileNameA
WriteFile
RemoveDirectoryA
CreateProcessA
CreateFileA
GetLastError
CreateThread
CreateDirectoryA
GlobalUnlock
GetDiskFreeSpaceA
GlobalLock
SetErrorMode
GetVersion
lstrcpynA
GetCommandLineA
GetTempPathA
lstrlenA
SetEnvironmentVariableA
ExitProcess
GetWindowsDirectoryA
GetCurrentProcess
GetModuleFileNameA
CopyFileA
GetTickCount
Sleep
GetFileSize
GetFileAttributesA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetShortPathNameA
MoveFileA
CompareFileTime
SetFileTime
SearchPathA
lstrcmpiA
lstrcmpA
CloseHandle
GlobalFree
GlobalAlloc
ExpandEnvironmentStringsA
LoadLibraryExA
FreeLibrary
lstrcpyA
lstrcatA
FindClose
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
SetFilePointer
GetModuleHandleA
FindNextFileA
FindFirstFileA
DeleteFileA
MulDiv
Sections
.text Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 149KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 36KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
main.bat
-
mod_memdump.bat
-
modules/functions.bat
-
modules/mod_amp_db.bat.bat .vbs
-
modules/mod_avz.bat
-
modules/mod_bits.bat.bat .vbs
-
modules/mod_bootconf.bat
-
modules/mod_browsers.bat.bat .vbs
-
modules/mod_etl.bat.bat .vbs
-
modules/mod_final_hashing.bat.bat .vbs
-
modules/mod_firewall.bat.bat .vbs
-
modules/mod_forecopy.bat
-
modules/mod_gpo.bat
-
modules/mod_init_folders.bat
-
modules/mod_jumplists.bat
-
modules/mod_kvrt.bat
-
modules/mod_lnk.bat.bat .vbs
-
modules/mod_lnks.bat.bat .vbs
-
modules/mod_memory.bat.bat .vbs
-
modules/mod_networking.bat.bat .vbs
-
modules/mod_nirsoft.bat.bat .vbs
-
modules/mod_outlook.bat.bat .vbs
-
modules/mod_packing_data.bat
-
modules/mod_procview.bat.bat .vbs
-
modules/mod_promiscdetect.bat.bat .vbs
-
modules/mod_pslogfile.bat.bat .vbs
-
modules/mod_rdpcache.bat.bat .vbs
-
modules/mod_schedtasks.bat.bat .vbs
-
modules/mod_srumdb.bat.bat .vbs
-
modules/mod_syscache.bat.bat .vbs
-
modules/mod_sysinternals.bat.bat .vbs
-
modules/mod_usblog.bat.bat .vbs
-
modules/mod_userregistry.bat
-
modules/mod_usnjournal.bat
-
modules/mod_var_init.bat.bat .vbs
-
modules/mod_wer.bat
-
modules/mod_winaudit.bat.bat .vbs
-
modules/mod_wincmd.bat.bat .vbs
-
modules/mod_wmic.bat.bat .vbs
-
modules/toolpath_config.bat.bat .vbs
-
tools/7zip/7za.dll.dll windows:4 windows x86 arch:x86
cb36a1cf1dc11c2231c4415295a85d2f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
oleaut32
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
SysFreeString
VariantCopy
VariantClear
user32
CharUpperW
msvcrt
_adjust_fdiv
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memset
realloc
strlen
wcscmp
memcpy
memmove
free
_CxxThrowException
malloc
memcmp
_purecall
__CxxFrameHandler
kernel32
GetModuleHandleW
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
InterlockedIncrement
VirtualFree
VirtualAlloc
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersionExW
WaitForMultipleObjects
GlobalMemoryStatus
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
WriteFile
ReadFile
GetFileAttributesW
GetModuleHandleA
GetLastError
CloseHandle
CreateFileW
SetFileAttributesW
GetProcAddress
CreateDirectoryW
DeleteFileW
SetLastError
GetTempPathW
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
FindClose
FindFirstFileW
Exports
Exports
Sections
.text Size: 222KB - Virtual size: 222KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.sxdata Size: 512B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/7zip/7za.exe.exe windows:4 windows x86 arch:x86
1a9deef54b6b9763013f742bee84d533
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
oleaut32
VariantCopy
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
VariantClear
user32
CharPrevExA
CharUpperW
advapi32
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetFileSecurityW
msvcrt
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_beginthreadex
realloc
strlen
memset
wcscmp
wcsstr
strcmp
strstr
memmove
fputs
fputc
fflush
fgetc
fclose
_iob
free
_CxxThrowException
malloc
memcmp
_purecall
memcpy
__CxxFrameHandler
_isatty
_fileno
kernel32
ReleaseSemaphore
InitializeCriticalSection
ResetEvent
SetEvent
WaitForSingleObject
CreateSemaphoreW
GetProcAddress
InterlockedIncrement
VirtualFree
VirtualAlloc
QueryPerformanceCounter
LocalFileTimeToFileTime
SetConsoleMode
GetConsoleMode
GetVersionExW
SetFileApisToOEM
GetCommandLineW
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
DeleteCriticalSection
IsProcessorFeaturePresent
GetProcessTimes
OpenEventW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
SetProcessAffinityMask
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GlobalMemoryStatus
GetSystemInfo
GetProcessAffinityMask
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
GetCurrentProcess
GetDiskFreeSpaceW
GetFileInformationByHandle
SetEndOfFile
WriteFile
ReadFile
DeviceIoControl
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryW
GetModuleFileNameW
LocalFree
FormatMessageW
CloseHandle
SetFileTime
CreateFileW
SetFileAttributesW
RemoveDirectoryW
MoveFileW
SetFilePointer
GetModuleHandleW
CreateDirectoryW
DeleteFileW
SetLastError
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTempPathW
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
FindClose
FindFirstFileW
FindNextFileW
GetModuleHandleA
GetFileAttributesW
GetLogicalDriveStringsW
GetFileSize
CreateEventW
Sections
.text Size: 610KB - Virtual size: 609KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 81KB - Virtual size: 80KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.sxdata Size: 512B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/7zip/7zxa.dll.dll windows:4 windows x86 arch:x86
b56c6d8dc50f73376215a3b3ddce91c0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
oleaut32
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
VariantClear
msvcrt
_beginthreadex
_except_handler3
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
strlen
free
malloc
_CxxThrowException
memcpy
memmove
memcmp
_purecall
__CxxFrameHandler
memset
kernel32
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
CloseHandle
VirtualFree
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
GetVersionExW
WaitForMultipleObjects
GetModuleHandleW
GetProcAddress
GlobalMemoryStatus
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
GetLastError
DeleteCriticalSection
Exports
Exports
CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode
Sections
.text Size: 125KB - Virtual size: 125KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.sxdata Size: 512B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/7zip/Far/7-ZipEng.hlf
-
tools/7zip/Far/7-ZipEng.lng
-
tools/7zip/Far/7-ZipFar.dll.dll windows:4 windows x86 arch:x86
a9d57d1571bbcbc9018b406201affa2c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
oleaut32
VariantCopy
SysFreeString
SysStringLen
SysStringByteLen
SysAllocString
VariantClear
SysAllocStringLen
user32
LoadStringW
CharUpperW
advapi32
RegOpenKeyExW
GetFileSecurityW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
msvcrt
_adjust_fdiv
_initterm
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
_except_handler3
strstr
free
malloc
sprintf
memmove
strlen
memset
wcscmp
strcmp
_purecall
memcpy
_CxxThrowException
__CxxFrameHandler
memcmp
kernel32
GetDriveTypeW
VirtualAlloc
VirtualFree
InitializeCriticalSection
MultiByteToWideChar
GetCurrentProcess
GetSystemTimeAsFileTime
FileTimeToDosDateTime
lstrlenW
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
GetFileInformationByHandle
DeviceIoControl
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
GetFileAttributesW
GetModuleHandleA
FindNextFileW
FindFirstFileW
FindClose
GetCurrentThreadId
GetCurrentProcessId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
ReadConsoleInputW
GetNumberOfConsoleInputEvents
GetStdHandle
GetVersionExW
GetTickCount
AreFileApisANSI
WideCharToMultiByte
FreeLibrary
LoadLibraryExW
LoadLibraryW
GetModuleFileNameW
LocalFree
FormatMessageW
CloseHandle
SetFileTime
CreateFileW
SetFileAttributesW
RemoveDirectoryW
MoveFileW
GetProcAddress
GetModuleHandleW
CreateDirectoryW
DeleteFileW
SetLastError
GetCurrentDirectoryW
GetTempPathW
Exports
Exports
ClosePlugin
Configure
DeleteFiles
ExitFAR
FreeFindData
GetFiles
GetFindData
GetOpenPluginInfo
GetPluginInfo
OpenFilePlugin
OpenPlugin
ProcessKey
PutFiles
SetDirectory
SetStartupInfo
Sections
.text Size: 183KB - Virtual size: 183KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 37KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.sxdata Size: 512B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 840B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/7zip/Far/7-ZipFar64.dll.dll windows:4 windows x64 arch:x64
afd674a52472e20c3228dd4fbfd02908
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
oleaut32
SysAllocString
SysStringLen
SysAllocStringLen
VariantClear
VariantCopy
SysStringByteLen
SysFreeString
user32
CharUpperW
LoadStringW
advapi32
RegDeleteKeyW
GetFileSecurityW
SetFileSecurityW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
msvcrt
strstr
free
malloc
sprintf
strlen
memset
wcscmp
strcmp
_CxxThrowException
memcpy
__CxxFrameHandler
memcmp
__C_specific_handler
__dllonexit
_onexit
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
memmove
kernel32
VirtualAlloc
VirtualFree
InitializeCriticalSection
Sleep
WideCharToMultiByte
GetDriveTypeW
GetCurrentProcess
GetSystemTimeAsFileTime
FileTimeToDosDateTime
lstrlenW
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
GetFileInformationByHandle
DeviceIoControl
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
GetFileAttributesW
GetModuleHandleA
FindNextFileW
FindFirstFileW
FindClose
GetCurrentThreadId
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReadConsoleInputW
GetNumberOfConsoleInputEvents
GetStdHandle
GetLastError
GetTickCount
AreFileApisANSI
MultiByteToWideChar
FreeLibrary
LoadLibraryExW
LoadLibraryW
GetModuleFileNameW
LocalFree
FormatMessageW
CloseHandle
SetFileTime
CreateFileW
SetFileAttributesW
RemoveDirectoryW
MoveFileW
GetProcAddress
GetModuleHandleW
CreateDirectoryW
DeleteFileW
GetCurrentDirectoryW
GetTempPathW
SetLastError
GetCurrentProcessId
Exports
Exports
ClosePlugin
Configure
DeleteFiles
ExitFAR
FreeFindData
GetFiles
GetFindData
GetOpenPluginInfo
GetPluginInfo
OpenFilePlugin
OpenPlugin
ProcessKey
PutFiles
SetDirectory
SetStartupInfo
Sections
.text Size: 267KB - Virtual size: 267KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 98KB - Virtual size: 98KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 840B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/7zip/Far/7-ZipRus.hlf
-
tools/7zip/Far/7-ZipRus.lng
-
tools/7zip/Far/7zToFar.ini
-
tools/7zip/Far/far7z.reg
-
tools/7zip/Far/far7z.txt
-
tools/7zip/License.txt
-
tools/7zip/history.txt
-
tools/7zip/readme.txt
-
tools/7zip/x64/7za.dll.dll windows:4 windows x64 arch:x64
22ca0a9fa52636be630f15cf36ce68e9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
oleaut32
VariantClear
VariantCopy
SysAllocString
SysAllocStringByteLen
SysFreeString
SysAllocStringLen
user32
CharUpperW
advapi32
SystemFunction036
msvcrt
strlen
__CxxFrameHandler
wcscmp
realloc
memcpy
free
_CxxThrowException
malloc
memcmp
_purecall
memset
__C_specific_handler
_beginthreadex
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm
memmove
kernel32
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
Sleep
CreateEventW
WaitForSingleObject
VirtualFree
VirtualAlloc
SetEvent
QueryPerformanceCounter
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForMultipleObjects
GlobalMemoryStatusEx
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
WriteFile
ReadFile
GetFileAttributesW
GetModuleHandleA
FindFirstFileW
FindClose
GetCurrentThreadId
GetLastError
CloseHandle
CreateFileW
SetFileAttributesW
GetProcAddress
CreateDirectoryW
DeleteFileW
GetTempPathW
SetLastError
GetCurrentProcessId
GetTickCount
Exports
Exports
CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode
Sections
.text Size: 282KB - Virtual size: 281KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 62KB - Virtual size: 61KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/7zip/x64/7za.exe.exe windows:4 windows x64 arch:x64
7232d06dc00920698f0cad2452012553
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
oleaut32
SysStringLen
VariantClear
VariantCopy
SysAllocString
SysFreeString
SysAllocStringLen
user32
CharUpperW
CharPrevExA
advapi32
GetFileSecurityW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
SystemFunction036
msvcrt
_exit
_c_exit
_XcptFilter
_onexit
__dllonexit
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__C_specific_handler
_beginthreadex
_isatty
realloc
strlen
memset
wcsstr
strstr
wcscmp
_cexit
memmove
fflush
fputc
fputs
_iob
fgetc
fclose
free
_CxxThrowException
malloc
memcmp
_purecall
__CxxFrameHandler
memcpy
exit
__getmainargs
__initenv
_initterm
__setusermatherr
_commode
_fmode
__set_app_type
strcmp
kernel32
ResetEvent
CreateSemaphoreW
CreateEventW
ReleaseSemaphore
InitializeCriticalSection
GetVersionExW
SetEvent
SetFileAttributesW
WaitForSingleObject
VirtualFree
VirtualAlloc
QueryPerformanceCounter
LocalFileTimeToFileTime
GetConsoleMode
SetConsoleMode
SetFileApisToOEM
GetCommandLineW
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
IsProcessorFeaturePresent
GetProcessTimes
DeleteCriticalSection
SetProcessAffinityMask
OpenEventW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
GetStdHandle
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GlobalMemoryStatusEx
GetSystemInfo
GetProcessAffinityMask
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
GetCurrentProcess
GetDiskFreeSpaceW
GetFileInformationByHandle
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
DeviceIoControl
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryW
GetModuleFileNameW
LocalFree
FormatMessageW
CloseHandle
SetFileTime
CreateFileW
RemoveDirectoryW
MoveFileW
GetProcAddress
GetModuleHandleW
CreateDirectoryW
DeleteFileW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTempPathW
SetLastError
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
FindClose
FindFirstFileW
FindNextFileW
GetModuleHandleA
GetFileAttributesW
GetLogicalDriveStringsW
Sections
.text Size: 826KB - Virtual size: 826KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 228KB - Virtual size: 227KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 57KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/7zip/x64/7zxa.dll.dll windows:4 windows x64 arch:x64
aca74ba801aaf3b47c3daa7d7e22a9db
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
oleaut32
SysFreeString
SysAllocStringByteLen
VariantClear
SysAllocStringLen
msvcrt
_onexit
__dllonexit
??1type_info@@UEAA@XZ
__C_specific_handler
_beginthreadex
memset
strlen
__CxxFrameHandler
malloc
_CxxThrowException
memmove
memcpy
memcmp
_purecall
free
_initterm
?terminate@@YAXXZ
kernel32
GetProcessAffinityMask
GetCurrentProcess
GetSystemInfo
GlobalMemoryStatusEx
Sleep
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
CloseHandle
VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForMultipleObjects
GetLastError
Exports
Exports
CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode
Sections
.text Size: 150KB - Virtual size: 150KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 34KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/PrcView/GraphControl.dll.dll windows:4 windows x86 arch:x86
c99740b4ce58b10f73eb927e6daba9e2
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
c:\Projects\PrcView\GraphControl\Release\GraphControl.pdb
Imports
kernel32
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
LoadLibraryA
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
WriteFile
UnhandledExceptionFilter
GetEnvironmentStringsW
GetLocaleInfoA
GetACP
InterlockedExchange
HeapFree
DisableThreadLibraryCalls
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
FlushInstructionCache
GetProcessHeap
HeapAlloc
GetCurrentThreadId
RaiseException
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
RtlUnwind
ExitProcess
HeapReAlloc
GetCommandLineA
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
TerminateProcess
HeapSize
VirtualQuery
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
user32
PostMessageA
GetParent
KillTimer
SetTimer
InvalidateRect
SendMessageA
CallWindowProcA
GetWindowLongA
DefWindowProcA
RegisterClassExA
LoadCursorA
wsprintfA
CreateWindowExA
SetWindowLongA
IsWindow
ShowWindow
UnregisterClassA
DrawTextA
EndPaint
BeginPaint
RedrawWindow
GetClientRect
MoveWindow
SystemParametersInfoA
GetClassInfoExA
gdi32
Polyline
CreatePen
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
ExtTextOutA
BitBlt
LineTo
MoveToEx
SetTextColor
SetBkColor
GetStockObject
GetObjectA
CreateFontIndirectA
SelectObject
GetTextMetricsA
Exports
Exports
CreateGraphControl
GraphControlVersion
_CreateGraphControl@16
_GraphControlVersion@0
Sections
.text Size: 56KB - Virtual size: 55KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 912B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/PrcView/PRCVIEW.HLP
-
tools/PrcView/PrcMon.dll.dll windows:4 windows x86 arch:x86
b105eff2ad59671b6c14deda8b041297
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
c:\Work\Projects\Pv\PrcView\bin\Release\PrcMon.pdb
Imports
kernel32
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
VerLanguageNameA
GetVersion
LoadLibraryA
DeviceIoControl
TerminateThread
WaitForSingleObject
SetEvent
lstrlenA
GetFullPathNameW
Sleep
WaitForMultipleObjects
CreateThread
CreateEventA
FreeResource
DeleteFileW
LockResource
FindResourceExW
GetSystemDirectoryW
CompareStringW
SearchPathA
FindClose
FindNextFileA
FindFirstFileA
GetWindowsDirectoryA
SetEnvironmentVariableA
CompareStringA
GetLocaleInfoW
SetEndOfFile
SetConsoleCtrlHandler
GetTimeZoneInformation
GetSystemInfo
VirtualProtect
CreateFileA
ReadFile
FlushFileBuffers
SetStdHandle
GetOEMCP
GetStringTypeW
lstrcpynA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetCPInfo
LCMapStringW
LCMapStringA
SetFilePointer
IsBadCodePtr
IsBadReadPtr
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThread
SetLastError
TlsAlloc
SetUnhandledExceptionFilter
GetModuleFileNameA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapSize
TerminateProcess
GetModuleHandleA
IsBadWritePtr
VirtualAlloc
FatalAppExitA
VirtualFree
HeapCreate
HeapDestroy
VirtualQuery
GetCommandLineA
HeapReAlloc
ExitProcess
RtlUnwind
GetProcAddress
lstrcmpW
GetCurrentProcessId
lstrcpynW
lstrcmpiW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetModuleFileNameW
lstrcpyW
DisableThreadLibraryCalls
GetVersionExA
InterlockedDecrement
InterlockedIncrement
CreateFileW
CloseHandle
WriteFile
GetLastError
FormatMessageW
GetFileAttributesA
LocalFree
GetModuleHandleW
LoadLibraryW
FreeLibrary
lstrlenW
GlobalAlloc
GlobalLock
GlobalUnlock
GetCurrentThreadId
GetComputerNameW
HeapAlloc
GetCurrentProcess
FlushInstructionCache
SystemTimeToFileTime
CompareFileTime
SystemTimeToTzSpecificLocalTime
GetDateFormatW
GetTimeFormatW
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetProcessHeap
HeapFree
DeleteCriticalSection
InitializeCriticalSection
GetStringTypeA
RaiseException
user32
SetMenuDefaultItem
TranslateAcceleratorW
DrawFrameControl
InflateRect
DrawEdge
GetClassNameW
ModifyMenuW
IsMenu
CallNextHookEx
SetWindowsHookExW
GetKeyState
SetFocus
UnregisterClassA
EndDialog
CharLowerW
UnhookWindowsHookEx
SetRectEmpty
RegisterWindowMessageW
GetSysColorBrush
FrameRect
PostQuitMessage
GetMessagePos
WindowFromPoint
GetMenuItemCount
MessageBeep
GetWindowThreadProcessId
IsWindowEnabled
CharNextW
DestroyMenu
LoadAcceleratorsW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
SetWindowTextW
SendDlgItemMessageW
LoadStringA
MessageBoxA
GetWindowLongW
CheckDlgButton
IsDlgButtonChecked
SetDlgItemTextW
GetParent
GetDlgItem
SetWindowTextA
wsprintfA
CharNextExA
GetMenuItemInfoW
BeginDeferWindowPos
EndDeferWindowPos
OffsetRect
DeferWindowPos
IsWindowVisible
UpdateWindow
RegisterClassExW
CreateWindowExW
GetWindowDC
GetFocus
SetWindowPos
MapWindowPoints
GetClientRect
CheckMenuItem
LoadCursorW
wsprintfW
GetClassInfoExW
ShowWindow
MoveWindow
SetMenu
PtInRect
LoadMenuW
GetSubMenu
SetMenuItemInfoW
TrackPopupMenuEx
GetSysColor
GetActiveWindow
DialogBoxParamW
CreateDialogParamW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DefWindowProcW
GetDC
FillRect
DrawTextW
ReleaseDC
EndPaint
BeginPaint
MessageBoxW
IsWindow
KillTimer
SetTimer
InvalidateRect
ScreenToClient
ClientToScreen
CallWindowProcW
DestroyWindow
GetSystemMetrics
LoadImageW
LoadStringW
SendMessageW
LoadIconW
DestroyIcon
SetWindowLongW
EnableWindow
UnregisterClassW
PostMessageW
GetWindow
GetWindowRect
SystemParametersInfoW
gdi32
CreateDIBSection
PatBlt
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
CreateBitmap
CreatePatternBrush
SetBkColor
SetBrushOrgEx
SetTextColor
SetBkMode
GetStockObject
GetObjectW
CreateFontIndirectW
GetDeviceCaps
SelectObject
GetTextMetricsW
GetBkColor
DeleteObject
CreateSolidBrush
DeleteDC
comdlg32
GetSaveFileNameW
advapi32
RegQueryInfoKeyW
RegFlushKey
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
OpenSCManagerA
DeleteService
ControlService
OpenServiceW
StartServiceA
CreateServiceW
CloseServiceHandle
LookupAccountSidW
RegQueryValueExW
shell32
ExtractIconExW
ole32
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
oleaut32
SysFreeString
VarUI4FromStr
shlwapi
PathFindFileNameW
comctl32
ImageList_Create
ImageList_LoadImageW
CreateStatusWindowW
ImageList_Destroy
ImageList_GetImageCount
InitCommonControlsEx
ImageList_Draw
ImageList_ReplaceIcon
version
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA
Exports
Exports
Check
DebugRun
Install
Run
SetProperty
Uninstall
Sections
.text Size: 188KB - Virtual size: 186KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 32KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 72KB - Virtual size: 71KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/PrcView/PrcView.exe.exe windows:4 windows x86 arch:x86
770037a180ddc8b23c2f056890003004
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
d:\Projects\PrcView\Release\PrcView.pdb
Imports
version
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA
comctl32
ImageList_Create
ord17
ImageList_GetImageCount
ImageList_SetOverlayImage
ImageList_Destroy
ImageList_Remove
ord6
ImageList_LoadImageA
ImageList_ReplaceIcon
kernel32
GetProcAddress
LoadLibraryA
GetCurrentProcess
GetModuleHandleA
lstrcmpA
lstrcmpiA
GlobalUnlock
lstrcpyA
GlobalFree
GlobalLock
GlobalAlloc
CompareFileTime
IsBadStringPtrA
UnmapViewOfFile
lstrcpynA
MapViewOfFile
CreateFileMappingA
ReadProcessMemory
VirtualQueryEx
OpenProcess
GetCurrentProcessId
GetPriorityClass
GetEnvironmentVariableA
WideCharToMultiByte
GetSystemTimeAsFileTime
WaitForSingleObject
TerminateProcess
SetPriorityClass
WinExec
GetCurrentThreadId
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
VerLanguageNameA
GetUserDefaultLCID
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
GetVersion
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
WriteFile
GetSystemInfo
VirtualProtect
SetStdHandle
GetStdHandle
SetHandleCount
SetFilePointer
ReadFile
SetEndOfFile
HeapSize
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
FatalAppExitA
VirtualFree
HeapCreate
HeapDestroy
VirtualQuery
LCMapStringW
LCMapStringA
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThread
SetLastError
TlsAlloc
GetCPInfo
GetOEMCP
GetCommandLineA
GetStartupInfoA
ExitProcess
HeapReAlloc
GetFileType
HeapAlloc
HeapFree
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
GetModuleFileNameA
FindFirstFileA
FindNextFileA
FindClose
ExpandEnvironmentStringsA
CreateDirectoryA
CreateFileA
GetWindowsDirectoryA
DeleteFileA
EnumSystemLocalesA
MoveFileA
MoveFileExA
GetLastError
CompareStringW
MultiByteToWideChar
FlushFileBuffers
GetTimeZoneInformation
SetConsoleCtrlHandler
SearchPathA
OutputDebugStringA
DebugBreak
InterlockedIncrement
InterlockedDecrement
lstrlenA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CloseHandle
Sleep
GetLocaleInfoW
CompareStringA
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetFileAttributesA
user32
TranslateAcceleratorA
GetMessageA
GetClassInfoA
LoadAcceleratorsA
CheckMenuItem
GetMenuItemInfoA
EnableWindow
WinHelpA
SetDlgItemTextA
EnumWindows
GetWindowTextA
GetClassLongA
SetCapture
SetCursor
WindowFromPoint
GetWindowThreadProcessId
GetWindowDC
PostQuitMessage
BeginPaint
EndPaint
PeekMessageA
wsprintfW
TranslateMessage
EmptyClipboard
CloseClipboard
SetClipboardData
GetWindow
CharNextExA
MessageBoxA
GetDesktopWindow
DestroyWindow
IsDlgButtonChecked
CheckDlgButton
TrackPopupMenu
LoadMenuA
GetMenuStringA
GetSubMenu
GetMenu
DestroyIcon
SystemParametersInfoA
LoadImageA
LoadCursorA
DispatchMessageA
IsWindowVisible
AttachThreadInput
SetParent
IsWindow
SetSystemCursor
DeleteMenu
RegisterClassExA
RegisterClassA
CreateWindowExA
UpdateWindow
CopyIcon
OpenClipboard
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
KillTimer
GetWindowLongA
SetTimer
SetWindowPos
GetParent
GetAsyncKeyState
GetDlgItemTextA
CallWindowProcA
RegisterWindowMessageA
DefWindowProcA
DefDlgProcA
DefFrameProcA
DefMDIChildProcA
EndDialog
GetMessagePos
MapWindowPoints
DialogBoxParamA
GetKeyState
GetDlgItem
PostMessageA
GetDC
FillRect
DrawTextA
ReleaseDC
SetWindowLongA
SetWindowTextA
wsprintfA
CharNextA
wvsprintfA
UnregisterClassA
EnableMenuItem
GetForegroundWindow
FindWindowA
WaitForInputIdle
ShowWindow
SetForegroundWindow
FindWindowExA
SetFocus
InvalidateRect
GetSystemMetrics
LoadStringA
SendMessageA
GetClientRect
GetWindowRect
MoveWindow
GetCursorPos
gdi32
BitBlt
RealizePalette
StretchBlt
GetStockObject
CreateFontIndirectA
GetObjectA
CreateCompatibleDC
GetDIBColorTable
CreatePalette
DeleteDC
CreatePen
SetROP2
SelectPalette
MoveToEx
LineTo
GetDeviceCaps
SelectObject
CreateHalftonePalette
DeleteObject
SetBkMode
comdlg32
GetSaveFileNameA
GetOpenFileNameA
advapi32
RegQueryValueExW
RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegEnumKeyExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegFlushKey
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
GetSecurityDescriptorOwner
shell32
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
ExtractIconExA
ShellExecuteExA
Shell_NotifyIconA
ole32
CoInitialize
CoUninitialize
CoCreateInstance
oleaut32
SysFreeString
Sections
.text Size: 164KB - Virtual size: 160KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 32KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 116KB - Virtual size: 115KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/PrcView/README.TXT
-
tools/PrcView/foo.txt
-
tools/PrcView/pv.exe.exe windows:4 windows x86 arch:x86
64a773f8fc346e5470dd82cf7b43c605
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
kernel32
ExitProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
GetVersion
CloseHandle
GetProcAddress
GetModuleHandleA
SetPriorityClass
OpenProcess
WaitForSingleObject
TerminateProcess
GetCurrentProcessId
WaitForMultipleObjectsEx
Sleep
GetCurrentProcess
LoadLibraryA
lstrcpyA
GetEnvironmentVariableA
GetPriorityClass
ReadProcessMemory
VirtualQueryEx
WideCharToMultiByte
GetLastError
UnmapViewOfFile
lstrcpynA
MapViewOfFile
CreateFileMappingA
CreateFileA
lstrcmpiA
QueryPerformanceCounter
GetOEMCP
GetACP
HeapSize
SetStdHandle
ReadFile
GetSystemInfo
VirtualProtect
GetCPInfo
GetLocaleInfoA
HeapFree
HeapAlloc
SetEndOfFile
RtlUnwind
GetCommandLineA
GetVersionExA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
LCMapStringA
MultiByteToWideChar
LCMapStringW
WriteFile
FlushFileBuffers
GetStringTypeA
GetStringTypeW
InterlockedExchange
VirtualQuery
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetFilePointer
user32
GetWindowTextA
GetDesktopWindow
SendMessageA
SetForegroundWindow
GetWindow
GetWindowThreadProcessId
GetWindowLongA
wsprintfA
CharNextExA
Sections
.text Size: 40KB - Virtual size: 37KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
tools/PrcView/pv.txt
-
tools/RamCapture/x32/RamCapture.exe.exe windows:5 windows x86 arch:x86
b36b35f049bd8883439eb459092241c9
Code Sign
0a:3d:43:40:46:fc:f0:6c:91:16:6b:2f:e2:b6:37:b7Certificate
IssuerCN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before17/05/2018, 00:00Not After16/05/2019, 12:00SubjectSERIALNUMBER=6128132,CN=Belkasoft LLC,O=Belkasoft LLC,L=Menlo Park,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate
IssuerCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2014, 00:00Not After22/10/2024, 00:00SubjectCN=DigiCert Timestamp Responder,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before18/04/2012, 12:00Not After18/04/2027, 12:00SubjectCN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before10/11/2006, 00:00Not After10/11/2021, 00:00SubjectCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:b9:9e:ba:73:0a:f4:15:71:b4:a4:20:89:98:85:45Certificate
IssuerCN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=USNot Before13/04/2018, 00:00Not After16/05/2019, 12:00SubjectSERIALNUMBER=6128132,CN=Belkasoft LLC,O=Belkasoft LLC,L=Menlo Park,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before18/04/2012, 12:00Not After18/04/2027, 12:00SubjectCN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before04/01/2017, 00:00Not After18/01/2028, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
c3:61:40:8e:f4:b2:ac:d6:66:c6:47:d2:ed:38:d8:f9:09:0b:9e:44:ec:9a:5b:90:0d:d2:bd:a0:69:43:2f:3fSigner
Actual PE Digestc3:61:40:8e:f4:b2:ac:d6:66:c6:47:d2:ed:38:d8:f9:09:0b:9e:44:ec:9a:5b:90:0d:d2:bd:a0:69:43:2f:3fDigest Algorithmsha256PE Digest Matchestrue0c:c3:69:98:39:4c:4f:89:f9:35:30:c1:64:39:4e:de:d6:39:01:f5Signer
Actual PE Digest0c:c3:69:98:39:4c:4f:89:f9:35:30:c1:64:39:4e:de:d6:39:01:f5Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetConsoleWindow
SetConsoleMode
GetFileAttributesW
GetModuleFileNameW
CreateFileW
GetStdHandle
VirtualAlloc
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
SetConsoleTitleW
CloseHandle
WriteFile
lstrlenW
GetProcAddress
DeviceIoControl
VirtualFree
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
GetTickCount
GetModuleHandleW
QueryPerformanceCounter
SetFilePointerEx
GetCurrentProcess
SetConsoleTextAttribute
SetEndOfFile
CreateThread
GetNativeSystemInfo
user32
GetSystemMetrics
GetWindowTextLengthW
PostQuitMessage
DialogBoxParamW
LoadIconW
EndDialog
ShowWindow
MessageBoxW
GetDlgItemTextW
SetDlgItemTextW
SendMessageW
EnableWindow
GetDlgItem
advapi32
OpenProcessToken
AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
LookupPrivilegeValueW
msvcp110
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
shlwapi
SHDeleteKeyW
PathAppendW
PathRemoveFileSpecW
comctl32
ord17
msvcr110
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
?terminate@@YAXXZ
_except_handler4_common
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
__CxxFrameHandler3
_CxxThrowException
memcpy
memmove
strlen
wprintf
wcslen
_vswprintf
memset
wcsftime
_wsplitpath
rand
srand
_purecall
??3@YAXPAX@Z
_itow
_localtime64
_time64
??2@YAPAXI@Z
_vsnwprintf_s
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__winitenv
_fmode
_commode
Sections
.text Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/RamCapture/x32/RamCaptureDriver.sys.sys windows:10 windows x86 arch:x86
75fc1e2a78392681118e04f3a90e2bc2
Code Sign
0a:3d:43:40:46:fc:f0:6c:91:16:6b:2f:e2:b6:37:b7Certificate
IssuerCN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before17/05/2018, 00:00Not After16/05/2019, 12:00SubjectSERIALNUMBER=6128132,CN=Belkasoft LLC,O=Belkasoft LLC,L=Menlo Park,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate
IssuerCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2014, 00:00Not After22/10/2024, 00:00SubjectCN=DigiCert Timestamp Responder,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before18/04/2012, 12:00Not After18/04/2027, 12:00SubjectCN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before10/11/2006, 00:00Not After10/11/2021, 00:00SubjectCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:b9:9e:ba:73:0a:f4:15:71:b4:a4:20:89:98:85:45Certificate
IssuerCN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=USNot Before13/04/2018, 00:00Not After16/05/2019, 12:00SubjectSERIALNUMBER=6128132,CN=Belkasoft LLC,O=Belkasoft LLC,L=Menlo Park,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before18/04/2012, 12:00Not After18/04/2027, 12:00SubjectCN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before04/01/2017, 00:00Not After18/01/2028, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
bc:b4:64:e6:ef:fd:e0:9c:8b:1c:13:7b:4a:8d:a4:4b:2f:c9:f0:52:bd:e1:12:09:92:eb:6d:33:b7:34:5d:bcSigner
Actual PE Digestbc:b4:64:e6:ef:fd:e0:9c:8b:1c:13:7b:4a:8d:a4:4b:2f:c9:f0:52:bd:e1:12:09:92:eb:6d:33:b7:34:5d:bcDigest Algorithmsha256PE Digest Matchestrue6d:dd:a2:b2:b1:e9:1e:5e:02:46:43:68:89:a5:d2:68:57:81:ff:01Signer
Actual PE Digest6d:dd:a2:b2:b1:e9:1e:5e:02:46:43:68:89:a5:d2:68:57:81:ff:01Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
G:\Development\git_hub\BEC.RAM-Capturer\Win32\Release\bin\RamCaptureDriver.pdb
Imports
ntoskrnl.exe
RtlInitUnicodeString
DbgPrint
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
MmGetPhysicalMemoryRanges
MmIsAddressValid
MmMapMemoryDumpMdl
ZwQuerySystemInformation
memcpy
KeBugCheckEx
RtlUnwind
Sections
.text Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 748B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 512B - Virtual size: 468B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/RamCapture/x32/msvcp110.dll.dll windows:6 windows x86 arch:x86
098e9eddf1a24b3fd9465ee992148a02
Code Sign
33:00:00:00:9d:1e:8d:27:ae:b8:f3:d8:38:00:01:00:00:00:9dCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/09/2012, 21:42Not After04/03/2013, 21:42SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2bCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/09/2012, 21:12Not After04/12/2013, 21:12SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:08:e2:79:fa:0d:25:58:45:ea:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before07/07/2012, 00:14Not After07/10/2013, 00:14SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
bd:da:49:3e:e0:d0:cf:a8:1e:ba:49:76:d1:38:5e:50:ea:b9:84:2f:8b:f8:ee:1c:ee:b6:de:b5:98:7f:ae:bfSigner
Actual PE Digestbd:da:49:3e:e0:d0:cf:a8:1e:ba:49:76:d1:38:5e:50:ea:b9:84:2f:8b:f8:ee:1c:ee:b6:de:b5:98:7f:ae:bfDigest Algorithmsha256PE Digest Matchestruebf:fa:d4:6b:19:62:38:e3:7a:c8:07:80:df:f1:d6:ab:5d:65:be:e9Signer
Actual PE Digestbf:fa:d4:6b:19:62:38:e3:7a:c8:07:80:df:f1:d6:ab:5d:65:be:e9Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
msvcp110.i386.pdb
Imports
msvcr110
fgetpos
fsetpos
_fseeki64
fwrite
setvbuf
ungetc
_lock_file
_unlock_file
memcpy_s
memset
_fsopen
fseek
_wfsopen
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?_ScheduleTask@_CurrentScheduler@details@Concurrency@@SAXP6AXPAX@Z0@Z
?set@event@Concurrency@@QAEXXZ
ldexp
sprintf_s
strcspn
wcslen
_Strftime
_Wcsftime
strcmp
setlocale
_malloc_crt
_realloc_crt
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
fgetwc
fputwc
ungetwc
__uncaught_exception
towupper
towlower
_errno
memcmp
_wcsdup
___lc_locale_name_func
___lc_collate_cp_func
__crtCompareStringA
__crtLCMapStringA
___lc_codepage_func
_ismbblead
remove
rename
_wremove
_wgetcwd
_wchdir
_wmkdir
_wrmdir
_wrename
_getcwd
_chdir
_mkdir
_rmdir
__crtIsPackagedApp
__crtCreateSymbolicLinkW
calloc
??0_Condition_variable@details@Concurrency@@QAE@XZ
fgetc
?wait@_Condition_variable@details@Concurrency@@QAEXAAVcritical_section@3@@Z
?wait_for@_Condition_variable@details@Concurrency@@QAE_NAAVcritical_section@3@I@Z
?notify_one@_Condition_variable@details@Concurrency@@QAEXXZ
?notify_all@_Condition_variable@details@Concurrency@@QAEXXZ
_beginthreadex
_endthreadex
??0critical_section@Concurrency@@QAE@XZ
??1critical_section@Concurrency@@QAE@XZ
?lock@critical_section@Concurrency@@QAEXXZ
?try_lock@critical_section@Concurrency@@QAE_NXZ
?try_lock_for@critical_section@Concurrency@@QAE_NI@Z
?unlock@critical_section@Concurrency@@QAEXXZ
?terminate@@YAXXZ
__crtFlsAlloc
__crtFlsFree
__crtFlsGetValue
__crtFlsSetValue
??0operation_timed_out@Concurrency@@QAE@XZ
?Alloc@Concurrency@@YAPAXI@Z
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPAX@Z0@Z
??0invalid_link_target@Concurrency@@QAE@PBD@Z
??0message_not_found@Concurrency@@QAE@XZ
?_Trace_agents@Concurrency@@YAXW4Agents_EventType@1@_JZZ
??0bad_target@Concurrency@@QAE@XZ
??0invalid_operation@Concurrency@@QAE@PBD@Z
?wait@event@Concurrency@@QAEII@Z
??1event@Concurrency@@QAE@XZ
??0event@Concurrency@@QAE@XZ
?Free@Concurrency@@YAXPAX@Z
??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
?_Yield@_Context@details@Concurrency@@SAXXZ
?_UnderlyingYield@details@Concurrency@@YAXXZ
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ
?GetNumberOfVirtualProcessors@CurrentScheduler@Concurrency@@SAIXZ
?IsCurrentTaskCollectionCanceling@Context@Concurrency@@SA_NXZ
??0task_canceled@Concurrency@@QAE@XZ
??1_SpinLock@details@Concurrency@@QAE@XZ
??0_SpinLock@details@Concurrency@@QAE@ACJ@Z
?Log2@details@Concurrency@@YAKI@Z
_lock
_unlock
__pctype_func
isupper
_calloc_crt
__crtGetLocaleInfoEx
islower
__crtLCMapStringW
isspace
tolower
memchr
sqrt
isdigit
isalnum
__crtCompareStringW
__dllonexit
_onexit
??1type_info@@UAE@XZ
__CppXcptFilter
_amsg_exit
_initterm
_initterm_e
_except_handler4_common
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__clean_type_info_names_internal
fflush
fclose
__CxxFrameHandler3
_CxxThrowException
?what@exception@std@@UBEPBDXZ
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
_W_Gettnames
_W_Getmonths
_W_Getdays
_Gettnames
_Getmonths
_Getdays
localeconv
??0bad_cast@std@@QAE@PBD@Z
??_V@YAXPAX@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
memmove
strlen
memcpy
malloc
free
___mb_cur_max_func
_purecall
rand_s
fputs
fputc
__iob_func
abort
log
__crtInitializeCriticalSectionEx
??3@YAXPAX@Z
??1_Condition_variable@details@Concurrency@@QAE@XZ
??2@YAPAXI@Z
kernel32
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
GetSystemTimeAsFileTime
InterlockedExchange
GetExitCodeThread
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
Sleep
WaitForSingleObject
DuplicateHandle
AreFileApisANSI
CreateHardLinkW
CopyFileW
GetLastError
CloseHandle
SetFileTime
GetFileInformationByHandle
GetFileAttributesExW
GetDiskFreeSpaceExW
FindNextFileW
FindFirstFileExW
FindClose
CreateFileW
WideCharToMultiByte
MultiByteToWideChar
DecodePointer
EncodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
DisableThreadLibraryCalls
Exports
Exports
??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IAEX_WABV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAEX_WABV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IAEX_WABV_Locinfo@1@@Z
??0?$_Yarn@D@std@@QAE@ABV01@@Z
??0?$_Yarn@D@std@@QAE@PBD@Z
??0?$_Yarn@D@std@@QAE@XZ
??0?$_Yarn@_W@std@@QAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IAE@$$QAV01@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@ABV01@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@ABV01@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@ABV01@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$codecvt@DDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@DDH@std@@QAE@I@Z
??0?$codecvt@GDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@GDH@std@@QAE@I@Z
??0?$codecvt@_WDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@_WDH@std@@QAE@I@Z
??0?$ctype@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@D@std@@QAE@PBF_NI@Z
??0?$ctype@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@G@std@@QAE@I@Z
??0?$ctype@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@_W@std@@QAE@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IAE@PBDI@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0Init@ios_base@std@@QAE@XZ
??0_Concurrent_queue_base_v4@details@Concurrency@@IAE@I@Z
??0_Concurrent_queue_iterator_base_v4@details@Concurrency@@IAE@ABV_Concurrent_queue_base_v4@12@@Z
??0_Container_base12@std@@QAE@ABU01@@Z
??0_Container_base12@std@@QAE@XZ
??0_Facet_base@std@@QAE@ABV01@@Z
??0_Facet_base@std@@QAE@XZ
??0_Init_locks@std@@QAE@XZ
??0_Locimp@locale@std@@AAE@ABV012@@Z
??0_Locimp@locale@std@@AAE@_N@Z
??0_Locinfo@std@@QAE@HPBD@Z
??0_Locinfo@std@@QAE@PBD@Z
??0_Lockit@std@@QAE@H@Z
??0_Lockit@std@@QAE@XZ
??0_Pad@std@@QAE@ABV01@@Z
??0_Pad@std@@QAE@XZ
??0_Runtime_object@details@Concurrency@@QAE@H@Z
??0_Runtime_object@details@Concurrency@@QAE@XZ
??0_Timevec@std@@QAE@ABV01@@Z
??0_Timevec@std@@QAE@PAX@Z
??0_UShinit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??0agent@Concurrency@@QAE@AAVScheduleGroup@1@@Z
??0agent@Concurrency@@QAE@AAVScheduler@1@@Z
??0agent@Concurrency@@QAE@XZ
??0codecvt_base@std@@QAE@I@Z
??0ctype_base@std@@QAE@I@Z
??0facet@locale@std@@IAE@I@Z
??0id@locale@std@@QAE@I@Z
??0ios_base@std@@IAE@XZ
??0time_base@std@@QAE@I@Z
??1?$_Yarn@D@std@@QAE@XZ
??1?$_Yarn@_W@std@@QAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$codecvt@DDH@std@@MAE@XZ
??1?$codecvt@GDH@std@@MAE@XZ
??1?$codecvt@_WDH@std@@MAE@XZ
??1?$ctype@D@std@@MAE@XZ
??1?$ctype@G@std@@MAE@XZ
??1?$ctype@_W@std@@MAE@XZ
??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MAE@XZ
??1?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MAE@XZ
??1?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MAE@XZ
??1Init@ios_base@std@@QAE@XZ
??1_Concurrent_queue_base_v4@details@Concurrency@@MAE@XZ
??1_Concurrent_queue_iterator_base_v4@details@Concurrency@@IAE@XZ
??1_Concurrent_vector_base_v4@details@Concurrency@@IAE@XZ
??1_Container_base12@std@@QAE@XZ
??1_Facet_base@std@@UAE@XZ
??1_Init_locks@std@@QAE@XZ
??1_Locimp@locale@std@@MAE@XZ
??1_Locinfo@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??1_Pad@std@@QAE@XZ
??1_Timevec@std@@QAE@XZ
??1_UShinit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1agent@Concurrency@@UAE@XZ
??1codecvt_base@std@@UAE@XZ
??1ctype_base@std@@UAE@XZ
??1facet@locale@std@@MAE@XZ
??1ios_base@std@@UAE@XZ
??1time_base@std@@UAE@XZ
??4?$_Iosb@H@std@@QAEAAV01@ABV01@@Z
??4?$_Yarn@D@std@@QAEAAV01@ABV01@@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??4?$_Yarn@_W@std@@QAEAAV01@PB_W@Z
??4?$basic_iostream@DU?$char_traits@D@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_iostream@GU?$char_traits@G@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_istream@DU?$char_traits@D@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_istream@GU?$char_traits@G@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_istream@_WU?$char_traits@_W@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_ostream@DU?$char_traits@D@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_ostream@GU?$char_traits@G@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IAEAAV01@$$QAV01@@Z
??4?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEAAV01@ABV01@@Z
??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEAAV01@ABV01@@Z
??4?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEAAV01@ABV01@@Z
??4Init@ios_base@std@@QAEAAV012@ABV012@@Z
??4_Container_base0@std@@QAEAAU01@ABU01@@Z
??4_Container_base12@std@@QAEAAU01@ABU01@@Z
??4_Facet_base@std@@QAEAAV01@ABV01@@Z
??4_Init_locks@std@@QAEAAV01@ABV01@@Z
??4_Pad@std@@QAEAAV01@ABV01@@Z
??4_Timevec@std@@QAEAAV01@ABV01@@Z
??4_UShinit@std@@QAEAAV01@ABV01@@Z
??4_Winit@std@@QAEAAV01@ABV01@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAO@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAPAX@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@DU?$char_traits@D@std@@@1@AAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAO@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAPAX@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_J@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_K@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@GU?$char_traits@G@std@@@1@AAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAF@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAK@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAO@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAPAX@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_J@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_K@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@DU?$char_traits@D@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@GU?$char_traits@G@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_N@Z
??7ios_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
??Bios_base@std@@QBEPAXXZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_iostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_iostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_istream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_istream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$codecvt@DDH@std@@6B@
??_7?$codecvt@GDH@std@@6B@
??_7?$codecvt@_WDH@std@@6B@
??_7?$ctype@D@std@@6B@
??_7?$ctype@G@std@@6B@
??_7?$ctype@_W@std@@6B@
??_7?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7_Facet_base@std@@6B@
??_7_Locimp@locale@std@@6B@
??_7_Pad@std@@6B@
??_7codecvt_base@std@@6B@
??_7ctype_base@std@@6B@
??_7facet@locale@std@@6B@
??_7ios_base@std@@6B@
??_7time_base@std@@6B@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_istream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_ostream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_istream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_ostream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_istream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_istream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_istream@_WU?$char_traits@_W@std@@@std@@7B@
??_8?$basic_ostream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_ostream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_ostream@_WU?$char_traits@_W@std@@@std@@7B@
??_D?$basic_iostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_iostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??_D?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_istream@GU?$char_traits@G@std@@@std@@QAEXXZ
??_D?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??_D?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_F?$codecvt@DDH@std@@QAEXXZ
??_F?$codecvt@GDH@std@@QAEXXZ
??_F?$codecvt@_WDH@std@@QAEXXZ
??_F?$ctype@D@std@@QAEXXZ
??_F?$ctype@G@std@@QAEXXZ
??_F?$ctype@_W@std@@QAEXXZ
??_F?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
??_F?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
??_F?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAEXXZ
??_F_Locinfo@std@@QAEXXZ
??_F_Timevec@std@@QAEXXZ
??_Fcodecvt_base@std@@QAEXXZ
??_Fctype_base@std@@QAEXXZ
??_Ffacet@locale@std@@QAEXXZ
??_Fid@locale@std@@QAEXXZ
??_Ftime_base@std@@QAEXXZ
?NFS_Allocate@details@Concurrency@@YAPAXIIPAX@Z
?NFS_Free@details@Concurrency@@YAXPAX@Z
?NFS_GetLineSize@details@Concurrency@@YAIXZ
?_10@placeholders@std@@3V?$_Ph@$09@2@A
?_11@placeholders@std@@3V?$_Ph@$0L@@2@A
?_12@placeholders@std@@3V?$_Ph@$0M@@2@A
?_13@placeholders@std@@3V?$_Ph@$0N@@2@A
?_14@placeholders@std@@3V?$_Ph@$0O@@2@A
?_15@placeholders@std@@3V?$_Ph@$0P@@2@A
?_16@placeholders@std@@3V?$_Ph@$0BA@@2@A
?_17@placeholders@std@@3V?$_Ph@$0BB@@2@A
?_18@placeholders@std@@3V?$_Ph@$0BC@@2@A
?_19@placeholders@std@@3V?$_Ph@$0BD@@2@A
?_1@placeholders@std@@3V?$_Ph@$00@2@A
?_20@placeholders@std@@3V?$_Ph@$0BE@@2@A
?_2@placeholders@std@@3V?$_Ph@$01@2@A
?_3@placeholders@std@@3V?$_Ph@$02@2@A
?_4@placeholders@std@@3V?$_Ph@$03@2@A
?_5@placeholders@std@@3V?$_Ph@$04@2@A
?_6@placeholders@std@@3V?$_Ph@$05@2@A
?_7@placeholders@std@@3V?$_Ph@$06@2@A
?_8@placeholders@std@@3V?$_Ph@$07@2@A
?_9@placeholders@std@@3V?$_Ph@$08@2@A
?_Add_vtordisp1@?$basic_ios@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Add_vtordisp1@?$basic_ios@GU?$char_traits@G@std@@@std@@UAEXXZ
?_Add_vtordisp1@?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Add_vtordisp1@?$basic_istream@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Add_vtordisp1@?$basic_istream@GU?$char_traits@G@std@@@std@@UAEXXZ
?_Add_vtordisp1@?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Add_vtordisp2@?$basic_ios@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Add_vtordisp2@?$basic_ios@GU?$char_traits@G@std@@@std@@UAEXXZ
?_Add_vtordisp2@?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Add_vtordisp2@?$basic_ostream@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Add_vtordisp2@?$basic_ostream@GU?$char_traits@G@std@@@std@@UAEXXZ
?_Add_vtordisp2@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Addcats@_Locinfo@std@@QAEAAV12@HPBD@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_Addstd@ios_base@std@@SAXPAV12@@Z
?_Advance@_Concurrent_queue_iterator_base_v4@details@Concurrency@@IAEXXZ
?_Assign@_Concurrent_queue_iterator_base_v4@details@Concurrency@@IAEXABV123@@Z
?_Atexit@@YAXP6AXXZ@Z
?_BADOFF@std@@3_JB
?_Byte_reverse_table@details@Concurrency@@3QBEB
?_C_str@?$_Yarn@D@std@@QBEPBDXZ
?_C_str@?$_Yarn@_W@std@@QBEPB_WXZ
?_Callfns@ios_base@std@@AAEXW4event@12@@Z
?_Clocptr@_Locimp@locale@std@@0PAV123@A
?_Close_dir@sys@tr2@std@@YAXPAX@Z
?_Copy_file@sys@tr2@std@@YAHPBD0_N@Z
?_Copy_file@sys@tr2@std@@YAHPB_W0_N@Z
?_Current_get@sys@tr2@std@@YAPADPAD@Z
?_Current_get@sys@tr2@std@@YAPA_WPA_W@Z
?_Current_set@sys@tr2@std@@YA_NPBD@Z
?_Current_set@sys@tr2@std@@YA_NPB_W@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Donarrow@?$ctype@G@std@@IBEDGD@Z
?_Donarrow@?$ctype@_W@std@@IBED_WD@Z
?_Dowiden@?$ctype@G@std@@IBEGD@Z
?_Dowiden@?$ctype@_W@std@@IBE_WD@Z
?_Empty@?$_Yarn@D@std@@QBE_NXZ
?_Empty@?$_Yarn@_W@std@@QBE_NXZ
?_Equivalent@sys@tr2@std@@YAHPBD0@Z
?_Equivalent@sys@tr2@std@@YAHPB_W0@Z
?_Ffmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAPADPADDH@Z
?_Ffmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAPADPADDH@Z
?_Ffmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABAPADPADDH@Z
?_File_size@sys@tr2@std@@YA_KPBD@Z
?_File_size@sys@tr2@std@@YA_KPB_W@Z
?_Findarr@ios_base@std@@AAEAAU_Iosarray@12@H@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Fiopen@std@@YAPAU_iobuf@@PBGHH@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Fput@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@DPBDIIII@Z
?_Fput@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABA?AV?$ostreambuf_iterator@GU?$char_traits@G@std@@@2@V32@AAVios_base@2@GPBDIIII@Z
?_Fput@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@ABA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AAVios_base@2@_WPBDIIII@Z
?_Future_error_map@std@@YAPBDH@Z
?_GetCombinableSize@details@Concurrency@@YAIXZ
?_GetCurrentThreadId@details@Concurrency@@YAKXZ
?_GetNextAsyncId@details@Concurrency@@YAIXZ
?_Get_future_error_what@std@@YAPBDH@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$codecvt@GDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$codecvt@_WDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getcat@facet@locale@std@@SAIPAPBV123@PBV23@@Z
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?_Getctype@_Locinfo@std@@QBE?AU_Ctypevec@@XZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_Getdateorder@_Locinfo@std@@QBEHXZ
?_Getdays@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Getffld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AAVios_base@2@PAH@Z
?_Getffld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@ABAHPADAAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AAVios_base@2@PAH@Z
Sections
.text Size: 390KB - Virtual size: 389KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 95KB - Virtual size: 95KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/RamCapture/x32/msvcr110.dll.dll windows:6 windows x86 arch:x86
e057a95f8936f77238b048f253956b3b
Code Sign
33:00:00:00:9d:1e:8d:27:ae:b8:f3:d8:38:00:01:00:00:00:9dCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/09/2012, 21:42Not After04/03/2013, 21:42SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:02:92:4a:00:00:00:00:00:20Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before09/01/2012, 22:25Not After09/04/2013, 22:25SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:08:e2:79:fa:0d:25:58:45:ea:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before07/07/2012, 00:14Not After07/10/2013, 00:14SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
d2:28:17:88:08:cf:56:44:da:80:3e:bc:8d:b4:d0:f7:6f:2b:96:48:b2:24:6c:ee:31:43:70:6e:3a:90:25:9dSigner
Actual PE Digestd2:28:17:88:08:cf:56:44:da:80:3e:bc:8d:b4:d0:f7:6f:2b:96:48:b2:24:6c:ee:31:43:70:6e:3a:90:25:9dDigest Algorithmsha256PE Digest Matchestrue7f:48:28:6b:9a:08:17:2f:0b:a1:53:12:4c:43:44:c3:d6:a4:27:beSigner
Actual PE Digest7f:48:28:6b:9a:08:17:2f:0b:a1:53:12:4c:43:44:c3:d6:a4:27:beDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
msvcr110.i386.pdb
Imports
kernel32
EncodePointer
DecodePointer
RaiseException
GetModuleFileNameA
GetModuleFileNameW
GetLastError
InterlockedDecrement
ExitProcess
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
MultiByteToWideChar
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CloseHandle
CreateThread
ExitThread
ResumeThread
LoadLibraryExW
SetLastError
InterlockedIncrement
GetCurrentThread
FindClose
FindFirstFileExA
FindNextFileA
FindFirstFileExW
FindNextFileW
IsProcessorFeaturePresent
GetLogicalDrives
GetDiskFreeSpaceA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetErrorMode
Beep
Sleep
SetEnvironmentVariableA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameA
GetDriveTypeW
GetCurrentProcessId
GetFileAttributesExW
SetEnvironmentVariableW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
MoveFileExW
RemoveDirectoryW
FileTimeToLocalFileTime
DeleteFileW
WaitForSingleObject
GetExitCodeProcess
CreateProcessA
FreeLibrary
LoadLibraryExA
CreateProcessW
ReadFile
DuplicateHandle
GetCurrentProcess
GetTempPathA
GetTempPathW
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocalTime
WideCharToMultiByte
LocalFileTimeToFileTime
SetFileTime
SystemTimeToFileTime
SetLocalTime
TlsGetValue
TlsSetValue
InterlockedPopEntrySList
InterlockedFlushSList
QueryDepthSList
InterlockedPushEntrySList
CreateTimerQueue
CreateTimerQueueTimer
UnregisterWait
SetEvent
RegisterWaitForSingleObject
CreateEventW
SwitchToThread
SignalObjectAndWait
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
DeleteTimerQueueTimer
TryEnterCriticalSection
SetProcessAffinityMask
GetTickCount
VirtualFree
GetVersionExW
SetThreadPriority
VirtualAlloc
VirtualProtect
InitializeSListHead
ReleaseSemaphore
ChangeTimerQueueTimer
TlsAlloc
UnregisterWaitEx
TlsFree
GetThreadPriority
LoadLibraryW
OutputDebugStringW
FreeLibraryAndExitThread
GetModuleHandleA
GetThreadTimes
DebugBreak
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlUnwind
HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapSize
HeapQueryInformation
HeapValidate
HeapCompact
HeapWalk
GetSystemInfo
VirtualQuery
GetFileType
GetStartupInfoW
GetFileInformationByHandle
PeekNamedPipe
CreateFileW
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetFilePointerEx
FlushFileBuffers
SetFilePointer
CreatePipe
SetStdHandle
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleInputA
SetConsoleMode
ReadConsoleInputW
WriteConsoleW
SetEndOfFile
InterlockedExchange
LockFileEx
UnlockFileEx
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
CreateSemaphoreW
SetConsoleCtrlHandler
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
OutputDebugStringA
Exports
Exports
$I10_OUTPUT
??0?$_SpinWait@$00@details@Concurrency@@QAE@P6AXXZ@Z
??0?$_SpinWait@$0A@@details@Concurrency@@QAE@P6AXXZ@Z
??0SchedulerPolicy@Concurrency@@QAA@IZZ
??0SchedulerPolicy@Concurrency@@QAE@ABV01@@Z
??0SchedulerPolicy@Concurrency@@QAE@XZ
??0_CancellationTokenState@details@Concurrency@@AAE@XZ
??0_Cancellation_beacon@details@Concurrency@@QAE@XZ
??0_Condition_variable@details@Concurrency@@QAE@XZ
??0_Context@details@Concurrency@@QAE@PAVContext@2@@Z
??0_Interruption_exception@details@Concurrency@@QAE@PBD@Z
??0_Interruption_exception@details@Concurrency@@QAE@XZ
??0_NonReentrantBlockingLock@details@Concurrency@@QAE@XZ
??0_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_ReaderWriterLock@details@Concurrency@@QAE@XZ
??0_ReentrantBlockingLock@details@Concurrency@@QAE@XZ
??0_ReentrantLock@details@Concurrency@@QAE@XZ
??0_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_Scheduler@details@Concurrency@@QAE@PAVScheduler@2@@Z
??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_SpinLock@details@Concurrency@@QAE@ACJ@Z
??0_StructuredTaskCollection@details@Concurrency@@QAE@PAV_CancellationTokenState@12@@Z
??0_TaskCollection@details@Concurrency@@QAE@PAV_CancellationTokenState@12@@Z
??0_TaskCollection@details@Concurrency@@QAE@XZ
??0_Timer@details@Concurrency@@IAE@I_N@Z
??0__non_rtti_object@std@@QAE@ABV01@@Z
??0__non_rtti_object@std@@QAE@PBD@Z
??0bad_cast@std@@AAE@PBQBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??0bad_target@Concurrency@@QAE@PBD@Z
??0bad_target@Concurrency@@QAE@XZ
??0bad_typeid@std@@QAE@ABV01@@Z
??0bad_typeid@std@@QAE@PBD@Z
??0context_self_unblock@Concurrency@@QAE@PBD@Z
??0context_self_unblock@Concurrency@@QAE@XZ
??0context_unblock_unbalanced@Concurrency@@QAE@PBD@Z
??0context_unblock_unbalanced@Concurrency@@QAE@XZ
??0critical_section@Concurrency@@QAE@XZ
??0default_scheduler_exists@Concurrency@@QAE@PBD@Z
??0default_scheduler_exists@Concurrency@@QAE@XZ
??0event@Concurrency@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??0improper_lock@Concurrency@@QAE@PBD@Z
??0improper_lock@Concurrency@@QAE@XZ
??0improper_scheduler_attach@Concurrency@@QAE@PBD@Z
??0improper_scheduler_attach@Concurrency@@QAE@XZ
??0improper_scheduler_detach@Concurrency@@QAE@PBD@Z
??0improper_scheduler_detach@Concurrency@@QAE@XZ
??0improper_scheduler_reference@Concurrency@@QAE@PBD@Z
??0improper_scheduler_reference@Concurrency@@QAE@XZ
??0invalid_link_target@Concurrency@@QAE@PBD@Z
??0invalid_link_target@Concurrency@@QAE@XZ
??0invalid_multiple_scheduling@Concurrency@@QAE@PBD@Z
??0invalid_multiple_scheduling@Concurrency@@QAE@XZ
??0invalid_operation@Concurrency@@QAE@PBD@Z
??0invalid_operation@Concurrency@@QAE@XZ
??0invalid_oversubscribe_operation@Concurrency@@QAE@PBD@Z
??0invalid_oversubscribe_operation@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_key@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_key@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_thread_specification@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_thread_specification@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_value@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_value@Concurrency@@QAE@XZ
??0message_not_found@Concurrency@@QAE@PBD@Z
??0message_not_found@Concurrency@@QAE@XZ
??0missing_wait@Concurrency@@QAE@PBD@Z
??0missing_wait@Concurrency@@QAE@XZ
??0nested_scheduler_missing_detach@Concurrency@@QAE@PBD@Z
??0nested_scheduler_missing_detach@Concurrency@@QAE@XZ
??0operation_timed_out@Concurrency@@QAE@PBD@Z
??0operation_timed_out@Concurrency@@QAE@XZ
??0reader_writer_lock@Concurrency@@QAE@XZ
??0scheduler_not_attached@Concurrency@@QAE@PBD@Z
??0scheduler_not_attached@Concurrency@@QAE@XZ
??0scheduler_resource_allocation_error@Concurrency@@QAE@J@Z
??0scheduler_resource_allocation_error@Concurrency@@QAE@PBDJ@Z
??0scheduler_worker_creation_error@Concurrency@@QAE@J@Z
??0scheduler_worker_creation_error@Concurrency@@QAE@PBDJ@Z
??0scoped_lock@critical_section@Concurrency@@QAE@AAV12@@Z
??0scoped_lock@reader_writer_lock@Concurrency@@QAE@AAV12@@Z
??0scoped_lock_read@reader_writer_lock@Concurrency@@QAE@AAV12@@Z
??0task_canceled@Concurrency@@QAE@PBD@Z
??0task_canceled@Concurrency@@QAE@XZ
??0unsupported_os@Concurrency@@QAE@PBD@Z
??0unsupported_os@Concurrency@@QAE@XZ
??1SchedulerPolicy@Concurrency@@QAE@XZ
??1_CancellationTokenState@details@Concurrency@@UAE@XZ
??1_Cancellation_beacon@details@Concurrency@@QAE@XZ
??1_Condition_variable@details@Concurrency@@QAE@XZ
??1_NonReentrantBlockingLock@details@Concurrency@@QAE@XZ
??1_ReentrantBlockingLock@details@Concurrency@@QAE@XZ
??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??1_SpinLock@details@Concurrency@@QAE@XZ
??1_TaskCollection@details@Concurrency@@QAE@XZ
??1_Timer@details@Concurrency@@MAE@XZ
??1__non_rtti_object@std@@UAE@XZ
??1bad_cast@std@@UAE@XZ
??1bad_typeid@std@@UAE@XZ
??1critical_section@Concurrency@@QAE@XZ
??1event@Concurrency@@QAE@XZ
??1exception@std@@UAE@XZ
??1reader_writer_lock@Concurrency@@QAE@XZ
??1scoped_lock@critical_section@Concurrency@@QAE@XZ
??1scoped_lock@reader_writer_lock@Concurrency@@QAE@XZ
??1scoped_lock_read@reader_writer_lock@Concurrency@@QAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??2@YAPAXIHPBDH@Z
??3@YAXPAX@Z
??3@YAXPAXHPBDH@Z
??4?$_SpinWait@$00@details@Concurrency@@QAEAAV012@ABV012@@Z
??4?$_SpinWait@$0A@@details@Concurrency@@QAEAAV012@ABV012@@Z
??4SchedulerPolicy@Concurrency@@QAEAAV01@ABV01@@Z
??4__non_rtti_object@std@@QAEAAV01@ABV01@@Z
??4bad_cast@std@@QAEAAV01@ABV01@@Z
??4bad_typeid@std@@QAEAAV01@ABV01@@Z
??4exception@std@@QAEAAV01@ABV01@@Z
??8type_info@@QBE_NABV0@@Z
??9type_info@@QBE_NABV0@@Z
??_7__non_rtti_object@std@@6B@
??_7bad_cast@std@@6B@
??_7bad_typeid@std@@6B@
??_7exception@std@@6B@
??_F?$_SpinWait@$00@details@Concurrency@@QAEXXZ
??_F?$_SpinWait@$0A@@details@Concurrency@@QAEXXZ
??_F_Context@details@Concurrency@@QAEXXZ
??_F_Scheduler@details@Concurrency@@QAEXXZ
??_Fbad_cast@std@@QAEXXZ
??_Fbad_typeid@std@@QAEXXZ
??_U@YAPAXI@Z
??_U@YAPAXIHPBDH@Z
??_V@YAXPAX@Z
??_V@YAXPAXHPBDH@Z
?Alloc@Concurrency@@YAPAXI@Z
?Block@Context@Concurrency@@SAXXZ
?Create@CurrentScheduler@Concurrency@@SAXABVSchedulerPolicy@2@@Z
?Create@Scheduler@Concurrency@@SAPAV12@ABVSchedulerPolicy@2@@Z
?CreateResourceManager@Concurrency@@YAPAUIResourceManager@1@XZ
?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPAVScheduleGroup@2@AAVlocation@2@@Z
?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPAVScheduleGroup@2@XZ
?CurrentContext@Context@Concurrency@@SAPAV12@XZ
?Detach@CurrentScheduler@Concurrency@@SAXXZ
?DisableTracing@Concurrency@@YAJXZ
?EnableTracing@Concurrency@@YAJXZ
?Free@Concurrency@@YAXPAX@Z
?Get@CurrentScheduler@Concurrency@@SAPAVScheduler@2@XZ
?GetExecutionContextId@Concurrency@@YAIXZ
?GetNumberOfVirtualProcessors@CurrentScheduler@Concurrency@@SAIXZ
?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ
?GetPolicy@CurrentScheduler@Concurrency@@SA?AVSchedulerPolicy@2@XZ
?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z
?GetProcessorCount@Concurrency@@YAIXZ
?GetProcessorNodeCount@Concurrency@@YAIXZ
?GetSchedulerId@Concurrency@@YAIXZ
?GetSharedTimerQueue@details@Concurrency@@YAPAXXZ
?Id@Context@Concurrency@@SAIXZ
?Id@CurrentScheduler@Concurrency@@SAIXZ
?IsAvailableLocation@CurrentScheduler@Concurrency@@SA_NABVlocation@2@@Z
?IsCurrentTaskCollectionCanceling@Context@Concurrency@@SA_NXZ
?Log2@details@Concurrency@@YAKI@Z
?Oversubscribe@Context@Concurrency@@SAX_N@Z
?RegisterShutdownEvent@CurrentScheduler@Concurrency@@SAXPAX@Z
?ResetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXXZ
?ScheduleGroupId@Context@Concurrency@@SAIXZ
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPAX@Z0@Z
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPAX@Z0AAVlocation@2@@Z
?SetConcurrencyLimits@SchedulerPolicy@Concurrency@@QAEXII@Z
?SetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXABVSchedulerPolicy@2@@Z
?SetPolicyValue@SchedulerPolicy@Concurrency@@QAEIW4PolicyElementKey@2@I@Z
?VirtualProcessorId@Context@Concurrency@@SAIXZ
?Yield@Context@Concurrency@@SAXXZ
?_Abort@_StructuredTaskCollection@details@Concurrency@@AAEXXZ
?_Acquire@_NonReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Acquire@_NonReentrantPPLLock@details@Concurrency@@QAEXPAX@Z
?_Acquire@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Acquire@_ReentrantLock@details@Concurrency@@QAEXXZ
?_Acquire@_ReentrantPPLLock@details@Concurrency@@QAEXPAX@Z
?_AcquireRead@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_Cancel@_CancellationTokenState@details@Concurrency@@QAEXXZ
?_Cancel@_StructuredTaskCollection@details@Concurrency@@QAEXXZ
?_Cancel@_TaskCollection@details@Concurrency@@QAEXXZ
?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IAEXXZ
?_CleanupToken@_StructuredTaskCollection@details@Concurrency@@AAEXXZ
?_ConcRT_CoreAssert@details@Concurrency@@YAXPBD0H@Z
?_ConcRT_Trace@details@Concurrency@@YAXHPB_WZZ
?_Confirm_cancel@_Cancellation_beacon@details@Concurrency@@QAE_NXZ
?_Copy_str@exception@std@@AAEXPBD@Z
?_CurrentContext@_Context@details@Concurrency@@SA?AV123@XZ
?_Current_node@location@Concurrency@@SA?AV12@XZ
?_DeregisterCallback@_CancellationTokenState@details@Concurrency@@QAEXPAV_CancellationTokenRegistration@23@@Z
?_Destroy@_AsyncTaskCollection@details@Concurrency@@EAEXXZ
?_Destroy@_CancellationTokenState@details@Concurrency@@EAEXXZ
?_DoYield@?$_SpinWait@$00@details@Concurrency@@IAEXXZ
?_DoYield@?$_SpinWait@$0A@@details@Concurrency@@IAEXXZ
?_Get@_CurrentScheduler@details@Concurrency@@SA?AV_Scheduler@23@XZ
?_GetConcRTTraceInfo@Concurrency@@YAPBU_CONCRT_TRACE_INFO@details@1@XZ
?_GetConcurrency@details@Concurrency@@YAIXZ
?_GetCurrentInlineDepth@_StackGuard@details@Concurrency@@CAAAIXZ
?_GetNumberOfVirtualProcessors@_CurrentScheduler@details@Concurrency@@SAIXZ
?_GetScheduler@_Scheduler@details@Concurrency@@QAEPAVScheduler@3@XZ
?_Id@_CurrentScheduler@details@Concurrency@@SAIXZ
?_Invoke@_CancellationTokenRegistration@details@Concurrency@@AAEXXZ
?_IsCanceling@_StructuredTaskCollection@details@Concurrency@@QAE_NXZ
?_IsCanceling@_TaskCollection@details@Concurrency@@QAE_NXZ
?_IsSynchronouslyBlocked@_Context@details@Concurrency@@QBE_NXZ
?_Name_base@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Name_base_internal@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_NewCollection@_AsyncTaskCollection@details@Concurrency@@SAPAV123@PAV_CancellationTokenState@23@@Z
?_NewTokenState@_CancellationTokenState@details@Concurrency@@SAPAV123@XZ
?_NumberOfSpins@?$_SpinWait@$00@details@Concurrency@@IAEKXZ
?_NumberOfSpins@?$_SpinWait@$0A@@details@Concurrency@@IAEKXZ
?_Oversubscribe@_Context@details@Concurrency@@SAX_N@Z
?_Reference@_Scheduler@details@Concurrency@@QAEIXZ
?_RegisterCallback@_CancellationTokenState@details@Concurrency@@QAEPAV_CancellationTokenRegistration@23@P6AXPAX@Z0H@Z
?_RegisterCallback@_CancellationTokenState@details@Concurrency@@QAEXPAV_CancellationTokenRegistration@23@@Z
?_Release@_NonReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Release@_NonReentrantPPLLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantPPLLock@details@Concurrency@@QAEXXZ
?_Release@_Scheduler@details@Concurrency@@QAEIXZ
?_ReleaseRead@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_ReleaseWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Reset@?$_SpinWait@$00@details@Concurrency@@IAEXXZ
?_Reset@?$_SpinWait@$0A@@details@Concurrency@@IAEXXZ
?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@PAVlocation@3@@Z
?_Schedule@_TaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
?_Schedule@_TaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@PAVlocation@3@@Z
?_ScheduleTask@_CurrentScheduler@details@Concurrency@@SAXP6AXPAX@Z0@Z
?_SetSpinCount@?$_SpinWait@$00@details@Concurrency@@QAEXI@Z
?_SetSpinCount@?$_SpinWait@$0A@@details@Concurrency@@QAEXI@Z
?_SetUnobservedExceptionHandler@details@Concurrency@@YAXP6AXXZ@Z
?_ShouldSpinAgain@?$_SpinWait@$00@details@Concurrency@@IAE_NXZ
?_ShouldSpinAgain@?$_SpinWait@$0A@@details@Concurrency@@IAE_NXZ
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ
?_SpinOnce@?$_SpinWait@$0A@@details@Concurrency@@QAE_NXZ
?_SpinYield@Context@Concurrency@@SAXXZ
?_Start@_Timer@details@Concurrency@@IAEXXZ
?_Stop@_Timer@details@Concurrency@@IAEXXZ
?_Tidy@exception@std@@AAEXXZ
?_Trace_agents@Concurrency@@YAXW4Agents_EventType@1@_JZZ
?_Trace_ppl_function@Concurrency@@YAXABU_GUID@@EW4ConcRT_EventType@1@@Z
?_TryAcquire@_NonReentrantBlockingLock@details@Concurrency@@QAE_NXZ
?_TryAcquire@_ReentrantBlockingLock@details@Concurrency@@QAE_NXZ
?_TryAcquire@_ReentrantLock@details@Concurrency@@QAE_NXZ
?_TryAcquireWrite@_ReaderWriterLock@details@Concurrency@@QAE_NXZ
?_Type_info_dtor@type_info@@CAXPAV1@@Z
?_Type_info_dtor_internal@type_info@@CAXPAV1@@Z
?_UnderlyingYield@details@Concurrency@@YAXXZ
?_ValidateExecute@@YAHP6GHXZ@Z
?_ValidateRead@@YAHPBXI@Z
?_ValidateWrite@@YAHPAXI@Z
?_Value@_SpinCount@details@Concurrency@@SAIXZ
?_Yield@_Context@details@Concurrency@@SAXXZ
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCompare@@YA_NPBX0@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrSwap@@YAXPAX0@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?_inconsistency@@YAXXZ
?_invalid_parameter@@YAXPBG00II@Z
?_is_exception_typeof@@YAHABVtype_info@@PAU_EXCEPTION_POINTERS@@@Z
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
?_open@@YAHPBDHH@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZH@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?_sopen@@YAHPBDHHH@Z
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?_wopen@@YAHPB_WHH@Z
?_wsopen@@YAHPB_WHHH@Z
?before@type_info@@QBE_NABV1@@Z
?current@location@Concurrency@@SA?AV12@XZ
?from_numa_node@location@Concurrency@@SA?AV12@G@Z
?get_error_code@scheduler_resource_allocation_error@Concurrency@@QBEJXZ
?lock@critical_section@Concurrency@@QAEXXZ
?lock@reader_writer_lock@Concurrency@@QAEXXZ
?lock_read@reader_writer_lock@Concurrency@@QAEXXZ
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
?native_handle@critical_section@Concurrency@@QAEAAV12@XZ
?notify_all@_Condition_variable@details@Concurrency@@QAEXXZ
?notify_one@_Condition_variable@details@Concurrency@@QAEXXZ
?raw_name@type_info@@QBEPBDXZ
?reset@event@Concurrency@@QAEXXZ
?set@event@Concurrency@@QAEXXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_task_execution_resources@Concurrency@@YAXGPAU_GROUP_AFFINITY@@@Z
?set_task_execution_resources@Concurrency@@YAXK@Z
?set_terminate@@YAP6AXXZH@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZH@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?swprintf@@YAHPAGIPBGZZ
?swprintf@@YAHPA_WIPB_WZZ
?terminate@@YAXXZ
?try_lock@critical_section@Concurrency@@QAE_NXZ
?try_lock@reader_writer_lock@Concurrency@@QAE_NXZ
?try_lock_for@critical_section@Concurrency@@QAE_NI@Z
?try_lock_read@reader_writer_lock@Concurrency@@QAE_NXZ
?unexpected@@YAXXZ
?unlock@critical_section@Concurrency@@QAEXXZ
?unlock@reader_writer_lock@Concurrency@@QAEXXZ
?vswprintf@@YAHPA_WIPB_WPAD@Z
?wait@Concurrency@@YAXI@Z
?wait@_Condition_variable@details@Concurrency@@QAEXAAVcritical_section@3@@Z
?wait@event@Concurrency@@QAEII@Z
?wait_for@_Condition_variable@details@Concurrency@@QAE_NAAVcritical_section@3@I@Z
?wait_for_multiple@event@Concurrency@@SAIPAPAV12@I_NI@Z
?what@exception@std@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CRT_RTC_INITW
_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_Getdays
_Getmonths
_Gettnames
_HUGE
_IsExceptionObjectToBeDestroyed
_Lock_shared_ptr_spin_lock
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_Strftime
_Unlock_shared_ptr_spin_lock
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
_XcptFilter
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CppXcptFilter
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__STRINGTOLD_L
__TypeMatch
___crtCreateSemaphoreExW@24
___lc_codepage_func
___lc_collate_cp_func
___lc_locale_name_func
___mb_cur_max_func
___mb_cur_max_l_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__clean_type_info_names_internal
__control87_2
__create_locale
__crtCompareStringA
__crtCompareStringEx
__crtCompareStringW
__crtCreateSymbolicLinkW
__crtEnumSystemLocalesEx
__crtFlsAlloc
__crtFlsFree
__crtFlsGetValue
__crtFlsSetValue
__crtGetDateFormatEx
__crtGetLocaleInfoEx
__crtGetShowWindowMode
__crtGetTimeFormatEx
__crtGetUserDefaultLocaleName
__crtInitializeCriticalSectionEx
__crtIsPackagedApp
__crtIsValidLocaleName
__crtLCMapStringA
__crtLCMapStringEx
__crtLCMapStringW
__crtSetThreadStackGuarantee
__crtSetUnhandledExceptionFilter
__crtTerminateProcess
__crtUnhandledException
__daylight
__dllonexit
__doserrno
__dstbias
__fpecode
__free_locale
__get_current_locale
__get_flsindex
__get_tlsindex
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__lconv
__lconv_init
__libm_sse2_acos
__libm_sse2_acosf
__libm_sse2_asin
__libm_sse2_asinf
__libm_sse2_atan
__libm_sse2_atan2
__libm_sse2_atanf
__libm_sse2_cos
__libm_sse2_cosf
__libm_sse2_exp
__libm_sse2_expf
__libm_sse2_log
__libm_sse2_log10
__libm_sse2_log10f
__libm_sse2_logf
__libm_sse2_pow
__libm_sse2_powf
__libm_sse2_sin
__libm_sse2_sinf
__libm_sse2_tan
__libm_sse2_tanf
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__set_app_type
__setlc_active
__setusermatherr
__strncnt
Sections
.text Size: 792KB - Virtual size: 791KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 19KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 21KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/RamCapture/x64/RamCapture64.exe.exe windows:6 windows x64 arch:x64
ff2c256c015c545bb3aa1091058bb785
Code Sign
0a:3d:43:40:46:fc:f0:6c:91:16:6b:2f:e2:b6:37:b7Certificate
IssuerCN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before17/05/2018, 00:00Not After16/05/2019, 12:00SubjectSERIALNUMBER=6128132,CN=Belkasoft LLC,O=Belkasoft LLC,L=Menlo Park,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate
IssuerCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2014, 00:00Not After22/10/2024, 00:00SubjectCN=DigiCert Timestamp Responder,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before18/04/2012, 12:00Not After18/04/2027, 12:00SubjectCN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before10/11/2006, 00:00Not After10/11/2021, 00:00SubjectCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:b9:9e:ba:73:0a:f4:15:71:b4:a4:20:89:98:85:45Certificate
IssuerCN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=USNot Before13/04/2018, 00:00Not After16/05/2019, 12:00SubjectSERIALNUMBER=6128132,CN=Belkasoft LLC,O=Belkasoft LLC,L=Menlo Park,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before18/04/2012, 12:00Not After18/04/2027, 12:00SubjectCN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before04/01/2017, 00:00Not After18/01/2028, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
3b:8d:67:0e:fd:08:6f:cd:12:9e:a9:69:1e:f1:51:91:99:d0:fa:5d:52:25:12:5c:36:f0:db:f1:2d:8e:6c:52Signer
Actual PE Digest3b:8d:67:0e:fd:08:6f:cd:12:9e:a9:69:1e:f1:51:91:99:d0:fa:5d:52:25:12:5c:36:f0:db:f1:2d:8e:6c:52Digest Algorithmsha256PE Digest Matchestrue34:9c:d5:2b:2b:16:23:c3:9b:05:5d:ce:e9:19:5f:53:87:3a:0f:afSigner
Actual PE Digest34:9c:d5:2b:2b:16:23:c3:9b:05:5d:ce:e9:19:5f:53:87:3a:0f:afDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
GetConsoleWindow
SetConsoleMode
GetFileAttributesW
GetModuleFileNameW
CreateFileW
GetStdHandle
VirtualAlloc
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
SetConsoleTitleW
CloseHandle
WriteFile
lstrlenW
GetProcAddress
DeviceIoControl
VirtualFree
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
GetTickCount
GetModuleHandleW
QueryPerformanceCounter
SetFilePointerEx
GetCurrentProcess
SetConsoleTextAttribute
SetEndOfFile
CreateThread
GetNativeSystemInfo
user32
GetSystemMetrics
GetWindowTextLengthW
PostQuitMessage
DialogBoxParamW
LoadIconW
EndDialog
ShowWindow
MessageBoxW
GetDlgItemTextW
SetDlgItemTextW
SendMessageW
EnableWindow
GetDlgItem
advapi32
OpenProcessToken
AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
LookupPrivilegeValueW
msvcp110
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Winerror_map@std@@YAPEBDH@Z
?_Syserror_map@std@@YAPEBDH@Z
shlwapi
SHDeleteKeyW
PathAppendW
PathRemoveFileSpecW
comctl32
ord17
msvcr110
__crtSetUnhandledExceptionFilter
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?terminate@@YAXXZ
__crtCapturePreviousContext
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
__CxxFrameHandler3
_CxxThrowException
memcpy
memmove
strlen
wprintf
wcslen
_vswprintf
memset
wcsftime
_wsplitpath
rand
srand
_purecall
??3@YAXPEAX@Z
_itow
_localtime64
_time64
??2@YAPEAX_K@Z
_vsnwprintf_s
_lock
_unlock
_calloc_crt
__dllonexit
__C_specific_handler
_onexit
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__winitenv
_fmode
_commode
Sections
.text Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 756B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/RamCapture/x64/RamCaptureDriver64.sys.sys windows:6 windows x64 arch:x64
b8022367f73cdbdb08bb0667e4088757
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\data\!p\BEC.RAM-Capturer\x64\Release\bin\RamCaptureDriver64.pdb
Imports
ntoskrnl.exe
RtlInitUnicodeString
DbgPrint
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
MmGetPhysicalMemoryRanges
MmIsAddressValid
MmMapMemoryDumpMdl
ZwQuerySystemInformation
__C_specific_handler
KeBugCheckEx
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 660B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 28B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 144B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 1024B - Virtual size: 590B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/RamCapture/x64/msvcp110.dll.dll windows:6 windows x64 arch:x64
ac5237467f598a9a5b370a14eccc4dc8
Code Sign
33:00:00:00:9d:1e:8d:27:ae:b8:f3:d8:38:00:01:00:00:00:9dCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/09/2012, 21:42Not After04/03/2013, 21:42SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:02:92:4a:00:00:00:00:00:20Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before09/01/2012, 22:25Not After09/04/2013, 22:25SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:08:e2:79:fa:0d:25:58:45:ea:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before07/07/2012, 00:14Not After07/10/2013, 00:14SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
b8:b0:0e:63:c4:af:35:6f:3d:9b:07:19:24:90:16:c2:76:a5:7c:6e:62:cd:28:9f:d7:88:76:79:b6:00:1b:65Signer
Actual PE Digestb8:b0:0e:63:c4:af:35:6f:3d:9b:07:19:24:90:16:c2:76:a5:7c:6e:62:cd:28:9f:d7:88:76:79:b6:00:1b:65Digest Algorithmsha256PE Digest Matchestrue08:40:a8:1e:49:f4:de:e5:3b:dc:2f:a0:b5:7a:00:1e:f8:7d:ee:bbSigner
Actual PE Digest08:40:a8:1e:49:f4:de:e5:3b:dc:2f:a0:b5:7a:00:1e:f8:7d:ee:bbDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
msvcp110.amd64.pdb
Imports
msvcr110
_CxxThrowException
__CxxFrameHandler3
fclose
fflush
fgetc
fgetpos
fsetpos
_fseeki64
fwrite
setvbuf
ungetc
_lock_file
_unlock_file
memcpy_s
_fsopen
fseek
_wfsopen
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?_ScheduleTask@_CurrentScheduler@details@Concurrency@@SAXP6AXPEAX@Z0@Z
?set@event@Concurrency@@QEAAXXZ
ldexp
sprintf_s
strcspn
wcslen
_Strftime
_Wcsftime
strcmp
setlocale
_malloc_crt
_realloc_crt
?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z
fgetwc
fputwc
ungetwc
__uncaught_exception
towupper
towlower
_errno
memcmp
_wcsdup
___lc_locale_name_func
___lc_collate_cp_func
__crtCompareStringA
__crtLCMapStringA
___lc_codepage_func
_ismbblead
remove
rename
_wremove
_wgetcwd
_wchdir
_wmkdir
_wrmdir
_wrename
_getcwd
_chdir
_mkdir
_rmdir
__crtIsPackagedApp
__crtCreateSymbolicLinkW
calloc
?what@exception@std@@UEBAPEBDXZ
??1_Condition_variable@details@Concurrency@@QEAA@XZ
?wait@_Condition_variable@details@Concurrency@@QEAAXAEAVcritical_section@3@@Z
?wait_for@_Condition_variable@details@Concurrency@@QEAA_NAEAVcritical_section@3@I@Z
?notify_one@_Condition_variable@details@Concurrency@@QEAAXXZ
?notify_all@_Condition_variable@details@Concurrency@@QEAAXXZ
_beginthreadex
_endthreadex
??0critical_section@Concurrency@@QEAA@XZ
??1critical_section@Concurrency@@QEAA@XZ
?lock@critical_section@Concurrency@@QEAAXXZ
?try_lock@critical_section@Concurrency@@QEAA_NXZ
?try_lock_for@critical_section@Concurrency@@QEAA_NI@Z
?unlock@critical_section@Concurrency@@QEAAXXZ
?terminate@@YAXXZ
__crtFlsAlloc
__crtFlsFree
__crtFlsGetValue
__crtFlsSetValue
??0operation_timed_out@Concurrency@@QEAA@XZ
?Alloc@Concurrency@@YAPEAX_K@Z
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPEAX@Z0@Z
??0invalid_link_target@Concurrency@@QEAA@PEBD@Z
??0message_not_found@Concurrency@@QEAA@XZ
?_Trace_agents@Concurrency@@YAXW4Agents_EventType@1@_JZZ
??0bad_target@Concurrency@@QEAA@XZ
??0invalid_operation@Concurrency@@QEAA@PEBD@Z
?wait@event@Concurrency@@QEAA_KI@Z
??1event@Concurrency@@QEAA@XZ
??0event@Concurrency@@QEAA@XZ
?Free@Concurrency@@YAXPEAX@Z
??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@XZ
??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@AEAV123@@Z
??0_ReentrantPPLLock@details@Concurrency@@QEAA@XZ
??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QEAA@XZ
??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QEAA@AEAV123@@Z
??0_NonReentrantPPLLock@details@Concurrency@@QEAA@XZ
?_Yield@_Context@details@Concurrency@@SAXXZ
?_UnderlyingYield@details@Concurrency@@YAXXZ
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QEAA_NXZ
?GetNumberOfVirtualProcessors@CurrentScheduler@Concurrency@@SAIXZ
?IsCurrentTaskCollectionCanceling@Context@Concurrency@@SA_NXZ
??0task_canceled@Concurrency@@QEAA@XZ
??1_SpinLock@details@Concurrency@@QEAA@XZ
??0_SpinLock@details@Concurrency@@QEAA@AECJ@Z
?Log2@details@Concurrency@@YAK_K@Z
_lock
_unlock
__pctype_func
isupper
_calloc_crt
__crtGetLocaleInfoEx
islower
__crtLCMapStringW
isspace
tolower
memchr
sqrt
isdigit
isalnum
__crtCompareStringW
__C_specific_handler
__dllonexit
_onexit
__CppXcptFilter
_amsg_exit
_initterm
_initterm_e
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCapturePreviousContext
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
??1bad_cast@std@@UEAA@XZ
??0bad_cast@std@@QEAA@AEBV01@@Z
_W_Gettnames
_W_Getmonths
_W_Getdays
_Gettnames
_Getmonths
_Getdays
localeconv
??0bad_cast@std@@QEAA@PEBD@Z
??_V@YAXPEAX@Z
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBV01@@Z
??0exception@std@@QEAA@AEBQEBDH@Z
??0exception@std@@QEAA@AEBQEBD@Z
??0exception@std@@QEAA@XZ
memmove
strlen
memcpy
malloc
free
___mb_cur_max_func
_purecall
rand_s
fputs
fputc
__iob_func
abort
logf
log
__crtInitializeCriticalSectionEx
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
??0_Condition_variable@details@Concurrency@@QEAA@XZ
memset
kernel32
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStringTypeW
GetSystemTimeAsFileTime
GetExitCodeThread
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
Sleep
WaitForSingleObject
DuplicateHandle
AreFileApisANSI
CreateHardLinkW
CopyFileW
GetLastError
CloseHandle
SetFileTime
GetFileInformationByHandle
GetFileAttributesExW
GetDiskFreeSpaceExW
FindNextFileW
FindFirstFileExW
FindClose
CreateFileW
WideCharToMultiByte
MultiByteToWideChar
DecodePointer
EncodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
DisableThreadLibraryCalls
Exports
Exports
??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??0?$_Yarn@D@std@@QEAA@AEBV01@@Z
??0?$_Yarn@D@std@@QEAA@PEBD@Z
??0?$_Yarn@D@std@@QEAA@XZ
??0?$_Yarn@_W@std@@QEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$codecvt@DDH@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@DDH@std@@QEAA@_K@Z
??0?$codecvt@GDH@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@GDH@std@@QEAA@_K@Z
??0?$codecvt@_WDH@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_WDH@std@@QEAA@_K@Z
??0?$ctype@D@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@D@std@@QEAA@PEBF_N_K@Z
??0?$ctype@G@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@G@std@@QEAA@_K@Z
??0?$ctype@_W@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@_W@std@@QEAA@_K@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0Init@ios_base@std@@QEAA@XZ
??0_Concurrent_queue_base_v4@details@Concurrency@@IEAA@_K@Z
??0_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAA@AEBV_Concurrent_queue_base_v4@12@@Z
??0_Container_base12@std@@QEAA@AEBU01@@Z
??0_Container_base12@std@@QEAA@XZ
??0_Facet_base@std@@QEAA@AEBV01@@Z
??0_Facet_base@std@@QEAA@XZ
??0_Init_locks@std@@QEAA@XZ
??0_Locimp@locale@std@@AEAA@AEBV012@@Z
??0_Locimp@locale@std@@AEAA@_N@Z
??0_Locinfo@std@@QEAA@HPEBD@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
??0_Lockit@std@@QEAA@XZ
??0_Pad@std@@QEAA@AEBV01@@Z
??0_Pad@std@@QEAA@XZ
??0_Runtime_object@details@Concurrency@@QEAA@H@Z
??0_Runtime_object@details@Concurrency@@QEAA@XZ
??0_Timevec@std@@QEAA@AEBV01@@Z
??0_Timevec@std@@QEAA@PEAX@Z
??0_UShinit@std@@QEAA@XZ
??0_Winit@std@@QEAA@XZ
??0agent@Concurrency@@QEAA@AEAVScheduleGroup@1@@Z
??0agent@Concurrency@@QEAA@AEAVScheduler@1@@Z
??0agent@Concurrency@@QEAA@XZ
??0codecvt_base@std@@QEAA@_K@Z
??0ctype_base@std@@QEAA@_K@Z
??0facet@locale@std@@IEAA@_K@Z
??0id@locale@std@@QEAA@_K@Z
??0ios_base@std@@IEAA@XZ
??0time_base@std@@QEAA@_K@Z
??1?$_Yarn@D@std@@QEAA@XZ
??1?$_Yarn@_W@std@@QEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$codecvt@DDH@std@@MEAA@XZ
??1?$codecvt@GDH@std@@MEAA@XZ
??1?$codecvt@_WDH@std@@MEAA@XZ
??1?$ctype@D@std@@MEAA@XZ
??1?$ctype@G@std@@MEAA@XZ
??1?$ctype@_W@std@@MEAA@XZ
??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1Init@ios_base@std@@QEAA@XZ
??1_Concurrent_queue_base_v4@details@Concurrency@@MEAA@XZ
??1_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAA@XZ
??1_Concurrent_vector_base_v4@details@Concurrency@@IEAA@XZ
??1_Container_base12@std@@QEAA@XZ
??1_Facet_base@std@@UEAA@XZ
??1_Init_locks@std@@QEAA@XZ
??1_Locimp@locale@std@@MEAA@XZ
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??1_Pad@std@@QEAA@XZ
??1_Timevec@std@@QEAA@XZ
??1_UShinit@std@@QEAA@XZ
??1_Winit@std@@QEAA@XZ
??1agent@Concurrency@@UEAA@XZ
??1codecvt_base@std@@UEAA@XZ
??1ctype_base@std@@UEAA@XZ
??1facet@locale@std@@MEAA@XZ
??1ios_base@std@@UEAA@XZ
??1time_base@std@@UEAA@XZ
??4?$_Iosb@H@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??4?$_Yarn@_W@std@@QEAAAEAV01@PEB_W@Z
??4?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4Init@ios_base@std@@QEAAAEAV012@AEBV012@@Z
??4_Container_base0@std@@QEAAAEAU01@AEBU01@@Z
??4_Container_base12@std@@QEAAAEAU01@AEBU01@@Z
??4_Facet_base@std@@QEAAAEAV01@AEBV01@@Z
??4_Init_locks@std@@QEAAAEAV01@AEBV01@@Z
??4_Pad@std@@QEAAAEAV01@AEBV01@@Z
??4_Timevec@std@@QEAAAEAV01@AEBV01@@Z
??4_UShinit@std@@QEAAAEAV01@AEBV01@@Z
??4_Winit@std@@QEAAAEAV01@AEBV01@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@GU?$char_traits@G@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@GU?$char_traits@G@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
??7ios_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??Bios_base@std@@QEBAPEAXXZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_iostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_iostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_istream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_istream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$codecvt@DDH@std@@6B@
??_7?$codecvt@GDH@std@@6B@
??_7?$codecvt@_WDH@std@@6B@
??_7?$ctype@D@std@@6B@
??_7?$ctype@G@std@@6B@
??_7?$ctype@_W@std@@6B@
??_7?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7_Facet_base@std@@6B@
??_7_Locimp@locale@std@@6B@
??_7_Pad@std@@6B@
??_7codecvt_base@std@@6B@
??_7ctype_base@std@@6B@
??_7facet@locale@std@@6B@
??_7ios_base@std@@6B@
??_7time_base@std@@6B@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_istream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_ostream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_istream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_ostream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_istream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_istream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_istream@_WU?$char_traits@_W@std@@@std@@7B@
??_8?$basic_ostream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_ostream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_ostream@_WU?$char_traits@_W@std@@@std@@7B@
??_D?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_F?$codecvt@DDH@std@@QEAAXXZ
??_F?$codecvt@GDH@std@@QEAAXXZ
??_F?$codecvt@_WDH@std@@QEAAXXZ
??_F?$ctype@D@std@@QEAAXXZ
??_F?$ctype@G@std@@QEAAXXZ
??_F?$ctype@_W@std@@QEAAXXZ
??_F?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F_Locinfo@std@@QEAAXXZ
??_F_Timevec@std@@QEAAXXZ
??_Fcodecvt_base@std@@QEAAXXZ
??_Fctype_base@std@@QEAAXXZ
??_Ffacet@locale@std@@QEAAXXZ
??_Fid@locale@std@@QEAAXXZ
??_Ftime_base@std@@QEAAXXZ
?NFS_Allocate@details@Concurrency@@YAPEAX_K0PEAX@Z
?NFS_Free@details@Concurrency@@YAXPEAX@Z
?NFS_GetLineSize@details@Concurrency@@YA_KXZ
?_10@placeholders@std@@3V?$_Ph@$09@2@A
?_11@placeholders@std@@3V?$_Ph@$0L@@2@A
?_12@placeholders@std@@3V?$_Ph@$0M@@2@A
?_13@placeholders@std@@3V?$_Ph@$0N@@2@A
?_14@placeholders@std@@3V?$_Ph@$0O@@2@A
?_15@placeholders@std@@3V?$_Ph@$0P@@2@A
?_16@placeholders@std@@3V?$_Ph@$0BA@@2@A
?_17@placeholders@std@@3V?$_Ph@$0BB@@2@A
?_18@placeholders@std@@3V?$_Ph@$0BC@@2@A
?_19@placeholders@std@@3V?$_Ph@$0BD@@2@A
?_1@placeholders@std@@3V?$_Ph@$00@2@A
?_20@placeholders@std@@3V?$_Ph@$0BE@@2@A
?_2@placeholders@std@@3V?$_Ph@$01@2@A
?_3@placeholders@std@@3V?$_Ph@$02@2@A
?_4@placeholders@std@@3V?$_Ph@$03@2@A
?_5@placeholders@std@@3V?$_Ph@$04@2@A
?_6@placeholders@std@@3V?$_Ph@$05@2@A
?_7@placeholders@std@@3V?$_Ph@$06@2@A
?_8@placeholders@std@@3V?$_Ph@$07@2@A
?_9@placeholders@std@@3V?$_Ph@$08@2@A
?_Add_vtordisp1@?$basic_ios@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Add_vtordisp1@?$basic_ios@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Add_vtordisp1@?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Add_vtordisp1@?$basic_istream@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Add_vtordisp1@?$basic_istream@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Add_vtordisp1@?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Add_vtordisp2@?$basic_ios@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Add_vtordisp2@?$basic_ios@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Add_vtordisp2@?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Add_vtordisp2@?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Add_vtordisp2@?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Add_vtordisp2@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Addcats@_Locinfo@std@@QEAAAEAV12@HPEBD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Addstd@ios_base@std@@SAXPEAV12@@Z
?_Advance@_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAAXXZ
?_Assign@_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAAXAEBV123@@Z
?_Atexit@@YAXP6AXXZ@Z
?_BADOFF@std@@3_JB
?_Byte_reverse_table@details@Concurrency@@3QBEB
?_C_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_C_str@?$_Yarn@_W@std@@QEBAPEB_WXZ
?_Callfns@ios_base@std@@AEAAXW4event@12@@Z
?_Clocptr@_Locimp@locale@std@@0PEAV123@EA
?_Close_dir@sys@tr2@std@@YAXPEAX@Z
?_Copy_file@sys@tr2@std@@YAHPEBD0_N@Z
?_Copy_file@sys@tr2@std@@YAHPEB_W0_N@Z
?_Current_get@sys@tr2@std@@YAPEADPEAD@Z
?_Current_get@sys@tr2@std@@YAPEA_WPEA_W@Z
?_Current_set@sys@tr2@std@@YA_NPEBD@Z
?_Current_set@sys@tr2@std@@YA_NPEB_W@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Donarrow@?$ctype@G@std@@IEBADGD@Z
?_Donarrow@?$ctype@_W@std@@IEBAD_WD@Z
?_Dowiden@?$ctype@G@std@@IEBAGD@Z
?_Dowiden@?$ctype@_W@std@@IEBA_WD@Z
?_Empty@?$_Yarn@D@std@@QEBA_NXZ
?_Empty@?$_Yarn@_W@std@@QEBA_NXZ
?_Equivalent@sys@tr2@std@@YAHPEBD0@Z
?_Equivalent@sys@tr2@std@@YAHPEB_W0@Z
?_Ffmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Ffmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Ffmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_File_size@sys@tr2@std@@YA_KPEBD@Z
?_File_size@sys@tr2@std@@YA_KPEB_W@Z
?_Findarr@ios_base@std@@AEAAAEAU_Iosarray@12@H@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Fput@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBD_K333@Z
?_Fput@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@GU?$char_traits@G@std@@@2@V32@AEAVios_base@2@GPEBD_K333@Z
?_Fput@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AEAVios_base@2@_WPEBD_K444@Z
?_Future_error_map@std@@YAPEBDH@Z
?_GetCombinableSize@details@Concurrency@@YA_KXZ
?_GetCurrentThreadId@details@Concurrency@@YAKXZ
?_GetNextAsyncId@details@Concurrency@@YAIXZ
?_Get_future_error_what@std@@YAPEBDH@Z
?_Getcat@?$codecvt@DDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@GDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_WDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@facet@locale@std@@SA_KPEAPEBV123@PEBV23@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Getctype@_Locinfo@std@@QEBA?AU_Ctypevec@@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getdateorder@_Locinfo@std@@QEBAHXZ
?_Getdays@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getffld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AEAVios_base@2@PEAH@Z
Sections
.text Size: 323KB - Virtual size: 323KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 254KB - Virtual size: 253KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 14KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/RamCapture/x64/msvcr110.dll.dll windows:6 windows x64 arch:x64
2d8550b19d324144e95b49aae32a0dca
Code Sign
33:00:00:00:9d:1e:8d:27:ae:b8:f3:d8:38:00:01:00:00:00:9dCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/09/2012, 21:42Not After04/03/2013, 21:42SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:02:92:4a:00:00:00:00:00:20Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before09/01/2012, 22:25Not After09/04/2013, 22:25SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:08:e2:79:fa:0d:25:58:45:ea:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before07/07/2012, 00:14Not After07/10/2013, 00:14SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
82:a6:b7:5d:4d:d1:7b:63:30:dc:a8:02:78:fc:72:1e:4d:aa:0a:d1:a3:3c:03:bc:b9:02:11:00:17:61:3f:2eSigner
Actual PE Digest82:a6:b7:5d:4d:d1:7b:63:30:dc:a8:02:78:fc:72:1e:4d:aa:0a:d1:a3:3c:03:bc:b9:02:11:00:17:61:3f:2eDigest Algorithmsha256PE Digest Matchestruec3:5c:a1:59:fc:94:16:0d:6a:78:fe:60:c4:13:8f:c0:e6:ae:ab:9dSigner
Actual PE Digestc3:5c:a1:59:fc:94:16:0d:6a:78:fe:60:c4:13:8f:c0:e6:ae:ab:9dDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
msvcr110.amd64.pdb
Imports
kernel32
EncodePointer
DecodePointer
RtlPcToFileHeader
RaiseException
GetModuleFileNameA
GetModuleFileNameW
GetLastError
ExitProcess
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
MultiByteToWideChar
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CloseHandle
CreateThread
ExitThread
ResumeThread
LoadLibraryExW
SetLastError
GetCurrentThread
FindClose
FindFirstFileExA
FindNextFileA
FindFirstFileExW
FindNextFileW
GetLogicalDrives
GetDiskFreeSpaceA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetErrorMode
Beep
Sleep
SetEnvironmentVariableA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameA
GetDriveTypeW
GetCurrentProcessId
GetFileAttributesExW
SetEnvironmentVariableW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
MoveFileExW
RemoveDirectoryW
FileTimeToLocalFileTime
DeleteFileW
WaitForSingleObject
GetExitCodeProcess
CreateProcessA
FreeLibrary
LoadLibraryExA
CreateProcessW
ReadFile
DuplicateHandle
GetCurrentProcess
GetTempPathA
GetTempPathW
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocalTime
WideCharToMultiByte
LocalFileTimeToFileTime
SetFileTime
SystemTimeToFileTime
SetLocalTime
TlsGetValue
TlsSetValue
InterlockedPopEntrySList
InterlockedFlushSList
QueryDepthSList
InterlockedPushEntrySList
CreateTimerQueue
CreateTimerQueueTimer
UnregisterWait
SetEvent
RegisterWaitForSingleObject
CreateEventW
SwitchToThread
SignalObjectAndWait
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
DeleteTimerQueueTimer
TryEnterCriticalSection
SetProcessAffinityMask
GetTickCount
VirtualFree
GetVersionExW
SetThreadPriority
VirtualAlloc
VirtualProtect
InitializeSListHead
ReleaseSemaphore
ChangeTimerQueueTimer
TlsAlloc
UnregisterWaitEx
TlsFree
GetThreadPriority
IsProcessorFeaturePresent
LoadLibraryW
OutputDebugStringW
FreeLibraryAndExitThread
GetModuleHandleA
GetThreadTimes
DebugBreak
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapSize
HeapQueryInformation
HeapValidate
HeapCompact
HeapWalk
GetSystemInfo
VirtualQuery
GetFileType
GetStartupInfoW
GetFileInformationByHandle
PeekNamedPipe
CreateFileW
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetFilePointerEx
FlushFileBuffers
SetFilePointer
CreatePipe
SetStdHandle
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleInputA
SetConsoleMode
ReadConsoleInputW
WriteConsoleW
SetEndOfFile
LockFileEx
UnlockFileEx
IsDebuggerPresent
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
CreateSemaphoreW
SetConsoleCtrlHandler
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
OutputDebugStringA
Exports
Exports
$I10_OUTPUT
??0?$_SpinWait@$00@details@Concurrency@@QEAA@P6AXXZ@Z
??0?$_SpinWait@$0A@@details@Concurrency@@QEAA@P6AXXZ@Z
??0SchedulerPolicy@Concurrency@@QEAA@AEBV01@@Z
??0SchedulerPolicy@Concurrency@@QEAA@XZ
??0SchedulerPolicy@Concurrency@@QEAA@_KZZ
??0_CancellationTokenState@details@Concurrency@@AEAA@XZ
??0_Cancellation_beacon@details@Concurrency@@QEAA@XZ
??0_Condition_variable@details@Concurrency@@QEAA@XZ
??0_Context@details@Concurrency@@QEAA@PEAVContext@2@@Z
??0_Interruption_exception@details@Concurrency@@QEAA@PEBD@Z
??0_Interruption_exception@details@Concurrency@@QEAA@XZ
??0_NonReentrantBlockingLock@details@Concurrency@@QEAA@XZ
??0_NonReentrantPPLLock@details@Concurrency@@QEAA@XZ
??0_ReaderWriterLock@details@Concurrency@@QEAA@XZ
??0_ReentrantBlockingLock@details@Concurrency@@QEAA@XZ
??0_ReentrantLock@details@Concurrency@@QEAA@XZ
??0_ReentrantPPLLock@details@Concurrency@@QEAA@XZ
??0_Scheduler@details@Concurrency@@QEAA@PEAVScheduler@2@@Z
??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QEAA@AEAV123@@Z
??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@AEAV123@@Z
??0_SpinLock@details@Concurrency@@QEAA@AECJ@Z
??0_StructuredTaskCollection@details@Concurrency@@QEAA@PEAV_CancellationTokenState@12@@Z
??0_TaskCollection@details@Concurrency@@QEAA@PEAV_CancellationTokenState@12@@Z
??0_TaskCollection@details@Concurrency@@QEAA@XZ
??0_Timer@details@Concurrency@@IEAA@I_N@Z
??0__non_rtti_object@std@@QEAA@AEBV01@@Z
??0__non_rtti_object@std@@QEAA@PEBD@Z
??0bad_cast@std@@AEAA@PEBQEBD@Z
??0bad_cast@std@@QEAA@AEBV01@@Z
??0bad_cast@std@@QEAA@PEBD@Z
??0bad_target@Concurrency@@QEAA@PEBD@Z
??0bad_target@Concurrency@@QEAA@XZ
??0bad_typeid@std@@QEAA@AEBV01@@Z
??0bad_typeid@std@@QEAA@PEBD@Z
??0context_self_unblock@Concurrency@@QEAA@PEBD@Z
??0context_self_unblock@Concurrency@@QEAA@XZ
??0context_unblock_unbalanced@Concurrency@@QEAA@PEBD@Z
??0context_unblock_unbalanced@Concurrency@@QEAA@XZ
??0critical_section@Concurrency@@QEAA@XZ
??0default_scheduler_exists@Concurrency@@QEAA@PEBD@Z
??0default_scheduler_exists@Concurrency@@QEAA@XZ
??0event@Concurrency@@QEAA@XZ
??0exception@std@@QEAA@AEBQEBD@Z
??0exception@std@@QEAA@AEBQEBDH@Z
??0exception@std@@QEAA@AEBV01@@Z
??0exception@std@@QEAA@XZ
??0improper_lock@Concurrency@@QEAA@PEBD@Z
??0improper_lock@Concurrency@@QEAA@XZ
??0improper_scheduler_attach@Concurrency@@QEAA@PEBD@Z
??0improper_scheduler_attach@Concurrency@@QEAA@XZ
??0improper_scheduler_detach@Concurrency@@QEAA@PEBD@Z
??0improper_scheduler_detach@Concurrency@@QEAA@XZ
??0improper_scheduler_reference@Concurrency@@QEAA@PEBD@Z
??0improper_scheduler_reference@Concurrency@@QEAA@XZ
??0invalid_link_target@Concurrency@@QEAA@PEBD@Z
??0invalid_link_target@Concurrency@@QEAA@XZ
??0invalid_multiple_scheduling@Concurrency@@QEAA@PEBD@Z
??0invalid_multiple_scheduling@Concurrency@@QEAA@XZ
??0invalid_operation@Concurrency@@QEAA@PEBD@Z
??0invalid_operation@Concurrency@@QEAA@XZ
??0invalid_oversubscribe_operation@Concurrency@@QEAA@PEBD@Z
??0invalid_oversubscribe_operation@Concurrency@@QEAA@XZ
??0invalid_scheduler_policy_key@Concurrency@@QEAA@PEBD@Z
??0invalid_scheduler_policy_key@Concurrency@@QEAA@XZ
??0invalid_scheduler_policy_thread_specification@Concurrency@@QEAA@PEBD@Z
??0invalid_scheduler_policy_thread_specification@Concurrency@@QEAA@XZ
??0invalid_scheduler_policy_value@Concurrency@@QEAA@PEBD@Z
??0invalid_scheduler_policy_value@Concurrency@@QEAA@XZ
??0message_not_found@Concurrency@@QEAA@PEBD@Z
??0message_not_found@Concurrency@@QEAA@XZ
??0missing_wait@Concurrency@@QEAA@PEBD@Z
??0missing_wait@Concurrency@@QEAA@XZ
??0nested_scheduler_missing_detach@Concurrency@@QEAA@PEBD@Z
??0nested_scheduler_missing_detach@Concurrency@@QEAA@XZ
??0operation_timed_out@Concurrency@@QEAA@PEBD@Z
??0operation_timed_out@Concurrency@@QEAA@XZ
??0reader_writer_lock@Concurrency@@QEAA@XZ
??0scheduler_not_attached@Concurrency@@QEAA@PEBD@Z
??0scheduler_not_attached@Concurrency@@QEAA@XZ
??0scheduler_resource_allocation_error@Concurrency@@QEAA@J@Z
??0scheduler_resource_allocation_error@Concurrency@@QEAA@PEBDJ@Z
??0scheduler_worker_creation_error@Concurrency@@QEAA@J@Z
??0scheduler_worker_creation_error@Concurrency@@QEAA@PEBDJ@Z
??0scoped_lock@critical_section@Concurrency@@QEAA@AEAV12@@Z
??0scoped_lock@reader_writer_lock@Concurrency@@QEAA@AEAV12@@Z
??0scoped_lock_read@reader_writer_lock@Concurrency@@QEAA@AEAV12@@Z
??0task_canceled@Concurrency@@QEAA@PEBD@Z
??0task_canceled@Concurrency@@QEAA@XZ
??0unsupported_os@Concurrency@@QEAA@PEBD@Z
??0unsupported_os@Concurrency@@QEAA@XZ
??1SchedulerPolicy@Concurrency@@QEAA@XZ
??1_CancellationTokenState@details@Concurrency@@UEAA@XZ
??1_Cancellation_beacon@details@Concurrency@@QEAA@XZ
??1_Condition_variable@details@Concurrency@@QEAA@XZ
??1_NonReentrantBlockingLock@details@Concurrency@@QEAA@XZ
??1_ReentrantBlockingLock@details@Concurrency@@QEAA@XZ
??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QEAA@XZ
??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@XZ
??1_SpinLock@details@Concurrency@@QEAA@XZ
??1_TaskCollection@details@Concurrency@@QEAA@XZ
??1_Timer@details@Concurrency@@MEAA@XZ
??1__non_rtti_object@std@@UEAA@XZ
??1bad_cast@std@@UEAA@XZ
??1bad_typeid@std@@UEAA@XZ
??1critical_section@Concurrency@@QEAA@XZ
??1event@Concurrency@@QEAA@XZ
??1exception@std@@UEAA@XZ
??1reader_writer_lock@Concurrency@@QEAA@XZ
??1scoped_lock@critical_section@Concurrency@@QEAA@XZ
??1scoped_lock@reader_writer_lock@Concurrency@@QEAA@XZ
??1scoped_lock_read@reader_writer_lock@Concurrency@@QEAA@XZ
??1type_info@@UEAA@XZ
??2@YAPEAX_K@Z
??2@YAPEAX_KHPEBDH@Z
??3@YAXPEAX@Z
??3@YAXPEAXHPEBDH@Z
??4?$_SpinWait@$00@details@Concurrency@@QEAAAEAV012@AEBV012@@Z
??4?$_SpinWait@$0A@@details@Concurrency@@QEAAAEAV012@AEBV012@@Z
??4SchedulerPolicy@Concurrency@@QEAAAEAV01@AEBV01@@Z
??4__non_rtti_object@std@@QEAAAEAV01@AEBV01@@Z
??4bad_cast@std@@QEAAAEAV01@AEBV01@@Z
??4bad_typeid@std@@QEAAAEAV01@AEBV01@@Z
??4exception@std@@QEAAAEAV01@AEBV01@@Z
??8type_info@@QEBA_NAEBV0@@Z
??9type_info@@QEBA_NAEBV0@@Z
??_7__non_rtti_object@std@@6B@
??_7bad_cast@std@@6B@
??_7bad_typeid@std@@6B@
??_7exception@std@@6B@
??_F?$_SpinWait@$00@details@Concurrency@@QEAAXXZ
??_F?$_SpinWait@$0A@@details@Concurrency@@QEAAXXZ
??_F_Context@details@Concurrency@@QEAAXXZ
??_F_Scheduler@details@Concurrency@@QEAAXXZ
??_Fbad_cast@std@@QEAAXXZ
??_Fbad_typeid@std@@QEAAXXZ
??_U@YAPEAX_K@Z
??_U@YAPEAX_KHPEBDH@Z
??_V@YAXPEAX@Z
??_V@YAXPEAXHPEBDH@Z
?Alloc@Concurrency@@YAPEAX_K@Z
?Block@Context@Concurrency@@SAXXZ
?Create@CurrentScheduler@Concurrency@@SAXAEBVSchedulerPolicy@2@@Z
?Create@Scheduler@Concurrency@@SAPEAV12@AEBVSchedulerPolicy@2@@Z
?CreateResourceManager@Concurrency@@YAPEAUIResourceManager@1@XZ
?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPEAVScheduleGroup@2@AEAVlocation@2@@Z
?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPEAVScheduleGroup@2@XZ
?CurrentContext@Context@Concurrency@@SAPEAV12@XZ
?Detach@CurrentScheduler@Concurrency@@SAXXZ
?DisableTracing@Concurrency@@YAJXZ
?EnableTracing@Concurrency@@YAJXZ
?Free@Concurrency@@YAXPEAX@Z
?Get@CurrentScheduler@Concurrency@@SAPEAVScheduler@2@XZ
?GetExecutionContextId@Concurrency@@YAIXZ
?GetNumberOfVirtualProcessors@CurrentScheduler@Concurrency@@SAIXZ
?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ
?GetPolicy@CurrentScheduler@Concurrency@@SA?AVSchedulerPolicy@2@XZ
?GetPolicyValue@SchedulerPolicy@Concurrency@@QEBAIW4PolicyElementKey@2@@Z
?GetProcessorCount@Concurrency@@YAIXZ
?GetProcessorNodeCount@Concurrency@@YAIXZ
?GetSchedulerId@Concurrency@@YAIXZ
?GetSharedTimerQueue@details@Concurrency@@YAPEAXXZ
?Id@Context@Concurrency@@SAIXZ
?Id@CurrentScheduler@Concurrency@@SAIXZ
?IsAvailableLocation@CurrentScheduler@Concurrency@@SA_NAEBVlocation@2@@Z
?IsCurrentTaskCollectionCanceling@Context@Concurrency@@SA_NXZ
?Log2@details@Concurrency@@YAK_K@Z
?Oversubscribe@Context@Concurrency@@SAX_N@Z
?RegisterShutdownEvent@CurrentScheduler@Concurrency@@SAXPEAX@Z
?ResetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXXZ
?ScheduleGroupId@Context@Concurrency@@SAIXZ
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPEAX@Z0@Z
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPEAX@Z0AEAVlocation@2@@Z
?SetConcurrencyLimits@SchedulerPolicy@Concurrency@@QEAAXII@Z
?SetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXAEBVSchedulerPolicy@2@@Z
?SetPolicyValue@SchedulerPolicy@Concurrency@@QEAAIW4PolicyElementKey@2@I@Z
?VirtualProcessorId@Context@Concurrency@@SAIXZ
?Yield@Context@Concurrency@@SAXXZ
?_Abort@_StructuredTaskCollection@details@Concurrency@@AEAAXXZ
?_Acquire@_NonReentrantBlockingLock@details@Concurrency@@QEAAXXZ
?_Acquire@_NonReentrantPPLLock@details@Concurrency@@QEAAXPEAX@Z
?_Acquire@_ReentrantBlockingLock@details@Concurrency@@QEAAXXZ
?_Acquire@_ReentrantLock@details@Concurrency@@QEAAXXZ
?_Acquire@_ReentrantPPLLock@details@Concurrency@@QEAAXPEAX@Z
?_AcquireRead@_ReaderWriterLock@details@Concurrency@@QEAAXXZ
?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QEAAXXZ
?_Cancel@_CancellationTokenState@details@Concurrency@@QEAAXXZ
?_Cancel@_StructuredTaskCollection@details@Concurrency@@QEAAXXZ
?_Cancel@_TaskCollection@details@Concurrency@@QEAAXXZ
?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IEAAXXZ
?_CleanupToken@_StructuredTaskCollection@details@Concurrency@@AEAAXXZ
?_ConcRT_CoreAssert@details@Concurrency@@YAXPEBD0H@Z
?_ConcRT_Trace@details@Concurrency@@YAXHPEB_WZZ
?_Confirm_cancel@_Cancellation_beacon@details@Concurrency@@QEAA_NXZ
?_Copy_str@exception@std@@AEAAXPEBD@Z
?_CurrentContext@_Context@details@Concurrency@@SA?AV123@XZ
?_Current_node@location@Concurrency@@SA?AV12@XZ
?_DeregisterCallback@_CancellationTokenState@details@Concurrency@@QEAAXPEAV_CancellationTokenRegistration@23@@Z
?_Destroy@_AsyncTaskCollection@details@Concurrency@@EEAAXXZ
?_Destroy@_CancellationTokenState@details@Concurrency@@EEAAXXZ
?_DoYield@?$_SpinWait@$00@details@Concurrency@@IEAAXXZ
?_DoYield@?$_SpinWait@$0A@@details@Concurrency@@IEAAXXZ
?_Get@_CurrentScheduler@details@Concurrency@@SA?AV_Scheduler@23@XZ
?_GetConcRTTraceInfo@Concurrency@@YAPEBU_CONCRT_TRACE_INFO@details@1@XZ
?_GetConcurrency@details@Concurrency@@YAIXZ
?_GetCurrentInlineDepth@_StackGuard@details@Concurrency@@CAAEA_KXZ
?_GetNumberOfVirtualProcessors@_CurrentScheduler@details@Concurrency@@SAIXZ
?_GetScheduler@_Scheduler@details@Concurrency@@QEAAPEAVScheduler@3@XZ
?_Id@_CurrentScheduler@details@Concurrency@@SAIXZ
?_Invoke@_CancellationTokenRegistration@details@Concurrency@@AEAAXXZ
?_IsCanceling@_StructuredTaskCollection@details@Concurrency@@QEAA_NXZ
?_IsCanceling@_TaskCollection@details@Concurrency@@QEAA_NXZ
?_IsSynchronouslyBlocked@_Context@details@Concurrency@@QEBA_NXZ
?_Name_base@type_info@@CAPEBDPEBV1@PEAU__type_info_node@@@Z
?_Name_base_internal@type_info@@CAPEBDPEBV1@PEAU__type_info_node@@@Z
?_NewCollection@_AsyncTaskCollection@details@Concurrency@@SAPEAV123@PEAV_CancellationTokenState@23@@Z
?_NewTokenState@_CancellationTokenState@details@Concurrency@@SAPEAV123@XZ
?_NumberOfSpins@?$_SpinWait@$00@details@Concurrency@@IEAAKXZ
?_NumberOfSpins@?$_SpinWait@$0A@@details@Concurrency@@IEAAKXZ
?_Oversubscribe@_Context@details@Concurrency@@SAX_N@Z
?_Reference@_Scheduler@details@Concurrency@@QEAAIXZ
?_RegisterCallback@_CancellationTokenState@details@Concurrency@@QEAAPEAV_CancellationTokenRegistration@23@P6AXPEAX@Z0H@Z
?_RegisterCallback@_CancellationTokenState@details@Concurrency@@QEAAXPEAV_CancellationTokenRegistration@23@@Z
?_Release@_NonReentrantBlockingLock@details@Concurrency@@QEAAXXZ
?_Release@_NonReentrantPPLLock@details@Concurrency@@QEAAXXZ
?_Release@_ReentrantBlockingLock@details@Concurrency@@QEAAXXZ
?_Release@_ReentrantLock@details@Concurrency@@QEAAXXZ
?_Release@_ReentrantPPLLock@details@Concurrency@@QEAAXXZ
?_Release@_Scheduler@details@Concurrency@@QEAAIXZ
?_ReleaseRead@_ReaderWriterLock@details@Concurrency@@QEAAXXZ
?_ReleaseWrite@_ReaderWriterLock@details@Concurrency@@QEAAXXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Reset@?$_SpinWait@$00@details@Concurrency@@IEAAXXZ
?_Reset@?$_SpinWait@$0A@@details@Concurrency@@IEAAXXZ
?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QEAA?AW4_TaskCollectionStatus@23@PEAV_UnrealizedChore@23@@Z
?_RunAndWait@_TaskCollection@details@Concurrency@@QEAA?AW4_TaskCollectionStatus@23@PEAV_UnrealizedChore@23@@Z
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@@Z
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@PEAVlocation@3@@Z
?_Schedule@_TaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@@Z
?_Schedule@_TaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@PEAVlocation@3@@Z
?_ScheduleTask@_CurrentScheduler@details@Concurrency@@SAXP6AXPEAX@Z0@Z
?_SetSpinCount@?$_SpinWait@$00@details@Concurrency@@QEAAXI@Z
?_SetSpinCount@?$_SpinWait@$0A@@details@Concurrency@@QEAAXI@Z
?_SetUnobservedExceptionHandler@details@Concurrency@@YAXP6AXXZ@Z
?_ShouldSpinAgain@?$_SpinWait@$00@details@Concurrency@@IEAA_NXZ
?_ShouldSpinAgain@?$_SpinWait@$0A@@details@Concurrency@@IEAA_NXZ
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QEAA_NXZ
?_SpinOnce@?$_SpinWait@$0A@@details@Concurrency@@QEAA_NXZ
?_SpinYield@Context@Concurrency@@SAXXZ
?_Start@_Timer@details@Concurrency@@IEAAXXZ
?_Stop@_Timer@details@Concurrency@@IEAAXXZ
?_Tidy@exception@std@@AEAAXXZ
?_Trace_agents@Concurrency@@YAXW4Agents_EventType@1@_JZZ
?_Trace_ppl_function@Concurrency@@YAXAEBU_GUID@@EW4ConcRT_EventType@1@@Z
?_TryAcquire@_NonReentrantBlockingLock@details@Concurrency@@QEAA_NXZ
?_TryAcquire@_ReentrantBlockingLock@details@Concurrency@@QEAA_NXZ
?_TryAcquire@_ReentrantLock@details@Concurrency@@QEAA_NXZ
?_TryAcquireWrite@_ReaderWriterLock@details@Concurrency@@QEAA_NXZ
?_Type_info_dtor@type_info@@CAXPEAV1@@Z
?_Type_info_dtor_internal@type_info@@CAXPEAV1@@Z
?_UnderlyingYield@details@Concurrency@@YAXXZ
?_ValidateExecute@@YAHP6A_JXZ@Z
?_ValidateRead@@YAHPEBXI@Z
?_ValidateWrite@@YAHPEAXI@Z
?_Value@_SpinCount@details@Concurrency@@SAIXZ
?_Yield@_Context@details@Concurrency@@SAXXZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCompare@@YA_NPEBX0@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrSwap@@YAXPEAX0@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_inconsistency@@YAXXZ
?_invalid_parameter@@YAXPEBG00I_K@Z
?_is_exception_typeof@@YAHAEBVtype_info@@PEAU_EXCEPTION_POINTERS@@@Z
?_name_internal_method@type_info@@QEBAPEBDPEAU__type_info_node@@@Z
?_open@@YAHPEBDHH@Z
?_query_new_handler@@YAP6AH_K@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AH_K@ZH@Z
?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZH@Z
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?_sopen@@YAHPEBDHHH@Z
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?_wopen@@YAHPEB_WHH@Z
?_wsopen@@YAHPEB_WHHH@Z
?before@type_info@@QEBA_NAEBV1@@Z
?current@location@Concurrency@@SA?AV12@XZ
?from_numa_node@location@Concurrency@@SA?AV12@G@Z
?get_error_code@scheduler_resource_allocation_error@Concurrency@@QEBAJXZ
?lock@critical_section@Concurrency@@QEAAXXZ
?lock@reader_writer_lock@Concurrency@@QEAAXXZ
?lock_read@reader_writer_lock@Concurrency@@QEAAXXZ
?name@type_info@@QEBAPEBDPEAU__type_info_node@@@Z
?native_handle@critical_section@Concurrency@@QEAAAEAV12@XZ
?notify_all@_Condition_variable@details@Concurrency@@QEAAXXZ
?notify_one@_Condition_variable@details@Concurrency@@QEAAXXZ
?raw_name@type_info@@QEBAPEBDXZ
?reset@event@Concurrency@@QEAAXXZ
?set@event@Concurrency@@QEAAXXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_task_execution_resources@Concurrency@@YAXGPEAU_GROUP_AFFINITY@@@Z
?set_task_execution_resources@Concurrency@@YAX_K@Z
?set_terminate@@YAP6AXXZH@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZH@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?terminate@@YAXXZ
?try_lock@critical_section@Concurrency@@QEAA_NXZ
?try_lock@reader_writer_lock@Concurrency@@QEAA_NXZ
?try_lock_for@critical_section@Concurrency@@QEAA_NI@Z
?try_lock_read@reader_writer_lock@Concurrency@@QEAA_NXZ
?unexpected@@YAXXZ
?unlock@critical_section@Concurrency@@QEAAXXZ
?unlock@reader_writer_lock@Concurrency@@QEAAXXZ
?wait@Concurrency@@YAXI@Z
?wait@_Condition_variable@details@Concurrency@@QEAAXAEAVcritical_section@3@@Z
?wait@event@Concurrency@@QEAA_KI@Z
?wait_for@_Condition_variable@details@Concurrency@@QEAA_NAEAVcritical_section@3@I@Z
?wait_for_multiple@event@Concurrency@@SA_KPEAPEAV12@_K_NI@Z
?what@exception@std@@UEBAPEBDXZ
_CRT_RTC_INIT
_CRT_RTC_INITW
_CreateFrameInfo
_CxxThrowException
_FindAndUnlinkFrame
_GetImageBase
_GetThrowImageBase
_Getdays
_Getmonths
_Gettnames
_HUGE
_IsExceptionObjectToBeDestroyed
_Lock_shared_ptr_spin_lock
_SetImageBase
_SetThrowImageBase
_Strftime
_Unlock_shared_ptr_spin_lock
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
_XcptFilter
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__C_specific_handler
__CppXcptFilter
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__NLG_Dispatch2
__NLG_Return2
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__STRINGTOLD_L
__TypeMatch
___lc_codepage_func
___lc_collate_cp_func
___lc_locale_name_func
___mb_cur_max_func
___mb_cur_max_l_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__clean_type_info_names_internal
__create_locale
__crtCaptureCurrentContext
__crtCapturePreviousContext
__crtCompareStringA
__crtCompareStringEx
__crtCompareStringW
__crtCreateSemaphoreExW
__crtCreateSymbolicLinkW
__crtEnumSystemLocalesEx
__crtFlsAlloc
__crtFlsFree
__crtFlsGetValue
__crtFlsSetValue
__crtGetDateFormatEx
__crtGetLocaleInfoEx
__crtGetShowWindowMode
__crtGetTimeFormatEx
__crtGetUserDefaultLocaleName
__crtInitializeCriticalSectionEx
__crtIsPackagedApp
__crtIsValidLocaleName
__crtLCMapStringA
__crtLCMapStringEx
__crtLCMapStringW
__crtSetThreadStackGuarantee
__crtSetUnhandledExceptionFilter
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
__daylight
__dllonexit
__doserrno
__dstbias
__fpecode
__free_locale
__get_current_locale
__get_flsindex
__get_tlsindex
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__lconv
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__set_app_type
__setlc_active
__setusermatherr
__strncnt
__swprintf_l
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__unDNameHelper
__uncaught_exception
__unguarded_readlc_active
__vswprintf_l
__wargv
__wcserror
__wcserror_s
__wcsncnt
__wgetmainargs
__winitenv
_abs64
_access
_access_s
_acmdln
_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_amsg_exit
_assert
_atodbl
_atodbl_l
Sections
.text Size: 580KB - Virtual size: 580KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 180KB - Virtual size: 180KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/SysInternals/Listdlls.exe.exe windows:5 windows x86 arch:x86
89d7b24bd25c29c0f3b867880ccc6d9a
Code Sign
33:00:00:00:98:04:58:cb:7f:23:09:b0:9e:00:00:00:00:00:98Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before30/03/2016, 19:21Not After30/06/2017, 19:21SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7AFA-E41C-E142,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/06/2015, 17:42Not After04/09/2016, 17:42SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/10/2015, 20:31Not After28/01/2017, 20:31SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
46:fc:26:bb:10:d0:2a:c2:34:8b:25:4a:89:b2:d3:7a:4d:94:ec:e1:af:fd:ab:f9:a4:ab:38:bf:1e:0a:ec:bcSigner
Actual PE Digest46:fc:26:bb:10:d0:2a:c2:34:8b:25:4a:89:b2:d3:7a:4d:94:ec:e1:af:fd:ab:f9:a4:ab:38:bf:1e:0a:ec:bcDigest Algorithmsha256PE Digest Matchestrue62:5f:8d:98:d1:1f:3e:c3:83:de:f8:f7:e4:ad:3a:7a:37:bc:cf:32Signer
Actual PE Digest62:5f:8d:98:d1:1f:3e:c3:83:de:f8:f7:e4:ad:3a:7a:37:bc:cf:32Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
version
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueA
VerQueryValueW
imagehlp
SymSetOptions
EnumerateLoadedModules64
SymInitialize
ImageNtHeader
crypt32
CertGetNameStringA
CertDuplicateCertificateContext
kernel32
SizeofResource
CloseHandle
LoadLibraryA
FindResourceW
FindResourceExW
CreateFileA
GetFileAttributesA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
SetLastError
GetModuleHandleA
FindResourceA
GetFileType
GetModuleFileNameA
GetModuleFileNameW
LocalAlloc
LockResource
GetStdHandle
LoadResource
GetVersion
HeapReAlloc
ReadProcessMemory
WaitForSingleObject
ReadFile
GetSystemInfo
FormatMessageA
CreateProcessA
GetCommandLineA
ExpandEnvironmentStringsA
DeleteFileA
GetStringTypeW
ReadConsoleW
WriteConsoleW
SetFilePointerEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
Sleep
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
GetCommandLineW
HeapFree
GetCPInfo
DecodePointer
HeapAlloc
HeapDestroy
GetProcAddress
OpenProcess
CompareStringW
LCMapStringW
GetTimeZoneInformation
SetEndOfFile
SetEnvironmentVariableA
LoadLibraryExW
CreateFileW
QueryPerformanceCounter
GetCurrentProcessId
LocalFree
GetOEMCP
GetACP
IsValidCodePage
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
RtlUnwind
SetStdHandle
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
WriteFile
GetCurrentThreadId
GetConsoleCP
FlushFileBuffers
GetSystemTimeAsFileTime
user32
LoadCursorA
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextA
GetDlgItem
EndDialog
DialogBoxIndirectParamA
SendMessageA
gdi32
StartPage
EndDoc
StartDocA
SetMapMode
GetDeviceCaps
EndPage
comdlg32
PrintDlgA
advapi32
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegSetValueExA
RegCreateKeyA
RegCloseKey
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
oleaut32
VariantClear
Sections
.text Size: 111KB - Virtual size: 110KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 54KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 217KB - Virtual size: 216KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/SysInternals/LoadOrdC.exe.exe windows:5 windows x86 arch:x86
872e20b11124bf47e2547b7d535e812b
Code Sign
33:00:00:00:9d:42:68:ee:31:1c:d7:56:bd:00:00:00:00:00:9dCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before30/03/2016, 19:21Not After30/06/2017, 19:21SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:148C-C4B9-2066,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/06/2015, 17:42Not After04/09/2016, 17:42SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/10/2015, 20:31Not After28/01/2017, 20:31SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
07:9c:7f:1a:5a:a8:1e:17:22:27:7d:61:19:ab:8a:e0:57:b0:11:09:ac:f1:63:af:b7:59:6d:5b:fa:47:f9:1cSigner
Actual PE Digest07:9c:7f:1a:5a:a8:1e:17:22:27:7d:61:19:ab:8a:e0:57:b0:11:09:ac:f1:63:af:b7:59:6d:5b:fa:47:f9:1cDigest Algorithmsha256PE Digest Matchestrue41:f1:04:6b:cf:4c:79:2a:4f:a3:fd:e1:bd:ca:2c:f2:57:e6:02:6cSigner
Actual PE Digest41:f1:04:6b:cf:4c:79:2a:4f:a3:fd:e1:bd:ca:2c:f2:57:e6:02:6cDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
version
VerQueryValueW
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
kernel32
LCMapStringW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetStringTypeW
FreeEnvironmentStringsW
GetCommandLineW
GetModuleHandleA
LoadLibraryA
GetStdHandle
LocalFree
GetProcAddress
LocalAlloc
GetModuleFileNameA
GetModuleFileNameW
GetFileType
RtlUnwind
SetFilePointerEx
HeapReAlloc
WriteConsoleW
OutputDebugStringW
EnumSystemLocalesW
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
GetLastError
HeapAlloc
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
GetConsoleMode
HeapSize
ReadConsoleInputA
SetConsoleMode
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId
DeleteCriticalSection
FlushFileBuffers
WriteFile
GetConsoleCP
ReadFile
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetProcessHeap
LoadLibraryExW
CreateFileW
CloseHandle
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
user32
LoadCursorA
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextA
GetDlgItem
EndDialog
DialogBoxIndirectParamA
SendMessageA
gdi32
StartPage
EndDoc
StartDocA
SetMapMode
GetDeviceCaps
EndPage
comdlg32
PrintDlgA
advapi32
RegQueryValueExW
RegOpenKeyA
RegCreateKeyA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyA
RegCloseKey
RegSetValueExA
Sections
.text Size: 90KB - Virtual size: 89KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 49KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/SysInternals/LoadOrdC64.exe.exe windows:5 windows x64 arch:x64
f97620d0d951cf8d580ba1054cd05181
Code Sign
33:00:00:00:9d:42:68:ee:31:1c:d7:56:bd:00:00:00:00:00:9dCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before30/03/2016, 19:21Not After30/06/2017, 19:21SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:148C-C4B9-2066,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/06/2015, 17:42Not After04/09/2016, 17:42SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/10/2015, 20:31Not After28/01/2017, 20:31SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
fa:d6:1d:cb:be:90:33:46:fe:06:be:8b:32:b7:00:1b:d0:49:01:be:96:03:4b:19:c9:e7:3f:dc:28:fd:7f:22Signer
Actual PE Digestfa:d6:1d:cb:be:90:33:46:fe:06:be:8b:32:b7:00:1b:d0:49:01:be:96:03:4b:19:c9:e7:3f:dc:28:fd:7f:22Digest Algorithmsha256PE Digest Matchestruef6:2a:58:b0:55:3a:01:64:a3:6d:69:0b:6f:da:ad:ed:9d:b3:64:14Signer
Actual PE Digestf6:2a:58:b0:55:3a:01:64:a3:6d:69:0b:6f:da:ad:ed:9d:b3:64:14Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
version
VerQueryValueW
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
kernel32
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetModuleHandleA
LoadLibraryA
GetStdHandle
LocalFree
GetProcAddress
LocalAlloc
GetModuleFileNameA
GetModuleFileNameW
GetFileType
LCMapStringW
SetFilePointerEx
HeapReAlloc
WriteConsoleW
OutputDebugStringW
GetUserDefaultLCID
ReadConsoleInputA
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
GetLastError
HeapAlloc
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
GetConsoleMode
HeapSize
SetConsoleMode
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId
RtlUnwindEx
DeleteCriticalSection
FlushFileBuffers
WriteFile
GetConsoleCP
ReadFile
GetStartupInfoW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetProcessHeap
LoadLibraryExW
CreateFileW
CloseHandle
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
user32
LoadCursorA
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextA
GetDlgItem
EndDialog
DialogBoxIndirectParamA
SendMessageA
gdi32
StartPage
EndDoc
StartDocA
SetMapMode
GetDeviceCaps
EndPage
comdlg32
PrintDlgA
advapi32
RegQueryValueExW
RegOpenKeyA
RegCreateKeyA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyA
RegCloseKey
RegSetValueExA
Sections
.text Size: 91KB - Virtual size: 90KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 60KB - Virtual size: 60KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 62KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/SysInternals/PsInfo.exe.exe windows:5 windows x86 arch:x86
4f91d3b940be88c33827931a94b9bb0f
Code Sign
33:00:00:00:9a:9a:9b:16:c2:83:da:d5:c2:00:00:00:00:00:9aCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before30/03/2016, 19:21Not After30/06/2017, 19:21SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B1B7-F67F-FEC2,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/06/2015, 17:42Not After04/09/2016, 17:42SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/10/2015, 20:31Not After28/01/2017, 20:31SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
8e:f8:07:fb:c6:26:dc:be:ca:c7:a7:7b:e8:fe:09:64:6d:83:a0:ea:34:92:de:b2:46:4e:73:92:37:f6:27:d6Signer
Actual PE Digest8e:f8:07:fb:c6:26:dc:be:ca:c7:a7:7b:e8:fe:09:64:6d:83:a0:ea:34:92:de:b2:46:4e:73:92:37:f6:27:d6Digest Algorithmsha256PE Digest Matchestrue5b:c0:b0:eb:aa:c5:18:c5:4e:cb:33:86:ca:99:bc:83:16:66:ec:00Signer
Actual PE Digest5b:c0:b0:eb:aa:c5:18:c5:4e:cb:33:86:ca:99:bc:83:16:66:ec:00Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
pdh
PdhGetFormattedCounterValue
PdhCloseQuery
PdhCollectQueryData
PdhAddCounterW
PdhOpenQueryW
version
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
netapi32
NetServerEnum
NetApiBufferFree
ws2_32
inet_ntoa
WSAStartup
gethostname
gethostbyname
mpr
WNetCancelConnection2W
WNetAddConnection2W
kernel32
GetCommandLineW
GetModuleFileNameW
LockResource
FreeLibrary
GetCurrentProcess
GetLastError
SetLastError
WaitForSingleObject
Sleep
LoadResource
SizeofResource
WriteFile
CloseHandle
GetTickCount
FormatMessageA
GetModuleHandleW
FindResourceW
GetSystemDirectoryW
CreateFileW
DeleteFileW
GetComputerNameW
MultiByteToWideChar
GetConsoleScreenBufferInfo
SetErrorMode
GetLogicalDrives
GetDriveTypeW
GetDiskFreeSpaceExW
GetVolumeInformationW
GetVersion
ReadFile
FileTimeToSystemTime
GetDateFormatW
GetStdHandle
LoadLibraryW
GetFileType
LocalFree
LocalAlloc
GetProcAddress
GetConsoleCP
RtlUnwind
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
SetEndOfFile
LCMapStringW
OutputDebugStringW
HeapSize
SetFilePointerEx
WriteConsoleW
ReadConsoleW
LoadLibraryExW
FlushFileBuffers
GetProcessHeap
GetStartupInfoW
TlsFree
TlsSetValue
RaiseException
LoadLibraryExA
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
CreateThread
GetCurrentThreadId
ExitThread
HeapReAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
comdlg32
PrintDlgW
advapi32
OpenSCManagerW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegEnumKeyW
StartServiceW
QueryServiceStatus
OpenServiceW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
RegConnectRegistryW
ImpersonateLoggedOnUser
LogonUserW
RevertToSelf
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey
ole32
CoInitializeSecurity
CoCreateInstance
CoInitializeEx
oleaut32
SysAllocString
SysFreeString
Sections
.text Size: 100KB - Virtual size: 100KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 63KB - Virtual size: 62KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 120KB - Virtual size: 120KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/SysInternals/PsInfo64.exe.exe windows:5 windows x64 arch:x64
807dbab54231983bc1dd8e3031ebdf02
Code Sign
33:00:00:00:98:04:58:cb:7f:23:09:b0:9e:00:00:00:00:00:98Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before30/03/2016, 19:21Not After30/06/2017, 19:21SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7AFA-E41C-E142,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/06/2015, 17:42Not After04/09/2016, 17:42SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/10/2015, 20:31Not After28/01/2017, 20:31SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
15:63:97:fd:fc:a0:ec:f3:55:bb:43:50:79:aa:18:89:96:5f:e9:42:27:3c:5c:ec:73:22:76:0d:32:8b:ed:97Signer
Actual PE Digest15:63:97:fd:fc:a0:ec:f3:55:bb:43:50:79:aa:18:89:96:5f:e9:42:27:3c:5c:ec:73:22:76:0d:32:8b:ed:97Digest Algorithmsha256PE Digest Matchestrue69:2c:54:c6:d3:4c:12:38:31:d6:af:01:e7:f6:d4:39:b9:e2:f1:faSigner
Actual PE Digest69:2c:54:c6:d3:4c:12:38:31:d6:af:01:e7:f6:d4:39:b9:e2:f1:faDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
pdh
PdhGetFormattedCounterValue
PdhCloseQuery
PdhCollectQueryData
PdhAddCounterW
PdhOpenQueryW
version
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
netapi32
NetServerEnum
NetApiBufferFree
ws2_32
inet_ntoa
WSAStartup
gethostname
gethostbyname
mpr
WNetCancelConnection2W
WNetAddConnection2W
kernel32
GetCommandLineW
GetModuleFileNameW
LockResource
FreeLibrary
GetCurrentProcess
GetLastError
SetLastError
WaitForSingleObject
Sleep
LoadResource
SizeofResource
WriteFile
CloseHandle
GetTickCount
FormatMessageA
GetModuleHandleW
FindResourceW
GetSystemDirectoryW
CreateFileW
DeleteFileW
GetComputerNameW
MultiByteToWideChar
GetConsoleScreenBufferInfo
SetErrorMode
GetLogicalDrives
GetDriveTypeW
GetDiskFreeSpaceExW
GetVolumeInformationW
GetVersion
ReadFile
FileTimeToSystemTime
GetDateFormatW
GetStdHandle
LoadLibraryW
GetFileType
LocalFree
LocalAlloc
GetProcAddress
FlushFileBuffers
GetConsoleCP
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
SetEndOfFile
LCMapStringW
OutputDebugStringW
HeapSize
SetFilePointerEx
WriteConsoleW
ReadConsoleW
LoadLibraryExW
GetProcessHeap
RtlUnwindEx
GetStartupInfoW
TlsFree
TlsSetValue
RaiseException
LoadLibraryExA
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
CreateThread
GetCurrentThreadId
ExitThread
HeapReAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
comdlg32
PrintDlgW
advapi32
OpenServiceW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegEnumKeyW
StartServiceW
QueryServiceStatus
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
RegConnectRegistryW
ImpersonateLoggedOnUser
LogonUserW
RevertToSelf
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey
ole32
CoInitializeSecurity
CoCreateInstance
CoInitializeEx
oleaut32
SysAllocString
SysFreeString
Sections
.text Size: 104KB - Virtual size: 103KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 75KB - Virtual size: 75KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 45KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 136KB - Virtual size: 135KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/SysInternals/PsLoggedon.exe.exe windows:5 windows x86 arch:x86
2d2cee6d005eec5676742ba250d53d92
Code Sign
33:00:00:00:98:04:58:cb:7f:23:09:b0:9e:00:00:00:00:00:98Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before30/03/2016, 19:21Not After30/06/2017, 19:21SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7AFA-E41C-E142,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/06/2015, 17:42Not After04/09/2016, 17:42SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/10/2015, 20:31Not After28/01/2017, 20:31SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
bc:74:e7:fc:fd:ee:15:23:68:d7:01:80:cd:16:80:02:f2:ee:e1:5e:5e:b7:87:76:25:61:a5:76:cc:b3:9b:cfSigner
Actual PE Digestbc:74:e7:fc:fd:ee:15:23:68:d7:01:80:cd:16:80:02:f2:ee:e1:5e:5e:b7:87:76:25:61:a5:76:cc:b3:9b:cfDigest Algorithmsha256PE Digest Matchestrue4f:65:39:93:65:7a:1b:fd:3e:63:59:0c:74:62:bd:b3:62:cc:d3:1cSigner
Actual PE Digest4f:65:39:93:65:7a:1b:fd:3e:63:59:0c:74:62:bd:b3:62:cc:d3:1cDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
netapi32
NetServerEnum
NetApiBufferFree
NetSessionEnum
kernel32
Sleep
WriteFile
CloseHandle
LoadLibraryExW
SetLastError
GetCurrentProcess
MultiByteToWideChar
GetLocalTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageW
GetTimeFormatW
GetDateFormatW
GetLastError
FreeLibrary
GetModuleFileNameW
GetCommandLineW
GetModuleHandleW
LoadLibraryW
GetStdHandle
GetFileType
LocalFree
LocalAlloc
GetProcAddress
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
LCMapStringW
OutputDebugStringW
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW
ReadConsoleW
CreateFileW
RaiseException
LoadLibraryExA
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetProcessHeap
FlushFileBuffers
GetConsoleCP
ReadFile
RtlUnwind
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
comdlg32
PrintDlgW
advapi32
RegQueryInfoKeyW
RegEnumKeyExW
LookupAccountNameW
LookupAccountSidW
FreeSid
AllocateAndInitializeSid
RegConnectRegistryW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey
Sections
.text Size: 76KB - Virtual size: 76KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 48KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/SysInternals/PsLoggedon64.exe.exe windows:5 windows x64 arch:x64
e4941a2a5bd3b0e41593ae57bdcef195
Code Sign
33:00:00:00:9c:ee:fe:14:55:a9:5d:35:50:00:00:00:00:00:9cCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before30/03/2016, 19:21Not After30/06/2017, 19:21SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:5847-F761-4F70,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/06/2015, 17:42Not After04/09/2016, 17:42SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/10/2015, 20:31Not After28/01/2017, 20:31SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
1f:1e:cc:50:78:0b:05:8c:ba:3b:a4:57:4c:07:cc:cb:ae:d0:6d:a0:af:46:d1:da:c6:fb:3a:aa:36:f4:05:adSigner
Actual PE Digest1f:1e:cc:50:78:0b:05:8c:ba:3b:a4:57:4c:07:cc:cb:ae:d0:6d:a0:af:46:d1:da:c6:fb:3a:aa:36:f4:05:adDigest Algorithmsha256PE Digest Matchestrue8b:e8:35:55:d2:51:0b:cf:a4:9a:f8:8d:b4:6a:40:4c:8c:34:8f:5bSigner
Actual PE Digest8b:e8:35:55:d2:51:0b:cf:a4:9a:f8:8d:b4:6a:40:4c:8c:34:8f:5bDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
netapi32
NetServerEnum
NetApiBufferFree
NetSessionEnum
kernel32
Sleep
WriteFile
CloseHandle
LoadLibraryExW
SetLastError
GetCurrentProcess
MultiByteToWideChar
GetLocalTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageW
GetTimeFormatW
GetDateFormatW
GetLastError
FreeLibrary
GetModuleFileNameW
GetCommandLineW
GetModuleHandleW
LoadLibraryW
GetStdHandle
GetFileType
LocalFree
LocalAlloc
GetProcAddress
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
LCMapStringW
OutputDebugStringW
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW
ReadConsoleW
CreateFileW
RaiseException
LoadLibraryExA
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
RtlUnwindEx
GetProcessHeap
FlushFileBuffers
GetConsoleCP
ReadFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
comdlg32
PrintDlgW
advapi32
RegQueryInfoKeyW
RegEnumKeyExW
LookupAccountNameW
LookupAccountSidW
FreeSid
AllocateAndInitializeSid
RegConnectRegistryW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey
Sections
.text Size: 79KB - Virtual size: 79KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 58KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/SysInternals/PsService.exe.exe windows:5 windows x86 arch:x86
c0aec3871d899cfe05e4110234641e7f
Code Sign
33:00:00:00:98:04:58:cb:7f:23:09:b0:9e:00:00:00:00:00:98Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before30/03/2016, 19:21Not After30/06/2017, 19:21SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7AFA-E41C-E142,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/06/2015, 17:42Not After04/09/2016, 17:42SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/10/2015, 20:31Not After28/01/2017, 20:31SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
a6:2b:47:ab:05:f8:ea:c1:c7:35:c4:cf:d7:74:03:5e:32:ba:0d:fb:69:76:12:03:1b:ea:6f:6b:8c:be:aa:44Signer
Actual PE Digesta6:2b:47:ab:05:f8:ea:c1:c7:35:c4:cf:d7:74:03:5e:32:ba:0d:fb:69:76:12:03:1b:ea:6f:6b:8c:be:aa:44Digest Algorithmsha256PE Digest Matchestrue39:69:62:56:44:62:fb:c5:94:3d:8d:2d:e8:46:56:04:6d:c8:dd:46Signer
Actual PE Digest39:69:62:56:44:62:fb:c5:94:3d:8d:2d:e8:46:56:04:6d:c8:dd:46Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
netapi32
NetApiBufferFree
NetServerEnum
mpr
WNetCancelConnection2W
WNetAddConnection2W
kernel32
FormatMessageA
LoadLibraryExW
CreateFileW
GetComputerNameW
MultiByteToWideChar
GetConsoleScreenBufferInfo
GetVersion
lstrlenW
WriteFile
CloseHandle
Sleep
SetLastError
GetLastError
GetCurrentProcess
FreeLibrary
GetModuleFileNameW
GetCommandLineW
GetModuleHandleW
LoadLibraryW
GetStdHandle
GetFileType
LocalFree
LocalAlloc
GetProcAddress
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
LCMapStringW
OutputDebugStringW
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW
RaiseException
LoadLibraryExA
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetProcessHeap
FlushFileBuffers
GetConsoleCP
ReadFile
RtlUnwind
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
comdlg32
PrintDlgW
advapi32
MapGenericMask
QueryServiceObjectSecurity
QueryServiceConfigW
EnumServicesStatusExW
EnumDependentServicesW
ChangeServiceConfigW
LookupAccountSidW
GetSecurityDescriptorDacl
GetAce
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
IsValidSid
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
ControlService
CloseServiceHandle
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey
Sections
.text Size: 97KB - Virtual size: 97KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 61KB - Virtual size: 61KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/SysInternals/PsService64.exe.exe windows:5 windows x64 arch:x64
49d11719ee0e32e06df13adda9f129d8
Code Sign
33:00:00:00:99:aa:c5:81:9f:8c:a2:7d:8a:00:00:00:00:00:99Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before30/03/2016, 19:21Not After30/06/2017, 19:21SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:98FD-C61E-E641,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/06/2015, 17:42Not After04/09/2016, 17:42SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/10/2015, 20:31Not After28/01/2017, 20:31SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
fc:ed:60:71:fc:6b:44:51:4c:46:9c:e0:f1:96:cc:b5:72:1d:b6:56:b7:c2:46:63:45:b6:01:6c:a1:58:d6:4dSigner
Actual PE Digestfc:ed:60:71:fc:6b:44:51:4c:46:9c:e0:f1:96:cc:b5:72:1d:b6:56:b7:c2:46:63:45:b6:01:6c:a1:58:d6:4dDigest Algorithmsha256PE Digest Matchestrue93:32:aa:1d:e2:cf:96:73:6e:81:52:5c:09:bf:db:b8:68:d4:a3:51Signer
Actual PE Digest93:32:aa:1d:e2:cf:96:73:6e:81:52:5c:09:bf:db:b8:68:d4:a3:51Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
netapi32
NetApiBufferFree
NetServerEnum
mpr
WNetCancelConnection2W
WNetAddConnection2W
kernel32
FormatMessageA
LoadLibraryExW
CreateFileW
GetComputerNameW
MultiByteToWideChar
GetConsoleScreenBufferInfo
GetVersion
lstrlenW
WriteFile
CloseHandle
Sleep
SetLastError
GetLastError
GetCurrentProcess
FreeLibrary
GetModuleFileNameW
GetCommandLineW
GetModuleHandleW
LoadLibraryW
GetStdHandle
GetFileType
LocalFree
LocalAlloc
GetProcAddress
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
LCMapStringW
OutputDebugStringW
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW
RaiseException
LoadLibraryExA
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
RtlUnwindEx
GetProcessHeap
FlushFileBuffers
GetConsoleCP
ReadFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
comdlg32
PrintDlgW
advapi32
GetSecurityDescriptorDacl
QueryServiceObjectSecurity
QueryServiceConfigW
EnumServicesStatusExW
EnumDependentServicesW
ChangeServiceConfigW
LookupAccountSidW
GetAce
MapGenericMask
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
IsValidSid
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
ControlService
CloseServiceHandle
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey
Sections
.text Size: 100KB - Virtual size: 99KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 74KB - Virtual size: 73KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/SysInternals/autorunsc.exe.exe windows:5 windows x86 arch:x86
3beeae58675be450ff0da1b20500c997
Code Sign
33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before12/07/2018, 20:11Not After26/07/2019, 20:11SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:f8:97:e7:60:fb:03:a3:90:c1:00:00:00:00:00:f8Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/08/2018, 20:20Not After23/11/2019, 20:20SubjectCN=Microsoft Time-Stamp Service,OU=Microsoft Operations Puerto Rico+OU=Thales TSS ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before12/07/2018, 20:08Not After26/07/2019, 20:08SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ca:52:88:bc:54:22:70:d8:ab:55:6b:a3:ad:44:e9:e3:22:18:64:a7:e3:20:d0:07:28:96:4d:bd:68:f0:66:04Signer
Actual PE Digestca:52:88:bc:54:22:70:d8:ab:55:6b:a3:ad:44:e9:e3:22:18:64:a7:e3:20:d0:07:28:96:4d:bd:68:f0:66:04Digest Algorithmsha256PE Digest Matchestrue10:82:81:20:8b:d2:06:6a:87:11:9d:59:6f:0d:c6:13:9b:c6:f2:e1Signer
Actual PE Digest10:82:81:20:8b:d2:06:6a:87:11:9d:59:6f:0d:c6:13:9b:c6:f2:e1Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\agent\_work\3\s\Win32\Release Console\autorunsc.pdb
Imports
version
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
comctl32
ImageList_ReplaceIcon
ImageList_Add
crypt32
CryptSIPLoad
CryptSIPRetrieveSubjectGuidForCatalogFile
CertDuplicateCertificateContext
CertGetNameStringW
wintrust
CryptCATAdminCalcHashFromFileHandle
ntdll
RtlUnwind
NtOpenKey
NtCreateKey
kernel32
GetFullPathNameW
IsWow64Process
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetPrivateProfileStringW
FreeLibrary
LoadLibraryExW
MultiByteToWideChar
DecodePointer
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
GetCurrentThread
SetThreadPriority
EnterCriticalSection
SetEvent
GetSystemWow64DirectoryW
WaitForMultipleObjects
CreateEventW
CreateThread
GetExitCodeThread
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStringTypeW
GetConsoleCP
FlushFileBuffers
GetStartupInfoW
TlsFree
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetCurrentThreadId
SetStdHandle
SetConsoleMode
ReadConsoleInputA
GetSystemWindowsDirectoryW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
TlsSetValue
ExitProcess
TlsAlloc
lstrlenW
FormatMessageA
GetFileTime
WriteFile
GetFileSize
InitializeCriticalSection
SetErrorMode
ExitThread
GetCurrentProcess
OpenProcess
GetLongPathNameW
GetVersion
TlsGetValue
GetModuleFileNameW
GetCommandLineW
GetStdHandle
GetFileType
LocalFree
LocalAlloc
GetDateFormatW
GetTimeFormatW
GetModuleHandleW
FormatMessageW
FileTimeToSystemTime
FileTimeToLocalFileTime
MulDiv
ReadFile
InterlockedIncrement
FindNextFileW
FindFirstFileW
GetFileAttributesW
CreateFileW
LoadLibraryW
FindClose
Sleep
GetLastError
GetProcAddress
InterlockedDecrement
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
CloseHandle
GetFileSizeEx
SetFilePointerEx
OutputDebugStringW
WriteConsoleW
ReadConsoleW
SetEndOfFile
lstrlenA
EncodePointer
IsProcessorFeaturePresent
WaitForSingleObject
GetConsoleMode
WideCharToMultiByte
GetModuleHandleExW
IsDebuggerPresent
user32
DialogBoxIndirectParamW
MessageBoxW
GetDlgItem
SetWindowTextW
SetCursor
EndDialog
SendMessageW
InflateRect
LoadCursorW
GetMenu
CheckMenuItem
GetSubMenu
DeleteMenu
GetSysColorBrush
PostMessageW
LoadStringW
DestroyIcon
LoadIconW
InsertMenuW
gdi32
DeleteObject
EndPage
StartPage
StartDocW
SetMapMode
GetDeviceCaps
DeleteDC
CreateCompatibleDC
EndDoc
comdlg32
PrintDlgW
advapi32
QueryServiceConfig2W
GetServiceDisplayNameW
RegQueryValueW
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CloseServiceHandle
RegUnLoadKeyW
RegQueryInfoKeyW
RegLoadKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteKeyW
DuplicateTokenEx
ImpersonateLoggedOnUser
LookupPrivilegeValueW
LookupAccountNameW
LookupAccountSidW
FreeSid
AllocateAndInitializeSid
EqualSid
AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken
RevertToSelf
RegOpenKeyW
RegCreateKeyW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
OpenServiceW
OpenSCManagerW
shell32
ShellExecuteW
SHGetFileInfoW
SHGetFolderPathW
ole32
CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
oleaut32
VariantChangeType
VariantInit
SysAllocString
SysFreeString
VariantClear
SysStringLen
SysAllocStringByteLen
shlwapi
UrlUnescapeW
ord176
winhttp
WinHttpReadData
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpWriteData
Sections
.text Size: 344KB - Virtual size: 344KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 127KB - Virtual size: 126KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 105KB - Virtual size: 104KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/SysInternals/autorunsc.exe_.exe windows:5 windows x86 arch:x86
48ef03becdb691242db40ec056a3ddbb
Code Sign
33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/05/2019, 21:37Not After02/05/2020, 21:37SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
7a:10:da:af:61:69:50:d1:0e:37:28:34:e8:b0:61:61:85:86:7b:62:0c:2d:a3:4c:dc:86:3f:f5:4e:19:cf:b4Signer
Actual PE Digest7a:10:da:af:61:69:50:d1:0e:37:28:34:e8:b0:61:61:85:86:7b:62:0c:2d:a3:4c:dc:86:3f:f5:4e:19:cf:b4Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\agent\_work\93\s\Win32\Release Console\autorunsc.pdb
Imports
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
comctl32
ImageList_ReplaceIcon
ImageList_Add
crypt32
CertGetNameStringW
CryptDecodeObject
CryptSIPLoad
CryptSIPRetrieveSubjectGuidForCatalogFile
CertDuplicateCertificateContext
wintrust
CryptCATAdminCalcHashFromFileHandle
ntdll
RtlUnwind
NtOpenKey
NtCreateKey
kernel32
GetSystemWindowsDirectoryW
GetSystemWow64DirectoryW
GetFullPathNameW
IsWow64Process
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetPrivateProfileStringW
FreeLibrary
MultiByteToWideChar
DecodePointer
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
GetCurrentThread
SetThreadPriority
SetEnvironmentVariableW
SetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateEventW
CreateThread
GetExitCodeThread
IsProcessorFeaturePresent
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetStringTypeW
GetConsoleCP
FlushFileBuffers
LCMapStringW
CompareStringW
GetACP
GetCommandLineA
FreeLibraryAndExitThread
SetStdHandle
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
GetModuleHandleExW
ExitProcess
TlsFree
EncodePointer
TlsSetValue
TlsAlloc
lstrlenW
FormatMessageA
GetFileTime
ResetEvent
WriteFile
GetFileSize
InitializeCriticalSection
SetErrorMode
ExitThread
ExpandEnvironmentStringsW
GetCurrentProcess
OpenProcess
GetLongPathNameW
GetVersion
TlsGetValue
GetModuleFileNameW
GetCommandLineW
GetStdHandle
GetFileType
LocalFree
LocalAlloc
GetDateFormatW
GetTimeFormatW
GetModuleHandleW
FormatMessageW
FileTimeToSystemTime
FileTimeToLocalFileTime
MulDiv
ReadFile
InterlockedIncrement
FindNextFileW
FindFirstFileW
GetFileAttributesW
CreateFileW
FindClose
Sleep
GetLastError
GetProcAddress
InterlockedDecrement
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
CloseHandle
GetFileSizeEx
GetVersionExW
LoadLibraryExW
SetLastError
SetFilePointerEx
WriteConsoleW
ReadConsoleW
SetEndOfFile
TerminateProcess
SetUnhandledExceptionFilter
EnterCriticalSection
OutputDebugStringW
WideCharToMultiByte
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
UnhandledExceptionFilter
user32
GetSysColorBrush
InflateRect
LoadCursorW
SetCursor
SetWindowTextW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
GetMenu
CheckMenuItem
GetSubMenu
InsertMenuW
SendMessageW
MessageBoxW
PostMessageW
LoadStringW
DestroyIcon
LoadIconW
DeleteMenu
gdi32
DeleteObject
StartPage
EndDoc
StartDocW
SetMapMode
GetDeviceCaps
DeleteDC
CreateCompatibleDC
EndPage
comdlg32
PrintDlgW
advapi32
FreeSid
QueryServiceConfig2W
GetServiceDisplayNameW
RegQueryValueW
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CloseServiceHandle
RegUnLoadKeyW
RegQueryInfoKeyW
RegLoadKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteKeyW
DuplicateTokenEx
ImpersonateLoggedOnUser
LookupPrivilegeValueW
LookupAccountNameW
LookupAccountSidW
OpenServiceW
AllocateAndInitializeSid
EqualSid
AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken
RevertToSelf
RegOpenKeyW
RegCreateKeyW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
OpenSCManagerW
shell32
SHGetFileInfoW
SHGetFolderPathW
ShellExecuteW
ole32
CoGetInterfaceAndReleaseStream
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoMarshalInterThreadInterfaceInStream
oleaut32
VariantClear
SysStringLen
SysAllocString
VariantInit
VariantChangeType
SysAllocStringByteLen
SysFreeString
shlwapi
ord176
UrlUnescapeW
winhttp
WinHttpConnect
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpReadData
WinHttpWriteData
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpOpen
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
Sections
.text Size: 378KB - Virtual size: 378KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 130KB - Virtual size: 129KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 105KB - Virtual size: 104KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/SysInternals/autorunsc64.exe.exe windows:5 windows x64 arch:x64
b19048a6b3b3977a48946256070c30fb
Code Sign
33:00:00:01:1a:2f:2e:15:ee:b6:85:47:95:00:00:00:00:01:1aCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/10/2018, 21:07Not After10/01/2020, 21:07SubjectCN=Microsoft Time-Stamp Service,OU=Microsoft America Operations+OU=Thales TSS ESN:3E7A-E359-A25D,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before12/07/2018, 20:11Not After26/07/2019, 20:11SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before12/07/2018, 20:08Not After26/07/2019, 20:08SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0d:a9:91:d2:b5:09:4b:ec:cb:c4:2b:5c:e1:00:93:1d:ab:1a:72:5c:c2:eb:32:41:cb:14:e9:b0:0f:05:e3:7eSigner
Actual PE Digest0d:a9:91:d2:b5:09:4b:ec:cb:c4:2b:5c:e1:00:93:1d:ab:1a:72:5c:c2:eb:32:41:cb:14:e9:b0:0f:05:e3:7eDigest Algorithmsha256PE Digest Matchestrue04:cc:1c:8a:4a:17:1f:02:64:35:88:2d:8a:10:e2:b1:54:47:9d:e0Signer
Actual PE Digest04:cc:1c:8a:4a:17:1f:02:64:35:88:2d:8a:10:e2:b1:54:47:9d:e0Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\agent\_work\3\s\x64\Release Console\autorunsc64.pdb
Imports
version
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
comctl32
ImageList_ReplaceIcon
ImageList_Add
crypt32
CryptSIPLoad
CryptSIPRetrieveSubjectGuidForCatalogFile
CertDuplicateCertificateContext
CertGetNameStringW
wintrust
CryptCATAdminCalcHashFromFileHandle
ntdll
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlCaptureContext
RtlVirtualUnwind
RtlUnwindEx
NtOpenKey
NtCreateKey
kernel32
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetPrivateProfileStringW
FreeLibrary
LoadLibraryExW
MultiByteToWideChar
DecodePointer
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
GetCurrentThread
SetThreadPriority
EnterCriticalSection
SetEvent
WaitForSingleObject
IsWow64Process
CreateEventW
CreateThread
GetExitCodeThread
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStringTypeW
GetConsoleCP
FlushFileBuffers
GetStartupInfoW
TlsFree
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetCurrentThreadId
SetStdHandle
SetConsoleMode
ReadConsoleInputA
GetFullPathNameW
GetSystemWow64DirectoryW
GetSystemWindowsDirectoryW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
TlsSetValue
TlsAlloc
ExitProcess
lstrlenW
FormatMessageA
GetFileTime
WriteFile
GetFileSize
InitializeCriticalSection
SetErrorMode
ExitThread
GetCurrentProcess
OpenProcess
GetLongPathNameW
GetVersion
TlsGetValue
GetModuleFileNameW
GetCommandLineW
GetStdHandle
GetFileType
LocalFree
LocalAlloc
GetDateFormatW
GetTimeFormatW
GetModuleHandleW
FormatMessageW
FileTimeToSystemTime
FileTimeToLocalFileTime
MulDiv
ReadFile
FindNextFileW
FindFirstFileW
GetFileAttributesW
CreateFileW
LoadLibraryW
FindClose
Sleep
GetLastError
GetProcAddress
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
CloseHandle
GetFileSizeEx
SetFilePointerEx
OutputDebugStringW
WriteConsoleW
ReadConsoleW
SetEndOfFile
lstrlenA
EncodePointer
IsProcessorFeaturePresent
WaitForMultipleObjects
GetConsoleMode
WideCharToMultiByte
GetModuleHandleExW
IsDebuggerPresent
user32
SendMessageW
DialogBoxIndirectParamW
EndDialog
MessageBoxW
SetWindowTextW
SetCursor
GetSysColorBrush
InflateRect
GetDlgItem
GetMenu
CheckMenuItem
GetSubMenu
InsertMenuW
DeleteMenu
DestroyIcon
LoadIconW
LoadCursorW
PostMessageW
LoadStringW
gdi32
DeleteObject
EndPage
StartPage
EndDoc
StartDocW
SetMapMode
GetDeviceCaps
DeleteDC
CreateCompatibleDC
comdlg32
PrintDlgW
advapi32
QueryServiceConfig2W
GetServiceDisplayNameW
RegQueryValueW
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CloseServiceHandle
RegUnLoadKeyW
RegQueryInfoKeyW
RegLoadKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteKeyW
DuplicateTokenEx
ImpersonateLoggedOnUser
LookupPrivilegeValueW
LookupAccountNameW
LookupAccountSidW
FreeSid
AllocateAndInitializeSid
EqualSid
AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken
RevertToSelf
RegOpenKeyW
RegCreateKeyW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
OpenServiceW
OpenSCManagerW
shell32
ShellExecuteW
SHGetFileInfoW
SHGetFolderPathW
ole32
CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
oleaut32
VariantChangeType
VariantInit
SysAllocString
SysFreeString
VariantClear
SysStringLen
SysAllocStringByteLen
shlwapi
UrlUnescapeW
ord176
winhttp
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpWriteData
WinHttpSetOption
WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
Sections
.text Size: 395KB - Virtual size: 394KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 194KB - Virtual size: 194KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 17KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 105KB - Virtual size: 104KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/SysInternals/autorunsc64.exe_.exe windows:5 windows x64 arch:x64
820c4031fd7af3ea8d4419803462c65d
Code Sign
33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/05/2019, 21:37Not After02/05/2020, 21:37SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
9b:59:93:cc:15:19:45:b6:9d:f8:c7:e7:e6:7a:29:3c:7c:30:b4:0c:1f:6c:60:f8:b9:5c:61:16:d4:f3:d8:15Signer
Actual PE Digest9b:59:93:cc:15:19:45:b6:9d:f8:c7:e7:e6:7a:29:3c:7c:30:b4:0c:1f:6c:60:f8:b9:5c:61:16:d4:f3:d8:15Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\agent\_work\93\s\x64\Release Console\autorunsc64.pdb
Imports
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
comctl32
ImageList_ReplaceIcon
ImageList_Add
crypt32
CertGetNameStringW
CryptDecodeObject
CryptSIPLoad
CryptSIPRetrieveSubjectGuidForCatalogFile
CertDuplicateCertificateContext
wintrust
CryptCATAdminCalcHashFromFileHandle
ntdll
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlCaptureContext
NtOpenKey
NtCreateKey
RtlUnwind
kernel32
GetFullPathNameW
IsWow64Process
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetPrivateProfileStringW
FreeLibrary
MultiByteToWideChar
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
GetCurrentThread
SetThreadPriority
EnterCriticalSection
GetSystemWindowsDirectoryW
WaitForSingleObject
WaitForMultipleObjects
CreateEventW
CreateThread
GetExitCodeThread
GetModuleHandleExW
ExitProcess
TlsFree
EncodePointer
OutputDebugStringW
WideCharToMultiByte
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeLibraryAndExitThread
GetCommandLineA
GetACP
CompareStringW
LCMapStringW
SetStdHandle
FlushFileBuffers
GetConsoleCP
ExpandEnvironmentStringsW
SetEnvironmentVariableW
TlsSetValue
TlsAlloc
lstrlenW
FormatMessageA
GetFileTime
WriteFile
GetFileSize
GetStringTypeW
InitializeCriticalSection
GetSystemWow64DirectoryW
SetErrorMode
ExitThread
GetCurrentProcess
OpenProcess
GetLongPathNameW
GetVersion
TlsGetValue
GetModuleFileNameW
GetCommandLineW
GetStdHandle
GetFileType
LocalFree
LocalAlloc
GetDateFormatW
GetTimeFormatW
GetModuleHandleW
FormatMessageW
FileTimeToSystemTime
FileTimeToLocalFileTime
MulDiv
ReadFile
FindNextFileW
FindFirstFileW
GetFileAttributesW
CreateFileW
FindClose
Sleep
GetLastError
GetProcAddress
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
CloseHandle
GetFileSizeEx
GetVersionExW
LoadLibraryExW
SetLastError
WriteConsoleW
ReadConsoleW
SetEndOfFile
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
SetEvent
FindFirstFileExW
IsValidCodePage
GetOEMCP
SetFilePointerEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
user32
LoadStringW
PostMessageW
DestroyIcon
InsertMenuW
GetSubMenu
CheckMenuItem
GetMenu
LoadCursorW
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
SendMessageW
MessageBoxW
DeleteMenu
LoadIconW
gdi32
DeleteObject
EndPage
StartPage
EndDoc
StartDocW
SetMapMode
GetDeviceCaps
DeleteDC
CreateCompatibleDC
comdlg32
PrintDlgW
advapi32
FreeSid
QueryServiceConfig2W
GetServiceDisplayNameW
RegQueryValueW
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CloseServiceHandle
RegUnLoadKeyW
RegQueryInfoKeyW
RegLoadKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteKeyW
DuplicateTokenEx
ImpersonateLoggedOnUser
LookupPrivilegeValueW
LookupAccountNameW
LookupAccountSidW
OpenServiceW
AllocateAndInitializeSid
EqualSid
AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken
RevertToSelf
RegOpenKeyW
RegCreateKeyW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
OpenSCManagerW
shell32
SHGetFileInfoW
ShellExecuteW
SHGetFolderPathW
ole32
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoInitializeEx
oleaut32
SysFreeString
VariantClear
SysStringLen
SysAllocStringByteLen
VariantInit
VariantChangeType
SysAllocString
shlwapi
ord176
UrlUnescapeW
winhttp
WinHttpCloseHandle
WinHttpOpen
WinHttpConnect
WinHttpReadData
WinHttpWriteData
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetOption
WinHttpQueryDataAvailable
Sections
.text Size: 430KB - Virtual size: 430KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 177KB - Virtual size: 176KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 105KB - Virtual size: 104KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/SysInternals/handle.exe.exe windows:5 windows x86 arch:x86
127ad03756dd9922e0dc20b19bf20030
Code Sign
33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/05/2019, 21:37Not After02/05/2020, 21:37SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ac:68:14:8a:8f:49:f6:57:4e:68:a1:7e:75:76:2e:cb:31:02:1e:06:4d:c7:55:dd:34:d2:36:a0:5d:ec:08:acSigner
Actual PE Digestac:68:14:8a:8f:49:f6:57:4e:68:a1:7e:75:76:2e:cb:31:02:1e:06:4d:c7:55:dd:34:d2:36:a0:5d:ec:08:acDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\agent\_work\105\s\Win32\Release\Handle.pdb
Imports
kernel32
SetEvent
WaitForSingleObject
DeviceIoControl
FindClose
DuplicateHandle
FormatMessageW
CreateEventW
CreateProcessW
ExpandEnvironmentStringsW
GetDriveTypeW
GetSystemDirectoryW
GetFullPathNameW
DeleteFileW
SetThreadErrorMode
LoadLibraryExW
GetVersionExW
SetEndOfFile
HeapReAlloc
HeapSize
ReadConsoleW
WriteConsoleW
SetFilePointerEx
SetConsoleCtrlHandler
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
TerminateThread
GetCurrentProcessId
OpenProcess
GetVersion
CreateFileW
CloseHandle
FindResourceW
LoadResource
SizeofResource
SetLastError
GetLastError
GetCurrentProcess
LockResource
GetCommandLineW
GetModuleHandleW
GetStdHandle
LocalFree
LocalAlloc
GetProcAddress
GetModuleFileNameW
GetConsoleScreenBufferInfo
GetFileType
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
EncodePointer
RaiseException
SetStdHandle
ExitProcess
GetModuleHandleExW
GetConsoleMode
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleInputA
SetConsoleMode
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
GetACP
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCurrentThread
FlushFileBuffers
GetConsoleCP
ReadFile
GetStringTypeW
OutputDebugStringA
OutputDebugStringW
WaitForSingleObjectEx
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
DecodePointer
user32
SendMessageW
DialogBoxIndirectParamW
EndDialog
LoadCursorW
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextW
GetDlgItem
gdi32
StartPage
EndDoc
StartDocW
SetMapMode
GetDeviceCaps
EndPage
comdlg32
PrintDlgW
advapi32
LookupAccountSidW
GetTokenInformation
RegDeleteKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
Sections
.text Size: 317KB - Virtual size: 316KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 69KB - Virtual size: 68KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 579KB - Virtual size: 579KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/SysInternals/handle64.exe.exe windows:5 windows x64 arch:x64
7aee634246a13405de06621230c54264
Code Sign
33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/05/2019, 21:37Not After02/05/2020, 21:37SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
7d:ff:7d:68:d0:8a:8a:18:21:45:22:f6:1d:a9:60:6a:f2:3e:6b:44:d1:0d:ba:fe:a7:20:e2:a0:56:7e:cd:74Signer
Actual PE Digest7d:ff:7d:68:d0:8a:8a:18:21:45:22:f6:1d:a9:60:6a:f2:3e:6b:44:d1:0d:ba:fe:a7:20:e2:a0:56:7e:cd:74Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\agent\_work\105\s\x64\Release\Handle64.pdb
Imports
kernel32
SetEvent
WaitForSingleObject
DeviceIoControl
FindClose
DuplicateHandle
FormatMessageW
CreateEventW
CreateProcessW
ExpandEnvironmentStringsW
GetDriveTypeW
GetSystemDirectoryW
GetFullPathNameW
DeleteFileW
SetThreadErrorMode
LoadLibraryExW
GetVersionExW
SetEndOfFile
HeapReAlloc
HeapSize
ReadConsoleW
WriteConsoleW
SetFilePointerEx
SetConsoleCtrlHandler
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
TerminateThread
GetCurrentProcessId
OpenProcess
GetVersion
CreateFileW
CloseHandle
FindResourceW
LoadResource
SizeofResource
SetLastError
GetLastError
GetCurrentProcess
LockResource
GetCommandLineW
GetModuleHandleW
GetStdHandle
LocalFree
LocalAlloc
GetProcAddress
GetModuleFileNameW
GetConsoleScreenBufferInfo
GetFileType
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
EncodePointer
RaiseException
RtlPcToFileHeader
SetStdHandle
ExitProcess
GetModuleHandleExW
GetConsoleMode
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleInputA
SetConsoleMode
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
GetACP
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCurrentThread
FlushFileBuffers
GetConsoleCP
ReadFile
GetStringTypeW
OutputDebugStringA
OutputDebugStringW
WaitForSingleObjectEx
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
RtlUnwind
user32
SendMessageW
DialogBoxIndirectParamW
EndDialog
LoadCursorW
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextW
GetDlgItem
gdi32
StartPage
EndDoc
StartDocW
SetMapMode
GetDeviceCaps
EndPage
comdlg32
PrintDlgW
advapi32
LookupAccountSidW
GetTokenInformation
RegDeleteKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
Sections
.text Size: 392KB - Virtual size: 392KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 107KB - Virtual size: 106KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 60KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 22KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 37KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/SysInternals/logonsessions.exe.exe windows:5 windows x86 arch:x86
14877aac65e60d14428ac27347c23346
Code Sign
33:00:00:00:ac:63:16:e7:e3:46:55:b3:1c:00:00:00:00:00:acCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before03/05/2016, 17:13Not After03/08/2017, 17:13SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/06/2015, 17:42Not After04/09/2016, 17:42SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/10/2015, 20:31Not After28/01/2017, 20:31SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
72:81:a4:31:50:4a:02:0e:1e:bd:19:d3:d6:97:17:82:46:2c:63:62:26:eb:0f:21:c8:30:60:89:bb:c6:35:e0Signer
Actual PE Digest72:81:a4:31:50:4a:02:0e:1e:bd:19:d3:d6:97:17:82:46:2c:63:62:26:eb:0f:21:c8:30:60:89:bb:c6:35:e0Digest Algorithmsha256PE Digest Matchestrueb9:d8:1c:47:b4:a4:0b:93:be:f3:1f:21:cc:11:11:dd:e7:fb:16:4eSigner
Actual PE Digestb9:d8:1c:47:b4:a4:0b:93:be:f3:1f:21:cc:11:11:dd:e7:fb:16:4eDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
secur32
LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaEnumerateLogonSessions
version
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
kernel32
DeviceIoControl
FileTimeToLocalFileTime
FileTimeToSystemTime
LoadLibraryW
GetSystemDirectoryW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetFileType
GetModuleFileNameW
LocalAlloc
LocalFree
OpenProcess
GetCommandLineW
LCMapStringW
GetStringTypeW
WriteConsoleW
InterlockedDecrement
InterlockedIncrement
CreateFileW
FindResourceW
GetModuleHandleW
SizeofResource
CloseHandle
SetLastError
LoadResource
GetLastError
GetCurrentProcess
GetProcAddress
LockResource
OutputDebugStringW
ReadConsoleW
HeapSize
SetEndOfFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
GetStdHandle
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryExW
TlsFree
HeapFree
HeapAlloc
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
SetStdHandle
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
IsDebuggerPresent
IsProcessorFeaturePresent
WriteFile
GetConsoleCP
RaiseException
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThreadId
GetProcessHeap
DeleteCriticalSection
GetStartupInfoW
FlushFileBuffers
ReadFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
user32
SetCursor
SetWindowTextW
GetSysColorBrush
EndDialog
DialogBoxIndirectParamW
SendMessageW
InflateRect
LoadCursorW
GetDlgItem
gdi32
StartPage
EndDoc
StartDocW
SetMapMode
GetDeviceCaps
EndPage
comdlg32
PrintDlgW
advapi32
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
ConvertSidToStringSidW
GetTokenInformation
RegSetValueExW
RegDeleteKeyW
RegCreateKeyW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
oleaut32
VariantClear
VariantInit
SystemTimeToVariantTime
SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocString
VariantChangeType
Sections
.text Size: 78KB - Virtual size: 78KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 52KB - Virtual size: 51KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 62KB - Virtual size: 62KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/SysInternals/logonsessions64.exe.exe windows:5 windows x64 arch:x64
4f2b9ad89041fedc43298c09c8e7b948
Code Sign
33:00:00:00:98:04:58:cb:7f:23:09:b0:9e:00:00:00:00:00:98Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before30/03/2016, 19:21Not After30/06/2017, 19:21SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7AFA-E41C-E142,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/06/2015, 17:42Not After04/09/2016, 17:42SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/10/2015, 20:31Not After28/01/2017, 20:31SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
26:d7:86:80:3a:e9:8a:15:d0:24:ab:e3:78:cf:6c:ae:d7:d7:0b:b3:e7:70:b1:13:21:e2:fd:ae:62:c0:30:deSigner
Actual PE Digest26:d7:86:80:3a:e9:8a:15:d0:24:ab:e3:78:cf:6c:ae:d7:d7:0b:b3:e7:70:b1:13:21:e2:fd:ae:62:c0:30:deDigest Algorithmsha256PE Digest Matchestrue0c:46:04:27:e9:31:5a:e1:d1:18:25:57:0b:be:18:35:b5:b0:76:91Signer
Actual PE Digest0c:46:04:27:e9:31:5a:e1:d1:18:25:57:0b:be:18:35:b5:b0:76:91Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
secur32
LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaEnumerateLogonSessions
version
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
kernel32
FileTimeToSystemTime
LoadLibraryW
GetSystemDirectoryW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetFileType
GetModuleFileNameW
LocalAlloc
LocalFree
GetStdHandle
FileTimeToLocalFileTime
LCMapStringW
GetStringTypeW
WriteConsoleW
DeviceIoControl
OpenProcess
CreateFileW
FindResourceW
GetModuleHandleW
SizeofResource
CloseHandle
SetLastError
LoadResource
GetLastError
GetCurrentProcess
GetProcAddress
LockResource
OutputDebugStringW
ReadConsoleW
HeapSize
SetEndOfFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCommandLineW
HeapAlloc
GetSystemTimeAsFileTime
SetFilePointerEx
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryExW
HeapFree
TlsFree
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
RtlLookupFunctionEntry
RtlUnwindEx
SetStdHandle
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
IsDebuggerPresent
IsProcessorFeaturePresent
WriteFile
GetConsoleCP
RtlPcToFileHeader
RaiseException
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThreadId
GetProcessHeap
DeleteCriticalSection
GetStartupInfoW
FlushFileBuffers
ReadFile
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
user32
SetCursor
SetWindowTextW
GetSysColorBrush
EndDialog
DialogBoxIndirectParamW
SendMessageW
InflateRect
LoadCursorW
GetDlgItem
gdi32
StartPage
EndDoc
StartDocW
SetMapMode
GetDeviceCaps
EndPage
comdlg32
PrintDlgW
advapi32
RegOpenKeyExW
RegOpenKeyW
ConvertSidToStringSidW
GetTokenInformation
RegSetValueExW
RegDeleteKeyW
RegCreateKeyW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegQueryValueExW
oleaut32
VariantChangeType
VariantClear
VariantInit
SystemTimeToVariantTime
SysAllocStringByteLen
SysStringLen
SysAllocString
SysFreeString
Sections
.text Size: 87KB - Virtual size: 86KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 64KB - Virtual size: 63KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 62KB - Virtual size: 62KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/SysInternals/pipelist.exe.exe windows:5 windows x86 arch:x86
750c5946c0a20ee752f648b16312be3a
Code Sign
33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/03/2020, 18:39Not After03/03/2021, 18:39SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
dc:52:33:cd:a9:4b:66:9c:66:5f:55:b8:33:a8:f1:df:17:06:14:84:a9:1c:19:c5:86:37:04:2b:26:20:a5:f6Signer
Actual PE Digestdc:52:33:cd:a9:4b:66:9c:66:5f:55:b8:33:a8:f1:df:17:06:14:84:a9:1c:19:c5:86:37:04:2b:26:20:a5:f6Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\agent\_work\109\s\Win32\Release\pipelist.pdb
Imports
version
VerQueryValueW
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
kernel32
GetModuleHandleA
GetCommandLineW
GetLastError
CloseHandle
FormatMessageA
CreateFileA
GetProcessHeap
GetStringTypeW
GetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
LocalFree
LocalAlloc
GetProcAddress
GetVersionExA
LoadLibraryExA
GetModuleFileNameW
SetLastError
GetFileType
GetModuleFileNameA
SetConsoleCtrlHandler
SetFilePointerEx
WriteConsoleW
ReadConsoleW
HeapSize
HeapReAlloc
SetEnvironmentVariableW
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedPushEntrySList
InterlockedFlushSList
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
SetStdHandle
ExitProcess
GetModuleHandleExW
GetConsoleMode
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleInputA
SetConsoleMode
WriteFile
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
GetACP
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCurrentThread
FlushFileBuffers
GetConsoleCP
ReadFile
CreateFileW
OutputDebugStringA
OutputDebugStringW
WaitForSingleObjectEx
CreateThread
FindClose
FindFirstFileExA
FindFirstFileExW
user32
LoadCursorA
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextA
GetDlgItem
EndDialog
DialogBoxIndirectParamA
SendMessageA
gdi32
StartPage
EndDoc
StartDocA
SetMapMode
GetDeviceCaps
EndPage
comdlg32
PrintDlgA
advapi32
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey
RegSetValueExA
Sections
.text Size: 246KB - Virtual size: 245KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 62KB - Virtual size: 61KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/SysInternals/pipelist64.exe.exe windows:5 windows x64 arch:x64
d5b082cbca031e53c7146b44dc0a7b06
Code Sign
33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/03/2020, 18:39Not After03/03/2021, 18:39SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
4b:69:da:4a:e6:48:5b:94:e7:0f:c8:df:91:b9:72:4e:56:7c:3f:44:a7:ca:7e:bf:ef:83:8c:6d:ab:b7:97:3bSigner
Actual PE Digest4b:69:da:4a:e6:48:5b:94:e7:0f:c8:df:91:b9:72:4e:56:7c:3f:44:a7:ca:7e:bf:ef:83:8c:6d:ab:b7:97:3bDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\agent\_work\109\s\x64\Release\pipelist64.pdb
Imports
version
VerQueryValueW
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
kernel32
GetModuleHandleA
GetCommandLineW
GetLastError
CloseHandle
FormatMessageA
CreateFileA
GetProcessHeap
GetStringTypeW
GetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
LocalFree
LocalAlloc
GetProcAddress
GetVersionExA
LoadLibraryExA
GetModuleFileNameW
SetLastError
GetFileType
GetModuleFileNameA
SetConsoleCtrlHandler
SetFilePointerEx
WriteConsoleW
ReadConsoleW
HeapSize
HeapReAlloc
SetEnvironmentVariableW
InterlockedPushEntrySList
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlUnwind
InterlockedFlushSList
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
SetStdHandle
ExitProcess
GetModuleHandleExW
GetConsoleMode
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleInputA
SetConsoleMode
WriteFile
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
GetACP
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCurrentThread
FlushFileBuffers
GetConsoleCP
ReadFile
CreateFileW
OutputDebugStringA
OutputDebugStringW
WaitForSingleObjectEx
CreateThread
FindClose
FindFirstFileExA
FindFirstFileExW
user32
LoadCursorA
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextA
GetDlgItem
EndDialog
DialogBoxIndirectParamA
SendMessageA
gdi32
StartPage
EndDoc
StartDocA
SetMapMode
GetDeviceCaps
EndPage
comdlg32
PrintDlgA
advapi32
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey
RegSetValueExA
Sections
.text Size: 300KB - Virtual size: 300KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 95KB - Virtual size: 95KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/SysInternals/psfile.exe.exe windows:5 windows x86 arch:x86
bdc943a53dded9831fb5dc068d4b1d71
Code Sign
33:00:00:00:ae:ec:3f:ad:b6:8b:b9:2d:d2:00:00:00:00:00:aeCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before03/05/2016, 17:13Not After03/08/2017, 17:13SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/06/2015, 17:42Not After04/09/2016, 17:42SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/10/2015, 20:31Not After28/01/2017, 20:31SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
5b:15:1a:47:a9:88:5b:df:18:b4:4f:78:63:27:e1:ca:2f:fb:09:5c:ad:e3:3a:ca:1d:9e:b9:9f:22:d3:64:14Signer
Actual PE Digest5b:15:1a:47:a9:88:5b:df:18:b4:4f:78:63:27:e1:ca:2f:fb:09:5c:ad:e3:3a:ca:1d:9e:b9:9f:22:d3:64:14Digest Algorithmsha256PE Digest Matchestrue43:07:27:71:dd:14:6e:b3:48:80:dd:c5:b2:0b:43:c4:57:8b:33:3bSigner
Actual PE Digest43:07:27:71:dd:14:6e:b3:48:80:dd:c5:b2:0b:43:c4:57:8b:33:3bDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
version
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
netapi32
NetFileGetInfo
NetFileEnum
NetFileClose
mpr
WNetCancelConnection2W
WNetAddConnection2W
kernel32
GetModuleHandleW
GetCommandLineW
GetModuleFileNameW
FreeLibrary
GetCurrentProcess
GetLastError
SetLastError
Sleep
LoadLibraryW
GetFileType
FormatMessageA
LoadLibraryExW
CreateFileW
GetComputerNameW
MultiByteToWideChar
GetVersion
WriteFile
GetStdHandle
LocalFree
LocalAlloc
GetProcAddress
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
OutputDebugStringW
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW
ReadConsoleW
CloseHandle
RaiseException
LoadLibraryExA
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetProcessHeap
FlushFileBuffers
GetConsoleCP
ReadFile
RtlUnwind
QueryPerformanceCounter
GetCurrentProcessId
comdlg32
PrintDlgW
advapi32
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey
Sections
.text Size: 75KB - Virtual size: 74KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 48KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/SysInternals/psfile64.exe.exe windows:5 windows x64 arch:x64
012373288a4a55bf933694e80d94bdb7
Code Sign
33:00:00:00:99:aa:c5:81:9f:8c:a2:7d:8a:00:00:00:00:00:99Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before30/03/2016, 19:21Not After30/06/2017, 19:21SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:98FD-C61E-E641,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/06/2015, 17:42Not After04/09/2016, 17:42SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/10/2015, 20:31Not After28/01/2017, 20:31SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
bb:9a:f6:88:c1:51:20:f9:7b:db:3b:08:10:b3:07:60:7f:ed:29:fc:5c:e0:39:5a:63:6e:4a:f8:88:80:f9:9dSigner
Actual PE Digestbb:9a:f6:88:c1:51:20:f9:7b:db:3b:08:10:b3:07:60:7f:ed:29:fc:5c:e0:39:5a:63:6e:4a:f8:88:80:f9:9dDigest Algorithmsha256PE Digest Matchestrueab:c1:42:15:86:4f:e9:cd:2d:eb:f8:0b:4a:ac:d5:f1:d4:b6:d6:34Signer
Actual PE Digestab:c1:42:15:86:4f:e9:cd:2d:eb:f8:0b:4a:ac:d5:f1:d4:b6:d6:34Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
version
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
netapi32
NetFileGetInfo
NetFileEnum
NetFileClose
mpr
WNetCancelConnection2W
WNetAddConnection2W
kernel32
GetModuleHandleW
GetCommandLineW
GetModuleFileNameW
FreeLibrary
GetCurrentProcess
GetLastError
SetLastError
Sleep
LoadLibraryW
GetFileType
FormatMessageA
LoadLibraryExW
CreateFileW
GetComputerNameW
MultiByteToWideChar
GetVersion
WriteFile
GetStdHandle
LocalFree
LocalAlloc
GetProcAddress
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
OutputDebugStringW
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW
ReadConsoleW
CloseHandle
RaiseException
LoadLibraryExA
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
RtlUnwindEx
GetProcessHeap
FlushFileBuffers
GetConsoleCP
ReadFile
QueryPerformanceCounter
GetCurrentProcessId
comdlg32
PrintDlgW
advapi32
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey
Sections
.text Size: 78KB - Virtual size: 78KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 57KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/SysInternals/pslist.exe.exe windows:5 windows x86 arch:x86
a7fbac784c7100084bb86a01bf194f0e
Code Sign
33:00:00:00:9a:9a:9b:16:c2:83:da:d5:c2:00:00:00:00:00:9aCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before30/03/2016, 19:21Not After30/06/2017, 19:21SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B1B7-F67F-FEC2,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/06/2015, 17:42Not After04/09/2016, 17:42SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/10/2015, 20:31Not After28/01/2017, 20:31SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ab:9b:bf:e3:62:00:0c:67:e2:4d:2e:61:f6:60:a9:40:07:c8:d1:8c:42:b5:a6:34:a9:a0:99:f2:c0:e9:ff:efSigner
Actual PE Digestab:9b:bf:e3:62:00:0c:67:e2:4d:2e:61:f6:60:a9:40:07:c8:d1:8c:42:b5:a6:34:a9:a0:99:f2:c0:e9:ff:efDigest Algorithmsha256PE Digest Matchestrue1e:4a:80:93:6f:9f:40:df:77:ef:a6:e3:6c:7d:32:e8:d7:71:41:19Signer
Actual PE Digest1e:4a:80:93:6f:9f:40:df:77:ef:a6:e3:6c:7d:32:e8:d7:71:41:19Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mpr
WNetCancelConnection2A
WNetAddConnection2A
version
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
VerQueryValueW
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoA
kernel32
GetCommandLineW
GetModuleFileNameA
GetModuleFileNameW
FreeLibrary
GetCurrentProcess
GetLastError
SetLastError
Sleep
WriteFile
CloseHandle
FormatMessageA
LoadLibraryExA
GetModuleHandleA
GetStdHandle
WideCharToMultiByte
GetConsoleScreenBufferInfo
lstrlenA
IsBadStringPtrA
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
SetPriorityClass
GetComputerNameExA
GetTimeFormatA
GetDateFormatA
FillConsoleOutputCharacterA
SetConsoleCursorPosition
SetConsoleCtrlHandler
LoadLibraryA
GetFileType
LocalFree
LocalAlloc
GetProcAddress
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
OutputDebugStringW
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW
RaiseException
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
ResumeThread
GetCommandLineA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcessHeap
CreateFileW
FlushFileBuffers
GetConsoleCP
ReadFile
GetStringTypeW
QueryPerformanceCounter
comdlg32
PrintDlgA
advapi32
RegConnectRegistryA
ImpersonateLoggedOnUser
LogonUserA
RevertToSelf
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey
Sections
.text Size: 95KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 53KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/SysInternals/pslist64.exe.exe windows:5 windows x64 arch:x64
be5599ad751321f04c6f8a14bfa32ac6
Code Sign
33:00:00:00:ae:ec:3f:ad:b6:8b:b9:2d:d2:00:00:00:00:00:aeCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before03/05/2016, 17:13Not After03/08/2017, 17:13SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/06/2015, 17:42Not After04/09/2016, 17:42SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/10/2015, 20:31Not After28/01/2017, 20:31SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
c4:19:3c:ff:8b:c8:18:3c:fa:d7:25:58:83:4c:37:61:d7:5d:a4:b1:8e:3f:74:40:28:8b:2f:b3:15:7c:8e:73Signer
Actual PE Digestc4:19:3c:ff:8b:c8:18:3c:fa:d7:25:58:83:4c:37:61:d7:5d:a4:b1:8e:3f:74:40:28:8b:2f:b3:15:7c:8e:73Digest Algorithmsha256PE Digest Matchestrue53:a5:84:75:ef:26:22:73:9d:76:15:cf:e8:eb:97:3e:77:31:c2:42Signer
Actual PE Digest53:a5:84:75:ef:26:22:73:9d:76:15:cf:e8:eb:97:3e:77:31:c2:42Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mpr
WNetCancelConnection2A
WNetAddConnection2A
version
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
VerQueryValueW
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoA
kernel32
GetCommandLineW
GetModuleFileNameA
GetModuleFileNameW
FreeLibrary
GetCurrentProcess
GetLastError
SetLastError
Sleep
WriteFile
CloseHandle
FormatMessageA
LoadLibraryExA
GetModuleHandleA
GetStdHandle
WideCharToMultiByte
GetConsoleScreenBufferInfo
lstrlenA
IsBadStringPtrA
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
SetPriorityClass
GetComputerNameExA
GetTimeFormatA
GetDateFormatA
FillConsoleOutputCharacterA
SetConsoleCursorPosition
SetConsoleCtrlHandler
LoadLibraryA
GetFileType
LocalFree
LocalAlloc
GetProcAddress
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
OutputDebugStringW
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW
RaiseException
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
RtlLookupFunctionEntry
RtlUnwindEx
IsDebuggerPresent
IsProcessorFeaturePresent
ResumeThread
GetCommandLineA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
DeleteCriticalSection
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcessHeap
CreateFileW
FlushFileBuffers
GetConsoleCP
ReadFile
RtlPcToFileHeader
GetStringTypeW
QueryPerformanceCounter
comdlg32
PrintDlgA
advapi32
RegConnectRegistryA
ImpersonateLoggedOnUser
LogonUserA
RevertToSelf
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey
Sections
.text Size: 99KB - Virtual size: 99KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 65KB - Virtual size: 65KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/SysInternals/psloglist.exe.exe windows:5 windows x86 arch:x86
4fbd131b43ada427b7988d9dac05090e
Code Sign
33:00:00:01:1e:12:f4:41:8e:29:47:36:c6:00:00:00:00:01:1eCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/10/2018, 21:07Not After10/01/2020, 21:07SubjectCN=Microsoft Time-Stamp Service,OU=Microsoft America Operations+OU=Thales TSS ESN:AE2C-E32B-1AFC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before12/07/2018, 20:11Not After26/07/2019, 20:11SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before12/07/2018, 20:08Not After26/07/2019, 20:08SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
2f:8f:e9:3c:1a:50:c4:59:78:66:3a:33:48:c9:ce:5e:60:66:16:b5:cf:03:be:a5:dd:d0:95:52:93:a1:ea:ebSigner
Actual PE Digest2f:8f:e9:3c:1a:50:c4:59:78:66:3a:33:48:c9:ce:5e:60:66:16:b5:cf:03:be:a5:dd:d0:95:52:93:a1:ea:ebDigest Algorithmsha256PE Digest Matchestrue67:cc:4f:ec:51:6e:d3:89:b1:6c:e1:2a:56:eb:94:db:75:3f:50:f0Signer
Actual PE Digest67:cc:4f:ec:51:6e:d3:89:b1:6c:e1:2a:56:eb:94:db:75:3f:50:f0Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\agent\_work\114\s\psloglist\Win32\Release\psloglist.pdb
Imports
version
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeA
netapi32
NetApiBufferFree
NetServerEnum
ws2_32
WSAStartup
gethostname
inet_ntoa
gethostbyname
mpr
WNetCancelConnection2A
WNetAddConnection2A
kernel32
WaitForSingleObject
Sleep
LoadResource
SizeofResource
WriteFile
CloseHandle
GetTickCount
FormatMessageA
ConnectNamedPipe
LoadLibraryExA
FindResourceA
GetSystemDirectoryA
CreateFileA
DeleteFileA
GetComputerNameA
SetEvent
GetConsoleScreenBufferInfo
GetVersion
FindClose
DuplicateHandle
GetSystemTimeAsFileTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
CreateEventA
ExpandEnvironmentStringsA
FindFirstFileA
GetTimeFormatA
GetDateFormatA
FindFirstFileExA
SetLastError
GetLastError
GetCurrentProcess
FreeLibrary
LockResource
GetModuleFileNameW
GetModuleFileNameA
GetCommandLineW
GetModuleHandleA
LoadLibraryA
GetStdHandle
GetFileType
LocalFree
LocalAlloc
GetProcAddress
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
DecodePointer
GetProcessHeap
SetConsoleCtrlHandler
WriteConsoleW
SetFilePointerEx
ReadConsoleW
HeapSize
SetEndOfFile
WideCharToMultiByte
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
ExitProcess
GetModuleHandleExW
GetConsoleMode
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleInputA
SetConsoleMode
SetStdHandle
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
MultiByteToWideChar
GetCommandLineA
GetACP
GetCurrentThread
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
CreateFileW
FlushFileBuffers
GetConsoleCP
ReadFile
HeapReAlloc
GetStringTypeW
OutputDebugStringA
OutputDebugStringW
WaitForSingleObjectEx
comdlg32
PrintDlgA
advapi32
BackupEventLogA
RegEnumKeyA
LookupAccountSidA
ReadEventLogA
OpenBackupEventLogA
OpenEventLogW
NotifyChangeEventLog
CloseEventLog
ClearEventLogA
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
RegConnectRegistryA
ImpersonateLoggedOnUser
LogonUserA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RevertToSelf
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey
Sections
.text Size: 331KB - Virtual size: 331KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 70KB - Virtual size: 69KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/SysInternals/psloglist.exe_.exe windows:5 windows x86 arch:x86
4fbd131b43ada427b7988d9dac05090e
Code Sign
33:00:00:01:1e:12:f4:41:8e:29:47:36:c6:00:00:00:00:01:1eCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/10/2018, 21:07Not After10/01/2020, 21:07SubjectCN=Microsoft Time-Stamp Service,OU=Microsoft America Operations+OU=Thales TSS ESN:AE2C-E32B-1AFC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before12/07/2018, 20:11Not After26/07/2019, 20:11SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before12/07/2018, 20:08Not After26/07/2019, 20:08SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
2f:8f:e9:3c:1a:50:c4:59:78:66:3a:33:48:c9:ce:5e:60:66:16:b5:cf:03:be:a5:dd:d0:95:52:93:a1:ea:ebSigner
Actual PE Digest2f:8f:e9:3c:1a:50:c4:59:78:66:3a:33:48:c9:ce:5e:60:66:16:b5:cf:03:be:a5:dd:d0:95:52:93:a1:ea:ebDigest Algorithmsha256PE Digest Matchestrue67:cc:4f:ec:51:6e:d3:89:b1:6c:e1:2a:56:eb:94:db:75:3f:50:f0Signer
Actual PE Digest67:cc:4f:ec:51:6e:d3:89:b1:6c:e1:2a:56:eb:94:db:75:3f:50:f0Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\agent\_work\114\s\psloglist\Win32\Release\psloglist.pdb
Imports
version
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeA
netapi32
NetApiBufferFree
NetServerEnum
ws2_32
WSAStartup
gethostname
inet_ntoa
gethostbyname
mpr
WNetCancelConnection2A
WNetAddConnection2A
kernel32
WaitForSingleObject
Sleep
LoadResource
SizeofResource
WriteFile
CloseHandle
GetTickCount
FormatMessageA
ConnectNamedPipe
LoadLibraryExA
FindResourceA
GetSystemDirectoryA
CreateFileA
DeleteFileA
GetComputerNameA
SetEvent
GetConsoleScreenBufferInfo
GetVersion
FindClose
DuplicateHandle
GetSystemTimeAsFileTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
CreateEventA
ExpandEnvironmentStringsA
FindFirstFileA
GetTimeFormatA
GetDateFormatA
FindFirstFileExA
SetLastError
GetLastError
GetCurrentProcess
FreeLibrary
LockResource
GetModuleFileNameW
GetModuleFileNameA
GetCommandLineW
GetModuleHandleA
LoadLibraryA
GetStdHandle
GetFileType
LocalFree
LocalAlloc
GetProcAddress
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
DecodePointer
GetProcessHeap
SetConsoleCtrlHandler
WriteConsoleW
SetFilePointerEx
ReadConsoleW
HeapSize
SetEndOfFile
WideCharToMultiByte
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
ExitProcess
GetModuleHandleExW
GetConsoleMode
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleInputA
SetConsoleMode
SetStdHandle
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
MultiByteToWideChar
GetCommandLineA
GetACP
GetCurrentThread
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
CreateFileW
FlushFileBuffers
GetConsoleCP
ReadFile
HeapReAlloc
GetStringTypeW
OutputDebugStringA
OutputDebugStringW
WaitForSingleObjectEx
comdlg32
PrintDlgA
advapi32
BackupEventLogA
RegEnumKeyA
LookupAccountSidA
ReadEventLogA
OpenBackupEventLogA
OpenEventLogW
NotifyChangeEventLog
CloseEventLog
ClearEventLogA
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
RegConnectRegistryA
ImpersonateLoggedOnUser
LogonUserA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RevertToSelf
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey
Sections
.text Size: 331KB - Virtual size: 331KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 70KB - Virtual size: 69KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/SysInternals/psloglist64.exe.exe windows:5 windows x64 arch:x64
eb7d3355dd5ac332785fb5885be8162e
Code Sign
33:00:00:01:1f:97:63:0a:33:b9:83:d7:2b:00:00:00:00:01:1fCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/10/2018, 21:07Not After10/01/2020, 21:07SubjectCN=Microsoft Time-Stamp Service,OU=Microsoft America Operations+OU=Thales TSS ESN:49BC-E37A-233C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before12/07/2018, 20:11Not After26/07/2019, 20:11SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before12/07/2018, 20:08Not After26/07/2019, 20:08SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
d7:ea:11:4d:d5:9b:47:01:93:8e:07:f7:e1:15:11:b8:bc:b2:fa:6d:df:78:53:b2:d3:30:bf:64:b8:79:64:50Signer
Actual PE Digestd7:ea:11:4d:d5:9b:47:01:93:8e:07:f7:e1:15:11:b8:bc:b2:fa:6d:df:78:53:b2:d3:30:bf:64:b8:79:64:50Digest Algorithmsha256PE Digest Matchestrued8:58:3b:ef:89:9f:a0:e6:7f:02:86:cc:91:bd:12:9f:a8:1f:6b:4aSigner
Actual PE Digestd8:58:3b:ef:89:9f:a0:e6:7f:02:86:cc:91:bd:12:9f:a8:1f:6b:4aDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\agent\_work\114\s\psloglist\x64\Release\psloglist64.pdb
Imports
version
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeA
netapi32
NetApiBufferFree
NetServerEnum
ws2_32
WSAStartup
gethostname
inet_ntoa
gethostbyname
mpr
WNetCancelConnection2A
WNetAddConnection2A
kernel32
WaitForSingleObject
Sleep
LoadResource
SizeofResource
WriteFile
CloseHandle
GetTickCount
FormatMessageA
ConnectNamedPipe
LoadLibraryExA
FindResourceA
GetSystemDirectoryA
CreateFileA
DeleteFileA
GetComputerNameA
SetEvent
GetConsoleScreenBufferInfo
GetVersion
FindClose
DuplicateHandle
GetSystemTimeAsFileTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
CreateEventA
ExpandEnvironmentStringsA
FindFirstFileA
GetTimeFormatA
GetDateFormatA
FindFirstFileExA
SetLastError
GetLastError
GetCurrentProcess
FreeLibrary
LockResource
GetModuleFileNameW
GetModuleFileNameA
GetCommandLineW
GetModuleHandleA
LoadLibraryA
GetStdHandle
GetFileType
LocalFree
LocalAlloc
GetProcAddress
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetProcessHeap
SetConsoleCtrlHandler
RtlUnwind
WriteConsoleW
SetFilePointerEx
ReadConsoleW
HeapSize
SetEndOfFile
WideCharToMultiByte
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetConsoleMode
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleInputA
SetConsoleMode
SetStdHandle
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
MultiByteToWideChar
GetCommandLineA
GetACP
GetCurrentThread
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
CreateFileW
FlushFileBuffers
GetConsoleCP
ReadFile
HeapReAlloc
GetStringTypeW
OutputDebugStringA
OutputDebugStringW
WaitForSingleObjectEx
comdlg32
PrintDlgA
advapi32
NotifyChangeEventLog
RegEnumKeyA
LookupAccountSidA
ReadEventLogA
OpenBackupEventLogA
OpenEventLogW
CloseEventLog
BackupEventLogA
ClearEventLogA
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
RegConnectRegistryA
ImpersonateLoggedOnUser
LogonUserA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RevertToSelf
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey
Sections
.text Size: 409KB - Virtual size: 408KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 109KB - Virtual size: 109KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/SysInternals/psloglist64.exe_.exe windows:5 windows x64 arch:x64
eb7d3355dd5ac332785fb5885be8162e
Code Sign
33:00:00:01:1f:97:63:0a:33:b9:83:d7:2b:00:00:00:00:01:1fCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/10/2018, 21:07Not After10/01/2020, 21:07SubjectCN=Microsoft Time-Stamp Service,OU=Microsoft America Operations+OU=Thales TSS ESN:49BC-E37A-233C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before12/07/2018, 20:11Not After26/07/2019, 20:11SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before12/07/2018, 20:08Not After26/07/2019, 20:08SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
d7:ea:11:4d:d5:9b:47:01:93:8e:07:f7:e1:15:11:b8:bc:b2:fa:6d:df:78:53:b2:d3:30:bf:64:b8:79:64:50Signer
Actual PE Digestd7:ea:11:4d:d5:9b:47:01:93:8e:07:f7:e1:15:11:b8:bc:b2:fa:6d:df:78:53:b2:d3:30:bf:64:b8:79:64:50Digest Algorithmsha256PE Digest Matchestrued8:58:3b:ef:89:9f:a0:e6:7f:02:86:cc:91:bd:12:9f:a8:1f:6b:4aSigner
Actual PE Digestd8:58:3b:ef:89:9f:a0:e6:7f:02:86:cc:91:bd:12:9f:a8:1f:6b:4aDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\agent\_work\114\s\psloglist\x64\Release\psloglist64.pdb
Imports
version
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeA
netapi32
NetApiBufferFree
NetServerEnum
ws2_32
WSAStartup
gethostname
inet_ntoa
gethostbyname
mpr
WNetCancelConnection2A
WNetAddConnection2A
kernel32
WaitForSingleObject
Sleep
LoadResource
SizeofResource
WriteFile
CloseHandle
GetTickCount
FormatMessageA
ConnectNamedPipe
LoadLibraryExA
FindResourceA
GetSystemDirectoryA
CreateFileA
DeleteFileA
GetComputerNameA
SetEvent
GetConsoleScreenBufferInfo
GetVersion
FindClose
DuplicateHandle
GetSystemTimeAsFileTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
CreateEventA
ExpandEnvironmentStringsA
FindFirstFileA
GetTimeFormatA
GetDateFormatA
FindFirstFileExA
SetLastError
GetLastError
GetCurrentProcess
FreeLibrary
LockResource
GetModuleFileNameW
GetModuleFileNameA
GetCommandLineW
GetModuleHandleA
LoadLibraryA
GetStdHandle
GetFileType
LocalFree
LocalAlloc
GetProcAddress
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetProcessHeap
SetConsoleCtrlHandler
RtlUnwind
WriteConsoleW
SetFilePointerEx
ReadConsoleW
HeapSize
SetEndOfFile
WideCharToMultiByte
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetConsoleMode
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleInputA
SetConsoleMode
SetStdHandle
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
MultiByteToWideChar
GetCommandLineA
GetACP
GetCurrentThread
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
CreateFileW
FlushFileBuffers
GetConsoleCP
ReadFile
HeapReAlloc
GetStringTypeW
OutputDebugStringA
OutputDebugStringW
WaitForSingleObjectEx
comdlg32
PrintDlgA
advapi32
NotifyChangeEventLog
RegEnumKeyA
LookupAccountSidA
ReadEventLogA
OpenBackupEventLogA
OpenEventLogW
CloseEventLog
BackupEventLogA
ClearEventLogA
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
RegConnectRegistryA
ImpersonateLoggedOnUser
LogonUserA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RevertToSelf
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey
Sections
.text Size: 409KB - Virtual size: 408KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 109KB - Virtual size: 109KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/SysInternals/sdelete.exe.exe windows:5 windows x86 arch:x86
3b6b9b865564eea9d1dd9d75f7a15c08
Code Sign
33:00:00:01:14:96:9a:0d:f8:95:e4:71:49:00:00:00:00:01:14Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/08/2018, 20:20Not After23/11/2019, 20:20SubjectCN=Microsoft Time-Stamp Service,OU=Microsoft America Operations+OU=Thales TSS ESN:C3B0-0F6A-4111,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before12/07/2018, 20:11Not After26/07/2019, 20:11SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before12/07/2018, 20:08Not After26/07/2019, 20:08SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
29:4e:53:ce:b3:45:69:e3:22:dc:f7:c1:fe:7b:47:fd:a4:93:4e:3c:29:90:29:a5:31:41:88:86:9e:96:cc:a0Signer
Actual PE Digest29:4e:53:ce:b3:45:69:e3:22:dc:f7:c1:fe:7b:47:fd:a4:93:4e:3c:29:90:29:a5:31:41:88:86:9e:96:cc:a0Digest Algorithmsha256PE Digest Matchestrue61:9a:f1:1a:3d:a8:7f:5a:19:a7:38:c4:25:b3:c6:6c:ec:0b:b1:d0Signer
Actual PE Digest61:9a:f1:1a:3d:a8:7f:5a:19:a7:38:c4:25:b3:c6:6c:ec:0b:b1:d0Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\agent\_work\5\s\Release\Sdelete.pdb
Imports
version
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
kernel32
WaitForSingleObject
WriteFile
ReadFile
DeviceIoControl
SetFilePointer
FindClose
CloseHandle
GetTickCount
FormatMessageW
ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetDiskFreeSpaceW
RemoveDirectoryW
GetFullPathNameW
CreateFileW
GetLastError
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileW
GetDateFormatW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
OutputDebugStringW
ReadConsoleW
RtlUnwind
WriteConsoleW
SetFilePointerEx
VirtualFree
VirtualAlloc
GetVersion
GetCommandLineW
GetModuleHandleW
GetStdHandle
LoadLibraryW
LocalAlloc
LocalFree
GetProcAddress
GetModuleFileNameW
GetFileType
GetTimeFormatW
CompareStringW
LCMapStringW
SetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
HeapSize
SetStdHandle
HeapAlloc
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
HeapFree
GetConsoleMode
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleInputA
SetConsoleMode
GetStringTypeW
DeleteCriticalSection
FatalAppExitA
FlushFileBuffers
GetConsoleCP
IsDebuggerPresent
IsProcessorFeaturePresent
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateSemaphoreW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThread
GetCurrentThreadId
GetProcessHeap
SetConsoleCtrlHandler
FreeLibrary
LoadLibraryExW
RaiseException
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
user32
LoadCursorW
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
SendMessageW
gdi32
StartPage
EndDoc
StartDocW
SetMapMode
GetDeviceCaps
EndPage
comdlg32
PrintDlgW
advapi32
CryptAcquireContextW
RegSetValueExW
RegQueryValueExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey
CryptGenRandom
Sections
.text Size: 144KB - Virtual size: 143KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 56KB - Virtual size: 55KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/SysInternals/sdelete64.exe.exe windows:5 windows x64 arch:x64
342934f7499d0f57d88d4434e41b7bf9
Code Sign
33:00:00:01:01:78:42:c9:0c:b3:a8:d8:b3:00:00:00:00:01:01Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/08/2018, 20:20Not After23/11/2019, 20:20SubjectCN=Microsoft Time-Stamp service,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:E041-4BEE-FA7E,O=Microsoft Corporation,L=Redmond,ST=WA,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before12/07/2018, 20:11Not After26/07/2019, 20:11SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before12/07/2018, 20:08Not After26/07/2019, 20:08SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
7e:26:0e:05:a9:f5:ee:e8:e6:e1:6f:1b:ff:74:22:4b:73:6b:e5:7a:cb:57:78:01:30:b7:36:d1:40:23:55:50Signer
Actual PE Digest7e:26:0e:05:a9:f5:ee:e8:e6:e1:6f:1b:ff:74:22:4b:73:6b:e5:7a:cb:57:78:01:30:b7:36:d1:40:23:55:50Digest Algorithmsha256PE Digest Matchestrue00:e2:50:0e:aa:cf:0c:97:ea:fc:51:3b:81:1d:35:92:76:d3:43:67Signer
Actual PE Digest00:e2:50:0e:aa:cf:0c:97:ea:fc:51:3b:81:1d:35:92:76:d3:43:67Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\agent\_work\5\s\x64\Release\Sdelete64.pdb
Imports
version
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
kernel32
WaitForSingleObject
WriteFile
ReadFile
DeviceIoControl
SetFilePointer
FindClose
CloseHandle
GetTickCount
FormatMessageW
ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetDiskFreeSpaceW
RemoveDirectoryW
GetFullPathNameW
CreateFileW
GetLastError
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileW
GetDateFormatW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
OutputDebugStringW
ReadConsoleW
WriteConsoleW
SetFilePointerEx
HeapReAlloc
VirtualFree
VirtualAlloc
GetVersion
GetCommandLineW
GetModuleHandleW
GetStdHandle
LoadLibraryW
LocalAlloc
LocalFree
GetProcAddress
GetModuleFileNameW
GetFileType
GetTimeFormatW
CompareStringW
LCMapStringW
SetFileAttributesW
SetStdHandle
EnterCriticalSection
LeaveCriticalSection
HeapSize
HeapAlloc
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
HeapFree
GetConsoleMode
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleInputA
SetConsoleMode
GetStringTypeW
DeleteCriticalSection
FatalAppExitA
FlushFileBuffers
GetConsoleCP
RtlUnwindEx
IsDebuggerPresent
IsProcessorFeaturePresent
GetStartupInfoW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateSemaphoreW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThread
GetCurrentThreadId
GetProcessHeap
SetConsoleCtrlHandler
FreeLibrary
LoadLibraryExW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
user32
LoadCursorW
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
SendMessageW
gdi32
StartPage
EndDoc
StartDocW
SetMapMode
GetDeviceCaps
EndPage
comdlg32
PrintDlgW
advapi32
CryptAcquireContextW
RegSetValueExW
RegQueryValueExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey
CryptGenRandom
Sections
.text Size: 135KB - Virtual size: 134KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 71KB - Virtual size: 71KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/SysInternals/streams.exe.exe windows:5 windows x86 arch:x86
2bbed49deaac0a22468beb62fdfcaaae
Code Sign
33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/03/2020, 18:39Not After03/03/2021, 18:39SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
bc:43:dd:8b:23:f3:a2:63:5d:d2:4f:9b:a7:98:87:1b:ec:9b:57:09:56:ff:f8:e2:58:0e:29:42:6a:42:44:8fSigner
Actual PE Digestbc:43:dd:8b:23:f3:a2:63:5d:d2:4f:9b:a7:98:87:1b:ec:9b:57:09:56:ff:f8:e2:58:0e:29:42:6a:42:44:8fDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\agent\_work\113\s\Win32\Release\streams.pdb
Imports
kernel32
DeleteFileW
FindFirstFileW
FindNextFileW
GetVolumeInformationW
HeapReAlloc
HeapSize
ReadConsoleW
CreateFileW
SetFilePointerEx
SetConsoleCtrlHandler
GetProcessHeap
GetStringTypeW
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetFullPathNameW
GetCurrentDirectoryW
FormatMessageW
CloseHandle
FindClose
GetCurrentProcess
GetLastError
LoadLibraryExW
GetVersionExW
SetLastError
GetCommandLineW
GetModuleHandleW
GetStdHandle
LocalFree
LocalAlloc
GetProcAddress
GetModuleFileNameW
WriteConsoleW
GetFileType
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
EncodePointer
RaiseException
SetStdHandle
ExitProcess
GetModuleHandleExW
GetConsoleMode
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleInputA
SetConsoleMode
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
GetACP
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCurrentThread
FlushFileBuffers
GetConsoleCP
ReadFile
OutputDebugStringA
OutputDebugStringW
WaitForSingleObjectEx
CreateThread
FindFirstFileExA
FindFirstFileExW
FindNextFileA
DecodePointer
user32
SendMessageW
DialogBoxIndirectParamW
EndDialog
LoadCursorW
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextW
GetDlgItem
gdi32
StartPage
EndDoc
StartDocW
SetMapMode
GetDeviceCaps
EndPage
comdlg32
PrintDlgW
advapi32
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
Sections
.text Size: 248KB - Virtual size: 247KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 63KB - Virtual size: 62KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/SysInternals/streams64.exe.exe windows:5 windows x64 arch:x64
c0d5d2f94119736b1da483c808e6bc48
Code Sign
33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/03/2020, 18:39Not After03/03/2021, 18:39SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
f0:9c:bc:3e:77:62:3d:93:41:2a:f8:b2:d4:b6:14:06:ca:6b:7e:d0:ba:41:5d:65:3d:e1:53:c9:c3:24:a4:83Signer
Actual PE Digestf0:9c:bc:3e:77:62:3d:93:41:2a:f8:b2:d4:b6:14:06:ca:6b:7e:d0:ba:41:5d:65:3d:e1:53:c9:c3:24:a4:83Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\agent\_work\113\s\x64\Release\streams64.pdb
Imports
kernel32
DeleteFileW
FindFirstFileW
FindNextFileW
GetVolumeInformationW
HeapReAlloc
HeapSize
ReadConsoleW
CreateFileW
SetFilePointerEx
SetConsoleCtrlHandler
GetProcessHeap
GetStringTypeW
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetFullPathNameW
GetCurrentDirectoryW
FormatMessageW
CloseHandle
FindClose
GetCurrentProcess
GetLastError
LoadLibraryExW
GetVersionExW
SetLastError
GetCommandLineW
GetModuleHandleW
GetStdHandle
LocalFree
LocalAlloc
GetProcAddress
GetModuleFileNameW
WriteConsoleW
GetFileType
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
EncodePointer
RaiseException
RtlPcToFileHeader
SetStdHandle
ExitProcess
GetModuleHandleExW
GetConsoleMode
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleInputA
SetConsoleMode
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
GetACP
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCurrentThread
FlushFileBuffers
GetConsoleCP
ReadFile
OutputDebugStringA
OutputDebugStringW
WaitForSingleObjectEx
CreateThread
FindFirstFileExA
FindFirstFileExW
FindNextFileA
RtlUnwind
user32
SendMessageW
DialogBoxIndirectParamW
EndDialog
LoadCursorW
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextW
GetDlgItem
gdi32
StartPage
EndDoc
StartDocW
SetMapMode
GetDeviceCaps
EndPage
comdlg32
PrintDlgW
advapi32
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
Sections
.text Size: 302KB - Virtual size: 301KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 96KB - Virtual size: 96KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/SysInternals/tcpvcon.exe.exe windows:5 windows x86 arch:x86
c510dea76f6096f5cfe2c672a3e799c1
Code Sign
2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before22/08/2007, 22:31Not After25/08/2012, 07:00SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:01:cf:3e:00:00:00:00:00:0fCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before07/12/2009, 22:40Not After07/03/2011, 22:40SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before16/09/2006, 01:04Not After15/09/2019, 07:00SubjectCN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:06:94:2d:00:00:00:00:00:09Certificate
IssuerCN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before25/07/2008, 19:02Not After25/07/2013, 19:12SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
77:31:21:69:14:9d:38:20:cf:41:d8:27:44:1c:7d:97:d4:58:32:b4Signer
Actual PE Digest77:31:21:69:14:9d:38:20:cf:41:d8:27:44:1c:7d:97:d4:58:32:b4Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\src\Tcpview\Release\Tcpvcon.pdb
Imports
version
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
ws2_32
socket
closesocket
gethostbyname
send
gethostname
recv
ntohl
htonl
htons
ntohs
getservbyport
gethostbyaddr
WSAGetLastError
connect
WSAStartup
iphlpapi
GetTcpTable
GetUdpTable
SetTcpEntry
comctl32
CreateToolbarEx
ord17
ImageList_ReplaceIcon
ImageList_Create
ord6
psapi
GetModuleFileNameExA
kernel32
CreateEventA
GetSystemDirectoryA
DeviceIoControl
GetModuleFileNameA
DuplicateHandle
GetVersion
GetCurrentProcessId
DeleteFileA
GetLocaleInfoA
InterlockedIncrement
InterlockedDecrement
HeapFree
GlobalLock
WaitForSingleObject
SetEvent
GetTickCount
GetProcessHeap
GetNumberFormatA
FormatMessageA
GetUserDefaultLangID
InitializeCriticalSection
GlobalAlloc
LeaveCriticalSection
TerminateProcess
GlobalUnlock
EnterCriticalSection
GlobalReAlloc
ExpandEnvironmentStringsA
GetStringTypeW
GetStringTypeA
SetStdHandle
WriteConsoleW
WriteConsoleA
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RaiseException
ReadProcessMemory
FlushFileBuffers
GetStartupInfoA
GetFileType
SetHandleCount
GetStdHandle
ExitProcess
Sleep
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
WriteFile
RtlUnwind
GetCommandLineA
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateThread
ResumeThread
ExitThread
HeapAlloc
SetEndOfFile
ReadFile
OpenProcess
LocalFree
LocalAlloc
LoadLibraryA
GetCommandLineW
CloseHandle
GetModuleHandleA
LockResource
GetProcAddress
SetLastError
GetLastError
SizeofResource
GetCurrentProcess
LoadResource
FindResourceA
CreateFileA
HeapSize
lstrlenA
GetConsoleOutputCP
user32
ScreenToClient
SetTimer
CloseClipboard
DestroyWindow
GetWindowRect
PostQuitMessage
TrackPopupMenu
IsIconic
FillRect
SetCapture
KillTimer
IsZoomed
DrawTextA
GetSubMenu
DrawIconEx
LoadStringA
GetFocus
LoadMenuA
LoadIconA
InvalidateRgn
GetClientRect
CreateMenu
SetFocus
GetDC
ChildWindowFromPoint
GetMenu
SetWindowLongA
InvalidateRect
GetWindowLongA
ClientToScreen
ReleaseDC
EnableMenuItem
EmptyClipboard
DefWindowProcA
GetSysColor
SetWindowPos
GetCursorPos
ShowWindow
DrawMenuBar
PostMessageA
OpenClipboard
ReleaseCapture
GetSystemMetrics
InsertMenuA
SetClipboardData
CallWindowProcA
SetMenuItemInfoA
DialogBoxParamA
DestroyIcon
SetDlgItemTextA
CheckMenuItem
MoveWindow
MessageBoxA
SetCursor
SendMessageA
InflateRect
GetDlgItem
EndDialog
GetSysColorBrush
SetWindowTextA
DialogBoxIndirectParamA
LoadCursorA
CreateWindowExA
GetParent
gdi32
StartDocA
SetMapMode
GetDeviceCaps
SetTextColor
CreateFontIndirectA
SetBkColor
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
GetBkColor
GetTextMetricsA
GetObjectA
GetStockObject
CreateSolidBrush
EndPage
StartPage
EndDoc
comdlg32
ChooseFontA
PrintDlgA
GetSaveFileNameA
advapi32
GetTokenInformation
RegQueryValueExA
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCreateKeyA
RegDeleteKeyA
RegSetValueExA
OpenProcessToken
EqualSid
AllocateAndInitializeSid
FreeSid
RegOpenKeyA
RegOpenKeyExA
shell32
ShellExecuteExA
SHGetFileInfoA
ShellExecuteA
oleaut32
VariantClear
SysAllocString
SysFreeString
Sections
.text Size: 130KB - Virtual size: 129KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/SysInternals/uptime.exe.exe windows:5 windows x86 arch:x86
110f42b30b69d34a10bf37e09ef451ca
Code Sign
03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10Certificate
IssuerOU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=InternetNot Before09/04/1996, 00:00Not After07/01/2004, 23:59SubjectOU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91Certificate
IssuerOU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust NetworkNot Before12/05/1997, 07:00Not After31/12/1999, 07:00SubjectOU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Networkbd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60Certificate
IssuerOU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust NetworkNot Before12/05/1997, 07:00Not After31/12/1999, 07:00SubjectOU=VeriSign Time Stamping Service+OU=VeriSign Trust Network+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign\, Inc.,L=Internet55:0d:88:f5:3f:64:16:d7:0c:73:00:d8:45:92:16:34Certificate
IssuerOU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=InternetNot Before19/03/1999, 00:00Not After16/04/2000, 23:59SubjectCN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageKeyEncipherment
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
netapi32
NetRemoteTOD
NetApiBufferFree
user32
LoadStringW
msvcrt
malloc
_dstbias
realloc
gmtime
_ftol
_msize
mktime
localtime
_wtoi
fgetwc
printf
swscanf
_exit
_adjust_fdiv
__p___winitenv
__wgetmainargs
_initterm
__setusermatherr
_EH_prolog
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__CxxFrameHandler
exit
wprintf
wcslen
wcscpy
towupper
wcscmp
swprintf
wcscat
free
_wtol
_wcsicmp
_iob
_XcptFilter
advapi32
RegSetValueExW
CloseEventLog
RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW
ReadEventLogW
RegCreateKeyExW
RegQueryValueExW
RegEnumValueW
OpenEventLogW
RegConnectRegistryW
kernel32
GetComputerNameW
GetLastError
GetDateFormatW
GetTimeFormatW
GetTimeZoneInformation
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/avz/Base/backup.avz
-
tools/avz/Base/bt.avz
-
tools/avz/Base/esc.avz
-
tools/avz/Base/exc.avz
-
tools/avz/Base/extract.avz
-
tools/avz/Base/keylogger.avz
-
tools/avz/Base/krnldrv.avz
-
tools/avz/Base/lang_en.avz
-
tools/avz/Base/lang_ru.avz
-
tools/avz/Base/main.avz
-
tools/avz/Base/main001.avz
-
tools/avz/Base/main002.avz
-
tools/avz/Base/main003.avz
-
tools/avz/Base/main004.avz
-
tools/avz/Base/main005.avz
-
tools/avz/Base/main006.avz
-
tools/avz/Base/main007.avz
-
tools/avz/Base/main008.avz
-
tools/avz/Base/main009.avz
-
tools/avz/Base/main010.avz
-
tools/avz/Base/main011.avz
-
tools/avz/Base/main012.avz
-
tools/avz/Base/main013.avz
-
tools/avz/Base/main014.avz
-
tools/avz/Base/main015.avz
-
tools/avz/Base/main016.avz
-
tools/avz/Base/main017.avz
-
tools/avz/Base/main018.avz
-
tools/avz/Base/main019.avz
-
tools/avz/Base/main020.avz
-
tools/avz/Base/main021.avz
-
tools/avz/Base/main022.avz
-
tools/avz/Base/main023.avz
-
tools/avz/Base/main024.avz
-
tools/avz/Base/main025.avz
-
tools/avz/Base/main026.avz
-
tools/avz/Base/main027.avz
-
tools/avz/Base/main028.avz
-
tools/avz/Base/main029.avz
-
tools/avz/Base/managers.avz
-
tools/avz/Base/net.avz
-
tools/avz/Base/neural.avz
-
tools/avz/Base/neurald.avz
-
tools/avz/Base/neurale.avz
-
tools/avz/Base/neuralm.avz
-
tools/avz/Base/par.avz
-
tools/avz/Base/ports.avz
-
tools/avz/Base/prt.avz
-
tools/avz/Base/repair.avz
-
tools/avz/Base/rootkit.avz
-
tools/avz/Base/scripts.avz
-
tools/avz/Base/scu.avz
-
tools/avz/Base/signf001.avz
-
tools/avz/Base/signf002.avz
-
tools/avz/Base/signf003.avz
-
tools/avz/Base/signf004.avz
-
tools/avz/Base/signf005.avz
-
tools/avz/Base/signf006.avz
-
tools/avz/Base/signf007.avz
-
tools/avz/Base/signf008.avz
-
tools/avz/Base/signf009.avz
-
tools/avz/Base/signf010.avz
-
tools/avz/Base/signf011.avz
-
tools/avz/Base/signf012.avz
-
tools/avz/Base/signf013.avz
-
tools/avz/Base/signf014.avz
-
tools/avz/Base/signfusr.avz
-
tools/avz/Base/syscheck.avz
-
tools/avz/Base/sysipu.avz
-
tools/avz/Base/tsw-auto.avz
-
tools/avz/Base/tsw.avz
-
tools/avz/Base/update.avz
-
tools/avz/Base/vse_ru.avz
-
tools/avz/avz.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
UPX0 Size: - Virtual size: 1.8MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 738KB - Virtual size: 740KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 37KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 2.0MB - Virtual size: 2.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 108KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 144B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 127KB - Virtual size: 127KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 288KB - Virtual size: 288KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/avz/avz.url.url
-
tools/avz/def_profile.txt
-
tools/avz/en_loc.ini
-
tools/avz/mainScript.txt.js
-
tools/avz/ru_loc.ini
-
tools/nirsoft/AppCompatibilityView/AppCompatibilityView.exe.exe windows:4 windows x86 arch:x86
51f751f090ec9854aaa5fd57598c70dd
Code Sign
f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate
IssuerCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before09/09/2019, 00:00Not After09/09/2023, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/11/2018, 00:00Not After31/12/2030, 23:59SubjectCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before02/05/2019, 00:00Not After01/08/2030, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
fb:0d:28:ab:44:15:63:24:bf:95:e1:8a:19:52:a2:cc:53:57:af:e9:1e:49:e7:cb:1e:5f:28:42:9c:76:16:abSigner
Actual PE Digestfb:0d:28:ab:44:15:63:24:bf:95:e1:8a:19:52:a2:cc:53:57:af:e9:1e:49:e7:cb:1e:5f:28:42:9c:76:16:abDigest Algorithmsha256PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\Projects\VS2005\AppCompatibilityView\Release\AppCompatibilityView.pdb
Imports
msvcrt
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
__p__fmode
_c_exit
_onexit
__dllonexit
_wcslwr
strlen
qsort
_purecall
_itow
_wcsnicmp
memmove
__set_app_type
_controlfp
_except_handler3
_exit
malloc
wcscmp
wcschr
free
modf
_wtoi
_memicmp
memcmp
wcstoul
wcsrchr
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
wcslen
memset
_wcsicmp
wcscpy
wcscat
_snwprintf
wcsncat
comctl32
ord17
ImageList_Add
ImageList_Create
ImageList_SetImageCount
ImageList_AddMasked
CreateStatusWindowW
CreateToolbarEx
ImageList_ReplaceIcon
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
kernel32
ReadProcessMemory
GetCurrentProcess
ExitProcess
GetCurrentProcessId
ExpandEnvironmentStringsW
DeleteFileW
SetErrorMode
GetTickCount
OpenProcess
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
GetFileAttributesW
GetStdHandle
GetPrivateProfileStringW
EnumResourceNamesW
GetPrivateProfileIntW
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
ReadFile
WriteFile
GetModuleFileNameW
LockResource
CreateFileW
LocalFree
FindResourceW
LoadResource
lstrcpyW
lstrlenW
GlobalAlloc
GlobalUnlock
LoadLibraryExW
WideCharToMultiByte
GetTempPathW
GetLastError
FindNextFileW
SizeofResource
GlobalLock
GetTempFileNameW
FormatMessageW
FindClose
GetFileSize
GetVersionExW
FindFirstFileW
CloseHandle
GetWindowsDirectoryW
WritePrivateProfileStringW
user32
EndDeferWindowPos
DrawTextExW
DispatchMessageW
TranslateMessage
IsDialogMessageW
SetCursor
ReleaseDC
LoadCursorW
GetSysColorBrush
ShowWindow
GetDC
GetWindowPlacement
SetDlgItemInt
GetSystemMetrics
DeferWindowPos
GetClientRect
CreateWindowExW
SendDlgItemMessageW
EndDialog
SetWindowLongW
GetDlgItem
GetWindowRect
GetDlgItemInt
SetWindowTextW
InvalidateRect
UpdateWindow
SendMessageW
SetDlgItemTextW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
SetMenu
SetWindowPos
LoadAcceleratorsW
PostMessageW
DefWindowProcW
LoadIconW
LoadImageW
GetSysColor
GetWindowLongW
SetFocus
GetCursorPos
GetParent
SetClipboardData
EnableWindow
MapWindowPoints
GetMenu
GetSubMenu
EmptyClipboard
EnableMenuItem
GetClassNameW
OpenClipboard
MoveWindow
GetMenuStringW
CheckMenuItem
GetMenuItemCount
CloseClipboard
CheckMenuRadioItem
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
GetDesktopWindow
GetWindowTextW
LoadMenuW
DestroyIcon
BeginDeferWindowPos
GetKeyState
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
ChildWindowFromPoint
gdi32
DeleteObject
GetDeviceCaps
SetBkMode
GetStockObject
GetTextExtentPoint32W
SetBkColor
GetPixel
DeleteDC
SetPixel
SelectObject
CreateCompatibleDC
GetObjectW
SetTextColor
CreateFontIndirectW
comdlg32
FindTextW
GetSaveFileNameW
advapi32
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
shell32
ShellExecuteW
DragAcceptFiles
DragFinish
DragQueryFileW
SHGetFileInfoW
ShellExecuteExW
Sections
.text Size: 43KB - Virtual size: 43KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/nirsoft/AppCompatibilityView/AppCompatibilityView64.exe.exe windows:4 windows x64 arch:x64
cdff8f9abd584de8401fbe7b9ec0c34a
Code Sign
f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate
IssuerCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before09/09/2019, 00:00Not After09/09/2023, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/11/2018, 00:00Not After31/12/2030, 23:59SubjectCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before02/05/2019, 00:00Not After01/08/2030, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
86:9b:2e:b3:70:c1:9d:ef:d2:ad:87:e1:e1:74:ed:be:66:5f:86:79:50:82:e4:ee:bb:50:91:e8:66:1d:91:37Signer
Actual PE Digest86:9b:2e:b3:70:c1:9d:ef:d2:ad:87:e1:e1:74:ed:be:66:5f:86:79:50:82:e4:ee:bb:50:91:e8:66:1d:91:37Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
c:\Projects\VS2005\AppCompatibilityView\x64\Release\AppCompatibilityView.pdb
Imports
msvcrt
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__setusermatherr
_onexit
__dllonexit
_wcslwr
strlen
qsort
_purecall
_itow
_wcsnicmp
memmove
_commode
_fmode
__set_app_type
__C_specific_handler
malloc
_memicmp
free
modf
_wtoi
wcschr
memcmp
wcstoul
wcsrchr
wcscmp
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
memcpy
wcslen
memset
wcscpy
_wcsicmp
wcscat
_snwprintf
wcsncat
comctl32
ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked
ImageList_SetImageCount
CreateToolbarEx
CreateStatusWindowW
ImageList_ReplaceIcon
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
kernel32
GetCurrentProcess
ReadProcessMemory
GetCurrentProcessId
ExitProcess
DeleteFileW
ExpandEnvironmentStringsW
SetErrorMode
OpenProcess
EnumResourceTypesW
GetStartupInfoW
GetVersionExW
GetStdHandle
GetTickCount
GetPrivateProfileStringW
GetPrivateProfileIntW
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetProcAddress
FindNextFileW
FindClose
GetFileAttributesW
WriteFile
FindResourceW
ReadFile
LoadResource
GetModuleFileNameW
CreateFileW
CloseHandle
GetWindowsDirectoryW
LoadLibraryExW
GlobalAlloc
lstrlenW
WideCharToMultiByte
LockResource
LocalFree
lstrcpyW
GetTempFileNameW
GlobalUnlock
GetTempPathW
GetFileSize
GlobalLock
SizeofResource
GetLastError
FindFirstFileW
FormatMessageW
WritePrivateProfileStringW
EnumResourceNamesW
user32
DrawTextExW
TranslateMessage
DispatchMessageW
GetDC
ReleaseDC
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
GetDlgItem
SetWindowTextW
UpdateWindow
InvalidateRect
SendMessageW
GetWindowRect
SetDlgItemTextW
GetDlgItemInt
SetWindowLongPtrW
GetWindowPlacement
SetDlgItemInt
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetClientRect
SendDlgItemMessageW
SetWindowPos
LoadAcceleratorsW
DefWindowProcW
PostMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetMenu
LoadIconW
LoadImageW
GetSysColor
SetWindowLongW
GetWindowLongW
SetFocus
SetClipboardData
GetCursorPos
CheckMenuRadioItem
EnableWindow
GetMenuStringW
MapWindowPoints
CloseClipboard
GetMenu
GetParent
EmptyClipboard
MoveWindow
EnableMenuItem
OpenClipboard
GetClassNameW
GetSubMenu
CheckMenuItem
GetMenuItemCount
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
DestroyIcon
EndDeferWindowPos
BeginDeferWindowPos
GetKeyState
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
IsDialogMessageW
EndDialog
gdi32
DeleteObject
GetDeviceCaps
SetBkMode
SetBkColor
GetStockObject
GetTextExtentPoint32W
SetPixel
SelectObject
CreateCompatibleDC
GetObjectW
DeleteDC
GetPixel
SetTextColor
CreateFontIndirectW
comdlg32
FindTextW
GetSaveFileNameW
advapi32
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW
RegCloseKey
shell32
ShellExecuteExW
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetFileInfoW
ShellExecuteW
Sections
.text Size: 65KB - Virtual size: 64KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/nirsoft/AppCrashView/AppCrashView.exe.exe windows:4 windows x86 arch:x86
Code Sign
42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate
IssuerCN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SENot Before07/06/2005, 08:09Not After30/05/2020, 10:48SubjectCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before31/12/2015, 00:00Not After09/07/2019, 18:40SubjectCN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before24/08/2011, 00:00Not After30/05/2020, 10:48SubjectCN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate
IssuerCN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before12/09/2014, 00:00Not After12/09/2019, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17Certificate
IssuerCN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before30/03/2016, 00:00Not After30/06/2019, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate
IssuerCN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before09/05/2013, 00:00Not After08/05/2028, 23:59SubjectCN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before31/12/2015, 00:00Not After09/07/2019, 18:40SubjectCN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
28:83:9f:d1:4b:62:c4:82:dd:05:7f:0b:ce:3e:98:4f:24:b2:dc:bc:5c:84:57:80:06:d2:0c:58:11:4a:87:78Signer
Actual PE Digest28:83:9f:d1:4b:62:c4:82:dd:05:7f:0b:ce:3e:98:4f:24:b2:dc:bc:5c:84:57:80:06:d2:0c:58:11:4a:87:78Digest Algorithmsha256PE Digest Matchestruef0:be:c1:67:51:cb:b8:36:85:1b:21:14:ae:e1:f1:27:1b:82:c8:d0Signer
Actual PE Digestf0:be:c1:67:51:cb:b8:36:85:1b:21:14:ae:e1:f1:27:1b:82:c8:d0Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 60KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 32KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 45KB - Virtual size: 44KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/nirsoft/Cports/cports.exe.exe windows:4 windows x86 arch:x86
Code Sign
f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate
IssuerCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before09/09/2019, 00:00Not After09/09/2023, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/11/2018, 00:00Not After31/12/2030, 23:59SubjectCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before02/05/2019, 00:00Not After01/08/2030, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
96:d3:08:00:2a:4a:94:3e:05:bb:c6:18:86:07:b5:f1:eb:56:e6:3e:a6:c8:2b:6c:36:8c:53:2b:ca:0b:d5:77Signer
Actual PE Digest96:d3:08:00:2a:4a:94:3e:05:bb:c6:18:86:07:b5:f1:eb:56:e6:3e:a6:c8:2b:6c:36:8c:53:2b:ca:0b:d5:77Digest Algorithmsha256PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 100KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 66KB - Virtual size: 68KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 95KB - Virtual size: 95KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/nirsoft/Cports/cports64.exe.exe windows:4 windows x64 arch:x64
ebe4b9cb8b4a4cd6aa42c403c5df14c9
Code Sign
f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate
IssuerCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before09/09/2019, 00:00Not After09/09/2023, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/11/2018, 00:00Not After31/12/2030, 23:59SubjectCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before02/05/2019, 00:00Not After01/08/2030, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
b6:5d:37:66:06:8a:ab:69:1a:42:2f:5e:ca:19:7e:6d:19:80:ae:32:b4:9e:5d:21:05:0e:26:7c:bc:39:3b:32Signer
Actual PE Digestb6:5d:37:66:06:8a:ab:69:1a:42:2f:5e:ca:19:7e:6d:19:80:ae:32:b4:9e:5d:21:05:0e:26:7c:bc:39:3b:32Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
c:\Projects\VS2005\cports\x64\Release\cports.pdb
Imports
msvcrt
_initterm
__getmainargs
_acmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
qsort
_strlwr
__setusermatherr
strcmp
malloc
free
strtoul
modf
_stricmp
_mbsrchr
_memicmp
atoi
_strcmpi
strchr
_purecall
strlen
_commode
__set_app_type
_itoa
_fmode
_ultoa
memcpy
memcmp
strncmp
strcpy
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
memset
strncat
sprintf
strcat
_atoi64
_mbsicmp
_mbscmp
memmove
_mbschr
strrchr
_errno
fopen
fread
fprintf
ferror
ftell
fclose
ws2_32
WSAAsyncSelect
connect
inet_addr
WSAGetLastError
htons
WSASetLastError
closesocket
gethostbyaddr
WSAStartup
WSACleanup
getservbyport
version
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA
comctl32
ord6
ImageList_Create
ImageList_AddMasked
ImageList_SetImageCount
ord17
ImageList_ReplaceIcon
ImageList_Add
CreateToolbarEx
kernel32
GetCurrentThread
HeapFree
UnmapViewOfFile
MapViewOfFile
DuplicateHandle
DeviceIoControl
CreateThread
ResumeThread
ExitProcess
GetProcessHeap
GetCurrentProcess
DeleteFileA
GetCurrentProcessId
Sleep
WinExec
GetStdHandle
GetPrivateProfileIntA
EnumResourceNamesA
CreateEventA
GetPrivateProfileStringA
LoadLibraryExA
WriteFile
GetSystemDirectoryA
GetDateFormatA
FindClose
ReadFile
GetWindowsDirectoryA
LoadResource
GetTempFileNameA
lstrcpyA
FormatMessageA
FindNextFileA
GetNumberFormatA
GetModuleFileNameA
LocalFree
GetTempPathA
GetLocaleInfoA
GetLastError
FindFirstFileA
lstrlenA
TerminateProcess
GetStartupInfoA
WritePrivateProfileStringA
ReadProcessMemory
GetThreadSelectorEntry
OpenProcess
CloseHandle
FileTimeToLocalFileTime
WideCharToMultiByte
CompareFileTime
GetProcAddress
GetModuleHandleA
GetFileAttributesA
GetTickCount
GetSystemTimeAsFileTime
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetFileSize
LoadLibraryA
FreeLibrary
FileTimeToSystemTime
CreateFileA
GlobalAlloc
GlobalLock
FindResourceA
GlobalUnlock
LockResource
GetTimeFormatA
SetFilePointer
GetVersionExA
user32
SetForegroundWindow
DrawTextExA
SetCapture
IsDialogMessageA
TranslateMessage
KillTimer
PostMessageA
GetKeyState
DispatchMessageA
ReleaseCapture
GetMessageA
MessageBeep
UpdateWindow
WindowFromPoint
SetTimer
RegisterWindowMessageA
PostQuitMessage
TrackPopupMenu
GetSysColor
GetMenuItemInfoA
DestroyWindow
EnumChildWindows
CreateDialogParamA
DestroyMenu
GetDlgCtrlID
DialogBoxParamA
LoadStringA
ModifyMenuA
LoadMenuA
LoadImageA
GetCursorPos
MapWindowPoints
EnableWindow
CheckMenuRadioItem
SetClipboardData
GetMenuStringA
CloseClipboard
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetCursor
LoadCursorA
SendMessageA
GetWindowPlacement
GetSystemMetrics
SetWindowPos
BeginPaint
GetWindowTextLengthA
GetWindow
GetClientRect
SetDlgItemTextA
DrawFrameControl
GetDlgItemTextA
SetWindowTextA
SendDlgItemMessageA
DeferWindowPos
GetWindowRect
GetDlgItemInt
EndDialog
GetDlgItem
EndPaint
CreateWindowExA
InvalidateRect
SetDlgItemInt
SetMenu
LoadAcceleratorsA
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
RegisterClassA
IsWindowVisible
EnumWindows
GetWindowThreadProcessId
GetWindowTextA
LoadIconA
FindWindowA
DestroyIcon
GetWindowLongA
SetWindowLongA
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetMenu
MoveWindow
OpenClipboard
CheckMenuItem
EmptyClipboard
GetDC
GetParent
EnableMenuItem
ScreenToClient
ReleaseDC
GetMenuItemCount
GetSubMenu
GetClassNameA
gdi32
GetDeviceCaps
SetTextColor
CreateFontIndirectA
SetBkMode
DeleteObject
GetTextExtentPoint32A
SetBkColor
SelectObject
comdlg32
FindTextA
GetSaveFileNameA
ChooseFontA
advapi32
RegDeleteKeyA
shell32
Shell_NotifyIconA
ShellExecuteExA
ShellExecuteA
ExtractIconExA
Sections
.text Size: 135KB - Virtual size: 134KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/nirsoft/DriverView/DriverView.exe.exe windows:4 windows x86 arch:x86
Code Sign
f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate
IssuerCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before09/09/2019, 00:00Not After09/09/2023, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/11/2018, 00:00Not After31/12/2030, 23:59SubjectCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before02/05/2019, 00:00Not After01/08/2030, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
db:d0:fa:e5:10:5d:36:a7:7d:f5:2c:d2:d8:0f:ff:9f:17:18:9b:e5:ab:be:92:42:c0:e0:12:22:a8:be:1e:8bSigner
Actual PE Digestdb:d0:fa:e5:10:5d:36:a7:7d:f5:2c:d2:d8:0f:ff:9f:17:18:9b:e5:ab:be:92:42:c0:e0:12:22:a8:be:1e:8bDigest Algorithmsha256PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 48KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 29KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 38KB - Virtual size: 37KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/nirsoft/DriverView/DriverView64.exe.exe windows:4 windows x64 arch:x64
625d13b37d8a758778e822a11c8727db
Code Sign
f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate
IssuerCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before09/09/2019, 00:00Not After09/09/2023, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/11/2018, 00:00Not After31/12/2030, 23:59SubjectCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before02/05/2019, 00:00Not After01/08/2030, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
d8:ac:d3:e7:fa:84:a0:6c:bb:06:53:49:05:1f:87:97:20:52:23:a6:66:42:ba:22:c6:06:1a:31:95:9b:a7:7aSigner
Actual PE Digestd8:ac:d3:e7:fa:84:a0:6c:bb:06:53:49:05:1f:87:97:20:52:23:a6:66:42:ba:22:c6:06:1a:31:95:9b:a7:7aDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
c:\Projects\VS2005\DriverView\x64\Release\DriverView.pdb
Imports
msvcrt
_initterm
__getmainargs
_acmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
__setusermatherr
__dllonexit
_strlwr
_mbsicmp
_purecall
qsort
malloc
strtoul
free
_snprintf
modf
_commode
_fmode
__set_app_type
_onexit
memcmp
_strcmpi
_memicmp
strrchr
strcmp
strchr
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memset
strlen
memcpy
_itoa
atoi
_stricmp
strcpy
strcat
strncat
sprintf
comctl32
ImageList_Create
ImageList_SetImageCount
ord6
CreateToolbarEx
ImageList_AddMasked
ord17
ImageList_ReplaceIcon
version
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA
kernel32
ExitProcess
GetCurrentProcessId
DeleteFileA
EnumResourceNamesA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetTimeFormatA
GetFileTime
MultiByteToWideChar
GetCurrentProcess
ReadProcessMemory
OpenProcess
GetStartupInfoA
GetFileAttributesA
GetFileSize
GetModuleHandleA
FreeLibrary
FileTimeToLocalFileTime
CompareFileTime
LoadLibraryExA
ExpandEnvironmentStringsA
FileTimeToSystemTime
GetProcAddress
LoadLibraryA
CreateFileA
CloseHandle
GlobalLock
GlobalUnlock
GlobalAlloc
lstrlenA
GetVersionExA
GetLastError
FormatMessageA
GetTempPathA
GetModuleFileNameA
GetWindowsDirectoryA
LocalFree
GetDateFormatA
ReadFile
lstrcpyA
WriteFile
GetSystemDirectoryA
GetTempFileNameA
user32
MessageBeep
EndDeferWindowPos
GetFocus
BeginDeferWindowPos
GetMessageA
RegisterWindowMessageA
SetTimer
PostQuitMessage
TrackPopupMenu
IsDialogMessageA
TranslateMessage
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetCursor
LoadCursorA
SetDlgItemTextA
DispatchMessageA
SetWindowTextA
SendDlgItemMessageA
GetDlgItemInt
EndDialog
GetDlgItem
CreateWindowExA
SetDlgItemInt
RegisterClassA
UpdateWindow
GetSystemMetrics
GetWindowRect
PostMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
LoadImageA
LoadStringA
LoadIconA
GetWindowLongA
SetWindowLongA
InvalidateRect
SetFocus
GetMenuItemCount
GetSubMenu
GetClassNameA
GetMenuStringA
CloseClipboard
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
GetClientRect
GetSysColor
MoveWindow
GetMenu
OpenClipboard
CheckMenuItem
EmptyClipboard
EnableMenuItem
ReleaseDC
GetDC
GetMenuItemInfoA
GetWindowTextA
LoadMenuA
GetParent
ModifyMenuA
DialogBoxParamA
GetDlgCtrlID
DestroyMenu
CreateDialogParamA
EnumChildWindows
DestroyWindow
GetKeyState
KillTimer
DeferWindowPos
gdi32
GetStockObject
GetTextExtentPoint32A
SetBkColor
GetDeviceCaps
SetTextColor
CreateFontIndirectA
SetBkMode
DeleteObject
comdlg32
FindTextA
GetSaveFileNameA
advapi32
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegDeleteKeyA
shell32
ShellExecuteExA
ShellExecuteA
ole32
OleInitialize
OleUninitialize
DoDragDrop
Sections
.text Size: 57KB - Virtual size: 57KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/nirsoft/ExecutedProgramsList/ExecutedProgramsList.exe.exe windows:4 windows x86 arch:x86
f9f666a7dc93e67d08bf8ce4f69a541d
Code Sign
42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate
IssuerCN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SENot Before07/06/2005, 08:09Not After30/05/2020, 10:48SubjectCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before31/12/2015, 00:00Not After09/07/2019, 18:40SubjectCN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before24/08/2011, 00:00Not After30/05/2020, 10:48SubjectCN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate
IssuerCN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before12/09/2014, 00:00Not After12/09/2019, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
eb:92:d0:76:1a:1f:ce:64:36:38:d9:f0:c3:5a:e9:55:0a:6f:37:92Signer
Actual PE Digesteb:92:d0:76:1a:1f:ce:64:36:38:d9:f0:c3:5a:e9:55:0a:6f:37:92Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\Projects\VS2005\ExecutedProgramsList\Release\ExecutedProgramsList.pdb
Imports
msvcrt
_controlfp
_except_handler3
__set_app_type
__p__fmode
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
__p__commode
__dllonexit
_wcslwr
strlen
qsort
_purecall
_itow
_wcsnicmp
malloc
wcscmp
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_onexit
wcschr
free
modf
_wtoi
_memicmp
memcmp
wcstoul
wcsrchr
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
_wcsicmp
wcscpy
memset
wcscat
_snwprintf
wcsncat
comctl32
ord17
ImageList_Add
ImageList_Create
ImageList_SetImageCount
ImageList_AddMasked
CreateToolbarEx
CreateStatusWindowW
version
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
kernel32
GetStdHandle
GetModuleHandleA
EnumResourceTypesW
GetTickCount
SetErrorMode
DeleteFileW
GetCurrentProcess
ReadProcessMemory
GetCurrentProcessId
ExitProcess
GetLogicalDrives
GetStartupInfoW
OpenProcess
GetVolumeInformationW
QueryDosDeviceW
FileTimeToSystemTime
SystemTimeToFileTime
GetDriveTypeW
CompareFileTime
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
FindClose
GetFileSize
GetVersionExW
FindFirstFileW
GetTimeFormatW
CloseHandle
GetFileAttributesW
GetWindowsDirectoryW
FileTimeToLocalFileTime
ReadFile
WriteFile
GetModuleFileNameW
GetNumberFormatW
CreateFileW
LockResource
LocalFree
FindResourceW
LoadResource
lstrlenW
lstrcpyW
SystemTimeToTzSpecificLocalTime
GlobalAlloc
GlobalUnlock
LoadLibraryExW
WideCharToMultiByte
GetTempPathW
GetLastError
GetLocaleInfoW
FindNextFileW
SizeofResource
GlobalLock
GetDateFormatW
GetTempFileNameW
FormatMessageW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetPrivateProfileStringW
GetLongPathNameW
user32
GetMenuItemInfoW
GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
BeginDeferWindowPos
GetKeyState
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
GetClientRect
CreateWindowExW
SendDlgItemMessageW
EndDialog
SetWindowLongW
GetDlgItem
GetWindowRect
GetDlgItemInt
SetWindowTextW
InvalidateRect
UpdateWindow
SendMessageW
SetWindowPlacement
SetDlgItemTextW
GetWindowPlacement
SetDlgItemInt
GetSystemMetrics
DeferWindowPos
SetMenu
LoadAcceleratorsW
PostMessageW
DefWindowProcW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
LoadImageW
GetSysColor
GetWindowLongW
SetFocus
CheckMenuItem
GetMenuItemCount
CloseClipboard
GetCursorPos
GetParent
SetClipboardData
EnableWindow
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
GetMenuStringW
ModifyMenuW
SetCursor
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
SetWindowPos
GetDesktopWindow
GetWindowTextW
LoadMenuW
LoadIconW
DestroyIcon
IsDialogMessageW
TranslateMessage
DispatchMessageW
DrawTextExW
EndDeferWindowPos
gdi32
GetTextExtentPoint32W
SetBkColor
GetStockObject
GetDeviceCaps
GetPixel
DeleteDC
SetPixel
SelectObject
CreateCompatibleDC
GetObjectW
SetTextColor
CreateFontIndirectW
SetBkMode
DeleteObject
comdlg32
GetSaveFileNameW
FindTextW
advapi32
RegEnumValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
shell32
ShellExecuteW
SHGetFileInfoW
ShellExecuteExW
Sections
.text Size: 43KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 59KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/nirsoft/HashMyFiles/HashMyFiles.exe.exe windows:4 windows x86 arch:x86
Code Sign
f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate
IssuerCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before09/09/2019, 00:00Not After09/09/2023, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/11/2018, 00:00Not After31/12/2030, 23:59SubjectCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before02/05/2019, 00:00Not After01/08/2030, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
41:e5:73:3d:2e:59:19:2f:2d:71:9e:ba:85:cb:5d:b8:b9:2b:f7:bc:db:3b:8c:ff:c9:c0:a4:33:0c:00:81:e4Signer
Actual PE Digest41:e5:73:3d:2e:59:19:2f:2d:71:9e:ba:85:cb:5d:b8:b9:2b:f7:bc:db:3b:8c:ff:c9:c0:a4:33:0c:00:81:e4Digest Algorithmsha256PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 68KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 41KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 58KB - Virtual size: 57KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/nirsoft/HashMyFiles/HashMyFiles64.exe.exe windows:4 windows x64 arch:x64
fc25011b272c5b138bbbc16efe24bd98
Code Sign
f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate
IssuerCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before09/09/2019, 00:00Not After09/09/2023, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/11/2018, 00:00Not After31/12/2030, 23:59SubjectCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before02/05/2019, 00:00Not After01/08/2030, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
af:19:0d:ca:0a:c1:e7:c7:a5:d0:c3:94:94:91:18:4b:b3:ae:18:2d:d9:ce:e0:48:43:cf:e0:97:6f:60:f7:c1Signer
Actual PE Digestaf:19:0d:ca:0a:c1:e7:c7:a5:d0:c3:94:94:91:18:4b:b3:ae:18:2d:d9:ce:e0:48:43:cf:e0:97:6f:60:f7:c1Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
c:\Projects\VS2005\HashMyFiles\x64\Release\HashMyFiles.pdb
Imports
msvcrt
__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
realloc
_msize
calloc
strlen
qsort
_initterm
__setusermatherr
_commode
_fmode
__set_app_type
_wcslwr
modf
wcstoul
wcsrchr
wcscmp
malloc
_memicmp
free
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_itow
memcpy
wcslen
_wcsicmp
wcschr
_ultow
_wcsupr
_ltow
_purecall
_wtoi
memcmp
wcscpy
memset
_snwprintf
wcsncat
wcscat
comctl32
ord17
ImageList_SetImageCount
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_Create
CreateStatusWindowW
CreateToolbarEx
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
kernel32
GetCurrentDirectoryW
SetErrorMode
ExpandEnvironmentStringsW
GetLongPathNameW
ReadProcessMemory
OpenProcess
GetCurrentProcessId
DeleteFileW
GetStdHandle
ExitProcess
GetCurrentProcess
EnumResourceTypesW
GetStartupInfoW
GetDriveTypeW
WideCharToMultiByte
GetPrivateProfileStringW
EnumResourceNamesW
GetPrivateProfileIntW
GlobalUnlock
CompareFileTime
GlobalLock
CloseHandle
GetFileAttributesW
CreateFileW
LoadLibraryW
FileTimeToSystemTime
GetProcAddress
FreeLibrary
SystemTimeToFileTime
GlobalAlloc
GetTempPathW
GetLocaleInfoW
GetDateFormatW
SizeofResource
GetLastError
GetTempFileNameW
FormatMessageW
GetFileSize
GetVersionExW
GetModuleHandleW
FindNextFileW
FindFirstFileW
FindClose
GetTimeFormatW
WriteFile
ReadFile
GetModuleFileNameW
GetWindowsDirectoryW
FileTimeToLocalFileTime
FindResourceW
LoadResource
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
LocalFree
lstrlenW
GetNumberFormatW
LoadLibraryExW
LockResource
lstrcpyW
WritePrivateProfileStringW
user32
SetWindowLongPtrW
CallWindowProcW
CreatePopupMenu
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetCursor
LoadCursorW
GetDlgItemInt
InvalidateRect
EndPaint
GetWindow
GetWindowPlacement
DrawFrameControl
SetDlgItemInt
SetWindowTextW
MonitorFromWindow
GetDlgItemTextW
BeginPaint
GetSystemMetrics
GetClientRect
DeferWindowPos
CreateWindowExW
SetWindowPos
SendDlgItemMessageW
EndDialog
GetWindowRect
GetDlgItem
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetMenu
LoadAcceleratorsW
DefWindowProcW
UpdateWindow
PostMessageW
SendMessageW
OpenClipboard
CloseClipboard
LoadImageW
GetClipboardData
GetWindowLongW
SetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
MoveWindow
GetMenuItemCount
CheckMenuItem
GetMenuStringW
CheckMenuRadioItem
GetCursorPos
GetSysColor
SetClipboardData
EnableWindow
MapWindowPoints
GetParent
GetMenu
EmptyClipboard
GetDC
EnableMenuItem
ReleaseDC
GetClassNameW
GetSubMenu
TranslateMessage
DispatchMessageW
PeekMessageW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
GetWindowTextW
LoadIconW
DestroyIcon
GetFocus
ChangeClipboardChain
SetForegroundWindow
GetKeyState
KillTimer
SetClipboardViewer
IsDialogMessageW
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
DrawTextExW
GetMessageW
FindWindowW
SetTimer
GetMonitorInfoW
SetDlgItemTextW
gdi32
SetTextColor
SetBkMode
CreateFontIndirectW
GetStockObject
GetTextExtentPoint32W
SetBkColor
SelectObject
GetDeviceCaps
DeleteObject
comdlg32
ChooseFontW
FindTextW
GetOpenFileNameW
GetSaveFileNameW
advapi32
RegCloseKey
CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegDeleteKeyW
CryptCreateHash
CryptDestroyHash
RegOpenKeyExW
CryptHashData
shell32
ShellExecuteW
Shell_NotifyIconW
SHBindToParent
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW
SHFileOperationW
ExtractIconExW
ShellExecuteExW
SHGetFileInfoW
ole32
OleUninitialize
DoDragDrop
RegisterDragDrop
OleInitialize
Sections
.text Size: 86KB - Virtual size: 86KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/nirsoft/InjectedDll/InjectedDLL.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 48KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 26KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/nirsoft/InstalledPackagesView/InstalledPackagesView.exe.exe windows:4 windows x86 arch:x86
71e63731e66443802f8183496d55d1e9
Code Sign
42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate
IssuerCN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SENot Before07/06/2005, 08:09Not After30/05/2020, 10:48SubjectCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before31/12/2015, 00:00Not After09/07/2019, 18:40SubjectCN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before24/08/2011, 00:00Not After30/05/2020, 10:48SubjectCN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate
IssuerCN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before12/09/2014, 00:00Not After12/09/2019, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17Certificate
IssuerCN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before30/03/2016, 00:00Not After30/06/2019, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate
IssuerCN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before09/05/2013, 00:00Not After08/05/2028, 23:59SubjectCN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before31/12/2015, 00:00Not After09/07/2019, 18:40SubjectCN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
6d:98:86:2a:66:ef:c6:49:e1:2b:59:5f:76:64:ca:cd:73:d5:a2:32:ca:d6:17:e2:69:3e:09:06:ef:77:d9:02Signer
Actual PE Digest6d:98:86:2a:66:ef:c6:49:e1:2b:59:5f:76:64:ca:cd:73:d5:a2:32:ca:d6:17:e2:69:3e:09:06:ef:77:d9:02Digest Algorithmsha256PE Digest Matchestruea5:3f:aa:41:e3:f6:e9:1f:07:4c:e3:cc:69:2d:fe:c6:c0:db:c5:06Signer
Actual PE Digesta5:3f:aa:41:e3:f6:e9:1f:07:4c:e3:cc:69:2d:fe:c6:c0:db:c5:06Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\Projects\VS2005\InstalledPackagesView\Release\InstalledPackagesView.pdb
Imports
msvcrt
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
__p__fmode
_onexit
__dllonexit
_purecall
_wcslwr
strlen
qsort
_itow
_wcsnicmp
malloc
wcscmp
_wcsicmp
__set_app_type
_controlfp
_except_handler3
_c_exit
free
_memicmp
wcschr
modf
_wtoi
memcmp
wcsrchr
wcstoul
_ultow
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
wcslen
wcscpy
memset
wcscat
_snwprintf
wcsncat
comctl32
ImageList_Create
ord17
ImageList_Add
ImageList_SetImageCount
ImageList_AddMasked
CreateStatusWindowW
CreateToolbarEx
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
kernel32
ReadProcessMemory
ExitProcess
GetCurrentProcessId
SetErrorMode
ExpandEnvironmentStringsW
DeleteFileW
GetStdHandle
GetTickCount
OpenProcess
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
GetProcAddress
EnumResourceNamesW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
FreeLibrary
GetModuleHandleW
LoadLibraryW
FormatMessageW
GetVersionExW
GetTimeFormatW
CloseHandle
GetFileAttributesW
WriteFile
GetWindowsDirectoryW
FindResourceW
FileTimeToLocalFileTime
LoadResource
ReadFile
SystemTimeToTzSpecificLocalTime
GetModuleFileNameW
GetNumberFormatW
CreateFileW
LockResource
GlobalAlloc
LocalFree
LoadLibraryExW
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
lstrcpyW
GlobalUnlock
GetCurrentProcess
GetTempPathW
GetLocaleInfoW
GetDateFormatW
GetTempFileNameW
GetLastError
GlobalLock
SizeofResource
GetFileSize
user32
FillRect
SetCapture
ReleaseCapture
MonitorFromWindow
GetMonitorInfoW
GetKeyState
GetFocus
DispatchMessageW
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
DrawTextExW
SendDlgItemMessageW
GetWindow
EndDialog
SetWindowLongW
GetDlgItem
GetWindowRect
DrawFrameControl
GetDlgItemInt
SetWindowTextW
InvalidateRect
UpdateWindow
SendMessageW
SetDlgItemTextW
GetDlgItemTextW
EndPaint
GetWindowPlacement
GetSystemMetrics
SetDlgItemInt
DeferWindowPos
BeginPaint
GetClientRect
CreateWindowExW
GetForegroundWindow
LoadAcceleratorsW
PostMessageW
DefWindowProcW
RegisterClassW
TranslateAcceleratorW
MessageBoxW
SetMenu
LoadImageW
GetSysColor
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
CheckMenuItem
GetMenuItemCount
GetMenuStringW
ScreenToClient
SetClipboardData
GetCursorPos
EnableWindow
CheckMenuRadioItem
CloseClipboard
MapWindowPoints
GetParent
GetMenu
EmptyClipboard
GetSubMenu
EnableMenuItem
GetDC
ReleaseDC
GetClassNameW
MoveWindow
OpenClipboard
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
GetDesktopWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
DestroyIcon
LoadIconW
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
IsDialogMessageW
TranslateMessage
SetWindowPos
gdi32
SetBkColor
GetStockObject
GetTextExtentPoint32W
CreateSolidBrush
GetDeviceCaps
PatBlt
GetPixel
DeleteDC
SetPixel
SelectObject
CreateCompatibleDC
GetObjectW
SetTextColor
CreateFontIndirectW
SetBkMode
DeleteObject
comdlg32
FindTextW
GetSaveFileNameW
advapi32
GetTokenInformation
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
OpenProcessToken
shell32
SHGetFileInfoW
ShellExecuteW
ShellExecuteExW
Sections
.text Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/nirsoft/InstalledPackagesView/InstalledPackagesView64.exe.exe windows:4 windows x64 arch:x64
6622c32a857f1871d1518cc8e43316ac
Code Sign
42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate
IssuerCN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SENot Before07/06/2005, 08:09Not After30/05/2020, 10:48SubjectCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before31/12/2015, 00:00Not After09/07/2019, 18:40SubjectCN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before24/08/2011, 00:00Not After30/05/2020, 10:48SubjectCN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate
IssuerCN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before12/09/2014, 00:00Not After12/09/2019, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17Certificate
IssuerCN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before30/03/2016, 00:00Not After30/06/2019, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate
IssuerCN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before09/05/2013, 00:00Not After08/05/2028, 23:59SubjectCN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before31/12/2015, 00:00Not After09/07/2019, 18:40SubjectCN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
19:a4:d8:85:2b:b9:5e:bc:0c:b2:c0:bc:e8:3e:f2:03:86:4a:9d:d8:97:d9:c6:1c:07:56:ef:0f:af:b6:68:b2Signer
Actual PE Digest19:a4:d8:85:2b:b9:5e:bc:0c:b2:c0:bc:e8:3e:f2:03:86:4a:9d:d8:97:d9:c6:1c:07:56:ef:0f:af:b6:68:b2Digest Algorithmsha256PE Digest Matchestrue02:33:48:92:fc:52:e1:93:5f:6c:ff:8f:af:b2:97:d2:ca:ff:8a:afSigner
Actual PE Digest02:33:48:92:fc:52:e1:93:5f:6c:ff:8f:af:b2:97:d2:ca:ff:8a:afDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
c:\Projects\VS2005\InstalledPackagesView\x64\Release\InstalledPackagesView.pdb
Imports
msvcrt
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
__setusermatherr
__dllonexit
_purecall
_wcslwr
strlen
qsort
_itow
_wcsnicmp
_memicmp
malloc
free
_commode
_fmode
__set_app_type
_onexit
_wcsicmp
modf
_wtoi
wcschr
memcmp
wcsrchr
wcstoul
wcscmp
_ultow
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
wcslen
memcpy
wcscpy
memset
wcscat
_snwprintf
wcsncat
comctl32
ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked
ImageList_SetImageCount
CreateStatusWindowW
CreateToolbarEx
version
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
kernel32
ExitProcess
ReadProcessMemory
GetCurrentProcessId
ExpandEnvironmentStringsW
DeleteFileW
SetErrorMode
GetStdHandle
OpenProcess
EnumResourceTypesW
GetStartupInfoW
LoadLibraryW
GetTickCount
GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
GetProcAddress
FreeLibrary
GetModuleHandleW
FormatMessageW
GetLastError
GetVersionExW
GetTimeFormatW
WriteFile
FindResourceW
GetFileAttributesW
LoadResource
SystemTimeToTzSpecificLocalTime
ReadFile
GetModuleFileNameW
LoadLibraryExW
GlobalAlloc
CreateFileW
GetDateFormatW
WideCharToMultiByte
CloseHandle
GetTempFileNameW
MultiByteToWideChar
GetWindowsDirectoryW
GetCurrentProcess
lstrlenW
FileTimeToLocalFileTime
GetNumberFormatW
GetFileSize
LockResource
GetLocaleInfoW
GlobalUnlock
LocalFree
GlobalLock
GetTempPathW
lstrcpyW
SizeofResource
EnumResourceNamesW
user32
ReleaseCapture
FillRect
SetCapture
MonitorFromWindow
GetMonitorInfoW
DrawTextExW
DispatchMessageW
ChildWindowFromPoint
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
BeginPaint
CreateWindowExW
TranslateMessage
SetWindowPos
GetWindow
SendDlgItemMessageW
EndDialog
GetDlgItem
DrawFrameControl
SetWindowTextW
UpdateWindow
SendMessageW
InvalidateRect
SetDlgItemTextW
GetWindowRect
GetDlgItemTextW
SetWindowLongPtrW
GetDlgItemInt
GetWindowPlacement
GetSystemMetrics
SetDlgItemInt
EndPaint
DeferWindowPos
MessageBoxW
SetMenu
TranslateAcceleratorW
GetForegroundWindow
LoadAcceleratorsW
DefWindowProcW
RegisterClassW
PostMessageW
LoadImageW
GetSysColor
SetWindowLongW
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetMenuItemCount
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
CheckMenuRadioItem
GetMenuStringW
ScreenToClient
MoveWindow
GetMenu
CloseClipboard
EmptyClipboard
GetParent
EnableMenuItem
ReleaseDC
OpenClipboard
GetClassNameW
GetDC
CheckMenuItem
GetSubMenu
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
GetDesktopWindow
LoadIconW
DestroyIcon
GetFocus
GetKeyState
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
IsDialogMessageW
GetClientRect
gdi32
SetBkColor
GetTextExtentPoint32W
GetStockObject
CreateSolidBrush
GetDeviceCaps
PatBlt
GetObjectW
DeleteDC
GetPixel
SetPixel
SelectObject
CreateCompatibleDC
SetTextColor
CreateFontIndirectW
SetBkMode
DeleteObject
comdlg32
FindTextW
GetSaveFileNameW
advapi32
RegQueryInfoKeyW
OpenProcessToken
RegEnumValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
GetTokenInformation
RegQueryValueExW
shell32
SHGetFileInfoW
ShellExecuteW
ShellExecuteExW
Sections
.text Size: 72KB - Virtual size: 72KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 21KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/nirsoft/JumpListsView/JumpListsView.exe.exe windows:4 windows x86 arch:x86
d0faef4f30a486dd1300a7acd0c85b75
Code Sign
42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate
IssuerCN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SENot Before07/06/2005, 08:09Not After30/05/2020, 10:48SubjectCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before31/12/2015, 00:00Not After09/07/2019, 18:40SubjectCN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before24/08/2011, 00:00Not After30/05/2020, 10:48SubjectCN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate
IssuerCN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before12/09/2014, 00:00Not After12/09/2019, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17Certificate
IssuerCN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before30/03/2016, 00:00Not After30/06/2019, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate
IssuerCN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before09/05/2013, 00:00Not After08/05/2028, 23:59SubjectCN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before31/12/2015, 00:00Not After09/07/2019, 18:40SubjectCN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
2c:74:00:47:85:71:32:fd:9e:ae:4c:83:8f:76:fa:2e:82:8b:31:16:a5:3d:04:66:db:d1:63:42:11:69:aa:c0Signer
Actual PE Digest2c:74:00:47:85:71:32:fd:9e:ae:4c:83:8f:76:fa:2e:82:8b:31:16:a5:3d:04:66:db:d1:63:42:11:69:aa:c0Digest Algorithmsha256PE Digest Matchestrue8e:c6:6f:fc:4a:a1:e5:fe:44:cc:2e:f8:cf:c3:7a:51:fe:7e:cd:4fSigner
Actual PE Digest8e:c6:6f:fc:4a:a1:e5:fe:44:cc:2e:f8:cf:c3:7a:51:fe:7e:cd:4fDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\Projects\VS2005\JumpListsView\Release\JumpListsView.pdb
Imports
msvcrt
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
__p__fmode
_c_exit
_onexit
__dllonexit
strlen
qsort
_wcslwr
_itow
wcstoul
wcsrchr
malloc
__set_app_type
_controlfp
_except_handler3
_exit
_wcsicmp
wcscmp
wcschr
free
modf
_memicmp
memcmp
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
wcslen
_wtoi
_purecall
wcscpy
memset
wcscat
_snwprintf
wcsncat
comctl32
ImageList_Add
ImageList_Create
ord17
ImageList_AddMasked
ImageList_SetImageCount
CreateStatusWindowW
CreateToolbarEx
version
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
kernel32
ReadProcessMemory
GetCurrentProcess
ExitProcess
GetCurrentProcessId
OpenProcess
EnumResourceTypesW
GetTickCount
GetModuleHandleA
GetStartupInfoW
LoadResource
SetErrorMode
DeleteFileW
GetStdHandle
GetPrivateProfileStringW
FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleHandleW
MultiByteToWideChar
lstrlenW
lstrcpyW
GlobalAlloc
SystemTimeToTzSpecificLocalTime
GlobalUnlock
LoadLibraryExW
WideCharToMultiByte
GetTempPathW
GetLastError
GetLocaleInfoW
FindNextFileW
SizeofResource
GlobalLock
GetDateFormatW
GetTempFileNameW
FormatMessageW
FindClose
GetVersionExW
GetFileSize
FindFirstFileW
GetTimeFormatW
CloseHandle
GetFileAttributesW
GetWindowsDirectoryW
FileTimeToLocalFileTime
ReadFile
WriteFile
GetModuleFileNameW
GetNumberFormatW
CreateFileW
LockResource
LocalFree
FindResourceW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
user32
GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
KillTimer
DispatchMessageW
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
DrawTextExW
DeferWindowPos
GetClientRect
CreateWindowExW
SendDlgItemMessageW
EndDialog
GetWindow
SetWindowLongW
GetDlgItem
GetWindowRect
DrawFrameControl
GetDlgItemInt
SetWindowTextW
InvalidateRect
UpdateWindow
SendMessageW
SetWindowPlacement
SetDlgItemTextW
GetDlgItemTextW
EndPaint
GetWindowPlacement
SetDlgItemInt
GetSystemMetrics
BeginPaint
SetMenu
LoadAcceleratorsW
PostMessageW
DefWindowProcW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
LoadImageW
GetWindowLongW
GetSysColor
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
GetMenuStringW
GetMenuItemCount
CheckMenuItem
CloseClipboard
GetCursorPos
GetParent
SetClipboardData
EnableWindow
MapWindowPoints
GetMenu
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
SetWindowPos
GetDesktopWindow
GetWindowTextW
LoadIconW
DestroyIcon
SetTimer
IsDialogMessageW
TranslateMessage
ChildWindowFromPoint
gdi32
GetStockObject
GetTextExtentPoint32W
SetBkColor
GetDeviceCaps
GetObjectW
GetPixel
DeleteDC
SetPixel
SelectObject
CreateCompatibleDC
SetTextColor
CreateFontIndirectW
SetBkMode
DeleteObject
comdlg32
FindTextW
GetSaveFileNameW
advapi32
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
shell32
SHGetMalloc
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW
ole32
CoUninitialize
CoInitialize
StgOpenStorageEx
Sections
.text Size: 47KB - Virtual size: 46KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/nirsoft/JumpListsView/JumpListsView_AppID.txt
-
tools/nirsoft/LastActivityView/LastActivityView.exe.exe windows:4 windows x86 arch:x86
28d54068583ea348b007c0eb72f71f9c
Code Sign
42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate
IssuerCN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SENot Before07/06/2005, 08:09Not After30/05/2020, 10:48SubjectCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate
IssuerCN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SENot Before07/06/2005, 08:09Not After30/05/2020, 10:48SubjectCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before27/04/2011, 00:00Not After30/05/2020, 10:48SubjectCN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before24/08/2011, 00:00Not After30/05/2020, 10:48SubjectCN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate
IssuerCN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before02/05/2019, 00:00Not After30/05/2020, 10:48SubjectCN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate
IssuerCN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before12/09/2014, 00:00Not After12/09/2019, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
04:ed:51:36:7d:e2:1c:df:1f:c6:58:22:a8:7d:53:17:ef:07:89:baSigner
Actual PE Digest04:ed:51:36:7d:e2:1c:df:1f:c6:58:22:a8:7d:53:17:ef:07:89:baDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\Projects\VS2005\LastActivityView\Release\LastActivityView.pdb
Imports
msvcrt
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__p__fmode
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
calloc
__set_app_type
_controlfp
_except_handler3
_wcmdln
realloc
_msize
_wcslwr
strlen
_purecall
_itow
_wcsnicmp
qsort
free
modf
_memicmp
_wtoi
memcmp
wcstoul
wcsrchr
swscanf
malloc
_ultow
wcscmp
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
wcscpy
memset
_wcsicmp
wcschr
_snwprintf
wcscat
wcsncat
comctl32
CreateStatusWindowW
CreateToolbarEx
ImageList_SetImageCount
ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
kernel32
GetCurrentProcessId
ExitProcess
GetLogicalDrives
GetLongPathNameW
QueryDosDeviceW
GetVolumeInformationW
OpenProcess
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
FreeLibrary
ReadProcessMemory
DeleteFileW
SetErrorMode
CloseHandle
GetFileSize
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetDriveTypeW
CompareFileTime
GetModuleHandleW
LoadLibraryW
GetProcAddress
GetTickCount
GetWindowsDirectoryW
ExpandEnvironmentStringsW
GetLastError
GetCurrentProcess
GetDateFormatW
FindNextFileW
SizeofResource
GetTempFileNameW
GlobalLock
FormatMessageW
FindFirstFileW
GetVersionExW
FindClose
GetTimeFormatW
GetFileAttributesW
FileTimeToLocalFileTime
ReadFile
FindResourceW
WriteFile
GetModuleFileNameW
LocalFree
LoadResource
CreateFileW
TzSpecificLocalTimeToSystemTime
LockResource
SystemTimeToTzSpecificLocalTime
lstrcpyW
MultiByteToWideChar
lstrlenW
LocalFileTimeToFileTime
LoadLibraryExW
GlobalAlloc
GetSystemDirectoryW
GlobalUnlock
WideCharToMultiByte
GetTempPathW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetStdHandle
user32
ChildWindowFromPoint
LoadCursorW
SetCursor
GetSysColorBrush
ShowWindow
GetDlgItemInt
SetDlgItemInt
DeferWindowPos
CreateWindowExW
BeginPaint
EndPaint
GetWindow
GetClientRect
SendDlgItemMessageW
DrawFrameControl
EndDialog
SetWindowLongW
GetDlgItem
SetWindowTextW
UpdateWindow
SendMessageW
SetDlgItemTextW
InvalidateRect
GetDlgItemTextW
GetWindowRect
GetSystemMetrics
RegisterClassW
PostMessageW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
LoadImageW
GetSysColor
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
KillTimer
SetTimer
GetParent
MoveWindow
OpenClipboard
CheckMenuItem
GetMenuStringW
GetMenuItemCount
CloseClipboard
CheckMenuRadioItem
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
DestroyWindow
LoadStringW
GetDesktopWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DestroyIcon
LoadIconW
DrawTextExW
GetKeyState
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
DispatchMessageW
IsDialogMessageW
TranslateMessage
CreatePopupMenu
CallWindowProcW
gdi32
CreateFontIndirectW
SetTextColor
DeleteObject
DeleteDC
GetObjectW
SetBkMode
GetStockObject
GetTextExtentPoint32W
SetBkColor
GetDeviceCaps
GetPixel
SetPixel
SelectObject
CreateCompatibleDC
comdlg32
FindTextW
GetSaveFileNameW
advapi32
RegEnumValueW
RegConnectRegistryW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegQueryInfoKeyW
OpenServiceW
OpenSCManagerW
ControlService
StartServiceW
QueryServiceStatus
CloseServiceHandle
RegCloseKey
shell32
SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW
SHBindToParent
SHGetDesktopFolder
SHGetMalloc
ole32
CoInitialize
CoUninitialize
CoCreateInstance
oleaut32
VariantTimeToSystemTime
SysFreeString
SysAllocString
Sections
.text Size: 72KB - Virtual size: 71KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 62KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 22KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/nirsoft/LoadedDllsView/LoadedDllsView.exe.exe windows:4 windows x86 arch:x86
4beec026e6efb3e7f8792602b1478815
Code Sign
42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate
IssuerCN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SENot Before07/06/2005, 08:09Not After30/05/2020, 10:48SubjectCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before31/12/2015, 00:00Not After09/07/2019, 18:40SubjectCN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before24/08/2011, 00:00Not After30/05/2020, 10:48SubjectCN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate
IssuerCN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before12/09/2014, 00:00Not After12/09/2019, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17Certificate
IssuerCN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before30/03/2016, 00:00Not After30/06/2019, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate
IssuerCN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before09/05/2013, 00:00Not After08/05/2028, 23:59SubjectCN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before31/12/2015, 00:00Not After09/07/2019, 18:40SubjectCN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
94:bd:a9:35:96:50:33:41:98:60:cf:22:55:db:4f:b5:03:f9:00:2d:4a:57:34:7e:b0:fc:49:9e:b2:17:16:ecSigner
Actual PE Digest94:bd:a9:35:96:50:33:41:98:60:cf:22:55:db:4f:b5:03:f9:00:2d:4a:57:34:7e:b0:fc:49:9e:b2:17:16:ecDigest Algorithmsha256PE Digest Matchestrue77:80:6c:74:f3:85:a7:8e:33:db:f4:f7:03:68:84:a1:c5:f5:45:c0Signer
Actual PE Digest77:80:6c:74:f3:85:a7:8e:33:db:f4:f7:03:68:84:a1:c5:f5:45:c0Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\Projects\VS2005\LoadedDllsView\Release\LoadedDllsView.pdb
Imports
msvcrt
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
__p__fmode
_onexit
__dllonexit
_purecall
_wcslwr
strlen
qsort
_itow
malloc
towupper
wcscmp
__set_app_type
_controlfp
_except_handler3
_c_exit
free
modf
wcschr
_memicmp
_wtoi
memcmp
wcstoul
wcsrchr
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
_wcsnicmp
_wcsicmp
_ultow
wcscpy
memset
wcscat
_snwprintf
wcsncat
comctl32
ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked
ImageList_SetImageCount
CreateToolbarEx
CreateStatusWindowW
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
kernel32
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
ReadProcessMemory
GetCurrentProcess
GetCurrentProcessId
ExitProcess
SetErrorMode
DeleteFileW
OpenProcess
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
LoadLibraryW
GetStdHandle
GetPrivateProfileIntW
WritePrivateProfileStringW
EnumResourceNamesW
SystemTimeToFileTime
FileTimeToSystemTime
CreateFileW
CompareFileTime
CloseHandle
GetModuleHandleW
GetProcAddress
FreeLibrary
GetTickCount
GetTimeFormatW
GetFileAttributesW
GetWindowsDirectoryW
FileTimeToLocalFileTime
ReadFile
WriteFile
GetModuleFileNameW
FindResourceW
GetNumberFormatW
LoadResource
LockResource
SystemTimeToTzSpecificLocalTime
LocalFree
lstrlenW
GlobalAlloc
LoadLibraryExW
lstrcpyW
GetSystemDirectoryW
GlobalUnlock
WideCharToMultiByte
GetTempPathW
GetLocaleInfoW
GetLastError
GetDateFormatW
GetTempFileNameW
SizeofResource
FindNextFileW
GetFileSize
GlobalLock
FormatMessageW
FindFirstFileW
GetVersionExW
FindClose
GetPrivateProfileStringW
user32
FillRect
SetCapture
ReleaseCapture
TrackPopupMenu
RegisterWindowMessageW
GetKeyState
GetFocus
DrawTextExW
ChildWindowFromPoint
LoadCursorW
SetCursor
GetSysColorBrush
ShowWindow
TranslateMessage
SendMessageW
SetDlgItemTextW
GetDlgItemTextW
InvalidateRect
GetSystemMetrics
GetWindowRect
GetWindowPlacement
DeferWindowPos
GetDlgItemInt
SetDlgItemInt
GetWindow
CreateWindowExW
BeginPaint
GetClientRect
EndPaint
SendDlgItemMessageW
EndDialog
SetWindowLongW
SetWindowTextW
GetDlgItem
RegisterClassW
PostMessageW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPos
LoadAcceleratorsW
DefWindowProcW
LoadImageW
GetSysColor
GetWindowLongW
SetFocus
SetTimer
EndDeferWindowPos
GetParent
KillTimer
BeginDeferWindowPos
CloseClipboard
SetClipboardData
GetCursorPos
EnableWindow
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
MoveWindow
GetClassNameW
OpenClipboard
CheckMenuItem
GetMenuStringW
GetMenuItemCount
ScreenToClient
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
GetDesktopWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
LoadIconW
DestroyIcon
PostQuitMessage
DispatchMessageW
GetMessageW
IsDialogMessageW
UpdateWindow
gdi32
GetTextExtentPoint32W
GetStockObject
SetBkColor
PatBlt
CreateSolidBrush
GetDeviceCaps
DeleteDC
SetPixel
GetPixel
SelectObject
CreateCompatibleDC
GetObjectW
SetTextColor
CreateFontIndirectW
SetBkMode
DeleteObject
comdlg32
FindTextW
GetSaveFileNameW
advapi32
OpenProcessToken
GetTokenInformation
shell32
SHGetFileInfoW
ShellExecuteW
Sections
.text Size: 49KB - Virtual size: 49KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/nirsoft/LoadedDllsView/LoadedDllsView64.exe.exe windows:4 windows x64 arch:x64
4ef421aa13e97d91154f65a732946b78
Code Sign
42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate
IssuerCN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SENot Before07/06/2005, 08:09Not After30/05/2020, 10:48SubjectCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before31/12/2015, 00:00Not After09/07/2019, 18:40SubjectCN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before24/08/2011, 00:00Not After30/05/2020, 10:48SubjectCN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate
IssuerCN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before12/09/2014, 00:00Not After12/09/2019, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17Certificate
IssuerCN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before30/03/2016, 00:00Not After30/06/2019, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate
IssuerCN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before09/05/2013, 00:00Not After08/05/2028, 23:59SubjectCN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before31/12/2015, 00:00Not After09/07/2019, 18:40SubjectCN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
6b:9d:db:76:d2:2c:68:d7:88:a0:48:f8:17:1f:2c:b5:c2:fd:03:e6:a4:58:07:e3:a5:1c:56:d3:fa:6c:4c:3aSigner
Actual PE Digest6b:9d:db:76:d2:2c:68:d7:88:a0:48:f8:17:1f:2c:b5:c2:fd:03:e6:a4:58:07:e3:a5:1c:56:d3:fa:6c:4c:3aDigest Algorithmsha256PE Digest Matchestrue06:e0:b6:fb:b3:c4:57:74:63:4d:e6:7e:7d:64:b5:98:c7:8e:25:1dSigner
Actual PE Digest06:e0:b6:fb:b3:c4:57:74:63:4d:e6:7e:7d:64:b5:98:c7:8e:25:1dDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
c:\Projects\VS2005\LoadedDllsView\x64\Release\LoadedDllsView.pdb
Imports
msvcrt
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
__setusermatherr
__dllonexit
_purecall
_wcslwr
strlen
qsort
_itow
malloc
_memicmp
free
_commode
_fmode
__set_app_type
_onexit
modf
_wtoi
wcschr
memcmp
wcstoul
wcsrchr
towupper
wcscmp
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
memcpy
wcslen
_wcsnicmp
_wcsicmp
_ultow
wcscpy
memset
wcscat
_snwprintf
wcsncat
comctl32
ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked
ImageList_SetImageCount
CreateToolbarEx
CreateStatusWindowW
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
kernel32
Process32FirstW
ReadProcessMemory
GetCurrentProcess
GetCurrentProcessId
ExitProcess
DeleteFileW
Process32NextW
OpenProcess
CreateToolhelp32Snapshot
EnumResourceTypesW
GetStartupInfoW
GetModuleHandleW
SetErrorMode
GetStdHandle
GetPrivateProfileIntW
EnumResourceNamesW
SystemTimeToFileTime
FileTimeToSystemTime
CloseHandle
CreateFileW
CompareFileTime
GetProcAddress
FreeLibrary
LoadLibraryW
GetTickCount
GetVersionExW
GetTimeFormatW
FindNextFileW
FindClose
GetFileAttributesW
WriteFile
FindResourceW
ReadFile
LoadResource
GetModuleFileNameW
SystemTimeToTzSpecificLocalTime
LoadLibraryExW
GlobalAlloc
GetWindowsDirectoryW
GetSystemDirectoryW
FileTimeToLocalFileTime
lstrlenW
WideCharToMultiByte
GetNumberFormatW
LockResource
GetDateFormatW
LocalFree
GetTempFileNameW
GlobalUnlock
lstrcpyW
GetTempPathW
GetLocaleInfoW
GetFileSize
GlobalLock
SizeofResource
GetLastError
FindFirstFileW
FormatMessageW
GetPrivateProfileStringW
WritePrivateProfileStringW
user32
ReleaseCapture
FillRect
SetCapture
DrawTextExW
TranslateMessage
IsDialogMessageW
ChildWindowFromPoint
LoadCursorW
SetCursor
GetSysColorBrush
ShowWindow
SendDlgItemMessageW
GetMessageW
EndDialog
EndPaint
SetWindowTextW
GetDlgItem
UpdateWindow
SendMessageW
SetDlgItemTextW
GetDlgItemTextW
InvalidateRect
SetWindowLongPtrW
GetSystemMetrics
GetWindowPlacement
DeferWindowPos
GetWindowRect
SetDlgItemInt
CreateWindowExW
GetWindow
GetDlgItemInt
BeginPaint
GetClientRect
SetMenu
SetWindowPos
TranslateAcceleratorW
LoadAcceleratorsW
DefWindowProcW
RegisterClassW
MessageBoxW
PostMessageW
LoadImageW
GetSysColor
SetWindowLongW
GetWindowLongW
SetFocus
EndDeferWindowPos
GetParent
BeginDeferWindowPos
KillTimer
SetTimer
SetClipboardData
GetCursorPos
EnableWindow
GetMenuStringW
MapWindowPoints
ScreenToClient
CloseClipboard
GetMenu
EmptyClipboard
MoveWindow
GetDC
EnableMenuItem
ReleaseDC
OpenClipboard
GetClassNameW
GetSubMenu
CheckMenuItem
GetMenuItemCount
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
LoadIconW
DestroyIcon
GetFocus
GetKeyState
RegisterWindowMessageW
DispatchMessageW
TrackPopupMenu
PostQuitMessage
gdi32
GetTextExtentPoint32W
GetStockObject
SetBkColor
CreateSolidBrush
GetDeviceCaps
PatBlt
CreateCompatibleDC
GetObjectW
DeleteDC
SetPixel
GetPixel
SelectObject
SetTextColor
CreateFontIndirectW
SetBkMode
DeleteObject
comdlg32
FindTextW
GetSaveFileNameW
advapi32
RegQueryValueExW
GetTokenInformation
RegOpenKeyExW
RegCloseKey
OpenProcessToken
shell32
SHGetFileInfoW
ShellExecuteW
Sections
.text Size: 74KB - Virtual size: 74KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/nirsoft/RecentFilesView/RecentFilesView.exe.exe windows:4 windows x86 arch:x86
Code Sign
42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate
IssuerCN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SENot Before07/06/2005, 08:09Not After30/05/2020, 10:48SubjectCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before31/12/2015, 00:00Not After09/07/2019, 18:40SubjectCN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before24/08/2011, 00:00Not After30/05/2020, 10:48SubjectCN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate
IssuerCN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before12/09/2014, 00:00Not After12/09/2019, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17Certificate
IssuerCN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before30/03/2016, 00:00Not After30/06/2019, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate
IssuerCN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before09/05/2013, 00:00Not After08/05/2028, 23:59SubjectCN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before31/12/2015, 00:00Not After09/07/2019, 18:40SubjectCN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
18:30:04:81:57:f7:64:ab:79:f0:db:42:ad:23:c7:4b:fb:ec:e8:e2:f1:d4:07:77:ad:ce:ab:fd:52:a5:53:73Signer
Actual PE Digest18:30:04:81:57:f7:64:ab:79:f0:db:42:ad:23:c7:4b:fb:ec:e8:e2:f1:d4:07:77:ad:ce:ab:fd:52:a5:53:73Digest Algorithmsha256PE Digest Matchestrue8a:ba:65:93:92:48:ce:e9:49:47:12:09:31:f9:0c:8d:8b:1f:27:f9Signer
Actual PE Digest8a:ba:65:93:92:48:ce:e9:49:47:12:09:31:f9:0c:8d:8b:1f:27:f9Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 48KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 29KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/nirsoft/RegDllView/RegDllView.cfg
-
tools/nirsoft/RegDllView/RegDllView.exe.exe windows:4 windows x86 arch:x86
Code Sign
42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate
IssuerCN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SENot Before07/06/2005, 08:09Not After30/05/2020, 10:48SubjectCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before05/05/2015, 00:00Not After31/12/2015, 23:59SubjectCN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before24/08/2011, 00:00Not After30/05/2020, 10:48SubjectCN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate
IssuerCN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before12/09/2014, 00:00Not After12/09/2019, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
16:e0:6b:56:65:8f:a3:f8:44:fc:88:78:51:00:8a:da:77:ed:ca:c8Signer
Actual PE Digest16:e0:6b:56:65:8f:a3:f8:44:fc:88:78:51:00:8a:da:77:ed:ca:c8Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 56KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 33KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 47KB - Virtual size: 46KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/nirsoft/RegDllView/RegDllView64.exe.exe windows:4 windows x64 arch:x64
d224290a3197554f9652aafa3568ae64
Code Sign
42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate
IssuerCN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SENot Before07/06/2005, 08:09Not After30/05/2020, 10:48SubjectCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before05/05/2015, 00:00Not After31/12/2015, 23:59SubjectCN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before24/08/2011, 00:00Not After30/05/2020, 10:48SubjectCN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate
IssuerCN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before12/09/2014, 00:00Not After12/09/2019, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
77:aa:7d:ef:14:b8:e3:65:13:83:23:d2:f4:1a:9b:26:16:f3:a3:eaSigner
Actual PE Digest77:aa:7d:ef:14:b8:e3:65:13:83:23:d2:f4:1a:9b:26:16:f3:a3:eaDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
c:\Projects\VS2005\RegDllView\x64\Release\RegDllView.pdb
Imports
msvcrt
_initterm
__getmainargs
_acmdln
exit
_cexit
_exit
_c_exit
__setusermatherr
__C_specific_handler
_onexit
__dllonexit
_mbsnbicmp
_purecall
_mbslwr
qsort
_itoa
_mbscmp
_mbsrchr
_commode
_fmode
__set_app_type
_XcptFilter
memcmp
_memicmp
_mbschr
_mbsnbcpy
strtoul
malloc
atoi
free
modf
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memset
strlen
_ultoa
memcpy
sprintf
_mbsicmp
strcpy
_mbsnbcat
_snprintf
strcat
comctl32
ImageList_Create
CreateToolbarEx
ImageList_ReplaceIcon
ord17
ImageList_AddMasked
ImageList_SetImageCount
ord6
version
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA
kernel32
OpenProcess
GetCurrentProcess
GetCurrentProcessId
ExitProcess
ReadProcessMemory
DeleteFileA
SetErrorMode
GlobalFree
ExpandEnvironmentStringsA
GetLongPathNameA
Sleep
GetCurrentThreadId
WinExec
EnumResourceTypesA
GetStartupInfoA
CloseHandle
EnumResourceNamesA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
CompareFileTime
GetProcAddress
LoadLibraryA
FileTimeToSystemTime
FreeLibrary
SystemTimeToFileTime
CreateFileA
GetLastError
LoadLibraryExA
FindNextFileA
LocalFree
ReadFile
GetSystemDirectoryA
GetTempFileNameA
lstrcpyA
FindClose
GetModuleHandleA
GetFileSize
GlobalLock
FindResourceA
GlobalAlloc
MultiByteToWideChar
GetTimeFormatA
lstrlenA
SizeofResource
GlobalUnlock
LockResource
GetFileAttributesA
FindFirstFileA
GetVersionExA
FormatMessageA
LoadResource
FileTimeToLocalFileTime
GetWindowsDirectoryA
SystemTimeToTzSpecificLocalTime
GetTempPathA
GetDateFormatA
GetModuleFileNameA
WriteFile
user32
ReleaseCapture
BeginPaint
EndPaint
FillRect
SetCapture
GetWindowThreadProcessId
SetForegroundWindow
AttachThreadInput
LoadCursorA
ShowWindow
SetCursor
ChildWindowFromPoint
GetSysColorBrush
SetWindowTextA
SendDlgItemMessageA
EnumWindows
GetDlgItemInt
EndDialog
GetDlgItem
CreateWindowExA
SetDlgItemTextA
SetWindowPos
DefWindowProcA
RegisterClassA
TranslateAcceleratorA
UpdateWindow
MessageBoxA
GetWindowRect
GetSystemMetrics
GetWindowPlacement
PostMessageA
SetMenu
SendMessageA
LoadAcceleratorsA
LoadIconA
LoadImageA
GetWindowLongA
SetWindowLongA
InvalidateRect
SetFocus
MoveWindow
OpenClipboard
GetMenu
CheckMenuItem
EmptyClipboard
EnableMenuItem
ReleaseDC
GetDC
GetMenuItemCount
GetParent
ScreenToClient
GetMenuStringA
SetClipboardData
EnableWindow
GetSubMenu
MapWindowPoints
GetClassNameA
GetCursorPos
CloseClipboard
GetClientRect
GetSysColor
EnumChildWindows
GetMenuItemInfoA
LoadMenuA
ModifyMenuA
LoadStringA
DialogBoxParamA
GetDlgCtrlID
DestroyMenu
GetWindowTextA
CreateDialogParamA
DestroyWindow
PostQuitMessage
DrawTextExA
RegisterWindowMessageA
EndDeferWindowPos
GetMessageA
BeginDeferWindowPos
GetFocus
DeferWindowPos
DispatchMessageA
GetKeyState
TranslateMessage
IsDialogMessageA
TrackPopupMenu
PeekMessageA
SetDlgItemInt
gdi32
SetTextColor
CreateFontIndirectA
SetBkColor
GetStockObject
GetTextExtentPoint32A
SelectObject
PatBlt
GetDeviceCaps
CreateSolidBrush
SetBkMode
DeleteObject
comdlg32
FindTextA
GetSaveFileNameA
GetOpenFileNameA
advapi32
RegQueryInfoKeyA
RegDeleteKeyA
RegQueryValueExA
RegEnumKeyExA
RegEnumKeyA
RegOpenKeyExA
RegCloseKey
shell32
DragFinish
DragAcceptFiles
DragQueryFileA
ShellExecuteExA
ShellExecuteA
ole32
CoInitialize
CoUninitialize
Sections
.text Size: 72KB - Virtual size: 72KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/nirsoft/ShellBagsView/ShellBagsView.exe.exe windows:4 windows x86 arch:x86
Code Sign
f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate
IssuerCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before09/09/2019, 00:00Not After09/09/2023, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/11/2018, 00:00Not After31/12/2030, 23:59SubjectCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before02/05/2019, 00:00Not After01/08/2030, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
fc:b0:11:8c:23:7a:7d:a5:fd:ac:a0:28:ad:6a:c9:b8:ba:56:98:4a:f2:d2:35:45:90:fe:da:4d:90:40:e5:afSigner
Actual PE Digestfc:b0:11:8c:23:7a:7d:a5:fd:ac:a0:28:ad:6a:c9:b8:ba:56:98:4a:f2:d2:35:45:90:fe:da:4d:90:40:e5:afDigest Algorithmsha256PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 56KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 32KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
tools/nirsoft/SimpleWMIView/SimpleWMIView.exe.exe windows:4 windows x86 arch:x86
c35adf648c97e96cbea03565c6a21c2b
Code Sign
f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate
IssuerCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before09/09/2019, 00:00Not After09/09/2023, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/11/2018, 00:00Not After31/12/2030, 23:59SubjectCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before02/05/2019, 00:00Not After01/08/2030, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
80:4e:ce:d0:37:d4:5f:e0:23:40:8f:88:f7:14:3b:dd:5a:4b:ad:b8:f6:74:91:44:5b:04:5e:84:c1:ef:1e:51Signer
Actual PE Digest80:4e:ce:d0:37:d4:5f:e0:23:40:8f:88:f7:14:3b:dd:5a:4b:ad:b8:f6:74:91:44:5b:04:5e:84:c1:ef:1e:51Digest Algorithmsha256PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\Projects\VS2005\SimpleWMIView\Release\SimpleWMIView.pdb
Imports
msvcrt
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
_wtoi64
_wcslwr
strlen
qsort
_wcsnicmp
memmove
malloc
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
free
wcschr
_memicmp
modf
memcmp
wcstoul
wcsrchr
wcsncmp
wcslen
_itow
??3@YAXPAX@Z
_purecall
_wtoi
swscanf
_ui64tow
wcscmp
_wcsicmp
_ultow
memcpy
??2@YAPAXI@Z
_i64tow
wcscpy
memset
wcsncat
_snwprintf
wcscat
comctl32
ord17
ImageList_Add
ImageList_SetImageCount
ImageList_AddMasked
CreateStatusWindowW
CreateToolbarEx
ImageList_Create
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
kernel32
GetCurrentProcess
ReadProcessMemory
ExitProcess
ExpandEnvironmentStringsW
GetCurrentDirectoryW
CreateProcessW
SetErrorMode
DeleteFileW
GetStdHandle
EnumResourceTypesW
GetCurrentThreadId
GetModuleHandleA
GetStartupInfoW
GetTickCount
GetPrivateProfileStringW
EnumResourceNamesW
GetPrivateProfileIntW
WritePrivateProfileStringW
FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
GetProcAddress
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetFileAttributesW
CloseHandle
GetWindowsDirectoryW
FileTimeToLocalFileTime
WriteFile
ReadFile
GetModuleFileNameW
FindResourceW
LockResource
CreateFileW
LoadResource
GetCurrentProcessId
OpenProcess
SystemTimeToTzSpecificLocalTime
LocalFree
GlobalAlloc
lstrlenW
LoadLibraryExW
GetSystemDirectoryW
lstrcpyW
GlobalUnlock
WideCharToMultiByte
GetTempPathW
GetLastError
GetDateFormatW
GlobalLock
GetTempFileNameW
SizeofResource
GetFileSize
FormatMessageW
GetVersionExW
GetTimeFormatW
user32
WaitMessage
PostThreadMessageW
SetForegroundWindow
MonitorFromWindow
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetCursor
GetClientRect
CreateWindowExW
SendDlgItemMessageW
GetWindow
EndDialog
SetWindowLongW
GetDlgItem
GetWindowRect
DrawFrameControl
GetDlgItemInt
SetWindowTextW
InvalidateRect
UpdateWindow
SendMessageW
SetDlgItemTextW
EndPaint
GetDlgItemTextW
GetWindowPlacement
SetDlgItemInt
GetSystemMetrics
BeginPaint
DeferWindowPos
SetMenu
SetWindowPos
LoadAcceleratorsW
PostMessageW
DefWindowProcW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
GetParent
LoadImageW
GetWindowLongW
GetSysColor
SetFocus
KillTimer
EndDeferWindowPos
BeginDeferWindowPos
SetTimer
SetClipboardData
EnableWindow
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
CheckMenuItem
GetMenuItemCount
GetMenuStringW
CheckMenuRadioItem
CloseClipboard
GetCursorPos
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
GetDesktopWindow
GetWindowTextW
LoadMenuW
LoadIconW
DispatchMessageW
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
IsDialogMessageW
TranslateMessage
DrawTextExW
GetKeyState
PeekMessageW
GetMonitorInfoW
gdi32
DeleteObject
SetTextColor
CreateFontIndirectW
CreateCompatibleDC
SetBkMode
SetBkColor
GetStockObject
GetTextExtentPoint32W
GetDeviceCaps
GetObjectW
GetPixel
DeleteDC
SetPixel
SelectObject
comdlg32
ChooseFontW
FindTextW
GetSaveFileNameW
advapi32
OpenProcessToken
GetTokenInformation
shell32
Shell_NotifyIconW
SHGetFileInfoW
ShellExecuteW
ShellExecuteExW
ole32
CoSetProxyBlanket
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance
oleaut32
VariantClear
SafeArrayDestroy
SysFreeString
Sections
.text Size: 56KB - Virtual size: 55KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 22KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/nirsoft/SimpleWMIView/SimpleWMIView64.exe.exe windows:4 windows x64 arch:x64
bf229ab9c576664c7eef52bc0f2407a0
Code Sign
f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate
IssuerCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before09/09/2019, 00:00Not After09/09/2023, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/11/2018, 00:00Not After31/12/2030, 23:59SubjectCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before02/05/2019, 00:00Not After01/08/2030, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
47:f7:4d:7d:9b:49:84:ba:a0:d7:02:5f:79:22:91:fe:84:fb:62:dd:6d:9f:66:7b:83:8f:69:61:cc:d7:15:beSigner
Actual PE Digest47:f7:4d:7d:9b:49:84:ba:a0:d7:02:5f:79:22:91:fe:84:fb:62:dd:6d:9f:66:7b:83:8f:69:61:cc:d7:15:beDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
c:\Projects\VS2005\SimpleWMIView\x64\Release\SimpleWMIView.pdb
Imports
msvcrt
__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
_initterm
_onexit
__dllonexit
_wtoi64
_wcslwr
strlen
qsort
_wcsnicmp
memmove
free
modf
wcschr
__setusermatherr
_commode
_fmode
__set_app_type
__C_specific_handler
memcmp
wcsrchr
wcstoul
_memicmp
malloc
wcsncmp
wcslen
_itow
??3@YAXPEAX@Z
_purecall
_wtoi
_ui64tow
wcscmp
swscanf
??2@YAPEAX_K@Z
_i64tow
_wcsicmp
_ultow
memcpy
wcscpy
memset
wcsncat
_snwprintf
wcscat
comctl32
ImageList_Create
ord17
ImageList_AddMasked
ImageList_SetImageCount
CreateToolbarEx
CreateStatusWindowW
ImageList_Add
version
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
kernel32
ExpandEnvironmentStringsW
ExitProcess
GetCurrentProcess
ReadProcessMemory
DeleteFileW
GetCurrentDirectoryW
CreateProcessW
SetErrorMode
EnumResourceTypesW
GetCurrentThreadId
GetStartupInfoW
GetTickCount
GetStdHandle
GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleHandleW
GetFileSize
GlobalUnlock
LocalFree
GlobalLock
GetTempPathW
lstrcpyW
SizeofResource
GetLastError
FormatMessageW
GetVersionExW
GetTimeFormatW
WriteFile
GetFileAttributesW
FindResourceW
LoadResource
SystemTimeToTzSpecificLocalTime
ReadFile
GetModuleFileNameW
LoadLibraryExW
OpenProcess
CreateFileW
GlobalAlloc
GetSystemDirectoryW
CloseHandle
GetWindowsDirectoryW
GetDateFormatW
FileTimeToLocalFileTime
WideCharToMultiByte
lstrlenW
GetTempFileNameW
LockResource
GetCurrentProcessId
EnumResourceNamesW
user32
PostThreadMessageW
WaitMessage
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetCursor
EndPaint
DeferWindowPos
BeginPaint
CreateWindowExW
GetClientRect
SendDlgItemMessageW
GetWindow
EndDialog
GetDlgItem
DrawFrameControl
SetWindowTextW
UpdateWindow
InvalidateRect
SendMessageW
GetWindowRect
SetDlgItemTextW
GetDlgItemTextW
GetDlgItemInt
SetWindowLongPtrW
GetWindowPlacement
SetDlgItemInt
GetSystemMetrics
PostMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPos
LoadAcceleratorsW
DefWindowProcW
GetParent
LoadImageW
GetWindowLongW
GetSysColor
SetWindowLongW
SetFocus
EndDeferWindowPos
KillTimer
BeginDeferWindowPos
SetTimer
CheckMenuItem
GetSubMenu
GetMenuItemCount
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
CheckMenuRadioItem
GetMenuStringW
CloseClipboard
GetMenu
MoveWindow
EmptyClipboard
OpenClipboard
EnableMenuItem
GetDC
ReleaseDC
GetClassNameW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
LoadIconW
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
IsDialogMessageW
GetMessageW
TranslateMessage
DrawTextExW
GetKeyState
DispatchMessageW
PeekMessageW
GetMonitorInfoW
MonitorFromWindow
SetForegroundWindow
gdi32
DeleteObject
SetTextColor
CreateFontIndirectW
CreateCompatibleDC
SetBkMode
GetTextExtentPoint32W
GetStockObject
SetBkColor
GetDeviceCaps
GetObjectW
DeleteDC
GetPixel
SetPixel
SelectObject
comdlg32
ChooseFontW
FindTextW
GetSaveFileNameW
advapi32
OpenProcessToken
GetTokenInformation
shell32
Shell_NotifyIconW
ShellExecuteExW
ShellExecuteW
SHGetFileInfoW
ole32
CoSetProxyBlanket
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoUninitialize
oleaut32
SafeArrayDestroy
SysFreeString
VariantClear
Sections
.text Size: 85KB - Virtual size: 85KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 22KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/nirsoft/TaskSchedulerView/TaskSchedulerView.exe.exe windows:4 windows x86 arch:x86
c04e43c885c2218db30c74077c84bafa
Code Sign
f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate
IssuerCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before09/09/2019, 00:00Not After09/09/2023, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/11/2018, 00:00Not After31/12/2030, 23:59SubjectCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before02/05/2019, 00:00Not After01/08/2030, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ed:91:70:35:4b:26:2e:16:59:e5:db:0d:a4:9d:ff:cb:18:6e:9f:3d:2c:23:0a:4a:37:74:d9:79:54:5b:04:67Signer
Actual PE Digested:91:70:35:4b:26:2e:16:59:e5:db:0d:a4:9d:ff:cb:18:6e:9f:3d:2c:23:0a:4a:37:74:d9:79:54:5b:04:67Digest Algorithmsha256PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\Projects\VS2005\TaskSchedulerView\Release\TaskSchedulerView.pdb
Imports
msvcrt
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__p__commode
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
__p__fmode
__set_app_type
_controlfp
_except_handler3
_wcmdln
_wcslwr
strlen
qsort
memmove
malloc
wcscmp
free
wcschr
modf
_memicmp
memcmp
wcstoul
wcsrchr
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
_purecall
_wcsicmp
_ultow
_wcsnicmp
_itow
_wtoi
wcscpy
memset
_snwprintf
wcscat
wcsncat
comctl32
ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked
ImageList_SetImageCount
CreateToolbarEx
CreateStatusWindowW
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
kernel32
GetCurrentProcess
ReadProcessMemory
OpenProcess
ExpandEnvironmentStringsW
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
GetTickCount
GetCurrentProcessId
SystemTimeToFileTime
FileTimeToSystemTime
CompareFileTime
GetProcAddress
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetFileSize
FormatMessageW
GetVersionExW
GetTimeFormatW
CloseHandle
GetFileAttributesW
GetWindowsDirectoryW
ReadFile
WriteFile
GetModuleFileNameW
FindResourceW
CreateFileW
TzSpecificLocalTimeToSystemTime
LockResource
LoadResource
LocalFree
lstrlenW
GlobalAlloc
lstrcpyW
LoadLibraryExW
GetSystemDirectoryW
GlobalUnlock
LocalFileTimeToFileTime
WideCharToMultiByte
GetTempPathW
GetLastError
GetDateFormatW
GetTempFileNameW
SizeofResource
GlobalLock
EnumResourceNamesW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetStdHandle
SetErrorMode
DeleteFileW
ExitProcess
user32
ChildWindowFromPoint
GetDC
ReleaseDC
LoadCursorW
SetCursor
GetSysColorBrush
ShowWindow
DrawFrameControl
SendDlgItemMessageW
EndDialog
SetWindowLongW
SetWindowTextW
GetDlgItem
UpdateWindow
SendMessageW
SetDlgItemTextW
GetDlgItemTextW
InvalidateRect
GetSystemMetrics
GetWindowRect
GetWindowPlacement
DeferWindowPos
GetDlgItemInt
SetDlgItemInt
CreateWindowExW
GetWindow
BeginPaint
SetWindowPlacement
GetClientRect
EndPaint
LoadAcceleratorsW
DefWindowProcW
RegisterClassW
PostMessageW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPos
LoadImageW
GetSysColor
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
SetTimer
GetParent
KillTimer
CheckMenuItem
GetMenuStringW
GetMenuItemCount
CheckMenuRadioItem
CloseClipboard
SetClipboardData
GetCursorPos
EnableWindow
MapWindowPoints
GetMenu
GetSubMenu
EmptyClipboard
EnableMenuItem
GetClassNameW
MoveWindow
OpenClipboard
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
GetDesktopWindow
GetWindowTextW
LoadIconW
DestroyIcon
GetKeyState
DispatchMessageW
RegisterWindowMessageW
TrackPopupMenu
IsDialogMessageW
PostQuitMessage
TranslateMessage
GetMessageW
DrawTextExW
MonitorFromWindow
GetMonitorInfoW
SetForegroundWindow
gdi32
GetDeviceCaps
SetBkMode
DeleteObject
SetTextColor
CreateFontIndirectW
GetStockObject
SetBkColor
GetTextExtentPoint32W
GetObjectW
DeleteDC
SetPixel
GetPixel
SelectObject
CreateCompatibleDC
comdlg32
ChooseFontW
FindTextW
GetSaveFileNameW
advapi32
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
OpenServiceW
OpenSCManagerW
ControlService
StartServiceW
QueryServiceStatus
ChangeServiceConfigW
RegConnectRegistryW
CloseServiceHandle
shell32
SHGetFileInfoW
Shell_NotifyIconW
ShellExecuteW
ShellExecuteExW
ole32
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoInitializeEx
oleaut32
SysFreeString
SysAllocString
VariantTimeToSystemTime
Sections
.text Size: 56KB - Virtual size: 55KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/nirsoft/TaskSchedulerView/TaskSchedulerView64.exe.exe windows:4 windows x64 arch:x64
57a3805344194dca149f4301229e3eca
Code Sign
f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate
IssuerCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before09/09/2019, 00:00Not After09/09/2023, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/11/2018, 00:00Not After31/12/2030, 23:59SubjectCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before02/05/2019, 00:00Not After01/08/2030, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
91:bc:70:d0:93:29:23:d4:8c:21:f7:1f:b8:4f:90:5d:da:57:8a:7a:39:79:a4:eb:4a:7e:53:82:a4:aa:78:d9Signer
Actual PE Digest91:bc:70:d0:93:29:23:d4:8c:21:f7:1f:b8:4f:90:5d:da:57:8a:7a:39:79:a4:eb:4a:7e:53:82:a4:aa:78:d9Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
c:\Projects\VS2005\TaskSchedulerView\x64\Release\TaskSchedulerView.pdb
Imports
msvcrt
__wgetmainargs
_wcmdln
exit
_initterm
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
__setusermatherr
_commode
_fmode
__set_app_type
_cexit
strlen
qsort
_wcslwr
memmove
free
modf
wcschr
memcmp
wcstoul
wcsrchr
wcscmp
malloc
_memicmp
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memcpy
wcslen
_wcsnicmp
_itow
_wtoi
_purecall
_wcsicmp
_ultow
wcscpy
_snwprintf
wcscat
memset
wcsncat
comctl32
ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked
ImageList_SetImageCount
CreateStatusWindowW
CreateToolbarEx
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
kernel32
ExitProcess
OpenProcess
ExpandEnvironmentStringsW
EnumResourceTypesW
GetStartupInfoW
ReadProcessMemory
SystemTimeToFileTime
FileTimeToSystemTime
CompareFileTime
GetProcAddress
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetTickCount
GetTempPathW
LocalFileTimeToFileTime
GetFileSize
GlobalLock
SizeofResource
GetLastError
FormatMessageW
GetVersionExW
GetTimeFormatW
GetFileAttributesW
WriteFile
FindResourceW
TzSpecificLocalTimeToSystemTime
ReadFile
LoadResource
GetModuleFileNameW
CreateFileW
CloseHandle
GetWindowsDirectoryW
LoadLibraryExW
GlobalAlloc
GetSystemDirectoryW
lstrlenW
WideCharToMultiByte
LockResource
LocalFree
lstrcpyW
GetDateFormatW
GlobalUnlock
GetTempFileNameW
EnumResourceNamesW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetStdHandle
SetErrorMode
DeleteFileW
GetCurrentProcessId
GetCurrentProcess
user32
ReleaseDC
GetDC
LoadCursorW
GetSysColorBrush
SetCursor
ShowWindow
GetWindowPlacement
DeferWindowPos
GetWindowRect
SetDlgItemInt
CreateWindowExW
GetDlgItemInt
GetWindow
BeginPaint
GetClientRect
SetWindowPlacement
SendDlgItemMessageW
DrawFrameControl
EndDialog
EndPaint
SetWindowTextW
GetDlgItem
UpdateWindow
SendMessageW
SetDlgItemTextW
GetDlgItemTextW
InvalidateRect
SetWindowLongPtrW
GetSystemMetrics
DefWindowProcW
RegisterClassW
MessageBoxW
PostMessageW
SetMenu
SetWindowPos
TranslateAcceleratorW
LoadAcceleratorsW
LoadImageW
GetSysColor
SetWindowLongW
GetWindowLongW
EndDeferWindowPos
ChildWindowFromPoint
SetFocus
GetParent
KillTimer
SetTimer
CheckMenuItem
GetMenuItemCount
SetClipboardData
GetCursorPos
CheckMenuRadioItem
GetMenuStringW
EnableWindow
MapWindowPoints
CloseClipboard
GetMenu
EmptyClipboard
MoveWindow
EnableMenuItem
OpenClipboard
GetClassNameW
GetSubMenu
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
LoadIconW
DestroyIcon
GetKeyState
DispatchMessageW
IsDialogMessageW
RegisterWindowMessageW
TranslateMessage
TrackPopupMenu
PostQuitMessage
GetMessageW
DrawTextExW
MonitorFromWindow
GetMonitorInfoW
SetForegroundWindow
BeginDeferWindowPos
gdi32
GetDeviceCaps
SetBkMode
SetTextColor
SelectObject
CreateFontIndirectW
GetStockObject
SetBkColor
GetTextExtentPoint32W
CreateCompatibleDC
GetObjectW
DeleteDC
SetPixel
GetPixel
DeleteObject
comdlg32
ChooseFontW
FindTextW
GetSaveFileNameW
advapi32
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
QueryServiceStatus
RegConnectRegistryW
CloseServiceHandle
ChangeServiceConfigW
OpenServiceW
ControlService
StartServiceW
OpenSCManagerW
shell32
SHGetFileInfoW
Shell_NotifyIconW
ShellExecuteW
ShellExecuteExW
ole32
CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitializeSecurity
oleaut32
VariantTimeToSystemTime
SysFreeString
SysAllocString
Sections
.text Size: 87KB - Virtual size: 86KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/nirsoft/UserAssistView/UserAssistView.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 48KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 25KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
tools/nirsoft/UserProfilesView/UserProfilesView.exe.exe windows:4 windows x86 arch:x86
Code Sign
42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate
IssuerCN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SENot Before07/06/2005, 08:09Not After30/05/2020, 10:48SubjectCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before05/05/2015, 00:00Not After31/12/2015, 23:59SubjectCN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before24/08/2011, 00:00Not After30/05/2020, 10:48SubjectCN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate
IssuerCN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before12/09/2014, 00:00Not After12/09/2019, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
b1:4c:ba:de:42:32:31:96:f1:66:11:aa:92:4d:8f:43:51:87:4b:a2Signer
Actual PE Digestb1:4c:ba:de:42:32:31:96:f1:66:11:aa:92:4d:8f:43:51:87:4b:a2Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 48KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 26KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
tools/nirsoft/WinUpdatesList/wul.exe.exe windows:4 windows x86 arch:x86
Code Sign
42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate
IssuerCN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SENot Before07/06/2005, 08:09Not After30/05/2020, 10:48SubjectCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before31/12/2015, 00:00Not After09/07/2019, 18:40SubjectCN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before24/08/2011, 00:00Not After30/05/2020, 10:48SubjectCN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate
IssuerCN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before12/09/2014, 00:00Not After12/09/2019, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17Certificate
IssuerCN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before30/03/2016, 00:00Not After30/06/2019, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate
IssuerCN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before09/05/2013, 00:00Not After08/05/2028, 23:59SubjectCN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before31/12/2015, 00:00Not After09/07/2019, 18:40SubjectCN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
20:2a:bb:34:81:a3:d9:68:6d:ee:b8:c8:8a:1b:71:7c:cc:78:7a:a7:39:09:26:2b:0b:f0:17:60:14:91:e6:33Signer
Actual PE Digest20:2a:bb:34:81:a3:d9:68:6d:ee:b8:c8:8a:1b:71:7c:cc:78:7a:a7:39:09:26:2b:0b:f0:17:60:14:91:e6:33Digest Algorithmsha256PE Digest Matchestrue78:83:85:a3:a6:dc:c0:4e:fe:c6:a8:f0:c9:f9:3a:89:bc:6a:74:3cSigner
Actual PE Digest78:83:85:a3:a6:dc:c0:4e:fe:c6:a8:f0:c9:f9:3a:89:bc:6a:74:3cDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 44KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 29KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
tools/nirsoft/WinUpdatesView/WinUpdatesView.exe.exe windows:4 windows x86 arch:x86
bfb28808ff7a88a88155d2461a10e84e
Code Sign
f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate
IssuerCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before09/09/2019, 00:00Not After09/09/2023, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/11/2018, 00:00Not After31/12/2030, 23:59SubjectCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before02/05/2019, 00:00Not After01/08/2030, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ec:23:a7:cd:e6:d8:a7:84:81:37:c0:dd:6e:36:3a:00:2d:85:0e:3d:f7:12:83:1c:66:7b:ec:98:bc:2b:e1:eeSigner
Actual PE Digestec:23:a7:cd:e6:d8:a7:84:81:37:c0:dd:6e:36:3a:00:2d:85:0e:3d:f7:12:83:1c:66:7b:ec:98:bc:2b:e1:eeDigest Algorithmsha256PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\Projects\VS2005\WinUpdatesView\Release\WinUpdatesView.pdb
Imports
msvcrt
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
__p__commode
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
strlen
qsort
_wcslwr
_itow
__p__fmode
__set_app_type
_controlfp
_except_handler3
_cexit
malloc
wcscmp
_wcsnicmp
wcsncmp
free
modf
wcsrchr
wcstoul
wcsncpy
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
_purecall
_wcsicmp
wcschr
wcslen
_ultow
_wtoi
wcscpy
memset
wcsncat
_snwprintf
wcscat
comctl32
ImageList_Add
CreateToolbarEx
CreateStatusWindowW
ImageList_ReplaceIcon
ImageList_Create
ord17
ImageList_AddMasked
ImageList_SetImageCount
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
kernel32
ExitProcess
OpenProcess
EnumResourceTypesW
Sleep
GetModuleHandleA
GetStartupInfoW
SetFilePointerEx
GetCurrentProcessId
ReadProcessMemory
SetErrorMode
ExpandEnvironmentStringsW
SystemTimeToFileTime
FileTimeToSystemTime
CompareFileTime
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetTickCount
CloseHandle
GetLastError
FormatMessageW
GetVersionExW
GetWindowsDirectoryW
GetTimeFormatW
FileTimeToLocalFileTime
GetFileAttributesW
WriteFile
FindResourceW
LoadResource
ReadFile
LockResource
GetModuleFileNameW
SystemTimeToTzSpecificLocalTime
LocalFree
CreateFileW
GlobalAlloc
lstrcpyW
LoadLibraryExW
GetSystemDirectoryW
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
GlobalUnlock
GetCurrentProcess
GetTempPathW
GetDateFormatW
GlobalLock
SizeofResource
WritePrivateProfileStringW
EnumResourceNamesW
GetPrivateProfileIntW
FreeLibrary
GetPrivateProfileStringW
GetStdHandle
DeleteFileW
GetCurrentDirectoryW
user32
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
GetDC
ReleaseDC
SetCursor
LoadCursorW
GetSystemMetrics
GetWindowRect
GetWindowPlacement
DeferWindowPos
GetDlgItemInt
SetDlgItemInt
CreateWindowExW
GetWindow
BeginPaint
EndPaint
GetClientRect
SetWindowPos
SendDlgItemMessageW
DrawFrameControl
EndDialog
SetWindowLongW
SetWindowTextW
GetDlgItem
UpdateWindow
SendMessageW
SetDlgItemTextW
GetDlgItemTextW
InvalidateRect
DefWindowProcW
PostMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetMenu
GetForegroundWindow
LoadAcceleratorsW
LoadImageW
LoadIconW
GetWindowLongW
GetSysColor
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
KillTimer
SetTimer
GetParent
GetMenuItemCount
GetMenuStringW
CloseClipboard
SetClipboardData
GetCursorPos
EnableWindow
MapWindowPoints
GetMenu
GetSubMenu
EmptyClipboard
EnableMenuItem
GetClassNameW
MoveWindow
OpenClipboard
CheckMenuItem
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
GetDesktopWindow
GetWindowTextW
LoadMenuW
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
DispatchMessageW
IsDialogMessageW
TranslateMessage
DrawTextExW
GetKeyState
GetMonitorInfoW
MonitorFromWindow
gdi32
DeleteObject
SetBkMode
SetTextColor
GetTextExtentPoint32W
GetStockObject
SetBkColor
GetObjectW
DeleteDC
GetPixel
SetPixel
SelectObject
CreateCompatibleDC
CreateFontIndirectW
GetDeviceCaps
comdlg32
ChooseFontW
FindTextW
GetSaveFileNameW
advapi32
ControlService
OpenProcessToken
OpenSCManagerW
CloseServiceHandle
GetTokenInformation
QueryServiceStatus
StartServiceW
OpenServiceW
shell32
ShellExecuteW
ShellExecuteExW
SHGetFileInfoW
ole32
CoUninitialize
CoCreateInstance
CoInitialize
oleaut32
SysFreeString
VariantTimeToSystemTime
Sections
.text Size: 56KB - Virtual size: 56KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/nirsoft/WinUpdatesView/WinUpdatesView64.exe.exe windows:4 windows x64 arch:x64
21243601ff60e941f93e2b2b5f1b4b2c
Code Sign
f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate
IssuerCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before09/09/2019, 00:00Not After09/09/2023, 23:59SubjectCN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=ILExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/11/2018, 00:00Not After31/12/2030, 23:59SubjectCN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before02/05/2019, 00:00Not After01/08/2030, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
4d:ec:05:ac:83:12:a8:58:66:56:4f:41:1b:a3:a6:dd:1d:8e:43:dd:39:e5:7d:8c:1b:49:5a:2f:b1:04:5a:37Signer
Actual PE Digest4d:ec:05:ac:83:12:a8:58:66:56:4f:41:1b:a3:a6:dd:1d:8e:43:dd:39:e5:7d:8c:1b:49:5a:2f:b1:04:5a:37Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
c:\Projects\VS2005\WinUpdatesView\x64\Release\WinUpdatesView.pdb
Imports
msvcrt
__wgetmainargs
_wcmdln
exit
_cexit
_exit
_initterm
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
_wcslwr
strlen
qsort
_itow
__setusermatherr
_commode
_fmode
__set_app_type
_c_exit
modf
wcsrchr
wcstoul
wcscmp
wcsncmp
wcsncpy
malloc
_wcsnicmp
free
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memcpy
_purecall
_wtoi
_wcsicmp
wcschr
wcslen
_ultow
wcscpy
memset
_snwprintf
wcscat
wcsncat
comctl32
ImageList_ReplaceIcon
ord17
ImageList_Create
ImageList_Add
ImageList_AddMasked
ImageList_SetImageCount
CreateToolbarEx
CreateStatusWindowW
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
kernel32
ReadProcessMemory
OpenProcess
EnumResourceTypesW
Sleep
GetStartupInfoW
GetLastError
GetCurrentProcessId
ExitProcess
SetErrorMode
SystemTimeToFileTime
FileTimeToSystemTime
CompareFileTime
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetTickCount
SetFilePointerEx
CloseHandle
GetDateFormatW
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcess
lstrlenW
LockResource
LocalFree
lstrcpyW
GlobalUnlock
GetTempPathW
GlobalLock
SizeofResource
FormatMessageW
GetVersionExW
GetTimeFormatW
WriteFile
GetFileAttributesW
FindResourceW
LoadResource
SystemTimeToTzSpecificLocalTime
ReadFile
GetModuleFileNameW
LoadLibraryExW
GlobalAlloc
CreateFileW
GetSystemDirectoryW
GetWindowsDirectoryW
FileTimeToLocalFileTime
GetPrivateProfileStringW
EnumResourceNamesW
WritePrivateProfileStringW
GetPrivateProfileIntW
FreeLibrary
GetStdHandle
ExpandEnvironmentStringsW
GetCurrentDirectoryW
DeleteFileW
user32
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
GetDC
ReleaseDC
LoadCursorW
SetCursor
SetDlgItemInt
GetWindowRect
CreateWindowExW
GetWindow
GetDlgItemInt
BeginPaint
SetWindowPos
GetClientRect
DrawFrameControl
SendDlgItemMessageW
EndPaint
EndDialog
SetWindowTextW
GetDlgItem
UpdateWindow
SendMessageW
SetDlgItemTextW
GetDlgItemTextW
SetWindowLongPtrW
InvalidateRect
GetSystemMetrics
GetWindowPlacement
DeferWindowPos
DefWindowProcW
RegisterClassW
MessageBoxW
PostMessageW
SetMenu
TranslateAcceleratorW
GetForegroundWindow
LoadAcceleratorsW
LoadImageW
LoadIconW
GetSysColor
SetWindowLongW
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
KillTimer
SetTimer
GetParent
EnableMenuItem
OpenClipboard
GetClassNameW
GetSubMenu
CheckMenuItem
GetMenuItemCount
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
GetMenuStringW
CloseClipboard
MoveWindow
GetMenu
EmptyClipboard
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
GetKeyState
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
DispatchMessageW
IsDialogMessageW
TranslateMessage
DrawTextExW
GetMonitorInfoW
MonitorFromWindow
gdi32
SetBkMode
DeleteObject
SetTextColor
GetTextExtentPoint32W
GetStockObject
SetBkColor
GetObjectW
DeleteDC
SetPixel
GetPixel
SelectObject
CreateCompatibleDC
CreateFontIndirectW
GetDeviceCaps
comdlg32
ChooseFontW
FindTextW
GetSaveFileNameW
advapi32
GetTokenInformation
StartServiceW
OpenServiceW
OpenSCManagerW
ControlService
CloseServiceHandle
QueryServiceStatus
OpenProcessToken
shell32
ShellExecuteW
ShellExecuteExW
SHGetFileInfoW
ole32
CoUninitialize
CoCreateInstance
CoInitialize
oleaut32
VariantTimeToSystemTime
SysFreeString
Sections
.text Size: 83KB - Virtual size: 83KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 30KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/other/ExtractUsnJrnl.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 580KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 345KB - Virtual size: 348KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 64KB - Virtual size: 68KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
tools/other/ExtractUsnJrnl64.exe.exe windows:5 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
UPX0 Size: - Virtual size: 664KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 380KB - Virtual size: 380KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 64KB - Virtual size: 68KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
tools/other/KVRT.exe.exe windows:5 windows x86 arch:x86
671f3e29fe2a70bf8a6716d1b631b437
Code Sign
0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/01/2021, 00:00Not After06/01/2031, 00:00SubjectCN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0e:6c:f2:6e:a5:8b:58:af:3f:3c:42:a2:f8:ed:35:21Certificate
IssuerCN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before09/06/2020, 00:00Not After14/06/2023, 12:00SubjectCN=AO Kaspersky Lab,O=AO Kaspersky Lab,L=Moscow,C=RUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:1c:b2:8a:00:00:00:00:00:26Certificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before15/04/2011, 19:41Not After15/04/2021, 19:51SubjectCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before11/02/2011, 12:00Not After10/02/2026, 12:00SubjectCN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:20:4d:b4:00:00:00:00:00:27Certificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before15/04/2011, 19:45Not After15/04/2021, 19:55SubjectCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
01:44:3e:ca:a2:e1:af:40:34:97:1a:e5:cb:4a:37:8dCertificate
IssuerCN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=USNot Before09/09/2020, 00:00Not After14/09/2023, 12:00SubjectSERIALNUMBER=1027739867473,CN=AO Kaspersky Lab,O=AO Kaspersky Lab,L=Moscow,C=RU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025255Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before18/04/2012, 12:00Not After18/04/2027, 12:00SubjectCN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/01/2021, 00:00Not After06/01/2031, 00:00SubjectCN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
8e:fb:38:dc:9f:62:d2:8e:d0:9c:24:84:fd:71:c0:b3:21:4d:d7:8f:b0:ed:7f:01:27:b0:b0:d6:d6:df:a1:5bSigner
Actual PE Digest8e:fb:38:dc:9f:62:d2:8e:d0:9c:24:84:fd:71:c0:b3:21:4d:d7:8f:b0:ed:7f:01:27:b0:b0:d6:d6:df:a1:5bDigest Algorithmsha256PE Digest Matchestrueab:0f:7b:ba:fc:8c:ce:78:23:94:20:11:1f:d2:28:a6:b1:fa:28:f3Signer
Actual PE Digestab:0f:7b:ba:fc:8c:ce:78:23:94:20:11:1f:d2:28:a6:b1:fa:28:f3Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\a\c\g_JYJ61PIA\s\product\removal_tools\output\out_Win32\Release\setup_kvrt.pdb
Imports
kernel32
WriteFile
SetFileTime
SetEndOfFile
GetTempPathW
CreateFileW
GetFileAttributesW
SetFileAttributesW
DeleteFileW
SetFilePointerEx
GetFileTime
FlushFileBuffers
CreateDirectoryW
GetVolumeInformationW
FindFirstFileExW
GetFullPathNameW
FindNextFileW
RemoveDirectoryW
FindClose
GetModuleHandleA
GetDiskFreeSpaceExW
GetCurrentDirectoryW
GetDriveTypeW
GetSystemDefaultLangID
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
GetModuleHandleExW
GetVersionExW
GetSystemWindowsDirectoryA
GetTimeZoneInformation
FileTimeToSystemTime
LoadLibraryA
RaiseException
GetSystemInfo
FileTimeToLocalFileTime
DecodePointer
GetWindowsDirectoryW
VerSetConditionMask
GetComputerNameW
SystemTimeToFileTime
VerifyVersionInfoW
GetSystemWindowsDirectoryW
ProcessIdToSessionId
GetCurrentProcessId
CreateEventW
SetEvent
GetStartupInfoW
WaitForMultipleObjects
WaitForSingleObject
CreateProcessW
GetCurrentProcess
AttachConsole
Sleep
GetTickCount
SizeofResource
LockResource
LoadResource
FindResourceW
GetOEMCP
GetACP
IsValidCodePage
PeekNamedPipe
GetFileType
GetExitCodeProcess
OpenProcess
SetHandleInformation
GetStdHandle
CreatePipe
DuplicateHandle
SearchPathA
CreateProcessA
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
ReadConsoleW
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapSize
ExitProcess
SetStdHandle
ExitThread
RtlUnwind
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
VirtualFree
GetFileSizeEx
ReadFile
LocalFree
GetCommandLineW
CreateSemaphoreW
GetModuleHandleW
GetProcAddress
HeapDestroy
CloseHandle
HeapReAlloc
WaitForSingleObjectEx
GetLastError
GetCurrentThreadId
ReleaseSemaphore
HeapCreate
GetProcessHeap
DeleteCriticalSection
HeapAlloc
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CopyFileW
HeapFree
TryEnterCriticalSection
SwitchToThread
GetCurrentThread
GetExitCodeThread
QueryPerformanceCounter
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
OutputDebugStringW
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
VirtualAlloc
VirtualProtect
user32
GetClientRect
MoveWindow
GetDlgItem
GetSystemMetrics
DialogBoxParamW
WaitForInputIdle
PostMessageW
GetWindowRect
SetWindowPos
MessageBoxW
SendMessageW
EndDialog
SetWindowTextW
IsWindow
MessageBoxA
shell32
CommandLineToArgvW
ole32
CoUninitialize
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoCreateGuid
oleaut32
SysFreeString
SysAllocString
SysStringLen
VariantClear
VariantInit
advapi32
RegCloseKey
RegOpenKeyExW
GetUserNameW
RegQueryValueExW
SetSecurityDescriptorDacl
SetFileSecurityW
ConvertSecurityDescriptorToStringSecurityDescriptorW
CreateWellKnownSid
SetSecurityDescriptorSacl
IsValidSecurityDescriptor
OpenProcessToken
GetFileSecurityW
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAceEx
GetTokenInformation
Sections
.text Size: 651KB - Virtual size: 651KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 198KB - Virtual size: 198KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 21KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 95.4MB - Virtual size: 95.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/other/RawCopy.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 584KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 345KB - Virtual size: 348KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 68KB - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
tools/other/RawCopy64.exe.exe windows:5 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
UPX0 Size: - Virtual size: 668KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 380KB - Virtual size: 380KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 68KB - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
tools/other/WinAudit.exe.exe windows:5 windows x86 arch:x86
11ebb387e26326cb5e41583ace773b15
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
setupapi
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status
SetupDiGetClassDescriptionW
SetupDiGetDeviceInstanceIdW
mpr
WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
netapi32
NetGroupGetUsers
NetUserGetGroups
NetLocalGroupEnum
NetLocalGroupGetInfo
NetShareGetInfo
NetSessionEnum
NetShareEnum
NetFileEnum
NetUserGetLocalGroups
NetQueryDisplayInformation
NetUserGetInfo
NetLocalGroupGetMembers
NetGroupGetInfo
NetApiBufferFree
NetWkstaGetInfo
DsGetSiteNameW
NetServerGetInfo
NetUserModalsGet
secur32
LsaDeregisterLogonProcess
LsaFreeReturnBuffer
LsaLookupAuthenticationPackage
LsaCallAuthenticationPackage
LsaConnectUntrusted
iphlpapi
GetUdpTable
GetTcpTable
GetExtendedUdpTable
GetIpForwardTable
GetIpAddrTable
GetAdaptersAddresses
GetExtendedTcpTable
psapi
GetProcessMemoryInfo
msi
ord244
ord45
ord113
ord181
ord70
kernel32
ExpandEnvironmentStringsW
SetFilePointer
SetFilePointerEx
WriteFile
GetUserDefaultLangID
ReadFile
FlushFileBuffers
GetFileSizeEx
GetFileTime
CloseHandle
DeleteFileW
VirtualQuery
GetCurrentThreadId
MultiByteToWideChar
GetDateFormatW
FreeLibrary
LoadLibraryExW
FormatMessageW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetACP
GetSystemInfo
FreeEnvironmentStringsW
GetComputerNameW
GetSystemDirectoryW
GetVersionExW
GetComputerNameExW
IsWow64Process
GetWindowsDirectoryW
FindFirstFileW
CreateDirectoryW
GetTempPathW
FindClose
FindNextFileW
WaitForSingleObject
GetExitCodeThread
CreateEventW
CreateThread
TryEnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetLastError
MulDiv
FindResourceW
SetCurrentDirectoryW
LoadLibraryW
GetCurrentProcessId
HeapCreate
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetModuleFileNameA
GetStdHandle
LockResource
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
InterlockedDecrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RaiseException
HeapAlloc
HeapFree
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
HeapValidate
GetStartupInfoW
HeapSetInformation
GetCommandLineA
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
ExitProcess
GetProcAddress
GetModuleHandleW
GetSystemDefaultLangID
CreateToolhelp32Snapshot
Process32NextW
Module32FirstW
Process32FirstW
OpenProcess
lstrlenW
CompareStringW
GetTickCount
LocalFree
SetUnhandledExceptionFilter
GetCommandLineW
GetVolumeInformationW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetLogicalDrives
SetErrorMode
GetDriveTypeW
DeviceIoControl
CreateFileW
lstrcmpiW
SetThreadAffinityMask
QueryPerformanceFrequency
GetProcessAffinityMask
GetThreadPriority
SetThreadPriority
GlobalMemoryStatusEx
GetLocalTime
GetLastError
lstrcmpW
GetTimeZoneInformation
GetLocaleInfoW
GetEnvironmentStringsW
GetConsoleCP
GetConsoleMode
RtlUnwind
HeapSize
IsProcessorFeaturePresent
Sleep
GetModuleFileNameW
GetFileAttributesW
SizeofResource
WideCharToMultiByte
InterlockedIncrement
GetStringTypeW
LoadResource
SetStdHandle
WriteConsoleW
GetPriorityClass
GetCurrentThread
QueryPerformanceCounter
GetNativeSystemInfo
GetCurrentProcess
SetPriorityClass
WaitForMultipleObjects
SetEvent
GetCurrentDirectoryW
GetSystemTime
GetEnvironmentVariableW
HeapReAlloc
user32
GetKeyState
GetForegroundWindow
GetScrollInfo
EqualRect
CopyRect
CreatePopupMenu
InsertMenuW
CreateMenu
AppendMenuW
SetMenu
DrawMenuBar
RemoveMenu
CreateAcceleratorTableW
SetMenuItemInfoW
EnableMenuItem
GetMenuState
CheckMenuItem
SetRect
SetLayeredWindowAttributes
TranslateAcceleratorW
GetMessageW
IsIconic
GetLastActivePopup
GetMenuBarInfo
SetForegroundWindow
GetMenuItemRect
BringWindowToTop
LoadIconW
CopyImage
DrawIcon
CopyIcon
DestroyAcceleratorTable
SetParent
SetScrollInfo
DestroyMenu
GetMenuItemInfoW
PostMessageW
MessageBoxW
RedrawWindow
EndDialog
InvalidateRect
EnumDisplaySettingsW
ReleaseDC
GetDC
EnumDisplayDevicesW
DestroyIcon
DialogBoxIndirectParamW
GetCapture
GetDesktopWindow
GetDialogBaseUnits
SetCapture
ReleaseCapture
EndPaint
ClientToScreen
DestroyWindow
GetWindowTextLengthW
SetTimer
ScreenToClient
GetWindowRect
GetWindowDC
FillRect
DrawTextW
KillTimer
IsWindowEnabled
GetClientRect
IsChild
BeginPaint
PtInRect
GetClassInfoExW
TranslateMessage
RegisterClassExW
GetWindowLongW
GetWindowTextW
PeekMessageW
GetClassNameW
SetWindowLongW
SetWindowPos
GetSysColorBrush
LoadBitmapW
GetMenuItemCount
CreateWindowExW
UpdateWindow
GetSystemMetrics
GetKeyboardType
OffsetRect
MoveWindow
SendMessageW
EnableWindow
SetWindowTextW
DefWindowProcW
ShowWindow
GetCursorPos
GetSysColor
SystemParametersInfoW
GetWindow
DispatchMessageW
CharUpperW
SetCursor
PostQuitMessage
GetParent
LoadCursorW
MessageBeep
IsWindowVisible
TrackPopupMenu
GetFocus
SetFocus
gdi32
Polygon
ExcludeClipRect
BeginPath
Arc
SelectClipRgn
GetDeviceCaps
GetStockObject
GetPixel
SetPixelV
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
DeleteDC
GetTextMetricsW
BitBlt
CreateSolidBrush
RestoreDC
CreatePen
SaveDC
SetBkMode
SetBkColor
GetCurrentObject
CreateFontIndirectW
SetTextColor
LineTo
GetTextExtentPoint32W
MoveToEx
SetDCPenColor
PathToRegion
CreateRectRgn
EndPath
Rectangle
SetMapMode
TextOutW
winspool.drv
OpenPrinterW
ClosePrinter
GetPrinterDriverW
EnumPrintersW
EnumPortsW
comdlg32
GetSaveFileNameW
GetOpenFileNameW
ChooseFontW
CommDlgExtendedError
advapi32
OpenSCManagerW
CloseServiceHandle
LsaFreeMemory
LsaNtStatusToWinError
LsaClose
LookupAccountNameW
LsaEnumerateAccountRights
LsaOpenPolicy
CloseEventLog
ReadEventLogW
OpenEventLogW
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptHashData
OpenServiceW
QueryServiceConfig2W
EnumServicesStatusW
QueryServiceConfigW
GetAce
LookupAccountSidW
ConvertSidToStringSidW
GetSidIdentifierAuthority
RegCloseKey
GetSidSubAuthority
GetSidSubAuthorityCount
EqualSid
RegQueryValueExW
AllocateAndInitializeSid
IsValidSid
FreeSid
InitializeSid
IsTextUnicode
RegEnumKeyExW
LookupPrivilegeDisplayNameW
ImpersonateAnonymousToken
RegOpenKeyExW
RevertToSelf
RegEnumValueW
RegQueryInfoKeyW
GetUserNameW
LsaEnumerateAccountsWithUserRight
LsaQueryInformationPolicy
AdjustTokenPrivileges
ImpersonateSelf
LookupPrivilegeValueW
GetTokenInformation
OpenThreadToken
OpenProcessToken
LookupPrivilegeNameW
GetSecurityDescriptorDacl
GetSecurityDescriptorOwner
GetNamedSecurityInfoW
CryptGetHashParam
shell32
ExtractIconW
FindExecutableW
ShellExecuteW
SHGetFolderPathW
ole32
CLSIDFromProgID
CoUninitialize
CLSIDFromString
CoInitializeSecurity
CoCreateInstance
CoInitializeEx
StringFromGUID2
CoCreateGuid
CoSetProxyBlanket
CoTaskMemFree
oleaut32
VariantInit
GetErrorInfo
SafeArrayDestroy
VariantTimeToSystemTime
SysFreeString
SysAllocString
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayGetLBound
VariantClear
odbc32
ord31
ord24
ord171
ord176
ord139
ord108
ord78
ord20
ord141
ord18
ord13
ord9
ord29
ord132
ord147
ord30
ord145
ord173
ord16
ord4
ord136
ord127
ord157
ord138
ord75
ord111
dbghelp
SymFromAddr
StackWalk64
SymInitialize
SymCleanup
SymGetModuleBase64
SymFunctionTableAccess64
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
msimg32
GradientFill
TransparentBlt
Sections
.text Size: 656KB - Virtual size: 656KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 458KB - Virtual size: 457KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 502KB - Virtual size: 501KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 57KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/other/forecopy_handy.exe.exe windows:5 windows x86 arch:x86
a1d7b5c4b9127416d37fe2f20759b91e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
J:\PROJECTS\forecopy\forecopy_handy\Release\forecopy_handy.pdb
Imports
netapi32
NetApiBufferFree
NetUserEnum
kernel32
TerminateProcess
GetStartupInfoW
SetFilePointerEx
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadConsoleW
QueryPerformanceCounter
GetTimeZoneInformation
GetStringTypeW
OutputDebugStringW
GetACP
LCMapStringW
IsValidLocale
EnumSystemLocalesW
WriteConsoleW
SetEnvironmentVariableW
GetDriveTypeW
SetEnvironmentVariableA
IsValidCodePage
GetProcessHeap
GetConsoleMode
GetConsoleCP
GetStdHandle
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
VirtualQuery
VirtualAlloc
GetSystemInfo
HeapQueryInformation
FormatMessageW
HeapSize
ExitThread
CreateThread
HeapReAlloc
RtlUnwind
SetUnhandledExceptionFilter
AreFileApisANSI
GetModuleHandleExW
ExitProcess
IsProcessorFeaturePresent
IsDebuggerPresent
HeapAlloc
HeapFree
FindResourceExW
GetUserDefaultLCID
VirtualProtect
SearchPathW
GetProfileIntW
GetTickCount
Sleep
GetTempPathW
GetTempFileNameW
VerifyVersionInfoW
VerSetConditionMask
GetFileSizeEx
GetFileAttributesExW
GlobalFindAtomW
FreeResource
InitializeCriticalSectionAndSpinCount
LoadLibraryA
lstrcmpiW
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetFullPathNameW
FlushFileBuffers
DeleteFileW
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
UnhandledExceptionFilter
GetCPInfo
RaiseException
GetOEMCP
LocalFree
WideCharToMultiByte
GetLocaleInfoW
CompareStringW
GlobalAddAtomW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
LoadLibraryW
GetModuleHandleA
GetVersion
DecodePointer
EncodePointer
OutputDebugStringA
ResumeThread
SetThreadPriority
WaitForSingleObject
GlobalGetAtomNameW
GetCurrentProcessId
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
FileTimeToLocalFileTime
SetErrorMode
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleFileNameW
FreeLibrary
GetCurrentThreadId
GetCurrentThread
InterlockedExchange
lstrcmpA
SetLastError
CopyFileW
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
FindClose
FindNextFileW
FindFirstFileW
GetWindowsDirectoryW
lstrcpyW
lstrcatW
GetSystemDirectoryW
GetFileAttributesW
GetVersionExW
MultiByteToWideChar
CreateDirectoryW
GetCommandLineW
GetCurrentDirectoryW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileTime
GetCurrentProcess
WriteFile
ReadFile
SetFilePointer
GetDiskFreeSpaceW
GetVolumeInformationW
CloseHandle
GetModuleHandleW
GetProcAddress
DeviceIoControl
GetFileSize
GetLastError
CreateFileW
FindResourceW
LoadResource
LockResource
SizeofResource
user32
SetClassLongW
LockWindowUpdate
SetParent
SetRect
SetCursorPos
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
WaitMessage
PostThreadMessageW
GetSystemMenu
IsZoomed
GetComboBoxInfo
TrackMouseEvent
GetKeyNameTextW
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
MonitorFromPoint
UpdateLayeredWindow
IsMenu
UnionRect
SetWindowRgn
DrawFrameControl
DrawEdge
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
SetLayeredWindowAttributes
LoadMenuW
MapVirtualKeyW
GetMenuDefaultItem
CreatePopupMenu
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
GetAsyncKeyState
MessageBeep
GetIconInfo
DrawIconEx
LoadImageW
IsRectEmpty
OffsetRect
SetRectEmpty
DrawFocusRect
WindowFromPoint
ReleaseCapture
SetCapture
GetNextDlgGroupItem
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
SendDlgItemMessageA
IntersectRect
InflateRect
DestroyMenu
IsIconic
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
GetTopWindow
GetClassLongW
EqualRect
CopyRect
DrawIcon
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
ScrollWindow
RedrawWindow
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
IsDialogMessageW
SetWindowLongW
CheckDlgButton
GetDlgItem
SetWindowPos
MoveWindow
ShowWindow
IsWindow
GetScrollPos
SetScrollPos
SetFocus
CharUpperW
DestroyIcon
FillRect
ScreenToClient
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
InvalidateRect
UpdateWindow
KillTimer
SetTimer
RealChildWindowFromPoint
GetWindow
GetClassNameW
GetDesktopWindow
PtInRect
ClientToScreen
GetWindowRect
SetWindowTextW
GetDlgCtrlID
DeleteMenu
SetCursor
ShowOwnedPopups
SystemParametersInfoW
CopyImage
GetClientRect
LoadBitmapW
SetMenuItemInfoW
GetWindowRgn
DestroyCursor
MapDialogRect
CreateMenu
SubtractRect
GetUpdateRect
IsClipboardFormatAvailable
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
FrameRect
CharUpperBuffW
RegisterClipboardFormatW
ModifyMenuW
SetMenuDefaultItem
CopyIcon
MapWindowPoints
GetDoubleClickTime
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
GetActiveWindow
IsWindowVisible
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetWindowTextLengthW
GetWindowTextW
GetLastActivePopup
GetWindowThreadProcessId
GetParent
GetWindowLongW
MessageBoxW
IsWindowEnabled
EnableWindow
SendMessageW
LoadCursorW
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GetSystemMetrics
UnhookWindowsHookEx
PostQuitMessage
PostMessageW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
wsprintfW
GetMenuItemInfoW
gdi32
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectW
GetTextExtentPoint32W
CombineRgn
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
GetTextMetricsW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
TextOutW
Polygon
Polyline
Rectangle
EnumFontFamiliesExW
GetRgnBox
OffsetRgn
CreateRoundRectRgn
RoundRect
FrameRgn
PtInRegion
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
LPtoDP
GetViewportOrgEx
GetTextFaceW
SetROP2
MoveToEx
GetObjectW
SetTextAlign
SetTextColor
CreatePolygonRgn
CopyMetaFileW
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
BitBlt
DeleteObject
CreateBitmap
GetDeviceCaps
CreateDCW
msimg32
TransparentBlt
AlphaBlend
winspool.drv
ClosePrinter
OpenPrinterW
DocumentPropertiesW
advapi32
RegEnumKeyExW
RegEnumValueW
RegSetValueExW
RegDeleteValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
shell32
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileW
SHAppBarMessage
DragFinish
shlwapi
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
PathRemoveFileSpecW
PathFileExistsW
StrFormatKBSizeW
uxtheme
CloseThemeData
GetThemePartSize
GetWindowTheme
GetThemeSysColor
DrawThemeText
DrawThemeParentBackground
OpenThemeData
IsThemeBackgroundPartiallyTransparent
IsAppThemed
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
ole32
OleLockRunning
DoDragDrop
CreateStreamOnHGlobal
CoInitializeEx
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
oleaut32
SysFreeString
VariantInit
VarBstrFromDate
VariantChangeType
VariantClear
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysAllocStringLen
SysAllocString
oleacc
CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject
gdiplus
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipDrawImageRectI
imm32
ImmReleaseContext
ImmGetContext
ImmGetOpenStatus
winmm
PlaySoundW
Exports
Exports
getopt
getopt_long
getopt_long_only
optarg
opterr
optind
optopt
Sections
.text Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 332KB - Virtual size: 331KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 25KB - Virtual size: 55KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 398KB - Virtual size: 397KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/other/md5deep.exe.exe windows:4 windows x86 arch:x86
f74c56afdabcbde17dd922df2ae879bf
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
CloseHandle
CreateEventA
CreateFileW
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetFileAttributesW
GetFileInformationByHandle
GetHandleInformation
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
GetTimeZoneInformation
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
LeaveCriticalSection
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
ReleaseSemaphore
ResetEvent
ResumeThread
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
msvcrt
__argv
__dllonexit
__doserrno
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_atoi64
_beginthreadex
_cexit
_endthreadex
_errno
_exit
_filelengthi64
_fileno
_findclose
_fmode
_fstat64
_ftime
_gmtime64
_initterm
_iob
_lock
_lseeki64
_onexit
_setjmp3
_snwprintf
_wstat64
time
gmtime
_stricmp
_strnicmp
_unlock
calloc
clearerr
exit
fclose
feof
ferror
fflush
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
fsetpos
fwprintf
fwrite
getc
getenv
getwc
islower
isprint
isspace
isupper
iswalpha
iswctype
iswdigit
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
perror
printf
putc
putwc
raise
realloc
rewind
setlocale
setvbuf
signal
sprintf
strchr
strcmp
strcoll
strcpy
strerror
strftime
strlen
strncmp
strncpy
strxfrm
_wcsnicmp
_wfindnext
_wfopen
_wfullpath
_wgetcwd
_wopen
_write
abort
atoi
tolower
toupper
towlower
towupper
ungetc
ungetwc
vfprintf
wcscat
wcscoll
wcscpy
wcsftime
wcslen
wcsxfrm
_wfindfirst
longjmp
_write
_unlink
_strdup
_setmode
_read
_open
_mktemp
_fileno
_fdopen
_close
shell32
CommandLineToArgvW
user32
MessageBoxW
Sections
.text Size: 661KB - Virtual size: 661KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 77KB - Virtual size: 76KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 4KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
tools/other/md5deep64.exe.exe windows:4 windows x64 arch:x64
fecb7be4a881ad58800a41cf6a18b6c0
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
CloseHandle
CreateEventA
CreateFileW
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetFileAttributesW
GetFileInformationByHandle
GetHandleInformation
GetLastError
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
GetTimeZoneInformation
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ReleaseSemaphore
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
msvcrt
__C_specific_handler
___lc_codepage_func
__argv
__dllonexit
__doserrno
__getmainargs
__initenv
__iob_func
__lconv_init
__mb_cur_max
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_atoi64
_beginthreadex
_cexit
_endthreadex
_errno
_exit
_filelengthi64
_fileno
_findclose
_fmode
_fstat64
_ftime
_gmtime64
_initterm
_lock
_lseeki64
_onexit
_setjmp
_stricmp
_strnicmp
_time64
_unlock
_wcsnicmp
_wfindfirst64
_wfopen
_wfullpath
_wgetcwd
_wopen
_write
_wstat64
abort
atoi
calloc
clearerr
exit
fclose
feof
ferror
fflush
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
fsetpos
fwprintf
fwrite
getc
getenv
getwc
islower
isprint
isspace
isupper
iswalpha
iswctype
iswdigit
isxdigit
localeconv
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
perror
printf
putc
putwc
raise
realloc
rewind
setlocale
setvbuf
signal
sprintf
strchr
strcmp
strcoll
strcpy
strerror
strftime
strlen
strncmp
strncpy
strxfrm
tolower
toupper
towlower
towupper
ungetc
ungetwc
vfprintf
wcscat
wcscoll
wcscpy
wcsftime
wcslen
wcsxfrm
_wfindnext64
_snwprintf
_write
_unlink
_strdup
_setmode
_read
_open
_mktemp
_fileno
_fdopen
_close
shell32
CommandLineToArgvW
user32
MessageBoxW
ws2_32
gethostname
Sections
.text Size: 581KB - Virtual size: 581KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 85KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 88KB - Virtual size: 87KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 34KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 51KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 5KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 112B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 104B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
tools/other/promiscdetect.exe.exe windows:6 windows x86 arch:x86
63873711b7f8f1e20490708a4de6fb02
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\toolbox\promiscdetect\Release\promiscdetect.pdb
Imports
kernel32
WriteConsoleW
DeviceIoControl
CreateFileA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetCurrentThread
OutputDebugStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
SetConsoleCtrlHandler
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapSize
HeapReAlloc
CloseHandle
ReadFile
ReadConsoleW
CreateFileW
DecodePointer
advapi32
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegEnumKeyExA
Sections
.text Size: 250KB - Virtual size: 249KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 35KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/other/sha256deep.exe.exe windows:4 windows x86 arch:x86
f74c56afdabcbde17dd922df2ae879bf
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
CloseHandle
CreateEventA
CreateFileW
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetFileAttributesW
GetFileInformationByHandle
GetHandleInformation
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
GetTimeZoneInformation
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
LeaveCriticalSection
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
ReleaseSemaphore
ResetEvent
ResumeThread
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
msvcrt
__argv
__dllonexit
__doserrno
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_atoi64
_beginthreadex
_cexit
_endthreadex
_errno
_exit
_filelengthi64
_fileno
_findclose
_fmode
_fstat64
_ftime
_gmtime64
_initterm
_iob
_lock
_lseeki64
_onexit
_setjmp3
_snwprintf
_wstat64
time
gmtime
_stricmp
_strnicmp
_unlock
calloc
clearerr
exit
fclose
feof
ferror
fflush
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
fsetpos
fwprintf
fwrite
getc
getenv
getwc
islower
isprint
isspace
isupper
iswalpha
iswctype
iswdigit
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
perror
printf
putc
putwc
raise
realloc
rewind
setlocale
setvbuf
signal
sprintf
strchr
strcmp
strcoll
strcpy
strerror
strftime
strlen
strncmp
strncpy
strxfrm
_wcsnicmp
_wfindnext
_wfopen
_wfullpath
_wgetcwd
_wopen
_write
abort
atoi
tolower
toupper
towlower
towupper
ungetc
ungetwc
vfprintf
wcscat
wcscoll
wcscpy
wcsftime
wcslen
wcsxfrm
_wfindfirst
longjmp
_write
_unlink
_strdup
_setmode
_read
_open
_mktemp
_fileno
_fdopen
_close
shell32
CommandLineToArgvW
user32
MessageBoxW
Sections
.text Size: 661KB - Virtual size: 661KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 77KB - Virtual size: 76KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 4KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
tools/other/sha256deep64.exe.exe windows:4 windows x64 arch:x64
fecb7be4a881ad58800a41cf6a18b6c0
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
CloseHandle
CreateEventA
CreateFileW
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetFileAttributesW
GetFileInformationByHandle
GetHandleInformation
GetLastError
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
GetTimeZoneInformation
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ReleaseSemaphore
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
msvcrt
__C_specific_handler
___lc_codepage_func
__argv
__dllonexit
__doserrno
__getmainargs
__initenv
__iob_func
__lconv_init
__mb_cur_max
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_atoi64
_beginthreadex
_cexit
_endthreadex
_errno
_exit
_filelengthi64
_fileno
_findclose
_fmode
_fstat64
_ftime
_gmtime64
_initterm
_lock
_lseeki64
_onexit
_setjmp
_stricmp
_strnicmp
_time64
_unlock
_wcsnicmp
_wfindfirst64
_wfopen
_wfullpath
_wgetcwd
_wopen
_write
_wstat64
abort
atoi
calloc
clearerr
exit
fclose
feof
ferror
fflush
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
fsetpos
fwprintf
fwrite
getc
getenv
getwc
islower
isprint
isspace
isupper
iswalpha
iswctype
iswdigit
isxdigit
localeconv
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
perror
printf
putc
putwc
raise
realloc
rewind
setlocale
setvbuf
signal
sprintf
strchr
strcmp
strcoll
strcpy
strerror
strftime
strlen
strncmp
strncpy
strxfrm
tolower
toupper
towlower
towupper
ungetc
ungetwc
vfprintf
wcscat
wcscoll
wcscpy
wcsftime
wcslen
wcsxfrm
_wfindnext64
_snwprintf
_write
_unlink
_strdup
_setmode
_read
_open
_mktemp
_fileno
_fdopen
_close
shell32
CommandLineToArgvW
user32
MessageBoxW
ws2_32
gethostname
Sections
.text Size: 581KB - Virtual size: 581KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 85KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 88KB - Virtual size: 87KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 34KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 51KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 5KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 112B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 104B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
tools/wmic/x32/winmgmt.exe.exe windows:5 windows x86 arch:x86
ef50c03f0b0f056707f9ace14aa5e08d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
_except_handler3
_onexit
__dllonexit
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
swprintf
wcslen
wcsncpy
wcscpy
wcscmp
sprintf
_strnicmp
_stricmp
_c_exit
__CxxFrameHandler
_exit
exit
_cexit
_XcptFilter
advapi32
ControlService
QueryServiceStatus
OpenSCManagerW
CloseServiceHandle
OpenServiceW
kernel32
CloseHandle
Sleep
SetEvent
OpenEventW
GetVersionExA
LoadLibraryExA
GetStartupInfoA
GetModuleHandleA
GetCurrentProcessId
GetCommandLineW
CreateProcessW
GetModuleHandleW
lstrcatA
GetProcAddress
GetLastError
GetSystemDirectoryA
CreateMutexA
lstrlenW
lstrcatW
LoadLibraryExW
FreeLibrary
user32
MessageBoxW
LoadStringW
wbemcomn
?GetWMIADAPCmdLine@@YGPAGH@Z
?DebugTrace@@YAHDPBDZZ
?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z
?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z
?EnableAllPrivileges@@YGJK@Z
oleaut32
SysFreeString
ole32
CoUninitialize
CoInitialize
CoCreateInstance
shell32
CommandLineToArgvW
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 92B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/wmic/x32/winmgmtr.dll.dll windows:5 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x32/wmi.dll.dll windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
wmi.pdb
Exports
Exports
CloseTrace
ControlTraceA
ControlTraceW
CreateTraceInstanceId
EnableTrace
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
OpenTraceA
OpenTraceW
ProcessTrace
QueryAllTracesA
QueryAllTracesW
RegisterTraceGuidsA
RegisterTraceGuidsW
RemoveTraceCallback
SetTraceCallback
StartTraceA
StartTraceW
TraceEvent
TraceEventInstance
UnregisterTraceGuids
WmiCloseBlock
WmiDevInstToInstanceNameA
WmiDevInstToInstanceNameW
WmiEnumerateGuids
WmiExecuteMethodA
WmiExecuteMethodW
WmiFileHandleToInstanceNameA
WmiFileHandleToInstanceNameW
WmiFreeBuffer
WmiMofEnumerateResourcesA
WmiMofEnumerateResourcesW
WmiNotificationRegistrationA
WmiNotificationRegistrationW
WmiOpenBlock
WmiQueryAllDataA
WmiQueryAllDataW
WmiQueryGuidInformation
WmiQuerySingleInstanceA
WmiQuerySingleInstanceW
WmiSetSingleInstanceA
WmiSetSingleInstanceW
WmiSetSingleItemA
WmiSetSingleItemW
Sections
.text Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x32/wmi.mfl
-
tools/wmic/x32/wmi.mof
-
tools/wmic/x32/wmiadap.exe.exe windows:5 windows x86 arch:x86
3ea4da2e43fdf5a637c22290acf237cf
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
WMIADAP.pdb
Imports
msvcrt
wcschr
_purecall
iswspace
isupper
wcsstr
_wtoi
_except_handler3
_beginthreadex
_vsnprintf
isspace
wcscspn
free
malloc
realloc
wcsspn
_ismbcdigit
vswprintf
memmove
_ismbcspace
_wcsrev
iswxdigit
wcstoul
wcspbrk
mbstowcs
wcscoll
toupper
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_controlfp
wcslen
_wcsupr
_CxxThrowException
_vsnwprintf
__CxxFrameHandler
wcscmp
_wcslwr
msvcp60
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
advapi32
RegCreateKeyExW
RegNotifyChangeKeyValue
OpenProcessToken
GetTokenInformation
RegOpenCurrentUser
RegEnumValueA
RegEnumKeyW
RegEnumKeyA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExA
RegDeleteKeyW
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetEntriesInAclW
RegEnumValueW
AllocateAndInitializeSid
GetLengthSid
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
RegEnumKeyExW
FreeSid
AddAccessAllowedAceEx
InitializeAcl
kernel32
MultiByteToWideChar
lstrlenA
FormatMessageA
GetVersionExA
lstrcatW
LCMapStringW
InterlockedIncrement
GetSystemDefaultUILanguage
GetLastError
lstrlenW
WaitForSingleObject
InterlockedDecrement
lstrcmpiW
GetCurrentProcessId
ExpandEnvironmentStringsW
GetProcessHeap
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapAlloc
FreeLibrary
CloseHandle
ReadFile
GetFileTime
GetFileSize
CreateFileW
GetFileAttributesW
SearchPathW
GetProcAddress
WideCharToMultiByte
LoadLibraryExW
SetErrorMode
ReleaseMutex
CreateMutexW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
DebugBreak
CreateSemaphoreW
CreateEventW
SetEvent
GetCurrentThreadId
EnterCriticalSection
WaitForMultipleObjects
ReleaseSemaphore
InitializeCriticalSection
OpenProcess
LocalFree
LocalAlloc
GetCurrentProcess
GetTimeZoneInformation
GetLocalTime
GetSystemTimeAsFileTime
ResetEvent
SetUnhandledExceptionFilter
GetVersionExW
QueryPerformanceCounter
GetTickCount
TerminateProcess
UnhandledExceptionFilter
GetModuleHandleA
GetStartupInfoA
lstrcpyW
LoadLibraryW
GetLocaleInfoW
MoveFileExW
DeleteFileW
CreateDirectoryW
WriteFile
lstrcmpW
InterlockedCompareExchange
GetSystemDefaultLCID
OpenEventW
SetLastError
FormatMessageW
wbemcomn
??0CFlexArray@@QAE@HH@Z
?Empty@WString@@QAEXXZ
?DebugTrace@@YAHDPBDZZ
?Empty@CFlexArray@@QAEXXZ
?ErrorTrace@@YAHDPBDZZ
??0WString@@QAE@PAGH@Z
?RemoveAt@CFlexArray@@QAEHH@Z
?Throttle@@YGJKKKKK@Z
??1CFlexArray@@QAE@XZ
??0CInsertionString@@QAE@VCHex@@@Z
?GetLPSTR@WString@@QBEPADXZ
?isunialphanum@@YGHG@Z
?UnbindPtr@WString@@QAEPAGXZ
??0WString@@QAE@PBD@Z
??1CEventLog@@QAE@XZ
?Close@CEventLog@@QAEHXZ
?Report@CEventLog@@QAEHGKVCInsertionString@@000000000@Z
?Open@CEventLog@@QAEHXZ
??0CEventLog@@QAE@PBG0K@Z
?Transform@MD5@@SGXPAXIQAE@Z
?CriticalFailADAPTrace@@YGHPBD@Z
??4WString@@QAEAAV0@PBG@Z
??YWString@@QAEAAV0@PBG@Z
??YWString@@QAEAAV0@ABV0@@Z
??0WString@@QAE@PBG@Z
??0WString@@QAE@XZ
?DeleteString@WString@@AAEXPAG@Z
??4WString@@QAEAAV0@ABV0@@Z
?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z
?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z
??0CInsertionString@@QAE@J@Z
?InsertAt@CFlexArray@@QAEHHPAX@Z
oleaut32
VariantInit
VariantClear
SysFreeString
SysAllocString
SysAllocStringLen
SafeArrayDestroy
SafeArrayUnaccessData
SysStringLen
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
ole32
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
loadperf
UnloadPerfCounterTextStringsW
LoadPerfCounterTextStringsW
ntdll
atol
RtlValidRelativeSecurityDescriptor
memcpy
wcsrchr
_wcsicmp
_wtol
_alloca_probe
memset
user32
LoadStringW
wsprintfW
CharNextW
Exports
Exports
??0CHPtrArray@@QAE@XZ
??0CHString@@QAE@ABV0@@Z
??0CHString@@QAE@GH@Z
??0CHString@@QAE@PBD@Z
??0CHString@@QAE@PBE@Z
??0CHString@@QAE@PBG@Z
??0CHString@@QAE@PBGH@Z
??0CHString@@QAE@XZ
??0CHStringArray@@QAE@XZ
??0CRegistry@@QAE@ABV0@@Z
??0CRegistry@@QAE@XZ
??0CRegistrySearch@@QAE@ABV0@@Z
??0CRegistrySearch@@QAE@XZ
??1CHPtrArray@@QAE@XZ
??1CHString@@QAE@XZ
??1CHStringArray@@QAE@XZ
??1CRegistry@@QAE@XZ
??1CRegistrySearch@@QAE@XZ
??4CHPtrArray@@QAEAAV0@ABV0@@Z
??4CHString@@QAEABV0@ABV0@@Z
??4CHString@@QAEABV0@D@Z
??4CHString@@QAEABV0@G@Z
??4CHString@@QAEABV0@PAV0@@Z
??4CHString@@QAEABV0@PBD@Z
??4CHString@@QAEABV0@PBE@Z
??4CHString@@QAEABV0@PBG@Z
??4CHStringArray@@QAEAAV0@ABV0@@Z
??4CRegistry@@QAEAAV0@ABV0@@Z
??4CRegistrySearch@@QAEAAV0@ABV0@@Z
??ACHPtrArray@@QAEAAPAXH@Z
??ACHPtrArray@@QBEPAXH@Z
??ACHString@@QBEGH@Z
??ACHStringArray@@QAEAAVCHString@@H@Z
??ACHStringArray@@QBE?AVCHString@@H@Z
??BCHString@@QBEPBGXZ
??H@YG?AVCHString@@ABV0@0@Z
??H@YG?AVCHString@@ABV0@G@Z
??H@YG?AVCHString@@ABV0@PBG@Z
??H@YG?AVCHString@@GABV0@@Z
??H@YG?AVCHString@@PBGABV0@@Z
??YCHString@@QAEABV0@ABV0@@Z
??YCHString@@QAEABV0@D@Z
??YCHString@@QAEABV0@G@Z
??YCHString@@QAEABV0@PBG@Z
?Add@CHPtrArray@@QAEHPAX@Z
?Add@CHStringArray@@QAEHPBG@Z
?AllocBeforeWrite@CHString@@IAEXH@Z
?AllocBuffer@CHString@@IAEXH@Z
?AllocCopy@CHString@@IBEXAAV1@HHH@Z
?AllocSysString@CHString@@QBEPAGXZ
?Append@CHPtrArray@@QAEHABV1@@Z
?Append@CHStringArray@@QAEHABV1@@Z
?AssignCopy@CHString@@IAEXHPBG@Z
?CheckAndAddToList@CRegistrySearch@@AAEXPAVCRegistry@@VCHString@@1AAVCHPtrArray@@11H@Z
?Close@CRegistry@@QAEXXZ
?CloseSubKey@CRegistry@@AAEXXZ
?Collate@CHString@@QBEHPBG@Z
?Compare@CHString@@QBEHPBG@Z
?CompareNoCase@CHString@@QBEHPBG@Z
?ConcatCopy@CHString@@IAEXHPBGH0@Z
?ConcatInPlace@CHString@@IAEXHPBG@Z
?Copy@CHPtrArray@@QAEXABV1@@Z
?Copy@CHStringArray@@QAEXABV1@@Z
?CopyBeforeWrite@CHString@@IAEXXZ
?CreateOpen@CRegistry@@QAEJPAUHKEY__@@PBGPAGKKPAU_SECURITY_ATTRIBUTES@@PAK@Z
?DeleteCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBG@Z
?DeleteCurrentKeyValue@CRegistry@@QAEKPBG@Z
?DeleteKey@CRegistry@@QAEJPAVCHString@@@Z
?DeleteValue@CRegistry@@QAEJPBG@Z
?ElementAt@CHPtrArray@@QAEAAPAXH@Z
?ElementAt@CHStringArray@@QAEAAVCHString@@H@Z
?Empty@CHString@@QAEXXZ
?EnumerateAndGetValues@CRegistry@@QAEJAAKAAPAGAAPAE@Z
?Find@CHString@@QBEHG@Z
?Find@CHString@@QBEHPBG@Z
?FindOneOf@CHString@@QBEHPBG@Z
?Format@CHString@@QAAXIZZ
?Format@CHString@@QAAXPBGZZ
?FormatMessageW@CHString@@QAAXIZZ
?FormatMessageW@CHString@@QAAXPBGZZ
?FormatV@CHString@@QAEXPBGPAD@Z
?FreeExtra@CHPtrArray@@QAEXXZ
?FreeExtra@CHString@@QAEXXZ
?FreeExtra@CHStringArray@@QAEXXZ
?FreeSearchList@CRegistrySearch@@QAEHHAAVCHPtrArray@@@Z
?GetAllocLength@CHString@@QBEHXZ
?GetAt@CHPtrArray@@QBEPAXH@Z
?GetAt@CHString@@QBEGH@Z
?GetAt@CHStringArray@@QBE?AVCHString@@H@Z
?GetBuffer@CHString@@QAEPAGH@Z
?GetBufferSetLength@CHString@@QAEPAGH@Z
?GetClassNameA@CRegistry@@QAEPAGXZ
?GetCurrentBinaryKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGPAEPAK@Z
?GetCurrentBinaryKeyValue@CRegistry@@QAEKPBGAAVCHString@@@Z
?GetCurrentBinaryKeyValue@CRegistry@@QAEKPBGPAEPAK@Z
?GetCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGAAK@Z
?GetCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGAAVCHString@@@Z
?GetCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGAAVCHStringArray@@@Z
?GetCurrentKeyValue@CRegistry@@QAEKPBGAAK@Z
?GetCurrentKeyValue@CRegistry@@QAEKPBGAAVCHString@@@Z
?GetCurrentKeyValue@CRegistry@@QAEKPBGAAVCHStringArray@@@Z
?GetCurrentRawKeyValue@CRegistry@@AAEKPAUHKEY__@@PBGPAXPAK3@Z
?GetCurrentRawSubKeyValue@CRegistry@@AAEKPBGPAXPAK2@Z
?GetCurrentSubKeyCount@CRegistry@@QAEKXZ
?GetCurrentSubKeyName@CRegistry@@QAEKAAVCHString@@@Z
?GetCurrentSubKeyPath@CRegistry@@QAEKAAVCHString@@@Z
?GetCurrentSubKeyValue@CRegistry@@QAEKPBGAAK@Z
?GetCurrentSubKeyValue@CRegistry@@QAEKPBGAAVCHString@@@Z
?GetCurrentSubKeyValue@CRegistry@@QAEKPBGPAXPAK@Z
?GetData@CHPtrArray@@QAEPAPAXXZ
?GetData@CHPtrArray@@QBEPAPBXXZ
?GetData@CHString@@IBEPAUCHStringData@@XZ
?GetData@CHStringArray@@QAEPAVCHString@@XZ
?GetData@CHStringArray@@QBEPBVCHString@@XZ
?GetLength@CHString@@QBEHXZ
?GetLongestClassStringSize@CRegistry@@QAEKXZ
?GetLongestSubKeySize@CRegistry@@QAEKXZ
?GetLongestValueData@CRegistry@@QAEKXZ
?GetLongestValueName@CRegistry@@QAEKXZ
?GetPlatformID@CRegistry@@CGKXZ
?GetSize@CHPtrArray@@QBEHXZ
?GetSize@CHStringArray@@QBEHXZ
?GetUpperBound@CHPtrArray@@QBEHXZ
?GetUpperBound@CHStringArray@@QBEHXZ
?GetValueCount@CRegistry@@QAEKXZ
?GethKey@CRegistry@@QAEPAUHKEY__@@XZ
?Init@CHString@@IAEXXZ
?InsertAt@CHPtrArray@@QAEXHPAV1@@Z
?InsertAt@CHPtrArray@@QAEXHPAXH@Z
?InsertAt@CHStringArray@@QAEXHPAV1@@Z
?InsertAt@CHStringArray@@QAEXHPBGH@Z
?IsEmpty@CHString@@QBEHXZ
?Left@CHString@@QBE?AV1@H@Z
?LoadStringW@CHString@@IAEHIPAGI@Z
?LoadStringW@CHString@@QAEHI@Z
?LocateKeyByNameOrValueName@CRegistrySearch@@QAEHPAUHKEY__@@PBG1PAPBGKAAVCHString@@3@Z
?LockBuffer@CHString@@QAEPAGXZ
?MakeLower@CHString@@QAEXXZ
?MakeReverse@CHString@@QAEXXZ
?MakeUpper@CHString@@QAEXXZ
?Mid@CHString@@QBE?AV1@H@Z
?Mid@CHString@@QBE?AV1@HH@Z
?NextSubKey@CRegistry@@QAEKXZ
?Open@CRegistry@@QAEJPAUHKEY__@@PBGK@Z
?OpenAndEnumerateSubKeys@CRegistry@@QAEJPAUHKEY__@@PBGK@Z
?OpenCurrentUser@CRegistry@@QAEKPBGK@Z
?OpenLocalMachineKeyAndReadValue@CRegistry@@QAEJPBG0AAVCHString@@@Z
?OpenSubKey@CRegistry@@AAEKXZ
?PrepareToReOpen@CRegistry@@AAEXXZ
?Release@CHString@@IAEXXZ
?Release@CHString@@KGXPAUCHStringData@@@Z
?ReleaseBuffer@CHString@@QAEXH@Z
?RemoveAll@CHPtrArray@@QAEXXZ
?RemoveAll@CHStringArray@@QAEXXZ
?RemoveAt@CHPtrArray@@QAEXHH@Z
?RemoveAt@CHStringArray@@QAEXHH@Z
?ReverseFind@CHString@@QBEHG@Z
?RewindSubKeys@CRegistry@@QAEXXZ
?Right@CHString@@QBE?AV1@H@Z
?SafeStrlen@CHString@@KGHPBG@Z
?SearchAndBuildList@CRegistrySearch@@QAEHVCHString@@AAVCHPtrArray@@00HPAUHKEY__@@@Z
?SetAt@CHPtrArray@@QAEXHPAX@Z
?SetAt@CHString@@QAEXHG@Z
?SetAt@CHStringArray@@QAEXHPBG@Z
?SetAtGrow@CHPtrArray@@QAEXHPAX@Z
?SetAtGrow@CHStringArray@@QAEXHPBG@Z
?SetCHStringResourceHandle@@YGXPAUHINSTANCE__@@@Z
?SetCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGAAK@Z
?SetCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGAAVCHString@@@Z
?SetCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGAAVCHStringArray@@@Z
?SetCurrentKeyValue@CRegistry@@QAEKPBGAAK@Z
?SetCurrentKeyValue@CRegistry@@QAEKPBGAAVCHString@@@Z
?SetCurrentKeyValue@CRegistry@@QAEKPBGAAVCHStringArray@@@Z
?SetCurrentKeyValueExpand@CRegistry@@QAEKPAUHKEY__@@PBGAAVCHString@@@Z
?SetDefaultValues@CRegistry@@AAEXXZ
?SetSize@CHPtrArray@@QAEXHH@Z
?SetSize@CHStringArray@@QAEXHH@Z
?SpanExcluding@CHString@@QBE?AV1@PBG@Z
?SpanIncluding@CHString@@QBE?AV1@PBG@Z
?TrimLeft@CHString@@QAEXXZ
?TrimRight@CHString@@QAEXXZ
?UnlockBuffer@CHString@@QAEXXZ
?myRegCreateKeyEx@CRegistry@@AAEJPAUHKEY__@@PBGKPAGKKPAU_SECURITY_ATTRIBUTES@@PAPAU2@PAK@Z
?myRegDeleteKey@CRegistry@@AAEJPAUHKEY__@@PBG@Z
?myRegDeleteValue@CRegistry@@AAEJPAUHKEY__@@PBG@Z
?myRegEnumKey@CRegistry@@AAEJPAUHKEY__@@KPAGK@Z
?myRegEnumValue@CRegistry@@AAEJPAUHKEY__@@KPAGPAK22PAE2@Z
?myRegOpenKeyEx@CRegistry@@AAEJPAUHKEY__@@PBGKKPAPAU2@@Z
?myRegQueryInfoKey@CRegistry@@AAEJPAUHKEY__@@PAGPAK22222222PAU_FILETIME@@@Z
?myRegQueryValueEx@CRegistry@@AAEJPAUHKEY__@@PBGPAK2PAE2@Z
?myRegSetValueEx@CRegistry@@AAEJPAUHKEY__@@PBGKKPBEK@Z
?s_dwPlatform@CRegistry@@0KA
Sections
.text Size: 176KB - Virtual size: 176KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 984B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/wmic/x32/wmiapres.dll.dll windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x32/wmiaprpl.dll.dll regsvr32 windows:5 windows x86 arch:x86
b38770e8506ed1ec1e20eee5f5dd112e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
WmiApRpl.pdb
Imports
msvcrt
_initterm
malloc
_adjust_fdiv
memcpy
__dllonexit
_onexit
memset
??1type_info@@UAE@XZ
__CxxFrameHandler
?terminate@@YAXXZ
_except_handler3
??2@YAPAXI@Z
??3@YAXPAX@Z
wcsrchr
mbstowcs
wcsstr
wcschr
wcslen
realloc
_wtol
_CxxThrowException
free
kernel32
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SwitchToThread
GetCurrentProcess
lstrcatW
TryEnterCriticalSection
ReleaseMutex
LeaveCriticalSection
GetSystemTime
CreateEventW
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
CreateMutexW
ReleaseSemaphore
FlushViewOfFile
FormatMessageW
lstrlenA
lstrcpyW
GetVersionExA
CreateFileMappingW
MapViewOfFile
InterlockedIncrement
InterlockedDecrement
UnmapViewOfFile
CloseHandle
lstrcmpiW
lstrlenW
CreateSemaphoreW
DisableThreadLibraryCalls
GetModuleFileNameW
LocalFree
ExpandEnvironmentStringsW
EnterCriticalSection
GetProcAddress
LoadLibraryW
FreeLibrary
SetEvent
ResetEvent
SetLastError
OpenEventW
GetSystemDefaultLCID
InterlockedCompareExchange
WaitForMultipleObjects
lstrcmpW
WideCharToMultiByte
WriteFile
CreateFileW
CreateDirectoryW
DeleteFileW
MoveFileExW
GetLocaleInfoW
GetVersionExW
GetLastError
advapi32
GetLengthSid
RegEnumValueA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegEnumValueW
RegOpenKeyW
ReportEventW
DeregisterEventSource
RegisterEventSourceW
OpenProcessToken
GetTokenInformation
IsValidSid
CopySid
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegCloseKey
OpenServiceW
QueryServiceStatus
StartServiceW
OpenSCManagerW
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl
SetEntriesInAclW
CloseServiceHandle
user32
CharNextW
wsprintfW
LoadStringW
oleaut32
SysAllocString
SysFreeString
VariantClear
SafeArrayDestroy
SafeArrayUnaccessData
SysStringLen
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
SysAllocStringLen
ole32
CoCreateInstance
CoInitializeEx
CoUninitialize
CoSetProxyBlanket
loadperf
UnloadPerfCounterTextStringsW
LoadPerfCounterTextStringsW
wbemcomn
?Throttle@@YGJKKKKK@Z
Exports
Exports
DllRegisterServer
DllUnregisterServer
WmiClosePerfData
WmiCollectPerfData
WmiOpenPerfData
Sections
.text Size: 70KB - Virtual size: 70KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x32/wmiapsrv.exe.exe windows:5 windows x86 arch:x86
cd33652638a31682ec422c6504fc5182
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
WmiApSrv.pdb
Imports
msvcrt
_wcsicmp
wcsrchr
_CxxThrowException
_wtol
realloc
_vsnwprintf
_wtoi
wcslen
?terminate@@YAXXZ
_controlfp
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
__set_app_type
__p__fmode
wcscmp
wcschr
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
wcscspn
wcsspn
iswdigit
vswprintf
memmove
_wcsrev
_wcslwr
_wcsupr
wcsstr
wcspbrk
mbstowcs
wcscoll
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
memset
free
memcpy
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
malloc
advapi32
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryInfoKeyW
RegEnumKeyA
RegEnumKeyW
RegEnumValueA
RegOpenCurrentUser
RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
CopySid
GetLengthSid
IsValidSid
GetTokenInformation
OpenProcessToken
RegisterEventSourceW
DeregisterEventSource
CloseServiceHandle
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl
SetEntriesInAclW
SetServiceStatus
RegisterServiceCtrlHandlerW
DeleteService
ControlService
StartServiceCtrlDispatcherW
ChangeServiceConfig2W
CreateServiceW
RegEnumValueW
RegOpenKeyW
RegQueryValueExW
kernel32
lstrlenW
lstrcatW
lstrcpyW
ReleaseSemaphore
WaitForSingleObject
SwitchToThread
GetCurrentProcess
InterlockedIncrement
TryEnterCriticalSection
InterlockedDecrement
InitializeCriticalSection
SetEvent
ResetEvent
EnterCriticalSection
LocalFree
LocalAlloc
lstrcmpiW
GetCommandLineW
CreateMutexW
CreateEventW
LoadLibraryW
DeleteCriticalSection
FreeLibrary
ReleaseMutex
InterlockedCompareExchange
GetModuleHandleW
GetModuleFileNameW
Sleep
WaitForMultipleObjects
UnmapViewOfFile
lstrcmpW
MapViewOfFile
CreateFileMappingW
FlushViewOfFile
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
GetStartupInfoA
GetLocaleInfoW
MoveFileExW
FormatMessageW
FormatMessageA
lstrlenA
LeaveCriticalSection
CloseHandle
DeleteFileW
CreateDirectoryW
CreateFileW
WriteFile
WideCharToMultiByte
GetVersionExA
MultiByteToWideChar
GetVersionExW
CreateSemaphoreW
GetLastError
ExpandEnvironmentStringsW
GetProcAddress
OpenProcess
SetLastError
OpenEventW
GetSystemDefaultLCID
user32
wsprintfW
CharNextW
LoadStringW
ntdll
NtQueryObject
atol
iswspace
oleaut32
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocStringLen
SysFreeString
SysAllocString
VariantChangeType
SysStringLen
VariantClear
SafeArrayDestroy
ole32
CoInitializeEx
CoUninitialize
CoInitializeSecurity
CoCreateInstance
CoFreeUnusedLibraries
CoSetProxyBlanket
loadperf
LoadPerfCounterTextStringsW
UnloadPerfCounterTextStringsW
wbemcomn
?Throttle@@YGJKKKKK@Z
Exports
Exports
??0CHPtrArray@@QAE@XZ
??0CHString@@QAE@ABV0@@Z
??0CHString@@QAE@GH@Z
??0CHString@@QAE@PBD@Z
??0CHString@@QAE@PBE@Z
??0CHString@@QAE@PBG@Z
??0CHString@@QAE@PBGH@Z
??0CHString@@QAE@XZ
??0CHStringArray@@QAE@XZ
??0CRegistry@@QAE@ABV0@@Z
??0CRegistry@@QAE@XZ
??0CRegistrySearch@@QAE@ABV0@@Z
??0CRegistrySearch@@QAE@XZ
??1CHPtrArray@@QAE@XZ
??1CHString@@QAE@XZ
??1CHStringArray@@QAE@XZ
??1CRegistry@@QAE@XZ
??1CRegistrySearch@@QAE@XZ
??4CHPtrArray@@QAEAAV0@ABV0@@Z
??4CHString@@QAEABV0@ABV0@@Z
??4CHString@@QAEABV0@D@Z
??4CHString@@QAEABV0@G@Z
??4CHString@@QAEABV0@PAV0@@Z
??4CHString@@QAEABV0@PBD@Z
??4CHString@@QAEABV0@PBE@Z
??4CHString@@QAEABV0@PBG@Z
??4CHStringArray@@QAEAAV0@ABV0@@Z
??4CRegistry@@QAEAAV0@ABV0@@Z
??4CRegistrySearch@@QAEAAV0@ABV0@@Z
??ACHPtrArray@@QAEAAPAXH@Z
??ACHPtrArray@@QBEPAXH@Z
??ACHString@@QBEGH@Z
??ACHStringArray@@QAEAAVCHString@@H@Z
??ACHStringArray@@QBE?AVCHString@@H@Z
??BCHString@@QBEPBGXZ
??H@YG?AVCHString@@ABV0@0@Z
??H@YG?AVCHString@@ABV0@G@Z
??H@YG?AVCHString@@ABV0@PBG@Z
??H@YG?AVCHString@@GABV0@@Z
??H@YG?AVCHString@@PBGABV0@@Z
??YCHString@@QAEABV0@ABV0@@Z
??YCHString@@QAEABV0@D@Z
??YCHString@@QAEABV0@G@Z
??YCHString@@QAEABV0@PBG@Z
?Add@CHPtrArray@@QAEHPAX@Z
?Add@CHStringArray@@QAEHPBG@Z
?AllocBeforeWrite@CHString@@IAEXH@Z
?AllocBuffer@CHString@@IAEXH@Z
?AllocCopy@CHString@@IBEXAAV1@HHH@Z
?AllocSysString@CHString@@QBEPAGXZ
?Append@CHPtrArray@@QAEHABV1@@Z
?Append@CHStringArray@@QAEHABV1@@Z
?AssignCopy@CHString@@IAEXHPBG@Z
?CheckAndAddToList@CRegistrySearch@@AAEXPAVCRegistry@@VCHString@@1AAVCHPtrArray@@11H@Z
?Close@CRegistry@@QAEXXZ
?CloseSubKey@CRegistry@@AAEXXZ
?Collate@CHString@@QBEHPBG@Z
?Compare@CHString@@QBEHPBG@Z
?CompareNoCase@CHString@@QBEHPBG@Z
?ConcatCopy@CHString@@IAEXHPBGH0@Z
?ConcatInPlace@CHString@@IAEXHPBG@Z
?Copy@CHPtrArray@@QAEXABV1@@Z
?Copy@CHStringArray@@QAEXABV1@@Z
?CopyBeforeWrite@CHString@@IAEXXZ
?CreateOpen@CRegistry@@QAEJPAUHKEY__@@PBGPAGKKPAU_SECURITY_ATTRIBUTES@@PAK@Z
?DeleteCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBG@Z
?DeleteCurrentKeyValue@CRegistry@@QAEKPBG@Z
?DeleteKey@CRegistry@@QAEJPAVCHString@@@Z
?DeleteValue@CRegistry@@QAEJPBG@Z
?ElementAt@CHPtrArray@@QAEAAPAXH@Z
?ElementAt@CHStringArray@@QAEAAVCHString@@H@Z
?Empty@CHString@@QAEXXZ
?EnumerateAndGetValues@CRegistry@@QAEJAAKAAPAGAAPAE@Z
?Find@CHString@@QBEHG@Z
?Find@CHString@@QBEHPBG@Z
?FindOneOf@CHString@@QBEHPBG@Z
?Format@CHString@@QAAXIZZ
?Format@CHString@@QAAXPBGZZ
?FormatMessageW@CHString@@QAAXIZZ
?FormatMessageW@CHString@@QAAXPBGZZ
?FormatV@CHString@@QAEXPBGPAD@Z
?FreeExtra@CHPtrArray@@QAEXXZ
?FreeExtra@CHString@@QAEXXZ
?FreeExtra@CHStringArray@@QAEXXZ
?FreeSearchList@CRegistrySearch@@QAEHHAAVCHPtrArray@@@Z
?GetAllocLength@CHString@@QBEHXZ
?GetAt@CHPtrArray@@QBEPAXH@Z
?GetAt@CHString@@QBEGH@Z
?GetAt@CHStringArray@@QBE?AVCHString@@H@Z
?GetBuffer@CHString@@QAEPAGH@Z
?GetBufferSetLength@CHString@@QAEPAGH@Z
?GetClassNameW@CRegistry@@QAEPAGXZ
?GetCurrentBinaryKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGPAEPAK@Z
?GetCurrentBinaryKeyValue@CRegistry@@QAEKPBGAAVCHString@@@Z
?GetCurrentBinaryKeyValue@CRegistry@@QAEKPBGPAEPAK@Z
?GetCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGAAK@Z
?GetCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGAAVCHString@@@Z
?GetCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGAAVCHStringArray@@@Z
?GetCurrentKeyValue@CRegistry@@QAEKPBGAAK@Z
?GetCurrentKeyValue@CRegistry@@QAEKPBGAAVCHString@@@Z
?GetCurrentKeyValue@CRegistry@@QAEKPBGAAVCHStringArray@@@Z
?GetCurrentRawKeyValue@CRegistry@@AAEKPAUHKEY__@@PBGPAXPAK3@Z
?GetCurrentRawSubKeyValue@CRegistry@@AAEKPBGPAXPAK2@Z
?GetCurrentSubKeyCount@CRegistry@@QAEKXZ
?GetCurrentSubKeyName@CRegistry@@QAEKAAVCHString@@@Z
?GetCurrentSubKeyPath@CRegistry@@QAEKAAVCHString@@@Z
?GetCurrentSubKeyValue@CRegistry@@QAEKPBGAAK@Z
?GetCurrentSubKeyValue@CRegistry@@QAEKPBGAAVCHString@@@Z
?GetCurrentSubKeyValue@CRegistry@@QAEKPBGPAXPAK@Z
?GetData@CHPtrArray@@QAEPAPAXXZ
?GetData@CHPtrArray@@QBEPAPBXXZ
?GetData@CHString@@IBEPAUCHStringData@@XZ
?GetData@CHStringArray@@QAEPAVCHString@@XZ
?GetData@CHStringArray@@QBEPBVCHString@@XZ
?GetLength@CHString@@QBEHXZ
?GetLongestClassStringSize@CRegistry@@QAEKXZ
?GetLongestSubKeySize@CRegistry@@QAEKXZ
?GetLongestValueData@CRegistry@@QAEKXZ
?GetLongestValueName@CRegistry@@QAEKXZ
?GetPlatformID@CRegistry@@CGKXZ
?GetSize@CHPtrArray@@QBEHXZ
?GetSize@CHStringArray@@QBEHXZ
?GetUpperBound@CHPtrArray@@QBEHXZ
?GetUpperBound@CHStringArray@@QBEHXZ
?GetValueCount@CRegistry@@QAEKXZ
?GethKey@CRegistry@@QAEPAUHKEY__@@XZ
?Init@CHString@@IAEXXZ
?InsertAt@CHPtrArray@@QAEXHPAV1@@Z
?InsertAt@CHPtrArray@@QAEXHPAXH@Z
?InsertAt@CHStringArray@@QAEXHPAV1@@Z
?InsertAt@CHStringArray@@QAEXHPBGH@Z
?IsEmpty@CHString@@QBEHXZ
?Left@CHString@@QBE?AV1@H@Z
?LoadStringW@CHString@@IAEHIPAGI@Z
?LoadStringW@CHString@@QAEHI@Z
?LocateKeyByNameOrValueName@CRegistrySearch@@QAEHPAUHKEY__@@PBG1PAPBGKAAVCHString@@3@Z
?LockBuffer@CHString@@QAEPAGXZ
?MakeLower@CHString@@QAEXXZ
?MakeReverse@CHString@@QAEXXZ
?MakeUpper@CHString@@QAEXXZ
?Mid@CHString@@QBE?AV1@H@Z
?Mid@CHString@@QBE?AV1@HH@Z
?NextSubKey@CRegistry@@QAEKXZ
?Open@CRegistry@@QAEJPAUHKEY__@@PBGK@Z
?OpenAndEnumerateSubKeys@CRegistry@@QAEJPAUHKEY__@@PBGK@Z
?OpenCurrentUser@CRegistry@@QAEKPBGK@Z
?OpenLocalMachineKeyAndReadValue@CRegistry@@QAEJPBG0AAVCHString@@@Z
?OpenSubKey@CRegistry@@AAEKXZ
?PrepareToReOpen@CRegistry@@AAEXXZ
?Release@CHString@@IAEXXZ
?Release@CHString@@KGXPAUCHStringData@@@Z
?ReleaseBuffer@CHString@@QAEXH@Z
?RemoveAll@CHPtrArray@@QAEXXZ
?RemoveAll@CHStringArray@@QAEXXZ
?RemoveAt@CHPtrArray@@QAEXHH@Z
?RemoveAt@CHStringArray@@QAEXHH@Z
?ReverseFind@CHString@@QBEHG@Z
?RewindSubKeys@CRegistry@@QAEXXZ
?Right@CHString@@QBE?AV1@H@Z
?SafeStrlen@CHString@@KGHPBG@Z
?SearchAndBuildList@CRegistrySearch@@QAEHVCHString@@AAVCHPtrArray@@00HPAUHKEY__@@@Z
?SetAt@CHPtrArray@@QAEXHPAX@Z
?SetAt@CHString@@QAEXHG@Z
?SetAt@CHStringArray@@QAEXHPBG@Z
?SetAtGrow@CHPtrArray@@QAEXHPAX@Z
?SetAtGrow@CHStringArray@@QAEXHPBG@Z
?SetCHStringResourceHandle@@YGXPAUHINSTANCE__@@@Z
?SetCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGAAK@Z
?SetCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGAAVCHString@@@Z
?SetCurrentKeyValue@CRegistry@@QAEKPAUHKEY__@@PBGAAVCHStringArray@@@Z
?SetCurrentKeyValue@CRegistry@@QAEKPBGAAK@Z
?SetCurrentKeyValue@CRegistry@@QAEKPBGAAVCHString@@@Z
?SetCurrentKeyValue@CRegistry@@QAEKPBGAAVCHStringArray@@@Z
?SetCurrentKeyValueExpand@CRegistry@@QAEKPAUHKEY__@@PBGAAVCHString@@@Z
?SetDefaultValues@CRegistry@@AAEXXZ
?SetSize@CHPtrArray@@QAEXHH@Z
?SetSize@CHStringArray@@QAEXHH@Z
?SpanExcluding@CHString@@QBE?AV1@PBG@Z
?SpanIncluding@CHString@@QBE?AV1@PBG@Z
?TrimLeft@CHString@@QAEXXZ
?TrimRight@CHString@@QAEXXZ
?UnlockBuffer@CHString@@QAEXXZ
?myRegCreateKeyEx@CRegistry@@AAEJPAUHKEY__@@PBGKPAGKKPAU_SECURITY_ATTRIBUTES@@PAPAU2@PAK@Z
?myRegDeleteKey@CRegistry@@AAEJPAUHKEY__@@PBG@Z
?myRegDeleteValue@CRegistry@@AAEJPAUHKEY__@@PBG@Z
?myRegEnumKey@CRegistry@@AAEJPAUHKEY__@@KPAGK@Z
?myRegEnumValue@CRegistry@@AAEJPAUHKEY__@@KPAGPAK22PAE2@Z
?myRegOpenKeyEx@CRegistry@@AAEJPAUHKEY__@@PBGKKPAPAU2@@Z
?myRegQueryInfoKey@CRegistry@@AAEJPAUHKEY__@@PAGPAK22222222PAU_FILETIME@@@Z
?myRegQueryValueEx@CRegistry@@AAEJPAUHKEY__@@PBGPAK2PAE2@Z
?myRegSetValueEx@CRegistry@@AAEJPAUHKEY__@@PBGKKPBEK@Z
?s_dwPlatform@CRegistry@@0KA
Sections
.text Size: 116KB - Virtual size: 116KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/wmic/x32/wmic.exe.exe windows:5 windows x86 arch:x86
9568be97a635354a409e5b38875082fa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
WMIC.pdb
Imports
msvcrt
?terminate@@YAXXZ
_controlfp
??2@YAPAXI@Z
__CxxFrameHandler
swprintf
_ltow
_CxxThrowException
_wcsicmp
wcstok
??1type_info@@UAE@XZ
_onexit
__dllonexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__winitenv
exit
_cexit
_XcptFilter
_exit
_c_exit
_wfreopen
_wtoi64
_i64tow
_kbhit
_filelength
_wremove
fputws
fprintf
fflush
fwprintf
wcsncpy
wcsncmp
fread
fseek
towlower
swscanf
wctomb
wcsstr
fgets
wcscmp
wcstoul
_wfopen
fwrite
fclose
_ftol
_getch
ceil
_wsystem
_wtoi
_itow
wcslen
??0exception@@QAE@ABV0@@Z
_iob
fgetws
sprintf
_wcsnicmp
wcscpy
_wtol
??3@YAXPAX@Z
msvcp60
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHIIPBG@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIPBG@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?data@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??0logic_error@std@@QAE@ABV01@@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
advapi32
RegCloseKey
RegOpenKeyExW
GetTokenInformation
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
kernel32
CompareFileTime
CreateEventW
CreateThread
SetEvent
WaitForSingleObject
DeleteFileW
GetCommandLineW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
LocalAlloc
LoadLibraryW
FreeLibrary
GetProcAddress
GetWindowsDirectoryW
GetSystemDirectoryW
GetCurrentProcess
SetConsoleScreenBufferSize
GetConsoleMode
SetConsoleMode
ReadConsoleW
SetConsoleCursorPosition
WriteConsoleW
WideCharToMultiByte
GetFileTime
MultiByteToWideChar
GetComputerNameW
GetSystemDefaultUILanguage
GetConsoleScreenBufferInfo
FormatMessageW
GetStdHandle
GetFileType
lstrcatW
GetLocalTime
GetFileSizeEx
GetLastError
WriteFile
CreateFileW
SetFilePointer
SetLastError
CloseHandle
LocalFree
lstrcpynW
lstrcpyW
lstrlenW
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
GetUserDefaultUILanguage
SetConsoleCtrlHandler
QueryPerformanceCounter
GetTickCount
GetModuleHandleA
lstrlenA
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
CompareStringW
CopyFileW
SetUnhandledExceptionFilter
ole32
CoUninitialize
CoInitializeEx
CoSetProxyBlanket
CoCreateInstanceEx
CoCreateInstance
CoInitializeSecurity
oleaut32
SysStringLen
SysFreeString
SysAllocStringByteLen
VariantClear
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
VariantInit
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreate
VariantChangeType
VariantCopy
SysStringByteLen
SafeArrayGetVartype
SysAllocString
user32
SetClipboardData
EmptyClipboard
OpenClipboard
LoadStringW
CloseClipboard
wsprintfW
CharUpperW
framedyn
?FindOneOf@CHString@@QBEHPBG@Z
?GetBuffer@CHString@@QAEPAGH@Z
?TrimRight@CHString@@QAEXXZ
?TrimLeft@CHString@@QAEXXZ
??0CHString@@QAE@PBG@Z
?Mid@CHString@@QBE?AV1@H@Z
??YCHString@@QAEABV0@ABV0@@Z
?GetData@CHString@@IBEPAUCHStringData@@XZ
?Left@CHString@@QBE?AV1@H@Z
?Find@CHString@@QBEHPBG@Z
??0CHString@@QAE@ABV0@@Z
??4CHString@@QAEABV0@PBG@Z
??0CHString@@QAE@XZ
??1CHString@@QAE@XZ
?Empty@CHString@@QAEXXZ
??YCHString@@QAEABV0@PBG@Z
??0CHString@@QAE@PBD@Z
??H@YG?AVCHString@@ABV0@PBG@Z
?Right@CHString@@QBE?AV1@H@Z
??4CHString@@QAEABV0@ABV0@@Z
?Format@CHString@@QAAXPBGZZ
shlwapi
StrStrIW
ws2_32
gethostbyname
WSACleanup
WSAStartup
inet_addr
secur32
GetUserNameExW
iphlpapi
IcmpSendEcho
IcmpCreateFile
IcmpCloseHandle
Sections
.text Size: 289KB - Virtual size: 289KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 59KB - Virtual size: 59KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/wmic/x32/wmiclimofformat.xsl.xml
-
tools/wmic/x32/wmiclitableformat.xsl.vbs
-
tools/wmic/x32/wmiclitableformatnosys.xsl.vbs
-
tools/wmic/x32/wmiclivalueformat.xsl.xml
-
tools/wmic/x32/wmicookr.dll.dll regsvr32 windows:5 windows x86 arch:x86
5a13d2b3a3581db5ada8783b7d8754a5
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
WMICOOKR.pdb
Imports
msvcrt
_except_handler3
_CxxThrowException
__CxxFrameHandler
wcslen
wcscmp
_ftol
_CIpow
_vsnwprintf
wcsstr
free
_initterm
malloc
_adjust_fdiv
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_purecall
msvcp60
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
wbemcomn
?Leave@CWbemCriticalSection@@QAEXXZ
?InsertAt@CFlexArray@@QAEHHPAX@Z
??0CFlexArray@@QAE@HH@Z
?Compress@CFlexArray@@QAEXXZ
??0CWStringArray@@QAE@HH@Z
?Enter@CWbemCriticalSection@@QAEHK@Z
??1CHaltable@@UAE@XZ
??4WString@@QAEAAV0@ABV0@@Z
?DeleteString@WString@@AAEXPAG@Z
??0WString@@QAE@PAGH@Z
?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z
?WbemMemReAlloc@CWin32DefaultArena@@SGPAXPAXK@Z
??0CFlexQueue@@QAE@H@Z
?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z
ole32
CoTaskMemFree
CoCreateInstance
StringFromCLSID
oleaut32
SysFreeString
VariantInit
VariantClear
SysAllocString
kernel32
LeaveCriticalSection
DeleteCriticalSection
LocalFree
EnterCriticalSection
DebugBreak
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LCMapStringW
InitializeCriticalSection
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleFileNameW
DisableThreadLibraryCalls
lstrcmpW
Sleep
InterlockedDecrement
InterlockedIncrement
advapi32
RegCloseKey
RegCreateKeyW
RegDeleteKeyW
RegOpenKeyW
RegSetValueExW
Exports
Exports
??0CArena@@QAE@ABV0@@Z
??0CArena@@QAE@XZ
??0CCheckedInCritSec@@QAE@PAVCCritSec@@@Z
??0CCritSec@@QAE@XZ
??0CEnterWbemCriticalSection@@QAE@PAVCWbemCriticalSection@@K@Z
??0CHaltable@@QAE@ABV0@@Z
??0CInCritSec@@QAE@PAU_RTL_CRITICAL_SECTION@@@Z
??0CWin32DefaultArena@@QAE@ABV0@@Z
??0CWin32DefaultArena@@QAE@XZ
??0WString@@QAE@ABV0@@Z
??1CCheckedInCritSec@@QAE@XZ
??1CCritSec@@QAE@XZ
??1CEnterWbemCriticalSection@@QAE@XZ
??1CInCritSec@@QAE@XZ
??1CWin32DefaultArena@@QAE@XZ
??1WString@@QAE@XZ
??4CArena@@QAEAAV0@ABV0@@Z
??4CCheckedInCritSec@@QAEAAV0@ABV0@@Z
??4CCritSec@@QAEAAV0@ABV0@@Z
??4CEnterWbemCriticalSection@@QAEAAV0@ABV0@@Z
??4CFlexQueue@@QAEAAV0@ABV0@@Z
??4CHaltable@@QAEAAV0@ABV0@@Z
??4CInCritSec@@QAEAAV0@ABV0@@Z
??4CSmallArrayBlob@@QAEAAV0@ABV0@@Z
??4CWbemCriticalSection@@QAEAAV0@ABV0@@Z
??4CWin32DefaultArena@@QAEAAV0@ABV0@@Z
??ACFlexArray@@QAEAAPAXH@Z
??ACFlexArray@@QBEPAXH@Z
??ACSmallArrayBlob@@QBEPAXH@Z
??ACWStringArray@@QBEPAGH@Z
??BWString@@QAEPAGXZ
??BWString@@QBEPBGXZ
??MWString@@QBEHPBG@Z
??NWString@@QBEHPBG@Z
??OWString@@QBEHPBG@Z
??PWString@@QBEHPBG@Z
??_7CArena@@6B@
??_7CHaltable@@6B@
??_7CWin32DefaultArena@@6B@
??_FCFlexArray@@QAEXXZ
??_FCFlexQueue@@QAEXXZ
??_FCWStringArray@@QAEXXZ
?Add@CFlexArray@@QAEHPAX@Z
?Alloc@CWin32DefaultArena@@UAEPAXK@Z
?BindPtr@WString@@QAEXPAG@Z
?BreakOnDbgAndRenterLoop@CCritSec@@SGKXZ
?BreakOnDbgAndRenterLoop@CInCritSec@@SGKXZ
?Compress@CWStringArray@@QAEXXZ
?DecrementIndex@CFlexQueue@@IAEXAAH@Z
?Enter@CCheckedInCritSec@@QAEXXZ
?Enter@CCritSec@@QAEXXZ
?Equal@WString@@QBEHPBG@Z
?EqualNoCase@WString@@QBEHPBG@Z
?Free@CWin32DefaultArena@@UAEHPAX@Z
?GetArrayPtr@CFlexArray@@QAEPAPAXXZ
?GetArrayPtr@CFlexArray@@QBEPBQAXXZ
?GetArrayPtr@CSmallArrayBlob@@QAEPAPAXXZ
?GetArrayPtr@CSmallArrayBlob@@QBEPBQAXXZ
?GetArrayPtr@CWStringArray@@QAEPAPBGXZ
?GetAt@CFlexArray@@QBEPAXH@Z
?GetAt@CSmallArrayBlob@@QBEPAXH@Z
?GetAt@CWStringArray@@QBEPAGH@Z
?GetLockCount@CWbemCriticalSection@@QAEJXZ
?GetOwningThreadId@CWbemCriticalSection@@QAEKXZ
?GetQueueSize@CFlexQueue@@QBEHXZ
?GetRecursionCount@CWbemCriticalSection@@QAEJXZ
?IncrementIndex@CFlexQueue@@IAEXAAH@Z
?IsEntered@CCheckedInCritSec@@QAEHXZ
?IsEntered@CEnterWbemCriticalSection@@QAEHXZ
?Leave@CCheckedInCritSec@@QAEXXZ
?Leave@CCritSec@@QAEXXZ
?Length@WString@@QBEHXZ
?Realloc@CWin32DefaultArena@@UAEPAXPAXK@Z
?SetAt@CFlexArray@@QAEXHPAX@Z
?SetSize@CFlexArray@@QAEXH@Z
?Size@CFlexArray@@QBEHXZ
?Size@CSmallArrayBlob@@QBEHXZ
?Size@CWStringArray@@QBEHXZ
?Unqueue@CFlexQueue@@QAEPAXXZ
?WbemSysFreeString@CWin32DefaultArena@@SGXPAG@Z
?isValid@CHaltable@@QAE_NXZ
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 53KB - Virtual size: 53KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 740B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 984B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x32/wmidcprv.dll.dll regsvr32 windows:5 windows x86 arch:x86
aa596c71f2072fed9676fb37ef0ce9f4
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
WmiDcPrv.pdb
Imports
msvcrt
__CxxFrameHandler
_vsnwprintf
_purecall
free
_initterm
malloc
_adjust_fdiv
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_except_handler3
_CxxThrowException
wcstol
wcsncpy
wcslen
fastprox
?New@CWbemCallSecurity@@SGPAV1@XZ
kernel32
LeaveCriticalSection
GetProcessHeap
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
SetUnhandledExceptionFilter
GetCurrentThread
GlobalUnlock
GlobalLock
GlobalAlloc
LocalFree
Sleep
GetVersionExW
EnterCriticalSection
CompareFileTime
SystemTimeToFileTime
FileTimeToSystemTime
GetTimeZoneInformation
GetStringTypeExW
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SwitchToThread
InterlockedCompareExchange
GetProcessTimes
CreateMutexW
ReleaseMutex
GetCurrentProcessId
GetModuleFileNameW
lstrlenW
DisableThreadLibraryCalls
InterlockedDecrement
InterlockedIncrement
GetLastError
InitializeCriticalSectionAndSpinCount
OpenProcess
GetCurrentProcess
CloseHandle
DeleteCriticalSection
LCMapStringW
DebugBreak
advapi32
RegGetKeySecurity
GetSecurityDescriptorOwner
EqualSid
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
AllocateAndInitializeSid
FreeSid
GetLengthSid
AdjustTokenPrivileges
OpenThreadToken
GetTokenInformation
RegQueryValueExW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
SetThreadToken
RevertToSelf
CopySid
oleaut32
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SysAllocStringLen
SysAllocString
SysFreeString
VariantInit
VariantClear
ole32
StringFromCLSID
CoCreateGuid
CoGetClassObject
CoUnmarshalInterface
CreateStreamOnHGlobal
CoReleaseMarshalData
CoMarshalInterface
CoGetMarshalSizeMax
CLSIDFromString
CoCreateInstance
CoWaitForMultipleHandles
StringFromGUID2
CoImpersonateClient
CoRevertToSelf
CoSwitchCallContext
CoGetCallContext
CoTaskMemFree
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 119KB - Virtual size: 119KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 984B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x32/wmimsg.dll.dll regsvr32 windows:5 windows x86 arch:x86
3da91aaf842abd9f445d269123a075d1
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
msvcrt
_CxxThrowException
__CxxFrameHandler
wcslen
_purecall
wcschr
towlower
wcstok
wcscpy
memmove
free
_initterm
malloc
_adjust_fdiv
??1type_info@@UAE@XZ
_except_handler3
__dllonexit
_onexit
?terminate@@YAXXZ
swprintf
wcstoul
_wstat
kernel32
CreateThread
GetTickCount
GetSystemTime
GetCurrentThread
GetComputerNameW
GetCurrentProcess
lstrcpyW
GetModuleFileNameW
lstrlenW
lstrcatW
DisableThreadLibraryCalls
HeapAlloc
HeapFree
ExpandEnvironmentStringsW
GetSystemDirectoryW
CreateMutexW
CreateDirectoryW
WaitForSingleObject
CloseHandle
InterlockedDecrement
GetQueuedCompletionStatus
CreateIoCompletionPort
PostQueuedCompletionStatus
GetLastError
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetProcessHeap
advapi32
RegQueryValueExW
RegCreateKeyExW
MD5Init
MD5Update
MD5Final
RegOpenKeyW
RegDeleteKeyW
RegCreateKeyW
RegSetValueExW
RegCloseKey
OpenProcessToken
InitializeSid
GetSidSubAuthority
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
MakeSelfRelativeSD
AccessCheck
OpenThreadToken
GetTokenInformation
GetLengthSid
ole32
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
oleaut32
SysAllocString
SysFreeString
VariantInit
VariantClear
SysAllocStringByteLen
rpcrt4
NdrClientCall2
NdrServerCall2
RpcBindingInqAuthClientW
RpcImpersonateClient
RpcRevertToSelf
RpcBindingFree
RpcBindingSetAuthInfoExW
RpcEpResolveBinding
RpcBindingFromStringBindingW
RpcBindingVectorFree
RpcEpUnregister
RpcServerInqBindings
RpcServerUnregisterIf
RpcServerRegisterIfEx
RpcServerRegisterAuthInfoW
RpcStringFreeW
RpcServerUseProtseqEpW
RpcEpRegisterNoReplaceW
RpcServerUseProtseqW
RpcStringBindingParseW
RpcServerInqDefaultPrincNameW
user32
wsprintfW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 52KB - Virtual size: 51KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 960B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x32/wmipcima.dll.dll regsvr32 windows:5 windows x86 arch:x86
d08a4c023f1cfb902ad0aa781fc19fdb
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
wmipcima.pdb
Imports
msvcrt
_wcsupr
_purecall
_wtol
_wtoi
_wcsicmp
_wcsnicmp
swprintf
malloc
free
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_except_handler3
iswupper
_CxxThrowException
wcslen
wcscpy
_wcslwr
towupper
wcscat
__CxxFrameHandler
framedyn
?UnRegisterMessage@CWinMsgEvent@@IAE_NI@Z
?GetPlatform@CWbemProviderGlue@@SGKXZ
?RegisterForMessage@CWinMsgEvent@@IAEXI@Z
??0CWinMsgEvent@@QAE@XZ
??1CWinMsgEvent@@QAE@XZ
??4CHString@@QAEABV0@PBD@Z
?ExecQuery@Provider@@MAEJPAVMethodContext@@AAVCFrameworkQuery@@J@Z
??H@YG?AVCHString@@ABV0@PBG@Z
?IsEmpty@CHString@@QBEHXZ
?GetPropertyBitMask@CFrameworkQueryEx@@QAEXABVCHPtrArray@@PAX@Z
?SetWCHARSplat@CInstance@@QAE_NPBG0@Z
?SetDWORD@CInstance@@QAE_NPBGK@Z
?Setbool@CInstance@@QAE_NPBG_N@Z
?SetCHString@CInstance@@QAE_NPBG0@Z
?SetSize@CHPtrArray@@QAEXHH@Z
?PutInstance@Provider@@MAEJABVCInstance@@J@Z
?GetObject@Provider@@MAEJPAVCInstance@@J@Z
?GetValuesForProp@CFrameworkQuery@@QAEJPBGAAV?$vector@V_bstr_t@@V?$allocator@V_bstr_t@@@std@@@std@@@Z
??0CHString@@QAE@PBG@Z
?GetInstancesByQuery@CWbemProviderGlue@@SGJPBGPAV?$TRefPointerCollection@VCInstance@@@@PAVMethodContext@@0@Z
?Format@CHString@@QAAXPBGZZ
?SetCHString@CInstance@@QAE_NPBGABVCHString@@@Z
?CreateNewInstance@Provider@@IAEPAVCInstance@@PAVMethodContext@@@Z
?Commit@CInstance@@QAEJXZ
?GetMethodContext@CInstance@@QBEPAVMethodContext@@XZ
?GetInstanceKeysByPath@CWbemProviderGlue@@SGJPBGPAPAVCInstance@@PAVMethodContext@@@Z
?Find@CHString@@QBEHG@Z
?Mid@CHString@@QBE?AV1@H@Z
??4CHString@@QAEABV0@ABV0@@Z
?Left@CHString@@QBE?AV1@H@Z
?Right@CHString@@QBE?AV1@H@Z
?GetLength@CHString@@QBEHXZ
??0CHString@@QAE@XZ
?GetCHString@CInstance@@QBE_NPBGAAVCHString@@@Z
??BCHString@@QBEPBGXZ
??1CHString@@QAE@XZ
?BeginWrite@CThreadBase@@QAEHK@Z
??ACHPtrArray@@QAEAAPAXH@Z
?RemoveAll@CHPtrArray@@QAEXXZ
?EndWrite@CThreadBase@@QAEXXZ
?GetSize@CHPtrArray@@QBEHXZ
?GetAt@CHPtrArray@@QBEPAXH@Z
?EndRead@CThreadBase@@QAEXXZ
?BeginRead@CThreadBase@@QAEHK@Z
??0CThreadBase@@QAE@W4THREAD_SAFETY_MECHANISM@0@@Z
?GetLocalComputerName@Provider@@IAEABVCHString@@XZ
??1CThreadBase@@UAE@XZ
??1CHPtrArray@@QAE@XZ
?AddRef@CInstance@@QAEJXZ
?Release@CInstance@@QAEJXZ
?MakeLower@CHString@@QAEXXZ
?Compare@CHString@@QBEHPBG@Z
?GetBuffer@CHString@@QAEPAGH@Z
?ReleaseBuffer@CHString@@QAEXH@Z
??0Provider@@QAE@PBG0@Z
??1Provider@@UAE@XZ
?OnFinalRelease@CThreadBase@@MAEXXZ
?DeleteInstance@Provider@@MAEJABVCInstance@@J@Z
?ExecMethod@Provider@@MAEJABVCInstance@@QAGPAV2@2J@Z
?GetObject@Provider@@MAEJPAVCInstance@@JAAVCFrameworkQuery@@@Z
?Flush@Provider@@MAEXXZ
?ValidateEnumerationFlags@Provider@@MAEJJ@Z
?ValidateGetObjFlags@Provider@@MAEJJ@Z
?ValidateMethodFlags@Provider@@MAEJJ@Z
?ValidateQueryFlags@Provider@@MAEJJ@Z
?ValidateDeletionFlags@Provider@@MAEJJ@Z
?ValidatePutInstanceFlags@Provider@@MAEJJ@Z
?captainsLog@@3VProviderLog@@A
?LocalLogMessage@ProviderLog@@QAAXPBGHW4LogLevel@1@0ZZ
?LocalLogMessage@ProviderLog@@QAEXPBG0HW4LogLevel@1@@Z
?RemoveAt@CHPtrArray@@QAEXHH@Z
?SetCreationClassName@Provider@@IAE_NPAVCInstance@@@Z
?CompareNoCase@CHString@@QBEHPBG@Z
??0CHPtrArray@@QAE@XZ
??YCHString@@QAEABV0@PBG@Z
??0CreateMutexAsProcess@@QAE@PBG@Z
??1CreateMutexAsProcess@@QAE@XZ
?MakeUpper@CHString@@QAEXXZ
??4CHString@@QAEABV0@PBG@Z
??0CHString@@QAE@ABV0@@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1CWbemGlueFactory@@QAE@XZ
?FrameworkLogoffDLL@CWbemProviderGlue@@SGHPBGPAJ@Z
?FrameworkLoginDLL@CWbemProviderGlue@@SGHPBGPAJ@Z
??0CWbemGlueFactory@@QAE@PAJ@Z
?GetNamespace@Provider@@IAEABVCHString@@XZ
?GetDWORD@CInstance@@QBE_NPBGAAK@Z
?IsDerivedFrom@CWbemProviderGlue@@SG_NPBG0PAVMethodContext@@0@Z
?Add@CHPtrArray@@QAEHPAX@Z
?GetInstancesByQueryAsynch@CWbemProviderGlue@@SGJPBGPAVProvider@@P6GJ1PAVCInstance@@PAVMethodContext@@PAX@Z034@Z
??1CHStringArray@@QAE@XZ
?GetSize@CHStringArray@@QBEHXZ
?GetValuesForProp@CFrameworkQuery@@QAEJPBGAAVCHStringArray@@@Z
??0CHStringArray@@QAE@XZ
?GetLocalInstancePath@Provider@@IAE_NPBVCInstance@@AAVCHString@@@Z
??1CObjectPathParser@@QAE@XZ
?Free@CObjectPathParser@@QAEXPAUParsedObjectPath@@@Z
??H@YG?AVCHString@@ABV0@0@Z
??H@YG?AVCHString@@ABV0@G@Z
??H@YG?AVCHString@@PBGABV0@@Z
?Parse@CObjectPathParser@@QAEHPBGPAPAUParsedObjectPath@@@Z
??ACHStringArray@@QBE?AVCHString@@H@Z
??0CObjectPathParser@@QAE@W4ObjectParserFlags@@@Z
?SetAt@CHString@@QAEXHG@Z
??YCHString@@QAEABV0@ABV0@@Z
?GetInstancePropertiesByPath@CWbemProviderGlue@@SGJPBGPAPAVCInstance@@PAVMethodContext@@AAVCHStringArray@@@Z
?Add@CHStringArray@@QAEHPBG@Z
??YCHString@@QAEABV0@G@Z
?FindOneOf@CHString@@QBEHPBG@Z
?Empty@CHString@@QAEXXZ
?GetVariant@CInstance@@QBE_NPBGAAUtagVARIANT@@@Z
?RemoveAt@CHStringArray@@QAEXHH@Z
?RemoveAll@CHStringArray@@QAEXXZ
??ACHStringArray@@QAEAAVCHString@@H@Z
?IsLoggingOn@ProviderLog@@QAE?AW4LogLevel@1@PAVCHString@@@Z
advapi32
RegCreateKeyW
RegSetValueExW
RegDeleteKeyW
RegOpenKeyW
kernel32
ResetEvent
GetExitCodeThread
WaitForSingleObjectEx
lstrcatW
SetEvent
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DisableThreadLibraryCalls
LocalFree
lstrlenW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetDriveTypeW
GetTickCount
GetComputerNameW
GetComputerNameA
MultiByteToWideChar
SetLastError
CreateFileW
DeviceIoControl
InterlockedIncrement
InterlockedDecrement
QueryInformationJobObject
OpenJobObjectW
OpenProcess
AssignProcessToJobObject
GetLastError
CloseHandle
lstrcpyW
GetVersionExW
GetModuleFileNameW
ReleaseMutex
FreeLibrary
GetProcAddress
LoadLibraryW
lstrlenA
CreateThread
CreateEventW
ole32
StringFromCLSID
CoTaskMemFree
StringFromGUID2
oleaut32
SysFreeString
SysAllocString
SysStringLen
VariantClear
VariantInit
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 125KB - Virtual size: 125KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x32/wmipcima.mfl
-
tools/wmic/x32/wmipcima.mof
-
tools/wmic/x32/wmipdskq.dll.dll regsvr32 windows:5 windows x86 arch:x86
e9d2657fa2855f807bd04f0ddcb5361e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
wmipdskq.pdb
Imports
msvcrt
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
_adjust_fdiv
_initterm
malloc
free
toupper
_CxxThrowException
__CxxFrameHandler
_purecall
wcslen
_vsnprintf
_vsnwprintf
sscanf
atol
wcsncpy
iswspace
wcscat
wcscpy
_wcsicmp
_ultow
advapi32
GetSidSubAuthorityCount
LookupAccountSidW
FreeSid
AllocateAndInitializeSid
RegOpenKeyW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyW
IsValidSid
GetSidSubAuthority
GetSidIdentifierAuthority
GetLengthSid
CopySid
kernel32
FreeLibrary
GetProcAddress
LoadLibraryW
lstrlenW
lstrcmpW
GetVolumeNameForVolumeMountPointW
lstrcpyW
GetVolumePathNameW
GetVolumeInformationW
GetLastError
FindVolumeClose
GetLogicalDriveStringsW
FindNextVolumeW
FindFirstVolumeW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LocalFree
LCMapStringW
SetLastError
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
DisableThreadLibraryCalls
CloseHandle
lstrcatW
GetVersionExW
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
SetEvent
LeaveCriticalSection
EnterCriticalSection
CreateEventW
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObjectEx
CreateThread
ReleaseMutex
oleaut32
SysAllocString
VariantClear
VariantChangeType
VariantInit
VariantCopy
SysStringLen
SysFreeString
SysAllocStringByteLen
ole32
StringFromCLSID
CoTaskMemFree
StringFromGUID2
CoCreateInstance
framedyn
?ValidateGetObjFlags@Provider@@MAEJJ@Z
?LocalLogMessage@ProviderLog@@QAEXPBG0HW4LogLevel@1@@Z
?LocalLogMessage@ProviderLog@@QAAXPBGHW4LogLevel@1@0ZZ
?captainsLog@@3VProviderLog@@A
??1CHString@@QAE@XZ
?GetAt@CHString@@QBEGH@Z
?GetLength@CHString@@QBEHXZ
??0CHString@@QAE@PBG@Z
??4CHString@@QAEABV0@PBG@Z
?ReleaseBuffer@CHString@@QAEXH@Z
?GetBuffer@CHString@@QAEPAGH@Z
?ValidatePutInstanceFlags@Provider@@MAEJJ@Z
?ValidateDeletionFlags@Provider@@MAEJJ@Z
?ValidateQueryFlags@Provider@@MAEJJ@Z
?ValidateMethodFlags@Provider@@MAEJJ@Z
?ValidateEnumerationFlags@Provider@@MAEJJ@Z
?Flush@Provider@@MAEXXZ
?GetObject@Provider@@MAEJPAVCInstance@@J@Z
?ExecMethod@Provider@@MAEJABVCInstance@@QAGPAV2@2J@Z
?OnFinalRelease@CThreadBase@@MAEXXZ
??1Provider@@UAE@XZ
??4CHString@@QAEABV0@ABV0@@Z
?GetLocalComputerName@Provider@@IAEABVCHString@@XZ
??0CHString@@QAE@XZ
??0Provider@@QAE@PBG0@Z
?SetWBEMINT64@CInstance@@QAE_NPBG_K@Z
?SetDWORD@CInstance@@QAE_NPBGK@Z
?GetWBEMINT64@CInstance@@QBE_NPBGAA_J@Z
?GetStatus@CInstance@@QBE_NPBGAA_NAAG@Z
?IsPropertyRequired@CFrameworkQuery@@QAE_NPBG@Z
?Format@CHString@@QAAXPBGZZ
?Release@CInstance@@QAEJXZ
?Right@CHString@@QBE?AV1@H@Z
?CompareNoCase@CHString@@QBEHPBG@Z
??BCHString@@QBEPBGXZ
?Left@CHString@@QBE?AV1@H@Z
?Find@CHString@@QBEHG@Z
?AllPropertiesAreRequired@CFrameworkQuery@@QAE_NXZ
??YCHString@@QAEABV0@ABV0@@Z
??0CHString@@QAE@ABV0@@Z
?Mid@CHString@@QBE?AV1@H@Z
?Find@CHString@@QBEHPBG@Z
??YCHString@@QAEABV0@PBG@Z
?GetCHString@CInstance@@QBE_NPBGAAVCHString@@@Z
?SetWCHARSplat@CInstance@@QAE_NPBG0@Z
?Commit@CInstance@@QAEJXZ
?CreateNewInstance@Provider@@IAEPAVCInstance@@PAVMethodContext@@@Z
??1CHStringArray@@QAE@XZ
?GetAt@CHStringArray@@QBE?AVCHString@@H@Z
?GetSize@CHStringArray@@QBEHXZ
?GetValuesForProp@CFrameworkQuery@@QAEJPBGAAVCHStringArray@@@Z
??0CHStringArray@@QAE@XZ
?DeleteInstance@Provider@@MAEJABVCInstance@@J@Z
?Getbool@CInstance@@QBE_NPBGAA_N@Z
?GetDWORD@CInstance@@QBE_NPBGAAK@Z
?AddRef@CInstance@@QAEJXZ
?Setbool@CInstance@@QAE_NPBG_N@Z
?SetCHString@CInstance@@QAE_NPBGABVCHString@@@Z
?GetWBEMINT64@CInstance@@QBE_NPBGAA_K@Z
??YCHString@@QAEABV0@G@Z
??ACHStringArray@@QAEAAVCHString@@H@Z
??1CWbemGlueFactory@@QAE@XZ
?FrameworkLogoffDLL@CWbemProviderGlue@@SGHPBGPAJ@Z
?FrameworkLoginDLL@CWbemProviderGlue@@SGHPBGPAJ@Z
??0CWbemGlueFactory@@QAE@PAJ@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?IsLoggingOn@ProviderLog@@QAE?AW4LogLevel@1@PAVCHString@@@Z
??1CreateMutexAsProcess@@QAE@XZ
??0CreateMutexAsProcess@@QAE@PBG@Z
?Empty@CHString@@QAEXXZ
?GetMethodContext@CInstance@@QBEPAVMethodContext@@XZ
?PutInstance@Provider@@MAEJABVCInstance@@J@Z
?GetInstancesByQueryAsynch@CWbemProviderGlue@@SGJPBGPAVProvider@@P6GJ1PAVCInstance@@PAVMethodContext@@PAX@Z034@Z
?GetNamespace@Provider@@IAEABVCHString@@XZ
?SetAt@CHString@@QAEXHG@Z
??ACHStringArray@@QBE?AVCHString@@H@Z
?GetInstancesByQuery@CWbemProviderGlue@@SGJPBGPAV?$TRefPointerCollection@VCInstance@@@@PAVMethodContext@@0@Z
?GetInstancePropertiesByPath@CWbemProviderGlue@@SGJPBGPAPAVCInstance@@PAVMethodContext@@AAVCHStringArray@@@Z
?Add@CHStringArray@@QAEHPBG@Z
?FindOneOf@CHString@@QBEHPBG@Z
?BeginRead@CThreadBase@@QAEHK@Z
?EndRead@CThreadBase@@QAEXXZ
?GetAt@CHPtrArray@@QBEPAXH@Z
?GetSize@CHPtrArray@@QBEHXZ
?GetVariant@CInstance@@QBE_NPBGAAUtagVARIANT@@@Z
?RemoveAt@CHStringArray@@QAEXHH@Z
?RemoveAll@CHStringArray@@QAEXXZ
??1CHPtrArray@@QAE@XZ
??0CHPtrArray@@QAE@XZ
?Add@CHPtrArray@@QAEHPAX@Z
?RemoveAll@CHPtrArray@@QAEXXZ
??ACHPtrArray@@QAEAAPAXH@Z
??H@YG?AVCHString@@PBGABV0@@Z
?GetInstanceKeysByPath@CWbemProviderGlue@@SGJPBGPAPAVCInstance@@PAVMethodContext@@@Z
?IsDerivedFrom@CWbemProviderGlue@@SG_NPBG0PAVMethodContext@@0@Z
??1CThreadBase@@UAE@XZ
??0CThreadBase@@QAE@W4THREAD_SAFETY_MECHANISM@0@@Z
?EndWrite@CThreadBase@@QAEXXZ
?BeginWrite@CThreadBase@@QAEHK@Z
?GetLocalInstancePath@Provider@@IAE_NPBVCInstance@@AAVCHString@@@Z
??H@YG?AVCHString@@ABV0@0@Z
??H@YG?AVCHString@@ABV0@G@Z
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 102KB - Virtual size: 102KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x32/wmipdskq.mfl
-
tools/wmic/x32/wmipdskq.mof
-
tools/wmic/x32/wmipicmp.dll.dll regsvr32 windows:5 windows x86 arch:x86
52f489017f268dd0dfb51261b2631e05
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
msvcrt
_CxxThrowException
iswspace
memmove
wcschr
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
_except_handler3
__dllonexit
_onexit
?terminate@@YAXXZ
free
malloc
wcscpy
towlower
wcscat
sscanf
atol
sprintf
towupper
wcscmp
__RTtypeid
??8type_info@@QBEHABV0@@Z
_purecall
wcsncpy
wcslen
_wcsicmp
__CxxFrameHandler
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
advapi32
OpenThreadToken
SetThreadToken
RegCreateKeyW
RegSetValueExW
RegDeleteKeyW
RegOpenKeyW
icmp
IcmpSendEcho2
IcmpCloseHandle
IcmpCreateFile
IcmpParseReplies
kernel32
CreateMutexW
lstrcpyW
GetModuleFileNameW
HeapReAlloc
HeapAlloc
HeapDestroy
HeapCreate
GetProcessHeap
GetCurrentThreadId
GetCurrentThread
FreeLibrary
Sleep
WaitForMultipleObjects
CreateThread
GetCurrentProcess
DuplicateHandle
WaitForSingleObject
CloseHandle
SetEvent
lstrlenW
MultiByteToWideChar
LocalFree
lstrlenA
OpenEventW
GetVersionExW
GetProcAddress
LoadLibraryExW
lstrcatW
GetLastError
GetSystemDirectoryW
CreateEventW
DebugBreak
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
HeapFree
oleaut32
SysAllocString
VariantClear
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
SysFreeString
VariantCopy
VariantChangeType
VariantInit
ole32
CoRevertToSelf
CoInitializeEx
CoUninitialize
StringFromGUID2
user32
DispatchMessageW
TranslateMessage
GetMessageW
MsgWaitForMultipleObjectsEx
LoadStringW
MsgWaitForMultipleObjects
PeekMessageW
wsock32
WSACleanup
htonl
gethostbyaddr
gethostbyname
ntohl
WSAGetLastError
WSAStartup
provthrd
?Query@QueryPreprocessor@@QAE?AW4QuadState@1@PAGAAPAUSQL_LEVEL_1_RPN_EXPRESSION@@@Z
?PreProcess@QueryPreprocessor@@QAE?AW4QuadState@1@PAXPAUSQL_LEVEL_1_RPN_EXPRESSION@@AAPAVWmiTreeNode@@@Z
?PreProcess@QueryPreprocessor@@QAE?AW4QuadState@1@PAXPAUSQL_LEVEL_1_RPN_EXPRESSION@@PAVWmiTreeNode@@KPAPAGAAPAVPartitionSet@@@Z
??1WmiNullNode@@UAE@XZ
??1WmiStringNode@@UAE@XZ
??1WmiUnsignedIntegerNode@@UAE@XZ
??1WmiSignedIntegerNode@@UAE@XZ
??0WmiStringNode@@QAE@PAG0W4WmiValueFunction@WmiValueNode@@1KPAVWmiTreeNode@@@Z
??0WmiSignedIntegerNode@@QAE@PAGJKPAVWmiTreeNode@@@Z
??0WmiUnsignedIntegerNode@@QAE@PAGKKPAVWmiTreeNode@@@Z
??0WmiNullNode@@QAE@PAGKPAVWmiTreeNode@@@Z
?Copy@WmiStringNode@@UAEPAVWmiTreeNode@@XZ
?Print@WmiStringNode@@UAEXXZ
?Copy@WmiSignedIntegerNode@@UAEPAVWmiTreeNode@@XZ
?Print@WmiSignedIntegerNode@@UAEXXZ
?Copy@WmiUnsignedIntegerNode@@UAEPAVWmiTreeNode@@XZ
?Print@WmiUnsignedIntegerNode@@UAEXXZ
?Copy@WmiNullNode@@UAEPAVWmiTreeNode@@XZ
?Print@WmiNullNode@@UAEXXZ
??1WmiStringRangeNode@@UAE@XZ
??1WmiSignedIntegerRangeNode@@UAE@XZ
??1WmiUnsignedIntegerRangeNode@@UAE@XZ
??0WmiUnsignedIntegerRangeNode@@QAE@PAGKHHHHKKPAVWmiTreeNode@@1@Z
??0WmiSignedIntegerRangeNode@@QAE@PAGKHHHHJJPAVWmiTreeNode@@1@Z
??0WmiStringRangeNode@@QAE@PAGKHHHH00PAVWmiTreeNode@@1@Z
?Copy@WmiUnsignedIntegerRangeNode@@UAEPAVWmiTreeNode@@XZ
?CopyNode@WmiTreeNode@@UAEPAV1@XZ
?Print@WmiUnsignedIntegerRangeNode@@UAEXXZ
?Copy@WmiSignedIntegerRangeNode@@UAEPAVWmiTreeNode@@XZ
?Print@WmiSignedIntegerRangeNode@@UAEXXZ
?Copy@WmiStringRangeNode@@UAEPAVWmiTreeNode@@XZ
?Print@WmiStringRangeNode@@UAEXXZ
??0QueryPreprocessor@@QAE@XZ
??1QueryPreprocessor@@UAE@XZ
?GetStringValue@ProvIpAddressType@@UBEPAGXZ
??0ProvIpAddressType@@QAE@PBG@Z
?IsValid@ProvInstanceType@@UBEHXZ
??1ProvIpAddressType@@UAE@XZ
?UnicodeToDbcsString@@YGPADPBG@Z
??0ProvIpAddressType@@QAE@K@Z
??4ProvIpAddressType@@QAEAAV0@ABV0@@Z
?GetValue@ProvIpAddressType@@QBEKXZ
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 57KB - Virtual size: 57KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x32/wmipicmp.mfl
-
tools/wmic/x32/wmipicmp.mof
-
tools/wmic/x32/wmipiprt.dll.dll regsvr32 windows:5 windows x86 arch:x86
830d828cb485654de1c0469ac4f616f7
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
WMIPIPRT.pdb
Imports
msvcrt
wcscpy
wcscat
_CxxThrowException
??8type_info@@QBEHABV0@@Z
__RTtypeid
wcscmp
_wcsicmp
_ultow
_wtoi
wcslen
malloc
free
_initterm
_except_handler3
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
__CxxFrameHandler
ntdll
NtCreateEvent
NtOpenFile
RtlInitUnicodeString
NtWaitForSingleObject
NtDeviceIoControlFile
NtSetEvent
NtWaitForMultipleObjects
NtClose
framedyn
??0CRegistry@@QAE@XZ
?Open@CRegistry@@QAEJPAUHKEY__@@PBGK@Z
?DeleteCurrentKeyValue@CRegistry@@QAEKPBG@Z
?Close@CRegistry@@QAEXXZ
??1CRegistry@@QAE@XZ
??H@YG?AVCHString@@ABV0@G@Z
?ExecQuery@Provider@@MAEJPAVMethodContext@@AAVCFrameworkQuery@@J@Z
?GetClassObjectInterface@CInstance@@QAEPAUIWbemClassObject@@XZ
?GetQuery@CFrameworkQuery@@QAEABVCHString@@XZ
?SetDWORD@CInstance@@QAE_NPBGK@Z
?CreateNewInstance@Provider@@IAEPAVCInstance@@PAVMethodContext@@@Z
?SetCHString@CInstance@@QAE_NPBG0@Z
?SetCHString@CInstance@@QAE_NPBGPBD@Z
?Commit@Provider@@IAEJPAVCInstance@@_N@Z
??0CHString@@QAE@PBG@Z
?SetCHString@CInstance@@QAE_NPBGABVCHString@@@Z
??4CHString@@QAEABV0@ABV0@@Z
?GetNamespace@Provider@@IAEABVCHString@@XZ
??0CHString@@QAE@ABV0@@Z
?GetLocalComputerName@Provider@@IAEABVCHString@@XZ
?GetProviderName@Provider@@IAEABVCHString@@XZ
??H@YG?AVCHString@@PBGABV0@@Z
?GetLocalInstancePath@Provider@@IAE_NPBVCInstance@@AAVCHString@@@Z
??H@YG?AVCHString@@ABV0@PBG@Z
??H@YG?AVCHString@@ABV0@0@Z
?GetBuffer@CHString@@QAEPAGH@Z
?GetInstanceByPath@CWbemProviderGlue@@SGJPBGPAPAVCInstance@@PAVMethodContext@@@Z
?AddRef@CInstance@@QAEJXZ
??4CHString@@QAEABV0@PBG@Z
?MakeUpper@CHString@@QAEXXZ
?MakeLower@CHString@@QAEXXZ
??0CHString@@QAE@XZ
?GetStatus@CInstance@@QBE_NPBGAA_NAAG@Z
??1CHString@@QAE@XZ
?GetCHString@CInstance@@QBE_NPBGAAVCHString@@@Z
?IsEmpty@CHString@@QBEHXZ
??BCHString@@QBEPBGXZ
?GetDWORD@CInstance@@QBE_NPBGAAK@Z
?Release@CInstance@@QAEJXZ
??0Provider@@QAE@PBG0@Z
?EnumerateAndGetValues@CRegistry@@QAEJAAKAAPAGAAPAE@Z
?OnFinalRelease@CThreadBase@@MAEXXZ
?GetObject@Provider@@MAEJPAVCInstance@@JAAVCFrameworkQuery@@@Z
?Flush@Provider@@MAEXXZ
?ValidateEnumerationFlags@Provider@@MAEJJ@Z
?ValidateGetObjFlags@Provider@@MAEJJ@Z
?ValidateMethodFlags@Provider@@MAEJJ@Z
?ValidateQueryFlags@Provider@@MAEJJ@Z
?ValidateDeletionFlags@Provider@@MAEJJ@Z
?ValidatePutInstanceFlags@Provider@@MAEJJ@Z
?captainsLog@@3VProviderLog@@A
?LocalLogMessage@ProviderLog@@QAAXPBGHW4LogLevel@1@0ZZ
?LocalLogMessage@ProviderLog@@QAEXPBG0HW4LogLevel@1@@Z
?Empty@CHString@@QAEXXZ
?BeginRead@CThreadBase@@QAEHK@Z
?EndRead@CThreadBase@@QAEXXZ
?GetAt@CHPtrArray@@QBEPAXH@Z
?GetSize@CHPtrArray@@QBEHXZ
?GetVariant@CInstance@@QBE_NPBGAAUtagVARIANT@@@Z
?RemoveAt@CHStringArray@@QAEXHH@Z
??1CObjectPathParser@@QAE@XZ
?RemoveAll@CHStringArray@@QAEXXZ
?Free@CObjectPathParser@@QAEXPAUParsedObjectPath@@@Z
?Parse@CObjectPathParser@@QAEHPBGPAPAUParsedObjectPath@@@Z
??ACHStringArray@@QAEAAVCHString@@H@Z
??0CObjectPathParser@@QAE@W4ObjectParserFlags@@@Z
?GetInstanceKeysByPath@CWbemProviderGlue@@SGJPBGPAPAVCInstance@@PAVMethodContext@@@Z
?IsDerivedFrom@CWbemProviderGlue@@SG_NPBG0PAVMethodContext@@0@Z
??1CHPtrArray@@QAE@XZ
??1CThreadBase@@UAE@XZ
??0CHPtrArray@@QAE@XZ
??0CThreadBase@@QAE@W4THREAD_SAFETY_MECHANISM@0@@Z
?EndWrite@CThreadBase@@QAEXXZ
?Add@CHPtrArray@@QAEHPAX@Z
?BeginWrite@CThreadBase@@QAEHK@Z
?RemoveAll@CHPtrArray@@QAEXXZ
??ACHPtrArray@@QAEAAPAXH@Z
?GetValuesForProp@CFrameworkQuery@@QAEJPBGAAVCHStringArray@@@Z
?GetMethodContext@CInstance@@QBEPAVMethodContext@@XZ
?Commit@CInstance@@QAEJXZ
?FindOneOf@CHString@@QBEHPBG@Z
?Left@CHString@@QBE?AV1@H@Z
?SetCurrentKeyValue@CRegistry@@QAEKPBGAAVCHString@@@Z
??1Provider@@UAE@XZ
??YCHString@@QAEABV0@G@Z
?Right@CHString@@QBE?AV1@H@Z
??0CHStringArray@@QAE@XZ
?Add@CHStringArray@@QAEHPBG@Z
?GetInstancePropertiesByPath@CWbemProviderGlue@@SGJPBGPAPAVCInstance@@PAVMethodContext@@AAVCHStringArray@@@Z
??1CHStringArray@@QAE@XZ
??1CWbemGlueFactory@@QAE@XZ
?FrameworkLogoffDLL@CWbemProviderGlue@@SGHPBGPAJ@Z
?FrameworkLoginDLL@CWbemProviderGlue@@SGHPBGPAJ@Z
??0CWbemGlueFactory@@QAE@PAJ@Z
?GetObject@Provider@@MAEJPAVCInstance@@J@Z
?ExecMethod@Provider@@MAEJABVCInstance@@QAGPAV2@2J@Z
?DeleteInstance@Provider@@MAEJABVCInstance@@J@Z
?PutInstance@Provider@@MAEJABVCInstance@@J@Z
?GetInstancesByQueryAsynch@CWbemProviderGlue@@SGJPBGPAVProvider@@P6GJ1PAVCInstance@@PAVMethodContext@@PAX@Z034@Z
?SetAt@CHString@@QAEXHG@Z
?GetLength@CHString@@QBEHXZ
??YCHString@@QAEABV0@ABV0@@Z
??ACHStringArray@@QBE?AVCHString@@H@Z
?Format@CHString@@QAAXPBGZZ
?GetSize@CHStringArray@@QBEHXZ
?GetInstancesByQuery@CWbemProviderGlue@@SGJPBGPAV?$TRefPointerCollection@VCInstance@@@@PAVMethodContext@@0@Z
provthrd
??0WmiUnsignedIntegerNode@@QAE@PAGKKPAVWmiTreeNode@@@Z
??1WmiNullNode@@UAE@XZ
??1WmiStringNode@@UAE@XZ
??1WmiUnsignedIntegerNode@@UAE@XZ
??1WmiSignedIntegerNode@@UAE@XZ
??0WmiStringNode@@QAE@PAG0W4WmiValueFunction@WmiValueNode@@1KPAVWmiTreeNode@@@Z
??0WmiSignedIntegerNode@@QAE@PAGJKPAVWmiTreeNode@@@Z
??0WmiNullNode@@QAE@PAGKPAVWmiTreeNode@@@Z
?Copy@WmiStringNode@@UAEPAVWmiTreeNode@@XZ
?Print@WmiStringNode@@UAEXXZ
?Copy@WmiSignedIntegerNode@@UAEPAVWmiTreeNode@@XZ
?Print@WmiSignedIntegerNode@@UAEXXZ
?Copy@WmiUnsignedIntegerNode@@UAEPAVWmiTreeNode@@XZ
?Print@WmiUnsignedIntegerNode@@UAEXXZ
?Copy@WmiNullNode@@UAEPAVWmiTreeNode@@XZ
?Print@WmiNullNode@@UAEXXZ
??1WmiStringRangeNode@@UAE@XZ
??1WmiSignedIntegerRangeNode@@UAE@XZ
??1WmiUnsignedIntegerRangeNode@@UAE@XZ
??0WmiUnsignedIntegerRangeNode@@QAE@PAGKHHHHKKPAVWmiTreeNode@@1@Z
??0WmiSignedIntegerRangeNode@@QAE@PAGKHHHHJJPAVWmiTreeNode@@1@Z
??0WmiStringRangeNode@@QAE@PAGKHHHH00PAVWmiTreeNode@@1@Z
?Copy@WmiUnsignedIntegerRangeNode@@UAEPAVWmiTreeNode@@XZ
?CopyNode@WmiTreeNode@@UAEPAV1@XZ
?Print@WmiUnsignedIntegerRangeNode@@UAEXXZ
?Copy@WmiSignedIntegerRangeNode@@UAEPAVWmiTreeNode@@XZ
?Print@WmiSignedIntegerRangeNode@@UAEXXZ
?Copy@WmiStringRangeNode@@UAEPAVWmiTreeNode@@XZ
?Print@WmiStringRangeNode@@UAEXXZ
??8ProvInstanceType@@QBEHABV0@@Z
?Startup@ProvThreadObject@@SGHXZ
?Startup@ProvDebugLog@@SGHXZ
??1QueryPreprocessor@@UAE@XZ
??0QueryPreprocessor@@QAE@XZ
??1ProvIpAddressType@@UAE@XZ
?GetValue@ProvIpAddressType@@QBEKXZ
?IsValid@ProvInstanceType@@UBEHXZ
??0ProvIpAddressType@@QAE@PBG@Z
?GetStringValue@ProvIpAddressType@@UBEPAGXZ
??0ProvIpAddressType@@QAE@K@Z
?Closedown@ProvDebugLog@@SGXXZ
?Closedown@ProvThreadObject@@SGXXZ
?PreProcess@QueryPreprocessor@@QAE?AW4QuadState@1@PAXPAUSQL_LEVEL_1_RPN_EXPRESSION@@PAVWmiTreeNode@@KPAPAGAAPAVPartitionSet@@@Z
?PreProcess@QueryPreprocessor@@QAE?AW4QuadState@1@PAXPAUSQL_LEVEL_1_RPN_EXPRESSION@@AAPAVWmiTreeNode@@@Z
?Query@QueryPreprocessor@@QAE?AW4QuadState@1@PAGAAPAUSQL_LEVEL_1_RPN_EXPRESSION@@@Z
advapi32
RegOpenKeyW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyW
RegQueryValueExW
kernel32
InitializeCriticalSection
DeleteCriticalSection
HeapFree
HeapAlloc
GetModuleFileNameW
GetVersionExW
lstrcpyW
lstrcatW
DisableThreadLibraryCalls
LocalFree
lstrlenW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
CreateThread
CloseHandle
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
GetProcessHeap
oleaut32
SysAllocString
SysFreeString
VariantInit
VariantCopy
VariantChangeType
VariantClear
ole32
StringFromGUID2
wsock32
htonl
ntohl
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 51KB - Virtual size: 50KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x32/wmipiprt.mfl
-
tools/wmic/x32/wmipiprt.mof
-
tools/wmic/x32/wmipjobj.dll.dll regsvr32 windows:5 windows x86 arch:x86
fb1d0577de4027ba93d06b842f5f760d
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
WMIPJOBJ.pdb
Imports
msvcrt
wcsncpy
__CxxFrameHandler
towupper
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
free
malloc
_ultow
_ui64tow
_wcslwr
_CxxThrowException
iswupper
_wcsicmp
wcscat
wcsrchr
wcschr
wcscpy
wcslen
_i64tow
framedyn
?ReleaseBuffer@CHString@@QAEXH@Z
?GetBuffer@CHString@@QAEPAGH@Z
?MakeLower@CHString@@QAEXXZ
??4CHString@@QAEABV0@PBG@Z
??1CHString@@QAE@XZ
??4CHString@@QAEABV0@ABV0@@Z
??0CObjectPathParser@@QAE@W4ObjectParserFlags@@@Z
?Parse@CObjectPathParser@@QAEHPBGPAPAUParsedObjectPath@@@Z
??0CFrameworkQueryEx@@QAE@XZ
?Init@CFrameworkQuery@@QAEJPAUParsedObjectPath@@PAUIWbemContext@@PBGAAVCHString@@@Z
?GetSize@CHStringArray@@QBEHXZ
??ACHStringArray@@QAEAAVCHString@@H@Z
??1CFrameworkQueryEx@@QAE@XZ
?Free@CObjectPathParser@@QAEXPAUParsedObjectPath@@@Z
??1CObjectPathParser@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0CFrameworkQuery@@QAE@XZ
?Init@CFrameworkQuery@@QAEJQAG0JAAVCHString@@@Z
?GetValuesForProp@CFrameworkQuery@@QAEJPBGAAV?$vector@V_bstr_t@@V?$allocator@V_bstr_t@@@std@@@std@@@Z
??1CFrameworkQuery@@QAE@XZ
??0CHStringArray@@QAE@XZ
?Add@CHStringArray@@QAEHPBG@Z
??1CHStringArray@@QAE@XZ
??BCHString@@QBEPBGXZ
??0CHString@@QAE@XZ
?IsPropertyRequired@CFrameworkQuery@@QAE_NPBG@Z
ole32
CoGetCallContext
StringFromCLSID
CoTaskMemFree
oleaut32
SafeArrayCreate
SafeArrayPutElement
VariantCopy
SysFreeString
SysAllocString
VariantClear
VariantInit
kernel32
LocalFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleFileNameW
DisableThreadLibraryCalls
WaitForSingleObject
TerminateThread
OpenJobObjectW
QueryInformationJobObject
LoadLibraryW
GetProcAddress
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetVersionExW
GetCurrentThread
GetLastError
CloseHandle
user32
wsprintfW
advapi32
IsValidSid
LookupAccountSidW
OpenThreadToken
GetTokenInformation
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
RegDeleteKeyW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 53KB - Virtual size: 53KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 880B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x32/wmipjobj.mfl
-
tools/wmic/x32/wmipjobj.mof
-
tools/wmic/x32/wmiprov.dll.dll regsvr32 windows:5 windows x86 arch:x86
daf4aa6669016463d9de9940329fb839
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
wmiprov.pdb
Imports
msvcrt
_vsnprintf
iswspace
asctime
localtime
time
wcscmp
wcstoul
wcstok
_wtol
wcsrchr
_wtoi
wcschr
wcsncpy
atol
sscanf
_except_handler3
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_vsnwprintf
wcslen
wcscpy
_wcsicmp
_purecall
??_V@YAXPAX@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_CxxThrowException
??2@YAPAXI@Z
??3@YAXPAX@Z
_wtoi64
memmove
__CxxFrameHandler
swscanf
ole32
CoGetCallContext
StringFromCLSID
CoTaskMemFree
CLSIDFromString
StringFromGUID2
CoInitializeEx
CoUninitialize
CoCreateInstance
oleaut32
VariantChangeType
VariantCopy
SysFreeString
VariantChangeTypeEx
VariantInit
VariantClear
SysAllocString
SafeArrayGetLBound
SafeArrayCopy
SafeArrayPutElement
SafeArrayRedim
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayDestroy
wmi
WmiCloseBlock
WmiMofEnumerateResourcesW
WmiFreeBuffer
WmiSetSingleInstanceW
WmiExecuteMethodW
WmiSetSingleItemW
WmiQuerySingleInstanceW
WmiQueryAllDataW
WmiNotificationRegistrationW
WmiOpenBlock
WmiQueryGuidInformation
kernel32
SystemTimeToFileTime
GetVersionExA
MultiByteToWideChar
GetFullPathNameW
LoadLibraryW
GetProcAddress
QueryPerformanceFrequency
FreeResource
LoadLibraryExW
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
InterlockedCompareExchange
CloseHandle
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LocalFree
Sleep
CreateEventW
GetLastError
GetModuleFileNameW
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentThread
ReleaseMutex
GetStringTypeExW
GetSystemDirectoryW
lstrlenW
MoveFileW
DeleteFileW
GetFileSizeEx
SetFilePointerEx
CreateFileW
WaitForSingleObject
WriteFile
CreateMutexA
DebugBreak
LCMapStringW
ExpandEnvironmentStringsW
CreateDirectoryW
GetFileAttributesW
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree
SetLastError
WideCharToMultiByte
GetVersionExW
IsBadReadPtr
GetWindowsDirectoryW
FileTimeToLocalFileTime
FindResourceW
GetFileTime
SizeofResource
LockResource
LoadResource
FreeLibrary
FindResourceExW
advapi32
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RevertToSelf
GetNamedSecurityInfoW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyW
OpenThreadToken
SetThreadToken
RegOpenKeyExW
RegCloseKey
WmiQuerySingleInstanceMultipleW
WmiQueryAllDataMultipleW
EqualSid
GetTokenInformation
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
FreeSid
AllocateAndInitializeSid
RegEnumValueW
LookupPrivilegeNameW
ImpersonateSelf
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteValueW
RegQueryValueExW
rpcrt4
UuidToStringW
RpcStringFreeW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 127KB - Virtual size: 127KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 968B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x32/wmiprvsd.dll.dll regsvr32 windows:5 windows x86 arch:x86
0e26a3aa61b8bf7baedfd6cfa3dc3e68
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
WmiPrvSD.pdb
Imports
msvcrt
wcslen
_vsnwprintf
_except_handler3
_wcsicmp
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
wcscmp
__CxxFrameHandler
free
_initterm
malloc
_adjust_fdiv
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
realloc
wcsncpy
_purecall
_CxxThrowException
wcstol
wbemcomn
??0CLike@@QAE@PBGG@Z
?Match@CLike@@QAE_NPBG@Z
??1CLike@@QAE@XZ
?DebugTrace@@YAHDPBDZZ
?ErrorTrace@@YAHDPBDZZ
fastprox
?New@CWbemCallSecurity@@SGPAV1@XZ
ncobjapi
WmiSetAndCommitObject
WmiDestroyObject
WmiEventSourceDisconnect
WmiEventSourceConnect
WmiCreateObjectWithFormat
kernel32
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
LocalFree
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
OpenEventW
DisableThreadLibraryCalls
lstrlenW
GetModuleFileNameW
DebugBreak
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
TlsAlloc
TlsFree
TlsGetValue
GetCurrentProcess
ChangeTimerQueueTimer
SetEvent
InterlockedExchange
GetCurrentProcessId
DeleteTimerQueueTimer
UnregisterWaitEx
QueueUserWorkItem
Sleep
SwitchToThread
InterlockedCompareExchange
RegisterWaitForSingleObject
CreateTimerQueueTimer
CreateEventW
LCMapStringW
GetTickCount
GetCurrentThread
WaitForMultipleObjects
CreateThread
GetCurrentThreadId
GetProcessTimes
InterlockedIncrement
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetProcessHeap
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
GlobalUnlock
GlobalLock
GlobalAlloc
DuplicateHandle
CompareFileTime
SystemTimeToFileTime
FileTimeToSystemTime
GetTimeZoneInformation
GetStringTypeExW
AssignProcessToJobObject
TerminateJobObject
CreateJobObjectW
GetLastError
OpenJobObjectW
GetVersionExW
SetInformationJobObject
UnmapViewOfFile
CloseHandle
DeleteCriticalSection
QueryPerformanceCounter
OpenProcess
TlsSetValue
advapi32
RegSetValueExW
RegEnumKeyExW
RegSetKeySecurity
ConvertStringSecurityDescriptorToSecurityDescriptorW
MakeAbsoluteSD
MapGenericMask
AccessCheck
AdjustTokenPrivileges
GetTokenInformation
RegQueryValueExW
OpenProcessToken
OpenThreadToken
GetKernelObjectSecurity
GetSecurityDescriptorDacl
GetAclInformation
DuplicateTokenEx
LogonUserW
ImpersonateLoggedOnUser
RegOpenKeyExW
RegisterEventSourceW
ReportEventW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetSecurityDescriptorLength
InitializeSecurityDescriptor
AllocateAndInitializeSid
CopySid
GetLengthSid
InitializeAcl
AddAce
SetSecurityDescriptorDacl
FreeSid
SetThreadToken
RevertToSelf
MakeSelfRelativeSD
DeregisterEventSource
user32
DispatchMessageW
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
PeekMessageW
GetMessageW
TranslateMessage
oleaut32
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
SysAllocStringLen
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
VariantInit
VariantClear
SysAllocString
SysFreeString
ole32
CoGetCallContext
CoSwitchCallContext
CoRevertToSelf
CoImpersonateClient
CoCreateInstance
StringFromGUID2
CLSIDFromString
CoDisconnectObject
CoGetClassObject
CoCreateGuid
CoInitializeEx
CoUninitialize
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoUnmarshalInterface
CreateStreamOnHGlobal
CoReleaseMarshalData
CoMarshalInterface
CoGetMarshalSizeMax
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 388KB - Virtual size: 387KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 984B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 28KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x32/wmiprvse.exe.exe windows:5 windows x86 arch:x86
c7a4716d27ffa1f8c0483064cc8ea859
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
WmiPrvSE.pdb
Imports
msvcrt
_CxxThrowException
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
wcstok
__CxxFrameHandler
setlocale
wcslen
_vsnwprintf
_except_handler3
_purecall
_wcsicmp
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_controlfp
advapi32
ConvertStringSecurityDescriptorToSecurityDescriptorW
MapGenericMask
AccessCheck
AdjustTokenPrivileges
GetTokenInformation
RegQueryValueExW
MakeAbsoluteSD
OpenProcessToken
OpenThreadToken
GetAclInformation
ImpersonateLoggedOnUser
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetSecurityDescriptorLength
MakeSelfRelativeSD
RegDisablePredefinedCache
RevertToSelf
SetThreadToken
FreeSid
SetSecurityDescriptorDacl
AddAce
InitializeAcl
GetLengthSid
CopySid
AllocateAndInitializeSid
InitializeSecurityDescriptor
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegSetValueExW
kernel32
HeapDestroy
HeapAlloc
HeapFree
DeleteCriticalSection
InterlockedCompareExchange
GetProcAddress
GetModuleHandleW
lstrcmpiW
GetCurrentProcessId
CloseHandle
InterlockedIncrement
InterlockedDecrement
SetEvent
InitializeCriticalSectionAndSpinCount
TerminateProcess
GetCurrentProcess
GetLastError
WaitForMultipleObjects
GetCurrentThreadId
WaitForSingleObject
DuplicateHandle
Sleep
CreateThread
UnmapViewOfFile
GetVersionExW
HeapCreate
LocalFree
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
OpenEventW
lstrlenW
GetModuleFileNameW
DebugBreak
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
TlsFree
ChangeTimerQueueTimer
InterlockedExchange
SwitchToThread
CreateEventW
LCMapStringW
GetTickCount
GetCurrentThread
QueryPerformanceCounter
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
GetStartupInfoA
GetProcessHeap
GetCommandLineW
GetStringTypeExW
user32
PostMessageW
DefWindowProcW
DeleteMenu
GetSystemMenu
UpdateWindow
ShowWindow
CreateWindowExW
RegisterClassW
LoadCursorW
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
UnregisterClassW
LoadIconW
ntdll
NtQuerySystemInformation
wcstol
wcsncpy
wbemcomn
?DebugTrace@@YAHDPBDZZ
?ErrorTrace@@YAHDPBDZZ
fastprox
?New@CWbemCallSecurity@@SGPAV1@XZ
ncobjapi
WmiCreateObjectWithFormat
WmiEventSourceDisconnect
WmiDestroyObject
WmiSetAndCommitObject
WmiEventSourceConnect
oleaut32
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayGetLBound
VariantClear
SysAllocString
SysFreeString
SafeArrayGetDim
SysAllocStringLen
VariantInit
ole32
CoImpersonateClient
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoCreateGuid
CoGetClassObject
CLSIDFromString
StringFromGUID2
CoUninitialize
CoRevertToSelf
CoSwitchCallContext
CoGetCallContext
CoCreateInstance
CoRegisterClassObject
CoFreeUnusedLibrariesEx
CoInitializeEx
CoInitializeSecurity
CoRevokeClassObject
rpcrt4
RpcMgmtSetServerStackSize
Sections
.text Size: 204KB - Virtual size: 204KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 984B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/wmic/x32/wmipsess.dll.dll regsvr32 windows:5 windows x86 arch:x86
12380032c2eaa870deea5f5e3ebc5f92
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
WMIPSESS.pdb
Imports
msvcrt
wcscpy
wcscat
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
_adjust_fdiv
_initterm
free
malloc
_wcsicmp
_CxxThrowException
_purecall
__CxxFrameHandler
netapi32
NetSessionEnum
NetSessionDel
NetConnectionEnum
NetApiBufferFree
NetShareEnum
oleaut32
SysAllocString
VariantClear
VariantInit
VariantChangeType
framedyn
?Unparse@CObjectPathParser@@SGHPAUParsedObjectPath@@PAPAG@Z
?AddKeyRef@ParsedObjectPath@@QAEHPBGPBUtagVARIANT@@@Z
?SetClassName@ParsedObjectPath@@QAEHPBG@Z
??0ParsedObjectPath@@QAE@XZ
?ValidatePutInstanceFlags@Provider@@MAEJJ@Z
?ValidateDeletionFlags@Provider@@MAEJJ@Z
?ValidateQueryFlags@Provider@@MAEJJ@Z
?ValidateMethodFlags@Provider@@MAEJJ@Z
?ValidateGetObjFlags@Provider@@MAEJJ@Z
?ValidateEnumerationFlags@Provider@@MAEJJ@Z
?Flush@Provider@@MAEXXZ
?GetObject@Provider@@MAEJPAVCInstance@@J@Z
?ExecMethod@Provider@@MAEJABVCInstance@@QAGPAV2@2J@Z
?PutInstance@Provider@@MAEJABVCInstance@@J@Z
??0CObjectPathParser@@QAE@W4ObjectParserFlags@@@Z
??1Provider@@UAE@XZ
??0Provider@@QAE@PBG0@Z
?SetDWORD@CInstance@@QAE_NPBGK@Z
?SetWORD@CInstance@@QAE_NPBGG@Z
?SetCHString@CInstance@@QAE_NPBGABVCHString@@@Z
??0CHString@@QAE@XZ
?IsPropertyRequired@CFrameworkQuery@@QAE_NPBG@Z
?Release@CInstance@@QAEJXZ
?AddRef@CInstance@@QAEJXZ
?Format@CHString@@QAAXPBGZZ
??BCHString@@QBEPBGXZ
?AllPropertiesAreRequired@CFrameworkQuery@@QAE_NXZ
?GetCHString@CInstance@@QBE_NPBGAAVCHString@@@Z
?Commit@CInstance@@QAEJXZ
?CreateNewInstance@Provider@@IAEPAVCInstance@@PAVMethodContext@@@Z
?GetValuesForProp@CFrameworkQuery@@QAEJPBGAAVCHStringArray@@@Z
?DeleteInstance@Provider@@MAEJABVCInstance@@J@Z
?SetCharSplat@CInstance@@QAE_NPBG0@Z
?ExecQuery@Provider@@MAEJPAVMethodContext@@AAVCFrameworkQuery@@J@Z
?SetCHString@CInstance@@QAE_NPBG0@Z
??0CHString@@QAE@PBG@Z
??ACHStringArray@@QAEAAVCHString@@H@Z
?Free@CObjectPathParser@@QAEXPAUParsedObjectPath@@@Z
?RemoveAll@CHStringArray@@QAEXXZ
?Parse@CObjectPathParser@@QAEHPBGPAPAUParsedObjectPath@@@Z
??4CHString@@QAEABV0@PBG@Z
??1CObjectPathParser@@QAE@XZ
??1ParsedObjectPath@@QAE@XZ
??0CHStringArray@@QAE@XZ
?GetSize@CHStringArray@@QBEHXZ
?GetAt@CHStringArray@@QBE?AVCHString@@H@Z
?GetBuffer@CHString@@QAEPAGH@Z
??1CHString@@QAE@XZ
??1CHStringArray@@QAE@XZ
?Add@CHStringArray@@QAEHPBG@Z
?captainsLog@@3VProviderLog@@A
?LocalLogMessage@ProviderLog@@QAAXPBGHW4LogLevel@1@0ZZ
?LocalLogMessage@ProviderLog@@QAEXPBG0HW4LogLevel@1@@Z
?GetInstanceKeysByPath@CWbemProviderGlue@@SGJPBGPAPAVCInstance@@PAVMethodContext@@@Z
?GetDWORD@CInstance@@QBE_NPBGAAK@Z
?IsDerivedFrom@CWbemProviderGlue@@SG_NPBG0PAVMethodContext@@0@Z
??1CHPtrArray@@QAE@XZ
??1CThreadBase@@UAE@XZ
??0CHPtrArray@@QAE@XZ
??0CThreadBase@@QAE@W4THREAD_SAFETY_MECHANISM@0@@Z
?EndWrite@CThreadBase@@QAEXXZ
?Add@CHPtrArray@@QAEHPAX@Z
?BeginWrite@CThreadBase@@QAEHK@Z
?RemoveAll@CHPtrArray@@QAEXXZ
??ACHPtrArray@@QAEAAPAXH@Z
?GetMethodContext@CInstance@@QBEPAVMethodContext@@XZ
?OnFinalRelease@CThreadBase@@MAEXXZ
??H@YG?AVCHString@@PBGABV0@@Z
??H@YG?AVCHString@@ABV0@G@Z
??H@YG?AVCHString@@ABV0@0@Z
??1CWbemGlueFactory@@QAE@XZ
?FrameworkLogoffDLL@CWbemProviderGlue@@SGHPBGPAJ@Z
?FrameworkLoginDLL@CWbemProviderGlue@@SGHPBGPAJ@Z
??0CWbemGlueFactory@@QAE@PAJ@Z
?GetInstancesByQueryAsynch@CWbemProviderGlue@@SGJPBGPAVProvider@@P6GJ1PAVCInstance@@PAVMethodContext@@PAX@Z034@Z
?GetNamespace@Provider@@IAEABVCHString@@XZ
?SetAt@CHString@@QAEXHG@Z
?GetLength@CHString@@QBEHXZ
??YCHString@@QAEABV0@ABV0@@Z
??ACHStringArray@@QBE?AVCHString@@H@Z
?GetInstancesByQuery@CWbemProviderGlue@@SGJPBGPAV?$TRefPointerCollection@VCInstance@@@@PAVMethodContext@@0@Z
?GetInstancePropertiesByPath@CWbemProviderGlue@@SGJPBGPAPAVCInstance@@PAVMethodContext@@AAVCHStringArray@@@Z
??4CHString@@QAEABV0@ABV0@@Z
?Right@CHString@@QBE?AV1@H@Z
??YCHString@@QAEABV0@G@Z
?Left@CHString@@QBE?AV1@H@Z
?FindOneOf@CHString@@QBEHPBG@Z
?Empty@CHString@@QAEXXZ
?BeginRead@CThreadBase@@QAEHK@Z
?EndRead@CThreadBase@@QAEXXZ
?GetAt@CHPtrArray@@QBEPAXH@Z
?GetSize@CHPtrArray@@QBEHXZ
?GetVariant@CInstance@@QBE_NPBGAAUtagVARIANT@@@Z
?RemoveAt@CHStringArray@@QAEXHH@Z
?GetLocalInstancePath@Provider@@IAE_NPBVCInstance@@AAVCHString@@@Z
advapi32
RegOpenKeyW
RegDeleteKeyW
RegCreateKeyW
RegSetValueExW
kernel32
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetCurrentProcess
GetModuleFileNameW
LocalFree
lstrlenW
DisableThreadLibraryCalls
CloseHandle
lstrcatW
lstrcpyW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetVersionExW
ole32
StringFromGUID2
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 34KB - Virtual size: 33KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 516B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x32/wmipsess.mfl
-
tools/wmic/x32/wmipsess.mof
-
tools/wmic/x32/wmisvc.dll.dll regsvr32 windows:5 windows x86 arch:x86
5d7c3cabf4190e0a84d9ca499cf5f979
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
WMIsvc.pdb
Imports
msvcrt
_wtol
wcschr
_wtoi64
_wtoi
wcsrchr
wcstok
wcstoul
time
localtime
asctime
_vsnprintf
memmove
__CxxFrameHandler
_CxxThrowException
_purecall
_except_handler3
_vsnwprintf
_ui64tow
wcslen
wcscmp
wcsncpy
atoi
free
_initterm
malloc
_adjust_fdiv
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
ntdll
RtlCaptureStackBackTrace
ole32
CoRegisterClassObject
CoRevokeClassObject
CoUninitialize
CoFreeUnusedLibrariesEx
CoInitializeEx
CoCreateInstance
CLSIDFromString
StringFromGUID2
StringFromCLSID
CoTaskMemFree
CoGetCallContext
oleaut32
VariantInit
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCreate
SafeArrayGetElement
VariantChangeType
SafeArrayPutElement
VariantClear
SafeArrayDestroy
SysAllocString
SysFreeString
kernel32
LoadLibraryExW
EnterCriticalSection
SetProcessShutdownParameters
CreateMutexW
GetModuleHandleExW
SetErrorMode
lstrlenW
SetEvent
GetTickCount
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
FindClose
GetSystemTimeAsFileTime
GetFullPathNameW
FindNextFileW
MoveFileW
DeleteFileW
SetFileAttributesW
GetFileAttributesW
Sleep
CreateFileW
FindFirstFileW
FindFirstChangeNotificationW
GetSystemDirectoryW
LCMapStringW
InitializeCriticalSection
GetCurrentThread
LocalFree
ExpandEnvironmentStringsW
GetFileType
RemoveDirectoryW
CreateDirectoryW
CopyFileW
DeleteTimerQueueTimer
InterlockedCompareExchange
CreateTimerQueueTimer
UnregisterWaitEx
SetConsoleCtrlHandler
TerminateProcess
RegisterWaitForSingleObject
CreateProcessW
QueryPerformanceCounter
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree
GetFileSizeEx
SetFilePointerEx
WriteFile
CreateMutexA
ReadFile
SetFilePointer
GetFileSize
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
FreeResource
FindResourceW
WaitForMultipleObjects
FindNextChangeNotification
GetCurrentProcessId
LoadLibraryW
GetProcAddress
FreeLibrary
CloseHandle
CreateEventW
GetCurrentThreadId
DisableThreadLibraryCalls
ReleaseMutex
WaitForSingleObject
DebugBreak
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
FindResourceExW
LoadResource
LockResource
SizeofResource
GetFileTime
FileTimeToLocalFileTime
IsBadReadPtr
GetWindowsDirectoryW
GetLastError
SetLastError
user32
LoadStringW
advapi32
IsValidSid
GetLengthSid
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
WmiQuerySingleInstanceW
WmiQueryAllDataW
WmiQueryGuidInformation
WmiFreeBuffer
RegEnumValueW
WmiMofEnumerateResourcesW
WmiOpenBlock
WmiReceiveNotificationsW
WmiCloseBlock
RegDeleteKeyW
ChangeServiceConfig2W
CreateServiceW
RegCreateKeyExW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
ChangeServiceConfigW
AllocateAndInitializeSid
FreeSid
CloseServiceHandle
RegOpenKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetThreadToken
RevertToSelf
AddAce
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
MakeAbsoluteSD
LookupAccountNameW
GetTokenInformation
OpenProcessToken
GetSecurityDescriptorLength
InitializeSecurityDescriptor
GetSecurityDescriptorControl
MakeSelfRelativeSD
GetAclInformation
GetAce
InitializeAcl
RegDeleteValueW
GetNamedSecurityInfoW
AccessCheck
OpenThreadToken
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegisterServiceCtrlHandlerExW
SetServiceStatus
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
IsValidSecurityDescriptor
IsValidAcl
LookupAccountSidW
CopySid
vssapi
??0CVssWriter@@QAE@XZ
??1CVssWriter@@UAE@XZ
?OnPrepareBackup@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?Initialize@CVssWriter@@QAGJU_GUID@@PBGW4VSS_USAGE_TYPE@@W4VSS_SOURCE_TYPE@@W4_VSS_APPLICATION_LEVEL@@KW4VSS_ALTERNATE_WRITER_STATE@@_N@Z
?SetWriterFailure@CVssWriter@@IAGJJ@Z
?OnBackupComplete@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?Unsubscribe@CVssWriter@@QAGJXZ
?Subscribe@CVssWriter@@QAGJK@Z
?OnVSSApplicationStartup@CVssWriter@@UAG_NXZ
?OnVSSShutdown@CVssWriter@@UAG_NXZ
?OnContinueIOOnVolume@CVssWriter@@UAG_NPAGU_GUID@@1@Z
?OnBackOffIOOnVolume@CVssWriter@@UAG_NPAGU_GUID@@1@Z
?OnPostSnapshot@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPostRestore@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPreRestore@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
Exports
Exports
??0C9XAce@@QAE@ABV0@@Z
??0C9XAce@@QAE@XZ
??0CArena@@QAE@ABV0@@Z
??0CArena@@QAE@XZ
??0CBaseAce@@QAE@ABV0@@Z
??0CBaseAce@@QAE@XZ
??0CCheckedInCritSec@@QAE@PAVCCritSec@@@Z
??0CCritSec@@QAE@XZ
??0CEnterWbemCriticalSection@@QAE@PAVCWbemCriticalSection@@K@Z
??0CHaltable@@QAE@ABV0@@Z
??0CInCritSec@@QAE@PAU_RTL_CRITICAL_SECTION@@@Z
??0CNtAce@@QAE@XZ
??0CNtSid@@QAE@XZ
??0CWin32DefaultArena@@QAE@ABV0@@Z
??0CWin32DefaultArena@@QAE@XZ
??1CBaseAce@@UAE@XZ
??1CCheckedInCritSec@@QAE@XZ
??1CCritSec@@QAE@XZ
??1CEnterWbemCriticalSection@@QAE@XZ
??1CInCritSec@@QAE@XZ
??1CWin32DefaultArena@@QAE@XZ
??4C9XAce@@QAEAAV0@ABV0@@Z
??4CArena@@QAEAAV0@ABV0@@Z
??4CBaseAce@@QAEAAV0@ABV0@@Z
??4CCheckedInCritSec@@QAEAAV0@ABV0@@Z
??4CCritSec@@QAEAAV0@ABV0@@Z
??4CEnterWbemCriticalSection@@QAEAAV0@ABV0@@Z
??4CFlexQueue@@QAEAAV0@ABV0@@Z
??4CHaltable@@QAEAAV0@ABV0@@Z
??4CInCritSec@@QAEAAV0@ABV0@@Z
??4CNtSecurity@@QAEAAV0@ABV0@@Z
??4CPersistentConfig@@QAEAAV0@ABV0@@Z
??4CSmallArrayBlob@@QAEAAV0@ABV0@@Z
??4CWbemCriticalSection@@QAEAAV0@ABV0@@Z
??4CWin32DefaultArena@@QAEAAV0@ABV0@@Z
??4MD5@@QAEAAV0@ABV0@@Z
??4Registry@@QAEAAV0@ABV0@@Z
??ACFlexArray@@QAEAAPAXH@Z
??ACFlexArray@@QBEPAXH@Z
??ACSmallArrayBlob@@QBEPAXH@Z
??ACWStringArray@@QBEPAGH@Z
??_7C9XAce@@6B@
??_7CArena@@6B@
??_7CBaseAce@@6B@
??_7CHaltable@@6B@
??_7CNtAce@@6B@
??_7CWin32DefaultArena@@6B@
??_FCFlexArray@@QAEXXZ
??_FCFlexQueue@@QAEXXZ
??_FCNtAcl@@QAEXXZ
??_FCWStringArray@@QAEXXZ
?Add@CFlexArray@@QAEHPAX@Z
?Alloc@CWin32DefaultArena@@UAEPAXK@Z
?BreakOnDbgAndRenterLoop@CCritSec@@SGKXZ
?BreakOnDbgAndRenterLoop@CInCritSec@@SGKXZ
?Compress@CWStringArray@@QAEXXZ
?DecrementIndex@CFlexQueue@@IAEXAAH@Z
?Enter@CCheckedInCritSec@@QAEXXZ
?Enter@CCritSec@@QAEXXZ
?Free@CWin32DefaultArena@@UAEHPAX@Z
?GetAccessMask@C9XAce@@UAEKXZ
?GetArrayPtr@CFlexArray@@QAEPAPAXXZ
?GetArrayPtr@CFlexArray@@QBEPBQAXXZ
?GetArrayPtr@CSmallArrayBlob@@QAEPAPAXXZ
?GetArrayPtr@CSmallArrayBlob@@QBEPBQAXXZ
?GetArrayPtr@CWStringArray@@QAEPAPBGXZ
?GetAt@CFlexArray@@QBEPAXH@Z
?GetAt@CSmallArrayBlob@@QBEPAXH@Z
?GetAt@CWStringArray@@QBEPAGH@Z
?GetFlags@C9XAce@@UAEHXZ
?GetLastError@Registry@@QAEJXZ
?GetLockCount@CWbemCriticalSection@@QAEJXZ
?GetOwningThreadId@CWbemCriticalSection@@QAEKXZ
?GetPtr@CNtAce@@QAEPAU_ACCESS_ALLOWED_ACE@@XZ
?GetPtr@CNtAcl@@QAEPAU_ACL@@XZ
?GetPtr@CNtSecurityDescriptor@@QAEPAXXZ
?GetPtr@CNtSid@@QAEPAXXZ
?GetQueueSize@CFlexQueue@@QBEHXZ
?GetRecursionCount@CWbemCriticalSection@@QAEJXZ
?GetSize@CNtAce@@QAEKXZ
?GetStatus@C9XAce@@UAEKXZ
?GetStatus@CNtAce@@UAEKXZ
?GetStatus@CNtAcl@@QAEKXZ
?GetStatus@CNtSecurityDescriptor@@QAEKXZ
?GetStatus@CNtSid@@QAEKXZ
?GetType@C9XAce@@UAEHXZ
?IncrementIndex@CFlexQueue@@IAEXAAH@Z
?IsEntered@CCheckedInCritSec@@QAEHXZ
?IsEntered@CEnterWbemCriticalSection@@QAEHXZ
?IsUser@CNtSid@@QAE_NXZ
?IsValid@CNtAcl@@QAEHXZ
?IsValid@CNtSecurityDescriptor@@QAEHXZ
?IsValid@CNtSid@@QAEHXZ
?Leave@CCheckedInCritSec@@QAEXXZ
?Leave@CCritSec@@QAEXXZ
?Realloc@CWin32DefaultArena@@UAEPAXPAXK@Z
?SetAt@CFlexArray@@QAEXHPAX@Z
?SetFlags@C9XAce@@UAEXJ@Z
?SetFlags@CNtAce@@UAEXJ@Z
?SetSize@CFlexArray@@QAEXH@Z
?Size@CFlexArray@@QBEHXZ
?Size@CSmallArrayBlob@@QBEHXZ
?Size@CWStringArray@@QBEHXZ
?Unqueue@CFlexQueue@@QAEPAXXZ
?WbemSysFreeString@CWin32DefaultArena@@SGXPAG@Z
?isValid@CHaltable@@QAE_NXZ
DllRegisterServer
DllUnregisterServer
DredgeRA
MoveToAlone
MoveToShared
ServiceMain
Sections
.text Size: 124KB - Virtual size: 124KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x32/wmitimep.dll.dll regsvr32 windows:5 windows x86 arch:x86
1da1849c6a7fd10d80c73d917b985933
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
msvcrt
_onexit
__dllonexit
_except_handler3
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_adjust_fdiv
malloc
_initterm
free
wcslen
wcscpy
swprintf
sscanf
atol
sprintf
wcsncpy
iswspace
towlower
wcstol
memmove
_vsnprintf
asctime
localtime
time
wcstoul
_wstat
wcstok
_CxxThrowException
_purecall
__CxxFrameHandler
_wcsicmp
kernel32
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetLocalTime
LocalFileTimeToFileTime
WaitForSingleObject
FileTimeToLocalFileTime
GetLastError
GetModuleHandleW
CreateThread
lstrcpyW
GetModuleFileNameW
lstrlenW
lstrcatW
DisableThreadLibraryCalls
HeapAlloc
HeapFree
InterlockedIncrement
CreateEventW
SetEvent
Sleep
CloseHandle
GetCurrentThread
ReleaseMutex
GetSystemDirectoryW
GetTickCount
CreateMutexW
MoveFileW
DeleteFileW
GetFileSizeEx
SetFilePointerEx
CreateFileW
WriteFile
ExpandEnvironmentStringsW
CreateDirectoryW
SystemTimeToFileTime
FileTimeToSystemTime
GetProcessHeap
CreateMutexA
GetSystemDirectoryA
lstrcatA
FreeLibrary
GetVersionExA
GetProcAddress
HeapReAlloc
LoadLibraryExA
advapi32
SetThreadToken
OpenThreadToken
RevertToSelf
RegOpenKeyW
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW
RegCreateKeyW
RegSetValueExW
RegCloseKey
ole32
CoTaskMemFree
CoTaskMemAlloc
CoInitialize
StringFromGUID2
CoUninitialize
oleaut32
VariantChangeType
VariantInit
VariantClear
VariantCopy
SysAllocString
SysFreeString
VariantChangeTypeEx
user32
wsprintfW
DispatchMessageA
PeekMessageA
RegisterClassW
CreateWindowExW
ShowWindow
GetMessageW
DestroyWindow
UnregisterClassW
PostMessageW
DefWindowProcW
MsgWaitForMultipleObjects
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 968B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x32/wmitimep.mfl
-
tools/wmic/x32/wmitimep.mof
-
tools/wmic/x64/WMIADAP.exe.exe windows:6 windows x64 arch:x64
24f8221750b808c342e2005ec6549910
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
WMIADAP.pdb
Imports
advapi32
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
FreeSid
InitializeSecurityDescriptor
MakeAbsoluteSD
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetValueExW
RegDeleteValueW
RegEnumValueW
RegOpenCurrentUser
RegEnumKeyW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
kernel32
OutputDebugStringA
MultiByteToWideChar
RaiseException
FormatMessageW
LocalFree
ResetEvent
CreateThread
ReleaseMutex
CreateMutexW
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreW
SetErrorMode
GetVersionExW
HeapSetInformation
lstrcmpW
CompareStringW
GetLocaleInfoW
lstrlenA
DeleteFileW
CreateFileW
WideCharToMultiByte
WriteFile
CreateDirectoryW
MoveFileExW
OpenEventW
WaitForMultipleObjects
EnterCriticalSection
GetProcAddress
SetLastError
LeaveCriticalSection
GetSystemDirectoryW
FreeLibrary
GetSystemDefaultLangID
ExpandEnvironmentStringsW
LoadLibraryW
GetVersionExA
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
lstrlenW
LocalAlloc
GetCurrentProcess
SetEvent
GetLastError
CreateEventW
SetConsoleCtrlHandler
CloseHandle
GetSystemDefaultUILanguage
GetModuleHandleW
GetCurrentProcessId
user32
UnregisterClassW
PostMessageW
LoadStringW
DispatchMessageW
DefWindowProcW
GetMessageW
CharNextW
CreateWindowExW
RegisterClassW
TranslateMessage
msvcrt
atol
wcsstr
iswxdigit
wcstoul
_vsnwprintf
isspace
toupper
__getmainargs
__C_specific_handler
_XcptFilter
_ismbblead
_cexit
exit
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
wcscoll
_ismbcdigit
wcspbrk
_wcsupr
memcpy
wcsrchr
memmove_s
strlen
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBV0@@Z
memcpy_s
free
malloc
memset
realloc
_wtol
_wcsicmp
_wtoi
wcschr
_CxxThrowException
__CxxFrameHandler3
_acmdln
_initterm
_wcslwr
_wcsrev
wcsspn
wcscspn
_ismbcspace
_exit
memmove
wbemcomn
?Throttle@@YAJKKKKK@Z
??0CStaticCritSec@@QEAA@XZ
??1CStaticCritSec@@QEAA@XZ
?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z
?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z
??4WString@@QEAAAEAV0@AEBV0@@Z
?DeleteString@WString@@AEAAXPEAG@Z
??0CEventLog@@QEAA@PEBG0K@Z
??1CEventLog@@QEAA@XZ
?Report@CEventLog@@QEAAHGKVCInsertionString@@000000000@Z
?Close@CEventLog@@QEAAHXZ
??0WString@@QEAA@XZ
??0WString@@QEAA@PEBG@Z
?Write@CMemoryLog@@QEAAXJ@Z
?GetMemLogObject@@YAPEAVCMemoryLog@@XZ
??0CInsertionString@@QEAA@VCHex@@@Z
??0WString@@QEAA@PEAGH@Z
??4WString@@QEAAAEAV0@PEBG@Z
??YWString@@QEAAAEAV0@PEBG@Z
??YWString@@QEAAAEAV0@AEBV0@@Z
?anyFailure@CStaticCritSec@@SAHXZ
?Open@CEventLog@@QEAAHXZ
oleaut32
SysFreeString
VariantClear
SysAllocString
VariantInit
VariantChangeType
SysAllocStringLen
SysStringLen
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayUnaccessData
ole32
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoSetProxyBlanket
loadperf
UnloadPerfCounterTextStringsW
LoadPerfCounterTextStringsW
ntdll
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlValidRelativeSecurityDescriptor
Exports
Exports
??0CHPtrArray@@QEAA@XZ
??0CHString@@QEAA@AEBV0@@Z
??0CHString@@QEAA@GH@Z
??0CHString@@QEAA@PEBD@Z
??0CHString@@QEAA@PEBE@Z
??0CHString@@QEAA@PEBG@Z
??0CHString@@QEAA@PEBGH@Z
??0CHString@@QEAA@XZ
??0CHStringArray@@QEAA@XZ
??0CRegistry@@QEAA@AEBV0@@Z
??0CRegistry@@QEAA@XZ
??0CRegistrySearch@@QEAA@AEBV0@@Z
??0CRegistrySearch@@QEAA@XZ
??1CHPtrArray@@QEAA@XZ
??1CHString@@QEAA@XZ
??1CHStringArray@@QEAA@XZ
??1CRegistry@@QEAA@XZ
??1CRegistrySearch@@QEAA@XZ
??4CHPtrArray@@QEAAAEAV0@AEBV0@@Z
??4CHString@@QEAAAEBV0@AEBV0@@Z
??4CHString@@QEAAAEBV0@D@Z
??4CHString@@QEAAAEBV0@G@Z
??4CHString@@QEAAAEBV0@PEAV0@@Z
??4CHString@@QEAAAEBV0@PEBD@Z
??4CHString@@QEAAAEBV0@PEBE@Z
??4CHString@@QEAAAEBV0@PEBG@Z
??4CHStringArray@@QEAAAEAV0@AEBV0@@Z
??4CRegistry@@QEAAAEAV0@AEBV0@@Z
??4CRegistrySearch@@QEAAAEAV0@AEBV0@@Z
??ACHPtrArray@@QEAAAEAPEAXH@Z
??ACHPtrArray@@QEBAPEAXH@Z
??ACHString@@QEBAGH@Z
??ACHStringArray@@QEAAAEAVCHString@@H@Z
??ACHStringArray@@QEBA?AVCHString@@H@Z
??H@YA?AVCHString@@AEBV0@0@Z
??H@YA?AVCHString@@AEBV0@G@Z
??H@YA?AVCHString@@AEBV0@PEBG@Z
??H@YA?AVCHString@@GAEBV0@@Z
??H@YA?AVCHString@@PEBGAEBV0@@Z
??YCHString@@QEAAAEBV0@AEBV0@@Z
??YCHString@@QEAAAEBV0@D@Z
??YCHString@@QEAAAEBV0@G@Z
??YCHString@@QEAAAEBV0@PEBG@Z
?Add@CHPtrArray@@QEAAHPEAX@Z
?Add@CHStringArray@@QEAAHPEBG@Z
?AllocBeforeWrite@CHString@@IEAAXH@Z
?AllocBuffer@CHString@@IEAAXH@Z
?AllocCopy@CHString@@IEBAXAEAV1@HHH@Z
?AllocSysString@CHString@@QEBAPEAGXZ
?Append@CHPtrArray@@QEAAHAEBV1@@Z
?Append@CHStringArray@@QEAAHAEBV1@@Z
?AssignCopy@CHString@@IEAAXHPEBG@Z
?CheckAndAddToList@CRegistrySearch@@AEAAXPEAVCRegistry@@VCHString@@1AEAVCHPtrArray@@11H@Z
?Close@CRegistry@@QEAAXXZ
?CloseSubKey@CRegistry@@AEAAXXZ
?Collate@CHString@@QEBAHPEBG@Z
?Compare@CHString@@QEBAHPEBG@Z
?CompareNoCase@CHString@@QEBAHPEBG@Z
?ConcatCopy@CHString@@IEAAXHPEBGH0@Z
?ConcatInPlace@CHString@@IEAAXHPEBG@Z
?Copy@CHPtrArray@@QEAAXAEBV1@@Z
?Copy@CHStringArray@@QEAAXAEBV1@@Z
?CopyBeforeWrite@CHString@@IEAAXXZ
?CreateOpen@CRegistry@@QEAAJPEAUHKEY__@@PEBGPEAGKKPEAU_SECURITY_ATTRIBUTES@@PEAK@Z
?DeleteCurrentKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBG@Z
?DeleteCurrentKeyValue@CRegistry@@QEAAKPEBG@Z
?DeleteKey@CRegistry@@QEAAJPEAVCHString@@@Z
?DeleteValue@CRegistry@@QEAAJPEBG@Z
?ElementAt@CHPtrArray@@QEAAAEAPEAXH@Z
?ElementAt@CHStringArray@@QEAAAEAVCHString@@H@Z
?Empty@CHString@@QEAAXXZ
?EnumerateAndGetValues@CRegistry@@QEAAJAEAKAEAPEAGAEAPEAE@Z
?Find@CHString@@QEBAHG@Z
?Find@CHString@@QEBAHPEBG@Z
?FindOneOf@CHString@@QEBAHPEBG@Z
?Format@CHString@@QEAAXIZZ
?Format@CHString@@QEAAXPEBGZZ
?FormatMessageW@CHString@@QEAAXIZZ
?FormatMessageW@CHString@@QEAAXPEBGZZ
?FormatV@CHString@@QEAAXPEBGPEAD@Z
?FreeExtra@CHPtrArray@@QEAAXXZ
?FreeExtra@CHString@@QEAAXXZ
?FreeExtra@CHStringArray@@QEAAXXZ
?FreeSearchList@CRegistrySearch@@QEAAHHAEAVCHPtrArray@@@Z
?GetAllocLength@CHString@@QEBAHXZ
?GetAt@CHPtrArray@@QEBAPEAXH@Z
?GetAt@CHString@@QEBAGH@Z
?GetAt@CHStringArray@@QEBA?AVCHString@@H@Z
?GetBuffer@CHString@@QEAAPEAGH@Z
?GetBufferSetLength@CHString@@QEAAPEAGH@Z
?GetClassNameA@CRegistry@@QEAAPEAGXZ
?GetCurrentBinaryKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBGPEAEPEAK@Z
?GetCurrentBinaryKeyValue@CRegistry@@QEAAKPEBGAEAVCHString@@@Z
?GetCurrentBinaryKeyValue@CRegistry@@QEAAKPEBGPEAEPEAK@Z
?GetCurrentKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBGAEAK@Z
?GetCurrentKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBGAEAVCHString@@@Z
?GetCurrentKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBGAEAVCHStringArray@@@Z
?GetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAK@Z
?GetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAVCHString@@@Z
?GetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAVCHStringArray@@@Z
?GetCurrentRawKeyValue@CRegistry@@AEAAKPEAUHKEY__@@PEBGPEAXPEAK3@Z
?GetCurrentRawSubKeyValue@CRegistry@@AEAAKPEBGPEAXPEAK2@Z
?GetCurrentSubKeyCount@CRegistry@@QEAAKXZ
?GetCurrentSubKeyName@CRegistry@@QEAAKAEAVCHString@@@Z
?GetCurrentSubKeyPath@CRegistry@@QEAAKAEAVCHString@@@Z
?GetCurrentSubKeyValue@CRegistry@@QEAAKPEBGAEAK@Z
?GetCurrentSubKeyValue@CRegistry@@QEAAKPEBGAEAVCHString@@@Z
?GetCurrentSubKeyValue@CRegistry@@QEAAKPEBGPEAXPEAK@Z
?GetData@CHPtrArray@@QEAAPEAPEAXXZ
?GetData@CHPtrArray@@QEBAPEAPEBXXZ
?GetData@CHString@@IEBAPEAUCHStringData@@XZ
?GetData@CHStringArray@@QEAAPEAVCHString@@XZ
?GetData@CHStringArray@@QEBAPEBVCHString@@XZ
?GetLength@CHString@@QEBAHXZ
?GetLongestClassStringSize@CRegistry@@QEAAKXZ
?GetLongestSubKeySize@CRegistry@@QEAAKXZ
?GetLongestValueData@CRegistry@@QEAAKXZ
?GetLongestValueName@CRegistry@@QEAAKXZ
?GetSize@CHPtrArray@@QEBAHXZ
?GetSize@CHStringArray@@QEBAHXZ
?GetUpperBound@CHPtrArray@@QEBAHXZ
?GetUpperBound@CHStringArray@@QEBAHXZ
?GethKey@CRegistry@@QEAAPEAUHKEY__@@XZ
?Init@CHString@@IEAAXXZ
?InsertAt@CHPtrArray@@QEAAXHPEAV1@@Z
?InsertAt@CHPtrArray@@QEAAXHPEAXH@Z
?InsertAt@CHStringArray@@QEAAXHPEAV1@@Z
?InsertAt@CHStringArray@@QEAAXHPEBGH@Z
?IsEmpty@CHString@@QEBAHXZ
?Left@CHString@@QEBA?AV1@H@Z
?LoadStringW@CHString@@IEAAHIPEAGI@Z
?LoadStringW@CHString@@QEAAHI@Z
?LocateKeyByNameOrValueName@CRegistrySearch@@QEAAHPEAUHKEY__@@PEBG1PEAPEBGKAEAVCHString@@3@Z
?LockBuffer@CHString@@QEAAPEAGXZ
?MakeLower@CHString@@QEAAXXZ
?MakeReverse@CHString@@QEAAXXZ
?MakeUpper@CHString@@QEAAXXZ
?Mid@CHString@@QEBA?AV1@H@Z
?Mid@CHString@@QEBA?AV1@HH@Z
?NextSubKey@CRegistry@@QEAAKXZ
?Open@CRegistry@@QEAAJPEAUHKEY__@@PEBGK@Z
?OpenAndEnumerateSubKeys@CRegistry@@QEAAJPEAUHKEY__@@PEBGK@Z
?OpenCurrentUser@CRegistry@@QEAAKPEBGK@Z
?OpenLocalMachineKeyAndReadValue@CRegistry@@QEAAJPEBG0AEAVCHString@@@Z
?OpenSubKey@CRegistry@@AEAAKXZ
?PrepareToReOpen@CRegistry@@AEAAXXZ
?Release@CHString@@QEAAXXZ
?Release@CHString@@SAXPEAUCHStringData@@@Z
?ReleaseBuffer@CHString@@QEAAXH@Z
?RemoveAll@CHPtrArray@@QEAAXXZ
?RemoveAll@CHStringArray@@QEAAXXZ
?RemoveAt@CHPtrArray@@QEAAXHH@Z
?RemoveAt@CHStringArray@@QEAAXHH@Z
?ReverseFind@CHString@@QEBAHG@Z
?RewindSubKeys@CRegistry@@QEAAXXZ
?Right@CHString@@QEBA?AV1@H@Z
?SafeStrlen@CHString@@KAHPEBG@Z
?SearchAndBuildList@CRegistrySearch@@QEAAHVCHString@@AEAVCHPtrArray@@00HPEAUHKEY__@@@Z
?SetAt@CHPtrArray@@QEAAXHPEAX@Z
?SetAt@CHString@@QEAAXHG@Z
?SetAt@CHStringArray@@QEAAXHPEBG@Z
?SetAtGrow@CHPtrArray@@QEAAXHPEAX@Z
?SetAtGrow@CHStringArray@@QEAAXHPEBG@Z
?SetCHStringResourceHandle@@YAXPEAUHINSTANCE__@@@Z
?SetCurrentKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBGAEAK@Z
?SetCurrentKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBGAEAVCHString@@@Z
?SetCurrentKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBGAEAVCHStringArray@@@Z
?SetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAK@Z
?SetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAVCHString@@@Z
?SetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAVCHStringArray@@@Z
?SetCurrentKeyValueExpand@CRegistry@@QEAAKPEAUHKEY__@@PEBGAEAVCHString@@@Z
?SetDefaultValues@CRegistry@@AEAAXXZ
?SetPlatformID@CRegistry@@CAHXZ
?SetSize@CHPtrArray@@QEAAXHH@Z
?SetSize@CHStringArray@@QEAAXHH@Z
?SpanExcluding@CHString@@QEBA?AV1@PEBG@Z
?SpanIncluding@CHString@@QEBA?AV1@PEBG@Z
?TrimLeft@CHString@@QEAAXXZ
?TrimRight@CHString@@QEAAXXZ
?UnlockBuffer@CHString@@QEAAXXZ
?myRegCreateKeyEx@CRegistry@@AEAAJPEAUHKEY__@@PEBGKPEAGKKQEAU_SECURITY_ATTRIBUTES@@PEAPEAU2@PEAK@Z
?myRegDeleteKey@CRegistry@@AEAAJPEAUHKEY__@@PEBG@Z
?myRegDeleteValue@CRegistry@@AEAAJPEAUHKEY__@@PEBG@Z
?myRegEnumKey@CRegistry@@AEAAJPEAUHKEY__@@KPEAGK@Z
?myRegEnumValue@CRegistry@@AEAAJPEAUHKEY__@@KPEAGPEAK22PEAE2@Z
?myRegOpenKeyEx@CRegistry@@AEAAJPEAUHKEY__@@PEBGKKPEAPEAU2@@Z
?myRegQueryInfoKey@CRegistry@@AEAAJPEAUHKEY__@@PEAGPEAK22222222PEAU_FILETIME@@@Z
?myRegQueryValueEx@CRegistry@@AEAAJPEAUHKEY__@@PEBGPEAK2PEAE2@Z
?myRegSetValueEx@CRegistry@@AEAAJPEAUHKEY__@@PEBGKKPEBEK@Z
?s_dwPlatform@CRegistry@@0KA
?s_fPlatformSet@CRegistry@@0HA
Sections
.text Size: 159KB - Virtual size: 158KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 972B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x64/WMIC.exe.exe windows:6 windows x64 arch:x64
15585cb74052b4739a900fcb332f06ea
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
WMIC.pdb
Imports
advapi32
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
AdjustTokenPrivileges
GetTokenInformation
RegCloseKey
kernel32
GetLastError
SetLastError
GetLocalTime
GetFileSizeEx
CopyFileW
WriteFile
FormatMessageW
GetStdHandle
GetConsoleScreenBufferInfo
GetFileType
GetComputerNameW
GetSystemDefaultUILanguage
MultiByteToWideChar
CompareStringW
WideCharToMultiByte
GetLocaleInfoW
GetUserPreferredUILanguages
SetConsoleCursorPosition
WriteConsoleW
GetConsoleMode
SetConsoleMode
ReadConsoleW
SetConsoleScreenBufferSize
SetFilePointer
GetCurrentProcess
GetSystemDirectoryW
LoadLibraryW
FreeLibrary
GetProcAddress
HeapSetInformation
DeleteFileW
GetCommandLineW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
InitializeCriticalSection
SetConsoleCtrlHandler
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
CreateEventW
CreateThread
SetEvent
GetModuleHandleW
SetUnhandledExceptionFilter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
OutputDebugStringA
Sleep
lstrlenA
CreateFileW
CloseHandle
LocalFree
lstrlenW
GetCurrentThreadId
LocalAlloc
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
QueryPerformanceCounter
msvcrt
wcsncmp
fputws
fwprintf
fflush
fprintf
fseek
fclose
fread
free
_initterm
wctomb
wcstombs
fgets
fwrite
_wfopen
wcstoul
wcsstr
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
__CxxFrameHandler3
_fileno
_filelength
fgetws
_iob
_itow
_wtoi
_wsystem
memset
ceilf
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UEAA@XZ
__set_app_type
_fmode
_commode
__setusermatherr
feof
_amsg_exit
_wfreopen
_kbhit
_callnewh
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
towlower
_getch
swscanf
_wremove
_wcsnicmp
_vsnprintf
_wtol
wcstok
_wcsicmp
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
memcpy_s
??0exception@@QEAA@AEBV0@@Z
_vsnwprintf
_ltow
malloc
memcpy
ole32
CoUninitialize
CoInitializeEx
CoSetProxyBlanket
CoCreateInstanceEx
CoCreateInstance
CoInitializeSecurity
oleaut32
VariantChangeType
SafeArrayGetVartype
VariantCopy
SysStringByteLen
SafeArrayPutElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
VariantClear
SysStringLen
SysAllocStringByteLen
VariantInit
SysFreeString
SysAllocString
user32
CloseClipboard
LoadStringW
OpenClipboard
EmptyClipboard
CharUpperW
SetClipboardData
framedynos
?Mid@CHString@@QEBA?AV1@H@Z
??4CHString@@QEAAAEBV0@AEBV0@@Z
?Left@CHString@@QEBA?AV1@H@Z
??H@YA?AVCHString@@AEBV0@PEBG@Z
??YCHString@@QEAAAEBV0@AEBV0@@Z
?Find@CHString@@QEBAHPEBG@Z
??0CHString@@QEAA@AEBV0@@Z
?GetBuffer@CHString@@QEAAPEAGH@Z
?FindOneOf@CHString@@QEBAHPEBG@Z
?TrimRight@CHString@@QEAAXXZ
?TrimLeft@CHString@@QEAAXXZ
?GetData@CHString@@IEBAPEAUCHStringData@@XZ
??YCHString@@QEAAAEBV0@PEBG@Z
?Empty@CHString@@QEAAXXZ
??0CHString@@QEAA@PEBD@Z
?Right@CHString@@QEBA?AV1@H@Z
??0CHString@@QEAA@PEBG@Z
?Format@CHString@@QEAAXPEBGZZ
??1CHString@@QEAA@XZ
??0CHString@@QEAA@XZ
??4CHString@@QEAAAEBV0@PEBG@Z
shlwapi
StrStrIW
ws2_32
WSACleanup
getaddrinfo
WSAStartup
freeaddrinfo
secur32
GetUserNameExW
iphlpapi
IcmpSendEcho
Icmp6CreateFile
Icmp6SendEcho2
IcmpCloseHandle
IcmpCreateFile
Sections
.text Size: 450KB - Virtual size: 450KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 28KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 71KB - Virtual size: 71KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 816B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x64/WMICOOKR.dll.dll regsvr32 windows:6 windows x64 arch:x64
c22cb592cce414bbae0fcff2e2d9cd1f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
WMICOOKR.pdb
Imports
msvcrt
memmove
memset
memcpy
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__C_specific_handler
_amsg_exit
free
_initterm
malloc
_XcptFilter
_CxxThrowException
_errno
__CxxFrameHandler
_vsnwprintf
wcsstr
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_purecall
pow
wbemcomn
?DeleteString@WString@@AEAAXPEAG@Z
??0WString@@QEAA@PEAGH@Z
??4WString@@QEAAAEAV0@AEBV0@@Z
?_ThrowMemoryException_@@YAXXZ
??0CWStringArray@@QEAA@HH@Z
?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z
?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z
??1CHaltable@@UEAA@XZ
?BreakOnDbgAndRenterLoop@@YAKXZ
?Enter@CWbemCriticalSection@@QEAAHK@Z
?Leave@CWbemCriticalSection@@QEAAXXZ
??0CFlexQueue@@QEAA@H@Z
??0CFlexArray@@QEAA@HH@Z
??ACFlexArray@@QEBAPEAXH@Z
?InsertAt@CFlexArray@@QEAAHHPEAX@Z
?Compress@CFlexArray@@QEAAXXZ
?WbemMemReAlloc@CWin32DefaultArena@@SAPEAXPEAX_K@Z
ole32
CoTaskMemFree
StringFromCLSID
CoCreateInstance
oleaut32
VariantInit
VariantClear
SysAllocString
SysFreeString
advapi32
RegOpenKeyW
RegDeleteKeyW
RegCloseKey
RegSetValueExW
RegCreateKeyW
kernel32
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
QueryPerformanceFrequency
Sleep
InitializeCriticalSectionAndSpinCount
lstrcmpW
GetModuleFileNameW
DisableThreadLibraryCalls
QueryPerformanceCounter
VirtualProtect
LocalFree
OutputDebugStringA
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
LCMapStringW
Exports
Exports
??0CArena@@QEAA@AEBV0@@Z
??0CArena@@QEAA@XZ
??0CCheckedInCritSec@@QEAA@PEAVCCritSec@@@Z
??0CCritSec@@QEAA@XZ
??0CEnterWbemCriticalSection@@QEAA@PEAVCWbemCriticalSection@@K@Z
??0CHaltable@@QEAA@AEBV0@@Z
??0CInCritSec@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
??0CWin32DefaultArena@@QEAA@AEBV0@@Z
??0CWin32DefaultArena@@QEAA@XZ
??0WString@@QEAA@AEBV0@@Z
??1CCheckedInCritSec@@QEAA@XZ
??1CCritSec@@QEAA@XZ
??1CEnterWbemCriticalSection@@QEAA@XZ
??1CInCritSec@@QEAA@XZ
??1CWin32DefaultArena@@QEAA@XZ
??1WString@@QEAA@XZ
??4CArena@@QEAAAEAV0@AEBV0@@Z
??4CCheckedInCritSec@@QEAAAEAV0@AEBV0@@Z
??4CCritSec@@QEAAAEAV0@AEBV0@@Z
??4CEnterWbemCriticalSection@@QEAAAEAV0@AEBV0@@Z
??4CFlexQueue@@QEAAAEAV0@AEBV0@@Z
??4CHaltable@@QEAAAEAV0@AEBV0@@Z
??4CInCritSec@@QEAAAEAV0@AEBV0@@Z
??4CSmallArrayBlob@@QEAAAEAV0@AEBV0@@Z
??4CWbemCriticalSection@@QEAAAEAV0@AEBV0@@Z
??4CWin32DefaultArena@@QEAAAEAV0@AEBV0@@Z
??ACSmallArrayBlob@@QEBAPEAXH@Z
??ACWStringArray@@QEBAPEAGH@Z
??BWString@@QEAAPEAGXZ
??BWString@@QEBAPEBGXZ
??MWString@@QEBAHPEBG@Z
??NWString@@QEBAHPEBG@Z
??OWString@@QEBAHPEBG@Z
??PWString@@QEBAHPEBG@Z
??_7CArena@@6B@
??_7CHaltable@@6B@
??_7CWin32DefaultArena@@6B@
??_FCFlexArray@@QEAAXXZ
??_FCFlexQueue@@QEAAXXZ
??_FCWStringArray@@QEAAXXZ
?Add@CFlexArray@@QEAAHPEAX@Z
?Alloc@CWin32DefaultArena@@UEAAPEAX_K@Z
?BindPtr@WString@@QEAAXPEAG@Z
?Compress@CWStringArray@@QEAAXXZ
?DecrementIndex@CFlexQueue@@IEAAXAEAH@Z
?Enter@CCheckedInCritSec@@QEAAXXZ
?Enter@CCritSec@@QEAAXXZ
?Equal@WString@@QEBAHPEBG@Z
?EqualNoCase@WString@@QEBAHPEBG@Z
?Free@CWin32DefaultArena@@UEAAHPEAX@Z
?GetArrayPtr@CFlexArray@@QEAAPEAPEAXXZ
?GetArrayPtr@CFlexArray@@QEBAPEBQEAXXZ
?GetArrayPtr@CSmallArrayBlob@@QEAAPEAPEAXXZ
?GetArrayPtr@CSmallArrayBlob@@QEBAPEBQEAXXZ
?GetArrayPtr@CWStringArray@@QEAAPEAPEBGXZ
?GetAt@CSmallArrayBlob@@QEBAPEAXH@Z
?GetAt@CWStringArray@@QEBAPEAGH@Z
?GetLockCount@CWbemCriticalSection@@QEAAJXZ
?GetOwningThreadId@CWbemCriticalSection@@QEAAKXZ
?GetQueueSize@CFlexQueue@@QEBAHXZ
?GetRecursionCount@CWbemCriticalSection@@QEAAJXZ
?GetStringPointerByRef@WString@@QEBAAEBQEBGXZ
?IncrementIndex@CFlexQueue@@IEAAXAEAH@Z
?IsEntered@CCheckedInCritSec@@QEAAHXZ
?IsEntered@CEnterWbemCriticalSection@@QEAAHXZ
?Leave@CCheckedInCritSec@@QEAAXXZ
?Leave@CCritSec@@QEAAXXZ
?Length@WString@@QEBAHXZ
?Realloc@CWin32DefaultArena@@UEAAPEAXPEAX_K@Z
?SetSize@CFlexArray@@QEAAXH@Z
?Size@CFlexArray@@QEBAHXZ
?Size@CSmallArrayBlob@@QEBAHXZ
?Size@CWStringArray@@QEBAHXZ
?Unqueue@CFlexQueue@@QEAAPEAXXZ
?WbemSysFreeString@CWin32DefaultArena@@SAXPEAG@Z
?isValid@CHaltable@@QEAA_NXZ
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 83KB - Virtual size: 82KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 984B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 624B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x64/WMIPICMP.dll.dll regsvr32 windows:6 windows x64 arch:x64
edf7803c6991044c83cd4f0cf09f5a75
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
WMIPICMP.pdb
Imports
msvcrt
wcstombs
free
malloc
_XcptFilter
_initterm
_amsg_exit
__C_specific_handler
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
__dllonexit
_lock
_onexit
??1type_info@@UEAA@XZ
memcpy
__CxxFrameHandler3
_CxxThrowException
towupper
__RTtypeid
??8type_info@@QEBAHAEBV0@@Z
_unlock
_purecall
mbstowcs
_wcsicmp
towlower
wcschr
memmove
iswspace
_vsnprintf
atol
sscanf
?terminate@@YAXXZ
memset
ntdll
RtlIpv4AddressToStringW
RtlIpv6AddressToStringW
RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry
advapi32
RegDeleteKeyW
RegOpenKeyW
RegSetValueExW
RegCloseKey
SetThreadToken
RegCreateKeyW
OpenThreadToken
icmp
IcmpCreateFile
IcmpSendEcho2
IcmpParseReplies
IcmpCloseHandle
kernel32
TerminateProcess
GetSystemTimeAsFileTime
GetVersionExW
GetTickCount
QueryPerformanceCounter
LocalFree
UnhandledExceptionFilter
CreateEventW
HeapCreate
DebugBreak
GetModuleFileNameW
LCMapStringW
SetUnhandledExceptionFilter
lstrlenW
SetLastError
GetCurrentProcessId
HeapDestroy
GetProcessHeap
HeapFree
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DisableThreadLibraryCalls
DeleteCriticalSection
GetCurrentProcess
WaitForSingleObject
SetEvent
Sleep
GetLastError
WaitForMultipleObjects
DuplicateHandle
CloseHandle
CreateThread
lstrlenA
GetCurrentThread
GetCurrentThreadId
HeapReAlloc
HeapAlloc
MultiByteToWideChar
oleaut32
VariantClear
SafeArrayAccessData
SafeArrayDestroy
SafeArrayCreate
VariantInit
SafeArrayUnaccessData
VariantCopy
VariantChangeType
SysFreeString
SysAllocString
ole32
CoRevertToSelf
CoInitializeEx
CoUninitialize
CoGetCallContext
StringFromGUID2
user32
MsgWaitForMultipleObjectsEx
PeekMessageW
TranslateMessage
GetMessageW
LoadStringW
MsgWaitForMultipleObjects
DispatchMessageW
wsock32
WSAStartup
closesocket
WSAGetLastError
socket
WSACleanup
ws2_32
WSAIoctl
getaddrinfo
freeaddrinfo
iphlpapi
Icmp6CreateFile
Icmp6ParseReplies
Icmp6SendEcho2
provthrd
?Copy@WmiSignedIntegerNode@@UEAAPEAVWmiTreeNode@@XZ
??0WmiSignedIntegerNode@@QEAA@PEAGJKPEAVWmiTreeNode@@@Z
??1WmiSignedIntegerNode@@UEAA@XZ
??0WmiUnsignedIntegerNode@@QEAA@PEAGKKPEAVWmiTreeNode@@@Z
??1WmiUnsignedIntegerNode@@UEAA@XZ
??0WmiNullNode@@QEAA@PEAGKPEAVWmiTreeNode@@@Z
??1WmiNullNode@@UEAA@XZ
??0WmiUnsignedIntegerRangeNode@@QEAA@PEAGKHHHHKKPEAVWmiTreeNode@@1@Z
??1WmiUnsignedIntegerRangeNode@@UEAA@XZ
??0WmiSignedIntegerRangeNode@@QEAA@PEAGKHHHHJJPEAVWmiTreeNode@@1@Z
?Copy@WmiNullNode@@UEAAPEAVWmiTreeNode@@XZ
?Print@WmiNullNode@@UEAAXXZ
?Copy@WmiSignedIntegerRangeNode@@UEAAPEAVWmiTreeNode@@XZ
?Print@WmiSignedIntegerRangeNode@@UEAAXXZ
?Copy@WmiUnsignedIntegerNode@@UEAAPEAVWmiTreeNode@@XZ
?Print@WmiUnsignedIntegerNode@@UEAAXXZ
?Copy@WmiUnsignedIntegerRangeNode@@UEAAPEAVWmiTreeNode@@XZ
?Print@WmiUnsignedIntegerRangeNode@@UEAAXXZ
??0WmiStringNode@@QEAA@PEAG0W4WmiValueFunction@WmiValueNode@@1KPEAVWmiTreeNode@@@Z
??1WmiStringNode@@UEAA@XZ
?Copy@WmiStringNode@@UEAAPEAVWmiTreeNode@@XZ
?Print@WmiStringNode@@UEAAXXZ
??1WmiSignedIntegerRangeNode@@UEAA@XZ
??0WmiStringRangeNode@@QEAA@PEAGKHHHH00PEAVWmiTreeNode@@1@Z
??1WmiStringRangeNode@@UEAA@XZ
?Query@QueryPreprocessor@@QEAA?AW4QuadState@1@PEAGAEAPEAUSQL_LEVEL_1_RPN_EXPRESSION@@@Z
?PreProcess@QueryPreprocessor@@QEAA?AW4QuadState@1@PEAXPEAUSQL_LEVEL_1_RPN_EXPRESSION@@AEAPEAVWmiTreeNode@@@Z
?PreProcess@QueryPreprocessor@@QEAA?AW4QuadState@1@PEAXPEAUSQL_LEVEL_1_RPN_EXPRESSION@@PEAVWmiTreeNode@@KPEAPEAGAEAPEAVPartitionSet@@@Z
??1QueryPreprocessor@@UEAA@XZ
??0QueryPreprocessor@@QEAA@XZ
?Print@WmiSignedIntegerNode@@UEAAXXZ
?CopyNode@WmiTreeNode@@UEAAPEAV1@XZ
?Print@WmiStringRangeNode@@UEAAXXZ
?Copy@WmiStringRangeNode@@UEAAPEAVWmiTreeNode@@XZ
wbemcomn
?GetFQDN_Ipv4@@YAPEAUhostent@@PEAG@Z
?GetQFDN_Ipv6@@YAKPEAG0HH@Z
?_ThrowMemoryException_@@YAXXZ
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 96KB - Virtual size: 96KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 810B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x64/WMIPIPRT.dll.dll regsvr32 windows:6 windows x64 arch:x64
e556dd0d8f5d3e6653b0ac93ebb47d7a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
WMIPIPRT.pdb
Imports
msvcrt
?terminate@@YAXXZ
isdigit
??8type_info@@QEBAHAEBV0@@Z
__RTtypeid
_wtol
_ultow
free
malloc
_XcptFilter
_initterm
_amsg_exit
__C_specific_handler
??1type_info@@UEAA@XZ
_unlock
__dllonexit
_onexit
memset
_CxxThrowException
__CxxFrameHandler3
_wcsicmp
_lock
memcpy
ntdll
RtlIpv4AddressToStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtWaitForSingleObject
NtSetEvent
NtCreateEvent
NtClose
RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
RtlIpv6AddressToStringW
framedynos
?ExecQuery@Provider@@MEAAJPEAVMethodContext@@AEAVCFrameworkQuery@@J@Z
??H@YA?AVCHString@@AEBV0@G@Z
?ValidatePutInstanceFlags@Provider@@MEAAJJ@Z
?ValidateDeletionFlags@Provider@@MEAAJJ@Z
?ValidateQueryFlags@Provider@@MEAAJJ@Z
?ValidateMethodFlags@Provider@@MEAAJJ@Z
?ValidateGetObjFlags@Provider@@MEAAJJ@Z
?ValidateEnumerationFlags@Provider@@MEAAJJ@Z
?Flush@Provider@@MEAAXXZ
?GetObject@Provider@@MEAAJPEAVCInstance@@JAEAVCFrameworkQuery@@@Z
?OnFinalRelease@CThreadBase@@MEAAXXZ
?AddRef@CInstance@@QEAAJXZ
?GetInstanceByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@@Z
??H@YA?AVCHString@@PEBGAEBV0@@Z
??H@YA?AVCHString@@AEBV0@PEBG@Z
?GetLocalInstancePath@Provider@@IEAA_NPEBVCInstance@@AEAVCHString@@@Z
??H@YA?AVCHString@@AEBV0@0@Z
?s_strComputerName@Provider@@0VCHString@@A
??0CHString@@QEAA@AEBV0@@Z
?GetClassObjectInterface@CInstance@@QEAAPEAUIWbemClassObject@@XZ
?MakeLower@CHString@@QEAAXXZ
?MakeUpper@CHString@@QEAAXXZ
?Compare@CHString@@QEBAHPEBG@Z
?GetStatus@CInstance@@QEBA_NPEBGAEA_NAEAG@Z
?GetBuffer@CHString@@QEAAPEAGH@Z
?GetQuery@CFrameworkQuery@@QEAAAEBVCHString@@XZ
??4CHString@@QEAAAEBV0@AEBV0@@Z
?GetDWORD@CInstance@@QEBA_NPEBGAEAK@Z
?IsEmpty@CHString@@QEBAHXZ
?GetCHString@CInstance@@QEBA_NPEBGAEAVCHString@@@Z
?Commit@Provider@@IEAAJPEAVCInstance@@_N@Z
?SetCHString@CInstance@@QEAA_NPEBGPEBD@Z
?SetDWORD@CInstance@@QEAA_NPEBGK@Z
??4CHString@@QEAAAEBV0@PEBG@Z
??0CHString@@QEAA@XZ
?SetCHString@CInstance@@QEAA_NPEBGAEBVCHString@@@Z
?CreateNewInstance@Provider@@IEAAPEAVCInstance@@PEAVMethodContext@@@Z
??1CHString@@QEAA@XZ
??0CHString@@QEAA@PEBG@Z
?Release@CInstance@@QEAAJXZ
??1Provider@@UEAA@XZ
??0Provider@@QEAA@PEBG0@Z
?LocalLogMessage@ProviderLog@@QEAAXPEBG0HW4LogLevel@1@@Z
?captainsLog@@3VProviderLog@@A
?LocalLogMessage@ProviderLog@@QEAAXPEBGHW4LogLevel@1@0ZZ
??0CThreadBase@@QEAA@W4THREAD_SAFETY_MECHANISM@0@@Z
??1CThreadBase@@UEAA@XZ
??0CHPtrArray@@QEAA@XZ
??1CHPtrArray@@QEAA@XZ
?Add@CHPtrArray@@QEAAHPEAX@Z
??ACHPtrArray@@QEAAAEAPEAXH@Z
?RemoveAll@CHPtrArray@@QEAAXXZ
?GetMethodContext@CInstance@@QEBAPEAVMethodContext@@XZ
?GetValuesForProp@CFrameworkQuery@@QEAAJPEBGAEAVCHStringArray@@@Z
?GetObject@Provider@@MEAAJPEAVCInstance@@J@Z
?ExecMethod@Provider@@MEAAJAEBVCInstance@@QEAGPEAV2@2J@Z
?DeleteInstance@Provider@@MEAAJAEBVCInstance@@J@Z
?Commit@CInstance@@QEAAJXZ
?PutInstance@Provider@@MEAAJAEBVCInstance@@J@Z
?GetAt@CHPtrArray@@QEBAPEAXH@Z
?GetSize@CHPtrArray@@QEBAHXZ
?Right@CHString@@QEBA?AV1@H@Z
??YCHString@@QEAAAEBV0@G@Z
?Left@CHString@@QEBA?AV1@H@Z
?FindOneOf@CHString@@QEBAHPEBG@Z
?Empty@CHString@@QEAAXXZ
?RemoveAt@CHStringArray@@QEAAXHH@Z
?IsDerivedFrom@CWbemProviderGlue@@SA_NPEBG0PEAVMethodContext@@0@Z
?GetInstanceKeysByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@@Z
?RemoveAll@CHStringArray@@QEAAXXZ
?Free@CObjectPathParser@@QEAAXPEAUParsedObjectPath@@@Z
?Parse@CObjectPathParser@@QEAAHPEBGPEAPEAUParsedObjectPath@@@Z
??1CObjectPathParser@@QEAA@XZ
??0CObjectPathParser@@QEAA@W4ObjectParserFlags@@@Z
?GetInstancePropertiesByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@AEAVCHStringArray@@@Z
?Create@CWbemGlueFactory@@SAPEAV1@PEAJ@Z
?Destroy@CWbemGlueFactory@@QEAAXXZ
?FrameworkLogoffDLL@CWbemProviderGlue@@SAHPEBGPEAJ@Z
?FrameworkLoginDLL@CWbemProviderGlue@@SAHPEBGPEAJ@Z
?initFailed@Provider@@SAHXZ
?GetVariant@CInstance@@QEBA_NPEBGAEAUtagVARIANT@@@Z
?Format@CHString@@QEAAXPEBGZZ
??ACHStringArray@@QEBA?AVCHString@@H@Z
??YCHString@@QEAAAEBV0@AEBV0@@Z
?SetAt@CHString@@QEAAXHG@Z
?GetLength@CHString@@QEBAHXZ
?GetInstancesByQueryAsynch@CWbemProviderGlue@@SAJPEBGPEAVProvider@@P6AJ1PEAVCInstance@@PEAVMethodContext@@PEAX@Z034@Z
?GetInstancesByQuery@CWbemProviderGlue@@SAJPEBGPEAV?$TRefPointerCollection@VCInstance@@@@PEAVMethodContext@@0@Z
??0CHStringArray@@QEAA@XZ
??1CHStringArray@@QEAA@XZ
?Add@CHStringArray@@QEAAHPEBG@Z
provthrd
??0WmiSignedIntegerNode@@QEAA@PEAGJKPEAVWmiTreeNode@@@Z
??1WmiSignedIntegerNode@@UEAA@XZ
??0WmiUnsignedIntegerNode@@QEAA@PEAGKKPEAVWmiTreeNode@@@Z
??1WmiUnsignedIntegerNode@@UEAA@XZ
??0WmiNullNode@@QEAA@PEAGKPEAVWmiTreeNode@@@Z
??1WmiNullNode@@UEAA@XZ
??0WmiUnsignedIntegerRangeNode@@QEAA@PEAGKHHHHKKPEAVWmiTreeNode@@1@Z
??0QueryPreprocessor@@QEAA@XZ
??1QueryPreprocessor@@UEAA@XZ
?Query@QueryPreprocessor@@QEAA?AW4QuadState@1@PEAGAEAPEAUSQL_LEVEL_1_RPN_EXPRESSION@@@Z
?PreProcess@QueryPreprocessor@@QEAA?AW4QuadState@1@PEAXPEAUSQL_LEVEL_1_RPN_EXPRESSION@@AEAPEAVWmiTreeNode@@@Z
?PreProcess@QueryPreprocessor@@QEAA?AW4QuadState@1@PEAXPEAUSQL_LEVEL_1_RPN_EXPRESSION@@PEAVWmiTreeNode@@KPEAPEAGAEAPEAVPartitionSet@@@Z
??0WmiStringNode@@QEAA@PEAG0W4WmiValueFunction@WmiValueNode@@1KPEAVWmiTreeNode@@@Z
??1WmiStringNode@@UEAA@XZ
?Copy@WmiSignedIntegerNode@@UEAAPEAVWmiTreeNode@@XZ
?CopyNode@WmiTreeNode@@UEAAPEAV1@XZ
?Print@WmiSignedIntegerNode@@UEAAXXZ
?Copy@WmiUnsignedIntegerNode@@UEAAPEAVWmiTreeNode@@XZ
?Print@WmiUnsignedIntegerNode@@UEAAXXZ
?Copy@WmiStringNode@@UEAAPEAVWmiTreeNode@@XZ
?Print@WmiStringNode@@UEAAXXZ
?Copy@WmiNullNode@@UEAAPEAVWmiTreeNode@@XZ
?Print@WmiNullNode@@UEAAXXZ
?Copy@WmiUnsignedIntegerRangeNode@@UEAAPEAVWmiTreeNode@@XZ
?Print@WmiUnsignedIntegerRangeNode@@UEAAXXZ
?Copy@WmiSignedIntegerRangeNode@@UEAAPEAVWmiTreeNode@@XZ
?Print@WmiSignedIntegerRangeNode@@UEAAXXZ
?Copy@WmiStringRangeNode@@UEAAPEAVWmiTreeNode@@XZ
?Print@WmiStringRangeNode@@UEAAXXZ
??1WmiStringRangeNode@@UEAA@XZ
??0WmiStringRangeNode@@QEAA@PEAGKHHHH00PEAVWmiTreeNode@@1@Z
??1WmiSignedIntegerRangeNode@@UEAA@XZ
??0WmiSignedIntegerRangeNode@@QEAA@PEAGKHHHHJJPEAVWmiTreeNode@@1@Z
??1WmiUnsignedIntegerRangeNode@@UEAA@XZ
advapi32
RegOpenKeyW
RegCloseKey
RegSetValueExW
RegCreateKeyW
RegDeleteKeyW
iphlpapi
FreeMibTable
ConvertLengthToIpv4Mask
GetAdaptersAddresses
SetIpForwardEntry2
CreateIpForwardEntry2
ConvertIpv4MaskToLength
DeleteIpForwardEntry2
GetIpForwardTable2
GetBestInterfaceEx
NotifyRouteChange2
CancelMibChangeNotify2
ConvertInterfaceIndexToLuid
kernel32
SetUnhandledExceptionFilter
DisableThreadLibraryCalls
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
Sleep
LocalFree
lstrlenW
CreateThread
CloseHandle
HeapAlloc
GetProcessHeap
HeapFree
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetVersionExW
GetModuleFileNameW
UnhandledExceptionFilter
oleaut32
VariantCopy
VariantChangeType
VariantClear
VariantInit
SysAllocString
SysFreeString
ole32
StringFromGUID2
nsi
NsiAllocateAndGetTable
NsiFreeTable
NsiSetAllParameters
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 76KB - Virtual size: 76KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 680B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x64/WMIPJOBJ.dll.dll regsvr32 windows:6 windows x64 arch:x64
85fc00b5fd3ed2151f6461d0b58cb07b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
WMIPJOBJ.pdb
Imports
msvcrt
_vsnwprintf
??1type_info@@UEAA@XZ
__C_specific_handler
_amsg_exit
_initterm
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
malloc
free
_i64tow
_ui64tow
_ultow
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
memcpy_s
??0exception@@QEAA@AEBV0@@Z
iswupper
towupper
_wcslwr
wcsrchr
_wcsicmp
wcschr
memset
ntdll
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
framedynos
?Free@CObjectPathParser@@QEAAXPEAUParsedObjectPath@@@Z
?Parse@CObjectPathParser@@QEAAHPEBGPEAPEAUParsedObjectPath@@@Z
??1CObjectPathParser@@QEAA@XZ
??0CObjectPathParser@@QEAA@W4ObjectParserFlags@@@Z
??4CHString@@QEAAAEBV0@AEBV0@@Z
?GetValuesForProp@CFrameworkQuery@@QEAAJPEBGAEAV?$vector@V_bstr_t@@V?$allocator@V_bstr_t@@@std@@@std@@@Z
?Init@CFrameworkQuery@@QEAAJQEAG0JAEAVCHString@@@Z
??1CFrameworkQuery@@QEAA@XZ
??0CFrameworkQueryEx@@QEAA@XZ
?Add@CHStringArray@@QEAAHPEBG@Z
??1CHStringArray@@QEAA@XZ
??0CHStringArray@@QEAA@XZ
?IsPropertyRequired@CFrameworkQuery@@QEAA_NPEBG@Z
??4CHString@@QEAAAEBV0@PEBG@Z
?MakeLower@CHString@@QEAAXXZ
?ReleaseBuffer@CHString@@QEAAXH@Z
?GetBuffer@CHString@@QEAAPEAGH@Z
??1CHString@@QEAA@XZ
??0CHString@@QEAA@XZ
?Init@CFrameworkQuery@@QEAAJPEAUParsedObjectPath@@PEAUIWbemContext@@PEBGAEAVCHString@@@Z
??0CFrameworkQuery@@QEAA@XZ
??1CFrameworkQueryEx@@QEAA@XZ
kernel32
GetModuleFileNameW
DisableThreadLibraryCalls
TerminateThread
WaitForSingleObject
OpenJobObjectW
QueryInformationJobObject
GetLastError
GetCurrentThread
FreeLibrary
GetProcAddress
LoadLibraryW
GetVersionExW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
OutputDebugStringA
Sleep
LocalFree
CloseHandle
advapi32
GetSidSubAuthorityCount
GetSidSubAuthority
OpenThreadToken
GetTokenInformation
IsValidSid
LookupAccountSidW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
GetSidIdentifierAuthority
ole32
CoTaskMemFree
StringFromCLSID
CoGetCallContext
oleaut32
SafeArrayPutElement
SafeArrayCreate
VariantCopy
SysFreeString
VariantInit
VariantClear
SysAllocString
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 92KB - Virtual size: 91KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 896B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x64/WMIPSESS.dll.dll regsvr32 windows:6 windows x64 arch:x64
e8d1674831a7ef50d8e85616421f87c8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
WMIPSESS.pdb
Imports
msvcrt
_wcsicmp
??1type_info@@UEAA@XZ
_onexit
_lock
__dllonexit
_unlock
__C_specific_handler
_amsg_exit
_initterm
_XcptFilter
malloc
free
_purecall
__CxxFrameHandler3
_CxxThrowException
netapi32
NetShareEnum
NetConnectionEnum
NetSessionEnum
NetSessionDel
NetApiBufferFree
oleaut32
VariantInit
VariantChangeType
VariantClear
SysAllocString
kernel32
GetModuleFileNameW
DisableThreadLibraryCalls
GetVersionExW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
Sleep
LocalFree
lstrlenW
framedynos
??H@YA?AVCHString@@AEBV0@0@Z
??H@YA?AVCHString@@AEBV0@G@Z
??H@YA?AVCHString@@PEBGAEBV0@@Z
?GetInstanceKeysByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@@Z
?LocalLogMessage@ProviderLog@@QEAAXPEBGHW4LogLevel@1@0ZZ
?captainsLog@@3VProviderLog@@A
?LocalLogMessage@ProviderLog@@QEAAXPEBG0HW4LogLevel@1@@Z
??0CHString@@QEAA@PEBD@Z
??1CHString@@QEAA@XZ
??YCHString@@QEAAAEBV0@PEBG@Z
??YCHString@@QEAAAEBV0@AEBV0@@Z
?Add@CHStringArray@@QEAAHPEBG@Z
??0CHString@@QEAA@XZ
??4CHString@@QEAAAEBV0@PEBG@Z
?GetBuffer@CHString@@QEAAPEAGH@Z
?GetLength@CHString@@QEBAHXZ
?GetDWORD@CInstance@@QEBA_NPEBGAEAK@Z
??1CHStringArray@@QEAA@XZ
?GetAt@CHStringArray@@QEBA?AVCHString@@H@Z
??0CObjectPathParser@@QEAA@W4ObjectParserFlags@@@Z
??1CObjectPathParser@@QEAA@XZ
?Parse@CObjectPathParser@@QEAAHPEBGPEAPEAUParsedObjectPath@@@Z
??1ParsedObjectPath@@QEAA@XZ
??0ParsedObjectPath@@QEAA@XZ
?SetClassName@ParsedObjectPath@@QEAAHPEBG@Z
?AddKeyRef@ParsedObjectPath@@QEAAHPEBGPEBUtagVARIANT@@@Z
?Unparse@CObjectPathParser@@SAHPEAUParsedObjectPath@@PEAPEAG@Z
??0Provider@@QEAA@PEBG0@Z
??1Provider@@UEAA@XZ
?GetCHString@CInstance@@QEBA_NPEBGAEAVCHString@@@Z
?GetValuesForProp@CFrameworkQuery@@QEAAJPEBGAEAVCHStringArray@@@Z
?CreateNewInstance@Provider@@IEAAPEAVCInstance@@PEAVMethodContext@@@Z
?Commit@CInstance@@QEAAJXZ
?Format@CHString@@QEAAXPEBGZZ
?SetCHString@CInstance@@QEAA_NPEBGAEBVCHString@@@Z
?SetWORD@CInstance@@QEAA_NPEBGG@Z
?SetDWORD@CInstance@@QEAA_NPEBGK@Z
?GetLocalInstancePath@Provider@@IEAA_NPEBVCInstance@@AEAVCHString@@@Z
?Release@CInstance@@QEAAJXZ
?AddRef@CInstance@@QEAAJXZ
?OnFinalRelease@CThreadBase@@MEAAXXZ
?PutInstance@Provider@@MEAAJAEBVCInstance@@J@Z
?ExecMethod@Provider@@MEAAJAEBVCInstance@@QEAGPEAV2@2J@Z
?GetObject@Provider@@MEAAJPEAVCInstance@@J@Z
?Flush@Provider@@MEAAXXZ
?ValidateEnumerationFlags@Provider@@MEAAJJ@Z
?ValidateGetObjFlags@Provider@@MEAAJJ@Z
?ValidateMethodFlags@Provider@@MEAAJJ@Z
?ValidateQueryFlags@Provider@@MEAAJJ@Z
?ValidateDeletionFlags@Provider@@MEAAJJ@Z
?ValidatePutInstanceFlags@Provider@@MEAAJJ@Z
?SetCharSplat@CInstance@@QEAA_NPEBG0@Z
??4CHString@@QEAAAEBV0@AEBV0@@Z
?Mid@CHString@@QEBA?AV1@HH@Z
?Right@CHString@@QEBA?AV1@H@Z
?DeleteInstance@Provider@@MEAAJAEBVCInstance@@J@Z
??0CHString@@QEAA@PEBG@Z
?SetCHString@CInstance@@QEAA_NPEBG0@Z
?ExecQuery@Provider@@MEAAJPEAVMethodContext@@AEAVCFrameworkQuery@@J@Z
?IsDerivedFrom@CWbemProviderGlue@@SA_NPEBG0PEAVMethodContext@@0@Z
??0CThreadBase@@QEAA@W4THREAD_SAFETY_MECHANISM@0@@Z
??1CThreadBase@@UEAA@XZ
??0CHPtrArray@@QEAA@XZ
??1CHPtrArray@@QEAA@XZ
?BeginWrite@CThreadBase@@QEAAHK@Z
?Add@CHPtrArray@@QEAAHPEAX@Z
?GetMethodContext@CInstance@@QEBAPEAVMethodContext@@XZ
?RemoveAll@CHPtrArray@@QEAAXXZ
?EndWrite@CThreadBase@@QEAAXXZ
??0CHStringArray@@QEAA@XZ
?IsPropertyRequired@CFrameworkQuery@@QEAA_NPEBG@Z
?Create@CWbemGlueFactory@@SAPEAV1@PEAJ@Z
?Destroy@CWbemGlueFactory@@QEAAXXZ
?FrameworkLogoffDLL@CWbemProviderGlue@@SAHPEBGPEAJ@Z
?FrameworkLoginDLL@CWbemProviderGlue@@SAHPEBGPEAJ@Z
?initFailed@Provider@@SAHXZ
?GetVariant@CInstance@@QEBA_NPEBGAEAUtagVARIANT@@@Z
??ACHStringArray@@QEBA?AVCHString@@H@Z
?SetAt@CHString@@QEAAXHG@Z
?GetInstancesByQueryAsynch@CWbemProviderGlue@@SAJPEBGPEAVProvider@@P6AJ1PEAVCInstance@@PEAVMethodContext@@PEAX@Z034@Z
?GetInstancesByQuery@CWbemProviderGlue@@SAJPEBGPEAV?$TRefPointerCollection@VCInstance@@@@PEAVMethodContext@@0@Z
?GetInstancePropertiesByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@AEAVCHStringArray@@@Z
?Free@CObjectPathParser@@QEAAXPEAUParsedObjectPath@@@Z
?RemoveAll@CHStringArray@@QEAAXXZ
?RemoveAt@CHStringArray@@QEAAXHH@Z
?Empty@CHString@@QEAAXXZ
?FindOneOf@CHString@@QEBAHPEBG@Z
?Left@CHString@@QEBA?AV1@H@Z
??YCHString@@QEAAAEBV0@G@Z
?BeginRead@CThreadBase@@QEAAHK@Z
?GetSize@CHPtrArray@@QEBAHXZ
?GetAt@CHPtrArray@@QEBAPEAXH@Z
?EndRead@CThreadBase@@QEAAXXZ
??ACHPtrArray@@QEAAAEAPEAXH@Z
advapi32
RegSetValueExW
RegOpenKeyW
RegCreateKeyW
RegDeleteKeyW
RegCloseKey
ole32
StringFromGUID2
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 51KB - Virtual size: 51KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 460B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x64/WMI_Tracing.mof
-
tools/wmic/x64/WMIsvc.dll.dll regsvr32 windows:6 windows x64 arch:x64
3bd29e70fb7e3f5dc94d24e8aa6b8597
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
WMIsvc.pdb
Imports
msvcrt
_wtoi64
_CxxThrowException
__CxxFrameHandler3
??0exception@@QEAA@XZ
wcschr
_wtol
wcstok
memcpy_s
?what@exception@@UEBAPEBDXZ
wcsrchr
_wtoi
_wcsicmp
memmove_s
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
_purecall
memcpy
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__C_specific_handler
_amsg_exit
free
_initterm
malloc
_XcptFilter
atoi
_ui64tow
_vsnwprintf
??0exception@@QEAA@AEBQEBD@Z
memset
wbemcomn
?SetPersistentCfgValue@CPersistentConfig@@QEAAHKK@Z
?GetBinary@Registry@@QEAAHPEBGPEAPEAEPEAK@Z
??0CNtSid@@QEAA@PEAX@Z
??1CNtSid@@QEAA@XZ
??1CNtAcl@@QEAA@XZ
??0CNtAce@@QEAA@KKKAEAVCNtSid@@@Z
?AddAce@CNtAcl@@QEAAHPEAVCNtAce@@@Z
??0CNtSecurityDescriptor@@QEAA@XZ
??1CNtSecurityDescriptor@@QEAA@XZ
?SetDacl@CNtSecurityDescriptor@@QEAAHPEAVCNtAcl@@@Z
?SetOwner@CNtSecurityDescriptor@@QEAAHPEAVCNtSid@@@Z
?SetGroup@CNtSecurityDescriptor@@QEAAHPEAVCNtSid@@@Z
?SetBinary@Registry@@QEAAHPEBGPEAEK@Z
?GetSize@CNtSecurityDescriptor@@QEAAKXZ
?Enter@CStaticCritSec@@QEAAXXZ
?Leave@CStaticCritSec@@QEAAXXZ
?GetWMIADAPCmdLine@@YAPEAGH@Z
?EnableAllPrivileges@@YAJK@Z
??0CInsertionString@@QEAA@J@Z
??1CStaticCritSec@@QEAA@XZ
??0CStaticCritSec@@QEAA@XZ
?IsPrivilegePresent@@YA_NPEAXJ@Z
?TestDirExistAndCreateWithSDIfNotThere@@YAJPEAG0@Z
?SetMultiStr@Registry@@QEAAHPEBGPEAGK@Z
?GetMultiStr@Registry@@QEAAPEAGPEBGAEAK@Z
?SetDWORD@Registry@@QEAAHPEBGK@Z
??0Registry@@QEAA@PEAUHKEY__@@KKPEBG@Z
?GetDWORD@Registry@@QEAAHPEBGPEAK@Z
??0Registry@@QEAA@PEAUHKEY__@@KPEBG@Z
?GetDWORDStr@Registry@@QEAAHPEBGPEAK@Z
?GetPersistentCfgValue@CPersistentConfig@@QEAAHKAEAK@Z
?SetStr@Registry@@QEAAHPEBG0@Z
?GetStr@Registry@@QEAAHPEBGPEAPEAG@Z
??1Registry@@QEAA@XZ
??0Registry@@QEAA@PEBGK@Z
??0CInsertionString@@QEAA@VCHex@@@Z
?Initialize@CUnk@@UEAAHXZ
?Release@CUnk@@UEAAKXZ
?AddRef@CUnk@@UEAAKXZ
?QueryInterface@CUnk@@UEAAJAEBU_GUID@@PEAPEAX@Z
?Deserialize@C9XAce@@UEAA_NPEAE@Z
?Serialize@C9XAce@@UEAA_NPEAE_K@Z
?GetSerializedSize@C9XAce@@UEAAKXZ
?GetFullUserName2@C9XAce@@UEAAJPEAPEAG@Z
?Deserialize@CNtAce@@UEAA_NPEAE@Z
?Serialize@CNtAce@@UEAA_NPEAE_K@Z
?GetSerializedSize@CNtAce@@UEAAKXZ
?GetFullUserName2@CNtAce@@UEAAJPEAPEAG@Z
?GetFlags@CNtAce@@UEAAHXZ
?GetType@CNtAce@@UEAAHXZ
?Start@CTraceSessionControl@@SAKPEBU_GUID@@PEAVCWMITraceSettings@@@Z
?SetDefaultValues@CWMITraceSettings@@QEAAKXZ
?ReadFromRegistry@CWMITraceSettings@@QEAAKPEBG@Z
??0CWMITraceSettings@@QEAA@XZ
?HasToBeEnabled@CTraceSessionControl@@QEAA_NXZ
?Initialize@CTraceSessionControl@@QEAAKPEBG@Z
?WbemSetMachineShutdown@@YAHH@Z
??1CEventLog@@QEAA@XZ
?Close@CEventLog@@QEAAHXZ
?Report@CEventLog@@QEAAHGKVCInsertionString@@000000000@Z
?Open@CEventLog@@QEAAHXZ
?SetWMITraceSession@@YAXPEAX@Z
?GetWMITraceSession@@YAPEAXXZ
?Write@CMemoryLog@@QEAAXJ@Z
?GetMemLogObject@@YAPEAVCMemoryLog@@XZ
?SetLogingEnabled@CMemoryLog@@QEAAX_N@Z
?anyFailure@CStaticCritSec@@SAHXZ
??0CEventLog@@QEAA@PEBG0K@Z
??4CWStringArray@@QEAAAEAV0@AEAV0@@Z
??0CWStringArray@@QEAA@AEAV0@@Z
??1CWStringArray@@QEAA@XZ
??0WString@@QEAA@PEBD@Z
??0WString@@QEAA@PEBG@Z
??0WString@@QEAA@XZ
?RemainsUntil@CWbemTime@@QEBA?AVCWbemInterval@@AEBV1@@Z
?DeleteString@WString@@AEAAXPEAG@Z
??4WString@@QEAAAEAV0@AEBV0@@Z
??0CFlexQueue@@QEAA@H@Z
?SetUnknown@CVar@@QEAAXPEAUIUnknown@@@Z
?SetSafeArray@CVar@@QEAAXHPEAUtagSAFEARRAY@@@Z
?SetVariant@CVar@@QEAAHPEAUtagVARIANT@@H@Z
?SetVarVector@CVar@@QEAAXPEAVCVarVector@@H@Z
?SetBlob@CVar@@QEAAXPEAUtagBLOB@@H@Z
?DebugTrace@@YAHDPEBDZZ
?Mrci1Decompress@CBaseMrciCompression@@QEAAIPEAEI0I@Z
?ErrorTrace@@YAHDPEBDZZ
?FindStr@CWStringArray@@QEAAHPEBGH@Z
?RemoveAt@CWStringArray@@QEAAHH@Z
?Add@CWStringArray@@QEAAHPEBG@Z
?LoggingLevelEnabled@@YAHK@Z
??ACFlexArray@@QEAAAEAPEAXH@Z
?SetClsId@CVar@@QEAAXPEAU_GUID@@H@Z
?SetBSTR@CVar@@QEAAHPEAG@Z
?SetBSTR@CVar@@QEAAHVauto_bstr@@@Z
?SetLPWSTR@CVar@@QEAAHPEAGH@Z
?SetLPSTR@CVar@@QEAAHPEADH@Z
?Init@CVar@@AEAAXXZ
?AddScalar@CSafeArray@@AEAAHTSA_ArrayScalar@@@Z
?SetScalarAt@CSafeArray@@AEAAHHTSA_ArrayScalar@@@Z
?GetScalarAt@CSafeArray@@AEAA?ATSA_ArrayScalar@@H@Z
??1CUnk@@UEAA@XZ
??0CUnk@@QEAA@PEAVCLifeControl@@PEAUIUnknown@@@Z
?WMIControlCallback@@YAK_KPEAEPEAK@Z
??0CWStringArray@@QEAA@HH@Z
?Compress@CFlexArray@@QEAAXXZ
??ACFlexArray@@QEBAPEAXH@Z
??0CFlexArray@@QEAA@HH@Z
?InsertAt@CFlexArray@@QEAAHHPEAX@Z
?Leave@CWbemCriticalSection@@QEAAXXZ
?Enter@CWbemCriticalSection@@QEAAHK@Z
??1CHaltable@@UEAA@XZ
?BreakOnDbgAndRenterLoop@@YAKXZ
?_ThrowMemoryException_@@YAXXZ
??0CNtAcl@@QEAA@K@Z
??1C9XAce@@UEAA@XZ
??1CNtAce@@UEAA@XZ
?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z
?WbemMemReAlloc@CWin32DefaultArena@@SAPEAXPEAX_K@Z
?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z
?GetAccessMask@CNtAce@@UEAAKXZ
ntdll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureStackBackTrace
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
api-ms-win-core-console-l1-1-0
SetConsoleCtrlHandler
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetErrorMode
api-ms-win-core-file-l1-1-0
WriteFile
GetFullPathNameW
FindFirstFileW
CreateFileW
SetFileAttributesW
DeleteFileW
FindNextFileW
FindFirstChangeNotificationW
FindClose
FindNextChangeNotification
GetFileAttributesW
CreateDirectoryW
RemoveDirectoryW
GetFileType
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-libraryloader-l1-1-0
DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleExW
LoadLibraryExW
LoadStringW
LoadLibraryExA
GetProcAddress
api-ms-win-core-localization-l1-1-0
LCMapStringW
api-ms-win-core-localregistry-l1-1-0
RegQueryValueExW
RegDeleteKeyExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
api-ms-win-core-misc-l1-1-0
Sleep
LocalFree
lstrlenW
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
api-ms-win-core-processthreads-l1-1-0
SetProcessShutdownParameters
GetCurrentThreadId
GetThreadPriority
GetCurrentThread
SetThreadPriority
OpenThreadToken
CreateProcessW
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-string-l1-1-0
CompareStringW
api-ms-win-core-sysinfo-l1-1-0
GetSystemDirectoryW
GetVersionExA
GetTickCount
GetSystemTimeAsFileTime
api-ms-win-core-synch-l1-1-0
SetEvent
CreateEventW
InitializeCriticalSectionAndSpinCount
CreateMutexW
ReleaseMutex
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
api-ms-win-core-threadpool-l1-1-0
CreateTimerQueueTimer
DeleteTimerQueueTimer
UnregisterWaitEx
api-ms-win-security-base-l1-1-0
AccessCheck
AllocateAndInitializeSid
FreeSid
ole32
CoCreateInstance
CoTaskMemFree
CoGetCallContext
StringFromCLSID
StringFromGUID2
CLSIDFromString
CoInitializeEx
CoFreeUnusedLibrariesEx
CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
CoDisconnectContext
oleaut32
SysFreeString
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
VariantChangeType
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
VariantInit
VariantClear
kernel32
DelayLoadFailureHook
RegisterWaitForSingleObject
CopyFileW
WideCharToMultiByte
WaitForMultipleObjects
LoadLibraryW
MoveFileW
FileTimeToLocalFileTime
lstrcmpW
RegQueryInfoKeyW
RaiseException
FreeResource
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
RegEnumValueW
GetFileTime
GetWindowsDirectoryW
SetLastError
api-ms-win-core-debug-l1-1-0
OutputDebugStringA
Exports
Exports
??0C9XAce@@QEAA@AEBV0@@Z
??0C9XAce@@QEAA@XZ
??0CArena@@QEAA@AEBV0@@Z
??0CArena@@QEAA@XZ
??0CBaseAce@@QEAA@AEBV0@@Z
??0CBaseAce@@QEAA@XZ
??0CCheckedInCritSec@@QEAA@PEAVCCritSec@@@Z
??0CCircularQueue@@QEAA@XZ
??0CContainerControl@@QEAA@AEBV0@@Z
??0CContainerControl@@QEAA@PEAUIUnknown@@@Z
??0CCritSec@@QEAA@XZ
??0CEnterWbemCriticalSection@@QEAA@PEAVCWbemCriticalSection@@K@Z
??0CEventLog@@QEAA@AEBV0@@Z
??0CEventLogRecord@@QEAA@AEAV0@@Z
??0CHaltable@@QEAA@AEBV0@@Z
??0CHex@@QEAA@J@Z
??0CInCritSec@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
??0CInsertionString@@QEAA@AEBV0@@Z
??0CInsertionString@@QEAA@PEBD@Z
??0CInsertionString@@QEAA@PEBG@Z
??0CInsertionString@@QEAA@XZ
??0CLifeControl@@QEAA@AEBV0@@Z
??0CLifeControl@@QEAA@XZ
??0CNtAce@@QEAA@XZ
??0CNtSid@@QEAA@XZ
??0CTraceSessionControl@@QEAA@XZ
??0CUnk@@QEAA@AEBV0@@Z
??0CUnkInternal@@QEAA@AEBV0@@Z
??0CUnkInternal@@QEAA@PEAVCLifeControl@@@Z
??0CVar@@QEAA@D@Z
??0CVar@@QEAA@E@Z
??0CVar@@QEAA@F@Z
??0CVar@@QEAA@FH@Z
??0CVar@@QEAA@G@Z
??0CVar@@QEAA@HPEAG@Z
??0CVar@@QEAA@HPEAUtagSAFEARRAY@@@Z
??0CVar@@QEAA@HVauto_bstr@@@Z
??0CVar@@QEAA@J@Z
??0CVar@@QEAA@K@Z
??0CVar@@QEAA@M@Z
??0CVar@@QEAA@N@Z
??0CVar@@QEAA@PEADH@Z
??0CVar@@QEAA@PEAGH@Z
??0CVar@@QEAA@PEAU_FILETIME@@@Z
??0CVar@@QEAA@PEAU_GUID@@H@Z
??0CVar@@QEAA@PEAUtagBLOB@@H@Z
??0CVar@@QEAA@PEAUtagVARIANT@@@Z
??0CVar@@QEAA@PEAVCVarVector@@H@Z
??0CVar@@QEAA@XZ
??0CWbemInterval@@IEAA@K@Z
??0CWbemInterval@@QEAA@XZ
??0CWbemTime@@IEAA@_J@Z
??0CWbemTime@@QEAA@AEBV0@@Z
??0CWbemTime@@QEAA@XZ
??0CWin32DefaultArena@@QEAA@AEBV0@@Z
??0CWin32DefaultArena@@QEAA@XZ
??0WString@@QEAA@AEBV0@@Z
??1CBaseAce@@UEAA@XZ
??1CCheckedInCritSec@@QEAA@XZ
??1CCritSec@@QEAA@XZ
??1CEnterWbemCriticalSection@@QEAA@XZ
??1CEventLogRecord@@QEAA@XZ
??1CInCritSec@@QEAA@XZ
??1CInsertionString@@QEAA@XZ
??1CUnkInternal@@UEAA@XZ
??1CWin32DefaultArena@@QEAA@XZ
??1WString@@QEAA@XZ
??4C9XAce@@QEAAAEAV0@AEBV0@@Z
??4CArena@@QEAAAEAV0@AEBV0@@Z
??4CBaseAce@@QEAAAEAV0@AEBV0@@Z
??4CCheckedInCritSec@@QEAAAEAV0@AEBV0@@Z
??4CCircularQueue@@QEAAAEAV0@AEBV0@@Z
??4CContainerControl@@QEAAAEAV0@AEBV0@@Z
??4CCritSec@@QEAAAEAV0@AEBV0@@Z
??4CEnterWbemCriticalSection@@QEAAAEAV0@AEBV0@@Z
??4CEventLog@@QEAAAEAV0@AEBV0@@Z
??4CEventLogRecord@@QEAAAEAV0@AEAV0@@Z
??4CFlexQueue@@QEAAAEAV0@AEBV0@@Z
??4CHaltable@@QEAAAEAV0@AEBV0@@Z
??4CHex@@QEAAAEAV0@AEBV0@@Z
??4CInCritSec@@QEAAAEAV0@AEBV0@@Z
??4CInsertionString@@QEAAAEAV0@AEBV0@@Z
??4CLifeControl@@QEAAAEAV0@AEBV0@@Z
??4CMemoryLog@@QEAAAEAV0@AEBV0@@Z
??4CNtSecurity@@QEAAAEAV0@AEBV0@@Z
??4CPersistentConfig@@QEAAAEAV0@AEBV0@@Z
??4CSmallArrayBlob@@QEAAAEAV0@AEBV0@@Z
??4CStaticCritSec@@QEAAAEAV0@AEBV0@@Z
??4CTraceSessionControl@@QEAAAEAV0@AEBV0@@Z
??4CUnk@@QEAAAEAV0@AEBV0@@Z
??4CUnkInternal@@QEAAAEAV0@AEBV0@@Z
??4CWMITraceSettings@@QEAAAEAV0@AEBV0@@Z
??4CWbemCriticalSection@@QEAAAEAV0@AEBV0@@Z
??4CWbemInterval@@QEAAAEAV0@AEBV0@@Z
??4CWbemTime@@QEAAXAEBV0@@Z
??4CWbemTimeSpan@@QEAAAEAV0@AEBV0@@Z
??4CWin32DefaultArena@@QEAAAEAV0@AEBV0@@Z
??4MD5@@QEAAAEAV0@AEBV0@@Z
??4Registry@@QEAAAEAV0@AEBV0@@Z
??ACSmallArrayBlob@@QEBAPEAXH@Z
??ACWStringArray@@QEBAPEAGH@Z
??BCHex@@QEAAJXZ
??BCVar@@QEAA?AU_FILETIME@@XZ
??BCVar@@QEAADXZ
??BCVar@@QEAAEXZ
??BCVar@@QEAAFXZ
??BCVar@@QEAAGXZ
??BCVar@@QEAAJXZ
??BCVar@@QEAAKXZ
??BCVar@@QEAAMXZ
??BCVar@@QEAANXZ
??BCVar@@QEAAPEADXZ
??BCVar@@QEAAPEAGXZ
??BCVar@@QEAAPEAU_GUID@@XZ
??BCVar@@QEAAPEAUtagBLOB@@XZ
??BCVar@@QEAAPEAVCVarVector@@XZ
??BWString@@QEAAPEAGXZ
??BWString@@QEBAPEBGXZ
??DCWbemInterval@@QEBA?AV0@N@Z
??GCWbemTime@@QEBA?AVCWbemInterval@@AEBV0@@Z
??HCWbemInterval@@QEBA?AV0@V0@@Z
??MCWbemInterval@@QEAAHV0@@Z
??MCWbemTime@@QEBAHAEBV0@@Z
??MWString@@QEBAHPEBG@Z
??NCWbemTime@@QEBAHAEBV0@@Z
??NWString@@QEBAHPEBG@Z
??OCWbemInterval@@QEAAHV0@@Z
??OCWbemTime@@QEBAHAEBV0@@Z
??OWString@@QEBAHPEBG@Z
??PCWbemTime@@QEBAHAEBV0@@Z
??PWString@@QEBAHPEBG@Z
??YCWbemInterval@@QEAAXV0@@Z
??_7C9XAce@@6B@
??_7CArena@@6B@
??_7CBaseAce@@6B@
??_7CContainerControl@@6B@
??_7CHaltable@@6B@
??_7CLifeControl@@6B@
??_7CNtAce@@6B@
??_7CUnk@@6B@
??_7CUnkInternal@@6B@
??_7CWin32DefaultArena@@6B@
??_FCEventLog@@QEAAXXZ
??_FCFlexArray@@QEAAXXZ
??_FCFlexQueue@@QEAAXXZ
??_FCNtAcl@@QEAAXXZ
??_FCUnk@@QEAAXXZ
??_FCWStringArray@@QEAAXXZ
?Access@CSafeArray@@QEAAJPEAPEAX@Z
?Add@CFlexArray@@QEAAHPEAX@Z
?AddBool@CSafeArray@@QEAAHF@Z
?AddByte@CSafeArray@@QEAAHE@Z
?AddDouble@CSafeArray@@QEAAHN@Z
?AddFloat@CSafeArray@@QEAAHM@Z
?AddLong@CSafeArray@@QEAAHJ@Z
?AddRef@CContainerControl@@UEAAXPEAUIUnknown@@@Z
?AddRef@CUnkInternal@@UEAAKXZ
?AddShort@CSafeArray@@QEAAHF@Z
?Alloc@CWin32DefaultArena@@UEAAPEAX_K@Z
?BindPtr@WString@@QEAAXPEAG@Z
?CanDelete@CVar@@QEAAHXZ
?Compress@CWStringArray@@QEAAXXZ
?DecrementIndex@CFlexQueue@@IEAAXAEAH@Z
?ElementSize@CSafeArray@@QEAAHXZ
?Enter@CCheckedInCritSec@@QEAAXXZ
?Enter@CCritSec@@QEAAXXZ
?Equal@WString@@QEBAHPEBG@Z
?EqualNoCase@WString@@QEBAHPEBG@Z
?Free@CWin32DefaultArena@@UEAAHPEAX@Z
?Get100nss@CWbemTime@@QEBA_JXZ
?GetAccessMask@C9XAce@@UEAAKXZ
?GetAreaFlags@CWMITraceSettings@@QEAAKXZ
?GetArray@CSafeArray@@QEAAPEAUtagSAFEARRAY@@XZ
?GetArrayPtr@CFlexArray@@QEAAPEAPEAXXZ
?GetArrayPtr@CFlexArray@@QEBAPEBQEAXXZ
?GetArrayPtr@CSmallArrayBlob@@QEAAPEAPEAXXZ
?GetArrayPtr@CSmallArrayBlob@@QEBAPEBQEAXXZ
?GetArrayPtr@CWStringArray@@QEAAPEAPEBGXZ
?GetAt@CSmallArrayBlob@@QEBAPEAXH@Z
?GetAt@CWStringArray@@QEBAPEAGH@Z
?GetBlob@CVar@@QEAAPEAUtagBLOB@@XZ
?GetBool@CVar@@QEAAFXZ
?GetBoolAt@CSafeArray@@QEAAFH@Z
?GetByte@CVar@@QEAAEXZ
?GetByteAt@CSafeArray@@QEAAEH@Z
?GetChar@CVar@@QEAADXZ
?GetClsId@CVar@@QEAAPEAU_GUID@@XZ
?GetCreationTime@CEventLogRecord@@QEAA?AVCWbemTime@@XZ
?GetDWORD@CVar@@QEAAKXZ
?GetDispatch@CVar@@QEAAPEAUIDispatch@@XZ
?GetDouble@CVar@@QEAANXZ
?GetDoubleAt@CSafeArray@@QEAANH@Z
?GetEmbeddedObject@CVar@@QEAAPEAUIUnknown@@XZ
?GetEventTraceProperties@CWMITraceSettings@@QEAAPEAU_EVENT_TRACE_PROPERTIES@@XZ
?GetFileTime@CVar@@QEAA?AU_FILETIME@@XZ
?GetFlags@C9XAce@@UEAAHXZ
?GetFloat@CVar@@QEAAMXZ
?GetFloatAt@CSafeArray@@QEAAMH@Z
?GetInfinity@CWbemInterval@@SA?AV1@XZ
?GetInfinity@CWbemTime@@SA?AV1@XZ
?GetInnerUnknown@CUnk@@QEAAPEAUIUnknown@@XZ
?GetLPSTR@CVar@@QEAAPEADXZ
?GetLPWSTR@CVar@@QEAAPEAGXZ
?GetLastError@Registry@@QEAAJXZ
?GetLockCount@CWbemCriticalSection@@QEAAJXZ
?GetLong@CVar@@QEAAJXZ
?GetLongAt@CSafeArray@@QEAAJH@Z
?GetMilliseconds@CWbemInterval@@QEBAKXZ
?GetNumStrings@CEventLogRecord@@QEAAGXZ
?GetOwningThreadId@CWbemCriticalSection@@QEAAKXZ
?GetPtr@CNtAce@@QEAAPEAU_ACCESS_ALLOWED_ACE@@XZ
?GetPtr@CNtAcl@@QEAAPEAU_ACL@@XZ
?GetPtr@CNtSecurityDescriptor@@QEAAPEAXXZ
?GetPtr@CNtSid@@QEAAPEAXXZ
?GetQueueSize@CFlexQueue@@QEBAHXZ
?GetRawData@CVar@@QEAAPEAXXZ
?GetRecursionCount@CWbemCriticalSection@@QEAAJXZ
?GetSeconds@CWbemInterval@@QEBAKXZ
?GetSessionName@CWMITraceSettings@@QEAAPEAGXZ
?GetShort@CVar@@QEAAFXZ
?GetShortAt@CSafeArray@@QEAAFH@Z
?GetSize@CNtAce@@QEAAKXZ
?GetStatus@C9XAce@@UEAAKXZ
?GetStatus@CNtAce@@UEAAKXZ
?GetStatus@CNtAcl@@QEAAKXZ
?GetStatus@CNtSecurityDescriptor@@QEAAKXZ
?GetStatus@CNtSid@@QEAAKXZ
?GetString@CInsertionString@@QEAAPEBGXZ
?GetStringPointerByRef@WString@@QEBAAEBQEBGXZ
?GetTraceLevel@CWMITraceSettings@@QEAAEXZ
?GetType@C9XAce@@UEAAHXZ
?GetType@CSafeArray@@QEAAHXZ
?GetType@CVar@@QEAAHXZ
?GetType@CVarVector@@QEAAHXZ
?GetUnknown@CUnk@@QEAAPEAUIUnknown@@XZ
?GetUnknown@CUnkInternal@@QEAAPEAUIUnknown@@XZ
?GetUnknown@CVar@@QEAAPEAUIUnknown@@XZ
?GetVarVector@CVar@@QEAAPEAVCVarVector@@XZ
?GetWord@CVar@@QEAAGXZ
?GetZero@CWbemTime@@SA?AV1@XZ
?IncrementIndex@CFlexQueue@@IEAAXAEAH@Z
?InternalAddRef@CUnkInternal@@QEAAKXZ
?InternalQueryInterface@CUnkInternal@@QEAAJAEBU_GUID@@PEAPEAX@Z
?InternalRelease@CUnkInternal@@QEAAKXZ
?IsEmpty@CInsertionString@@QEAAHXZ
?IsEnabled@CTraceSessionControl@@QEAA_NXZ
?IsEntered@CCheckedInCritSec@@QEAAHXZ
?IsEntered@CEnterWbemCriticalSection@@QEAAHXZ
?IsFinite@CWbemInterval@@QEBAHXZ
?IsFinite@CWbemTime@@QEBAHXZ
?IsNull@CVar@@QEAAHXZ
?IsOptimized@CVarVector@@QEAAHXZ
?IsUser@CNtSid@@QEAA_NXZ
?IsValid@CNtAcl@@QEAAHXZ
?IsValid@CNtSecurityDescriptor@@QEAAHXZ
?IsValid@CNtSid@@QEAAHXZ
?IsZero@CWbemInterval@@QEBAHXZ
?IsZero@CWbemTime@@QEBAHXZ
?Leave@CCheckedInCritSec@@QEAAXXZ
?Leave@CCritSec@@QEAAXXZ
?Length@WString@@QEBAHXZ
?ObjectCreated@CContainerControl@@UEAAHPEAUIUnknown@@@Z
?ObjectDestroyed@CContainerControl@@UEAAXPEAUIUnknown@@@Z
?OnInitialize@CUnk@@UEAAHXZ
?QueryInterface@CUnkInternal@@UEAAJAEBU_GUID@@PEAPEAX@Z
?Realloc@CWin32DefaultArena@@UEAAPEAXPEAX_K@Z
?Release@CContainerControl@@UEAAXPEAUIUnknown@@@Z
?Release@CUnkInternal@@UEAAKXZ
?Set100nss@CWbemTime@@QEAAX_J@Z
?SetAreaFlags@CWMITraceSettings@@QEAAXK@Z
?SetAsNull@CVar@@QEAAXXZ
?SetBool@CVar@@QEAAXF@Z
?SetBoolAt@CSafeArray@@QEAAHHF@Z
?SetByte@CVar@@QEAAXE@Z
?SetByteAt@CSafeArray@@QEAAHHE@Z
?SetCanDelete@CVar@@QEAAXH@Z
?SetChar@CVar@@QEAAXD@Z
?SetDWORD@CVar@@QEAAXK@Z
?SetDestructorPolicy@CSafeArray@@QEAAXH@Z
?SetDouble@CVar@@QEAAXN@Z
?SetDoubleAt@CSafeArray@@QEAAHHN@Z
?SetEmbeddedObject@CVar@@QEAAXPEAUIUnknown@@@Z
?SetFileTime@CVar@@QEAAXPEAU_FILETIME@@@Z
?SetFlags@C9XAce@@UEAAXJ@Z
?SetFlags@CNtAce@@UEAAXJ@Z
?SetFloat@CVar@@QEAAXM@Z
?SetFloatAt@CSafeArray@@QEAAHHM@Z
?SetGrowGranularity@CSafeArray@@QEAAXH@Z
?SetLong@CVar@@QEAAXJ@Z
?SetLongAt@CSafeArray@@QEAAHHJ@Z
?SetMilliseconds@CWbemInterval@@QEAAXK@Z
?SetRawArrayMaxElement@CSafeArray@@QEAAXH@Z
?SetShort@CVar@@QEAAXF@Z
?SetShortAt@CSafeArray@@QEAAHHF@Z
?SetSize@CFlexArray@@QEAAXH@Z
?SetTraceLevel@CWMITraceSettings@@QEAAXE@Z
?SetWord@CVar@@QEAAXG@Z
?Size@CFlexArray@@QEBAHXZ
?Size@CSafeArray@@QEAAHXZ
?Size@CSmallArrayBlob@@QEBAHXZ
?Size@CWStringArray@@QEBAHXZ
?Status@CSafeArray@@QEAAHXZ
?Status@CVar@@QEAAHXZ
?Status@CVarVector@@QEAAHXZ
?Unaccess@CSafeArray@@QEAAJXZ
?Unqueue@CFlexQueue@@QEAAPEAXXZ
?WbemSysFreeString@CWin32DefaultArena@@SAXPEAG@Z
?isValid@CHaltable@@QEAA_NXZ
DllRegisterServer
DllUnregisterServer
DredgeRA
GetSystemEventsForShutdown
IsImproperShutdownDetected
IsShutDown
MoveToAlone
MoveToShared
ServiceMain
Sections
.text Size: 142KB - Virtual size: 141KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 73KB - Virtual size: 73KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x64/WmiApRes.dll.dll windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Sections
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
tools/wmic/x64/WmiApRpl.dll.dll regsvr32 windows:6 windows x64 arch:x64
f67b4d9f56919156d729c876da7bb184
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
WmiApRpl.pdb
Imports
msvcrt
?terminate@@YAXXZ
wcschr
_wtol
??0exception@@QEAA@AEBQEBD@Z
strlen
wcsrchr
_vsnwprintf
free
_CxxThrowException
malloc
_callnewh
_XcptFilter
_initterm
_amsg_exit
__C_specific_handler
_unlock
__dllonexit
_lock
_onexit
??1type_info@@UEAA@XZ
memmove
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
realloc
_errno
??0exception@@QEAA@XZ
__CxxFrameHandler
memset
memcpy
wcsstr
ntdll
NtQuerySecurityObject
RtlGetOwnerSecurityDescriptor
RtlEqualSid
RtlGetDaclSecurityDescriptor
RtlGetAce
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
kernel32
FreeLibrary
GetSystemDefaultLangID
ExpandEnvironmentStringsW
LoadLibraryW
GetSystemDirectoryW
SetLastError
GetProcAddress
ResetEvent
WaitForMultipleObjects
OpenEventW
MoveFileExW
CreateDirectoryW
WriteFile
WideCharToMultiByte
CreateFileW
DeleteFileW
lstrlenA
GetLocaleInfoW
lstrcmpW
RaiseException
GetVersionExA
LocalFree
GetLastError
DisableThreadLibraryCalls
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
CloseHandle
CreateSemaphoreW
CompareStringW
lstrlenW
InitializeCriticalSection
CreateMutexW
ReleaseSemaphore
GetSystemTime
CreateEventW
WaitForSingleObject
Sleep
TryEnterCriticalSection
ReleaseMutex
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetCurrentProcess
SwitchToThread
VirtualProtect
OutputDebugStringA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersionExW
SetEvent
advapi32
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyW
DeregisterEventSource
RegisterEventSourceW
CopySid
GetLengthSid
IsValidSid
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
InitializeSecurityDescriptor
MakeAbsoluteSD
ConvertStringSecurityDescriptorToSecurityDescriptorW
user32
CharNextW
LoadStringW
oleaut32
SysAllocString
SysFreeString
SysStringLen
SysAllocStringLen
SafeArrayGetLBound
VariantClear
SafeArrayAccessData
SafeArrayDestroy
VariantChangeType
SafeArrayUnaccessData
SafeArrayGetUBound
ole32
CoSetProxyBlanket
loadperf
LoadPerfCounterTextStringsW
UnloadPerfCounterTextStringsW
wbemcomn
?anyFailure@CStaticCritSec@@SAHXZ
??1CStaticCritSec@@QEAA@XZ
??0CStaticCritSec@@QEAA@XZ
?Throttle@@YAJKKKKK@Z
Exports
Exports
DllRegisterServer
DllUnregisterServer
WmiClosePerfData
WmiCollectPerfData
WmiOpenPerfData
Sections
.text Size: 117KB - Virtual size: 117KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x64/WmiApSrv.exe.exe windows:6 windows x64 arch:x64
60258ff8adf15923ca3a6fc91dc62919
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
WmiApSrv.pdb
Imports
advapi32
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
ConvertStringSecurityDescriptorToSecurityDescriptorW
MakeAbsoluteSD
InitializeSecurityDescriptor
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
CreateServiceW
ChangeServiceConfig2W
ControlService
DeleteService
RegEnumValueW
RegOpenKeyW
RegQueryValueExW
RegOpenCurrentUser
RegEnumKeyW
RegQueryInfoKeyW
kernel32
GetCurrentThreadId
CreateMutexW
CreateEventW
Sleep
GetModuleFileNameW
GetModuleHandleW
WaitForMultipleObjects
UnmapViewOfFile
lstrcmpW
GetExitCodeProcess
FlushViewOfFile
CreateFileMappingW
MapViewOfFile
DeleteCriticalSection
RaiseException
MultiByteToWideChar
FormatMessageW
GetVersionExA
OutputDebugStringA
ReleaseMutex
LocalAlloc
CompareStringW
GetCommandLineW
HeapSetInformation
EnterCriticalSection
SetEvent
ResetEvent
LocalFree
InitializeCriticalSection
GetLastError
GetCurrentProcess
SwitchToThread
ReleaseSemaphore
WaitForSingleObject
GetVersionExW
GetLocaleInfoW
lstrlenA
DeleteFileW
CreateFileW
WideCharToMultiByte
WriteFile
CreateDirectoryW
MoveFileExW
OpenEventW
GetProcAddress
SetLastError
GetSystemDirectoryW
OpenProcess
FreeLibrary
GetSystemDefaultLangID
ExpandEnvironmentStringsW
LoadLibraryW
UnhandledExceptionFilter
TerminateProcess
lstrlenW
LeaveCriticalSection
TryEnterCriticalSection
CreateSemaphoreW
CloseHandle
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
user32
CharNextW
LoadStringW
msvcrt
_unlock
??1type_info@@UEAA@XZ
__set_app_type
_fmode
_vsnwprintf
wcsrchr
memmove_s
strlen
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
memcpy_s
realloc
_wtol
_wcsicmp
__dllonexit
wcschr
__CxxFrameHandler3
_commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__C_specific_handler
__getmainargs
_callnewh
_lock
_onexit
?terminate@@YAXXZ
wcscspn
memcpy
iswspace
atol
wcscoll
memmove
wcsspn
iswdigit
wcspbrk
wcsstr
_wcsupr
malloc
memset
free
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_CxxThrowException
_wcslwr
_wcsrev
_wtoi
ntdll
RtlLookupFunctionEntry
NtQuerySecurityObject
RtlGetOwnerSecurityDescriptor
RtlEqualSid
RtlGetDaclSecurityDescriptor
RtlGetAce
RtlCaptureContext
NtQueryObject
RtlVirtualUnwind
oleaut32
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayAccessData
SysFreeString
SysAllocString
SysStringLen
VariantChangeType
VariantClear
SafeArrayDestroy
SafeArrayGetUBound
SysAllocStringLen
ole32
CoCreateInstance
CoInitializeEx
CoUninitialize
CoFreeUnusedLibraries
CoInitializeSecurity
CoSetProxyBlanket
wbemcomn
?Throttle@@YAJKKKKK@Z
??0CStaticCritSec@@QEAA@XZ
??1CStaticCritSec@@QEAA@XZ
?anyFailure@CStaticCritSec@@SAHXZ
loadperf
LoadPerfCounterTextStringsW
UnloadPerfCounterTextStringsW
Exports
Exports
??0CHPtrArray@@QEAA@XZ
??0CHString@@QEAA@AEBV0@@Z
??0CHString@@QEAA@GH@Z
??0CHString@@QEAA@PEBD@Z
??0CHString@@QEAA@PEBE@Z
??0CHString@@QEAA@PEBG@Z
??0CHString@@QEAA@PEBGH@Z
??0CHString@@QEAA@XZ
??0CHStringArray@@QEAA@XZ
??0CRegistry@@QEAA@AEBV0@@Z
??0CRegistry@@QEAA@XZ
??0CRegistrySearch@@QEAA@AEBV0@@Z
??0CRegistrySearch@@QEAA@XZ
??1CHPtrArray@@QEAA@XZ
??1CHString@@QEAA@XZ
??1CHStringArray@@QEAA@XZ
??1CRegistry@@QEAA@XZ
??1CRegistrySearch@@QEAA@XZ
??4CHPtrArray@@QEAAAEAV0@AEBV0@@Z
??4CHString@@QEAAAEBV0@AEBV0@@Z
??4CHString@@QEAAAEBV0@D@Z
??4CHString@@QEAAAEBV0@G@Z
??4CHString@@QEAAAEBV0@PEAV0@@Z
??4CHString@@QEAAAEBV0@PEBD@Z
??4CHString@@QEAAAEBV0@PEBE@Z
??4CHString@@QEAAAEBV0@PEBG@Z
??4CHStringArray@@QEAAAEAV0@AEBV0@@Z
??4CRegistry@@QEAAAEAV0@AEBV0@@Z
??4CRegistrySearch@@QEAAAEAV0@AEBV0@@Z
??ACHPtrArray@@QEAAAEAPEAXH@Z
??ACHPtrArray@@QEBAPEAXH@Z
??ACHString@@QEBAGH@Z
??ACHStringArray@@QEAAAEAVCHString@@H@Z
??ACHStringArray@@QEBA?AVCHString@@H@Z
??H@YA?AVCHString@@AEBV0@0@Z
??H@YA?AVCHString@@AEBV0@G@Z
??H@YA?AVCHString@@AEBV0@PEBG@Z
??H@YA?AVCHString@@GAEBV0@@Z
??H@YA?AVCHString@@PEBGAEBV0@@Z
??YCHString@@QEAAAEBV0@AEBV0@@Z
??YCHString@@QEAAAEBV0@D@Z
??YCHString@@QEAAAEBV0@G@Z
??YCHString@@QEAAAEBV0@PEBG@Z
?Add@CHPtrArray@@QEAAHPEAX@Z
?Add@CHStringArray@@QEAAHPEBG@Z
?AllocBeforeWrite@CHString@@IEAAXH@Z
?AllocBuffer@CHString@@IEAAXH@Z
?AllocCopy@CHString@@IEBAXAEAV1@HHH@Z
?AllocSysString@CHString@@QEBAPEAGXZ
?Append@CHPtrArray@@QEAAHAEBV1@@Z
?Append@CHStringArray@@QEAAHAEBV1@@Z
?AssignCopy@CHString@@IEAAXHPEBG@Z
?CheckAndAddToList@CRegistrySearch@@AEAAXPEAVCRegistry@@VCHString@@1AEAVCHPtrArray@@11H@Z
?Close@CRegistry@@QEAAXXZ
?CloseSubKey@CRegistry@@AEAAXXZ
?Collate@CHString@@QEBAHPEBG@Z
?Compare@CHString@@QEBAHPEBG@Z
?CompareNoCase@CHString@@QEBAHPEBG@Z
?ConcatCopy@CHString@@IEAAXHPEBGH0@Z
?ConcatInPlace@CHString@@IEAAXHPEBG@Z
?Copy@CHPtrArray@@QEAAXAEBV1@@Z
?Copy@CHStringArray@@QEAAXAEBV1@@Z
?CopyBeforeWrite@CHString@@IEAAXXZ
?CreateOpen@CRegistry@@QEAAJPEAUHKEY__@@PEBGPEAGKKPEAU_SECURITY_ATTRIBUTES@@PEAK@Z
?DeleteCurrentKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBG@Z
?DeleteCurrentKeyValue@CRegistry@@QEAAKPEBG@Z
?DeleteKey@CRegistry@@QEAAJPEAVCHString@@@Z
?DeleteValue@CRegistry@@QEAAJPEBG@Z
?ElementAt@CHPtrArray@@QEAAAEAPEAXH@Z
?ElementAt@CHStringArray@@QEAAAEAVCHString@@H@Z
?Empty@CHString@@QEAAXXZ
?EnumerateAndGetValues@CRegistry@@QEAAJAEAKAEAPEAGAEAPEAE@Z
?Find@CHString@@QEBAHG@Z
?Find@CHString@@QEBAHPEBG@Z
?FindOneOf@CHString@@QEBAHPEBG@Z
?Format@CHString@@QEAAXIZZ
?Format@CHString@@QEAAXPEBGZZ
?FormatMessageW@CHString@@QEAAXIZZ
?FormatMessageW@CHString@@QEAAXPEBGZZ
?FormatV@CHString@@QEAAXPEBGPEAD@Z
?FreeExtra@CHPtrArray@@QEAAXXZ
?FreeExtra@CHString@@QEAAXXZ
?FreeExtra@CHStringArray@@QEAAXXZ
?FreeSearchList@CRegistrySearch@@QEAAHHAEAVCHPtrArray@@@Z
?GetAllocLength@CHString@@QEBAHXZ
?GetAt@CHPtrArray@@QEBAPEAXH@Z
?GetAt@CHString@@QEBAGH@Z
?GetAt@CHStringArray@@QEBA?AVCHString@@H@Z
?GetBuffer@CHString@@QEAAPEAGH@Z
?GetBufferSetLength@CHString@@QEAAPEAGH@Z
?GetClassNameW@CRegistry@@QEAAPEAGXZ
?GetCurrentBinaryKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBGPEAEPEAK@Z
?GetCurrentBinaryKeyValue@CRegistry@@QEAAKPEBGAEAVCHString@@@Z
?GetCurrentBinaryKeyValue@CRegistry@@QEAAKPEBGPEAEPEAK@Z
?GetCurrentKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBGAEAK@Z
?GetCurrentKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBGAEAVCHString@@@Z
?GetCurrentKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBGAEAVCHStringArray@@@Z
?GetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAK@Z
?GetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAVCHString@@@Z
?GetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAVCHStringArray@@@Z
?GetCurrentRawKeyValue@CRegistry@@AEAAKPEAUHKEY__@@PEBGPEAXPEAK3@Z
?GetCurrentRawSubKeyValue@CRegistry@@AEAAKPEBGPEAXPEAK2@Z
?GetCurrentSubKeyCount@CRegistry@@QEAAKXZ
?GetCurrentSubKeyName@CRegistry@@QEAAKAEAVCHString@@@Z
?GetCurrentSubKeyPath@CRegistry@@QEAAKAEAVCHString@@@Z
?GetCurrentSubKeyValue@CRegistry@@QEAAKPEBGAEAK@Z
?GetCurrentSubKeyValue@CRegistry@@QEAAKPEBGAEAVCHString@@@Z
?GetCurrentSubKeyValue@CRegistry@@QEAAKPEBGPEAXPEAK@Z
?GetData@CHPtrArray@@QEAAPEAPEAXXZ
?GetData@CHPtrArray@@QEBAPEAPEBXXZ
?GetData@CHString@@IEBAPEAUCHStringData@@XZ
?GetData@CHStringArray@@QEAAPEAVCHString@@XZ
?GetData@CHStringArray@@QEBAPEBVCHString@@XZ
?GetLength@CHString@@QEBAHXZ
?GetLongestClassStringSize@CRegistry@@QEAAKXZ
?GetLongestSubKeySize@CRegistry@@QEAAKXZ
?GetLongestValueData@CRegistry@@QEAAKXZ
?GetLongestValueName@CRegistry@@QEAAKXZ
?GetSize@CHPtrArray@@QEBAHXZ
?GetSize@CHStringArray@@QEBAHXZ
?GetUpperBound@CHPtrArray@@QEBAHXZ
?GetUpperBound@CHStringArray@@QEBAHXZ
?GethKey@CRegistry@@QEAAPEAUHKEY__@@XZ
?Init@CHString@@IEAAXXZ
?InsertAt@CHPtrArray@@QEAAXHPEAV1@@Z
?InsertAt@CHPtrArray@@QEAAXHPEAXH@Z
?InsertAt@CHStringArray@@QEAAXHPEAV1@@Z
?InsertAt@CHStringArray@@QEAAXHPEBGH@Z
?IsEmpty@CHString@@QEBAHXZ
?Left@CHString@@QEBA?AV1@H@Z
?LoadStringW@CHString@@IEAAHIPEAGI@Z
?LoadStringW@CHString@@QEAAHI@Z
?LocateKeyByNameOrValueName@CRegistrySearch@@QEAAHPEAUHKEY__@@PEBG1PEAPEBGKAEAVCHString@@3@Z
?LockBuffer@CHString@@QEAAPEAGXZ
?MakeLower@CHString@@QEAAXXZ
?MakeReverse@CHString@@QEAAXXZ
?MakeUpper@CHString@@QEAAXXZ
?Mid@CHString@@QEBA?AV1@H@Z
?Mid@CHString@@QEBA?AV1@HH@Z
?NextSubKey@CRegistry@@QEAAKXZ
?Open@CRegistry@@QEAAJPEAUHKEY__@@PEBGK@Z
?OpenAndEnumerateSubKeys@CRegistry@@QEAAJPEAUHKEY__@@PEBGK@Z
?OpenCurrentUser@CRegistry@@QEAAKPEBGK@Z
?OpenLocalMachineKeyAndReadValue@CRegistry@@QEAAJPEBG0AEAVCHString@@@Z
?OpenSubKey@CRegistry@@AEAAKXZ
?PrepareToReOpen@CRegistry@@AEAAXXZ
?Release@CHString@@QEAAXXZ
?Release@CHString@@SAXPEAUCHStringData@@@Z
?ReleaseBuffer@CHString@@QEAAXH@Z
?RemoveAll@CHPtrArray@@QEAAXXZ
?RemoveAll@CHStringArray@@QEAAXXZ
?RemoveAt@CHPtrArray@@QEAAXHH@Z
?RemoveAt@CHStringArray@@QEAAXHH@Z
?ReverseFind@CHString@@QEBAHG@Z
?RewindSubKeys@CRegistry@@QEAAXXZ
?Right@CHString@@QEBA?AV1@H@Z
?SafeStrlen@CHString@@KAHPEBG@Z
?SearchAndBuildList@CRegistrySearch@@QEAAHVCHString@@AEAVCHPtrArray@@00HPEAUHKEY__@@@Z
?SetAt@CHPtrArray@@QEAAXHPEAX@Z
?SetAt@CHString@@QEAAXHG@Z
?SetAt@CHStringArray@@QEAAXHPEBG@Z
?SetAtGrow@CHPtrArray@@QEAAXHPEAX@Z
?SetAtGrow@CHStringArray@@QEAAXHPEBG@Z
?SetCHStringResourceHandle@@YAXPEAUHINSTANCE__@@@Z
?SetCurrentKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBGAEAK@Z
?SetCurrentKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBGAEAVCHString@@@Z
?SetCurrentKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBGAEAVCHStringArray@@@Z
?SetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAK@Z
?SetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAVCHString@@@Z
?SetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAVCHStringArray@@@Z
?SetCurrentKeyValueExpand@CRegistry@@QEAAKPEAUHKEY__@@PEBGAEAVCHString@@@Z
?SetDefaultValues@CRegistry@@AEAAXXZ
?SetPlatformID@CRegistry@@CAHXZ
?SetSize@CHPtrArray@@QEAAXHH@Z
?SetSize@CHStringArray@@QEAAXHH@Z
?SpanExcluding@CHString@@QEBA?AV1@PEBG@Z
?SpanIncluding@CHString@@QEBA?AV1@PEBG@Z
?TrimLeft@CHString@@QEAAXXZ
?TrimRight@CHString@@QEAAXXZ
?UnlockBuffer@CHString@@QEAAXXZ
?myRegCreateKeyEx@CRegistry@@AEAAJPEAUHKEY__@@PEBGKPEAGKKQEAU_SECURITY_ATTRIBUTES@@PEAPEAU2@PEAK@Z
?myRegDeleteKey@CRegistry@@AEAAJPEAUHKEY__@@PEBG@Z
?myRegDeleteValue@CRegistry@@AEAAJPEAUHKEY__@@PEBG@Z
?myRegEnumKey@CRegistry@@AEAAJPEAUHKEY__@@KPEAGK@Z
?myRegEnumValue@CRegistry@@AEAAJPEAUHKEY__@@KPEAGPEAK22PEAE2@Z
?myRegOpenKeyEx@CRegistry@@AEAAJPEAUHKEY__@@PEBGKKPEAPEAU2@@Z
?myRegQueryInfoKey@CRegistry@@AEAAJPEAUHKEY__@@PEAGPEAK22222222PEAU_FILETIME@@@Z
?myRegQueryValueEx@CRegistry@@AEAAJPEAUHKEY__@@PEBGPEAK2PEAE2@Z
?myRegSetValueEx@CRegistry@@AEAAJPEAUHKEY__@@PEBGKKPEBEK@Z
?s_dwPlatform@CRegistry@@0KA
?s_fPlatformSet@CRegistry@@0HA
Sections
.text Size: 177KB - Virtual size: 177KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x64/WmiDcPrv.dll.dll regsvr32 windows:6 windows x64 arch:x64
64961e9de3e7b74c0a7447086fbcb916
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
WmiDcPrv.pdb
Imports
msvcrt
_XcptFilter
_CxxThrowException
memset
memcpy
_vsnwprintf
??1type_info@@UEAA@XZ
_onexit
_lock
__dllonexit
_unlock
__C_specific_handler
_amsg_exit
__CxxFrameHandler
_purecall
free
_initterm
malloc
ntdll
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
api-ms-win-core-localregistry-l1-1-0
RegCloseKey
RegSetValueExW
RegDeleteKeyExW
RegCreateKeyExW
fastprox
?New@CWbemCallSecurity@@SAPEAV1@XZ
wbemcomn
?BreakOnDbgAndRenterLoop@@YAKXZ
?_ThrowMemoryException_@@YAXXZ
kernel32
ReleaseMutex
CreateMutexW
GetProcessTimes
SwitchToThread
Sleep
VirtualProtect
QueryPerformanceCounter
GetTickCount
FileTimeToSystemTime
GetStringTypeExW
CompareFileTime
SystemTimeToFileTime
LCMapStringW
LocalFree
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
GetCurrentThread
GetCurrentThreadId
GetSystemTimeAsFileTime
LoadLibraryExW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
GetProcessHeap
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CloseHandle
GetLastError
GetCurrentProcess
OpenProcess
lstrlenW
DisableThreadLibraryCalls
GetModuleFileNameW
GetCurrentProcessId
EnterCriticalSection
advapi32
RevertToSelf
OpenThreadToken
GetTokenInformation
RegQueryValueExW
EqualSid
GetSecurityDescriptorOwner
RegGetKeySecurity
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
FreeSid
AllocateAndInitializeSid
CopySid
GetLengthSid
SetThreadToken
oleaut32
SysFreeString
VariantInit
VariantClear
SysAllocStringLen
VariantChangeType
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SysAllocString
ole32
CoGetCallContext
CoSwitchCallContext
CoImpersonateClient
CoRevertToSelf
StringFromGUID2
CoWaitForMultipleHandles
CoCreateInstance
CoCreateGuid
StringFromCLSID
CoTaskMemFree
CoGetClassObject
CreateStreamOnHGlobal
CoUnmarshalInterface
CoReleaseMarshalData
CoGetMarshalSizeMax
CoMarshalInterface
CLSIDFromString
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 168KB - Virtual size: 167KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 992B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x64/WmiPerfClass.dll.dll regsvr32 windows:6 windows x64 arch:x64
968cfd1fa3c223b72e046a4016faf518
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
WmiPerfClass.pdb
Imports
msvcrt
__C_specific_handler
_wcsicmp
_amsg_exit
_initterm
_XcptFilter
__CxxFrameHandler3
_callnewh
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
_vsnwprintf
??1type_info@@UEAA@XZ
_unlock
__dllonexit
_lock
_onexit
iswdigit
_wtoi
iswalnum
iswupper
_wcsdup
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
memcpy_s
??0exception@@QEAA@AEBV0@@Z
_wcsnicmp
malloc
iswalpha
free
memset
kernel32
GetTickCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
OutputDebugStringA
Sleep
GetThreadLocale
InitializeCriticalSectionAndSpinCount
GetLastError
CreateEventW
DeleteCriticalSection
CloseHandle
EnterCriticalSection
ResetEvent
LeaveCriticalSection
WaitForSingleObjectEx
SetEvent
CreateWaitableTimerW
SetWaitableTimer
CreateThread
SetThreadLocale
GetSystemDefaultLCID
GetModuleFileNameW
oleaut32
VariantInit
SysAllocString
VariantClear
SysFreeString
advapi32
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
PerfEnumerateCounterSet
PerfQueryCounterSetRegistrationInfo
RegQueryValueExW
TraceMessage
RegOpenKeyExW
RegCloseKey
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
pdh
PdhOpenQueryW
PdhCloseQuery
PdhGetDefaultPerfObjectW
PdhGetDefaultPerfCounterW
PdhParseCounterPathW
PdhGetCounterInfoW
PdhEnumObjectsW
PdhEnumObjectItemsW
PdhMakeCounterPathW
PdhAddCounterW
PdhTranslateLocaleCounterW
PdhTranslate009CounterW
PdhGetExplainText
PdhRemoveCounter
PdhConnectMachineW
wevtapi
EvtRender
EvtClose
EvtSubscribe
EvtCreateRenderContext
ole32
StringFromGUID2
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 123KB - Virtual size: 123KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 548B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x64/WmiPerfClass.mof
-
tools/wmic/x64/WmiPerfInst.dll.dll regsvr32 windows:6 windows x64 arch:x64
24a91755534b005793f84937335aca1d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
WmiPerfInst.pdb
Imports
msvcrt
??1type_info@@UEAA@XZ
__C_specific_handler
_amsg_exit
_initterm
_XcptFilter
__CxxFrameHandler3
_unlock
malloc
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
_vsnwprintf
memset
_wcsnicmp
_wcsdup
__dllonexit
_lock
_onexit
_callnewh
_wcsicmp
wcsrchr
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
memcpy_s
??0exception@@QEAA@AEBV0@@Z
free
memcpy
kernel32
GetCurrentProcess
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
OutputDebugStringA
Sleep
GetModuleFileNameW
ole32
CoRevertToSelf
StringFromGUID2
CoImpersonateClient
oleaut32
VariantClear
SysFreeString
SysAllocString
advapi32
RegisterTraceGuidsW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
UnregisterTraceGuids
RegSetValueExW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
pdh
PdhAdd009CounterW
PdhMakeCounterPathW
PdhGetRawCounterArrayW
PdhGetFormattedCounterArrayW
PdhCloseQuery
PdhCollectQueryData
PdhOpenQueryW
PdhGetRawCounterValue
PdhGetFormattedCounterValue
PdhRemoveCounter
PdhGetCounterTimeBase
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 56KB - Virtual size: 56KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 370B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x64/WmiPerfInst.mof
-
tools/wmic/x64/WmiPrvSD.dll.dll regsvr32 windows:6 windows x64 arch:x64
a47f2db2aba8ba6813b17cbee1c6d51b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
WmiPrvSD.pdb
Imports
msvcrt
realloc
memcpy
memset
__CxxFrameHandler3
_vsnwprintf
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UEAA@XZ
__C_specific_handler
_amsg_exit
free
_initterm
malloc
_XcptFilter
wcsstr
_purecall
memcmp
_CxxThrowException
ntdll
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
RtlLengthRequiredSid
RtlInitializeSid
RtlSubAuthoritySid
RtlLengthSid
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwTraceMessage
api-ms-win-security-base-l1-1-0
RevertToSelf
GetLengthSid
DuplicateTokenEx
GetAclInformation
GetSecurityDescriptorDacl
GetKernelObjectSecurity
CreateWellKnownSid
AllocateLocallyUniqueId
SetTokenInformation
AddAccessAllowedAce
ImpersonateLoggedOnUser
CopySid
FreeSid
MakeSelfRelativeSD
GetSecurityDescriptorLength
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
MakeAbsoluteSD
AccessCheck
MapGenericMask
GetTokenInformation
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAce
InitializeAcl
AllocateAndInitializeSid
wbemcomn
?GetSid@CNtAce@@QEAAHAEAVCNtSid@@@Z
??0CNtAce@@QEAA@KKKAEAVCNtSid@@@Z
??1CNtSid@@QEAA@XZ
??0CNtSid@@QEAA@PEAX@Z
?GetDacl@CNtSecurityDescriptor@@QEAAHAEAVCNtAcl@@@Z
??1CNtAcl@@QEAA@XZ
??0CNtAcl@@QEAA@K@Z
?ContainsSid@CNtAcl@@QEAAHAEAVCNtSid@@AEAE@Z
??0CNtSecurityDescriptor@@QEAA@PEAX@Z
??1CNtAce@@UEAA@XZ
?WinPEKey@@YAHXZ
?BreakOnDbgAndRenterLoop@@YAKXZ
?GetMemLogObject@@YAPEAVCMemoryLog@@XZ
?Write@CMemoryLog@@QEAAXJ@Z
?_ThrowMemoryException_@@YAXXZ
?AddAce@CNtAcl@@QEAAHPEAVCNtAce@@@Z
??0CNtSecurityDescriptor@@QEAA@AEAV0@@Z
?SetDacl@CNtSecurityDescriptor@@QEAAHPEAVCNtAcl@@@Z
?GetSize@CNtSecurityDescriptor@@QEAAKXZ
??0CLike@@QEAA@PEBGG@Z
??1CLike@@QEAA@XZ
?Match@CLike@@QEAA_NPEBG@Z
?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z
?SetPreferredLanguages@CMUILocale@@SAJKPEBGPEAK@Z
?BuildOperationInfo@@YAJPEBG00PEAPEAG@Z
?PublishProviderInfo@CPublishWMIOperationEvent@@SAJKPEAG000@Z
?_Free@CMUILocale@@SAHPEAX@Z
?GetPreferredLanguages@CMUILocale@@SAJKPEAPEAGPEAK@Z
??1CNtSecurityDescriptor@@QEAA@XZ
fastprox
?New@CWbemCallSecurity@@SAPEAV1@XZ
ncobjapi
WmiEventSourceConnect
WmiDestroyObject
WmiEventSourceDisconnect
WmiSetAndCommitObject
WmiCreateObjectWithFormat
user32
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
PeekMessageW
GetMessageW
kernel32
LoadLibraryExW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
RegisterWaitForSingleObject
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
UnregisterWaitEx
QueueUserWorkItem
SwitchToThread
Sleep
CreateEventW
SetEvent
GetCurrentProcessId
GetTickCount
GetCurrentThread
CreateThread
WaitForMultipleObjects
FileTimeToSystemTime
GetStringTypeExW
CompareFileTime
SystemTimeToFileTime
RegEnumKeyExW
RegSetKeySecurity
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
RegQueryValueExW
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
GetProcessTimes
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
DelayLoadFailureHook
LoadLibraryExA
GetProcAddress
FreeLibrary
GetCurrentThreadId
GetProcessHeap
WaitForSingleObject
LocalAlloc
LocalFree
LCMapStringW
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
DuplicateHandle
OpenProcess
AssignProcessToJobObject
TerminateJobObject
SetInformationJobObject
GetVersionExW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
lstrlenW
OpenEventW
CloseHandle
DisableThreadLibraryCalls
GetLastError
GetModuleFileNameW
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateJobObjectW
OpenJobObjectW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 539KB - Virtual size: 538KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 145KB - Virtual size: 145KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 992B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x64/WmiPrvSE.exe.exe windows:6 windows x64 arch:x64
c1e65c7ff153f2c2e6a7e93706ae226a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
WmiPrvSE.pdb
Imports
advapi32
InitializeSecurityDescriptor
AllocateAndInitializeSid
FreeSid
SetEntriesInAclW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegDisablePredefinedCache
ReportEventW
GetLengthSid
CopySid
InitializeAcl
AddAce
GetSecurityDescriptorLength
MakeSelfRelativeSD
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegDeleteKeyExW
RegisterEventSourceW
DeregisterEventSource
SetThreadToken
RevertToSelf
ImpersonateLoggedOnUser
OpenThreadToken
GetAclInformation
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
MakeAbsoluteSD
AccessCheck
MapGenericMask
RegQueryValueExW
GetTokenInformation
kernel32
CompareStringW
HeapSetInformation
GetCurrentProcessId
TerminateProcess
SetEvent
CreateThread
WaitForMultipleObjects
Sleep
GetCurrentThreadId
lstrlenW
GetModuleFileNameW
OpenFileMappingW
WaitForSingleObject
MapViewOfFile
UnmapViewOfFile
EnterCriticalSection
LeaveCriticalSection
LCMapStringW
TlsAlloc
TlsFree
GetCommandLineW
SwitchToThread
CreateEventW
GetTickCount
GetCurrentThread
GetStringTypeExW
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
GetProcessHeap
UnhandledExceptionFilter
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
ChangeTimerQueueTimer
CloseHandle
DuplicateHandle
GetProcAddress
FreeLibrary
GetModuleHandleExW
GetLastError
LocalFree
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateFileMappingW
user32
UnregisterClassW
DefWindowProcW
LoadIconW
LoadCursorW
RegisterClassW
CreateWindowExW
ShowWindow
UpdateWindow
GetSystemMenu
DeleteMenu
DestroyWindow
GetMessageW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects
PeekMessageW
MsgWaitForMultipleObjectsEx
PostMessageW
msvcrt
_amsg_exit
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
__setusermatherr
__C_specific_handler
__getmainargs
_purecall
_vsnwprintf
_itow
wcstok
_commode
_fmode
__set_app_type
??1type_info@@UEAA@XZ
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
memcmp
_CxxThrowException
__CxxFrameHandler3
memset
memcpy
_XcptFilter
ntdll
NtQuerySystemInformation
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwTraceMessage
wbemcomn
?BreakOnDbgAndRenterLoop@@YAKXZ
?GetMemLogObject@@YAPEAVCMemoryLog@@XZ
?Write@CMemoryLog@@QEAAXJ@Z
?_ThrowMemoryException_@@YAXXZ
?SetPreferredLanguages@CMUILocale@@SAJKPEBGPEAK@Z
?_Free@CMUILocale@@SAHPEAX@Z
?GetPreferredLanguages@CMUILocale@@SAJKPEAPEAGPEAK@Z
fastprox
?New@CWbemCallSecurity@@SAPEAV1@XZ
ncobjapi
WmiCreateObjectWithFormat
WmiDestroyObject
WmiEventSourceDisconnect
WmiSetAndCommitObject
WmiEventSourceConnect
oleaut32
SysAllocString
SysFreeString
VariantInit
VariantClear
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SysAllocStringLen
VariantChangeType
ole32
CoGetClassObject
CoCreateGuid
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoRegisterClassObject
CoFreeUnusedLibrariesEx
StringFromGUID2
CoGetCallContext
CoSwitchCallContext
CoImpersonateClient
CoRevertToSelf
CLSIDFromString
CoRevokeClassObject
Sections
.text Size: 250KB - Virtual size: 249KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 82KB - Virtual size: 81KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x64/wmi.mof
-
tools/wmic/x64/wmipcima.dll.dll regsvr32 windows:6 windows x64 arch:x64
b34dd0f51225e8838f18bf30fd16c11d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
wmipcima.pdb
Imports
msvcrt
_wcsupr
_purecall
_wtol
_wcslwr
towupper
iswupper
??0exception@@QEAA@AEBV0@@Z
memcpy_s
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
memmove_s
??0exception@@QEAA@XZ
_wcsnicmp
_wcsicmp
_vsnwprintf
swscanf
free
malloc
_CxxThrowException
__CxxFrameHandler3
_XcptFilter
_initterm
_amsg_exit
__C_specific_handler
_unlock
__dllonexit
_lock
_onexit
??1type_info@@UEAA@XZ
memcpy
memset
_wtoi
memcmp
ntdll
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
framedynos
?Flush@Provider@@MEAAXXZ
?GetObject@Provider@@MEAAJPEAVCInstance@@JAEAVCFrameworkQuery@@@Z
?ExecMethod@Provider@@MEAAJAEBVCInstance@@QEAGPEAV2@2J@Z
?DeleteInstance@Provider@@MEAAJAEBVCInstance@@J@Z
?OnFinalRelease@CThreadBase@@MEAAXXZ
?EndWrite@CThreadBase@@QEAAXXZ
?RemoveAll@CHPtrArray@@QEAAXXZ
??ACHPtrArray@@QEAAAEAPEAXH@Z
?BeginWrite@CThreadBase@@QEAAHK@Z
?EndRead@CThreadBase@@QEAAXXZ
?GetAt@CHPtrArray@@QEBAPEAXH@Z
?GetSize@CHPtrArray@@QEBAHXZ
?BeginRead@CThreadBase@@QEAAHK@Z
??1CHPtrArray@@QEAA@XZ
??0CHPtrArray@@QEAA@XZ
??1CThreadBase@@UEAA@XZ
??0CThreadBase@@QEAA@W4THREAD_SAFETY_MECHANISM@0@@Z
?AddRef@CInstance@@QEAAJXZ
?Release@CInstance@@QEAAJXZ
?MakeLower@CHString@@QEAAXXZ
?ReleaseBuffer@CHString@@QEAAXH@Z
?GetBuffer@CHString@@QEAAPEAGH@Z
?GetLength@CHString@@QEBAHXZ
?Right@CHString@@QEBA?AV1@H@Z
?Left@CHString@@QEBA?AV1@H@Z
?Compare@CHString@@QEBAHPEBG@Z
?Mid@CHString@@QEBA?AV1@H@Z
??4CHString@@QEAAAEBV0@AEBV0@@Z
?Find@CHString@@QEBAHG@Z
?Commit@CInstance@@QEAAJXZ
?SetCHString@CInstance@@QEAA_NPEBGAEBVCHString@@@Z
?CreateNewInstance@Provider@@IEAAPEAVCInstance@@PEAVMethodContext@@@Z
?GetInstancesByQuery@CWbemProviderGlue@@SAJPEBGPEAV?$TRefPointerCollection@VCInstance@@@@PEAVMethodContext@@0@Z
?GetCHString@CInstance@@QEBA_NPEBGAEAVCHString@@@Z
?GetMethodContext@CInstance@@QEBAPEAVMethodContext@@XZ
??0CHString@@QEAA@PEBG@Z
?ValidateEnumerationFlags@Provider@@MEAAJJ@Z
?GetInstanceKeysByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@@Z
?Format@CHString@@QEAAXPEBGZZ
??1CHString@@QEAA@XZ
??0CHString@@QEAA@XZ
?GetValuesForProp@CFrameworkQuery@@QEAAJPEBGAEAV?$vector@V_bstr_t@@V?$allocator@V_bstr_t@@@std@@@std@@@Z
??1Provider@@UEAA@XZ
??0Provider@@QEAA@PEBG0@Z
?LocalLogMessage@ProviderLog@@QEAAXPEBG0HW4LogLevel@1@@Z
?captainsLog@@3VProviderLog@@A
?LocalLogMessage@ProviderLog@@QEAAXPEBGHW4LogLevel@1@0ZZ
??YCHString@@QEAAAEBV0@PEBG@Z
?IsLoggingOn@ProviderLog@@QEAA?AW4LogLevel@1@PEAVCHString@@@Z
?ValidateGetObjFlags@Provider@@MEAAJJ@Z
?ValidateMethodFlags@Provider@@MEAAJJ@Z
?ValidateQueryFlags@Provider@@MEAAJJ@Z
?ValidateDeletionFlags@Provider@@MEAAJJ@Z
?ValidatePutInstanceFlags@Provider@@MEAAJJ@Z
?SetSize@CHPtrArray@@QEAAXHH@Z
?IsEmpty@CHString@@QEBAHXZ
?GetPropertyBitMask@CFrameworkQueryEx@@QEAAXAEBVCHPtrArray@@PEAX@Z
??H@YA?AVCHString@@AEBV0@PEBG@Z
?SetWCHARSplat@CInstance@@QEAA_NPEBG0@Z
?SetDWORD@CInstance@@QEAA_NPEBGK@Z
?Setbool@CInstance@@QEAA_NPEBG_N@Z
?SetCHString@CInstance@@QEAA_NPEBG0@Z
?PutInstance@Provider@@MEAAJAEBVCInstance@@J@Z
?GetObject@Provider@@MEAAJPEAVCInstance@@J@Z
??4CHString@@QEAAAEBV0@PEBD@Z
?ExecQuery@Provider@@MEAAJPEAVMethodContext@@AEAVCFrameworkQuery@@J@Z
??0CWinMsgEvent@@QEAA@XZ
??1CWinMsgEvent@@QEAA@XZ
?RegisterForMessage@CWinMsgEvent@@IEAAXIH@Z
?UnRegisterMessage@CWinMsgEvent@@IEAA_NIH@Z
?SetCreationClassName@Provider@@IEAA_NPEAVCInstance@@@Z
?s_strComputerName@Provider@@0VCHString@@A
??YCHString@@QEAAAEBV0@G@Z
?FindOneOf@CHString@@QEBAHPEBG@Z
?Empty@CHString@@QEAAXXZ
?RemoveAt@CHStringArray@@QEAAXHH@Z
?RemoveAll@CHStringArray@@QEAAXXZ
?GetInstancePropertiesByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@AEAVCHStringArray@@@Z
?Add@CHStringArray@@QEAAHPEBG@Z
?SetAt@CHString@@QEAAXHG@Z
??YCHString@@QEAAAEBV0@AEBV0@@Z
?GetVariant@CInstance@@QEBA_NPEBGAEAUtagVARIANT@@@Z
?Add@CHPtrArray@@QEAAHPEAX@Z
?IsDerivedFrom@CWbemProviderGlue@@SA_NPEBG0PEAVMethodContext@@0@Z
?GetDWORD@CInstance@@QEBA_NPEBGAEAK@Z
??H@YA?AVCHString@@PEBGAEBV0@@Z
??H@YA?AVCHString@@AEBV0@G@Z
??H@YA?AVCHString@@AEBV0@0@Z
?Free@CObjectPathParser@@QEAAXPEAUParsedObjectPath@@@Z
??4CHString@@QEAAAEBV0@PEBG@Z
?MakeUpper@CHString@@QEAAXXZ
??0CHString@@QEAA@AEBV0@@Z
?Create@CWbemGlueFactory@@SAPEAV1@PEAJ@Z
?Destroy@CWbemGlueFactory@@QEAAXXZ
?FrameworkLogoffDLL@CWbemProviderGlue@@SAHPEBGPEAJ@Z
?FrameworkLoginDLL@CWbemProviderGlue@@SAHPEBGPEAJ@Z
?initFailed@Provider@@SAHXZ
??0CHStringArray@@QEAA@XZ
??1CHStringArray@@QEAA@XZ
?GetValuesForProp@CFrameworkQuery@@QEAAJPEBGAEAVCHStringArray@@@Z
?GetInstancesByQueryAsynch@CWbemProviderGlue@@SAJPEBGPEAVProvider@@P6AJ1PEAVCInstance@@PEAVMethodContext@@PEAX@Z034@Z
?GetLocalInstancePath@Provider@@IEAA_NPEBVCInstance@@AEAVCHString@@@Z
??0CObjectPathParser@@QEAA@W4ObjectParserFlags@@@Z
??1CObjectPathParser@@QEAA@XZ
??ACHStringArray@@QEBA?AVCHString@@H@Z
?Parse@CObjectPathParser@@QEAAHPEBGPEAPEAUParsedObjectPath@@@Z
advapi32
RegCreateKeyW
RegSetValueExW
RegCloseKey
RegOpenKeyW
RegDeleteKeyW
OpenThreadToken
RevertToSelf
ImpersonateLoggedOnUser
kernel32
GetLastError
QueryInformationJobObject
OpenJobObjectW
CloseHandle
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateEventW
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObjectEx
CreateThread
SetEvent
ResetEvent
GetExitCodeThread
SetLastError
DisableThreadLibraryCalls
OpenProcess
OutputDebugStringA
GetVersionExW
GetModuleFileNameW
GetCurrentThread
InitializeCriticalSection
GetComputerNameW
DebugBreak
LoadLibraryW
GetWindowsDirectoryW
GetProcAddress
FreeLibrary
lstrlenA
AssignProcessToJobObject
QueryPerformanceCounter
LocalAlloc
LocalFree
DeviceIoControl
GetTickCount
lstrlenW
MultiByteToWideChar
Sleep
CreateFileW
GetCurrentThreadId
ole32
StringFromGUID2
StringFromCLSID
CoTaskMemFree
CLSIDFromString
oleaut32
VariantChangeType
SysAllocString
SysStringLen
VariantInit
VariantClear
SysAllocStringByteLen
SysFreeString
devobj
DevObjGetClassDevs
DevObjDestroyDeviceInfoList
DevObjCreateDeviceInfoList
DevObjEnumDeviceInterfaces
DevObjGetDeviceInterfaceDetail
DevObjEnumDeviceInfo
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 142KB - Virtual size: 141KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1016B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x64/wmipcima.mof
-
tools/wmic/x64/wmipdfs.dll.dll regsvr32 windows:6 windows x64 arch:x64
afd8ef8298d83927fc81f62c13f623ef
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
wmipdfs.pdb
Imports
msvcrt
_wcsicmp
??1type_info@@UEAA@XZ
_onexit
_lock
__dllonexit
_unlock
__C_specific_handler
_amsg_exit
_initterm
_XcptFilter
malloc
free
wcsncmp
wcschr
__CxxFrameHandler3
_CxxThrowException
kernel32
DisableThreadLibraryCalls
GetVersionExW
GetModuleFileNameW
GetCurrentThread
CloseHandle
GetLastError
GetFileAttributesW
LocalFree
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
lstrlenW
GetComputerNameExW
SetLastError
netapi32
NetDfsRemove
NetDfsSetInfo
NetDfsAdd
NetDfsAddStdRoot
NetApiBufferFree
NetDfsEnum
NetDfsRemoveStdRoot
oleaut32
VariantChangeType
VariantClear
VariantInit
framedynos
??0Provider@@QEAA@PEBG0@Z
?LocalLogMessage@ProviderLog@@QEAAXPEBG0HW4LogLevel@1@@Z
??0CHString@@QEAA@XZ
??1CHString@@QEAA@XZ
??4CHString@@QEAAAEBV0@AEBV0@@Z
?s_strComputerName@Provider@@0VCHString@@A
?GetCHString@CInstance@@QEBA_NPEBGAEAVCHString@@@Z
?captainsLog@@3VProviderLog@@A
?GetDWORD@CInstance@@QEBA_NPEBGAEAK@Z
?GetBuffer@CHString@@QEAAPEAGH@Z
?LocalLogMessage@ProviderLog@@QEAAXPEBGHW4LogLevel@1@0ZZ
?Commit@CInstance@@QEAAJXZ
?SetWCHARSplat@CInstance@@QEAA_NPEBG0@Z
?Setbool@CInstance@@QEAA_NPEBG_N@Z
?SetDWORD@CInstance@@QEAA_NPEBGK@Z
?IsPropertyRequired@CFrameworkQuery@@QEAA_NPEBG@Z
?GetLength@CHString@@QEBAHXZ
?Release@CInstance@@QEAAJXZ
?OnFinalRelease@CThreadBase@@MEAAXXZ
?GetObject@Provider@@MEAAJPEAVCInstance@@J@Z
?ExecQuery@Provider@@MEAAJPEAVMethodContext@@AEAVCFrameworkQuery@@J@Z
?Flush@Provider@@MEAAXXZ
?ValidateEnumerationFlags@Provider@@MEAAJJ@Z
?ValidateGetObjFlags@Provider@@MEAAJJ@Z
?ValidateMethodFlags@Provider@@MEAAJJ@Z
?ValidateQueryFlags@Provider@@MEAAJJ@Z
?ValidateDeletionFlags@Provider@@MEAAJJ@Z
?GetMethodContext@CInstance@@QEBAPEAVMethodContext@@XZ
?SetCHString@CInstance@@QEAA_NPEBG0@Z
?ExecMethod@Provider@@MEAAJAEBVCInstance@@QEAGPEAV2@2J@Z
?CreateNewInstance@Provider@@IEAAPEAVCInstance@@PEAVMethodContext@@@Z
?GetLocalInstancePath@Provider@@IEAA_NPEBVCInstance@@AEAVCHString@@@Z
?SetCHString@CInstance@@QEAA_NPEBGAEBVCHString@@@Z
??H@YA?AVCHString@@AEBV0@0@Z
??H@YA?AVCHString@@AEBV0@G@Z
??H@YA?AVCHString@@PEBGAEBV0@@Z
?GetInstanceKeysByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@@Z
?IsDerivedFrom@CWbemProviderGlue@@SA_NPEBG0PEAVMethodContext@@0@Z
??0CThreadBase@@QEAA@W4THREAD_SAFETY_MECHANISM@0@@Z
??1CThreadBase@@UEAA@XZ
??0CHPtrArray@@QEAA@XZ
??1CHPtrArray@@QEAA@XZ
?BeginWrite@CThreadBase@@QEAAHK@Z
?Add@CHPtrArray@@QEAAHPEAX@Z
?EndWrite@CThreadBase@@QEAAXXZ
??1Provider@@UEAA@XZ
?ValidatePutInstanceFlags@Provider@@MEAAJJ@Z
?GetValuesForProp@CFrameworkQuery@@QEAAJPEBGAEAVCHStringArray@@@Z
?RemoveAll@CHPtrArray@@QEAAXXZ
?Create@CWbemGlueFactory@@SAPEAV1@PEAJ@Z
?Destroy@CWbemGlueFactory@@QEAAXXZ
?FrameworkLogoffDLL@CWbemProviderGlue@@SAHPEBGPEAJ@Z
?FrameworkLoginDLL@CWbemProviderGlue@@SAHPEBGPEAJ@Z
?initFailed@Provider@@SAHXZ
??0CHString@@QEAA@PEBG@Z
??0CHString@@QEAA@AEBV0@@Z
??4CHString@@QEAAAEBV0@PEBG@Z
?GetVariant@CInstance@@QEBA_NPEBGAEAUtagVARIANT@@@Z
?Format@CHString@@QEAAXPEBGZZ
??ACHStringArray@@QEBA?AVCHString@@H@Z
??YCHString@@QEAAAEBV0@AEBV0@@Z
?SetAt@CHString@@QEAAXHG@Z
?GetInstancesByQueryAsynch@CWbemProviderGlue@@SAJPEBGPEAVProvider@@P6AJ1PEAVCInstance@@PEAVMethodContext@@PEAX@Z034@Z
?GetInstancesByQuery@CWbemProviderGlue@@SAJPEBGPEAV?$TRefPointerCollection@VCInstance@@@@PEAVMethodContext@@0@Z
??0CHStringArray@@QEAA@XZ
??1CHStringArray@@QEAA@XZ
?Add@CHStringArray@@QEAAHPEBG@Z
?GetInstancePropertiesByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@AEAVCHStringArray@@@Z
??0CObjectPathParser@@QEAA@W4ObjectParserFlags@@@Z
??1CObjectPathParser@@QEAA@XZ
?Parse@CObjectPathParser@@QEAAHPEBGPEAPEAUParsedObjectPath@@@Z
?Free@CObjectPathParser@@QEAAXPEAUParsedObjectPath@@@Z
?RemoveAll@CHStringArray@@QEAAXXZ
?RemoveAt@CHStringArray@@QEAAXHH@Z
?Empty@CHString@@QEAAXXZ
?FindOneOf@CHString@@QEBAHPEBG@Z
?Left@CHString@@QEBA?AV1@H@Z
??YCHString@@QEAAAEBV0@G@Z
?Right@CHString@@QEBA?AV1@H@Z
?BeginRead@CThreadBase@@QEAAHK@Z
?GetSize@CHPtrArray@@QEBAHXZ
?GetAt@CHPtrArray@@QEBAPEAXH@Z
?AddRef@CInstance@@QEAAJXZ
?EndRead@CThreadBase@@QEAAXXZ
?PutInstance@Provider@@MEAAJAEBVCInstance@@J@Z
?DeleteInstance@Provider@@MEAAJAEBVCInstance@@J@Z
??ACHPtrArray@@QEAAAEAPEAXH@Z
advapi32
RegDeleteKeyW
RegOpenKeyW
RegCloseKey
RegSetValueExW
RegCreateKeyW
OpenThreadToken
ImpersonateLoggedOnUser
RevertToSelf
ole32
StringFromGUID2
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 46KB - Virtual size: 46KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 352B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x64/wmipdfs.mof
-
tools/wmic/x64/wmipdskq.dll.dll regsvr32 windows:6 windows x64 arch:x64
9a561da9b5daa631fb93fe0af2ec4d6a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
wmipdskq.pdb
Imports
msvcrt
toupper
_ultow
_CxxThrowException
__CxxFrameHandler3
memset
??1type_info@@UEAA@XZ
_onexit
_lock
__dllonexit
_unlock
__C_specific_handler
_amsg_exit
_initterm
_XcptFilter
free
malloc
_vsnwprintf
iswspace
_vsnprintf
atol
sscanf
_purecall
??0exception@@QEAA@AEBV0@@Z
memcpy_s
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
memmove_s
??0exception@@QEAA@XZ
_wcsicmp
memcpy
ntdll
RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry
advapi32
LookupAccountNameW
LookupAccountSidW
AllocateAndInitializeSid
FreeSid
RegDeleteKeyW
RegOpenKeyW
RegCloseKey
RegSetValueExW
RegCreateKeyW
IsValidSid
GetLengthSid
CopySid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
kernel32
InitializeCriticalSection
LoadLibraryW
GetWindowsDirectoryW
GetProcAddress
DebugBreak
FreeLibrary
QueryPerformanceCounter
lstrlenW
GetVolumeNameForVolumeMountPointW
lstrcmpW
GetVolumePathNameW
GetVolumeInformationW
GetLastError
GetLogicalDriveStringsW
FindVolumeClose
FindFirstVolumeW
FindNextVolumeW
LocalFree
Sleep
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LCMapStringW
HeapAlloc
GetProcessHeap
SetLastError
HeapFree
HeapReAlloc
CreateEventW
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObjectEx
CreateThread
CloseHandle
SetEvent
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
DisableThreadLibraryCalls
GetVersionExW
GetModuleFileNameW
oleaut32
SysAllocStringByteLen
SysStringLen
SysFreeString
VariantCopy
SysAllocString
VariantClear
VariantInit
VariantChangeType
ole32
StringFromCLSID
CoTaskMemFree
StringFromGUID2
CoCreateInstance
framedynos
??H@YA?AVCHString@@AEBV0@G@Z
?GetInstanceKeysByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@@Z
?IsDerivedFrom@CWbemProviderGlue@@SA_NPEBG0PEAVMethodContext@@0@Z
??0CThreadBase@@QEAA@W4THREAD_SAFETY_MECHANISM@0@@Z
??1CThreadBase@@UEAA@XZ
??H@YA?AVCHString@@AEBV0@0@Z
?GetLocalInstancePath@Provider@@IEAA_NPEBVCInstance@@AEAVCHString@@@Z
??H@YA?AVCHString@@PEBGAEBV0@@Z
??1CHPtrArray@@QEAA@XZ
??0CHPtrArray@@QEAA@XZ
?GetLength@CHString@@QEBAHXZ
?captainsLog@@3VProviderLog@@A
?LocalLogMessage@ProviderLog@@QEAAXPEBGHW4LogLevel@1@0ZZ
?LocalLogMessage@ProviderLog@@QEAAXPEBG0HW4LogLevel@1@@Z
??0CHString@@QEAA@PEBG@Z
??1CHString@@QEAA@XZ
??4CHString@@QEAAAEBV0@PEBG@Z
?GetBuffer@CHString@@QEAAPEAGH@Z
?ReleaseBuffer@CHString@@QEAAXH@Z
??0Provider@@QEAA@PEBG0@Z
??1Provider@@UEAA@XZ
??0CHString@@QEAA@XZ
??4CHString@@QEAAAEBV0@AEBV0@@Z
?s_strComputerName@Provider@@0VCHString@@A
?Compare@CHString@@QEBAHPEBG@Z
?Find@CHString@@QEBAHG@Z
??0CHString@@QEAA@AEBV0@@Z
??YCHString@@QEAAAEBV0@D@Z
??YCHString@@QEAAAEBV0@PEBG@Z
?GetCHString@CInstance@@QEBA_NPEBGAEAVCHString@@@Z
?IsEmpty@CHString@@QEBAHXZ
?Find@CHString@@QEBAHPEBG@Z
?Left@CHString@@QEBA?AV1@H@Z
?CompareNoCase@CHString@@QEBAHPEBG@Z
?Mid@CHString@@QEBA?AV1@H@Z
??YCHString@@QEAAAEBV0@AEBV0@@Z
??0CHStringArray@@QEAA@XZ
??1CHStringArray@@QEAA@XZ
?GetValuesForProp@CFrameworkQuery@@QEAAJPEBGAEAVCHStringArray@@@Z
?GetAt@CHStringArray@@QEBA?AVCHString@@H@Z
?CreateNewInstance@Provider@@IEAAPEAVCInstance@@PEAVMethodContext@@@Z
?Commit@CInstance@@QEAAJXZ
?SetDWORD@CInstance@@QEAA_NPEBGK@Z
?SetWBEMINT64@CInstance@@QEAA_NPEBG_K@Z
?SetWCHARSplat@CInstance@@QEAA_NPEBG0@Z
?GetWBEMINT64@CInstance@@QEBA_NPEBGAEA_J@Z
?GetStatus@CInstance@@QEBA_NPEBGAEA_NAEAG@Z
?IsPropertyRequired@CFrameworkQuery@@QEAA_NPEBG@Z
?Right@CHString@@QEBA?AV1@H@Z
?Empty@CHString@@QEAAXXZ
?Format@CHString@@QEAAXPEBGZZ
?Release@CInstance@@QEAAJXZ
?OnFinalRelease@CThreadBase@@MEAAXXZ
?ExecMethod@Provider@@MEAAJAEBVCInstance@@QEAGPEAV2@2J@Z
?GetObject@Provider@@MEAAJPEAVCInstance@@J@Z
?Flush@Provider@@MEAAXXZ
?ValidateEnumerationFlags@Provider@@MEAAJJ@Z
?ValidateGetObjFlags@Provider@@MEAAJJ@Z
?ValidateMethodFlags@Provider@@MEAAJJ@Z
?ValidateQueryFlags@Provider@@MEAAJJ@Z
?ValidateDeletionFlags@Provider@@MEAAJJ@Z
?ValidatePutInstanceFlags@Provider@@MEAAJJ@Z
??YCHString@@QEAAAEBV0@G@Z
?SetCHString@CInstance@@QEAA_NPEBGAEBVCHString@@@Z
?SetWBEMINT64@CInstance@@QEAA_NPEBG_J@Z
?Setbool@CInstance@@QEAA_NPEBG_N@Z
?Getbool@CInstance@@QEBA_NPEBGAEA_N@Z
?GetDWORD@CInstance@@QEBA_NPEBGAEAK@Z
?SetCHString@CInstance@@QEAA_NPEBG0@Z
?AddRef@CInstance@@QEAAJXZ
?DeleteInstance@Provider@@MEAAJAEBVCInstance@@J@Z
?Create@CWbemGlueFactory@@SAPEAV1@PEAJ@Z
?Destroy@CWbemGlueFactory@@QEAAXXZ
?FrameworkLogoffDLL@CWbemProviderGlue@@SAHPEBGPEAJ@Z
?FrameworkLoginDLL@CWbemProviderGlue@@SAHPEBGPEAJ@Z
?initFailed@Provider@@SAHXZ
?IsLoggingOn@ProviderLog@@QEAA?AW4LogLevel@1@PEAVCHString@@@Z
?GetMethodContext@CInstance@@QEBAPEAVMethodContext@@XZ
?GetVariant@CInstance@@QEBA_NPEBGAEAUtagVARIANT@@@Z
??ACHStringArray@@QEBA?AVCHString@@H@Z
?SetAt@CHString@@QEAAXHG@Z
?GetInstancesByQueryAsynch@CWbemProviderGlue@@SAJPEBGPEAVProvider@@P6AJ1PEAVCInstance@@PEAVMethodContext@@PEAX@Z034@Z
?GetInstancesByQuery@CWbemProviderGlue@@SAJPEBGPEAV?$TRefPointerCollection@VCInstance@@@@PEAVMethodContext@@0@Z
?Add@CHStringArray@@QEAAHPEBG@Z
?GetInstancePropertiesByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@AEAVCHStringArray@@@Z
?RemoveAll@CHStringArray@@QEAAXXZ
?RemoveAt@CHStringArray@@QEAAXHH@Z
?FindOneOf@CHString@@QEBAHPEBG@Z
?GetSize@CHPtrArray@@QEBAHXZ
?GetAt@CHPtrArray@@QEBAPEAXH@Z
?PutInstance@Provider@@MEAAJAEBVCInstance@@J@Z
?RemoveAll@CHPtrArray@@QEAAXXZ
??ACHPtrArray@@QEAAAEAPEAXH@Z
?Add@CHPtrArray@@QEAAHPEAX@Z
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 106KB - Virtual size: 105KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 906B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x64/wmipdskq.mof
-
tools/wmic/x64/wmipicmp.mof
-
tools/wmic/x64/wmipiprt.mof
-
tools/wmic/x64/wmipjobj.mof
-
tools/wmic/x64/wmiprov.dll.dll regsvr32 windows:6 windows x64 arch:x64
e281cb1f38114683879186bec26f2f97
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
wmiprov.pdb
Imports
msvcrt
iswspace
_vsnprintf
atol
sscanf
memcpy
_wtol
memmove_s
_wtoi
wcsrchr
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
memcpy_s
wcstok
wcschr
_wtoi64
_wcstoui64
__CxxFrameHandler3
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UEAA@XZ
__C_specific_handler
_amsg_exit
_initterm
_XcptFilter
_callnewh
malloc
_CxxThrowException
free
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
_vsnwprintf
_purecall
_wcsicmp
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
memset
ntdll
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
EtwTraceMessage
RtlFreeSid
RtlEqualSid
advapi32
RegOpenKeyExW
RegCloseKey
WmiQuerySingleInstanceMultipleW
WmiQueryAllDataMultipleW
WmiNotificationRegistrationW
WmiSetSingleItemW
WmiQuerySingleInstanceW
WmiExecuteMethodW
WmiOpenBlock
WmiQueryGuidInformation
WmiSetSingleInstanceW
WmiQueryAllDataW
ImpersonateSelf
WmiCloseBlock
LookupPrivilegeNameW
WmiMofEnumerateResourcesW
WmiFreeBuffer
RegDeleteKeyExW
RegSetValueExW
RegCreateKeyExW
GetNamedSecurityInfoW
SetThreadToken
OpenThreadToken
RevertToSelf
GetTokenInformation
wbemcomn
?Empty@CFlexArray@@QEAAXXZ
?SetDMTF@CWbemTime@@QEAAHPEBG@Z
?_ThrowMemoryException_@@YAXXZ
?GetMemLogObject@@YAPEAVCMemoryLog@@XZ
?Write@CMemoryLog@@QEAAXJ@Z
?LoggingLevelEnabled@@YAHK@Z
??0CWStringArray@@QEAA@HH@Z
??1CWStringArray@@QEAA@XZ
?Add@CWStringArray@@QEAAHPEBG@Z
?RemoveAt@CWStringArray@@QEAAHH@Z
?InsertAt@CFlexArray@@QEAAHHPEAX@Z
?GetAt@CFlexArray@@QEBAPEAXH@Z
?RemoveAt@CFlexArray@@QEAAHH@Z
??ACFlexArray@@QEAAAEAPEAXH@Z
?Dequeue@CFlexQueue@@QEAAPEAXXZ
?ResetQueue@CFlexQueue@@QEAAXXZ
?Enqueue@CFlexQueue@@QEAA_NPEAX@Z
??1CFlexQueue@@QEAA@XZ
??0CFlexQueue@@QEAA@H@Z
??0CFlexArray@@QEAA@HH@Z
??1CFlexArray@@QEAA@XZ
?DebugTrace@@YAHDPEBDZZ
?ErrorTrace@@YAHDPEBDZZ
?FindStr@CWStringArray@@QEAAHPEBGH@Z
?Mrci1Decompress@CBaseMrciCompression@@QEAAIPEAEI0I@Z
??ACFlexArray@@QEBAPEAXH@Z
?BreakOnDbgAndRenterLoop@@YAKXZ
kernel32
RegQueryInfoKeyW
GetVersionExA
RegQueryValueExW
GetStringTypeExW
LoadResource
QueryPerformanceFrequency
lstrcmpW
GetVersionExW
WideCharToMultiByte
FileTimeToLocalFileTime
GetWindowsDirectoryW
GetFileTime
RegEnumValueW
LockResource
RegDeleteValueW
lstrlenW
CreateFileW
SizeofResource
RaiseException
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
CloseHandle
GetCurrentThread
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LocalFree
Sleep
DisableThreadLibraryCalls
GetModuleFileNameW
GetLastError
GetProcessHeap
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
FreeLibrary
GetProcAddress
LoadLibraryExA
DelayLoadFailureHook
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LCMapStringW
SetLastError
LoadLibraryW
GetFullPathNameW
FreeResource
FindResourceExW
FindResourceW
GetSystemDirectoryW
LoadLibraryExW
OutputDebugStringA
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 205KB - Virtual size: 204KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 976B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x64/wmipsess.mof
-
tools/wmic/x64/wmitimep.dll.dll regsvr32 windows:6 windows x64 arch:x64
1afd8f94698c22b4379ee20c9b614025
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
wmitimep.pdb
Imports
msvcrt
iswspace
_vsnprintf
atol
sscanf
__CxxFrameHandler3
memset
memcpy
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UEAA@XZ
_CxxThrowException
?terminate@@YAXXZ
__C_specific_handler
_amsg_exit
free
_initterm
malloc
_XcptFilter
_vsnwprintf
_purecall
wbemcomn
??1CStaticCritSec@@QEAA@XZ
??0CStaticCritSec@@QEAA@XZ
??0CCritSec@@QEAA@XZ
??1CCritSec@@QEAA@XZ
??0CInCritSec@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
??1CInCritSec@@QEAA@XZ
?anyFailure@CStaticCritSec@@SAHXZ
??1CTimerInstruction@@UEAA@XZ
?MarkForRemoval@CTimerInstruction@@UEAAJXZ
??0CIdentityTest@@QEAA@PEAVCTimerInstruction@@@Z
??1CIdentityTest@@QEAA@XZ
?GetMemLogObject@@YAPEAVCMemoryLog@@XZ
?Write@CMemoryLog@@QEAAXJ@Z
??1CTimerGenerator@@UEAA@XZ
??0CTimerGenerator@@QEAA@XZ
?Set@CTimerGenerator@@QEAAJPEAVCTimerInstruction@@VCWbemTime@@@Z
?Remove@CTimerGenerator@@QEAAJPEAVCInstructionTest@@@Z
??1QL_LEVEL_1_RPN_EXPRESSION@@QEAA@XZ
?Parse@QL1_Parser@@QEAAHPEAPEAUQL_LEVEL_1_RPN_EXPRESSION@@@Z
?InternalRelease@CUnkInternal@@QEAAKXZ
??1QL1_Parser@@UEAA@XZ
??0QL1_Parser@@QEAA@PEAVCGenLexSource@@@Z
??_7CTimerInstruction@@6B@
??0CUnkInternal@@QEAA@PEAVCLifeControl@@@Z
??1CUnkInternal@@UEAA@XZ
?QueryInterface@CUnkInternal@@UEAAJAEBU_GUID@@PEAPEAX@Z
?AddRef@CUnkInternal@@UEAAKXZ
?Release@CUnkInternal@@UEAAKXZ
??_7CUnkInternal@@6B@
?Add@CFlexArray@@QEAAHPEAX@Z
??ACFlexArray@@QEAAAEAPEAXH@Z
??0QL_LEVEL_1_TOKEN@@QEAA@AEBU0@@Z
??1QL_LEVEL_1_TOKEN@@QEAA@XZ
?Empty@CFlexArray@@QEAAXXZ
?SetAt@CFlexArray@@QEAAXHPEAX@Z
??1CFlexArray@@QEAA@XZ
??0CFlexArray@@QEAA@HH@Z
?GetAt@CFlexArray@@QEBAPEAXH@Z
?GetStringAt@CPropertyName@@QEBAPEBGJ@Z
?WbemHeapInitialize@CWin32DefaultArena@@SAHPEAX@Z
?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z
?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z
kernel32
GetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FileTimeToSystemTime
SystemTimeToFileTime
LCMapStringW
GetProcessHeap
InitializeCriticalSection
GetModuleHandleW
WaitForSingleObject
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetLocalTime
GetSystemTime
CreateThread
DebugBreak
lstrlenW
GetVersion
GetProcAddress
LoadLibraryExW
GetModuleFileNameW
DisableThreadLibraryCalls
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
HeapAlloc
SetLastError
HeapFree
HeapReAlloc
RtlCaptureContext
ole32
StringFromGUID2
CoInitialize
oleaut32
VariantClear
SysAllocString
VariantChangeType
VariantInit
user32
GetMessageW
DefWindowProcW
RegisterClassW
CreateWindowExW
ShowWindow
DestroyWindow
UnregisterClassW
PostMessageW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 47KB - Virtual size: 46KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 984B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 394B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
tools/wmic/x64/wmitimep.mof
-
tools/wmic/x64/wmiutils.dll.dll regsvr32 windows:6 windows x64 arch:x64
a9980cb99beb4a5757d758d8d8e2d5df
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
wmiutils.pdb
Imports
msvcrt
_CxxThrowException
memset
memcpy
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UEAA@XZ
__C_specific_handler
_amsg_exit
free
_initterm
malloc
_XcptFilter
__CxxFrameHandler
printf
_purecall
swscanf
iswspace
wcschr
_ui64tow
_i64tow
sscanf
wcstombs
_wtoi64
_vsnwprintf
wbemcomn
?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z
?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z
?Add@CWStringArray@@QEAAHPEBG@Z
?ReadUI64@@YAHPEBGAEFA_K@Z
?ReadI64@@YAHPEBGAEFA_J@Z
?Empty@CWStringArray@@QEAAXXZ
??1CWStringArray@@QEAA@XZ
??0CWStringArray@@QEAA@HH@Z
??1CStaticCritSec@@QEAA@XZ
??0CStaticCritSec@@QEAA@XZ
?GetAt@CFlexArray@@QEBAPEAXH@Z
?Empty@CFlexArray@@QEAAXXZ
?RemoveAt@CFlexArray@@QEAAHH@Z
??ACFlexArray@@QEAAAEAPEAXH@Z
??1CFlexArray@@QEAA@XZ
??0CFlexArray@@QEAA@HH@Z
?InsertAt@CFlexArray@@QEAAHHPEAX@Z
?BreakOnDbgAndRenterLoop@@YAKXZ
?anyFailure@CStaticCritSec@@SAHXZ
kernel32
GetProcAddress
FreeLibrary
GetLastError
LocalFree
FormatMessageW
InitializeCriticalSection
LCMapStringW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetModuleFileNameW
lstrlenW
DisableThreadLibraryCalls
DelayLoadFailureHook
VirtualProtect
Sleep
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapAlloc
GetProcessHeap
SetLastError
HeapFree
HeapReAlloc
LoadLibraryExA
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 84KB - Virtual size: 83KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 33KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 432B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ