CompiledLuau[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

CompiledLuau.zip
Size

43.5MB
MD5

3926be0673c333b949d3bc7dcb0aaf3d
SHA1

e9d07d50e0ef16f9f92adb6d62aedcee5efc450a
SHA256

8c09a0dc586531b190c1369a090a3fe2bd9e72cd5dbe25fedde1474dd1517012
SHA512

394a8a57d5b84696b6a3cf85e9fdf34553f36a9f5b35df8d8b2d290ec443eb38176434de5a6c864a6697a6db8941927c9ff175219a0a6b1b9409918c1c9f023d
SSDEEP

786432:STYd9hnj4Flxv0/Z2P/1LBSU9JP5ZhxUYt/iYS7pRoQmw/IbE4wD05MSaHi:STEj4/h0/Z2P/1LBt5ZhOIiBRo9w/eEM

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/CompiledLuau/CompiledLuau.exe	pyinstaller

Unsigned PE 17 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CompiledLuau/Bridge Connector/Anti_CE_Detection.dll
unpack001/CompiledLuau/Bridge Connector/Byfron_Remote_Access.dll
unpack001/CompiledLuau/Bridge Connector/Debugger_Connector.dll
unpack001/CompiledLuau/Bridge Connector/Disable_Roblox_TPTool_Detection.dll
unpack001/CompiledLuau/Bridge Connector/variables.dll
unpack001/CompiledLuau/CompiledLuau.exe
unpack001/CompiledLuau/Misc/Byfron Monitoring/Byfron.Bridge.Builder.dll
unpack001/CompiledLuau/Misc/Byfron Monitoring/Byfron_Debugger_Disabler.dll
unpack001/CompiledLuau/Misc/Byfron Monitoring/PipeFinder.dll
unpack001/CompiledLuau/Misc/Byfron Monitoring/renamer.dll
unpack001/CompiledLuau/Misc/Dumpers/Byfron_Bridge_Builder.dll
unpack001/CompiledLuau/Misc/Dumpers/Dumper.dll
unpack001/CompiledLuau/Misc/Dumpers/Dumper_Offset.dll
unpack001/CompiledLuau/Misc/Dumpers/Dumper_X.dll
unpack001/CompiledLuau/Misc/Dumpers/Dumper_nil.dll
unpack001/CompiledLuau/Misc/Dumpers/Stool_Dumped.dll
unpack001/CompiledLuau/Workspace/power.dll

Files

CompiledLuau.zip
.zip
CompiledLuau/Bridge Connector/Anti_CE_Detection.dll
.dll windows:10 windows x64 arch:x64

b3c3fe0db9b591deca779096f71306ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

DesktopView.Internal.Broker.pdb

Imports

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_free
_o_malloc
__C_specific_handler
_CxxThrowException
__std_type_info_compare
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o__crt_atexit
_o__callnewh
_o__configure_narrow_argv
_o___stdio_common_vsnprintf_s
__std_terminate
__CxxFrameHandler4
__CxxFrameHandler3
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

coremessaging

CoreUICreate
CoreUICallSend
CoreUICallReceive
CoreUICallCreateEndpointHost

ext-ms-win-resourcemanager-gamemode-l1-2-0

RmGameModeInitializeResourceRequest
RmGameModeGetLargestValidResourceRequest
RmGameModeRegisterProcess

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
ResetEvent
SetEvent
CreateEventW
TryAcquireSRWLockShared
InitializeSRWLock
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentThread
OpenThreadToken
OpenProcessToken
GetCurrentProcessId
GetCurrentProcess
CreateThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoGetCallContext
CoRevertToSelf
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoImpersonateClient

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsCreateString
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-rtcore-ntuser-window-l1-1-0

GetAncestor

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFamilyName

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics
GetMonitorInfoW

dxgi

CreateDXGIFactory1

d3d11

D3D11CreateDevice

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CompiledLuau/Bridge Connector/Byfron_Remote_Access.dll
.dll regsvr32 windows:10 windows x64 arch:x64

2a3bd753060cbe356d161e60bb9d1bae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Analog.Shell.Broker.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcstoui64
_o_abort
_o_free
_o_iswspace
_o_malloc
_o_realloc
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
wcsrchr
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsspn
memset

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-processthreads-l1-1-0

ProcessIdToSessionId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
OpenThreadToken
CreateThread
OpenThread
SuspendThread
GetCurrentThread
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

rpcrt4

NdrDllCanUnloadNow
NdrDllGetClassObject
NdrDllRegisterProxy
NdrOleAllocate
NdrDllUnregisterProxy
NdrOleFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
DisableThreadLibraryCalls
GetModuleHandleW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoTransformError
RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-1-0

SetEvent
InitializeSRWLock
DeleteCriticalSection
CreateMutexExW
CreateEventExW
CreateSemaphoreExW
EnterCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
OpenSemaphoreW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObjectEx
WaitForSingleObject
ReleaseMutex

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserUnmarshal64
HSTRING_UserMarshal64
HSTRING_UserFree
HSTRING_UserSize64
HSTRING_UserFree64
HSTRING_UserMarshal
HSTRING_UserSize
WindowsDuplicateString
WindowsCreateString
WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
HSTRING_UserUnmarshal

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoTaskMemAlloc
CoImpersonateClient
CoRevertToSelf

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

GetThreadContext
OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-security-base-l1-1-0

GetAce
EqualSid
AllocateAndInitializeSid
IsValidSid
GetLengthSid
CopySid
GetTokenInformation
AdjustTokenPrivileges

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-security-provider-l1-1-0

SetNamedSecurityInfoW
SetEntriesInAclW
GetNamedSecurityInfoW

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW
LookupPrivilegeValueW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-core-file-l1-1-0

GetDiskFreeSpaceExW

api-ms-win-core-psapi-l1-1-0

K32GetPerformanceInfo

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

api-ms-win-power-setting-l1-1-0

PowerWriteACValueIndex
PowerSetActiveScheme
PowerWriteDCValueIndex
PowerGetActiveScheme

powrprof

PowerReadACValueIndex

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-ro-typeresolution-l1-1-1

RoCreatePropertySetSerializer

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

ntdll

RtlIsMultiSessionSku

api-ms-win-appmodel-runtime-l1-1-0

GetApplicationUserModelId

coremessaging

MsgRelease
MsgBufferShare
CoreUICreate

api-ms-win-ntuser-sysparams-l1-1-0

SystemParametersInfoW
GetSystemMetrics

coreuicomponents

CoreUIFactoryCreate

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryValueW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

oleaut32

GetErrorInfo
SysAllocString
SysStringLen
SysFreeString
SetErrorInfo

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CompiledLuau/Bridge Connector/Debugger_Connector.dll
.dll windows:10 windows x64 arch:x64

02cac0cc92703bf6e6f4e392d229432e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.Media.MixedRealityCapture.pdb

Imports

msvcrt

sqrt
??3@YAXPEAX@Z
??1exception@@UEAA@XZ
sinf
memcpy_s
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
_purecall
_XcptFilter
_amsg_exit
free
memmove_s
??_V@YAXPEAX@Z
_aligned_free
_aligned_malloc
malloc
_initterm
__C_specific_handler
?terminate@@YAXXZ
_lock
sin
_unlock
__dllonexit
__CxxFrameHandler4
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
printf
qsort
sqrtf
__CxxFrameHandler3
??1type_info@@UEAA@XZ
_vsnwprintf
_onexit
acosf
atan
atan2
atan2f
atanf
ceil
cos
cosf
exp
expf
floorf
logf
memcmp
memset
powf
tanf

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleHandleExW
GetProcAddress

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
CreateSemaphoreExW
InitializeCriticalSectionEx
ReleaseSRWLockShared
ReleaseSemaphore
DeleteCriticalSection
AcquireSRWLockExclusive
EnterCriticalSection
ReleaseSRWLockExclusive
LeaveCriticalSection
WaitForSingleObject
ReleaseMutex
OpenSemaphoreW
ResetEvent
SetEvent
CreateEventW
InitializeSRWLock
CreateMutexExW
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsCreateString
WindowsCreateStringReference
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventWriteTransfer
EventRegister
EventActivityIdControl

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep
InitOnceExecuteOnce

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetTickCount

mfplat

MFCopyImage
MFCancelWorkItem
MFCreateStreamDescriptor
MFGetSystemTime
MFPutWaitingWorkItem
MFCreateAsyncResult
MFScheduleWorkItem
MFCreatePresentationDescriptor
MFCreateMediaEvent
MFCreateEventQueue
MFCreateMediaType
MFCreateVideoSampleAllocatorEx
MFllMulDiv
MFCreateDXGIDeviceManager
MFCreateWaveFormatExFromMFMediaType
MFGetStrideForBitmapInfoHeader
MFCalculateImageSize
MFCreateAttributes

d3d11

D3D11CreateDevice

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolWait
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CloseThreadpool
SetThreadpoolTimer
CreateThreadpool
CreateThreadpoolWait

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegGetValueW
RegCloseKey
RegOpenKeyExW

ntdll

RtlGetPersistedStateLocation
RtlIsStateSeparationEnabled

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 568KB - Virtual size: 566KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 348KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CompiledLuau/Bridge Connector/Disable_Roblox_TPTool_Detection.dll
.dll windows:10 windows x64 arch:x64

9d2d9f457f9f604954c9d57185592c58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

VirtualMonitorManager.pdb

Imports

msvcp_win

_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ

api-ms-win-crt-string-l1-1-0

wcsnlen
memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_abort
_o_free
_o_iswspace
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
__std_terminate
__CxxFrameHandler4
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleW
GetProcAddress
GetModuleFileNameA
FreeLibrary
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
ResetEvent
CreateEventW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeCriticalSectionAndSpinCount
ReleaseMutex
SetEvent
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
CreateEventExW
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-devices-config-l1-1-1

CM_Unregister_Notification
CM_Register_Notification
CM_MapCrToWin32Err
CM_Get_Device_Interface_PropertyW
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW

api-ms-win-devices-swdevice-l1-1-0

SwDeviceClose

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-devices-query-l1-1-0

DevGetObjectProperties
DevFreeObjectProperties

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

oleaut32

SysAllocString
SetErrorInfo
SysFreeString
GetErrorInfo
SysStringLen

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

CreateVirtualMonitorManager

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CompiledLuau/Bridge Connector/variables.dll
.dll windows:10 windows x64 arch:x64

8b0154589b85047c3e8f2e0922362781

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WebcamUi.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__seh_filter_dll
_o__wcsicmp
_o_calloc
memmove
_o_free
_o_malloc
_o_memcpy_s
_o_qsort
_o_rand_s
_o_realloc
_o_srand
_o_strncpy_s
_o_wmemcpy_s
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__register_onexit_function
_o__recalloc
_o__purecall
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
wcsrchr
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscspn
strnlen

gdi32

GetObjectW
StretchDIBits
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
GdiAlphaBlend
DeleteDC
GetStockObject
CreatePen
Rectangle
CreateDIBSection
DeleteObject

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
WinSqmIsOptedIn
WinSqmAddToStreamEx
WinSqmIncrementDWORD

kernel32

GetProcessId
TlsGetValue
TlsSetValue
FreeLibrary
GetModuleHandleExA
ResolveDelayLoadedAPI
DelayLoadFailureHook
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
lstrcmpW
GetTickCount64
GetTempPath2W
CreateEventExW
SubmitThreadpoolWork
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork
GetCurrentThread
SetThreadPriority
GlobalAlloc
GlobalUnlock
GlobalSize
GlobalLock
SetEvent
ResetEvent
WaitForSingleObject
CloseHandle
CreateEventW
DeleteFileW
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateMutexExW
CompareStringOrdinal
GetProcAddress
DebugBreak
GetModuleFileNameA
GetModuleHandleExW
FormatMessageW
HeapAlloc
HeapFree
GetProcessHeap
LocalAlloc
LocalReAlloc
LocalFree
FindResourceExW
LoadResource
LockResource
SizeofResource
GetLocaleInfoEx
GetUserPreferredUILanguages
RaiseException
GetLastError
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
InitializeSRWLock
AcquireSRWLockShared
ReleaseSRWLockShared
EncodePointer
InitOnceExecuteOnce
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DecodePointer
HeapSize
HeapReAlloc
HeapDestroy
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
SetLastError
CreateSemaphoreExW
OutputDebugStringW
GetDurationFormatEx

ole32

CreateStreamOnHGlobal
CoGetApartmentType
CoWaitForMultipleHandles
CoReleaseMarshalData
RoGetAgileReference
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
GetHGlobalFromStream
StringFromGUID2
StringFromCLSID
IIDFromString
HWND_UserUnmarshal
HWND_UserFree
HWND_UserFree64
HWND_UserSize64
HWND_UserSize
HWND_UserMarshal
HWND_UserMarshal64
HWND_UserUnmarshal64
PropVariantClear

rpcrt4

NdrDllGetClassObject
NdrDllCanUnloadNow
NdrOleFree
NdrOleAllocate

shell32

SHCreateItemFromParsingName

shlwapi

ord16
ord219
PathFindFileNameW
ord12
PathCombineW
SHStrDupW
SHCreateStreamOnFileW

api-ms-win-shcore-scaling-l1-1-1

ord244

user32

IsRectEmpty
LoadCursorW
KillTimer
SetTimer
SetWindowPos
SetFocus
GetKeyState
OffsetRect
DestroyWindow
IsWindow
PostMessageW
SendMessageW
GetMonitorInfoW
MonitorFromWindow
LoadStringW
GetWindowRect
UnregisterClassA
CopyRect
SetRect
PtInRect
GetCursorPos
SetCursorPos
GetAncestor
DefWindowProcW
RegisterClassExW
IsWindowVisible
GetDC
ReleaseDC
SetWindowCompositionAttribute
GetWindow
GetPropW
EnumWindows
RemovePropW
SetPropW
CreateWindowExW

dui70

?BackgroundProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
??0DUIFactory@DirectUI@@QEAA@PEAUHWND__@@@Z
??1DUIFactory@DirectUI@@QEAA@XZ
?LoadFromResource@DUIFactory@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG1PEAVElement@2@PEAKPEAPEAV42@1@Z
StrToID
?DestroyAll@Element@DirectUI@@QEAAJ_N@Z
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?SetToggleValue@TouchSwitch@DirectUI@@QEAAXH@Z
?GetSelectionIndex@TouchSelect@DirectUI@@QEAAHXZ
?GetSelection@TouchSelect@DirectUI@@QEAAPEAVElement@2@XZ
?RemoveAll@TouchSelect@DirectUI@@QEAAXXZ
?OnMessage@NativeHWNDHost@DirectUI@@UEAAJI_K_JPEA_J@Z
?Initialize@NativeHWNDHost@DirectUI@@QEAAJPEBG0PEAUHWND__@@PEAUHICON__@@HHHHHHPEAUHINSTANCE__@@I@Z
DUIStopPVLAnimation
DuiCreateObject
?SetPressed@TouchButton@DirectUI@@QEAAJ_N@Z
?GetClassInfoPtr@ModernProgressBar@DirectUI@@SAPEAUIClassInfo@2@XZ
?SetPosition@ModernProgressBar@DirectUI@@QEAAJH@Z
?GetClassInfoPtr@ModernProgressRing@DirectUI@@SAPEAUIClassInfo@2@XZ
?RemoveListener@Element@DirectUI@@QEAAXPEAUIElementListener@2@@Z
?TriggeredAnimationComplete@PVLAnimation@DirectUI@@SA?AVUID@@XZ
?_OnUIStateChanged@TouchHWNDElement@DirectUI@@MEAAXGG@Z
?GetWindowClassNameAndStyle@HWNDElement@DirectUI@@UEAAXPEAPEBGPEAI@Z
?IsMSAAEnabled@TouchHWNDElement@DirectUI@@UEAA_NXZ
?CanSetFocus@HWNDElement@DirectUI@@UEAA_NXZ
?OnCompositionChanged@HWNDElement@DirectUI@@UEAAXXZ
?OnWmSettingChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnWmThemeChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnGetDlgCode@HWNDElement@DirectUI@@UEAAXPEAUtagMSG@@PEA_J@Z
?OnNoChildWithShortcutFound@HWNDElement@DirectUI@@UEAAXPEAUKeyboardEvent@2@@Z
?OnImmersiveColorSchemeChanged@HWNDElement@DirectUI@@UEAAXXZ
?OnThemeChanged@HWNDElement@DirectUI@@UEAAXPEAUThemeChangedEvent@2@@Z
?GetAccessibleImpl@HWNDElement@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?GetClassInfoW@TouchHWNDElement@DirectUI@@UEAAPEAUIClassInfo@2@XZ
?RemoveTooltip@TouchHWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?ActivateTooltip@TouchHWNDElement@DirectUI@@UEAAXPEAVElement@2@K@Z
?UpdateTooltip@TouchHWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?MessageCallback@TouchHWNDElement@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?OnDestroy@TouchHWNDElement@DirectUI@@UEAAXXZ
?OnKeyFocusMoved@TouchHWNDElement@DirectUI@@UEAAXPEAVElement@2@0@Z
?OnInput@TouchHWNDElement@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnGroupChanged@HWNDElement@DirectUI@@UEAAXH_N@Z
?OnPropertyChanged@TouchHWNDElement@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
??1TouchHWNDElement@DirectUI@@UEAA@XZ
??0TouchHWNDElement@DirectUI@@QEAA@XZ
?OnEvent@TouchHWNDElement@DirectUI@@UEAAXPEAUEvent@2@@Z
?ScaleChanged@TouchHWNDElement@DirectUI@@SA?AVUID@@XZ
?ThemeChange@HWNDElement@DirectUI@@SA?AVUID@@XZ
?WndProc@TouchHWNDElement@DirectUI@@UEAA_JPEAUHWND__@@I_K_J@Z
?GetParser@DUIFactory@DirectUI@@QEAAPEAVDUIXmlParser@2@XZ
?SetParseErrorCallback@DUIXmlParser@DirectUI@@QEAAXP6AXPEBG0HPEAX@Z1@Z
?CreateParser@DUIFactory@DirectUI@@QEAAJXZ
?GetHWND@HWNDElement@DirectUI@@UEAAPEAUHWND__@@XZ
?Initialize@TouchHWNDElement@DirectUI@@QEAAJPEAUHWND__@@_NIPEAVElement@2@PEAK@Z
?FireRightClickEvent@TouchButton@DirectUI@@UEAAXIPEAUtagPOINT@@@Z
?FireClickEvent@TouchButton@DirectUI@@UEAAXIIW4ClickDevice@12@PEAUtagPOINT@@@Z
?GetForegroundColorRef@TouchButton@DirectUI@@UEAAJPEAK@Z
?DefaultAction@TouchButton@DirectUI@@UEAAJXZ
?OnUnHosted@TouchButton@DirectUI@@UEAAXPEAVElement@2@@Z
?OnHosted@TouchButton@DirectUI@@UEAAXPEAVElement@2@@Z
?GetImmersiveFocusRectOffsets@TouchButton@DirectUI@@UEAAXPEAUtagRECT@@@Z
?GetContentSize@RichText@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@RichText@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnEvent@TouchButton@DirectUI@@UEAAXPEAUEvent@2@@Z
?OnInput@TouchButton@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?Register@TouchButton@DirectUI@@SAJXZ
?SetTooltip@Element@DirectUI@@QEAAJ_N@Z
?HeightProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?SetFont@Element@DirectUI@@QEAAJPEBG@Z
?AccDescProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?ForegroundProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?IsEqual@Value@DirectUI@@QEAA_NPEAV12@@Z
?AccValueProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?SetFontSizeRuns@RichText@DirectUI@@QEAAJPEBG@Z
?SetFontColorRuns@RichText@DirectUI@@QEAAJPEBG@Z
?GetPressed@TouchButton@DirectUI@@QEAA_NXZ
?GetString@Value@DirectUI@@QEAAPEBGXZ
?OnPropertyChanged@TouchButton@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?EnabledProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?PressedProp@TouchButton@DirectUI@@SAPEBUPropertyInfo@2@XZ
?SetContentAlign@Element@DirectUI@@QEAAJH@Z
?GetContentAlign@Element@DirectUI@@QEAAHXZ
?KeyWithinProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?Initialize@TouchButton@DirectUI@@QEAAJIPEAVElement@2@PEAK@Z
??1TouchButton@DirectUI@@UEAA@XZ
??0TouchButton@DirectUI@@QEAA@XZ
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
?GetBoolTrue@Value@DirectUI@@SAPEAV12@XZ
?GetIntMinusOne@Value@DirectUI@@SAPEAV12@XZ
?GetStringNull@Value@DirectUI@@SAPEAV12@XZ
?_Fill@Element@DirectUI@@IEAAXPEAUHDC__@@KHHHH_N@Z
?GetRect@Value@DirectUI@@QEAAPEBUtagRECT@@XZ
?PaddingProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@P6APEBUPropertyInfo@2@XZHPEAUUpdateCache@2@@Z
?HasPadding@Element@DirectUI@@QEAA_NXZ
?GetBoolFalse@Value@DirectUI@@SAPEAV12@XZ
?GetColorTrans@Value@DirectUI@@SAPEAV12@XZ
ARGBColorFromEnumI
?GetFill@Value@DirectUI@@QEAAPEBUFill@2@XZ
?SetCursorHandle@Element@DirectUI@@QEAAJPEAUHICON__@@@Z
?MouseWithinProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?GetIntZero@Value@DirectUI@@SAPEAV12@XZ
?GetInt@Value@DirectUI@@QEAAHXZ
?GetY@Element@DirectUI@@QEAAHXZ
?GetX@Element@DirectUI@@QEAAHXZ
?GetLocation@Element@DirectUI@@QEAAPEBUtagPOINT@@PEAPEAVValue@2@@Z
?GetActive@Element@DirectUI@@QEAAHXZ
?GetClassInfoPtr@Viewer@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@TouchButton@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetVisible@Element@DirectUI@@QEAA_NXZ
?SetY@Element@DirectUI@@QEAAJH@Z
?SetX@Element@DirectUI@@QEAAJH@Z
?Add@Element@DirectUI@@QEAAJPEAV12@@Z
?SetActive@Element@DirectUI@@QEAAJH@Z
?SetSuppressSetContact@TouchScrollViewer@DirectUI@@QEAAJ_N@Z
?SetHeight@Element@DirectUI@@QEAAJH@Z
?SetWidth@Element@DirectUI@@QEAAJH@Z
?SetMargin@Element@DirectUI@@QEAAJHHHH@Z
?SetXOffset@BaseScrollViewer@DirectUI@@QEAAJH@Z
?ReleaseSnapshot@TouchScrollViewer@DirectUI@@SA?AVUID@@XZ
?SnapshotTransformElement@TouchScrollViewer@DirectUI@@SA?AVUID@@XZ
?GetHeight@Element@DirectUI@@QEAAHXZ
?GetWidth@Element@DirectUI@@QEAAHXZ
?GetKeyWithin@Element@DirectUI@@QEAA_NXZ
?GetMouseWithin@Element@DirectUI@@QEAA_NXZ
?OnEvent@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?GetID@Element@DirectUI@@QEAAGXZ
?MultipleClick@TouchButton@DirectUI@@SA?AVUID@@XZ
?SemanticChange@TouchScrollViewer@DirectUI@@SA?AVUID@@XZ
?ManipulationCompleted@TouchScrollViewer@DirectUI@@SA?AVUID@@XZ
?SetSnapMode@TouchScrollViewer@DirectUI@@QEAAJH@Z
?GetSnapMode@TouchScrollViewer@DirectUI@@QEAAHXZ
?GetVisibleRect@TouchScrollViewer@DirectUI@@QEAAXPEAUtagRECT@@@Z
?ManipulationDelta@TouchScrollViewer@DirectUI@@SA?AVUID@@XZ
?ManipulationStarted@TouchScrollViewer@DirectUI@@SA?AVUID@@XZ
?ManipulationStarting@TouchScrollViewer@DirectUI@@SA?AVUID@@XZ
?GetXOffset@BaseScrollViewer@DirectUI@@QEAAHXZ
?Scroll@BaseScrollBar@DirectUI@@SA?AVUID@@XZ
?VisibleProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?SetSnapIntervalX@TouchScrollViewer@DirectUI@@QEAAJM@Z
?ZoomToRect@TouchScrollViewer@DirectUI@@QEAAJPEBUtagRECT@@_N@Z
?UpdateContentSize@TouchScrollViewer@DirectUI@@SA?AVUID@@XZ
?ExtentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?GetChildren@Element@DirectUI@@QEAAPEAV?$DynamicArray@PEAVElement@DirectUI@@$0A@@2@PEAPEAVValue@2@@Z
?NewChildElementsAdded@TouchScrollViewer@DirectUI@@QEAAXXZ
?Remove@Element@DirectUI@@QEAAJPEAV12@@Z
?Insert@Element@DirectUI@@QEAAJPEAV12@I@Z
?StartDefer@Element@DirectUI@@QEAAXPEAK@Z
?GetParent@Element@DirectUI@@QEAAPEAV12@XZ
?SetDirection@Element@DirectUI@@QEAAJH@Z
?SetManipulationVerticalAlignment@TouchScrollViewer@DirectUI@@QEAAJH@Z
?AddListener@Element@DirectUI@@QEAAJPEAUIElementListener@2@@Z
?IsFirstElement@HWNDElement@DirectUI@@QEAA_NPEAVElement@2@@Z
?IsLastElement@HWNDElement@DirectUI@@QEAA_NPEAVElement@2@@Z
?GetEnabled@Element@DirectUI@@QEAA_NXZ
?GetKeyFocusedElement@HWNDElement@DirectUI@@SAPEAVElement@2@XZ
?GetElement@NativeHWNDHost@DirectUI@@QEAAPEAVElement@2@XZ
?ToggleUIState@HWNDElement@DirectUI@@QEAAX_N0@Z
?FireEvent@Element@DirectUI@@QEAAXPEAUEvent@2@_N1@Z
?KeyboardNavigate@Element@DirectUI@@SA?AVUID@@XZ
?CreateHostWindow@NativeHWNDHost@DirectUI@@UEAAPEAUHWND__@@KPEBG0KHHHHPEAU3@PEAUHMENU__@@PEAUHINSTANCE__@@PEAX@Z
??1NativeHWNDHost@DirectUI@@UEAA@XZ
??0NativeHWNDHost@DirectUI@@QEAA@XZ
?Destroy@NativeHWNDHost@DirectUI@@QEAAXXZ
?GetClassInfoW@Element@DirectUI@@UEAAPEAUIClassInfo@2@XZ
?EndDefer@Element@DirectUI@@QEAAXK@Z
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?SetAccessible@Element@DirectUI@@QEAAJ_N@Z
?Host@NativeHWNDHost@DirectUI@@QEAAXPEAVElement@2@@Z
?SetWrapKeyboardNavigate@HWNDElement@DirectUI@@QEAAJ_N@Z
?ShowWindow@NativeHWNDHost@DirectUI@@QEAAXH@Z
RegisterPVLBehaviorFactory
?BroadcastEvent@Element@DirectUI@@QEAAXPEAUEvent@2@@Z
?GetHWND@NativeHWNDHost@DirectUI@@QEAAPEAUHWND__@@XZ
?Destroy@Layout@DirectUI@@QEAAXXZ
?SetLayout@Element@DirectUI@@QEAAJPEAVLayout@2@@Z
?Create@FillLayout@DirectUI@@SAJPEAPEAVLayout@2@@Z
?DestroyWindow@NativeHWNDHost@DirectUI@@QEAAXXZ
?GetDisplayNode@Element@DirectUI@@QEAAPEAUHGADGET__@@XZ
?GetBool@Value@DirectUI@@QEAA_NXZ
?GetSize@Value@DirectUI@@QEAAPEBUtagSIZE@@XZ
?GetExtent@Element@DirectUI@@QEAAPEBUtagSIZE@@PEAPEAVValue@2@@Z
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
?CustomProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?CreateBool@Value@DirectUI@@SAPEAV12@_N@Z
?CreateInt@Value@DirectUI@@SAPEAV12@HW4DynamicScaleValue@@@Z
?MapElementPoint@Element@DirectUI@@QEAAXPEAV12@PEBUtagPOINT@@PEAU3@@Z
?RemoveLocalValue@Element@DirectUI@@QEAAJPEBUPropertyInfo@2@@Z
?GetImage@Value@DirectUI@@QEAAPEAX_NM@Z
?GetGraphic@Value@DirectUI@@QEAAPEAUGraphic@2@XZ
?ContentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?SetValue@Element@DirectUI@@QEAAJPEBUPropertyInfo@2@HPEAVValue@2@@Z
?CreateGraphic@Value@DirectUI@@SAPEAV12@PEAUHBITMAP__@@EI_N11@Z
?GetType@Value@DirectUI@@QEBAHXZ
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@PEBUPropertyInfo@2@HPEAUUpdateCache@2@@Z
?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z
?Release@Value@DirectUI@@QEAAXXZ
?GetRoot@Element@DirectUI@@QEAAPEAV12@XZ
UnInitThread
UnInitProcessPriv
InitThread
InitProcessPriv
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UEBAXXZ
?GetChildren@ClassInfoBase@DirectUI@@UEBAHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UEAAXXZ
?AddChild@ClassInfoBase@DirectUI@@UEAAXXZ
?IsGlobal@ClassInfoBase@DirectUI@@UEBA_NXZ
?GetModule@ClassInfoBase@DirectUI@@UEBAPEAUHINSTANCE__@@XZ
?IsSubclassOf@ClassInfoBase@DirectUI@@UEBA_NPEAUIClassInfo@2@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UEBA_NPEBUPropertyInfo@2@@Z
?GetName@ClassInfoBase@DirectUI@@UEBAPEBGXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UEBAIXZ
?GetPICount@ClassInfoBase@DirectUI@@UEBAIXZ
?GetByClassIndex@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?Release@ClassInfoBase@DirectUI@@UEAAHXZ
?AddRef@ClassInfoBase@DirectUI@@UEAAXXZ
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?GetAccessibleImpl@Element@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?RemoveTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?ActivateTooltip@Element@DirectUI@@MEAAXPEAV12@K@Z
?UpdateTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnDestroy@Element@DirectUI@@UEAAXXZ
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnInput@Element@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnGroupChanged@Element@DirectUI@@UEAAXH_N@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?GetDirection@Element@DirectUI@@QEAAHXZ
?IsRTL@Element@DirectUI@@QEAA_NXZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?GetClassInfoPtr@TouchSelect@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@TouchSwitch@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@TouchSlider@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@TouchScrollViewer@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@RichText@DirectUI@@SAPEAUIClassInfo@2@XZ
??1ClassInfoBase@DirectUI@@UEAA@XZ
??0ClassInfoBase@DirectUI@@QEAA@XZ
?GetClassInfoPtr@Element@DirectUI@@SAPEAUIClassInfo@2@XZ
?Initialize@ClassInfoBase@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG_NPEBQEBUPropertyInfo@2@I@Z
?Register@ClassInfoBase@DirectUI@@QEAAJXZ
?ClassExist@ClassInfoBase@DirectUI@@SA_NPEAPEAUIClassInfo@2@PEBQEBUPropertyInfo@2@IPEAU32@PEAUHINSTANCE__@@PEBG_N@Z
??1CritSecLock@DirectUI@@QEAA@XZ
?GetFactoryLock@Element@DirectUI@@SAPEAU_RTL_CRITICAL_SECTION@@XZ
??0CritSecLock@DirectUI@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
?Register@Element@DirectUI@@SAJXZ
?GetLayoutPos@Element@DirectUI@@QEAAHXZ
?SetSelectionIndex@TouchSelect@DirectUI@@QEAAJH@Z
?SetThumbValue@TouchSlider@DirectUI@@QEAAXH_N@Z
?SetToggleValue@TouchSwitch@DirectUI@@QEAAXH_N@Z
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?SetStepCount@TouchSlider@DirectUI@@QEAAXH@Z
?SetFireContinuousSliderEvent@TouchSlider@DirectUI@@QEAAX_N@Z
?SetIsContinuous@TouchSlider@DirectUI@@QEAAJ_N@Z
?SetRangeMax@TouchSlider@DirectUI@@QEAAXH@Z
?SetRangeMin@TouchSlider@DirectUI@@QEAAXH@Z
?AddString@TouchSelect@DirectUI@@QEAAJPEBG@Z
?SetOnOffText@TouchSwitch@DirectUI@@QEAAXPEBG0@Z
?IsDescendent@Element@DirectUI@@QEAA_NPEAV12@@Z
?SelectionChange@TouchSelect@DirectUI@@SA?AVUID@@XZ
?SliderUpdated@TouchSlider@DirectUI@@SA?AVUID@@XZ
?Click@TouchButton@DirectUI@@SA?AVUID@@XZ
?Click@Button@DirectUI@@SA?AVUID@@XZ
?Initialize@Element@DirectUI@@QEAAJIPEAV12@PEAK@Z
??1Element@DirectUI@@UEAA@XZ
??0Element@DirectUI@@QEAA@XZ
?SetKeyFocus@Element@DirectUI@@UEAAXXZ

api-ms-win-crt-time-l1-1-0

_time64

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 636KB - Virtual size: 635KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 188KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CompiledLuau/CompiledLuau.exe
.exe windows:5 windows x64 arch:x64

f4f2e2b03fe5666a721620fcea3aea9b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
PostMessageW
GetMessageW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

IsValidCodePage
GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
GetACP
GetOEMCP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
CreateFileW
GetFinalPathNameByHandleW
CloseHandle
GetModuleFileNameW
CreateSymbolicLinkW
GetCPInfo
GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEndOfFile
GetProcAddress
GetSystemTimeAsFileTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
coolnigger.pyc
CompiledLuau/Misc/Byfron Monitoring/Byfron.Bridge.Builder.dll
.dll windows:10 windows x64 arch:x64

9758997981b2984d8f1b1cc6c20a17db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.Internal.Feedback.Analog.pdb

Imports

msvcrt

sprintf_s
fputs
fopen_s
fwrite
fseek
fclose
fflush
ftell
memcpy
realloc
??_V@YAXPEAX@Z
memmove
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
_callnewh
??1exception@@UEAA@XZ
memcpy_s
_purecall
_vsnwprintf
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
??1type_info@@UEAA@XZ
memmove_s
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
__CxxFrameHandler4
?terminate@@YAXXZ
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
??3@YAXPEAX@Z
_CxxThrowException
memset

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsIsStringEmpty
WindowsDuplicateString
WindowsCreateString
WindowsStringHasEmbeddedNull

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoTransformError
RoOriginateError

api-ms-win-core-synch-l1-1-0

SetEvent
CreateEventW
ReleaseSRWLockExclusive
CreateMutexExW
OpenSemaphoreW
InitializeSRWLock
ReleaseMutex
WaitForSingleObject
AcquireSRWLockExclusive
ReleaseSemaphore
ReleaseSRWLockShared
CreateSemaphoreExW
AcquireSRWLockShared
WaitForSingleObjectEx

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
DisableThreadLibraryCalls
LoadLibraryExW
GetModuleHandleExW
FreeLibrary
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
CreateThread
GetCurrentThreadId
GetCurrentProcess
OpenProcessToken

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
RaiseException
SetLastError
UnhandledExceptionFilter

api-ms-win-security-capability-l1-1-0

CapabilityCheck
RpcClientCapabilityCheck

ntdll

RtlGetDeviceFamilyInfoEnum
RtlWaitForWnfMetaNotification
RtlPublishWnfStateData
RtlNtStatusToDosError

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-com-l1-1-0

CoGetCallContext
StringFromCLSID
CoCreateInstance
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoTaskMemRealloc
CoTaskMemAlloc

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventWriteTransfer
EventRegister

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

mmdevapi

ord17

api-ms-win-core-winrt-l1-1-0

RoActivateInstance

api-ms-win-security-base-l1-1-0

DuplicateTokenEx

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFamilyName

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CompiledLuau/Misc/Byfron Monitoring/Byfron_Debugger_Disabler.dll
.dll windows:10 windows x64 arch:x64

65dc7fbf3d2e4845a03d55d6b464e77a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_AnalogShell.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memcmp
_o_abort
_o_bsearch_s
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_CxxThrowException
memcpy
memmove
__CxxFrameHandler3
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
__std_terminate
__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
NtQueryWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlCaptureContext

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
CreateEventExW
DeleteCriticalSection
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockExclusive
CreateMutexExW
AcquireSRWLockExclusive
AcquireSRWLockShared
CreateEventW
WaitForMultipleObjectsEx
WaitForSingleObjectEx
CreateSemaphoreExW
ResetEvent
SetEvent
ReleaseMutex
InitializeSRWLock
WaitForSingleObject
OpenSemaphoreW
ReleaseSemaphore
LeaveCriticalSection
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentThreadId
GetExitCodeProcess
GetProcessId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDuplicateString
WindowsCreateString
WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce
Sleep

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

msvcp_win

?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Xbad_function_call@std@@YAXXZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ

ext-ms-win-rtcore-ntuser-sysparams-l1-1-0

DisplayConfigGetDeviceInfo

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateGuid
CoTaskMemAlloc
CoWaitForMultipleHandles
CoCreateInstance
CoIncrementMTAUsage
CoTaskMemRealloc
CoGetMalloc
CoDecrementMTAUsage

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoInitialize
RoUninitialize

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCloseKey
RegDeleteValueW
RegGetValueW
RegCreateKeyExW
RegFlushKey

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

coremessaging

CoreUICallReceive
CoreUICallCreateEndpointHost
CoreUICreate
CoreUICallSend

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

ShellExecuteExW

user32

SendMessageW
GetWindowThreadProcessId
SetTimer
GetProcessDefaultLayout
GetWindowRect
EnumWindows

shcore

ord244
ord233
ord230
ord232
SHCreateThread

oleaut32

SysStringLen
SysAllocString
GetErrorInfo
SetErrorInfo
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetSetting

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CompiledLuau/Misc/Byfron Monitoring/PipeFinder.dll
.dll windows:10 windows x64 arch:x64

b03976265e6f1d4f9bbc046ba02535fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MixedRealityCapture.Pipeline.pdb

Imports

wincorlib

?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z
?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ
?UninitializeData@Details@Platform@@YAXH@Z
?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?InitializeData@Details@Platform@@YAJH@Z
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_FailFast@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
?Free@Heap@Details@Platform@@SAXPEAX@Z
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z
??0OutOfMemoryException@Platform@@QE$AAA@XZ
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
??0FailureException@Platform@@QE$AAA@XZ
??0OutOfBoundsException@Platform@@QE$AAA@XZ
??0Object@Platform@@QE$AAA@XZ
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
??0ChangedStateException@Platform@@QE$AAA@XZ
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
?ReleaseInContextImpl@Details@Platform@@YAJPEAUIUnknown@@0@Z
?GetObjectContext@Details@Platform@@YAPEAUIUnknown@@XZ
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z
?GetProxyImpl@Details@Platform@@YAJPEAUIUnknown@@AEBU_GUID@@0PEAPEAU3@@Z
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_WinRTraiseFailureException@@YAXXZ
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z

api-ms-win-crt-string-l1-1-0

memset
wcsncmp
wcslen

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
_o_bsearch
_o_ceil
_o_floorf
_o_free
_o_lroundf
_o_malloc
_o_modff
_o_powf
_o_realloc
_o_terminate
__CxxFrameHandler3
_CxxThrowException
__C_specific_handler
__current_exception
__current_exception_context
_o__crt_atexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__cexit
_o__callnewh
_o__errno
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcsrchr
__std_terminate
wcsstr
__CxxFrameHandler4
memcpy
memcmp
memmove

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringLen
WindowsDuplicateString
WindowsDeleteString
WindowsCreateStringReference
WindowsCreateString
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
DisableThreadLibraryCalls
FreeLibrary

api-ms-win-core-synch-l1-1-0

CreateEventExW
DeleteCriticalSection
SetEvent
CreateSemaphoreExW
LeaveCriticalSection
CreateEventW
WaitForMultipleObjectsEx
OpenSemaphoreW
ReleaseSemaphore
WaitForSingleObject
InitializeCriticalSectionEx
ReleaseSRWLockShared
EnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObjectEx
AcquireSRWLockShared
ReleaseMutex
TryAcquireSRWLockExclusive
InitializeSRWLock
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
OpenProcessToken
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

WaitOnAddress
InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize
WakeByAddressAll

api-ms-win-core-com-l1-1-0

CoDecrementMTAUsage
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoIncrementMTAUsage
PropVariantClear
CoTaskMemFree
CoWaitForMultipleHandles
CoCreateInstance
CoGetApartmentType
CoGetContextToken

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetTickCount64
GetLocalTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-path-l1-1-0

PathCchFindExtension
PathCchRemoveBackslash
PathCchAddBackslash
PathCchAppend
PathCchRemoveFileSpec
PathCchCombine

ntdll

RtlIsStateSeparationEnabled
RtlGetPersistedStateLocation
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlGetDeviceFamilyInfoEnum

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

api-ms-win-security-provider-l1-1-0

SetNamedSecurityInfoW

api-ms-win-core-kernel32-legacy-l1-1-0

RaiseFailFastException
CreateSemaphoreW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
SubmitThreadpoolWork
CloseThreadpoolTimer
CloseThreadpoolWork
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-core-com-l1-1-1

RoGetAgileReference

userenv

ExpandEnvironmentStringsForUserW

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-base-l1-1-0

GetTokenInformation
InitializeAcl
GetSecurityDescriptorDacl

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-file-l1-1-0

GetDiskFreeSpaceW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

oleaut32

VariantClear
VariantInit

rpcrt4

I_RpcBindingInqLocalClientPID

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_PropertyW

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-appmodel-runtime-l1-1-0

GetCurrentPackageFullName

mfsensorgroup

MFCreateSensorGroup

dxgi

CreateDXGIFactory1

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 476KB - Virtual size: 473KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CompiledLuau/Misc/Byfron Monitoring/Runtime_Byfron_Tricker.dll
.dll windows:10 windows x64 arch:x64

f1948e858683f56da7be306158741646

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6e:1e:eb:53:05:65:75:f0:57:c8:e4:55:c5:99:95:d9:5d:51:06:9c:0d:a8:7b:10:64:71:6a:c2:94:f6:48:cf
Signer

Actual PE Digest

6e:1e:eb:53:05:65:75:f0:57:c8:e4:55:c5:99:95:d9:5d:51:06:9c:0d:a8:7b:10:64:71:6a:c2:94:f6:48:cf

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MixedRealityRuntime.pdb

Imports

msvcp_win

?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_unlock
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o_abort
_o_free
_o_iswspace
_o_malloc
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
__std_terminate
__CxxFrameHandler4
_o__cexit
_o___stdio_common_vswprintf
_o__callnewh
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-kernel32-legacy-l1-1-0

LoadLibraryW
UnregisterWait

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW
FreeLibrary
GetProcAddress

api-ms-win-core-synch-l1-1-0

CreateMutexExW
WaitForSingleObjectEx
ReleaseSRWLockExclusive
ReleaseMutex
SetEvent
WaitForSingleObject
AcquireSRWLockExclusive
ReleaseSemaphore
CreateSemaphoreExW
CreateEventExW
AcquireSRWLockShared
OpenSemaphoreW
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
OpenThreadToken
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsDeleteString

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventActivityIdControl
EventSetInformation

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoResumeClassObjects
CoRevokeClassObject
CoTaskMemAlloc
CoRevertToSelf
CoRegisterClassObject
CoImpersonateClient
CoCreateInstance

api-ms-win-core-winrt-l1-1-0

RoRegisterActivationFactories
RoRevokeActivationFactories

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InitializeSListHead
InterlockedPushEntrySList

api-ms-win-appmodel-runtime-l1-1-0

GetPackagesByPackageFamily

api-ms-win-appmodel-runtime-l1-1-1

GetPackagePathByFullName

combase

ord69
ord68
ord67
ord66

oleaut32

SysStringLen
SysAllocString
SysFreeString
SetErrorInfo
GetErrorInfo

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-threadpool-l1-2-0

TrySubmitThreadpoolCallback

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
ServiceMain
SvchostPushServiceGlobals
xrNegotiateLoaderRuntimeInterface

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CompiledLuau/Misc/Byfron Monitoring/renamer.dll
.dll windows:10 windows x64 arch:x64

74cf4c853f93ce19fe0199d9a8faab20

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_HoloLens_Environment.pdb

Imports

msvcp_win

_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_IsNonBlockingThread@_Task_impl_base@details@Concurrency@@SA_NXZ
_Cnd_wait
_Mtx_unlock
?__ExceptionPtrDestroy@@YAXPEAX@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
_Cnd_broadcast
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
_Mtx_destroy_in_situ
_Cnd_destroy_in_situ
_Mtx_init_in_situ
_Cnd_init_in_situ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Xbad_function_call@std@@YAXXZ

wincorlib

?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z
?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
??0Object@Platform@@QE$AAA@XZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?Free@Heap@Details@Platform@@SAXPEAX@Z
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
??0NotImplementedException@Platform@@QE$AAA@XZ
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
??0Delegate@Platform@@QE$AAA@XZ
??0DisconnectedException@Platform@@QE$AAA@XZ
??0NullReferenceException@Platform@@QE$AAA@XZ
?GetTypeCode@Type@Platform@@SA?AW4TypeCode@2@PE$AAV12@@Z
?__abi_make_type_id@@YAPE$AAVType@Platform@@AEBU__abi_type_descriptor@@@Z
?CreateValue@Details@Platform@@YAPE$AAVObject@2@W4TypeCode@2@PEBX@Z
?GetIBoxVtable@Details@Platform@@YAPEAXPEAX@Z
?__abi_ObjectToString@__abi_details@@YAPE$AAVString@Platform@@PE$AAVObject@3@_N@Z
??0InvalidArgumentException@Platform@@QE$AAA@XZ
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z
??0COMException@Platform@@QE$AAA@H@Z
??0OutOfMemoryException@Platform@@QE$AAA@XZ
??0FailureException@Platform@@QE$AAA@XZ
??0OutOfBoundsException@Platform@@QE$AAA@XZ
??0ChangedStateException@Platform@@QE$AAA@XZ
?ReleaseInContextImpl@Details@Platform@@YAJPEAUIUnknown@@0@Z
?GetProxyImpl@Details@Platform@@YAJPEAUIUnknown@@AEBU_GUID@@0PEAPEAU3@@Z
?GetObjectContext@Details@Platform@@YAPEAUIUnknown@@XZ
?ReCreateException@Exception@Platform@@SAPE$AAV12@H@Z
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z
?InitializeData@Details@Platform@@YAJH@Z
?UninitializeData@Details@Platform@@YAXH@Z
?__abi_FailFast@@YAXXZ
?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
??0InvalidArgumentException@Platform@@QE$AAA@PE$AAVString@1@@Z
?__abi_WinRTraiseFailureException@@YAXXZ

api-ms-win-crt-string-l1-1-0

wcslen
memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___std_exception_copy
_o___std_exception_destroy
_o___std_type_info_destroy_list
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_abort
_o_free
_o_malloc
_o_terminate
__CxxFrameHandler3
_CxxThrowException
__C_specific_handler
__current_exception
__current_exception_context
__std_terminate
wcsstr
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsCreateString
WindowsConcatString
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsDeleteString

api-ms-win-core-kernel32-legacy-l1-1-0

RaiseFailFastException

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
SetEvent
WaitForSingleObject
CreateMutexExW
CreateSemaphoreExW
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseMutex
InitializeCriticalSectionAndSpinCount
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObjectEx
ResetEvent
CreateEventW
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
RaiseException
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister
EventActivityIdControl

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
Sleep
InitOnceBeginInitialize

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegGetValueW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoGetContextToken

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

perceptiondevice

PerceptionDeviceCreateFactory

ext-ms-win-devmgmt-policy-l1-1-0

PolicyManager_GetPolicyInt
PolicyManager_IsPolicySetByMobileDeviceManager

Exports

Exports

GetSetting

Sections

.text
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CompiledLuau/Misc/Dumpers/Byfron_Bridge_Builder.dll
.dll regsvr32 windows:10 windows x64 arch:x64

1e5ff1b9494643f52a57d845d708025a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FXSCOM.pdb

Imports

msvcrt

?terminate@@YAXXZ
_XcptFilter
_callnewh
free
_amsg_exit
_initterm
_unlock
__dllonexit
_onexit
memcmp
_purecall
_CxxThrowException
??1type_info@@UEAA@XZ
__C_specific_handler
_lock
malloc
_vsnwprintf
__CxxFrameHandler4
memcpy_s
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
memmove_s
memset

atl

ord23
ord30
ord58
ord21
ord15
ord18
ord22
ord32
ord16

fxsapi

FaxEnableRoutingMethodW
FaxEnumRoutingMethodsW
FaxSendDocumentW
FaxEnumPortsW
FaxSetJobW
FaxGetJobW
FaxGetDeviceStatusW
FaxSetPortW
FaxGetRoutingInfoW
FaxGetPortW
FaxOpenPort
FaxSetConfigurationW
FaxFreeBuffer
FaxGetConfigurationW
FaxConnectFaxServerW
FaxClose
FaxCompleteJobParamsW
FaxEnumJobsW

kernel32

FileTimeToLocalFileTime
GetLastError
FileTimeToSystemTime
CreateFileW
CreateFileMappingW
MapViewOfFile
LeaveCriticalSection
EnterCriticalSection
DisableThreadLibraryCalls
DeleteCriticalSection
InitializeCriticalSection
GetSystemTime
SystemTimeToFileTime
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
MultiByteToWideChar
GetCurrentProcess
TerminateProcess
SetLastError
CloseHandle
GetProcAddress
GetDateFormatW
GetStringTypeExW
GetLocaleInfoEx
EnumUILanguagesW
GetTimeFormatW
HeapFree
LocalFree
GetProcessHeap
OutputDebugStringW
UnmapViewOfFile
CreateSemaphoreExW
ReleaseSemaphore
GetModuleHandleExW
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
ReleaseMutex
FormatMessageW
ReleaseSRWLockExclusive
CloseThreadpoolTimer
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
CreateMutexExW
AcquireSRWLockShared
GetModuleHandleW
DebugBreak
IsDebuggerPresent
HeapAlloc
LocalAlloc
SetUnhandledExceptionFilter
GetModuleFileNameA

advapi32

TraceMessage
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

oleaut32

VariantClear
VariantInit
SystemTimeToVariantTime
SysFreeString
SysAllocString
LoadRegTypeLi
SysStringLen
VariantCopy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CompiledLuau/Misc/Dumpers/Dumper.dll
.dll windows:10 windows x64 arch:x64

42bb396e9b5b79c3b3d994ab3073853b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FXSCOMPOSE.pdb

Imports

msvcrt

wcspbrk
_wcsicmp
_wcsnset
realloc
_wsplitpath_s
__CxxFrameHandler4
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
wcstok
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
swscanf_s
_wcsnicmp
wcsncmp
_wtof
wcsrchr
memmove_s
memcpy_s
_itow
_vsnwprintf
_purecall
??_V@YAXPEAX@Z
memcmp
_wtoi
wcschr
wcsstr
wcsspn
memset
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
??3@YAXPEAX@Z
iswalpha
wcscmp

atl

ord16
ord21
ord31

inetcomm

MimeOleCreateVirtualStream
MimeOleCreateMessage
MimeOleGetCharsetInfo
MimeOleSetBodyPropW
MimeOleSetBodyPropA
MimeOleFindCharset
MimeOleGetPropertySchema
HrAttachDataFromFile
HrAthGetFileNameW
HrAttachDataFromBodyPart
HrFreeAttachData
HrGetAttachIconByFile
HrGetAttachIcon
MimeOleGetBodyPropW
MimeOleGetAllocator
HrDoAttachmentVerb
MimeOleSetCompatMode

fxsapi

FaxConnectFaxServerW
FaxFreeBuffer
FaxGetPersonalCoverPagesOption
FaxClose
FaxGetCountryListW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

advapi32

SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
SetSecurityDescriptorOwner
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetLengthSid
GetTokenInformation
OpenThreadToken
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
CopySid
RegEnumKeyW
IsValidSid
OpenProcessToken
SetSecurityDescriptorGroup
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegSetValueExA
RegQueryInfoKeyW
ReportEventW
RegisterEventSourceW
DeregisterEventSource

gdi32

StretchDIBits
EndDoc
StartPage
PlayEnhMetaFile
SetEnhMetaFileBits
CreateDCW
SetWindowOrgEx
CreateRectRgnIndirect
GetEnhMetaFileHeader
SetWindowExtEx
GetDeviceCaps
CreateFontIndirectW
GetObjectW
DeleteObject
CreateCompatibleDC
SaveDC
CreateCompatibleBitmap
SelectObject
SetBkColor
SetBkMode
SetTextColor
TextOutW
BitBlt
RestoreDC
DeleteDC
GetTextExtentPoint32W
GetTextMetricsW
PatBlt
GetStockObject
SetTextAlign
ExtTextOutW
CreatePen
MoveToEx
LineTo
EndPage
StartDocW
SetMapMode
LPtoDP
SelectClipRgn
SetViewportExtEx
DeleteEnhMetaFile

kernel32

FreeLibrary
CreateMutexW
Sleep
QueryPerformanceCounter
DeleteCriticalSection
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
FormatMessageW
LocalFree
FindFirstFileW
FindClose
FindNextFileW
GetUserPreferredUILanguages
GetLocaleInfoEx
GetSystemTime
SystemTimeToFileTime
LoadLibraryW
GetModuleFileNameW
GlobalAlloc
GlobalFree
IsDBCSLeadByte
GetProcAddress
ExpandEnvironmentStringsW
HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
GetModuleHandleW
IsDebuggerPresent
OutputDebugStringW
AcquireSRWLockExclusive
TlsGetValue
AcquireSRWLockShared
ReleaseSRWLockShared
SetLastError
ReleaseSemaphore
ReleaseMutex
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForSingleObjectEx
EnterCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
OpenSemaphoreW
CreateMutexExW
CreateSemaphoreExW
LeaveCriticalSection
CreateThreadpoolTimer
WideCharToMultiByte
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalSize
lstrcmpW
lstrcmpA
RtlMoveMemory
DeleteFileW
GetLocalTime
LocalAlloc
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetTempPathW
MoveFileW
CreateThread
CompareStringOrdinal
GetACP
lstrlenW
GetSystemInfo
GetVersionExW
GetTempPath2W
GetTempFileNameW
GetFileAttributesW
MultiByteToWideChar
GetStringTypeExW
lstrlenA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
FileTimeToLocalFileTime
FileTimeToSystemTime
MulDiv
GetComputerNameW
GetFullPathNameW
InitializeCriticalSectionAndSpinCount
CreateDirectoryW
CompareFileTime
UnmapViewOfFile
CopyFileW
GetFileType
CreateFileMappingW
MapViewOfFileEx
HeapReAlloc
HeapDestroy
GetCurrentThread
VirtualFree
VirtualAlloc
WaitForMultipleObjects
SetEnvironmentVariableW
CreateEventW
CreateProcessW
MapViewOfFile
OpenMutexW
LoadLibraryExA
ActivateActCtx
DeactivateActCtx
GetSystemWindowsDirectoryA
CreateActCtxA
ReleaseActCtx
GetModuleHandleA
InitializeCriticalSection
TlsSetValue
TlsAlloc
CloseHandle
GetFileSize
GetLastError
CreateFileW
TlsFree
ReleaseSRWLockExclusive
GetCurrentProcessId

ole32

PropVariantClear
CreateStreamOnHGlobal
CreateOleAdviseHolder
OleRun
DoDragDrop
RegisterDragDrop
CoLockObjectExternal
CoUninitialize
CoInitialize
ReleaseStgMedium
OleUninitialize
CoCreateInstance
OleInitialize
CoGetMalloc
RevokeDragDrop

user32

GetClientRect
GetSystemMetrics
InflateRect
GetWindowPlacement
SetWindowPlacement
CopyRect
LoadMenuW
GetCapture
IsChild
SetForegroundWindow
GetMessageW
TranslateMessage
DispatchMessageW
SetPropW
LoadImageW
WindowFromPoint
TranslateAcceleratorW
GetKeyState
RemovePropW
PostQuitMessage
GetMenuItemInfoW
MapDialogRect
CheckMenuItem
AdjustWindowRectEx
MoveWindow
GetSysColor
FillRect
GetSysColorBrush
DrawEdge
CallWindowProcW
ActivateKeyboardLayout
GetKeyboardLayoutList
DialogBoxParamW
ClientToScreen
GetDlgCtrlID
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CheckDlgButton
DestroyIcon
SetTimer
KillTimer
SetDlgItemTextW
SetDlgItemInt
MessageBeep
GetWindowDC
RemoveMenu
GetProcessDefaultLayout
WinHelpW
GetDlgItemTextW
SetMenuItemInfoW
CheckMenuRadioItem
GetMessagePos
DestroyMenu
LoadAcceleratorsW
UnregisterClassW
InvalidateRect
SystemParametersInfoW
OffsetRect
SendMessageA
SetActiveWindow
IsWindowEnabled
EnumThreadWindows
EnableWindow
GetPropW
GetWindow
IsWindowVisible
GetLastActivePopup
PostMessageW
TrackPopupMenuEx
MapWindowPoints
ShowWindow
CreateWindowExW
RegisterClassW
GetClassInfoW
DefWindowProcW
EndPaint
BeginPaint
EnableMenuItem
IsDlgButtonChecked
EndDialog
SetFocus
GetWindowRect
SetWindowPos
ReleaseDC
DrawTextW
IsMenu
GetNextDlgTabItem
GetWindowLongW
GetFocus
SetRect
ScreenToClient
GetDlgItem
LoadIconW
SetWindowLongW
SetWindowTextW
SetCursor
GetActiveWindow
SetWindowLongPtrW
GetWindowTextW
GetWindowTextLengthW
LoadCursorW
GetParent
GetWindowLongPtrW
SendDlgItemMessageW
SendMessageW
RegisterClipboardFormatW
DestroyWindow
IsWindow
LoadStringW
MessageBoxW
GetSubMenu
DeleteMenu
GetMenuItemCount
GetComboBoxInfo
GetDC

ntdll

WinSqmIncrementDWORD

shlwapi

SHGetValueW
SHSetValueW
SHDeleteValueW
SHQueryValueExW
PathCombineW
StrStrIW
PathIsDirectoryW
PathAppendW
ord487
PathIsContentTypeW
SHRegGetUSValueW
PathFindExtensionW
PathFindFileNameW
StrDupW
PathRemoveFileSpecW
PathFileExistsW
StrStrIA
StrRChrIW
StrCmpW
StrCmpIW
StrTrimW

oleaut32

SysAllocString
VariantClear
SysAllocStringLen
SystemTimeToVariantTime
SysStringLen
SafeArrayGetElement
VariantTimeToSystemTime
SysFreeString

winspool.drv

ClosePrinter
DocumentPropertiesW
EnumPrintersW
OpenPrinterW
FindNextPrinterChangeNotification
FindFirstPrinterChangeNotification
FindClosePrinterChangeNotification
GetJobW
GetPrinterW
SetJobW

wininet

CreateUrlCacheEntryW

gdiplus

GdipGetImageEncodersSize
GdipFree
GdipDisposeImage
GdipAlloc
GdipCloneImage
GdipLoadImageFromFile
GdipSaveAddImage
GdipSaveAdd
GdipSaveImageToFile
GdiplusStartup
GdiplusShutdown
GdipGetImageEncoders

shell32

SHSetLocalizedName
SHGetFolderPathW
DragQueryFileW
SHGetFolderPathAndSubDirW
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW

tapi32

lineInitializeExW
lineSetCurrentLocation
lineGetTranslateCapsW
lineTranslateDialogW
lineShutdown
lineTranslateAddressW

Exports

Exports

DllMain
FaxComposeFreeBuffer
HrAddressBookPreTranslateAccelerator
HrDeInitAddressBook
HrDeinitComposeFormDll
HrFaxComposePreTranslateAccelerator
HrFreeDraftsListViewInfo
HrGetDraftsListViewInfo
HrInitAddressBook
HrInitComposeFormDll
HrInvokeAddressBook
HrNewFaxComposeUI
HrNewFaxComposeUIFromFile
HrNewTiffViewUIFromFile
HrSelectEmailRecipient

Sections

.text
Size: 392KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CompiledLuau/Misc/Dumpers/Dumper_Offset.dll
.dll regsvr32 windows:10 windows x64 arch:x64

696e5eded5f18e7ea114bbf0bfbf7f95

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FXSUTILITY.pdb

Imports

msvcrt

memset
_onexit
__dllonexit
_unlock
_lock
wcschr
__CxxFrameHandler3
_wsplitpath_s
memcpy_s
??0exception@@QEAA@XZ
_vsnprintf_s
memmove_s
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
iswspace
memcpy
memcmp
_vsnwprintf
malloc
free
_purecall
wcscat_s
realloc
__C_specific_handler
wcscmp

fxsapi

FaxGetRoutingInfoW
FaxSetGeneralConfiguration
FaxGetGeneralConfiguration
FaxSetOutboxConfiguration
FaxGetOutboxConfiguration
FaxSetSecurityEx2
FaxGetSecurityEx2
FaxGetExtensionDataW
FaxSetExtensionDataW
FaxAccessCheckEx2
FaxSetPortExW
FaxClose
FaxEnumPortsExW
FaxConnectFaxServerW
FaxFreeBuffer
FaxCheckValidFaxFolder
FaxOpenPort
FaxSetRoutingInfoW

shlwapi

PathIsNetworkPathW
StrChrW
PathFileExistsW
SHAutoComplete
PathMakePrettyW
PathIsRelativeW

winspool.drv

EnumPrintersW

kernel32

LocalAlloc
GetVersionExW
CloseHandle
LocalFree
CreateProcessW
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
WaitForSingleObject
GetCurrentThread
SizeofResource
ExpandEnvironmentStringsW
OutputDebugStringW
HeapFree
HeapAlloc
GetProcessHeap
CompareStringW
GetLocaleInfoW
GetFileAttributesW
LoadLibraryW
SetLastError
GetFullPathNameW
GetLocaleInfoEx
GetUserPreferredUILanguages
GetModuleFileNameA
CreateSemaphoreExW
ReleaseSemaphore
GetModuleHandleExW
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
ReleaseMutex
FormatMessageW
ReleaseSRWLockExclusive
CloseThreadpoolTimer
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
CreateMutexExW
AcquireSRWLockShared
DebugBreak
IsDebuggerPresent
LoadLibraryExA
ExpandEnvironmentStringsA
FreeLibrary
LoadLibraryExW
lstrcmpiW
VirtualQuery
GetModuleHandleW
DeleteCriticalSection
GetProcAddress
HeapDestroy
LoadResource
FindResourceExW
GetSystemInfo
DisableThreadLibraryCalls
GetLastError
MultiByteToWideChar
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
VirtualAlloc
lstrcpynW
EnterCriticalSection
VirtualProtect
ActivateActCtx
DeactivateActCtx
CreateActCtxW
ReleaseActCtx
GetLocalTime

shell32

SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW
SHCreateDirectoryExW

oleaut32

SysAllocString
VarUI4FromStr
SysFreeString
UnRegisterTypeLi

ole32

CoInitialize
CoInitializeEx
CoUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
HWND_UserUnmarshal64
HWND_UserMarshal64
HWND_UserMarshal
HWND_UserSize
HWND_UserSize64
HWND_UserFree64
HWND_UserFree
HWND_UserUnmarshal
CoCreateInstance

user32

CallWindowProcW
GetParent
EnableWindow
ShowWindow
SetWindowPos
MessageBoxW
SetWindowLongPtrW
GetWindowLongPtrW
GetDlgItem
GetDlgItemTextW
LoadStringW
PostMessageW
SendMessageW
FindWindowW
CharPrevW
CharNextW
SetDlgItemInt
CheckDlgButton
GetDlgItemInt
SetFocus
IsDlgButtonChecked
SendDlgItemMessageW
SetWindowTextW
EndDialog
SetActiveWindow
GetWindowTextLengthW
DialogBoxParamW
SetDlgItemTextW
GetWindowTextW

advapi32

GetSecurityDescriptorLength
DuplicateTokenEx
SetThreadToken
MapGenericMask
RegDeleteValueW
RegEnumValueW
GetSecurityDescriptorControl
AdjustTokenPrivileges
LookupPrivilegeValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
AllocateAndInitializeSid
SetEntriesInAclW
OpenThreadToken
OpenServiceW
ChangeServiceConfigW
StartServiceW
FreeSid
OpenProcessToken
EnumDependentServicesW
ControlService
TraceMessage
RegQueryValueExA
RegOpenKeyExA
SetNamedSecurityInfoW
GetNamedSecurityInfoW
MakeSelfRelativeSD

rpcrt4

NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_Connect
CStdStubBuffer_Invoke
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_AddRef
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_DebugServerRelease

aclui

ord1

Exports

Exports

CanSendToFaxRecipient
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo
SendToFaxRecipient

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CompiledLuau/Misc/Dumpers/Dumper_X.dll
.dll windows:10 windows x64 arch:x64

97d0d15054766dbb33ba303fe35a2100

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FXSMON.pdb

Imports

msvcrt

??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_CxxThrowException
memcmp
memcpy
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_vsnwprintf
_wtoi
iswdigit
_wcsicmp
wcsstr
_wsplitpath_s
__CxxFrameHandler4
memcpy_s
_purecall
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
memmove_s
_itow
memset

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
EtwUnregisterTraceGuids
RtlVirtualUnwind
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwRegisterTraceGuidsW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

spoolss

GetJobW
SetJobW
OpenPrinterW
ClosePrinter

kernel32

IsDebuggerPresent
DebugBreak
GetModuleHandleW
AcquireSRWLockShared
CreateMutexExW
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CloseThreadpoolTimer
ReleaseSRWLockExclusive
FormatMessageW
ReleaseMutex
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
GetModuleHandleExW
DelayLoadFailureHook
ResolveDelayLoadedAPI
ReleaseSemaphore
CreateSemaphoreExW
GetModuleFileNameA
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW
OutputDebugStringW
RegOpenKeyExW
RegQueryValueExW
DisableThreadLibraryCalls
lstrcmpW
LocalAlloc
LocalFree
CloseHandle
DeleteFileW
GetLastError
SetLastError
GetTempPath2W
GetTempFileNameW
CreateFileW
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
FlushFileBuffers
GetFileSize
WriteFile
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
DeleteCriticalSection
HeapFree
HeapAlloc
HeapDestroy
GetProcessHeap
GetModuleFileNameW
LoadLibraryW
FreeLibrary
ExpandEnvironmentStringsW
GetProcAddress
RegCloseKey

Exports

Exports

InitializePrintMonitor2

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CompiledLuau/Misc/Dumpers/Dumper_nil.dll
.dll windows:10 windows x64 arch:x64

e05b8863942dd2d7cc52f593b7b19776

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FXSST.pdb

Imports

msvcrt

memcmp
memset
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
??0exception@@QEAA@AEBQEBD@Z
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
malloc
free
_callnewh
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
__CxxFrameHandler4
_wsplitpath_s
wcscmp

fxsapi

FaxFreeBuffer
FaxAnswerCall
FaxRegisterForServerEvents
FaxGetJobExW
FaxClose
FaxAccessCheckEx
FaxRelease
FaxEnumPortsExW
FaxSetJobW
FaxUnregisterForServerEvents
IsDeviceVirtual
FaxConnectFaxServerW

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
EtwUnregisterTraceGuids
RtlVirtualUnwind
EtwTraceMessage
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags

user32

MessageBoxW
CreateDialogParamW
GetWindowRect
GetDC
SetWindowPos
SetActiveWindow
SetWindowTextW
LoadStringW
SetDlgItemTextW
GetSysColor
MoveWindow
IsDlgButtonChecked
CheckDlgButton
GetSysColorBrush
LoadImageW
ReleaseDC
DefWindowProcW
CallWindowProcW
PostMessageW
DestroyWindow
CreateWindowExW
DeleteMenu
SendMessageW
UnregisterClassW
RegisterClassExW
TrackPopupMenu
GetSubMenu
SetTimer
IsDialogMessageW
DestroyIcon
SetMenuDefaultItem
DestroyMenu
LoadIconW
LoadCursorW
RemoveMenu
GetDlgItem
KillTimer
SetForegroundWindow
GetCursorPos
EnableWindow
LoadMenuW
SetFocus

gdi32

CreateFontIndirectW
DeleteObject
SetBkMode
SetTextColor
GetDeviceCaps

shell32

ShellExecuteW
Shell_NotifyIconW

comctl32

ImageList_Create
ImageList_Add
ImageList_Destroy

kernel32

DelayLoadFailureHook
ResolveDelayLoadedAPI
GetVersion
GetVersionExW
GetModuleFileNameW
LocalFree
GetCurrentThread
GetTimeFormatW
GetUserPreferredUILanguages
EnumUILanguagesW
GetLocaleInfoEx
ExpandEnvironmentStringsW
HeapDestroy
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
MulDiv
GetLocalTime
GetLocaleInfoW
IsDebuggerPresent
GetTickCount
DebugBreak
FreeLibrary
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
GetProcAddress
HeapAlloc
ResetEvent
CreateThread
LoadLibraryW
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
TerminateThread
AcquireSRWLockExclusive
DisableThreadLibraryCalls
CloseThreadpoolTimer
SetEvent
OpenEventW
OutputDebugStringW
ReleaseSRWLockExclusive
GetLastError
FormatMessageW
CreateEventW
GetSystemDirectoryW
ReleaseMutex
GetModuleHandleExW
GetCurrentThreadId
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
GetStringTypeExW
CreateSemaphoreExW
GetModuleFileNameA
InitOnceExecuteOnce
LeaveCriticalSection
HeapFree
SetLastError
EnterCriticalSection
ReleaseSemaphore
WaitForMultipleObjects

Exports

Exports

DllMain
FaxMonitorShutdown
FaxMonitorStartup
IsFaxMessage

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 764KB - Virtual size: 761KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CompiledLuau/Misc/Dumpers/Stool_Dumped.dll
.dll windows:10 windows x64 arch:x64

6cf58149604eea0b59283b54fcc81e08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FXSAPI.pdb

Imports

msvcrt

_vsnwprintf
_mbstrlen
_XcptFilter
_amsg_exit
wcsstr
iswalpha
wcschr
_wsplitpath_s
_wcsnicmp
__CxxFrameHandler4
memcpy_s
_purecall
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
memmove_s
realloc
_callnewh
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
free
malloc
_initterm
_lock
_unlock
__dllonexit
_onexit
wcsrchr
_wcsicmp
_mbsicmp
memset
_itow
_wcsnset
wcsncmp
__C_specific_handler
qsort
_CxxThrowException
memcmp
memcpy
memmove
wcscmp

rpcrt4

NdrServerCall2
RpcBindingInqAuthClientW
RpcBindingSetAuthInfoW
RpcBindingFree
RpcServerUnregisterIf
RpcMgmtStopServerListening
RpcMgmtWaitServerListen
NdrServerCallAll
RpcServerRegisterIfEx
RpcServerRegisterIf
RpcServerRegisterAuthInfoW
RpcServerListen
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringFreeW
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcBindingServerFromClient
RpcServerUseProtseqEpW
NdrClientCall3

kernel32

HeapDestroy
GetProcessHeap
CreateDirectoryW
ExpandEnvironmentStringsW
MultiByteToWideChar
FileTimeToSystemTime
SystemTimeToFileTime
WideCharToMultiByte
GetDateFormatW
GetVersionExW
GetVersion
SetFilePointer
GetTempPathW
OutputDebugStringW
WaitForSingleObject
OpenEventW
CreateEventW
SetEvent
GetCurrentThread
SetEndOfFile
CreateFileW
UnmapViewOfFile
LocalFileTimeToFileTime
CopyFileW
GetFileType
GetSystemTime
CreateFileMappingW
MapViewOfFileEx
GetStringTypeExW
GetLocaleInfoEx
EnumUILanguagesW
HeapAlloc
GetModuleFileNameA
CreateSemaphoreExW
ReleaseSemaphore
GetModuleHandleExW
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
ReleaseMutex
FormatMessageW
ReleaseSRWLockExclusive
CloseThreadpoolTimer
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
CreateMutexExW
AcquireSRWLockShared
GetModuleHandleW
DebugBreak
IsDebuggerPresent
MulDiv
HeapReAlloc
DeleteCriticalSection
InitializeCriticalSection
GetSystemTimeAsFileTime
LocalFree
PostQueuedCompletionStatus
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetComputerNameW
SetLastError
HeapFree
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
DisableThreadLibraryCalls
GetSystemDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
GetLocalTime
WriteFile
GetFileSize
CloseHandle
GetFileAttributesW
DelayLoadFailureHook
ResolveDelayLoadedAPI
ReadFile
DeleteFileW
GetFullPathNameW
OpenMutexW
MapViewOfFile
CreateProcessW
CreateMutexW
SetEnvironmentVariableW
WaitForMultipleObjects
VirtualAlloc
VirtualFree
GetTempFileNameW
GetTimeFormatW
GetTempPath2W

advapi32

GetSecurityDescriptorLength
ReportEventW
SetSecurityDescriptorDacl
RegNotifyChangeKeyValue
GetSecurityDescriptorDacl
QueryServiceStatus
SetSecurityDescriptorOwner
CloseServiceHandle
OpenSCManagerW
AllocateAndInitializeSid
SetEntriesInAclW
CopySid
GetSecurityDescriptorOwner
IsValidSid
OpenProcessToken
FreeSid
StartServiceW
InitializeSecurityDescriptor
OpenServiceW
GetLengthSid
OpenThreadToken
SetSecurityDescriptorGroup
GetTokenInformation
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegDeleteKeyW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegQueryInfoKeyW
RegQueryValueExW
GetSecurityDescriptorControl
IsValidSecurityDescriptor
RegCloseKey
RegOpenKeyExW
TraceMessage

winspool.drv

GetJobW
OpenPrinterW
GetPrinterW
DocumentPropertiesW
SetJobW
ClosePrinter
EnumPrintersW
AddPrinterW
FindClosePrinterChangeNotification
SetPrinterW
FindNextPrinterChangeNotification
FindFirstPrinterChangeNotification

gdi32

SetTextColor
SaveDC
SelectObject
PlayEnhMetaFile
StretchDIBits
SetEnhMetaFileBits
SetWindowOrgEx
CreateRectRgnIndirect
GetEnhMetaFileHeader
SetWindowExtEx
DeleteEnhMetaFile
SetViewportExtEx
GetDeviceCaps
StartPage
EndPage
CreateDCW
StartDocW
DeleteDC
EndDoc
CreateFontIndirectW
SetMapMode
DeleteObject
LPtoDP
RestoreDC
SelectClipRgn
SetBkMode

user32

DrawTextW
PostMessageW

Exports

Exports

FXSAPIFree
FXSAPIInitialize
FaxAbort
FaxAccessCheck
FaxAccessCheckEx
FaxAccessCheckEx2
FaxAddOutboundGroupA
FaxAddOutboundGroupW
FaxAddOutboundRuleA
FaxAddOutboundRuleW
FaxAnswerCall
FaxCheckValidFaxFolder
FaxClose
FaxCompleteJobParamsA
FaxCompleteJobParamsW
FaxConnectFaxServerA
FaxConnectFaxServerW
FaxCreateAccount
FaxDeleteAccount
FaxEnableRoutingMethodA
FaxEnableRoutingMethodW
FaxEndMessagesEnum
FaxEnumAccounts
FaxEnumGlobalRoutingInfoA
FaxEnumGlobalRoutingInfoW
FaxEnumJobsA
FaxEnumJobsEx2
FaxEnumJobsExA
FaxEnumJobsExW
FaxEnumJobsW
FaxEnumMessagesA
FaxEnumMessagesEx
FaxEnumMessagesW
FaxEnumOutboundGroupsA
FaxEnumOutboundGroupsW
FaxEnumOutboundRulesA
FaxEnumOutboundRulesW
FaxEnumPortsA
FaxEnumPortsExA
FaxEnumPortsExW
FaxEnumPortsW
FaxEnumRoutingExtensionsA
FaxEnumRoutingExtensionsW
FaxEnumRoutingMethodsA
FaxEnumRoutingMethodsW
FaxEnumerateProvidersA
FaxEnumerateProvidersW
FaxFreeBuffer
FaxFreeSenderInformation
FaxGetAccountInfo
FaxGetActivityLoggingConfigurationA
FaxGetActivityLoggingConfigurationW
FaxGetArchiveConfigurationA
FaxGetArchiveConfigurationW
FaxGetConfigOption
FaxGetConfigWizardUsed
FaxGetConfigurationA
FaxGetConfigurationW
FaxGetCountryListA
FaxGetCountryListW
FaxGetDeviceStatusA
FaxGetDeviceStatusW
FaxGetExtensionDataA
FaxGetExtensionDataW
FaxGetGeneralConfiguration
FaxGetJobA
FaxGetJobEx2
FaxGetJobExA
FaxGetJobExW
FaxGetJobW
FaxGetLoggingCategoriesA
FaxGetLoggingCategoriesW
FaxGetMessageA
FaxGetMessageEx
FaxGetMessageTiffA
FaxGetMessageTiffW
FaxGetMessageW
FaxGetOutboxConfiguration
FaxGetPageData
FaxGetPersonalCoverPagesOption
FaxGetPortA
FaxGetPortExA
FaxGetPortExW
FaxGetPortW
FaxGetQueueStates
FaxGetReceiptsConfigurationA
FaxGetReceiptsConfigurationW
FaxGetReceiptsOptions
FaxGetRecipientInfoA
FaxGetRecipientInfoW
FaxGetRecipientsLimit
FaxGetReportedServerAPIVersion
FaxGetRoutingInfoA
FaxGetRoutingInfoW
FaxGetSecurity
FaxGetSecurityEx
FaxGetSecurityEx2
FaxGetSenderInfoA
FaxGetSenderInfoW
FaxGetSenderInformation
FaxGetServerActivity
FaxGetServerSKU
FaxGetServicePrintersA
FaxGetServicePrintersW
FaxGetVersion
FaxInitializeEventQueue
FaxOpenPort
FaxPrintCoverPageA
FaxPrintCoverPageW
FaxReAssignMessage
FaxRefreshArchive
FaxRegisterForServerEvents
FaxRegisterForServerEventsEx
FaxRegisterRoutingExtensionW
FaxRegisterServiceProviderExA
FaxRegisterServiceProviderExW
FaxRelease
FaxRemoveMessage
FaxRemoveOutboundGroupA
FaxRemoveOutboundGroupW
FaxRemoveOutboundRule
FaxSendDocumentA
FaxSendDocumentEx2
FaxSendDocumentExA
FaxSendDocumentExW
FaxSendDocumentForBroadcastA
FaxSendDocumentForBroadcastW
FaxSendDocumentW
FaxSetActivityLoggingConfigurationA
FaxSetActivityLoggingConfigurationW
FaxSetArchiveConfigurationA
FaxSetArchiveConfigurationW
FaxSetConfigWizardUsed
FaxSetConfigurationA
FaxSetConfigurationW
FaxSetDeviceOrderInGroupA
FaxSetDeviceOrderInGroupW
FaxSetExtensionDataA
FaxSetExtensionDataW
FaxSetGeneralConfiguration
FaxSetGlobalRoutingInfoA
FaxSetGlobalRoutingInfoW
FaxSetJobA
FaxSetJobW
FaxSetLoggingCategoriesA
FaxSetLoggingCategoriesW
FaxSetMessage
FaxSetOutboundGroupA
FaxSetOutboundGroupW
FaxSetOutboundRuleA
FaxSetOutboundRuleW
FaxSetOutboxConfiguration
FaxSetPortA
FaxSetPortExA
FaxSetPortExW
FaxSetPortW
FaxSetQueue
FaxSetReceiptsConfigurationA
FaxSetReceiptsConfigurationW
FaxSetRoutingInfoA
FaxSetRoutingInfoW
FaxSetSecurity
FaxSetSecurityEx2
FaxSetSenderInformation
FaxStartMessagesEnum
FaxStartMessagesEnumEx
FaxStartPrintJob2W
FaxStartPrintJobA
FaxStartPrintJobW
FaxUnregisterForServerEvents
FaxUnregisterRoutingExtensionA
FaxUnregisterRoutingExtensionW
FaxUnregisterServiceProviderExA
FaxUnregisterServiceProviderExW
IsDeviceVirtual

Sections

.text
Size: 244KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CompiledLuau/Workspace/Disable_Niggers.dll
.dll windows:10 windows x64 arch:x64

6928bcb74ed65bee81d8cebf1ab38821

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8a:50:55:4d:2a:ae:7d:76:4c:49:21:bf:fa:4b:4b:21:12:20:25:64:98:23:19:e4:7a:67:9d:87:9b:f9:d1:fb
Signer

Actual PE Digest

8a:50:55:4d:2a:ae:7d:76:4c:49:21:bf:fa:4b:4b:21:12:20:25:64:98:23:19:e4:7a:67:9d:87:9b:f9:d1:fb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppVEntSubsystems.pdb

Imports

ntdll

NtSetEvent
NtSetSecurityObject
NtReadFile
NtQuerySecurityObject
NtWriteFile
NtQueryObject
NtQueryKey
NtSetInformationThread
RtlCompareUnicodeString
RtlEqualUnicodeString
RtlInitAnsiString
NtSetValueKey
RtlPcToFileHeader
RtlInitUnicodeString
NtDuplicateObject
RtlNtStatusToDosError
RtlUnwind
RtlCaptureContext
NtRenameKey
NtCreateKey
RtlUnwindEx
NtClose
RtlInitializeGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlCopyUnicodeString
RtlInsertElementGenericTableAvl
RtlEnumerateGenericTableAvl
RtlIsGenericTableEmptyAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlIsNameInExpression
RtlPrefixUnicodeString
RtlAllocateHeap
RtlFreeHeap
NtQueryInformationProcess
RtlIntegerToUnicodeString
RtlVirtualUnwind
RtlLookupFunctionEntry
NtDeleteValueKey
NtDeleteKey
NtEnumerateKey
NtEnumerateValueKey
NtOpenKey
NtNotifyChangeMultipleKeys
NtFlushKey
NtQueryValueKey

kernel32

FreeLibrary
GetModuleFileNameA
HeapFree
SetLastError
EnterCriticalSection
GetCurrentProcess
GetModuleHandleExW
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
FormatMessageW
K32GetModuleInformation
HeapAlloc
GetProcAddress
DeleteCriticalSection
GetProcessHeap
GetModuleHandleW
DebugBreak
GetModuleFileNameW
CreateMutexW
WaitForSingleObject
ReleaseMutex
DisableThreadLibraryCalls
IsDebuggerPresent
CheckRemoteDebuggerPresent
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LocalFree
LCMapStringEx
GetCPInfo
CompareStringEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
HeapReAlloc
GetCurrentThread
GetStdHandle
GetFileType
GetLastError
RaiseException
CreateThread
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
LoadLibraryExW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
IsValidCodePage
GetOEMCP
GetFileSizeEx
SetFilePointerEx
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
ReadFile
ReadConsoleW
OutputDebugStringW
HeapSize
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CreateFileW
WriteConsoleW
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
InterlockedFlushSList
FindFirstFileExW
GetCommandLineA
GetCommandLineW
LoadLibraryW
FlsAlloc
CloseHandle
GetStartupInfoW
GetACP
FreeLibraryAndExitThread
ExitThread
VirtualAlloc
GetSystemInfo
HeapDestroy

advapi32

EventRegister
EventSetInformation
EventUnregister
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
EventWriteTransfer

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
VirtualFree
CreateFileMappingW
VirtualProtect
VirtualQuery

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-security-base-l1-1-0

MakeSelfRelativeSD
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
MakeAbsoluteSD
EqualSid
CopySid
InitializeSid
GetAclInformation
SetSecurityDescriptorOwner
IsValidSid
GetSidSubAuthority
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetLengthSid
GetTokenInformation
AddAce
DuplicateTokenEx
InitializeSecurityDescriptor
InitializeAcl
SetSecurityDescriptorGroup
GetSecurityDescriptorGroup
GetSidLengthRequired
DuplicateToken
SetSecurityDescriptorDacl

api-ms-win-core-file-l1-1-0

GetFileAttributesW
GetFinalPathNameByHandleW
GetLogicalDriveStringsW
FindNextFileW
QueryDosDeviceW
FindFirstFileW
FindFirstVolumeW
FindVolumeClose
FindNextVolumeW
GetShortPathNameW
GetVolumePathNameW
FindClose

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
GetEnvironmentVariableW
SearchPathW
SetCurrentDirectoryW
ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-0

CreateProcessAsUserW
SetThreadToken
GetProcessId
SuspendThread
ResumeThread
TlsSetValue
OpenThreadToken
TlsGetValue
OpenProcessToken
TlsAlloc
CreateProcessW
TlsFree

userenv

UnloadUserProfile

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUnmarshalInterface
CoMarshalInterface
CLSIDFromString
CoCreateGuid
CoGetTreatAsClass
StringFromGUID2
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemAlloc
PropVariantClear
CoUninitialize
StringFromCLSID
CoTaskMemFree

api-ms-win-core-sysinfo-l1-1-0

GetVersion
GetVersionExW
GetWindowsDirectoryW
GetSystemDirectoryW

api-ms-win-core-processthreads-l1-1-1

SetThreadContext
FlushInstructionCache
GetThreadContext
GetProcessMitigationPolicy

api-ms-win-core-psapi-l1-1-0

K32GetMappedFileNameW

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-file-l1-2-2

FindFirstFileNameW
FindNextFileNameW

api-ms-win-core-url-l1-1-0

UrlCreateFromPathW
PathCreateFromUrlW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegSetValueExW
RegEnumValueW
RegCreateKeyExW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
ReleaseSRWLockExclusive
OpenSemaphoreW
CreateMutexExW
ReleaseSemaphore
CreateSemaphoreExW
InitializeSRWLock
AcquireSRWLockExclusive
ReleaseSRWLockShared
OpenEventW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-memory-l1-1-4

QueryVirtualMemoryInformation

api-ms-win-core-synch-l1-2-0

Sleep

rpcrt4

RpcServerListen
RpcServerRegisterAuthInfoW
RpcRevertToSelf
UuidCreate
RpcBindingSetAuthInfoExW
NdrClientCall2
RpcServerRegisterIf2
RpcServerUnregisterIf
RpcServerUseProtseqEpW
RpcBindingInqAuthClientW
RpcBindingFree
RpcImpersonateClient
RpcStringBindingComposeW
NdrServerCall2
RpcBindingFromStringBindingW
RpcStringFreeW

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-namedpipe-l1-1-0

DisconnectNamedPipe
ConnectNamedPipe
PeekNamedPipe
CreateNamedPipeW

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-console-l3-2-0

GetConsoleWindow

api-ms-win-shcore-sysinfo-l1-1-0

GetCurrentProcessExplicitAppUserModelID

api-ms-win-core-handle-l1-1-0

DuplicateHandle

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

user32

CallWindowProcW
GetParent
IsWindowVisible
GetWindowLongW
FindWindowW
PeekMessageW
DispatchMessageW
WaitForInputIdle

gdi32

CreateScalableFontResourceW
AddFontResourceExW

ole32

GetClassFile
CreateFileMoniker
GetRunningObjectTable

shell32

SHCreateItemFromParsingName
SHGetPathFromIDListW
SHParseDisplayName

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-localization-l1-2-0

GetUserDefaultLangID

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

Exports

Exports

APIExportForDetours
CurrentThreadIsVirtualized
IsProcessHooked
RequestUnhookedFunctionList
VirtualizeCurrentProcess
VirtualizeCurrentThread

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 504KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mrdata
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourd
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CompiledLuau/Workspace/energy.dll
.dll windows:10 windows x64 arch:x64

63fea52d196352808929277d0e5675df

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

be:88:09:06:87:61:76:db:b1:13:38:a5:0c:f0:bc:a2:0b:76:9d:94:df:3f:6a:53:63:3f:be:3c:6c:9f:95:f2
Signer

Actual PE Digest

be:88:09:06:87:61:76:db:b1:13:38:a5:0c:f0:bc:a2:0b:76:9d:94:df:3f:6a:53:63:3f:be:3c:6c:9f:95:f2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppVCatalog.pdb

Imports

msvcp_win

??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
?exceptions@ios_base@std@@QEAAXH@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
?uncaught_exception@std@@YA_NXZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__stricmp
_o__ultow_s
memmove
_o__waccess
_o__wcsicmp
_o__wcsnicmp
_o__wcsupr_s
_o__wsplitpath_s
_o__wtoi
_o_ceilf
_o_free
_o_iswalpha
_o_iswdigit
_o_malloc
_o_terminate
_o_towupper
_o_wcscpy_s
__current_exception
__current_exception_context
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcschr
__C_specific_handler
strrchr
__std_terminate
__CxxFrameHandler4
__RTDynamicCast
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

shlwapi

PathFileExistsW

kernel32

FreeLibrary
IsWow64Process
FindFirstFileW
GetFileSizeEx
ReadFile
VirtualProtect
LoadLibraryExA
CreateEventW
WriteFile
SetFileTime
SetFileAttributesW
GetFileAttributesExW
MoveFileExW
GetTempFileNameW
GetTempPath2W
CopyFileExW
GetFileTime
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapDestroy
HeapReAlloc
HeapSize
FileTimeToSystemTime
DeleteCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteFileW
CreateHardLinkW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileExW
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
LocalFree
CreateMutexExW
GetProcAddress
HeapAlloc
RaiseException
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
GetCurrentThread
OutputDebugStringW
FormatMessageW
ReleaseMutex
CreateFileW
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
GetCurrentProcess
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
SystemTimeToFileTime
AcquireSRWLockShared
GetLocalTime
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetCurrentThreadId
InitializeSRWLock
GetLastError
Sleep
GetFileAttributesW
GetSystemInfo
VirtualQuery
InitializeCriticalSectionAndSpinCount

advapi32

RegQueryValueExW
EventWriteTransfer
RegCloseKey
EventActivityIdControl
GetTokenInformation
OpenThreadToken
GetLengthSid
ConvertSidToStringSidW
DuplicateToken
SetThreadToken
OpenProcessToken
IsValidSid
CopySid
RegCreateKeyExW
RegDeleteKeyValueW
RegDeleteKeyExW
RegSetKeyValueW
EventUnregister
EventSetInformation
EventRegister
RevertToSelf
ImpersonateLoggedOnUser
RegOpenCurrentUser
RegQueryInfoKeyW
RegDeleteTreeW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW

ole32

CoTaskMemFree
CLSIDFromString
CoCreateInstance

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString
VariantCopy

shell32

ord165
SHGetKnownFolderPath

appvpolicy

ord7
ord8
ord6
ord3
ord10
ord9

appvmanifest

ord3

Exports

Exports

Deinitialize
GetClientCatalog
GetComponent
Initialize
InitializeISV

Sections

.text
Size: 332KB - Virtual size: 329KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CompiledLuau/Workspace/power.dll
.dll windows:10 windows x64 arch:x64

2e5eaa7829aa1733eda36d523cf3e281

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppManagementConfiguration.pdb

Imports

msvcrt

memcpy
memmove
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
?what@exception@@UEBAPEBDXZ
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
??_V@YAXPEAX@Z
__C_specific_handler
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
__CxxFrameHandler4
_XcptFilter
_amsg_exit
free
malloc
__CxxFrameHandler3
_initterm
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
memset
wcscmp

kernel32

QueryPerformanceCounter
FreeLibrary
LocalFree
LocalAlloc
GetProcessMitigationPolicy
GetModuleFileNameW
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
AcquireSRWLockShared
GetModuleFileNameA
InitOnceExecuteOnce
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
EncodePointer
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
DisableThreadLibraryCalls
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
ReleaseSRWLockShared
HeapAlloc
DecodePointer
GetProcAddress
CreateMutexExW

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegGetValueW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
OpenSCManagerW
StartServiceW

api-ms-win-service-management-l2-1-0

ChangeServiceConfigW

api-ms-win-service-winsvc-l1-1-0

ControlService
QueryServiceStatus

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
ProcessAppVPolicy
ProcessUevPolicy

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CompiledLuau/whatthefucklol.dll
.dll windows:10 windows x64 arch:x64

9210c12251c82bd15c556e0a844e9374

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

24:69:c1:43:f4:cc:33:b0:18:2b:a0:0a:1b:c2:4e:58:bc:28:40:bc:8b:a6:72:3b:ec:4c:d1:96:73:ab:03:aa
Signer

Actual PE Digest

24:69:c1:43:f4:cc:33:b0:18:2b:a0:0a:1b:c2:4e:58:bc:28:40:bc:8b:a6:72:3b:ec:4c:d1:96:73:ab:03:aa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppVOrchestration.pdb

Imports

msvcp_win

?exceptions@ios_base@std@@QEAAXH@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
?_Xbad_function_call@std@@YAXXZ
??Bid@locale@std@@QEAA_KXZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?uncaught_exception@std@@YA_NXZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__stricmp
memmove
_o__ultow_s
_o__wcsicmp
_o__wcsupr_s
_o__wtoi
_o_ceilf
_o_free
_o_iswalpha
_o_iswdigit
_o_malloc
_o_terminate
_o_towupper
_o_wcscpy_s
__current_exception
__current_exception_context
_CxxThrowException
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__C_specific_handler
strrchr
__std_terminate
__CxxFrameHandler4
_o__execute_onexit_table
_o__errno
wcschr
__RTDynamicCast
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

appvpolicy

ord6

advapi32

EventActivityIdControl
EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister
GetTokenInformation
GetSidIdentifierAuthority
OpenThreadToken
GetLengthSid
DuplicateToken
SetThreadToken
OpenProcessToken
RegSetValueExW
IsValidSid
CopySid
RegCreateKeyExW
RegDeleteKeyValueW
GetSidSubAuthority
GetSidSubAuthorityCount
RegOpenCurrentUser
RegCloseKey
RegSetKeyValueW
ConvertSidToStringSidW
RegOpenKeyExW
RegQueryInfoKeyW
DuplicateTokenEx
ConvertStringSidToSidW
SetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
RegOpenKeyW
RegDeleteKeyW
RegEnumKeyW
MapGenericMask
GetNamedSecurityInfoW
AccessCheck

kernel32

GetModuleFileNameW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapDestroy
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
LocalFree
GetLocalTime
Sleep
DuplicateHandle
DebugBreak
TlsGetValue
SystemTimeToFileTime
RaiseException
TlsAlloc
GetCurrentThread
FileTimeToSystemTime
QueueUserWorkItem
GetCurrentProcess
SetLastError
TlsSetValue
DisableThreadLibraryCalls
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
FreeLibrary
GetProcAddress
LoadLibraryW
DeleteCriticalSection
ResetEvent
CloseHandle
SetEvent
GetLastError
CreateEventW
GetCurrentThreadId
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTempPath2W
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
GetModuleFileNameA
CreateSemaphoreExW
ReleaseSemaphore
GetModuleHandleExW
ReleaseMutex
FormatMessageW
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
RemoveDirectoryW
FindFirstFileW
FindNextFileW
FindClose
InitializeCriticalSectionAndSpinCount
SetFileAttributesW
GetTempFileNameW
DeleteFileW
MoveFileExW
TlsFree

ole32

CLSIDFromString
CoInitializeEx
CoUninitialize
CoTaskMemFree

oleaut32

SysAllocString
VariantClear
VariantCopy

shell32

SHCreateDirectoryExW
SHFileOperationW
SHGetKnownFolderPath

userenv

UnloadUserProfile

Exports

Exports

Deinitialize
GetControllerComponent
GetControllerRequests
Initialize
InitializeISV

Sections

.text
Size: 388KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CompiledLuau/whothefuckisu.dll
.dll windows:10 windows x64 arch:x64

2e71a81bcee802a38c94c3dc791e851f

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:f4:07:d5:99:34:fa:d0:63:50:f5:d8:70:2a:a1:37:6b:20:59:24:ac:0f:3e:ce:d6:17:6e:8e:d6:c1:6a:bd
Signer

Actual PE Digest

07:f4:07:d5:99:34:fa:d0:63:50:f5:d8:70:2a:a1:37:6b:20:59:24:ac:0f:3e:ce:d6:17:6e:8e:d6:c1:6a:bd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppVEntSubsystemController.pdb

Imports

msvcp_win

?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Xbad_function_call@std@@YAXXZ
?exceptions@ios_base@std@@QEAAXH@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?id@?$numpunct@_W@std@@2V0locale@2@A
?classic@locale@std@@SAAEBV12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPEBD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
_Mbrtowc
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?is@?$ctype@_W@std@@QEBA_NF_W@Z
_Wcscoll
?id@?$collate@_W@std@@2V0locale@2@A
_Wcsxfrm
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??Bid@locale@std@@QEAA_KXZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__stricmp
_o__wcsicmp
_o__wcslwr_s
_o__wcsnicmp
_o__wcsupr_s
memmove
_o__wsplitpath_s
_o__wtoi
_o__invalid_parameter_noinfo_noreturn
_o_calloc
_o_free
_o_iswalpha
_o_iswdigit
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
_o_towupper
_o_wcscpy_s
_o_wcsncpy_s
_o_wmemcpy_s
__current_exception
__current_exception_context
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcschr
__std_type_info_compare
strchr
strrchr
__std_terminate
__C_specific_handler
__CxxFrameHandler4
__RTDynamicCast
memcmp
memcpy

fltlib

FilterSendMessage
FilterConnectCommunicationPort

advapi32

EventUnregister
EventSetInformation
EventRegister
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
AdjustTokenPrivileges
GetTokenInformation
OpenThreadToken
DuplicateTokenEx
GetLengthSid
ConvertSidToStringSidW
DuplicateToken
CreateProcessAsUserW
SetThreadToken
OpenProcessToken
IsValidSid
CopySid
SetTokenInformation
EventWriteTransfer
LookupPrivilegeValueW
CheckTokenMembership
InitializeSid
GetSidLengthRequired
GetSidSubAuthority
EqualSid
ImpersonateLoggedOnUser
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
RegSetValueExW
RevertToSelf
RegDeleteKeyExW
MakeAbsoluteSD
RegSetKeySecurity
AccessCheck
GetAce
ConvertSecurityDescriptorToStringSecurityDescriptorW
SetSecurityDescriptorSacl
MapGenericMask
EnumServicesStatusExW
EnumServicesStatusW
CloseServiceHandle
OpenSCManagerW
StartServiceW
OpenServiceW
RegUnLoadKeyW
RegLoadKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumValueW
RegSetKeyValueW
RegOpenCurrentUser
RegCreateKeyExW
ConvertStringSidToSidW
RegEnumKeyExW
RegDeleteTreeW
EventActivityIdControl
GetSidSubAuthorityCount
GetSidIdentifierAuthority
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetAclInformation
SetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
AddAce
InitializeSecurityDescriptor
InitializeAcl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorLength
MakeSelfRelativeSD
SetSecurityDescriptorGroup

kernel32

CreateMutexW
ReleaseMutex
SetThreadPriority
CreateThread
GetTickCount
DebugBreak
GetVolumePathNameW
GetFileAttributesW
CheckNameLegalDOS8Dot3W
ReleaseSemaphore
ReadFile
SetNamedPipeHandleState
PeekNamedPipe
DisconnectNamedPipe
QueueUserWorkItem
GetOverlappedResult
TransactNamedPipe
WaitNamedPipeW
CreateSemaphoreW
FindNextFileW
LoadLibraryA
GetFinalPathNameByHandleW
DeleteFileW
CopyFileW
CreateRemoteThread
GetNativeSystemInfo
GetModuleFileNameA
CreateSemaphoreExW
GetModuleHandleExW
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
FormatMessageW
OutputDebugStringW
CloseThreadpoolTimer
WaitForSingleObjectEx
OpenSemaphoreW
SetThreadpoolTimer
CreateThreadpoolTimer
CreateMutexExW
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
InitializeCriticalSectionAndSpinCount
VirtualQuery
VirtualProtect
VirtualQueryEx
ReadProcessMemory
VirtualAllocEx
VirtualProtectEx
ResumeThread
SetLastError
WriteProcessMemory
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleHandleW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
lstrcmpiW
GetEnvironmentVariableW
HeapDestroy
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
AcquireSRWLockShared
ResetEvent
ReleaseSRWLockShared
AcquireSRWLockExclusive
SetEvent
ReleaseSRWLockExclusive
CreateEventW
WaitForMultipleObjects
GetExitCodeProcess
IsWow64Process
WideCharToMultiByte
CreateProcessW
GetCurrentProcessId
LocalFree
GetCurrentThread
ProcessIdToSessionId
OpenProcess
WaitForSingleObject
GetCurrentProcess
QueryDosDeviceW
DeleteCriticalSection
RaiseException
CloseHandle
GetLastError
GetCurrentThreadId
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeSRWLock
DisableThreadLibraryCalls
DuplicateHandle
GetVersionExW
Sleep
FindFirstFileW
SearchPathW
GetLongPathNameW
ExpandEnvironmentStringsW
GetShortPathNameW
FindClose
CreateFileW
GetSystemDirectoryW
VirtualFreeEx
QueryFullProcessImageNameW

ntdll

RtlInitUnicodeString
NtQueryInformationProcess
NtOpenJobObject
RtlNtStatusToDosError

ole32

CoInitializeEx
StringFromCLSID
CoCreateGuid
PropVariantClear
CLSIDFromString
CoTaskMemFree
CoUninitialize
CoSetProxyBlanket
CoCreateInstance

oleaut32

VariantInit
SysFreeString
VariantClear
SysAllocString

rpcrt4

NdrServerCall2
RpcRevertToSelfEx
RpcServerRegisterAuthInfoW
RpcServerListen
RpcRevertToSelf
RpcImpersonateClient
RpcServerRegisterIf2
RpcServerUnregisterIf
RpcServerUseProtseqEpW
RpcBindingInqAuthClientW

shell32

SHGetKnownFolderPath
ord165

shlwapi

PathMatchSpecW

userenv

ExpandEnvironmentStringsForUserW
UnloadUserProfile

user32

EnumWindows
GetWindowThreadProcessId
PostMessageW

psapi

GetProcessImageFileNameW
EnumProcessModulesEx
GetModuleFileNameExW

appvfilesystemmetadata

ord1

Exports

Exports

Deinitialize
GetComponent
GetVirtualEnvironmentUtils
Initialize

Sections

.text
Size: 780KB - Virtual size: 778KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mrdata
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3c3fe0db9b591deca779096f71306ae

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

coremessaging

ext-ms-win-resourcemanager-gamemode-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-security-capability-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-rtcore-ntuser-window-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-appmodel-runtime-l1-1-0

api-ms-win-ntuser-sysparams-l1-1-0

dxgi

d3d11

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 110KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 4KB - Virtual size: 3KB

.pdata Size: 8KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 896B

2a3bd753060cbe356d161e60bb9d1bae

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

rpcrt4

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-1

.text
Size: 112KB - Virtual size: 110KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 4KB - Virtual size: 3KB

.pdata
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 896B

.text
Size: 160KB - Virtual size: 156KB

.rdata
Size: 72KB - Virtual size: 69KB

.data
Size: 4KB - Virtual size: 4KB

.pdata
Size: 8KB - Virtual size: 7KB

.didat
Size: 4KB - Virtual size: 136B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB