application[.]zip

Resubmissions

09/07/2024, 13:39

240709-qydwdayanf 7

09/07/2024, 07:52

09/07/2024, 06:42

09/07/2024, 06:34

09/07/2024, 05:47

Sharing

Copy URL Twitter E-mail

General

Target

application.zip
Size

199.1MB
MD5

3ff2cfb0d40a8d203dbc8e7e213abfd1
SHA1

51e29901a0e5f7e7c93b22ef07f9ecbcf038fcea
SHA256

9df41ebe1a2c61bbc382a85a7788e127e4dafada4955a1b6c3dfcaf460bd714f
SHA512

a8ca689dce70cad02d3a438fab918b143699eb27c22f7fa40418ea26b154f93db4f99b4611a597720bc0c72933f458c98e3793af800e991ecc783a21da4c466a
SSDEEP

6291456:UOriWJ0ns9w5OrSTi87nm1o/h6aXXRhevjJiEmRA:UOri2qnmwHhhXilixK

Score

3^/10

Malware Config

Signatures

Unsigned PE 468 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ARP.EXE
unpack001/AggregatorHost.exe
unpack001/AppHostRegistrationVerifier.exe
unpack001/ApproveChildRequest.exe
unpack001/AtBroker.exe
unpack001/AxInstUI.exe
unpack001/BackgroundTransferHost.exe
unpack001/BdeUISrv.exe
unpack001/BitLockerDeviceEncryption.exe
unpack001/BitLockerWizardElev.exe
unpack001/ByteCodeGenerator.exe
unpack001/CIDiag.exe
unpack001/CertEnrollCtrl.exe
unpack001/CheckNetIsolation.exe
unpack001/CompMgmtLauncher.exe
unpack001/CompPkgSrv.exe
unpack001/ComputerDefaults.exe
unpack001/CustomInstallExec.exe
unpack001/DFDWiz.exe
unpack001/DWWIN.EXE
unpack001/DataStoreCacheDumpTool.exe
unpack001/Defrag.exe
unpack001/DeviceCredentialDeployment.exe
unpack001/DeviceEject.exe
unpack001/DeviceEnroller.exe
unpack001/DevicePairingWizard.exe
unpack001/DeviceProperties.exe
unpack001/DiskSnapshot.exe
unpack001/DmNotificationBroker.exe
unpack001/DmOmaCpMo.exe
unpack001/DpiScaling.exe
unpack001/DsmUserTask.exe
unpack001/Dxpserver.exe
unpack001/EASPolicyManagerBrokerHost.exe
unpack001/EDPCleanup.exe
unpack001/Eap3Host.exe
unpack001/EaseOfAccessDialog.exe
unpack001/EduPrintProv.exe
unpack001/EhStorAuthn.exe
unpack001/EoAExperiences.exe
unpack001/FileDialogBroker.exe
unpack001/FileHistory.exe
unpack001/Fondue.exe
unpack001/GameBarPresenceWriter.exe
unpack001/GamePanel.exe
unpack001/HOSTNAME.EXE
unpack001/IESettingSync.exe
unpack001/ISM.exe
unpack001/IcsEntitlementHost.exe
unpack001/InfDefaultInstall.exe
unpack001/InputSwitchToastHandler.exe
unpack001/LanguageComponentsInstallerComHandler.exe
unpack001/LaunchTM.exe
unpack001/LaunchWinApp.exe
unpack001/LegacyNetUXHost.exe
unpack001/LicenseManagerShellext.exe
unpack001/LiveCaptions.exe
unpack001/LocationNotificationWindows.exe
unpack001/Locator.exe
unpack001/LogonUI.exe
unpack001/MBR2GPT.EXE
unpack001/MDEServer.exe
unpack001/MDMAgent.exe
unpack001/MDMAppInstaller.exe
unpack001/MRINFO.EXE
unpack001/MSchedExe.exe
unpack001/Magnify.exe
unpack001/MdRes.exe
unpack001/MdSched.exe
unpack001/MdmDiagnosticsTool.exe
unpack001/MicrosoftEdgeBCHost.exe
unpack001/MicrosoftEdgeCP.exe
unpack001/MicrosoftEdgeDevTools.exe
unpack001/MicrosoftEdgeSH.exe
unpack001/MoNotificationUxStub.exe
unpack001/MsSpellCheckingHost.exe
unpack001/MuiUnattend.exe
unpack001/MultiDigiMon.exe
unpack001/NETSTAT.EXE
unpack001/Narrator.exe
unpack001/NetCfgNotifyObjectHost.exe
unpack001/NetEvtFwdr.exe
unpack001/NetHost.exe
unpack001/Netplwiz.exe
unpack001/OptionalFeatures.exe
unpack001/PATHPING.EXE
unpack001/PING.EXE
unpack001/PackagedCWALauncher.exe
unpack001/PinEnrollmentBroker.exe
unpack001/PkgMgr.exe
unpack001/PnPUnattend.exe
unpack001/PresentationHost.exe
unpack001/PrintIsolationHost.exe
unpack001/RMActivate.exe
unpack001/RMActivate_isv.exe
unpack001/RMActivate_ssp.exe
unpack001/RMActivate_ssp_isv.exe
unpack001/ROUTE.EXE
unpack001/RdpSa.exe
unpack001/RdpSaProxy.exe
unpack001/RdpSaUacHelper.exe
unpack001/ReAgentc.exe
unpack001/RecoveryDrive.exe
unpack001/Register-CimProvider.exe
unpack001/RelPost.exe
unpack001/RemotePosWorker.exe
unpack001/RmClient.exe
unpack001/Robocopy.exe
unpack001/RpcPing.exe
unpack001/RunLegacyCPLElevated.exe
unpack001/SearchFilterHost.exe
unpack001/SearchIndexer.exe
unpack001/SearchProtocolHost.exe
unpack001/SecEdit.exe
unpack001/SecureBootEncodeUEFI.exe
unpack001/SecurityHealthSystray.exe
unpack001/SensorDataService.exe
unpack001/SensorRuntimeBroker.exe
unpack001/SpaceAgent.exe
unpack001/SpatialAudioLicenseSrv.exe
unpack001/Spectrum.exe
unpack001/SppExtComObj.Exe
unpack001/SrTasks.exe
unpack001/SyncHost.exe
unpack001/SystemPropertiesAdvanced.exe
unpack001/SystemPropertiesComputerName.exe
unpack001/SystemPropertiesDataExecutionPrevention.exe
unpack001/SystemPropertiesHardware.exe
unpack001/SystemPropertiesPerformance.exe
unpack001/SystemPropertiesProtection.exe
unpack001/SystemPropertiesRemote.exe
unpack001/SystemUWPLauncher.exe
unpack001/TCPSVCS.EXE
unpack001/TRACERT.EXE
unpack001/TSTheme.exe
unpack001/TSWbPrxy.exe
unpack001/TapiUnattend.exe
unpack001/ThumbnailExtractionHost.exe
unpack001/TieringEngineService.exe
unpack001/TokenBrokerCookies.exe
unpack001/TpmInit.exe
unpack001/TpmTool.exe
unpack001/UCPDMgr.exe
unpack001/UIMgrBroker.exe
unpack001/UPPrinterInstaller.exe
unpack001/UpgradeResultsUI.exe
unpack001/UserAccountControlSettings.exe
unpack001/UserDataSource.exe
unpack001/UsoClient.exe
unpack001/UtcDecoderHost.exe
unpack001/Utilman.exe
unpack001/VSSVC.exe
unpack001/VaultCmd.exe
unpack001/VoiceAccess.exe
unpack001/WMPDMC.exe
unpack001/WPDShextAutoplay.exe
unpack001/WSCollect.exe
unpack001/WSManHTTPConfig.exe
unpack001/WSReset.exe
unpack001/WUDFHost.exe
unpack001/WallpaperHost.exe
unpack001/WinBioDataModelOOBE.exe
unpack001/WinRTNetMUAHostServer.exe
unpack001/WinSAT.exe
unpack001/Windows.Media.BackgroundPlayback.exe
unpack001/Windows.WARP.JITService.exe
unpack001/WindowsActionDialog.exe
unpack001/WindowsUpdateElevatedInstaller.exe
unpack001/WpcTok.exe
unpack001/XblGameSaveTask.exe
unpack001/agentactivationruntimestarter.exe
unpack001/alg.exe
unpack001/appidcertstorecheck.exe
unpack001/appidpolicyconverter.exe
unpack001/appidtel.exe
unpack001/at.exe
unpack001/attrib.exe
unpack001/auditpol.exe
unpack001/autochk.exe
unpack001/bash.exe
unpack001/bcdboot.exe
unpack001/bitsadmin.exe
unpack001/bootim.exe
unpack001/bridgeunattend.exe
unpack001/browserexport.exe
unpack001/bthudtask.exe
unpack001/cacls.exe
unpack001/calc.exe
unpack001/certreq.exe
unpack001/certutil.exe
unpack001/charmap.exe
unpack001/chkdsk.exe
unpack001/chkntfs.exe
unpack001/choice.exe
unpack001/cipher.exe
unpack001/cleanmgr.exe
unpack001/cliconfg.exe
unpack001/clip.exe
unpack001/cmd.exe
unpack001/cmdkey.exe
unpack001/cmdl32.exe
unpack001/cmmon32.exe
unpack001/cmstp.exe
unpack001/cofire.exe
unpack001/colorcpl.exe
unpack001/comp.exe
unpack001/compact.exe
unpack001/conhost.exe
unpack001/control.exe
unpack001/convert.exe
unpack001/coredpussvr.exe
unpack001/credwiz.exe
unpack001/cscript.exe
unpack001/ctfmon.exe
unpack001/cttune.exe
unpack001/cttunesvr.exe
unpack001/dasHost.exe
unpack001/dccw.exe
unpack001/dcomcnfg.exe
unpack001/ddodiag.exe
unpack001/deploymentcsphelper.exe
unpack001/desktopimgdownldr.exe
unpack001/dfrgui.exe
unpack001/dialer.exe
unpack001/directxdatabaseupdater.exe
unpack001/diskpart.exe
unpack001/diskperf.exe
unpack001/diskraid.exe
unpack001/diskusage.exe
unpack001/dispdiag.exe
unpack001/djoin.exe
unpack001/dllhst3g.exe
unpack001/dmcertinst.exe
unpack001/dmcfghost.exe
unpack001/dmclient.exe
unpack001/dnscacheugc.exe
unpack001/doskey.exe
unpack001/dpapimig.exe
unpack001/dpnsvr.exe
unpack001/driverquery.exe
unpack001/drvinst.exe
unpack001/dsregcmd.exe
unpack001/dstokenclean.exe
unpack001/dtdump.exe
unpack001/dusmtask.exe
unpack001/dvdplay.exe
unpack001/dwm.exe
unpack001/dxdiag.exe
unpack001/dxgiadaptercache.exe
unpack001/edpnotify.exe
unpack001/efsui.exe
unpack001/esentutl.exe
unpack001/eudcedit.exe
unpack001/eventcreate.exe
unpack001/eventvwr.exe
unpack001/expand.exe
unpack001/extrac32.exe
unpack001/fc.exe
unpack001/fhmanagew.exe
unpack001/find.exe
unpack001/findstr.exe
unpack001/finger.exe
unpack001/fixmapi.exe
unpack001/fltMC.exe
unpack001/fodhelper.exe
unpack001/fontview.exe
unpack001/forfiles.exe
unpack001/fsavailux.exe
unpack001/fsquirt.exe
unpack001/ftp.exe
unpack001/fvenotify.exe
unpack001/getmac.exe
unpack001/gpresult.exe
unpack001/gpupdate.exe
unpack001/grpconv.exe
unpack001/hdwwiz.exe
unpack001/help.exe
unpack001/hnsdiag.exe
unpack001/icacls.exe
unpack001/ie4uinit.exe
unpack001/ie4ushowIE.exe
unpack001/ieUnatt.exe
unpack001/iexpress.exe
unpack001/immersivetpmvscmgrsvr.exe
unpack001/ipconfig.exe
unpack001/iscsicli.exe
unpack001/iscsicpl.exe
unpack001/isoburn.exe
unpack001/klist.exe
unpack001/ksetup.exe
unpack001/ktmutil.exe
unpack001/la57setup.exe
unpack001/label.exe
unpack001/licensingdiag.exe
unpack001/lodctr.exe
unpack001/logagent.exe
unpack001/logman.exe
unpack001/lpkinstall.exe
unpack001/lpksetup.exe
unpack001/lpremove.exe
unpack001/makecab.exe
unpack001/manage-bde.exe
unpack001/mblctr.exe
unpack001/mcbuilder.exe
unpack001/mmc.exe
unpack001/mmgaserver.exe
unpack001/mobsync.exe
unpack001/mountvol.exe
unpack001/mpnotify.exe
unpack001/msconfig.exe
unpack001/msdt.exe
unpack001/msdtc.exe
unpack001/msfeedssync.exe
unpack001/mshta.exe
unpack001/msiexec.exe
unpack001/msinfo32.exe
unpack001/msra.exe
unpack001/mtstocom.exe
unpack001/nbtstat.exe
unpack001/ndadmin.exe
unpack001/net.exe
unpack001/net1.exe
unpack001/netbtugc.exe
unpack001/netcfg.exe
unpack001/netiougc.exe
unpack001/netsh.exe
unpack001/newdev.exe
unpack001/nltest.exe
unpack001/notepad.exe
unpack001/nslookup.exe
unpack001/ntprint.exe
unpack001/odbcad32.exe
unpack001/odbcconf.exe
unpack001/ofdeploy.exe
unpack001/omadmclient.exe
unpack001/omadmprc.exe
unpack001/openfiles.exe
unpack001/osk.exe
unpack001/pcalua.exe
unpack001/pcaui.exe
unpack001/pcwrun.exe
unpack001/perfmon.exe
unpack001/plasrv.exe
unpack001/pnputil.exe
unpack001/poqexec.exe
unpack001/pospaymentsworker.exe
unpack001/powercfg.exe
unpack001/prevhost.exe
unpack001/print.exe
unpack001/printfilterpipelinesvc.exe
unpack001/printui.exe
unpack001/proquota.exe
unpack001/provlaunch.exe
unpack001/provtool.exe
unpack001/psr.exe
unpack001/pwlauncher.exe
unpack001/rasautou.exe
unpack001/rasdial.exe
unpack001/raserver.exe
unpack001/rasphone.exe
unpack001/rdpclip.exe
unpack001/rdpinput.exe
unpack001/rdrleakdiag.exe
unpack001/readCloudDataSettings.exe
unpack001/recdisc.exe
unpack001/recover.exe
unpack001/refsutil.exe
unpack001/reg.exe
unpack001/regedt32.exe
unpack001/regini.exe
unpack001/regsvr32.exe
unpack001/rekeywiz.exe
unpack001/relog.exe
unpack001/repair-bde.exe
unpack001/replace.exe
unpack001/resmon.exe
unpack001/rmttpmvscmgrsvr.exe
unpack001/rrinstaller.exe
unpack001/rstrui.exe
unpack001/runas.exe
unpack001/rundll32.exe
unpack001/runexehelper.exe
unpack001/runonce.exe
unpack001/sc.exe
unpack001/schtasks.exe
unpack001/sdbinst.exe
unpack001/sdchange.exe
unpack001/sdclt.exe
unpack001/sdiagnhost.exe
unpack001/secinit.exe
unpack001/sethc.exe
unpack001/setspn.exe
unpack001/setupcl.exe
unpack001/setupugc.exe
unpack001/setx.exe
unpack001/sfc.exe
unpack001/shrpubw.exe
unpack001/shutdown.exe
unpack001/sigverif.exe
unpack001/sihost.exe
unpack001/slui.exe
unpack001/smartscreen.exe
unpack001/snmptrap.exe
unpack001/sort.exe
unpack001/spaceutil.exe
unpack001/spoolsv.exe
unpack001/srdelayed.exe
unpack001/stordiag.exe
unpack001/subst.exe
unpack001/sxstrace.exe
unpack001/systeminfo.exe
unpack001/systray.exe
unpack001/tabcal.exe
unpack001/takeown.exe
unpack001/tar.exe
unpack001/taskkill.exe
unpack001/tasklist.exe
unpack001/tcmsetup.exe
unpack001/timeout.exe
unpack001/tpmvscmgr.exe
unpack001/tpmvscmgrsvr.exe
unpack001/tracerpt.exe
unpack001/typeperf.exe
unpack001/tzsync.exe
unpack001/tzutil.exe
unpack001/unlodctr.exe
unpack001/unregmp2.exe
unpack001/upnpcont.exe
unpack001/userinit.exe
unpack001/vds.exe
unpack001/vdsldr.exe
unpack001/verclsid.exe
unpack001/verifiergui.exe
unpack001/vfpctrl.exe
unpack001/vssadmin.exe
unpack001/vulkaninfo-1-999-0-0-0.exe
unpack001/vulkaninfo.exe
unpack001/w32tm.exe
unpack001/waitfor.exe
unpack001/wbadmin.exe
unpack001/wbengine.exe
unpack001/wecutil.exe
unpack001/wevtutil.exe
unpack001/wextract.exe
unpack001/where.exe
unpack001/whoami.exe
unpack001/wiaacmgr.exe
unpack001/wiawow64.exe
unpack001/winlogon.exe
unpack001/winrs.exe
unpack001/winrshost.exe
unpack001/winver.exe
unpack001/wksprt.exe
unpack001/wlanext.exe
unpack001/wowreg32.exe
unpack001/wpnpinst.exe
unpack001/wpr.exe
unpack001/write.exe
unpack001/wscadminui.exe
unpack001/wscript.exe
unpack001/wsl.exe
unpack001/wslconfig.exe
unpack001/wslg.exe
unpack001/wsmprovhost.exe
unpack001/wsqmcons.exe
unpack001/wusa.exe
unpack001/xcopy.exe
unpack001/xwizard.exe

Files

application.zip
.zip
ARP.EXE
.exe windows:10 windows x64 arch:x64

48a4d83e58f21e6758c9f94526fbb940

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

arp.pdb

Imports

msvcrt

__C_specific_handler
?terminate@@YAXXZ
__setusermatherr
_fmode
fprintf
time
_setmode
_fileno
_wsetlocale
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_commode
_XcptFilter
islower
isdigit
isspace
isxdigit
_vsnprintf
sscanf_s
toupper
_vsnwprintf
__iob_func
_initterm
memcpy

ntdll

RtlIpv4AddressToStringW

ws2_32

ntohl
WSAStartup
inet_addr
gethostbyname

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExA
GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryA
GetTickCount
GetSystemTimeAsFileTime

snmpapi

SnmpUtilOidCpy
SnmpUtilVarBindFree
SnmpUtilMemAlloc
SnmpUtilMemFree

api-ms-win-security-base-l1-1-0

CheckTokenMembership
FreeSid
AllocateAndInitializeSid

iphlpapi

GetIpStatisticsEx
GetTcpStatisticsEx
GetUdpStatisticsEx
GetIcmpStatisticsEx
GetIpForwardTable

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadPreferredUILanguages

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AggregatorHost.exe
.exe windows:10 windows x64 arch:x64

207487943eb7fd46bd62ed964afec4dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

AggregatorHost.pdb

Imports

msvcp_win

_Mtx_init_in_situ
_Mtx_unlock
?uncaught_exception@std@@YA_NXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
_Mtx_lock
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xbad_function_call@std@@YAXXZ
_Mtx_destroy_in_situ
?_Throw_C_error@std@@YAXH@Z

api-ms-win-crt-string-l1-1-0

memset
strcspn

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm
_initterm_e
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__strnicmp
memmove
_o__wcsnicmp
_o_abort
_o_exit
_o_free
_o_isspace
_o_iswspace
_o_malloc
_o_rand
_o_srand
_o_strtod
_o_strtoul
_o_strtoull
_o_terminate
_o_tolower
_o_wcscpy_s
__C_specific_handler
__current_exception
__current_exception_context
_o__exit
_o__errno
_o___p__commode
_o__crt_atexit
_o___p___wargv
_o__configure_wide_argv
_o___p___argc
_o__configthreadlocale
_o__cexit
_o__callnewh
__CxxFrameHandler3
_CxxThrowException
_o____lc_codepage_func
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
__std_terminate
_o___stdio_common_vsnprintf_s
__CxxFrameHandler4
_o___std_exception_destroy
_o___std_exception_copy
memchr
memcmp
memcpy

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
ResumeThread
TerminateProcess
OpenThreadToken
GetCurrentThread
GetCurrentProcessId
GetThreadId
OpenThread
GetStartupInfoW
GetCurrentProcess
SuspendThread

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExA
LoadLibraryExW
FreeLibrary
GetProcAddress
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
ReleaseSemaphore
CreateEventExW
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
CreateEventW
ResetEvent
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
ReleaseSRWLockShared
EnterCriticalSection
InitializeCriticalSectionEx
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
WaitForSingleObject
SetEvent
ReleaseSRWLockExclusive
ReleaseMutex

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapReAlloc
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
SetThreadpoolTimer
CreateThreadpoolTimer
SubmitThreadpoolWork
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-localization-l1-2-0

FormatMessageW
FormatMessageA

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetThreadTimes
GetThreadContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-math-l1-1-0

_finite

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegGetValueW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-security-base-l1-1-0

AllocateLocallyUniqueId

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-heap-l2-1-0

LocalFree

ntdll

RtlSubscribeWnfStateChangeNotification
RtlAllocateAndInitializeSid
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlReportExceptionEx
NtQueryInformationProcess
NtQueryWnfStateData
RtlReportException

api-ms-win-core-psapi-ansi-l1-1-0

K32GetModuleBaseNameA

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-file-l1-1-0

CreateDirectoryW
ReadFile
GetFileAttributesExW
GetFileSize
CreateFileW

api-ms-win-core-psapi-l1-1-0

K32GetModuleBaseNameW

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

Sections

.text
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppHostRegistrationVerifier.exe
.exe windows:10 windows x64 arch:x64

a8f95ce93866aa2f9ff35899a0271872

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

AppHostRegistrationVerifier.pdb

Imports

msvcp_win

?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?unshift@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_initterm
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__fseeki64
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__lock_file
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__unlock_file
_o_abort
_o_exit
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fgetwc
_o_fputwc
_o_free
_o_freopen
_o_fsetpos
_o_fwrite
_o_iswspace
_o_malloc
_o_setvbuf
_o_terminate
_o_ungetc
_o_ungetwc
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_o__callnewh
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_wide_argv
_o___p__commode
_o__crt_atexit
_o___p___wargv
_o___p___argc
_o__configthreadlocale
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler4
_o__cexit
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
FreeLibrary
GetProcAddress

api-ms-win-core-synch-l1-1-0

ReleaseMutex
WaitForSingleObject
SetEvent
ReleaseSemaphore
CreateMutexExW
OpenSemaphoreW
CreateSemaphoreExW
WaitForSingleObjectEx
CreateEventExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
RaiseException
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-console-l1-2-0

AttachConsole

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventActivityIdControl
EventRegister
EventUnregister

api-ms-win-core-winrt-string-l1-1-0

WindowsSubstring
WindowsCreateStringReference
WindowsDuplicateString
WindowsCompareStringOrdinal
WindowsGetStringRawBuffer
WindowsGetStringLen
WindowsDeleteString

ntdll

RtlDeriveCapabilitySidsFromName

api-ms-win-security-base-l1-1-0

EqualSid
GetLengthSid
CopySid

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-appmodel-identity-l1-2-0

AppXFreeMemory
AppXGetPackageCapabilities

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW

api-ms-win-appmodel-state-l1-2-0

GetSystemAppDataKey
OpenStateExplicit
CloseState

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

oleaut32

SetErrorInfo
GetErrorInfo
SysAllocString
SysFreeString
SysStringLen

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppInstallerBackgroundUpdate.exe
.exe windows:10 windows x64 arch:x64

db517dcd8e27c95037f893b749a20d89

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

dc:02:15:1a:8a:90:8a:3d:90:19:c2:69:eb:a8:40:89:1f:82:39:86:59:bc:c4:f8:3b:b6:44:53:00:ac:3f:77
Signer

Actual PE Digest

dc:02:15:1a:8a:90:8a:3d:90:19:c2:69:eb:a8:40:89:1f:82:39:86:59:bc:c4:f8:3b:b6:44:53:00:ac:3f:77

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

AppInstallerBackgroundUpdate.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_initterm
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o___p__commode
memcpy
_o___stdio_common_vsnwprintf_s
_o_exit
_o_free
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
_CxxThrowException

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
GetProcAddress
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoSetProxyBlanket

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ApplicationFrameHost.exe
.exe windows:10 windows x64 arch:x64

786740c31e7b1973cf11e4c17b9c2e8d

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9d:e8:1a:b5:79:e2:a8:21:8a:aa:82:ef:1f:7a:c2:9f:de:bf:84:c3:02:7e:97:38:64:10:6d:97:ff:6b:f1:d4
Signer

Actual PE Digest

9d:e8:1a:b5:79:e2:a8:21:8a:aa:82:ef:1f:7a:c2:9f:de:bf:84:c3:02:7e:97:38:64:10:6d:97:ff:6b:f1:d4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ApplicationFrameHost.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o___std_exception_destroy
_o___std_exception_copy
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___p__commode
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
CreateSemaphoreExW
EnterCriticalSection
CreateEventExW
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSemaphore
LeaveCriticalSection
ReleaseSRWLockShared
InitializeCriticalSectionEx
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
SetProcessShutdownParameters

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

uxtheme

ord135

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ApplyTrustOffline.exe
.exe windows:10 windows x64 arch:x64

ce259a9ec10b5a939b4b54e8324ff58c

Code Sign

33:00:00:04:70:69:f2:ac:06:49:04:ec:1c:00:00:00:00:04:70
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/02/2024, 19:22

Not After

07/02/2025, 19:22

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

aa:65:81:42:c8:b8:3a:8a:65:af:fa:6a:47:0d:b9:b0:0d:19:6f:c1:fe:9b:85:19:fe:b4:25:bf:30:88:53:7c
Signer

Actual PE Digest

aa:65:81:42:c8:b8:3a:8a:65:af:fa:6a:47:0d:b9:b0:0d:19:6f:c1:fe:9b:85:19:fe:b4:25:bf:30:88:53:7c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ApplyTrustOffline.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__stricmp
_o__wcslwr
_o__wcsnicmp
memmove
_o_exit
_o_free
_o_malloc
_o_memcpy_s
_o_terminate
_o_wcscpy_s
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o__get_initial_wide_environment
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
wcsrchr
__CxxFrameHandler4
__std_terminate
wcsstr
__CxxFrameHandler3
_o__configthreadlocale
_o__cexit
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
_o___acrt_iob_func
wcschr
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

strcmp
memset

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleExA

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemFree
CoInitializeEx
StringFromGUID2
CoUninitialize

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TlsSetValue
GetCurrentThread
TerminateProcess
GetCurrentProcessId
OpenProcessToken
OpenThreadToken
ProcessIdToSessionId
TlsGetValue
TlsAlloc
GetCurrentProcess
SetThreadToken

api-ms-win-core-memory-l1-1-0

MapViewOfFile
VirtualProtect
CreateFileMappingW
UnmapViewOfFile
VirtualAlloc
VirtualFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-rtlsupport-l1-1-0

RtlDeleteFunctionTable
RtlCaptureContext
RtlCaptureStackBackTrace
RtlAddFunctionTable
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetLocalTime
GetSystemInfo
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GlobalMemoryStatusEx

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

staterepository.core

sqlite3_column_bytes
sqlite3_column_text16
sqlite3_column_text
sqlite3_bind_blob
sqlite3_column_blob
sqlite3_bind_text16
sqlite3_column_type
sqlite3_stmt_busy
sqlite3_sql
sqlite3_db_handle
sqlite3_log
sqlite3_bind_int64
sqlite3_finalize
sqlite3_errmsg
sqlite3_expanded_sql
sqlite3_reset
sqlite3_step
sqlite3_bind_int
sqlite3_column_int64
sqlite3_next_stmt
sqlite3_bind_null
sqlite3_get_autocommit
sqlite3_close
sqlite3_open_v2
sqlite3_extended_errcode
sqlite3_file_control
sqlite3_extended_result_codes
sqlite3_db_config
sqlite3_clear_bindings
sqlite3_exec
sqlite3_wal_checkpoint_v2
sqlite3_changes
sqlite3_total_changes
sqlite3_last_insert_rowid
sqlite3_db_filename
sqlite3_errcode
sqlite3_column_int
sqlite3_busy_timeout
sqlite3_db_status
sqlite3_create_function_v2
sqlite3_user_data
sqlite3_result_error_nomem
sqlite3_result_error16
sqlite3_snprintf
sqlite3_result_error_code
sqlite3_result_int64
sqlite3_result_int
sqlite3_profile
sqlite3_value_type
sqlite3_value_text16
sqlite3_value_int
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_malloc
sqlite3_result_blob
sqlite3_free
sqlite3_value_int64
sqlite3_trace
sqlite3_result_text16
sqlite3_wal_autocheckpoint
sqlite3_value_text
sqlite3_prepare_v2

api-ms-win-appmodel-runtime-internal-l1-1-1

GetPackageFullNameFromToken
GetPackageStatus
UpdatePackageStatus
IncrementPackageStatusVersion

api-ms-win-appmodel-runtime-internal-l1-1-2

GetEffectivePackageStatusForUser
PackageSidFromFamilyName

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

ntdll

NtFsControlFile
NtQueryInformationProcess
NtQueryInformationFile
RtlCompareUnicodeString
RtlValidSid
RtlFreeUnicodeString
NtCreateFile
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
NtSetInformationVirtualMemory
RtlReportException
RtlInitializeCriticalSection
RtlNtStatusToDosErrorNoTeb
NtGetCachedSigningLevel
NtCompareSigningLevels
RtlIsStateSeparationEnabled
RtlFindAceByType
RtlCreateSecurityDescriptor
RtlEqualSid
RtlLeaveCriticalSection
NtQueryInformationThread
RtlCreateAcl
RtlInsertElementGenericTableAvl
NtQueryLicenseValue
RtlFreeSid
RtlEnterCriticalSection
RtlIsMultiUsersInSessionSku
RtlAllocateHeap
RtlLengthSid
RtlInitializeGenericTableAvl
NtSetSecurityObject
RtlConvertSidToUnicodeString
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlAllocateAndInitializeSid
NtSetInformationThread
RtlLookupElementGenericTableAvl
RtlAddProcessTrustLabelAce
RtlAcquireSRWLockExclusive
RtlSetSaclSecurityDescriptor
RtlReleaseSRWLockExclusive
RtlGetDeviceFamilyInfoEnum
NtQuerySystemInformation
RtlDowncaseUnicodeString
RtlFreeHeap

api-ms-win-security-provider-l1-1-0

GetSecurityInfo
SetNamedSecurityInfoW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateDirectoryW
SetFileAttributesW
FindNextFileW
GetFileSizeEx
FindClose
GetVolumePathNameW
GetVolumeInformationW
FindFirstFileW
GetFileAttributesExW
WriteFile
DeleteFileW
CreateFileW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
CreateSemaphoreExW
InitializeCriticalSectionEx
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
ReleaseSRWLockExclusive
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-security-base-l1-1-0

SetSecurityAccessMask
EqualSid
GetAce
RevertToSelf
GetLengthSid
GetTokenInformation
ImpersonateSelf
GetFileSecurityW
AccessCheck
IsValidSid
GetSecurityDescriptorOwner
ImpersonateLoggedOnUser
AdjustTokenPrivileges
CopySid

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegDeleteKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegQueryValueExW

api-ms-win-core-psapi-l1-1-0

K32EnumProcesses
QueryFullProcessImageNameW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

oleaut32

SysFreeString
SysAllocStringLen
VariantClear

api-ms-win-core-file-l2-1-2

CopyFileW

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

api-ms-win-core-path-l1-1-0

PathCchSkipRoot
PathCchRemoveBackslash
PathAllocCanonicalize
PathCchCombine

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-file-l1-2-2

FindFirstFileNameW
FindNextFileNameW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

crypt32

CertFreeCertificateChainEngine
CertGetEnhancedKeyUsage
CertFreeCertificateChain
CertFreeCertificateContext
CryptMsgClose
CertVerifyCertificateChainPolicy
CertCloseStore
CryptQueryObject
CryptMsgGetParam
CertGetSubjectCertificateFromStore
CertGetCertificateChain
CertOpenStore
CertCreateCertificateChainEngine

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-windowserrorreporting-l1-1-1

WerRegisterCustomMetadata

api-ms-win-eventing-tdh-l1-1-0

TdhEnumerateProviderFieldInformation
TdhGetEventMapInformation
TdhGetEventInformation

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 484KB - Virtual size: 482KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640KB - Virtual size: 638KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ApproveChildRequest.exe
.exe windows:10 windows x64 arch:x64

334a1ef956dc8fefbb9d107317698ca8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ApproveChildRequest.pdb

Imports

advapi32

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
EventWriteTransfer
EventActivityIdControl

kernel32

OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapSetInformation
HeapAlloc
GetErrorMode
GetProcAddress
CreateMutexExW
LocalFree
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
CloseThreadpool
SleepConditionVariableSRW
WakeAllConditionVariable
FormatMessageW
DeleteCriticalSection
InitializeCriticalSection
InitializeSRWLock
TlsGetValue
AcquireSRWLockShared
ReleaseSRWLockShared
TlsAlloc
TlsFree
TlsSetValue
ConvertFiberToThread
Sleep
QueueUserAPC
OpenThread
GetTickCount
ReleaseSRWLockExclusive
InitOnceComplete
InitOnceBeginInitialize
AcquireSRWLockExclusive
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
SetErrorMode
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
GetLastError
OpenEventW
CreateEventExW

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?_Xbad_function_call@std@@YAXXZ
?_Xbad_alloc@std@@YAXXZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
_Wcsxfrm
_Wcscoll
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$ctype@G@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?tolower@?$ctype@G@std@@QEBAGG@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$collate@G@std@@2V0locale@2@A
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itoa_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__cexit
_o_ceilf
_o_exit
_o_free
_o_iswascii
_o_malloc
_o_realloc
_o_terminate
_o_towlower
_o_wcscpy_s
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o__callnewh
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_name
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__std_terminate
__CxxFrameHandler4
strchr
memcpy
memmove

api-ms-win-crt-string-l1-1-0

memset

oleaut32

SysAllocString
SysFreeString
VariantClear

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
LeaveCriticalSection

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

ole32

CoUninitialize
CoInitializeEx

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize

user32

PostThreadMessageW

api-ms-win-core-com-l1-1-0

CoCreateInstance

ntdll

EtwTraceMessage

Sections

.text
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AtBroker.exe
.exe windows:10 windows x64 arch:x64

34d1312802afb39409fe0be066fcf443

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ATBroker.pdb

Imports

advapi32

RegQueryValueExW
OpenServiceW
QueryServiceConfigW
EventUnregister
RegOpenKeyExW
CheckTokenMembership
UnregisterTraceGuids
RegisterTraceGuidsW
FreeSid
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
EventSetInformation
TraceMessage
AllocateAndInitializeSid
OpenSCManagerW
EventRegister
CloseServiceHandle
EventWriteTransfer
RegCloseKey
GetTokenInformation
OpenProcessToken
ConvertSidToStringSidW

kernel32

LocalAlloc
GetCurrentThreadId
GetVersionExW
MultiByteToWideChar
Sleep
LockResource
CloseHandle
RaiseException
FindResourceExW
LoadResource
LocalFree
lstrcmpiW
OpenMutexW
DelayLoadFailureHook
ResolveDelayLoadedAPI
ExpandEnvironmentStringsW
SetProcessShutdownParameters
SizeofResource
OOBEComplete
IsProcessInJob
OpenJobObjectW
InitOnceComplete
InitOnceBeginInitialize
RegEnumValueW
RegDeleteTreeW
K32GetModuleBaseNameW
K32EnumProcessModules
ProcessIdToSessionId
K32EnumProcesses
RegLoadMUIStringW
DeleteFileW
GetFileAttributesW
DeleteProcThreadAttributeList
CreateProcessW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
OpenProcess
CreateSemaphoreExW
CreateMutexExW
CompareStringOrdinal
CreateThreadpoolTimer
OpenSemaphoreW
WaitForSingleObject
InitializeCriticalSectionEx
WaitForSingleObjectEx
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
ReleaseMutex
ReleaseSemaphore
SetLastError
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
OutputDebugStringW
IsDebuggerPresent
GetProcAddress
DebugBreak
GetModuleFileNameA
GetModuleHandleExW
FormatMessageW
RegGetValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter

user32

GetShellWindow
GetKeyState
SendInput
SetDesktopColorTransform
GetWindowThreadProcessId
UnregisterClassA
SendNotifyMessageW
SystemParametersInfoW
GetUserObjectInformationW
GetThreadDesktop

msvcrt

wcscspn
_wcslwr_s
_ltow_s
wcsspn
wcschr
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
??_V@YAXPEAX@Z
memmove_s
__C_specific_handler
malloc
free
wcscpy_s
_wcsicmp
memcpy_s
_callnewh
??1type_info@@UEAA@XZ
memcmp
memset
?terminate@@YAXXZ
__CxxFrameHandler4
_vsnwprintf
_purecall
_wtoi
wcsrchr
wcscmp

ntdll

RtlVirtualUnwind
NtQueryWnfStateData
RtlCaptureContext
WinSqmIsOptedIn
WinSqmAddToStream
NtUpdateWnfStateData
RtlLookupFunctionEntry

shell32

ShellExecuteW

shlwapi

ord460
PathFileExistsW

uxtheme

ord65

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AuthHost.exe
.exe windows:10 windows x64 arch:x64

4cb8be5a89fe119751f43b270ccc8461

Code Sign

33:00:00:03:3b:65:5f:ae:fa:db:75:e9:d6:00:00:00:00:03:3b
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:7d:3d:62:9c:6e:88:24:3d:93:50:1f:d2:66:df:46:13:65:63:1a:d0:de:22:1e:2b:ae:47:d5:7f:26:94:e8
Signer

Actual PE Digest

22:7d:3d:62:9c:6e:88:24:3d:93:50:1f:d2:66:df:46:13:65:63:1a:d0:de:22:1e:2b:ae:47:d5:7f:26:94:e8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

AuthHost.pdb

Imports

msvcrt

memset
memcpy
_commode
__CxxFrameHandler4
_vsnwprintf
memcpy_s
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
wcstoul
_wcsnicmp
_purecall
_wcsicmp
wcsncmp
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBD@Z
memmove_s
_CxxThrowException
__CxxFrameHandler3
??1type_info@@UEAA@XZ
_XcptFilter
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
?terminate@@YAXXZ
wcscmp

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableFlags
TraceMessage

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenProcessToken
GetCurrentThreadId
GetCurrentProcessId
CreateThread
ExitProcess
TerminateProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadStringW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseSRWLockShared
InitializeSRWLock
AcquireSRWLockExclusive
CreateEventW
ReleaseSRWLockExclusive
AcquireSRWLockShared
SetEvent

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance
StringFromCLSID
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
CoRegisterClassObject
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoRevokeClassObject
CoCreateFreeThreadedMarshaler

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsCreateString
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsDuplicateString

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-url-l1-1-0

ParseURLW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrTrimW

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

ntdll

RtlDeleteElementGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlFreeHeap
RtlAllocateHeap

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AxInstUI.exe
.exe windows:10 windows x64 arch:x64

7d8dee85a40fc5307cb205608512d381

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

AxInstUI.pdb

Imports

kernel32

LocalFree
GetCommandLineW
CreateFileW
CloseHandle
GetLastError

user32

IsWindow

msvcrt

_cexit
__setusermatherr
_initterm
__C_specific_handler
_wcmdln
_fmode
__wgetmainargs
exit
?terminate@@YAXXZ
_exit
__set_app_type
_amsg_exit
_XcptFilter
swscanf_s
_commode
memset

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeEx

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CertControlStore
CertGetCertificateContextProperty
CertOpenStore
CertCloseStore

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

shell32

CommandLineToArgvW

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BackgroundTransferHost.exe
.exe windows:10 windows x64 arch:x64

43ba7c14f952d3784267c6946f79bd81

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

BackgroundTransferHost.pdb

Imports

msvcrt

__C_specific_handler
_wcmdln
_fmode
_commode
_initterm
__setusermatherr
_cexit
malloc
_exit
exit
_callnewh
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
free
_purecall
?terminate@@YAXXZ
__CxxFrameHandler3
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsCreateStringReference
WindowsCompareStringOrdinal

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoUninitialize
RoActivateInstance
RoInitialize

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoTaskMemAlloc

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BdeUISrv.exe
.exe windows:10 windows x64 arch:x64

10df48356defd9056d7e2f19500019aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

BdeUISrv.pdb

Imports

advapi32

GetTokenInformation
SetSecurityDescriptorGroup
OpenThreadToken
AddAccessAllowedAce
GetLengthSid
RegDeleteValueW
RegOpenKeyExW
InitializeAcl
InitializeSecurityDescriptor
UnregisterTraceGuids
RegisterTraceGuidsW
OpenProcessToken
GetTraceEnableLevel
AddAce
RegSetValueExW
IsValidSid
GetTraceEnableFlags
RegEnumKeyExW
GetTraceLoggerHandle
ConvertStringSidToSidW
CopySid
TraceMessage
RegCreateKeyExW
GetAce
SetSecurityDescriptorOwner
RegQueryInfoKeyW
GetAclInformation
RegCloseKey
SetSecurityDescriptorDacl
CloseServiceHandle
OpenSCManagerW
AllocateAndInitializeSid
FreeSid
QueryServiceStatus
StartServiceW
OpenServiceW

kernel32

WaitForSingleObject
GetCurrentThreadId
CreateEventW
MultiByteToWideChar
Sleep
GetLastError
SetEvent
GetCurrentThread
CloseHandle
RaiseException
CreateThread
HeapSetInformation
FindResourceExW
LoadResource
GetProcAddress
LocalFree
DeleteCriticalSection
GetProcessHeap
GetModuleHandleW
FreeLibrary
lstrcmpiW
LoadLibraryExW
LeaveCriticalSection
GetModuleFileNameW
GetCommandLineW
EnterCriticalSection
SizeofResource
InitializeCriticalSection
GetCurrentProcess
HeapAlloc
HeapFree
OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW

user32

CharNextW
DispatchMessageW
CharUpperW
TranslateMessage
UnregisterClassA
PostThreadMessageW
GetMessageW

msvcrt

_fmode
__setusermatherr
_exit
exit
__set_app_type
_commode
_amsg_exit
_XcptFilter
_callnewh
_purecall
wcsncat_s
wcsncpy_s
malloc
free
wcscat_s
wcscpy_s
memcpy_s
__C_specific_handler
_errno
realloc
_lock
_unlock
_wcmdln
__wgetmainargs
__dllonexit
_onexit
?terminate@@YAXXZ
memcmp
_initterm
_cexit
memset

userenv

ExpandEnvironmentStringsForUserW

oleaut32

SysAllocString
SysStringLen
VarUI4FromStr
SysFreeString
UnRegisterTypeLi
RegisterTypeLi
VariantInit
VariantClear
LoadRegTypeLi
LoadTypeLi
SysStringByteLen

shell32

ShellExecuteExW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

api-ms-win-core-com-l1-1-0

CoSuspendClassObjects
CoResumeClassObjects
CoInitializeEx
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemRealloc
CoInitializeSecurity
CoTaskMemAlloc
StringFromGUID2
CoUninitialize
CoTaskMemFree
CoCreateInstance

rpcrt4

RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
NdrClientCall3
RpcBindingFree

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BioIso.exe
.exe windows:10 windows x64 arch:x64

7ce5a8206846996fd8baa75413cbbb2a

Code Sign

33:00:00:04:5c:3d:56:72:66:6c:b7:54:17:00:00:00:00:04:5c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 18:20

Not After

04/09/2024, 18:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

82:9a:ce:42:a6:9f:bc:da:d0:fa:cf:ed:e8:61:8a:5e:6b:85:4b:79:69:5d:92:f1:ca:91:6c:24:f1:6b:a7:7e
Signer

Actual PE Digest

82:9a:ce:42:a6:9f:bc:da:d0:fa:cf:ed:e8:61:8a:5e:6b:85:4b:79:69:5d:92:f1:ca:91:6c:24:f1:6b:a7:7e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

BioIso.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm
_c_exit
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__crt_atexit
_o_atoi
_o_bsearch_s
_o_exit
_o_free
_o_isdigit
_o_iswalpha
_o_malloc
_o_terminate
_o_towupper
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o__configthreadlocale
memcmp
_o__cexit
_o__callnewh
_o___p__commode
memcpy
_o___p___wargv
_o___p___argc
_o___stdio_common_vswprintf
__std_terminate
_o___stdio_common_vsnprintf_s
__CxxFrameHandler4
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_wide_argv

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
FreeLibrary
LoadLibraryExW
GetProcAddress
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
SetEvent
OpenEventW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateSemaphoreExW
ReleaseSemaphore
DeleteCriticalSection
WaitForSingleObject
InitializeCriticalSectionEx
CreateMutexExW
CreateEventW
ResetEvent
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
ReleaseMutex
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
OpenProcessToken
GetCurrentThreadId
OpenThreadToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventActivityIdControl
EventRegister

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-security-base-l1-1-0

GetLengthSid
IsValidSid
GetTokenInformation
EqualSid

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetWindowsDirectoryW

api-ms-win-core-file-l1-1-0

CompareFileTime

rpcrt4

RpcMgmtStopServerListening
RpcServerUseProtseqIfW
RpcServerRegisterIfEx
RpcServerUnregisterIf
NdrServerCallAll
NdrServerCall2
UuidFromStringA
RpcImpersonateClient
RpcRevertToSelfEx
RpcMgmtWaitServerListen
RpcServerListen

api-ms-win-core-memory-l1-1-0

MapViewOfFile
VirtualQuery
UnmapViewOfFile

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
RtlCompareMemory

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlEqualSid
RtlFreeHeap
RtlTimeFieldsToTime
RtlNtStatusToDosError
RtlImageNtHeader
NtQuerySystemInformation
RtlAllocateHeap

iumsdk

GetTaggedData
GetSecureIdentitySigningKey
GetSignedReport
EncryptData
OpenSecureSection
GetTaggedDataSize
DecryptData

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

__ImagePolicyMetadata

Sections

.text
Size: 428KB - Virtual size: 427KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tPolicy
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGECONS
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGEDATA
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BitLockerDeviceEncryption.exe
.exe windows:10 windows x64 arch:x64

f9ab900b18f04823f1f612ee6f5befca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

BitLockerDeviceEncryption.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
EventWriteTransfer
OpenProcessToken
OpenThreadToken
EventSetInformation
EventRegister
EventUnregister
RegDeleteTreeW
LsaClose
LsaFreeMemory
LsaQueryInformationPolicy
LsaOpenPolicy
EventWrite
RevertToSelf
ImpersonateLoggedOnUser
GetTokenInformation
DuplicateTokenEx
RegSetValueExW
RegSetKeyValueW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegGetValueA
RegGetValueW
RegCloseKey
RegOpenKeyExW

kernel32

ResolveDelayLoadedAPI
GetProcAddress
FreeLibrary
HeapAlloc
HeapFree
CloseHandle
GetVolumePathNameW
AcquireSRWLockExclusive
GetModuleHandleExA
SetEvent
CreateEventW
GetCurrentThread
RaiseException
LocalAlloc
GetProcessMitigationPolicy
GetModuleFileNameW
GetModuleHandleExW
SetLastError
HeapSetInformation
GetLastError
GetVolumePathNamesForVolumeNameW
ReleaseSRWLockExclusive
MultiByteToWideChar
CompareStringOrdinal
DelayLoadFailureHook
GetProcessHeap
LocalFree
HeapSize

msvcrt

_initterm
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
_lock
_unlock
_exit
memmove
_stricmp
wcstoul
wcschr
__dllonexit
_onexit
memset
__setusermatherr
??1type_info@@UEAA@XZ
exit
memcpy
__CxxFrameHandler3
_CxxThrowException
iswascii
?what@exception@@UEBAPEBDXZ
_cexit
_vsnwprintf
__CxxFrameHandler4
??3@YAXPEAX@Z
_purecall
malloc
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
wcscmp

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

fveskybackup

FveBackupRecoveryPasswordToSkyDrive
FveBackupRecoveryPasswordToCloudDomain

api-ms-win-core-com-l1-1-0

CoUninitialize
CoWaitForMultipleHandles
CLSIDFromString
CoInitializeEx
CoCreateInstance

fveapi

FveGetAuthMethodInformation
FveAddAuthMethodInformation
FveDeleteAuthMethod
FveGetStatus
FveCloseVolume
FveOpenVolumeW
FveCommitChanges
FveBackupRecoveryInformationToADEx
FveCheckTpmCapability
FveGetSecureBootBindingState
FveIsDeviceLockedOut
FveIsBoundDataVolumeToOSVolume
FveSetAllowKeyExport
FveSelectBestRecoveryPasswordByBackupInformation
FveBindDataVolume
FveGetVolumeNameW
FveGetIdentity

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

dsreg

DsrGetJoinInfoEx
DsrFreeJoinInfoEx

bcrypt

BCryptFinishHash
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptHashData
BCryptCreateHash
BCryptOpenAlgorithmProvider

ntdll

RtlFreeUnicodeString
RtlStringFromGUID
NtPowerInformation
RtlNtStatusToDosError
NtQuerySystemInformation

Sections

.text
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BitLockerWizardElev.exe
.exe windows:10 windows x64 arch:x64

1438673c4b1b5696c777658ad76b5d13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

BitLockerWizardElev.pdb

Imports

kernel32

GetProcessHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetLastError
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
GetCurrentProcess
TerminateProcess
HeapSetInformation
GetCurrentProcessId
GetCommandLineW
UnhandledExceptionFilter

msvcrt

memset
_commode
_fmode
_acmdln
__iob_func
__C_specific_handler
_initterm
?terminate@@YAXXZ
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
fwprintf
towupper

fvewiz

FveuiWizard
FveuipClearFveWizOnStartup

ole32

CoInitialize
CoUninitialize

shell32

CommandLineToArgvW
ShellExecuteW

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ByteCodeGenerator.exe
.exe windows:10 windows x64 arch:x64

b702fd7ffebc67519666bfb64ba98381

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ByteCodeGenerator.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_exit
_o_free
_o_malloc
_o_memcpy_s
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__cexit
_o__callnewh
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
__CxxFrameHandler4
__std_terminate
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlEnumerateGenericTableWithoutSplayingAvl
RtlEnumerateGenericTableAvl
RtlReportException
RtlNumberGenericTableElementsAvl
RtlInitUnicodeString
RtlCompareUnicodeString
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlInitializeGenericTableAvl
RtlAcquireSRWLockExclusive
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
NtQuerySystemInformation
RtlVirtualUnwind
RtlLookupElementGenericTableAvl
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnsubscribeWnfNotificationWaitForCompletion
NtSetInformationThread
RtlSubscribeWnfStateChangeNotification
RtlConvertSidToUnicodeString
RtlFreeUnicodeString
NtQueryInformationThread

urlmon

CreateUri
CoInternetParseIUri

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
RevertToSelf
GetTokenInformation

rpcrt4

RpcServerUnregisterIf
RpcServerUseProtseqEpW
RpcServerInqBindings
RpcServerRegisterIf3
RpcMgmtStopServerListening
RpcServerListen
NdrServerCall2
NdrServerCallAll
RpcBindingVectorFree
UuidFromStringW
RpcObjectSetType
RpcEpRegisterW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegGetValueW

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
ExitProcess
OpenProcessToken
GetCurrentThread

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation
EventWriteTransfer

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-file-l1-1-0

WriteFile
GetFileAttributesExW
GetFileSizeEx
SetEndOfFile
SetFilePointer
CreateFileW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetProcAddress
FreeLibrary
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameA

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

oleaut32

SysFreeString

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
AcquireSRWLockShared
DeleteCriticalSection
CreateMutexExW
AcquireSRWLockExclusive
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
OpenSemaphoreW
EnterCriticalSection
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CIDiag.exe
.exe windows:10 windows x64 arch:x64

1afe1300ea8bc875dfc78d078c5a6448

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CIDiag.pdb

Imports

msvcrt

??0exception@@QEAA@AEBQEBDH@Z
_lock
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
_commode
_fmode
??1exception@@UEAA@XZ
__C_specific_handler
_callnewh
?what@exception@@UEBAPEBDXZ
??1type_info@@UEAA@XZ
malloc
_initterm
__setusermatherr
_cexit
_exit
_CxxThrowException
?terminate@@YAXXZ
_onexit
__dllonexit
_purecall
exit
__set_app_type
??3@YAXPEAX@Z
__wgetmainargs
_amsg_exit
_wcsicmp
_XcptFilter
towlower
memmove
wprintf
__CxxFrameHandler3
_unlock
__CxxFrameHandler4
memcpy
memset

api-ms-win-core-file-l1-1-0

WriteFile
FindFirstFileW
CreateFileW
CreateDirectoryW
FindNextFileW
FindClose

ntdll

NtQuerySystemInformation
RtlDosPathNameToNtPathName_U

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-kernel32-legacy-l1-1-1

GetFirmwareType

api-ms-win-core-file-l2-1-0

CopyFileExW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTickCount

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

wevtapi

EvtFormatMessage
EvtOpenChannelConfig
EvtClose
EvtNext
EvtQuery
EvtOpenPublisherMetadata
EvtExportLog
EvtSaveChannelConfig
EvtSetChannelConfigProperty

bcd

BcdExportStore

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CameraSettingsUIHost.exe
.exe windows:10 windows x64 arch:x64

ea8169a1260eaee5890abeaebb003159

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

12:6d:ee:5f:54:86:f0:e4:a7:a6:65:2d:8a:f5:d6:7a:43:33:e1:fe:03:19:3f:89:b0:cf:05:a6:2c:4b:31:7b
Signer

Actual PE Digest

12:6d:ee:5f:54:86:f0:e4:a7:a6:65:2d:8a:f5:d6:7a:43:33:e1:fe:03:19:3f:89:b0:cf:05:a6:2c:4b:31:7b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CameraSettingsUIHost.pdb

Imports

advapi32

RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids

kernel32

AcquireSRWLockShared
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ReleaseSRWLockShared
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
DecodePointer
IsDebuggerPresent
AcquireSRWLockExclusive
GetCurrentThreadId
EncodePointer
InitOnceExecuteOnce
GetStartupInfoW
TerminateProcess

user32

TranslateMessage
PostThreadMessageW
DispatchMessageW
GetMessageW

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode

api-ms-win-crt-string-l1-1-0

memset

dui70

InitThread
UnInitProcessPriv
UnInitThread
InitProcessPriv

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoReleaseServerProcess
CoUninitialize
CoCreateInstance
CoRegisterClassObject
CoResumeClassObjects
CoRevokeClassObject
CoAddRefServerProcess

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoRegisterActivationFactories

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

imm32

ImmDisableIME

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CastSrv.exe
.exe windows:10 windows x64 arch:x64

3cc761e65448d0359d83908cb970e8ee

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:13:65:fc:86:b6:b3:20:d5:f4:39:a2:f2:e0:a2:55:56:f3:30:c0:44:d5:ef:ca:3b:88:c7:a2:7f:24:3a:2a
Signer

Actual PE Digest

70:13:65:fc:86:b6:b3:20:d5:f4:39:a2:f2:e0:a2:55:56:f3:30:c0:44:d5:ef:ca:3b:88:c7:a2:7f:24:3a:2a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CastSrv.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
AcquireSRWLockShared
ReleaseSRWLockShared

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
OpenProcessToken
TerminateProcess
GetCurrentThreadId
GetStartupInfoW
OpenThreadToken
SetPriorityClass
GetCurrentThread

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CertEnrollCtrl.exe
.exe windows:10 windows x64 arch:x64

e8d91130a22bf0ef5ca8b60fd9e899e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CertEnrollCtrl.pdb

Imports

msvcrt

memset
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__CxxFrameHandler4
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
strcspn
fprintf
wcscspn
fflush
fclose
fopen
_errno
_wgetenv
fseek
ftell
fwrite
_vsnwprintf
strchr
getenv
_vsnprintf
iswxdigit
iswdigit
_wcsnicmp
??3@YAXPEAX@Z
_purecall
malloc
_wcsicmp
wcsncmp
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
??1type_info@@UEAA@XZ
_XcptFilter

certca

ord802
ord840
ord823
ord841
ord705
ord847
ord707
ord842
ord839

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-libraryloader-l1-2-0

LockResource
LoadResource
LoadStringW
GetModuleHandleW
GetProcAddress
FindResourceExW
FreeLibrary
LoadLibraryExW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetTickCount
GetLocalTime
GetSystemTimeAsFileTime
GetSystemTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalReAlloc
LocalFree

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-file-l1-1-0

CreateFileW
GetFullPathNameW
CompareFileTime
DeleteFileW
GetTempFileNameW
FileTimeToLocalFileTime

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
SearchPathW

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
GetLocaleInfoEx
GetACP

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

certenroll

ord20

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage
GetUserDefaultUILanguage

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CheckNetIsolation.exe
.exe windows:10 windows x64 arch:x64

e437a3a0162600ce23b282a0dfa53d7b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CheckNetIsolation.pdb

Imports

msvcrt

_exit
_cexit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
__setusermatherr
fprintf
_initterm
_wsetlocale
swprintf_s
towupper
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
wprintf
__iob_func
exit
memset

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlIpv6AddressToStringW
RtlVirtualUnwind
RtlIsParentOfChildAppContainer
RtlFreeSid
RtlEqualSid
EtwTraceMessage
RtlIpv4AddressToStringW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
SetConsoleCtrlHandler

ws2_32

htonl

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
SetEvent
ReleaseSRWLockExclusive
CreateEventW
AcquireSRWLockExclusive

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadStringW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

fwpuclnt

FwpmEngineSetOption0
FwpmNetEventSubscribe4
FwpmEngineOpen0
FwpmFreeMemory0
FwpmNetEventUnsubscribe0
FwpmEngineClose0
FwpmProviderAdd0
FwpmFilterAdd0
FwpmEngineGetOption0

firewallapi

NetworkIsolationEnumAppContainers
NetworkIsolationGetAppContainerConfig
NetworkIsolationSetAppContainerConfig
FwEmptyWFAddresses

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CiTool.exe
.exe windows:10 windows x64 arch:x64

544049f986ec92ba18fed9616a84fd9c

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:ef:e7:8a:9e:96:62:fa:6d:86:49:82:aa:4c:b5:09:c5:51:65:5d:a4:96:f5:7a:0f:e3:e2:92:eb:c5:00:73
Signer

Actual PE Digest

13:ef:e7:8a:9e:96:62:fa:6d:86:49:82:aa:4c:b5:09:c5:51:65:5d:a4:96:f5:7a:0f:e3:e2:92:eb:c5:00:73

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CiTool.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
wcsnlen
strcspn
__strncnt

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-locale-l1-1-0

_unlock_locales
_lock_locales

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__exit
_o__free_base
_o__fseeki64
_o__get_initial_wide_environment
_o__get_stream_buffer_pointers
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__lock_file
_o__malloc_base
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__unlock_file
_o__wcsdup
_o__wfsopen
_o__wsetlocale
_o_abort
_o_calloc
_o_ceilf
_o_exit
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fgetwc
_o_floor
_o_fputc
_o_fputwc
_o_fread
_o_free
_o_frexp
_o_fseek
_o_fsetpos
_o_fwrite
_o_islower
_o_isupper
_o_localeconv
_o_malloc
_o_rand
_o_realloc
_o_setlocale
_o_setvbuf
_o_srand
_o_terminate
_o_ungetc
_o_ungetwc
__uncaught_exception
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o__cexit
_o__calloc_base
_o__callnewh
_o__configure_wide_argv
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___pctype_func
_o___p__commode
_o___p___wargv
_o___p___argc
_o___acrt_iob_func
_o____mb_cur_max_func
_o____lc_locale_name_func
_o____lc_codepage_func
__CxxFrameHandler4
memcmp
_o__configthreadlocale
memcpy

rpcrt4

RpcStringFreeW
UuidToStringW

ntdll

RtlGUIDFromString
RtlInitUnicodeString
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtSetSystemInformation

kernel32

SetLastError
HeapFree
CreateSemaphoreExW
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LCMapStringEx
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameA
CreateFileW
GetFileInformationByHandleEx
WideCharToMultiByte
GetStringTypeW
FormatMessageA
MultiByteToWideChar
LocalAlloc
FindResourceW
LoadResource
LockResource
SizeofResource
GetFileAttributesExW
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
LocalFree
CreateMutexExW
GetProcAddress
HeapAlloc
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
FormatMessageW

advapi32

EventWriteTransfer

user32

LoadStringW

manageci

GetSBCPTokenByID
BeginRemoveSBCPToken
GetSModeUnlockID
BeginSetSBCPToken
End
ParsePolicy
IsInProgress
GetAllCIPolicies
BeginUpsertCIPolicy
GetCIPolicyByID
BeginTransaction
BeginRemoveCIPolicy
GetPolicyInformation
Rollback
Commit
GetTokenInformation
GetAllSBCPTokens
Start

Sections

.text
Size: 208KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ClipRenew.exe
.exe windows:10 windows x64 arch:x64

01f7cb5b9c9d78be5626b4e7e185aabd

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ee:6e:20:84:ca:0a:47:15:4a:af:55:30:15:1e:0c:23:33:b9:1b:98:f5:5b:0d:fb:c4:14:d1:a8:af:30:bf:ef
Signer

Actual PE Digest

ee:6e:20:84:ca:0a:47:15:4a:af:55:30:15:1e:0c:23:33:b9:1b:98:f5:5b:0d:fb:c4:14:d1:a8:af:30:bf:ef

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ClipRenew.pdb

Imports

msvcrt

?terminate@@YAXXZ
_onexit
memcpy
__dllonexit
memcmp
_vsnwprintf
_wcsicmp
_purecall
time
memmove_s
_lock
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
memmove
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memcpy_s
_unlock
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-libraryloader-l1-2-0

LockResource
GetModuleHandleExW
GetProcAddress
FindResourceExW
LoadResource
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
InitializeCriticalSectionEx
EnterCriticalSection
ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
DeleteCriticalSection
LeaveCriticalSection
AcquireSRWLockShared
CreateMutexExW
WaitForSingleObjectEx
ReleaseSRWLockShared
AcquireSRWLockExclusive
OpenSemaphoreW
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventActivityIdControl
EventUnregister
EventWriteTransfer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

LCMapStringEx
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
RevertToSelf

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

testdata
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ClipUp.exe
.exe windows:10 windows x64 arch:x64

5b70bf9b2fd4a30d4adad39fee62a77c

Code Sign

33:00:00:04:6f:5a:72:76:81:13:5a:26:6c:00:00:00:00:04:6f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/02/2024, 19:22

Not After

07/02/2025, 19:22

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ee:de:a2:83:07:70:e9:f8:41:bb:6c:25:be:01:bc:bd:20:35:52:a5:e2:b8:94:48:f0:5d:76:86:ce:2e:62:eb
Signer

Actual PE Digest

ee:de:a2:83:07:70:e9:f8:41:bb:6c:25:be:01:bc:bd:20:35:52:a5:e2:b8:94:48:f0:5d:76:86:ce:2e:62:eb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ClipUp.pdb

Imports

msvcrt

_vsnwprintf
memchr
memcmp
memcpy
memmove
memset
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
__C_specific_handler
malloc
free
__iob_func
qsort
_itow_s
__CxxFrameHandler4
_wcsnicmp
memcpy_s
time
wcsstr
rand
_wtoi
swscanf_s
srand
wprintf
wcsncmp
vfwprintf
wcschr
_purecall
vwprintf
_wcsicmp
towlower
log10
wcscmp

api-ms-win-core-file-l1-1-0

FindNextFileW
ReadFile
DeleteFileW
WriteFileEx
WriteFile
FindFirstFileW
CompareFileTime
FindClose
GetFileSize
GetFileAttributesW
SetFilePointer
GetTempFileNameW
CreateFileW
GetFileType
CreateDirectoryW

oleaut32

SysFreeString
SafeArrayUnaccessData
VariantInit
SysAllocString
SafeArrayDestroy
SafeArrayCreateVector
SafeArrayAccessData
VariantClear

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegDeleteValueW
RegCloseKey
RegGetValueW
RegCreateKeyExW
RegOpenCurrentUser
RegOpenKeyExW

bcrypt

BCryptOpenAlgorithmProvider
BCryptImportKeyPair
BCryptDestroyKey
BCryptExportKey
BCryptKeyDerivation
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptFinalizeKeyPair
BCryptGenerateKeyPair
BCryptImportKey
BCryptGenRandom
BCryptFinishHash
BCryptDestroyHash
BCryptSignHash
BCryptHashData
BCryptSetProperty
BCryptCreateHash
BCryptVerifySignature
BCryptGenerateSymmetricKey

api-ms-win-core-console-l2-1-0

SetConsoleTextAttribute
GetConsoleScreenBufferInfo

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-synch-l1-1-0

SetEvent
ReleaseSRWLockExclusive
LeaveCriticalSection
AcquireSRWLockExclusive
DeleteCriticalSection
WaitForSingleObject
InitializeCriticalSection
ReleaseSemaphore
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
SleepEx

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
ExpandEnvironmentStringsW
GetCommandLineW

ncrypt

NCryptImportKey
NCryptOpenStorageProvider
NCryptFreeObject
NCryptExportKey

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameW
FreeLibrary
FindResourceExW
GetModuleHandleExW
LoadLibraryExW
LoadLibraryExA
LockResource
GetProcAddress
LoadResource

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-core-com-l1-1-0

IIDFromString
CoInitializeEx
CoCreateInstance
CoUninitialize

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
InitializeProcThreadAttributeList
TerminateProcess
OpenProcessToken
GetCurrentThread
GetExitCodeProcess
GetCurrentProcessId
UpdateProcThreadAttribute
GetCurrentProcess
GetCurrentThreadId

crypt32

CryptImportPublicKeyInfoEx2
CertFreeCertificateContext
CryptQueryObject

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize
RoGetActivationFactory

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

Sleep
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-localization-l1-2-0

FormatMessageW
LCMapStringW
LCMapStringEx

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemDirectoryW
GetVersionExA
GetTickCount
GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualFree
VirtualAlloc
VirtualQuery

api-ms-win-security-cryptoapi-l1-1-0

CryptReleaseContext
CryptHashData
CryptGetHashParam
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptCreateHash
CryptAcquireContextW
CryptVerifySignatureW

api-ms-win-security-base-l1-1-0

FreeSid
GetTokenInformation
GetLengthSid

rpcrt4

UuidCreate
I_RpcMapWin32Status

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlDeleteFunctionTable
RtlAddFunctionTable
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

RtlGetPersistedStateLocation

cryptxml

CryptXmlEncode
CryptXmlClose
CryptXmlSign
CryptXmlGetSignature
CryptXmlGetStatus
CryptXmlGetDocContext
CryptXmlGetReference
CryptXmlOpenToDecode
CryptXmlVerifySignature
CryptXmlCreateReference
CryptXmlOpenToEncode

webservices

WsFreeReader
WsReadStartAttribute
WsReadEndAttribute
WsMoveReader
WsGetReaderNode
WsReadChars
WsSetInputToBuffer
WsFreeHeap
WsFindAttribute
WsGetReaderPosition
WsSetReaderPosition
WsReadStartElement
WsCreateError
WsReadElement
WsReadToStartElement
WsFreeError
WsCreateHeap
WsCreateReader
WsSkipNode
WsReadXmlBufferFromBytes
WsDateTimeToFileTime

api-ms-win-appmodel-runtime-l1-1-0

PackageNameAndPublisherIdFromFamilyName

api-ms-win-core-debug-l1-1-0

DebugBreak

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 836KB - Virtual size: 834KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CloudExperienceHostBroker.exe
.exe windows:10 windows x64 arch:x64

5e12cc496db425450ff667e5d434782f

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

95:4a:98:1e:2c:ba:cb:69:0a:86:fa:1b:a3:26:9e:98:7d:46:2a:10:b8:51:b4:16:14:2a:6f:09:b7:7e:ed:c3
Signer

Actual PE Digest

95:4a:98:1e:2c:ba:cb:69:0a:86:fa:1b:a3:26:9e:98:7d:46:2a:10:b8:51:b4:16:14:2a:6f:09:b7:7e:ed:c3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CloudExperienceHostBroker.pdb

Imports

msvcrt

__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
_onexit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
??_V@YAXPEAX@Z
_purecall
??1type_info@@UEAA@XZ
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
__CxxFrameHandler3
memmove
exit
__CxxFrameHandler4
malloc
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW
GetProcAddress

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
WaitForSingleObject
CreateMutexExW
ReleaseMutex
OpenEventW
OpenSemaphoreW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
CreateSemaphoreExW
CreateEventExW
SetEvent
ReleaseSRWLockShared
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetStartupInfoW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoRegisterClassObject
CoCreateFreeThreadedMarshaler
CoResumeClassObjects
CoAddRefServerProcess
CoReleaseServerProcess
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoImpersonateClient
CoRevertToSelf
CoTaskMemFree
StringFromCLSID
CoCreateInstance
CoRevokeClassObject
CoDisconnectObject

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsGetStringRawBuffer

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation
EventWriteTransfer

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-l1-1-0

RoRegisterActivationFactories
RoRevokeActivationFactories

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

combase

ord69

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CloudNotifications.exe
.exe windows:10 windows x64 arch:x64

82f06946cb1b3231fd5e208f6379dcb3

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9b:ef:44:d8:ae:8e:fc:dc:8e:7e:3d:0b:00:ab:a0:65:21:9c:5f:0c:af:ec:97:36:70:3e:d7:ab:76:10:57:51
Signer

Actual PE Digest

9b:ef:44:d8:ae:8e:fc:dc:8e:7e:3d:0b:00:ab:a0:65:21:9c:5f:0c:af:ec:97:36:70:3e:d7:ab:76:10:57:51

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CloudNotifications.pdb

Imports

advapi32

RegSetValueExW
RegCloseKey
RegCreateKeyExW

kernel32

HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
CreateSemaphoreExW
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
CreateMutexW
LockResource
LoadResource
FindResourceExW
GetModuleFileNameA
ResolveDelayLoadedAPI
DelayLoadFailureHook
HeapAlloc

user32

DispatchMessageW
TranslateMessage
GetMessageW

msvcrt

__CxxFrameHandler3
memcmp
_onexit
_wcmdln
__dllonexit
_commode
_fmode
?terminate@@YAXXZ
_unlock
_lock
__C_specific_handler
_initterm
__setusermatherr
_cexit
??1type_info@@UEAA@XZ
memmove
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
wcsstr
memmove_s
malloc
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memset

shlwapi

SHGetThreadRef
PathAppendW
PathRemoveFileSpecW
ord487

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
Sleep
InitOnceComplete

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetCurrentProcess
TerminateProcess
TlsAlloc

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsReplaceString
WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
EnterCriticalSection
ReleaseSRWLockShared
AcquireSRWLockShared
DeleteCriticalSection
ReleaseSRWLockExclusive
LeaveCriticalSection
AcquireSRWLockExclusive

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

ntdll

WinSqmAddToStream

uxtheme

GetCurrentThemeName

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CompMgmtLauncher.exe
.exe windows:10 windows x64 arch:x64

538a832defc229579607486bf4d9d0ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CompMgmtLauncher.pdb

Imports

kernel32

GetVersionExW
GetFileAttributesW
GetLastError
CloseHandle
FlushFileBuffers
CreateFileW
VirtualQuery
VirtualProtect
VirtualAlloc
GetSystemInfo
SetThreadStackGuarantee
IsProcessorFeaturePresent
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
EncodePointer
DecodePointer
SetLastError
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
GetProcAddress
GetStdHandle
WriteFile
GetModuleFileNameA
HeapCreate
HeapSetInformation
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
OutputDebugStringA
EnterCriticalSection
LeaveCriticalSection
HeapFree
Sleep
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LoadLibraryExW
HeapAlloc
GetConsoleCP
GetConsoleMode
SetFilePointer
MultiByteToWideChar
GetStringTypeW
LCMapStringW
SetStdHandle
WriteConsoleW

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
RtlVirtualUnwind

shell32

ShellExecuteExW
SHGetKnownFolderPath

api-ms-win-core-com-l1-1-0

CoTaskMemFree

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CompPkgSrv.exe
.exe windows:10 windows x64 arch:x64

d7ed93426f31f100eeb90be258936765

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CompPkgSrv.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm
_initterm_e
_c_exit

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_atoi
_o_exit
_o_free
_o_malloc
_o_qsort
_o_realloc
_o_strncpy_s
_o_terminate
_o_wcstombs_s
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_o___std_exception_destroy
_CxxThrowException
_o___std_exception_copy
_o___p__commode
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
memcmp
memcpy
wcsrchr

api-ms-win-crt-string-l1-1-0

strnlen
memset
memmove_s
wcscmp

comppkgsup

GetMediaComponentPackageInfoInternal

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage
GetTraceLoggerHandle
GetTraceEnableFlags

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InitializeSRWLock
InitializeCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TlsGetValue
TerminateProcess
GetCurrentProcessId
GetStartupInfoW
GetCurrentProcess
TlsSetValue

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-security-base-l1-1-0

MakeAbsoluteSD

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
FreeLibrary
GetModuleHandleW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CompatTelRunner.exe
.exe windows:10 windows x64 arch:x64

d876ebdd4961ab5027389ebd89990f01

Code Sign

33:00:00:05:56:c9:20:2b:1f:74:32:5d:2d:00:00:00:00:05:56
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

14:d7:a7:cb:61:3f:50:42:99:98:15:1e:c1:ee:f9:59:d5:cd:31:42:49:9e:49:ce:cf:0d:3e:a4:64:ae:3c:bd
Signer

Actual PE Digest

14:d7:a7:cb:61:3f:50:42:99:98:15:1e:c1:ee:f9:59:d5:cd:31:42:49:9e:49:ce:cf:0d:3e:a4:64:ae:3c:bd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CompatTelRunner.pdb

Imports

msvcrt

_CxxThrowException
memcpy
_callnewh
memmove
malloc
memcmp
memset
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
strncmp
__dllonexit
_unlock
_lock
_wcslwr
_commode
_fmode
__C_specific_handler
_initterm
wcscat_s
__setusermatherr
??0exception@@QEAA@AEBQEBDH@Z
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_wfopen_s
iswalpha
fwprintf
wcscpy_s
sprintf_s
strcpy_s
wcsncmp
_wtoi64
sscanf_s
strchr
_vsnprintf
_stricmp
_wcsicmp
iswdigit
__CxxFrameHandler3
?what@exception@@UEBAPEBDXZ
_cexit
??_V@YAXPEAX@Z
wcschr
memmove_s
_vsnprintf_s
wcsstr
??0exception@@QEAA@AEBQEBD@Z
_wcsnicmp
wcsrchr
_wtof
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
_wtoi
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
_onexit
wcscmp

ntdll

RtlVerifyVersionInfo
LdrResSearchResource
ZwMapViewOfSection
ZwUnmapViewOfSection
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
EtwEventRegister
EtwEventWrite
EtwEventUnregister
ZwCreateSection
ZwQueryInformationFile
ZwCreateFile
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwEnumerateKey
ZwOpenKey
RtlAdjustPrivilege
RtlImageDirectoryEntryToData
RtlAllocateAndInitializeSid
RtlFreeSid
RtlRandomEx
RtlStringFromGUID
RtlDosPathNameToRelativeNtPathName_U
NtLoadKeyEx
RtlReleaseRelativeName
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
ZwClose
RtlLeaveCriticalSection
RtlFreeHeap
RtlInitializeCriticalSection
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlEqualString
RtlAllocateHeap
RtlDeleteCriticalSection
NtCreateEvent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WinSqmIsOptedInEx
VerSetConditionMask
RtlInitUnicodeString
LdrGetDllHandle
RtlInitString
LdrGetProcedureAddress
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtCreateFile
NtQueryInformationFile
NtClose
RtlNtStatusToDosError

rpcrt4

UuidCreate

ws2_32

WSACleanup
freeaddrinfo
WSAGetLastError
gethostname
WSAStartup
getaddrinfo

aepic

ord106
ord107
ord103
ord105
ord101
ord104
ord100
ord109
ord102
ord108

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
GetModuleHandleExW
GetModuleHandleExA
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleW
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
WaitForSingleObjectEx
ReleaseSRWLockShared
ReleaseSRWLockExclusive
WaitForSingleObject
TryAcquireSRWLockExclusive
OpenSemaphoreW
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
OpenWaitableTimerW
CreateMutexW
CreateEventW
CreateSemaphoreExW
ReleaseMutex
EnterCriticalSection
AcquireSRWLockExclusive
ReleaseSemaphore
SetWaitableTimer
SetEvent
InitializeCriticalSectionEx
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
SetPriorityClass
GetExitCodeProcess
CreateProcessW
ExitProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringA
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemWindowsDirectoryW
GetSystemDirectoryA
GetTickCount64
GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpA

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
LoadLibraryA

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegGetValueW
RegEnumValueW
RegSetKeySecurity
RegSaveKeyExW
RegSetValueExW
RegDeleteKeyExW
RegOpenKeyExW
RegLoadAppKeyW
RegLoadKeyW
RegCloseKey
RegUnLoadKeyW
RegCreateKeyExW

api-ms-win-core-synch-l1-2-0

SignalObjectAndWait
Sleep

api-ms-win-core-memory-l1-1-1

SetProcessWorkingSetSizeEx

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister

api-ms-win-core-synch-l1-2-1

CreateWaitableTimerW
WaitForMultipleObjects
CreateSemaphoreW

api-ms-win-core-memory-l1-1-0

OpenFileMappingW
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegDeleteKeyW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-file-l1-1-0

CreateDirectoryW
GetFileAttributesW
CreateFileW
GetFileTime
WriteFile

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId
GetSystemPowerStatus

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

winhttp

WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpReadData
WinHttpCloseHandle
WinHttpSendRequest
WinHttpSetCredentials
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpSetOption
WinHttpGetDefaultProxyConfiguration

api-ms-win-security-base-l1-1-0

RevertToSelf
ImpersonateLoggedOnUser
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
InitializeSecurityDescriptor

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-security-credentials-l1-1-0

CredReadW
CredFree

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalFree

oleaut32

SysAllocString
SysFreeString
SysStringLen

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNA

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 188KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ComputerDefaults.exe
.exe windows:10 windows x64 arch:x64

f80fc6ef610cc28e0f47123bdb00c150

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ComputerDefaults.pdb

Imports

kernel32

GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent

msvcrt

?terminate@@YAXXZ
_onexit
__setusermatherr
_cexit
__dllonexit
_unlock
_initterm
_wcmdln
__C_specific_handler
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_lock
_fmode
_commode
memcpy_s
exit
_vsnwprintf
_exit
memset

shell32

ShellExecuteExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CredentialEnrollmentManager.exe
.exe windows:10 windows x64 arch:x64

f7f92720f3b5b06396a69aded463027e

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:06:f3:66:8c:f9:a1:0f:1f:05:fa:c0:14:d6:af:e3:a8:8e:22:ab:b9:01:98:de:66:0a:19:47:7a:15:5a:cb
Signer

Actual PE Digest

1e:06:f3:66:8c:f9:a1:0f:1f:05:fa:c0:14:d6:af:e3:a8:8e:22:ab:b9:01:98:de:66:0a:19:47:7a:15:5a:cb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CredentialEnrollmentManager.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_register_thread_local_exe_atexit_callback
_initterm_e
_c_exit

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_errno
_o__set_fmode
_o__set_new_mode
memmove
_o_ceilf
_o_exit
_o_free
_o_malloc
_o_memcpy_s
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
wcschr
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FindResourceExW
GetModuleHandleW
LoadResource
LockResource
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
CreateSemaphoreExW
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
InitializeSRWLock
CreateMutexExW
SetEvent
ReleaseSRWLockShared
WaitForSingleObject
OpenEventW
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
CreateEventExW
TryAcquireSRWLockExclusive
AcquireSRWLockShared
DeleteCriticalSection
ResetEvent
InitializeCriticalSectionEx
LeaveCriticalSection
CreateEventW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
OpenThreadToken
OpenProcessToken
GetCurrentProcessId
TerminateProcess
GetStartupInfoW
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoGetActivationFactory
RoRevokeActivationFactories
RoActivateInstance
RoInitialize
RoRegisterActivationFactories

api-ms-win-core-com-l1-1-0

CoResumeClassObjects
CoRevokeClassObject
CoReleaseServerProcess
PropVariantClear
CoWaitForMultipleHandles
CoAddRefServerProcess
CoMarshalInterface
CoDisconnectContext
CoReleaseMarshalData
CoInitializeSecurity
CoGetInterfaceAndReleaseStream
CoCreateInstance
CoDecrementMTAUsage
CoRegisterClassObject
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CreateStreamOnHGlobal

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo
GetRestrictedErrorInfo
RoTransformError
RoOriginateErrorW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-security-base-l1-1-0

CheckTokenMembership
MakeAbsoluteSD
GetLengthSid
CopySid
GetTokenInformation

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsIsStringEmpty
WindowsCreateStringReference
WindowsStringHasEmbeddedNull
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateString
WindowsCompareStringOrdinal

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetComputerNameExW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

combase

ord66
ord69
ord68
ord67

msvcp_win

_Mtx_destroy_in_situ
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
_Cnd_destroy_in_situ
_Cnd_broadcast
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Mtx_lock
_Cnd_register_at_thread_exit
_Cnd_unregister_at_thread_exit
_Cnd_wait
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Throw_C_error@std@@YAXH@Z
_Query_perf_counter
_Query_perf_frequency
_Xtime_get_ticks
_Cnd_timedwait
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_current_owns
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Mtx_unlock
_Mtx_init_in_situ
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
_Cnd_init_in_situ

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegGetValueW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteValueW
RegQueryValueExW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask

oleaut32

SafeArrayGetUBound
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayDestroy
SafeArrayGetVartype
SafeArrayGetLBound

ntdll

RtlFreeHeap
NtQueryInformationToken
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlAllocateHeap
RtlInitString
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlIsMultiSessionSku
RtlIsMultiUsersInSessionSku
RtlCompareUnicodeString
RtlInitUnicodeString
RtlNtStatusToDosErrorNoTeb

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW
GetPersistedFileLocationW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics

api-ms-win-security-lsalookup-l1-1-2

LsaLookupUserAccountType

api-ms-win-core-sysinfo-l2-1-0

GetUserNameW

api-ms-win-shcore-sysinfo-l1-1-0

IsOS

sspicli

LsaLookupAuthenticationPackage
LsaDeregisterLogonProcess
LsaFreeReturnBuffer
LsaCallAuthenticationPackage
LogonUserExExW
LsaConnectUntrusted

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-security-lsapolicy-l1-1-0

LsaOpenPolicy
LsaClose
LsaFreeMemory
LsaLookupSids

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrChrW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-rtcore-ntuser-private-l1-1-0

GetWindowBand

api-ms-win-rtcore-ntuser-window-l1-1-0

GetPropW
GetWindowThreadProcessId

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CredentialUIBroker.exe
.exe windows:10 windows x64 arch:x64

fd36abac1914c4fe98cbb7d00f9c5cea

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6f:f3:80:cb:44:0e:4d:8d:7c:9c:85:01:a7:bb:21:63:e9:fd:2b:c7:81:ae:5b:ff:6f:8a:cd:77:c0:6e:6a:d2
Signer

Actual PE Digest

6f:f3:80:cb:44:0e:4d:8d:7c:9c:85:01:a7:bb:21:63:e9:fd:2b:c7:81:ae:5b:ff:6f:8a:cd:77:c0:6e:6a:d2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CredentialUIBroker.pdb

Imports

advapi32

EventActivityIdControl
GetTokenInformation
EventUnregister
RegGetValueW
RegOpenKeyExW
CheckTokenMembership
OpenProcessToken
RegEnumKeyExW
EventSetInformation
AllocateAndInitializeSid
EventRegister
EventWriteTransfer
RegQueryInfoKeyW
RegCloseKey

kernel32

GetModuleFileNameA
FindStringOrdinal
InitOnceBeginInitialize
InitOnceExecuteOnce
CreateSemaphoreExW
HeapFree
SetLastError
CreateEventExW
EnterCriticalSection
ReleaseSemaphore
RegisterWaitForSingleObject
GetModuleHandleExW
UnregisterWait
GetProcessId
EncodePointer
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
OpenEventW
ReleaseMutex
OpenProcess
CreateEventW
GetExitCodeThread
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
SetEvent
CloseThreadpoolTimer
InitOnceComplete
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
RaiseException
CreateThreadpoolTimer
CreateThread
HeapAlloc
DecodePointer
GetProcAddress
CreateMutexExW
LocalFree
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
QueryFullProcessImageNameW
DebugBreak
IsDebuggerPresent
DelayLoadFailureHook
ResolveDelayLoadedAPI
GlobalGetAtomNameW

user32

GetWindowThreadProcessId
GetMessageW
ord2521
GetWindowBand
IsWindow
GetWindowRect
IsWindowVisible
GetPropW
GetShellWindow
GetDesktopWindow
DispatchMessageW
TranslateMessage
PostThreadMessageW
PostQuitMessage

msvcrt

__set_app_type
memcmp
_callnewh
malloc
wcschr
_exit
_amsg_exit
_XcptFilter
free
_cexit
__setusermatherr
memcpy
_initterm
__wgetmainargs
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
memmove_s
_purecall
memcpy_s
_vsnwprintf
__CxxFrameHandler3
_commode
_fmode
_wcmdln
__C_specific_handler
exit
memset

shlwapi

SHSetThreadRef

api-ms-win-core-com-l1-1-0

CoReleaseServerProcess
CoTaskMemAlloc
CoCreateGuid
CoWaitForMultipleHandles
StringFromGUID2
CoUninitialize
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoAddRefServerProcess
CoTaskMemFree
CoInitializeEx
CoRegisterClassObject
CoGetCallContext
CoRevokeClassObject
CoResumeClassObjects
CoTaskMemRealloc

oleaut32

SafeArrayGetDim
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetVartype
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayCreateVector
SafeArrayAccessData

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsDuplicateString
WindowsCreateString
WindowsIsStringEmpty
WindowsDeleteString
WindowsStringHasEmbeddedNull

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoRegisterActivationFactories
RoGetActivationFactory
RoUninitialize
RoRevokeActivationFactories

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcess
TerminateProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-security-base-l1-1-0

GetLengthSid
CopySid

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-heap-l2-1-0

LocalAlloc

ntdll

RtlFreeHeap
NtQueryInformationToken
RtlInitUnicodeString
RtlEqualSid
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlIsParentOfChildAppContainer

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CustomInstallExec.exe
.exe windows:10 windows x64 arch:x64

69cb6aaa8e7be4ed6eb03f3cbc946c0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CustomInstallExec.pdb

Imports

msvcp_win

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm_e
_initterm
_c_exit

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsicmp
_o__wtoi
_o__wtoi64
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameW
GetModuleHandleExW
LoadStringW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

CreateMutexExW
ReleaseSRWLockExclusive
CreateSemaphoreExW
ReleaseMutex
OpenSemaphoreW
WaitForSingleObjectEx
WaitForSingleObject
ReleaseSemaphore
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetStartupInfoW
GetCurrentProcess
GetCurrentThreadId
GetExitCodeProcess
TerminateProcess
OpenProcessToken
CreateProcessW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventActivityIdControl
EventRegister

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize
CoInitializeEx

api-ms-win-security-base-l1-1-0

IsValidSid
GetSidSubAuthority
GetTokenInformation
GetSidSubAuthorityCount

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-windowserrorreporting-l1-1-0

WerSetFlags
WerGetFlags

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

ntdll

NtQueryInformationProcess
NtQueryMutant

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-rtcore-ntuser-window-l1-1-0

EnableWindow
AllowSetForegroundWindow
SetWindowTextW
DefWindowProcW
EnumWindows
ShowWindow
SetForegroundWindow
RegisterClassExW
CreateWindowExW
GetWindowThreadProcessId

comctl32

InitCommonControlsEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DFDWiz.exe
.exe windows:10 windows x64 arch:x64

5202942cf3b997c119d156a2b094ad7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DFDWiz.pdb

Imports

advapi32

TraceMessage
OpenProcessToken
RegOpenKeyExW
EventWrite
RegQueryInfoKeyW
RegCloseKey
RegEnumKeyExW
RegDeleteKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
EventRegister
EventUnregister
RegEnumValueW

kernel32

GetCurrentThreadId
HeapAlloc
GetCurrentProcess
CreateFileW
HeapFree
OpenMutexW
GetProcAddress
LocalFree
GetVersionExW
FormatMessageW
GetProcessHeap
HeapSetInformation
RegisterApplicationRestart
Sleep
CloseHandle
OutputDebugStringA
QueryActCtxW
GetModuleHandleExW
GetModuleFileNameW
CreateActCtxW
FindActCtxSectionStringW
LoadLibraryW
ActivateActCtx
GetLastError
DeactivateActCtx
CreateMutexW
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
SetLastError
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
DeviceIoControl
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetVolumePathNamesForVolumeNameW

user32

MessageBoxW

msvcrt

memcmp
__C_specific_handler
memcpy
_vsnwprintf
malloc
_callnewh
free
_XcptFilter
_amsg_exit
_ismbblead
?terminate@@YAXXZ
_commode
_fmode
_acmdln
_initterm
__setusermatherr
memset
_cexit
_exit
exit
__set_app_type
__getmainargs
__CxxFrameHandler4
_wcsicmp

ole32

CoInitializeEx
CoCreateGuid
CoCreateInstance
CoUninitialize
StringFromGUID2

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WinSqmSetDWORD
WinSqmAddToStream
WinSqmStartSession
WinSqmEndSession

setupapi

SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInterfaceDetailW

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DWWIN.EXE
.exe windows:10 windows x64 arch:x64

6de9aebb458fc339355c30bdf7d4cfd8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

dwwin.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm
_initterm_e
_c_exit

api-ms-win-crt-private-l1-1-0

_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsnicmp
_o__wcstoui64
memmove
_o__wtoi
_o__wtoi64
_o_exit
_o_free
_o_isspace
_o_malloc
_o_terminate
_o_tolower
_o_towlower
_o_wcscpy_s
_o_wcstol
__C_specific_handler
__current_exception
__current_exception_context
_o__exit
_o__errno
_o__get_initial_wide_environment
_o__wcsicmp
__CxxFrameHandler4
__std_terminate
wcschr
wcsrchr
wcsstr
__CxxFrameHandler3
_CxxThrowException
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsncmp
memset
wcscmp
wcsnlen

kernel32

ReleaseSRWLockExclusive
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
SetLastError
CreateSemaphoreExW
LocalFree
CreateToolhelp32Snapshot
SearchPathW
IsWow64Process2
GetApplicationRestartSettings
CreateFileMappingW
LoadLibraryExW
GetSystemDirectoryW
GetSystemWow64DirectoryW
FreeLibrary
FreeLibraryAndExitThread
UnmapViewOfFile
MultiByteToWideChar
AcquireSRWLockExclusive
ReleaseMutex
WaitForSingleObjectEx
WaitForMultipleObjectsEx
GetTickCount
SetEvent
WaitForSingleObject
MapViewOfFile
DeleteFileW
Sleep
ExpandEnvironmentStringsW
GetCommandLineW
HeapSetInformation
CloseHandle
OutputDebugStringW
GetProcAddress
DebugBreak
GetModuleFileNameA
GetModuleHandleExW
HeapFree
GetProcessHeap
HeapAlloc
FormatMessageW
OpenSemaphoreW
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
SetEnvironmentVariableW
ReadProcessMemory
QueryFullProcessImageNameW
Module32FirstW
K32GetModuleFileNameExW
Module32NextW
VirtualAlloc
VirtualFree
CreateEventW
IsWow64Process
DuplicateHandle
GetThreadId
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
CreateMutexW
ResetEvent
CompareStringOrdinal
GetWindowsDirectoryW
GetLogicalDriveStringsW
GetPackageFamilyName
GetVersionExW
ResolveDelayLoadedAPI
DelayLoadFailureHook
InitializeCriticalSectionAndSpinCount
GetLastError
CloseThreadpoolTimer
QueryDosDeviceW
GetDriveTypeW
FindClose
K32EnumProcessModules
GlobalMemoryStatusEx
LoadLibraryW
GetUserDefaultUILanguage
GetModuleHandleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
VirtualQueryEx
GetModuleHandleExA
OpenMutexW
OpenEventW

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree

api-ms-win-service-private-l1-1-0

I_QueryTagInformation

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetExitCodeThread
CreateProcessW
GetProcessTimes
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
CreateThread
OpenProcessToken
TerminateProcess
OpenThread
InitializeProcThreadAttributeList
GetProcessId

wer

WerpAddTerminationReason
WerpSetTtdStatus
WerReportCreate
WerReportSubmit
WerReportCloseHandle
WerpGetReportFlags
WerpSetCallBack
WerReportAddDump
WerpPromptUser
WerpCreateIntegratorReportId
WerpSetIntegratorReportId
WerpAddAppCompatData
WerpFreeString
WerpIsTransportAvailable
WerReportSetUIOption
WerReportAddFile
WerReportSetParameter
WerpSetReportFlags

bcrypt

BCryptCreateHash
BCryptFinishHash
BCryptDestroyHash
BCryptHashData

ntdll

RtlFreeSid
NtAlpcSendWaitReceivePort
NtQueryValueKey
NtAlpcConnectPort
RtlInitUnicodeString
RtlAllocateAndInitializeSid
NtQuerySystemInformation
NtClose
NtWaitForSingleObject
NtOpenEvent
RtlDetermineDosPathNameType_U
RtlInitUnicodeStringEx
NtQueryInformationToken
NtQueryInformationProcess
EtwEventWriteNoRegistration
ZwUpdateWnfStateData
DbgPrint
NtSuspendProcess
EtwTraceMessage
RtlGetNtSystemRoot
RtlNtStatusToDosError
NtOpenKey
RtlSetThreadErrorMode
NtCreateFile
NtDeviceIoControlFile
NtAllocateVirtualMemory
NtFreeVirtualMemory
NtSetSystemInformation
RtlGetCurrentTransaction
RtlSetCurrentTransaction
RtlAdjustPrivilege
NtQueryInformationThread
NtWaitForMultipleObjects
RtlFreeHeap
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
ZwQueryInformationThread
RtlCompareUnicodeString
RtlGetUnloadEventTraceEx
NtResumeProcess
DbgPrintEx
RtlImageNtHeaderEx
ZwQueryWnfStateNameInformation

advapi32

RegDeleteKeyA
RegSetKeySecurity
BuildSecurityDescriptorW
RegGetKeySecurity
CreateWellKnownSid
RegDeleteValueW
EventRegister
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
EventUnregister
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegGetValueW
RegCreateKeyExW
RegSetValueExW
OpenSCManagerW
CloseServiceHandle
EventWriteTransfer
RegSetKeyValueW
RegDeleteKeyW

diagnosticdatasettings

TelGetWerTelemetryMode

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-libraryloader-l1-2-0

LoadStringW

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSizeEx
GetFileAttributesW

api-ms-win-security-base-l1-1-0

FreeSid
CheckTokenMembership
AllocateAndInitializeSid

api-ms-win-eventing-provider-l1-1-0

EventSetInformation

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

api-ms-win-service-management-l1-1-0

StartServiceW
OpenServiceW

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

Sections

.text
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataExchangeHost.exe
.exe windows:10 windows x64 arch:x64

49c1ddf00d65adc71a873b54d5ac58d7

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c7:3b:d2:c5:33:bd:84:39:53:49:19:c3:8d:02:a5:3c:43:94:18:8f:f9:11:1c:ad:72:43:8b:95:bc:a5:b0:3b
Signer

Actual PE Digest

c7:3b:d2:c5:33:bd:84:39:53:49:19:c3:8d:02:a5:3c:43:94:18:8f:f9:11:1c:ad:72:43:8b:95:bc:a5:b0:3b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DataExchangeHost.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit

api-ms-win-crt-private-l1-1-0

_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_abort
_o_ceilf
_o_exit
_o_floor
_o_free
_o_iswspace
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
wcschr
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
FindResourceExW
GetModuleHandleExW
LockResource
GetModuleHandleW
FreeLibrary
LoadResource

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
LeaveCriticalSection
AcquireSRWLockShared
CreateEventW
CreateMutexExW
SetEvent
ResetEvent
AcquireSRWLockExclusive
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseSRWLockShared
CreateSemaphoreExW
InitializeCriticalSection
ReleaseMutex
EnterCriticalSection
WaitForSingleObject
DeleteCriticalSection
ReleaseSemaphore
InitializeCriticalSectionEx

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError
SetErrorMode

api-ms-win-core-processthreads-l1-1-0

GetProcessId
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
SetPriorityClass
OpenProcessToken
GetStartupInfoW
GetCurrentThread
OpenThreadToken

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
SetProcessMitigationPolicy
OpenProcess
GetProcessMitigationPolicy

api-ms-win-core-com-l1-1-0

CoIncrementMTAUsage
CoRegisterClassObject
CoDecrementMTAUsage
CoUninitialize
CoFreeUnusedLibrariesEx
CoInitializeEx
CoResumeClassObjects
CoCreateInstance
CoCancelCall
CoInitializeSecurity
CoEnableCallCancellation
CoCreateFreeThreadedMarshaler
CoTaskMemRealloc
CoGetCallerTID
CoTaskMemFree
CoReleaseServerProcess
CoTaskMemAlloc
CoMarshalInterface
CreateStreamOnHGlobal
CoReleaseMarshalData
CoAddRefServerProcess
CoGetMalloc
CoRevokeClassObject
CoMarshalInterThreadInterfaceInStream
CoUnmarshalInterface
CoDisableCallCancellation
CoGetCallContext

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoRegisterActivationFactories
RoRevokeActivationFactories
RoActivateInstance

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError
RoTransformError
GetRestrictedErrorInfo
SetRestrictedErrorInfo

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString
WindowsGetStringLen
WindowsCreateString
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-security-base-l1-1-0

GetTokenInformation
GetSidSubAuthority
DuplicateTokenEx

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-heap-obsolete-l1-1-0

GlobalSize
GlobalUnlock
GlobalLock

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

ntdll

RtlFreeHeap
ZwQueryWnfStateData
RtlNtStatusToDosError
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
RtlInitUnicodeString
RtlAllocateHeap
RtlPublishWnfStateData
NtQueryInformationToken

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-shcore-stream-winrt-l1-1-0

CreateStreamOverRandomAccessStream

api-ms-win-shcore-stream-l1-1-0

IStream_Read
IStream_Reset
IStream_Size

api-ms-win-core-debug-l1-1-1

CheckRemoteDebuggerPresent

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-rtcore-ntuser-window-l1-1-0

SetTimer
DefWindowProcW
ShowWindow
PostMessageW
SendMessageW
UnregisterClassW
DestroyWindow
GetWindowLongPtrW
TranslateMessage
SetForegroundWindow
WindowFromPoint
GetMessageW
GetParent
GetWindowThreadProcessId
GetDesktopWindow
AllowSetForegroundWindow
GetWindowRect
GetPropW
SetWindowLongPtrW
CreateWindowExW
RegisterClassExW
GetClassInfoExW
DispatchMessageW
GetWindowLongW
ClientToScreen
GetForegroundWindow
ScreenToClient

d2d1

ord7

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics

d3d11

D3D11CreateDevice

api-ms-win-rtcore-ntuser-private-l1-1-0

CreateWindowInBand

dwrite

DWriteCreateFactory

api-ms-win-rtcore-ntuser-clipboard-l1-1-0

GetClipboardFormatNameW

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFullName

combase

ord69
ord99

twinapi

ord11
ord12

dcomp

ord1019
DCompositionCreateDevice2

user32

ord2550
GetTopLevelWindow
ord2557
SetCapture
GetCapture
IsIconic
ord2521
AttachThreadInput
GetSysColor
GetAsyncKeyState
SetProcessDefaultLayout
GetWindowDpiAwarenessContext
ReleaseCapture
SendInput

msvcp_win

?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

oleaut32

SetErrorInfo
GetErrorInfo
SysFreeString
SysStringLen
SysAllocString

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Sections

.text
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataStoreCacheDumpTool.exe
.exe windows:10 windows x64 arch:x64

92d24aaef3eb74338a5a2498bef83307

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DataStoreCacheDumpTool.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_register_thread_local_exe_atexit_callback
_initterm_e
_c_exit

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__exit
_o__fileno
_o__get_errno
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_errno
_o__set_fmode
_o__set_new_mode
_o__setmode
memmove
_o__configure_wide_argv
_o__wfopen
_o_ceilf
_o_exit
_o_fclose
_o_free
_o_malloc
_o_sqrt
_o_terminate
_o_towupper
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__callnewh
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler4
_o__configthreadlocale
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o___p__commode
_o___p___wargv
_o___p___argc
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW
FreeLibrary

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

SetEvent
InitializeCriticalSectionEx
AcquireSRWLockExclusive
LeaveCriticalSection
ReleaseSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseMutex
CreateMutexExW
AcquireSRWLockShared
ReleaseSemaphore
DeleteCriticalSection
WaitForSingleObject
EnterCriticalSection
CreateEventExW
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
ResetEvent
CreateEventW
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc
CoWaitForMultipleHandles
StringFromGUID2
CoUninitialize
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemRealloc
CoInitializeEx

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
OpenThreadToken
TerminateProcess
GetCurrentThread

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-shell-shdirectory-l1-1-0

ord290

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-path-l1-1-0

PathCchCanonicalizeEx
PathCchRemoveFileSpec

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDuplicateString
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsFileSpecW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSize
ReadFile

api-ms-win-shcore-stream-l1-1-0

IStream_Reset
IStream_Read
SHCreateMemStream
IStream_Size

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Defrag.exe
.exe windows:10 windows x64 arch:x64

98b596156d97a7ea63632cfc56d4c734

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

defrag.pdb

Imports

msvcrt

localeconv
_wsetlocale
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
exit
fclose
_vsnwprintf
memcpy_s
_exit
sprintf_s
_cexit
__setusermatherr
_initterm
swscanf_s
iswspace
_vscwprintf
_callnewh
strchr
wcschr
__iob_func
_fmode
_commode
_lock
_unlock
__dllonexit
_onexit
wprintf
__CxxFrameHandler3
_wcsicmp
?terminate@@YAXXZ
memmove
free
fflush
fputws
malloc
memcpy
mbtowc
_wfopen
__C_specific_handler
memset

ntdll

RtlGetPersistedStateLocation
RtlGetLastNtStatus
RtlSetThreadErrorMode
RtlNtStatusToDosError
EtwTraceMessage
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlFreeHeap
RtlAllocateHeap
RtlCaptureStackBackTrace

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString
SysStringLen

api-ms-win-core-file-l1-1-0

GetFileAttributesW
GetVolumeInformationW
ReadFile
CreateDirectoryW
CreateFileW
WriteFile
GetVolumePathNameW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
GetTempFileNameW
GetFullPathNameW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
RegisterTraceGuidsW
TraceMessage
UnregisterTraceGuids
GetTraceEnableLevel
GetTraceEnableFlags

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler
GetConsoleOutputCP

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentProcess
CreateThread
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoDisconnectObject
CoCreateGuid

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount
GetTickCount64
GetVersionExW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
EnterCriticalSection
CreateEventW
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
ResetEvent
SetEvent

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW
LoadStringW
GetModuleHandleW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSetInformation

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation

rpcrt4

UuidCreate

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-security-base-l1-1-0

IsWellKnownSid
GetTokenInformation

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

sxshared

SxTracerDebuggerBreak
SxTracerGetThreadContextRetail
SxTracerShouldTrackFailure

api-ms-win-eventing-controller-l1-1-0

StartTraceW
EnableTraceEx2
ControlTraceW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW

api-ms-win-eventlog-legacy-l1-1-0

RegisterEventSourceW
ReportEventW
DeregisterEventSource

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DeviceCensus.exe
.exe windows:10 windows x64 arch:x64

86b4280694b52b3c66cdb513f7e556f9

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:f6:7b:a5:cb:84:11:3b:d5:4d:ad:24:01:ff:af:1c:01:14:2d:9b:81:11:91:e7:ce:fd:e6:53:fd:c1:7f:b4
Signer

Actual PE Digest

0c:f6:7b:a5:cb:84:11:3b:d5:4d:ad:24:01:ff:af:1c:01:14:2d:9b:81:11:91:e7:ce:fd:e6:53:fd:c1:7f:b4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DeviceCensus.pdb

Imports

msvcrt

iswdigit
_wcsnicmp
wcsrchr
strcpy_s
??_V@YAXPEAX@Z
_wtof
_vsnprintf
memcmp
wcscmp
strncmp
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_wtoi64
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_wcmdln
__C_specific_handler
_wtoi
_initterm
wcsstr
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
wcscpy_s
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
_vsnwprintf
??0exception@@QEAA@AEBQEBD@Z
_wcslwr
_callnewh
malloc
_purecall
_wcsicmp
wcscat_s
memset
strchr
__CxxFrameHandler3
sprintf_s
wcschr
??3@YAXPEAX@Z

ntdll

RtlVerifyVersionInfo
LdrResSearchResource
ZwMapViewOfSection
ZwUnmapViewOfSection
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
ZwCreateSection
ZwQueryInformationFile
ZwCreateFile
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwEnumerateKey
ZwOpenKey
RtlFreeUnicodeString
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEqualString
ZwClose
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlLeaveCriticalSection
RtlFreeHeap
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlAllocateHeap
RtlDeleteCriticalSection
VerSetConditionMask
RtlImageDirectoryEntryToData
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtCreateFile
RtlInitString
NtQueryInformationFile
NtClose
RtlInitUnicodeString
RtlDosPathNameToRelativeNtPathName_U_WithStatus
LdrGetDllHandle
LdrGetProcedureAddress
RtlDosPathNameToNtPathName_U_WithStatus

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
GetModuleHandleExA
LoadLibraryExW
GetModuleFileNameW
GetProcAddress
SetDefaultDllDirectories
FreeLibrary

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetStartupInfoW
ExitProcess
CreateProcessAsUserW

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteTreeW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
CreateMutexW
ReleaseMutex

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryW

dcntel

GetCensusRegistryLocation
SetCustomTrigger
RunSystemContextCensus
RunUserContextCensus
SetCustomTriggerEx

api-ms-win-downlevel-kernel32-l2-1-0

GlobalFree

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapReAlloc
HeapAlloc

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpGetDefaultProxyConfiguration
WinHttpReceiveResponse
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryAuthSchemes
WinHttpSendRequest
WinHttpSetCredentials
WinHttpOpen
WinHttpCloseHandle
WinHttpSetOption
WinHttpOpenRequest
WinHttpQueryHeaders

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileTime
WriteFile
GetFileAttributesW

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
RevertToSelf

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-security-credentials-l1-1-0

CredReadW
CredFree

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
DebugBreak
IsDebuggerPresent

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DeviceCredentialDeployment.exe
.exe windows:10 windows x64 arch:x64

5d141d32c221fc5c3ade28146162bdaf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DeviceCredentialDeployment.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o__wcsicmp
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_CxxThrowException
__CxxFrameHandler3
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
__std_terminate
__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

memset

devicecredential

DeviceCredentialScanDeploymentData
DeviceCredentialUpdateDeploymentData

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleExA
GetProcAddress

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
WaitForSingleObject
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateSemaphoreExW
CreateMutexExW
ReleaseMutex
CreateEventExW
SetEvent

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetExitCodeThread
CreateThread
GetCurrentThreadId
GetCurrentProcess
OpenProcessToken
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegGetValueW
RegQueryInfoKeyW
RegOpenKeyExW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoUninitialize
RoInitialize
RoGetActivationFactory

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification

api-ms-win-core-console-l3-2-0

GetConsoleWindow

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-security-base-l1-1-0

EqualSid
GetTokenInformation

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId

api-ms-win-security-lsalookup-l1-1-0

LookupAccountNameLocalW
LookupAccountSidLocalW

api-ms-win-rtcore-ntuser-powermanagement-l1-1-0

UnregisterPowerSettingNotification

ntdll

RtlGetDeviceFamilyInfoEnum
RtlInitUnicodeString
RtlDeriveCapabilitySidsFromName

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DeviceEject.exe
.exe windows:10 windows x64 arch:x64

4e97873b8af6e0ccfd6b969879df565b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DeviceEject.pdb

Imports

msvcrt

__set_app_type
swscanf
_amsg_exit
?terminate@@YAXXZ
_commode
_fmode
_acmdln
_XcptFilter
_initterm
__setusermatherr
_ismbblead
_cexit
exit
_exit
__getmainargs
__C_specific_handler

ntdll

RtlCaptureContext
RtlNtStatusToDosError
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
CheckTokenMembership
FreeSid

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
GetProcAddress

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
ExitProcess
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

shell32

CommandLineToArgvW

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DeviceEnroller.exe
.exe windows:10 windows x64 arch:x64

8f663f6063278af99491b7b7ab582628

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

deviceenroller.pdb

Imports

msvcp110_win

?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?_BADOFF@std@@3_JB
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Add_vtordisp1@?$basic_ios@GU?$char_traits@G@std@@@std@@UEAAXXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Add_vtordisp2@?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAAXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?endl@std@@YAAEAV?$basic_ostream@GU?$char_traits@G@std@@@1@AEAV21@@Z

msvcrt

memmove
memcpy
?terminate@@YAXXZ
__CxxFrameHandler3
srand
rand
_vsnwprintf_s
wcstod
sprintf_s
_wtoi
swprintf_s
_wcsnicmp
wcsncmp
_commode
_fmode
_acmdln
_initterm
__setusermatherr
memcmp
_CxxThrowException
memset
??3@YAXPEAX@Z
__CxxFrameHandler4
??_V@YAXPEAX@Z
_vsnwprintf
memcpy_s
_purecall
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
__C_specific_handler
_wcsicmp
wcsstr
free
memmove_s
malloc
wcsncpy_s
_callnewh
_XcptFilter
_ismbblead
_amsg_exit
__getmainargs
__set_app_type
exit
_cexit
realloc
_errno
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_exit
_lock

dmenrollengine

GetEnrollmentAuthPolicy
GetEnrollmentCertStore
GetEnrollmentSID
GetEnrollmentPartnerOpaqueID
GetEnrollmentState
GetEnrollmentEntDmId
GetEnrollmentAadResourceUrl
GetEnrollmentClientCertThumbprint
ord7
MmpcDiscoverEndpoint
ord3
ord1
GetEnrollmentType
SetEnrollState
EnrollEngineInitialize
GetIsRecoveryAllowed
ord10
SetMmpcEnrollmentFlag

dmcmnutils

OmaDmRegistryGetDWORD
OmaDmRegistryDeleteValue
DmImpersonate
DmRevertToSelf
MBToUnicode
UnicodeToMB
DmRemoveToastNotification
SafeWideCharToMultiByte
OmaDmRegistryGetAllSubKeys
OmaDmRegistrySetDWORD
OmDmRegistryAllocAndGetString
OmaDmRegistrySetString
OmaDmRegistrySetBinary
BigStrcat
DmRaiseToastNotificationAndWait
DmDisableTask
DmRaiseToastNotification
CopyString
HexStringToBinary
DmGetAadUserToken
OmaDmRegistryGetString
DmGetAadDeviceToken
InvStrCmpIW
DmGetActiveUserSid
DmDeleteTask
DmGetCurrentUserSid
DmRemoveToastNotificationByExecutablePath

omadmapi

ord64
ord105
ord22
ord103
ord102
ord114
ord104
ord119
ord54
ord117
ord23
ord118
ord52
ord34
ord101
ord18
ord37
ord56
ord47

ntdll

NtCreateWnfStateName
NtDeleteWnfStateName
RtlNtStatusToDosErrorNoTeb
RtlGetDeviceFamilyInfoEnum
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlNtStatusToDosError
RtlIsStateSeparationEnabled
RtlIsMultiUsersInSessionSku

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

combase

ord154
ord69

umpdc

PdcActivationClientRegister
PdcActivationClientActivityRequest
PdcActivationClientUnregister

xmllite

CreateXmlReader
CreateXmlReaderInputWithEncodingName

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

dmenterprisediagnostics

RecordDiagnosticsError

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleW
FindResourceExW
FreeLibrary
SizeofResource
GetModuleFileNameA
GetModuleHandleExW
LockResource
LoadResource
LoadStringW
LoadLibraryExW
GetProcAddress

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
ResetEvent
CreateEventW
WaitForMultipleObjectsEx
CreateSemaphoreExW
CreateEventExW
ReleaseSemaphore
DeleteCriticalSection
WaitForSingleObject
AcquireSRWLockShared
ReleaseMutex
SetEvent
WaitForSingleObjectEx
OpenSemaphoreW
OpenEventW
CreateMutexExW
ReleaseSRWLockShared
ReleaseSRWLockExclusive
EnterCriticalSection
AcquireSRWLockExclusive
InitializeCriticalSection
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsCreateString
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
GetCurrentThreadId
OpenThreadToken
GetCurrentProcessId
TerminateProcess
GetStartupInfoW
GetCurrentProcess
OpenProcessToken
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoInitialize
RoActivateInstance
RoUninitialize

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

VariantClear
SafeArrayCreate
VariantTimeToSystemTime
VariantInit
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayUnlock
SafeArrayGetLBound
SysAllocStringLen
VariantChangeTypeEx
SysStringByteLen
SysAllocStringByteLen
SafeArrayLock
VarUI4FromStr
SysFreeString
SysAllocString

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW
LookupAccountNameW
LookupAccountSidW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegGetValueW
RegDeleteTreeW
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegOpenCurrentUser
RegCloseKey
RegQueryInfoKeyW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

samcli

NetUserGetInfo
NetLocalGroupGetMembers
NetLocalGroupAddMembers

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-url-l1-1-0

UrlUnescapeW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA
lstrcmpiW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
RevertToSelf
ImpersonateLoggedOnUser
GetLengthSid
GetTokenInformation
CopySid

netutils

NetApiBufferFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetTickCount64
GetSystemTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-file-l1-1-0

CompareFileTime
FileTimeToLocalFileTime

sspicli

GetUserNameExW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

crypt32

CertOpenStore
CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext

declaredconfiguration

DMOrchestratorRefresh
DMOrchestratorRefreshPerEnrollment

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 340KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DevicePairingWizard.exe
.exe windows:10 windows x64 arch:x64

4318216c7afdbdded5fc74dc39e9d6b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DevicePairingWizard.pdb

Imports

advapi32

EventUnregister
EventSetInformation
EventRegister
EventActivityIdControl
EventWriteTransfer

kernel32

GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
InitOnceBeginInitialize
InitOnceComplete
ReleaseSRWLockExclusive
AcquireSRWLockExclusive

mfc42u

ord6887
ord4598
ord5039
ord659
ord1063
ord4214
ord6886
ord665
ord2752
ord3916
ord4770
ord4983
ord4371
ord3164
ord4077
ord4083
ord4082
ord3046
ord3166
ord3052
ord3366
ord3231
ord4815
ord3362
ord3243
ord3049
ord6053
ord5711
ord5730
ord5065
ord4368
ord5724
ord5722
ord3468
ord2412
ord5615
ord1388
ord4191
ord6071
ord2515
ord2559
ord4836
ord6813
ord1584
ord1463

msvcrt

_wcmdln
_fmode
_commode
?terminate@@YAXXZ
__C_specific_handler
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_CxxThrowException
_purecall
isspace
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_lock
_vsnwprintf
__CxxFrameHandler4
memset

shlwapi

StrCmpNIW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoCreateInstance

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DeviceProperties.exe
.exe windows:10 windows x64 arch:x64

987dcee8e6ad88968255da46f110a7cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DeviceProperties.pdb

Imports

kernel32

HeapSetInformation
GetProcAddress
FreeLibrary
LoadLibraryW

user32

IsWindow

msvcrt

_commode
_fmode
__C_specific_handler
?terminate@@YAXXZ
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_wtoi64

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DiskSnapshot.exe
.exe windows:10 windows x64 arch:x64

9be1e8d7c5d5b113af20c778ef464358

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DiskSnapshot.pdb

Imports

msvcp_win

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o___p___argc
_o__wcsdup
_o__wcslwr_s
_o__wfopen
_o__wstat64i32
_o_exit
_o_fclose
_o_fputws
_o_fread
_o_free
_o_malloc
_o_rand
_o_srand
_o_terminate
_o_towlower
_o_wmemcpy_s
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vfwprintf
_o___acrt_iob_func
wcsstr
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
_o___p__commode
wcsrchr
wcschr
_o___p___wargv
memmove
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
RtlGetVersion
RtlOsDeploymentState
RtlGetDeviceFamilyInfoEnum

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
GetCommandLineW

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegGetValueW

api-ms-win-core-com-l1-1-0

CoCreateInstance

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventUnregister
EventActivityIdControl
EventRegister

rpcrt4

UuidFromStringW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l1-1-0

GetDiskFreeSpaceExW
CreateFileW
ReadFile

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime

api-ms-win-core-synch-l1-1-0

OpenMutexW
ReleaseMutex
WaitForSingleObject
CreateMutexW

crypt32

CryptBinaryToStringW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

cryptsp

CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptAcquireContextW
CryptCreateHash

diagnosticdatasettings

TelIsTelemetryTypeAllowed

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dism.exe
.exe windows:10 windows x64 arch:x64

0c7cc741031976239ac51d2d6c37c885

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

88:4b:78:b4:d1:56:a8:e2:42:b5:ed:fd:c8:1c:3d:10:a3:cb:9a:c2:de:85:cb:ee:79:91:68:b7:3c:b0:bd:49
Signer

Actual PE Digest

88:4b:78:b4:d1:56:a8:e2:42:b5:ed:fd:c8:1c:3d:10:a3:cb:9a:c2:de:85:cb:ee:79:91:68:b7:3c:b0:bd:49

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

Dism.pdb

Imports

msvcrt

?terminate@@YAXXZ
__RTDynamicCast
memcmp
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
_onexit
_errno
realloc
memset
_commode
wcsstr
wcsncmp
_wcsnicmp
iswalpha
towlower
_snwscanf_s
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
wcscpy_s
wcsrchr
calloc
malloc
_purecall
_wcsicmp
free
_vsnwprintf
towupper
_getwch
vswprintf_s
_vscwprintf
_wcslwr_s
wcschr
wprintf
memmove_s
memcpy_s
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler3
??3@YAXPEAX@Z
wcscmp

advapi32

IsValidSecurityDescriptor
GetAclInformation
InitializeAcl
AddAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
IsValidSid
CopySid
GetLengthSid
TraceEvent
AdjustTokenPrivileges
LookupPrivilegeValueW
EventActivityIdControl
OpenProcessToken
InitiateSystemShutdownExW
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
EventUnregister
EventRegister
EventWriteTransfer
UnregisterTraceGuids

kernel32

WaitForSingleObject
LoadLibraryExW
SearchPathW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetFileInformationByHandleEx
DeviceIoControl
SetFileAttributesW
SetFileInformationByHandle
DeleteFileW
CopyFileExW
GetLongPathNameW
GetFinalPathNameByHandleW
GetDriveTypeW
GetVersionExW
GetProcAddress
GetModuleHandleW
GetModuleHandleExW
FreeLibrary
InitializeCriticalSection
EnterCriticalSection
SetEvent
LeaveCriticalSection
GetLastError
CloseHandle
SetThreadUILanguage
SetErrorMode
SetConsoleCtrlHandler
OutputDebugStringW
GetCommandLineW
HeapFree
GetProcessHeap
Sleep
GetCurrentProcess
DeleteCriticalSection
RaiseException
GetCurrentThreadId
CompareStringW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetStdHandle
HeapAlloc
WriteConsoleW
LocalAlloc
WideCharToMultiByte
WriteFile
LocalFree
GetFileType
GetConsoleMode
GetModuleFileNameW
IsWow64Process
FormatMessageW
GetFileAttributesW
SetLastError
CreateFileW
MultiByteToWideChar
GetSystemInfo
HeapSize
HeapReAlloc
HeapDestroy
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
OutputDebugStringA
GetSystemWindowsDirectoryW
ExpandEnvironmentStringsW
GetTempFileNameW
GetFullPathNameW
CreateDirectoryW
GetFileInformationByHandle
FindFirstFileW
FindNextFileW
FindClose

ole32

CoInitializeSecurity
CoCreateInstance
CoInitializeEx
CoUninitialize

user32

CharLowerBuffW

oleaut32

SysAllocStringLen
SysAllocString
GetErrorInfo
SysStringByteLen
LoadTypeLi
LoadRegTypeLi
SysAllocStringByteLen
VarBstrCmp
SysStringLen
VariantClear
SysFreeString

version

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

ntdll

RtlGetVersion
RtlAllocateHeap
RtlFreeHeap
NtSetInformationFile
RtlNtStatusToDosError

Sections

.text
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DisplaySwitch.exe
.exe windows:10 windows x64 arch:x64

b5497f281075262bf2222deffb0842a8

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:e7:ed:a7:08:c5:af:52:62:d5:af:be:e8:c4:83:a9:c1:f7:d8:ae:24:49:4e:19:80:2c:02:e7:4b:3d:04:ec
Signer

Actual PE Digest

33:e7:ed:a7:08:c5:af:52:62:d5:af:be:e8:c4:83:a9:c1:f7:d8:ae:24:49:4e:19:80:2c:02:e7:4b:3d:04:ec

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DisplaySwitch.pdb

Imports

advapi32

EventRegister
EventWriteTransfer
EventUnregister
RegGetValueW

kernel32

CompareStringOrdinal
GetCurrentThreadId
DecodePointer
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
RaiseException
InitOnceExecuteOnce
EncodePointer
ReleaseSRWLockShared
LocalFree
GetCommandLineW
LoadLibraryW
AcquireSRWLockShared

user32

DispatchMessageW
TranslateMessage
GetMessageW
SetDisplayConfig
SystemParametersInfoW
PostThreadMessageW

msvcrt

_callnewh
memcpy
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
memset
__CxxFrameHandler3
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
free
_purecall
malloc
wcscmp

policymanager

PolicyManager_GetPolicyInt

api-ms-win-core-com-l1-1-0

CoRevokeClassObject
CoRegisterClassObject
CoInitializeEx
CoUninitialize
CoReleaseServerProcess
CoResumeClassObjects
CoAddRefServerProcess

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoRegisterActivationFactories
RoActivateInstance

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsCreateStringReference
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetStartupInfoW
GetCurrentProcessId

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-heap-l2-1-0

LocalAlloc

api-ms-win-core-handle-l1-1-0

CloseHandle

combase

ord140

imm32

ImmDisableIME

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DmNotificationBroker.exe
.exe windows:10 windows x64 arch:x64

d0eed94b0572995c402050a0f22efdd9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DmNotificationBroker.pdb

Imports

msvcrt

__CxxFrameHandler3
malloc
free
_purecall
__CxxFrameHandler4
??3@YAXPEAX@Z
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_wcsicmp
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
memset

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemAlloc
CoUninitialize
CoInitializeEx

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
CreateThread
GetCurrentProcess
TerminateProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

dmcmnutils

CopyString

api-ms-win-core-synch-l1-1-0

WaitForSingleObject

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

RpcBindingBind
RpcBindingCreateW
I_RpcExceptionFilter
NdrClientCall3
RpcBindingFree

user32

TranslateMessage
GetMessageW
DispatchMessageW

dui70

?GetEncodedContentString@Element@DirectUI@@QEAAJPEAG_K@Z
StrToID
?GetClassInfoPtr@RichText@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@TouchEdit2@DirectUI@@SAPEAUIClassInfo@2@XZ
UnInitProcessPriv
UnInitThread
InitThread
InitProcessPriv
?CreateBool@Value@DirectUI@@SAPEAV12@_N@Z
?VisibleProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?CreateString@Value@DirectUI@@SAPEAV12@PEBGPEAUHINSTANCE__@@@Z
?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z
?ContentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?_ZeroRelease@Value@DirectUI@@AEAAXXZ
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJPEBGPEAUHINSTANCE__@@1@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z

windows.ui.immersive

ord101
ord100

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DmOmaCpMo.exe
.exe windows:10 windows x64 arch:x64

fb57288d7c55d8bf30f716775133361d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DmOmaCpMo.pdb

Imports

msvcrt

__CxxFrameHandler3
sprintf_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
memset
_callnewh
_CxxThrowException
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_commode
_fmode
_acmdln
__C_specific_handler
malloc
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
__CxxFrameHandler4
??3@YAXPEAX@Z

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventActivityIdControl
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-file-l1-1-0

GetFileSize
ReadFile

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CLSIDFromString
StringFromGUID2
CoUninitialize

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

SysFreeString

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetStartupInfoW
TerminateProcess
GetCurrentThreadId

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

omadmapi

ord64
ord44

dmcmnutils

CopyString

dmprocessxmlfiltered

MdmProcessConfigXmlWithAttributes

dsclient

DSOpenSharedFile

rpcrt4

UuidCreate
UuidFromStringW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoActivateInstance
RoUninitialize

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-synch-l1-1-0

ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateMutexExW
CreateSemaphoreExW
WaitForSingleObjectEx
OpenSemaphoreW

dmenrollengine

GetEnrollmentType

msvcp110_win

?_Xbad_alloc@std@@YAXXZ

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DpiScaling.exe
.exe windows:10 windows x64 arch:x64

79af10fa7c10573b0b9b52f39c28b0f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DpiScaling.pdb

Imports

user32

LoadStringW

msvcrt

_cexit
?terminate@@YAXXZ
_XcptFilter
_amsg_exit
__wgetmainargs
_commode
_fmode
_wcmdln
__C_specific_handler
__set_app_type
exit
_initterm
__setusermatherr
_exit

shell32

ord100

shlwapi

ord388

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetStartupInfoW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

ole32

CoInitialize

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DsmUserTask.exe
.exe windows:10 windows x64 arch:x64

e9e1e7ed50db9ada213851ae8275b09b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DsmUserTask.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_register_thread_local_exe_atexit_callback
_c_exit

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o___stdio_common_vswscanf
_o_exit
_o_free
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___stdio_common_vswprintf
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
_o___p__commode
_o___stdio_common_vsnprintf_s
wcschr
_CxxThrowException

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
TraceMessage
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
UnregisterTraceGuids

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoCreateInstance
CoTaskMemFree
CLSIDFromString
CoTaskMemAlloc
CoUninitialize

api-ms-win-devices-query-l1-1-0

DevFreeObjectProperties
DevFreeObjects
DevGetObjectProperties
DevFindProperty
DevGetObjects

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
LoadStringW
GetProcAddress

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dxpserver.exe
.exe windows:10 windows x64 arch:x64

4926a7facf2ef3edc80f14ef0915c02b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DXPServer.pdb

Imports

advapi32

TraceMessage
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
EventRegister
EventUnregister
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegNotifyChangeKeyValue
EventWriteTransfer
EventSetInformation
EventActivityIdControl
RegGetValueW
RegQueryValueExW

kernel32

GetModuleHandleW
lstrcmpiW
RaiseException
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
GetTickCount
WaitForSingleObject
ReleaseSemaphore
SetLastError
CreateSemaphoreW
CreateMutexW
CreateEventW
SetEvent
GetCommandLineW
GetCurrentThreadId
CreateThread
Sleep
FormatMessageW
LoadLibraryExW
GetProcessHeap
HeapFree
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
IsDebuggerPresent
CloseHandle
ResetEvent
ReleaseMutex
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForSingleObjectEx
AcquireSRWLockExclusive
OpenSemaphoreW
CreateThreadpoolTimer
GetSystemTimeAsFileTime
InitOnceBeginInitialize
GetCurrentProcessId
CreateMutexExW
InitOnceComplete
CreateSemaphoreExW
ReleaseSRWLockExclusive
ExpandEnvironmentStringsW
LocalFree
InitializeCriticalSectionAndSpinCount
GetProcAddress
FreeLibrary
FindClose
FindNextFileW
MoveFileW
CopyFileExW
SetFileAttributesW
HeapAlloc
GetLastError
CreateFileW
CompareStringOrdinal
GetCurrentProcess
VirtualAlloc
LoadLibraryExA
EncodePointer
DecodePointer
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
InitializeSListHead
GetStartupInfoW
SystemTimeToFileTime
GetUserGeoID
GetUserDefaultLCID
GetSystemDefaultLCID
LCIDToLocaleName
LCMapStringW
GetSystemInfo
CompareFileTime
GetFileMUIPath
GetFileAttributesW
SetFilePointer
FindFirstFileW
OutputDebugStringW
VirtualFree

gdi32

CreateCompatibleBitmap
DeleteDC
SetLayout
SelectObject
CreateCompatibleDC
DeleteObject
CreateDIBSection
CreateRectRgn

user32

SetWindowRgn
ShowWindow
CheckMenuItem
DeleteMenu
ModifyMenuW
InsertMenuW
LoadStringW
GetSystemMenu
GetIconInfo
IsWindowUnicode
GetMessageA
IsIconic
PostQuitMessage
DrawIconEx
CreateIconIndirect
DestroyIcon
EnumWindows
RegisterClassExW
SetWindowTextW
DispatchMessageA
CharUpperW
PostThreadMessageW
GetMessageW
MsgWaitForMultipleObjects
DispatchMessageW
GetWindowLongW
DefWindowProcW
PostMessageW
GetMenuState
LoadImageW
SendMessageW
UnregisterClassA
GetSystemMetrics
TranslateMessage
PeekMessageW
CharNextW
CallWindowProcW
GetWindowLongPtrW
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
SetWindowLongPtrW
CreateWindowExW

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_initterm
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_bsearch
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_memcpy_s
_o_qsort
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstoul
__current_exception
__current_exception_context
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___p__commode
__C_specific_handler
_o__cexit
_o__callnewh
memcmp
memcpy
memmove

ole32

CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateGuid
CoCreateInstance
CoResumeClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoSuspendClassObjects
CoUnmarshalInterface
PropVariantClear
CoDisconnectObject
CoMarshalInterThreadInterfaceInStream
PropVariantCopy
CoFreeUnusedLibrariesEx

oleaut32

VariantChangeType
SysStringLen
RegisterTypeLi
LoadTypeLi
SysAllocString
VariantClear
SysFreeString
VarUI4FromStr
UnRegisterTypeLi
VariantInit

shlwapi

PathFileExistsW
PathAppendW
ord615
ord487
SHCreateStreamOnFileEx
SHStrDupW
ord16
UrlEscapeW
SHCreateStreamOnFileW
PathParseIconLocationW
PathRemoveFileSpecW

propsys

StgDeserializePropVariant
PropVariantToGUID
PSCreateMemoryPropertyStore
PropVariantCompareEx
PSGetPropertyDescriptionByName
PSGetPropertyDescriptionListFromString
PropVariantChangeType
PropVariantToStringAlloc
PSGetPropertyKeyFromName

shell32

SHParseDisplayName
ord165
SHQueryUserNotificationState
ShellExecuteExW
ord155
SHCreateShellItemArrayFromIDLists
ord6
Shell_NotifyIconW
SHGetPropertyStoreForWindow

dwmapi

DwmSetIconicThumbnail
DwmSetWindowAttribute

gdiplus

GdipSetSmoothingMode
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdiplusShutdown
GdipFree
GdipDisposeImage
GdipDrawImageRectI
GdipCloneImage
GdipCreateBitmapFromFile
GdiplusStartup
GdipDeleteGraphics
GdipAlloc

ntdll

RtlGetNativeSystemInformation
WinSqmIsOptedIn
WinSqmIncrementDWORD
WinSqmSetDWORD
WinSqmEndSession
WinSqmAddToStreamEx
WinSqmStartSession
RtlCaptureContext
RtlVirtualUnwind
WinSqmSetString
RtlLookupFunctionEntry

xmllite

CreateXmlReader

rpcrt4

UuidFromStringW

msi

ord113

crypt32

CertVerifyCertificateChainPolicy

wintrust

CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
WinVerifyTrustEx
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

Sections

.text
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EASPolicyManagerBrokerHost.exe
.exe windows:10 windows x64 arch:x64

e34e6b6ca6ace145f61de3c05664d68d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

EASPolicyManagerBrokerHost.pdb

Imports

msvcrt

_exit
__CxxFrameHandler3
?terminate@@YAXXZ
memcpy
_callnewh
malloc
_vsnwprintf
free
_vsnwprintf_s
_XcptFilter
_amsg_exit
_vscwprintf
_wcsicmp
exit
_unlock
__dllonexit
_purecall
_lock
_cexit
_initterm
__C_specific_handler
_strnicmp
_fmode
__wgetmainargs
__set_app_type
memcpy_s
_commode
_onexit
__setusermatherr
memset

ntdll

RtlCaptureContext
RtlReportException
RtlVirtualUnwind
RtlLookupFunctionEntry

combase

ord69

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
CreateEventW
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseMutex
CreateMutexExW
WaitForSingleObjectEx
AcquireSRWLockShared
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
OpenThreadToken
TerminateProcess
GetCurrentThreadId
GetCurrentThread
ProcessIdToSessionId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
Sleep
InitOnceExecuteOnce
InitOnceComplete

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification
PowerSettingUnregisterNotification

api-ms-win-core-com-l1-1-0

CoUninitialize
CoReleaseServerProcess
CoAddRefServerProcess
CoResumeClassObjects
StringFromGUID2
CoDisconnectContext
CoTaskMemFree
CoInitializeEx
CoRegisterClassObject
CoRevertToSelf
CoImpersonateClient
CoRevokeClassObject
CoWaitForMultipleObjects
CoInitializeSecurity
CoCreateInstance

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoRegisterActivationFactories

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsDeleteString
WindowsCreateString

oleaut32

SysAllocStringLen
SysAllocString
SysFreeString

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegGetValueW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-base-l1-1-0

AccessCheck

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

policymanager

EnterprisePolicyManagerStore_GetAllProviderContextSidAreas

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EDPCleanup.exe
.exe windows:10 windows x64 arch:x64

edb47c1ca227688c707b0e25e5b9df56

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

EDPCleanup.pdb

Imports

msvcp110_win

?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?endl@std@@YAAEAV?$basic_ostream@GU?$char_traits@G@std@@@1@AEAV21@@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?wcout@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z
??7ios_base@std@@QEBA_NXZ
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAK@Z
?_Add_vtordisp1@?$basic_istream@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Add_vtordisp2@?$basic_ios@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_BADOFF@std@@3_JB
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?_Orphan_all@_Container_base0@std@@QEAAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?_Xbad_alloc@std@@YAXXZ

msvcrt

memmove_s
sprintf_s
strrchr
strchr
strtol
_errno
_set_errno
strncpy_s
_wcsicmp
??_V@YAXPEAX@Z
memmove
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
_vsnprintf_s
__ExceptionPtrCurrentException
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
__ExceptionPtrDestroy
??3@YAXPEAX@Z
memcpy_s
__ExceptionPtrCreate
_vsnwprintf
__CxxFrameHandler4
__CxxFrameHandler3
memcpy
memcmp
_CxxThrowException
memset

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetModuleFileNameA
LoadLibraryExA
FreeLibrary

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
LeaveCriticalSection
WaitForSingleObjectEx
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
CreateMutexExW
OpenSemaphoreW
ReleaseMutex
WaitForSingleObject
DeleteCriticalSection
ReleaseSemaphore
CreateSemaphoreExW
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventActivityIdControl
EventSetInformation

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThread
GetCurrentProcess
GetCurrentThreadId
OpenThreadToken
OpenProcessToken
SetThreadPriority
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableSRW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegGetValueW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

GetTokenInformation
CopySid
EqualSid
GetLengthSid

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateFileW
FindNextFileW
FindClose
FindFirstFileExW
GetDriveTypeW
GetLogicalDriveStringsW
SetFileAttributesW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

ntdll

RtlIsStateSeparationEnabled
RtlIsCloudFilesPlaceholder

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ELANFPService.exe
.exe windows:6 windows x64 arch:x64

d0349c6ae56c86fda39412d28829e04f

Code Sign

0f:69:51:39:44:ce:3b:7b:8f:c1:19:28:32:2a:7d:99
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/03/2021, 00:00

Not After

10/05/2024, 23:59

Subject

SERIALNUMBER=84149224,CN=ELAN MICROELECTRONICS CORPORATION,O=ELAN MICROELECTRONICS CORPORATION,L=Hsinchu County,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c4:50:21:ba:6e:d8:5a:72:ad:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17/06/2021, 17:55

Not After

16/06/2022, 17:55

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

64:34:36:02:fc:71:af:bd:5d:66:a2:5d:dc:54:34:a5:93:5a:8e:21:b2:d8:fd:cb:ec:e7:ed:ae:ab:fa:69:bb
Signer

Actual PE Digest

64:34:36:02:fc:71:af:bd:5d:66:a2:5d:dc:54:34:a5:93:5a:8e:21:b2:d8:fd:cb:ec:e7:ed:ae:ab:fa:69:bb

Digest Algorithm

sha256

PE Digest Matches

true

64:34:36:02:fc:71:af:bd:5d:66:a2:5d:dc:54:34:a5:93:5a:8e:21:b2:d8:fd:cb:ec:e7:ed:ae:ab:fa:69:bb
Signer

Actual PE Digest

64:34:36:02:fc:71:af:bd:5d:66:a2:5d:dc:54:34:a5:93:5a:8e:21:b2:d8:fd:cb:ec:e7:ed:ae:ab:fa:69:bb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\Asus\EFD3.5.12201.11001_USB_Driver_Pnp\ASUS_USB_CodeBase_35601\trunk\ELANFPService\x64\Release\ELANFPService.pdb

Imports

kernel32

FindNextFileW
DeviceIoControl
RemoveDirectoryW
GetUserDefaultUILanguage
FindClose
CreateFileW
MultiByteToWideChar
DeleteFileW
LoadLibraryW
GetProcAddress
FindFirstFileW
GetModuleFileNameW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
WriteConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WTSGetActiveConsoleSessionId
LocalFree
FindResourceW
LoadResource
ResetEvent
FindResourceExW
LockResource
SetEvent
GetTickCount64
Sleep
CreateEventW
QueueUserWorkItem
OpenEventW
WaitForSingleObject
TerminateProcess
GetCurrentProcess
SetLastError
SizeofResource
GetProcessHeap
DeleteCriticalSection
HeapDestroy
GetLocalTime
HeapAlloc
RaiseException
CloseHandle
HeapReAlloc
OutputDebugStringW
GetLastError
HeapSize
InitializeCriticalSectionEx
GetModuleHandleW
HeapFree
SetFilePointerEx
GetFileSizeEx
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
LCMapStringW
CompareStringW
GetFileType
GetCommandLineW
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetCommandLineA

user32

RegisterPowerSettingNotification
wsprintfW
LoadStringW

advapi32

CreateServiceW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
DeleteService
ControlService
OpenServiceW
RegisterServiceCtrlHandlerExW
SetSecurityDescriptorDacl
SetServiceStatus
RegSetValueExW
InitializeSecurityDescriptor
StartServiceCtrlDispatcherW
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
RegQueryInfoKeyW
AllocateAndInitializeSid
SetEntriesInAclW
RegCreateKeyExW
SetNamedSecurityInfoW
RegEnumKeyExW
RegDeleteTreeW
OpenProcessToken
FreeSid
RegOpenKeyExW
RegDeleteValueW
RegEnumValueW

shell32

ShellExecuteW

winbio

WinBioLockUnit
WinBioFree
WinBioUnlockUnit
WinBioEnumEnrollments
WinBioOpenSession
WinBioCloseSession
WinBioEnumBiometricUnits

setupapi

SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Eap3Host.exe
.exe windows:10 windows x64 arch:x64

4e592bc1cd35b54d7c2f7a5e75c3b5e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Eap3Host.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_narrow_argv
_o__crt_atexit
_o__exit
_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_new_mode
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o___p__commode
_o___stdio_common_vfprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___acrt_iob_func
wcschr
_o__set_fmode

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-com-l1-1-0

CoGetClassObject
CoRegisterClassObject
CoRevokeClassObject
CoInitializeEx
CoTaskMemAlloc
CLSIDFromString
CoInitializeSecurity
CoRegisterSurrogate
CoUninitialize

api-ms-win-core-synch-l1-1-0

CreateEventW
SetEvent

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
OpenSCManagerW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

user32

DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
PostQuitMessage

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EaseOfAccessDialog.exe
.exe windows:10 windows x64 arch:x64

edd96c3dae8ec66b1693f69ca5866bad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

EaseOfAccessDialog.pdb

Imports

advapi32

EventRegister
EventUnregister
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
TraceMessage
RegEnumValueW
RegDeleteTreeW
RegGetValueW
RegOpenKeyExW
RegSetValueExW
EventSetInformation
EventWriteTransfer
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegCreateKeyExW
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
RegLoadMUIStringW

kernel32

InitOnceBeginInitialize
CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
ReleaseSemaphore
GetModuleHandleExW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
HeapSize
HeapReAlloc
HeapDestroy
InitializeCriticalSection
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
ExpandEnvironmentStringsW
GetLocaleInfoEx
CompareStringOrdinal
InitOnceComplete
LoadLibraryW
InterlockedPushEntrySList
OpenMutexW
MulDiv
LocalFree
OpenProcess
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
CreateProcessW
DeleteProcThreadAttributeList
GetFileAttributesW
DeleteFileW
K32EnumProcesses
ProcessIdToSessionId
K32EnumProcessModules
LoadResource
FindResourceExW
LockResource
MultiByteToWideChar
CreateMutexW
GetProductInfo
SizeofResource
RaiseException
HeapSetInformation
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
GetProcAddress
HeapAlloc
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
GetThreadPreferredUILanguages
GetModuleFileNameA
AcquireSRWLockExclusive
CloseThreadpoolTimer
FreeLibrary
OpenJobObjectW
IsProcessInJob
CreateEventW
SetEvent
OOBEComplete
VirtualProtect
LoadLibraryExA
GetSystemInfo
VirtualQuery
InitializeCriticalSectionAndSpinCount
ResetEvent
K32GetModuleBaseNameW

user32

MessageBoxW
SetWindowTextW
SetWindowPos
LoadStringW
SystemParametersInfoW
SetFocus
GetFocus
GetWindowRect
GetWindowLongW
AdjustWindowRectExForDpi
ShowWindow
DispatchMessageW
TranslateMessage
GetMessageW
PostQuitMessage
DestroyWindow
PostMessageW
DefWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
MoveWindow
IsWindow
CreateWindowExW
RegisterClassExW
MonitorFromWindow
GetMonitorInfoW
GetDpiForWindow
SetForegroundWindow
SetDesktopColorTransform
SendNotifyMessageW
GetWindowThreadProcessId
GetShellWindow
GetKeyState
SendInput
GetThreadDesktop
SetTimer
GetUserObjectInformationW
KillTimer
UnregisterClassA
LoadIconW

api-ms-win-crt-string-l1-1-0

wcscspn
memmove_s
wcscmp
memset
strncmp
wcsspn

api-ms-win-crt-runtime-l1-1-0

_initterm
_register_thread_local_exe_atexit_callback
_initterm_e
_c_exit

api-ms-win-crt-private-l1-1-0

_o__ltow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcslwr_s
_o__wtoi
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_memcpy_s
_o_realloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
wcsrchr
wcschr
wcsstr
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o__get_wide_winmain_command_line
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
memmove

ntdll

RtlCaptureContext
WinSqmIncrementDWORD
NtQueryWnfStateData
WinSqmIsOptedIn
WinSqmAddToStream
RtlVirtualUnwind
RtlLookupFunctionEntry

oleacc

AccessibleObjectFromWindow

ole32

CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoInitialize

oleaut32

SysFreeString
SysAllocString
SetErrorInfo
SysStringLen
GetErrorInfo

shell32

ShellExecuteW

shcore

IsProcessInIsolatedContainer

dui70

InitProcessPriv
InitThread
?Create@NativeHWNDHost@DirectUI@@SAJPEBG0PEAUHWND__@@PEAUHICON__@@HHHHHHPEAUHINSTANCE__@@IPEAPEAV12@@Z
?EndDefer@Element@DirectUI@@QEAAXK@Z
?GetHWND@NativeHWNDHost@DirectUI@@QEAAPEAUHWND__@@XZ
?ShowWindow@NativeHWNDHost@DirectUI@@QEAAXH@Z
StartMessagePump
?Destroy@NativeHWNDHost@DirectUI@@QEAAXXZ
UnInitThread
UnInitProcessPriv
?_OnUIStateChanged@HWNDElement@DirectUI@@MEAAXGG@Z
?Initialize@HWNDElement@DirectUI@@QEAAJPEAUHWND__@@_NIPEAVElement@2@PEAK@Z
??1HWNDElement@DirectUI@@UEAA@XZ
??0HWNDElement@DirectUI@@QEAA@XZ
?GetAccessibleImpl@HWNDElement@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?Register@HWNDElement@DirectUI@@SAJXZ
?GetWindowClassNameAndStyle@HWNDElement@DirectUI@@UEAAXPEAPEBGPEAI@Z
?WndProc@HWNDElement@DirectUI@@UEAA_JPEAUHWND__@@I_K_J@Z
?CreateStyleParser@HWNDElement@DirectUI@@UEAAJPEAPEAVDUIXmlParser@2@@Z
?RemoveTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?ActivateTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@K@Z
?UpdateTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?OnCompositionChanged@HWNDElement@DirectUI@@UEAAXXZ
?OnWmSettingChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnWmThemeChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnGetDlgCode@HWNDElement@DirectUI@@UEAAXPEAUtagMSG@@PEA_J@Z
?OnNoChildWithShortcutFound@HWNDElement@DirectUI@@UEAAXPEAUKeyboardEvent@2@@Z
?OnInput@HWNDElement@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnImmersiveColorSchemeChanged@HWNDElement@DirectUI@@UEAAXXZ
?OnThemeChanged@HWNDElement@DirectUI@@UEAAXPEAUThemeChangedEvent@2@@Z
?OnEvent@HWNDElement@DirectUI@@UEAAXPEAUEvent@2@@Z
?OnDestroy@HWNDElement@DirectUI@@UEAAXXZ
?OnGroupChanged@HWNDElement@DirectUI@@UEAAXH_N@Z
?OnPropertyChanged@HWNDElement@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?Host@NativeHWNDHost@DirectUI@@QEAAXPEAVElement@2@@Z
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?DoubleBuffered@Element@DirectUI@@QEAAX_N@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Add@Element@DirectUI@@QEAAJPEAV12@@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?Destroy@Layout@DirectUI@@QEAAXXZ
?Create@FillLayout@DirectUI@@SAJPEAPEAVLayout@2@@Z
?LoadFromResource@DUIFactory@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG1PEAVElement@2@PEAKPEAPEAV42@1@Z
??1DUIFactory@DirectUI@@QEAA@XZ
??0DUIFactory@DirectUI@@QEAA@PEAUHWND__@@@Z
?DestroyWindow@NativeHWNDHost@DirectUI@@QEAAXXZ
?GetClassInfoW@HWNDElement@DirectUI@@UEAAPEAUIClassInfo@2@XZ
?GetHWND@HWNDElement@DirectUI@@UEAAPEAUHWND__@@XZ
?IsMSAAEnabled@HWNDElement@DirectUI@@UEAA_NXZ
?CanSetFocus@HWNDElement@DirectUI@@UEAA_NXZ
?SetLayout@Element@DirectUI@@QEAAJPEAVLayout@2@@Z
?SetAccessible@Element@DirectUI@@QEAAJ_N@Z
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?GetKeyFocusedElement@HWNDElement@DirectUI@@SAPEAVElement@2@XZ
?Click@Button@DirectUI@@SA?AVUID@@XZ
?GetClassInfoPtr@CCPushButton@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetID@Element@DirectUI@@QEAAGXZ
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
StrToID

dwmapi

DwmSetWindowAttribute

msvcp_win

??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Xbad_alloc@std@@YAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EduPrintProv.exe
.exe windows:10 windows x64 arch:x64

3f2b8e192b11709cd9a47ee2901d9ae9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

EduPrintProv.pdb

Imports

msvcp110_win

?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?endl@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@1@AEAV21@@Z
?uncaught_exception@std@@YA_NXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
?_BADOFF@std@@3_JB
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@PEAV32@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??Bid@locale@std@@QEAA_KXZ
?endl@std@@YAAEAV?$basic_ostream@GU?$char_traits@G@std@@@1@AEAV21@@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
?widen@?$ctype@G@std@@QEBAGD@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Add_vtordisp1@?$basic_istream@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Add_vtordisp2@?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?setbase@std@@YA?AU?$_Smanip@H@1@H@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?wcout@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
?id@?$ctype@G@std@@2V0locale@2@A
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ

msvcrt

??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_callnewh
strstr
wcstok_s
_wcsicmp
??0bad_cast@@QEAA@AEBV0@@Z
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
malloc
free
wcsstr
memcpy
_vsnprintf_s
_CxxThrowException
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
__CxxFrameHandler4
memmove
_ismbblead
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress

api-ms-win-core-synch-l1-1-0

CreateMutexExW
ReleaseSRWLockExclusive
CreateMutexW
ReleaseSemaphore
OpenSemaphoreW
WaitForSingleObjectEx
SetEvent
AcquireSRWLockExclusive
CreateEventW
ReleaseMutex
WaitForSingleObject
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-devices-query-l1-1-0

DevCloseObjectQuery

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetStartupInfoW
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-devices-query-l1-1-1

DevCreateObjectQueryEx

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister
EventActivityIdControl

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoCreateInstance

sspicli

GetUserNameExW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

cfgmgr32

CMP_WaitNoPendingInstallEvents

ntdll

RtlReportException

policymanager

PolicyManager_GetPolicy
PolicyManager_FreeGetPolicyData

deviceassociation

DafSelectCeremony
DafStartFinalize
DafCreateAssociationContext
DafStartRemoveAssociation
DafCloseAssociationContext
DafStartWriteCeremonyData
DafStartDeviceStatusNotification

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EhStorAuthn.exe
.exe windows:10 windows x64 arch:x64

e0e4bb12f51b2eae87aea2ef6f9aec1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

EhStorAuthn.pdb

Imports

advapi32

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
RegQueryValueExW
RegOpenKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW

kernel32

Sleep
LocalAlloc
LockResource
WideCharToMultiByte
WaitForSingleObject
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
FreeResource
FindResourceW
LoadResource
CreateThread
CreateFileW
LocalFree
GetLastError
CloseHandle

gdi32

DeleteObject
SetTextColor
SetBkColor
CreateFontIndirectW
CreateSolidBrush

user32

SetActiveWindow
FindWindowExW
GetWindowTextLengthW
GetParent
KillTimer
GetSysColor
GetWindowLongPtrW
LoadStringW
UnregisterDeviceNotification
PostQuitMessage
FindWindowW
TranslateMessage
DispatchMessageW
RegisterDeviceNotificationW
ShowWindow
GetDlgCtrlID
SetWindowLongPtrW
SendMessageW
CreateWindowExW
DestroyWindow
PostMessageW
DefWindowProcW
GetMessageW
GetWindowTextW
EnableWindow
SetForegroundWindow
DialogBoxParamW
GetSysColorBrush
CheckDlgButton
GetDlgItem
LoadIconW
SetFocus
IsDlgButtonChecked
SendDlgItemMessageW
EndDialog
UnregisterClassW
SetWindowTextW
SetDlgItemTextW
RegisterClassExW
SetTimer

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_wcmdln
memcpy
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
free
_wcsicmp
_vsnwprintf
__CxxFrameHandler4
__C_specific_handler
memset

ole32

CoInitializeEx
CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString
SysAllocString

shell32

CommandLineToArgvW
ShellExecuteExW

ntdll

RtlCaptureContext
RtlVirtualUnwind
WinSqmAddToStream
RtlLookupFunctionEntry

uxtheme

OpenThemeData
GetThemeColor
CloseThemeData
GetThemeFont

comctl32

ord345
PropertySheetW
CreatePropertySheetPageW
ord344

crypt32

CryptProtectData
CryptUnprotectData

Exports

Exports

Microsoft_WDF_UMDF_Version

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EoAExperiences.exe
.exe windows:10 windows x64 arch:x64

c571be4de0bd224d74fbf0e36fda03f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

EoAExperiences.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o___std_exception_copy
_o___std_exception_destroy
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__ltow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_fmode
memmove
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_terminate
_o_wcstok
__C_specific_handler
__current_exception
__current_exception_context
_o___p__commode
_o__set_new_mode
__CxxFrameHandler4
__std_terminate
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy
_o__set_app_type

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-downlevel-kernel32-l1-1-0

ReleaseSRWLockShared
HeapFree
SetThreadpoolTimer
SetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
CreateSemaphoreExW
WaitForSingleObject
ReleaseSemaphore
OpenSemaphoreW
ReleaseMutex
WaitForSingleObjectEx
CreateMutexExW
CreateMutexW
AcquireSRWLockShared
ProcessIdToSessionId
InitOnceBeginInitialize
InitOnceComplete
CreateThreadpoolTimer
GetModuleFileNameA
GetModuleHandleExW
DebugBreak
CreateEventExW
CreateThreadpoolWait
FreeLibrary
GetCurrentProcess
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
GetProcessHeap
HeapAlloc
GetProcAddress
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
MultiByteToWideChar
InterlockedPushEntrySList
SetThreadpoolWait
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
CompareStringEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
FormatMessageW
OutputDebugStringW
CloseHandle
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

ext-ms-win-rtcore-ntuser-window-ext-l1-1-0

TranslateMessage
FindWindowW
PostMessageW
GetMessageW
SetTimer
DispatchMessageW
SetWindowLongPtrW
KillTimer
DestroyWindow
RegisterClassExW
CreateWindowExW
SetWindowPos
DefWindowProcW
GetWindowLongPtrW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventActivityIdControl
EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-core-registry-l1-1-0

RegNotifyChangeKeyValue
RegGetValueW
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

ext-ms-win-uiacore-l1-1-1

UiaGetReservedMixedAttributeValue

oleaut32

SysFreeString
VariantClear
SafeArrayDestroy
SysAllocString
SetErrorInfo
GetErrorInfo
VariantInit
SysStringLen

api-ms-win-ntuser-sysparams-l1-1-0

SystemParametersInfoW

d2d1

ord1

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-windowserrorreporting-l1-1-3

RegisterApplicationRestart

ntdll

RtlIsMultiSessionSku
RtlGetDeviceFamilyInfoEnum

Sections

.text
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FileDialogBroker.exe
.exe windows:10 windows x64 arch:x64

5f797146a8e29be270b1435168e65816

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

FileDialogBroker.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__callnewh
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
__std_terminate
__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
WaitForSingleObject
AcquireSRWLockExclusive
ReleaseMutex
CreateEventW
CreateSemaphoreExW
ReleaseSemaphore
WaitForSingleObjectEx
SetEvent
CreateMutexExW
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
TerminateProcess
GetCurrentThreadId
GetCurrentThread
OpenThreadToken
GetCurrentProcess
GetCurrentProcessId
GetStartupInfoW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize
RoRevokeActivationFactories
RoRegisterActivationFactories

api-ms-win-core-com-l1-1-0

CoRevokeClassObject
CoRegisterClassObject
CoResumeClassObjects
CoReleaseServerProcess
CoWaitForMultipleObjects
CoCreateInstance
CoRevertToSelf
CoTaskMemFree
CoAddRefServerProcess

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsDeleteString
WindowsIsStringEmpty
WindowsGetStringRawBuffer

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-security-base-l1-1-0

DuplicateTokenEx

api-ms-win-core-file-l1-1-0

CreateFileW

ntdll

NtDeviceIoControlFile
RtlNtStatusToDosError
RtlDosPathNameToNtPathName_U_WithStatus
RtlFreeUnicodeString

combase

ord168

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FileHistory.exe
.exe windows:10 windows x64 arch:x64

0c153a28f0f3d65d93238bd2c448d417

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

FileHistory.pdb

Imports

msvcrt

__C_specific_handler
_callnewh
malloc
_errno
_XcptFilter
_amsg_exit
_unlock
__getmainargs
__set_app_type
exit
_exit
_cexit
?terminate@@YAXXZ
_onexit
__dllonexit
??3@YAXPEAX@Z
_lock
??1type_info@@UEAA@XZ
_commode
_fmode
_acmdln
_initterm
__setusermatherr
_ismbblead

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
WinSqmIsOptedIn
WinSqmStartSession
WinSqmSetDWORD
WinSqmSetString
WinSqmEndSession

kernel32

VirtualQuery
GetVersion
SetLastError
GetProcAddress
GetModuleHandleA
InitializeCriticalSection
DeleteCriticalSection
GetLastError
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

user32

MapWindowPoints
CheckMenuRadioItem
CreateMenu
GetSubMenu
TrackPopupMenuEx
AppendMenuW
GetDC
SendMessageW
GetClientRect
SetWindowPos
ShowWindow
GetSysColor
CreateWindowExW
SetWindowTextW
ReleaseDC
LoadImageW
GetMessageW
DispatchMessageW
SystemParametersInfoW
CallWindowProcW
CallNextHookEx
GetFocus
GetKeyState
SetWindowLongPtrW
LoadIconW
SetWindowsHookExW
DestroyWindow
PostQuitMessage
DefWindowProcW
LoadCursorW
RegisterClassExW
UpdateWindow
TranslateMessage
CallMsgFilterW
InvalidateRect

gdi32

CreateSolidBrush
DeleteObject
CreateFontW
GetDeviceCaps

mscoree

_CorExeMain
CorBindToRuntimeEx

ole32

CoCreateInstance
OleUninitialize
OleInitialize
CoCreateGuid

comctl32

ImageList_LoadImageW
ImageList_Destroy
ord413
ord410
ImageList_ReplaceIcon
ImageList_Create

uxtheme

OpenThemeData
DrawThemeBackground
CloseThemeData

shlwapi

ord172
ord219

gdiplus

GdipFree
GdipAlloc
GdipDeleteBrush
GdipDeleteGraphics
GdipCreateSolidFill
GdipCreateFromHDC
GdipCloneBrush
GdipFillRectangle

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fondue.exe
.exe windows:10 windows x64 arch:x64

e8309e14fd0cd5d0959fcc7f5e47d546

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

FonDUE.pdb

Imports

kernel32

GetCurrentThreadId
GetVersionExW
ProcessIdToSessionId
FormatMessageW
GetLastError
LoadLibraryW
HeapSetInformation
GetProcAddress
GetCurrentProcessId
GetModuleHandleW

user32

IntersectRect
IsRectEmpty
GetForegroundWindow
CreateDesktopW
SetRect
GetMonitorInfoW
CloseDesktop
LoadStringW
GetThreadDesktop
SetThreadDesktop
GetSystemMetrics
MonitorFromWindow
MessageBoxW
EqualRect
GetWindowRect
SwitchDesktop
GetWindowBand
CopyRect

msvcrt

__set_app_type
_commode
?terminate@@YAXXZ
_wcmdln
__C_specific_handler
_initterm
_onexit
_lock
__setusermatherr
__wgetmainargs
_unlock
exit
_fmode
_cexit
_XcptFilter
_exit
__dllonexit
_amsg_exit
memcpy_s
_vsnwprintf
wcsstr
memset

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeSecurity

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
WaitForSingleObject
ReleaseMutex
OpenSemaphoreW
CreateMutexExW
ReleaseSemaphore
CreateSemaphoreExW
OpenMutexW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

ole32

CoInitialize

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FsIso.exe
.exe windows:10 windows x64 arch:x64

ae3f6ea4a75c2c488f0816f6b35bb5d0

Code Sign

33:00:00:04:5b:f6:31:bc:00:f4:fc:37:45:00:00:00:00:04:5b
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 18:20

Not After

04/09/2024, 18:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9e:72:a4:e2:6e:5c:ff:40:33:45:d1:51:d6:38:16:3d:5c:28:2c:ff:55:9b:92:0d:82:6c:dc:ce:c6:34:98:f2
Signer

Actual PE Digest

9e:72:a4:e2:6e:5c:ff:40:33:45:d1:51:d6:38:16:3d:5c:28:2c:ff:55:9b:92:0d:82:6c:dc:ce:c6:34:98:f2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

FsIso.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_calloc
_o_ceil
_o_exit
_o_free
_o_malloc
_o_terminate
__current_exception
__current_exception_context
__std_terminate
_o___stdio_common_vsnprintf_s
_o___p__commode
_o___p___wargv
_o___p___argc
__CxxFrameHandler4
__C_specific_handler
memcpy
memcmp

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-synch-l1-1-0

CreateEventW
SetEvent
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObject

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

rpcrt4

RpcMgmtStopServerListening
NdrServerCall2
RpcServerUseProtseqEpW
RpcServerRegisterIf
RpcServerListen
RpcServerUnregisterIf
NdrServerCallAll

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

iumsdk

CreateSecureSection
OpenSecureSection

Exports

Exports

__ImagePolicyMetadata

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tPolicy
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GameBarPresenceWriter.exe
.exe windows:10 windows x64 arch:x64

bd3673e7040d3eb05d225980b0f745c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

GameBarPresenceWriter.pdb

Imports

advapi32

RegGetValueW
RegCreateKeyExW
RegCloseKey
RegNotifyChangeKeyValue
MakeAbsoluteSD
ConvertStringSecurityDescriptorToSecurityDescriptorW
EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

kernel32

GetModuleFileNameA
HeapFree
EnterCriticalSection
GetModuleHandleExW
LeaveCriticalSection
InitializeCriticalSectionEx
GetCurrentThreadId
FormatMessageW
OutputDebugStringW
RaiseException
HeapAlloc
GetProcAddress
DeleteCriticalSection
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
SetLastError
CreateEventExW
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWait
GetLastError
WaitForThreadpoolWaitCallbacks
ReleaseSRWLockExclusive
CloseThreadpoolTimer
AcquireSRWLockExclusive
CreateThreadpoolWait
CloseHandle
SetThreadpoolTimer
SetThreadpoolWait
CreateThreadpoolTimer
ParseApplicationUserModelId
InitOnceExecuteOnce
CreateSemaphoreExW
ReleaseSemaphore
EncodePointer
WaitForSingleObject
ReleaseMutex
CreateEventW
Sleep
SetEvent
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
DecodePointer
CreateMutexExW
LocalFree
AcquireSRWLockShared
GetCurrentProcessId

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
exit
_exit
terminate
__p___argc
__p___wargv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_wide_environment
_configure_wide_argv
abort
_set_app_type
_seh_filter_exe
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_get_initial_wide_environment
_invalid_parameter_noinfo_noreturn
_errno
_invalid_parameter_noinfo

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
_set_fmode
__p__commode
__stdio_common_vsprintf_s
__stdio_common_vsnprintf_s
__stdio_common_vswprintf
__stdio_common_vfwprintf

api-ms-win-crt-heap-l1-1-0

free
_realloc_base
_callnewh
_set_new_mode
calloc
malloc
_free_base
_calloc_base
_malloc_base

ole32

CoRevokeClassObject
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoReleaseServerProcess
CoTaskMemAlloc
CoInitializeSecurity
CoResumeClassObjects
CoAddRefServerProcess
CoRegisterClassObject

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
SetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance
RoRevokeActivationFactories
RoRegisterActivationFactories
RoInitialize
RoUninitialize

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-featurestaging-l1-1-0

SubscribeFeatureStateChangeNotification
GetFeatureEnabledState
RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification

ntdll

RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable

api-ms-win-core-synch-l1-1-0

TryAcquireSRWLockExclusive
InitializeSRWLock

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
LCMapStringEx
GetCPInfo

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-fibers-l1-1-0

FlsFree
FlsAlloc
FlsGetValue
FlsSetValue

api-ms-win-crt-locale-l1-1-0

__pctype_func
___mb_cur_max_func
___lc_locale_name_func
setlocale
_unlock_locales
_lock_locales
localeconv
_configthreadlocale
___lc_codepage_func
___lc_collate_cp_func

api-ms-win-crt-string-l1-1-0

strcpy_s
strcspn
isupper
wcsnlen
__strncnt
isspace
tolower
_wcsdup
islower

api-ms-win-crt-convert-l1-1-0

strtod
strtof

api-ms-win-crt-math-l1-1-0

frexp
ceilf
pow
ldexp
powf

api-ms-win-crt-time-l1-1-0

_Getmonths
_Getdays
_W_Gettnames
_Wcsftime
_W_Getmonths
_Gettnames
_Strftime
_W_Getdays

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
GetStringTypeW
CompareStringEx
MultiByteToWideChar

Sections

.text
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GameInputSvc.exe
.exe windows:10 windows x64 arch:x64

a503a0ba0419880f4f04cd095e200de4

Code Sign

33:00:00:05:56:c9:20:2b:1f:74:32:5d:2d:00:00:00:00:05:56
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ad:8e:d1:25:f3:24:2f:78:e4:f2:dd:b5:a8:e7:0f:68:49:cc:9c:9e:f2:12:4d:ab:ff:b4:00:67:17:3a:10:7b
Signer

Actual PE Digest

ad:8e:d1:25:f3:24:2f:78:e4:f2:dd:b5:a8:e7:0f:68:49:cc:9c:9e:f2:12:4d:ab:ff:b4:00:67:17:3a:10:7b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

GameInputSvc.pdb

Imports

ntdll

swprintf_s
RtlInitUnicodeString
towlower
RtlQueryFeatureConfiguration
LdrResSearchResource
RtlNotifyFeatureUsage
RtlAllocateHeap
RtlGetVersion
EtwEventWriteTransfer
RtlFreeHeap
EtwEventUnregister
RtlUnhandledExceptionFilter
RtlVirtualUnwind
NtQueryLicenseValue
RtlLookupFunctionEntry
RtlCaptureContext
NtTerminateProcess
_wcsicmp
RtlAdjustPrivilege
_wcsnicmp
wcscpy_s
VerSetConditionMask
EtwEventRegister
memset

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
OpenEventW
WaitForSingleObject
SetEvent
DeleteCriticalSection
CreateEventW
EnterCriticalSection
LeaveCriticalSection

api-ms-win-core-errorhandling-l1-1-0

GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-file-l1-1-0

CreateFileW
SetFileAttributesW
GetTempFileNameW
GetVolumePathNameW
GetFullPathNameW
GetFileAttributesW
DeleteFileW

api-ms-win-core-file-l2-1-0

MoveFileExW
CopyFileExW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleFileNameW

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount64

api-ms-win-core-wow64-l1-1-1

GetSystemWow64DirectoryW

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
TerminateProcess
CreateProcessAsUserW
GetStartupInfoW
CreateThread
GetCurrentProcess
GetExitCodeProcess

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorSacl
GetSecurityDescriptorGroup
SetTokenInformation
GetSecurityDescriptorDacl
DuplicateTokenEx
AdjustTokenPrivileges
GetSecurityDescriptorOwner

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId
MoveFileW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW
SetNamedSecurityInfoW

ext-ms-win-session-wtsapi32-l1-1-0

WTSFreeMemory
WTSEnumerateSessionsW

crypt32

CertVerifyCertificateChainPolicy

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

wintrust

WTHelperGetProvSignerFromChain
WinVerifyTrust
WTHelperProvDataFromStateData

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sinit
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GamePanel.exe
.exe windows:10 windows x64 arch:x64

0507633fb7b61065907bbfed184b620f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

GamePanel.pdb

Imports

advapi32

RegGetValueW
EventWriteTransfer
RegCloseKey
RegNotifyChangeKeyValue
RegCreateKeyExW
EventSetInformation
EventRegister
EventUnregister
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW
CryptCreateHash
CryptGetHashParam
CryptHashData
OpenProcessToken
DuplicateToken
CheckTokenMembership
FreeSid
RegDeleteTreeW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
AllocateAndInitializeSid

kernel32

CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateThreadpoolWait
CreateEventExW
SetEvent
IsWow64Process2
GetCurrentProcess
CreateEventW
LocalFree
OpenProcess
FreeLibrary
WaitForSingleObjectEx
SystemTimeToFileTime
SetThreadpoolTimer
GetSystemTime
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
GetLocaleInfoEx
LoadResource
LockResource
SizeofResource
DeleteFileW
QueryPerformanceCounter
GetTempFileNameW
GetDateFormatEx
GetTimeFormatEx
GetApplicationUserModelId
GetEnvironmentVariableW
WriteFile
CreateFileW
CreateThread
GetSystemInfo
GetUserDefaultUILanguage
LCIDToLocaleName
WideCharToMultiByte
RaiseException
Sleep
ResolveLocaleName
GetCurrentThread
SetThreadDescription
IsDebuggerPresent
DebugBreak
GetModuleHandleW
LoadLibraryExA
GetProcessHeap
VirtualProtect
GetCurrentProcessId
CreateMutexExW
LocalAlloc
GetLocalTime
GetProcAddress
HeapAlloc
GetUserDefaultLocaleName
OutputDebugStringW
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
CloseHandle
FindResourceW
SetLastError
OpenSemaphoreW
HeapFree
MulDiv
GetLocaleInfoW
CreateSemaphoreExW
GetModuleFileNameA
ResetEvent
VirtualQuery

gdi32

DeleteDC
GetDIBits
GetObjectW
CreateRectRgn
GetRgnBox
DeleteObject
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC

user32

SetForegroundWindow
SetCursorPos
ShowCursor
SetActiveWindow
ChangeWindowMessageFilterEx
ReleaseDC
GetDC
UnregisterClassW
GetSysColor
LoadStringW
SetWindowPos
GetClassLongPtrW
SetClassLongPtrW
ClientToScreen
TrackMouseEvent
SetCapture
ReleaseCapture
EnableWindow
CreateWindowExW
GetNextDlgTabItem
SetWindowLongW
GetClientRect
GetWindowTextW
mouse_event
MonitorFromWindow
MonitorFromRect
GetRawInputData
GetMessageExtraInfo
SendInput
SetTimer
BlockInput
InvalidateRect
ValidateRect
SetFocus
MoveWindow
GetWindowLongW
GetActiveWindow
GetFocus
SetWindowTextW
SetParent
DestroyWindow
GetKeyState
SetCursor
GetWindowThreadProcessId
DispatchMessageW
CreateWindowInBand
TranslateMessage
TranslateAcceleratorW
PostQuitMessage
GetMessageW
GetCursorPos
GetDesktopWindow
IsWindow
SetProcessDefaultLayout
FindWindowW
RegisterWindowMessageW
RegisterClassExW
LoadIconW
DefWindowProcW
ShowWindow
WindowFromPhysicalPoint
CallNextHookEx
GetMonitorInfoW
PtInRect
LoadCursorW
RegisterRawInputDevices
GetSystemMetrics
GetParent
SystemParametersInfoW
GetWindowRgn
SetWindowRgn
UnhookWindowsHookEx
GetAncestor
KillTimer
SetWindowCompositionAttribute
MapWindowPoints
SetWindowsHookExW
GetWindowRect
UnhookWinEvent
SetWinEventHook
GetForegroundWindow
GetIconInfo
GetCursorInfo
PostMessageW
SendMessageW
ScreenToClient
MonitorFromPoint

api-ms-win-crt-runtime-l1-1-0

exit
_exit
_cexit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_crt_atexit
_c_exit
_configure_wide_argv
_set_app_type
_seh_filter_exe
_invalid_parameter_noinfo
_errno
_invalid_parameter_noinfo_noreturn
terminate
_beginthreadex
abort
_register_thread_local_exe_atexit_callback
_set_errno
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__stdio_common_vsprintf
__stdio_common_vsnwprintf_s
_wfopen
__p__commode
__stdio_common_vsnprintf_s
__stdio_common_vsprintf_s
__stdio_common_vswprintf_s
fclose
__stdio_common_vswprintf

api-ms-win-crt-string-l1-1-0

isupper
__strncnt
isspace
tolower
wcscmp
islower
strncpy_s
_wcsdup
_wcsnicmp
wcsnlen
strcpy_s
strcspn

api-ms-win-crt-convert-l1-1-0

strtof
wcstol
strtod
strtol
wcstoul

api-ms-win-crt-time-l1-1-0

_time64
_W_Getmonths
_W_Getdays
_Getdays
_Strftime
_Getmonths
_W_Gettnames
_Wcsftime
_Gettnames
_localtime64_s

api-ms-win-crt-math-l1-1-0

roundf
sqrt
ldexp
powf
pow
frexp
ceilf
floorf

api-ms-win-crt-heap-l1-1-0

_callnewh
_realloc_base
free
_free_base
_set_new_mode
_calloc_base
malloc
_malloc_base
calloc

api-ms-win-crt-locale-l1-1-0

setlocale
_configthreadlocale
___lc_locale_name_func
___mb_cur_max_func
___lc_collate_cp_func
_unlock_locales
__pctype_func
___lc_codepage_func
_lock_locales
localeconv

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoCreateGuid
CoWaitForMultipleHandles
StringFromGUID2
CoInitializeSecurity
CoCreateFreeThreadedMarshaler
PropVariantClear

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsGetStringLen
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateString
WindowsCompareStringOrdinal
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory
RoInitialize
RoUninitialize

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

rpcrt4

UuidCreate
UuidFromStringW

oleaut32

SysAllocStringLen
SysAllocString
VariantInit

api-ms-win-power-base-l1-1-0

PowerDeterminePlatformRoleEx

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
InitializeSRWLock
EnterCriticalSection
TryAcquireSRWLockExclusive

api-ms-win-core-synch-l1-2-0

WakeConditionVariable
InitializeConditionVariable
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-processthreads-l1-1-0

GetExitCodeThread

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency

api-ms-win-core-localization-l1-2-0

LCMapStringEx
GetCPInfo

api-ms-win-core-string-l1-1-0

CompareStringEx
MultiByteToWideChar
GetStringTypeW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader

api-ms-win-core-fibers-l1-1-0

FlsFree
FlsSetValue
FlsGetValue
FlsAlloc

comctl32

ord411
ord413
ord412
ord410

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor
SetProcessDpiAwareness

api-ms-win-core-featurestaging-l1-1-0

UnsubscribeFeatureStateChangeNotification
GetFeatureEnabledState
SubscribeFeatureStateChangeNotification
RecordFeatureUsage

api-ms-win-core-featurestaging-l1-1-1

GetFeatureVariant

d2d1

ord7

d3d11

D3D11CreateDevice

dwrite

DWriteCreateFactory

dcomp

DCompositionCreateDevice2

shell32

SHCreateDirectoryExW
CommandLineToArgvW
ShellExecuteW
SHGetKnownFolderPath

shlwapi

SHStrDupA
PathFileExistsW

msdrm

DRMIsWindowProtected

uxtheme

OpenThemeData
CloseThemeData

dxgi

CreateDXGIFactory2

ntdll

RtlInitUnicodeString
NtQueryLicenseValue
RtlPublishWnfStateData

uiautomationcore

UiaRaiseAutomationEvent
UiaReturnRawElementProvider
UiaHostProviderFromHwnd

gamepanelexternalhook

?SetIntercept@CGamePanelExternalHook@@QEAAX_NPEAUHWND__@@@Z
?GPHHookWindowPointerDown@CGamePanelExternalHook@@SAIXZ
?Hook@CGamePanelExternalHook@@QEAAXPEAUHWND__@@@Z
?GetInstance@CGamePanelExternalHook@@SAAEAV1@XZ
?Unhook@CGamePanelExternalHook@@QEAAXXZ

dwmapi

DwmSetWindowAttribute

Sections

.text
Size: 772KB - Virtual size: 770KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 348KB - Virtual size: 345KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GenValObj.exe
.exe windows:10 windows x64 arch:x64

e4b635374e9946f71f4900d83e006eb1

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:20:25:78:fa:e4:16:bc:6a:65:1f:b4:ba:74:ec:d0:4a:b1:3d:98:17:0e:27:f0:14:88:6a:53:ec:ff:37:fd
Signer

Actual PE Digest

39:20:25:78:fa:e4:16:bc:6a:65:1f:b4:ba:74:ec:d0:4a:b1:3d:98:17:0e:27:f0:14:88:6a:53:ec:ff:37:fd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

GenValObj.pdb

Imports

msvcrt

memmove
_vsnwprintf
_initterm
__setusermatherr
_ismbblead
_cexit
_fmode
_commode
memset
_lock
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
_acmdln
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
__C_specific_handler
_purecall
towupper
free
malloc
wcsrchr
_wcsnicmp
_wcsicmp
wcschr
memcpy
memcmp
wcscmp

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapSetInformation
HeapAlloc

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
FreeLibrary

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
ReleaseSemaphore
InitializeCriticalSectionAndSpinCount

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

oleaut32

SysAllocString
UnRegisterTypeLi
RegisterTypeLi
SysFreeString
LoadTypeLi
SysStringLen
SysAllocStringLen

api-ms-win-core-localization-l1-2-0

GetUserPreferredUILanguages
GetFileMUIPath

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetStartupInfoW
GetCurrentThread

rpcrt4

UuidToStringW
UuidFromStringW
RpcStringFreeW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW
SetEnvironmentVariableW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
RegSetValueExW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

GetTempFileNameW
GetFileAttributesW
DeleteFileW
GetFileSizeEx
WriteFile
CreateFileW
SetFilePointerEx
ReadFile

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-com-l1-1-0

CoSuspendClassObjects
CoInitializeEx
CoUninitialize
CoRegisterClassObject
CoResumeClassObjects
CoRevokeClassObject
CoReleaseServerProcess
CoAddRefServerProcess

crypt32

CertVerifyCertificateChainPolicy

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
OpenSCManagerW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree
VirtualQuery

api-ms-win-core-rtlsupport-l1-1-0

RtlDeleteFunctionTable
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlAddFunctionTable
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-eventlog-legacy-l1-1-0

ReportEventW
DeregisterEventSource
RegisterEventSourceW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegEnumKeyW

ntdll

NtQuerySystemInformation

cryptsp

CryptGenRandom
CryptAcquireContextW
CryptReleaseContext

bcd

SyspartDirectGetSystemPartition
BcdOpenSystemStore
SyspartDirectGetSystemDisk
BcdOpenObject
BcdEnumerateElements
BcdCloseObject
BcdCloseStore
BcdEnumerateObjects

wintrust

CryptCATAdminReleaseContext
WTHelperGetProvSignerFromChain
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
WTHelperProvDataFromStateData
WinVerifyTrust
CryptCATAdminEnumCatalogFromHash

Sections

.text
Size: 508KB - Virtual size: 506KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HOSTNAME.EXE
.exe windows:10 windows x64 arch:x64

8cb84c534505b1e47ef25fa2cd9a16bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

hostname.pdb

Imports

msvcrt

_wcsicmp
exit
fflush
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
fwprintf
_get_osfhandle
fgetpos
wcschr
_vscwprintf
_fileno
_write
_setmode
vswprintf_s
__iob_func

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-console-l1-1-0

GetConsoleMode

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

ws2_32

WSAStartup
GetHostNameW

api-ms-win-core-heap-l1-1-0

HeapSetInformation

mswsock

GetSocketErrorMessageW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-file-l1-1-0

GetFileType

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IESettingSync.exe
.exe windows:10 windows x64 arch:x64

d4afe2bb98f5c7a053170c5fdb8c0e43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

IESettingSync.pdb

Imports

advapi32

EventUnregister
EventSetInformation
EventRegister
EventWriteEx
SetSecurityInfo
RegSetKeyValueW
GetSecurityInfo
GetNamedSecurityInfoW
OpenProcessToken
SetNamedSecurityInfoW

kernel32

GetProcAddress
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
GetSystemTimeAsFileTime
DebugBreak
IsDebuggerPresent
CreateThreadpoolTimer
DelayLoadFailureHook
ResolveDelayLoadedAPI
HeapReAlloc
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
HeapAlloc
WaitForSingleObjectEx
AcquireSRWLockExclusive
CloseThreadpoolTimer
OutputDebugStringW
ReleaseSRWLockExclusive
GetLastError
FormatMessageW
Sleep
CreateEventW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
GetModuleFileNameA
RaiseException
ReleaseSRWLockShared
OpenSemaphoreW
SetThreadpoolTimer
CloseHandle
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
CreateMutexW
LeaveCriticalSection
WaitForMultipleObjects
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
SetLastError
HeapFree
CreateSemaphoreExW

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
??0task_continuation_context@Concurrency@@AEAA@XZ
_Cnd_destroy_in_situ
_Cnd_broadcast
_Mtx_unlock
?_Xbad_function_call@std@@YAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
_Cnd_wait
?__ExceptionPtrCreate@@YAXPEAX@Z
_Cnd_init_in_situ
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Mtx_lock
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Mtx_init_in_situ

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm
_initterm_e
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_errno
_o__set_fmode
_o__set_new_mode
_o__wcsnicmp
_o_abort
_o_exit
_o_free
_o_iswalnum
_o_malloc
_o_pow
_o_realloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcstok_s
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o__exit
_o___std_exception_copy
_o__errno
_o___p__commode
_o__crt_atexit
_o__configure_narrow_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
__std_terminate
__CxxFrameHandler4
__std_type_info_compare
wcsrchr
wcschr
wcsstr
_o__wcsicmp
memcmp
memcpy
memmove

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

shlwapi

ord647
ord599
PathGetDriveNumberW
PathIsUNCW
PathStripPathW
PathFindFileNameW
PathRemoveFileSpecW
ord187
PathGetCharTypeW
UrlEscapeW
AssocGetPerceivedType
SHStrDupW
ord212
SHCreateStreamOnFileEx
SHRegGetValueW
ord219
ord568
ord213
ord12
ord184
ord214
SHOpenRegStream2W
PathRelativePathToW
ord600
PathFileExistsW

ntdll

RtlNtStatusToDosError
RtlMapGenericMask
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlNtStatusToDosErrorNoTeb
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateString
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize
RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo
RoTransformError

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
OpenThreadToken
TerminateProcess
CreateProcessW
GetCurrentProcess
GetStartupInfoW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchRemoveFileSpec
PathAllocCombine
PathAllocCanonicalize

api-ms-win-core-file-l1-1-0

CompareFileTime
SetFileAttributesW
DeleteFileW
FindFirstFileW
GetTempFileNameW
FindNextFileW
SetFileTime
GetFileAttributesExW
GetFileTime
GetDriveTypeW
RemoveDirectoryW
GetFileAttributesW
FindClose
CreateFileW

api-ms-win-core-synch-l1-1-0

ResetEvent
CreateEventExW
InitializeSRWLock
SetEvent
InitializeCriticalSectionAndSpinCount

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegDeleteTreeW
RegSetValueExW
RegDeleteKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegEnumValueW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalReAlloc
LocalFree

api-ms-win-core-io-l1-1-0

DeviceIoControl

sspicli

GetUserNameExW

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorControl
CopySid
IsValidSid
AddAccessAllowedAceEx
GetTokenInformation
EqualSid
GetAclInformation
GetAce
DeleteAce
GetLengthSid
InitializeAcl
AddAce
GetSecurityDescriptorSacl
AddAccessDeniedAceEx

crypt32

CryptProtectData
CryptUnprotectData

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
FindStringOrdinal

api-ms-win-core-localization-l1-2-0

LCMapStringEx

api-ms-win-core-file-l2-1-0

MoveFileExW
CreateHardLinkW
CopyFileExW

api-ms-win-core-file-l1-2-4

GetTempPath2W

cabinet

ord40
ord33
ord35
ord43
ord45
ord30

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize

mpr

WNetGetConnectionW

bcrypt

BCryptOpenAlgorithmProvider
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptGetProperty

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

umpdc

Pdcv2ActivationClientUnregister
Pdcv2ActivationClientRegister
Pdcv2ActivationClientActivate
Pdcv2ActivationClientDeactivate

iertutil

ord791
ord793
ord594
ord398
ord650
ord670
ord597
ord797
ord796
ord654

settingsyncdownloadhelper

DownloadSettingUnits

Sections

.text
Size: 340KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ISM.exe
.exe windows:10 windows x64 arch:x64

1c3d589ac0441ee8f32ddf7e37bfbd9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ISM.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__cexit
_o__configthreadlocale
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_narrow_environment
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
memcpy
_o_exit
_o_free
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___p__commode
_o___p___argv
_o___p___argc
_o___std_exception_destroy
__std_terminate
_o___std_exception_copy
__CxxFrameHandler4
_CxxThrowException
_o__set_new_mode

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtSetInformationThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
ExitProcess
SetProcessShutdownParameters
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
OpenThread

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
WaitForSingleObject
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
OpenSemaphoreW
CreateMutexExW

coremessaging

CoreUICreateEx

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ism

CreateSystemInputHost

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IcsEntitlementHost.exe
.exe windows:10 windows x64 arch:x64

95333169e2d0afa034eb6d2bd96bd9dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

IcsEntitlementHost.pdb

Imports

msvcrt

__C_specific_handler
__setusermatherr
_initterm
_fmode
_exit
exit
_commode
_onexit
__dllonexit
_cexit
_unlock
_lock
__set_app_type
__CxxFrameHandler4
??3@YAXPEAX@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_vsnwprintf
memcpy_s
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
_purecall
malloc
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
??1type_info@@UEAA@XZ
__getmainargs
_amsg_exit
_XcptFilter
?terminate@@YAXXZ
memset

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceEnableFlags
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleW
GetProcAddress
GetModuleHandleExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
CreateMutexExW
ReleaseSemaphore
ReleaseMutex
CreateSemaphoreExW
WaitForSingleObjectEx
WaitForSingleObject

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InfDefaultInstall.exe
.exe windows:10 windows x64 arch:x64

85e247ac00016c5d35435f22fc7ab82e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

InfDefaultInstall.pdb

Imports

kernel32

LocalFree
GetNativeSystemInfo
GetLastError
FormatMessageW
GetCommandLineW
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetLastError

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_vsnwprintf
memset

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

ext-ms-win-shell-shell32-l1-2-1

RestartDialogEx

shell32

CommandLineToArgvW

comctl32

TaskDialogIndirect

setupapi

SetupDiGetActualSectionToInstallW
InstallHinfSectionW
SetupOpenInfFileW
SetupFindFirstLineW
SetupCloseInfFile

newdev

DiInstallDriverW

drvstore

DriverPackageGetPropertyW
DriverPackageClose
DriverPackageOpenW

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InputSwitchToastHandler.exe
.exe windows:10 windows x64 arch:x64

4e94265c72d3972c03a37a5c6c2ebef7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

InputSwitchToastHandler.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm_e
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__callnewh
_o__wcsicmp
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__cexit
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcscmp
memset

api-ms-win-core-com-l1-1-0

CoResumeClassObjects
CoRegisterClassObject
CoReleaseServerProcess
CoRevokeClassObject
CoAddRefServerProcess
CoCreateInstance

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsGetStringRawBuffer

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseMutex
CreateMutexExW
ReleaseSemaphore
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
CreateSemaphoreExW
ReleaseSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CreateEventW
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
SetEvent

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoRegisterActivationFactories
RoUninitialize
RoInitialize

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
CreateProcessW
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

oleaut32

SysStringLen
SysFreeString
SetErrorInfo

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LanguageComponentsInstallerComHandler.exe
.exe windows:10 windows x64 arch:x64

5db2de71d938db914539313b4ab2eff5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

LanguageComponentsInstallerComHandler.pdb

Imports

msvcrt

_unlock
_lock
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
_onexit
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
__dllonexit
?terminate@@YAXXZ
_callnewh
??1type_info@@UEAA@XZ
__CxxFrameHandler4
malloc
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
_purecall
??3@YAXPEAX@Z
__set_app_type
memset

api-ms-win-core-com-l1-1-0

CoRegisterClassObject
CoAddRefServerProcess
CoCreateInstance
CoResumeClassObjects
CoRevokeClassObject
CoReleaseServerProcess

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
CreateSemaphoreExW
WaitForSingleObject
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
CreateEventW
OpenSemaphoreW
ReleaseSRWLockExclusive
SetEvent
AcquireSRWLockExclusive
CreateMutexExW
ReleaseSRWLockShared

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoUninitialize
RoInitialize
RoRegisterActivationFactories

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetProcAddress
GetModuleHandleExW

oleaut32

SysFreeString
SysAllocString
VariantClear

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LaunchTM.exe
.exe windows:10 windows x64 arch:x64

ad4cee994bce4bec755fc55c249b5c5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

launchtm.pdb

Imports

msvcrt

__set_app_type
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_XcptFilter
_exit
exit
memset

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
SetPriorityClass

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

shell32

ShellExecuteExW

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LaunchWinApp.exe
.exe windows:10 windows x64 arch:x64

8c737ba4ec48f66fd4105da3099e1b71

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

LaunchWinApp.pdb

Imports

advapi32

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

kernel32

GetModuleFileNameA
InitOnceBeginInitialize
CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
GetCommandLineW
GetCurrentProcess
ReleaseSemaphore
GetModuleHandleExW
K32GetModuleFileNameExW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
K32EnumProcessModulesEx
OpenProcess
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
InitOnceComplete
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
HeapAlloc
GetProcAddress
CreateMutexExW
LocalFree
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent

msvcrt

_onexit
_purecall
__dllonexit
_unlock
_lock
memcpy_s
?terminate@@YAXXZ
__CxxFrameHandler3
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
??1type_info@@UEAA@XZ
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_vsnwprintf
_XcptFilter
??3@YAXPEAX@Z
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
__setusermatherr
memcmp
memmove
memcpy
__CxxFrameHandler4
memmove_s
malloc
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memset

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoTaskMemFree

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize

oleaut32

SysFreeString

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

iertutil

CreateUri

ntdll

NtQueryInformationProcess

shell32

CommandLineToArgvW
ShellExecuteExW

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LegacyNetUXHost.exe
.exe windows:10 windows x64 arch:x64

f7db468261bd74b6df49b87f9ea0b19b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

LegacyNetUXHost.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wtol
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcscat_s
_o_wmemcpy_s
__C_specific_handler
__current_exception
__current_exception_context
_o__exit
_o__errno
_o__endthreadex
_o__crt_atexit
wcsrchr
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__beginthreadex
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__std_terminate
__CxxFrameHandler4
_CxxThrowException
__C_specific_handler_noexcept
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcsnlen

ntdll

EtwEventEnabled
EtwEventWriteTransfer
DbgPrint
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtQueryWnfStateData
EtwTraceMessage

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadLibraryExW
GetProcAddress
GetModuleFileNameA
FreeLibrary
GetModuleFileNameW
GetModuleHandleW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc
HeapSize

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
ProcessIdToSessionId
GetStartupInfoW
GetCurrentProcess
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
TraceMessage
GetTraceLoggerHandle
UnregisterTraceGuids

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoTaskMemAlloc
CLSIDFromString
CoGetMalloc
StringFromGUID2
CoUninitialize
CoTaskMemFree
CoCreateInstance

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW
GetSystemDirectoryW
GetTickCount
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

wlanapi

WlanCloseHandle
WlanDisconnect
WlanSendUIResponse
WlanIsUIRequestPending
WlanOpenHandle

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
InitializeCriticalSectionEx
WaitForMultipleObjectsEx
CreateSemaphoreExW
ReleaseSRWLockShared
OpenSemaphoreW
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
WaitForSingleObject
DeleteCriticalSection
CreateMutexExW
ReleaseSemaphore
ReleaseMutex

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

oleaut32

SysFreeString
SysAllocString
GetErrorInfo

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegLoadMUIStringW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LicenseManagerShellext.exe
.exe windows:10 windows x64 arch:x64

17394acac703bbecb7e84d10944cd305

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

LicenseManagerShellExt.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__std_terminate
__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA
GetProcAddress

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
SetEvent
ReleaseMutex
CreateEventW
WaitForSingleObject
CreateSemaphoreExW
ReleaseSemaphore
CreateMutexExW
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapSetInformation
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
CoCreateInstance
CoCreateFreeThreadedMarshaler

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize
RoGetActivationFactory

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSize

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetStartupInfoW
TerminateProcess
GetCurrentThreadId

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-downlevel-shell32-l1-1-0

CommandLineToArgvW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LicensingUI.exe
.exe windows:10 windows x64 arch:x64

a011d6e5b92d33f037b40c12ae6babe9

Code Sign

33:00:00:03:3b:65:5f:ae:fa:db:75:e9:d6:00:00:00:00:03:3b
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ac:ff:65:40:a2:7f:cb:65:29:96:66:ab:f6:6b:07:97:9f:be:3d:de:d6:4a:80:86:cd:1b:3e:92:13:95:a5:23
Signer

Actual PE Digest

ac:ff:65:40:a2:7f:cb:65:29:96:66:ab:f6:6b:07:97:9f:be:3d:de:d6:4a:80:86:cd:1b:3e:92:13:95:a5:23

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

LicensingUI.pdb

Imports

advapi32

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer
EventActivityIdControl
ConvertStringSecurityDescriptorToSecurityDescriptorW

kernel32

OpenMutexW
CreateMutexW
LocalFree
CompareStringW
GetLastError
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitOnceExecuteOnce
VirtualQuery
GetModuleHandleW
LockResource
LoadResource
FindResourceExW
GetDateFormatEx
FormatMessageW
WaitForSingleObject
ReleaseMutex
CloseHandle
GetProcessHeap
GetProcAddress
HeapAlloc
GetModuleHandleExW
HeapFree
DecodePointer
FreeLibrary

user32

PostQuitMessage
CharNextW
DispatchMessageW
GetMessageW
TranslateMessage

msvcrt

_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
swscanf_s
_wcsicmp
wcschr
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
__CxxFrameHandler3
memcpy
_amsg_exit
_XcptFilter
_purecall
memmove
memset
_commode
__CxxFrameHandler4
wcscmp

shell32

SHCreateItemInKnownFolder
ShellExecuteExW
SHGetIDListFromObject
CommandLineToArgvW

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetStartupInfoW
TerminateProcess

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-heap-l2-1-0

LocalAlloc

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW

dui70

?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
StrToID
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

Sections

.text
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LiveCaptions.exe
.exe windows:10 windows x64 arch:x64

453fb88ac1858ad60abf5b3627a71e98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

LiveCaptions.pdb

Imports

advapi32

RegSetValueExW
RegCloseKey
RegCreateKeyExW

kernel32

GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
SetThreadpoolTimer
CreateThreadpoolTimer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
RaiseException
GetCommandLineW
LocalFree
FreeLibrary
InterlockedPushEntrySList
LoadLibraryW

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___std_exception_copy
_o___std_exception_destroy
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o___p__commode
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
memmove

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess
GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-appmodel-runtime-internal-l1-1-7

AddDependencyToProcessPackageGraph

oleaut32

SetErrorInfo
SysStringLen
GetErrorInfo
SysFreeString
SysAllocString

api-ms-win-core-com-l1-1-0

CoInitializeEx

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LocationNotificationWindows.exe
.exe windows:10 windows x64 arch:x64

fea8d11d4d18f2b201b42ba5e072f492

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

LocationNotificationWindows.pdb

Imports

advapi32

EventWriteTransfer
EventSetInformation
EventRegister
EventUnregister

kernel32

SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
CreateSemaphoreExW
DebugBreak
IsDebuggerPresent
CreateMutexW
ExpandEnvironmentStringsW
LoadLibraryExW
FreeLibrary
LeaveCriticalSection
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceExW
LocalFree
RaiseException
QueryFullProcessImageNameW
OpenProcess
GetPackageFamilyName
GetModuleFileNameA
HeapFree
GetModuleHandleW
InitializeSRWLock
TryAcquireSRWLockExclusive
WaitForThreadpoolTimerCallbacks
ReleaseSRWLockExclusive
CloseThreadpoolTimer
AcquireSRWLockExclusive
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
AcquireSRWLockShared

user32

GetSubMenu
TrackPopupMenuEx
InternalGetWindowText
GetWindow
GetWindowLongW
IsWindowVisible
GetWindowThreadProcessId
EnumWindows
IsImmersiveProcess
GetMessageW
TranslateMessage
SetForegroundWindow
LoadMenuW
GetCursorPos
GetSystemMetricsForDpi
UnregisterClassA
DestroyIcon
DestroyMenu
DispatchMessageW
LoadStringW
LoadIconW
LoadCursorW
RegisterClassExW
CreateWindowExW
SetWindowLongPtrW
DefWindowProcW
PostMessageW
KillTimer
LoadImageW
SetTimer
PostQuitMessage
GetWindowLongPtrW
UnregisterClassW
RegisterWindowMessageW

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__ultoa_s
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wmemcpy_s
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o___p__commode
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
__C_specific_handler
__std_terminate
__CxxFrameHandler4
__C_specific_handler_noexcept
memcmp
memcpy
memmove

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx

api-ms-win-core-winrt-l1-1-0

RoActivateInstance

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapSize
HeapDestroy

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
CreateEventW
ResetEvent
SetEvent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

shell32

Shell_NotifyIconW

ntdll

NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion

api-ms-win-shcore-scaling-l1-1-1

SetProcessDpiAwareness

api-ms-win-shcore-scaling-l1-1-2

GetDpiForShellUIComponent

shlwapi

ord348

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Locator.exe
.exe windows:10 windows x64 arch:x64

cbecbdf0e16268273dca4cb132d15d23

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

locator.pdb

Imports

msvcrt

_amsg_exit
__getmainargs
__set_app_type
exit
_exit
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_XcptFilter

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
SetServiceStatus

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-processthreads-l1-1-0

ExitProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

CreateEventW
WaitForSingleObject
SetEvent

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LockAppHost.exe
.exe windows:10 windows x64 arch:x64

0b2b4ca354ffce7f30bd9ca7285a680c

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:78:42:45:ef:15:88:1f:5d:17:e3:b8:60:0a:0a:dd:bb:e8:0e:77:73:03:72:1b:1c:33:34:e3:eb:fe:85:99
Signer

Actual PE Digest

06:78:42:45:ef:15:88:1f:5d:17:e3:b8:60:0a:0a:dd:bb:e8:0e:77:73:03:72:1b:1c:33:34:e3:eb:fe:85:99

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

LockAppHost.pdb

Imports

user32

TranslateMessage
PostThreadMessageA
DispatchMessageA
GetMessageA

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__cexit
_o__callnewh
_o__crt_atexit
__std_terminate
_o__configure_wide_argv
_o__configthreadlocale
_o___stdio_common_vswprintf
__CxxFrameHandler4
_o___stdio_common_vsnprintf_s
memcmp
_o___std_exception_destroy
_o___std_exception_copy
memcpy
_o___p__commode
memmove

api-ms-win-crt-string-l1-1-0

memset

lockhostingframework

StartLockAppHostServer
ShutdownLockAppHostServer

api-ms-win-core-com-l1-1-0

CoRevokeClassObject
CoResumeClassObjects
CoRegisterClassObject
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoReleaseServerProcess
CoAddRefServerProcess
CoInitializeEx

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetProcAddress
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

ReleaseMutex
CreateMutexExW
WaitForSingleObject
InitializeCriticalSectionEx
ReleaseSRWLockShared
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DeleteCriticalSection
EnterCriticalSection
WaitForSingleObjectEx
OpenSemaphoreW
CreateSemaphoreExW
LeaveCriticalSection
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsDeleteString

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetStartupInfoW
GetCurrentProcessId
GetCurrentProcess

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoRegisterActivationFactories

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

imm32

ImmDisableIME

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LockScreenContentServer.exe
.exe windows:10 windows x64 arch:x64

e441628266f72396b90dbb4176d0a3bd

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:a6:7a:5f:3c:84:34:f8:19:59:1b:c2:88:d3:6e:51:50:cf:2e:bf:30:94:a0:48:34:dd:30:3c:07:06:e4:46
Signer

Actual PE Digest

13:a6:7a:5f:3c:84:34:f8:19:59:1b:c2:88:d3:6e:51:50:cf:2e:bf:30:94:a0:48:34:dd:30:3c:07:06:e4:46

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

LockScreenContentServer.pdb

Imports

kernel32

DecodePointer
ReleaseSRWLockShared
AcquireSRWLockExclusive
InitOnceExecuteOnce
ReleaseSRWLockExclusive
GetCurrentThreadId
EncodePointer
AcquireSRWLockShared

user32

PostThreadMessageW
EnableWindow
PostQuitMessage
RegisterClassExW
LoadCursorW
MonitorFromWindow
UnregisterClassW
SendMessageW
PostMessageW
TranslateMessage
DispatchMessageW
GetMessageW

msvcrt

_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_cexit
free
_purecall
?terminate@@YAXXZ
malloc
_wcmdln
_fmode
__setusermatherr
__C_specific_handler
_commode
__CxxFrameHandler3
_initterm
__dllonexit
_unlock
memset
_lock
_XcptFilter
_callnewh
_onexit

api-ms-win-core-com-l1-1-0

CoAddRefServerProcess
CoReleaseServerProcess
CoUninitialize
CoRegisterClassObject
CoResumeClassObjects
CoInitializeEx
CoRevokeClassObject
CoCreateInstance
StringFromGUID2

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoRegisterActivationFactories
RoRevokeActivationFactories

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
CreateThread
GetStartupInfoW
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
OpenEventW
CreateEventW
SetEvent

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-memory-l1-1-0

OpenFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc

ntdll

NtQuerySystemInformation

dui70

?WndProc@NativeHWNDHost@DirectUI@@SA_JPEAUHWND__@@I_K_J@Z
?Destroy@Element@DirectUI@@QEAAJ_N@Z
??1TouchHWNDElement@DirectUI@@UEAA@XZ
??0TouchHWNDElement@DirectUI@@QEAA@XZ
?Destroy@NativeHWNDHost@DirectUI@@QEAAXXZ
?Initialize@NativeHWNDHost@DirectUI@@QEAAJPEBG0PEAUHWND__@@PEAUHICON__@@HHHHHHPEAUHINSTANCE__@@I@Z
??1NativeHWNDHost@DirectUI@@UEAA@XZ
UnInitProcessPriv
UnInitThread
RegisterPVLBehaviorFactory
InitThread
InitProcessPriv
?WndProc@TouchHWNDElement@DirectUI@@UEAA_JPEAUHWND__@@I_K_J@Z
?Initialize@TouchHWNDElement@DirectUI@@QEAAJPEAUHWND__@@_NIPEAVElement@2@PEAK@Z
?Host@NativeHWNDHost@DirectUI@@QEAAXPEAVElement@2@@Z
?ShowWindow@NativeHWNDHost@DirectUI@@QEAAXH@Z
?_OnUIStateChanged@TouchHWNDElement@DirectUI@@MEAAXGG@Z
?GetWindowClassNameAndStyle@HWNDElement@DirectUI@@UEAAXPEAPEBGPEAI@Z
?CreateStyleParser@HWNDElement@DirectUI@@UEAAJPEAPEAVDUIXmlParser@2@@Z
?IsMSAAEnabled@TouchHWNDElement@DirectUI@@UEAA_NXZ
?CanSetFocus@HWNDElement@DirectUI@@UEAA_NXZ
?OnCompositionChanged@HWNDElement@DirectUI@@UEAAXXZ
?OnWmSettingChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnWmThemeChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnGetDlgCode@HWNDElement@DirectUI@@UEAAXPEAUtagMSG@@PEA_J@Z
?OnNoChildWithShortcutFound@HWNDElement@DirectUI@@UEAAXPEAUKeyboardEvent@2@@Z
?OnImmersiveColorSchemeChanged@HWNDElement@DirectUI@@UEAAXXZ
?OnThemeChanged@HWNDElement@DirectUI@@UEAAXPEAUThemeChangedEvent@2@@Z
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?GetAccessibleImpl@HWNDElement@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?GetClassInfoW@TouchHWNDElement@DirectUI@@UEAAPEAUIClassInfo@2@XZ
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?RemoveTooltip@TouchHWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?ActivateTooltip@TouchHWNDElement@DirectUI@@UEAAXPEAVElement@2@K@Z
?UpdateTooltip@TouchHWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?MessageCallback@TouchHWNDElement@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnEvent@TouchHWNDElement@DirectUI@@UEAAXPEAUEvent@2@@Z
?OnDestroy@TouchHWNDElement@DirectUI@@UEAAXXZ
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnKeyFocusMoved@TouchHWNDElement@DirectUI@@UEAAXPEAVElement@2@0@Z
?OnInput@TouchHWNDElement@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnGroupChanged@HWNDElement@DirectUI@@UEAAXH_N@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@TouchHWNDElement@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?OnMessage@NativeHWNDHost@DirectUI@@UEAAJI_K_JPEA_J@Z
?CreateHostWindow@NativeHWNDHost@DirectUI@@UEAAPEAUHWND__@@KPEBG0KHHHHPEAU3@PEAUHMENU__@@PEAUHINSTANCE__@@PEAX@Z
??0NativeHWNDHost@DirectUI@@QEAA@XZ
?Create@FillLayout@DirectUI@@SAJHPEAHPEAPEAVValue@2@@Z
?Create@FlowLayout@DirectUI@@SAJHPEAHPEAPEAVValue@2@@Z
?_CreateAndSetLayout@DirectUI@@YAJPEAVElement@1@P6AJHPEAHPEAPEAVValue@1@@ZH1@Z
StartMessagePump
?Remove@Element@DirectUI@@QEAAJPEAV12@@Z
?SetX@Element@DirectUI@@QEAAJH@Z
?Add@Element@DirectUI@@QEAAJPEAV12@@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?SetHeight@Element@DirectUI@@QEAAJH@Z
?SetWidth@Element@DirectUI@@QEAAJH@Z
?Create@Element@DirectUI@@SAJIPEAV12@PEAKPEAPEAV12@@Z
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
DuiCreateObject
?GetHWND@HWNDElement@DirectUI@@UEAAPEAUHWND__@@XZ
?SetActive@Element@DirectUI@@QEAAJH@Z
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?SetForegroundStdColor@Element@DirectUI@@QEAAJH@Z
?SetBackgroundStdColor@Element@DirectUI@@QEAAJH@Z
?EndDefer@Element@DirectUI@@QEAAXK@Z
?DestroyWindow@NativeHWNDHost@DirectUI@@QEAAXXZ

duser

AddLayeredRef
GetGadgetVisual
SetMinimumDCompVersion
SetHardwareDeviceUsage
SetGadgetFlags

dwmapi

DwmSetWindowAttribute

gdi32

GetStockObject

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LogonUI.exe
.exe windows:10 windows x64 arch:x64

0ef1a1fbf5fa5b3737a8d19c60f416a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

logonui.pdb

Imports

msvcrt

_commode
_fmode
_wcmdln
__C_specific_handler
wcstoul
?terminate@@YAXXZ
_cexit
_exit
exit
__set_app_type
__setusermatherr
__wgetmainargs
_amsg_exit
_XcptFilter
wcsncmp
wcschr
_initterm

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
SetPriorityClass
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetStartupInfoW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LsaIso.exe
.exe windows:10 windows x64 arch:x64

6a0662b2ccb2114a47e716a8fca3b22f

Code Sign

33:00:00:04:5c:3d:56:72:66:6c:b7:54:17:00:00:00:00:04:5c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 18:20

Not After

04/09/2024, 18:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

26:54:0b:6b:2c:16:ea:bf:40:46:4c:c8:3c:7a:c2:eb:06:3c:2b:01:da:9a:ca:00:9e:a2:f5:6d:21:00:b4:5d
Signer

Actual PE Digest

26:54:0b:6b:2c:16:ea:bf:40:46:4c:c8:3c:7a:c2:eb:06:3c:2b:01:da:9a:ca:00:9e:a2:f5:6d:21:00:b4:5d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

LsaIso.pdb

Imports

msvcrt

_initterm
_fmode
_commode
_lock
_unlock
__dllonexit
_onexit
memset
__setusermatherr
_cexit
_exit
exit
__set_app_type
__CxxFrameHandler4
??3@YAXPEAX@Z
_purecall
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
malloc
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
??1type_info@@UEAA@XZ
memcmp
?terminate@@YAXXZ
wcscmp
__wgetmainargs
_amsg_exit
_XcptFilter
_wcsicmp
__C_specific_handler

iumcrypt

iumCryptSignAndEncodeCertificate
iumCryptExportPublicKeyInfoFromBCryptKeyHandle
iumCryptMsgUpdate
iumCryptEncodeObjectEx
iumCryptMsgOpenToEncode
iumCryptMsgGetParam

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalReAlloc
LocalAlloc

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-eventing-obsolete-l1-1-0

RegisterTraceGuidsA

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleExA

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
SetThreadStackGuarantee
CreateThread
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
InitializeSRWLock
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetTickCount

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

kerbclientshared

KerbClientBuildFastArmoredKdcRequest
KerbDHGetSharedSecretFromCapiKeyBuffer
KerbDHGetLittleEndianPublicKey
KerbClientTransformStoredCred
KerbClientBuildKeyList
KerbClientSharedInit
KerbPackKdcReplyWithEncryptedSessionKey
KerbClientPackAsn1Buffer
KerbClientDecryptApReply
KerbClientVerifyFastArmoredKerbError
KerbClientBuildEncryptedAuthData
KerbClientPackApReply
KerbClientBuildAsReqAuthenticator
KerbClientSharedCleanup
KerbClientAlloc
KerbClientVerifyFastArmoredTgsReply
KerbClientDecryptPacCredentials
KerbClientFreeStoredCred
KerbClientVerifyFastArmoredKdcReply
KerbClientVerifyEncryptedChallengePaData
KerbClientUnpackKdcReplyBody
KerbClientVerifyChecksum
KerbClientUpdateSharedConfiguration
KerbClientBuildTicketArmorKey
KerbClientFree
KerbClientUnpackAsn1BufferVoid
KerbGetFlagsForKdcReply
KerbClientBuildExplicitArmorKey
KerbClientComputeTgsChecksum
KerbDHCreateBCryptKey
KerbDHGetLegacyDHParameters

ntlmshared

MsvpPutClearOwfsInPrimaryCredential
MsvpLm20GetNtlm3ChallengeResponse
MsvpMakeSecretPasswordNT5
MsvpDecryptDpapiMasterKey
MsvpCompareCredentials
MsvpDeriveSecureCredKey
NtlmSharedInit
MsvpValidateSupplementalCredsBuffer
MsvpCredentialToCachePasswords
MsvpGMSACred
MsvpPasswordValidate
MsvpUpdateSharedConfiguration

msasn1

ASN1BERDecGeneralizedTime
ASN1DEREncGeneralizedTime
ASN1BEREncU32
ASN1DecSetError
ASN1octetstring_free
ASN1BERDecSXVal
ASN1BERDecOpenType2
ASN1_CloseDecoder
ASN1intx_free
ASN1_CreateDecoder
ASN1intx_setuint32
ASN1_Decode
ASN1_CreateEncoder
ASN1_FreeEncoded
ASN1_FreeDecoded
ASN1_Encode
ASN1_CloseEncoder
ASN1BERDecPeekTag
ASN1BERDecOctetString
ASN1BERDecNotEndOfContents
ASN1BEREncExplicitTag
ASN1BERDecEndOfContents
ASN1BERDecBool
ASN1objectidentifier_free
ASN1EncSetError
ASN1BEREncS32
ASN1DEREncCharString
ASN1BEREncEndOfContents
ASN1BEREncBool
ASN1BERDecSkip
ASN1Free
ASN1DecAlloc
ASN1BEREncSX
ASN1BEREncOpenType
ASN1BERDecS32Val
ASN1DEREncOctetString
ASN1charstring_free
ASN1BERDecBitString
ASN1BERDecObjectIdentifier
ASN1BERDecZeroCharString
ASN1DEREncBitString
ASN1BERDecU32Val
ASN1BEREncObjectIdentifier
ASN1_CreateModule
ASN1BERDecCharString
ASN1bitstring_free
ASN1ztcharstring_free
ASN1BERDecExplicitTag

iumbase

GetSignedReport
GetTaggedData
GetTaggedDataSize
IsSecureProcess
GetSecureIdentitySigningKey
EncryptData
DecryptData

ntdll

RtlImageNtHeader
RtlLengthSid
RtlTimeToTimeFields
RtlTimeFieldsToTime
RtlCaptureContext
RtlAvlRemoveNode
RtlEqualUnicodeString
RtlAvlInsertNodeEx
memmove_s
RtlNtStatusToDosError
RtlLeaveCriticalSection
RtlInitializeCriticalSection
_vsnprintf_s
RtlEnterCriticalSection
memcpy_s
RtlDeleteCriticalSection
_vsnwprintf
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlFreeHeap
NtSetEvent
NtCreateEvent
RtlSetProcessIsCritical
NtClose
RtlInitUnicodeString
NtOpenEvent
NtQuerySystemInformation
RtlAllocateHeap

rpcrt4

NdrMesTypeAlignSize3
MesEncodeDynBufferHandleCreate
NdrMesTypeEncode3
RpcMgmtWaitServerListen
MesHandleFree
MesDecodeBufferHandleCreate
NdrMesTypeDecode3
RpcExceptionFilter
I_RpcMapWin32Status
RpcServerUnregisterIf
MesIncrementalHandleReset
MesDecodeIncrementalHandleCreate
MesEncodeIncrementalHandleCreate
RpcServerUseProtseqEpW
RpcServerListen
RpcServerRegisterIf
NdrServerCall2
NdrServerCallAll

bcrypt

BCryptGenerateSymmetricKey
BCryptHash
BCryptSecretAgreement
BCryptSetProperty
BCryptSignHash
BCryptDestroySecret
BCryptDeriveKey
BCryptImportKey
BCryptDecrypt
BCryptDuplicateKey
BCryptVerifySignature
BCryptGetProperty
BCryptCreateHash
BCryptHashData
BCryptDestroyHash
BCryptFinishHash
BCryptDestroyKey
BCryptFinalizeKeyPair
BCryptGenerateKeyPair
BCryptOpenAlgorithmProvider
BCryptExportKey
BCryptCloseAlgorithmProvider
BCryptImportKeyPair
BCryptGenRandom
BCryptEncrypt
BCryptKeyDerivation

cryptdll

CDLocateCheckSum
CDLocateCSystem
CDGenerateRandomBits

cryptsp

SystemFunction009
SystemFunction007
SystemFunction011

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualProtect
VirtualQuery

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

Exports

Exports

__ImagePolicyMetadata

Sections

.text
Size: 220KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tPolicy
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MBR2GPT.EXE
.exe windows:10 windows x64 arch:x64

bfce5638936595ff0bfe97345d1551ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

MBR2GPT.pdb

Imports

advapi32

RegEnumValueW
RegOpenKeyExW
RegLoadKeyW
RegUnLoadKeyW
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
TraceMessage
EventWrite
RegGetValueW
SetThreadToken
DuplicateTokenEx
OpenThreadToken
RegQueryValueExW

kernel32

CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
OpenSemaphoreW
WaitForSingleObjectEx
CloseThreadpoolTimer
OutputDebugStringW
ReleaseMutex
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
ReleaseSemaphore
CreateSemaphoreExW
DeleteCriticalSection
GetModuleFileNameA
SetFilePointer
GetVolumeInformationW
WriteFile
SetEndOfFile
CreateMutexExW
AcquireSRWLockShared
GetVolumePathNamesForVolumeNameW
SetVolumeMountPointW
DebugBreak
IsDebuggerPresent
WakeAllConditionVariable
SleepConditionVariableSRW
GetProcessHeap
GetWindowsDirectoryW
HeapAlloc
CloseHandle
GetLastError
GetVolumeNameForVolumeMountPointW
CreateFileW
GetVolumePathNameW
GetTempPathW
DeviceIoControl
ExpandEnvironmentStringsW
GetCurrentProcess
SetLastError
HeapFree
SetConsoleCtrlHandler
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
GetLogicalDrives
FindFirstVolumeW
FindVolumeClose
FindNextVolumeW
GetDriveTypeW
CreateDirectoryW
CompareStringW
GetFullPathNameW
GetLongPathNameW
GetFinalPathNameByHandleW
GetModuleFileNameW
GetCurrentDirectoryW
FindFirstFileW
FindNextFileW
FindClose
WaitForSingleObject
GetFileAttributesW
SetFileAttributesW
DeleteFileW
GetProcAddress
FreeLibrary
LoadLibraryExW
FormatMessageW
GetFileInformationByHandleEx
GetFileInformationByHandle
SetFileInformationByHandle
CopyFileExW
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetSystemDirectoryW
GetCurrentThread
VirtualAlloc
ReadFile
VirtualFree
GetModuleHandleExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
RtlCompareMemory
GetFileAttributesExW
GetDiskFreeSpaceExW
GetFileSize
MultiByteToWideChar

msvcrt

__set_app_type
_exit
??1type_info@@UEAA@XZ
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
_amsg_exit
memcpy_s
wcsstr
__wgetmainargs
_XcptFilter
memmove_s
fwprintf
_cexit
__setusermatherr
_initterm
_atoi64
atol
wcsrchr
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
??_V@YAXPEAX@Z
_unlock
_lock
?terminate@@YAXXZ
_commode
malloc
??3@YAXPEAX@Z
_purecall
__CxxFrameHandler3
_vscwprintf
_vsnprintf
wcsncmp
_fmode
iswctype
__iob_func
__dllonexit
_onexit
_vsnwprintf
exit
wprintf
__C_specific_handler
memcmp
memcpy
memset
_wcsnicmp
wcschr
_wtoi
_wcsicmp
towlower

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtOpenFile
NtQueryObject
NtSetInformationFile
RtlFreeHeap
RtlAllocateHeap
RtlSetThreadErrorMode
RtlGUIDFromString
RtlFreeUnicodeString
RtlNtStatusToDosError
NtQueryDirectoryObject
NtOpenDirectoryObject
NtClose
RtlInitUnicodeString
NtQuerySystemInformation
RtlGetThreadErrorMode
RtlDosPathNameToNtPathName_U
RtlCaptureContext

ole32

CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize
StringFromGUID2

rpcrt4

UuidFromStringW

bcd

BcdQueryObject
BcdGetElementData
BcdCloseStore
BcdOpenStoreFromFile
BcdForciblyUnloadStore
BcdCreateObject
BcdCloseObject
BcdOpenObject
BcdSetLogging
SyspartGetSystemDisk
BcdOpenStore
BcdGetElementDataWithFlags
BcdSetElementData
BcdOpenSystemStore

wdscore

WdsTerminate
WdsSetupLogMessageW
ConstructPartialMsgVW
CurrentIP
WdsInitialize

bootsvc

BfsUnregisterLogCallback
BfsServiceBootFilesEx
BfsRegisterLogCallback
BfsInitializeSystemVolume
BfsInitializeBcdStore

wimgapi

WIMApplyImage
WIMLoadImage
WIMCaptureImage
WIMCloseHandle
WIMCreateFile
WIMSetTemporaryPath

user32

LoadStringW

servicingcommon

RtlCreateMicrodom
RtlFreeLUtf8String
RtlCreateUtf8UCSStringBuilder
RtlCreateDefaultXmlWriter
RtlCompareLUtf8Strings
RtlInitLUnicodeStringFromNullTerminatedString
RtlDuplicateLUnicodeStringToLUtf8String

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MDEServer.exe
.exe windows:10 windows x64 arch:x64

56d10c6c4991da3babb3a94b859a1245

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MDEServer.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
strnlen
wcscmp
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_wide_winmain_command_line
_o__i64tow_s
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__ltow_s
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__errno
memmove
_o__ui64tow_s
_o__ultow_s
_o__wcsicmp
_o__wcslwr_s
_o__wcsnicmp
_o__wcstoui64
_o__wsplitpath_s
_o_calloc
_o_ceil
_o_exit
_o_floor
_o_free
_o_iswalpha
_o_iswdigit
_o_iswxdigit
_o_log
_o_malloc
_o_qsort
_o_sqrt
_o_strncpy_s
_o_terminate
_o_towlower
_o_towupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstol
_o_wcstoul
_o_wmemcpy_s
__current_exception
__current_exception_context
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o__exit
_o___p__commode
wcsrchr
wcsstr
wcschr
__C_specific_handler
memcmp
memcpy

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapReAlloc
HeapDestroy
HeapFree
HeapSize

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadLibraryExW
SizeofResource
GetModuleFileNameW
FreeLibrary
LockResource
GetModuleHandleW
LoadResource
GetModuleFileNameA
GetProcAddress
FindResourceExW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
CreateEventW
ResetEvent
SetEvent
CreateWaitableTimerExW
SetWaitableTimer
WaitForSingleObjectEx
WaitForSingleObject
CreateSemaphoreExW
ReleaseSemaphore
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReleaseMutex
OpenSemaphoreW
CreateMutexExW

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentThreadId
TlsSetValue
TlsGetValue
CreateThread
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l2-1-0

CharNextW
CharUpperBuffW
CharUpperW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage
GetTraceEnableLevel
GetTraceLoggerHandle

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
SetProcessMitigationPolicy

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegGetValueW

api-ms-win-core-string-l1-1-0

GetStringTypeExW
CompareStringOrdinal
CompareStringW
MultiByteToWideChar

api-ms-win-core-kernel32-legacy-l1-1-1

PowerCreateRequest
PowerClearRequest
PowerSetRequest

api-ms-win-core-url-l1-1-0

PathCreateFromUrlW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsFileSpecW
PathIsRelativeW
PathRemoveFileSpecW
PathCombineW

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSize

api-ms-win-core-timezone-l1-1-0

GetDynamicTimeZoneInformation

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

winmde

MFCreateNetVRoot
MFCreateWinMDEOpCenter

api-ms-win-core-localization-l1-2-0

IsValidLocaleName
FormatMessageW

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureUsage
SubscribeFeatureStateChangeNotification
UnsubscribeFeatureStateChangeNotification

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 380KB - Virtual size: 377KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MDMAgent.exe
.exe windows:10 windows x64 arch:x64

3869e103ee10dda6ec9428bad4a16117

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MDMAgent.pdb

Imports

msvcp110_win

?_Winerror_map@std@@YAPEBDH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ

msvcrt

memcpy
memcmp
_CxxThrowException
memmove
??3@YAXPEAX@Z
__CxxFrameHandler4
_vsnwprintf
memcpy_s
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_wcsicmp
memmove_s
memset
sprintf_s
free
__CxxFrameHandler3
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlIsStateSeparationEnabled

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoActivateInstance

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW

oleaut32

SafeArrayGetUBound
SafeArrayUnlock
SafeArrayCreate
SysAllocString
VariantInit
SysFreeString
SafeArrayDestroy
VariantClear
SafeArrayLock
SafeArrayGetLBound

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
DeleteCriticalSection
ReleaseSRWLockExclusive
CreateSemaphoreExW
ReleaseSRWLockShared
OpenEventW
WaitForSingleObjectEx
InitializeCriticalSectionEx
CreateMutexExW
LeaveCriticalSection
ReleaseMutex
ReleaseSemaphore
AcquireSRWLockShared
WaitForSingleObject
OpenSemaphoreW
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CLSIDFromString

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegGetValueW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemTime

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
InitOnceComplete
Sleep
InitOnceBeginInitialize
SleepConditionVariableSRW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

dmcmnutils

HexStringToBinary
UnicodeToMB
DmRevertToSelf
DmImpersonate
OmaDmRegistryGetString
DmIsSystemOrAdmin
IsWvdFeatureAllowed
OmaDmRegistryGetDWORD
DmDeleteTask
DmDisableTask
DmIsTaskScheduled
InvStrCmpIW

omadmapi

ord104

dmenrollengine

GetEnrollmentSID
GetEnrollmentCertStore
GetEnrollmentType

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime

rpcrt4

UuidFromStringW
UuidCreate

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchAppend

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

crypt32

CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CertOpenStore

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MDMAppInstaller.exe
.exe windows:10 windows x64 arch:x64

1bae9143ec23084a6fb1eb1c289387d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mdmappinstaller.pdb

Imports

advapi32

EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation
SetThreadToken
RevertToSelf
CreateProcessAsUserW
CryptReleaseContext
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
LookupAccountNameW
ConvertSidToStringSidW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyExW
GetTokenInformation
GetLengthSid
CopySid
OpenProcessToken
ImpersonateLoggedOnUser
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
CloseServiceHandle
TraceMessage
OpenThreadToken

kernel32

CreateProcessW
GetTempFileNameW
GetSystemDirectoryW
CreateThread
LeaveCriticalSection
InitializeCriticalSection
ReleaseSRWLockShared
ReleaseSRWLockExclusive
CreateThreadpoolTimer
GetCurrentThread
DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
AcquireSRWLockShared
AcquireSRWLockExclusive
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
GetExitCodeProcess
LocalFree
InitOnceComplete
InitOnceBeginInitialize
GetTickCount
DelayLoadFailureHook
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WakeAllConditionVariable
SleepConditionVariableSRW
DeleteFileW
CreateFileW
ReadFile
CreateMutexW
CreateSemaphoreExW
CreateMutexExW
GetCurrentProcessId
GetSystemTimeAsFileTime
SetThreadpoolTimer
ResolveDelayLoadedAPI
GetLastError
FormatMessageW
GetCurrentThreadId
HeapAlloc
GetProcessHeap
HeapFree
Sleep
OpenSemaphoreW
WaitForSingleObject
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
CloseHandle
SetLastError
OutputDebugStringW
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
GetModuleHandleW
GetProcAddress
IsDebuggerPresent

msvcp110_win

?_Syserror_map@std@@YAPEBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

msvcrt

_wcsicmp
toupper
??_V@YAXPEAX@Z
??1type_info@@UEAA@XZ
_CxxThrowException
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
_vsnprintf_s
memcpy_s
_vsnwprintf
_purecall
__CxxFrameHandler4
??3@YAXPEAX@Z
free
memcmp
memcpy
memmove
?terminate@@YAXXZ
memmove_s
_wcsnicmp
swprintf_s
wcscat_s
memset

dmenrollengine

GetEnrollmentType
GetEnrollmentAadResourceUrl
ord7
GetEnrollmentSID
ord18

crypt32

CertFreeCertificateContext
CertCloseStore

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

rpcrt4

UuidToStringW
UuidFromStringW
RpcStringFreeW

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW

ole32

StringFromGUID2
CoCreateGuid
CoTaskMemFree
CoSetProxyBlanket
CoInitializeEx
CoTaskMemAlloc
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSEnumerateSessionsExW
WTSFreeMemoryExW
WTSQueryUserToken

msi

ord70
ord177
ord6

declaredconfiguration

DMOrchestratorUpdateDocStatus

omadmapi

ord38
ord34
ord40
ord39

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MRINFO.EXE
.exe windows:10 windows x64 arch:x64

5c469a86bbf49e6e0233ee6dd4b37aaa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mrinfo.pdb

Imports

msvcrt

_cexit
_exit
_initterm
__set_app_type
__wgetmainargs
__C_specific_handler
_amsg_exit
_XcptFilter
_fmode
_commode
?terminate@@YAXXZ
exit
malloc
fwprintf
free
fgetpos
wcschr
_fileno
_write
_setmode
_wtoi
fflush
_wcsicmp
__setusermatherr
_get_osfhandle
__iob_func
memset

ws2_32

socket
setsockopt
GetAddrInfoW
recvfrom
bind
FreeAddrInfoW
htonl
htons
sendto
GetNameInfoW
select
WSAStartup
WSACleanup

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-console-l1-1-0

GetConsoleMode

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-file-l1-1-0

GetFileType

ntdll

RtlIpv4AddressToStringW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MRT.exe
.exe windows:10 windows x64 arch:x64

420b13899575174cb326af2567a9da60

Code Sign

33:00:00:04:64:6a:33:6b:06:bc:9f:b3:0d:00:00:00:00:04:64
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ea:75:d8:4a:bc:c3:39:af:81:cc:16:eb:36:01:83:e2:8c:94:54:7f:8d:be:b4:cc:e1:f5:8b:71:81:1f:8f:16
Signer

Actual PE Digest

ea:75:d8:4a:bc:c3:39:af:81:cc:16:eb:36:01:83:e2:8c:94:54:7f:8d:be:b4:cc:e1:f5:8b:71:81:1f:8f:16

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

mrt.pdb

Imports

advapi32

GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
TraceMessage
EventActivityIdControl
InitiateSystemShutdownExW
RegCloseKey
EventWriteTransfer
CloseServiceHandle
AllocateAndInitializeSid
CopySid
ConvertStringSidToSidW
FreeSid
CheckTokenMembership
ConvertSidToStringSidW
GetLengthSid
GetTokenInformation
QueryServiceStatus
OpenSCManagerW
StartServiceW
QueryServiceConfigW
OpenServiceW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
OpenProcessToken
OpenThreadToken
EventRegister
EventUnregister
AdjustTokenPrivileges
LookupPrivilegeValueW
CreateProcessAsUserW
ConvertStringSecurityDescriptorToSecurityDescriptorW

kernel32

WaitForMultipleObjects
FileTimeToSystemTime
GetExitCodeProcess
GetSystemWindowsDirectoryW
VirtualLock
DecodePointer
CreateThread
ExitThread
FreeLibraryAndExitThread
FindFirstFileExW
GetCommandLineA
GetCommandLineW
GetExitCodeThread
ResumeThread
SuspendThread
GetSystemPowerStatus
FreeLibrary
Sleep
GlobalUnlock
GlobalLock
GlobalAlloc
GetDriveTypeW
GetLogicalDrives
GetSystemTimeAsFileTime
GetTimeFormatW
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
GetDiskFreeSpaceExW
GetTickCount
DeleteFileW
GetTempFileNameW
GetModuleHandleW
CloseHandle
FindClose
Process32NextW
Process32FirstW
GetCurrentProcessId
CreateToolhelp32Snapshot
GetSystemDefaultUILanguage
GetLastError
SetLastError
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThread
GetCurrentThreadId
GetStdHandle
GetFileType
GetStartupInfoW
GetTempPathW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionAndSpinCount
GetProcAddress
LoadLibraryExW
CompareStringW
LCMapStringW
ExitProcess
GetModuleHandleExW
GetProcessHeap
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WideCharToMultiByte
MultiByteToWideChar
GetFileSizeEx
SetFilePointerEx
GetStringTypeW
SetStdHandle
GetTimeZoneInformation
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
GetModuleFileNameW
ReadFile
ReadConsoleW
OutputDebugStringW
HeapSize
HeapReAlloc
RaiseException
CreateFileW
WriteConsoleW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
QueryPerformanceCounter
InitializeSListHead
EncodePointer
InitializeCriticalSectionEx
UnmapViewOfFile
SetEvent
LocalFree
SetErrorMode
WaitForSingleObject
GetSystemTime
FileTimeToLocalFileTime
MoveFileExW
EnumResourceNamesW
RemoveDirectoryW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrcmpA
LocalAlloc
FormatMessageW
CreateDirectoryW
FindFirstFileW
GetFullPathNameW
FindNextFileW
ExpandEnvironmentStringsW
GetFileAttributesW
SetFileAttributesW
CreateEventW
LoadLibraryW
CreateFileMappingW
MapViewOfFile
OpenEventW
OpenFileMappingW
GetSystemDirectoryW
GetNativeSystemInfo
HeapSetInformation
CreateProcessW
SetEndOfFile

user32

KillTimer
DestroyIcon
EnableWindow
GetDesktopWindow
SendInput
PostMessageW
LoadImageW
GetWindowRect
MapWindowPoints
ShowWindow
SetTimer
MoveWindow
DefWindowProcW
PostQuitMessage
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
CreateWindowExW
UnregisterClassW
RegisterClassW
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
GetScrollBarInfo
MessageBoxW
GetForegroundWindow
DialogBoxParamW
SetDlgItemTextW
SetWindowTextW
LoadIconW
GetDlgItem
EndDialog
SendDlgItemMessageW
CheckRadioButton
CheckDlgButton
CopyRect
GetWindowTextLengthW
GetWindowTextW
GetDC
DrawTextW
ReleaseDC
GetParent
SetFocus
SetRectEmpty
DrawTextExW
ScreenToClient
GetKeyState
SetWindowLongPtrW
GetWindowLongPtrW
SendMessageW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHGetFolderLocation
SHBrowseForFolderW
Shell_NotifyIconW
ShellExecuteExW

ole32

CoSetProxyBlanket
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoWaitForMultipleHandles
CoTaskMemAlloc

oleaut32

SysStringLen
VariantInit
SysAllocStringLen
SysAllocString
SysFreeString
VariantClear
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement

rpcrt4

UuidFromStringW

ntdll

RtlCaptureContext
RtlNtStatusToDosError
RtlGetVersion
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlUnwind
RtlPcToFileHeader

gdi32

SelectObject

comctl32

InitCommonControlsEx
PropertySheetW

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CryptMsgGetParam
CryptDecodeObject
CertVerifyCertificateChainPolicy
CryptMsgClose
CertFreeCertificateContext
CryptQueryObject

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Sections

.text
Size: 308KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 187.7MB - Virtual size: 187.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MSchedExe.exe
.exe windows:10 windows x64 arch:x64

9bb805d1418f5443c74b46538e23aa97

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MSchedExe.pdb

Imports

kernel32

CompareStringOrdinal
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
TerminateProcess

msvcrt

?terminate@@YAXXZ
_XcptFilter
_amsg_exit
__wgetmainargs
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

maintenanceui

StopMaintenance
StartMaintenance

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Magnify.exe
.exe windows:10 windows x64 arch:x64

040c0d0cb06c9061bf366d53eabd8db9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Magnify.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
EventUnregister
EventRegister
EventWriteTransfer
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyExW
RegDeleteKeyW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegGetValueW
EventSetInformation
RegQueryValueExW
RegDeleteTreeW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
RegEnumKeyExW
RegQueryValueW
RegLoadMUIStringW
RegNotifyChangeKeyValue
RegEnumValueW

kernel32

GetTickCount64
SetProcessShutdownParameters
RegisterApplicationRestart
CreateEventExW
DeleteCriticalSection
InitializeCriticalSectionEx
TerminateProcess
GetCurrentProcess
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
RaiseException
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
InitializeCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
GlobalAddAtomW
GlobalDeleteAtom
SetEvent
GetUserDefaultLCID
LoadLibraryExW
FreeLibrary
ResetEvent
VirtualQuery
Sleep
HeapSetInformation
OpenMutexW
CompareStringW
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
CreateMutexExW
GetProcAddress
HeapAlloc
CloseHandle
OpenSemaphoreW
CreateMutexW
GetSystemInfo
LoadLibraryExA
VirtualProtect
InitOnceComplete
InitOnceBeginInitialize
K32GetModuleBaseNameW
K32EnumProcessModules
K32EnumProcesses
DeleteFileW
GetFileAttributesW
DeleteProcThreadAttributeList
CreateProcessW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
OpenProcess
ExpandEnvironmentStringsW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
LocalFree
GetLocaleInfoEx
LoadLibraryW
InterlockedPushEntrySList
GlobalAlloc
OOBEComplete
LoadResource
FindResourceExW
CreateThread
LockResource
ProcessIdToSessionId
IsProcessInJob
OpenJobObjectW
CompareStringOrdinal
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
HeapSize
HeapReAlloc
HeapDestroy
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
CreateEventW
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
SizeofResource

gdi32

FillRgn
GetObjectW
CreateCompatibleDC
DeleteDC
LineTo
MoveToEx
SelectObject
GetStockObject
CreateSolidBrush
CreateBrushIndirect
CreateBitmap
DeleteObject
CombineRgn
CreateRectRgn

user32

DestroyCursor
SetWindowsHookExW
CallNextHookEx
GetUserObjectInformationW
GetWindowRgn
SetFullscreenMagnifierOffsetsDWMUpdated
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
WindowFromPhysicalPoint
ReleaseDC
UnregisterClassA
CloseDesktop
UpdateLayeredWindow
LoadImageW
GetDC
RegisterClassW
FillRect
SetCursor
GetMessagePos
RemovePropW
SetPropW
SetWindowPlacement
RealGetWindowClassW
GetDoubleClickTime
SendMessageTimeoutW
SetRectEmpty
GetClassNameW
GetForegroundWindow
IsIconic
PostQuitMessage
DispatchMessageW
TranslateMessage
UnregisterHotKey
OpenInputDesktop
UpdateWindow
GetWindow
AdjustWindowRectEx
IsWindowVisible
SendMessageW
LoadIconW
SetWindowLongW
SetPhysicalCursorPos
MapWindowPoints
GetPointerFrameInfoHistory
GetPointerInfo
GetWindowTextW
GetWindowThreadProcessId
ShowWindow
InvalidateRect
GetCursorPos
SetWindowRgn
SetWindowPos
GetSysColor
GetClientRect
SetWinEventHook
SetLayeredWindowAttributes
LoadCursorW
SetActiveWindow
EndPaint
BeginPaint
GetPointerDeviceRects
GetParent
UnhookWinEvent
SetWindowLongPtrW
GetWindowLongPtrW
InflateRect
SetRect
GetGUIThreadInfo
DefWindowProcW
MonitorFromRect
RegisterClassExW
SetSystemCursor
RegisterHotKey
GetAsyncKeyState
GetKeyboardLayout
GetMessageW
MapVirtualKeyExW
UnionRect
RegisterPointerDeviceNotifications
CreateWindowExW
GetPhysicalCursorPos
DestroyWindow
IsWindow
ClipCursor
EnumDisplayMonitors
KillTimer
SystemParametersInfoW
LoadStringW
FindWindowW
PostMessageW
UnhookWindowsHookEx
GetSystemMetrics
GetWindowLongW
GetAncestor
IntersectRect
EqualRect
GetDesktopWindow
GetWindowRect
IsRectEmpty
OffsetRect
PtInRect
SendInput
MonitorFromPoint
GetMonitorInfoW
CopyRect
GetPointerDevices
GetDpiForWindow
AdjustWindowRectExForDpi
GetFocus
SetFocus
GetKeyState
GetShellWindow
SendNotifyMessageW
SetDesktopColorTransform
GetProcessDefaultLayout
GetThreadDesktop
SetTimer

msvcp_win

_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
_Thrd_detach
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
_Unlock_shared_ptr_spin_lock
_Lock_shared_ptr_spin_lock
?_Xbad_function_call@std@@YAXXZ
_Thrd_id
_Thrd_join
_Mtx_unlock
_Mtx_lock
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

api-ms-win-crt-string-l1-1-0

wcsncmp
memmove_s
memset
wcsspn
strncmp
wcscmp
wcscspn

api-ms-win-crt-runtime-l1-1-0

_initterm
_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vswscanf
_o__beginthreadex
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__hypot
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__ltow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcslwr_s
_o__wtoi
_o_abort
_o_atan2
_o_atan2f
_o_ceil
_o_ceilf
_o_cosf
_o_exit
_o_floorf
_o_fmod
_o_free
_o_iswspace
_o_log
_o_malloc
_o_memcpy_s
_o_pow
_o_powf
_o_realloc
_o_sinf
_o_sqrt
_o_sqrtf
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcstok
_o_wcstok_s
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o___p__commode
__std_terminate
__CxxFrameHandler4
_o___std_exception_destroy
_o___std_exception_copy
wcschr
wcsrchr
memcmp
memcpy
memmove

ole32

CoUninitialize
CoWaitForMultipleObjects
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoInitialize

oleacc

AccessibleObjectFromEvent
AccessibleObjectFromWindow

comctl32

ord17
InitCommonControlsEx

oleaut32

SafeArrayCreate
SafeArrayDestroy
SysAllocString
VariantInit
VariantClear
SafeArrayGetLBound
SysFreeString
SafeArrayGetDim
SafeArrayGetVartype
SafeArrayAccessData
SafeArrayUnaccessData
SetErrorInfo
SysStringLen
GetErrorInfo
SafeArrayGetUBound
SafeArrayPutElement

gdiplus

GdipSetSmoothingMode
GdipFree
GdipAlloc
GdipCloneBrush
GdipStringFormatGetGenericTypographic
GdipDrawString
GdipSetTextRenderingHint
GdipDeleteFont
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawLine
GdipDeletePen
GdipDeleteBrush
GdipCreatePen1
GdipFillRectangle
GdipSetInterpolationMode

shell32

ShellExecuteW
SHGetKnownFolderPath
SHAppBarMessage

ntdll

NtQueryWnfStateData
WinSqmSetDWORD
WinSqmIsOptedIn
WinSqmIncrementDWORD
RtlLookupFunctionEntry
RtlCaptureContext
RtlPublishWnfStateData
RtlVirtualUnwind
WinSqmAddToStream

dwmapi

DwmSetWindowAttribute
DwmIsCompositionEnabled

magnification

MagSetInputTransform
MagSetLensUseBitmapSmoothing
MagSetWindowTransform
MagSetWindowSource
MagSetFullscreenUseBitmapSmoothing
MagSetFullscreenColorEffect
MagSetFullscreenTransform
MagInitialize
MagUninitialize
MagShowSystemCursor

uiautomationcore

UiaRaiseStructureChangedEvent
UiaRaiseAutomationEvent
UiaHostProviderFromHwnd
UiaClientsAreListening
UiaReturnRawElementProvider

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

api-ms-win-crt-math-l1-1-0

_isnan
_finite

Sections

.text
Size: 516KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MdRes.exe
.exe windows:10 windows x64 arch:x64

3d553fef2350214df4679f35ff59a173

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mdres.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

kernel32

QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleW
CompareStringW
HeapSetInformation
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
Sleep
GetSystemTimeAsFileTime

user32

GetMessageW
DispatchMessageW
LoadStringW
DefWindowProcW
DestroyWindow
UnregisterClassW
RegisterClassExW
CreateWindowExW
LoadIconW
PostQuitMessage
TranslateMessage

msvcrt

_amsg_exit
_cexit
free
_callnewh
malloc
__wgetmainargs
_exit
__setusermatherr
__set_app_type
__C_specific_handler
_fmode
_commode
_XcptFilter
?terminate@@YAXXZ
exit
_initterm
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

shell32

Shell_NotifyIconW

comctl32

ord345

ole32

CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysAllocString
VariantInit
SysFreeString

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MdSched.exe
.exe windows:10 windows x64 arch:x64

a4bb20aeb8afa2bf97327d41b25c5c30

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mdsched.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
EventWrite
InitiateShutdownW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

kernel32

GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
GetSystemTimeAsFileTime
CloseHandle
GetCurrentProcess
HeapSetInformation
GetLastError
GetModuleHandleW
GetCurrentThreadId
CompareStringW
GetTickCount
UnhandledExceptionFilter
TerminateProcess

user32

LoadStringW

msvcrt

_cexit
_exit
__C_specific_handler
_initterm
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
free
_callnewh
malloc
?terminate@@YAXXZ
_commode
_fmode
__setusermatherr
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

comctl32

ord345

bcd

BcdOpenObject
BcdCloseObject
BcdSetElementData
BcdCloseStore
BcdOpenSystemStore

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MdmDiagnosticsTool.exe
.exe windows:10 windows x64 arch:x64

9b2aa36f56a7f70d879ec5a882e7bc90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MdmDiagnosticsTool.pdb

Imports

msvcrt

_callnewh
malloc
??0exception@@QEAA@AEBQEBD@Z
wcsncmp
wcsrchr
_XcptFilter
_amsg_exit
??3@YAXPEAX@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
__wgetmainargs
??0exception@@QEAA@AEBQEBDH@Z
_vsnprintf_s
exit
_exit
memmove
_cexit
??0exception@@QEAA@AEBV0@@Z
__setusermatherr
??0exception@@QEAA@XZ
_initterm
__C_specific_handler
_fmode
??1exception@@UEAA@XZ
_commode
?terminate@@YAXXZ
_lock
__set_app_type
__CxxFrameHandler3
_unlock
memcpy
__dllonexit
_onexit
_purecall
_wcsicmp
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
wprintf
__CxxFrameHandler4
??1type_info@@UEAA@XZ
memset

ntdll

RtlIsStateSeparationEnabled
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-file-l1-1-0

RemoveDirectoryW
FindClose
FindFirstFileW
CreateFileW
CreateDirectoryW
GetFileAttributesW
SetFileInformationByHandle
FindNextFileW
SetFileAttributesW
GetFullPathNameW
DeleteFileW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
GetModuleFileNameW
GetModuleHandleW

oleaut32

SysAllocString
VariantClear
SysFreeString
VariantInit

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExW
RegGetValueW
RegCloseKey

api-ms-win-core-synch-l1-1-0

CreateMutexExW
OpenSemaphoreW
ReleaseSemaphore
ReleaseMutex
CreateSemaphoreExW
WaitForSingleObjectEx
WaitForSingleObject

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoCreateInstance

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-path-l1-1-0

PathAllocCombine

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventActivityIdControl
EventUnregister

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

mdmdiagnostics

ord2
ord1
ord5
ord3
ord4

omadmapi

ord104

dmcmnutils

DmInitializeContainer
DmStopContainerActivity
DmStartContainerActivity
DmExecuteProcessAndCollect
DmGetActiveUserSid

api-ms-win-core-apiquery-l2-1-0

IsApiSetImplemented

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MicrosoftEdgeBCHost.exe
.exe windows:10 windows x64 arch:x64

72cfe4b53f527af5f154a65ef34d5c4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MicrosoftEdgeCP.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsicmp
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___stdio_common_vsnprintf_s
_o__crt_atexit
_o___std_exception_destroy
_o__configure_wide_argv
_o__configthreadlocale
_o___std_exception_copy
_o___p__commode
_o__cexit
_o__callnewh
wcschr
_CxxThrowException
__std_terminate
__CxxFrameHandler4
memcpy
_o___stdio_common_vswprintf

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

CreateMutexExW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapSetInformation
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetErrorMode
RaiseException
SetLastError
SetUnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThread
GetCurrentProcess
GetStartupInfoW
GetCurrentThreadId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
SetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeSecurity
CoGetApartmentType

edgeiso

ord224

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegGetValueW
RegCloseKey
RegCreateKeyExW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-memory-l1-1-3

SetProcessValidCallTargets

ntdll

NtQuerySystemInformation

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-processthreads-l1-1-2

SetProtectedPolicy

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

wintrust

WTGetSignatureInfo

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MicrosoftEdgeCP.exe
.exe windows:10 windows x64 arch:x64

72cfe4b53f527af5f154a65ef34d5c4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MicrosoftEdgeCP.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsicmp
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___stdio_common_vsnprintf_s
_o__crt_atexit
_o___std_exception_destroy
_o__configure_wide_argv
_o__configthreadlocale
_o___std_exception_copy
_o___p__commode
_o__cexit
_o__callnewh
wcschr
_CxxThrowException
__std_terminate
__CxxFrameHandler4
memcpy
_o___stdio_common_vswprintf

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

CreateMutexExW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapSetInformation
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetErrorMode
RaiseException
SetLastError
SetUnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThread
GetCurrentProcess
GetStartupInfoW
GetCurrentThreadId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
SetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeSecurity
CoGetApartmentType

edgeiso

ord224

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegGetValueW
RegCloseKey
RegCreateKeyExW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-memory-l1-1-3

SetProcessValidCallTargets

ntdll

NtQuerySystemInformation

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-processthreads-l1-1-2

SetProtectedPolicy

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

wintrust

WTGetSignatureInfo

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MicrosoftEdgeDevTools.exe
.exe windows:10 windows x64 arch:x64

72cfe4b53f527af5f154a65ef34d5c4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MicrosoftEdgeCP.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsicmp
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___stdio_common_vsnprintf_s
_o__crt_atexit
_o___std_exception_destroy
_o__configure_wide_argv
_o__configthreadlocale
_o___std_exception_copy
_o___p__commode
_o__cexit
_o__callnewh
wcschr
_CxxThrowException
__std_terminate
__CxxFrameHandler4
memcpy
_o___stdio_common_vswprintf

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

CreateMutexExW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapSetInformation
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetErrorMode
RaiseException
SetLastError
SetUnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThread
GetCurrentProcess
GetStartupInfoW
GetCurrentThreadId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
SetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeSecurity
CoGetApartmentType

edgeiso

ord224

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegGetValueW
RegCloseKey
RegCreateKeyExW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-memory-l1-1-3

SetProcessValidCallTargets

ntdll

NtQuerySystemInformation

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-processthreads-l1-1-2

SetProtectedPolicy

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

wintrust

WTGetSignatureInfo

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MicrosoftEdgeSH.exe
.exe windows:10 windows x64 arch:x64

4f297c9cdce9606a6d53083f755d899c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MicrosoftEdgeSH.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm_e
_initterm
_c_exit

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsicmp
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_wide_argv
_o__configthreadlocale
_o___p__commode
wcschr
_CxxThrowException
__std_terminate
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleW
GetProcAddress
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

CreateMutexExW
WaitForSingleObject
OpenSemaphoreW
ReleaseMutex
CreateSemaphoreExW
ReleaseSemaphore
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapSetInformation
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetErrorMode
RaiseException

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance
CoInitializeEx

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetStartupInfoW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy
SetProcessMitigationPolicy

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-downlevel-shlwapi-l1-1-0

StrStrW

iertutil

ord797
ord870
ord792
ord650

edgeiso

ord130

api-ms-win-core-memory-l1-1-3

SetProcessValidCallTargets

userenv

GetAppContainerRegistryLocation

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-processthreads-l1-1-2

SetProtectedPolicy

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

ntdll

NtQuerySystemInformation

wintrust

WTGetSignatureInfo

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MoNotificationUxStub.exe
.exe windows:10 windows x64 arch:x64

5bfdddaae63404f97690259c00047081

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MoNotificationUxStub.pdb

Imports

msvcp_win

?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm_e
_c_exit
_initterm

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__cexit
memmove
_o__callnewh
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o____lc_codepage_func
__std_terminate
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
GetProcAddress
FreeLibrary

api-ms-win-core-synch-l1-1-0

ReleaseMutex
WaitForSingleObjectEx
CreateSemaphoreExW
OpenSemaphoreW
CreateMutexExW
WaitForSingleObject
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW
CreateProcessW
GetCurrentThreadId
GetCurrentProcessId
GetExitCodeProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW
FormatMessageA

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileAttributesExW

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MpSigStub.exe
.exe windows:10 windows x64 arch:x64

73d10f665b566678ac1ddf9942fdaea0

Code Sign

33:00:00:05:4f:13:66:3c:8b:d6:7c:df:d5:00:00:00:00:05:4f
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:50

Not After

16/10/2024, 19:50

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cd:6a:96:a7:30:1c:f9:79:3c:6e:91:d2:ea:6b:df:59:06:96:8f:32:23:43:c2:30:89:37:e5:43:80:7f:94:88
Signer

Actual PE Digest

cd:6a:96:a7:30:1c:f9:79:3c:6e:91:d2:ea:6b:df:59:06:96:8f:32:23:43:c2:30:89:37:e5:43:80:7f:94:88

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MpSigStub.pdb

Imports

advapi32

EnumerateTraceGuids
ControlTraceW
TraceMessage
EventWriteTransfer
StartTraceW
EnableTrace
CloseServiceHandle
RegCloseKey
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
LookupPrivilegeValueW
SetSecurityDescriptorDacl
AdjustTokenPrivileges
AllocateAndInitializeSid
CopySid
FreeSid
CheckTokenMembership
InitializeSecurityDescriptor
InitializeAcl
QueryServiceStatusEx
OpenServiceW
StartServiceW
OpenSCManagerW
QueryServiceStatus
EventUnregister
EventRegister
OpenThreadToken
OpenProcessToken
DecryptFileW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegNotifyChangeKeyValue
GetTokenInformation
GetLengthSid
AddAccessAllowedAce

kernel32

GetCurrentProcessId
GetLastError
SetEndOfFile
SetLastError
IsWow64Process
GetCurrentProcess
FreeLibrary
Sleep
CloseHandle
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThread
GetCurrentThreadId
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStdHandle
GetFileType
GetStartupInfoW
GetTempPathW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetProcAddress
LoadLibraryExW
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
MultiByteToWideChar
ExitProcess
GetModuleHandleW
GetModuleHandleExW
GetProcessHeap
WideCharToMultiByte
SetStdHandle
GetFileSizeEx
SetFilePointerEx
ReadFile
GetConsoleMode
ReadConsoleW
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetModuleFileNameW
HeapSize
HeapReAlloc
CreateFileW
WriteConsoleW
RaiseException
QueryPerformanceCounter
InitializeSListHead
EncodePointer
InitializeCriticalSectionEx
SetFileAttributesW
CopyFileW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetProcessTimes
GetCommandLineW
SetWaitableTimer
CreateWaitableTimerW
CreateDirectoryW
CancelIo
CreateNamedPipeW
InitializeProcThreadAttributeList
GetNamedPipeClientProcessId
PeekNamedPipe
DisconnectNamedPipe
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
VirtualQuery
ConnectNamedPipe
GetThreadTimes
SizeofResource
SetFileTime
VirtualUnlock
SetFilePointer
LockResource
LoadResource
FindResourceW
SystemTimeToFileTime
GetSystemTime
DosDateTimeToFileTime
GlobalMemoryStatusEx
DeleteFileW
GetEnvironmentVariableW
GetSystemDirectoryW
FormatMessageW
GetNativeSystemInfo
HeapSetInformation
GetCurrentDirectoryW
LocalFree
CreateProcessW
GetSystemWindowsDirectoryW
GetExitCodeProcess
FindFirstFileW
GetFullPathNameW
FindNextFileW
ExpandEnvironmentStringsW
RemoveDirectoryW
FindClose
WaitForSingleObject
GetFileAttributesW
OpenProcess
CreateEventW
SetEvent
WaitForSingleObjectEx
ResetEvent
QueryFullProcessImageNameW
QueryPerformanceFrequency
VirtualLock
WaitForMultipleObjects
FindFirstFileExW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer

rpcrt4

UuidCreate
UuidFromStringW

ntdll

RtlNtStatusToDosError
NtQueryInformationFile
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlGetVersion
NtSetInformationFile

Sections

.text
Size: 704KB - Virtual size: 700KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MsSpellCheckingHost.exe
.exe windows:10 windows x64 arch:x64

5923bcb9135c79a044f2309bba8c7190

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

msspellcheckinghost.pdb

Imports

user32

UnregisterClassA
CharUpperW
DispatchMessageW
CharNextW
TranslateMessage
GetMessageW
PostThreadMessageW

msvcrt

??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_commode
_fmode
_acmdln
_initterm
__setusermatherr
_ismbblead
__dllonexit
_lock
_onexit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_errno
realloc
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
_cexit
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_unlock
??0exception@@QEAA@XZ
memmove
??3@YAXPEAX@Z
memcpy
__CxxFrameHandler3
exit
_CxxThrowException
_exit
_callnewh
_purecall
wcscat_s
wcscpy_s
malloc
wcsncpy_s
free
memcpy_s
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler4
memset

oleaut32

SysStringLen
RegisterTypeLi
LoadTypeLi
SysFreeString
SysAllocString
VarUI4FromStr
UnRegisterTypeLi

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoTaskMemAlloc
CoResumeClassObjects
CoTaskMemFree
CoRevokeClassObject
CoSuspendClassObjects
CoCreateInstance
CoRegisterClassObject
CoUninitialize
CoInitializeEx
StringFromGUID2

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
OpenProcessToken
GetCurrentProcess
GetCurrentProcessId
OpenThreadToken
CreateThread
GetCurrentThreadId
GetStartupInfoW
GetCurrentThread

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
OpenFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetVersionExW

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
SizeofResource
LoadLibraryExW
GetProcAddress
GetModuleFileNameW
FreeLibrary
GetModuleHandleW
LoadResource

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW

api-ms-win-core-synch-l1-1-0

SetEvent
CreateEventW
DeleteCriticalSection
WaitForSingleObject
CreateMutexW
InitializeCriticalSection
LeaveCriticalSection
OpenMutexW
ReleaseMutex
EnterCriticalSection

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MuiUnattend.exe
.exe windows:10 windows x64 arch:x64

9fe402ca9e5c96d9217350e15adc4887

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MUIUnattend.pdb

Imports

msvcrt

_amsg_exit
_XcptFilter
memmove_s
__setusermatherr
__C_specific_handler
wcschr
_purecall
??3@YAXPEAX@Z
wcsncmp
_initterm
__wgetmainargs
memmove
?terminate@@YAXXZ
_wcsicmp
_onexit
memcpy_s
_vsnwprintf
_wcsnicmp
__dllonexit
__set_app_type
wcsrchr
_vsnprintf
exit
memcmp
memcpy
_unlock
_lock
_commode
_fmode
_cexit
wprintf
_exit
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameW
GetModuleFileNameA
LoadLibraryExW
FreeLibrary
GetProcAddress
GetModuleHandleW

api-ms-win-core-registry-l1-1-0

RegLoadKeyW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegUnLoadKeyW
RegSetValueExW
RegDeleteValueW

api-ms-win-core-synch-l1-1-0

ReleaseMutex
CreateSemaphoreExW
EnterCriticalSection
ReleaseSRWLockExclusive
ReleaseSemaphore
InitializeCriticalSectionEx
LeaveCriticalSection
OpenSemaphoreW
WaitForSingleObject
CreateMutexExW
AcquireSRWLockShared
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitializeCriticalSection
ReleaseSRWLockShared
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-localization-l1-2-0

SetUserGeoID
FormatMessageW
LocaleNameToLCID
GetUserDefaultLocaleName
GetLocaleInfoEx

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

sspicli

GetUserNameExW

api-ms-win-core-localization-l1-2-2

GetSystemDefaultLocaleName

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-localization-private-l1-1-0

NlsUpdateLocale

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlpSetPreferredUILanguages
RtlNtStatusToDosError
RtlGetUILanguageInfo

api-ms-win-core-file-l1-1-0

CreateDirectoryW
CreateFileW
FindNextFileW
FindFirstFileW
GetFullPathNameW
FindClose
GetFileAttributesW
GetFileAttributesExW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-security-base-l1-1-0

PrivilegeCheck
AdjustTokenPrivileges

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MultiDigiMon.exe
.exe windows:10 windows x64 arch:x64

d912785ee3106afa32d10c36e887032f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MultiDigiMon.pdb

Imports

gdi32

GetDeviceCaps
CreateFontIndirectW
SelectObject
SetBkColor
SetTextColor
DeleteObject

user32

SendMessageTimeoutW
EnumDisplayDevicesW
EnumDisplayMonitors
LoadStringW
FindWindowW
IsIconic
ShowWindow
SetForegroundWindow
LoadIconW
LoadCursorW
RegisterClassExW
CreateWindowExW
GetWindowLongPtrW
PostMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetMonitorInfoW
GetPointerDevices
ord2532
GetRawInputDeviceInfoW
GetPointerDevice
EndPaint
DrawTextExW
GetSysColor
SendMessageW
UnregisterClassW
BeginPaint
SkipPointerFrameMessages
GetPointerFrameInfoHistory
GetPointerInfo
DefWindowProcW
PostQuitMessage
DestroyWindow
MoveWindow
InvalidateRect
ShowCursor

msvcrt

_vsnwprintf
?terminate@@YAXXZ
__CxxFrameHandler4
_fmode
__CxxFrameHandler3
memcpy
_commode
free
_wcmdln
malloc
_callnewh
_XcptFilter
_amsg_exit
__wgetmainargs
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
memset

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeEx
CoCreateInstance

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
GetStartupInfoW
TerminateProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv

ntdll

EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids

imm32

ImmDisableIME

ninput

DestroyInteractionContext
CreateInteractionContext
SetInteractionConfigurationInteractionContext
SetPropertyInteractionContext
RegisterOutputCallbackInteractionContext
ProcessPointerFramesInteractionContext

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NDKPerfCmd.exe
.exe windows:10 windows x64 arch:x64

7da48a208498a9fa7b90d053471c59d9

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:ca:e9:51:cf:79:1d:48:3d:b8:b6:c2:0e:56:15:29:45:7f:6a:d3:00:84:9f:63:13:fa:f5:c6:09:8f:fa:9a
Signer

Actual PE Digest

9c:ca:e9:51:cf:79:1d:48:3d:b8:b6:c2:0e:56:15:29:45:7f:6a:d3:00:84:9f:63:13:fa:f5:c6:09:8f:fa:9a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

NDKPerfCmd.pdb

Imports

advapi32

OpenServiceW
CloseServiceHandle
StartServiceW
ControlService
OpenSCManagerW

kernel32

FormatMessageW
GetLastError
Sleep
CreateFileW
DeviceIoControl
CloseHandle

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vfwprintf
_o___stdio_common_vfwprintf_s
_o___stdio_common_vswprintf_s
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__fileno
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o___p___wargv
_o__set_new_mode
_o__setmode
_o__wcsicmp
_o__wfopen_s
_o__wfullpath
_o__wremove
_o__wtoi
_o_exit
_o_fclose
_o_fgetws
_o_getenv
_o_terminate
_o_wcsncpy_s
__C_specific_handler
__current_exception
__current_exception_context
_o__set_app_type
_o___acrt_iob_func
_o___p___argc
_o___p__commode
_o__set_fmode

api-ms-win-crt-string-l1-1-0

memset

ws2_32

WSAStartup
WSAStringToAddressW
WSAGetLastError
InetNtopW
WSACleanup

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NDKPing.exe
.exe windows:10 windows x64 arch:x64

17f5437822db9af8e58ae3971b905f6c

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f5:ea:c6:d9:80:4a:12:b8:17:7c:2d:5a:d9:b5:9d:76:9b:7e:27:bd:04:66:2a:30:b6:e5:de:dc:d6:16:06:28
Signer

Actual PE Digest

f5:ea:c6:d9:80:4a:12:b8:17:7c:2d:5a:d9:b5:9d:76:9b:7e:27:bd:04:66:2a:30:b6:e5:de:dc:d6:16:06:28

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

NDKPing.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vfwprintf
_o___stdio_common_vfwprintf_s
_o___stdio_common_vswprintf_s
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__fileno
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__setmode
_o__wcsicmp
_o__wfopen_s
_o__wfullpath
_o__wremove
_o__wtoi
_o_exit
_o_fclose
_o_fgetws
_o_getenv
_o_terminate
_o_wcsncpy_s
__C_specific_handler
__current_exception
__current_exception_context
_o___p__commode
_o___p___wargv
_o___p___argc
_o___acrt_iob_func

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-localization-l1-2-0

FormatMessageW

ws2_32

WSAStartup
WSACleanup
WSAStringToAddressW
WSAGetLastError
InetNtopW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-service-management-l1-1-0

OpenServiceW
OpenSCManagerW
CloseServiceHandle
StartServiceW

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NETSTAT.EXE
.exe windows:10 windows x64 arch:x64

7bc97222ae8acc1cb446bef791613694

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

netstat.pdb

Imports

msvcrt

free
fgetpos
_commode
wcschr
_fileno
fwprintf
_write
_setmode
qsort
_amsg_exit
__getmainargs
_XcptFilter
_exit
_wsystem
wcscpy_s
memset
memcpy
sscanf_s
_cexit
__setusermatherr
_initterm
fflush
_wcsicmp
toupper
exit
_get_osfhandle
__C_specific_handler
__set_app_type
_vsnwprintf
_strupr
malloc
?terminate@@YAXXZ
__iob_func
fprintf
time
_fmode
strcmp

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCreateHashTableEx
RtlEnumerateEntryHashTable
RtlEndEnumerationHashTable
RtlRemoveEntryHashTable
RtlDeleteHashTable
RtlLookupEntryHashTable
RtlGetNextEntryHashTable
RtlInsertEntryHashTable
RtlInitEnumerationHashTable

nsi

NsiFreeTable
NsiAllocateAndGetTable

iphlpapi

GetIcmpStatisticsEx
GetTcpStatisticsEx
GetUdpStatisticsEx
GetIpStatisticsEx
InternalGetBoundTcp6EndpointTable
InternalGetTcpTable2
InternalGetUdp6Table2
InternalGetTcpTableWithOwnerModule
InternalGetTcp6Table2
InternalGetUdpTable2
InternalGetTcp6TableWithOwnerModule
InternalGetBoundTcpEndpointTable

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
WideCharToMultiByte

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSetInformation
HeapFree
HeapAlloc

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
OpenProcessToken
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

ws2_32

ntohl
GetNameInfoW
htons
ntohs
GetHostNameW
WSAStartup

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryA
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-console-l1-1-0

GetConsoleMode

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-debug-l1-1-0

OutputDebugStringW

api-ms-win-core-psapi-l1-1-0

K32GetModuleBaseNameW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA
FreeLibrary
GetProcAddress
GetModuleHandleW
LoadLibraryExW

api-ms-win-core-file-l1-1-0

GetFileType

api-ms-win-security-base-l1-1-0

FreeSid
AdjustTokenPrivileges
CheckTokenMembership
AllocateAndInitializeSid

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

snmpapi

SnmpUtilMemAlloc
SnmpUtilMemFree
SnmpUtilOidCpy
SnmpUtilVarBindFree

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Narrator.exe
.exe windows:10 windows x64 arch:x64

c26f75d5b9663548ec24cd6d8a5b1cd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Narrator.pdb

Imports

advapi32

EventUnregister
EventRegister
EventSetInformation
RegCloseKey
RegCreateKeyExW
RegSetValueExW
EventWrite
RegOpenKeyExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegQueryValueExW
RegGetValueW

kernel32

CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
DeactivateActCtx
ReleaseActCtx
GetCurrentActCtx
GetModuleFileNameW
CreateActCtxW
GetModuleFileNameA
OpenMutexW
LoadLibraryExW
DeleteCriticalSection
RaiseException
InitializeCriticalSection
LoadLibraryW
RegisterApplicationRestart
SizeofResource
LockResource
VirtualQuery
LoadResource
FindResourceExW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
QueryPerformanceCounter
MulDiv
GetSystemInfo
VirtualProtect
ActivateActCtx

gdi32

DeleteDC
StretchBlt
SetStretchBltMode
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
ExtTextOutW
GetTextExtentPoint32W
SetTextColor
SetBkColor
CreateFontW
CreateSolidBrush
SelectObject
FillRgn
CreateRectRgn
DeleteObject
GetCurrentObject
CreateDIBSection
GdiAlphaBlend
GetDeviceCaps
SetBkMode
ExcludeClipRect
CreateFontIndirectW
GetObjectW

user32

UnregisterHotKey
DispatchMessageW
TranslateMessage
PostQuitMessage
BlockInput
MsgWaitForMultipleObjects
RegisterHotKey
SendInput
DestroyWindow
SetClipboardData
OpenClipboard
CloseClipboard
GetDCEx
GetSystemMetrics
DrawTextExW
InflateRect
EndPaint
GetWindowRgn
BeginPaint
MonitorFromWindow
SetWinEventHook
RegisterPointerDeviceNotifications
InitializeTouchInjection
PostMessageW
IsWindow
FindWindowExW
UnhookWinEvent
GetForegroundWindow
GetAsyncKeyState
MapVirtualKeyExW
LoadImageW
SendMessageW
SystemParametersInfoW
GetWindowRect
SetWindowPos
GetClassNameW
GetParent
GetPropW
WindowFromPoint
WindowFromDC
EnumWindows
SetPropW
FindWindowW
SetWindowLongW
DrawTextW
DrawIconEx
SetMenuInfo
SetMenuItemInfoW
RemovePropW
GetCurrentInputMessageSource
SetMessageExtraInfo
MonitorFromPoint
GetMessageExtraInfo
GetMenuItemInfoW
GetDpiForSystem
GetWindowDpiAwarenessContext
AreDpiAwarenessContextsEqual
SetDesktopColorTransform
SendNotifyMessageW
GetWindowThreadProcessId
GetShellWindow
GetKeyState
MessageBoxW
CreateDialogParamW
AdjustWindowRectExForDpi
PostThreadMessageW
SendMessageTimeoutW
ReleaseDC
GetDC
GetComboBoxInfo
EnableWindow
LoadIconW
CallWindowProcW
GetAncestor
GetGUIThreadInfo
GetWindowTextW
EqualRect
IntersectRect
IsWindowVisible
CopyRect
SetTimer
KillTimer
GetMonitorInfoW
SetWindowTextW
SendDlgItemMessageW
SetFocus
ShowWindow
DestroyMenu
TrackPopupMenuEx
GetWindowLongW
GetDpiForWindow
GetSystemMetricsForDpi
GetSubMenu
LoadMenuW
LoadStringW
RegisterWindowMessageW
EndDialog
GetDlgCtrlID
GetFocus
GetDlgItem
SetDlgItemTextW
DialogBoxParamW
DefWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
GetKeyboardLayout
CreateWindowExW
RegisterClassExW
GetUserObjectInformationW
GetThreadDesktop
UnregisterClassA
SetForegroundWindow
GetMessageW
GetMenuInfo

msvcp_win

_Mtx_init_in_situ
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_join
_Thrd_id
_Mtx_destroy_in_situ
_Cnd_do_broadcast_at_thread_exit
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

wcsspn
wcscspn
wcsncmp
memmove_s
wcscmp
memset

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_errno
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcslwr_s
_o__wtoi
_o_abort
_o_exit
_o_floorf
_o_free
_o_iswprint
_o_iswspace
_o_malloc
_o_memcpy_s
_o_terminate
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcstok_s
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__ltow_s
_o__itow_s
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o__get_wide_winmain_command_line
_o__get_errno
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o__beginthreadex
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
wcsrchr
wcsstr
wcschr
_o___p__commode
__C_specific_handler
__std_terminate
__CxxFrameHandler4
__C_specific_handler_noexcept
memcmp
memcpy
memmove

uiautomationcore

UiaRaiseNotificationEvent

ntdll

WinSqmIsOptedIn
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlPublishWnfStateData
WinSqmAddToStream

oleacc

AccSetRunningUtilityState
AccNotifyTouchInteraction

oleaut32

SysAllocString
SysFreeString
SysAllocStringLen
SysStringLen
VariantInit
VariantClear
VarBstrCat
SysStringByteLen
SysAllocStringByteLen
GetErrorInfo
SetErrorInfo

shlwapi

ord12
ord219
ord199
PathRemoveFileSpecW
PathFileExistsW

shell32

Shell_NotifyIconW
SHGetStockIconInfo
ShellExecuteW

dui70

InitProcessPriv
InitThread
UnInitThread
UnInitProcessPriv
StartMessagePump
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?Release@Element@DirectUI@@QEAAKXZ
?Release@Value@DirectUI@@QEAAXXZ
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@P6APEBUPropertyInfo@2@XZHPEAUUpdateCache@2@@Z
?GetInt@Value@DirectUI@@QEAAHXZ
?GetContentString@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?Create@TableLayout@DirectUI@@SAJHPEAHPEAPEAVValue@2@@Z
?SetAccItemStatus@Element@DirectUI@@QEAAJPEBG@Z
?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z
?_OnUIStateChanged@HWNDElement@DirectUI@@MEAAXGG@Z
?GetWindowClassNameAndStyle@HWNDElement@DirectUI@@UEAAXPEAPEBGPEAI@Z
?WndProc@HWNDElement@DirectUI@@UEAA_JPEAUHWND__@@I_K_J@Z
?IsMSAAEnabled@HWNDElement@DirectUI@@UEAA_NXZ
?CanSetFocus@HWNDElement@DirectUI@@UEAA_NXZ
?OnCompositionChanged@HWNDElement@DirectUI@@UEAAXXZ
?OnWmSettingChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnWmThemeChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnGetDlgCode@HWNDElement@DirectUI@@UEAAXPEAUtagMSG@@PEA_J@Z
?OnNoChildWithShortcutFound@HWNDElement@DirectUI@@UEAAXPEAUKeyboardEvent@2@@Z
?OnImmersiveColorSchemeChanged@HWNDElement@DirectUI@@UEAAXXZ
?OnThemeChanged@HWNDElement@DirectUI@@UEAAXPEAUThemeChangedEvent@2@@Z
?GetHWND@HWNDElement@DirectUI@@UEAAPEAUHWND__@@XZ
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?GetAccessibleImpl@HWNDElement@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?GetClassInfoW@HWNDElement@DirectUI@@UEAAPEAUIClassInfo@2@XZ
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?RemoveTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?ActivateTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@K@Z
?UpdateTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnDestroy@HWNDElement@DirectUI@@UEAAXXZ
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnInput@HWNDElement@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnGroupChanged@HWNDElement@DirectUI@@UEAAXH_N@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@HWNDElement@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
??1HWNDElement@DirectUI@@UEAA@XZ
??0HWNDElement@DirectUI@@QEAA@XZ
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
StrToID
?GetHWND@NativeHWNDHost@DirectUI@@QEAAPEAUHWND__@@XZ
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?SelectionChange@Combobox@DirectUI@@SA?AVUID@@XZ
?GetSelection@Combobox@DirectUI@@QEAAHXZ
?Click@Button@DirectUI@@SA?AVUID@@XZ
?GetID@Element@DirectUI@@QEAAGXZ
?GetClass@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?GetKeyFocusedElement@HWNDElement@DirectUI@@SAPEAVElement@2@XZ
?ShowWindow@NativeHWNDHost@DirectUI@@QEAAXH@Z
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
?HideWindow@NativeHWNDHost@DirectUI@@QEAAXXZ
?StartDefer@Element@DirectUI@@QEAAXPEAK@Z
?EndDefer@Element@DirectUI@@QEAAXK@Z
?DestroyAll@Element@DirectUI@@QEAAJ_N@Z
?Add@Element@DirectUI@@QEAAJPEAV12@@Z
?LayoutProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?CreateInt@Value@DirectUI@@SAPEAV12@HW4DynamicScaleValue@@@Z
?SetID@Element@DirectUI@@QEAAJPEBG@Z
?SetAccName@Element@DirectUI@@QEAAJPEBG@Z
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?Create@Element@DirectUI@@SAJIPEAV12@PEAKPEAPEAV12@@Z
?SetClass@Element@DirectUI@@QEAAJPEBG@Z
?SetContentAlign@Element@DirectUI@@QEAAJH@Z
?GetChildren@Element@DirectUI@@QEAAPEAV?$DynamicArray@PEAVElement@DirectUI@@$0A@@2@PEAPEAVValue@2@@Z
?GetVisible@Element@DirectUI@@QEAA_NXZ
?SetSelection@Combobox@DirectUI@@QEAAJH@Z
?GetInvokeHelper@InvokeManager@DirectUI@@SAJPEAPEAVInvokeHelper@2@@Z
?DestroyMsg@NativeHWNDHost@DirectUI@@SAIXZ
?AddRef@Element@DirectUI@@QEAAKXZ
??1DUIFactory@DirectUI@@QEAA@XZ
?Create@NativeHWNDHost@DirectUI@@SAJPEBG0PEAUHWND__@@PEAUHICON__@@HHHHHHPEAUHINSTANCE__@@IPEAPEAV12@@Z
?Register@HWNDElement@DirectUI@@SAJXZ
?Initialize@HWNDElement@DirectUI@@QEAAJPEAUHWND__@@_NIPEAVElement@2@PEAK@Z
?SetAccessible@Element@DirectUI@@QEAAJ_N@Z
?Host@NativeHWNDHost@DirectUI@@QEAAXPEAVElement@2@@Z
?DoubleBuffered@Element@DirectUI@@QEAAX_N@Z
?Create@FillLayout@DirectUI@@SAJPEAPEAVLayout@2@@Z
?SetLayout@Element@DirectUI@@QEAAJPEAVLayout@2@@Z
?Destroy@Layout@DirectUI@@QEAAXXZ
??0DUIFactory@DirectUI@@QEAA@PEAUHWND__@@@Z
?LoadFromResource@DUIFactory@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG1PEAVElement@2@PEAKPEAPEAV42@1@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?OnEvent@HWNDElement@DirectUI@@UEAAXPEAUEvent@2@@Z
?DestroyWindow@NativeHWNDHost@DirectUI@@QEAAXXZ
??0RefcountBase@DirectUI@@QEAA@XZ
??1RefcountBase@DirectUI@@UEAA@XZ
??1ElementProvider@DirectUI@@UEAA@XZ
?InvokePattern@Schema@DirectUI@@2HA
?SelectionItemPattern@Schema@DirectUI@@2HA
??0Element@DirectUI@@QEAA@XZ
??1Element@DirectUI@@UEAA@XZ
?Initialize@Element@DirectUI@@QEAAJIPEAV12@PEAK@Z
?SetActive@Element@DirectUI@@QEAAJH@Z
?SetAbsorbsShortcut@Element@DirectUI@@QEAAJ_N@Z
?OnInput@Element@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?GetProperty@ElementProxy@DirectUI@@IEAAJPEAUtagVARIANT@@H@Z
?DoMethod@ElementProxy@DirectUI@@UEAAJHPEAD@Z
?Init@ElementProxy@DirectUI@@MEAAXPEAVElement@2@@Z
?PatternFromPatternId@Schema@DirectUI@@SA?AW4Pattern@12@H@Z
?DoInvoke@ElementProvider@DirectUI@@IEAAJHZZ
?Init@ElementProvider@DirectUI@@MEAAJPEAVElement@2@PEAVInvokeHelper@2@@Z
?Release@ElementProvider@DirectUI@@UEAAKXZ
?Release@RefcountBase@DirectUI@@QEAAJXZ
?AddRef@RefcountBase@DirectUI@@QEAAJXZ
?GetElement@ElementProvider@DirectUI@@UEAAPEDVElement@2@XZ
?DoInvokeArgs@ElementProvider@DirectUI@@QEAAJHP6APEAVProviderProxy@2@PEAVElement@2@@ZPEAD@Z
?TossPatternProvider@ElementProvider@DirectUI@@QEAAXW4Pattern@Schema@2@@Z
?AddRef@ElementProvider@DirectUI@@UEAAKXZ
?Register@Element@DirectUI@@SAJXZ
??0CritSecLock@DirectUI@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
?GetFactoryLock@Element@DirectUI@@SAPEAU_RTL_CRITICAL_SECTION@@XZ
??1CritSecLock@DirectUI@@QEAA@XZ
?ClassExist@ClassInfoBase@DirectUI@@SA_NPEAPEAUIClassInfo@2@PEBQEBUPropertyInfo@2@IPEAU32@PEAUHINSTANCE__@@PEBG_N@Z
?Register@ClassInfoBase@DirectUI@@QEAAJXZ
?IsPatternSupported@ElementProxy@DirectUI@@IEAAJW4Pattern@Schema@2@PEA_N@Z
?CreatePatternProvider@Schema@DirectUI@@SAJW4Pattern@12@PEAVElementProvider@2@PEAPEAUIUnknown@@@Z
?Initialize@ClassInfoBase@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG_NPEBQEBUPropertyInfo@2@I@Z
?GetClassInfoPtr@Element@DirectUI@@SAPEAUIClassInfo@2@XZ
??0ClassInfoBase@DirectUI@@QEAA@XZ
??1ClassInfoBase@DirectUI@@UEAA@XZ
?OnPropertyChanged@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnGroupChanged@Element@DirectUI@@UEAAXH_N@Z
?OnDestroy@Element@DirectUI@@UEAAXXZ
?OnEvent@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?UpdateTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?ActivateTooltip@Element@DirectUI@@MEAAXPEAV12@K@Z
?RemoveTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?GetAccessibleImpl@Element@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?TossElement@ElementProvider@DirectUI@@UEAAXXZ
?QueryInterface@ElementProvider@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?get_ProviderOptions@ElementProvider@DirectUI@@UEAAJPEAW4ProviderOptions@@@Z
?GetPropertyValue@ElementProvider@DirectUI@@UEAAJHPEAUtagVARIANT@@@Z
?get_HostRawElementProvider@ElementProvider@DirectUI@@UEAAJPEAPEAUIRawElementProviderSimple@@@Z
?ShowContextMenu@ElementProvider@DirectUI@@UEAAJXZ
?Navigate@ElementProvider@DirectUI@@UEAAJW4NavigateDirection@@PEAPEAUIRawElementProviderFragment@@@Z
?GetRuntimeId@ElementProvider@DirectUI@@UEAAJPEAPEAUtagSAFEARRAY@@@Z
?get_BoundingRectangle@ElementProvider@DirectUI@@UEAAJPEAUUiaRect@@@Z
?GetEmbeddedFragmentRoots@ElementProvider@DirectUI@@UEAAJPEAPEAUtagSAFEARRAY@@@Z
?SetFocus@ElementProvider@DirectUI@@UEAAJXZ
?get_FragmentRoot@ElementProvider@DirectUI@@UEAAJPEAPEAUIRawElementProviderFragmentRoot@@@Z
?AdviseEventAdded@ElementProvider@DirectUI@@UEAAJHPEAUtagSAFEARRAY@@@Z
?AdviseEventRemoved@ElementProvider@DirectUI@@UEAAJHPEAUtagSAFEARRAY@@@Z
?AddRef@ClassInfoBase@DirectUI@@UEAAXXZ
?Release@ClassInfoBase@DirectUI@@UEAAHXZ
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?GetByClassIndex@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?GetPICount@ClassInfoBase@DirectUI@@UEBAIXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UEBAIXZ
?GetName@ClassInfoBase@DirectUI@@UEBAPEBGXZ
?IsValidProperty@ClassInfoBase@DirectUI@@UEBA_NPEBUPropertyInfo@2@@Z
?IsSubclassOf@ClassInfoBase@DirectUI@@UEBA_NPEAUIClassInfo@2@@Z
?GetModule@ClassInfoBase@DirectUI@@UEBAPEAUHINSTANCE__@@XZ
?IsGlobal@ClassInfoBase@DirectUI@@UEBA_NXZ
?AddChild@ClassInfoBase@DirectUI@@UEAAXXZ
?RemoveChild@ClassInfoBase@DirectUI@@UEAAXXZ
?GetChildren@ClassInfoBase@DirectUI@@UEBAHXZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UEBAXXZ
??0IProvider@DirectUI@@QEAA@XZ
??0ElementProvider@DirectUI@@QEAA@XZ
??0ElementProxy@DirectUI@@IEAA@XZ
?OnMessage@NativeHWNDHost@DirectUI@@UEAAJI_K_JPEA_J@Z
?CreateHostWindow@NativeHWNDHost@DirectUI@@UEAAPEAUHWND__@@KPEBG0KHHHHPEAU3@PEAUHMENU__@@PEAUHINSTANCE__@@PEAX@Z
??1NativeHWNDHost@DirectUI@@UEAA@XZ
??0NativeHWNDHost@DirectUI@@QEAA@XZ
?Initialize@NativeHWNDHost@DirectUI@@QEAAJPEBG0PEAUHWND__@@PEAUHICON__@@HHHHHHPEAUHINSTANCE__@@I@Z
?GetSelected@Element@DirectUI@@QEAA_NXZ
?SetSelected@Element@DirectUI@@QEAAJ_N@Z
?SyncDestroyWindow@NativeHWNDHost@DirectUI@@QEAAXXZ
?CreateStyleParser@HWNDElement@DirectUI@@UEAAJPEAPEAVDUIXmlParser@2@@Z
?WndProc@NativeHWNDHost@DirectUI@@SA_JPEAUHWND__@@I_K_J@Z
StopMessagePump
??0Combobox@DirectUI@@QEAA@XZ
??1Combobox@DirectUI@@UEAA@XZ
?GetContentSize@Combobox@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?MessageCallback@HWNDHost@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?OnHosted@Combobox@DirectUI@@UEAAXPEAVElement@2@@Z
?OnAdjustWindowSize@Combobox@DirectUI@@UEAAHHHI@Z
?CreateHWND@Combobox@DirectUI@@UEAAPEAUHWND__@@PEAU3@@Z
?GetClassInfoPtr@Combobox@DirectUI@@SAPEAUIClassInfo@2@XZ
?Initialize@Combobox@DirectUI@@QEAAJIPEAVElement@2@PEAK@Z
?Register@Combobox@DirectUI@@SAJXZ
?SyncRect@HWNDHost@DirectUI@@IEAAXI_N@Z
?OnPropertyChanged@HWNDHost@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?FireEvent@Element@DirectUI@@QEAAXPEAUEvent@2@_N1@Z
?GetBool@Value@DirectUI@@QEAA_NXZ
?EnabledProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?OnNotify@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?SelectionProp@Combobox@DirectUI@@SAPEBUPropertyInfo@2@XZ
?OnInput@Combobox@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?GetRoot@Element@DirectUI@@QEAAPEAV12@XZ
?CreateHWND@Edit@DirectUI@@MEAAPEAUHWND__@@PEAU3@_N@Z
?EraseBkgnd@HWNDHost@DirectUI@@MEAA_NPEAUHDC__@@PEA_J@Z
?CreateHWND@Edit@DirectUI@@MEAAPEAUHWND__@@PEAU3@@Z
?SetWindowDirection@HWNDHost@DirectUI@@UEAAXPEAUHWND__@@@Z
?OnAdjustWindowSize@HWNDHost@DirectUI@@UEAAHHHI@Z
?OnWindowStyleChanged@HWNDHost@DirectUI@@UEAAX_KPEBUtagSTYLESTRUCT@@@Z
?OnCtrlThemeChanged@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnSinkThemeChanged@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnSysChar@HWNDHost@DirectUI@@UEAA_NG@Z
?OnMessage@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?GetHWND@HWNDHost@DirectUI@@UEAAPEAUHWND__@@XZ
?GetAccessibleImpl@HWNDHost@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?GetKeyFocused@HWNDHost@DirectUI@@UEAA_NXZ
?OnUnHosted@HWNDHost@DirectUI@@MEAAXPEAVElement@2@@Z
?OnHosted@HWNDHost@DirectUI@@MEAAXPEAVElement@2@@Z
?MessageCallback@Edit@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?SetKeyFocus@HWNDHost@DirectUI@@UEAAXXZ
?GetContentSize@Edit@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@HWNDHost@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnEvent@HWNDHost@DirectUI@@UEAAXPEAUEvent@2@@Z
?OnDestroy@HWNDHost@DirectUI@@UEAAXXZ
?OnInput@Edit@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnPropertyChanged@Edit@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetContentStringAsDisplayed@Edit@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?IsContentProtected@Edit@DirectUI@@UEAA_NXZ
?GetClassInfoPtr@Edit@DirectUI@@SAPEAUIClassInfo@2@XZ
?Initialize@Edit@DirectUI@@QEAAJIPEAVElement@2@PEAK@Z
?Register@Edit@DirectUI@@SAJXZ
?OnNotify@Edit@DirectUI@@UEAA_NI_K_JPEA_J@Z
??1Edit@DirectUI@@UEAA@XZ
??0Edit@DirectUI@@QEAA@XZ
??0AutoLock@DirectUI@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
??1AutoLock@DirectUI@@QEAA@XZ

api-ms-win-core-com-l1-1-0

CoGetInterfaceAndReleaseStream
CoTaskMemAlloc
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
CoInitializeEx
CoUninitialize
CoGetMalloc
CoTaskMemRealloc
CoWaitForMultipleHandles
CoCreateInstance
CoCreateFreeThreadedMarshaler

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapSize
HeapDestroy

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
ReleaseSRWLockShared
AcquireSRWLockShared
EnterCriticalSection
AcquireSRWLockExclusive
SetEvent
CreateEventExW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
ReleaseSRWLockExclusive
ResetEvent
CreateEventW

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
GetStartupInfoW
OpenProcessToken
ProcessIdToSessionId
TerminateProcess
GetCurrentProcess
CreateThread
DeleteProcThreadAttributeList
InitializeProcThreadAttributeList
GetProcessId
GetCurrentThread
UpdateProcThreadAttribute
CreateProcessW

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache
OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegDeleteTreeW
RegNotifyChangeKeyValue
RegLoadMUIStringW
RegEnumValueW

api-ms-win-core-job-l2-1-0

OpenJobObjectW

api-ms-win-core-job-l1-1-0

IsProcessInJob

sspicli

GetUserNameExW

api-ms-win-oobe-notification-l1-1-0

OOBEComplete

api-ms-win-core-registry-l2-1-0

RegQueryValueW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-shcore-scaling-l1-1-2

GetDpiForShellUIComponent

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-file-l1-1-0

GetFileAttributesW
DeleteFileW

api-ms-win-core-psapi-l1-1-0

K32EnumProcesses
K32EnumProcessModules
K32GetModuleBaseNameW

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA
FreeLibrary

dwmapi

DwmSetWindowAttribute

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor
ord244

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

Sections

.text
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NetCfgNotifyObjectHost.exe
.exe windows:10 windows x64 arch:x64

7f990e89ef0fbc9f060b374e41557971

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

NetCfgNotifyObjectHost.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_register_thread_local_exe_atexit_callback
_initterm_e
_c_exit

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcscpy_s
__C_specific_handler
__current_exception
__current_exception_context
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
wcsrchr
__std_terminate
__CxxFrameHandler4
memcpy
_CxxThrowException

api-ms-win-crt-string-l1-1-0

memset

ntdll

NtSetInformationProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlReportException
RtlCaptureStackBackTrace
EtwTraceMessage

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
CreateSemaphoreExW
WaitForSingleObject
ReleaseMutex
CreateEventW
ResetEvent
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
SetEvent
ReleaseSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSetInformation
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeEx
CoCreateInstance
CoFreeUnusedLibraries

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

rpcrt4

RpcServerInterfaceGroupDeactivate
NdrServerCallAll
NdrServerCall2
RpcServerInterfaceGroupClose
RpcServerInterfaceGroupCreateW
RpcServerInterfaceGroupActivate

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NetEvtFwdr.exe
.exe windows:10 windows x64 arch:x64

b194e8cee136f2419eb0d33c5ac52e3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

NetEvtFwdr.pdb

Imports

msvcrt

_fmode
_commode
__setusermatherr
_cexit
_exit
exit
??1type_info@@UEAA@XZ
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
__CxxFrameHandler3
?terminate@@YAXXZ
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
memmove
memcpy
__C_specific_handler
free
malloc
__CxxFrameHandler4
swscanf_s
_initterm
memset

ntdll

RtlCaptureContext
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
TraceMessage
GetTraceEnableFlags
RegisterTraceGuidsW
GetTraceLoggerHandle
UnregisterTraceGuids

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance
CoInitializeEx

rpcrt4

NdrServerCallAll
Ndr64AsyncServerCallAll
RpcServerRegisterAuthInfoW
NdrAsyncServerCall
NdrServerCall2
RpcServerRegisterIfEx
RpcServerInqBindings
RpcEpRegisterW
RpcServerListen
RpcServerInqDefaultPrincNameW
RpcEpUnregister
RpcServerUnregisterIf
RpcStringFreeW
RpcBindingInqAuthClientW
RpcServerSubscribeForNotification
RpcRevertToSelfEx
RpcAsyncCompleteCall
RpcServerUnsubscribeForNotification
RpcImpersonateClient
I_RpcServerInqRemoteConnAddress
RpcMgmtStopServerListening
RpcBindingVectorFree
RpcServerUseProtseqW

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection

oleaut32

SysAllocString
SysFreeString

api-ms-win-eventing-consumer-l1-1-0

OpenTraceW
ProcessTrace
CloseTrace

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
StartTraceW
ControlTraceW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-security-base-l1-1-0

CheckTokenMembership
FreeSid
AllocateAndInitializeSid

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
OpenThreadToken
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

umpdc

PdcActivationClientActivityRequest
PdcActivationClientRegister
PdcActivationClientUnregister

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NetHost.exe
.exe windows:10 windows x64 arch:x64

68873b7b30277427484800907f68e033

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

nethost.pdb

Imports

msvcrt

_commode
_amsg_exit
__C_specific_handler
_initterm
__setusermatherr
_fmode
_cexit
_exit
?terminate@@YAXXZ
exit
__set_app_type
__wgetmainargs
_XcptFilter

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Netplwiz.exe
.exe windows:10 windows x64 arch:x64

33207161f1f01d54e759e316f16998d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

netplwiz.pdb

Imports

kernel32

HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
GetUserDefaultUILanguage
CompareStringOrdinal
GetLocaleInfoW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
CreateSemaphoreExW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapSetInformation
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
OutputDebugStringW
GetModuleFileNameA

gdi32

GetStockObject

user32

GetWindowLongPtrW
SendMessageW
CreateWindowExW
DestroyIcon
DestroyWindow
GetWindow
DefWindowProcW
RegisterClassW
GetClassNameW
LoadCursorW
SetWindowLongPtrW

msvcrt

__C_specific_handler
_initterm
__setusermatherr
_cexit
?terminate@@YAXXZ
_onexit
_wcmdln
_commode
_fmode
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
__dllonexit
_lock
_unlock
_exit
memcpy_s
_vsnwprintf
memset

netplwiz

UsersRunDllW

shlwapi

ord10

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess
GetCurrentProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NgcIso.exe
.exe windows:10 windows x64 arch:x64

0a76bb02a22940e29c0ebc2f4401d606

Code Sign

33:00:00:04:5c:3d:56:72:66:6c:b7:54:17:00:00:00:00:04:5c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 18:20

Not After

04/09/2024, 18:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3a:17:17:93:c9:c5:e6:e0:ed:11:e7:a2:78:33:db:50:7e:65:c7:01:43:12:06:a1:c4:32:e7:60:f1:c2:51:f2
Signer

Actual PE Digest

3a:17:17:93:c9:c5:e6:e0:ed:11:e7:a2:78:33:db:50:7e:65:c7:01:43:12:06:a1:c4:32:e7:60:f1:c2:51:f2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

NgcIso.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm_e
_initterm
_c_exit

api-ms-win-crt-private-l1-1-0

_o__dclass
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsicmp
_o_ceilf
_o_exit
_o_free
_o_ldexp
_o_malloc
_o_memcpy_s
_o_terminate
__current_exception
__current_exception_context
_CxxThrowException
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o__crt_atexit
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
memcpy
memcmp
__CxxFrameHandler3
__C_specific_handler
__std_terminate
__CxxFrameHandler4
__RTDynamicCast

api-ms-win-crt-string-l1-1-0

memset
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleW
GetProcAddress
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
ReleaseSRWLockShared
OpenEventW
OpenSemaphoreW
SetEvent
AcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockExclusive
ResetEvent
CreateEventW
ReleaseMutex
CreateEventExW
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
CreateSemaphoreExW
ReleaseSemaphore
EnterCriticalSection
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapFree
HeapSize
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

RpcRaiseException
RpcServerUnregisterIf
NdrServerCall2
RpcServerRegisterIf
NdrClientCall3
RpcExceptionFilter
RpcServerUseProtseqIfW
RpcMgmtStopServerListening
RpcServerListen
NdrServerCallAll

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister
EventActivityIdControl

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

iumsdk

GetSecureIdentitySigningKey
RtlNtStatusToDosError
GetTaggedDataSize
EncryptData
GetTpmBindingInfo
GetSignedReport
GetTaggedData
DecryptData

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

__ImagePolicyMetadata

Sections

.text
Size: 340KB - Virtual size: 338KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tPolicy
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OOBE-Maintenance.exe
.exe windows:10 windows x64 arch:x64

e177744ee905124d86f35d2b80a0e4cd

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7f:0c:7c:93:c0:c7:22:c0:93:b9:9d:93:d5:6a:22:42:4d:45:73:92:f5:87:fb:63:68:30:07:e8:54:0b:1b:20
Signer

Actual PE Digest

7f:0c:7c:93:c0:c7:22:c0:93:b9:9d:93:d5:6a:22:42:4d:45:73:92:f5:87:fb:63:68:30:07:e8:54:0b:1b:20

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

OOBE-Maintenance.pdb

Imports

advapi32

RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister

kernel32

GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
InitOnceBeginInitialize
InitOnceComplete

msvcrt

_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
exit
memmove
memcpy
__CxxFrameHandler3
_callnewh
malloc
_purecall
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
memcpy_s
??0exception@@QEAA@AEBQEBD@Z
??1type_info@@UEAA@XZ
_vsnwprintf
__CxxFrameHandler4
_CxxThrowException
memset

shcore

SHRegGetValueW

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance
CoInitializeEx

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OneDriveSetup.exe
.exe windows:6 windows x64 arch:x64

e35861eff59498a8462b8c59a7cde298

Code Sign

33:00:00:04:24:2a:2c:31:dc:36:18:25:58:00:00:00:00:04:24
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:25

Not After

01/09/2022, 18:25

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fc:54:2e:65:aa:19:76:36:6b:4b:fb:82:5b:f0:36:0f:e9:f7:30:85:49:3b:67:7a:ce:e5:e7:72:d0:95:d3:4f
Signer

Actual PE Digest

fc:54:2e:65:aa:19:76:36:6b:4b:fb:82:5b:f0:36:0f:e9:f7:30:85:49:3b:67:7a:ce:e5:e7:72:d0:95:d3:4f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\dbs\sh\odct\0207_214413\client\onedrive\Setup\Standalone\exe\obj\amd64\OneDriveSetup.pdb

Imports

bcrypt

BCryptGenRandom
BCryptDestroyKey
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptSetProperty

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlPcToFileHeader
RtlUnwindEx
RtlUnwind
VerSetConditionMask
RtlCaptureContext

wer

WerReportSubmit
WerReportCloseHandle
WerReportSetParameter
WerReportCreate

kernel32

QueueUserWorkItem
SetThreadPriority
GetThreadPriority
SetPriorityClass
GetPriorityClass
GetPrivateProfileStringW
WritePrivateProfileStringW
GetFileType
GetVolumePathNameW
GetUserDefaultUILanguage
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
WriteConsoleW
GetFileSizeEx
GetFileSize
GetFileInformationByHandle
GetFileAttributesExW
GetFileAttributesW
GetDiskFreeSpaceExW
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
ExpandEnvironmentStringsW
GetLongPathNameW
VerifyVersionInfoW
LCMapStringW
WideCharToMultiByte
MultiByteToWideChar
K32GetModuleFileNameExW
GetUserDefaultLocaleName
GetUserDefaultLCID
MoveFileW
GetModuleHandleW
GetProductInfo
GetVersionExW
GetSystemTimeAsFileTime
OpenProcess
CreateProcessW
TerminateProcess
GetCurrentProcess
CreateMutexW
WaitForSingleObject
GetModuleFileNameW
WerUnregisterFile
WerRegisterFile
LoadLibraryW
GetProcAddress
DeviceIoControl
FindNextFileW
FindFirstFileW
FindClose
Process32NextW
CompareStringW
UnlockFileEx
LockFileEx
SystemTimeToFileTime
MoveFileExW
CopyFileW
FreeLibrary
Sleep
CloseHandle
GetTempPathW
SetFileTime
RemoveDirectoryW
GetTempFileNameW
GetFullPathNameW
CreateDirectoryW
GetSystemTime
GetCurrentThreadId
GetCurrentProcessId
SetLastError
WriteFile
DeleteFileW
GetUserGeoID
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
SetStdHandle
CompareStringOrdinal
GetConsoleOutputCP
EnumSystemLocalesW
IsValidLocale
RemoveDirectoryA
GetShortPathNameW
CreateDirectoryA
CreateSymbolicLinkW
OpenFileById
GetFileInformationByHandleEx
RegisterApplicationRestart
GetComputerNameW
ReadDirectoryChangesW
SetDllDirectoryW
LoadLibraryExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetCurrentThread
GetStdHandle
ExitProcess
VirtualAlloc
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
Process32FirstW
GetCommandLineW
GetDriveTypeW
GetSystemDefaultLCID
FreeLibraryAndExitThread
ExitThread
IsWow64Process
GetSystemTimes
GetExitCodeProcess
GetProcessTimes
ReleaseMutex
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedPushEntrySList
LoadLibraryExA
VirtualProtect
GetLocaleInfoEx
GetCPInfo
CompareStringEx
LCMapStringEx
EncodePointer
GetTickCount64
CreateEventExW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CreateHardLinkW
SetFilePointerEx
SetFileAttributesW
FindFirstFileExW
CreateFileW
CompareFileTime
DeleteCriticalSection
InitializeCriticalSectionEx
GetCurrentDirectoryW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
LocalFree
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
GetEnvironmentVariableW
GetTempFileNameA
CompareStringA
FileTimeToLocalFileTime
FileTimeToDosDateTime
WaitForMultipleObjectsEx
VirtualFree
FlushInstructionCache
InterlockedPopEntrySList
PostQueuedCompletionStatus
WaitForMultipleObjects
GlobalMemoryStatusEx
GetLocalTime
CreateToolhelp32Snapshot
GetQueuedCompletionStatus
CreateIoCompletionPort
IsDebuggerPresent
SetFilePointer
SetFileInformationByHandle
ReadFile
GetConsoleMode
GlobalLock
GlobalAlloc
AcquireSRWLockShared
GetComputerNameExW
GetSystemDefaultUILanguage
GetFinalPathNameByHandleW
OutputDebugStringA
GetModuleFileNameA
GetModuleHandleExW
GetTimeZoneInformation
GetNativeSystemInfo
GetSystemPowerStatus
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
UnlockFile
HeapCompact
GetSystemInfo
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapValidate
UnmapViewOfFile
SetEndOfFile
GetFullPathNameA
LockFile
GetDiskFreeSpaceW
HeapCreate
AreFileApisANSI
InitializeCriticalSection
TryEnterCriticalSection
InitOnceExecuteOnce
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
VirtualQuery
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetStringTypeW
SwitchToThread
GetExitCodeThread
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
QueryPerformanceFrequency
ReleaseSRWLockShared

user32

PostQuitMessage
AllowSetForegroundWindow
GetShellWindow
GetSystemMetrics
SendMessageW
AttachThreadInput
IsWindow
SetWindowPos
IsWindowVisible
BringWindowToTop
CreateDialogParamW
DialogBoxParamW
GetDlgItem
SetActiveWindow
PostThreadMessageW
SetForegroundWindow
SetWindowTextW
GetClientRect
GetWindowRect
MapWindowPoints
GetWindowLongW
SetWindowLongW
SetWindowLongPtrW
GetParent
GetWindow
LoadIconW
MonitorFromWindow
GetMonitorInfoW
ShowWindow
DestroyWindow
GetForegroundWindow
RegisterClassW
SendMessageTimeoutW
SystemParametersInfoW
LoadCursorW
SetCursor
MsgWaitForMultipleObjectsEx
PeekMessageW
UnregisterClassW
GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
GetWindowThreadProcessId
EnumWindows
GetClassNameW
CreateWindowExW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
IsValidAcl
MapGenericMask
RegGetValueA
EventRegister
EventWriteTransfer
EventUnregister
EventWrite
CredWriteW
CredReadW
CredEnumerateW
CredDeleteW
CredFree
CreateProcessWithTokenW
RegOverridePredefKey
LookupAccountNameW
CryptDestroyKey
CryptSetHashParam
CryptImportKey
AddAce
DeleteAce
GetAce
InitializeAcl
ConvertStringSidToSidW
ImpersonateLoggedOnUser
RevertToSelf
AccessCheck
OpenThreadToken
ConvertSidToStringSidW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
QueryServiceStatusEx
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
RegDeleteTreeW
RegUnLoadKeyW
RegLoadKeyW
RegEnumKeyW
RegDeleteKeyExW
RegCreateKeyTransactedW
GetUserNameW
SetFileSecurityW
GetAclInformation
FreeSid
DuplicateTokenEx
CreateWellKnownSid
AllocateAndInitializeSid
CreateProcessAsUserW
DuplicateToken
RegGetValueW
RegSetKeyValueW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
LookupPrivilegeValueW
IsValidSid
InitializeSid
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidLengthRequired
GetLengthSid
EqualSid
CopySid
AdjustTokenPrivileges
OpenProcessToken
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

shell32

SHLoadNonloadedIconOverlayIdentifiers
ShellExecuteW
SHGetFolderPathW
SHGetFolderPathA
ShellExecuteExW
SHGetKnownFolderPath
CommandLineToArgvW
SHCreateDirectoryExW
SHFileOperationW
SHGetSpecialFolderPathW
SHChangeNotify
SHParseDisplayName
SHCreateItemFromParsingName
SHGetFolderPathAndSubDirW
SHSetKnownFolderPath
ord526

ole32

CoSetProxyBlanket
CLSIDFromString
CreateBindCtx
StringFromGUID2
StringFromCLSID
CoCreateInstance
CoInitializeEx
CoUninitialize
CoTaskMemFree
GetRunningObjectTable
CoGetObject
CoInitialize
CoWaitForMultipleHandles
CoCreateGuid
CoCreateFreeThreadedMarshaler
CreateItemMoniker
CreateStreamOnHGlobal
PropVariantClear
CoTaskMemAlloc

oleaut32

SetErrorInfo
GetErrorInfo
SysAllocString
VarBstrCmp
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
GetRecordInfoFromTypeInfo
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen

iphlpapi

GetAdaptersInfo

rstrtmgr

RmGetList
RmStartSession
RmRegisterResources
RmEndSession

crypt32

CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CryptBinaryToStringW
CryptStringToBinaryW

rpcrt4

RpcStringBindingComposeW
RpcBindingVectorFree
RpcServerInqBindings
RpcServerRegisterIfEx
UuidToStringW
RpcBindingFree
RpcBindingFromStringBindingW
RpcExceptionFilter
RpcStringFreeW
RpcServerUnregisterIf
RpcServerInqCallAttributesW
RpcEpUnregister
RpcEpRegisterW
RpcBindingSetAuthInfoExW
RpcServerUseProtseqW

secur32

GetUserNameExW

shlwapi

SHRegGetBoolUSValueW
SHRegGetValueW
StrStrIW
PathIsPrefixW
PathStripToRootW
PathStripPathW
PathSkipRootW
SHGetValueW
PathFindFileNameW
PathIsRelativeW
SHCreateStreamOnFileEx
SHCreateStreamOnFileW
ord219
SHCreateStreamOnFileA
SHSetValueW
SHDeleteKeyW
SHRegGetPathW
SHDeleteValueW
PathFindExtensionW
PathRemoveFileSpecW
PathIsDirectoryW
PathFileExistsA
PathFindFileNameA
PathGetDriveNumberA
PathIsDirectoryA
PathFileExistsW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wininet

InternetQueryOptionW
HttpQueryInfoA
InternetConnectA
HttpOpenRequestA
InternetOpenW
InternetCrackUrlA
InternetCheckConnectionW
InternetSetStatusCallbackW
HttpAddRequestHeadersA
InternetCloseHandle
HttpSendRequestW
InternetReadFile

ws2_32

accept
bind
closesocket
htonl
htons
listen
setsockopt
socket
WSAStartup
WSAGetLastError
send

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSQuerySessionInformationW
WTSEnumerateSessionsW

userenv

CreateEnvironmentBlock
GetDefaultUserProfileDirectoryW
UnloadUserProfile

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrustEx

gdi32

CreateCompatibleDC
CreateDIBSection
SetDIBColorTable
SelectObject
GetObjectW
DeleteDC
DeleteObject

urlmon

URLOpenStreamW

gdiplus

GdipDeleteGraphics
GdipGetImagePixelFormat
GdipGetImageHeight
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipDrawImageI
GdipGetImageWidth
GdipGetImagePalette

comctl32

ord345

cabinet

ord23
ord14
ord13
ord11
ord10
ord20
ord22

Exports

Exports

?$TSS0@?1??stateLock@DebugEventSource@Events@Applications@Microsoft@@KAAEAVrecursive_mutex@std@@XZ@4HA
??0DebugEventDispatcher@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0DebugEventDispatcher@Events@Applications@Microsoft@@QEAA@XZ
??0DebugEventListener@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0DebugEventListener@Events@Applications@Microsoft@@QEAA@XZ
??0DebugEventSource@Events@Applications@Microsoft@@QEAA@$$QEAV0123@@Z
??0DebugEventSource@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0DebugEventSource@Events@Applications@Microsoft@@QEAA@XZ
??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@2@@5@@Z
??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@E@Z
??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$initializer_list@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@5@@Z
??0EventProperties@Events@Applications@Microsoft@@QEAA@XZ
??0EventProperty@Events@Applications@Microsoft@@QEAA@$$QEAU0123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@AEAV?$vector@NV?$allocator@N@std@@@std@@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@AEAV?$vector@UGUID_t@Events@Applications@Microsoft@@V?$allocator@UGUID_t@Events@Applications@Microsoft@@@std@@@std@@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@AEAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@AEAV?$vector@_JV?$allocator@_J@std@@@std@@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@AEBU0123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@CW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@EW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@FW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@GW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@HW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@IW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@JW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@NW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@PEBDW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@UGUID_t@123@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@Utime_ticks_t@123@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@XZ
??0EventProperty@Events@Applications@Microsoft@@QEAA@_JW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@_KW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@_NW4PiiKind@123@W4DataCategory@123@@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@AEBU0123@@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@HHHAEBV?$initializer_list@E@std@@@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@PEBD@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@QEBE_N@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@U_GUID@@@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@XZ
??0IAuthTokensController@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0IAuthTokensController@Events@Applications@Microsoft@@QEAA@XZ
??0ILogConfiguration@Events@Applications@Microsoft@@QEAA@$$QEAV0123@@Z
??0ILogConfiguration@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0ILogConfiguration@Events@Applications@Microsoft@@QEAA@AEBV?$initializer_list@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VVariant@Events@Applications@Microsoft@@@std@@@std@@@Z
??0ILogConfiguration@Events@Applications@Microsoft@@QEAA@XZ
??0ILogController@Events@Applications@Microsoft@@QEAA@$$QEAV0123@@Z
??0ILogController@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0ILogController@Events@Applications@Microsoft@@QEAA@XZ
??0ILogManager@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0ILogManager@Events@Applications@Microsoft@@QEAA@XZ
??0ILogger@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0ILogger@Events@Applications@Microsoft@@QEAA@XZ
??0IModule@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0IModule@Events@Applications@Microsoft@@QEAA@XZ
??0ISemanticContext@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0ISemanticContext@Events@Applications@Microsoft@@QEAA@XZ
??0LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@$$QEAU0123@@Z
??0LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@AEBU0123@@Z
??0LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@XZ
??0time_ticks_t@Events@Applications@Microsoft@@QEAA@AEBU0123@@Z
??0time_ticks_t@Events@Applications@Microsoft@@QEAA@PEB_J@Z
??0time_ticks_t@Events@Applications@Microsoft@@QEAA@XZ
??0time_ticks_t@Events@Applications@Microsoft@@QEAA@_K@Z
??1DebugEventDispatcher@Events@Applications@Microsoft@@UEAA@XZ
??1DebugEventListener@Events@Applications@Microsoft@@UEAA@XZ
??1DebugEventSource@Events@Applications@Microsoft@@UEAA@XZ
??1EventProperties@Events@Applications@Microsoft@@UEAA@XZ
??1EventProperty@Events@Applications@Microsoft@@UEAA@XZ
??1IAuthTokensController@Events@Applications@Microsoft@@UEAA@XZ
??1ILogConfiguration@Events@Applications@Microsoft@@QEAA@XZ
??1ILogManager@Events@Applications@Microsoft@@UEAA@XZ
??1ILogger@Events@Applications@Microsoft@@UEAA@XZ
??1IModule@Events@Applications@Microsoft@@UEAA@XZ
??1ISemanticContext@Events@Applications@Microsoft@@UEAA@XZ
??1LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@XZ
??4DebugEventDispatcher@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4DebugEventListener@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4DebugEventSource@Events@Applications@Microsoft@@QEAAAEAV0123@$$QEAV0123@@Z
??4DebugEventSource@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4EventProperties@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4EventProperties@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@2@@std@@@Z
??4EventProperties@Events@Applications@Microsoft@@QEAAAEAV0123@V?$initializer_list@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@std@@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$vector@NV?$allocator@N@std@@@std@@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$vector@UGUID_t@Events@Applications@Microsoft@@V?$allocator@UGUID_t@Events@Applications@Microsoft@@@std@@@std@@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$vector@_JV?$allocator@_J@std@@@std@@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@C@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@E@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@F@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@G@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@H@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@I@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@J@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@N@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@PEBD@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@UGUID_t@123@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@Utime_ticks_t@123@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_J@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_K@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_N@Z
??4GUID_t@Events@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z
??4IAuthTokensController@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4ILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV0123@$$QEAV0123@@Z
??4ILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4ILogController@Events@Applications@Microsoft@@QEAAAEAV0123@$$QEAV0123@@Z
??4ILogController@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4ILogManager@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4ILogger@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4IModule@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4ISemanticContext@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4LogConfiguration@Telemetry@Applications@Microsoft@@QEAAAEAU0123@$$QEAU0123@@Z
??4LogConfiguration@Telemetry@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z
??4LogManagerProvider@Events@Applications@Microsoft@@QEAAAEAV0123@$$QEAV0123@@Z
??4LogManagerProvider@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4time_ticks_t@Events@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z
??8EventProperty@Events@Applications@Microsoft@@QEBA_NAEBU0123@@Z
??8GUID_t@Events@Applications@Microsoft@@QEBA_NAEBU0123@@Z
??AILogConfiguration@Events@Applications@Microsoft@@QEAAAEAVVariant@123@PEBD@Z
??DILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VVariant@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VVariant@Events@Applications@Microsoft@@@std@@@2@@std@@XZ
??MGUID_t@Events@Applications@Microsoft@@QEBA_NAEBU0123@@Z
??YEventProperties@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@2@@std@@@Z
??_7DebugEventDispatcher@Events@Applications@Microsoft@@6B@
??_7DebugEventListener@Events@Applications@Microsoft@@6B@
??_7DebugEventSource@Events@Applications@Microsoft@@6B@
??_7EventProperties@Events@Applications@Microsoft@@6B@
??_7EventProperty@Events@Applications@Microsoft@@6B@
??_7IAuthTokensController@Events@Applications@Microsoft@@6B@
??_7ILogController@Events@Applications@Microsoft@@6B@
??_7ILogManager@Events@Applications@Microsoft@@6BDebugEventDispatcher@123@@
??_7ILogManager@Events@Applications@Microsoft@@6BIContextProvider@123@@
??_7ILogManager@Events@Applications@Microsoft@@6BILogController@123@@
??_7ILogger@Events@Applications@Microsoft@@6B@
??_7IModule@Events@Applications@Microsoft@@6B@
??_7ISemanticContext@Events@Applications@Microsoft@@6B@
?AddEventListener@DebugEventSource@Events@Applications@Microsoft@@UEAAXW4DebugEventType@234@AEAVDebugEventListener@234@@Z
?AddModule@ILogConfiguration@Events@Applications@Microsoft@@QEAAXPEBDAEBV?$shared_ptr@VIModule@Events@Applications@Microsoft@@@std@@@Z
?AttachEventSource@DebugEventSource@Events@Applications@Microsoft@@UEAA_NAEAV1234@@Z
?ClearExperimentIds@ISemanticContext@Events@Applications@Microsoft@@UEAAXXZ
?CreateLogManager@LogManagerProvider@Events@Applications@Microsoft@@SAPEAVILogManager@234@AEAVILogConfiguration@234@AEAW4status_t@234@@Z
?CreateLogManager@LogManagerProvider@Events@Applications@Microsoft@@SAPEAVILogManager@234@PEBDAEAW4status_t@234@_K@Z
?CreateLogManager@LogManagerProvider@Events@Applications@Microsoft@@SAPEAVILogManager@234@PEBD_NAEAVILogConfiguration@234@AEAW4status_t@234@_K@Z
?DecrementActiveHydrationsCount@QoS@@YAXXZ
?DestroyLogManager@LogManagerProvider@Events@Applications@Microsoft@@SA?AW4status_t@234@PEBD@Z
?DetachEventSource@DebugEventSource@Events@Applications@Microsoft@@UEAA_NAEAV1234@@Z
?DispatchEvent@DebugEventSource@Events@Applications@Microsoft@@UEAA_NVDebugEvent@234@@Z
?DispatchEventBroadcast@ILogManager@Events@Applications@Microsoft@@SA_NVDebugEvent@234@@Z
?FromJSON@Events@Applications@Microsoft@@YA?AVILogConfiguration@123@PEBD@Z
?FromLogConfiguration@Events@Applications@Microsoft@@YA?AVILogConfiguration@123@AEAULogConfiguration@Telemetry@23@@Z
?Get@LogManagerProvider@Events@Applications@Microsoft@@CAPEAVILogManager@234@AEAVILogConfiguration@234@AEAW4status_t@234@@Z
?Get@LogManagerProvider@Events@Applications@Microsoft@@CAPEAVILogManager@234@PEBDAEAW4status_t@234@@Z
?GetActiveHydrationsCount@QoS@@YAIXZ
?GetApplicationPropertyId@QoS@@YA?AW4Id@PropertyId@TelemetryConstants@@XZ
?GetDefaultConfiguration@Events@Applications@Microsoft@@YAAEBVILogConfiguration@123@XZ
?GetErrorType@QoS@@YA?AW4Type@ErrorType@TelemetryConstants@@JI@Z
?GetErrorType@QoS@@YA?AW4Type@ErrorType@TelemetryConstants@@JIAEBV?$set@IU?$less@I@std@@V?$allocator@I@2@@std@@@Z
?GetInstance@Telemetry@@CAPEAV1@XZ
?GetLatency@EventProperties@Events@Applications@Microsoft@@QEBA?AW4EventLatency@234@XZ
?GetLogObfuscationKeyManger@@YAJPEAPEAVILogObfuscationKeyManager@@@Z
?GetLogObfuscatorAes@@YAJPEAPEAVILogObfuscatorAes@@@Z
?GetModule@ILogConfiguration@Events@Applications@Microsoft@@QEAA?AV?$shared_ptr@VIModule@Events@Applications@Microsoft@@@std@@PEBD@Z
?GetModules@ILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$shared_ptr@VIModule@Events@Applications@Microsoft@@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$shared_ptr@VIModule@Events@Applications@Microsoft@@@2@@std@@@2@@std@@XZ
?GetName@EventProperties@Events@Applications@Microsoft@@QEBAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetPersistence@EventProperties@Events@Applications@Microsoft@@QEBA?AW4EventPersistence@234@XZ
?GetPiiProperties@EventProperties@Events@Applications@Microsoft@@QEBA?BV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$pair@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PiiKind@Events@Applications@Microsoft@@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$pair@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PiiKind@Events@Applications@Microsoft@@@2@@std@@@2@@std@@W4DataCategory@234@@Z
?GetPolicyBitFlags@EventProperties@Events@Applications@Microsoft@@QEBA_KXZ
?GetPopSample@EventProperties@Events@Applications@Microsoft@@QEBANXZ
?GetPriority@EventProperties@Events@Applications@Microsoft@@QEBA?AW4EventPriority@234@XZ
?GetProperties@EventProperties@Events@Applications@Microsoft@@QEBAAEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@2@@std@@W4DataCategory@234@@Z
?GetResultType@QoS@@YAPEB_WJI@Z
?GetResultType@QoS@@YAPEB_WW4Type@ErrorType@TelemetryConstants@@@Z
?GetTimestamp@EventProperties@Events@Applications@Microsoft@@QEBA_JXZ
?GetType@EventProperties@Events@Applications@Microsoft@@QEBAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?HasConfig@ILogConfiguration@Events@Applications@Microsoft@@QEAA_NPEBD@Z
?Hash@GUID_t@Events@Applications@Microsoft@@QEBA_KXZ
?IncrementActiveHydrationsCount@QoS@@YAXXZ
?Initialize@IModule@Events@Applications@Microsoft@@UEAAXPEAVILogManager@234@@Z
?InsertIntoIrmEnabledLibrarySet@QoS@@YAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?IsAnyLibraryIrmEnabled@QoS@@YA_NXZ
?Release@LogManagerProvider@Events@Applications@Microsoft@@SA?AW4status_t@234@AEAVILogConfiguration@234@@Z
?Release@LogManagerProvider@Events@Applications@Microsoft@@SA?AW4status_t@234@PEBD@Z
?RemoveEventListener@DebugEventSource@Events@Applications@Microsoft@@UEAAXW4DebugEventType@234@AEAVDebugEventListener@234@@Z
?RemoveFromIrmEnabledLibrarySet@QoS@@YAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?SetAppEnv@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetAppExperimentETag@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetAppExperimentIds@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetAppExperimentImpressionId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetAppId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetAppLanguage@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetAppName@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetAppVersion@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetApplicationId@QoS@@YAXI@Z
?SetCommercialId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetCommonField@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBUEventProperty@234@@Z
?SetCustomField@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBUEventProperty@234@@Z
?SetDeviceClass@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetDeviceId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetDeviceMake@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetDeviceModel@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetDeviceOrgId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetEventExperimentIds@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?SetLatency@EventProperties@Events@Applications@Microsoft@@QEAAXW4EventLatency@234@@Z
?SetLevel@EventProperties@Events@Applications@Microsoft@@QEAAXE@Z
?SetName@EventProperties@Events@Applications@Microsoft@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetNetworkCost@ISemanticContext@Events@Applications@Microsoft@@UEAAXW4NetworkCost@234@@Z
?SetNetworkProvider@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetNetworkType@ISemanticContext@Events@Applications@Microsoft@@UEAAXW4NetworkType@234@@Z
?SetOsBuild@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetOsName@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetOsVersion@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetPersistence@EventProperties@Events@Applications@Microsoft@@QEAAXW4EventPersistence@234@@Z
?SetPolicyBitFlags@EventProperties@Events@Applications@Microsoft@@QEAAX_K@Z
?SetPopsample@EventProperties@Events@Applications@Microsoft@@QEAAXN@Z
?SetPriority@EventProperties@Events@Applications@Microsoft@@QEAAXW4EventPriority@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$vector@NV?$allocator@N@std@@@6@W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$vector@UGUID_t@Events@Applications@Microsoft@@V?$allocator@UGUID_t@Events@Applications@Microsoft@@@std@@@6@W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@6@W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$vector@_JV?$allocator@_J@std@@@6@W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@EW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@FW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@GW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@NW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBDW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UGUID_t@234@W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Utime_ticks_t@234@W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_JW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_KW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_NW4PiiKind@234@W4DataCategory@234@@Z
?SetTicket@ISemanticContext@Events@Applications@Microsoft@@UEAAXW4TicketType@234@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetTimestamp@EventProperties@Events@Applications@Microsoft@@QEAAX_J@Z
?SetType@EventProperties@Events@Applications@Microsoft@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetUserANID@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetUserAdvertisingId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetUserId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PiiKind@234@@Z
?SetUserLanguage@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetUserMsaId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetUserTimeZone@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SizeUnknown@QoS@@YAIXZ
?Teardown@IModule@Events@Applications@Microsoft@@UEAAXXZ
?TryGetLevel@EventProperties@Events@Applications@Microsoft@@QEBA?AV?$tuple@_NE@std@@XZ
?clear@EventProperty@Events@Applications@Microsoft@@QEAAXXZ
?convertUintVectorToGUID@GUID_t@Events@Applications@Microsoft@@SA?AU_GUID@@AEBV?$vector@EV?$allocator@E@std@@@std@@@Z
?copydata@EventProperty@Events@Applications@Microsoft@@AEAAXPEBU1234@@Z
?empty@EventProperty@Events@Applications@Microsoft@@QEAA_NXZ
?erase@EventProperties@Events@Applications@Microsoft@@QEAA_KAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4DataCategory@234@@Z
?lock@?1??stateLock@DebugEventSource@Events@Applications@Microsoft@@KAAEAVrecursive_mutex@std@@XZ@4V67@A
?pack@EventProperties@Events@Applications@Microsoft@@QEAAPEAUevt_prop@@XZ
?stateLock@DebugEventSource@Events@Applications@Microsoft@@KAAEAVrecursive_mutex@std@@XZ
?to_bytes@GUID_t@Events@Applications@Microsoft@@QEBAXAEAY0BA@E@Z
?to_string@EventProperty@Events@Applications@Microsoft@@UEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?to_string@GUID_t@Events@Applications@Microsoft@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?type_name@EventProperty@Events@Applications@Microsoft@@SAPEBDI@Z
?unpack@EventProperties@Events@Applications@Microsoft@@QEAA_NPEAUevt_prop@@_K@Z
evt_api_call_default

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 129KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 43.3MB - Virtual size: 43.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OpenWith.exe
.exe windows:10 windows x64 arch:x64

c9d688e9591d69636f921914b8c58481

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d5:7c:38:ea:07:54:fe:c0:67:88:8b:82:19:8e:64:25:e5:65:52:92:1a:b0:0e:18:8e:51:18:91:a9:1a:5e:c7
Signer

Actual PE Digest

d5:7c:38:ea:07:54:fe:c0:67:88:8b:82:19:8e:64:25:e5:65:52:92:1a:b0:0e:18:8e:51:18:91:a9:1a:5e:c7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

OpenWith.pdb

Imports

kernel32

HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
LocalFree
CompareStringOrdinal
ReleaseSRWLockExclusive
CreateSemaphoreExW
AcquireSRWLockShared
ReleaseSRWLockShared
SetThreadpoolTimer
CreateThreadpoolTimer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
ResolveDelayLoadedAPI
DelayLoadFailureHook
AcquireSRWLockExclusive
GetModuleFileNameA

user32

GetMessageW
TranslateMessage
DispatchMessageW
KillTimer
PostQuitMessage
SetTimer
DestroyMenu
CreatePopupMenu
GetMenuDefaultItem
PostThreadMessageW
ord2521

msvcp_win

?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
memmove

api-ms-win-crt-string-l1-1-0

memset

shcore

IUnknown_Set
IUnknown_QueryService
SHSetThreadRef
SHCreateThreadRef
SetProcessReference
IUnknown_GetSite
IUnknown_SetSite
SHStrDupA

shell32

ord764

shlwapi

ord172
PathIsURLW
ord219

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoRegisterClassObject
CoCopyProxy
CoUninitialize
CoRevokeClassObject
CoGetCallContext
CoInitializeEx

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess
GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-heap-l2-1-0

LocalAlloc

comctl32

ord236

oleaut32

SysFreeString
SysStringLen
SetErrorInfo

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OptionalFeatures.exe
.exe windows:10 windows x64 arch:x64

b1da23e5bf146552e38fa70dee47601e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

OptionalFeatures.pdb

Imports

kernel32

HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
GetUserDefaultUILanguage
CompareStringOrdinal
GetLocaleInfoW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
CreateSemaphoreExW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapSetInformation
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
OutputDebugStringW
GetModuleFileNameA

gdi32

GetStockObject

user32

GetUserObjectInformationW
GetClassNameW
LoadCursorW
RegisterClassW
DestroyIcon
CloseDesktop
GetThreadDesktop
OpenDesktopW
GetWindowLongPtrW
SendMessageW
CreateWindowExW
SetWindowLongPtrW
DestroyWindow
GetWindow
DefWindowProcW
SwitchDesktop
SetThreadDesktop

msvcrt

memcpy_s
_vsnwprintf
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
wcsstr
memset

appwiz.cpl

RunOCMW

shlwapi

ord10

api-ms-win-core-com-l1-1-0

CoInitializeSecurity
CoUninitialize

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcess
TerminateProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

ole32

CoInitialize

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PATHPING.EXE
.exe windows:10 windows x64 arch:x64

1a0378360a885737213846e9571a1e47

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

pathping.pdb

Imports

msvcrt

__setusermatherr
_cexit
_exit
__set_app_type
_initterm
__C_specific_handler
_fmode
__wgetmainargs
_amsg_exit
_XcptFilter
fwprintf
fgetpos
wcschr
_fileno
_write
_setmode
wcstoul
fflush
_commode
?terminate@@YAXXZ
_wcsicmp
exit
_get_osfhandle
memcpy
__iob_func
memset

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage

iphlpapi

IcmpCreateFile
Icmp6CreateFile
Icmp6SendEcho2
IcmpSendEcho2
IcmpParseReplies
IcmpCloseHandle
Icmp6ParseReplies

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

ws2_32

WSAStartup
closesocket
GetNameInfoW
socket
WSACleanup
FreeAddrInfoW
GetAddrInfoW
WSAIoctl

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-console-l1-1-0

GetConsoleMode

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

ntdll

RtlIpv4StringToAddressW

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-synch-l1-1-0

SleepEx

api-ms-win-core-file-l1-1-0

GetFileType

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PING.EXE
.exe windows:10 windows x64 arch:x64

52182582db3fc49e327853c5e45e3fb9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ping.pdb

Imports

msvcrt

__setusermatherr
_cexit
_initterm
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
_get_osfhandle
_wcsicmp
exit
_exit
fflush
__set_app_type
iswctype
__wgetmainargs
_amsg_exit
_XcptFilter
fwprintf
wcstoul
fgetpos
_setmode
memcpy
_write
_fileno
__iob_func
wcschr
memset

api-ms-win-core-console-l1-1-0

GetConsoleMode
SetConsoleCtrlHandler

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

iphlpapi

IcmpSendEcho2Ex
GetIpErrorString
Icmp6CreateFile
GetIpForwardTable
SetCurrentThreadCompartmentId
Icmp6SendEcho2
IcmpCreateFile
IcmpCloseHandle
InternalIcmpCreateFileEx

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

ws2_32

WSAStartup
GetNameInfoW
GetAddrInfoW
WSACleanup
InetNtopW
FreeAddrInfoW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

ntdll

RtlIpv4StringToAddressW

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-file-l1-1-0

GetFileType

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PackagedCWALauncher.exe
.exe windows:10 windows x64 arch:x64

7417db9eac14d3383f0430e33081c07e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

PackagedCWALauncher.pdb

Imports

msvcrt

__CxxFrameHandler4
_initterm
_fmode
_lock
__setusermatherr
_cexit
_exit
??1type_info@@UEAA@XZ
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_CxxThrowException
_unlock
_commode
_vsnprintf_s
__dllonexit
_onexit
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
?terminate@@YAXXZ
memcpy_s
_vsnwprintf
__C_specific_handler
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventActivityIdControl
EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
WaitForSingleObject
CreateMutexExW
ReleaseSemaphore
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-shlwapi-legacy-l1-1-0

PathGetArgsW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

ext-ms-win-com-sta-l1-1-0

CoInitialize

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PasswordOnWakeSettingFlyout.exe
.exe windows:10 windows x64 arch:x64

efbb2ae327c24ac043ba293919f6dedd

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c6:77:62:30:de:ba:1d:47:75:a3:24:99:24:9c:ea:8d:75:17:95:76:64:25:dd:c0:a3:30:39:6a:bc:e0:5e:54
Signer

Actual PE Digest

c6:77:62:30:de:ba:1d:47:75:a3:24:99:24:9c:ea:8d:75:17:95:76:64:25:dd:c0:a3:30:39:6a:bc:e0:5e:54

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

PasswordOnWakeSettingFlyout.pdb

Imports

kernel32

GetLastError

user32

LoadStringW

msvcrt

__C_specific_handler
_callnewh
malloc
memcpy_s
_vsnwprintf
_wtoi
_purecall
free
_XcptFilter
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__CxxFrameHandler3
_commode
_fmode
_wcmdln
memset
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeEx
CoUninitialize
CoTaskMemAlloc

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
GetCurrentThreadId
TlsFree
TerminateProcess
TlsAlloc
GetCurrentProcessId
TlsGetValue
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
LoadLibraryExW
FreeLibrary
GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-synch-l1-1-0

ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSemaphore
CreateSemaphoreExW
CreateMutexExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObject

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

shell32

CommandLineToArgvW

shlwapi

SHGetThreadRef
PathRemoveFileSpecW
PathAppendW

uxtheme

GetCurrentThemeName

dui70

InitThread
UnInitProcessPriv
UnInitThread
?GetSheet@DUIXmlParser@DirectUI@@QEAAJPEBGPEAPEAVValue@2@@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
?SetRootWindowForTheming@DUIXmlParser@DirectUI@@QEAAXPEAUHWND__@@@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?EndDefer@Element@DirectUI@@QEAAXK@Z
?Destroy@Element@DirectUI@@QEAAJ_N@Z
InitProcessPriv
?SetXMLFromResourceWithTheme@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@00@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJPEBGPEAUHINSTANCE__@@1@Z
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
StartMessagePump

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PickerHost.exe
.exe windows:10 windows x64 arch:x64

400808860662ea1c9f82731f5f32d9c6

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9d:53:21:24:e6:8c:73:0b:e1:10:6a:2b:8d:cd:83:86:73:b5:94:59:76:58:5a:4e:29:7d:d5:49:ea:de:29:97
Signer

Actual PE Digest

9d:53:21:24:e6:8c:73:0b:e1:10:6a:2b:8d:cd:83:86:73:b5:94:59:76:58:5a:4e:29:7d:d5:49:ea:de:29:97

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

PickerHost.pdb

Imports

msvcrt

_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__CxxFrameHandler3
__wgetmainargs
_amsg_exit
_XcptFilter
??_V@YAXPEAX@Z
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
?terminate@@YAXXZ
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_lock
_vsnwprintf
_purecall
??3@YAXPEAX@Z
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
memcmp
__CxxFrameHandler4
__set_app_type
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
memset

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoAddRefServerProcess
CoRevokeClassObject
CoInitializeEx
CoResumeClassObjects
CoRegisterClassObject
CoUninitialize
CoReleaseServerProcess
CoGetCallContext
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventWriteTransfer
EventActivityIdControl
EventRegister

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
OpenSemaphoreW
ReleaseMutex
AcquireSRWLockExclusive
WaitForSingleObject
EnterCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
ReleaseSemaphore
LeaveCriticalSection
ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
SetLastError
GetLastError

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegGetValueW
RegCloseKey

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoRegisterActivationFactories
RoGetActivationFactory

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

GetProcessId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetStartupInfoW
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-rtcore-ntuser-window-l1-1-0

PostThreadMessageW
TranslateMessage
DispatchMessageW
GetMessageW

api-ms-win-shcore-thread-l1-1-0

SHSetThreadRef

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PinEnrollmentBroker.exe
.exe windows:10 windows x64 arch:x64

2b15d9d2e88543c98e5f44a260b577e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

PinEnrollmentBroker.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__crt_atexit
_o__configure_wide_argv
_o__exit
_o__configthreadlocale
_o__cexit
_o__callnewh
__CxxFrameHandler4
__std_terminate
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__errno
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString
WindowsCreateString
WindowsCompareStringOrdinal

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
OpenProcessToken
GetCurrentThread
GetStartupInfoW
TerminateProcess
GetCurrentProcess
OpenThreadToken

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
PropVariantClear
CoDecrementMTAUsage
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoTaskMemFree
CoResumeClassObjects
CoReleaseServerProcess
CoRegisterClassObject
CoInitializeEx
CoUninitialize
CoIncrementMTAUsage
CoCreateInstance
CoRevokeClassObject
CoGetMalloc
CoAddRefServerProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateMutexExW
WaitForSingleObjectEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
CreateEventExW
OpenSemaphoreW
ReleaseSemaphore
WaitForSingleObject
ReleaseSRWLockShared
AcquireSRWLockShared
CreateSemaphoreExW
SetEvent
ReleaseMutex

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoActivateInstance
RoRegisterActivationFactories
RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetComputerNameExW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

combase

ord69
ord99

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

sspicli

LsaConnectUntrusted
LogonUserExExW
LsaLookupAuthenticationPackage
LsaDeregisterLogonProcess

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-security-base-l1-1-0

GetTokenInformation
GetLengthSid
CopySid

api-ms-win-security-lsapolicy-l1-1-0

LsaFreeMemory
LsaLookupSids
LsaLookupNames2
LsaClose
LsaOpenPolicy

ntdll

RtlInitUnicodeString

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrChrW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

propsys

PropVariantToBoolean

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PkgMgr.exe
.exe windows:10 windows x64 arch:x64

1a5f3792f2ccf80b306e2859d468bc56

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

pkgmgr.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
memmove
_o__wcsnicmp
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___p__commode
_o___p___wargv
_o___p___argc
wcsstr
wcschr
wcsrchr
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

strcmp
memset

api-ms-win-core-file-l1-1-0

FindNextFileW
FindFirstFileW
CompareFileTime
FindClose
DeleteFileW
CreateDirectoryW
GetFullPathNameW
RemoveDirectoryW
CreateFileW
GetFileAttributesW
GetFileAttributesExW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetErrorMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetErrorMode

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentVariableW
GetCommandLineW
GetEnvironmentVariableW
ExpandEnvironmentStringsW

api-ms-win-core-libraryloader-l1-1-0

GetProcAddress
GetModuleFileNameW
GetModuleHandleExW
FreeLibrary
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenProcessToken
GetCurrentThreadId
InitializeProcThreadAttributeList
GetCurrentProcessId
TerminateProcess
UpdateProcThreadAttribute
CreateProcessW
GetExitCodeProcess
DeleteProcThreadAttributeList

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
StartTraceW

api-ms-win-eventing-legacy-l1-1-0

EnableTrace

api-ms-win-eventing-consumer-l1-1-0

CloseTrace

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapReAlloc
HeapSetInformation
HeapAlloc
HeapSize
GetProcessHeap
HeapFree

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockShared
ReleaseSRWLockExclusive
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
CreateMutexExW
AcquireSRWLockExclusive
ReleaseMutex
WaitForSingleObject

api-ms-win-core-kernel32-legacy-l1-1-0

CopyFileW
LoadLibraryW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetSystemTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-com-l1-1-0

CoCreateGuid
StringFromGUID2
CoGetMalloc

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-registry-l2-1-0

RegOpenKeyTransactedW

user32

MessageBoxW

ntdll

RtlFreeHeap
DbgPrintEx
RtlRaiseStatus
NtClose

api-ms-win-core-file-l1-2-0

GetTempPathW

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PktMon.exe
.exe windows:10 windows x64 arch:x64

4b36a74a32d9b6c294ccb7a0c40d71f1

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

aa:01:62:af:61:2e:ad:3a:de:92:7a:a2:22:08:19:bf:f8:29:56:5a:09:ab:e0:50:66:5a:72:47:78:42:fe:f7
Signer

Actual PE Digest

aa:01:62:af:61:2e:ad:3a:de:92:7a:a2:22:08:19:bf:f8:29:56:5a:09:ab:e0:50:66:5a:72:47:78:42:fe:f7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

PktMon.pdb

Imports

msvcp_win

?_Xbad_function_call@std@@YAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?wcout@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Xlength_error@std@@YAXPEBD@Z
?width@ios_base@std@@QEAA_J_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Xout_of_range@std@@YAXPEBD@Z
?unsetf@ios_base@std@@QEAAXH@Z
?setf@ios_base@std@@QEAAHH@Z
?setf@ios_base@std@@QEAAHHH@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@PEAV32@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?sync_with_stdio@ios_base@std@@SA_N_N@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?clear@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@G@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGD@Z
?widen@?$ctype@G@std@@QEBAGD@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??Bid@locale@std@@QEAA_KXZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?wcerr@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
_Xtime_get_ticks
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
_Thrd_sleep
_Query_perf_frequency
_Query_perf_counter
?width@ios_base@std@@QEBA_JXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?uncaught_exception@std@@YA_NXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?good@ios_base@std@@QEBA_NXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?flags@ios_base@std@@QEBAHXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z

api-ms-win-crt-string-l1-1-0

wcscspn
strnlen
wcsncmp
memset
wcscmp
wcsnlen
wcsspn

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__create_locale
_o__crt_atexit
_o__errno
_o__exit
_o__fileno
_o__free_locale
_o__get_initial_wide_environment
_o__gmtime32
_o__gmtime64
_o__i64toa_s
_o__i64tow_s
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__localtime32
_o__memicmp
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_errno
_o__set_fmode
_o__set_new_mode
_o__setmode
_o__strdup
memmove
_o__ui64toa_s
_o__ui64tow_s
_o__ultow_s
_o__wcsicmp
_o__wcslwr
_o__wcslwr_s
_o__wcsnicmp
_o__wcstoui64
_o__wfopen_s
_o__wtoi
_o_abort
_o_calloc
_o_ceilf
_o_exit
_o_fclose
_o_fputc
_o_free
_o_isdigit
_o_isprint
_o_isspace
_o_iswdigit
_o_iswxdigit
_o_malloc
_o_putwchar
_o_realloc
_o_strftime
_o_strncpy_s
_o_terminate
_o_toupper
_o_towlower
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstol
_o_wcstoul
_o_wmemcpy_s
__current_exception
__current_exception_context
_CxxThrowException
_o___acrt_iob_func
wcsrchr
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_o___p__commode
wcschr
strrchr
wcsstr
_o___p___wargv
_o___p___argc
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf_s
_o___stdio_common_vfwprintf_p
_o___stdio_common_vfwprintf
_o___stdio_common_vfprintf
_o___std_exception_destroy
_o___std_exception_copy
_o__stricmp
__C_specific_handler_noexcept
memchr
memcmp
memcpy

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler
WriteConsoleW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError
SetUnhandledExceptionFilter

ntdll

RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlIpv6AddressToStringA
RtlEthernetAddressToStringA
RtlIpv4AddressToStringA
RtlIpv4AddressToStringExW
RtlIpv6AddressToStringExW
RtlGetVersion
RtlEthernetStringToAddressW
RtlImageDirectoryEntryToData
RtlImageRvaToVa
RtlEthernetAddressToStringW
RtlIpv6StringToAddressExW
RtlIpv4StringToAddressExW
RtlIpv6StringToAddressW
RtlIpv4StringToAddressW

api-ms-win-core-synch-l1-1-0

SetEvent
InitializeCriticalSectionAndSpinCount
ResetEvent
DeleteCriticalSection
LeaveCriticalSection
WaitForSingleObjectEx
CreateSemaphoreExW
CreateMutexExW
CreateEventW
OpenSemaphoreW
ReleaseMutex
InitializeCriticalSection
ReleaseSemaphore
WaitForSingleObject
EnterCriticalSection

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CLSIDFromString
CoCreateInstance
CoCreateGuid
StringFromGUID2

api-ms-win-core-sysinfo-l1-1-0

GlobalMemoryStatusEx
GetSystemInfo
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetVersionExW
GetSystemTimeAsFileTime
GetWindowsDirectoryW

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
ControlTraceW
EnumerateTraceGuidsEx
StartTraceW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-eventing-tdh-l1-1-0

TdhEnumerateProviders
TdhGetEventInformation
TdhGetEventMapInformation
TdhFormatProperty
TdhGetProperty
TdhGetPropertySize

api-ms-win-eventing-consumer-l1-1-0

OpenTraceW
CloseTrace
ProcessTrace

api-ms-win-core-console-l2-1-0

SetConsoleCursorPosition
SetConsoleWindowInfo
SetConsoleCursorInfo
SetConsoleActiveScreenBuffer
CreateConsoleScreenBuffer
SetConsoleScreenBufferSize
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetEnvironmentVariableW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

FormatMessageA
GetLocaleInfoEx
FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
LoadResource
LockResource
SizeofResource
LoadStringW
GetModuleFileNameA
GetModuleHandleA
LoadLibraryExW
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
FreeLibrary

ws2_32

ntohs
ntohl
htonl
htons

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

oleaut32

SysFreeString
SysAllocString

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentProcessId
GetExitCodeProcess
CreateProcessW
TerminateProcess
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
StartServiceW
OpenServiceW

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-core-file-l1-1-0

DeleteFileW
GetTempFileNameW
FindFirstFileW
GetFileSize
FindNextFileW
FindVolumeClose
FindNextVolumeW
QueryDosDeviceW
FindFirstVolumeW
FindClose
WriteFile
GetFullPathNameW
ReadFile
GetFileAttributesW
SetFilePointer
SetFilePointerEx
CreateDirectoryW
GetFinalPathNameByHandleW
CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegEnumKeyExW
RegGetValueA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
TraceEvent
UnregisterTraceGuids

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetTempPathW

api-ms-win-core-memory-l1-1-0

MapViewOfFileEx
UnmapViewOfFile
CreateFileMappingW

api-ms-win-core-wow64-l1-1-0

Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
IsWow64Process

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapSize
HeapAlloc
HeapDestroy
GetProcessHeap
HeapFree

bcrypt

BCryptGetProperty
BCryptHashData
BCryptCreateHash
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptCloseAlgorithmProvider

netsetupapi

NetSetupFreeObjectProperties
NetSetupClose
NetSetupInitialize
NetSetupFreeObjects
NetSetupGetObjects
NetSetupGetObjectProperties

Sections

.text
Size: 464KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 713KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PnPUnattend.exe
.exe windows:10 windows x64 arch:x64

b785fc9feca50acb62b3378712b6bda0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

PnPUnattend.pdb

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
CheckTokenMembership
RegLoadKeyW
RegUnLoadKeyW
RegEnumKeyExW
ConvertStringSidToSidW
RegQueryInfoKeyW
RegEnumKeyW
RegCloseKey
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent

kernel32

CreateEventW
SetEvent
OpenEventW
WaitForSingleObject
GetFullPathNameW
CreateDirectoryW
GetFileAttributesW
LoadLibraryExW
GetProcessHeap
DeleteCriticalSection
GetProcAddress
HeapAlloc
CloseHandle
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
EnterCriticalSection
SetLastError
HeapFree
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
GetCurrentProcess
FormatMessageW
GetLastError
lstrcmpW
lstrcmpiW
FreeLibrary
FindClose
ExpandEnvironmentStringsW
FindNextFileW
CompareStringW
FindFirstFileW
GetModuleHandleW
LocalFree
GetVersionExW

msvcrt

wprintf
_XcptFilter
wcschr
realloc
__set_app_type
free
_wcsicmp
__CxxFrameHandler4
__wgetmainargs
_amsg_exit
malloc
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
_vsnwprintf
_vsnprintf
wcsrchr
_wcsnicmp
wcsncmp
memset

user32

LoadStringW

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
RtlFreeHeap
RtlAllocateHeap

setupapi

SetupFindFirstLineW
SetupGetStringFieldW
pSetupStringTableLookUpString
pSetupGetFileTitle
SetupFindNextLine
SetupCloseInfFile
SetupDiGetActualModelsSectionW
SetupOpenInfFileW
SetupGetFieldCount
SetupDiGetINFClassW
pSetupStringTableDestroy
pSetupStringTableInitialize
pSetupIsUserAdmin
pSetupIsLocalSystem
pSetupStringTableAddString

newdev

DiInstallDriverW

rpcrt4

UuidToStringW
RpcStringFreeW

mpr

WNetAddConnection2W
WNetCancelConnection2W

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PresentationHost.exe
.exe windows:10 windows x64 arch:x64

b1c8422be3a752bdad4e20658b636e91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

PresentationHost.pdb

Imports

msvcrt

__getmainargs
_amsg_exit
_XcptFilter
__setusermatherr
?what@exception@@UEBAPEBDXZ
_initterm
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_fmode
_commode
memmove
memcpy
__CxxFrameHandler3
__set_app_type
_callnewh
memmove_s
isdigit
tolower
_purecall
?terminate@@YAXXZ
_lock
iswdigit
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_errno
_wcsnicmp
wcscat_s
exit
_exit
_cexit
_CxxThrowException
_ismbblead
realloc
memset
_acmdln
wcscpy_s
memcpy_s
malloc
wcsncpy_s
__C_specific_handler
_wcsicmp
free
_vsnwprintf
wcsncmp
__CxxFrameHandler4
wcscmp

oleaut32

SysAllocStringLen
VarUI4FromStr
SysFreeString

kernel32

HeapSize
HeapReAlloc
LocalAlloc
OpenProcess
HeapFree
CreateTimerQueueTimer
TerminateProcess
ExpandEnvironmentStringsW
IsWow64Process
HeapAlloc
GetProcessHeap
HeapDestroy
FreeLibrary
OutputDebugStringW
FindFirstFileW
FindClose
GetLastError
GetTempPathW
GetTempFileNameW
CreateFileW
WriteFile
GetNativeSystemInfo
CloseHandle
GetEnvironmentVariableW
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
CreateEventW
ResetEvent
SetEvent
DeactivateActCtx
ActivateActCtx
CreateActCtxW
ReleaseActCtx
FormatMessageW
LocalFree
SwitchToThread
GetFileAttributesExW
FileTimeToSystemTime
LoadLibraryW
MultiByteToWideChar
OpenEventW
IsDebuggerPresent
HeapSetInformation
ExitProcess
GetCurrentProcess
Sleep
RtlCaptureContext
GetStartupInfoW
GetCommandLineW
GetModuleFileNameW
RtlLookupFunctionEntry
InitializeCriticalSection
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
OutputDebugStringA
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
MapViewOfFile
CreateFileMappingW
LCIDToLocaleName
UnmapViewOfFile
GetLocaleInfoW
GetUserDefaultUILanguage
GetCurrentProcessId
DeleteCriticalSection
FindResourceExW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
GetLocaleInfoEx
GetSystemDefaultUILanguage
lstrcmpiW
SetLastError
LoadResource
GetVersionExW
RaiseException
SizeofResource
SearchPathW

advapi32

RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
AddAce
GetAce
AddAccessAllowedAce
InitializeAcl
GetLengthSid
GetAclInformation
SetTokenInformation
GetSecurityDescriptorDacl
GetKernelObjectSecurity
CopySid
LsaClose
LsaNtStatusToWinError
LsaLookupPrivilegeValue
LsaOpenPolicy
CreateWellKnownSid
EqualSid
CreateProcessAsUserW
CreateRestrictedToken
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegisterTraceGuidsW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
GetTraceLoggerHandle
GetTraceEnableLevel
TraceEvent
RegEnumKeyW
RegEnumValueW
GetSidSubAuthority
GetSidSubAuthorityCount

shell32

SHGetFolderPathW
CommandLineToArgvW
SHGetKnownFolderPath
ShellExecuteExW
ShellExecuteW

ole32

StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize
CLSIDFromProgID
CreateBindCtx
CoMarshalInterThreadInterfaceInStream
CoRevokeClassObject
CoRegisterClassObject
CoReleaseMarshalData

user32

MessageBeep
PostQuitMessage
DispatchMessageW
TranslateMessage
LoadStringW
MsgWaitForMultipleObjects
MessageBoxW
PeekMessageW
WaitForInputIdle
GetMessageW
CharNextW
PostMessageW
UnregisterClassA

shlwapi

PathFindExtensionW
AssocQueryStringW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ntdll

RtlInitUnicodeString

api-ms-win-core-path-l1-1-0

PathCchAppend

mscoree

CoEEShutDownCOM
LoadLibraryShim

wininet

InternetCreateUrlW
InternetCrackUrlW

urlmon

URLDownloadToCacheFileW
CreateURLMonikerEx
GetClassFileOrMime
RegisterBindStatusCallback
CoInternetCreateSecurityManager
CoInternetCombineUrl
CoInternetParseUrl

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PrintIsolationHost.exe
.exe windows:10 windows x64 arch:x64

6ac27955c1a84b7a0ea061ecfa67d8dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

PrintIsolationHost.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

kernel32

HeapSetInformation
GetLastError
SetErrorMode
GetErrorMode
TlsAlloc
TlsFree
LoadLibraryW
GetProcAddress
DeleteCriticalSection
RaiseException
InitializeCriticalSection
CloseHandle
SetEvent
WaitForSingleObject
ExitProcess
CreateEventW
CreateThread
GetCurrentThreadId
GetModuleHandleW
Sleep
AddVectoredExceptionHandler
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW

user32

DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
CloseWindowStation
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW

msvcrt

?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_wcmdln
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_purecall
__C_specific_handler
exit

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
RtlReportException
EtwEventRegister
EtwEventUnregister

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoRegisterClassObject
CoRevokeClassObject
CoSuspendClassObjects
CoFreeUnusedLibraries
CoUninitialize
CoResumeClassObjects
CoCreateInstance

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ProximityUxHost.exe
.exe windows:10 windows x64 arch:x64

12efa0b6ab4ac41a85e8f25950d0cbe8

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:a0:53:4f:e9:29:70:2d:b1:e8:e3:a6:c6:22:d0:f6:af:07:04:1f:96:a7:6a:42:50:1d:7e:cd:f3:ed:4c:bd
Signer

Actual PE Digest

a4:a0:53:4f:e9:29:70:2d:b1:e8:e3:a6:c6:22:d0:f6:af:07:04:1f:96:a7:6a:42:50:1d:7e:cd:f3:ed:4c:bd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ProximityUxHost.pdb

Imports

msvcrt

memset
?terminate@@YAXXZ
__CxxFrameHandler3
_onexit
rand
_unlock
_lock
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
wcsrchr
_wcmdln
memcpy_s
_vsnwprintf
malloc
free
__dllonexit
srand
_purecall
memcmp
memcpy
_callnewh
qsort_s
wcscmp

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
SetEvent
TryEnterCriticalSection
ResetEvent
AcquireSRWLockExclusive
LeaveCriticalSection
CreateMutexW
WaitForMultipleObjectsEx
CreateEventExW
CreateSemaphoreExW
DeleteCriticalSection
ReleaseSemaphore
InitializeCriticalSection
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
AcquireSRWLockShared
CreateMutexExW
EnterCriticalSection
ReleaseSRWLockExclusive
ReleaseSRWLockShared
CreateEventW
WaitForSingleObject

api-ms-win-core-com-l1-1-0

CoDisableCallCancellation
CoEnableCallCancellation
CoCreateFreeThreadedMarshaler
PropVariantClear
CoTaskMemFree
CoWaitForMultipleHandles
CoTaskMemRealloc
CoGetApartmentType
CoResumeClassObjects
CoRegisterClassObject
CoCancelCall
CoRevokeClassObject
CoGetMalloc
CoAddRefServerProcess
CoReleaseServerProcess
CoTaskMemAlloc
CoCreateInstance

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
CreateThread
TlsSetValue
TlsFree
TlsAlloc
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
TlsGetValue
GetStartupInfoW

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoInitialize
RoUninitialize
RoRegisterActivationFactories
RoGetActivationFactory
RoRevokeActivationFactories

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
Sleep
WakeAllConditionVariable
InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
SetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsCreateString
WindowsSubstringWithSpecifiedLength
WindowsDuplicateString
WindowsGetStringLen

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleFileNameA
LockResource
FreeLibrary
GetProcAddress
LoadResource
GetModuleHandleW
GetModuleHandleExW
FindResourceExW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

proximitycommon

ord21
ord20
ord22
ord24

proximityservicepal

PAL_RegisterConsoleDisplayStateNotifications
PAL_UnregisterConsoleDisplayStateNotifications

gdi32

D3DKMTNetDispQueryMiracastDisplayDeviceSupport

user32

DefWindowProcW
SendMessageW
SetForegroundWindow
KillTimer
GetMessageW
LoadCursorW
SetCursor
TranslateMessage
PostQuitMessage
GetWindowLongPtrW
SetTimer
PostMessageW
IsWindowVisible
DestroyWindow
LoadStringW
MsgWaitForMultipleObjectsEx
PeekMessageW
DispatchMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

SysFreeString

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-appmodel-runtime-l1-1-0

GetPackagesByPackageFamily

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegGetValueW

api-ms-win-shlwapi-winrt-storage-l1-1-1

SHCreateWorkerWindowW
IUnknown_GetWindow
AssocQueryStringW
ord237

api-ms-win-core-file-l1-1-0

WriteFile
CreateFileW
RemoveDirectoryW

ext-ms-win-shell32-shellfolders-l1-1-0

SHGetKnownFolderPath

api-ms-win-shell-shdirectory-l1-1-0

ord290

api-ms-win-devices-query-l1-1-0

DevCreateObjectQuery
DevFreeObjectProperties
DevCloseObjectQuery
DevCreateObjectQueryFromId

propsys

PropVariantToStringAlloc

api-ms-win-devices-query-l1-1-1

DevGetObjectPropertiesEx

api-ms-win-shcore-sysinfo-l1-1-0

SetCurrentProcessExplicitAppUserModelID

api-ms-win-core-kernel32-legacy-l1-1-1

PowerCreateRequest
PowerSetRequest
PowerClearRequest

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileEx

bcrypt

BCryptEncrypt
BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptDestroyKey
BCryptDecrypt
BCryptGenerateSymmetricKey
BCryptGetProperty

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

ws2_32

ntohl
ntohs

shell32

SHCreateAssociationRegistration
ShellExecuteExW
SHCreateItemInKnownFolder

ole32

CoAllowSetForegroundWindow

dwmapi

DwmGetWindowAttribute

winmm

PlaySoundW

deviceassociation

DafCloseAssociationContext
DafStartReadCeremonyData
DafSelectCeremony
DafStartEnumCeremonies
DafStartFinalize
DafStartRemoveAssociation
DafCreateAssociationContext
DafStartDeviceStatusNotification
DafMemFree
DafCreateAssociationContextFromOobBlob
DafCloseChallengeContext
DafChallengeDevicePresence
DafCreateChallengeContext

opcservices

ord7
ord4

dui70

?GetClassInfoPtr@ModernProgressBar@DirectUI@@SAPEAUIClassInfo@2@XZ
?StateProp@ModernProgressBar@DirectUI@@SAPEBUPropertyInfo@2@XZ
?PositionProp@ModernProgressBar@DirectUI@@SAPEBUPropertyInfo@2@XZ
?GetRoot@Element@DirectUI@@QEAAPEAV12@XZ
UnInitProcessPriv
UnInitThread
InitThread
InitProcessPriv
?DeterminateProp@ModernProgressBar@DirectUI@@SAPEBUPropertyInfo@2@XZ
DuiCreateObject
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@P6APEBUPropertyInfo@2@XZHPEAUUpdateCache@2@@Z
?CustomProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?CreateString@Value@DirectUI@@SAPEAV12@PEBGPEAUHINSTANCE__@@@Z
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?AccessibleProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?AddListener@Element@DirectUI@@QEAAJPEAUIElementListener@2@@Z
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
StrToID
?Click@TouchButton@DirectUI@@SA?AVUID@@XZ
?Click@Button@DirectUI@@SA?AVUID@@XZ
?CreateBool@Value@DirectUI@@SAPEAV12@_N@Z
?VisibleProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?CreateInt@Value@DirectUI@@SAPEAV12@HW4DynamicScaleValue@@@Z
?ContentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?_ZeroRelease@Value@DirectUI@@AEAAXXZ
?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z

api-ms-win-rtcore-ntuser-private-l1-1-0

CreateWindowInBand

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-shlwapi-legacy-l1-1-0

PathRemoveBackslashW

api-ms-win-core-url-l1-1-0

UrlUnescapeW

Sections

.text
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RMActivate.exe
.exe windows:10 windows x64 arch:x64

a64b00149541ecb0fa84fd98b79bf54d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rmactivate.pdb

Imports

msvcrt

_CxxThrowException
wcscpy_s
_snwprintf_s
??1type_info@@UEAA@XZ
_stricmp
__CxxFrameHandler3
_wcsicmp
memset
_wcsnicmp
?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
free
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
__C_specific_handler
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
memcpy
memmove

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualProtect
VirtualAlloc
VirtualQuery

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
ReleaseMutex
CreateMutexA
DeleteCriticalSection
InitializeCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentThread

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
GetProcAddress
LoadLibraryExA

api-ms-win-core-rtlsupport-l1-1-0

RtlAddFunctionTable
RtlCaptureContext
RtlDeleteFunctionTable
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetSystemDirectoryW
GetSystemTime
GetVersionExA
GetSystemTimeAsFileTime
GetSystemInfo
GetTickCount

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
TraceMessage
GetTraceLoggerHandle
GetTraceEnableFlags
UnregisterTraceGuids

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapSetInformation

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateGuid

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

crypt32

CryptProtectData
CertVerifyCertificateChainPolicy

api-ms-win-core-file-l1-1-0

DeleteFileW
CreateFileW
GetVolumeInformationW
CreateFileA
GetDriveTypeW
GetLogicalDriveStringsW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-registry-l1-1-0

RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentStringsW

cryptsp

CryptAcquireContextW
CryptContextAddRef
CryptGetDefaultProviderW
CryptReleaseContext
CryptGenRandom
CryptDeriveKey
CryptDestroyKey
CryptExportKey
CryptGenKey
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData

api-ms-win-eventing-obsolete-l1-1-0

RegisterTraceGuidsA

api-ms-win-core-toolhelp-l1-1-0

CreateToolhelp32Snapshot
Module32FirstW
Module32NextW

Sections

.text
Size: 416KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RMActivate_isv.exe
.exe windows:10 windows x64 arch:x64

a64b00149541ecb0fa84fd98b79bf54d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rmactivate_isv.pdb

Imports

msvcrt

_CxxThrowException
wcscpy_s
_snwprintf_s
??1type_info@@UEAA@XZ
_stricmp
__CxxFrameHandler3
_wcsicmp
memset
_wcsnicmp
?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
free
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
__C_specific_handler
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
memcpy
memmove

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualProtect
VirtualAlloc
VirtualQuery

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
ReleaseMutex
CreateMutexA
DeleteCriticalSection
InitializeCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentThread

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
GetProcAddress
LoadLibraryExA

api-ms-win-core-rtlsupport-l1-1-0

RtlAddFunctionTable
RtlCaptureContext
RtlDeleteFunctionTable
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetSystemDirectoryW
GetSystemTime
GetVersionExA
GetSystemTimeAsFileTime
GetSystemInfo
GetTickCount

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
TraceMessage
GetTraceLoggerHandle
GetTraceEnableFlags
UnregisterTraceGuids

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapSetInformation

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateGuid

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

crypt32

CryptProtectData
CertVerifyCertificateChainPolicy

api-ms-win-core-file-l1-1-0

DeleteFileW
CreateFileW
GetVolumeInformationW
CreateFileA
GetDriveTypeW
GetLogicalDriveStringsW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-registry-l1-1-0

RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentStringsW

cryptsp

CryptAcquireContextW
CryptContextAddRef
CryptGetDefaultProviderW
CryptReleaseContext
CryptGenRandom
CryptDeriveKey
CryptDestroyKey
CryptExportKey
CryptGenKey
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData

api-ms-win-eventing-obsolete-l1-1-0

RegisterTraceGuidsA

api-ms-win-core-toolhelp-l1-1-0

CreateToolhelp32Snapshot
Module32FirstW
Module32NextW

Sections

.text
Size: 420KB - Virtual size: 419KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RMActivate_ssp.exe
.exe windows:10 windows x64 arch:x64

0a975696c1ebda2fe57027fb43c0a3bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rmactivate_ssp.pdb

Imports

msvcrt

_stricmp
__C_specific_handler
_snwprintf_s
memset
?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
free
wcscpy_s
memcpy

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualAlloc
VirtualFree
VirtualQuery

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
AcquireSRWLockExclusive
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReleaseSRWLockExclusive

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
OpenProcessToken

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExA
GetProcAddress
LoadLibraryExW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlAddFunctionTable
RtlDeleteFunctionTable
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo
GetVersionExA
GetTickCount
GetSystemTime

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapSetInformation
GetProcessHeap

api-ms-win-core-com-l1-1-0

CoCreateGuid

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-heap-l2-1-0

LocalFree

cryptsp

CryptGenKey
CryptExportKey
CryptSetProvParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptDestroyKey
CryptGetDefaultProviderW
CryptAcquireContextW
CryptReleaseContext

api-ms-win-eventing-obsolete-l1-1-0

RegisterTraceGuidsA

Sections

.text
Size: 368KB - Virtual size: 366KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RMActivate_ssp_isv.exe
.exe windows:10 windows x64 arch:x64

0a975696c1ebda2fe57027fb43c0a3bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rmactivate_ssp_isv.pdb

Imports

msvcrt

_stricmp
__C_specific_handler
_snwprintf_s
memset
?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
free
wcscpy_s
memcpy

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualAlloc
VirtualFree
VirtualQuery

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
AcquireSRWLockExclusive
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReleaseSRWLockExclusive

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
OpenProcessToken

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExA
GetProcAddress
LoadLibraryExW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlAddFunctionTable
RtlDeleteFunctionTable
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo
GetVersionExA
GetTickCount
GetSystemTime

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapSetInformation
GetProcessHeap

api-ms-win-core-com-l1-1-0

CoCreateGuid

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-heap-l2-1-0

LocalFree

cryptsp

CryptGenKey
CryptExportKey
CryptSetProvParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptDestroyKey
CryptGetDefaultProviderW
CryptAcquireContextW
CryptReleaseContext

api-ms-win-eventing-obsolete-l1-1-0

RegisterTraceGuidsA

Sections

.text
Size: 372KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ROUTE.EXE
.exe windows:10 windows x64 arch:x64

95110df86ce2e63eb457ce5860c12e57

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

route.pdb

Imports

msvcrt

_amsg_exit
__getmainargs
_vsnwprintf
__set_app_type
atoi
_exit
_XcptFilter
__setusermatherr
free
_initterm
__C_specific_handler
malloc
_stricmp
strtol
_fmode
_fileno
_cexit
_commode
?terminate@@YAXXZ
fprintf
strchr
memset
_setmode
realloc
toupper
_strupr
exit
__iob_func
_wsetlocale
isdigit
_vsnprintf
strcmp

ntdll

RtlIpv4StringToAddressA
RtlIpv4AddressToStringA
RtlIpv6StringToAddressA
RtlIpv6AddressToStringA

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSetInformation
HeapAlloc
HeapFree

iphlpapi

GetIpAddrTable
ConvertLengthToIpv4Mask
ConvertInterfaceLuidToIndex
ConvertIpv4MaskToLength
GetBestInterfaceEx
ConvertInterfaceIndexToLuid
GetAdaptersAddresses

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

ws2_32

inet_ntoa
WSAStartup

api-ms-win-core-sysinfo-l1-1-0

GetVersion
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadPreferredUILanguages

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

nsi

NsiSetAllParameters
NsiFreeTable
NsiGetParameter
NsiAllocateAndGetTable

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP

api-ms-win-security-base-l1-1-0

FreeSid
AllocateAndInitializeSid
CheckTokenMembership

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RdpSa.exe
.exe windows:10 windows x64 arch:x64

ea2d56d44b563d355630390df8e80581

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

RdpSa.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
OpenProcessToken
RegOpenKeyExW
RegNotifyChangeKeyValue
RegGetValueW
GetTokenInformation
GetSecurityInfo
GetLengthSid
SetSecurityInfo
AddAce
GetAce
AddAccessDeniedAce
InitializeAcl

kernel32

LocalFree
HeapFree
GetProcessHeap
FormatMessageW
UnmapViewOfFile
HeapAlloc
FreeLibrary
GetProcAddress
GetModuleHandleExA
LocalAlloc
DelayLoadFailureHook
ResolveDelayLoadedAPI
GetLastError
HeapReAlloc
SetProcessMitigationPolicy
SetEvent
HeapSetInformation
GetCurrentProcess
CloseHandle
ProcessIdToSessionId
GetCurrentProcessId
CreateEventW
Sleep
WaitForSingleObject
MapViewOfFile

user32

DispatchMessageW
PostQuitMessage
TranslateMessage
GetMessageW
LoadStringW
GetWindowLongPtrW
SetTimer
RegisterClassExW
CreateWindowExW
KillTimer
SetWindowLongPtrW
DestroyWindow
DefWindowProcW

msvcrt

??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
_CxxThrowException
_callnewh
??1exception@@UEAA@XZ
memcmp
memcpy
memmove
??1type_info@@UEAA@XZ
malloc
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBD@Z
??3@YAXPEAX@Z
_vsnwprintf
memset
??_V@YAXPEAX@Z
?terminate@@YAXXZ
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_purecall

oleaut32

SysAllocString
SysStringLen
SysAllocStringByteLen
SysFreeString

ntdll

EtwEventWriteFull
EtwEventUnregister
EtwEventRegister

api-ms-win-core-com-l1-1-0

CoUninitialize
CoTaskMemFree
CoInitializeSecurity
CoInitializeEx
StringFromCLSID
CoCreateInstance

sspicli

GetUserNameExW

ws2_32

FreeAddrInfoW
GetAddrInfoW
GetNameInfoW

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentThreadId
TerminateProcess

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

winsta

WinStationSendMessageW
WinStationShadowStop2

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RdpSaProxy.exe
.exe windows:10 windows x64 arch:x64

38572cf26926c24efb1fba5e5629f252

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

RdpSaProxy.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
OpenProcessToken
OpenThreadToken
GetTokenInformation
GetAce
AddAccessDeniedAce
InitializeAcl
GetLengthSid
GetSecurityInfo
SetSecurityInfo
CreateWellKnownSid
EqualSid
AddAccessAllowedAce
AddAce

kernel32

GetCurrentThread
GetCurrentProcessId
ProcessIdToSessionId
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
LocalAlloc
DelayLoadFailureHook
ResolveDelayLoadedAPI
InitializeSRWLock
CloseHandle
GetCurrentProcess
HeapSetInformation
GetModuleHandleExA
GetProcAddress
FreeLibrary
GetLastError
SetProcessMitigationPolicy
LocalFree

user32

GetMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage

msvcrt

_callnewh
??0exception@@QEAA@AEBQEBD@Z
?terminate@@YAXXZ
__CxxFrameHandler3
??0exception@@QEAA@AEBQEBDH@Z
__dllonexit
_unlock
??0exception@@QEAA@AEBV0@@Z
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
??3@YAXPEAX@Z
malloc
_purecall
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
memcmp
??1type_info@@UEAA@XZ
_lock
_onexit
memset

ntdll

EtwEventRegister
EtwEventUnregister

api-ms-win-core-com-l1-1-0

CoRevertToSelf
CoImpersonateClient
CoRevokeClassObject
CoRegisterClassObject
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoTaskMemFree

oleaut32

SysStringByteLen
SysFreeString
SysAllocStringByteLen

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentThreadId
TerminateProcess

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-path-l1-1-0

PathCchCombine

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RdpSaUacHelper.exe
.exe windows:10 windows x64 arch:x64

8af12edd150a1168dc2b3c264d8f5383

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

RdpSaUacHelper.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegDeleteKeyValueW
RegSetKeyValueW
OpenProcessToken
AdjustTokenPrivileges
InitializeSecurityDescriptor
GetTokenInformation
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
InitializeAcl
SetSecurityDescriptorDacl
EventUnregister
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
CreateWellKnownSid
StartServiceW
OpenServiceW

kernel32

UnmapViewOfFile
WaitForMultipleObjects
WaitForSingleObject
GetCurrentProcess
LocalAlloc
LocalFree
SetProcessMitigationPolicy
HeapSetInformation
GetCommandLineW
SetEvent
CreateEventW
GetLastError
FreeLibrary
GetProcAddress
GetModuleHandleExA
CloseHandle
OpenProcess
QueryFullProcessImageNameW
CreateFileMappingW
MapViewOfFile
DelayLoadFailureHook
ResolveDelayLoadedAPI
GetCurrentProcessId
OpenEventW
DuplicateHandle
ProcessIdToSessionId

msvcrt

_wcsicmp
_vsnwprintf
_XcptFilter
_amsg_exit
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
memset

ntdll

EtwEventRegister
EtwEventUnregister

api-ms-win-core-com-l1-1-0

CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoTaskMemFree
StringFromCLSID
CoUninitialize

oleaut32

SysAllocStringByteLen
SysFreeString

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetStartupInfoW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

rpcrt4

RpcStringBindingComposeW
NdrClientCall3
RpcBindingFree
RpcStringFreeW
RpcBindingFromStringBindingW
I_RpcExceptionFilter
RpcBindingSetAuthInfoExW

winsta

WinStationGetAllProcesses
WinStationFreeGAPMemory

api-ms-win-core-path-l1-1-0

PathCchCombine

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ReAgentc.exe
.exe windows:10 windows x64 arch:x64

498a49f8301ecece04f6a27c7229ca18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ReAgentc.pdb

Imports

advapi32

AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegOpenKeyExW
RegQueryValueExW
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey

kernel32

GetSystemInfo
RaiseException
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
VirtualProtect
GetVersionExW
ExpandEnvironmentStringsW
GetFullPathNameW
CreateDirectoryW
GetFileAttributesW
DeleteCriticalSection
CloseHandle
CreateFileW
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
EnterCriticalSection
HeapSetInformation
SetThreadPreferredUILanguages
GetCommandLineW
GetTempPathW
FreeLibrary
SetLastError
HeapFree
GetProcessHeap
HeapAlloc
LocalFree
WriteFile
LocalAlloc
WriteConsoleW
FormatMessageW
GetConsoleMode
GetFileType
GetStdHandle
GetProcAddress
GetLastError
LoadLibraryExW
GetModuleHandleW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
VirtualQuery

msvcrt

__CxxFrameHandler3
wcsncmp
_wcsnicmp
_wtoi
wcstoul
_wcsicmp
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
free
_callnewh
malloc
_vsnwprintf
_vsnprintf
wcsrchr
wcschr
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlAllocateHeap
RtlFreeHeap

user32

CharToOemBuffW

ole32

CoUninitialize
CoInitializeEx

rpcrt4

UuidFromStringW

reagent

WinReInstall
WinReSetError
WinReInitiateOfflineScanning
WinReSetupMigrateData
WinReValidateRecoveryWim
WinReConfigureTask
WinReRepair
WinReGetConfig
WinReGetError
WinReClearError
WinReInstallOnTargetOS
WinRECheckGuid
WinReIsWinPE
WinReQueueRecoveryBoot
WinReSetRecoveryAction

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RecoveryDrive.exe
.exe windows:10 windows x64 arch:x64

143219cce86ad5386e385de7a80166c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

RecoveryDrive.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
RegGetValueW
RegDeleteKeyW
RegGetKeySecurity

kernel32

SetLastError
CreateEventW
CreateThread
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetWindowsDirectoryW
GetCommandLineW
GetTempPathW
GetSystemTimeAsFileTime
ResetEvent
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
ExpandEnvironmentStringsW
WaitForMultipleObjects
GetLogicalDriveStringsW
GetTimeZoneInformation
Sleep
CreateFileW
GetFileSizeEx
GetLocaleInfoW
GetNumberFormatW
ReleaseSRWLockExclusive
LoadLibraryExA
VirtualProtect
SetFilePointer
ReadFile
WritePrivateProfileStringW
SetErrorMode
OutputDebugStringW
IsDebuggerPresent
PowerClearRequest
SetThreadExecutionState
PowerSetRequest
PowerCreateRequest
CreateDirectoryW
GetFileAttributesW
GetSystemWindowsDirectoryW
GetSystemTime
GetCurrentThreadId
FreeLibrary
LoadLibraryExW
SetEvent
CloseHandle
FindResourceExW
SizeofResource
LockResource
LoadResource
GetLastError
SystemTimeToTzSpecificLocalTime
LocalFree
GetProcessHeap
GetProcAddress
HeapAlloc
GetModuleHandleExW
HeapFree
GetVolumeInformationW
GetSystemInfo
VirtualQuery
AcquireSRWLockExclusive

user32

SetWindowLongPtrW
GetSystemMetrics
UnregisterClassA
GetWindowRect
CreateWindowExW
GetWindowTextW
SetActiveWindow
SetWindowTextW
EnableWindow
SetForegroundWindow
GetDlgItem
SendMessageW
ShowWindow
PostMessageW
GetParent
LoadStringW

msvcrt

free
memcpy_s
memmove_s
_wcsicmp
__CxxFrameHandler4
_vscwprintf
vswprintf_s
_vsnwprintf
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_CxxThrowException
wcsncmp
_wcsnicmp
wcschr
memcpy
memmove
wcsrchr
_onexit
__dllonexit
_unlock
_lock
_commode
memset
_purecall
wcstoul
sprintf_s
__C_specific_handler
_fmode
_wcmdln
calloc
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
malloc

ntdll

NtPowerInformation
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtSetInformationFile
RtlNtStatusToDosError
RtlAllocateHeap
RtlGetVersion
RtlFreeHeap

api-ms-win-core-com-l1-1-0

CoInitializeSecurity
CoUninitialize
CoInitializeEx
CoCreateInstance

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

oleaut32

SysAllocString
SysFreeString

rpcrt4

UuidCreate

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapReAlloc
HeapSize

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
OpenProcessToken
GetCurrentProcess
GetCurrentProcessId
GetStartupInfoW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount

api-ms-win-core-file-l1-1-0

SetFileInformationByHandle
GetFileInformationByHandle
GetFinalPathNameByHandleW
GetLongPathNameW
GetFullPathNameW
DeleteFileW
FindClose
FindFirstFileW
SetFileAttributesW
FindNextFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegDeleteTreeW
RegSetKeySecurity
RegEnumKeyExW

unattend

UnattendCtxGetUlong
UnattendCtxDeserializeBuffer
UnattendCtxCleanup

wimgapi

WIMCloseHandle
WIMCreateFile
WIMUnregisterLogFile
WIMGetImageInformation
WIMGetAttributes
WIMRegisterLogFile

comctl32

CreatePropertySheetPageW
PropertySheetW
DestroyPropertySheetPage
InitCommonControlsEx

uxtheme

SetWindowTheme

vssapi

CreateVssBackupComponentsInternal

reagent

WinReIsWimBootEnabled
WinReGetConfig

windlp

CreateDlpManager

wdscore

CurrentIP
WdsTerminate
ConstructPartialMsgVW
WdsSetupLogMessageW
WdsInitialize

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

wofutil

WofEnumEntries

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiGetDeviceInterfacePropertyW

Sections

.text
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Register-CimProvider.exe
.exe windows:10 windows x64 arch:x64

37fcce5845a29682f27dd5ddac6aa7ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Register-CimProvider.pdb

Imports

msvcrt

_unlock
_lock
_onexit
??1type_info@@UEAA@XZ
__CxxFrameHandler4
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
??0exception@@QEAA@AEBQEBD@Z
_purecall
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_wcsicmp
setlocale
_vsnwprintf
exit
wprintf
__dllonexit

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc
HeapSetInformation

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleHandleW

api-ms-win-core-localization-l1-2-0

SetThreadPreferredUILanguages

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

prvdmofcomp

GetProviderSchema
CompileSchemaToWMI
CreateRegisterParameter

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RelPost.exe
.exe windows:10 windows x64 arch:x64

8e846e5c63eccf919d49ea27dd263ef6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

RelPost.pdb

Imports

advapi32

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
RegSetValueExW
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
RegCreateKeyExW
RegCloseKey
EventWrite
EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW

kernel32

OutputDebugStringW
ReleaseSRWLockExclusive
FormatMessageW
ReleaseMutex
WaitForThreadpoolTimerCallbacks
LeaveCriticalSection
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
IsDebuggerPresent
CloseThreadpoolTimer
GetModuleFileNameA
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
GlobalMemoryStatusEx
GetSystemTime
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
DebugBreak
WakeAllConditionVariable
SleepConditionVariableSRW
GetSystemWindowsDirectoryW
GetProcessHeap
HeapSetInformation
CloseHandle
DeleteFileW
GetLastError
GetPrivateProfileStringW
GetFileAttributesW
CreateFileW
GetVolumePathNameW
FindClose
FindNextFileW
HeapFree
GetFileSizeEx
FindFirstFileW
ReadFile
InitializeCriticalSectionEx
Sleep
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetLastError
GetFileSize
GetProcAddress
GetWindowsDirectoryW
WaitForSingleObject
GetStdHandle
GetFileType
WriteFile
WriteConsoleW
CreateDirectoryW
HeapAlloc

msvcrt

_purecall
memcpy_s
memmove_s
_wcsicmp
_lock
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
wcstoul
_wcsnicmp
wcschr
free
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
qsort
_errno
_wtol
malloc
_callnewh
_fmode
_vsnwprintf
memcmp
memcpy
_commode
wcstol
memset

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WinSqmAddToStream
WinSqmEndSession
WinSqmSetString
WinSqmStartSession
WinSqmSetDWORD
WinSqmSetDWORD64

reagent

WinReGetConfig
WinReSetTriggerFile
WinReGetLogDirPath

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize
CoCreateGuid
CoInitializeSecurity
CoInitializeEx

user32

LoadStringW

oleaut32

SysFreeString
VariantInit
VariantChangeType
SysAllocString

wer

WerReportSetUIOption
WerReportAddFile
WerReportSetParameter
WerReportCreate
WerReportSubmit
WerReportCloseHandle

version

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

bcd

BcdOpenObject
BcdCloseObject
BcdCloseStore
BcdOpenSystemStore
BcdGetElementData
BcdSetElementData

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RemotePosWorker.exe
.exe windows:10 windows x64 arch:x64

c6e4fb88aba54e5e339120511bb8f20d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

RemotePosWorker.pdb

Imports

msvcrt

_commode
_fmode
_wcmdln
wcsncmp
?terminate@@YAXXZ
_initterm
__setusermatherr
_cexit
_exit
exit
__C_specific_handler
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
wcschr

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation

api-ms-win-core-synch-l1-1-0

CreateEventW
WaitForSingleObject
SetEvent

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
GetProcAddress
GetModuleHandleW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ResetEngine.exe
.exe windows:10 windows x64 arch:x64

7be250e36699d6849e88f93be3f3a653

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

28:21:c9:f4:28:3c:d8:6f:46:17:97:72:48:12:08:88:5b:1d:93:15:83:91:7a:2d:fd:29:bc:c7:85:dd:68:eb
Signer

Actual PE Digest

28:21:c9:f4:28:3c:d8:6f:46:17:97:72:48:12:08:88:5b:1d:93:15:83:91:7a:2d:fd:29:bc:c7:85:dd:68:eb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ResetEngine.pdb

Imports

kernel32

LoadLibraryExW
GetLastError
GetSystemWindowsDirectoryW
GetProcAddress
LocalFree
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
TerminateProcess
GetCurrentProcess

msvcrt

__C_specific_handler
??1type_info@@UEAA@XZ
_commode
_initterm
_fmode
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_wcsicmp
??3@YAXPEAX@Z
_wcmdln
?terminate@@YAXXZ
memset

shell32

CommandLineToArgvW

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RmClient.exe
.exe windows:10 windows x64 arch:x64

eb0e8d586b57d8075925424da3bd6710

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

RmClient.pdb

Imports

advapi32

GetTokenInformation
LookupAccountSidW
CreateProcessAsUserW
UnregisterTraceGuids
RegisterTraceGuidsW
OpenProcessToken
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage

kernel32

ReadFile
SetNamedPipeHandleState
GetCurrentProcess
WriteFile
CreateFileW
CreateEventW
Sleep
GetLastError
WaitForSingleObjectEx
CloseHandle
HeapSetInformation
ResetEvent
GetOverlappedResult
GetSystemWindowsDirectoryW
GetModuleHandleW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
TerminateProcess

msvcrt

_initterm
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
memcpy
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
wprintf
__setusermatherr
_XcptFilter
memset

ntdll

RtlCaptureContext
RtlFreeHeap
RtlAllocateHeap
RtlLookupFunctionEntry
RtlVirtualUnwind

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Robocopy.exe
.exe windows:10 windows x64 arch:x64

fd7565eca3274aa505e2b7b750db8dce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

robocopy.pdb

Imports

msvcrt

__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
__C_specific_handler
_wcsnicmp
_wcsicmp
malloc
__set_app_type
wcsstr
clock
ctime
time
_lock
_unlock
exit
_exit
_cexit
??1type_info@@UEAA@XZ
__setusermatherr
_initterm
_fmode
__dllonexit
_onexit
_commode
free
memset
?terminate@@YAXXZ
memcpy
memcmp
_CxxThrowException
wcstok_s
wcscat_s
wcscpy_s
fwprintf_s
fflush
wcstol
_wsetlocale
swprintf_s
fwprintf
memmove_s
printf
fgetws
_wcsupr_s
_wfopen
_vsnprintf_s
_fileno
_setmode
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
__iob_func
_errno
_get_osfhandle
fprintf
_purecall
fputws
fclose
memcpy_s
_vsnwprintf
wprintf
__CxxFrameHandler4
wcscmp

kernel32

lstrlenW
WriteConsoleW
GetStdHandle
HeapValidate
GetConsoleMode
GetFileType
HeapSize
HeapReAlloc
HeapDestroy
RaiseException
ExitProcess
OpenThread
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateThread
GetExitCodeThread
ExitThread
GetModuleFileNameA
SizeofResource
CompareStringW
CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
GetFullPathNameW
ReleaseSemaphore
GetModuleHandleExW
ExpandEnvironmentStringsW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
GetVersion
FormatMessageW
LocalFileTimeToFileTime
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
FileTimeToSystemTime
CloseThreadpoolTimer
AcquireSRWLockExclusive
WaitForSingleObjectEx
LockResource
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
FindResourceExW
LoadResource
HeapAlloc
GetLocalTime
GetProcAddress
CreateMutexExW
GetTimeFormatW
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GetModuleHandleW
GetSystemTime
DebugBreak
GetDateFormatW
IsDebuggerPresent
InitializeSRWLock
CloseThreadpoolWork
CreateThreadpool
SetWaitableTimer
TlsSetValue
GetConsoleOutputCP
CreateWaitableTimerW
SetFileTime
WaitForMultipleObjects
SetThreadUILanguage
InitializeCriticalSection
SetErrorMode
CreateFileW
GetFileAttributesW
FindFirstChangeNotificationW
OpenProcess
CreateEventW
CloseThreadpoolCleanupGroupMembers
Sleep
SetThreadpoolThreadMaximum
SetEvent
FindCloseChangeNotification
TlsAlloc
QueryPerformanceFrequency
CreateThreadpoolCleanupGroup
HeapSetInformation
ResetEvent
FindNextChangeNotification
SubmitThreadpoolWork
SleepEx
TlsGetValue
QueryPerformanceCounter
ResumeThread
CreateThreadpoolWork
GetLocaleInfoEx
LocalAlloc
GetNumberFormatEx
LocalFree
WideCharToMultiByte
CreateDirectoryW
GetVolumeInformationW
CompareFileTime
FindFirstFileW
DeviceIoControl
RemoveDirectoryW
FindClose
SetFileAttributesW
GetFileInformationByHandle
GlobalFree
CopyFile2
lstrcmpW
RtlCompareMemory
BackupWrite
CompareStringOrdinal
DeleteFileW
BackupRead
GetTickCount
SetThreadPriority

advapi32

GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetSecurityDescriptorControl
EncryptFileW
ReadEncryptedFileRaw
DecryptFileW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
WriteEncryptedFileRaw
OpenEncryptedFileRawW
CloseEncryptedFileRaw
OpenProcessToken

user32

UnregisterClassA
LoadStringW

ws2_32

WSACleanup

ntdll

NtSetInformationProcess
NtOpenFile
RtlGetDaclSecurityDescriptor
NtQuerySecurityObject
NtQueryDirectoryFile
RtlFreeHeap
NtQueryInformationFile
RtlSetControlSecurityDescriptor
NtClose
NtSetSecurityObject
NtSetEaFile
NtSetInformationFile
RtlInitUnicodeString
RtlGetSaclSecurityDescriptor
RtlDosPathNameToRelativeNtPathName_U
RtlGetControlSecurityDescriptor
RtlNtStatusToDosErrorNoTeb
NtQueryVolumeInformationFile
RtlNtStatusToDosError
NtQueryEaFile

Sections

.text
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RpcPing.exe
.exe windows:10 windows x64 arch:x64

aa6b2a7321ae60f227bdf8367761d35d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

RPCPing.pdb

Imports

advapi32

RegGetValueW
RegOpenKeyExW
RegCloseKey
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
EventActivityIdControl

kernel32

FileTimeToSystemTime
HeapSetInformation
GetProcessHeap
SetThreadPreferredUILanguages
GetTickCount
WideCharToMultiByte
WriteConsoleW
GetConsoleMode
WriteFile
GetComputerNameW
MultiByteToWideChar
GetProcAddress
HeapAlloc
LoadLibraryW
FormatMessageW
SetThreadUILanguage
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
GetStdHandle
HeapFree
GetLastError
LocalFree
GetFileType

msvcrt

free
memcpy
memset
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
malloc
fprintf
_wcsicmp
exit
__iob_func
wcstol
_cgetws_s
_wtoi
_getch
wcstoul
wcschr
wcsstr

rpcrt4

I_RpcCertProcessAndProvision
RpcBindingSetAuthInfoExW
RpcErrorResetEnumeration
RpcStringFreeW
RpcMgmtInqStats
RpcErrorStartEnumeration
RpcEpResolveBinding
RpcErrorLoadErrorInfo
RpcMgmtStatsVectorFree
RpcErrorEndEnumeration
RpcErrorGetNumberOfRecords
RpcBindingFromStringBindingW
RpcErrorClearInformation
RpcErrorGetNextRecord
RpcStringBindingComposeW
RpcErrorSaveErrorInfo
UuidToStringW
UuidFromStringW
RpcCertGeneratePrincipalNameW
UuidCreate

ntdll

RtlCaptureContext
WinSqmIncrementDWORD
WinSqmIsOptedIn
RtlLookupFunctionEntry
RtlVirtualUnwind

winhttp

WinHttpSendRequest
WinHttpQueryAuthSchemes
WinHttpCloseHandle
WinHttpQueryOption
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpOpen
WinHttpReceiveResponse
WinHttpConnect
WinHttpSetCredentials
WinHttpSetOption

crypt32

CertFreeCertificateContext

credui

CredUIPromptForCredentialsW
SspiPromptForCredentialsW

sspicli

SspiEncodeStringsAsAuthIdentity
SspiEncodeAuthIdentityAsStrings

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RunLegacyCPLElevated.exe
.exe windows:10 windows x64 arch:x64

e8302e6a0b9cfc374a02f2dc57a0703a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

RunLegacyCPLElevated.pdb

Imports

kernel32

GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
lstrlenW
ReleaseSemaphore
GetModuleHandleExW
SetErrorMode
WaitForSingleObject
LocalAlloc
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapSetInformation
HeapAlloc
GetProcAddress
CreateMutexExW
LocalFree
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
CreateActCtxW
ActivateActCtx
DeactivateActCtx
ReleaseActCtx

user32

DestroyWindow
GetClassNameW
SetWindowLongPtrW
GetWindow
SetClassLongPtrW
RegisterClassW
GetWindowLongPtrW
LoadCursorW
GetClassLongPtrW
DefWindowProcW
CreateWindowExW

msvcrt

__dllonexit
_lock
_commode
?terminate@@YAXXZ
_initterm
__C_specific_handler
_wcmdln
_onexit
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memcpy_s
_vsnwprintf
_fmode
_unlock
memset

shell32

Control_RunDLLW

shlwapi

PathIsRelativeW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetStartupInfoW
TerminateProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-processenvironment-l1-1-0

SearchPathW

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-file-l1-1-0

GetFileAttributesW

api-ms-win-core-string-l2-1-0

CharNextW

ntdll

RtlSetSearchPathMode

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RuntimeBroker.exe
.exe windows:10 windows x64 arch:x64

ddae2f228a3cb382bc043f060553ed21

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

93:44:f4:f8:5f:09:2d:e0:8d:14:d0:8d:6d:38:77:ec:3d:2c:73:10:1e:0b:8c:a7:05:60:70:19:95:5b:a6:04
Signer

Actual PE Digest

93:44:f4:f8:5f:09:2d:e0:8d:14:d0:8d:6d:38:77:ec:3d:2c:73:10:1e:0b:8c:a7:05:60:70:19:95:5b:a6:04

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

RuntimeBroker.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_exit
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_o__cexit
_o___stdio_common_vswprintf
_o___p__commode
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

ntdll

EtwTraceMessage
RtlEqualSid
RtlIsMultiSessionSku
RtlQueryPackageClaims
RtlQueryPackageIdentity
EtwEventSetInformation
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
EtwEventRegister
EtwEventUnregister
EtwEventWriteTransfer
RtlNtStatusToDosError

api-ms-win-security-base-l1-1-0

AccessCheck
CreateWellKnownSid
CopySid
PrivilegeCheck
GetKernelObjectSecurity
MapGenericMask
GetLengthSid
AccessCheckByType
GetTokenInformation

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
LeaveCriticalSection
InitializeCriticalSectionEx
SetEvent
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
DeleteCriticalSection
CreateEventW
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSemaphore
AcquireSRWLockShared
ReleaseSRWLockShared
EnterCriticalSection
CreateMutexExW
WaitForSingleObject
CreateSemaphoreExW
AcquireSRWLockExclusive
ReleaseMutex
ResetEvent

api-ms-win-core-heap-l1-1-0

HeapFree
HeapSetInformation
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
SetErrorMode
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
OpenThreadToken
SetProcessShutdownParameters
GetCurrentProcess
GetCurrentProcessId
SetThreadStackGuarantee
GetCurrentThread
TerminateProcess
GetCurrentThreadId

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy
SetProcessMitigationPolicy

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

msvcp_win

_Query_perf_counter
_Query_perf_frequency

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualAlloc
VirtualProtect

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SIHClient.exe
.exe windows:10 windows x64 arch:x64

2f653d0e9942af4923bac5199d0cef8b

Code Sign

33:00:00:04:6f:5a:72:76:81:13:5a:26:6c:00:00:00:00:04:6f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/02/2024, 19:22

Not After

07/02/2025, 19:22

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:0d:c5:f3:89:32:10:b2:4a:2c:8c:60:66:65:1f:ec:3e:67:b3:c9:f5:0a:1a:38:93:34:74:0d:af:33:e0:a4
Signer

Actual PE Digest

5a:0d:c5:f3:89:32:10:b2:4a:2c:8c:60:66:65:1f:ec:3e:67:b3:c9:f5:0a:1a:38:93:34:74:0d:af:33:e0:a4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SIHClient.pdb

Imports

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreate
UuidFromStringW

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoCreateGuid
CoInitializeEx
IIDFromString
CoCreateInstance

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetProcAddress
LoadResource
GetModuleFileNameA
LoadLibraryExW
GetModuleHandleExW
GetModuleHandleW
FreeLibrary

api-ms-win-core-processthreads-l1-1-3

GetProcessInformation

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetErrorMode
RaiseException
GetLastError

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
HeapSetInformation

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSection
OpenSemaphoreW
ReleaseSemaphore
EnterCriticalSection
OpenMutexW
CreateMutexExW
LeaveCriticalSection
WaitForSingleObject
CreateSemaphoreExW
AcquireSRWLockShared
ReleaseSRWLockExclusive
WaitForSingleObjectEx
CreateMutexW
ReleaseSRWLockShared
InitializeCriticalSectionEx
ReleaseMutex
AcquireSRWLockExclusive

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-crt-private-l1-1-0

_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_errno
_o__set_fmode
_o__set_new_mode
_o__wsplitpath_s
_o__wtoi
_o__wtoi64
_o__wtol
_o_abort
_o_exit
_o_free
_o_iswalnum
_o_iswalpha
_o_malloc
_o_qsort
_o_rand
_o_srand
_o_strncpy_s
_o_strtol
_o_terminate
_o_towlower
_o_wcscpy_s
_o_wcstoul
_o____lc_codepage_func
_o__free_base
_o__exit
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o__crt_atexit
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_wide_argv
_o__configthreadlocale
_o___p__commode
_o___p___wargv
_o___p___argc
_o__cexit
_o__calloc_base
_o__callnewh

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetLocalTime
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetVersionExW
GetSystemTime
GetSystemWindowsDirectoryW

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegEnumKeyExW
RegQueryValueExW
RegCreateKeyExW

api-ms-win-security-base-l1-1-0

InitializeSecurityDescriptor
AddAccessAllowedAceEx
InitializeAcl
CreateWellKnownSid
ImpersonateLoggedOnUser
RevertToSelf
SetSecurityDescriptorDacl
IsValidSid
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
DuplicateTokenEx
CopySid
GetLengthSid
GetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo
GetNativeSystemInfo

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-kernel32-legacy-l1-1-0

DosDateTimeToFileTime

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
EnableTraceEx2
StartTraceW

api-ms-win-eventing-consumer-l1-1-0

CloseTrace

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-apiquery-l2-1-0

IsApiSetImplemented

api-ms-win-core-util-l1-1-0

EncodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwindEx
RtlPcToFileHeader
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-fibers-l1-1-0

FlsSetValue
FlsFree
FlsAlloc
FlsGetValue

ntdll

RtlGetDeviceFamilyInfoEnum

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

iphlpapi

GetNetworkConnectivityHint

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

Sections

.text
Size: 286KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SearchFilterHost.exe
.exe windows:10 windows x64 arch:x64

de713025cb6947647032d9d61612bc54

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SearchFilterHost.pdb

Imports

msvcp_win

?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z

api-ms-win-crt-string-l1-1-0

wcsncmp
wcscmp
memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsicmp
_o__wcsnicmp
_o__wtoi64
_o_abort
_o_exit
_o_free
_o_malloc
_o_realloc
_o_strerror
_o_terminate
_o_wcsncpy_s
__current_exception
__current_exception_context
_CxxThrowException
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o__exit
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o__errno
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
__C_specific_handler
__std_terminate
__CxxFrameHandler3
__C_specific_handler_noexcept
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
LoadResource
SizeofResource
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
FreeLibrary
GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW
FindResourceExW
GetModuleHandleExA

api-ms-win-core-synch-l1-1-0

ReleaseMutex
CreateSemaphoreExW
ResetEvent
ReleaseSemaphore
WaitForSingleObject
OpenEventW
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionEx
SetEvent
CreateEventW
DeleteCriticalSection
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapSetInformation
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
SetErrorMode

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
SetPriorityClass
GetCurrentThread
OpenThreadToken
GetCurrentProcessId
TerminateProcess
GetProcessTimes
OpenProcessToken
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
FormatMessageW
FormatMessageA
GetLocaleInfoEx

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

GetHandleInformation
CloseHandle

oleaut32

VarUI4FromStr

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister
EventActivityIdControl

api-ms-win-core-com-l1-1-0

CoCreateInstance
StringFromCLSID
CoUninitialize
CoTaskMemRealloc
CoInitializeEx
CoTaskMemFree
CoCreateFreeThreadedMarshaler
PropVariantClear
CoInitializeSecurity
CoTaskMemAlloc
PropVariantCopy

api-ms-win-core-processthreads-l1-1-1

GetThreadTimes
SetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegGetValueW
RegCreateKeyExW
RegEnumValueW
RegCloseKey
RegDeleteKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce

api-ms-win-core-windowserrorreporting-l1-1-0

WerSetFlags

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation
SetThreadDescription

api-ms-win-security-base-l1-1-0

CreateWellKnownSid
InitializeAcl
GetAce
AddAce
SetSecurityDescriptorDacl
GetTokenInformation
SetSecurityDescriptorOwner
IsValidSid
GetLengthSid
CopySid
SetSecurityDescriptorGroup
InitializeSecurityDescriptor
GetAclInformation
AddAccessAllowedAce

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW
LookupAccountNameW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
ExpandEnvironmentStringsW

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage
GetUserDefaultUILanguage

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW

ntdll

RtlNtStatusToDosError
RtlGetPersistedStateLocation
RtlIsStateSeparationEnabled

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-rtcore-ntuser-window-l1-1-0

PeekMessageW
DispatchMessageW

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjects

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SearchIndexer.exe
.exe windows:10 windows x64 arch:x64

0095fa655f492c8692daf70383a49e26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SearchIndexer.pdb

Imports

msvcp_win

??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W0@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??Bios_base@std@@QEBA_NXZ
?_Xbad_alloc@std@@YAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?_Xout_of_range@std@@YAXPEBD@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Wcscoll
_Wcsxfrm
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xbad_function_call@std@@YAXXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?_Winerror_map@std@@YAHH@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Syserror_map@std@@YAPEBDH@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$collate@_W@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?is@?$ctype@_W@std@@QEBA_NF_W@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memmove_s
wcsncmp
wcscmp
memset
wcspbrk

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__recalloc
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_errno
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcslwr_s
_o__wcsnicmp
memmove
_o__wtol
_o_abort
_o_calloc
_o_ceilf
_o_exit
_o_free
_o_iswspace
_o_iswxdigit
_o_malloc
_o_qsort
_o_realloc
_o_terminate
_o_towupper
_o_wcsncpy_s
_o_wcstok
_o_wcstol
_o_wmemcpy_s
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__crt_atexit
_o__configure_narrow_argv
_o__configthreadlocale
_o__get_narrow_winmain_command_line
_o__cexit
_o__get_errno
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o__invalid_parameter_noinfo_noreturn
_o___std_exception_destroy
_o___std_exception_copy
_o__invalid_parameter_noinfo
_o___p__commode
_o__initialize_onexit_table
_o____lc_codepage_func
__C_specific_handler
__std_terminate
__CxxFrameHandler4
wcschr
wcsstr
strchr
_o__exit
_o__errno
_o__initialize_narrow_environment
__C_specific_handler_noexcept
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
SizeofResource
LockResource
GetModuleHandleExW
LoadResource
GetProcAddress
GetModuleHandleW
FindStringOrdinal
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
FindResourceExW
LoadStringW
GetModuleHandleExA

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
OpenEventW
ReleaseSemaphore
ReleaseMutex
CreateEventW
ResetEvent
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
TryAcquireSRWLockExclusive
CreateMutexW
SetEvent
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
AcquireSRWLockExclusive
CreateSemaphoreExW
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapReAlloc
HeapSetInformation
GetProcessHeap
HeapDestroy
HeapSize
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
RaiseException
GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
CreateThread
GetCurrentThread
GetCurrentProcess
OpenProcessToken
OpenThreadToken
TlsAlloc
TlsFree
SetPriorityClass
GetStartupInfoW

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetSystemDefaultLCID
GetSystemPreferredUILanguages
LCMapStringW
FormatMessageA
LocaleNameToLCID
ResolveLocaleName
GetNLSVersionEx
GetLocaleInfoW
GetLocaleInfoEx

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

oleaut32

VarUI4FromStr
VarBstrCat
SysFreeString
SysAllocStringByteLen
SetErrorInfo
GetErrorInfo
SysStringByteLen
LoadRegTypeLi
SysStringLen
SysAllocStringLen
SafeArrayGetElement
VariantClear
VariantInit
LoadTypeLi
SafeArrayGetUBound
SafeArrayDestroy
SysAllocString

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCloseKey
RegEnumValueW
RegCreateKeyExW
RegDeleteKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegGetKeySecurity
RegQueryValueExW
RegGetValueW
RegDeleteValueW
RegDeleteTreeW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindNextComponentW
PathIsUNCServerW
PathIsUNCServerShareW
PathIsRootW
PathCanonicalizeW
PathFileExistsW
PathAddBackslashW
PathRemoveBackslashW
PathIsUNCW
PathSkipRootW
PathStripToRootW
PathAppendW

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoAddRefServerProcess
CoImpersonateClient
CoRegisterClassObject
CoTaskMemFree
CoInitializeSecurity
CoTaskMemAlloc
CoGetMalloc
CoCreateInstance
CoUninitialize
CoInitializeEx
IIDFromString
CoResumeClassObjects
CoRevokeClassObject
CLSIDFromString
CoMarshalInterface
CoReleaseServerProcess
StringFromGUID2
CoCreateFreeThreadedMarshaler
PropVariantClear
CoRevertToSelf

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
IsThreadpoolTimerSet
CreateThreadpoolTimer

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep
InitOnceBeginInitialize
InitOnceComplete
InitOnceInitialize

ntdll

RtlNtStatusToDosError
RtlIsStateSeparationEnabled
NtQueryWnfStateData
NtOpenFile
RtlInitUnicodeString
NtSetInformationFile
RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlPublishWnfStateData
RtlQueryPackageClaims
RtlGetPersistedStateLocation
RtlGetDeviceFamilyInfoEnum

api-ms-win-core-file-l1-1-0

SetFileAttributesW
GetFileAttributesW
FindClose
RemoveDirectoryW
FindNextFileW
FindFirstFileExW
FindFirstFileW
CreateDirectoryW
CreateFileW
FindVolumeClose
GetVolumeInformationW
FindFirstVolumeW
FindNextVolumeW
GetDriveTypeW
GetFileTime
GetFileAttributesExW
GetLogicalDrives
CompareFileTime
DeleteFileW
SetFileTime

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventActivityIdControl
EventWriteTransfer
EventRegister
EventEnabled
EventUnregister

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetVersionExW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte
CompareStringW

api-ms-win-shcore-registry-l1-1-0

SHDeleteKeyW
SHGetValueW
SHSetValueW
SHCopyKeyW

api-ms-win-shell-shdirectory-l1-1-0

ord290

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW
SearchPathW
GetEnvironmentVariableW
SetEnvironmentVariableW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
OpenServiceW

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy
IsProcessorFeaturePresent
OpenProcess

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage
GetUserDefaultUILanguage

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

shcore

SHStrDupW
ord1

combase

ord184

mssrch

?GetFileChangeClientManagerInstance@@YA?AV?$shared_ptr@UIFileChangeClientManager@ChangeTracking@Windows@@@std@@XZ
??0CSearchServiceObj@@QEAA@XZ
??1CSearchServiceObj@@QEAA@XZ
?GetFilterHostProcessPoolManager@CSearchServiceObj@@SAJPEAPEAUIFilterHostProcessPoolManager@@@Z
?Cleanup@CSearchServiceObj@@SAXXZ

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW
StrCmpNICW

api-ms-win-core-path-l1-1-0

PathCchSkipRoot

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW
GetSystemPowerStatus
RegisterWaitForSingleObject

api-ms-win-service-winsvc-l1-1-0

ControlService
QueryServiceStatus

api-ms-win-service-core-l1-1-1

EnumDependentServicesW

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-winrt-l1-1-0

RoRegisterActivationFactories
RoGetActivationFactory
RoRevokeActivationFactories

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsCreateString
WindowsDeleteString

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

rpcrt4

I_RpcBindingInqLocalClientPID

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-appmodel-runtime-l1-1-1

GetApplicationUserModelIdFromToken

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

propsys

ord437

Sections

.text
Size: 680KB - Virtual size: 679KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SearchProtocolHost.exe
.exe windows:10 windows x64 arch:x64

d19c10bf248bf708a424a2725cd3d721

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SearchProtocolHost.pdb

Imports

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_set_error_mode
_initterm_e
_initterm
_c_exit

api-ms-win-crt-string-l1-1-0

wcsncmp
memset
wcscmp

api-ms-win-crt-private-l1-1-0

_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow
_o__itow_s
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcsnicmp
memmove
_o__wtoi
_o__wtol
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_strerror
_o_terminate
_o_wcsncpy_s
__current_exception
__current_exception_context
_CxxThrowException
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o__get_initial_wide_environment
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o__exit
_o___std_exception_destroy
_o___std_exception_copy
_o__errno
_o___p__commode
_o___p___wargv
_o___p___argc
__std_terminate
wcschr
__C_specific_handler
__CxxFrameHandler3
__C_specific_handler_noexcept
memcmp
memcpy

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventEnabled
EventUnregister
EventActivityIdControl
EventWriteTransfer
EventRegister

api-ms-win-security-base-l1-1-0

GetSidLengthRequired
CreateWellKnownSid
EqualPrefixSid
MakeAbsoluteSD
SetSecurityDescriptorSacl
GetTokenInformation
SetSecurityDescriptorDacl
AdjustTokenPrivileges
RevertToSelf
GetAclInformation
SetSecurityDescriptorGroup
InitializeSid
SetSecurityDescriptorOwner
GetAce
GetSidSubAuthority
MakeSelfRelativeSD
AddAccessAllowedAce
CopySid
GetSecurityDescriptorLength
GetLengthSid
ImpersonateLoggedOnUser
IsValidSid
AddAce
DeleteAce
InitializeSecurityDescriptor
InitializeAcl

oleaut32

SysFreeString
VarUI4FromStr
CreateErrorInfo
SetErrorInfo
GetErrorInfo
SysAllocString
SysStringLen

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FreeLibrary
GetModuleHandleA
SizeofResource
LoadLibraryExW
FindResourceExW
LoadResource
GetModuleFileNameW
GetModuleFileNameA
LoadStringW
GetModuleHandleExW
GetProcAddress
GetModuleHandleExA

api-ms-win-core-windowserrorreporting-l1-1-0

WerSetFlags

api-ms-win-core-errorhandling-l1-1-1

RemoveVectoredExceptionHandler
AddVectoredExceptionHandler

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW
LookupAccountNameW
LookupAccountSidW

api-ms-win-core-com-l1-1-0

StringFromCLSID
CoInitializeSecurity
PropVariantClear
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree
CLSIDFromString
CoDisconnectObject
CoCreateFreeThreadedMarshaler
CoTaskMemRealloc
CLSIDFromProgID
PropVariantCopy

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep
InitOnceExecuteOnce

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyExW
RegOpenKeyExW
RegDeleteValueW
RegEnumValueW
RegGetValueW
RegQueryInfoKeyW
RegSetValueExW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
CompareStringW
MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

LCMapStringW
FormatMessageA
GetSystemDefaultLCID
LocaleNameToLCID
GetLocaleInfoEx
FormatMessageW
ResolveLocaleName
GetLocaleInfoW

api-ms-win-core-synch-l1-1-0

ResetEvent
WaitForSingleObject
InitializeCriticalSectionEx
InitializeCriticalSection
TryAcquireSRWLockExclusive
LeaveCriticalSection
ReleaseSemaphore
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
AcquireSRWLockShared
CreateSemaphoreExW
CreateEventExW
EnterCriticalSection
InitializeSRWLock
ReleaseSRWLockShared
OpenEventW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
AcquireSRWLockExclusive
CreateEventW
CreateMutexExW
SetEvent
ReleaseSRWLockExclusive
SetWaitableTimerEx
CreateWaitableTimerExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap
HeapSetInformation

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetErrorMode
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-handle-l1-1-0

DuplicateHandle
GetHandleInformation
CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
GetCurrentThread
OpenProcessToken
CreateThread
GetCurrentProcessId
TerminateProcess
OpenThreadToken
SetPriorityClass
GetProcessTimes

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription
SetProcessInformation

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
ReadProcessMemory
WriteProcessMemory

api-ms-win-shell-namespace-l1-1-0

ILFree
SHCreateItemFromIDList
SHParseDisplayName

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy
IsProcessorFeaturePresent
GetThreadTimes

ntdll

NtCreateSection
RtlAppendUnicodeToString
RtlGetPersistedStateLocation
RtlFreeUnicodeString
NtClose
RtlStringFromGUIDEx
NtCreateFile
RtlNtStatusToDosError
NtQueryInformationProcess
RtlIsStateSeparationEnabled
NtMapViewOfSection
NtCreateCrossVmEvent
RtlAppendUnicodeStringToString
RtlQueryPackageClaims

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
SearchPathW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage
GetSystemDefaultUILanguage

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

shcore

ord107

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW

api-ms-win-core-file-l1-1-0

LockFile
SetFilePointer
WriteFile
SetEndOfFile
GetFileTime
GetFileSize
FlushFileBuffers
CreateFileW
DeleteFileW
UnlockFile
ReadFile

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Sections

.text
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SecEdit.exe
.exe windows:10 windows x64 arch:x64

58a66c69176097c9b8c5c9ae4273bd6f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SecEdit.pdb

Imports

msvcrt

_initterm
?terminate@@YAXXZ
__C_specific_handler
_fmode
_commode
towlower
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
wcsncpy_s
sprintf_s
wcsrchr
vfwprintf
vprintf
fgetwc
__iob_func
vswprintf_s
wcscat_s
wcscpy_s
iswctype
_wcsicmp
setlocale

api-ms-win-core-console-l1-1-0

WriteConsoleW
SetConsoleCtrlHandler
GetConsoleOutputCP

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetCurrentDirectoryW

api-ms-win-core-file-l1-1-0

SetFilePointer
GetFileType
GetFileAttributesW
CreateFileW
WriteFile

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageW

api-ms-win-security-base-l1-1-0

CheckTokenMembership
FreeSid
AllocateAndInitializeSid

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
LoadStringW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsRootW
PathCanonicalizeW

scecli

SceSetupGenerateTemplate
SceFreeMemory
SceBrowseDatabaseTable
SceGetSecurityProfileInfo
SceWriteSecurityProfileInfo
SceConfigureSystem
SceOpenProfile
SceCloseProfile
SceGenerateRollback
SceFreeProfileMemory
SceIsSystemDatabase
SceAnalyzeSystem
SceRegisterRegValues

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SecureBootEncodeUEFI.exe
.exe windows:10 windows x64 arch:x64

50b7f23fb4127092e45b6a48c59a787d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SecureBootEncodeUEFI.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm
_initterm_e
_c_exit

api-ms-win-crt-private-l1-1-0

_o___p__commode
_o___std_exception_copy
_o___std_exception_destroy
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
memmove
_o__set_new_mode
_o_exit
_o_free
_o_malloc
_o_qsort
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___p___argc
_CxxThrowException
__CxxFrameHandler3
__std_terminate
__CxxFrameHandler4
_o___p___wargv
memcmp
memcpy
_o__purecall

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlInitUnicodeString
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtQuerySystemEnvironmentValueEx

kernel32

GetCurrentThread
ReleaseMutex
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalAlloc
LocalFree
FormatMessageW
GetLastError
OutputDebugStringW
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
GetProcAddress
HeapAlloc
CreateThreadpoolTimer
GetCurrentThreadId
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
LeaveCriticalSection
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
CloseThreadpoolTimer
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
ReleaseSRWLockExclusive

advapi32

EventUnregister
RegSetValueExW
EventSetInformation
RegCreateKeyExW
EventRegister
EventWriteTransfer
RegCloseKey
OpenProcessToken
OpenThreadToken
DuplicateTokenEx
SetThreadToken
LookupPrivilegeValueW
AdjustTokenPrivileges

bcrypt

BCryptHash

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SecurityHealthHost.exe
.exe windows:10 windows x64 arch:x64

d4f6418441fefe7dd515cc06ad99b6b1

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:18:d0:37:6f:1d:e5:55:53:d3:35:94:36:df:7d:07:1d:e0:9a:de:3c:c3:ec:51:51:cc:34:e1:22:8f:ed:d5
Signer

Actual PE Digest

0b:18:d0:37:6f:1d:e5:55:53:d3:35:94:36:df:7d:07:1d:e0:9a:de:3c:c3:ec:51:51:cc:34:e1:22:8f:ed:d5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SecurityHealthHost.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_invalid_parameter_noinfo
_seh_filter_exe
_invalid_parameter_noinfo_noreturn
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_errno
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_initterm_e
exit
_exit
_c_exit
__p___argc
__p___wargv
_cexit

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
__stdio_common_vsnprintf_s
__stdio_common_vswprintf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
_callnewh
malloc

api-ms-win-crt-private-l1-1-0

__C_specific_handler
__std_exception_destroy
__std_exception_copy
__current_exception
__std_terminate
__CxxFrameHandler4
memmove
__current_exception_context
_CxxThrowException
_purecall
memcmp
memcpy
__CxxFrameHandler3

api-ms-win-crt-string-l1-1-0

memset

ole32

CoInitializeSecurity
CoRegisterSurrogate
CLSIDFromString
CoCreateInstance
CoGetClassObject
IIDFromString
CoMarshalInterface
CoInitializeEx
CoRevokeClassObject
CoRegisterClassObject
CoReleaseMarshalData
CoUninitialize

kernel32

EncodePointer
DebugBreak
CloseHandle
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
GetSystemDirectoryW
GetFileAttributesW
CreateFileW
FreeLibrary
LockResource
LoadResource
SizeofResource
FindResourceW
LoadLibraryExW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError

api-ms-win-core-debug-l1-1-0

OutputDebugStringW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW

ntdll

RtlNtStatusToDosError
RtlGetPersistedStateLocation

api-ms-win-core-synch-l1-1-0

CreateMutexExW
InitializeCriticalSectionEx
WaitForSingleObject
AcquireSRWLockShared
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSemaphore
CreateSemaphoreExW
AcquireSRWLockExclusive
OpenSemaphoreW
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

crypt32

CertVerifyCertificateChainPolicy

wintrust

CryptCATAdminReleaseContext
WTHelperProvDataFromStateData
CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
WTHelperGetProvSignerFromChain
CryptCATAdminAcquireContext
CryptCATCatalogInfoFromContext

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SecurityHealthService.exe
.exe windows:10 windows x64 arch:x64

dd53616d3d0b3e462b077a47d02c95b8

Code Sign

33:00:00:04:70:69:f2:ac:06:49:04:ec:1c:00:00:00:00:04:70
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/02/2024, 19:22

Not After

07/02/2025, 19:22

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

86:73:3f:79:ff:f4:64:73:8f:65:37:87:9d:10:c5:87:55:82:f3:aa:78:01:35:e4:1f:4a:70:86:3c:fc:c0:ea
Signer

Actual PE Digest

86:73:3f:79:ff:f4:64:73:8f:65:37:87:9d:10:c5:87:55:82:f3:aa:78:01:35:e4:1f:4a:70:86:3c:fc:c0:ea

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SecurityHealthService.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
_wcsnicmp
_wcsicmp

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
terminate
_crt_atexit
_invalid_parameter_noinfo
_initialize_onexit_table
_set_app_type
_register_onexit_function
_configure_wide_argv
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___wargv
__p___argc
_errno
_exit
exit
_initterm_e
_initterm
_get_initial_wide_environment
_invalid_parameter_noinfo_noreturn
_initialize_wide_environment

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnprintf_s
_set_fmode
__p__commode
__stdio_common_vsprintf
__stdio_common_vswprintf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_callnewh
_set_new_mode
malloc

api-ms-win-crt-private-l1-1-0

__std_exception_copy
_CxxThrowException
__current_exception_context
memcmp
__CxxFrameHandler3
__C_specific_handler
wcsrchr
_purecall
__std_terminate
__CxxFrameHandler4
__std_exception_destroy
__current_exception
memcpy
memmove

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoFreeUnusedLibrariesEx

kernel32

IsProcessorFeaturePresent
SizeofResource
DelayLoadFailureHook
ResolveDelayLoadedAPI
CreateEventW
GetSystemDirectoryW
GetFileAttributesW
CreateFileW
ExpandEnvironmentStringsW
FindNextFileW
DebugBreak
GetLocalTime
SwitchToThread
GetLastError
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
Sleep
GetTickCount64
LocalFree
CloseHandle
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FindResourceW
GetModuleHandleW
GetCurrentProcess
TerminateProcess
LockResource
DecodePointer
EncodePointer
FindFirstFileW
CreateDirectoryW
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
FindClose
LoadResource

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
RegisterTraceGuidsW
UnregisterTraceGuids

api-ms-win-security-base-l1-1-0

MakeAbsoluteSD

api-ms-win-core-debug-l1-1-0

OutputDebugStringW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-errorhandling-l1-1-0

SetLastError

api-ms-win-core-file-l1-1-0

CompareFileTime
DeleteFileW
FileTimeToLocalFileTime
GetFinalPathNameByHandleW

ntdll

NtQuerySystemInformation
RtlNtStatusToDosError
RtlGetDeviceFamilyInfoEnum
RtlGetPersistedStateLocation

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSemaphore
AcquireSRWLockShared
DeleteCriticalSection
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
CreateSemaphoreExW
AcquireSRWLockExclusive
CreateMutexExW
WaitForSingleObject

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
RemoveDllDirectory
GetProcAddress
AddDllDirectory

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SecurityHealthSystray.exe
.exe windows:10 windows x64 arch:x64

4596ed340b987a02053f76ab442bf380

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SecurityHealthSystray.pdb

Imports

advapi32

CloseServiceHandle
RegCloseKey
RegOpenKeyExW
TraceMessage
OpenServiceW
QueryServiceConfigW
StartServiceW
OpenSCManagerW
QueryServiceStatus
RegQueryValueExW

kernel32

IsDebuggerPresent
DebugBreak
GetModuleHandleW
DelayLoadFailureHook
ResolveDelayLoadedAPI
GetTickCount
CreateEventW
InitializeCriticalSectionAndSpinCount
GetProcessHeap
GetCurrentProcessId
CreateMutexExW
GetProcAddress
HeapAlloc
RaiseException
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
FormatMessageW
Sleep
ProcessIdToSessionId
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
LeaveCriticalSection
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm_e
_initterm
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__recalloc
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o__get_initial_wide_environment
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
__CxxFrameHandler4
_CxxThrowException
memcpy
memmove

ole32

CoUninitialize
CoCreateInstance
CoFreeUnusedLibrariesEx
CoInitializeEx

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSection

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache
IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

ntdll

EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwGetTraceEnableFlags

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SensorDataService.exe
.exe windows:10 windows x64 arch:x64

8e6ff8702c4766b55496397980d1fab6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SensorDataService.pdb

Imports

msvcrt

realloc
memmove_s
free
wcscpy_s
_snwprintf_s
_vsnprintf_s
__CxxFrameHandler4
swprintf_s
memcpy_s
??_V@YAXPEAX@Z
_vsnwprintf_s
_wcsicmp
sprintf
memcmp
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
??8type_info@@QEBAHAEBV0@@Z
??1type_info@@UEAA@XZ
_callnewh
malloc
wprintf_s
_purecall
??3@YAXPEAX@Z
_vsnwprintf
memset

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
RemoveDllDirectory
AddDllDirectory
GetModuleHandleW
LoadLibraryExW
GetProcAddress
GetModuleFileNameW
GetModuleHandleExW
GetModuleFileNameA
LoadStringW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
OpenProcessToken

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo
GetTickCount
GetTickCount64

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventActivityIdControl
EventSetInformation
EventWriteTransfer

api-ms-win-service-management-l1-1-0

StartServiceW
CreateServiceW
CloseServiceHandle
OpenServiceW
DeleteService
OpenSCManagerW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoUninitialize
RoGetActivationFactory
RoInitialize

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
DeleteCriticalSection
SetEvent
CreateEventExW
ReleaseSRWLockShared
AcquireSRWLockExclusive
CreateSemaphoreExW
ReleaseSRWLockExclusive
InitializeSRWLock
ReleaseSemaphore
ResetEvent
ReleaseMutex
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObjectEx
OpenSemaphoreW
WaitForSingleObject
AcquireSRWLockShared
CreateMutexExW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegNotifyChangeKeyValue
RegCloseKey
RegGetValueW
RegCreateKeyExW

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx
ChangeServiceConfig2W

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoTransformError
RoOriginateError

api-ms-win-core-com-l1-1-0

CoGetApartmentType
CoTaskMemFree
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoCreateInstance

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

ntdll

RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsIsStringEmpty
WindowsCompareStringOrdinal
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsDuplicateString

api-ms-win-security-base-l1-1-0

GetTokenInformation
AllocateAndInitializeSid
FreeSid
DuplicateToken
CheckTokenMembership

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedFileLocationW
GetPersistedRegistryLocationW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFamilyName

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-threadpool-l1-2-0

CloseThreadpool
CloseThreadpoolWork
FreeLibraryWhenCallbackReturns
WaitForThreadpoolIoCallbacks
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolThreadMaximum
CloseThreadpoolWait
SubmitThreadpoolWork
WaitForThreadpoolWaitCallbacks
SetThreadpoolTimer
SetThreadpoolWait
CreateThreadpool
CancelThreadpoolIo
WaitForThreadpoolWorkCallbacks
CloseThreadpoolIo
CloseThreadpoolTimer
StartThreadpoolIo
CreateThreadpoolIo
CreateThreadpoolWait
CreateThreadpoolWork

api-ms-win-core-namedpipe-l1-1-0

ConnectNamedPipe
CreateNamedPipeW

api-ms-win-core-io-l1-1-0

GetOverlappedResult

api-ms-win-core-file-l1-1-0

ReadFile
WriteFile

api-ms-win-core-kernel32-legacy-l1-1-0

GetNamedPipeClientProcessId

Sections

.text
Size: 868KB - Virtual size: 865KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 236KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SensorRuntimeBroker.exe
.exe windows:10 windows x64 arch:x64

945f13d60b3cfa3bbe130dc0b7bbf330

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SensorRuntimeBroker.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o___p__commode
_o__callnewh
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlSubAuthoritySid
RtlSubAuthorityCountSid
RtlInitUnicodeString

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseMutex
CreateEventExW
WaitForSingleObject
AcquireSRWLockExclusive
InitializeCriticalSectionEx
LeaveCriticalSection
CreateMutexExW
ReleaseSemaphore
EnterCriticalSection
AcquireSRWLockShared
DeleteCriticalSection
CreateSemaphoreExW
OpenSemaphoreW
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString
WindowsCreateString
WindowsGetStringRawBuffer

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
GetTraceEnableFlags
RegisterTraceGuidsW

api-ms-win-security-base-l1-1-0

SetTokenInformation
AdjustTokenPrivileges
GetTokenInformation
GetLengthSid

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoInitialize
RoUninitialize
RoRegisterActivationFactories

api-ms-win-core-com-l1-1-0

CoRevokeClassObject
CoRegisterClassObject
CoResumeClassObjects
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoReleaseServerProcess
CoCreateInstance
CoAddRefServerProcess

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

combase

ord69

wpprecorderum

WppAutoLogStart
WppAutoLogStop
WppAutoLogTrace

api-ms-win-core-com-l1-1-3

CoRegisterDeviceCatalog
CoRevokeDeviceCatalog

oleaut32

SysStringLen
SysFreeString
SetErrorInfo

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ShellAppRuntime.exe
.exe windows:10 windows x64 arch:x64

ee4b6a57283fd700f7f22708f335159b

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

46:90:2e:64:6a:f1:eb:be:bf:25:3f:a7:2d:29:fd:21:3d:cf:5b:78:ea:2e:20:22:b4:72:c3:21:45:75:0e:ed
Signer

Actual PE Digest

46:90:2e:64:6a:f1:eb:be:bf:25:3f:a7:2d:29:fd:21:3d:cf:5b:78:ea:2e:20:22:b4:72:c3:21:45:75:0e:ed

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ShellAppRuntime.pdb

Imports

advapi32

GetTokenInformation
MakeAbsoluteSD
ConvertStringSecurityDescriptorToSecurityDescriptorW
EventUnregister
RegGetValueW
RegOpenKeyExW
EventSetInformation
EventRegister
EventWriteTransfer
RegOpenCurrentUser
RegCloseKey
RegSetKeyValueW
GetNamedSecurityInfoW
EqualSid
RegDeleteValueW
RegEnumKeyExW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegEnumValueW
GetSecurityInfo
GetAclInformation
GetAce
DeleteAce
SetSecurityInfo
InitializeAcl
AddAce
RegDeleteKeyExW
SetEntriesInAclW
SetNamedSecurityInfoW
TraceMessage
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
NotifyServiceStatusChangeW
CloseServiceHandle
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetSecurityDescriptorDacl
EventEnabled
EventWrite
QueryServiceStatus
RegQueryInfoKeyW
CheckTokenMembership
DuplicateToken
CreateWellKnownSid
IsValidSid
LsaLookupNames2
LsaClose
LsaFreeMemory
LsaOpenPolicy
CopySid
GetLengthSid
ConvertSidToStringSidW
OpenProcessToken
OpenThreadToken
EventActivityIdControl

kernel32

ReleaseSemaphore
GetModuleHandleExW
GetModuleFileNameW
K32GetModuleFileNameExW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
Sleep
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
InitOnceComplete
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
SetPriorityClass
SetLastError
HeapFree
CreateSemaphoreExW
CreateEventExW
SetProcessShutdownParameters
SetErrorMode
LocalAlloc
GetSystemAppDataKey
InterlockedPushEntrySList
TrySubmitThreadpoolCallback
CreateEventW
SetEvent
RaiseException
RegisterApplicationRestart
CreateProcessW
GetCurrentThread
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
AcquireSRWLockShared
LocalFree
InitOnceBeginInitialize
CreateMutexExW
lstrcmpiW
CompareStringOrdinal
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetModuleHandleExA
GetProcessMitigationPolicy
GetPackagesByPackageFamily
GetProcAddress
OpenStateExplicit
CloseState
CreateMutexW
GetModuleFileNameA
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetTickCount
GetTimeZoneInformationForYear
FindResourceExW
LoadResource
WaitForMultipleObjectsEx
OpenEventW
LoadLibraryExW
HeapAlloc
FreeLibrary
LoadLibraryW
EnterCriticalSection
CompareStringW
DelayLoadFailureHook
ResolveDelayLoadedAPI
AssignProcessToJobObject
CreateJobObjectW
SetInformationJobObject
CreateIoCompletionPort
GetQueuedCompletionStatus
DeviceIoControl
GetNativeSystemInfo
GetSystemDirectoryW
GetVersionExW
ProcessIdToSessionId
ResetEvent
UnmapViewOfFile
GetProcessId
CreateFileMappingW
InitOnceExecuteOnce
GetUserDefaultGeoName
GetExitCodeProcess
SleepEx
ResumeThread
SetThreadPriorityBoost
SetThreadPriority
CopyFileW
WriteFile
FindPackagesByPackageFamily
GetCommandLineW
GetGeoInfoW
GetEnvironmentVariableW
SetEnvironmentVariableW
CompareFileTime
GetWindowsDirectoryW
ExpandEnvironmentStringsW
InitializeSRWLock
VerifyVersionInfoW
VerSetConditionMask
GetSystemTime
GetProductInfo
OpenFileMappingW
MapViewOfFile
OOBEComplete
CreateThread
SizeofResource
InitializeCriticalSection
MultiByteToWideChar
LocalReAlloc
OpenProcess
GetTickCount64
GetFileAttributesW
DeleteFileW
FindStringOrdinal
WideCharToMultiByte
CreateFileW
PowerSetRequest
PowerCreateRequest

msvcp_win

?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
_Cnd_do_broadcast_at_thread_exit
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
_Thrd_detach
_Mtx_unlock
_Thrd_yield
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
_Cnd_wait

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm
_initterm_e
_c_exit

api-ms-win-crt-private-l1-1-0

_o__seh_filter_exe
_o__set_app_type
_o__set_errno
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o_abort
_o_exit
_o_free
_o_iswspace
_o_lround
_o_malloc
_o_realloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstoll
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o__get_wide_winmain_command_line
_o__get_errno
_o__exit
_o__errno
_o__register_onexit_function
_o__recalloc
_o__itow_s
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o__beginthreadex
wcschr
_o__itoa_s
_o__purecall
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o____lc_codepage_func
wcsrchr
__std_terminate
wcsstr
__CxxFrameHandler4
__C_specific_handler_noexcept
memcmp
memcpy
memmove

api-ms-win-crt-string-l1-1-0

wcscmp
memset
wcscspn
strncmp

api-ms-win-core-com-l1-1-0

CoRegisterClassObject
CoTaskMemRealloc
StringFromGUID2
CoSetProxyBlanket
CoGetApartmentType
CoWaitForMultipleHandles
StringFromIID
PropVariantClear
CoRevokeClassObject
CLSIDFromString
CoInitializeEx
CoInitializeSecurity
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoGetObjectContext

oleaut32

SysStringLen
GetErrorInfo
SetErrorInfo
SysFreeString
SysAllocString
VarUI4FromStr
VariantInit
VariantClear
VariantTimeToSystemTime
SystemTimeToVariantTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess
GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

shcore

SHGetValueW
SHSetValueW
SHUnicodeToAnsi
SHDeleteValueW
SHRegGetValueW
SHDeleteKeyW
IsOS
ord191
SHTaskPoolQueueTask
SHQueryInfoKeyW
ord190
IUnknown_Set
IUnknown_QueryService
SetCurrentProcessExplicitAppUserModelID
ord184
ord186
SHSetThreadRef
SHCreateThreadRef
SHGetThreadRef
IUnknown_SetSite

propsys

PSPropertyBag_WriteInt
PropVariantToStringAlloc
PropVariantToUInt32
InitVariantFromBuffer
PSCreateMemoryPropertyStore
PSPropertyBag_WriteDWORD
PSPropertyBag_ReadDWORD

ntdll

NtPowerInformation
RtlNtStatusToDosError
RtlPublishWnfStateData
RtlQueryUnbiasedInterruptTime
NtQuerySystemInformation
NtQueryInformationProcess
RtlGetNtSystemRoot
NtOpenKey
RtlRunOnceExecuteOnce
NtDeviceIoControlFile
NtClose
RtlGetSuiteMask
NtCreateFile
NtQueryValueKey
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
NtSetThreadExecutionState
NtOpenProcessToken
NtQueryInformationToken
NtOpenThreadToken
RtlInitUnicodeString
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification

ole32

OleUninitialize
CoAllowSetForegroundWindow
CoGetStdMarshalEx
CoCreateFreeThreadedMarshaler
OleInitialize
RevokeDragDrop
CoGetMalloc
CreateBindCtx
CoGetCallContext
RoGetAgileReference

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

dwmapi

DwmSetWindowAttribute

shell32

ord188
ord904
ord938
ord244
SHGetIDListFromObject
SHBindToParent
SHParseDisplayName
SHEvaluateSystemCommandTemplate
ord885
ord723
ord680
SHChangeNotifyRegisterThread
ord100
SHGetKnownFolderItem
ord155
ord68
SHGetKnownFolderIDList
SHBindToObject
ord172
SHGetKnownFolderPath
ord152
ord899
SHCreateItemInKnownFolder

shlwapi

ord260
ord256
StrChrW
ord515
ord158
ord240
ord219
ord197
ord544
ord212

user32

GetAsyncKeyState
CallNextHookEx
SetWindowsHookExW
UnregisterClassA
PostThreadMessageW
GetProcessWindowStation
CreateWindowInBand
UnhookWindowsHookEx
TranslateMessage
PeekMessageW
EnableMouseInPointer
DispatchMessageW
WaitMessage
DestroyMenu
GetMenuDefaultItem
CreatePopupMenu
IsCharAlphaNumericW
CharLowerW
UnregisterClassW
GetMessageW
LockWorkStation
CloseDesktop
GetUserObjectInformationW
GetThreadDesktop
SetWinEventHook
MonitorFromPoint
ExitWindowsEx
FindWindowW
SetRectEmpty
CharLowerBuffW
CharNextW
GetWindowThreadProcessId
UnhookWinEvent
MsgWaitForMultipleObjectsEx
SetCursor
GetPropW
EnumDisplayMonitors
GetMonitorInfoW
CopyRect
SetGestureConfig
SetFocus
TranslateAcceleratorW
GetClassNameW
PostQuitMessage
SetShellWindowEx
UpdateWindow
SetWindowPos
EnumChildWindows
SendMessageW
RemovePropW
ShowWindow
GetSysColor
SetPropW
SetShellWindow
GetClientRect
KillTimer
InvalidateRect
BeginPaint
EndPaint
GetDC
ReleaseDC
UnregisterHotKey
RegisterShellHookWindow
DeregisterShellHookWindow
SetTaskmanWindow
GetTaskmanWindow
SystemParametersInfoW
RegisterWindowMessageW
GetShellWindow
DefWindowProcW
DestroyWindow
SetWindowLongPtrW
CreateWindowExW
GetWindowLongPtrW
RegisterClassExW
IsWindow
LoadCursorW
PostMessageW
GetSystemMetrics

gdi32

GetDeviceCaps
GetStockObject

sspicli

GetUserNameExW

api-ms-win-security-lsalookup-l1-1-2

LsaLookupUserAccountType

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsDeleteStringBuffer
WindowsPromoteStringBuffer
WindowsCreateString
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsPreallocateStringBuffer
WindowsSubstringWithSpecifiedLength

userenv

GetProfileType
DeriveAppContainerSidFromAppContainerName

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchCombine

api-ms-win-power-base-l1-1-0

CallNtPowerInformation
GetPwrCapabilities

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance
RoInitialize
RoUninitialize

api-ms-win-core-localization-l1-2-0

FormatMessageA

api-ms-win-core-file-l1-1-0

GetFileAttributesExW

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceEnableFlags
GetTraceLoggerHandle
GetTraceEnableLevel

api-ms-win-service-management-l1-1-0

StartServiceW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsFileSpecW
PathQuoteSpacesW
PathFileExistsW
SHExpandEnvironmentStringsW
PathFindFileNameW
PathGetArgsW

api-ms-win-core-kernel32-legacy-l1-1-2

SetTermsrvAppInstallMode

comctl32

ord334
ord329
ord328

rpcrt4

NdrClientCall3
RpcBindingFromStringBindingW
RpcStringBindingComposeW
I_RpcExceptionFilter
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingFree

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-security-lsalookup-l1-1-1

EnumerateIdentityProviders
ReleaseIdentityProviderEnumContext
GetDefaultIdentityProvider
GetIdentityProviderInfoByGUID

Exports

Exports

FileTimeToVariantTime
InitPropVariantFromFileTimeEx
InitPropVariantFromSystemTimeEx
VariantTimeToFileTime
_ConvertTimeHelper

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 240KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SlideToShutDown.exe
.exe windows:10 windows x64 arch:x64

bb14032cdadda2a586e94dce4af0af58

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

91:0a:99:3b:53:56:c7:25:97:57:c4:81:39:a5:e0:ce:ed:0b:21:e7:4d:ff:aa:8d:ba:c4:ed:ae:f4:f4:47:17
Signer

Actual PE Digest

91:0a:99:3b:53:56:c7:25:97:57:c4:81:39:a5:e0:ce:ed:0b:21:e7:4d:ff:aa:8d:ba:c4:ed:ae:f4:f4:47:17

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SlideToShutDown.pdb

Imports

kernel32

CloseHandle
GetLastError
CreateEventW

msvcrt

_initterm
_exit
_XcptFilter
_cexit
exit
?terminate@@YAXXZ
_commode
__set_app_type
_fmode
_wcmdln
__C_specific_handler
__setusermatherr
__wgetmainargs
_amsg_exit

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize
CoInitializeEx

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetStartupInfoW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

imm32

ImmDisableIME

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SndVol.exe
.exe windows:10 windows x64 arch:x64

1de2cbf947dd709ab705ecb6be8d817c

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a2:27:27:63:83:b1:47:e0:9c:16:a2:a4:1d:97:36:11:6e:be:d1:a2:22:53:fa:d5:9e:5e:86:0c:00:ed:d1:17
Signer

Actual PE Digest

a2:27:27:63:83:b1:47:e0:9c:16:a2:a4:1d:97:36:11:6e:be:d1:a2:22:53:fa:d5:9e:5e:86:0c:00:ed:d1:17

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SndVol.pdb

Imports

gdi32

CreateFontIndirectW
CreateDIBSection
CreateSolidBrush
SelectObject
SetTextColor
SetBkColor
BeginPath
GetObjectW
CreateCompatibleDC
GetDeviceCaps
Rectangle
DeleteDC
PathToRegion
EndPath
SetBkMode
CreatePen
ScriptStringAnalyse
ScriptString_pLogAttr
ScriptStringFree
BitBlt
Polygon
GetStockObject
DeleteObject

user32

GetMenuItemCount
TrackPopupMenuEx
GetMenuItemInfoW
DestroyMenu
SetWindowRgn
BeginPaint
EndPaint
IntersectRect
CreateDialogParamW
PostQuitMessage
GetDlgCtrlID
SubtractRect
PtInRect
SendMessageTimeoutW
SendNotifyMessageW
LoadIconW
SetTimer
NotifyWinEvent
GetForegroundWindow
GetWindowThreadProcessId
GetDoubleClickTime
KillTimer
CalculatePopupWindowPosition
DestroyIcon
EnumChildWindows
EnableWindow
EndDialog
SetRect
IsDlgButtonChecked
CheckDlgButton
CopyRect
GetParent
GetWindowTextW
GetScrollPos
SetScrollInfo
BeginDeferWindowPos
DeferWindowPos
SetWindowPos
IsImmersiveProcess
GetIconInfoExW
SendDlgItemMessageW
InternalGetWindowText
GetWindow
IsWindowVisible
EnumWindows
GetClassLongPtrW
InsertMenuItemW
GetDC
GetClassLongW
DrawEdge
SetWindowLongPtrW
CreatePopupMenu
GetSystemMetrics
GetWindowLongPtrW
MapWindowPoints
GetClientRect
ShowWindow
GetDlgItem
IsWindow
GetWindowLongW
PrivateExtractIconsW
ValidateRect
FrameRect
MonitorFromRect
AdjustWindowRectEx
SetRectEmpty
SetCursor
ReleaseCapture
SetCapture
DrawFocusRect
GetFocus
OffsetRect
IsWindowEnabled
LoadImageW
ClientToScreen
EqualRect
SetWindowLongW
GetSysColorBrush
FillRect
GetSysColor
InvalidateRect
CreateWindowExW
DestroyWindow
LoadCursorW
GetClassInfoExW
RegisterClassExW
UnregisterClassA
GhostWindowFromHungWindow
GetWindowBand
ord2575
CheckMenuRadioItem
InflateRect
ReleaseDC
GetWindowTextLengthW
DrawTextW
DefWindowProcW
CallWindowProcW
SetDlgItemTextW
SetWindowTextW
LoadStringW
SetFocus
SetClassLongW
GetWindowRect
SendMessageW
DialogBoxParamW
GetActiveWindow
SetProcessDefaultLayout
SetProcessDPIAware
BringWindowToTop
PostMessageW
SetForegroundWindow
FindWindowW
EndDeferWindowPos

msvcrt

_errno
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
??_V@YAXPEAX@Z
_initterm
__setusermatherr
_cexit
_exit
__CxxFrameHandler4
??3@YAXPEAX@Z
realloc
exit
__set_app_type
__wgetmainargs
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
_isnan
wcsstr
calloc
_resetstkoflw
_purecall
vswprintf_s
_vscwprintf
memmove_s
free
malloc
__C_specific_handler
swprintf_s
wcstol
_wtoi
_wcsicmp
iswspace
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
_amsg_exit
_XcptFilter
memmove
memset

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegGetValueW
RegSetValueExW
RegCloseKey

comctl32

ImageList_CoCreateInstance
ImageList_Remove
InitCommonControlsEx
ord381
ImageList_Draw
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create
ImageList_SetBkColor

ole32

CoTaskMemAlloc
CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateInstance
CoAllowSetForegroundWindow
CoCreateGuid
PropVariantClear
CoWaitForMultipleObjects

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

shell32

ShellExecuteW
ShellExecuteExW
Shell_NotifyIconGetRect
CommandLineToArgvW
SHGetFileInfoW

gdiplus

GdipDeletePen
GdipFillRectangle
GdipCreateLineBrush
GdipCreateFromHDC
GdiplusStartup
GdipFillPath
GdipAddPathLine
GdipDeletePath
GdipCreatePath
GdipDeleteGraphics
GdipCreatePen1
GdiplusShutdown
GdipCloneBrush
GdipAlloc
GdipFree
GdipSetSmoothingMode
GdipDrawLine
GdipCreateSolidFill
GdipDeleteBrush

ntdll

EtwEventRegister
EtwEventUnregister
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwEventActivityIdControl
EtwEventSetInformation
EtwEventWriteTransfer
EtwTraceMessage
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW

uxtheme

OpenThemeData
BufferedPaintUnInit
BufferedPaintInit
CloseThemeData
IsThemeActive
DrawThemeBackground
GetThemeTextExtent
DrawThemeParentBackgroundEx
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
BufferedPaintSetAlpha
SetWindowTheme
DrawThemeText

dwmapi

DwmUnregisterThumbnail
DwmSetWindowAttribute
DwmQueryThumbnailSourceSize
DwmUpdateThumbnailProperties
DwmRegisterThumbnail
DwmIsCompositionEnabled

shlwapi

PathParseIconLocationW
PathFindFileNameW
ord487
StrTrimW
ord348

imm32

ImmDisableIME

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
GetModuleHandleExW
SizeofResource
LoadLibraryExA
GetProcAddress
GetModuleFileNameA
FreeResource
LockResource
FreeLibrary
LoadLibraryExW
LoadResource
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
ReleaseSemaphore
CreateEventW
WaitForSingleObject
ReleaseMutex
CreateMutexW
LeaveCriticalSection
CreateMutexExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DeleteCriticalSection
EnterCriticalSection
SetEvent
CreateEventExW
OpenSemaphoreW
CreateSemaphoreExW
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapReAlloc
HeapSetInformation
GetProcessHeap
HeapDestroy
HeapFree
HeapSize

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
SetThreadPriority
CreateThread
GetStartupInfoW
GetCurrentProcess
GetExitCodeProcess
GetCurrentProcessId
CreateProcessW
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetUserPreferredUILanguages
GetLocaleInfoEx

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalFree

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
WakeAllConditionVariable
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem
UnregisterWaitEx

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFamilyName

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache
OpenProcess

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-shcore-stream-winrt-l1-1-0

CreateStreamOverRandomAccessStream

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-ntuser-sysparams-l1-1-0

SystemParametersInfoW
GetMonitorInfoW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SpaceAgent.exe
.exe windows:10 windows x64 arch:x64

8821cdba71ccdd12ff844ed25bcdfced

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SpaceAgent.pdb

Imports

advapi32

AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
FreeSid
EventRegister
EventWriteTransfer
EventUnregister
LookupPrivilegeValueW
OpenProcessToken
RevertToSelf
SetThreadToken
OpenThreadToken
AdjustTokenPrivileges

kernel32

SetProcessMitigationPolicy
SetPriorityClass
GetCurrentProcess
LocalFree
CreateThread
WaitForMultipleObjects
Sleep
EnterCriticalSection
LeaveCriticalSection
SleepConditionVariableSRW
WakeAllConditionVariable
CreateEventW
InitializeCriticalSectionAndSpinCount
ResetEvent
ReleaseMutex
CloseHandle
FindNextVolumeW
FindVolumeClose
FindNextVolumeMountPointW
FindVolumeMountPointClose
FindFirstVolumeW
FindFirstVolumeMountPointW
GetVolumeInformationW
DeleteVolumeMountPointW
SetEvent
SetVolumeMountPointW
DefineDosDeviceW
LoadLibraryExW
SetFilePointerEx
GetExitCodeThread
WriteFile
ReadFile
HeapFree
GetProcessId
GetProcessIdOfThread
GetCommandLineW
OpenProcess
GetExitCodeProcess
WaitForMultipleObjectsEx
DuplicateHandle
HeapReAlloc
SetVolumeLabelW
SleepEx
VerifyVersionInfoW
VerSetConditionMask
LocalSize
CancelIo
CreateThreadpoolWork
IsDebuggerPresent
DebugBreak
FreeLibrary
AcquireSRWLockShared
GetProcAddress
SubmitThreadpoolWork
GetOverlappedResult
HeapAlloc
GetProcessHeap
CreateMutexExW
WaitForSingleObject
PeekNamedPipe
CreateEventExW
SetLastError
WaitForSingleObjectEx
GetLastError
DeleteCriticalSection
GetVolumePathNamesForVolumeNameW
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
GetModuleFileNameA
CloseThreadpoolWork
CloseThreadpool
CreateThreadpool
CreateSemaphoreExW
ReleaseSemaphore
GetModuleHandleExW
DeviceIoControl
GetModuleFileNameW
InitializeCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
LocalAlloc
CreateFileW
WaitForThreadpoolWorkCallbacks
SetThreadpoolThreadMinimum
FormatMessageW
SetThreadpoolThreadMaximum
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
GetCurrentThread
AcquireSRWLockExclusive
QueryPerformanceFrequency
OpenSemaphoreW
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer

user32

PostThreadMessageW
RegisterClassExW
CreateWindowExW
PeekMessageW
GetMessageW
DestroyWindow
RegisterDeviceNotificationW
UnregisterDeviceNotification
UnregisterClassW
SetWindowLongPtrW
GetWindowLongPtrW
DefWindowProcW
DispatchMessageW

msvcrt

_initterm
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
free
malloc
__setusermatherr
_unlock
_lock
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_cexit
_commode
_wcmdln
__dllonexit
_onexit
memmove_s
_purecall
memcpy_s
_vsnwprintf
__C_specific_handler
_CxxThrowException
memcmp
memcpy
_fmode
memset

ntdll

RtlEqualUnicodeString
NtQueryInformationProcess
RtlInitUnicodeString
ZwQueryLicenseValue
RtlEnumerateGenericTableWithoutSplayingAvl
RtlDeleteElementGenericTableAvlEx
RtlInsertElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlNtStatusToDosError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtQueryObject

bcrypt

BCryptGenRandom

rpcrt4

UuidCreate

ole32

CoInitializeSecurity
CoCreateInstance
CoUninitialize
StringFromGUID2
CoInitializeEx

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

shlwapi

StrCmpNIW
StrToIntExW

shell32

CommandLineToArgvW

setupapi

SetupDiGetClassDevsExA
SetupDiOpenDeviceInterfaceW
SetupDiDeleteDeviceInterfaceData
SetupDiEnumDeviceInterfaces
SetupDiGetClassPropertyW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceInterfaceDetailW
SetupDiOpenDeviceInfoW
SetupDiDeleteDeviceInfo
SetupDiCallClassInstaller
SetupDiCreateDeviceInfoListExW
SetupDiCreateDeviceInfoListExA
SetupDiGetDevicePropertyW

api-ms-win-devices-query-l1-1-0

DevGetObjectProperties
DevFreeObjectProperties

netapi32

NetShareDelEx
NetApiBufferFree
NetShareEnum

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SpatialAudioLicenseSrv.exe
.exe windows:10 windows x64 arch:x64

7c10f6768228eaacb724f6a992633646

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SpatialAudioLicenseSrv.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__crt_atexit
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_wide_argv
_o__configthreadlocale
_o___p__commode
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
__CxxFrameHandler4
__std_terminate
_o___stdio_common_vsnprintf_s

api-ms-win-crt-string-l1-1-0

wcscmp
memset

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

ReleaseMutex
OpenSemaphoreW
CreateMutexExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
WaitForSingleObjectEx
EnterCriticalSection
LeaveCriticalSection
CreateEventExW
DeleteCriticalSection
InitializeCriticalSectionEx
SetEvent

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetStartupInfoW
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
CoInitializeSecurity
CoReleaseServerProcess
CoTaskMemFree
CoAddRefServerProcess
CoRevokeClassObject
CoRegisterClassObject
CoResumeClassObjects

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString
WindowsCreateString
WindowsGetStringLen

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoRegisterActivationFactories
RoRevokeActivationFactories
RoUninitialize
RoInitialize
RoActivateInstance

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

mmdevapi

ord26

combase

ord69

api-ms-win-core-featurestaging-l1-1-0

SubscribeFeatureStateChangeNotification
RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Spectrum.exe
.exe windows:10 windows x64 arch:x64

15b26c7ef6ee00af731423025b6b1c16

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Spectrum.pdb

Imports

msvcp_win

?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
memmove
_o__wtoi64
_o_ceilf
_o_exit
_o_free
_o_getc
_o_malloc
_o_terminate
_o_wcscpy_s
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
__CxxFrameHandler3
_o__exit
_o__errno
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_exception_destroy
_o__crt_atexit
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o__configure_wide_argv
_o___p___argc
_o__configthreadlocale
__std_type_info_compare
wcsrchr
_o__cexit
_o__callnewh
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcsnlen

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
FindStringOrdinal
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
GetProcAddress
LoadLibraryExA
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

SetEvent
ResetEvent
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseSRWLockShared
CreateEventExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateEventW
CreateMutexExW
OpenSemaphoreW
SleepEx
WaitForSingleObjectEx
ReleaseMutex
AcquireSRWLockShared
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
InitializeSRWLock
TryAcquireSRWLockExclusive
CreateMutexW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
OpenProcessToken
GetCurrentProcessId
CreateThread
GetProcessId
GetProcessTimes
GetCurrentThread
SetThreadPriority
ProcessIdToSessionId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-handle-l1-1-0

CompareObjectHandles
DuplicateHandle
CloseHandle

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
WaitForThreadpoolWaitCallbacks
IsThreadpoolTimerSet
CreateThreadpoolTimer
CloseThreadpoolWait
SubmitThreadpoolWork
CloseThreadpoolWork
SetThreadpoolWait
CreateThreadpoolWait
WaitForThreadpoolWorkCallbacks
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
FreeLibraryWhenCallbackReturns

api-ms-win-devices-config-l1-1-1

CM_Get_DevNode_Status
CM_Get_Device_Interface_PropertyW
CM_Open_DevNode_Key
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_SizeW
CM_Locate_DevNodeW
CM_Unregister_Notification
CM_MapCrToWin32Err

api-ms-win-core-path-l1-1-0

PathCchSkipRoot
PathCchAppend
PathCchCombine

api-ms-win-core-synch-l1-2-0

WaitOnAddress
InitOnceComplete
InitOnceBeginInitialize
Sleep
WakeByAddressAll
InitOnceExecuteOnce

api-ms-win-core-file-l1-1-0

FindFirstFileExW
CreateDirectoryW
GetFileAttributesExW
DeleteFileW
RemoveDirectoryW
WriteFile
FindClose
ReadFile
FindNextFileW

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance
CLSIDFromString
CoCreateGuid
CoSetProxyBlanket
CoCreateFreeThreadedMarshaler
StringFromGUID2
CoTaskMemAlloc
CoInitializeEx
CoTaskMemFree

api-ms-win-eventing-controller-l1-1-0

StartTraceW
ControlTraceW
EnableTraceEx2

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
SetProcessMitigationPolicy
OpenProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetWindowsDirectoryW
GetTickCount64
GetLocalTime
GetSystemTime
GetSystemTimeAsFileTime

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventActivityIdControl
EventUnregister
EventWriteTransfer

api-ms-win-eventing-consumer-l1-1-0

CloseTrace

api-ms-win-service-core-l1-1-0

SetServiceStatus
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW

api-ms-win-service-management-l1-1-0

StartServiceW
CloseServiceHandle
OpenSCManagerW
OpenServiceW

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification
PowerSettingUnregisterNotification

api-ms-win-service-core-l1-1-1

QueryServiceDynamicInformation

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlPublishWnfStateData
NtQueryInformationProcess
RtlIsStateSeparationEnabled
RtlGetDeviceFamilyInfoEnum
RtlSubscribeWnfStateChangeNotification

ext-ms-win-resourcemanager-gamemode-l1-2-0

RmGameModeInitializeResourceRequest
RmGameModeUnregisterProcess
RmGameModeRegisterProcess
RmGameModeGetLargestValidResourceRequest

ext-ms-win-resourcemanager-gamemode-l1-2-1

RmGameModeRegisterProcessById

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateString
WindowsDuplicateString

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegNotifyChangeKeyValue
RegCloseKey
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegEnumValueW
RegDeleteValueW

api-ms-win-security-base-l1-1-0

AllocateLocallyUniqueId
GetTokenInformation
RevertToSelf
CheckTokenMembership
ImpersonateLoggedOnUser
DuplicateTokenEx

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-file-l1-2-0

CreateFile2

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-memory-l1-1-1

MapViewOfFileFromApp
CreateFileMappingFromApp

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect
UnmapViewOfFile

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-psapi-l1-1-0

K32GetProcessImageFileNameW
QueryFullProcessImageNameW

rpcrt4

RpcEpUnregister
RpcImpersonateClient
RpcServerInqBindings
RpcRevertToSelf
NdrServerCallAll
NdrServerCall2
RpcServerRegisterIf3
RpcEpRegisterW
RpcServerUseProtseqW
RpcServerUnregisterIfEx
I_RpcBindingInqLocalClientPID
RpcBindingVectorFree

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-service-winsvc-l1-1-0

OpenSCManagerA

api-ms-win-core-kernel32-legacy-l1-1-5

SetThreadExecutionState

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-security-accesshlpr-l1-1-0

FreeTransientObjectSecurityDescriptor
QueryTransientObjectSecurityDescriptor

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-appmodel-state-l1-2-0

GetStateSettingsFolder
CloseState
OpenStateExplicit

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFamilyName

Sections

.text
Size: 528KB - Virtual size: 527KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SppExtComObj.Exe
.exe windows:10 windows x64 arch:x64

7e2ccbfdb1baf1c91cddcadac907f977

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SppExtComObj.pdb

Imports

advapi32

RegSetKeySecurity
RegSetValueExW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyW
RegQueryInfoKeyW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

kernel32

EncodePointer
GetCurrentProcessId
CreateProcessW
OpenEventW
DecodePointer
LocalAlloc
LocalFree
SetLastError
VirtualFree
GetCurrentProcess
VirtualAlloc
RtlAddFunctionTable
InitializeCriticalSection
RaiseFailFastException
GetCurrentThread
DeleteCriticalSection
GetModuleHandleW
RtlDeleteFunctionTable
LoadLibraryExW
HeapFree
HeapSetInformation
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetCommandLineW
GetModuleHandleExW
HeapAlloc
GetProcAddress
WaitForSingleObject
CreateEventW
SetEvent
CloseHandle
GetProcessHeap
VirtualQuery
GetLastError
GetModuleFileNameW
WaitForMultipleObjects
FreeLibrary
GetSystemDirectoryW
SetThreadPriority
FreeLibraryAndExitThread
GetComputerNameExW
CreateThread

msvcrt

?terminate@@YAXXZ
_onexit
wcscmp
srand
rand
wcschr
_unlock
_lock
towupper
_purecall
_commode
_fmode
_acmdln
_initterm
__setusermatherr
_ismbblead
_cexit
_wcsicmp
memcmp
memcpy
memmove
memset
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
__C_specific_handler
_vsnwprintf
__dllonexit

ntdll

NtQuerySystemInformation
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

rpcrt4

NdrOleAllocate
RpcStringFreeW
UuidToStringW
NdrOleFree
UuidFromStringW
RpcServerUnregisterIf
RpcServerRegisterIf2
RpcServerUseProtseqEpW
RpcBindingFree
RpcAsyncCompleteCall
Ndr64AsyncServerCallAll
NdrAsyncServerCall
I_RpcMapWin32Status
Ndr64AsyncClientCall
RpcAsyncCancelCall
I_RpcExceptionFilter
RpcAsyncInitializeHandle
RpcBindingFromStringBindingW
RpcStringBindingComposeW
NdrDllGetClassObject

oleaut32

VariantClear
BSTR_UserFree
LPSAFEARRAY_UserSize
BSTR_UserUnmarshal64
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree64
LPSAFEARRAY_UserMarshal64
BSTR_UserUnmarshal
SysFreeString
SysAllocString
BSTR_UserMarshal
LPSAFEARRAY_UserUnmarshal64
LPSAFEARRAY_UserMarshal
BSTR_UserFree64
BSTR_UserSize64
VariantInit
SafeArrayDestroy
LPSAFEARRAY_UserSize64
BSTR_UserMarshal64
UnRegisterTypeLi
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreateVector
BSTR_UserSize
RegisterTypeLi
LoadTypeLi

api-ms-win-core-com-l1-1-0

CoRevokeClassObject
CoUninitialize
CoInitializeEx
CoResumeClassObjects
CoRegisterClassObject
CoAddRefServerProcess
CoSuspendClassObjects
CoReleaseServerProcess
CoRevertToSelf
CoImpersonateClient

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

ole32

CoRegisterPSClsid

shell32

CommandLineToArgvW

logoncli

DsGetDcNameW

ws2_32

WSAGetLastError
WSAAddressToStringW
FreeAddrInfoW
GetAddrInfoW
WSAStartup
WSACleanup

dnsapi

DnsFree
DnsQuery_W
DnsModifyRecordsInSet_W
DnsNameCompare_W

activeds

ord20
ord15
ord9

Sections

.text
Size: 436KB - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SrTasks.exe
.exe windows:10 windows x64 arch:x64

da5162fc74286d3065f624c6773bd09d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

srtasks.pdb

Imports

advapi32

TraceMessage
RegOpenKeyExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
EnableTraceEx2
StartTraceW
ControlTraceW
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetEntriesInAclW
InitializeSecurityDescriptor
CreateWellKnownSid
RegSetValueExW
RegQueryValueExW
RegisterEventSourceW
ReportEventW
DeregisterEventSource

kernel32

FindNextFileW
FindFirstFileW
CloseHandle
ExpandEnvironmentStringsW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
DeviceIoControl
CreateFileW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
CreateDirectoryW
DeleteFileW
GetFileAttributesW
Sleep
GetTickCount64
LocalFree
GetCommandLineW
HeapSetInformation
GetLastError
GetModuleHandleW
GetSystemTimeAsFileTime
GetDiskFreeSpaceExW
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
FindClose
MoveFileExW

msvcrt

_callnewh
malloc
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
free
_wtol
_wcsnicmp
_vsnwprintf
memset
_XcptFilter
_wcsicmp
_vscwprintf
memcpy
strchr

ntdll

WinSqmAddToStreamEx
NtSetInformationProcess
RtlCaptureContext
RtlLookupFunctionEntry
NtSetInformationFile
RtlVirtualUnwind
EtwTraceMessage
NtQueryInformationFile
RtlGetLastNtStatus
RtlNtStatusToDosError

spp

SxTracerShouldTrackFailure
SxTracerGetThreadContextRetail
SppFreeGroupPropArray
SxTracerDebuggerBreak

srclient

SRSetRestorePointW

srcore

SrFreeRpPropArray

user32

LoadStringW

ole32

CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
CoTaskMemRealloc
CoInitializeSecurity

shell32

CommandLineToArgvW

oleaut32

SysAllocString
SysFreeString
SysStringLen

vssapi

VssFreeSnapshotPropertiesInternal
CreateVssBackupComponentsInternal

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SyncHost.exe
.exe windows:10 windows x64 arch:x64

ce8e8feb130e4e0c53a5f8d327feb6f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SyncHost.pdb

Imports

advapi32

RegDeleteValueW
RegOpenKeyExW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
RegSetValueExW
GetTraceEnableFlags
RegEnumKeyExW
GetTraceLoggerHandle
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
TraceMessage

kernel32

SizeofResource
EnterCriticalSection
GetCommandLineW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
MultiByteToWideChar
Sleep
GetLastError
SetEvent
RaiseException
FindResourceExW
LoadResource
GetProcAddress
DeleteCriticalSection
GetModuleHandleW
FreeLibrary
lstrcmpiW
LoadLibraryExW
FormatMessageW
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead

user32

UnregisterClassA
GetMessageW
DispatchMessageW
CharNextW
TranslateMessage
PostThreadMessageW
CharUpperW

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
__current_exception
__current_exception_context
_o___p__commode
__C_specific_handler
memcmp
memcpy

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

ole32

CoTaskMemAlloc
StringFromGUID2
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoRegisterClassObject
CoTaskMemRealloc
CoInitializeEx
CoRevokeClassObject
PropVariantClear

oleaut32

VarUI4FromStr
GetErrorInfo
UnRegisterTypeLi
LoadTypeLi
SysFreeString
RegisterTypeLi
SysAllocString
SysStringLen

shlwapi

SHStrDupW

propsys

PropVariantToGUID
PropVariantToUInt32

winsync

ord1

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SysResetErr.exe
.exe windows:10 windows x64 arch:x64

116d2bd2a5f2bc22df04fb0a0d14cb08

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c2:ef:88:5a:e2:0b:bb:9b:ea:ee:4d:20:19:88:21:c2:8c:79:3f:34:35:c9:fe:5c:c7:3d:70:b7:f8:34:65:fc
Signer

Actual PE Digest

c2:ef:88:5a:e2:0b:bb:9b:ea:ee:4d:20:19:88:21:c2:8c:79:3f:34:35:c9:fe:5c:c7:3d:70:b7:f8:34:65:fc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SysResetErr.pdb

Imports

advapi32

RegGetValueW

kernel32

InitOnceExecuteOnce
SizeofResource
LockResource
LoadResource
FindResourceExW
GetModuleHandleW
DecodePointer
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
HeapSize
HeapReAlloc
CloseHandle
WaitForSingleObject
OpenEventW
OutputDebugStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
GetLastError
LeaveCriticalSection
HeapFree
HeapAlloc
EnterCriticalSection
RaiseException
DeleteCriticalSection
InitializeCriticalSection
HeapDestroy
GetProcessHeap
GetCommandLineW

user32

GetMessageW
LoadStringW
DispatchMessageW
TranslateMessage
UnregisterClassA

msvcrt

memmove
memcpy
_CxxThrowException
__CxxFrameHandler3
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
malloc
free
__C_specific_handler
_purecall
memmove_s
memcpy_s
_wcsicmp
__CxxFrameHandler4
??3@YAXPEAX@Z
_vscwprintf
vswprintf_s
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
memset

shell32

CommandLineToArgvW

ntdll

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

ole32

CoCreateInstance
CoTaskMemAlloc
CoInitialize

oleaut32

SysFreeString
SysAllocString

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

dui70

?Destroy@Element@DirectUI@@QEAAJ_N@Z
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z

wdscore

ConstructPartialMsgVW
CurrentIP
WdsSetupLogMessageW

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SystemPropertiesAdvanced.exe
.exe windows:10 windows x64 arch:x64

68ca080ee65ae9ea92581804b773ecbd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SystemPropertiesAdvanced.pdb

Imports

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_wcmdln
_XcptFilter
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__C_specific_handler

sysdm.cpl

DisplaySYSDMCPL

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SystemPropertiesComputerName.exe
.exe windows:10 windows x64 arch:x64

68ca080ee65ae9ea92581804b773ecbd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SystemPropertiesComputerName.pdb

Imports

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_wcmdln
_XcptFilter
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__C_specific_handler

sysdm.cpl

DisplaySYSDMCPL

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SystemPropertiesDataExecutionPrevention.exe
.exe windows:10 windows x64 arch:x64

68ca080ee65ae9ea92581804b773ecbd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SystemPropertiesDataExecutionPrevention.pdb

Imports

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_wcmdln
_XcptFilter
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__C_specific_handler

sysdm.cpl

DisplaySYSDMCPL

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SystemPropertiesHardware.exe
.exe windows:10 windows x64 arch:x64

68ca080ee65ae9ea92581804b773ecbd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SystemPropertiesHardware.pdb

Imports

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_wcmdln
_XcptFilter
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__C_specific_handler

sysdm.cpl

DisplaySYSDMCPL

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SystemPropertiesPerformance.exe
.exe windows:10 windows x64 arch:x64

835402499fb5903791dbbe73881263b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SystemPropertiesPerformance.pdb

Imports

kernel32

CompareStringOrdinal

msvcrt

?terminate@@YAXXZ
_XcptFilter
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_amsg_exit
_cexit
_exit
exit
__set_app_type
__wgetmainargs

sysdm.cpl

DisplaySYSDMCPL

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetStartupInfoW
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SystemPropertiesProtection.exe
.exe windows:10 windows x64 arch:x64

68ca080ee65ae9ea92581804b773ecbd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SystemPropertiesProtection.pdb

Imports

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_wcmdln
_XcptFilter
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__C_specific_handler

sysdm.cpl

DisplaySYSDMCPL

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SystemPropertiesRemote.exe
.exe windows:10 windows x64 arch:x64

68ca080ee65ae9ea92581804b773ecbd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SystemPropertiesRemote.pdb

Imports

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_wcmdln
_XcptFilter
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__C_specific_handler

sysdm.cpl

DisplaySYSDMCPL

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SystemSettingsAdminFlows.exe
.exe windows:10 windows x64 arch:x64

14922efe4b87532d286b50a79428948a

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

37:d9:26:d2:21:16:01:28:d2:e8:bb:36:25:08:14:b7:a7:ef:94:f0:c6:c1:44:79:2d:5c:77:6f:66:b9:ea:73
Signer

Actual PE Digest

37:d9:26:d2:21:16:01:28:d2:e8:bb:36:25:08:14:b7:a7:ef:94:f0:c6:c1:44:79:2d:5c:77:6f:66:b9:ea:73

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SystemSettingsAdminFlows.pdb

Imports

msvcrt

___mb_cur_max_func
setlocale
___lc_handle_func
_wsetlocale
__crtLCMapStringW
__crtCompareStringW
??8type_info@@QEBAHAEBV0@@Z
_wcsdup
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
___lc_codepage_func
??0exception@@QEAA@AEBQEBDH@Z
memchr
_ismbblead
__pctype_func
_callnewh
calloc
wcstok
___lc_collate_cp_func
wcscspn
wcsspn
??1type_info@@UEAA@XZ
memcmp
towupper
strchr
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
abort
?what@exception@@UEBAPEBDXZ
realloc
free
malloc
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
wcstol
wcstoul
wcschr
_wcstoui64
_errno
_wtoi
_wcsicmp
_purecall
memmove_s
??_V@YAXPEAX@Z
wcsncmp
memcpy_s
_vsnwprintf
??3@YAXPEAX@Z
__CxxFrameHandler4
memset
_XcptFilter
__uncaught_exception
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
wcscmp

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentThread
OpenProcessToken
GetCurrentProcess
TerminateProcess
OpenThreadToken
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
GetModuleHandleW
SizeofResource
LoadResource
LockResource

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetTickCount
GetSystemTimeAsFileTime

systemsettingsthresholdadminflowui

DeviceEncryptionPage_CreateInstance
SetDateTimePage_CreateInstance
ManageExclusionPage_CreateInstance
TroubleshootActivationPage_CreateInstance
EnterProductKeyPage_CreateInstance
RenamePCPage_CreateInstance
DisableUserPage_CreateInstance
EnableUserPage_CreateInstance
EditUserPage_CreateInstance
LockdownUserPage_CreateInstance
RemoveUserPage_CreateInstance
SetGeolocationMasterPage_CreateInstance
SetFindMyDevicePage_CreateInstance
LeaveDomainPage_CreateInstance
ChangeKbLayoutPage_CreateInstance
RetailDemoConfirmPage_CreateInstance
DevicePortalAuthenticationPage_CreateInstance
DeviceDiscoveryUnpairAllDevicesPage_CreateInstance
DevicePortalSetAuthenticationPage_CreateInstance
JoinDomainPage_CreateInstance
SurfaceHubDeveloperModePage_CreateInstance
RemoteDesktopPage_CreateInstance
HolographicUninstallPage_CreateInstance
FeaturedResetPCPage_CreateInstance
UninstallOSPage_CreateInstance
ViewWifiPasswordPage_CreateInstance
InPlaceUpgradePage_CreateInstance
UninitializeXamlRuntime
UninitializeXamlCustomResourceLoader
InitializeXamlCustomResourceLoader
AddDomainUserPage_CreateInstance
InitializeXamlRuntime
DeveloperModePage_CreateInstance

gdi32

GetDeviceCaps

kernel32

InitOnceInitialize
CreateWaitableTimerW
CancelWaitableTimer
WaitForMultipleObjects
SetWaitableTimer
RegOpenKeyExA
RegQueryValueExA
K32EnumDeviceDrivers
K32GetDeviceDriverBaseNameA
ResolveLocaleName
K32GetDeviceDriverFileNameA
RegFlushKey
InitializeSRWLock
SystemTimeToFileTime
CompareStringOrdinal
GetModuleHandleExW
GetModuleFileNameA
LoadLibraryA
DebugBreak
GetProcAddress
LocalFree
HeapFree
GetProcessHeap
CloseHandle
FreeLibrary
RegCloseKey
OutputDebugStringW
FormatMessageW
IsDebuggerPresent
GetLastError
SetLastError
WaitForSingleObject
ReleaseSemaphore
OpenSemaphoreW
HeapAlloc
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateThreadpoolTimer
SetThreadpoolTimer
RegOpenKeyExW
WaitForMultipleObjectsEx
GetProductInfo
RegGetValueW
GetVersionExW
CreateEventW
SetEvent
RegCreateKeyExW
RegSetValueExW
OpenProcess
AcquireSRWLockShared
ReleaseSRWLockShared
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
CreateEventExW
LoadLibraryExW
LocalAlloc
TlsGetValue
ResetEvent
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
TlsAlloc
TlsFree
DecodePointer
TlsSetValue
InitOnceBeginInitialize
CreateMutexExW
ReleaseMutex
InitOnceComplete
InitOnceExecuteOnce
CreateSemaphoreExW
WaitForSingleObjectEx
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
RaiseException
EncodePointer

newdev

DiInstallDevice
DiUninstallDevice

ntdll

NtQueryInformationToken
RtlInitUnicodeString
NtGetMUIRegistryInfo
RtlPublishWnfStateData
RtlRaiseStatus

ole32

CoCreateGuid
CoCreateFreeThreadedMarshaler
CoSetProxyBlanket
CoTaskMemRealloc
CoGetMalloc
CoTaskMemAlloc
CoResumeClassObjects
CoRegisterClassObject
CoRevokeClassObject
CoAddRefServerProcess
CoReleaseServerProcess
IIDFromString
CoGetClassObject
CLSIDFromString
CreateClassMoniker
GetRunningObjectTable
CoUninitialize
CoInitializeEx
CoWaitForMultipleHandles
CoGetApartmentType
CoCreateInstance
CoTaskMemFree
CoInitialize

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoW
SetupDiSetClassInstallParamsW
SetupDiCallClassInstaller
SetupDiGetClassDevsW
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoList

shell32

CommandLineToArgvW
ShellExecuteExW
SHGetSpecialFolderPathW

shlwapi

ord16
StrChrW
SHSetValueW
SHDeleteValueW
SHStrDupW

dui70

InitProcessPriv
StartMessagePump
UnInitThread
InitThread
UnInitProcessPriv
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ

user32

DestroyWindow
GetWindowLongPtrW
DefWindowProcW
GetWindowRect
PostMessageW
SetWindowPos
GetPropW
GetWindow
EnableMouseInPointer
AllowSetForegroundWindow
ChangeWindowMessageFilter
DisplayConfigSetDeviceInfo
ord2544
ExitWindowsEx
ReleaseDC
GetDC
GetWindowThreadProcessId
DispatchMessageW
LoadCursorW
SetCursor
TranslateMessage
PostQuitMessage
MsgWaitForMultipleObjectsEx
PeekMessageW

shcore

ord188
ord241
ord244
ord200
ord190
ord123

languagecomponentsinstaller

RequestFeaturesInstallation
RequestFeaturesUninstallation

servicinguapi

EnumerateFeatures
FreeEnumerateFeaturesResult

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCompareStringOrdinal
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateString

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
SetRestrictedErrorInfo
RoOriginateErrorW
RoOriginateError

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
RegisterTraceGuidsW
GetTraceEnableFlags

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoRegisterActivationFactories
RoUninitialize
RoRevokeActivationFactories
RoGetActivationFactory
RoActivateInstance

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

crypt32

CryptUnprotectData

api-ms-win-core-shutdown-l1-1-1

InitiateShutdownW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

sspicli

LsaFreeReturnBuffer
LsaConnectUntrusted
LsaLogonUser
LsaLookupAuthenticationPackage

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW
OpenServiceW
StartServiceW

api-ms-win-service-winsvc-l1-1-0

ControlService
QueryServiceStatus

oleaut32

SysFreeString
SysAllocStringLen
SafeArrayAccessData
SafeArrayCreateVector
SysStringLen
SafeArrayUnaccessData
SafeArrayDestroy
VariantClear
VariantInit
SysAllocString

api-ms-win-service-management-l2-1-0

ChangeServiceConfigW
QueryServiceStatusEx
QueryServiceConfigW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-string-l1-1-0

GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

wkscli

NetGetJoinInformation

logoncli

DsGetDcNameW

netutils

NetApiBufferFree

api-ms-win-security-base-l1-1-0

GetTokenInformation
CreateWellKnownSid
CheckTokenMembership
DuplicateToken
AdjustTokenPrivileges

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegDeleteValueW
RegCopyTreeW

dismapi

DismOpenSession
DismCloseSession
DismInitialize
DismDelete
DismGetProvisionedAppxPackages

wldp

WldpDisableDeveloperMode

timesync

SyncW32Time
SetNTPSync
StartTimeService

credui

CredUIPromptForWindowsCredentialsW
CredPackAuthenticationBufferW
CredUnPackAuthenticationBufferW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection

api-ms-win-security-lsapolicy-l1-1-0

LsaStorePrivateData
LsaOpenPolicy
LsaFreeMemory
LsaClose
LsaLookupSids

api-ms-win-devices-query-l1-1-0

DevFreeObjectProperties
DevGetObjectProperties

api-ms-win-core-versionansi-l1-1-1

GetFileVersionInfoSizeA
GetFileVersionInfoA

api-ms-win-core-versionansi-l1-1-0

VerQueryValueA

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-appmodel-unlock-l1-1-0

SetIsDeveloperModeEnabled
IsDeveloperModePolicyApplied

api-ms-win-crt-environment-l1-1-0

_dupenv_s

bcp47langs

Bcp47GetUnIsoRegionCode
Bcp47GetIsoLanguageCode
Bcp47GetNlsForm
ClearUserDisplayLanguageOverride
Bcp47GetMuiForm

api-ms-win-core-heap-l1-1-0

HeapSize
HeapReAlloc
HeapDestroy

Sections

.text
Size: 420KB - Virtual size: 418KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SystemSettingsBroker.exe
.exe windows:10 windows x64 arch:x64

c0235487ee7eecd7b1357dacf94aeb95

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:51:50:83:d6:ee:3a:2c:96:db:29:ff:aa:9b:5b:7c:00:9e:12:1e:3a:1f:99:76:65:a3:67:44:96:96:cd:b0
Signer

Actual PE Digest

29:51:50:83:d6:ee:3a:2c:96:db:29:ff:aa:9b:5b:7c:00:9e:12:1e:3a:1f:99:76:65:a3:67:44:96:96:cd:b0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SystemSettingsBroker.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_abort
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
InitializeSRWLock
WaitForSingleObject
ReleaseMutex
ReleaseSemaphore
CreateSemaphoreExW
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
ReleaseSRWLockExclusive
ReleaseSRWLockShared
CreateEventW
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapSetInformation
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
OpenProcessToken
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
IsProcessorFeaturePresent
SetProcessMitigationPolicy

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-base-l1-1-0

MakeAbsoluteSD
GetTokenInformation
DuplicateTokenEx

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegGetValueW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

combase

ord69

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-security-capability-l1-1-0

CapabilityCheck

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SystemSettingsRemoveDevice.exe
.exe windows:10 windows x64 arch:x64

9dc9b6e9378726ad78f12fe890decc7f

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4f:8e:a7:13:ee:77:7b:e3:64:5c:8d:11:06:63:f7:37:08:c0:f9:7f:c6:a4:39:ec:1d:0a:a0:85:b9:ee:01
Signer

Actual PE Digest

39:4f:8e:a7:13:ee:77:7b:e3:64:5c:8d:11:06:63:f7:37:08:c0:f9:7f:c6:a4:39:ec:1d:0a:a0:85:b9:ee:01

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SystemSettingsRemoveDevice.pdb

Imports

advapi32

EventUnregister
EventWriteTransfer
EventRegister

kernel32

GetLastError
LocalFree

user32

GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW

msvcrt

memset
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
memcpy_s
_vsnwprintf
_wtoi
_purecall
free
malloc
_callnewh
_XcptFilter
__CxxFrameHandler3
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize
CoTaskMemFree
CoInitializeEx

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetStartupInfoW
GetCurrentProcessId
TerminateProcess

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
WaitForSingleObject
CreateMutexExW
WaitForSingleObjectEx
ReleaseMutex
CreateSemaphoreExW
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

shell32

CommandLineToArgvW

shlwapi

SHStrDupW

dui70

InitProcessPriv
InitThread
UnInitThread
UnInitProcessPriv
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SystemUWPLauncher.exe
.exe windows:10 windows x64 arch:x64

bb9f56ff25e0ec01da6a7a1e83e19056

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SystemUWPLauncher.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o__wcsicmp
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
__std_terminate
wcsstr
wcschr
__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

memset
wcscspn

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExA
GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
GetModuleHandleW

api-ms-win-security-base-l1-1-0

GetTokenInformation
IsWellKnownSid
MakeAbsoluteSD

api-ms-win-core-synch-l1-1-0

CreateMutexExW
CreateEventW
InitializeSRWLock
CreateSemaphoreExW
ReleaseSemaphore
AcquireSRWLockExclusive
OpenSemaphoreW
WaitForSingleObjectEx
WaitForSingleObject
SetEvent
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseMutex
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
GetCurrentDirectoryW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeSecurity
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoTaskMemAlloc

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsCreateString
WindowsDeleteString
WindowsCreateStringReference
WindowsSubstringWithSpecifiedLength

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-processthreads-l1-1-0

GetExitCodeProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo
RoTransformError

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-com-l1-1-1

RoGetAgileReference

ntdll

NtOpenProcessTokenEx

api-ms-win-core-shlwapi-legacy-l1-1-0

PathGetArgsW

api-ms-win-shcore-thread-l1-1-0

SHGetThreadRef

api-ms-win-appmodel-runtime-l1-1-1

ParseApplicationUserModelId

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TCPSVCS.EXE
.exe windows:10 windows x64 arch:x64

5fb43d31195a81197a7053c4a202bced

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

tcpsvcs.pdb

Imports

msvcrt

_cexit
_exit
_fmode
__setusermatherr
__set_app_type
?terminate@@YAXXZ
__C_specific_handler
exit
__getmainargs
_commode
_initterm
_amsg_exit
_XcptFilter
wcscat_s

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
SetServiceStatus

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetErrorMode

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW

rpcrt4

RpcServerListen
RpcMgmtWaitServerListen
RpcMgmtStopServerListening

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleW
GetProcAddress

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
ExitProcess
TerminateProcess

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

ntdll

DbgPrint

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TRACERT.EXE
.exe windows:10 windows x64 arch:x64

864ed1a3925e3bf68245cebdfee0c895

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

tracert.pdb

Imports

msvcrt

exit
memcpy
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
fwprintf
fgetpos
wcschr
_fileno
_write
_setmode
wcstoul
fflush
_wcsicmp
_get_osfhandle
__iob_func
memset

ws2_32

WSAIoctl
GetNameInfoW
socket
GetAddrInfoW
FreeAddrInfoW
WSAStartup
closesocket
WSAGetLastError
WSACleanup

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageW

iphlpapi

IcmpCloseHandle
IcmpCreateFile
Icmp6SendEcho2
IcmpSendEcho2
Icmp6CreateFile

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-console-l1-1-0

GetConsoleMode

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

ntdll

RtlIpv4StringToAddressW

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-file-l1-1-0

GetFileType

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TSTheme.exe
.exe windows:10 windows x64 arch:x64

ae8f6120450f02562644ab6efe9dc3d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

TSTheme.pdb

Imports

advapi32

RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
EventWriteTransfer
OpenProcessToken
EventSetInformation
EventRegister
RegDeleteKeyW
RegOpenCurrentUser
RegQueryValueExW
EventUnregister

kernel32

CreateEventW
CreateThread
DeleteCriticalSection
InitializeCriticalSection
GetCommandLineW
GetCurrentThreadId
Sleep
LocalFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
GetCurrentProcess
CloseHandle
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
RaiseException
MultiByteToWideChar
SetEvent
DelayLoadFailureHook
ResolveDelayLoadedAPI
LoadLibraryW
ProcessIdToSessionId
GetExitCodeThread
LocalAlloc
GetModuleFileNameW
FindResourceExW
LoadResource
SizeofResource
SetLastError

user32

UnregisterClassA
CharNextW
PostThreadMessageW
GetMessageW
DispatchMessageW
UpdatePerUserSystemParameters

msvcrt

_cexit
realloc
_wcmdln
_fmode
_lock
_errno
__dllonexit
memset
_initterm
__setusermatherr
_commode
_onexit
_unlock
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
_purecall
wcscat_s
wcscpy_s
memcpy_s
free
malloc
wcsncpy_s
__C_specific_handler
??_V@YAXPEAX@Z
_vsnwprintf
__CxxFrameHandler4
memcmp
??3@YAXPEAX@Z

oleaut32

RegisterTypeLi
LoadRegTypeLi
SysAllocString
UnRegisterTypeLi
SysFreeString
LoadTypeLi
SysStringLen
VarUI4FromStr

api-ms-win-core-com-l1-1-0

CoRegisterClassObject
CoRevokeClassObject
CoUninitialize
CoInitializeSecurity
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetStartupInfoW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 716B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TSWbPrxy.exe
.exe windows:10 windows x64 arch:x64

913d23346bc5ed7200f7716c9617d2c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

TSWbPrxy.pdb

Imports

advapi32

RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids

kernel32

ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
CreateSemaphoreExW
WaitForSingleObject
CreateThread
RaiseException
CreateEventW
Sleep
GetCurrentThreadId
SetEvent
GetCommandLineW
CompareStringW
CloseHandle
CreateProcessW
GetCurrentProcessId
GetModuleHandleExA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetModuleFileNameW
SetLastError
MultiByteToWideChar
SizeofResource
ReleaseSemaphore
DebugBreak
GetProcessHeap
HeapAlloc
OutputDebugStringW
HeapFree
GetModuleFileNameA
GetModuleHandleExW
FormatMessageW
IsDebuggerPresent
lstrcmpiW
GetModuleHandleW
LoadLibraryExW
GetProcAddress
GetLastError
FreeLibrary
FindResourceExW
LoadResource
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA

user32

CharUpperW
PostThreadMessageW
CharNextW
DispatchMessageW
GetMessageW
TranslateMessage
AllowSetForegroundWindow
UnregisterClassA

msvcrt

_vsnwprintf
memcmp
??3@YAXPEAX@Z
_onexit
__dllonexit
_unlock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
wcscat_s
wcscpy_s
_lock
realloc
_errno
_purecall
memcpy_s
malloc
wcsncpy_s
free
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler3
memset

ole32

CoRegisterClassObject
CoRevokeClassObject
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2

oleaut32

VarUI4FromStr
SysStringLen
SysStringByteLen
LoadRegTypeLi
LoadTypeLi
UnRegisterTypeLi
SysAllocString
RegisterTypeLi
SafeArrayLock
SafeArrayUnlock
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SysFreeString

shlwapi

PathFindFileNameW

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TapiUnattend.exe
.exe windows:10 windows x64 arch:x64

42f88ff1f6019e68c40b1cfd658ddbce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

TapiUnattend.pdb

Imports

advapi32

RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW

kernel32

GetLastError
HeapSetInformation
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
TerminateProcess

msvcrt

__C_specific_handler
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
free
_callnewh
malloc
?terminate@@YAXXZ

wdscore

WdsSetupLogMessageW
ConstructPartialMsgVW
CurrentIP

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Taskmgr.exe
.exe windows:10 windows x64 arch:x64

f0d765e7f4af0838c7594ea25213ae09

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c4:2f:e6:0a:06:8a:3b:52:18:62:bb:c1:31:f3:6a:b8:a1:a3:36:a9:10:5a:c7:65:b6:97:c8:24:2e:88:48:41
Signer

Actual PE Digest

c4:2f:e6:0a:06:8a:3b:52:18:62:bb:c1:31:f3:6a:b8:a1:a3:36:a9:10:5a:c7:65:b6:97:c8:24:2e:88:48:41

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Taskmgr.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o_round
_o_sqrtf
_o_terminate
_o_tolower
_o_towupper
_o_wcstod
_o_wcstok_s
_o_wcstol
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
_o_abort
_o__wtol
_o__wtoi
_o_memcpy_s
memmove
_o_malloc
_o_iswspace
_o_iswdigit
_o_iswalpha
_o_isdigit
_o_free
_o_realloc
_o_floorf
_o_floor
_o_exit
_o__wcsnicmp
_o_ceilf
_o_ceil
_o_bsearch
_o__wcsicmp
_CxxThrowException
__CxxFrameHandler3
strchr
wcsrchr
wcschr
wcsstr
__std_type_info_compare
__std_terminate
__CxxFrameHandler4
_o__ui64tow_s
_o__strnicmp
_o__stricmp
_o__set_new_mode
_o__set_fmode
_o__set_errno
_o__set_app_type
_o__seh_filter_exe
_o__register_onexit_function
_o__purecall
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o__i64tow_s
_o__get_wide_winmain_command_line
_o__get_errno
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___acrt_iob_func
_o____lc_codepage_func
__RTDynamicCast
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
strcmp
wcscmp

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetExitCodeThread
CreateProcessW
GetCurrentProcess
SetPriorityClass
ProcessIdToSessionId
CreateThread
SetProcessShutdownParameters
GetProcessTimes
TerminateProcess
GetCurrentThreadId
GetStartupInfoW
OpenProcessToken
GetCurrentThread
SetThreadPriority
GetThreadPriority
GetPriorityClass
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount64
GetComputerNameExW
GetSystemInfo
GlobalMemoryStatusEx
GetSystemTimeAsFileTime
GetLocalTime
GetLogicalProcessorInformationEx
GetSystemTime
GetVersionExW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

GetErrorMode
UnhandledExceptionFilter
SetErrorMode
GetLastError
SetUnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-processthreads-l1-1-1

OpenProcess
GetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
GetModuleHandleW
LoadLibraryExW
LoadStringW
GetModuleFileNameW
GetModuleFileNameA
FreeLibrary

api-ms-win-core-synch-l1-1-0

CreateMutexExW
AcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
WaitForSingleObjectEx
ResetEvent
OpenSemaphoreW
CreateEventW
SetEvent
OpenEventW
CreateSemaphoreExW
CreateEventExW
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
CreateMutexW
TryEnterCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseMutex
InitializeSRWLock
DeleteCriticalSection
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
ReleaseSemaphore

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
TrySubmitThreadpoolCallback

api-ms-win-core-heap-l1-1-0

HeapSize
HeapReAlloc
GetProcessHeap
HeapSetInformation
HeapFree
HeapAlloc

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister
EventActivityIdControl

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
GetLocaleInfoEx
FormatMessageW
GetThreadPreferredUILanguages
GetThreadUILanguage
FormatMessageA

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegGetValueW
RegOpenKeyExW
RegEnumValueW
RegNotifyChangeKeyValue
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
RegCreateKeyExW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
Sleep
InitOnceBeginInitialize

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
GetTokenInformation
IsWellKnownSid
EqualSid
CreateWellKnownSid
SetTokenInformation
GetLengthSid
AllocateAndInitializeSid
CopySid
CheckTokenMembership
FreeSid

api-ms-win-core-sysinfo-l1-2-0

GetSystemFirmwareTable
GetNativeSystemInfo

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-io-l1-1-1

CancelSynchronousIo

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

oleaut32

SysStringLen
SafeArrayPutElement
SafeArrayDestroy
SafeArrayCreateVector
GetErrorInfo
SetErrorInfo
SysAllocString
SysFreeString
VariantClear
VariantInit

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-core-file-l1-1-0

FindNextFileW
FindFirstFileW
FindClose
FindNextChangeNotification
FindFirstChangeNotificationW
GetDriveTypeW
GetFileType
GetFileAttributesExW
CompareFileTime
ReadFile
FlushFileBuffers
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
FindCloseChangeNotification
GetLongPathNameW
QueryDosDeviceW
GetLogicalDriveStringsW
CreateFileW
GetFileSizeEx
CreateDirectoryW
WriteFile

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
GetCurrentDirectoryW

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-memory-l1-1-1

VirtualUnlock
SetProcessWorkingSetSize

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-core-string-l1-1-0

CompareStringEx
CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-path-l1-1-0

PathCchCanonicalize
PathCchAppend
PathCchCombine

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-string-l2-1-0

CharLowerW
CharUpperBuffW

api-ms-win-core-memory-l1-1-0

ReadProcessMemory

api-ms-win-core-datetime-l1-1-2

GetDurationFormatEx

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

rpcrt4

UuidCreate

api-ms-win-core-sysinfo-l1-2-2

GetProcessorSystemCycleTime

api-ms-win-core-processtopology-l1-1-0

GetProcessGroupAffinity

api-ms-win-core-sysinfo-l1-2-1

GetPhysicallyInstalledSystemMemory

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-processthreads-l1-1-3

GetProcessInformation
SetProcessInformation

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
MulDiv

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW
SetSecurityInfo

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer
QueueUserWorkItem

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsPrefixW
PathIsRelativeW
PathRemoveBackslashW
PathGetArgsW
SHExpandEnvironmentStringsW
PathRemoveBlanksW
PathRemoveExtensionW
PathFileExistsW
PathStripPathW

api-ms-win-perf-legacy-l1-1-0

PerfQueryCounterData
PerfCloseQueryHandle
PerfOpenQueryHandle
PerfAddCounters

api-ms-win-core-sidebyside-l1-1-0

DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
CreateActCtxW
ActivateActCtx

api-ms-win-core-windowserrorreporting-l1-1-3

RegisterApplicationRestart

api-ms-win-core-pcw-l1-1-0

PcwCreateQuery
PcwAddQueryItem
PcwCollectData

nsi

NsiGetParameter
NsiGetAllParameters

api-ms-win-core-atoms-l1-1-0

DeleteAtom
AddAtomW

comctl32

ImageList_CoCreateInstance

ntdll

NtQuerySystemInformation
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryInformationProcess
NtSystemDebugControl
NtSetInformationFile
RtlSecondsSince1970ToTime
ZwQueryWnfStateData
EtwCheckCoverage
NtQueryInformationThread
RtlInitUnicodeString
NtQueryTimerResolution
NtQueryObject
NtQueryInformationFile
RtlIpv4AddressToStringExW
RtlIpv6AddressToStringExW
RtlNtStatusToDosError
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
LdrQueryProcessModuleInformation
RtlImageNtHeader
RtlFreeHeap
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
NtQueryInformationToken
NtOpenFile
RtlCheckPortableOperatingSystem
RtlAllocateHeap
RtlTimeToElapsedTimeFields
NtPowerInformation
RtlNumberOfSetBitsUlongPtr
NtSetInformationProcess

shlwapi

StrStrW
ord437
PathIsNetworkPathW
AssocQueryStringW
ord16
ord176
StrTrimW
StrRetToBufW
ord278
SHCreateStreamOnFileEx
PathRemoveArgsW
StrRChrIW
ord219
ord199
ord548
StrToIntExW
SHCreateStreamOnFileW
ord618
StrStrIW

shell32

CommandLineToArgvW
DuplicateIcon
SHGetKnownFolderPath
SHEvaluateSystemCommandTemplate
ShellExecuteW
ShellExecuteExW
ord75
SHParseDisplayName
ord61
SHGetStockIconInfo
ord155
SHGetKnownFolderItem
Shell_GetCachedImageIndexW
ord727
SHGetKnownFolderIDList
ord2
ord4
SHGetIDListFromObject
SHGetFileInfoW
SHGetPropertyStoreForWindow
Shell_NotifyIconW
SHBindToParent
SHOpenFolderAndSelectItems

credui

CredUIPromptForCredentialsW

gdi32

SetBkColor
CreateRectRgn
CreateDIBSection
D3DKMTQueryAdapterInfo
D3DKMTOpenAdapterFromLuid
D3DKMTCloseAdapter
ExcludeClipRect
CreateFontIndirectW
Rectangle
LineTo
MoveToEx
CreatePen
SetBrushOrgEx
SetStretchBltMode
CreateBitmap
SelectObject
CreateCompatibleDC
GetObjectW
GetTextExtentPointW
GetStockObject
SetTextColor
StretchBlt
SetBkMode
CreateSolidBrush
GetDeviceCaps
DeleteDC
DeleteObject
GdiAlphaBlend
BitBlt
GetCurrentObject

user32

DialogBoxParamW
GetParent
GetForegroundWindow
InsertMenuW
CreatePopupMenu
TrackPopupMenuEx
RedrawWindow
SetWindowLongPtrW
GetWindowLongPtrW
GetCursorPos
CloseGestureInfoHandle
GetGestureInfo
SetGestureConfig
TrackMouseEvent
GetSysColor
SystemParametersInfoW
CopyRect
EqualRect
IsZoomed
ReleaseDC
GetIconInfo
CreateIconIndirect
DestroyMenu
RemoveMenu
LoadMenuW
MapWindowPoints
DestroyIcon
LoadImageW
GetWindowLongW
GetKeyState
GetSystemMetrics
KillTimer
PostQuitMessage
DestroyWindow
IsWindowEnabled
OpenIcon
SetFocus
IsWindow
GetFocus
IsIconic
ScreenToClient
SetTimer
LoadIconW
DefWindowProcW
SendMessageW
PostMessageW
GetClientRect
UpdateWindow
GetDC
ShowWindow
GetMenu
SetMenu
ChangeWindowMessageFilterEx
SetForegroundWindow
CreateWindowInBand
SetLayeredWindowAttributes
CreateWindowExW
RegisterClassExW
CheckMenuRadioItem
GetSubMenu
GetWindowTextLengthW
GetMenuItemCount
CheckMenuItem
EnableMenuItem
GetScrollPos
SetWindowPos
GetMonitorInfoW
MonitorFromPoint
GetWindowRect
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
MessageBoxW
SendMessageTimeoutW
AllowSetForegroundWindow
GetWindowThreadProcessId
FindWindowW
EnumDesktopsW
GetProcessWindowStation
GetDpiAwarenessContextForProcess
AreDpiAwarenessContextsEqual
GetGuiResources
GetPropW
InternalGetWindowText
GetWindowBand
ord2574
GetWindowCompositionAttribute
ord2573
ord2569
RegisterWindowMessageW
SetWindowLongW
SetPropW
RemovePropW
MonitorFromWindow
SendInput
GetWindowPlacement
ReleaseCapture
SetWindowRgn
GetAncestor
SetClassLongPtrW
SetCapture
GetKeyboardState
GetNextDlgTabItem
CreateDialogParamW
SetMenuInfo
SetWindowTextW
ord2521
AppendMenuW
GetMenuItemInfoW
GetMenuState
SetMenuDefaultItem
MsgWaitForMultipleObjectsEx
PeekMessageW
CopyIcon
UnregisterClassW
RegisterDeviceNotificationW
UnregisterDeviceNotification
GetClassLongPtrW
CloseDesktop
GetClassNameW
GetWindow
IsWindowVisible
GhostWindowFromHungWindow
IsHungAppWindow
HungWindowFromGhostWindow
OpenDesktopW
GetThreadDesktop
PtInRect
GetMessagePos
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
InvalidateRect
TrackPopupMenu
GetCurrentInputMessageSource
GetDoubleClickTime
SetDlgItemTextW
EndDialog
ShowWindowAsync
GetLastActivePopup
MessageBeep
SwitchToThisWindow
GetDlgItem
GetDlgItemTextW
GetWindowTextW
DeleteMenu
EnableWindow
SetThreadDesktop
DrawIconEx
DrawTextW
EnumWindows
WindowFromDC
WindowFromPoint
GetMenuInfo
SetMenuItemInfoW
SetMessageExtraInfo
GetMessageExtraInfo
GetDpiForSystem
GetWindowDpiAwarenessContext
DrawTextExW
GetDpiForWindow
EnumDesktopWindows
GetMenuItemID

duser

ForwardGadgetMessage
GetGadgetRect
SetGadgetStyle

dui70

InitThread
UnInitThread
UnInitProcessPriv
?GetKeyFocusedElement@HWNDElement@DirectUI@@SAPEAVElement@2@XZ
?CreateGraphic@Value@DirectUI@@SAPEAV12@PEAUHICON__@@_N11@Z
?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z
?ContentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?Release@Value@DirectUI@@QEAAXXZ
?GetRootRelativeBounds@Element@DirectUI@@QEAAJPEAUtagRECT@@@Z
?GetRoot@Element@DirectUI@@QEAAPEAV12@XZ
?IsRTL@Element@DirectUI@@QEAA_NXZ
?GetExtent@Element@DirectUI@@QEAAPEBUtagSIZE@@PEAPEAVValue@2@@Z
?GetDisplayNode@Element@DirectUI@@QEAAPEAUHGADGET__@@XZ
InitProcessPriv
?SetContentAlign@Element@DirectUI@@QEAAJH@Z
?GetBorderThickness@Element@DirectUI@@QEAAPEBUtagRECT@@PEAPEAVValue@2@@Z
?SetX@Element@DirectUI@@QEAAJH@Z
?GetParent@Element@DirectUI@@QEAAPEAV12@XZ
?GetLocation@Element@DirectUI@@QEAAPEBUtagPOINT@@PEAPEAVValue@2@@Z
?GetClassInfoPtr@HWNDElement@DirectUI@@SAPEAUIClassInfo@2@XZ
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
StrToID
?SetForegroundColor@Element@DirectUI@@QEAAJK@Z
?ForegroundProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?SetBackgroundColor@Element@DirectUI@@QEAAJK@Z
?BackgroundProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?SetBorderColor@Element@DirectUI@@QEAAJK@Z
?RemoveLocalValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZ@Z
?GetPadding@Element@DirectUI@@QEAAPEBUtagRECT@@PEAPEAVValue@2@@Z
??0HWNDElement@DirectUI@@QEAA@XZ
?Initialize@NativeHWNDHost@DirectUI@@QEAAJPEBGPEAUHWND__@@PEAUHICON__@@HHHHHHI@Z
??0NativeHWNDHost@DirectUI@@QEAA@XZ
??1NativeHWNDHost@DirectUI@@UEAA@XZ
?CreateHostWindow@NativeHWNDHost@DirectUI@@UEAAPEAUHWND__@@KPEBG0KHHHHPEAU3@PEAUHMENU__@@PEAUHINSTANCE__@@PEAX@Z
?KeyWithinProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?Destroy@Layout@DirectUI@@QEAAXXZ
?SetLayout@Element@DirectUI@@QEAAJPEAVLayout@2@@Z
?Create@GridLayout@DirectUI@@SAJHHPEAPEAVLayout@2@@Z
??0IProvider@DirectUI@@QEAA@XZ
?AdviseEventRemoved@ElementProvider@DirectUI@@UEAAJHPEAUtagSAFEARRAY@@@Z
?AdviseEventAdded@ElementProvider@DirectUI@@UEAAJHPEAUtagSAFEARRAY@@@Z
?get_FragmentRoot@ElementProvider@DirectUI@@UEAAJPEAPEAUIRawElementProviderFragmentRoot@@@Z
?SetFocus@ElementProvider@DirectUI@@UEAAJXZ
?GetEmbeddedFragmentRoots@ElementProvider@DirectUI@@UEAAJPEAPEAUtagSAFEARRAY@@@Z
?get_BoundingRectangle@ElementProvider@DirectUI@@UEAAJPEAUUiaRect@@@Z
?GetRuntimeId@ElementProvider@DirectUI@@UEAAJPEAPEAUtagSAFEARRAY@@@Z
?Navigate@ElementProvider@DirectUI@@UEAAJW4NavigateDirection@@PEAPEAUIRawElementProviderFragment@@@Z
?ShowContextMenu@ElementProvider@DirectUI@@UEAAJXZ
?get_HostRawElementProvider@ElementProvider@DirectUI@@UEAAJPEAPEAUIRawElementProviderSimple@@@Z
?get_ProviderOptions@ElementProvider@DirectUI@@UEAAJPEAW4ProviderOptions@@@Z
?TossElement@ElementProvider@DirectUI@@UEAAXXZ
?QueryInterface@ElementProvider@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?Create@ElementProvider@DirectUI@@SAJPEAVElement@2@PEAVInvokeHelper@2@PEAPEAV12@@Z
?Create@HWNDElementProvider@DirectUI@@SAJPEAVHWNDElement@2@PEAVInvokeHelper@2@PEAPEAV12@@Z
?Find@ElementProviderManager@DirectUI@@SAPEAVElementProvider@2@PEAVElement@2@@Z
??0ProviderProxy@DirectUI@@IEAA@XZ
??0ElementProxy@DirectUI@@IEAA@XZ
??1ElementProvider@DirectUI@@UEAA@XZ
??0RefcountBase@DirectUI@@QEAA@XZ
??0ElementProvider@DirectUI@@QEAA@XZ
?GetInvokeHelper@InvokeManager@DirectUI@@SAJPEAPEAVInvokeHelper@2@@Z
?Init@ProviderProxy@DirectUI@@MEAAXPEAVElement@2@@Z
?CreatePatternProvider@Schema@DirectUI@@SAJW4Pattern@12@PEAVElementProvider@2@PEAPEAUIUnknown@@@Z
?IsPatternSupported@ElementProxy@DirectUI@@IEAAJW4Pattern@Schema@2@PEA_N@Z
?AddRef@ElementProvider@DirectUI@@UEAAKXZ
?TossPatternProvider@ElementProvider@DirectUI@@QEAAXW4Pattern@Schema@2@@Z
??1RefcountBase@DirectUI@@UEAA@XZ
?DoInvokeArgs@ElementProvider@DirectUI@@QEAAJHP6APEAVProviderProxy@2@PEAVElement@2@@ZPEAD@Z
?GetElement@ElementProvider@DirectUI@@UEAAPEDVElement@2@XZ
?AddRef@RefcountBase@DirectUI@@QEAAJXZ
?Release@RefcountBase@DirectUI@@QEAAJXZ
?Init@ElementProxy@DirectUI@@MEAAXPEAVElement@2@@Z
?DoMethod@ElementProxy@DirectUI@@UEAAJHPEAD@Z
?GetProperty@ElementProxy@DirectUI@@IEAAJPEAUtagVARIANT@@H@Z
?Release@ElementProvider@DirectUI@@UEAAKXZ
?Init@ElementProvider@DirectUI@@MEAAJPEAVElement@2@PEAVInvokeHelper@2@@Z
??1AutoLock@DirectUI@@QEAA@XZ
??0AutoLock@DirectUI@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
?DoInvoke@ElementProvider@DirectUI@@IEAAJHZZ
?PatternFromPatternId@Schema@DirectUI@@SA?AW4Pattern@12@H@Z
?NameProperty@Schema@DirectUI@@2HA
?DataGridControlType@Schema@DirectUI@@2HA
?SelectionPattern@Schema@DirectUI@@2HA
?TablePattern@Schema@DirectUI@@2HA
HrSysAllocString
?GetPropertyValue@ElementProvider@DirectUI@@UEAAJHPEAUtagVARIANT@@@Z
?InvokePattern@Schema@DirectUI@@2HA
?TableItemPattern@Schema@DirectUI@@2HA
?IsControlElementProperty@Schema@DirectUI@@2HA
?IsContentElementProperty@Schema@DirectUI@@2HA
?TreeItemControlType@Schema@DirectUI@@2HA
?ListItemControlType@Schema@DirectUI@@2HA
?ControlTypeProperty@Schema@DirectUI@@2HA
?GridPattern@Schema@DirectUI@@2HA
?SelectionItemPattern@Schema@DirectUI@@2HA
?ExpandCollapsePattern@Schema@DirectUI@@2HA
?GridItemPattern@Schema@DirectUI@@2HA
?UiaRaiseAutomationPropertyChangedEvent@Schema@DirectUI@@2P6AJPEAUIRawElementProviderSimple@@HUtagVARIANT@@1@ZEA
?GetAccessible@Element@DirectUI@@QEAA_NXZ
?WantPropertyEvent@EventManager@DirectUI@@SA_NH@Z
?FWantAnyEvent@EventManager@DirectUI@@SA_NPEAVElement@2@@Z
GetScaleFactor
??0ScrollViewer@DirectUI@@QEAA@XZ
??1ScrollViewer@DirectUI@@UEAA@XZ
?OnPropertyChanging@BaseScrollViewer@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@ScrollViewer@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnEvent@BaseScrollViewer@DirectUI@@UEAAXPEAUEvent@2@@Z
?Add@BaseScrollViewer@DirectUI@@UEAAJPEAPEAVElement@2@I@Z
?CreateScrollBars@ScrollViewer@DirectUI@@MEAAJXZ
?AddChildren@ScrollViewer@DirectUI@@MEAAJXZ
?OnListenerAttach@BaseScrollViewer@DirectUI@@UEAAXPEAVElement@2@@Z
?OnListenerDetach@BaseScrollViewer@DirectUI@@UEAAXPEAVElement@2@@Z
?OnListenedPropertyChanging@BaseScrollViewer@DirectUI@@UEAA_NPEAVElement@2@PEBUPropertyInfo@2@HPEAVValue@2@2@Z
?OnListenedPropertyChanged@ScrollViewer@DirectUI@@UEAAXPEAVElement@2@PEBUPropertyInfo@2@HPEAVValue@2@2@Z
?OnListenedInput@BaseScrollViewer@DirectUI@@UEAAXPEAVElement@2@PEAUInputEvent@2@@Z
?OnListenedEvent@BaseScrollViewer@DirectUI@@UEAAXPEAVElement@2@PEAUEvent@2@@Z
?GetClassInfoPtr@ScrollViewer@DirectUI@@SAPEAUIClassInfo@2@XZ
?Initialize@BaseScrollViewer@DirectUI@@QEAAJPEAVElement@2@PEAK@Z
?Register@ScrollViewer@DirectUI@@SAJXZ
?OnInput@BaseScrollViewer@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?GetXScrollable@BaseScrollViewer@DirectUI@@QEAA_NXZ
?GetHScroll@ScrollViewer@DirectUI@@MEAAPEAVBaseScrollBar@2@XZ
?GetVScroll@ScrollViewer@DirectUI@@MEAAPEAVBaseScrollBar@2@XZ
?OnReceivedDialogFocus@Button@DirectUI@@UEAA_NPEAUIDialogElement@2@@Z
?OnLostDialogFocus@Button@DirectUI@@UEAA_NPEAUIDialogElement@2@@Z
?DefaultAction@Button@DirectUI@@UEAAJXZ
?OnInput@Button@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?GetClassInfoPtr@Button@DirectUI@@SAPEAUIClassInfo@2@XZ
??1Button@DirectUI@@UEAA@XZ
??0Button@DirectUI@@QEAA@XZ
?Register@Button@DirectUI@@SAJXZ
?KeyFocusedProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?OnPropertyChanged@Button@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?MouseWithinProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?GetBackgroundColor@Element@DirectUI@@QEAAPEBUFill@2@PEAPEAVValue@2@@Z
?Initialize@Button@DirectUI@@QEAAJIPEAVElement@2@PEAK@Z
?SetFontStyle@Element@DirectUI@@QEAAJH@Z
?SetFontWeight@Element@DirectUI@@QEAAJH@Z
?GetFontWeight@Element@DirectUI@@QEAAHXZ
?GetMouseWithin@Element@DirectUI@@QEAA_NXZ
?SetActive@Element@DirectUI@@QEAAJH@Z
?SetID@Element@DirectUI@@QEAAJPEBG@Z
?SetPressed@Button@DirectUI@@QEAAJ_N@Z
?GetBoolFalse@Value@DirectUI@@SAPEAV12@XZ
?GetContentString@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?SetAnimation@Element@DirectUI@@QEAAJH@Z
?HeightProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?LayoutPosProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?HasPadding@Element@DirectUI@@QEAA_NXZ
?HasBorder@Element@DirectUI@@QEAA_NXZ
?GetType@Value@DirectUI@@QEBAHXZ
?CustomProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@P6APEBUPropertyInfo@2@XZHPEAUUpdateCache@2@@Z
?SetClass@Element@DirectUI@@QEAAJPEBG@Z
?CreateInt@Value@DirectUI@@SAPEAV12@HW4DynamicScaleValue@@@Z
?OnNotify@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnPropertyChanged@HWNDHost@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetClassInfoPtr@HWNDHost@DirectUI@@SAPEAUIClassInfo@2@XZ
?Register@HWNDHost@DirectUI@@SAJXZ
?OnInput@HWNDHost@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?Release@Element@DirectUI@@QEAAKXZ
?Initialize@HWNDHost@DirectUI@@QEAAJIIPEAVElement@2@PEAK@Z
??1HWNDHost@DirectUI@@UEAA@XZ
??0HWNDHost@DirectUI@@QEAA@XZ
?GetEnabled@Element@DirectUI@@QEAA_NXZ
?SetAccName@Element@DirectUI@@QEAAJPEBG@Z
?GetDPI@Element@DirectUI@@QEAAHXZ
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?UpdateSheets@DUIXmlParser@DirectUI@@QEAAJPEAVElement@2@@Z
?SetRootWindowForTheming@DUIXmlParser@DirectUI@@QEAAXPEAUHWND__@@@Z
?SetMinSize@Element@DirectUI@@QEAAJHH@Z
?IsDescendent@Element@DirectUI@@QEAA_NPEAV12@@Z
?Add@Element@DirectUI@@QEAAJPEAV12@@Z
?SetAccDesc@Element@DirectUI@@QEAAJPEBG@Z
?SetTooltip@Element@DirectUI@@QEAAJ_N@Z
?GetClassInfoPtr@Expando@DirectUI@@SAPEAUIClassInfo@2@XZ
??0Element@DirectUI@@QEAA@XZ
?_PostEvent@Element@DirectUI@@AEAAXPEAUEvent@2@H@Z
?Register@Element@DirectUI@@SAJXZ
?SetXScrollable@BaseScrollViewer@DirectUI@@QEAAJ_N@Z
?SetPadding@Element@DirectUI@@QEAAJHHHH@Z
?SetXOffset@BaseScrollViewer@DirectUI@@QEAAJH@Z
?XOffsetProp@BaseScrollViewer@DirectUI@@SAPEBUPropertyInfo@2@XZ
?ShiftChild@Element@DirectUI@@QEAAJII@Z
?GetForegroundColor@Element@DirectUI@@QEAAPEBUFill@2@PEAPEAVValue@2@@Z
?Initialize@Element@DirectUI@@QEAAJIPEAV12@PEAK@Z
?Insert@Element@DirectUI@@QEAAJPEAV12@I@Z
?Remove@Element@DirectUI@@QEAAJPEAV12@@Z
?GetSize@Value@DirectUI@@QEAAPEBUtagSIZE@@XZ
?ExtentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?OnInput@Element@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?IsDestroyed@Element@DirectUI@@QEAA_NXZ
?GetDesiredSize@Element@DirectUI@@QEAAPEBUtagSIZE@@XZ
??1DCSurface@DirectUI@@UEAA@XZ
??0DCSurface@DirectUI@@QEAA@PEAUHDC__@@@Z
?SetValue@Element@DirectUI@@QEAAJPEBUPropertyInfo@2@HPEAVValue@2@@Z
?SetAccValue@Element@DirectUI@@QEAAJPEBG@Z
?RemoveListener@Element@DirectUI@@QEAAXPEAUIElementListener@2@@Z
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
?Init@NavReference@DirectUI@@QEAAXPEAVElement@2@PEAUtagRECT@@@Z
?GetKeyWithin@Element@DirectUI@@QEAA_NXZ
?GetInt@Value@DirectUI@@QEAAHXZ
?GetWidth@Element@DirectUI@@QEAAHXZ
?SetWidth@Element@DirectUI@@QEAAJH@Z
?SetBorderStyle@Element@DirectUI@@QEAAJH@Z
?OnEvent@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?AddListener@Element@DirectUI@@QEAAJPEAUIElementListener@2@@Z
??1Element@DirectUI@@UEAA@XZ
?OnPropertyChanged@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnDestroy@Element@DirectUI@@UEAAXXZ
?GetAccessibleImpl@Element@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?ExpandCollapse_ExpandCollapseState_Property@Schema@DirectUI@@2HA
?SetSelected@Element@DirectUI@@QEAAJ_N@Z
?CreateBool@Value@DirectUI@@SAPEAV12@_N@Z
?SetExpanded@Expandable@DirectUI@@QEAAJ_N@Z
?GetExpanded@Expandable@DirectUI@@QEAA_NXZ
?SortChildren@Element@DirectUI@@QEAAJP6AHPEBX0@Z@Z
?GetBool@Value@DirectUI@@QEAA_NXZ
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@PEBUPropertyInfo@2@HPEAUUpdateCache@2@@Z
?GetVisible@Element@DirectUI@@QEAA_NXZ
?HasChildren@Element@DirectUI@@QEAA_NXZ
?GetChildren@Element@DirectUI@@QEAAPEAV?$DynamicArray@PEAVElement@DirectUI@@$0A@@2@PEAPEAVValue@2@@Z
?GetClassInfoPtr@Element@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClass@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?GetIndex@Element@DirectUI@@QEAAHXZ
??1CCListView@DirectUI@@UEAA@XZ
?PostCreate@CCBase@DirectUI@@MEAAXPEAUHWND__@@@Z
?OnReceivedDialogFocus@CCBase@DirectUI@@UEAA_NPEAUIDialogElement@2@@Z
?OnLostDialogFocus@CCBase@DirectUI@@UEAA_NPEAUIDialogElement@2@@Z
?OnCustomDraw@CCBase@DirectUI@@UEAA_NPEAUtagNMCUSTOMDRAWINFO@@PEA_J@Z
?EraseBkgnd@HWNDHost@DirectUI@@MEAA_NPEAUHDC__@@PEA_J@Z
?SetWindowDirection@HWNDHost@DirectUI@@UEAAXPEAUHWND__@@@Z
?OnWindowStyleChanged@HWNDHost@DirectUI@@UEAAX_KPEBUtagSTYLESTRUCT@@@Z
?OnCtrlThemeChanged@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnSinkThemeChanged@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnSysChar@HWNDHost@DirectUI@@UEAA_NG@Z
?DefaultAction@CCBase@DirectUI@@UEAAJXZ
?GetAccessibleImpl@HWNDHost@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?GetKeyFocused@HWNDHost@DirectUI@@UEAA_NXZ
?RemoveTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?ActivateTooltip@Element@DirectUI@@MEAAXPEAV12@K@Z
?UpdateTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?OnUnHosted@HWNDHost@DirectUI@@MEAAXPEAVElement@2@@Z
?OnHosted@HWNDHost@DirectUI@@MEAAXPEAVElement@2@@Z
?MessageCallback@HWNDHost@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?GetContentSize@CCListView@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@HWNDHost@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnEvent@HWNDHost@DirectUI@@UEAAXPEAUEvent@2@@Z
?OnDestroy@HWNDHost@DirectUI@@UEAAXXZ
?OnGroupChanged@Element@DirectUI@@UEAAXH_N@Z
?OnPropertyChanged@CCBase@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetClassInfoPtr@CCListView@DirectUI@@SAPEAUIClassInfo@2@XZ
?Register@CCListView@DirectUI@@SAJXZ
?SetBorderThickness@Element@DirectUI@@QEAAJHHHH@Z
?OnInput@CCBase@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?SetKeyFocus@HWNDHost@DirectUI@@UEAAXXZ
?OnNotify@CCBase@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnMessage@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnAdjustWindowSize@HWNDHost@DirectUI@@UEAAHHHI@Z
?GetHWND@HWNDHost@DirectUI@@UEAAPEAUHWND__@@XZ
?SetWinStyle@CCBase@DirectUI@@QEAAJH@Z
?Initialize@CCListView@DirectUI@@QEAAJIPEAVElement@2@PEAK@Z
?CreateHWND@CCBase@DirectUI@@UEAAPEAUHWND__@@PEAU3@@Z
??0CCListView@DirectUI@@QEAA@XZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UEBAXXZ
?GetChildren@ClassInfoBase@DirectUI@@UEBAHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UEAAXXZ
?AddChild@ClassInfoBase@DirectUI@@UEAAXXZ
?IsGlobal@ClassInfoBase@DirectUI@@UEBA_NXZ
?GetModule@ClassInfoBase@DirectUI@@UEBAPEAUHINSTANCE__@@XZ
?IsSubclassOf@ClassInfoBase@DirectUI@@UEBA_NPEAUIClassInfo@2@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UEBA_NPEBUPropertyInfo@2@@Z
?GetName@ClassInfoBase@DirectUI@@UEBAPEBGXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UEBAIXZ
?GetPICount@ClassInfoBase@DirectUI@@UEBAIXZ
?GetByClassIndex@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?Release@ClassInfoBase@DirectUI@@UEAAHXZ
?AddRef@ClassInfoBase@DirectUI@@UEAAXXZ
?_OnUIStateChanged@HWNDElement@DirectUI@@MEAAXGG@Z
?GetWindowClassNameAndStyle@HWNDElement@DirectUI@@UEAAXPEAPEBGPEAI@Z
?CanSetFocus@HWNDElement@DirectUI@@UEAA_NXZ
?OnCompositionChanged@HWNDElement@DirectUI@@UEAAXXZ
?OnWmSettingChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnWmThemeChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnGetDlgCode@HWNDElement@DirectUI@@UEAAXPEAUtagMSG@@PEA_J@Z
?OnNoChildWithShortcutFound@HWNDElement@DirectUI@@UEAAXPEAUKeyboardEvent@2@@Z
?OnImmersiveColorSchemeChanged@HWNDElement@DirectUI@@UEAAXXZ
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?GetAccessibleImpl@HWNDElement@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?RemoveTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?UpdateTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnGroupChanged@HWNDElement@DirectUI@@UEAAXH_N@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@HWNDElement@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
??1ClassInfoBase@DirectUI@@UEAA@XZ
??0ClassInfoBase@DirectUI@@QEAA@XZ
?Initialize@ClassInfoBase@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG_NPEBQEBUPropertyInfo@2@I@Z
?Register@ClassInfoBase@DirectUI@@QEAAJXZ
?ClassExist@ClassInfoBase@DirectUI@@SA_NPEAPEAUIClassInfo@2@PEBQEBUPropertyInfo@2@IPEAU32@PEAUHINSTANCE__@@PEBG_N@Z
??1CritSecLock@DirectUI@@QEAA@XZ
?GetFactoryLock@Element@DirectUI@@SAPEAU_RTL_CRITICAL_SECTION@@XZ
??0CritSecLock@DirectUI@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
?Register@HWNDElement@DirectUI@@SAJXZ
?OnThemeChanged@HWNDElement@DirectUI@@UEAAXPEAUThemeChangedEvent@2@@Z
?SetHeight@Element@DirectUI@@QEAAJH@Z
?GetLayoutPos@Element@DirectUI@@QEAAHXZ
?ActivateTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@K@Z
EnableAnimations
?StartNavigate@Browser@DirectUI@@SA?AVUID@@XZ
DisableAnimations
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?Host@NativeHWNDHost@DirectUI@@QEAAXPEAVElement@2@@Z
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?SetAccRole@Element@DirectUI@@QEAAJH@Z
?SetAccessible@Element@DirectUI@@QEAAJ_N@Z
?Initialize@HWNDElement@DirectUI@@QEAAJPEAUHWND__@@_NIPEAVElement@2@PEAK@Z
?GetHWND@NativeHWNDHost@DirectUI@@QEAAPEAUHWND__@@XZ
?Create@NativeHWNDHost@DirectUI@@SAJPEBGPEAUHWND__@@PEAUHICON__@@HHHHHHIPEAPEAV12@@Z
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?OnDestroy@HWNDElement@DirectUI@@UEAAXXZ
?OnEvent@HWNDElement@DirectUI@@UEAAXPEAUEvent@2@@Z
?KeyboardNavigate@Element@DirectUI@@SA?AVUID@@XZ
?GetID@Element@DirectUI@@QEAAGXZ
?SetFocus@HWNDElement@DirectUI@@QEAAX_N@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?OnInput@HWNDElement@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?FireEvent@Element@DirectUI@@QEAAXPEAUEvent@2@_N1@Z
?Click@Button@DirectUI@@SA?AVUID@@XZ
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?EndDefer@Element@DirectUI@@QEAAXK@Z
?StartDefer@Element@DirectUI@@QEAAXPEAK@Z
?GetHWND@HWNDElement@DirectUI@@UEAAPEAUHWND__@@XZ
?WndProc@HWNDElement@DirectUI@@UEAA_JPEAUHWND__@@I_K_J@Z
?Destroy@NativeHWNDHost@DirectUI@@QEAAXXZ
??1HWNDElement@DirectUI@@UEAA@XZ

uxtheme

ord142
SetWindowTheme
ord141
ord135
GetThemeColor
GetThemeInt
ord132
OpenThemeData
EndPanningFeedback
BeginPanningFeedback
CloseThemeData
UpdatePanningFeedback

dwmapi

DwmSetWindowAttribute

api-ms-win-core-appcompat-l1-1-1

BaseReadAppCompatDataForProcess
BaseFreeAppCompatDataForProcess

pdh

PdhCollectQueryData
PdhCloseQuery
PdhAddCounterW
PdhOpenQueryW
PdhGetRawCounterArrayW
PdhGetFormattedCounterArrayW

dxcore

DXCoreCreateAdapterFactory

dxgi

DXGIDeclareAdapterRemovalSupport
CreateDXGIFactory2

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDevicePropertyW
SetupDiGetClassDevsW

d3d11

D3D11CreateDevice

d3d12

ord101

shcore

ord244
GetDpiForMonitor

kernel32

GetModuleHandleExA
GetNumberFormatW
GetActiveProcessorGroupCount
GetProcessAffinityMask
SetProcessAffinityMask
GlobalGetAtomNameW

msvcp_win

_Xtime_get_ticks
?_Xbad_function_call@std@@YAXXZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bid@locale@std@@QEAA_KXZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
_Thrd_yield
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
_Wcsxfrm
_Wcscoll
?_Incref@facet@locale@std@@UEAAXXZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1_Locinfo@std@@QEAA@XZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??0_Locinfo@std@@QEAA@PEBD@Z
?id@?$collate@G@std@@2V0locale@2@A
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
_Query_perf_counter
_Thrd_sleep
_Query_perf_frequency
?id@?$ctype@G@std@@2V0locale@2@A
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??1_Lockit@std@@QEAA@XZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Random_device@std@@YAIXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-util-l1-1-0

EncodePointer

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ThumbnailExtractionHost.exe
.exe windows:10 windows x64 arch:x64

3818a55c28e55bb5977c020321665504

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ThumbnailExtractionHost.pdb

Imports

advapi32

EventActivityIdControl
EventUnregister
RegGetValueW
RegOpenKeyExW
EventSetInformation
EventRegister
EventWriteTransfer
RegQueryInfoKeyW
RegCloseKey

kernel32

GetModuleFileNameA
InitOnceBeginInitialize
CreateSemaphoreExW
HeapFree
SetLastError
GetCommandLineW
GetCurrentProcess
ReleaseSemaphore
GetModuleHandleExW
GetModuleFileNameW
InitializeCriticalSection
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
CreateEventW
Sleep
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
SetEvent
InitOnceComplete
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
RaiseException
CreateThread
HeapAlloc
GetProcAddress
CreateMutexExW
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
LoadLibraryExW
IsDebuggerPresent
WaitForThreadpoolTimerCallbacks
DuplicateHandle
CloseThreadpoolTimer
GetCurrentThread
SetThreadpoolTimer
CreateThreadpoolTimer
ResolveDelayLoadedAPI
DelayLoadFailureHook

user32

PostThreadMessageW
GetMessageW
TranslateMessage
CharNextW
DispatchMessageW
CharUpperW
UnregisterClassA

msvcrt

?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
__CxxFrameHandler3
_commode
_fmode
_wcmdln
_initterm
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
wcsncpy_s
free
_purecall
wcscat_s
wcscpy_s
memcpy_s
_vsnwprintf
__C_specific_handler
__setusermatherr
memset

oleaut32

SysAllocString
RegisterTypeLi
SysFreeString
LoadTypeLi
SysStringLen
UnRegisterTypeLi

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TieringEngineService.exe
.exe windows:10 windows x64 arch:x64

8024b39b86b78aff74217879efd412c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

TieringEngineService.pdb

Imports

msvcrt

_wcmdln
__setusermatherr
_fmode
_initterm
__CxxFrameHandler4
_commode
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
_onexit
realloc
_CxxThrowException
_vsnwprintf
wcsncmp
_snwprintf_s
swprintf_s
wcscat_s
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
wcscpy_s
_callnewh
malloc
free
_purecall
__C_specific_handler
wcsstr
memset

ntdll

RtlSetBits
RtlInitializeBitMap
RtlCreateSystemVolumeInformationFolder
NtQueryInformationFile
NtSetInformationFile
RtlCopyUnicodeString
RtlDoesNameContainWildCards
NtFsControlFile
NtWaitForSingleObject
NtOpenFile
RtlGetThreadErrorMode
RtlSetThreadErrorMode
RtlNumberOfClearBits
RtlStringFromGUID
WinSqmEndSession
WinSqmStartSession
NtClose
RtlNtStatusToDosError
RtlGUIDFromString
RtlCompareUnicodeString
RtlInitUnicodeString
RtlCompareMemory
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
VerSetConditionMask
WinSqmAddToStreamEx

oleaut32

VariantClear
SysAllocString
VariantInit
SysFreeString

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
TraceMessage
GetTraceEnableFlags
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-com-l1-1-0

CreateStreamOnHGlobal
CoResumeClassObjects
CoRegisterClassObject
CoRevokeClassObject
CoMarshalInterface
CoSuspendClassObjects
CoInitializeEx
CoUninitialize
CoCreateInstance
CoCreateGuid
CoTaskMemFree
CoReleaseMarshalData
CoTaskMemAlloc
CoUnmarshalInterface

api-ms-win-core-synch-l1-1-0

SetEvent
ReleaseSRWLockShared
ResetEvent
CreateEventW
InitializeCriticalSection
DeleteCriticalSection
AcquireSRWLockShared
AcquireSRWLockExclusive
WaitForSingleObject
InitializeSRWLock
ReleaseSRWLockExclusive

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadStringW
GetModuleHandleW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetStartupInfoW
GetCurrentProcess
GetCurrentThreadId
CreateThread
TerminateProcess
OpenProcessToken

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
SetServiceStatus

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
SetThreadpoolTimer
CreateThreadpoolTimer
CreateThreadpoolCleanupGroup
FreeLibraryWhenCallbackReturns
CloseThreadpoolWork
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
SetThreadpoolWait
SubmitThreadpoolWork
CloseThreadpoolWait
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
CreateThreadpool
CloseThreadpool
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
WaitForThreadpoolTimerCallbacks
WaitForThreadpoolWorkCallbacks

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-processenvironment-l1-1-0

SetCurrentDirectoryW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemWindowsDirectoryW

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW

api-ms-win-core-file-l1-1-0

FindFirstFileW
GetFinalPathNameByHandleW
CreateFileW
FindClose
GetVolumePathNameW
GetFileAttributesW
CreateDirectoryW
DeleteFileW
FindNextVolumeW
FindVolumeClose
FindNextFileW
FindFirstVolumeW

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegNotifyChangeKeyValue
RegCreateKeyExW

api-ms-win-eventing-controller-l1-1-0

StartTraceW
EnableTraceEx2
ControlTraceW

api-ms-win-eventing-consumer-l1-1-0

ProcessTrace
OpenTraceW
CloseTrace

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-security-base-l1-1-0

PrivilegeCheck
AdjustTokenPrivileges

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-path-l1-1-0

PathCchStripPrefix
PathCchStripToRoot
PathCchSkipRoot
PathCchRemoveFileSpec

api-ms-win-core-file-l2-1-1

OpenFileById

api-ms-win-devices-config-l1-1-1

CM_Unregister_Notification
CM_Register_Notification

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW

esent

JetOpenTableW
JetDeleteTableW
JetSetCurrentIndexW
JetCreateDatabase2W
JetOpenDatabaseW
JetAttachDatabase2W
JetBeginSessionW
JetEndSession
JetCloseDatabase
JetCloseTable
JetInit3W
JetTerm2
JetSetSystemParameterW
JetCreateInstance2W
JetEnableMultiInstanceW
JetResetSessionContext
JetSetSessionContext
JetRollback
JetCommitTransaction
JetBeginTransaction
JetDelete
JetCreateTableColumnIndex2W
JetGetColumnInfoW
JetComputeStats
JetGetObjectInfoW
JetOpenTempTable
JetRetrieveColumns
JetSetColumns
JetPrepareUpdate
JetUpdate
JetMove
JetMakeKey
JetSeek
JetRetrieveColumn

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 268KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 532B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TokenBrokerCookies.exe
.exe windows:10 windows x64 arch:x64

9361cf9cb0c62e070708ddc6bbfd99ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

TokenBrokerCookies.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o__wtoi
_o_abort
_o_exit
_o_free
_o_iswspace
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
__std_terminate
__CxxFrameHandler4
_CxxThrowException

api-ms-win-crt-string-l1-1-0

memset
wcscmp

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
CreateSemaphoreExW
TryAcquireSRWLockExclusive
ReleaseMutex
AcquireSRWLockExclusive
WaitForSingleObject
InitializeSRWLock
ReleaseSemaphore
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

wininet

InternetSetCookieEx2

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

oleaut32

SetErrorInfo
SysFreeString
SysStringLen

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TpmInit.exe
.exe windows:10 windows x64 arch:x64

e48d9904fd3d4255b7d677c183c93f30

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

TpmInit.pdb

Imports

advapi32

RegDeleteValueW
RegOpenKeyExW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

FormatMessageW
GetLastError
CloseHandle
CreateThread
HeapSetInformation
HeapAlloc
LocalFree
GetProcessHeap
CreateProcessW
GetModuleHandleW
lstrcmpW
ExitThread
LoadLibraryExA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
CreateMutexW
GetCommandLineW
GetProcAddress
GetModuleHandleExA
HeapSize
HeapFree
RegisterApplicationRestart
ExpandEnvironmentStringsA

user32

LoadIconW
SendNotifyMessageW
EnumWindows
LoadStringW
GetParent
SetWindowTextW
SendMessageW
SetWindowLongPtrW
DestroyWindow
SetForegroundWindow
PostMessageW
GetDlgItem
GetWindowLongPtrW
GetWindowTextW

msvcrt

_vsnwprintf
_callnewh
_amsg_exit
__getmainargs
__set_app_type
exit
_acmdln
_exit
_cexit
_initterm
_ismbblead
__setusermatherr
_XcptFilter
__C_specific_handler
_wcsicmp
memcpy
wcsncat_s
wcstoul
_wsystem
memset
?terminate@@YAXXZ
wcstok
_commode
free
malloc
_fmode
wcscmp

comctl32

PropertySheetW
ord345

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

oleaut32

SafeArrayPutElement
VariantCopy
SafeArrayCreate
VariantInit
SysFreeString
SysStringByteLen
SysAllocString
SysStringLen
SafeArrayUnaccessData
SafeArrayAccessData
VariantClear

shell32

ShellExecuteExW
CommandLineToArgvW

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoInitializeEx

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TpmTool.exe
.exe windows:10 windows x64 arch:x64

4384d8fe34f1c6de41d105b74e66e8ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

TpmTool.pdb

Imports

msvcp_win

?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__fseeki64
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__localtime64
_o__lock_file
_o__memicmp
_o__mktime64
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o___stdio_common_vswprintf
memmove
_o__unlock_file
_o__wcsicmp
_o__wsystem
_o_exit
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fgetwc
_o_fputwc
_o_free
_o_fsetpos
_o_fwrite
_o_malloc
_o_setvbuf
_o_terminate
_o_ungetc
_o_ungetwc
_o_wcsftime
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler4
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf_s
_o___stdio_common_vfwprintf
memcpy

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

GetCurrentDirectoryW
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
Sleep
HeapSize
HeapReAlloc
HeapValidate
lstrlenW
GetStdHandle
SetThreadUILanguage
InitializeSListHead
GetSystemTimeAsFileTime
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
LocalFree
CreateMutexExW
GetProcAddress
HeapAlloc
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
FormatMessageA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter

ole32

CoTaskMemFree
CoUninitialize
CoInitializeEx
StringFromGUID2
CoGetObject

user32

LoadStringW
GetForegroundWindow

shell32

SHGetKnownFolderPath

advapi32

EventUnregister
EventRegister
EventWriteTransfer
EventSetInformation

tpmcoreprovisioning

TpmGatherLogs
TpmGetDeviceInformation

servicinguapi

IsFeatureInstalled
GetServicingStatus

bcrypt

BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptDecrypt
BCryptCreateHash
BCryptHashData
BCryptDestroyHash
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptEncrypt
BCryptDestroyKey
BCryptFinishHash

tbs

Tbsip_Submit_Command
Tbsip_Context_Close
Tbsi_GetDeviceInfo
Tbsi_Context_Create

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UCPDMgr.exe
.exe windows:6 windows x64 arch:x64

ef0d091a5713f275ae65cf7773878ef7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

UCPDMgr.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_errno
_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm
_invalid_parameter_noinfo

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnprintf_s
__stdio_common_vswprintf

advapi32

RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

kernel32

DeleteCriticalSection
InitializeCriticalSectionEx
RtlPcToFileHeader
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
CreateThreadpoolTimer
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
EncodePointer
RaiseException
InitializeSListHead

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureUsage
GetFeatureEnabledState
SubscribeFeatureStateChangeNotification
UnsubscribeFeatureStateChangeNotification

api-ms-win-crt-private-l1-1-0

_o___p__commode
_o___std_exception_copy
_o___std_exception_destroy
_o__calloc_base
_o__cexit
_o__configthreadlocale
_o__configure_narrow_argv
_o__crt_atexit
_o__exit
_o__free_base
_o__get_initial_narrow_environment
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__register_onexit_function
_o__seh_filter_exe
_o__set_fmode
_o__set_new_mode
_o_abort
_o_exit
_o_free
_o_terminate
_o___p___argc
_o___p___argv
_o__set_app_type

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UIMgrBroker.exe
.exe windows:10 windows x64 arch:x64

5d8463729ef51ee68bf21436728cb3bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

UIMgrBroker.pdb

Imports

user32

CreateWindowExW
DestroyWindow
GetWindowLongPtrW
TranslateMessage
DefWindowProcW
GetMessageW
RegisterClassExW
DispatchMessageW
SetWindowLongPtrW

msvcrt

_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
__CxxFrameHandler3
_cexit
memmove
?terminate@@YAXXZ
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
wcstol
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
__CxxFrameHandler4
_exit
??1type_info@@UEAA@XZ
malloc
_callnewh
_purecall
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetProcAddress
FindStringOrdinal
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
SetEvent
WaitForSingleObject
AcquireSRWLockShared
ReleaseSemaphore
CreateEventW
ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
OpenSemaphoreW
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapSetInformation
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetErrorMode
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenProcessToken
SetPriorityClass
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
CreateThread
GetStartupInfoW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoAddRefServerProcess
CoReleaseServerProcess
CoTaskMemFree
CoUninitialize
CoRevokeClassObject
CoResumeClassObjects
CoRegisterClassObject
CoInitializeEx
CoInitializeSecurity

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-security-base-l1-1-0

IsValidSid
FreeSid
GetSidSubAuthorityCount
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
GetTokenInformation
GetSidSubAuthority

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegDeleteKeyExW
RegCreateKeyExW
RegSetValueExW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrRStrIW
StrStrIW

advapi32

SetSecurityInfo

shell32

SHGetKnownFolderPath

shlwapi

SHCreateStreamOnFileEx

combase

ord69

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UPPrinterInstaller.exe
.exe windows:10 windows x64 arch:x64

c2c989fae1e751abfb7af9b5941c6880

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

upprinterinstaller.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o__wcsicmp
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
_o___stdio_common_vswprintf
__std_terminate
__CxxFrameHandler4
_CxxThrowException

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
DeleteCriticalSection
SetEvent
CreateEventW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize

api-ms-win-core-com-l1-1-0

StringFromCLSID
CoTaskMemFree
CoInitializeSecurity

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegSetValueExW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlGetDeviceFamilyInfoEnum

api-ms-win-devices-query-l1-1-1

DevGetObjectPropertiesEx

api-ms-win-devices-query-l1-1-0

DevFreeObjectProperties

deviceassociation

DafCreateAssociationContext
DafStartFinalize
DafCloseAssociationContext
DafSelectCeremony

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UpgradeResultsUI.exe
.exe windows:10 windows x64 arch:x64

90adcc71d7bf97b035ff921842b4e130

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

UpgradeResultsUI.pdb

Imports

advapi32

RegCloseKey
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
EventSetInformation
EventRegister
EventUnregister
RegCreateKeyExW
EventWriteTransfer
EventActivityIdControl

kernel32

WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
GetModuleHandleExW
DeleteCriticalSection
SetEvent
GetProductInfo
CreateEventW
RaiseException
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
GetSystemInfo
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
VirtualProtect
VirtualQuery
FreeLibrary
LockResource
LoadResource
FindResourceExW
InitializeCriticalSectionAndSpinCount

user32

MsgWaitForMultipleObjects

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___stdio_common_vswprintf
_o___p__commode
_o__register_onexit_function
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoCreateInstance
CoTaskMemFree

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString

ntdll

RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcess
TerminateProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ole32

CoTaskMemAlloc

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UserAccountBroker.exe
.exe windows:10 windows x64 arch:x64

dbb7d8a71d753c694bb0ae94f3103e3a

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ca:68:04:a6:78:4b:55:2a:6e:60:b4:cd:e8:c5:71:cb:5a:5f:e6:21:18:d9:a5:75:cd:5c:74:4d:53:b2:fd:c6
Signer

Actual PE Digest

ca:68:04:a6:78:4b:55:2a:6e:60:b4:cd:e8:c5:71:cb:5a:5f:e6:21:18:d9:a5:75:cd:5c:74:4d:53:b2:fd:c6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

UserAccountBroker.pdb

Imports

kernel32

InitOnceExecuteOnce
RegisterWaitForSingleObject
UnregisterWait
GetProcessId
EncodePointer
GetCurrentThreadId
OpenEventW
OpenProcess
CreateEventW
GetLastError
ReleaseSRWLockExclusive
SetEvent
AcquireSRWLockExclusive
CloseHandle
ReleaseSRWLockShared
DecodePointer
AcquireSRWLockShared
GetCurrentProcessId

user32

GetMessageW
GetWindowThreadProcessId
PostThreadMessageW
DispatchMessageW
TranslateMessage

msvcrt

__CxxFrameHandler3
_commode
_fmode
_wcmdln
__C_specific_handler
_lock
_unlock
_onexit
?terminate@@YAXXZ
_initterm
__setusermatherr
_cexit
_exit
_callnewh
exit
__dllonexit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
free
_get_errno
_set_errno
malloc
memcpy_s
_vsnwprintf
_purecall
memset

api-ms-win-core-com-l1-1-0

CoReleaseServerProcess
CoAddRefServerProcess
CoTaskMemAlloc
CoWaitForMultipleHandles
CoUninitialize
CoRevokeClassObject
CoInitializeEx
CoTaskMemRealloc
CoResumeClassObjects
CoGetCallContext
CoCreateInstance
CoRegisterClassObject
CoTaskMemFree

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsIsStringEmpty
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoRegisterActivationFactories
RoInitialize
RoRevokeActivationFactories

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess
GetCurrentProcess

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
CreateSemaphoreExW
WaitForSingleObject
ReleaseSemaphore
ReleaseMutex
OpenSemaphoreW
CreateMutexExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

shlwapi

ord615

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UserAccountControlSettings.exe
.exe windows:10 windows x64 arch:x64

4cb428ea5435ab24950564cae31e39eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

UserAccountControlSettings.pdb

Imports

advapi32

GetTokenInformation
DuplicateToken
CheckTokenMembership
OpenProcessToken
CreateWellKnownSid

kernel32

CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
GetCommandLineW
GetCurrentProcess
ReleaseSemaphore
GetModuleHandleExW
CompareStringOrdinal
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
GetModuleFileNameA
OutputDebugStringW
CloseThreadpoolTimer
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
LoadLibraryW
HeapAlloc
GetProcAddress
CreateMutexExW
LocalFree
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
FreeLibrary
DebugBreak
IsDebuggerPresent
DelayLoadFailureHook
ReleaseSRWLockExclusive
ResolveDelayLoadedAPI

user32

DestroyWindow
GetMonitorInfoW
LoadStringW
SetWindowPos
SetForegroundWindow
GetCursorPos
MonitorFromPoint

msvcrt

_cexit
__setusermatherr
memcmp
_initterm
_exit
_onexit
__dllonexit
_unlock
__wgetmainargs
__set_app_type
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
exit
_amsg_exit
_XcptFilter
memmove_s
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
memset

shlwapi

ord240
ord278

api-ms-win-core-com-l1-1-0

CoInitializeEx
StringFromGUID2
CoUninitialize

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

ntdll

NtQueryInformationToken

ole32

CoGetObject
CoAllowSetForegroundWindow

shell32

CommandLineToArgvW

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UserDataSource.exe
.exe windows:10 windows x64 arch:x64

7b6ec7dd5a7883d47c04cc49accc2ff7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

UserDataSource.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm_e
_c_exit
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o___stdio_common_vsnwprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
GetModuleHandleW

rpcrt4

RpcServerUseProtseqEpW
RpcServerRegisterIf3
RpcServerListen
RpcBindingVectorFree
UuidFromStringW
NdrServerCall2
NdrServerCallAll
RpcObjectSetType
RpcServerUnregisterIf
RpcEpRegisterW
RpcServerInqBindings
RpcMgmtStopServerListening

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
CreateEventExW
CreateMutexExW
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
ReleaseSemaphore
SetEvent
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemAlloc
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
CLSIDFromString

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-winrt-l1-1-0

RoInitialize

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UsoClient.exe
.exe windows:10 windows x64 arch:x64

a40f17f79a678c824519ce2ed81a298d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

UsoClient.pdb

Imports

msvcp_win

?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm_e
_c_exit
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__callnewh
memmove
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o____lc_codepage_func
__std_terminate
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
LoadLibraryExW
FreeLibrary

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
CreateMutexExW
CreateSemaphoreExW
WaitForSingleObject
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetStartupInfoW
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageA
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileAttributesExW

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UtcDecoderHost.exe
.exe windows:10 windows x64 arch:x64

5ca505e7133f92d24cd7a97f617def7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

UtcDecoderHost.pdb

Imports

msvcp_win

?uncaught_exception@std@@YA_NXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?_Xout_of_range@std@@YAXPEBD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@G@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGD@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?wcout@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset
strcspn

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm
_initterm_e
_c_exit

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsnicmp
_o__wcstoui64
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_terminate
_o_tolower
_o_towlower
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o___p__commode
_o___p___wargv
_o___p___argc
_o___stdio_common_vswprintf
_o___acrt_iob_func
_o___stdio_common_vsnprintf_s
__std_terminate
__CxxFrameHandler4
_o___stdio_common_vfwprintf
_o___std_exception_destroy
_o___std_exception_copy
memcmp
memcpy
__CxxFrameHandler3

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
CreateSemaphoreExW
InitializeCriticalSectionEx
ReleaseSemaphore
AcquireSRWLockShared
WaitForSingleObject
ReleaseMutex
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
OpenThreadToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

userenv

ExpandEnvironmentStringsForUserW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

rpcrt4

RpcServerRegisterIf3
RpcServerInqBindings
RpcEpUnregister
NdrServerCallAll
NdrServerCall2
RpcBindingVectorFree
RpcServerUseProtseqW
RpcServerUnregisterIfEx
RpcEpRegisterW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

oleaut32

SysStringLen
SysFreeString
SetErrorInfo

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Utilman.exe
.exe windows:10 windows x64 arch:x64

475cfa11c3d230cf7e2d0be8ff8012f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Utilman.pdb

Imports

advapi32

GetTokenInformation
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister
ConvertSidToStringSidW
ConvertStringSidToSidW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegDeleteValueW
RegEnumValueW
RegDeleteTreeW
RegEnumKeyExW
RegCreateKeyExW
RegGetValueW
TraceMessage
OpenProcessToken
RegLoadMUIStringW

kernel32

GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
ReleaseSemaphore
MulDiv
VirtualProtect
LoadLibraryExA
GetSystemInfo
VirtualQuery
GetModuleHandleExW
LeaveCriticalSection
InitializeCriticalSectionEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
HeapSize
HeapReAlloc
HeapDestroy
LoadLibraryW
InterlockedPushEntrySList
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
OpenProcess
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
LoadResource
DeleteProcThreadAttributeList
GetFileAttributesW
DeleteFileW
InitializeCriticalSection
InitOnceComplete
InitOnceBeginInitialize
SetThreadUILanguage
HeapSetInformation
Sleep
ExpandEnvironmentStringsW
ProcessIdToSessionId
CreateEventW
OpenEventW
GetProductInfo
LocalFree
OpenMutexW
WideCharToMultiByte
MultiByteToWideChar
RaiseException
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
GetProcAddress
HeapAlloc
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CloseThreadpoolTimer
OutputDebugStringW
ReleaseSRWLockExclusive
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
LockResource
CreateProcessW
WaitForThreadpoolTimerCallbacks
FindResourceExW
K32EnumProcesses
K32EnumProcessModules
K32GetModuleBaseNameW
CompareStringOrdinal
FreeLibrary
OpenJobObjectW
IsProcessInJob
OOBEComplete
GetLocaleInfoEx
GetThreadPreferredUILanguages
SizeofResource

user32

SetFocus
GetFocus
GetWindowRect
GetWindowLongW
AdjustWindowRectExForDpi
ShowWindow
DispatchMessageW
TranslateMessage
GetMessageW
PostQuitMessage
DestroyWindow
DefWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
MoveWindow
IsWindow
PostMessageW
RegisterClassExW
GetMonitorInfoW
GetDpiForWindow
SetForegroundWindow
SetWindowPos
SetTimer
KillTimer
LoadStringW
SetDesktopColorTransform
SendNotifyMessageW
GetWindowThreadProcessId
GetShellWindow
GetTaskmanWindow
UnregisterClassA
MonitorFromWindow
SystemParametersInfoW
GetKeyState
SendInput
GetUserObjectInformationW
CreateWindowExW
GetThreadDesktop

msvcp_win

?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Xbad_alloc@std@@YAXXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

api-ms-win-crt-string-l1-1-0

wcscspn
memmove_s
strncmp
wcscmp
memset
wcsspn

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__ltow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcslwr_s
_o__wtoi
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_memcpy_s
_o_realloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__std_terminate
__CxxFrameHandler4
wcsrchr
wcschr
wcsstr
memcmp
memcpy
_o__exit
memmove

ntdll

WinSqmAddToStream
RtlLookupFunctionEntry
RtlVirtualUnwind
NtQueryWnfStateData
WinSqmIsOptedIn
RtlCaptureContext

ole32

CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoInitialize
CoUninitialize
CoCreateFreeThreadedMarshaler

oleaut32

SysFreeString
SetErrorInfo
SysAllocString
GetErrorInfo
SysStringLen

shell32

ShellExecuteW

dwmapi

DwmSetWindowAttribute

Sections

.text
Size: 184KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VSSVC.exe
.exe windows:10 windows x64 arch:x64

bc0f5315eea41e76b544e9f6acfe1fee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

vssvc.pdb

Imports

msvcrt

_lock
_vscwprintf
__setusermatherr
_cexit
towupper
iswspace
wcsrchr
wcstoul
iswdigit
_vsnprintf
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
wcstok
_initterm
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
??0exception@@QEAA@AEBQEBD@Z
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
wcsstr
qsort
_beginthreadex
_errno
wcsncmp
_wcsicmp
_wcmdln
memcmp
_fmode
_commode
__CxxFrameHandler4
_wcsnicmp
wcscat_s
??0exception@@QEAA@XZ
memset
_vsnprintf_s
malloc
realloc
??0exception@@QEAA@AEBV0@@Z
free
memcpy_s
??1exception@@UEAA@XZ
_vsnwprintf
__C_specific_handler
_purecall
?terminate@@YAXXZ
wcscmp

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
OpenSemaphoreW
EnterCriticalSection
DeleteCriticalSection
CreateWaitableTimerExW
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
SetWaitableTimer
WaitForMultipleObjectsEx
ReleaseSemaphore
CancelWaitableTimer
CreateEventW
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSection
SetEvent
ReleaseMutex
CreateSemaphoreExW
CreateMutexExW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetErrorMode

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
SetThreadPriority
ResumeThread
OpenThread
TerminateProcess
GetStartupInfoW
GetCurrentThread
OpenProcessToken
GetCurrentProcess
CreateThread
OpenThreadToken

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect
VirtualAlloc

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetSystemInfo
GetSystemDirectoryW
GetVersionExW
GetSystemTimeAsFileTime
GetComputerNameExW
GetTickCount
GetTickCount64

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSetInformation
HeapAlloc
HeapFree

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
FreeLibrary
LoadStringW
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
LoadLibraryExW

api-ms-win-core-string-l2-1-0

CharPrevW
CharNextW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteTreeW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW

api-ms-win-core-string-obsolete-l1-1-0

lstrcpynW
lstrcmpiW

ntdll

RtlNtStatusToDosError
EtwTraceMessage
NtThawRegistry
NtFreezeRegistry
NtQueryInformationProcess
RtlAdjustPrivilege
NtClose
NtCreateSymbolicLinkObject
RtlInitUnicodeString
NtThawTransactions
NtFreezeTransactions
NtQuerySystemInformation
RtlNtStatusToDosErrorNoTeb
NtQueryVolumeInformationFile
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetEnvironmentVariableW
GetCommandLineW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-file-l1-1-0

DefineDosDeviceW
GetVolumeInformationW
FindFirstVolumeW
FindNextVolumeW
CreateFileW
ReadFile
DeleteFileW
GetDriveTypeW
FindFirstFileW
FindNextFileW
GetFileAttributesW
WriteFile
SetFileAttributesW
CreateDirectoryW
FindClose
FindVolumeClose
GetDiskFreeSpaceW
FlushFileBuffers
DeleteVolumeMountPointW
QueryDosDeviceW
GetVolumePathNameW

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

api-ms-win-security-base-l1-1-0

InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AllocateAndInitializeSid
AddAccessAllowedAce
GetLengthSid
CreateWellKnownSid
EqualDomainSid
GetSidSubAuthorityCount
AccessCheck
IsValidSid
AddAccessAllowedAceEx
AddAccessDeniedAceEx
AddAce
GetAce
GetAclInformation
SetSecurityDescriptorGroup
CopySid
SetSecurityDescriptorOwner
EqualSid
FreeSid
AdjustTokenPrivileges
PrivilegeCheck
CheckTokenMembership
DuplicateToken
GetTokenInformation

api-ms-win-core-kernel32-legacy-l1-1-1

SetVolumeMountPointW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventRegister
EventUnregister

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

vssapi

CreateVssSnapshotSetDescription
CreateWriter
VssFreeSnapshotPropertiesInternal
LoadVssSnapshotSetDescription
CreateWriterEx

vsstrace

ord4
ord8
ord1
ord2
ord5
ord9
ord7
ord11
ord6
ord3
ord10

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-util-l1-1-0

EncodePointer

Sections

.text
Size: 972KB - Virtual size: 970KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 376KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VaultCmd.exe
.exe windows:10 windows x64 arch:x64

423e299df33b8039596ff81ae53c9ca4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

VaultCmd.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o__wcsicmp
_o__wsetlocale
_o__wtoi
_o_exit
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___p__commode
_o___p___wargv
_o___p___argc
_o___stdio_common_vswprintf
_o___acrt_iob_func
_o___stdio_common_vfwprintf
wcsstr

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-security-base-l1-1-0

FreeSid

api-ms-win-security-credentials-l1-1-0

CredMarshalCredentialW
CredFree

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

crypt32

CryptStringToBinaryW

userenv

ord211

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleHandleW
GetProcAddress
LoadLibraryExW

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-file-l1-1-0

WriteFile

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

vaultcli

VaultGetItemType
VaultEnumerateItems
VaultRemoveItem
VaultEnumerateVaults
VaultFree
VaultAddItem
VaultOpenVault
VaultGetInformation
VaultEnumerateItemTypes
VaultCloseVault

ntdll

RtlGUIDFromString
RtlNtStatusToDosError

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VoiceAccess.exe
.exe windows:10 windows x64 arch:x64

1887119f79454a4adc99d16b0e7ac69e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

VoiceAccess.pdb

Imports

advapi32

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer
GetTokenInformation
EqualSid
RegSetKeyValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW

kernel32

EnterCriticalSection
ReleaseSemaphore
GetModuleHandleExW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
InitOnceComplete
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
HeapAlloc
GetProcAddress
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
RaiseException
GetCommandLineW
LocalFree
InitializeCriticalSection
MultiByteToWideChar
WideCharToMultiByte
InitOnceBeginInitialize
SetLastError
HeapFree
GetModuleFileNameA
LoadLibraryW
InterlockedPushEntrySList
CreateSemaphoreExW

user32

SendInput
GetKeyState
SystemParametersInfoW
GetWindowThreadProcessId
GetUserObjectInformationW
GetThreadDesktop
SendNotifyMessageW
SetDesktopColorTransform
GetShellWindow
UnregisterClassA
PostThreadMessageW

msvcp_win

??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?_Xlength_error@std@@YAXPEBD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Xbad_alloc@std@@YAXXZ
_Thrd_id
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??Bid@locale@std@@QEAA_KXZ
?id@?$ctype@G@std@@2V0locale@2@A
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?widen@?$ctype@G@std@@QEBAGD@Z
?width@ios_base@std@@QEBA_JXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QEBA_NXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?flags@ios_base@std@@QEBAHXZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?width@ios_base@std@@QEAA_J_J@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

api-ms-win-crt-string-l1-1-0

wcsspn
memmove_s
memset
wcscmp
strncmp
wcscspn

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__ltow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcslwr_s
_o__wtoi
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_memcpy_s
_o_realloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
wcsstr
__std_terminate
__CxxFrameHandler4
_o___std_exception_destroy
_o___std_exception_copy
_o___stdio_common_vsnprintf_s
_o___p__commode
wcschr
wcsrchr
memcmp
memcpy
memmove

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
WinSqmIsOptedIn
WinSqmAddToStream
RtlCaptureContext

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoTaskMemFree

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
DeleteProcThreadAttributeList
CreateProcessW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
GetStartupInfoW
OpenProcessToken
ProcessIdToSessionId

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-synch-l1-1-0

CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
OpenMutexW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
LockResource
SizeofResource
FreeLibrary
LoadResource

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCreateKeyExW
RegDeleteTreeW
RegSetValueExW
RegEnumKeyExW
RegLoadMUIStringW
RegCloseKey
RegEnumValueW
RegOpenKeyExW
RegGetValueW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
CheckTokenMembership
FreeSid

api-ms-win-core-job-l2-1-0

OpenJobObjectW

api-ms-win-core-job-l1-1-0

IsProcessInJob

sspicli

GetUserNameExW

api-ms-win-oobe-notification-l1-1-0

OOBEComplete

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l1-1-0

GetFileAttributesW
DeleteFileW

api-ms-win-core-psapi-l1-1-0

K32EnumProcesses
K32EnumProcessModules
K32GetModuleBaseNameW

oleaut32

SysFreeString
SysStringLen
SysAllocString
SetErrorInfo
GetErrorInfo

api-ms-win-appmodel-runtime-internal-l1-1-7

AddDependencyToProcessPackageGraph

shell32

ShellExecuteW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapSize
HeapDestroy

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WMPDMC.exe
.exe windows:10 windows x64 arch:x64

b05970a2036f113516c6b518401a624b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WMPDMC.pdb

Imports

advapi32

EventWriteTransfer
TraceMessage
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
EventRegister
EventUnregister
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
TraceEvent

kernel32

GetCurrentThreadId
HeapSetInformation
RegisterApplicationRestart
ReleaseActCtx
EnterCriticalSection
LeaveCriticalSection
GetProcessHeap
HeapAlloc
HeapFree
RaiseException
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
GetLastError
GlobalLock
GetTickCount
SizeofResource
LockResource
LoadResource
FindResourceExW
PowerClearRequest
CreateEventW
OpenEventW
CompareStringOrdinal
SetEvent
Sleep
DuplicateHandle
GetCurrentProcess
CreateThread
PowerCreateRequest
PowerSetRequest
GlobalUnlock
MulDiv
TryEnterCriticalSection
TlsFree
ResetEvent
lstrcmpiW
HeapSize
HeapReAlloc
HeapDestroy
CompareStringW
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
lstrlenW
lstrlenA
GetVersionExW
FindResourceW
GetDurationFormatEx
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
RegGetValueW
TlsGetValue
AddAtomW
DeleteAtom
GetAtomNameW
FreeLibraryAndExitThread
GetThreadLocale
GetThreadUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
SetProcessWorkingSetSizeEx
FindAtomW
GetSystemDirectoryW
GetVersion
TlsAlloc
TlsSetValue
InitializeSRWLock
CreateEventExW
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeCriticalSectionAndSpinCount
LocalAlloc
QueryPerformanceFrequency
GetTickCount64
LCIDToLocaleName
InitializeCriticalSectionEx
GetThreadPreferredUILanguages
InitOnceExecuteOnce
SetThreadPreferredUILanguages
VirtualQueryEx
GetModuleFileNameA
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
MapViewOfFile
UnmapViewOfFile
ReleaseSemaphore
WaitForSingleObjectEx
CreateSemaphoreW
DeactivateActCtx
VirtualQuery
DebugBreak
GetModuleHandleW
ResolveDelayLoadedAPI
DelayLoadFailureHook
LoadLibraryExW
CreateMutexW
LocalFree
FormatMessageW
FreeLibrary
SetErrorMode
GlobalFree
GlobalAlloc
WaitForMultipleObjects
OutputDebugStringA
QueryActCtxW
GetModuleHandleExW
GetModuleFileNameW
CreateActCtxW
FindActCtxSectionStringW
ActivateActCtx
GetProcAddress
SetLastError
LoadLibraryW

gdi32

GetLayout
SetTextAlign
GetTextAlign
GetCurrentObject
SetTextColor
SetBkColor
SetBkMode
PatBlt
StretchDIBits
GetStockObject
SetDCBrushColor
CreateSolidBrush
SetStretchBltMode
PlayEnhMetaFile
GdiGradientFill
SelectClipRgn
GetTextColor
GdiTransparentBlt
SetPixel
CreatePatternBrush
GetTextExtentPoint32W
CreateHalftonePalette
SelectPalette
RealizePalette
GetBrushOrgEx
SetBrushOrgEx
GetDIBits
GetBkMode
OffsetWindowOrgEx
SetWindowOrgEx
RectVisible
GetRegionData
ExtCreateRegion
CombineRgn
OffsetRgn
GetRgnBox
CreateFontIndirectW
CreateDIBPatternBrushPt
SetLayout
LPtoDP
GetBkColor
GetTextMetricsW
GetDCBrushColor
GetTextExtentPointW
GetClipRgn
CreateRectRgn
DeleteEnhMetaFile
GetPixel
ExtTextOutW
IntersectClipRect
StretchBlt
CreateBitmap
CreateCompatibleBitmap
GetDeviceCaps
Polyline
CreatePen
DeleteDC
GdiAlphaBlend
DeleteObject
GetObjectW
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt

user32

CharUpperW
GetWindowTextW
GetWindowTextLengthW
SetRect
GetIconInfo
DestroyIcon
CreateIconIndirect
GetGUIThreadInfo
IntersectRect
DrawTextW
InflateRect
DrawFrameControl
MapVirtualKeyW
GetKeyNameTextW
DrawIconEx
DrawFocusRect
SetWindowLongW
MonitorFromWindow
EnumChildWindows
IsCharAlphaNumericW
GetDpiForSystem
RegisterWindowMessageW
SetFocus
GetFocus
SetPropW
UnregisterPowerSettingNotification
IsChild
GetAncestor
GetPropW
RemovePropW
CallWindowProcW
SetParent
GetClassLongW
UpdateWindow
GetWindowRgnBox
SetWindowRgn
RedrawWindow
EnableWindow
GetScrollInfo
SetScrollInfo
LoadStringW
GetDpiForWindow
MoveWindow
SubtractRect
LoadImageW
RegisterClassExW
DefWindowProcW
GetClassInfoExW
TranslateAcceleratorW
PeekMessageW
LoadAcceleratorsW
ChangeWindowMessageFilterEx
SetProcessDPIAware
SendMessageTimeoutW
FindWindowW
CharNextW
IsIconic
GetClassNameW
GetDesktopWindow
GetWindowThreadProcessId
IsWindowVisible
GetWindow
SystemParametersInfoW
SetWindowLongPtrW
GetWindowLongPtrW
MapWindowPoints
PostQuitMessage
DestroyWindow
GetParent
SetWindowPos
GetWindowLongW
AdjustWindowRectEx
GetClientRect
GetMonitorInfoW
MonitorFromRect
BringWindowToTop
mouse_event
GetForegroundWindow
SetForegroundWindow
SetWindowTextW
DispatchMessageW
TranslateMessage
IsDialogMessageW
SendMessageW
UnhookWindowsHookEx
CallNextHookEx
ShowWindow
CreateDialogParamW
GetActiveWindow
GetKeyState
UnionRect
DestroyMenu
TrackPopupMenu
GetSubMenu
EnableMenuItem
CharUpperA
CreateWindowExW
LoadMenuW
ScreenToClient
CopyRect
EqualRect
InvalidateRect
OffsetRect
IsRectEmpty
GetSystemMetrics
PostThreadMessageW
IsWindow
PtInRect
GetWindowRect
KillTimer
SetTimer
ClientToScreen
LoadCursorW
UnregisterClassA
SetCursor
PostMessageW
SetRectEmpty
GetSysColor
FrameRect
GetSysColorBrush
FillRect
GetCursorPos
GetDoubleClickTime
RegisterClipboardFormatW
ReleaseDC
GetDC
NotifyWinEvent
SetWindowsHookExW

api-ms-win-crt-string-l1-1-0

wcscmp
memset
wcsspn
strnlen
wcspbrk
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsdup
_o__wcsicmp
_o__wcsnicmp
_o__wcstoui64
_o__wtof
_o__wtol
_o__initialize_onexit_table
_o_calloc
_o_ceilf
_o_cosf
_o_exit
_o_expf
_o_floor
_o_floorf
_o_free
_o_iswalnum
_o_iswalpha
_o_iswdigit
_o_iswspace
_o_malloc
_o_memcpy_s
_o_powf
_o_qsort
_o_realloc
_o_sin
_o_sqrt
_o_strncpy_s
_o_terminate
_o_wcsncpy_s
_o_wcstok_s
_o_wcstol
__current_exception
__current_exception_context
__CxxFrameHandler3
_o__get_wide_winmain_command_line
wcsstr
wcschr
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___p__commode
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_CxxThrowException
__C_specific_handler_noexcept
memcmp
memcpy
memmove

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

oleaut32

SafeArrayGetDim
SafeArrayGetVartype
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayGetElement
VariantCopy
VarBstrCmp
SafeArrayUnaccessData
VarUI4FromStr
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreate
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SysStringLen
VariantInit
SysAllocString
VariantClear
SysFreeString

ole32

CoCreateInstance
CoTaskMemAlloc
PropVariantClear
CoInitializeEx
CoUninitialize
CLSIDFromString
CoGetApartmentType
ReleaseStgMedium
OleUninitialize
OleInitialize
CoTaskMemRealloc
CreateStreamOnHGlobal
RevokeDragDrop
RegisterDragDrop
CoWaitForMultipleHandles
CoTaskMemFree
StringFromGUID2
CoDisconnectObject
CoCreateGuid

gdiplus

GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromStream
GdipSetInterpolationMode
GdipCreateImageAttributes
GdipGetImageWidth
GdipDrawImageRectRectI
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDeleteGraphics
GdipDisposeImageAttributes
GdipCreateBitmapFromHICON
GdiplusShutdown
GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdipGetImageHeight
GdipSetImageAttributesWrapMode
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext

uxtheme

GetThemeAnimationProperty
GetThemeAnimationTransform
BufferedPaintUnInit
IsAppThemed
BeginBufferedPaint
GetBufferedPaintBits
BufferedPaintClear
EndBufferedPaint
ord47
DrawThemeTextEx
GetThemePartSize
GetThemeAppProperties
GetThemeMetric
GetThemeColor
GetThemeFont
GetThemeMargins
OpenThemeData
CloseThemeData
BufferedPaintInit
GetThemeBackgroundExtent

wmpdui

SetGadgetFocusEx
GetGadgetStyle
CustomGadgetHitTestQuery
FindGadgetFromPoint
GetGadgetTicket
MapGadgetPoints
GetGadgetFlags
GetGadgetSize
SetGadgetRootInfo
DisableContainerHwnd
InvalidateLayeredDescendants
LookupGadgetTicket
GetStdColorBrushI
GetStdColorI
GetDUserModule
FindStdColor
InitGadgets
DUserFlushMessages
DUserFlushDeferredMessages
SetWindowResizeFlag
GadgetTransCompositionChanged
SetGadgetBufferInfo
GetGadget
BuildAnimation
ForwardGadgetMessage
DetachWndProc
GetGadgetRgn
CreateAction
EnsureGadgetTransInitialized
GetGadgetLayerInfo
DetachGadgetVisuals
SetGadgetLayerInfo
ReleaseDetachedObjects
ReleaseLayeredRef
AddLayeredRef
SetGadgetFlags
GetGadgetVisual
SetGadgetOrder
SetTransitionVisualProperties
DestroyPendingDCVisuals
ChangeCurrentAnimationScenario
GetGadgetRootInfo
GetCachedDWriteRenderTarget
CacheDWriteRenderTarget
ReleaseMouseCapture
AdjustClipInsideRef
DUserStopPVLAnimation
BuildInterpolation
SetGadgetFocus
GetGadgetRect
DUserPostEvent
DUserSendEvent
CreateGadget
DeleteHandle
InvalidateGadget
SetGadgetRect
GetGadgetAnimation
SetGadgetMessageFilter
GetMessageExW
SetGadgetParent
SetGadgetStyle
AttachWndProcW
UtilDrawBlendRect
GetGadgetFocus

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsDuplicateString
WindowsIsStringEmpty
WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsCompareStringOrdinal
WindowsGetStringLen

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError

api-ms-win-crt-math-l1-1-0

_isnan

api-ms-win-core-path-l1-1-0

PathCchAppend

oleacc

GetRoleTextW
ObjectFromLresult
CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

dwmapi

DwmIsCompositionEnabled
DwmRenderGesture
DwmTetherContact

windowscodecs

WICCreateImagingFactory_Proxy

api-ms-win-shcore-scaling-l1-1-0

RegisterScaleChangeNotifications
GetScaleFactorForDevice
RevokeScaleChangeNotifications

api-ms-win-shcore-scaling-l1-1-1

GetScaleFactorForMonitor

Sections

.text
Size: 908KB - Virtual size: 906KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 324KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WPDShextAutoplay.exe
.exe windows:10 windows x64 arch:x64

830cecc767465c4348caddd4e40855e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WPDShextAutoplay.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
TraceMessage

kernel32

SetEvent
GetVersion
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetLastError
CompareStringW
CreateProcessW
SizeofResource
LockResource
LoadResource
FindResourceExW
CreateEventW
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
RaiseException
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleW
HeapDestroy
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW

user32

UnregisterClassA
FindWindowW
SendMessageW

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vswprintf
_o___stdio_common_vswprintf_s
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcstok
_o_wmemcpy_s
__C_specific_handler
__current_exception
__current_exception_context
wcschr
__std_terminate
__CxxFrameHandler4
_o___p__commode
_CxxThrowException
memcpy
memmove

ntdll

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

oleaut32

SysFreeString
SysAllocString

shlwapi

StrRStrIW

ole32

CLSIDFromString
CreateBindCtx
CoCreateInstance
CoRegisterClassObject
CoRevokeClassObject
CoInitializeEx
CoUninitialize

setupapi

SetupDiOpenDeviceInterfaceW
SetupDiDestroyDeviceInfoList
SetupDiOpenDevRegKey
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceAlias
SetupDiGetClassDevsExW

shell32

ord155
ShellExecuteExW
SHParseDisplayName

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WSCollect.exe
.exe windows:10 windows x64 arch:x64

9f02a366d38804e1f04b39c5385f776c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WSCollect.pdb

Imports

kernel32

HeapFree
CreateEventExW
WriteFile
GetModuleHandleExW
CreateFileW
GetLastError
SetEvent
CloseHandle
RaiseException
HeapAlloc
GetLocalTime
GetProcAddress
GetProcessHeap
GetTickCount

msvcrt

_vsnwprintf
_purecall
_XcptFilter
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
__CxxFrameHandler3
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
printf

shlwapi

PathAppendW

shell32

SHGetKnownFolderPath

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoInitialize
RoUninitialize

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles
CoTaskMemAlloc

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WSManHTTPConfig.exe
.exe windows:10 windows x64 arch:x64

031182968584c829b86d19eb15364008

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WSManHTTPConfig.pdb

Imports

msvcrt

_unlock
_lock
??1type_info@@UEAA@XZ
__iob_func
__dllonexit
_onexit
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_purecall
_wcsicmp
fwprintf
__CxxFrameHandler4
memset

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
TraceMessage
GetTraceEnableLevel
RegisterTraceGuidsW
GetTraceEnableFlags

oleaut32

SysFreeString
SysAllocString

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoCreateInstance

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
StartServiceW
CloseServiceHandle

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfig2W

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

wsmsvc

UninstallMigration
RemovePluginXmlNewAttrForThresholdOrGreater
??1CErrorContext@@UEAA@XZ
??0CErrorContext@@QEAA@_N@Z
??1OnHTTPInitialize@@QEAA@XZ
??0OnHTTPInitialize@@QEAA@XZ
?GetErrorCode@CErrorContext@@UEBAKXZ
??1?$AutoDeleteVector@E@@QEAA@XZ
??0?$AutoDeleteVector@E@@QEAA@XZ
HandleMigration
MoveSettingsToMigrationKey
WSManError
??1CWSManCriticalSection@@QEAA@XZ
?Alloc@WSManMemory@@SAPEAX_KHW4_NitsFaultMode@@@Z
?Free@WSManMemory@@SAXPEAXH@Z
??4?$AutoDeleteVector@E@@QEAAAEAV0@PEAE@Z

Exports

Exports

??0?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAA@XZ
??0?$SafeMap_Iterator@VKey@Locale@@K@@QEAA@AEAV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@_N@Z
??0?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAA@AEBV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@_N@Z
??1?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAA@XZ
??1?$SafeMap_Iterator@VKey@Locale@@K@@QEAA@XZ
??1?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAA@XZ
??1CWSManCriticalSectionWithConditionVar@@QEAA@XZ
??_7?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@6B@
?Acquire@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UEBAXXZ
?Acquire@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAAXXZ
?Acquired@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAA_NXZ
?AsReference@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAAAEAV1@XZ
?Data@?$SafeMap_Iterator@VKey@Locale@@K@@IEBAAEAV?$STLMap@VKey@Locale@@K@@XZ
?DeInitialize@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UEAA_NAEAVIRequestContext@@@Z
?GetInitError@CWSManCriticalSection@@QEBAKXZ
?GetMap@?$SafeMap_Iterator@VKey@Locale@@K@@QEBAAEAV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@XZ
?GetMap@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEBAAEBV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@XZ
?Initialize@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UEAA_NAEAVIRequestContext@@@Z
?IsValid@?$SafeMap_Iterator@VKey@Locale@@K@@QEBA_NXZ
?Release@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UEBAXXZ
?Reset@?$SafeMap_Iterator@VKey@Locale@@K@@QEAAXXZ
?SkipOrphans@?$SafeMap_Iterator@VKey@Locale@@K@@IEAAXXZ

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WSReset.exe
.exe windows:10 windows x64 arch:x64

1fc4cb53a2206655892168907d8c326b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WSReset.pdb

Imports

advapi32

EventUnregister
EventRegister
EventWrite
RegEnumValueW
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey

kernel32

HeapFree
HeapAlloc
GetProcessHeap
FindFirstFileW
CreateEventExW
FindNextFileW
GetModuleHandleExW
RemoveDirectoryW
FindClose
GetLastError
SetEvent
DeleteFileW
CloseHandle
RaiseException
LoadLibraryW
GetProcAddress
FreeLibrary
GetTickCount
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
UnhandledExceptionFilter

msvcrt

_amsg_exit
exit
_exit
wcsrchr
__set_app_type
_XcptFilter
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
__CxxFrameHandler3
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
printf
_purecall
system
_wcsicmp
_vsnwprintf
__wgetmainargs
_cexit
memset

ole32

CoWaitForMultipleHandles
CoTaskMemFree
CoCreateFreeThreadedMarshaler

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoActivateInstance
RoInitialize

shell32

ShellExecuteExW
SHGetKnownFolderPath

wevtapi

EvtClearLog

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WUDFCompanionHost.exe
.exe windows:10 windows x64 arch:x64

e4735dcee461268895e8fbe34d25309f

Code Sign

33:00:00:04:0c:12:00:67:8b:16:b2:65:db:00:00:00:00:04:0c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/01/2023, 19:22

Not After

15/12/2023, 19:22

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

26:5d:f9:a5:16:f5:73:88:b6:0d:b0:85:67:5d:a3:34:ff:00:de:20:8b:42:43:a3:04:a4:a5:d8:65:55:78:ab
Signer

Actual PE Digest

26:5d:f9:a5:16:f5:73:88:b6:0d:b0:85:67:5d:a3:34:ff:00:de:20:8b:42:43:a3:04:a4:a5:d8:65:55:78:ab

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WUDFCompanionHost.pdb

Imports

api-ms-win-core-crt-l1-1-0

__C_specific_handler
wcsstr
memcpy
_wcsicmp
wcstoul
_wcsnicmp
_wcslwr_s
wcscspn
iswdigit
iswalnum
_vsnwprintf_s
memset
wcsncmp

api-ms-win-core-crt-l2-1-0

exit
_initterm_e
_purecall
wprintf
__dllonexit3
__wgetmainargs
_onexit
_initterm

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceLoggerHandle
GetTraceEnableLevel
TraceMessage

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapFree
GetProcessHeap
HeapAlloc

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW
UuidFromStringW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemInfo
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
LoadLibraryExA
GetProcAddress

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
SetThreadpoolThreadMinimum
WaitForThreadpoolWaitCallbacks
CreateThreadpoolCleanupGroup
SetThreadpoolWait
CloseThreadpoolWait
CreateThreadpoolWait
CreateThreadpool
SetThreadpoolThreadMaximum
CloseThreadpool

api-ms-win-core-synch-l1-1-0

WaitForMultipleObjectsEx
CreateWaitableTimerExW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetWaitableTimer
ReleaseSRWLockExclusive
WaitForSingleObject
CreateEventW
AcquireSRWLockExclusive
CancelWaitableTimer
ReleaseSemaphore
TryEnterCriticalSection
ResetEvent
EnterCriticalSection
SetEvent
CreateSemaphoreExW
LeaveCriticalSection

api-ms-win-core-file-l1-1-0

GetFullPathNameW
GetLongPathNameW
WriteFile
GetFileSizeEx
CreateFileW
DeleteFileW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
VirtualProtect
VirtualQuery
MapViewOfFile

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
GetCurrentProcessId
CreateThread
TerminateProcess
GetCurrentThreadId
TlsAlloc
GetProcessId
GetCurrentProcess
TlsFree

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

RtlInitUnicodeString
DbgPrintEx
RtlNtStatusToDosError
AlpcGetMessageAttribute
NtCreateDirectoryObject
NtClose
NtAlpcDeletePortSection
NtAlpcDeleteResourceReserve
NtAlpcConnectPort
NtAlpcCancelMessage
NtAlpcCreateResourceReserve
NtAlpcCreateSectionView
RtlVerifyVersionInfo
NtAlpcCreateSecurityContext
NtAlpcDeleteSectionView
NtAlpcAcceptConnectPort
AlpcInitializeMessageAttribute
NtAlpcCreatePort
NtAlpcDeleteSecurityContext
NtAlpcSetInformation
NtAlpcDisconnectPort
NtAlpcSendWaitReceivePort
NtAlpcCreatePortSection
DbgBreakPoint
NtQuerySystemInformation
vDbgPrintEx
LdrEnumerateLoadedModules
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAce
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlCreateServiceSid
NtAlpcImpersonateClientOfPort

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-security-base-l1-1-0

CreateWellKnownSid

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

Exports

Exports

Microsoft_WDF_UMDF_Version
__ImagePolicyMetadata

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tPolicy
Size: 4KB - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WUDFHost.exe
.exe windows:10 windows x64 arch:x64

fbb1e8290f0b168cec3d026f11d7e449

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WUDFHost.pdb

Imports

api-ms-win-core-crt-l1-1-0

wcsrchr
wcscat_s
_vsnprintf_s
wcsstr
wcsncpy_s
wcscpy_s
__C_specific_handler
_vsnwprintf_s
_wcsicmp
memcpy
memset
wcstoul
_wcsnicmp
wcsncmp

api-ms-win-core-crt-l2-1-0

__wgetmainargs
_purecall
exit
_initterm_e
_initterm
__dllonexit3
_onexit

ntdll

RtlInitUnicodeString
DbgPrintEx
RtlSetIoCompletionCallback
VerSetConditionMask
RtlVerifyVersionInfo
NtQueryInformationFile
RtlNtStatusToDosError
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
NtSetInformationFile

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceLoggerHandle
GetTraceEnableLevel
UnregisterTraceGuids

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TlsGetValue
TerminateProcess
CreateThread
TlsFree
GetCurrentThread
TlsAlloc
GetCurrentThreadId
TlsSetValue
GetCurrentProcessId

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-sysinfo-l1-2-0

GetOsSafeBootMode

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-heap-l1-1-0

HeapSetInformation
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo
GetSystemDirectoryW
GetTickCount

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CLSIDFromString

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
ReleaseSRWLockExclusive
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
CreateEventW
EnterCriticalSection
SetEvent
AcquireSRWLockExclusive
WaitForSingleObject
WaitForMultipleObjectsEx

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
SetEnvironmentVariableW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryExW
LoadLibraryExA

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWait
SetThreadpoolThreadMinimum
CreateThreadpoolCleanupGroup
CloseThreadpool
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CreateThreadpool
SetThreadpoolThreadMaximum
SetThreadpoolWait

api-ms-win-core-file-l1-1-0

ReadFile
CreateFileW
GetFileSizeEx
WriteFile
FlushFileBuffers

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
VirtualProtect
VirtualQuery

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-namedpipe-l1-1-0

WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl

api-ms-win-security-base-l1-1-0

RevertToSelf

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

wudfplatform

WudfWaitForDebugger
WudfDebugBreakPoint
WudfIsUserDebuggerPresent
GetAndInitializePlatformObject
InitializePlatformLibrary
WdfGetLpcInterface
SetPlatformErrorReportingCallbacks
ShutdownPlatformLibrary
WudfIsKernelDebuggerPresent

Exports

Exports

Microsoft_WDF_UMDF_Version

Sections

.text
Size: 208KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WWAHost.exe
.exe windows:10 windows x64 arch:x64

e519beed39f596dd72563b6c3346d9c1

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d6:bc:4e:23:55:36:af:68:ba:cd:c5:5d:26:17:50:e6:f1:ce:5e:0d:66:02:8c:59:0f:d0:a9:ae:22:2d:d0:4e
Signer

Actual PE Digest

d6:bc:4e:23:55:36:af:68:ba:cd:c5:5d:26:17:50:e6:f1:ce:5e:0d:66:02:8c:59:0f:d0:a9:ae:22:2d:d0:4e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WWAHost.pdb

Imports

msvcrt

??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_XcptFilter
_amsg_exit
??1type_info@@UEAA@XZ
wcsstr
realloc
wcschr
__setusermatherr
free
_initterm
__C_specific_handler
_unlock
??1exception@@UEAA@XZ
memmove_s
__CxxFrameHandler4
strchr
_wcsicmp
wcsncmp
_purecall
__set_app_type
_cexit
_vsnprintf_s
memcpy
memmove
_fmode
__getmainargs
_itow_s
_CxxThrowException
malloc
floorf
_commode
_lock
__dllonexit
_vsnwprintf
_onexit
exit
memcmp
memcpy_s
?terminate@@YAXXZ
_exit
memset
wcscmp

api-ms-win-appmodel-runtime-internal-l1-1-0

GetCurrentPackageApplicationContext
GetCurrentPackageContext
GetPackageApplicationPropertyString
GetPackagePropertyString
GetPackageOSMaxVersionTested
GetPackageProperty

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpICW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
LoadStringW
GetModuleHandleExA
GetModuleHandleExW
FreeLibrary
GetModuleFileNameW
LoadLibraryExW
GetProcAddress

api-ms-win-core-synch-l1-1-0

SleepEx
ReleaseMutex
ResetEvent
WaitForSingleObject
SetEvent
AcquireSRWLockShared
ReleaseSRWLockShared
WaitForMultipleObjectsEx
WaitForSingleObjectEx
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
ReleaseSemaphore
CreateEventExW
OpenSemaphoreW
AcquireSRWLockExclusive
CreateEventW
CreateSemaphoreExW
ReleaseSRWLockExclusive
InitializeCriticalSection
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
ExitProcess
GetCurrentProcess
TerminateProcess
CreateThread
GetCurrentThread
OpenProcessToken
GetCurrentThreadId
GetProcessTimes

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadPreferredUILanguages

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
InitOnceInitialize
WakeAllConditionVariable
SleepConditionVariableSRW
Sleep
InitOnceBeginInitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegCloseKey

api-ms-win-security-base-l1-1-0

GetTokenInformation
CreateWellKnownSid

api-ms-win-security-base-l1-2-0

CheckTokenCapability

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
WaitForThreadpoolWaitCallbacks
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
SubmitThreadpoolWork
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
CloseThreadpoolWait
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-path-l1-1-0

PathCchCombineEx

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateFileW
WriteFile
FindFirstFileW
FindClose
GetFileSizeEx

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

profapi

ord104

api-ms-win-shcore-scaling-l1-1-1

ord244

combase

ord86
ord87
ord90
ord157
ord160
ord111
ord110
ord88

iertutil

ord177
ord797
CreateUri
ord792
CreateIUriBuilder
ord174

shcore

ord246
ord232
ord230
ord233
SHCreateMemStream
ord245

ntdll

NtQueryInformationToken
RtlInitUnicodeString
NtQueryInformationProcess
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlGetVersion
NtQuerySystemInformation
RtlFreeHeap
RtlFreeUnicodeString
RtlNtStatusToDosError
RtlConvertSidToUnicodeString
RtlIsCriticalSectionLockedByThread
RtlLeaveCriticalSection
RtlIsCriticalSectionLocked
RtlEnterCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlQueryPackageClaims
NtSetInformationProcess

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-ro-typeresolution-l1-1-0

RoGetMetaDataFile
RoResolveNamespace

api-ms-win-security-capability-l1-1-0

CapabilityCheck

Sections

.text
Size: 688KB - Virtual size: 684KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WallpaperHost.exe
.exe windows:10 windows x64 arch:x64

a1f991b4fdc56f63965dbe7640a1be21

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WallpaperHost.pdb

Imports

kernel32

GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent

msvcrt

?terminate@@YAXXZ
_initterm
__setusermatherr
_cexit
_onexit
__dllonexit
__C_specific_handler
_fmode
_acmdln
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_unlock
_commode
_lock
memcpy_s
_exit
_vsnwprintf
_ismbblead
memset

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeEx
CoUninitialize

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcess
TerminateProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WerFault.exe
.exe windows:10 windows x64 arch:x64

8818a13c92816cf3d989d01a7b03b804

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b5:42:89:a3:44:c4:d2:16:0c:fe:82:7a:6e:50:69:80:bc:27:75:43:39:e9:4a:66:2c:66:28:8a:c4:60:90:84
Signer

Actual PE Digest

b5:42:89:a3:44:c4:d2:16:0c:fe:82:7a:6e:50:69:80:bc:27:75:43:39:e9:4a:66:2c:66:28:8a:c4:60:90:84

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WerFault.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcsnicmp
_o___std_exception_copy
_o__wcstoui64
_o__wtoi
_o__wtoi64
memmove
_o_exit
_o_free
_o_isspace
_o_malloc
_o_terminate
_o_tolower
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstol
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o___p__commode
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o___p___wargv
_o__get_initial_wide_environment
_o___p___argc
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
wcsrchr
wcsstr
wcschr
__std_terminate
__C_specific_handler
__CxxFrameHandler4
_o___std_exception_destroy
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsncmp
memset
wcscmp
wcsnlen

cryptsp

CryptReleaseContext
CryptAcquireContextW

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleFileNameA
GetProcAddress
FreeLibrary
GetModuleHandleExW
GetModuleHandleExA
GetModuleHandleW
LoadStringW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegSetKeySecurity
RegDeleteTreeW
RegGetKeySecurity
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
RegGetValueW
RegEnumValueW
RegDeleteValueW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
SearchPathW
GetCommandLineW
ExpandEnvironmentStringsW
SetEnvironmentVariableW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
SetErrorMode
GetLastError

api-ms-win-core-processthreads-l1-1-0

OpenThread
GetCurrentThreadId
GetPriorityClass
SetPriorityClass
SetThreadPriority
CreateThread
GetThreadId
GetThreadPriority
GetCurrentProcess
GetCurrentProcessId
GetProcessId
GetExitCodeProcess
CreateProcessW
OpenProcessToken
TerminateProcess
GetProcessTimes
GetCurrentThread

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
InitOnceComplete
Sleep
InitOnceBeginInitialize
WaitOnAddress

api-ms-win-core-localization-l1-2-0

GetSystemDefaultLangID
FormatMessageW
GetThreadUILanguage
GetUserGeoID
LCMapStringW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCompareMemory
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent
SetProcessMitigationPolicy
GetThreadTimes
GetThreadContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount64
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
GetSystemDirectoryW
GetWindowsDirectoryW
GetTickCount
GetVersionExW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
AcquireSRWLockShared
AcquireSRWLockExclusive
LeaveCriticalSection
CreateEventW
TryEnterCriticalSection
ReleaseMutex
ReleaseSemaphore
CreateSemaphoreExW
ResetEvent
ReleaseSRWLockShared
CreateMutexExW
CreateMutexW
OpenMutexW
OpenEventW
WaitForSingleObject
ReleaseSRWLockExclusive
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
SetEvent

api-ms-win-security-base-l1-1-0

EqualSid
AllocateAndInitializeSid
GetSidSubAuthorityCount
GetTokenInformation
CheckTokenMembership
GetSidSubAuthority
CopySid
CreateWellKnownSid
GetLengthSid
IsValidSid
GetKernelObjectSecurity
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
SetKernelObjectSecurity

api-ms-win-core-file-l1-1-0

QueryDosDeviceW
GetDriveTypeW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
GetFileSizeEx
SetFileAttributesW
DeleteFileW
GetFileAttributesExW
FileTimeToLocalFileTime
GetFileAttributesW
CreateDirectoryW
CreateFileW
GetFinalPathNameByHandleW
GetLongPathNameW
FindFirstFileW
FindNextFileW
WriteFile
ReadFile
FindClose
CompareFileTime

api-ms-win-core-wow64-l1-1-1

GetSystemWow64DirectoryW
IsWow64Process2

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW
QueryFullProcessImageNameW
K32EnumProcessModules

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
GetStringTypeExW

api-ms-win-core-com-l1-1-0

ProgIDFromCLSID
CoSetProxyBlanket
CLSIDFromString
CoUnmarshalInterface
CoTaskMemAlloc
CoUninitialize
CoTaskMemFree
CoInitializeEx
CoCreateInstance

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWaitCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
SetThreadpoolWait
CloseThreadpoolWait
CreateThreadpoolWait

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
VirtualQuery
ReadProcessMemory
OpenFileMappingW
VirtualFree
VirtualAlloc
VirtualQueryEx

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo
GetProductInfo

api-ms-win-service-management-l1-1-0

OpenSCManagerW
StartServiceW
CloseServiceHandle
OpenServiceW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-path-l1-1-0

PathCchStripToRoot

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation

api-ms-win-core-file-l1-2-4

GetTempPath2W

rpcrt4

UuidCreate

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

ntdll

RtlFreeHeap
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
NtQueryEvent
NtOpenEvent
RtlGetVersion
RtlImageNtHeaderEx
NtQueryInformationProcess
NtQueryInformationThread
NtDeviceIoControlFile
NtAllocateVirtualMemory
NtFreeVirtualMemory
NtSetSystemInformation
RtlNtStatusToDosError
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwTraceMessage
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
RtlAdjustPrivilege
RtlGetUnloadEventTraceEx
NtSetInformationFile
PssNtCaptureSnapshot
DbgPrint
ZwQueryInformationThread
NtQuerySystemInformation
RtlSecondsSince1970ToTime
NtQueryInformationToken
NtQueryObject
RtlInitUnicodeString
DbgPrintEx
ZwQueryWnfStateNameInformation
ZwUpdateWnfStateData
EtwEventWriteNoRegistration
NtWaitForSingleObject
RtlAllocateAndInitializeSid
NtAlpcConnectPort
EtwRegisterTraceGuidsW
NtAlpcSendWaitReceivePort
RtlFreeSid
NtCreateFile
NtSystemDebugControl
NtPowerInformation
RtlCreateProcessReflection
NtResumeProcess
NtClose
RtlSetThreadErrorMode
NtSuspendProcess

wer

WerpHashApplicationParameters
WerpSetEventName
WerReportSetParameter
WerpSetDynamicParameter
WerpSetReportNamespaceParameter
WerpInitializeImageCache
WerpAuxmdMapFile
WerpAuxmdHashVaRanges
WerpAuxmdFreeCopyBuffer
WerpAuxmdDumpRegisteredBlocks
WerpAuxmdDumpProcessImages
WerpAuxmdInitialize
WerpRestartApplication
WerpIsTransportAvailable
WerReportSetUIOption
WerpSetReportFlags
WerpGetReportFlags
WerpStitchedMinidumpVmPostReadCallback
WerpStitchedMinidumpVmPreReadCallback
WerpStitchedMinidumpVmQueryCallback
WerpResetTransientImageCacheStatistics
WerpTraceImageCacheStatistics
WerpTraceUnmappedVaRangesStatistics
WerpTraceAuxMemDumpStatistics
WerpTraceSnapshotStatistics
WerpForceDeferredCollection
WerpFlushImageCache
WerpFreeUnmappedVaRanges
WerpAuxmdFree
WerReportCloseHandle
WerpFreeString
WerpAddMemoryBlock
WerpGetExtendedDiagData
WerpAddRegisteredDataToReport
WerReportAddDump
WerpAddAppCompatData
WerpGetFileByIndex
WerpGetNumFiles
WerReportSubmit
WerpSetReportIsFatal
WerpSetCallBack
WerpGetReportId
WerReportCreate
WerpSetProcessTimelines
WerpSetTelemetryAppParams
WerpSetIntegratorReportId
WerpCreateIntegratorReportId
WerpAddFile
WerpReportCancel
WerpSetReportApplicationIdentity
WerpReportSprintfParameter
WerpSetTelemetryKernelParams
WerpSetIptEnabled
WerpPromptUser
WerpSetTtdStatus
WerReportAddFile
WerpReserveMachineQueueReportDir
WerpCreateMachineStore
WerpSetExitListeners
WerpAddTerminationReason
WerpValidateReportKey
WerpGetStorePath
RegisterWaitChainCOMCallback
CloseThreadWaitChainSession
OpenThreadWaitChainSession
WerpUnmapProcessViews
GetThreadWaitChain

dbghelp

SymInitialize
SymGetModuleBase64
StackWalk64
SymFunctionTableAccess64
SymSetExtendedOption
SymGetModuleInfoW64
SymCleanup
MiniDumpWriteDump

diagnosticdatasettings

TelGetWerTelemetryMode

api-ms-win-core-com-private-l1-1-0

CoGetCallState
CoGetActivationState

api-ms-win-core-windowserrorreporting-l1-1-0

WerGetFlags
GetApplicationRestartSettings

api-ms-win-service-private-l1-1-0

I_QueryTagInformation

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-debug-l1-1-1

CheckRemoteDebuggerPresent

api-ms-win-core-processsnapshot-l1-1-0

PssWalkMarkerCreate
PssQuerySnapshot
PssDuplicateSnapshot
PssWalkMarkerFree

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-eventing-controller-l1-1-0

StopTraceW
StartTraceW

bcrypt

BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash

api-ms-win-devices-config-l1-1-1

CM_Locate_DevNodeW
CM_Get_DevNode_PropertyW
CM_Get_Device_ID_ListW
CM_MapCrToWin32Err
CM_Get_Device_ID_List_SizeW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-eventing-legacy-l1-1-0

EnableTrace
QueryTraceW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyA
RegDeleteKeyW
RegOpenKeyW

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-core-toolhelp-l1-1-0

Process32FirstW
Thread32First
Module32FirstW
Module32NextW
Thread32Next
CreateToolhelp32Snapshot
Process32NextW

api-ms-win-core-processtopology-obsolete-l1-1-0

GetProcessIoCounters

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-security-trustee-l1-1-0

BuildSecurityDescriptorW

faultrep

WerpInitiateCrashReporting

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WerFaultSecure.exe
.exe windows:10 windows x64 arch:x64

d82b05b524f0b714e15785fc3ff4ebb8

Code Sign

33:00:00:04:4a:3f:c3:77:3c:64:da:83:11:00:00:00:00:04:4a
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/08/2023, 18:38

Not After

07/08/2024, 18:38

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bd:bf:69:51:de:34:61:01:18:20:e5:db:df:f5:80:60:ed:af:8e:09:64:0d:5c:57:1b:69:30:66:77:85:ce:d2
Signer

Actual PE Digest

bd:bf:69:51:de:34:61:01:18:20:e5:db:df:f5:80:60:ed:af:8e:09:64:0d:5c:57:1b:69:30:66:77:85:ce:d2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WerFaultSecure.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_initterm
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
memmove
_o__wtoi
_o__wtoi64
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcscat_s
_o_wcstol
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__exit
_o__errno
_o__get_initial_wide_environment
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
__C_specific_handler
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsnlen
memset
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExW
GetModuleHandleExA
LoadLibraryExW
FreeLibrary
GetModuleFileNameA
GetProcAddress

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
OpenThread
GetCurrentThreadId
GetProcessId
GetCurrentProcessId
GetCurrentProcess
GetThreadPriority
GetCurrentThread
SetThreadPriority

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
VirtualAlloc

api-ms-win-core-processthreads-l1-1-1

OpenProcess
GetThreadContext
IsProcessorFeaturePresent
SetProcessMitigationPolicy

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
OpenSemaphoreW
AcquireSRWLockShared
SetEvent
ReleaseSemaphore
WaitForSingleObject
WaitForSingleObjectEx
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseMutex
AcquireSRWLockExclusive
CreateMutexExW
CreateSemaphoreExW
CreateEventW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
SetEnvironmentVariableW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation

api-ms-win-core-errorhandling-l1-1-3

SetThreadErrorMode

api-ms-win-core-rtlsupport-l1-1-0

RtlCompareMemory
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegGetValueW
RegQueryValueExW

api-ms-win-core-file-l1-1-0

CreateFileW
SetEndOfFile
GetFinalPathNameByHandleW
ReadFile
WriteFile
SetFilePointerEx

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrToIntExW
StrToInt64ExW

ntdll

EtwRegisterTraceGuidsW
NtQueryInformationProcess
EtwGetTraceEnableFlags
DbgPrint
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwUnregisterTraceGuids
EtwTraceMessage

faultrep

WerpInitiateCrashReporting

wer

WerpSetExitListeners

dbghelp

MiniDumpWriteDump

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-toolhelp-l1-1-0

Thread32First
CreateToolhelp32Snapshot
Thread32Next

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinBioDataModelOOBE.exe
.exe windows:10 windows x64 arch:x64

ce94345a1a10b1cfc062320b663e1e72

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WinBioDataModelOOBE.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm_e
_initterm
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__std_terminate
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA
FreeLibrary
GetProcAddress
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
ReleaseMutex
AcquireSRWLockExclusive
WaitForSingleObject
WaitForSingleObjectEx
ReleaseSRWLockShared
ReleaseSRWLockExclusive
ReleaseSemaphore
CreateSemaphoreExW
CreateMutexExW
InitializeSRWLock
CreateEventW
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError
RoOriginateErrorW
SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-com-l1-1-0

CoRegisterClassObject
CoReleaseServerProcess
CoRevokeClassObject
CoAddRefServerProcess
CoUninitialize
CoDecrementMTAUsage
CoInitializeSecurity
CoIncrementMTAUsage
CoInitializeEx
CoCreateInstance
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoResumeClassObjects

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString
WindowsCreateString
WindowsGetStringRawBuffer

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-l1-1-0

RoRegisterActivationFactories
RoRevokeActivationFactories

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

combase

ord69
ord99

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinRTNetMUAHostServer.exe
.exe windows:10 windows x64 arch:x64

c6369d534059b6f460d240f7224bc0bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WinRTNetMUAHostServer.pdb

Imports

msvcrt

_unlock
_lock
_commode
_fmode
_wcmdln
__dllonexit
_initterm
__setusermatherr
_cexit
_exit
_onexit
exit
__CxxFrameHandler3
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
free
?terminate@@YAXXZ
_callnewh
__C_specific_handler
malloc
_purecall

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeSecurity
CoResumeClassObjects
CoRegisterClassObject
CoReleaseServerProcess
CoRevokeClassObject
CoAddRefServerProcess
CoInitializeEx

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateEventW
WaitForSingleObject
ReleaseSRWLockShared
AcquireSRWLockShared

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoRegisterActivationFactories
RoRevokeActivationFactories

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetStartupInfoW
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

combase

ord69
ord163

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinSAT.exe
.exe windows:10 windows x64 arch:x64

ae97f21d252d277b1e16386bf52562fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WinSAT.pdb

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
InitializeSecurityDescriptor
RegSetValueExW
RegCreateKeyExW
RegFlushKey
CreateWellKnownSid
SetEntriesInAclW
EventWriteTransfer
RegCloseKey
StopTraceW
SetSecurityDescriptorDacl
EventUnregister
EventEnabled
EventRegister
ControlTraceW
StartTraceW
EnableTrace
OpenTraceW
CloseTrace
ProcessTrace
CryptHashData
CryptDestroyHash
CryptGenKey
CryptReleaseContext
TraceSetInformation
AdjustTokenPrivileges
RevertToSelf
ImpersonateSelf
OpenThreadToken
CryptDecrypt
CryptEncrypt
CryptAcquireContextW
CryptGetKeyParam
CryptDestroyKey
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
CryptCreateHash

kernel32

GetProcAddress
LocalFree
DeleteCriticalSection
GetComputerNameW
GetProcessHeap
CreateProcessW
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetFileType
GetTempPath2W
GetTickCount
ExpandEnvironmentStringsW
GetModuleFileNameW
CreateMutexW
OpenEventW
ReleaseMutex
DeleteFileW
GetLocaleInfoW
GetNumberFormatW
DeviceIoControl
IsProcessorFeaturePresent
GlobalMemoryStatusEx
ReadFile
FindFirstFileW
FindClose
CreateFileW
CompareStringA
GetStringTypeExA
GetVersionExW
GetNativeSystemInfo
GetSystemInfo
IsWow64Process
GetFileSizeEx
EnterCriticalSection
LoadLibraryExA
LeaveCriticalSection
SetFilePointer
SetEndOfFile
GetCurrentThreadId
SetCriticalSectionSpinCount
GetLocalTime
GetTimeFormatW
GetCurrentProcessId
FormatMessageA
FlushFileBuffers
FindNextFileW
QueryPerformanceCounter
SetWaitableTimer
CreateWaitableTimerW
TerminateProcess
CancelWaitableTimer
CreateThread
ExitProcess
WriteConsoleW
GetWindowsDirectoryW
GetCurrentDirectoryW
HeapAlloc
FindResourceW
GetEnvironmentVariableW
LoadResource
ResetEvent
HeapSetInformation
LoadLibraryW
PowerClearRequest
CloseHandle
GetThreadPriority
LockResource
GetCurrentThread
SetEvent
GetLastError
PowerCreateRequest
FormatMessageW
Sleep
MultiByteToWideChar
CreateEventW
DuplicateHandle
ResumeThread
LocalAlloc
OutputDebugStringA
LoadLibraryA
GetModuleHandleA
GetFileSize
CreateFileMappingA
GetFullPathNameA
CreateFileMappingW
FindResourceExW
LCIDToLocaleName
UnmapViewOfFile
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
SearchPathW
VirtualUnlock
lstrcmpiA
CopyFileW
OpenThread
GetThreadId
OpenProcess
K32GetProcessImageFileNameW
GetProcessIdOfThread
InterlockedPopEntrySList
InitializeSListHead
SetFileValidData
InterlockedPushEntrySList
SleepEx
SetFilePointerEx
GetOverlappedResult
ReadFileEx
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
WriteFileEx
GetDiskFreeSpaceW
CancelIo
GetLogicalDrives
SetProcessWorkingSetSize
VirtualLock
SetThreadIdealProcessor
GetExitCodeThread
VirtualAlloc
VirtualFree
GetProcessWorkingSetSize
GetLogicalProcessorInformation
QueryPerformanceFrequency
SetThreadAffinityMask
CreateFileA
GetFileAttributesW
LoadLibraryExW
GetConsoleOutputCP
GetSystemFirmwareTable
lstrcmpW
MapViewOfFile
OpenFileMappingW
lstrcmpiW
WTSGetActiveConsoleSessionId
FileTimeToSystemTime
SetFileInformationByHandle
ProcessIdToSessionId
GetLocaleInfoEx
GetFinalPathNameByHandleW
GetFileInformationByHandleEx
WaitForSingleObject
GetPriorityClass
WaitForMultipleObjectsEx
InitializeCriticalSection
SetThreadPriority
SetEnvironmentVariableW
RemoveDirectoryW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
DecodePointer
EncodePointer
GetStringTypeW
GetStringTypeExW
WriteFile
WriteConsoleA
GetStdHandle
GetCurrentProcess
GetHandleInformation
GetCommandLineW
SetPriorityClass
SetLastError
HeapFree
CompareStringW
SetConsoleCtrlHandler
PowerSetRequest
SizeofResource
CreateDirectoryW
GetSystemPowerStatus

msvcrt

exp
cosh
cos
ceil
floorf
fmod
log
pow
sin
sinh
strcmp
floor
tan
atan2
atan
asin
acos
__CxxFrameHandler4
_itoa_s
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
sqrt
isdigit
isalnum
memcmp
memchr
tolower
isspace
_wsetlocale
__crtLCMapStringA
__crtLCMapStringW
_wcsdup
memset
abort
islower
_ismbblead
___mb_cur_max_func
calloc
___lc_codepage_func
___lc_handle_func
isupper
__pctype_func
__uncaught_exception
memmove
memcpy
setlocale
_unlock
_lock
_errno
__CxxFrameHandler3
_CxxThrowException
malloc
_callnewh
feof
_wfopen
fgets
_vsnprintf_s
_snprintf_s
_vsnwprintf_s
wcscat_s
_snwprintf_s
memcpy_s
fwprintf
atof
wcsstr
wcstoul
__iob_func
vswprintf_s
modf
mbstowcs
iswpunct
_aligned_free
_aligned_malloc
qsort
time
srand
rand
_wcsnicmp
wcsncmp
_stricmp
atoi
_vsnprintf
_strdup
_clearfp
_finite
_isnan
_fpclass
isalpha
isxdigit
strchr
toupper
_vsnwprintf
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
??0bad_cast@@QEAA@AEBV0@@Z
_beginthreadex
_wtof
iswdigit
strcspn
_purecall
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
fclose
_wfopen_s
_wcsicmp
sprintf_s
free
_time64
localeconv
tanh

oleaut32

GetErrorInfo
SysStringLen
VariantInit
SysFreeString
VariantClear
SysAllocString

ole32

CoTaskMemFree
StringFromCLSID
CoCreateInstance
CoInitialize
CoGetClassObject
CoUninitialize

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

timeBeginPeriod
timeEndPeriod

user32

EnumDisplaySettingsW
EnumDisplayDevicesW
GetMonitorInfoW
EnumDisplayMonitors
CharLowerBuffW
GetSystemMetrics
EndPaint
BeginPaint
GetDesktopWindow
DestroyWindow
SetWindowPos
SetWindowLongPtrW
CreateWindowExW
UnregisterClassW
IsWindow
RegisterClassW
SetWindowLongW
DefWindowProcW
PostMessageW
MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW
TranslateMessage
CharLowerW
SetCursor
PostQuitMessage

ntdll

NtDeviceIoControlFile
RtlInitUnicodeString
RtlCompressBuffer
RtlDecompressBuffer
RtlGetCompressionWorkSpaceSize
RtlAdjustPrivilege
RtlInitializeBitMap
NtOpenFile
RtlFindNextForwardRunClear
RtlRandom
NtClose
RtlGetVersion
RtlNtStatusToDosError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtQuerySystemInformation
RtlFindClearBits

shell32

SHGetFolderPathW

gdi32

DeleteObject
GetStockObject

dxgi

DXGIReportAdapterConfiguration
CreateDXGIFactory

d3d10_1

D3D10CreateDeviceAndSwapChain1
D3D10StateBlockMaskEnableAll
D3D10CompileShader
D3D10CreateStateBlock

d3d10

D3D10CreateDeviceAndSwapChain

gdiplus

GdiplusStartup
GdipBitmapUnlockBits
GdipDisposeImage
GdipCreateBitmapFromStream
GdiplusShutdown
GdipBitmapLockBits

shlwapi

StrFormatByteSizeW
PathAppendW

rpcrt4

UuidToStringW
UuidCreateNil
UuidCreate
RpcStringFreeW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDevicePropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsExW

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGELK
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 300KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 364KB - Virtual size: 410KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 832KB - Virtual size: 829KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.Media.BackgroundPlayback.exe
.exe windows:10 windows x64 arch:x64

c3c9fdd2c4e7a916f68d56ca0e8bac30

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Windows.Media.BackgroundPlayback.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm
_c_exit
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___p___argc
_o___p__commode
_o___p___wargv
_o__seh_filter_exe

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
GetTraceLoggerHandle
UnregisterTraceGuids

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoActivateInstance
RoGetActivationFactory
RoInitialize

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Windows.WARP.JITService.exe
.exe windows:10 windows x64 arch:x64

46c3ccc5fc2ba6d741cbd569e653a9db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Windows.WARP.JITService.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_exit
_o_free
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
__std_terminate
__CxxFrameHandler4
_CxxThrowException
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA
FreeLibrary
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

CreateMutexExW
CreateEventW
ReleaseMutex
ReleaseSRWLockExclusive
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockShared
OpenSemaphoreW
ReleaseSemaphore
DeleteCriticalSection
EnterCriticalSection
WaitForSingleObjectEx
AcquireSRWLockShared
CreateSemaphoreExW
SetEvent

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-security-base-l1-1-0

GetLengthSid
InitializeAcl
AddAccessAllowedAce

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WindowsActionDialog.exe
.exe windows:10 windows x64 arch:x64

25249b4bbd1d8eebc2b25532001b6083

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WindowsActionDialog.pdb

Imports

kernel32

ReleaseMutex
CreateEventW
FormatMessageW
GetTickCount64
GetLastError
OutputDebugStringW
SetEvent
CloseThreadpoolTimer
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
CreateThreadpoolTimer
HeapAlloc
GetProcAddress
CreateMutexExW
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
CreateSemaphoreExW
HeapFree
SetLastError
OpenEventW
GetCurrentThreadId
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
CreateMutexW
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameA
EnterCriticalSection
ReleaseSemaphore
GetModuleHandleExW

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm
_register_thread_local_exe_atexit_callback
_initterm_e

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_free
_o_malloc
_o_terminate
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o___p__commode
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__C_specific_handler
__CxxFrameHandler4
__C_specific_handler_noexcept
memcpy
memmove

api-ms-win-crt-string-l1-1-0

memset

ole32

CoInitializeEx
CoSetProxyBlanket
CoUninitialize
CoCreateInstance

ntdll

RtlUnsubscribeWnfNotificationWaitForCompletion
RtlVirtualUnwind
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize

oleaut32

SysStringLen
SysFreeString

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess
GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
FreeLibrary

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc

user32

TranslateMessage
PeekMessageW
DispatchMessageW
MsgWaitForMultipleObjects

dui70

?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
InitThread
InitProcessPriv
UnInitThread
UnInitProcessPriv
?_ZeroRelease@Value@DirectUI@@AEAAXXZ
?ContentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z
?CreateString@Value@DirectUI@@SAPEAV12@PEBGPEAUHINSTANCE__@@@Z
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WindowsUpdateElevatedInstaller.exe
.exe windows:10 windows x64 arch:x64

c9ff80e2f665af63b7621dc61b913549

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WindowsUpdateElevatedInstaller.pdb

Imports

kernel32

GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent

api-ms-win-crt-runtime-l1-1-0

_initterm
_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o___std_exception_destroy
_o__wcsicmp
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
__std_terminate
__CxxFrameHandler4
_CxxThrowException
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoUninitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-registry-l1-1-0

RegGetValueW

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WpcMon.exe
.exe windows:10 windows x64 arch:x64

66e9a139949ede67d679e455985d92a6

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f9:41:70:08:95:4e:e9:17:06:d1:08:72:d1:70:06:68:2f:06:85:31:3a:1c:59:bf:52:43:62:4e:50:9e:5d:15
Signer

Actual PE Digest

f9:41:70:08:95:4e:e9:17:06:d1:08:72:d1:70:06:68:2f:06:85:31:3a:1c:59:bf:52:43:62:4e:50:9e:5d:15

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WpcMon.pdb

Imports

advapi32

EventActivityIdControl
QueryServiceStatusEx
GetLengthSid
OpenServiceW
EventUnregister
UnregisterTraceGuids
RegisterTraceGuidsW
StartServiceW
GetTraceEnableLevel
IsValidSid
GetTraceEnableFlags
GetTraceLoggerHandle
EventSetInformation
TraceMessage
OpenSCManagerW
EventRegister
CloseServiceHandle
EventWriteTransfer
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegGetValueW
RegEnumKeyExW
RegEnumValueW
RegDeleteTreeW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
DuplicateTokenEx
SetTokenInformation
OpenProcessToken
OpenThreadToken
GetTokenInformation
GetSidLengthRequired
ConvertStringSecurityDescriptorToSecurityDescriptorW
CopySid
ConvertSidToStringSidW
ConvertStringSidToSidW
LookupAccountNameW
CreateWellKnownSid
CreateProcessAsUserW
IsTextUnicode

kernel32

DebugBreak
GetTickCount
RegisterApplicationRestart
GetModuleHandleW
GetFileTime
SleepEx
IsDebuggerPresent
WriteFile
GetFileSizeEx
SetFilePointerEx
ReadFile
CreateFileW
GetComputerNameW
CreateMutexW
IsWow64Process
GetCurrentThread
CreateEventExW
InitOnceInitialize
InitOnceExecuteOnce
GetCurrentProcessId
GetPackagesByPackageFamily
GetPackagePath
PackageIdFromFullName
FindFirstChangeNotificationW
FindCloseChangeNotification
FindNextChangeNotification
GetFileAttributesW
CreateDirectoryW
GetFileAttributesExW
LocaleNameToLCID
FileTimeToLocalFileTime
LocalFileTimeToFileTime
GetDynamicTimeZoneInformation
GetDateFormatEx
GetTimeFormatEx
GetTimeFormatW
GetDateFormatW
CompareFileTime
FileTimeToSystemTime
GetLocaleInfoEx
OpenEventW
IsThreadpoolTimerSet
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
CallbackMayRunLong
SetThreadpoolWait
CreateThreadpoolWait
TrySubmitThreadpoolCallback
CloseThreadpool
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
CreateThreadpool
SleepConditionVariableSRW
WakeAllConditionVariable
InitializeConditionVariable
WaitForMultipleObjectsEx
ConvertFiberToThread
QueueUserAPC
OpenThread
MultiByteToWideChar
WideCharToMultiByte
LocalFree
CreateMutexExW
GetProcAddress
GetErrorMode
HeapAlloc
HeapSetInformation
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitOnceComplete
OutputDebugStringW
ReleaseSRWLockExclusive
UpdateProcThreadAttribute
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
SetErrorMode
SetProcessShutdownParameters
InitializeProcThreadAttributeList
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
SetHandleInformation
InitOnceBeginInitialize
GetModuleFileNameA
GetProcessHeap
GetThreadPreferredUILanguages
MoveFileW
ResolveDelayLoadedAPI
DelayLoadFailureHook
DeleteFileW

msvcp_win

??1_Lockit@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$ctype@G@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?tolower@?$ctype@G@std@@QEBAGG@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xbad_alloc@std@@YAXXZ
?id@?$collate@G@std@@2V0locale@2@A
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGD@Z
?put@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@G@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1_Locinfo@std@@QEAA@XZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Incref@facet@locale@std@@UEAAXXZ
_Wcscoll
_Wcsxfrm
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
_Cnd_destroy_in_situ
_Cnd_broadcast
_Mtx_unlock
_Cnd_wait
_Mtx_init_in_situ
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Mtx_destroy_in_situ
?_Xlength_error@std@@YAXPEBD@Z
?_Throw_C_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
_Cnd_init_in_situ
?__ExceptionPtrCreate@@YAXPEAX@Z
??0task_continuation_context@Concurrency@@AEAA@XZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEBA?AVlocale@2@XZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?unshift@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?swap@?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAAXAEAV12@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
_Mtx_lock

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_wide_winmain_command_line
_o__i64tow_s
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itoa_s
_o__lock_file
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__ui64tow_s
_o__unlock_file
_o__wcsicmp
_o__wcstoi64
_o__wcstoui64
_o_abort
_o_ceilf
_o_exit
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fgetwc
_o_fputwc
_o_free
_o_fsetpos
_o_fwrite
_o_isspace
_o_iswascii
_o_iswdigit
_o_iswlower
_o_iswspace
_o_iswxdigit
_o_malloc
_o_realloc
_o_setvbuf
_o_terminate
_o_towlower
_o_ungetc
_o_ungetwc
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstol
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
__CxxFrameHandler3
wcschr
_o__exit
_o__errno
_o__fseeki64
strchr
__std_type_info_compare
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_name
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__std_terminate
__CxxFrameHandler4
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
memcmp
memcpy
memmove

api-ms-win-crt-string-l1-1-0

memset
strncmp

shlwapi

SHStrDupW
PathRemoveFileSpecW
SHCreateStreamOnFileEx
UrlEscapeW
PathCombineW

api-ms-win-core-com-l1-1-0

PropVariantClear
CoInitializeEx
CoWaitForMultipleHandles
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoTaskMemFree

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
CreateEventW
InitializeCriticalSection
ReleaseSRWLockShared
InitializeSRWLock
AcquireSRWLockShared
EnterCriticalSection

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW
CreateThread
GetCurrentProcess
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize
RoGetActivationFactory
RoActivateInstance

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

ntdll

EtwTraceMessage
RtlGetDeviceFamilyInfoEnum
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification

api-ms-win-shcore-scaling-l1-1-2

GetDpiForShellUIComponent

shell32

SHGetKnownFolderPath
ShellExecuteW
Shell_NotifyIconW
ShellExecuteExW
CommandLineToArgvW
SHGetFolderPathW

rpcrt4

UuidCreate

api-ms-win-core-localization-l1-2-0

IdnToAscii

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

samcli

NetUserGetInfo

imm32

ImmDisableLegacyIME

Sections

.text
Size: 664KB - Virtual size: 661KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WpcTok.exe
.exe windows:10 windows x64 arch:x64

dd8465f61452dc18669ee272eea300c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wpctok.pdb

Imports

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
_Wcsxfrm
_Wcscoll
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$ctype@G@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?tolower@?$ctype@G@std@@QEBAGG@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$collate@G@std@@2V0locale@2@A
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__i64tow_s
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itoa_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_errno
_o__set_fmode
_o__set_new_mode
_o__ui64tow_s
_o__wcstoui64
memmove
_o_exit
_o_free
_o_malloc
_o_realloc
_o_strncpy_s
_o_strtol
_o_terminate
_o_towlower
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o___stdio_common_vfwprintf
_o___std_type_info_name
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o__cexit
_o__callnewh
_o__exit
_o__get_initial_wide_environment
_o___p___argc
_o__errno
_o___stdio_common_vswprintf
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler4
_o___stdio_common_vsnprintf_s
memcmp
memcpy
__CxxFrameHandler3
__std_type_info_compare
strchr

api-ms-win-crt-string-l1-1-0

memset
wcscmp

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
OpenProcessToken
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
OpenThreadToken

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
GetProcAddress

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
InitializeCriticalSection
DeleteCriticalSection
ReleaseSRWLockExclusive
SleepEx
OpenSemaphoreW
CreateMutexExW
WaitForSingleObject
WaitForSingleObjectEx
ReleaseMutex
CreateSemaphoreExW
ReleaseSemaphore
CreateEventExW
AcquireSRWLockExclusive
SetEvent
ReleaseSRWLockShared
EnterCriticalSection
LeaveCriticalSection
AcquireSRWLockShared
InitializeSRWLock

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventActivityIdControl
EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString

ntdll

EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage

api-ms-win-service-management-l1-1-0

OpenServiceW
OpenSCManagerW

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
WakeAllConditionVariable

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegCloseKey
RegGetValueW
RegEnumKeyExW
RegEnumValueW
RegDeleteTreeW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CloseThreadpool
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-security-base-l1-1-0

GetTokenInformation
CreateWellKnownSid
CopySid

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-url-l1-1-0

UrlEscapeW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
XblGameSaveTask.exe
.exe windows:10 windows x64 arch:x64

8500995099f1fff234c29b2797de4d9f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

XblGameSaveTask.pdb

Imports

msvcrt

_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
_lock
_unlock
??0exception@@QEAA@AEBQEBDH@Z
?terminate@@YAXXZ
_fmode
malloc
_commode
__dllonexit
?what@exception@@UEBAPEBDXZ
_onexit
wprintf
_wcsicmp
??0exception@@QEAA@AEBQEBD@Z
__C_specific_handler
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_initterm
??3@YAXPEAX@Z
??1type_info@@UEAA@XZ
memcpy_s
_vsnwprintf
__setusermatherr
__CxxFrameHandler4
memcpy
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
ReleaseSemaphore
WaitForSingleObject
CreateMutexExW
CreateSemaphoreExW
ReleaseMutex
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcStringFreeW
RpcBindingFree
NdrClientCall3
I_RpcExceptionFilter

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

CreateWellKnownSid

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryInfoKeyW
RegCreateKeyExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

ntdll

RtlIsMultiSessionSku

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
agentactivationruntimestarter.exe
.exe windows:10 windows x64 arch:x64

ae8a657d931c8f4598f99cf55a9f1562

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

AgentActivationRuntimeStarter.pdb

Imports

msvcp110_win

?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z

msvcrt

_CxxThrowException
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
_purecall
??3@YAXPEAX@Z
__CxxFrameHandler4
memcpy

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize
RoGetActivationFactory

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aitstatic.exe
.exe windows:10 windows x64 arch:x64

a71dd85f2eb4dbb8ad73068c535d12c2

Code Sign

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

aa:f5:d6:68:f8:97:5f:cc:51:b1:06:4f:61:5c:fe:5c:b5:26:90:14:a1:a1:41:05:cc:22:1c:ea:22:7f:6c:9a
Signer

Actual PE Digest

aa:f5:d6:68:f8:97:5f:cc:51:b1:06:4f:61:5c:fe:5c:b5:26:90:14:a1:a1:41:05:cc:22:1c:ea:22:7f:6c:9a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

AitStatic.pdb

Imports

kernel32

CreateSemaphoreExW
GetProcessHeap
HeapAlloc
GetSystemInfo
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
HeapFree
VirtualProtect
LocalFree
WideCharToMultiByte
UnmapViewOfFile
GetFileInformationByHandle
VirtualQuery
MapViewOfFile
CreateFileMappingW
GetFileSizeEx
RaiseException
GetFileAttributesW
MultiByteToWideChar
GetModuleFileNameA
GetSystemDirectoryW
HeapReAlloc
WaitForSingleObject
FindClose
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
FormatMessageW
ReleaseMutex
LocalAlloc
ReleaseSemaphore
GetSystemTimeAsFileTime
HeapSetInformation
GetSystemWow64DirectoryW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
SetLastError
WriteFile
GetModuleHandleExW
ExpandEnvironmentStringsW
OutputDebugStringA
GetModuleFileNameW
CreateFileW
GetModuleHandleExA
GetLastError
CloseHandle
GetProcAddress
FreeLibrary
DebugBreak
LoadLibraryExW
IsDebuggerPresent
FindFirstFileW
FindNextFileW

msvcrt

__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_wfullpath
printf
vprintf
_wcsicmp
_vsnwprintf
_vsnprintf
wcscpy_s
wcscat_s
_wcslwr
strcpy_s
wcschr
wcsstr
strchr
_wcsnicmp
wcsrchr
wcsncmp
_commode
_lock
_strdup
_strrev
bsearch_s
free
_stricmp
_wcsrev
qsort_s
??3@YAXPEAX@Z
_purecall
strnlen
memcpy_s
strrchr
strncpy_s
_ui64toa_s
_strnicmp
??_V@YAXPEAX@Z
wcstombs_s
malloc
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
??1type_info@@UEAA@XZ
__CxxFrameHandler3
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
memcmp
_fmode
swscanf_s
iswalpha
wcspbrk
sprintf_s
memset

ntdll

EtwEventRegister
ZwClose
ZwQuerySystemInformation
RtlGUIDFromString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlUpcaseUnicodeChar
RtlGetNativeSystemInformation
EtwEventWrite
RtlInitUnicodeStringEx
ZwQueryValueKey
ZwOpenKey
RtlCharToInteger
RtlNtStatusToDosError
RtlLeaveCriticalSection
RtlFreeHeap
RtlInitializeCriticalSection
ZwEnumerateKey
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlReAllocateHeap
RtlEqualString
RtlAllocateHeap
RtlDeleteCriticalSection
NtClose
NtQueryInformationFile
NtCreateFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwEventWriteNoRegistration
RtlInitUnicodeString
LdrGetDllHandle
RtlInitString
LdrGetProcedureAddress
EtwEventUnregister

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

SysAllocString
SysStringLen
VariantClear
VariantInit
SysFreeString

advapi32

EventRegister
EventUnregister
EventWriteTransfer

shlwapi

PathFindExtensionA
PathStripPathW
PathFindExtensionW
PathRemoveBackslashW

Exports

Exports

CreateDCW
DeleteDC
GetFirmwareType
RtlCheckPortableOperatingSystem

Sections

.text
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
alg.exe
.exe windows:10 windows x64 arch:x64

0a7a2e70ff1c1295203cb6c0b3d76235

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ALG.pdb

Imports

msvcrt

??1type_info@@UEAA@XZ
exit
_lock
_unlock
__set_app_type
_exit
__dllonexit
__wgetmainargs
_amsg_exit
_XcptFilter
_onexit
?terminate@@YAXXZ
_cexit
_commode
_fmode
_initterm
memmove
__CxxFrameHandler4
_wcmdln
isdigit
__CxxFrameHandler3
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@XZ
memmove_s
memcpy_s
_wcsicmp
?what@exception@@UEBAPEBDXZ
realloc
wcscat_s
malloc
free
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
__C_specific_handler
__setusermatherr
memcmp
memcpy
memset

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
SetEvent
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateEventW
WaitForSingleObject

api-ms-win-core-libraryloader-l1-2-0

LoadResource
LoadLibraryExW
GetModuleHandleW
FreeLibrary
GetModuleFileNameW
FindResourceExW
SizeofResource
GetProcAddress

api-ms-win-core-string-l2-1-0

CharPrevW
CharNextW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
RegEnumValueW

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualAlloc
VirtualQuery

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapDestroy
HeapFree
HeapAlloc
HeapSetInformation

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
CreateThread
GetCurrentProcess
GetStartupInfoW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
CreateTimerQueue
DeleteTimerQueueEx
DeleteTimerQueueTimer

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcpynW

cryptbase

SystemFunction036

mswsock

AcceptEx
GetAcceptExSockaddrs

api-ms-win-core-file-l1-1-0

WriteFile
ReadFile

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-kernel32-legacy-l1-1-0

BindIoCompletionCallback

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
appidcertstorecheck.exe
.exe windows:10 windows x64 arch:x64

7168353edbe3ab24a184bb681fd55ae6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

appidcertstorecheck.pdb

Imports

msvcrt

_lock
_unlock
__dllonexit
_exit
__set_app_type
_commode
?terminate@@YAXXZ
memcmp
_fmode
exit
__wgetmainargs
_cexit
__setusermatherr
_initterm
__C_specific_handler
_vsnwprintf
_amsg_exit
_XcptFilter
memmove_s
_purecall
??3@YAXPEAX@Z
memcpy_s
_onexit
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
GetProcAddress

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ResetEvent
ReleaseMutex
SetEvent
CreateEventExW
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSemaphore
CreateSemaphoreExW
DeleteCriticalSection
AcquireSRWLockShared
WaitForSingleObject
CreateMutexExW
EnterCriticalSection
ReleaseSRWLockShared
InitializeCriticalSectionEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapSetInformation
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-namespace-l1-1-0

AddSIDToBoundaryDescriptor
ClosePrivateNamespace
OpenPrivateNamespaceW
CreatePrivateNamespaceW
CreateBoundaryDescriptorW
DeleteBoundaryDescriptor

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-file-l1-1-0

CompareFileTime
CreateFileW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics

ntdll

EtwEventWriteTransfer
EtwEventUnregister
EtwEventWrite
EtwEventRegister
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
appidpolicyconverter.exe
.exe windows:10 windows x64 arch:x64

88c456fe094be3232ebf85407cd4909f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

appidpolicyconverter.pdb

Imports

msvcp110_win

?_Syserror_map@std@@YAPEBDH@Z
?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Orphan_all@_Container_base0@std@@QEAAXXZ
?_Xout_of_range@std@@YAXPEBD@Z

msvcrt

??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
memmove
memcpy
__RTDynamicCast
wcstol
_ui64tow_s
_vsnwprintf_s
_wtoi
towupper
??0exception@@QEAA@XZ
memset
__CxxFrameHandler4
_wsetlocale
_wcsicmp
wcscpy_s
wcsstr
qsort
_wcsnicmp
wcsncmp
swscanf_s
_callnewh
free
malloc
??0exception@@QEAA@AEBQEBDH@Z
_purecall
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_fmode
_commode

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteTreeW
RegQueryValueExW
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW
RegGetValueW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

DeleteFileW
FindNextFileW
FindFirstFileW
FindClose
CreateFileW
FlushFileBuffers
WriteFile

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation
EventActivityIdControl

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize
CoInitializeSecurity

api-ms-win-core-synch-l1-1-0

SleepEx
CreateMutexExW
WaitForSingleObject
ReleaseMutex

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-namespace-l1-1-0

AddSIDToBoundaryDescriptor
CreatePrivateNamespaceW
OpenPrivateNamespaceW
DeleteBoundaryDescriptor
ClosePrivateNamespace
CreateBoundaryDescriptorW

api-ms-win-security-base-l1-1-0

GetAce
GetSecurityDescriptorDacl

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
CloseServiceHandle

api-ms-win-service-management-l2-1-0

ChangeServiceConfigW
QueryServiceConfigW

userenv

LeaveCriticalPolicySection
EnterCriticalPolicySection

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetWindowsDirectoryW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

EtwTraceMessage
NtSetValueKey
NtClose
NtOpenKey
EtwEventWriteTransfer
NtQueryLicenseValue
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
RtlFreeHeap
RtlAllocateHeap
EtwEventUnregister
EtwEventWrite
RtlNtStatusToDosErrorNoTeb
EtwEventRegister
EtwUnregisterTraceGuids

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

rpcrt4

UuidToStringW
RpcStringFreeW
UuidFromStringW

api-ms-win-appmodel-runtime-l1-1-0

PackageNameAndPublisherIdFromFamilyName
PackageFamilyNameFromId

srpapi

AppIDFreeAttributeString
AppIDEncodeAttributeString

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
appidtel.exe
.exe windows:10 windows x64 arch:x64

ee8cadc7162a0f5d13ed90f25bbd2d68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

appidtel.pdb

Imports

msvcrt

_exit
_cexit
__setusermatherr
_initterm
_fmode
exit
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
__C_specific_handler
_wtoi64
_purecall
??3@YAXPEAX@Z
_wcsicmp
_commode
__CxxFrameHandler4

ntdll

RtlCaptureContext
NtQuerySystemTime
RtlLookupFunctionEntry
RtlVirtualUnwind

advapi32

RegCloseKey
ChangeServiceConfigW
RegCreateKeyW
StartServiceW
RegSetValueExW
ControlService
OpenSCManagerW
CloseServiceHandle
OpenServiceW

kernel32

GetLastError
Sleep
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
at.exe
.exe windows:10 windows x64 arch:x64

706b3b3a140a0d02348522c84c2cb7b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

at.pdb

Imports

msvcrt

strcpy_s
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
sscanf_s
strspn
_exit
_cexit
malloc
_stricmp
__setusermatherr
_initterm
wcscpy_s
strpbrk
__C_specific_handler
_fmode
wcsrchr
_commode
strchr
free
memset
wcschr
fgets
wcstok_s
wcstoul
strcat_s
_itoa_s
_wcsupr
exit
_wcsicmp
_vsnwprintf
?terminate@@YAXXZ
__iob_func
wcscmp

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetCommandLineW
ExpandEnvironmentStringsW

api-ms-win-core-console-l1-1-0

GetConsoleMode
ReadConsoleW
WriteConsoleW
GetConsoleOutputCP

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetCPInfo
SetThreadUILanguage
GetThreadLocale

api-ms-win-core-file-l1-1-0

WriteFile
GetFileType

schedcli

NetScheduleJobGetInfo
NetScheduleJobDel
NetScheduleJobAdd
NetScheduleJobEnum

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetTickCount

netutils

NetApiBufferFree

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleW
FreeLibrary

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-core-privateprofile-l1-1-0

GetProfileIntA
GetProfileStringA

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
attrib.exe
.exe windows:10 windows x64 arch:x64

2cb38fe7d8f223d9da50b7cba9b95a6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

attrib.pdb

Imports

ulib

??0CLASS_DESCRIPTOR@@QEAA@XZ
?SetAttributes@FSNODE@@QEAAEKPEAK@Z
?IsDrive@PATH@@QEBAEXZ
??1PATH@@UEAA@XZ
?Initialize@PATH@@QEAAEPEBGE@Z
?Initialize@PATH@@QEAAEPEBVWSTRING@@E@Z
?Initialize@PATH@@QEAAEPEBV1@E@Z
??0PATH@@QEAA@XZ
?Display@MESSAGE@@QEAAEPEBDZZ
Get_Standard_Output_Stream
?SetAttributes@FSN_FILTER@@QEAAEKKK@Z
?SetFileName@FSN_FILTER@@QEAAEPEBD@Z
?IsValueSet@ARGUMENT@@QEAAEXZ
?Initialize@CLASS_DESCRIPTOR@@QEAAEPEBD@Z
??1FSN_FILTER@@UEAA@XZ
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QEAAXE@Z
?Strcat@WSTRING@@QEAAEPEBV1@@Z
?QueryString@WSTRING@@QEBAPEAV1@KK@Z
?Initialize@WSTRING@@QEAAEPEBV1@KK@Z
?Initialize@WSTRING@@QEAAEPEBGK@Z
?Initialize@WSTRING@@QEAAEPEBDK@Z
?WorkOnReparsePoint@FSNODE@@QEAAEE@Z
?Strchr@WSTRING@@QEBAKGK@Z
?Fatal@PROGRAM@@UEBAXKKPEADZZ
?QueryDirectory@SYSTEM@@SAPEAVFSN_DIRECTORY@@PEBVPATH@@E@Z
??0PATH_ARGUMENT@@QEAA@XZ
??1PROGRAM@@UEAA@XZ
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@@Z
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@PEADZZ
?Fatal@PROGRAM@@UEBAXXZ
?GetStandardInput@PROGRAM@@UEAAPEAVSTREAM@@XZ
?GetStandardOutput@PROGRAM@@UEAAPEAVSTREAM@@XZ
?GetStandardError@PROGRAM@@UEAAPEAVSTREAM@@XZ
?Usage@PROGRAM@@UEBAXXZ
?ValidateVersion@PROGRAM@@UEBAXKK@Z
??0PROGRAM@@IEAA@XZ
?QueryFsnodeArray@FSN_DIRECTORY@@QEBAPEAVARRAY@@PEAVFSN_FILTER@@@Z
??0STRING_ARGUMENT@@QEAA@XZ
??1STRING_ARGUMENT@@UEAA@XZ
?Initialize@STRING_ARGUMENT@@QEAAEPEAD@Z
??0ARGUMENT_LEXEMIZER@@QEAA@XZ
??1ARGUMENT_LEXEMIZER@@UEAA@XZ
?Initialize@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?PutSeparators@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?PutSwitches@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?Initialize@FSN_FILTER@@QEAAEXZ
?PrepareToParse@ARGUMENT_LEXEMIZER@@QEAAEPEAVWSTRING@@@Z
??1OBJECT@@UEAA@XZ
??1PATH_ARGUMENT@@UEAA@XZ
?Initialize@PATH_ARGUMENT@@QEAAEPEADE@Z
??0STREAM_MESSAGE@@QEAA@XZ
??1STREAM_MESSAGE@@UEAA@XZ
?Initialize@STREAM_MESSAGE@@QEAAEPEAVSTREAM@@00@Z
?Compare@OBJECT@@UEBAJPEBV1@@Z
??0FSN_FILTER@@QEAA@XZ
??0FLAG_ARGUMENT@@QEAA@XZ
?Initialize@FLAG_ARGUMENT@@QEAAEPEAD@Z
??0ARRAY@@QEAA@XZ
??1ARRAY@@UEAA@XZ
?Initialize@ARRAY@@QEAAEKK@Z
?DeleteAllMembers@ARRAY@@UEAAEXZ
?DebugDump@OBJECT@@UEBAXE@Z
?Put@ARRAY@@UEAAEPEAVOBJECT@@@Z
Get_Standard_Input_Stream
??0DSTRING@@QEAA@XZ
?SetFileName@FSN_FILTER@@QEAAEPEBVWSTRING@@@Z
??1DSTRING@@UEAA@XZ

api-ms-win-core-heap-l1-1-0

HeapSetInformation

ntdll

RtlAllocateHeap
RtlFreeHeap

msvcrt

?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
swprintf_s

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
audiodg.exe
.exe windows:10 windows x64 arch:x64

6f42b8942e82d0be00748f2dc071ae89

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fd:c2:7f:d4:77:05:38:a6:f3:7e:4b:7f:d5:74:77:bb:f0:ab:4d:77:ef:e6:d1:c8:72:3b:14:09:f6:80:8f:73
Signer

Actual PE Digest

fd:c2:7f:d4:77:05:38:a6:f3:7e:4b:7f:d5:74:77:bb:f0:ab:4d:77:ef:e6:d1:c8:72:3b:14:09:f6:80:8f:73

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

AudioDG.pdb

Imports

msvcp_win

_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_unlock
?_Xlength_error@std@@YAXPEBD@Z
?_Throw_C_error@std@@YAXH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-math-l1-1-0

_isnan

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
memmove
_o__wcstoui64
_o_abort
_o_calloc
_o_ceilf
_o_exit
_o_floor
_o_free
_o_malloc
_o_powf
_o_realloc
_o_sqrt
_o_terminate
_o_wcsncpy_s
_o_wmemcpy_s
__current_exception
__current_exception_context
__CxxFrameHandler3
__C_specific_handler_noexcept
memcpy
_CxxThrowException
memcmp
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o__exit
_o__errno
_o___p__commode
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
__std_type_info_compare
_o__callnewh
__std_terminate
__C_specific_handler
__CxxFrameHandler4

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadLibraryExW
FindResourceExW
LockResource
SizeofResource
FreeLibrary
GetModuleFileNameA
GetModuleFileNameW
GetProcAddress
GetModuleHandleExW
GetModuleHandleExA
LoadResource

api-ms-win-core-synch-l1-1-0

ReleaseMutex
WaitForSingleObjectEx
WaitForMultipleObjectsEx
OpenSemaphoreW
CreateWaitableTimerExW
WaitForSingleObject
InitializeCriticalSection
TryEnterCriticalSection
ReleaseSemaphore
CancelWaitableTimer
SetEvent
InitializeCriticalSectionEx
CreateEventExW
SetWaitableTimer
InitializeSRWLock
EnterCriticalSection
CreateEventW
LeaveCriticalSection
DeleteCriticalSection
CreateMutexExW
InitializeCriticalSectionAndSpinCount
ResetEvent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapDestroy
HeapReAlloc
HeapSize
HeapAlloc
HeapFree
HeapSetInformation

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
RaiseException
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
GetProcessId
GetCurrentThread
CreateThread
GetThreadId
TlsFree
OpenProcessToken
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
GetHandleInformation
CloseHandle

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
WakeByAddressSingle
WaitOnAddress
Sleep
InitOnceExecuteOnce
WakeByAddressAll
InitOnceComplete

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegCreateKeyExW
RegGetValueW
RegQueryInfoKeyW
RegDeleteValueW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetLogicalProcessorInformationEx
GetTickCount64

api-ms-win-core-fibers-l1-1-0

FlsFree
FlsSetValue

api-ms-win-devices-config-l1-1-1

CM_Locate_DevNodeW
CM_Open_DevNode_Key
CM_Unregister_Notification
CM_MapCrToWin32Err
CM_Register_Notification

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError
SetRestrictedErrorInfo
RoTransformError

api-ms-win-core-featurestaging-l1-1-0

UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification
RecordFeatureUsage

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
CreateThreadpoolWork
CloseThreadpoolCleanupGroup
CloseThreadpool
CreateThreadpoolCleanupGroup
WaitForThreadpoolTimerCallbacks
TrySubmitThreadpoolCallback
CloseThreadpoolTimer
SetThreadpoolThreadMaximum
CloseThreadpoolWork
SetThreadpoolThreadMinimum
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolTimer
SetThreadpoolTimer
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CreateThreadpool
CreateThreadpoolWait
CloseThreadpoolWait

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlReportException
NtSetTimerResolution
NtClose
NtQueryWnfStateData
NtQueryInformationProcess
EtwEventActivityIdControl
EtwLogTraceEvent
NtSetInformationProcess
NtSetInformationThread
NtSetSystemInformation
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQuerySystemInformation
EtwEventRegister
EtwEventUnregister
EtwEventWriteTransfer
NtAlpcSendWaitReceivePort
EtwUnregisterTraceGuids
EtwEventSetInformation
AlpcGetMessageAttribute
EtwGetTraceEnableFlags
EtwTraceMessage
NtCreateWnfStateName
NtDeleteWnfStateName
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
NtAlpcCreatePort
EtwRegisterTraceGuidsW
AlpcInitializeMessageAttribute
NtAlpcAcceptConnectPort
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlInitUnicodeStringEx
NtAlpcOpenSenderProcess
NtAlpcConnectPort
RtlRandomEx
RtlExtendMemoryBlockLookaside
RtlDestroyMemoryBlockLookaside
RtlCreateMemoryZone
RtlNtStatusToDosError
RtlLockCurrentThread
RtlFreeMemoryBlockLookaside
RtlLockMemoryZone
RtlUnlockCurrentThread
RtlLockMemoryBlockLookaside
RtlUnlockModuleSection
RtlLockModuleSection
RtlSubscribeWnfStateChangeNotification
RtlCreateMemoryBlockLookaside
RtlUnlockMemoryBlockLookaside
RtlDestroyMemoryZone
RtlUnlockMemoryZone
ShipAssert
RtlConvertHostPerfCounterToPerfCounter
RtlAllocateMemoryBlockLookaside
RtlPublishWnfStateData
RtlAllocateMemoryZone

mmdevapi

ord29
ord33
ord4
ord26
ord8
ord2
ord9
ord7

api-ms-win-core-memory-l1-1-1

SetProcessWorkingSetSizeEx
GetProcessWorkingSetSizeEx

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-winrt-string-l1-1-0

WindowsCompareStringOrdinal
WindowsCreateString
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsDuplicateString
WindowsCreateStringReference

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterMemoryBlock

api-ms-win-eventing-classicprovider-l1-1-0

TraceEvent

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 636KB - Virtual size: 633KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 4KB - Virtual size: 314B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
auditpol.exe
.exe windows:10 windows x64 arch:x64

fa2cfab845a1096fb0f05ee99677bdd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

auditpol.pdb

Imports

msvcrt

__dllonexit
_unlock
_lock
_onexit
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
??1type_info@@UEAA@XZ
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_purecall
_callnewh
malloc
_wcsnicmp
??_V@YAXPEAX@Z
_wsetlocale
?terminate@@YAXXZ
__CxxFrameHandler4
_wcsicmp
??3@YAXPEAX@Z
wprintf
__iob_func
_vsnwprintf

auditpolcore

LoadFormatStringAndPrintToConsole
DisplayMessage
GetDisplayPolicy
AdtRemoveBasePolicy
AdtSetSystemPolicy
AdtRestorePolicy
AdtRemoveAllUsers
AdtEnableSinglePrivilege
AuditPolicyData_DeleteAuditDataInstance
SetDisplayPolicy
AdtParseGuidOrNameArray
AdtClearPolicy
AdtListCategories
AdtLoadStringEx
AdtGetOption
AdtSetPerUserPolicy
AdtBackupPolicy
AdtGetPerUserPolicy
AdtSetOption
DisplayMessageToSpecificConsoleHandle
AdtGetSystemPolicy
AdtParseAuditOptionName
AdtListSubCategories

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-localization-l1-2-0

SetThreadPreferredUILanguages
FormatMessageW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW
LookupAccountNameW

api-ms-win-security-base-l1-1-0

InitializeSecurityDescriptor
GetSecurityDescriptorSacl
GetAclInformation
DeleteAce
SetSecurityDescriptorSacl
GetAce
EqualSid
GetLengthSid

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSidToSidW
ConvertSecurityDescriptorToStringSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-security-audit-l1-1-1

AuditQueryGlobalSaclW
AuditSetGlobalSaclW
AuditEnumeratePerUserPolicy
AuditQuerySecurity
AuditSetSecurity

api-ms-win-security-lsapolicy-l1-1-0

LsaLookupSids
LsaClose
LsaOpenPolicy
LsaFreeMemory

api-ms-win-security-audit-l1-1-0

AuditFree

api-ms-win-security-sddlparsecond-l1-1-0

LocalGetStringForCondition

ntdll

RtlNtStatusToDosError
RtlImageNtHeader

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
autochk.exe
.sys windows:10 windows x64 arch:x64

020b9cfbef6c56682225f237706926b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

autochk.pdb

Imports

ntdll

NtWriteFile
_wcsicmp
NtOpenKey
RtlPublishWnfStateData
NtQuerySymbolicLinkObject
LdrSetMUICacheType
RtlSetSystemBootStatus
RtlInitUnicodeString
RtlGetSystemBootStatus
RtlPrefixUnicodeString
NtSerializeBoot
NtClose
RtlEqualUnicodeString
NtFsControlFile
wcsstr
NtQueryDirectoryObject
NtCreateFile
NtOpenFile
NtQueryValueKey
NtTerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
memset
DbgPrintEx
NtOpenSymbolicLinkObject
NtQuerySystemTime
RtlCompareUnicodeString
NtOpenDirectoryObject
__C_specific_handler
RtlFreeAnsiString
RtlAllocateHeap
RtlNormalizeProcessParams
RtlUnicodeStringToAnsiString
isspace
_vsnprintf
_vsnwprintf
RtlMultiByteToUnicodeN
RtlOemToUnicodeN
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlUnicodeToMultiByteN
RtlUnicodeToOemN
wcsspn
_wtol
_wtoi64
_wcsupr
_wcslwr
wcschr
NtDeviceIoControlFile
RtlQueryRegistryValuesEx
RtlWriteRegistryValue
RtlGetPersistedStateLocation
wcscpy_s
wcscat_s
NtQueryInformationFile
NtQueryVolumeInformationFile
wcstoul
_wcstoui64
NtReadFile
RtlRaiseStatus
qsort
NtDelayExecution
NtQuerySystemInformation
RtlSizeHeap
RtlFreeHeap
NtDrawText
swprintf_s
NtCreateEvent
NtClearEvent
NtSetThreadExecutionState
NtWaitForMultipleObjects
NtCancelIoFile
RtlNumberGenericTableElementsAvl
RtlDosPathNameToNtPathName_U_WithStatus
RtlFreeUnicodeString
NtOpenProcessToken
NtAdjustPrivilegesToken
NtShutdownSystem
RtlExpandEnvironmentStrings_U
NtSetInformationFile
RtlValidRelativeSecurityDescriptor
RtlGetVersion
RtlTimeToTimeFields
VerSetConditionMask
RtlVerifyVersionInfo
NtDisplayString
RtlRandomEx
NtQueryPerformanceCounter
isprint
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlEnterCriticalSection
RtlTryEnterCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlInitializeSRWLock
RtlInitializeCriticalSection
NtFreeVirtualMemory
NtSetEvent
RtlCaptureStackBackTrace
NtAllocateVirtualMemory
NtWaitForSingleObject
NtResetEvent
wcsncmp
RtlFindMessage
RtlInitUTF8StringEx
RtlInitAnsiStringEx
RtlUTF8StringToUnicodeString
RtlAnsiStringToUnicodeString
RtlFormatMessage
RtlDeleteSecurityObject
RtlLengthRequiredSid
RtlInitializeSid
RtlSubAuthoritySid
RtlLengthSid
RtlCopySid
RtlAddAce
RtlCreateAcl
RtlQueryInformationAcl
RtlCreateSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlNewSecurityObject
RtlValidSecurityDescriptor
RtlLengthSecurityDescriptor
RtlAddAccessAllowedAce
RtlInitializeGenericTable
RtlInsertElementGenericTable
RtlInitializeBitMap
RtlSetBits
RtlLookupElementGenericTable
RtlClearBits
RtlFindSetBits
RtlDeleteElementGenericTable
RtlEnumerateGenericTableWithoutSplaying
RtlNumberOfSetBits
RtlInitializeGenericTableAvl
RtlEnumerateGenericTableAvl
RtlLookupFirstMatchingElementGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableFullAvl
RtlInsertElementGenericTableFullAvl
RtlDeleteElementGenericTableAvlEx
RtlInsertElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlSystemTimeToLocalTime
RtlCrc64
RtlUpcaseUnicodeString
RtlComputeCrc32
DbgPrint
NtOpenThreadToken
_wcsnicmp
RtlDosPathNameToNtPathName_U
RtlCreateSystemVolumeInformationFolder
EtwEventUnregister
EtwEventRegister
EtwEventSetInformation
EtwEventWriteTransfer
NtFlushBuffersFile
__chkstk
memcmp
memcpy
memmove
wcscmp

bcd

BcdCloseObject
BcdGetElementData
BcdOpenObject
BcdOpenStore
BcdForciblyUnloadStore

Sections

.text
Size: 620KB - Virtual size: 619KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 324KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
backgroundTaskHost.exe
.exe windows:10 windows x64 arch:x64

dc601e2593053a84a6989de251407aa7

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:9c:65:eb:90:d3:c0:f3:d0:50:a6:c7:a1:05:22:87:19:90:5c:8b:b5:7a:43:77:90:a5:32:dd:cc:0f:0f:ed
Signer

Actual PE Digest

0d:9c:65:eb:90:d3:c0:f3:d0:50:a6:c7:a1:05:22:87:19:90:5c:8b:b5:7a:43:77:90:a5:32:dd:cc:0f:0f:ed

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

backgroundTaskHost.pdb

Imports

msvcrt

_cexit
__set_app_type
__setusermatherr
_XcptFilter
?terminate@@YAXXZ
__getmainargs
_exit
exit
_commode
_fmode
__C_specific_handler
_amsg_exit
_initterm

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bash.exe
.exe windows:10 windows x64 arch:x64

d6fbb83459a83bb12d66ed1540c4d7f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

bash.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__exit
_o__fileno
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__setmode
memmove
_o__wsetlocale
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o__configure_wide_argv
_o__configthreadlocale
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o__cexit
_o__callnewh
_o___std_exception_destroy
_o___std_exception_copy
__CxxFrameHandler3
_CxxThrowException
_o___p__commode
_o___p___wargv
_o___p___argc
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
FreeLibrary
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
ReleaseSemaphore
WaitForSingleObject
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
InitializeCriticalSectionEx
WaitForSingleObjectEx
OpenSemaphoreW
CreateEventW
ReleaseSRWLockShared
SetEvent
DeleteCriticalSection
ResetEvent
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockShared
InitializeSRWLock
TryAcquireSRWLockExclusive
CreateMutexExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
GetExitCodeProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeSecurity
CoCreateFreeThreadedMarshaler
CoTaskMemFree
IIDFromString
CoInitializeEx
CoUninitialize

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-shell-shellfolders-l1-1-0

SHGetKnownFolderPath

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-path-l1-1-0

PathAllocCombine

api-ms-win-core-job-l2-1-0

SetInformationJobObject
AssignProcessToJobObject
CreateJobObjectW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister
EventUnregister

oleaut32

GetErrorInfo
SysStringLen
SysAllocString
SetErrorInfo
SysFreeString

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bcdboot.exe
.exe windows:10 windows x64 arch:x64

5a0264b5d8094a869d4a4abce1dbb53d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

bcdboot.pdb

Imports

msvcrt

memset
_wcsicmp
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
memmove
memcpy
memcmp
__wgetmainargs
_amsg_exit
_XcptFilter
fwprintf
_wsetlocale
wcscpy_s
fflush
swprintf_s
?terminate@@YAXXZ
strncmp
strcpy_s
wcsnlen
wcsstr
_wcslwr
_snwscanf_s
wcstoul
_ultow_s
wcsncpy_s
wcschr
_vsnwprintf_s
fclose
_wfopen_s
wcsncmp
wcsrchr
_vsnwprintf
wcscat_s
_wcsnicmp
_wcsupr
__iob_func
wcscmp

rpcrt4

UuidCreate

bcrypt

BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptCreateHash
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptHashData

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust

crypt32

CertGetNameStringW

imagehlp

CheckSumMappedFile

kernel32

SetLastError
GetLastError
HeapFree
GetConsoleOutputCP
GetStdHandle
WriteFile
GetModuleFileNameW
GetConsoleMode
FormatMessageW
LoadLibraryW
HeapAlloc
WriteConsoleW
GetProcAddress
GetProcessHeap
FreeLibrary
WideCharToMultiByte
GetFileType
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
QueryDosDeviceW
GetFileSizeEx
GetLongPathNameW
GetVolumePathNameW
CreateFileW
GetFileAttributesW
UnmapViewOfFile
GetVolumeNameForVolumeMountPointW
GetCurrentThread
CloseHandle
CreateFileMappingW
MapViewOfFile
FlushFileBuffers
GetLogicalDrives
FindFirstVolumeW
SetVolumeMountPointW
LocalFree
FindVolumeClose
DeleteVolumeMountPointW
FindNextVolumeW
GetFullPathNameW
LoadLibraryExW
GetVolumeInformationW
FindFirstFileW
FindNextFileW
GetPrivateProfileSectionW
FindClose
SetFileAttributesW
MoveFileExW
CreateDirectoryW
DeviceIoControl
LoadResource
FindResourceExW
LCIDToLocaleName
GetVersionExW
GetModuleHandleExW
GetUserDefaultUILanguage
GetLocaleInfoEx
GetSystemDefaultUILanguage
GetCurrentProcess
LocalAlloc
GetLocaleInfoW
LocaleNameToLCID
GetFileInformationByHandleEx
GetFileInformationByHandle
SetFileInformationByHandle
DeleteFileW
CopyFileExW
SearchPathW

shlwapi

PathRemoveBackslashW

advapi32

DuplicateTokenEx
EventRegister
EventUnregister
LookupPrivilegeValueW
GetSecurityDescriptorSacl
AdjustTokenPrivileges
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
SetNamedSecurityInfoW
RegQueryValueExW
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
OpenProcessToken
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
GetTokenInformation
RegCloseKey
RegOpenKeyExW
EventWriteTransfer
SetThreadToken

ntdll

ZwWaitForSingleObject
ZwQueryKey
ZwReleaseMutant
ZwOpenMutant
RtlLengthSecurityDescriptor
RtlSetOwnerSecurityDescriptor
NtOpenSymbolicLinkObject
RtlSetDaclSecurityDescriptor
NtOpenKey
NtQuerySymbolicLinkObject
RtlAddAccessAllowedAceEx
RtlAllocateAndInitializeSid
RtlLengthSid
RtlFreeSid
RtlCreateAcl
RtlCreateSecurityDescriptor
NtQueryValueKey
NtQueryBootEntryOrder
NtQueryBootOptions
NtTranslateFilePath
NtOpenDirectoryObject
NtQueryDirectoryObject
NtEnumerateBootEntries
ZwCreateFile
ZwCreateKey
ZwQueryAttributesFile
ZwFlushKey
ZwDeleteValueKey
ZwSaveKey
ZwDeleteKey
ZwEnumerateKey
ZwQueryValueKey
ZwSetSecurityObject
ZwUnloadKey
ZwSetValueKey
ZwOpenKey
ZwAllocateUuids
LdrGetProcedureAddress
LdrGetDllHandle
ZwQueryInformationProcess
RtlInitAnsiString
ZwQueryInformationFile
ZwOpenProcess
ZwQuerySymbolicLinkObject
ZwDeviceIoControlFile
ZwQueryDirectoryObject
ZwOpenSymbolicLinkObject
ZwOpenDirectoryObject
NtAdjustPrivilegesToken
NtOpenProcessTokenEx
NtOpenThreadTokenEx
RtlImpersonateSelf
ZwLoadKey
ZwClose
ZwOpenFile
ZwQuerySystemInformation
RtlAllocateHeap
NtQuerySystemEnvironmentValueEx
LdrAccessResource
LdrFindResource_U
NtQuerySystemInformation
RtlCompareMemory
RtlFreeHeap
RtlStringFromGUID
NtSetInformationFile
RtlFreeUnicodeString
NtOpenFile
NtWaitForSingleObject
RtlNtStatusToDosError
NtQueryInformationThread
NtQueryInformationFile
NtCreateEvent
NtClose
RtlImageNtHeader
NtDeviceIoControlFile
NtSetInformationThread
NtReadFile
NtOpenProcess
NtQueryInformationProcess
NtWriteFile
RtlInitUnicodeString
RtlGUIDFromString
RtlAppendUnicodeToString

Sections

.text
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bcdedit.exe
.exe windows:10 windows x64 arch:x64

c8c8203bdce2871d4a59d4ebd68d8d21

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e7:75:02:53:6b:50:3e:cf:67:11:b9:4e:dd:2c:40:54:09:18:52:ff:6a:57:f5:18:18:7f:01:4b:df:c8:0f:6d
Signer

Actual PE Digest

e7:75:02:53:6b:50:3e:cf:67:11:b9:4e:dd:2c:40:54:09:18:52:ff:6a:57:f5:18:18:7f:01:4b:df:c8:0f:6d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

bcdedit.pdb

Imports

msvcrt

__setusermatherr
_initterm
_exit
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
memmove
memcpy
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
towupper
iswspace
_vsnwprintf
wcsrchr
_wtol
wcschr
_ui64tow_s
_wcstoui64
wcstoul
_cexit
_wcsicmp
wcscpy_s
_wtoi
_wcsnicmp
fflush
fwprintf
__iob_func
_vsnwprintf_s
wcscat_s
_ultow_s
strcpy_s
wcsncpy_s
wcsstr
wcsnlen
_wcsupr
strncmp
_snwscanf_s
_wcslwr
_aligned_free
_aligned_malloc
free
malloc
wcsncmp
vswprintf_s
_vscwprintf
_wsetlocale
swprintf_s
memcmp
memset

ntdll

ZwClose
ZwQuerySystemInformation
RtlAppendUnicodeToString
ZwQueryAttributesFile
ZwQuerySymbolicLinkObject
ZwDeviceIoControlFile
ZwQueryDirectoryObject
ZwOpenSymbolicLinkObject
ZwOpenDirectoryObject
RtlLengthSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetDaclSecurityDescriptor
ZwCreateFile
ZwCreateKey
ZwLoadKey
RtlAddAccessAllowedAceEx
RtlAllocateAndInitializeSid
RtlLengthSid
ZwDeleteValueKey
ZwSaveKey
RtlFreeSid
ZwDeleteKey
ZwEnumerateKey
ZwQueryValueKey
RtlCreateAcl
ZwSetSecurityObject
ZwUnloadKey
RtlCreateSecurityDescriptor
ZwSetValueKey
ZwOpenKey
LdrGetProcedureAddress
ZwQueryVolumeInformationFile
LdrGetDllHandle
ZwQueryInformationProcess
ZwDeleteFile
ZwQueryInformationFile
ZwOpenProcess
NtQuerySystemInformation
ZwAllocateUuids
NtAdjustPrivilegesToken
NtOpenProcessTokenEx
NtSetInformationThread
NtOpenThreadTokenEx
ZwOpenMutant
RtlImpersonateSelf
NtOpenSymbolicLinkObject
NtOpenKey
NtQuerySymbolicLinkObject
NtDeviceIoControlFile
NtSetValueKey
NtQueryValueKey
NtDeleteKey
NtQueryBootEntryOrder
NtQueryBootOptions
NtSetSecurityObject
NtTranslateFilePath
NtOpenDirectoryObject
NtQueryDirectoryObject
NtEnumerateBootEntries
NtCreateKey
RtlUpcaseUnicodeChar
RtlRunOnceComplete
RtlRunOnceBeginInitialize
RtlFindNextForwardRunClear
RtlNumberOfSetBits
RtlInitializeSRWLock
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
ZwReleaseMutant
ZwQueryKey
ZwWaitForSingleObject
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtClose
NtOpenFile
RtlStringFromGUID
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
RtlCompareMemory
RtlUnicodeStringToAnsiString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlGUIDFromString
RtlInitUnicodeString
RtlIpv6StringToAddressW
RtlFreeHeap
RtlNtStatusToDosError
RtlAllocateHeap
ZwOpenFile

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoEx
GetLocaleInfoW

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

api-ms-win-core-libraryloader-l1-1-0

FindResourceExW
LoadResource
GetProcAddress
GetModuleHandleW
FreeLibrary
GetModuleFileNameW
LoadLibraryExW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
GetConsoleMode
WriteConsoleW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-file-l1-1-0

WriteFile
ReadFile
GetFileSizeEx
GetFileType
QueryDosDeviceW
CreateFileW
SetEndOfFile
SetFilePointerEx
FlushFileBuffers
GetFinalPathNameByHandleW

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
GetStdHandle

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TlsFree
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
TlsSetValue
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection

api-ms-win-security-base-l1-1-0

GetAce
GetSecurityDescriptorLength
GetSidSubAuthority
GetSidLengthRequired
IsValidSecurityDescriptor
DestroyPrivateObjectSecurity
SetSecurityDescriptorGroup
MakeSelfRelativeSD
CreatePrivateObjectSecurityWithMultipleInheritance
InitializeSecurityDescriptor
GetSecurityDescriptorControl
InitializeSid
SetSecurityDescriptorOwner
IsValidSid
InitializeAcl
SetSecurityDescriptorDacl
SetPrivateObjectSecurityEx
GetLengthSid
AddAccessAllowedAce

cryptsp

CryptGenRandom
CryptReleaseContext
CryptAcquireContextA

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-localization-obsolete-l1-1-0

GetSystemDefaultUILanguage
LCIDToLocaleName
GetUserDefaultUILanguage

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW

Exports

Exports

ORCloseHive
ORCloseKey
ORCreateHive
ORCreateHiveEx
ORCreateKey
ORDeleteKey
ORDeleteValue
OREnumKey
OREnumValue
ORFlushHive
ORGetKeySecurity
ORGetValue
ORGetVirtualFlags
OROpenHive
OROpenHiveByHandle
OROpenKey
ORQueryInfoKey
ORQueryInfoKeyEx
ORQueryInfoKeyValueEx
ORRenameKey
ORSaveHive
ORSaveHiveEx
ORSaveHiveToHandle
ORSetKeySecurity
ORSetValue
ORSetVirtualFlags

Sections

.text
Size: 188KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGECMRC
Size: 4KB - Virtual size: 130B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bdeunlock.exe
.exe windows:10 windows x64 arch:x64

e0f899378314471531cb54b05533b862

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:27:5c:20:c4:b6:2d:bf:ab:40:c2:0d:49:de:60:a0:7d:83:41:c3:5d:96:3e:ca:06:0d:77:e8:42:e9:f1:22
Signer

Actual PE Digest

3d:27:5c:20:c4:b6:2d:bf:ab:40:c2:0d:49:de:60:a0:7d:83:41:c3:5d:96:3e:ca:06:0d:77:e8:42:e9:f1:22

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

bdeunlock.pdb

Imports

advapi32

RegGetValueW

kernel32

GetCurrentProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
GetDriveTypeW
GetFileAttributesW
GetSystemTimeAsFileTime
GetTickCount
HeapFree
SetLastError
GetModuleHandleExW
GetModuleFileNameW
GetProcessMitigationPolicy
LocalAlloc
GetProcAddress
FreeLibrary
GetUserPreferredUILanguages
GetLocaleInfoEx
TerminateProcess
SetErrorMode
GetVolumePathNameW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
HeapSetInformation
GetLastError
GetProcessHeap
GetCommandLineW
GetCurrentProcessId
SetEvent
ReleaseSRWLockShared
AcquireSRWLockShared
RaiseException
LocalFree
FormatMessageW
GetLogicalDriveStringsW
HeapAlloc
CreateFileW
CloseHandle
WaitForSingleObject
CreateThread

user32

RemovePropW
DefWindowProcW
CreateWindowExW
RegisterClassExW
DestroyWindow
FindWindowW
GetMessageW
TranslateMessage
DispatchMessageW
AllowSetForegroundWindow
SetForegroundWindow
GetSystemMetrics
PostMessageW
LoadStringW
GetPropW
SetPropW
PostQuitMessage

msvcrt

_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
iswascii
exit
_fmode
__wgetmainargs
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
_commode
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
memset
memcpy
_vsnwprintf
_purecall
??3@YAXPEAX@Z
??_V@YAXPEAX@Z
malloc
__set_app_type
wcscmp

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

shell32

ord645
SHGetPathFromIDListEx
ord644
ord155
ord2
SHGetKnownFolderIDList
ord4
ShellExecuteW
CommandLineToArgvW

ole32

CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitializeEx

shlwapi

ord219

duser

DUserPostEvent
InitGadgets
DeleteHandle

dui70

?Click@TouchButton@DirectUI@@SA?AVUID@@XZ
?Detach@CSafeElementProxy@@QEAAXXZ
?GetClassInfoPtr@TouchEdit2@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@TouchCheckBox@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@TouchHyperLink@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@Element@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetEncodedContentString@Element@DirectUI@@QEAAJPEAG_K@Z
UnInitProcessPriv
UnInitThread
InitThread
InitProcessPriv
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?SetSelection@TouchEdit2@DirectUI@@QEAAJJJ@Z
?Release@Value@DirectUI@@QEAAXXZ
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
?GetSelection@TouchEdit2@DirectUI@@QEAAJPEAJ0@Z
?GetContentString@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?UserTextChanged@TouchEditBase@DirectUI@@SA?AVUID@@XZ
?GetCheckedState@TouchCheckBox@DirectUI@@QEAA?AW4CheckedStateFlags@2@XZ
?SetCheckedState@TouchCheckBox@DirectUI@@QEAAJW4CheckedStateFlags@2@@Z
StrToID
?MultipleClick@TouchButton@DirectUI@@SA?AVUID@@XZ
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?AddListener@Element@DirectUI@@QEAAJPEAUIElementListener@2@@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?CreateInstance@CSafeElementProxy@@SAJPEAVElement@DirectUI@@PEAPEAV1@@Z

fveapi

FveOpenVolumeW
FveCloseVolume
FveIsRecoveryPasswordGroupValidW
FveGetStatus

bdeui

?ClearProxyObject@BuiVolume@@QEAAXXZ
?LaunchUpdate@BuiVolume@@QEAAJXZ
?NeedsDiscoveryVolumeUpdate@BuiVolume@@QEAAJPEAH@Z
?GetPasswordId@BuiVolume@@QEAAJPEAPEAG@Z
?UnlockWithPassword@BuiVolume@@QEAAJPEBGPEAH@Z
?UnlockWithPassphrase@BuiVolume@@QEAAJPEBGPEAH@Z
?UnlockWithSmartCard@BuiVolume@@QEAAJPEAUHWND__@@PEAH@Z
?EnableAutoUnlock@BuiVolume@@QEAAJXZ
?UnlockWithKey@BuiVolume@@QEAAJPEBGPEAH@Z
?RefreshStatus@BuiVolume@@QEAAJ_N@Z
?SetProxyObject@BuiVolume@@QEAAXPEAUIDispatch@@@Z
BuisCreateProxyObject
?Init@BuiVolume@@QEAAJPEAG@Z
??0BuiVolume@@QEAA@XZ
??1BuiVolume@@QEAA@XZ
BuisIsFipsEnabled

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

Exports

Exports

??0VolumeFveStatus@@IEAA@XZ
??0VolumeFveStatus@@QEAA@K_KJW4_FVE_WIPING_STATE@@@Z
??4BuiVolume@@QEAAAEAV0@AEBV0@@Z
??4VolumeFveStatus@@QEAAAEAV0@$$QEAV0@@Z
??4VolumeFveStatus@@QEAAAEAV0@AEBV0@@Z
?FailedDryRun@VolumeFveStatus@@QEBA_NXZ
?GetExtendedFlags@VolumeFveStatus@@QEBA_KXZ
?GetLastConvertStatus@VolumeFveStatus@@QEBAJXZ
?GetStatusFlags@VolumeFveStatus@@QEBAKXZ
?HasExternalKey@VolumeFveStatus@@QEBA_NXZ
?HasPBKDF2RecoveryPassword@VolumeFveStatus@@QEBA_NXZ
?HasPassphraseProtector@VolumeFveStatus@@QEBA_NXZ
?HasPinProtector@VolumeFveStatus@@QEBA_NXZ
?HasRecoveryData@VolumeFveStatus@@QEBA_NXZ
?HasRecoveryPassword@VolumeFveStatus@@QEBA_NXZ
?HasSmartCardProtector@VolumeFveStatus@@QEBA_NXZ
?HasStartupKeyProtector@VolumeFveStatus@@QEBA_NXZ
?HasTpmProtector@VolumeFveStatus@@QEBA_NXZ
?IsConverting@VolumeFveStatus@@QEBA_NXZ
?IsCsvMetadataVolume@VolumeFveStatus@@QEBA_NXZ
?IsDEAutoProvisioned@VolumeFveStatus@@QEBA_NXZ
?IsDecrypted@VolumeFveStatus@@QEBA_NXZ
?IsDecrypting@VolumeFveStatus@@QEBA_NXZ
?IsDisabled@VolumeFveStatus@@QEBA_NXZ
?IsEDriveVolume@VolumeFveStatus@@QEBA_NXZ
?IsEncrypted@VolumeFveStatus@@QEBA_NXZ
?IsEncrypting@VolumeFveStatus@@QEBA_NXZ
?IsLocked@VolumeFveStatus@@QEBA_NXZ
?IsOn@VolumeFveStatus@@QEBA_NXZ
?IsOsCriticalVolume@VolumeFveStatus@@QEBA_NXZ
?IsOsVolume@VolumeFveStatus@@QEBA_NXZ
?IsPartiallyConverted@VolumeFveStatus@@QEBA_NXZ
?IsPaused@VolumeFveStatus@@QEBA_NXZ
?IsPreProvisioned@VolumeFveStatus@@QEBA_NXZ
?IsRoamingDevice@VolumeFveStatus@@QEBA_NXZ
?IsSecure@VolumeFveStatus@@QEBA_NXZ
?IsUnknownFveVersion@VolumeFveStatus@@QEBA_NXZ
?IsWiping@VolumeFveStatus@@QEBA_NXZ
?NO_DRIVE_LETTER@BuiVolume@@2IB
?NeedsRestart@VolumeFveStatus@@QEBA_NXZ

Sections

.text
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bitsadmin.exe
.exe windows:10 windows x64 arch:x64

0cac68dc73a62ca8c76038194d54bf79

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

bitsadmin.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

__doserrno
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-math-l1-1-0

_finite

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vswprintf
_o___stdio_common_vswscanf
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__stricmp
memcpy
_o__wcsicmp
_o__wfopen
_o__wsetlocale
_o_exit
_o_feof
_o_floor
_o_free
_o_getc
_o_iswxdigit
_o_malloc
_o_terminate
_o_ungetc
_o_wcstok
_o_wcstol
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
_o___p__commode
_o___p___wargv
_o___p___argc
wcsstr
wcschr
__std_terminate
__CxxFrameHandler4
_CxxThrowException

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-downlevel-kernel32-l1-1-0

GetConsoleOutputCP
WriteFile
SetConsoleMode
TerminateProcess
SetThreadUILanguage
InitializeCriticalSection
GetSystemDirectoryW
GetConsoleMode
FillConsoleOutputCharacterW
FileTimeToSystemTime
FileTimeToLocalFileTime
QueueUserAPC
FillConsoleOutputAttribute
SetConsoleTextAttribute
GetTimeFormatW
GetNumberOfConsoleInputEvents
GetSystemTimeAsFileTime
GetFileType
SetConsoleCursorPosition
GetDateFormatW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetConsoleScreenBufferInfo
LoadLibraryExW
Sleep
SleepEx
DeleteCriticalSection
ReadConsoleInputW
InitializeCriticalSectionEx
LeaveCriticalSection
WriteConsoleW
EnterCriticalSection
ReleaseMutex
WaitForSingleObject
CompareStringA
GetFileAttributesW
ExpandEnvironmentStringsW
SetLastError
CompareStringW
WideCharToMultiByte
HeapSetInformation
CloseHandle
GetCurrentThreadId
GetCurrentThread
MultiByteToWideChar
DuplicateHandle
FormatMessageW
GetThreadLocale
GetCurrentProcess
GetLastError
SetConsoleCtrlHandler
GetProcAddress
GetModuleHandleW
FreeLibrary
GetStdHandle

api-ms-win-downlevel-ole32-l1-1-0

CoUninitialize
CoCreateInstance
CoInitializeEx
CLSIDFromString
CoTaskMemAlloc
StringFromGUID2
CoTaskMemFree

sspicli

LogonUserExExW

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-registry-l1-1-0

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegQueryInfoKeyW
RegEnumValueA
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegCreateKeyExA
RegCloseKey

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

GetSidSubAuthorityCount
AllocateAndInitializeSid
RevertToSelf
GetTokenInformation
GetSidSubAuthority
CopySid
ImpersonateSelf
ImpersonateLoggedOnUser
GetLengthSid

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-kernel32-legacy-l1-1-2

OpenMutexA

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bootim.exe
.exe windows:10 windows x64 arch:x64

1e736fc89bc5a82bd2fedf354a4c0ec2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

BootIM.pdb

Imports

user32

GetSystemMetrics

msvcrt

_lock
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
_unlock
__setusermatherr
__dllonexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_wtol
_wcsnicmp
_onexit
wcschr
?terminate@@YAXXZ
_wcsicmp
_vsnwprintf
memcpy_s
_cexit
memset

bootux

ord9
ord12

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
GetModuleHandleExW
GetModuleHandleW
FreeLibrary
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
CreateMutexExW
WaitForSingleObjectEx
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegGetValueW
RegCloseKey

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetStartupInfoW
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

SetProcessPreferredUILanguages
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrToIntExW

ntdll

RtlNtStatusToDosError
NtQuerySystemInformation

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bootsect.exe
.exe windows:10 windows x64 arch:x64

197b5f5cf02964bf07b3a72286de3102

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8e:91:fe:32:e0:17:91:b3:86:1d:26:cc:9b:42:c4:cf:56:49:49:85:d0:0d:ad:3e:a2:38:96:42:03:fb:17:59
Signer

Actual PE Digest

8e:91:fe:32:e0:17:91:b3:86:1d:26:cc:9b:42:c4:cf:56:49:49:85:d0:0d:ad:3e:a2:38:96:42:03:fb:17:59

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

bootsect.pdb

Imports

msvcrt

?terminate@@YAXXZ
_amsg_exit
_XcptFilter
__setusermatherr
__getmainargs
iswxdigit
_vsnwprintf
_wcsnicmp
memcpy
_stricmp
swprintf_s
__set_app_type
isalpha
exit
_exit
_cexit
__C_specific_handler
_fmode
_initterm
wcsncmp
_snwscanf_s
_wcslwr
wcsstr
wcsnlen
memset
wcscpy_s
_commode
_wcsicmp

api-ms-win-core-file-l1-1-0

QueryDosDeviceW
SetFilePointer
CreateFileW
GetFileType
ReadFile
WriteFile

api-ms-win-core-libraryloader-l1-1-0

FindResourceExW
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
LoadResource
GetModuleFileNameW
GetModuleHandleW
GetProcAddress

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
NtWaitForSingleObject
RtlFreeHeap
NtQueryDirectoryObject
NtCreateEvent
NtOpenDirectoryObject
NtDeviceIoControlFile
NtQuerySymbolicLinkObject
RtlAllocateHeap
NtOpenSymbolicLinkObject
NtResetEvent
NtOpenFile
NtQueryVolumeInformationFile
RtlNtStatusToDosError
NtOpenKey
RtlVirtualUnwind
NtQueryValueKey
NtQueryBootEntryOrder
NtQueryBootOptions
NtTranslateFilePath
NtEnumerateBootEntries
NtAdjustPrivilegesToken
NtOpenProcessTokenEx
NtSetInformationThread
NtOpenThreadTokenEx
RtlImpersonateSelf
NtFsControlFile
NtClose
RtlInitUnicodeString
NtQuerySystemInformation

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-console-l1-1-0

WriteConsoleW
GetConsoleOutputCP
GetConsoleMode

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
SearchPathW

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoEx
GetLocaleInfoW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-localization-obsolete-l1-1-0

GetSystemDefaultUILanguage
GetUserDefaultUILanguage
LCIDToLocaleName

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-handle-l1-1-0

CloseHandle

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bridgeunattend.exe
.exe windows:10 windows x64 arch:x64

e94ad2353fb89025343a2422c862e414

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

bridgeunattend.pdb

Imports

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

kernel32

CreateEventW
GetLastError
CloseHandle
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

msvcrt

__CxxFrameHandler3
memcpy
memmove
_XcptFilter
_amsg_exit
__getmainargs
?what@exception@@UEBAPEBDXZ
exit
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_purecall
_callnewh
malloc
wcschr
??_V@YAXPEAX@Z
__CxxFrameHandler4
??3@YAXPEAX@Z
_CxxThrowException
__set_app_type
memset

ole32

CoCreateInstance
CLSIDFromString
CoUninitialize
CoInitialize
CoTaskMemFree
CoSetProxyBlanket

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
browser_broker.exe
.exe windows:10 windows x64 arch:x64

a701c00271cc8f17a1c302c292918e0e

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

64:8d:7f:70:13:78:9b:87:85:d0:e0:69:a5:17:01:2d:4b:d2:7b:53:76:10:90:52:e7:9f:3c:79:6d:09:84:bd
Signer

Actual PE Digest

64:8d:7f:70:13:78:9b:87:85:d0:e0:69:a5:17:01:2d:4b:d2:7b:53:76:10:90:52:e7:9f:3c:79:6d:09:84:bd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

browser_broker.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o__wcsnicmp
_o_exit
_o_terminate
_o_wcstok_s
_o_wcstol
__C_specific_handler
__current_exception
__current_exception_context
_o___stdio_common_vswprintf
_o___p__commode

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoCreateInstance

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
CreateEventW
ReleaseMutex
CreateMutexExW
OpenSemaphoreW
ReleaseSemaphore
WaitForSingleObjectEx
WaitForSingleObject
SetEvent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetErrorMode
SetLastError

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
CreateThread
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW

api-ms-win-core-heap-l1-1-0

HeapSetInformation
GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
GetModuleHandleW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

rpcrt4

UuidFromStringW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventWriteEx
EventUnregister

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-base-l1-1-0

MakeAbsoluteSD

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy
IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjects

api-ms-win-rtcore-ntuser-window-l1-1-0

TranslateMessage
DispatchMessageW
PeekMessageW

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
browserexport.exe
.exe windows:10 windows x64 arch:x64

d2bab879eb0e6a9d59a3ba185acf0274

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

browserexport.pdb

Imports

msvcp_win

?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?imbue@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?good@ios_base@std@@QEBA_NXZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?clear@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?flags@ios_base@std@@QEBAHXZ
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEBA?AVlocale@2@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?id@?$ctype@G@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?widen@?$ctype@G@std@@QEBAGD@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?unshift@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?uncaught_exception@std@@YA_NXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
??0_Lockit@std@@QEAA@H@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAGG@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_J@Z
?setf@ios_base@std@@QEAAHHH@Z
??1_Lockit@std@@QEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

memcpy
_CxxThrowException
__current_exception_context
__current_exception
__C_specific_handler
__CxxFrameHandler4
__std_terminate
_o___p___argc
_o___p___wargv
_o___p__commode
_o___std_exception_copy
_o___std_exception_destroy
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__fseeki64
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__lock_file
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__unlock_file
_o__wcsicmp
_o__wcsnicmp
_o_calloc
_o_exit
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fgetwc
_o_fputwc
_o_free
_o_fsetpos
_o_fwrite
_o_malloc
_o_memcpy_s
_o_setvbuf
_o_terminate
_o_ungetc
_o_ungetwc

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-com-l1-1-0

IIDFromString
CoTaskMemAlloc
CoCreateInstance
CoInitializeEx
CoTaskMemFree

api-ms-win-core-file-l1-1-0

ReadFile
FindFirstFileW
DeleteFileW
SetFileAttributesW
FindClose
GetFileSize

api-ms-win-core-file-l1-2-0

GetTempPathW
CreateFile2

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
GetLastError
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetProcAddress
GetModuleHandleExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
OpenProcessToken
CreateProcessAsUserW
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

crypt32

CryptUnprotectData

api-ms-win-security-base-l1-1-0

GetSidLengthRequired
GetTokenInformation
InitializeSid
GetSidSubAuthority
SetTokenInformation
DuplicateTokenEx

api-ms-win-core-synch-l1-1-0

ReleaseMutex
ReleaseSemaphore
CreateSemaphoreExW
CreateMutexExW
WaitForSingleObjectEx
OpenSemaphoreW
WaitForSingleObject

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteEx
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

wininet

InternetGetCookieEx2
InternetFreeCookies

winsqlite3

sqlite3_prepare_v2
sqlite3_column_blob
sqlite3_step
sqlite3_finalize
sqlite3_column_int64
sqlite3_column_text16
sqlite3_open16
sqlite3_close
sqlite3_column_bytes

api-ms-win-shell-shellfolders-l1-1-0

SHGetKnownFolderPath

iertutil

ord597
ord398
ord793
ord791
ord796
ord820
ord683
ord650
ord653
ord594

msiso

ord207

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bthudtask.exe
.exe windows:10 windows x64 arch:x64

1c54a8f41de7b28992e2bd7a4d586748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

BthUdTask.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW

kernel32

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcess
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
UnhandledExceptionFilter
TerminateProcess
CloseHandle
SetEvent
ResolveDelayLoadedAPI
OpenEventW
DelayLoadFailureHook
GetLastError
CompareStringOrdinal
GetCurrentThreadId

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_vsnwprintf
__C_specific_handler
memset

newdev

DiUninstallDevice

devobj

DevObjUninstallDevice
DevObjEnumDeviceInfo
DevObjGetDeviceInstanceId
DevObjGetClassDevs
DevObjCreateDeviceInfoList
DevObjOpenDevRegKey
DevObjDestroyDeviceInfoList

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cacls.exe
.exe windows:10 windows x64 arch:x64

30254a514cd61ab9d483307aa5a195e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cacls.pdb

Imports

msvcrt

_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
_wsetlocale
free
__iob_func
printf
fgetws
wcschr
fprintf
_vsnwprintf_s
_initterm
vswprintf_s
_wcsicmp
?terminate@@YAXXZ
_commode
wcscat_s
fwprintf_s
_fmode
fwprintf
ferror
exit
__C_specific_handler
wprintf
_wcsnicmp
wcscpy_s
__setusermatherr
memcpy

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
NtOpenFile
RtlNtStatusToDosError
RtlVirtualUnwind
NtQueryInformationFile
NtClose
RtlReleaseRelativeName
RtlDosPathNameToRelativeNtPathName_U
RtlFreeHeap

ntmarta

AccTreeResetNamedSecurityInfo

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW
LookupAccountNameW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-security-base-l1-1-0

GetLengthSid
EqualSid
GetSecurityDescriptorControl
GetKernelObjectSecurity
GetFileSecurityW
InitializeAcl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
QuerySecurityAccessMask
SetSecurityAccessMask
InitializeSecurityDescriptor
SetKernelObjectSecurity
AddAce

api-ms-win-security-sddl-l1-1-0

ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

GetFullPathNameW
FindNextFileW
GetVolumePathNameW
FindFirstFileW
GetFileAttributesW
FindClose
GetVolumeInformationW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW

api-ms-win-core-console-l1-1-0

GetConsoleMode
WriteConsoleW
GetConsoleOutputCP

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

api-ms-win-security-provider-l1-1-0

SetNamedSecurityInfoW

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
calc.exe
.exe windows:10 windows x64 arch:x64

8eeaa9499666119d13b3f44ecd77a729

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

calc.pdb

Imports

shell32

ShellExecuteW

kernel32

GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
GetCurrentProcessId
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
RtlLookupFunctionEntry

msvcrt

__setusermatherr
_initterm
__C_specific_handler
_wcmdln
_fmode
_commode
?terminate@@YAXXZ
_cexit
__wgetmainargs
_amsg_exit
_XcptFilter
exit
__set_app_type
_exit

advapi32

EventSetInformation
EventWriteTransfer
EventRegister

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
certreq.exe
.exe windows:10 windows x64 arch:x64

6a0f86aa44f988073c05e0ee40f2bd02

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

certreq.pdb

Imports

advapi32

CryptGenKey
CryptAcquireContextW
RevertToSelf
CryptDestroyKey
WaitServiceState
CryptReleaseContext

kernel32

EncodePointer
ResolveDelayLoadedAPI
DelayLoadFailureHook
GetFileAttributesW
lstrcmpW
GetTickCount
GetSystemTimeAsFileTime
GetTempFileNameW
LocalFree
DecodePointer
RaiseException
DeleteFileW
LocalAlloc

msvcrt

memcmp
__iob_func
__C_specific_handler
wcscspn
_XcptFilter
memset
__wgetmainargs
__set_app_type
exit
strcmp
?terminate@@YAXXZ
wcsrchr
_wcsnicmp
_amsg_exit
_swab
_onexit
__dllonexit
_unlock
_lock
??3@YAXPEAX@Z
??1type_info@@UEAA@XZ
_callnewh
?what@exception@@UEBAPEBDXZ
wcsstr
wcschr
iswdigit
_vsnprintf
fputws
fclose
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
memmove
memcpy
_CxxThrowException
_itoa_s
wcscpy_s
_stricmp
towupper
iswlower
iswupper
sscanf_s
wcscmp
strpbrk
strcat_s
strcpy_s
strspn
_fileno
_setmode
getenv
_commode
fwrite
ftell
_wgetenv
_errno
fopen
strcspn
_wfopen_s
wcsncmp
_fmode
_wcmdln
strncmp
atoi
strchr
_initterm
__setusermatherr
isdigit
qsort
towlower
free
malloc
_cexit
_purecall
_exit
_wcsicmp
vfwprintf
fprintf
fflush
ferror
_vsnwprintf
__CxxFrameHandler3
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
iswspace
iswxdigit
_wtoi
gmtime
_wsetlocale
iswalpha
_wfopen
fgetc
feof
fseek
fgetws
fgets

certcli

ord261
ord207
ord360
ord254
ord358
ord219
ord213
ord357
ord223
ord373
ord225
ord205
ord359
ord220
ord203
ord221
CAGetCertTypeProperty
CAFreeCertTypeProperty
CACloseCertType
CAFindCertTypeByName
ord356
ord246
ord252
ord366
ord260
ord256

gdi32

GetStockObject

ncrypt

NCryptOpenKey
NCryptFreeObject
NCryptIsKeyHandle
NCryptSetProperty
NCryptFreeBuffer
NCryptEnumStorageProviders
NCryptOpenStorageProvider
NCryptGetProperty

normaliz

IdnToUnicode

ntdll

RtlTimeToSecondsSince1970
NtQuerySystemTime
EtwTraceMessage
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

setupapi

SetupOpenInfFileW
SetupGetLineCountW
SetupFindFirstLineW
SetupGetIntField
SetupCloseInfFile
SetupGetFieldCount
SetupFindNextLine
SetupGetStringFieldW

profapi

ord104

wldap32

ord12
ord18
ord167
ord147
ord13
ord142
ord41
ord140
ord79
ord26
ord203
ord224
ord127
ord16
ord210

crypt32

CryptDecodeObject
CryptMsgClose
CryptMsgUpdate
CertGetCertificateChain
CertFreeCRLContext
CertEnumCRLsInStore
CertFindAttribute
CryptFindOIDInfo
CryptMsgGetAndVerifySigner
CryptAcquireCertificatePrivateKey
CryptMsgOpenToDecode
CryptMsgControl
CryptFindCertificateKeyProvInfo
CryptSignAndEncodeCertificate
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertCloseStore
CryptHashPublicKeyInfo
CertFreeCertificateContext
CryptMsgGetParam
CertFreeCertificateChain
CertFindCertificateInStore
CertOpenStore
CertGetCertificateContextProperty
CertVerifySubjectCertificateContext
CertFindExtension
CryptEncodeObjectEx
CryptDecodeObjectEx
CryptStringToBinaryW
CertGetNameStringW
CryptExportPublicKeyInfoEx
CryptSignCertificate
CertNameToStrW
CryptHashCertificate
CertSetStoreProperty
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertAddCertificateLinkToStore
CryptEnumOIDInfo
CryptFormatObject
CryptSignMessage
CertStrToNameW
CryptMsgOpenToEncode
CertCreateCertificateContext

ole32

CoUninitialize
CoCreateInstance
StringFromCLSID
CoInitialize
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree

oleaut32

SysAllocStringLen
VariantCopyInd
CreateErrorInfo
SetErrorInfo
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreate
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
SysFreeString
SysStringByteLen
SysAllocString
SysAllocStringByteLen
SafeArrayGetElement
VariantClear
SysStringLen

rpcrt4

NdrClientCall3
RpcExceptionFilter
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcStringFreeW
RpcBindingFree
RpcEpResolveBinding
RpcBindingSetAuthInfoExW
UuidCreate

secur32

GetComputerObjectNameW
GetUserNameExW

user32

DispatchMessageW
PostMessageW
TranslateMessage
GetMessageW
UpdateWindow
CreateWindowExW
RegisterClassW
LoadIconW
DefWindowProcW
PostQuitMessage
LoadCursorW
SetCursor
LoadStringW
GetDesktopWindow
MessageBoxW
CharLowerW

wininet

InternetCrackUrlW
InternetCreateUrlW
InternetCanonicalizeUrlW

shlwapi

PathFindFileNameW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
OpenThreadToken
GetStartupInfoW
GetCurrentThread
GetCurrentThreadId
OpenProcessToken

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FindResourceExW
FreeLibrary
GetModuleHandleW
GetProcAddress
LockResource
LoadResource

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalReAlloc

api-ms-win-core-file-l1-1-0

GetFileSize
WriteFile
CreateFileW
LocalFileTimeToFileTime
GetFullPathNameW
SetEndOfFile
CompareFileTime
GetFileType
SetFilePointer
FileTimeToLocalFileTime

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringW
FoldStringW

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTime
GetComputerNameExW
GetLocalTime
GetSystemDirectoryW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-security-cryptoapi-l1-1-0

CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptSetProvParam
CryptEnumProvidersA
CryptGetProvParam

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
WriteConsoleW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
ExpandEnvironmentStringsW
SearchPathW
GetCommandLineW
GetEnvironmentVariableW

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
GetACP
FormatMessageW
GetLocaleInfoEx

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegGetValueW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey

api-ms-win-security-base-l1-1-0

CheckTokenMembership
FreeSid
ImpersonateLoggedOnUser
AllocateAndInitializeSid
CreateWellKnownSid
EqualSid
GetTokenInformation
DuplicateToken

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

K32GetProcessImageFileNameW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-security-logon-l1-1-0

LogonUserExW

api-ms-win-core-datetime-l1-1-0

GetTimeFormatA
GetDateFormatA
GetDateFormatW
GetTimeFormatW

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
SetEvent
InitializeCriticalSection
WaitForSingleObjectEx
LeaveCriticalSection
DeleteCriticalSection
CreateEventW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-privateprofile-l1-1-0

GetProfileStringA

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage
GetSystemDefaultUILanguage

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW
StartServiceW
OpenServiceW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfigW

api-ms-win-service-winsvc-l1-1-0

ControlService

Sections

.text
Size: 328KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
certutil.exe
.exe windows:10 windows x64 arch:x64

323a326d7b550351b75ec637a5575902

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

certutil.pdb

Imports

advapi32

IsValidSecurityDescriptor
GetSecurityDescriptorLength
CryptReleaseContext
CryptAcquireContextW
LookupAccountNameW
IsValidSid
ConvertSidToStringSidW
ImpersonateSelf
RevertToSelf
LookupAccountSidW
CryptGetProvParam
CryptGetUserKey
CryptGetKeyParam
CryptDestroyKey
RegCreateKeyExW
RegSetValueExW
RegSetValueExA
RegDeleteKeyExW
RegCloseKey
GetTokenInformation
GetLengthSid
CopySid
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
CryptSetProvParam
CryptGenRandom
CryptCreateHash
CryptVerifySignatureW
CryptHashData
CryptDestroyHash
CryptSetKeyParam
CryptDecrypt
CryptImportKey
RegDeleteTreeW
RegOpenKeyW
CryptGetHashParam
CryptDuplicateKey
CryptEncrypt
CryptGenKey
CryptContextAddRef
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
SetNamedSecurityInfoW
AddAccessDeniedAce
AddAccessAllowedAce
AddAccessDeniedObjectAce
AddAccessAllowedObjectAce
AddAce
InitializeAcl
LsaStorePrivateData
LsaRetrievePrivateData
RegConnectRegistryW
AdjustTokenPrivileges
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
CryptEnumProvidersA
CryptGetDefaultProviderW
LogonUserExW
ImpersonateLoggedOnUser
CreateWellKnownSid
MakeAbsoluteSD
MakeSelfRelativeSD
LsaClose
LsaFreeMemory
LsaOpenPolicy
FreeSid
CheckTokenMembership
DuplicateToken
OpenThreadToken
ConvertStringSidToSidW
AllocateAndInitializeSid
SetSecurityDescriptorDacl
SetEntriesInAclW
GetSecurityDescriptorDacl
DeleteAce
EqualSid
GetAce
GetAclInformation
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetSecurityDescriptorControl
CryptSignHashW
CryptSetHashParam
CryptExportKey
CryptDuplicateHash

kernel32

GetFullPathNameW
CloseThreadpoolTimer
CloseThreadpoolWait
FindCloseChangeNotification
FindNextChangeNotification
SetThreadpoolWait
SetThreadpoolTimer
MultiByteToWideChar
VerifyVersionInfoW
VerSetConditionMask
LeaveCriticalSection
SetConsoleCtrlHandler
EnterCriticalSection
SetEndOfFile
WriteFile
LockResource
SizeofResource
LoadResource
FindResourceW
GetVersionExW
GetComputerNameExW
GetComputerNameW
SetFilePointer
ReadFile
FindClose
FindNextFileW
FindFirstChangeNotificationW
Sleep
GetTickCount
LoadLibraryW
DecodePointer
EncodePointer
GetFileAttributesExW
GetCurrentProcess
QueryFullProcessImageNameW
GetProcessTimes
OpenProcess
GetLastError
GetTickCount64
PulseEvent
OpenEventW
GetUserDefaultUILanguage
LocalReAlloc
LocalFileTimeToFileTime
GetModuleHandleW
RaiseException
DeleteCriticalSection
InitializeCriticalSection
GetSystemDefaultLangID
FormatMessageW
HeapAlloc
HeapFree
GetProcessHeap
lstrcmpW
CreateThreadpoolTimer
FindFirstFileW
CreateThreadpoolWait
SetEvent
ReleaseSemaphore
TrySubmitThreadpoolCallback
CreateSemaphoreW
DeleteFileW
GetFileSize
CreateFileW
CreateEventW
GetEnvironmentVariableW
GetSystemDefaultUILanguage
GetTempFileNameW
GetProcAddress
SetLastError
SetConsoleMode
LocalFree
GetSystemTime
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalAlloc
GetFileAttributesW
FreeLibrary
CompareFileTime
CreateThread
WaitForSingleObject
GetExitCodeThread
CloseHandle
GetConsoleMode
GetFileType
GetStdHandle
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
DelayLoadFailureHook
ResolveDelayLoadedAPI
FindResourceExW
LCIDToLocaleName
GetLocaleInfoW
GetLocaleInfoEx
SearchPathW
LoadLibraryExA
GetProfileStringA
ResetEvent
GetFileTime
lstrlenW
VirtualFree
VirtualAlloc
GetTempPathW
GetLocalTime
K32GetProcessImageFileNameW
HeapSetInformation
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetSystemInfo
GetCurrentThread
CreateDirectoryW
RemoveDirectoryW
GetConsoleOutputCP
CompareStringW
FoldStringW
GetTimeFormatW
GetDateFormatW
FileTimeToLocalFileTime
LoadLibraryExW
GetSystemDirectoryW
GetCommandLineW
FileTimeToSystemTime
WriteConsoleW
GetACP
WideCharToMultiByte
OutputDebugStringA
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter

msvcrt

??1type_info@@UEAA@XZ
wcstok
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
realloc
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_errno
_wcmdln
_itoa_s
memcmp
memset
wcscpy_s
towupper
iswlower
towlower
iswupper
sscanf_s
strpbrk
strcat_s
strcpy_s
strspn
getenv
fwrite
ftell
_wgetenv
_fileno
strcmp
wcstoul
fgetws
feof
fgetc
_wfopen
fputws
atoi
iswalpha
_wsetlocale
isxdigit
gmtime
iswxdigit
vfwprintf
iswspace
__iob_func
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
fprintf
_strlwr
_swab
ferror
fseek
fputs
strchr
fgets
fopen
calloc
bsearch
?terminate@@YAXXZ
_setmode
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
__CxxFrameHandler4
_purecall
_vsnwprintf
iswdigit
wcsrchr
wcschr
fwprintf
_wfopen_s
fclose
fflush
_fgetwchar
wcsspn
_wcsnicmp
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
qsort
wcscspn
free
wcscmp
__isascii
isdigit
_strnicmp
swscanf
_stricmp
_wtoi
_vsnprintf
_wcslwr
strncmp
strcspn
wcsstr
strstr
wcsncmp
_ultow
_wcsicmp

certcli

CAEnumCertTypesEx
ord356
ord205
ord213
ord254
ord360
ord223
ord256
ord246
ord225
ord358
ord207
ord359
ord217
ord258
CAGetCertTypeFlagsEx
CAGetCertTypePropertyEx
CAFreeCertTypeProperty
CAGetCertTypeKeySpec
ord357
CACertTypeGetSecurity
CAGetCertTypeExtensions
CAFreeCertTypeExtensions
CAEnumCertTypesForCAEx
CAGetCertTypeProperty
CACertTypeAccessCheckEx
CAEnumNextCertType
CACloseCertType
ord373
CAEnumFirstCA
CAFindByName
CAGetCAProperty
CAFreeCAProperty
CAEnumNextCA
CACloseCA
ord362
CAGetCAFlags
CAGetCAExpiration
CAAccessCheck
ord361
CAGetCACertificate
CAGetCASecurity
CASetCAProperty
CAUpdateCAEx
CAFindByCertType
ord257
ord218
ord255
CAEnumCertTypesForCA
CACountCertTypes
CACertTypeAccessCheck
CACountCAs
CARemoveCACertificateTypeEx
CAAddCACertificateTypeEx
CAUpdateCA
ord260
ord366
ord252
ord261
ord253
ord203
ord247
ord210
CASetCASecurity
CASetCACertificate
CASetCAFlags
CACreateNewCA
CAFindCertTypeByName
ord370
ord245
CAGetCertTypeExpiration

crypt32

CryptFindOIDInfo
CertGetCertificateContextProperty
CertFindExtension
CryptEncodeObjectEx
CertFreeCertificateContext
CertCloseStore
CertDuplicateCertificateContext
CertEnumCRLsInStore
CertFreeCRLContext
CertCreateCRLContext
CryptExportPKCS8
PFXExportCertStoreEx
PFXExportCertStore
CryptFreeOIDFunctionAddress
CryptGetOIDFunctionAddress
CryptInitOIDFunctionSet
CertStrToNameW
CryptDecryptMessage
CryptEncryptMessage
CryptSignMessage
CryptFormatObject
CertAddCertificateLinkToStore
CertGetIntendedKeyUsage
CryptHashPublicKeyInfo
CryptStringToBinaryW
CryptMsgOpenToDecode
CertNameToStrW
CryptSignCertificate
CryptExportPublicKeyInfoEx
CryptSignAndEncodeCertificate
CertDuplicateStore
CryptMsgUpdate
CryptMsgOpenToEncode
CryptBinaryToStringW
CertOpenServerOcspResponse
I_CryptWalkAllLruCacheEntries
I_CryptRemoveLruEntry
I_CryptGetLruEntryData
I_CryptFindLruEntry
I_CryptReleaseLruEntry
I_CryptInsertLruEntry
I_CryptCreateLruEntry
CertCloseServerOcspResponse
I_CryptFreeLruCache
I_CryptCreateLruCache
CryptMsgEncodeAndSignCTL
CertGetNameStringA
CertSetCertificateContextPropertiesFromCTLEntry
CertCreateContext
I_CertProtectFunction
CertAddStoreToCollection
CertVerifyCertificateChainPolicy
CryptMemFree
CertVerifySubjectCertificateContext
CryptVerifyCertificateSignatureEx
CertGetEnhancedKeyUsage
CertVerifyCRLTimeValidity
CertVerifyRevocation
CertVerifyTimeValidity
CryptEnumKeyIdentifierProperties
CryptImportPublicKeyInfo
CertDuplicateCRLContext
CertDeleteCRLFromStore
CertAddCTLContextToStore
CertAddCRLContextToStore
CertEnumSystemStore
CertEnumSystemStoreLocation
CertEnumPhysicalStore
CertControlStore
CertSaveStore
CertAddSerializedElementToStore
CertAddEncodedCTLToStore
CertAddEncodedCRLToStore
CertAddEncodedCertificateToStore
CertSetCTLContextProperty
CertSetCRLContextProperty
CryptFindCertificateKeyProvInfo
CryptAcquireCertificatePrivateKey
CertEnumCertificateContextProperties
CertGetCRLContextProperty
CertEnumCRLContextProperties
CertGetCTLContextProperty
CertEnumCTLContextProperties
CertSetStoreProperty
CertComparePublicKeyInfo
CryptExportPublicKeyInfo
CertFreeCTLContext
CertCreateCTLContext
CertEnumCTLsInStore
CertDeleteCertificateFromStore
CertGetNameStringW
CryptDecodeObjectEx
CryptQueryObject
CryptMsgGetParam
CryptVerifyDetachedMessageSignature
CryptMsgGetAndVerifySigner
CryptMsgControl
PFXIsPFXBlob
PFXImportCertStore
CryptImportPKCS8
CertGetPublicKeyLength
CryptMsgClose
CertAddCertificateContextToStore
CertSetCertificateContextProperty
CryptGetKeyIdentifierProperty
CertFindAttribute
CryptHashCertificate
CryptDecodeObject
CertOpenStore
CertFindCertificateInStore
CertEnumCertificatesInStore
CryptFindLocalizedName
CryptVerifyCertificateSignature
CertCompareCertificateName
CertFreeCertificateChain
CertGetCertificateChain
CryptHashCertificate2
CryptImportPublicKeyInfoEx2
CryptRegisterOIDInfo
CertCreateCertificateContext
CryptEnumOIDInfo

cabinet

ord20
ord21
ord22
ord23

comctl32

InitCommonControlsEx

cryptui

CryptUIDlgFreeCAContext
CryptUIDlgViewCRLW
CryptUIDlgViewCertificateW

gdi32

GetStockObject

ncrypt

NCryptFreeObject
BCryptVerifySignature
BCryptDestroyKey
NCryptOpenStorageProvider
NCryptImportKey
NCryptSetProperty
NCryptFinalizeKey
BCryptSetProperty
BCryptGetProperty
BCryptCloseAlgorithmProvider
SslEnumProtocolProviders
SslOpenProvider
SslFreeBuffer
SslFreeObject
NCryptGetProperty
BCryptFreeBuffer
BCryptOpenAlgorithmProvider
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDestroyHash
BCryptDecrypt
BCryptEncrypt
BCryptExportKey
BCryptGenRandom
BCryptSignHash
NCryptCreatePersistedKey
NCryptDecrypt
NCryptDeleteKey
NCryptDeriveKey
NCryptEncrypt
NCryptExportKey
NCryptOpenKey
NCryptSecretAgreement
NCryptSignHash
NCryptVerifySignature
NCryptEnumAlgorithms
NCryptIsAlgSupported
NCryptEnumKeys
NCryptEnumStorageProviders
NCryptFreeBuffer
BCryptEnumAlgorithms
BCryptGenerateKeyPair
BCryptQueryProviderRegistration
BCryptEnumContexts
BCryptQueryContextConfiguration
BCryptEnumContextFunctions
BCryptResolveProviders
NCryptIsKeyHandle

netapi32

DsGetDcNameW
NetApiBufferFree
NetUserGetGroups
DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory
DsGetSiteNameW

normaliz

IdnToUnicode
IdnToAscii

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtQuerySystemTime
RtlTimeToSecondsSince1970
NtQuerySystemInformationEx
WinSqmIncrementDWORD

ntdsapi

DsFreeNameResultW
DsCrackNamesW
DsFreeDomainControllerInfoW
DsBindW
DsUnBindW
DsGetDomainControllerInfoW

setupapi

SetupFindNextLine
SetupGetFieldCount
SetupGetStringFieldW
SetupOpenInfFileW
SetupFindFirstLineW
SetupGetLineCountW
SetupCloseInfFile
SetupGetIntField

shell32

SHGetFolderPathW
SHGetKnownFolderPath

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wldap32

ord16
ord208
ord14
ord145
ord13
ord210
ord65
ord12
ord18
ord27
ord73
ord113
ord140
ord224
ord142
ord79
ord127
ord167
ord147
ord155
ord206
ord135
ord203
ord36
ord26
ord41
ord191

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoInitializeEx
CLSIDFromString
CLSIDFromProgID
StringFromCLSID
ProgIDFromCLSID
CoTaskMemAlloc
CoCreateInstanceEx
CoSetProxyBlanket
CoCreateInstance
StgOpenStorageEx
PropVariantClear

oleaut32

SetErrorInfo
CreateErrorInfo
VariantCopyInd
SystemTimeToVariantTime
VariantTimeToSystemTime
SysStringLen
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreate
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
VariantClear
VariantInit
SysStringByteLen
SafeArrayUnaccessData
SysFreeString
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayGetElement

rpcrt4

NdrClientCall3
I_RpcExceptionFilter
UuidCreate

secur32

TranslateNameW
GetUserNameExW
GetComputerObjectNameW

user32

GetDlgItemTextW
GetDesktopWindow
DialogBoxParamW
SetWindowTextW
GetWindowLongPtrW
CharLowerW
SetCursor
SetFocus
GetWindowTextW
ShowWindow
LoadStringW
UpdateWindow
SetWindowLongPtrW
IsDlgButtonChecked
GetDlgItemInt
LoadCursorW
SetDlgItemTextW
CallWindowProcW
SendMessageW
GetDlgItem
EnableWindow
EndDialog
DispatchMessageW
TranslateMessage
GetMessageW
PostMessageW
CreateWindowExW
RegisterClassW
LoadIconW
DefWindowProcW
PostQuitMessage
SetDlgItemInt
CheckDlgButton
MessageBoxW
SendDlgItemMessageA

shlwapi

PathFindFileNameW

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 300KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
changepk.exe
.exe windows:10 windows x64 arch:x64

3355c9f07ccd675cc3347c47324fd1f8

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bd:f9:0e:49:3a:e8:62:be:19:b5:b8:a7:6d:14:7e:14:2a:10:3a:6d:7e:f1:bf:56:be:ec:94:af:09:b8:3a:ef
Signer

Actual PE Digest

bd:f9:0e:49:3a:e8:62:be:19:b5:b8:a7:6d:14:7e:14:2a:10:3a:6d:7e:f1:bf:56:be:ec:94:af:09:b8:3a:ef

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

changepk.pdb

Imports

advapi32

EventSetInformation
EventRegister
EventUnregister
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
EventWriteTransfer
EventActivityIdControl

kernel32

GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
CompareStringW
LocalFree

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit

api-ms-win-crt-private-l1-1-0

_o___p__commode
_o___stdio_common_vswprintf
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-core-com-l1-1-0

CoCreateInstance

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcess
TerminateProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
charmap.exe
.exe windows:10 windows x64 arch:x64

22674d4ddfb5c628ba4946277740f0fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CharMap.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegEnumValueW
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
EventActivityIdControl
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW

kernel32

WaitForSingleObject
OpenSemaphoreW
RegisterApplicationRestart
LoadLibraryW
GetThreadLocale
FindResourceW
LoadResource
SizeofResource
LockResource
InitOnceBeginInitialize
GetCurrentProcessId
CreateMutexExW
InitOnceComplete
CreateSemaphoreExW
ReleaseSRWLockExclusive
LocalFree
LocalAlloc
IsValidLanguageGroup
GetSystemDirectoryW
FindFirstFileW
FindNextFileW
FindClose
AcquireSRWLockExclusive
ReleaseSemaphore
SetLastError
WaitForSingleObjectEx
IsDebuggerPresent
HeapAlloc
GetLocaleInfoW
HeapSetInformation
FreeLibrary
GetProcessHeap
HeapFree
GetLastError
GetCurrentThreadId
lstrcmpW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
IsDBCSLeadByteEx
GetCPInfo
CloseHandle
DecodePointer
EncodePointer
MulDiv
GetProcAddress
GetModuleHandleW
DebugBreak
GetModuleFileNameA
GetModuleHandleExW
FormatMessageW
OutputDebugStringW
GlobalFree
GlobalAlloc
GetACP
lstrlenW
GlobalLock
WideCharToMultiByte
GlobalUnlock
IsValidCodePage
EnumSystemCodePagesW
CompareStringW
ExpandEnvironmentStringsW
GetSystemWindowsDirectoryW
GetStringTypeW
MultiByteToWideChar
ReleaseMutex

gdi32

GetLayout
ExtTextOutW
CreateDIBitmap
SetTextAlign
GetTextAlign
BitBlt
GetTextExtentPointW
GetStockObject
PatBlt
CreateSolidBrush
UnrealizeObject
GetObjectW
CreateCompatibleBitmap
SetBkMode
CreateCompatibleDC
DeleteDC
TranslateCharsetInfo
CreatePen
SetTextColor
LineTo
MoveToEx
GetTextExtentPoint32W
TextOutW
SetBkColor
GetTextMetricsW
CreateFontW
GetCharWidth32W
EnumFontFamiliesExW
GetFontData
SelectObject
CreateFontIndirectW
DeleteObject

user32

GetMonitorInfoW
GetWindowRect
SetThreadDpiAwarenessContext
GetWindowLongW
CreateWindowExW
GetSystemMetrics
GetClientRect
ShowWindow
GetDpiForSystem
InvalidateRect
CallWindowProcW
RegisterClassW
DefWindowProcW
GetSysColor
SetDlgItemTextW
EnableWindow
SetScrollInfo
SetRect
AdjustWindowRectEx
GetAsyncKeyState
PtInRect
SetCapture
ReleaseCapture
GetScrollInfo
DrawFocusRect
UnregisterClassW
SetTimer
KillTimer
GetParent
GetWindowTextLengthW
GetWindowTextW
PostMessageW
PostQuitMessage
TranslateMessage
DispatchMessageW
GetMessageW
IsDialogMessageW
CreateDialogParamW
UpdateWindow
ClientToScreen
GetAncestor
MapDialogRect
SetWindowPos
MapWindowPoints
MoveWindow
GetDpiForWindow
GetClassNameW
SetWindowLongW
LoadIconW
EnumChildWindows
ScreenToClient
SetDialogControlDpiChangeBehavior
GetKeyboardLayout
GetMessagePos
FillRect
GetFocus
GetDlgItemTextW
GetUpdateRect
ShowCursor
WindowFromPoint
GetCursorPos
GetMessageTime
ValidateRect
SetScrollPos
SetScrollRange
NotifyWinEvent
GetWindowInfo
IsWindowEnabled
GetDlgCtrlID
SetWindowTextW
BeginPaint
GetDC
EndPaint
SetWindowLongPtrW
GetWindowLongPtrW
DestroyWindow
LoadCursorW
ReleaseDC
GetWindowDC
SendMessageW
GetDlgItem
SendDlgItemMessageW
RegisterClipboardFormatW
LoadStringW
MonitorFromWindow
SetFocus

msvcrt

_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_acmdln
?terminate@@YAXXZ
_initterm
__set_app_type
memcpy
__setusermatherr
__getmainargs
_ismbblead
_cexit
_exit
exit
__C_specific_handler
_XcptFilter
_callnewh
_amsg_exit
_vsnwprintf
free
_wtol
towupper
_wcsupr
swscanf_s
wcsncpy_s
memcpy_s
wcsstr
calloc
realloc
malloc
memset

getuname

GetUName

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoGetMalloc

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

comctl32

ord17

ole32

DoDragDrop
OleInitialize
OleUninitialize

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
chkdsk.exe
.exe windows:10 windows x64 arch:x64

7de8e5ca5fc1515b950abcd411d3a9e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

chkdsk.pdb

Imports

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

api-ms-win-eventlog-legacy-l1-1-0

ReportEventW
DeregisterEventSource
RegisterEventSourceW

ntdll

NtTerminateProcess
RtlUnhandledExceptionFilter

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-processthreads-l1-1-0

ExitProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

ulib

?IsGuidVolName@PATH@@QEAAEXZ
?AppendString@PATH@@QEAAEPEBVWSTRING@@@Z
?IsDrive@PATH@@QEBAEXZ
??1PATH@@UEAA@XZ
Get_Standard_Input_Stream
??0PATH@@QEAA@XZ
?MakeFileToken@MESSAGE@@SA_KPEBD@Z
?QueryPackedLog@MESSAGE@@QEAAEPEAVHMEM@@PEAK@Z
?Log@MESSAGE@@QEAAEPEBDZZ
?DisplayMsg@MESSAGE@@QEAAEKPEBDZZ
?DisplayMsg@MESSAGE@@QEAAEKW4MESSAGE_TYPE@@KPEBDZZ
?Display@MESSAGE@@QEAAEPEBDZZ
Get_Standard_Output_Stream
?Resize@HMEM@@QEAAEKK@Z
?Initialize@HMEM@@QEAAEXZ
?Initialize@PATH_ARGUMENT@@QEAAEPEADE@Z
??0HMEM@@QEAA@XZ
?Strcat@WSTRING@@QEAAEPEBV1@@Z
?Initialize@WSTRING@@QEAAEPEBV1@KK@Z
??0STRING_ARGUMENT@@QEAA@XZ
??0CHKDSK_MESSAGE@@QEAA@XZ
?DisplayMsg@MESSAGE@@QEAAEK@Z
??8WSTRING@@QEBAEAEBV0@@Z
?Strupr@WSTRING@@QEAAPEAV1@XZ
?Stricmp@WSTRING@@QEBAJPEBV1@@Z
??0FLAG_ARGUMENT@@QEAA@XZ
??0DSTRING@@QEAA@XZ
??1DSTRING@@UEAA@XZ
?Initialize@FLAG_ARGUMENT@@QEAAEPEAD@Z
??0ARRAY@@QEAA@XZ
?AnalyzePath@PATH@@QEAA?AW4PATH_ANALYZE_CODE@@PEAVWSTRING@@PEAV1@0@Z
??1STRING_ARGUMENT@@UEAA@XZ
??1CHKDSK_MESSAGE@@UEAA@XZ
??1ARRAY@@UEAA@XZ
?Initialize@ARRAY@@QEAAEKK@Z
?DeleteAllMembers@ARRAY@@UEAAEXZ
?Initialize@CHKDSK_MESSAGE@@QEAAEPEAVSTREAM@@00@Z
?Put@ARRAY@@UEAAEPEAVOBJECT@@@Z
??0LONG_ARGUMENT@@QEAA@XZ
?Initialize@WSTRING@@QEAAEPEBDK@Z
?Set@CHKDSK_MESSAGE@@UEAAEKW4MESSAGE_TYPE@@K@Z
?Initialize@STRING_ARGUMENT@@QEAAEPEAD@Z
??0ARGUMENT_LEXEMIZER@@QEAA@XZ
??1ARGUMENT_LEXEMIZER@@UEAA@XZ
?Initialize@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?QueryInvalidArgument@ARGUMENT_LEXEMIZER@@QEAAPEAVWSTRING@@XZ
?PrepareToParse@ARGUMENT_LEXEMIZER@@QEAAEPEAVWSTRING@@@Z
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QEAAXE@Z
??1OBJECT@@UEAA@XZ
?IsValueSet@ARGUMENT@@QEAAEXZ
?QueryCurrentDosDriveName@SYSTEM@@SAEPEAVWSTRING@@@Z
?QueryDriveType@SYSTEM@@SA?AW4DRIVE_TYPE@@PEBVWSTRING@@@Z
?QueryLibraryEntryPoint@SYSTEM@@SAP6A_JXZPEBVWSTRING@@0PEAPEAX@Z
?QueryNextLibraryEntryPoint@SYSTEM@@SAP6A_JXZPEAXPEBVWSTRING@@@Z
?FreeLibraryHandle@SYSTEM@@SAXPEAX@Z
??0PATH_ARGUMENT@@QEAA@XZ
?Initialize@WSTRING@@QEAAEPEBGK@Z
??1PATH_ARGUMENT@@UEAA@XZ
?Initialize@LONG_ARGUMENT@@QEAAEPEAD@Z
??1HMEM@@UEAA@XZ
?SqmExportOnError@SQMEXPORT@@SAXKKEE_KU_GUID@@@Z
?Initialize@PATH@@QEAAEPEBVWSTRING@@E@Z

ifsutil

?GetSnapshotErrorMessage@SNAPSHOT@@SAEJPEAVWSTRING@@@Z
?Initialize@DP_DRIVE@@QEAAEPEBVWSTRING@@PEAVMESSAGE@@EE@Z
??1DP_DRIVE@@UEAA@XZ
??0DP_DRIVE@@QEAA@XZ
?IsVolumeDirty@IFS_SYSTEM@@SAEPEAVWSTRING@@PEAE1PEAJ@Z
?QueryVolumeSize@IFS_SYSTEM@@SAEPEBVWSTRING@@PEA_K@Z
?DosDriveNameToNtDriveName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@@Z
?GetSnapshotNtDeviceName@SNAPSHOT@@QEAAPEAGXZ
?QuerySnapshotDiffAreaVolume@SNAPSHOT@@QEAAEPEAVWSTRING@@@Z
?GetVolumeSnapshot@SNAPSHOT@@SAJPEAVWSTRING@@PEAPEAV1@@Z
?ReleaseVolumeSnapshot@SNAPSHOT@@SAEPEAV1@@Z
?IsFatalError@SNAPSHOT@@SAEJ@Z
?QueryID@DP_DRIVE@@QEAAEPEAU_GUID@@PEBVWSTRING@@@Z
?QueryFileSystemName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@PEAJ1@Z

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
__C_specific_handler

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
chkntfs.exe
.exe windows:10 windows x64 arch:x64

d41bf2f313e9ee8cbb20ef9ad2025250

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

chkntfs.pdb

Imports

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
__C_specific_handler
exit

ulib

?Initialize@WSTRING@@QEAAEPEBV1@KK@Z
?Initialize@WSTRING@@QEAAEPEBGK@Z
?Initialize@WSTRING@@QEAAEPEBDK@Z
??8WSTRING@@QEBAEAEBV0@@Z
?QueryString@WSTRING@@QEBAPEAV1@KK@Z
??1PROGRAM@@UEAA@XZ
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@PEADZZ
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@@Z
?Fatal@PROGRAM@@UEBAXKKPEADZZ
?Fatal@PROGRAM@@UEBAXXZ
?Strcat@WSTRING@@QEAAEPEBV1@@Z
?GetStandardOutput@PROGRAM@@UEAAPEAVSTREAM@@XZ
?GetStandardError@PROGRAM@@UEAAPEAVSTREAM@@XZ
?Usage@PROGRAM@@UEBAXXZ
?ValidateVersion@PROGRAM@@UEBAXKK@Z
??0PROGRAM@@IEAA@XZ
??0STRING_ARGUMENT@@QEAA@XZ
??1STRING_ARGUMENT@@UEAA@XZ
?Initialize@STRING_ARGUMENT@@QEAAEPEAD@Z
??0ARGUMENT_LEXEMIZER@@QEAA@XZ
??1ARGUMENT_LEXEMIZER@@UEAA@XZ
?Initialize@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?PutSeparators@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?PutSwitches@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QEAAEPEAVWSTRING@@@Z
??0PATH@@QEAA@XZ
??1PATH@@UEAA@XZ
?Initialize@PROGRAM@@QEAAEKKK@Z
??0CLASS_DESCRIPTOR@@QEAA@XZ
?GetStandardInput@PROGRAM@@UEAAPEAVSTREAM@@XZ
?Initialize@CLASS_DESCRIPTOR@@QEAAEPEBD@Z
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QEAAXE@Z
??1OBJECT@@UEAA@XZ
?Compare@OBJECT@@UEBAJPEBV1@@Z
?DebugDump@OBJECT@@UEBAXE@Z
?GetLexeme@ARGUMENT@@QEAAPEAVWSTRING@@XZ
?IsValueSet@ARGUMENT@@QEAAEXZ
??0MULTIPLE_PATH_ARGUMENT@@QEAA@XZ
??1MULTIPLE_PATH_ARGUMENT@@UEAA@XZ
?Initialize@MULTIPLE_PATH_ARGUMENT@@QEAAEPEADEE@Z
?QueryDriveType@SYSTEM@@SA?AW4DRIVE_TYPE@@PEBVWSTRING@@@Z
??0FLAG_ARGUMENT@@QEAA@XZ
?Initialize@FLAG_ARGUMENT@@QEAAEPEAD@Z
??0ARRAY@@QEAA@XZ
??1ARRAY@@UEAA@XZ
?Initialize@ARRAY@@QEAAEKK@Z
?Put@ARRAY@@UEAAEPEAVOBJECT@@@Z
??0LONG_ARGUMENT@@QEAA@XZ
?Initialize@LONG_ARGUMENT@@QEAAEPEAD@Z
??0DSTRING@@QEAA@XZ
??1DSTRING@@UEAA@XZ
?AnalyzePath@PATH@@QEAA?AW4PATH_ANALYZE_CODE@@PEAVWSTRING@@PEAV1@0@Z

ifsutil

??1DP_DRIVE@@UEAA@XZ
??0DP_DRIVE@@QEAA@XZ
?IsFrontEndPresent@AUTOREG@@SAEPEBVWSTRING@@0@Z
?DeleteEntry@AUTOREG@@SAEPEBVWSTRING@@E@Z
?DeleteEntry@AUTOREG@@SAEPEBVWSTRING@@0@Z
?DeleteEntry@AUTOREG@@SAEPEBVWSTRING@@00@Z
?PushEntry@AUTOREG@@SAEPEBVWSTRING@@@Z
??0MOUNT_POINT_MAP@@QEAA@XZ
?IsVolumeDirty@IFS_SYSTEM@@SAEPEAVWSTRING@@PEAE1PEAJ@Z
?QueryIsSystemUEFI@IFS_SYSTEM@@SAEXZ
?QueryCanonicalNtDriveName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@@Z
?DosDriveNameToNtDriveName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@@Z
?QueryFileSystemName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@PEAJ1@Z
??0MOUNT_POINT_TUPLE@@QEAA@XZ
?Initialize@DP_DRIVE@@QEAAEPEBVWSTRING@@PEAVMESSAGE@@EE@Z
??1MOUNT_POINT_MAP@@UEAA@XZ
?Initialize@MOUNT_POINT_MAP@@QEAAEXZ
?AddEntry@AUTOREG@@SAEPEBVWSTRING@@@Z
?SetAutochkTimeOut@VOL_LIODPDRV@@SAEK@Z
?QueryAutochkTimeOut@VOL_LIODPDRV@@SAEPEAK@Z

ntdll

RtlCaptureContext
RtlFreeHeap
RtlAllocateHeap
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
UnhandledExceptionFilter
Sleep
HeapSetInformation
GetLastError
GetVersionExW
SetErrorMode
GetCurrentProcess
SetUnhandledExceptionFilter
TerminateProcess

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

user32

ExitWindowsEx

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
choice.exe
.exe windows:10 windows x64 arch:x64

ff7589a0ec4eb53bb14d713605ab2eb3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

choice.pdb

Imports

kernel32

ReadFile
SetConsoleCtrlHandler
SetLastError
GetStdHandle
SetConsoleMode
WaitForSingleObject
GetConsoleMode
GetLastError
ReadConsoleW
HeapSetInformation
FlushConsoleInputBuffer
PeekConsoleInputW
Beep
GetFileType
GetTickCount
GetCurrentProcess
GetModuleFileNameW
HeapSize
HeapReAlloc
HeapAlloc
HeapValidate
HeapFree
GetProcessHeap
MultiByteToWideChar
GetConsoleOutputCP
ExitProcess
WriteConsoleW
CompareStringA
GetThreadLocale
CompareStringW
lstrlenW
lstrlenA
WideCharToMultiByte
FindStringOrdinal
LocalFree
FormatMessageW
SetThreadUILanguage
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
GetModuleHandleW
TerminateProcess

msvcrt

fflush
fprintf
_get_osfhandle
_fileno
wcstoul
wcstod
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
wcschr
_errno
wcstol
_vsnwprintf
exit
__iob_func
_memicmp
memset

ntdll

RtlVirtualUnwind
VerSetConditionMask
RtlVerifyVersionInfo
RtlLookupFunctionEntry
RtlCaptureContext

user32

CharUpperBuffW
LoadStringW
CharNextW
CharUpperW

ws2_32

WSACleanup

shlwapi

StrChrW

version

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cipher.exe
.exe windows:10 windows x64 arch:x64

fe142a8422afb09c003cf4a177e3972a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cipher.pdb

Imports

advapi32

EncryptFileW
CryptReleaseContext
RegQueryValueExW
LookupAccountSidW
ConvertSidToStringSidW
RemoveUsersFromEncryptedFile
RegOpenKeyExW
QueryUsersOnEncryptedFile
AddUsersToEncryptedFile
AddUsersToEncryptedFileEx
ConvertStringSidToSidW
QueryRecoveryAgentsOnEncryptedFile
EncryptedFileKeyInfo
FlushEfsCache
FreeEncryptionCertificateHashList
EqualSid
CryptAcquireContextW
RegCloseKey
SetUserFileEncryptionKey
FreeEncryptedFileKeyInfo
DecryptFileW
CryptGetUserKey
CryptDestroyKey

kernel32

SetLastError
VirtualFree
GetFullPathNameW
FindNextFileW
GetDiskFreeSpaceW
SetConsoleMode
DeviceIoControl
VirtualAlloc
GetProcessHeap
SetErrorMode
SetFilePointer
SetEndOfFile
FindClose
GetVolumePathNameW
CreateFileW
GetFileAttributesW
GetVolumeNameForVolumeMountPointW
GetDiskFreeSpaceExW
ReadConsoleW
CloseHandle
HeapSetInformation
FindFirstFileW
SetCurrentDirectoryW
VerSetConditionMask
GetComputerNameW
FindVolumeClose
VerifyVersionInfoW
GetTempFileNameW
FindNextVolumeW
lstrcmpW
GetDriveTypeW
FlushFileBuffers
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
ResolveDelayLoadedAPI
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
GetVolumeInformationW
QueryDosDeviceW
CreateDirectoryW
FindFirstVolumeW
GetFileType
WideCharToMultiByte
GetCurrentDirectoryW
GetModuleHandleW
LocalFree
GetProcAddress
WriteConsoleW
HeapAlloc
GetLastError
FormatMessageW
GetConsoleMode
WriteFile
GetStdHandle
lstrlenW
HeapFree
RemoveDirectoryW
DelayLoadFailureHook

msvcrt

_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
strcmp
memset
memcpy
?terminate@@YAXXZ
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
towupper
_wcsnicmp
_putws
getchar
printf
fgetws
wcschr
_get_osfhandle
_vsnwprintf
__iob_func
_wcsicmp
wcscmp

ntdll

RtlCaptureContext
RtlNtStatusToDosError
RtlLookupFunctionEntry
RtlVirtualUnwind

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW

user32

MessageBoxW

ntdsapi

DsUnBindW
DsBindW
DsCrackNamesW
DsFreeNameResultW

crypt32

CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CryptQueryObject
CertCloseStore
PFXExportCertStoreEx
CertFindCertificateInStore
CertOpenStore
CryptStringToBinaryW
CertGetCertificateContextProperty
CryptBinaryToStringW

bcrypt

BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptDestroyKey
BCryptEncrypt

efsutil

EfsUtilGetSmartcardProviderName
EfsUtilCreateSelfSignedCertificate
EfsUtilGetCurrentUserInformation

dsrole

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cleanmgr.exe
.exe windows:10 windows x64 arch:x64

ea41beff168cae33c5af261bc77e40b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cleanmgr.pdb

Imports

gdi32

GetLayout
ExtTextOutW
SetBkMode
SetTextColor
SetBkColor
GetTextExtentPoint32W

user32

GetSysColor
SetFocus
EndDialog
DialogBoxParamW
DestroyWindow
CreateDialogParamW
IsDialogMessageW
DestroyIcon
LoadIconW
GetWindowLongPtrW
EnableWindow
GetWindowLongW
GetSystemMetrics
GetClientRect
SetDlgItemTextW
GetParent
SendDlgItemMessageW
SetWindowLongPtrW
GetDlgItem
SendMessageW
SetForegroundWindow
GetWindowTextW
MessageBoxW
LoadStringW
PostMessageW
EnumWindows
DrawFocusRect
GetMessageW
DrawIconEx
ShowWindow
TranslateMessage
DispatchMessageW

msvcrt

_i64toa_s
memcpy_s
_vsnwprintf
memset
sqrt
_wcsicmp
toupper
__C_specific_handler
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
wcscmp
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter

comctl32

ImageList_Create
PropertySheetW
CreatePropertySheetPageW
ord345
ord17
ImageList_ReplaceIcon

shell32

ExtractIconExW
ShellExecuteExW
SHGetFileInfoW
ord680

shlwapi

SHDeleteKeyW
ord487
StrFormatByteSizeW
ord271
StrCmpNW
StrCmpW
StrToIntW
StrStrIW
PathStripToRootW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
CreateThread
GetCurrentThreadId

api-ms-win-core-heap-l1-1-0

HeapFree
HeapSetInformation
HeapAlloc
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
GetProcAddress
GetModuleFileNameW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter
SetErrorMode

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
CreateMutexExW
ReleaseMutex
CreateSemaphoreExW
ReleaseSemaphore
WaitForSingleObject
OpenSemaphoreW
SetEvent
WaitForSingleObjectEx
AcquireSRWLockExclusive
CreateEventW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventActivityIdControl
EventUnregister
EventRegister

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CoUninitialize

api-ms-win-security-base-l1-1-0

CreateWellKnownSid
CheckTokenMembership

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemTime
GetTickCount64
GetWindowsDirectoryW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-file-l1-1-0

GetDiskFreeSpaceW
GetDiskFreeSpaceExW
GetDriveTypeW
GetVolumeInformationW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegGetValueW

oleaut32

VariantInit
SysStringLen
VariantClear

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

kernel32

CheckElevationEnabled
GetStartupInfoA
MulDiv
lstrlenW

ntdll

RtlNtStatusToDosError
NtOpenProcessToken
NtQueryInformationToken
NtClose
NtOpenThreadToken

ole32

CoInitialize

vssapi

VssFreeSnapshotPropertiesInternal
CreateVssBackupComponentsInternal

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cliconfg.exe
.exe windows:10 windows x64 arch:x64

e0a4a433a88e43cfe20831b905227e5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cliconfg.pdb

Imports

kernel32

FormatMessageW
GetLastError
GetProcAddress
LoadLibraryExW
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
TerminateProcess

user32

LoadIconW
TranslateMessage
RegisterClassW
DispatchMessageW
ShowWindow
CreateWindowExW
SetWindowLongPtrW
MessageBoxW
PostMessageW
DefWindowProcW
GetMessageW
PostQuitMessage
LoadCursorW

msvcrt

?terminate@@YAXXZ
_fmode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_commode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_vsnwprintf
_ismbblead

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
clip.exe
.exe windows:10 windows x64 arch:x64

ffedf33a1af6412e26f1f659c12d5ff7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

clip.pdb

Imports

advapi32

IsTextUnicode

kernel32

HeapSetInformation
SetLastError
GetStdHandle
GetFileType
MultiByteToWideChar
GetConsoleOutputCP
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
GetLastError
ReadFile
UnhandledExceptionFilter
GetModuleFileNameW
HeapSize
HeapReAlloc
HeapAlloc
HeapValidate
HeapFree
GetProcessHeap
ExitProcess
WriteConsoleW
CompareStringA
GetThreadLocale
CompareStringW
lstrlenW
GetConsoleMode
WideCharToMultiByte
FindStringOrdinal
LocalFree
FormatMessageW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
TerminateProcess
SetThreadUILanguage
GetCurrentProcess

msvcrt

memcpy
fflush
fprintf
_get_osfhandle
_fileno
wcstoul
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
__iob_func
_memicmp
_vsnwprintf
_errno
wcstod
wcstol
memset

ntdll

RtlVirtualUnwind
VerSetConditionMask
RtlVerifyVersionInfo
RtlLookupFunctionEntry
RtlCaptureContext

user32

LoadStringW
OpenClipboard
EmptyClipboard
CharUpperW
SetClipboardData
CloseClipboard

ws2_32

WSACleanup

version

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

shlwapi

StrChrW

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cmd.exe
.exe windows:10 windows x64 arch:x64

d73e39dab3c8b57aa408073d01254964

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cmd.pdb

Imports

api-ms-win-crt-string-l1-1-0

wcscmp
wcsncmp
memset
wcsspn

api-ms-win-crt-time-l1-1-0

_time32

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit

api-ms-win-crt-private-l1-1-0

_o__get_initial_narrow_environment
_o__get_osfhandle
_o__getch
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__open_osfhandle
_o__pclose
_o__pipe
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__setmode
_o__tell
_o__ultoa
_o__ultoa_s
__intrinsic_setjmp
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
_o__wcsupr
_o__wpopen
_o__wtol
_o_calloc
_o_exit
_o_feof
_o_ferror
_o_fflush
_o_fgets
_o_free
_o_iswalpha
_o_iswdigit
_o_iswspace
_o_iswxdigit
_o_malloc
_o_qsort
_o_rand
_o_realloc
_o_setlocale
_o_srand
_o_terminate
_o_towlower
_o_towupper
_o_wcstol
_o_wcstoul
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__exit
_o__errno
_o__dup2
_o__dup
_o__crt_atexit
_o__configure_narrow_argv
_o__configthreadlocale
_o__close
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vfprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___argv
_o___p___argc
_o___acrt_iob_func
wcsstr
wcsrchr
wcschr
longjmp
__C_specific_handler
_local_unwind
memcmp
memcpy
memmove

ntdll

RtlCreateUnicodeStringFromAsciiz
RtlDosPathNameToNtPathName_U
NtOpenProcessToken
NtQueryInformationToken
NtCancelSynchronousIoFile
NtOpenThreadToken
RtlNtStatusToDosError
NtQueryInformationProcess
NtFsControlFile
NtSetInformationProcess
RtlFreeHeap
NtQueryVolumeInformationFile
NtSetInformationFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtOpenFile
RtlReleaseRelativeName
RtlFreeUnicodeString
NtClose
RtlFindLeastSignificantBit

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameW
GetProcAddress

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
CreateSemaphoreExW
EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSectionEx
InitializeCriticalSection
TryAcquireSRWLockExclusive
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
WaitForSingleObjectEx
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapSize
HeapReAlloc
HeapSetInformation
HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetErrorMode
SetLastError
GetLastError

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

DeleteProcThreadAttributeList
GetCurrentProcessId
GetStartupInfoW
CreateProcessAsUserW
CreateProcessW
UpdateProcThreadAttribute
GetCurrentProcess
ResumeThread
GetCurrentThreadId
GetExitCodeProcess
TerminateProcess
InitializeProcThreadAttributeList
OpenThread

api-ms-win-core-localization-l1-2-0

SetThreadLocale
FormatMessageW
GetCPInfo
GetThreadLocale
GetLocaleInfoW
GetACP
GetUserDefaultLCID

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-memory-l1-1-0

VirtualAlloc
ReadProcessMemory
VirtualQuery
VirtualFree

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
GetConsoleMode
SetConsoleCtrlHandler
ReadConsoleW
WriteConsoleW
SetConsoleMode

api-ms-win-core-file-l1-1-0

FindNextFileW
SetFileTime
DeleteFileW
CreateFileW
SetFileAttributesW
GetFileSize
CreateDirectoryW
FindClose
FindFirstFileW
GetFullPathNameW
ReadFile
FlushFileBuffers
SetFilePointer
RemoveDirectoryW
CompareFileTime
FindFirstFileExW
GetVolumePathNameW
SetEndOfFile
GetFileAttributesW
GetFileAttributesExW
GetDriveTypeW
GetFileType
GetDiskFreeSpaceExW
FileTimeToLocalFileTime
GetVolumeInformationW
WriteFile
SetFilePointerEx

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
GetEnvironmentVariableW
SetCurrentDirectoryW
GetEnvironmentStringsW
ExpandEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetEnvironmentVariableW
GetCommandLineW
SetEnvironmentStringsW
GetCurrentDirectoryW

api-ms-win-core-console-l2-1-0

FlushConsoleInputBuffer
SetConsoleCursorPosition
ScrollConsoleScreenBufferW
FillConsoleOutputAttribute
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterW

api-ms-win-security-base-l1-1-0

RevertToSelf
GetFileSecurityW
GetSecurityDescriptorOwner

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersion
SetLocalTime
GetLocalTime
GetSystemTime
GetWindowsDirectoryW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-systemtopology-l1-1-0

GetNumaNodeProcessorMaskEx
GetNumaHighestNodeNumber

api-ms-win-core-console-l2-2-0

SetConsoleTitleW
GetConsoleTitleW

api-ms-win-core-processenvironment-l1-2-0

NeedCurrentDirectoryForExePathW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyExW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW

api-ms-win-core-file-l2-1-0

CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
MoveFileExW
MoveFileWithProgressW

api-ms-win-core-heap-l2-1-0

GlobalFree
GlobalAlloc
LocalFree

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-console-l3-2-0

GetConsoleWindow

api-ms-win-core-processtopology-l1-1-0

GetThreadGroupAffinity

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-misc-l1-1-0

lstrcmpW
lstrcmpiW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cmdkey.exe
.exe windows:10 windows x64 arch:x64

03ad7a1af78bf7a500fb199cabe4c34a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cmdkey.pdb

Imports

msvcrt

__C_specific_handler
_resetstkoflw
malloc
?terminate@@YAXXZ
_commode
_fmode
free
_wcsicmp
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
memset

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-security-credentials-l1-1-0

CredWriteW
CredFree
CredGetSessionTypes
CredIsMarshaledCredentialW
CredEnumerateW
CredUnmarshalCredentialW
CredDeleteW

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
GetStdHandle

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
WriteConsoleW

api-ms-win-core-file-l1-1-0

WriteFile
GetFileType

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cmdl32.exe
.exe windows:10 windows x64 arch:x64

056f4ad9405ed9764a5eed3ad07a7804

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cmdl32.pdb

Imports

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

kernel32

GetTempPath2A
GetLastError
CreateFileA
CloseHandle
SetFileAttributesA
lstrcmpiA
GetTempFileNameA
DosDateTimeToFileTime
FindFirstFileA
lstrlenW
LoadLibraryExA
FindNextFileA
FindClose
WaitForSingleObject
lstrcmpA
GetModuleHandleA
SetCurrentDirectoryA
GetCommandLineA
Sleep
CopyFileA
ConvertDefaultLocale
SetEvent
GetVersionExA
DeleteFileA
GetSystemInfo
WritePrivateProfileStringA
ReadFile
GetProcAddress
lstrlenA
GetCurrentProcessId
FreeLibrary
CreateEventA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetTickCount
FlushFileBuffers
GetPrivateProfileSectionA
GlobalFree
CreateMutexA
ReleaseMutex
GetFileSize
CreateDirectoryA
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
LocalFileTimeToFileTime
SetFilePointer
SetFileTime
WriteFile
RemoveDirectoryA
SetLastError
CreateThread
GetProcessHeap

user32

EnableMenuItem
KillTimer
GetWindowLongPtrA
SystemParametersInfoA
GetWindowRect
SetDlgItemTextA
SendDlgItemMessageA
SetFocus
MoveWindow
SetWindowLongPtrA
GetDlgItemTextA
RegisterWindowMessageA
GetClassInfoExA
PostMessageA
EndDialog
CharNextA
GetSystemMetrics
DialogBoxParamA
ShowWindow
RegisterClassExA
SetWindowTextA

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_vsnprintf
_cexit
memset

cmpbk32

PhoneBookMergeChanges
PhoneBookFreeFilter
PhoneBookLoad
PhoneBookUnload
PhoneBookParseInfoA

cmutil

CmFmtMsgA
CmLoadSmallIconA
CmCompareStringA
IsLogonAsSystem
CmStrCpyAllocW
?SetParams@CmLogFile@@QEAAJHKPEBD@Z
CmStrrchrA
?Stop@CmLogFile@@QEAAJXZ
?Log@CmLogFile@@QEAAXW4_CMLOG_ITEM@@ZZ
CmBuildFullPathFromRelativeA
CmRealloc
CmFree
CmStrchrA
CmStrCpyAllocA
CmMalloc
WzToSzWithAlloc
SzToWzWithAlloc
CmLoadIconA
??0CmLogFile@@QEAA@XZ
??1CmLogFile@@QEAA@XZ
?Start@CmLogFile@@QEAAJH@Z
?Init@CmLogFile@@QEAAJPEAUHINSTANCE__@@HPEBD@Z
?DeInit@CmLogFile@@QEAAJXZ

comctl32

ord17

cabinet

ord20
ord23
ord22
ord21

rasapi32

RasEnumConnectionsA

winhttp

WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpGetProxyForUrl
WinHttpGetDefaultProxyConfiguration
WinHttpReadData
WinHttpQueryHeaders
WinHttpConnect
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cmmon32.exe
.exe windows:10 windows x64 arch:x64

99ee87fb928dfe3dea854430cda54850

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cmmon32.pdb

Imports

kernel32

FreeLibrary
SetProcessWorkingSetSize
lstrcmpiW
GetTickCount
LoadLibraryExW
GetExitCodeProcess
LoadLibraryExA
OpenEventW
GetModuleHandleA
SetEvent
GetCurrentProcessId
lstrlenA
Sleep
GetLocaleInfoW
GetNumberFormatW
MapViewOfFile
GetProcAddress
GetProcessHeap
UnmapViewOfFile
OpenFileMappingW
WaitForSingleObject
WideCharToMultiByte
LocalFree
LocalAlloc
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
CreateThread
CloseHandle
GetLastError
CreateEventW
OpenProcess
GetCurrentThreadId
lstrlenW
lstrcmpW

gdi32

DeleteObject

user32

CreateWindowExW
PostMessageW
DefWindowProcW
SendDlgItemMessageW
SetDlgItemTextW
RegisterWindowMessageW
GetDlgItem
SetWindowTextW
SetWindowLongPtrW
RegisterClassExW
EnableWindow
SetForegroundWindow
SystemParametersInfoW
PostThreadMessageW
TranslateMessage
GetThreadDesktop
PeekMessageW
IsDialogMessageW
DispatchMessageW
IsWindow
ShowWindow
MsgWaitForMultipleObjects
SendMessageW
SetWindowPos
IsWindowVisible
DestroyWindow
GetWindowRect
GetLastActivePopup
GetMessageW
CreateDialogParamW
GetProcessWindowStation
GetWindowLongPtrW
PostQuitMessage
GetUserObjectInformationW

msvcrt

memmove
?terminate@@YAXXZ
_commode
_fmode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_cexit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_vsnwprintf
_exit
_vsnprintf
memcpy
memset

cmutil

?SetParams@CmLogFile@@QEAAJHKPEBG@Z
?Init@CmLogFile@@QEAAJPEAUHINSTANCE__@@HPEBG@Z
??1CmLogFile@@QEAA@XZ
??0CmLogFile@@QEAA@XZ
?GPPB@CIniW@@QEBAHPEBG0H@Z
?GPPI@CIniW@@QEBAKPEBG0K@Z
?GPPS@CIniW@@QEBAPEAGPEBG00@Z
?GetPrimaryRegPath@CIniW@@QEBAPEBGXZ
?GetFile@CIniW@@QEBAPEBGXZ
?SetPrimaryRegPath@CIniW@@QEAAXPEBG@Z
?SetPrimaryFile@CIniW@@QEAAXPEBG@Z
?SetFile@CIniW@@QEAAXPEBG@Z
?SetHInst@CIniW@@QEAAXPEAUHINSTANCE__@@@Z
?Clear@CIniW@@QEAAXXZ
??1CIniW@@QEAA@XZ
??0CIniW@@QEAA@PEAUHINSTANCE__@@PEBG111@Z
IsLogonAsSystem
CmLoadSmallIconW
CmStrCpyAllocW
CmBuildFullPathFromRelativeW
CmFmtMsgW
CmLoadStringW
ReleaseBold
MakeBold
CmIsDigitW
CmAtolW
?Stop@CmLogFile@@QEAAJXZ
?DeInit@CmLogFile@@QEAAJXZ
?Log@CmLogFile@@QEAAXW4_CMLOG_ITEM@@ZZ
CmFree
CmMalloc
?Start@CmLogFile@@QEAAJH@Z
CmLoadIconW

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cmstp.exe
.exe windows:10 windows x64 arch:x64

109ba8ed3c458360a74ea1216207ca09

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cmstp.pdb

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegCreateKeyW
FreeSid
RegSetValueExW
RegCreateKeyExW
AllocateAndInitializeSid
AdjustTokenPrivileges
InitiateSystemShutdownW
LookupPrivilegeValueW
RegEnumValueW

kernel32

FreeLibrary
LoadLibraryExW
FindFirstFileW
WritePrivateProfileStringW
CompareStringW
FindNextFileW
GetCurrentProcess
lstrlenW
GetPrivateProfileIntW
GetPrivateProfileSectionW
FindClose
CreateFileW
SetFileAttributesW
GetLastError
CloseHandle
GetWindowsDirectoryW
WritePrivateProfileSectionW
GetCurrentProcessId
lstrcmpW
ExpandEnvironmentStringsW
LoadLibraryExA
lstrlenA
GetSystemDirectoryW
GetModuleHandleA
GetWindowsDirectoryA
LocalFree
CopyFileW
CreateMutexW
WaitForSingleObject
ReleaseMutex
GetProcessHeap
HeapAlloc
HeapFree
GetSystemInfo
GetVersionExW
SetCurrentDirectoryW
CreateDirectoryW
WideCharToMultiByte
LocalAlloc
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
GetFileType
RtlCaptureContext
GetStartupInfoW
Sleep
GetProcAddress
GetCurrentDirectoryW
GetPrivateProfileStringW
GetCommandLineW
GetModuleHandleW
lstrcmpiW

user32

GetDlgItemTextW
IsWindow
SetWindowTextW
EndDialog
CheckRadioButton
LoadStringW
MessageBoxW
CharPrevW
MessageBoxExW
IsDlgButtonChecked
SetFocus
GetDlgItem
CheckDlgButton
DialogBoxParamW
CharNextW

msvcrt

_exit
_amsg_exit
_vsnwprintf
__set_app_type
exit
_cexit
__C_specific_handler
_ismbblead
__setusermatherr
_initterm
_vsnprintf
__getmainargs
memset
?terminate@@YAXXZ
_commode
_fmode
_acmdln
_XcptFilter
wcscmp

cmutil

CmFree
WzToSzWithAlloc
GetOSVersion
GetOSMajorVersion
SzToWzWithAlloc
CmRealloc
CmMalloc

ole32

CoInitialize
CoUninitialize

shell32

SHGetDesktopFolder
ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHFileOperationW
SHGetFolderPathW
SHGetMalloc
SHChangeNotify

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cofire.exe
.exe windows:10 windows x64 arch:x64

49c319693a3f09328afcb91c7f2e2cbe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cofire.pdb

Imports

advapi32

EventUnregister
EventRegister
EventWrite
CheckTokenMembership
FreeSid
OpenProcessToken
AllocateAndInitializeSid
InitiateShutdownW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

kernel32

GetLastError
HeapSetInformation
RegisterApplicationRestart
FindFirstFileW
HeapFree
CreateMutexW
FindClose
OpenProcess
FileTimeToSystemTime
CloseHandle
HeapAlloc
GetTimeFormatW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
GetSystemTimeAsFileTime
GetDateFormatW
Sleep
SetUnhandledExceptionFilter
WaitForSingleObject
QueryPerformanceCounter
GetCurrentThreadId
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetThreadLocale

msvcrt

_vsnprintf
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_vsnwprintf
__C_specific_handler
?terminate@@YAXXZ
_fmode
_commode
exit
_initterm
__setusermatherr
_XcptFilter
memset

ntdll

WinSqmAddToStream
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
DbgPrintEx

wdi

WdiResolve
WdiGetResult
WdiGetParameterByName
WdiGetParameterDataLength
WdiCreateInstance
WdiGetParameterData
WdiAddParameter
WdiDiagnose
WdiCloseInstance

comctl32

ord345

user32

LoadStringW
MessageBoxW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
colorcpl.exe
.exe windows:10 windows x64 arch:x64

bf699192bc903253be75cbd63776138c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

colorcpl.pdb

Imports

kernel32

HeapSetInformation
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
TerminateProcess

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter

colorui

LaunchColorCpl

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
comp.exe
.exe windows:10 windows x64 arch:x64

a0490e6736bafc5ba5569d1b32266468

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

comp.pdb

Imports

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
towupper
_wcsicmp
__C_specific_handler

ulib

?IsValueSet@ARGUMENT@@QEAAEXZ
?GetLexeme@ARGUMENT@@QEAAPEAVWSTRING@@XZ
?DebugDump@OBJECT@@UEBAXE@Z
?Compare@OBJECT@@UEBAJPEBV1@@Z
??1OBJECT@@UEAA@XZ
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QEAAXE@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QEAAEPEAVWSTRING@@@Z
?PutSwitches@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?PutSeparators@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?PutMultipleSwitch@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?Initialize@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
??1ARGUMENT_LEXEMIZER@@UEAA@XZ
??0ARGUMENT_LEXEMIZER@@QEAA@XZ
?Initialize@STRING_ARGUMENT@@QEAAEPEAD@Z
??1STRING_ARGUMENT@@UEAA@XZ
??0STRING_ARGUMENT@@QEAA@XZ
?QueryResourceString@BASE_SYSTEM@@SAEPEAVWSTRING@@KPEBDZZ
?QueryFsnodeArray@FSN_DIRECTORY@@QEBAPEAVARRAY@@PEAVFSN_FILTER@@@Z
??0PROGRAM@@IEAA@XZ
?ValidateVersion@PROGRAM@@UEBAXKK@Z
?Usage@PROGRAM@@UEBAXXZ
?GetStandardError@PROGRAM@@UEAAPEAVSTREAM@@XZ
??0STREAM_MESSAGE@@QEAA@XZ
?GetStandardInput@PROGRAM@@UEAAPEAVSTREAM@@XZ
?Fatal@PROGRAM@@UEBAXXZ
?Fatal@PROGRAM@@UEBAXKKPEADZZ
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@@Z
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@PEADZZ
??1PROGRAM@@UEAA@XZ
?Initialize@CLASS_DESCRIPTOR@@QEAAEPEBD@Z
??0CLASS_DESCRIPTOR@@QEAA@XZ
?IsCorrectVersion@SYSTEM@@SAEXZ
?SetName@PATH@@QEAAEPEBVWSTRING@@@Z
?QueryWCExpansion@PATH@@QEAAPEAV1@PEAV1@@Z
?QueryFullPathString@PATH@@QEBAPEAVWSTRING@@XZ
?QueryFullPath@PATH@@QEBAPEAV1@XZ
?IsDrive@PATH@@QEBAEXZ
?HasWildCard@PATH@@QEBAEXZ
?AppendBase@PATH@@QEAAEPEBVWSTRING@@E@Z
??1PATH@@UEAA@XZ
?Initialize@PATH@@QEAAEPEBVWSTRING@@E@Z
?Initialize@PATH@@QEAAEPEBV1@E@Z
??0PATH@@QEAA@XZ
?Display@MESSAGE@@QEAAEPEBDZZ
Get_Standard_Output_Stream
?SetAttributes@FSN_FILTER@@QEAAEKKK@Z
?SetFileName@FSN_FILTER@@QEAAEPEBVWSTRING@@@Z
?Initialize@FSN_FILTER@@QEAAEXZ
??1FSN_FILTER@@UEAA@XZ
??0FSN_FILTER@@QEAA@XZ
?FillAndReadByte@BYTE_STREAM@@AEAAEPEAE@Z
?Initialize@BYTE_STREAM@@QEAAEPEAVSTREAM@@K@Z
??1BYTE_STREAM@@UEAA@XZ
??0BYTE_STREAM@@QEAA@XZ
?Strcat@WSTRING@@QEAAEPEBV1@@Z
?DeleteChAt@WSTRING@@QEAAXKK@Z
?QueryNumber@WSTRING@@QEBAEPEAJKK@Z
?QueryString@WSTRING@@QEBAPEAV1@KK@Z
?Initialize@WSTRING@@QEAAEPEBDK@Z
?Strcspn@WSTRING@@QEBAKPEBV1@K@Z
?QueryDirectory@SYSTEM@@SAPEAVFSN_DIRECTORY@@PEBVPATH@@E@Z
?QueryFile@SYSTEM@@SAPEAVFSN_FILE@@PEBVPATH@@EPEAE@Z
??0PATH_ARGUMENT@@QEAA@XZ
??1PATH_ARGUMENT@@UEAA@XZ
?Initialize@PATH_ARGUMENT@@QEAAEPEADE@Z
?TruncateBase@PATH@@QEAAEXZ
Get_Standard_Error_Stream
?Initialize@STREAM_MESSAGE@@QEAAEPEAVSTREAM@@00@Z
??0FLAG_ARGUMENT@@QEAA@XZ
?Initialize@FLAG_ARGUMENT@@QEAAEPEAD@Z
??0ARRAY@@QEAA@XZ
??1ARRAY@@UEAA@XZ
?Initialize@ARRAY@@QEAAEKK@Z
?Put@ARRAY@@UEAAEPEAVOBJECT@@@Z
?QueryStream@FSN_FILE@@QEAAPEAVFILE_STREAM@@W4STREAMACCESS@@K@Z
??0LONG_ARGUMENT@@QEAA@XZ
?Initialize@LONG_ARGUMENT@@QEAAEPEAD@Z
Get_Standard_Input_Stream
??0DSTRING@@QEAA@XZ
??1DSTRING@@UEAA@XZ
?GetStandardOutput@PROGRAM@@UEAAPEAVSTREAM@@XZ

ntdll

RtlCaptureContext
RtlFreeHeap
RtlAllocateHeap
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

GetFileAttributesW
HeapSetInformation
IsDBCSLeadByte
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
compact.exe
.exe windows:10 windows x64 arch:x64

a3a16123a174639264764355d4a40ced

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

compact.pdb

Imports

kernel32

GetConsoleOutputCP
GetStdHandle
WriteFile
SetThreadUILanguage
GetLocaleInfoW
GetConsoleMode
FormatMessageW
WriteConsoleW
WideCharToMultiByte
GetFileType
GetFullPathNameW
GetLastError
HeapSetInformation
GetCurrentDirectoryW
SetCurrentDirectoryW
SetThreadPreferredUILanguages
GetSystemTimeAsFileTime
Sleep
PowerCreateRequest
RtlCaptureContext
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
RtlLookupFunctionEntry
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
GetTickCount

ntdll

RtlDecompressBufferEx
RtlCompressBuffer
RtlAcquirePrivilege
NtPowerInformation
RtlFreeHeap
RtlGetNtProductType
NtSetInformationThread
RtlRandom
RtlAllocateHeap
RtlGetCompressionWorkSpaceSize
RtlNtStatusToDosError
NtQueryVolumeInformationFile

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l1-1-0

GetDriveTypeW
CreateFileW
GetFileInformationByHandle
SetFileAttributesW
GetFileAttributesW
GetVolumePathNameW
FindNextFileW
FindClose
FindFirstFileW

api-ms-win-core-synch-l1-1-0

CreateEventW
CreateMutexW
WaitForSingleObject
ReleaseMutex
SetEvent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryW
GetVersionExW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary

api-ms-win-core-registry-l1-1-0

RegUnLoadKeyW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegLoadKeyW

api-ms-win-core-errorhandling-l1-1-0

SetLastError

api-ms-win-core-processthreads-l1-1-0

CreateThread
OpenThreadToken
GetCurrentThread
GetCurrentProcess
OpenProcessToken

api-ms-win-core-file-l1-2-1

GetCompressedFileSizeW

api-ms-win-security-base-l1-1-0

RevertToSelf
AdjustTokenPrivileges
ImpersonateLoggedOnUser
PrivilegeCheck

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

msvcrt

__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
wcsncmp
swprintf_s
memcpy_s
_wcsnicmp
_wcsicmp
wcschr
wcscat_s
wcscpy_s
_get_osfhandle
exit
?terminate@@YAXXZ
__setusermatherr
_commode
_fmode
_initterm
__C_specific_handler
_cexit
printf
memcpy
_exit
memset

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-psapi-l1-1-0

K32GetPerformanceInfo

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost.exe
.exe windows:10 windows x64 arch:x64

8bae99e04ca5a443cf138dc9f6cdd0c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

conhost.pdb

Imports

msvcp_win

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
_Query_perf_counter
_Query_perf_frequency
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W0@Z
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setf@ios_base@std@@QEAAHHH@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@N@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Xbad_alloc@std@@YAXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?good@ios_base@std@@QEBA_NXZ
?uncaught_exception@std@@YA_NXZ
?flags@ios_base@std@@QEBAHXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Xlength_error@std@@YAXPEBD@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?setf@ios_base@std@@QEAAHH@Z
?_Xbad_function_call@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?_Xout_of_range@std@@YAXPEBD@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

_initterm
_register_thread_local_exe_atexit_callback
_initterm_e
_c_exit

api-ms-win-crt-private-l1-1-0

_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itoa_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcsnicmp
memmove
_o_calloc
_o_exit
_o_free
_o_iswdigit
_o_iswspace
_o_lround
_o_malloc
_o_strcpy_s
_o_terminate
_o_towlower
_o_towupper
_o_wcscpy_s
_o_wcstol
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
__CxxFrameHandler3
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
wcschr

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleFileNameA
FreeLibrary
LoadLibraryExW
LockResource
GetModuleHandleW
LoadResource
FindResourceExW
LoadStringW
GetProcAddress
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

SetEvent
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
CreateEventW
ResetEvent
AcquireSRWLockShared
WaitForSingleObject
OpenSemaphoreW
CreateMutexExW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObjectEx
ReleaseMutex
InitializeCriticalSectionEx
CreateEventExW
CreateSemaphoreExW
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

DeleteProcThreadAttributeList
CreateThread
UpdateProcThreadAttribute
TerminateProcess
GetCurrentProcess
GetStartupInfoW
GetProcessTimes
CreateProcessW
OpenProcessToken
GetCurrentProcessId
ProcessIdToSessionId
ExitThread
SetProcessShutdownParameters
GetCurrentThreadId
GetCurrentThread
InitializeProcThreadAttributeList
ExitProcess

api-ms-win-core-localization-l1-2-0

GetCPInfo
FormatMessageW
IsValidCodePage
GetOEMCP
GetACP

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
CompareStringOrdinal

api-ms-win-core-file-l1-1-0

ReadFile
WriteFile

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

api-ms-win-core-synch-l1-2-0

InitOnceComplete
WaitOnAddress
WakeByAddressAll
InitOnceBeginInitialize
Sleep
SignalObjectAndWait

api-ms-win-core-sidebyside-l1-1-0

CreateActCtxW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetEnvironmentVariableW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
GetCommandLineW
SearchPathW

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegOpenKeyExW
RegOpenCurrentUser
RegGetValueW
RegQueryValueExW
RegCloseKey

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventWriteTransfer
EventActivityIdControl
EventRegister

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetWindowsDirectoryW

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW
QueryFullProcessImageNameW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathIsSameRootW
PathFindFileNameW

api-ms-win-core-heap-l2-1-0

GlobalAlloc
GlobalFree
LocalFree

ntdll

NtAlpcSendWaitReceivePort
NtAlpcQueryInformationMessage
AlpcGetMessageAttribute
RtlFreeHeap
CsrClientCallServer
NtAlpcConnectPort
AlpcInitializeMessageAttribute
NtQueryVolumeInformationFile
RtlQueryPackageClaims
RtlAllocateHeap

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-security-base-l1-1-0

GetSidSubAuthority
GetTokenInformation
GetSidSubAuthorityCount

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-namedpipe-l1-1-0

CreatePipe

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalSize
GlobalLock
GlobalUnlock

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-io-l1-1-1

CancelSynchronousIo

api-ms-win-core-util-l1-1-0

Beep

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-path-l1-1-0

PathCchRemoveExtension

api-ms-win-shell-shellcom-l1-1-0

SHCoCreateInstance

Sections

.text
Size: 724KB - Virtual size: 723KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
consent.exe
.exe windows:10 windows x64 arch:x64

5d0c875dbd930a73d5a983016e384930

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

85:77:11:9c:de:59:c6:25:07:9a:2b:bc:d8:3e:12:b7:11:a0:c9:8c:8d:3b:3c:81:55:34:cc:e6:fa:15:c7:0c
Signer

Actual PE Digest

85:77:11:9c:de:59:c6:25:07:9a:2b:bc:d8:3e:12:b7:11:a0:c9:8c:8d:3b:3c:81:55:34:cc:e6:fa:15:c7:0c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

consent.pdb

Imports

gdi32

CreateCompatibleDC
BitBlt
DeleteObject
SelectObject
CreateDIBSection
PatBlt
GetLayout
GetStockObject
DeleteDC
SetDCBrushColor
CreateCompatibleBitmap

user32

ShowWindow
GetThreadDesktop
SetThreadDesktop
GetShellWindow
UnregisterClassW
CreateWindowExW
FillRect
GetPropW
SetDisplayAutoRotationPreferences
GetDC
DestroyWindow
SendMessageTimeoutW
GetWindowRect
PostMessageW
DefWindowProcW
GetMessageW
GetWindowLongW
SendMessageW
EndPaint
LoadStringW
BeginPaint
DispatchMessageW
ReleaseDC
RegisterClassW
LoadIconW
CloseDesktop
PostThreadMessageW
ord2513
GetWindowBand
ord2574
GetAncestor
GetParent
DestroyIcon
OpenDesktopW
GetDesktopWindow
GetForegroundWindow
OpenInputDesktop
SetPropW
TranslateMessage
LoadCursorW
GetWindowDC
GetUserObjectInformationW
FlashWindowEx
SetWindowLongW
PostQuitMessage
GetSystemMetrics

msvcrt

memcmp
memcpy_s
__CxxFrameHandler3
??1type_info@@UEAA@XZ
memcpy
_onexit
__dllonexit
_unlock
_purecall
??1exception@@UEAA@XZ
__CxxFrameHandler4
_vsnwprintf
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_CxxThrowException
?terminate@@YAXXZ
_callnewh
malloc
_vsnprintf_s
wcsrchr
wcsncpy_s
_wtoi
_errno
_wtol
memmove_s
swscanf_s
wcschr
__C_specific_handler
_wcsicmp
free
_XcptFilter
memset
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
_ismbblead
__setusermatherr
_lock
_commode
_fmode
_acmdln
_initterm

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
FindResourceExW
GetModuleHandleExW
GetProcAddress
LockResource
GetModuleHandleA
LoadLibraryExW
LoadResource
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
ReleaseMutex
DeleteCriticalSection
WaitForSingleObjectEx
AcquireSRWLockShared
ReleaseSRWLockShared
OpenSemaphoreW
AcquireSRWLockExclusive
WaitForSingleObject
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
LeaveCriticalSection
CreateMutexExW
EnterCriticalSection
ReleaseSemaphore
CreateEventW
SetEvent

api-ms-win-core-heap-l1-1-0

HeapSetInformation
GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoTaskMemFree
StringFromGUID2
CoCancelCall
CoEnableCallCancellation
CoInitializeEx
CoDisableCallCancellation

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalAlloc
LocalFree

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
ResumeThread
CreateThread
TerminateProcess
GetExitCodeThread
GetCurrentProcess
SetPriorityClass
GetCurrentThreadId
QueueUserAPC
TerminateThread
GetPriorityClass
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

SetProcessPreferredUILanguages
GetLocaleInfoW
GetUserPreferredUILanguages
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

MakeAbsoluteSD
RevertToSelf
GetSidSubAuthorityCount
GetTokenInformation
ImpersonateLoggedOnUser
InitializeSid
GetSidLengthRequired
GetSidSubAuthority

api-ms-win-core-registry-l1-1-0

RegOpenCurrentUser
RegCloseKey
RegGetValueW

sspicli

LsaLogonUser
LsaDeregisterLogonProcess
LsaRegisterLogonProcess
SeciAllocateAndSetCallFlags
LogonUserExExW
SeciAllocateAndSetIPAddress
LsaFreeReturnBuffer
SeciFreeCallContext
GetUserNameExW
LsaCallAuthenticationPackage
LsaLookupAuthenticationPackage

samcli

NetLocalGroupAddMembers
NetUserGetInfo
NetUserAdd

netutils

NetApiBufferFree

crypt32

CertFreeCertificateContext

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCompareStringOrdinal
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-file-l1-1-0

GetFileType
CreateFileW
GetDriveTypeW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

userenv

LoadUserProfileW
UnloadUserProfile

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

wmsgapi

WmsgSendMessage

ntdll

EtwEventWrite
NtQueryVolumeInformationFile
EtwEventUnregister
NtWriteVirtualMemory
EtwSendNotification
EtwUnregisterTraceGuids
NtDuplicateObject
NtReadVirtualMemory
EtwGetTraceEnableFlags
NtOpenProcess
RtlAllocateHeap
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwEventRegister
RtlLengthSid
RtlNtStatusToDosError
RtlFreeHeap
RtlInitString
RtlAdjustPrivilege
NtClose
RtlLengthRequiredSid
NtQueryInformationToken
RtlSubAuthoritySid
NtDuplicateToken
RtlInitializeSid
NtAllocateLocallyUniqueId
RtlNtStatusToDosErrorNoTeb
EtwTraceMessage
EtwRegisterTraceGuidsW
RtlEqualSid

amsi

AmsiUninitialize
AmsiUacInitialize
AmsiUacScan

comctl32

ord345

msctfmonitor

UninitLocalMsCtfMonitor

msimg32

AlphaBlend

winsta

WinStationQueryInformationW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

consent
Size: 4KB - Virtual size: 98B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
control.exe
.exe windows:10 windows x64 arch:x64

8da21f5ac3ed3474562a273f937bbf3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

control.pdb

Imports

advapi32

RegOpenKeyExW
RegCloseKey
RegEnumValueW

kernel32

GetStartupInfoW
GetCommandLineW
lstrlenW
ExpandEnvironmentStringsW
HeapSetInformation
GetModuleHandleW

user32

AllowSetForegroundWindow

msvcrt

_ismbblead
__setusermatherr
_initterm
_vsnwprintf
exit
_exit
_XcptFilter
_amsg_exit
__getmainargs
__C_specific_handler
_cexit
?terminate@@YAXXZ
_commode
__set_app_type
_fmode
_acmdln
memset

shlwapi

ord437
ord158
StrTrimW
ord154

api-ms-win-core-com-l1-1-0

CoUninitialize
CoTaskMemAlloc
CoCreateInstance
CoInitializeEx
CoTaskMemFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

shell32

ShellExecuteExW

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
convert.exe
.exe windows:10 windows x64 arch:x64

fdaa0fb05267a94298dc4e75a02b82e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

convert.pdb

Imports

kernel32

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
SetErrorMode
Sleep
SetUnhandledExceptionFilter
CompareStringW
GetModuleHandleW

ulib

?GetStandardInput@PROGRAM@@UEAAPEAVSTREAM@@XZ
?Fatal@PROGRAM@@UEBAXXZ
?Fatal@PROGRAM@@UEBAXKKPEADZZ
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@@Z
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@PEADZZ
??1PROGRAM@@UEAA@XZ
?Initialize@PROGRAM@@QEAAEKKK@Z
?Initialize@CLASS_DESCRIPTOR@@QEAAEPEBD@Z
??0CLASS_DESCRIPTOR@@QEAA@XZ
?AnalyzePath@PATH@@QEAA?AW4PATH_ANALYZE_CODE@@PEAVWSTRING@@PEAV1@0@Z
?QueryWindowsErrorMessage@SYSTEM@@SAEKPEAVWSTRING@@@Z
?AppendBase@PATH@@QEAAEPEBVWSTRING@@E@Z
??1PATH@@UEAA@XZ
?Initialize@PATH@@QEAAEPEBVWSTRING@@E@Z
??0PATH@@QEAA@XZ
?Strcat@WSTRING@@QEAAEPEBV1@@Z
?GetStandardOutput@PROGRAM@@UEAAPEAVSTREAM@@XZ
?Initialize@WSTRING@@QEAAEPEBGK@Z
?Initialize@WSTRING@@QEAAEPEBDK@Z
??8WSTRING@@QEBAEAEBV0@@Z
?Strupr@WSTRING@@QEAAPEAV1@XZ
?Stricmp@WSTRING@@QEBAJPEBV1@@Z
??1STRING_ARGUMENT@@UEAA@XZ
??0FLAG_ARGUMENT@@QEAA@XZ
?Initialize@FLAG_ARGUMENT@@QEAAEPEAD@Z
??0ARRAY@@QEAA@XZ
??1ARRAY@@UEAA@XZ
?Initialize@ARRAY@@QEAAEKK@Z
?Put@ARRAY@@UEAAEPEAVOBJECT@@@Z
??0DSTRING@@QEAA@XZ
?GetStandardError@PROGRAM@@UEAAPEAVSTREAM@@XZ
?Usage@PROGRAM@@UEBAXXZ
?ValidateVersion@PROGRAM@@UEBAXKK@Z
??0STRING_ARGUMENT@@QEAA@XZ
??0PROGRAM@@IEAA@XZ
?Initialize@STRING_ARGUMENT@@QEAAEPEAD@Z
??0ARGUMENT_LEXEMIZER@@QEAA@XZ
??1ARGUMENT_LEXEMIZER@@UEAA@XZ
?Initialize@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?QueryInvalidArgument@ARGUMENT_LEXEMIZER@@QEAAPEAVWSTRING@@XZ
?PrepareToParse@ARGUMENT_LEXEMIZER@@QEAAEPEAVWSTRING@@@Z
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QEAAXE@Z
??1OBJECT@@UEAA@XZ
?Compare@OBJECT@@UEBAJPEBV1@@Z
?DebugDump@OBJECT@@UEBAXE@Z
?IsValueSet@ARGUMENT@@QEAAEXZ
?QuerySystemDirectory@SYSTEM@@SAPEAVPATH@@XZ
?QueryFile@SYSTEM@@SAPEAVFSN_FILE@@PEBVPATH@@EPEAE@Z
?QueryCurrentDosDriveName@SYSTEM@@SAEPEAVWSTRING@@@Z
?QueryDriveType@SYSTEM@@SA?AW4DRIVE_TYPE@@PEBVWSTRING@@@Z
?QueryVolumeLabel@SYSTEM@@SAPEAVWSTRING@@PEAVPATH@@PEAU_VOL_SERIAL_NUMBER@@@Z
?QueryLibraryEntryPoint@SYSTEM@@SAP6A_JXZPEBVWSTRING@@0PEAPEAX@Z
?Initialize@WSTRING@@QEAAEPEBV1@KK@Z
?FreeLibraryHandle@SYSTEM@@SAXPEAX@Z
??1DSTRING@@UEAA@XZ
?IsGuidVolName@PATH@@QEAAEXZ

ifsutil

?DeleteEntry@AUTOREG@@SAEPEBVWSTRING@@0@Z
?GenerateLabelNotification@SUPERAREA@@SAJPEBVWSTRING@@PEAV2@PEAU_FILE_FS_SIZE_INFORMATION@@PEAU_FILE_FS_VOLUME_INFORMATION@@@Z
?IsArcSystemPartition@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAE@Z
?DosDriveNameToNtDriveName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@@Z
?QueryFileSystemName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@PEAJ1@Z
?AddEntry@AUTOREG@@SAEPEBVWSTRING@@@Z

ntdll

NtTerminateProcess
RtlFreeHeap
RtlAllocateHeap
RtlUnhandledExceptionFilter

scecli

SceConfigureConvertedFileSecurity

msvcrt

?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
__setusermatherr

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
convertvhd.exe
.exe windows:10 windows x64 arch:x64

b63b40f99153f5d7e1c762eb815e48a1

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ef:bb:44:4f:63:21:04:ed:fe:ea:45:5a:ab:94:56:59:bf:4e:50:a9:ed:02:81:2a:91:59:d1:6d:74:79:38:ec
Signer

Actual PE Digest

ef:bb:44:4f:63:21:04:ed:fe:ea:45:5a:ab:94:56:59:bf:4e:50:a9:ed:02:81:2a:91:59:d1:6d:74:79:38:ec

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ConvertVhd.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__cexit
memmove
_o__wcsicmp
_o_exit
_o_qsort
_o_terminate
_o_wcstoull
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o___p___wargv
_o__callnewh
_o___p___argc
_o__crt_atexit
_o__configure_wide_argv
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o__configthreadlocale
_o___acrt_iob_func
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_exception_destroy
__C_specific_handler
__std_terminate
_o___std_exception_copy
__CxxFrameHandler4
memcmp
memcpy
_o___p__commode

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

CreateMutexExW
AcquireSRWLockShared
InitializeCriticalSection
ReleaseSemaphore
DeleteCriticalSection
EnterCriticalSection
CreateSemaphoreExW
ReleaseSRWLockShared
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObject
OpenSemaphoreW
ReleaseMutex
InitializeSRWLock
LeaveCriticalSection
CreateEventW
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSetInformation
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-2-0

InitializeConditionVariable
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
WakeAllConditionVariable

api-ms-win-core-file-l1-1-0

ReadFile
GetFileSizeEx
FlushFileBuffers
WriteFile
WriteFileGather
CreateFileW
SetFileInformationByHandle
ReadFileScatter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlPcToFileHeader
RtlCaptureStackBackTrace
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventEnabled
EventSetInformation
EventRegister
EventWrite

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-processthreads-l1-1-1

GetCurrentProcessorNumber
IsProcessorFeaturePresent
SetProcessMitigationPolicy
GetProcessMitigationPolicy

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolIo
CreateThreadpoolTimer
CloseThreadpoolWork
CancelThreadpoolIo
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolIo
SubmitThreadpoolWork
SetThreadpoolTimer
StartThreadpoolIo
CreateThreadpoolWork

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-psapi-l1-1-0

K32GetModuleInformation

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlInitializeBitMap
RtlGetVersion
RtlFindSetBits
RtlAreBitsClear
RtlWriteNonVolatileMemory
RtlFlushNonVolatileMemory
RtlRandomEx
RtlSetBits
RtlClearBits
RtlFindLastBackwardRunClear
RtlAreBitsSet
RtlSetAllBits
RtlClearAllBits

api-ms-win-core-processtopology-obsolete-l1-1-0

GetActiveProcessorCount

api-ms-win-core-io-l1-1-0

GetOverlappedResult

rpcrt4

UuidCreate

Sections

.text
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
coredpussvr.exe
.exe windows:10 windows x64 arch:x64

b9aaf86f95efce460f0c2cf04200a652

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

coredpussvr.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcsncpy_s
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o__cexit
_o___stdio_common_vsnprintf_s
_o__callnewh
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__C_specific_handler
__std_terminate
__CxxFrameHandler4
__C_specific_handler_noexcept

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
CreateEventW
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetStartupInfoW
TerminateProcess
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoAddRefServerProcess
CoUninitialize
CoRevokeClassObject
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitializeEx
CoRegisterClassObject
CoReleaseServerProcess

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegQueryInfoKeyW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

combase

ord69

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
credwiz.exe
.exe windows:10 windows x64 arch:x64

e80772fea0650454a7ed9f9f4597b0d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

credwiz.pdb

Imports

advapi32

GetTokenInformation
DuplicateToken
ImpersonateLoggedOnUser
RevertToSelf
EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer
CredBackupCredentials
CredRestoreCredentials
CredpEncodeSecret
ConvertStringSecurityDescriptorToSecurityDescriptorW

kernel32

GetOverlappedResult
LocalFree
SleepEx
GetTempFileNameW
GetTempPath2W
GetModuleFileNameA
InitOnceBeginInitialize
CreateSemaphoreExW
HeapFree
EnterCriticalSection
ReleaseSemaphore
GetModuleHandleExW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
GlobalFree
GetCurrentThreadId
ReleaseMutex
ReleaseSRWLockExclusive
HeapSetInformation
CloseThreadpoolTimer
InitOnceComplete
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
HeapAlloc
GetProcAddress
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
DeleteFileW
CreateThread
OutputDebugStringW
CloseHandle
GetModuleHandleA
SetEvent
GetLastError
FormatMessageW
CreateEventW
OpenProcess
DuplicateHandle
CreateFileW
LocalAlloc
WaitForMultipleObjects
WriteFile
GetCommandLineW
SetLastError
GetFileSizeEx
CancelIo
ReadFile
WaitForSingleObject

gdi32

CreateFontIndirectW
GetObjectW

user32

EnableWindow
GetParent
GetDlgItem
SetFocus
SendDlgItemMessageW
GetDlgItemTextW
ShowWindow
LoadStringW
GetWindowLongPtrW
SetWindowTextW
SendMessageW
SetWindowLongPtrW
GetMessageW
CheckRadioButton
PostMessageW
PostThreadMessageW
TranslateMessage
DispatchMessageW

msvcrt

_amsg_exit
__getmainargs
__set_app_type
memmove_s
_purecall
??3@YAXPEAX@Z
memcpy_s
wcsncmp
swscanf
__C_specific_handler
_XcptFilter
_exit
_initterm
_cexit
__CxxFrameHandler4
_ismbblead
__setusermatherr
memcmp
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_acmdln
exit
_vsnwprintf
memset

rpcrt4

RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcAsyncCancelCall
Ndr64AsyncClientCall
RpcAsyncCompleteCall
RpcAsyncInitializeHandle
RpcStringFreeW
I_RpcExceptionFilter
RpcBindingFree

crypt32

CryptProtectData
CryptUnprotectData

samcli

NetValidatePasswordPolicy

netutils

NetApiBufferFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

ntdll

NtAdjustPrivilegesToken
TpWaitForWait
RtlNtStatusToDosError
TpAllocWait
NtPrivilegeCheck
NtClose
TpReleaseWait
TpSetWait
NtOpenProcessToken

comctl32

CreatePropertySheetPageW
PropertySheetW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

shell32

CommandLineToArgvW

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cscript.exe
.exe windows:10 windows x64 arch:x64

b9e6820a671e967d1a371a5bcabc76b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cscript.pdb

Imports

msvcrt

free
_callnewh
memcpy
memmove_s
memcmp
_wcsicmp
wcsncmp
wcscpy_s
memcpy_s
_vsnwprintf
memmove
malloc
swprintf_s
sprintf_s
__C_specific_handler
_vsnprintf
_swab
strcpy_s
wcsrchr
_itow
_itow_s
wcscat_s
_wcsnicmp
memset

oleaut32

CreateErrorInfo
SetErrorInfo
SysFreeString
SysStringLen
LoadRegTypeLi
SafeArrayCopy
SafeArrayGetLBound
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayPutElement
SafeArrayCreate
VariantClear
LoadTypeLi
SafeArrayGetElement
SysAllocStringLen
VariantChangeType
VariantCopy
VariantInit
SysAllocString

kernel32

CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
GetCommandLineW
ReleaseSemaphore
WriteConsoleW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
GetModuleHandleA
GetCommandLineA
MultiByteToWideChar
FormatMessageW
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
HeapAlloc
GetProcAddress
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
ExitProcess
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
GetLastError
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetPrivateProfileStringW
LocalAlloc
GetConsoleMode
WriteFile
LocalFree
GetPrivateProfileIntW
FormatMessageA
LoadLibraryExW
FindFirstFileW
FindFirstFileA
FindClose
GetFileAttributesW
GetACP
GetFileAttributesA
GetStdHandle
GetCPInfo
GetModuleFileNameA
GetPrivateProfileIntA
GetModuleFileNameW
HeapReAlloc
GetPrivateProfileStringA
InitializeCriticalSection
LoadLibraryW
CreateFileW
GetLocaleInfoA
GetLocaleInfoW
GetFullPathNameA
UnmapViewOfFile
FreeLibrary
GetFullPathNameW
CreateFileMappingA
GetFileSize
GetSystemDefaultUILanguage
MapViewOfFile
GetLocaleInfoEx
CreateFileMappingW
WideCharToMultiByte
GetUserDefaultUILanguage
GetVersionExW
LCIDToLocaleName
FlushFileBuffers
LoadResource
GetTempFileNameA
GetVersionExA
SearchPathW
GetSystemDirectoryA
CreateFileA
GetTempPath2A
RtlLookupFunctionEntry
LoadLibraryExA
FindResourceExW
GetUserDefaultLCID
CreateEventA
CreateThread
SetEvent

ole32

CLSIDFromProgID
CoGetClassObject
CLSIDFromString
CoCreateInstance
CoRegisterMessageFilter
MkParseDisplayName
CoGetTreatAsClass
CreateFileMoniker
CreateBindCtx
CoUninitialize
CoInitialize
CoInitializeSecurity

advapi32

ReportEventW
IsTextUnicode
DeregisterEventSource
GetUserNameW
RegisterEventSourceW
LookupAccountNameW
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExW
RegEnumKeyExA
RegCloseKey
RegOpenKeyExW
RegSetValueExW
ImpersonateLoggedOnUser
RegCreateKeyExW
RegCreateKeyExA

version

GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoSizeA

user32

PostQuitMessage
KillTimer
GetWindowLongPtrA
PeekMessageA
MsgWaitForMultipleObjectsEx
GetActiveWindow
EnumThreadWindows
GetMessageA
DispatchMessageA
SendMessageA
GetParent
PostMessageA
GetClassNameA
MsgWaitForMultipleObjects
LoadStringW
LoadStringA
GetClassInfoA
CreateWindowExA
SetTimer
CharNextA
TranslateMessage
IsWindowVisible
RegisterClassA
DefWindowProcA
SetWindowLongPtrA

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
csrss.exe
.sys windows:10 windows x64 arch:x64

a96fa9912e09e361274ad77f1a4b252c

Code Sign

33:00:00:03:72:31:35:9d:93:ab:3e:7b:1a:00:00:00:00:03:72
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/01/2022, 19:31

Not After

26/01/2023, 19:31

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:cb:25:83:78:17:f1:f6:8c:4a:25:38:d8:4b:5b:37:78:68:8b:aa:28:1d:4b:60:49:0e:82:0d:d1:e9:f9:ef
Signer

Actual PE Digest

05:cb:25:83:78:17:f1:f6:8c:4a:25:38:d8:4b:5b:37:78:68:8b:aa:28:1d:4b:60:49:0e:82:0d:d1:e9:f9:ef

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

csrss.pdb

Imports

ntdll

NtSetInformationProcess
RtlSetHeapInformation
NtTerminateProcess
RtlSetUnhandledExceptionFilter
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
RtlUnicodeStringToAnsiString
NtTerminateThread
RtlCaptureContext
RtlFreeAnsiString
RtlAllocateHeap
RtlNormalizeProcessParams
isspace

csrsrv

CsrUnhandledExceptionFilter
CsrServerInitialization

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ctfmon.exe
.exe windows:10 windows x64 arch:x64

6fd43544fb51c12382cad7c88f550240

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ctfmon.pdb

Imports

kernel32

HeapSetInformation
GetStartupInfoW
WerSetFlags
GetCommandLineW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep

msvcrt

_fmode
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
?terminate@@YAXXZ
_commode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

msctfmonitor

DoMsCtfMonitor

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cttune.exe
.exe windows:10 windows x64 arch:x64

28de9d4102f9fc7ea4cd73838208e26b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cttune.pdb

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
EventWriteTransfer
EventRegister
EventUnregister
OpenProcessToken
GetTokenInformation
CreateWellKnownSid
CheckTokenMembership
RegCreateKeyExW
RegSetValueExW

kernel32

GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
CloseHandle
MulDiv
VerSetConditionMask
VerifyVersionInfoW
GetTickCount64
CreateMutexW
GetLastError

gdi32

SetBkColor
Polyline
CreatePen
GetTextMetricsW
SetBkMode
SetStretchBltMode
DeleteObject
GetDeviceCaps
CreateFontIndirectW
GetObjectW
CreateCompatibleDC
SelectObject
GdiAlphaBlend
BitBlt
DeleteDC
GetStockObject
GdiSetBatchLimit
SetTextColor
CreateSolidBrush
PatBlt
CreateDIBSection
CreateCompatibleBitmap
StretchBlt

user32

FindWindowW
SetForegroundWindow
EndDialog
SetTimer
KillTimer
DialogBoxParamW
ShowWindow
EnableWindow
CheckDlgButton
IsDlgButtonChecked
CheckRadioButton
EnumDisplaySettingsW
EnumDisplayDevicesW
ChangeDisplaySettingsExW
GetSysColor
DestroyWindow
CopyImage
CreateWindowExW
DrawTextW
GetFocus
MapWindowPoints
FillRect
RedrawWindow
IsCharAlphaNumericW
GetWindowLongPtrW
RegisterClassExW
GetDC
LoadStringW
ReleaseDC
GetProcessDefaultLayout
GetSystemMetrics
GetWindowRect
PtInRect
SetWindowPos
SendMessageTimeoutW
SendDlgItemMessageW
MapDialogRect
GetClientRect
GetDlgItem
SetDlgItemTextW
SetWindowLongPtrW
PostMessageW
GetParent
SetWindowLongW
SetFocus
SystemParametersInfoW
MessageBoxW
SetWindowTextW
InvalidateRect
GetWindowLongW
DrawFocusRect
BeginPaint
FrameRect
GetSysColorBrush
EndPaint
SendMessageW
TrackMouseEvent
DefWindowProcW
LoadCursorW

msvcrt

memcmp
_initterm
_ismbblead
__setusermatherr
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_cexit
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
malloc
wcschr
realloc
free
_acmdln
_fmode
_commode
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_purecall
_vsnwprintf
__C_specific_handler
_wtoi
memset

oleaut32

VariantClear
VariantInit
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SysFreeString
SysAllocString

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
StringFromGUID2

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetStartupInfoW
GetCurrentThreadId

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

comctl32

ord381
PropertySheetW
InitCommonControlsEx

dwrite

DWriteCreateFactory

ntdll

WinSqmIncrementDWORD
WinSqmAddToStream

ole32

CoGetObject

oleacc

CreateStdAccessibleObject
LresultFromObject

setupapi

SetupDiOpenDeviceInterfaceW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

uxtheme

IsThemeActive
DrawThemeParentBackground
OpenThemeData
GetThemeFont
GetThemeColor
GetThemeSysColor
CloseThemeData
GetThemeSysFont

shlwapi

ord628

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cttunesvr.exe
.exe windows:10 windows x64 arch:x64

63e0f36e5be79863e59c107043030e89

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cttunesvr.pdb

Imports

advapi32

RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW

kernel32

FreeLibrary
GetLastError
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
RaiseException
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCommandLineW
SetEvent
GetCurrentThreadId
Sleep
CreateEventW
CreateThread
CloseHandle
WaitForSingleObject
GetStartupInfoW
OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

user32

GetMessageW
TranslateMessage
DispatchMessageW
CharUpperW
CharNextW
UnregisterClassA
PostThreadMessageW

msvcrt

__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_wcmdln
_callnewh
wcscat_s
wcscpy_s
_purecall
memcpy_s
free
malloc
wcsncpy_s
__C_specific_handler
memcmp
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_initterm
_lock
realloc
_errno
_commode
_fmode
_XcptFilter
memset

ole32

CoRevokeClassObject
CoCreateInstance
StringFromGUID2
CoRegisterClassObject
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize

oleaut32

UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
SysFreeString
VarUI4FromStr
LoadTypeLi
SysAllocString
SysStringLen

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
curl.exe
.exe windows:6 windows x64 arch:x64

56794ff286fc53558ccb48d15e1fb35a

Code Sign

33:00:00:03:84:d9:68:7d:66:cc:75:4b:a1:00:00:00:00:03:84
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

13/07/2023, 23:45

Not After

15/09/2024, 23:45

Subject

CN=Microsoft 3rd Party Application Component,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:08:48:86:cf:bd:3c:0e:8f:15:1e:cc:9a:f7:4f:25:91:10:b6:8e:0d:7d:32:8c:e3:76:d4:cc:fe:8d:0e:a9
Signer

Actual PE Digest

1f:08:48:86:cf:bd:3c:0e:8f:15:1e:cc:9a:f7:4f:25:91:10:b6:8e:0d:7d:32:8c:e3:76:d4:cc:fe:8d:0e:a9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\__w\1\s\_build\src\RelWithDebInfo\curl.pdb

Imports

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
GetStdHandle
GetEnvironmentVariableA

api-ms-win-core-file-l1-1-0

ReadFile
SetEndOfFile
GetFileTime
CreateFileW
SetFileTime
GetFileType
GetFileSizeEx

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-console-l1-1-0

GetConsoleMode
SetConsoleMode
SetConsoleCtrlHandler
WriteConsoleW

api-ms-win-core-toolhelp-l1-1-0

CreateToolhelp32Snapshot
Module32NextW
Module32FirstW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleFileNameA
FreeLibrary
LoadLibraryExW
GetModuleHandleA

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemDirectoryW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
SetEvent
SleepEx
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
WaitForSingleObject
AcquireSRWLockExclusive
DeleteCriticalSection
CreateEventW
WaitForSingleObjectEx

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

ws2_32

inet_ntop
WSAEnumNetworkEvents
getsockopt
WSAWaitForMultipleEvents
send
accept
WSAEventSelect
WSACreateEvent
WSACloseEvent
ioctlsocket
__WSAFDIsSet
getpeername
select
WSAStartup
socket
recv
gethostname
WSACleanup
ntohs
WSASetLastError
WSAGetLastError
listen
getaddrinfo
connect
WSAResetEvent
freeaddrinfo
getsockname
bind
closesocket
recvfrom
inet_pton
sendto
setsockopt
WSAIoctl
htons
htonl

api-ms-win-core-localization-l1-2-0

FormatMessageW
IdnToAscii
IdnToUnicode

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

bcrypt

BCryptGenRandom

api-ms-win-security-cryptoapi-l1-1-0

CryptDestroyKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptImportKey
CryptEncrypt
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext

crypt32

CertEnumCertificatesInStore
CertGetCertificateChain
CertFreeCertificateChainEngine
CertAddCertificateContextToStore
CertFreeCertificateContext
CryptQueryObject
CertFreeCertificateChain
PFXImportCertStore
CertGetNameStringW
CertFindExtension
CertCreateCertificateChainEngine
CertCloseStore
CertFindCertificateInStore
CertOpenStore
CryptDecodeObjectEx
CryptStringToBinaryW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-processthreads-l1-1-0

TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcessId

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-namedpipe-l1-1-0

PeekNamedPipe

api-ms-win-crt-heap-l1-1-0

realloc
malloc
free
calloc
_set_new_mode

api-ms-win-crt-stdio-l1-1-0

_fseeki64
__stdio_common_vswprintf
_set_fmode
_wfopen
_wopen
__stdio_common_vsprintf
freopen
fgets
feof
__stdio_common_vsscanf
fread
getc
fseek
ferror
ftell
fclose
__p__commode
_fileno
_get_osfhandle
_lseeki64
_setmode
_isatty
fputs
fwrite
fflush
__acrt_iob_func
fputc
_close
_write
_read
puts

api-ms-win-crt-time-l1-1-0

_localtime64
_time64
strftime
_gmtime64

api-ms-win-crt-convert-l1-1-0

strtod
wcstombs
strtol
strtoul
strtoll
atoi

api-ms-win-crt-runtime-l1-1-0

_c_exit
__sys_errlist
_set_app_type
__sys_nerr
_exit
_register_thread_local_exe_atexit_callback
abort
exit
_initterm_e
_beginthreadex
_initterm
__p___argc
_seh_filter_exe
_get_initial_wide_environment
_initialize_wide_environment
terminate
_errno
_configure_wide_argv
_cexit
__p___wargv
_initialize_onexit_table
_register_onexit_function
_crt_atexit
strerror

api-ms-win-crt-string-l1-1-0

strcmp
strtok
wcscmp
strpbrk
wcsncmp
wcsncpy
wcspbrk
strspn
strncpy
_wcsdup
_stricmp
strcspn
strncmp
_strdup

api-ms-win-crt-filesystem-l1-1-0

_unlink
_mkdir
_wstat64
_waccess
_fstat64

api-ms-win-crt-utility-l1-1-0

bsearch
qsort

api-ms-win-crt-locale-l1-1-0

setlocale
_configthreadlocale

api-ms-win-crt-environment-l1-1-0

getenv

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwindEx

api-ms-win-crt-math-l1-1-0

__setusermatherr
_fdopen

api-ms-win-crt-conio-l1-1-0

_getch

Sections

.text
Size: 454KB - Virtual size: 454KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dasHost.exe
.exe windows:10 windows x64 arch:x64

27885cacc6ee39b866942a47cd01c180

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

dasHost.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o__configure_wide_argv
_o_exit
_o_free
_o_malloc
_o_terminate
__current_exception
__current_exception_context
_CxxThrowException
_o__configthreadlocale
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__crt_atexit
_o__cexit
_o__callnewh
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
__C_specific_handler
__std_terminate
__CxxFrameHandler4
__C_specific_handler_noexcept

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleW
FreeLibrary
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseSemaphore
InitializeCriticalSection
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseMutex
LeaveCriticalSection
ResetEvent
EnterCriticalSection
DeleteCriticalSection
CreateSemaphoreExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
SetEvent
CreateEventW
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

SetThreadToken
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

rpcrt4

I_RpcBindingInqLocalClientPID
RpcBindingFromStringBindingW
RpcBindingSetOption
NdrClientCall3
RpcBindingFree
RpcStringFreeW
NdrMesTypeEncode3
NdrMesTypeAlignSize3
NdrAsyncServerCall
NdrServerCallAll
Ndr64AsyncServerCallAll
NdrServerCall2
RpcSsDestroyClientContext
RpcServerUseProtseqEpW
I_RpcMapWin32Status
RpcServerRegisterIf3
RpcServerUnregisterIfEx
RpcAsyncCompleteCall
MesEncodeIncrementalHandleCreate
MesIncrementalHandleReset
RpcExceptionFilter
MesHandleFree
I_RpcExceptionFilter
RpcStringBindingComposeW
RpcImpersonateClient
RpcRevertToSelf
UuidFromStringW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW

wpprecorderum

WppAutoLogStop
WppAutoLogStart
WppAutoLogTrace

api-ms-win-security-sddl-l1-1-0

ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWorkCallbacks
SubmitThreadpoolWork
CreateThreadpoolWork
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolWait
CloseThreadpoolWork

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventActivityIdControl

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-security-base-l1-1-0

DuplicateToken

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlInitUnicodeString

api-ms-win-devices-query-l1-1-1

DevGetObjectPropertiesEx

api-ms-win-devices-query-l1-1-0

DevFreeObjectProperties

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegGetValueW
RegCloseKey

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dccw.exe
.exe windows:10 windows x64 arch:x64

c8c68c157371d344e62e727bcf3331c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

dccw.pdb

Imports

advapi32

RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
EventRegister
EventUnregister
EventWrite
RegQueryValueExW

kernel32

CreateMutexW
HeapSetInformation
InitializeCriticalSection
GetModuleFileNameW
FindResourceExW
LoadResource
SizeofResource
WaitForSingleObject
lstrcmpiW
GetModuleHandleW
LoadLibraryExW
GetProcAddress
FreeLibrary
GetLastError
ReleaseMutex
CloseHandle
CreateFileW
GetTickCount
LockResource
FindResourceW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
LocalFree
FormatMessageW
WriteFile
GetSystemDirectoryW
WideCharToMultiByte
GetSystemTime
CopyFileW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
RaiseException
DeleteCriticalSection
OutputDebugStringA
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
HeapFree
VirtualFree
GetCurrentProcess
VirtualAlloc
LoadLibraryExA
EncodePointer
HeapAlloc
DecodePointer
GetProcessHeap
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
Sleep
GetStartupInfoW
UnhandledExceptionFilter
GetSystemTimeAsFileTime

gdi32

StretchBlt
CreateCompatibleBitmap
SetStretchBltMode
SelectObject
CreateCompatibleDC
GetObjectW
GetTextExtentPoint32W
SetDeviceGammaRamp
GetDeviceGammaRamp
GetStockObject
SetBkMode
SetBkColor
SetTextColor
CreateSolidBrush
GetDeviceCaps
CreateDCW
DeleteDC
DeleteObject

user32

LoadStringW
GetWindowLongW
GetWindow
ShowWindow
MessageBoxW
ReleaseDC
GetWindowTextW
GetWindowTextLengthW
GetDC
KillTimer
SetTimer
SetWindowTextW
PostMessageW
MapDialogRect
EnumChildWindows
DisplayConfigGetDeviceInfo
QueryDisplayConfig
GetDisplayConfigBufferSizes
EnumDisplayDevicesW
ShowCursor
LoadCursorW
SetCursor
GetMonitorInfoW
EnumDisplayMonitors
MonitorFromWindow
GetParent
InvalidateRect
MapWindowPoints
GetWindowRect
GetDlgItem
DefWindowProcW
SendMessageW
CallWindowProcW
SetWindowPos
SetForegroundWindow
OpenIcon
SetWindowLongPtrW
GetWindowLongPtrW
MonitorFromRect
SendMessageTimeoutW
AllowSetForegroundWindow
GetWindowThreadProcessId
FindWindowW
RegisterWindowMessageW
GetActiveWindow
GetSystemMetrics
CharNextW
DestroyWindow
UnregisterClassA
MoveWindow

msvcrt

iswupper
towlower
_vsnwprintf
memset
?terminate@@YAXXZ
realloc
_errno
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_wcmdln
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
swscanf_s
wcsstr
_wcsupr
_purecall
memcpy_s
malloc
wcsncpy_s
free
__C_specific_handler
memcpy
powf

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
WinSqmAddToStream

dxva2

GetNumberOfPhysicalMonitorsFromHMONITOR
GetPhysicalMonitorsFromHMONITOR
DestroyPhysicalMonitors
GetMonitorBrightness
SetMonitorBrightness
GetMonitorContrast
SetMonitorContrast
SetVCPFeature
GetVCPFeatureAndVCPFeatureReply

mscms

GetColorProfileFromHandle
DccwReleaseDisplayProfileAssociationList
WcsCreateIccProfile
InstallColorProfileW
SetColorProfileElement
CloseColorProfile
DccwSetDisplayProfileAssociationList
WcsGetUsePerUserProfiles
WcsGetDefaultColorProfile
WcsOpenColorProfileW
DccwGetGamutSize
DccwCreateDisplayProfileAssociationList
SetColorProfileElementSize
WcsGetCalibrationManagementState
WcsDisassociateColorProfileFromDevice
WcsSetDefaultColorProfile
UninstallColorProfileW
DccwGetDisplayProfileAssociationList
GetColorDirectoryW
WcsSetCalibrationManagementState

shell32

ShellExecuteW

gdiplus

GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdipCloneImage
GdipFree
GdipCreateLineBrushI
GdipFillRectangleI
GdipAlloc
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStream

comctl32

TaskDialogIndirect
DestroyPropertySheetPage
CreatePropertySheetPageW
PropertySheetW

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString

api-ms-win-core-com-l1-1-0

CoCreateInstance
StringFromCLSID
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dcomcnfg.exe
.exe windows:10 windows x64 arch:x64

4c7f165da8da80935d61c0512a3469c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DCOMCnfg.pdb

Imports

kernel32

GetCurrentProcess
GetSystemDirectoryW
FormatMessageW
GetLastError
CloseHandle
HeapSetInformation
LocalFree
CreateProcessW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
TerminateProcess

user32

MessageBoxW

msvcrt

__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_vsnwprintf
_initterm
_cexit
__setusermatherr
memset

ntdll

RtlCaptureContext
NtQueryInformationProcess
RtlLookupFunctionEntry
RtlVirtualUnwind

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ddodiag.exe
.exe windows:10 windows x64 arch:x64

835450f6c906da1e68b05e2c968111e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DDODiag.pdb

Imports

msvcrt

?terminate@@YAXXZ
_commode
_wcsicmp
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_vsnwprintf
_exit
memset

kernel32

SetFilePointerEx
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
FileTimeToSystemTime
GetTempPath2W
CloseHandle
GetLastError
DuplicateHandle
CreateFileW
WriteFile
GetCurrentProcess
GetFileSizeEx
ReadFile

ole32

PropVariantClear
CoInitializeEx
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
StringFromCLSID

xmllite

CreateXmlWriter

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deploymentcsphelper.exe
.exe windows:10 windows x64 arch:x64

00ce3786dcafa2e99b11b366862e0269

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

deploymentcsphelper.pdb

Imports

msvcrt

_initterm
__setusermatherr
_cexit
??1type_info@@UEAA@XZ
_unlock
_fmode
exit
__set_app_type
_commode
_amsg_exit
_XcptFilter
memmove
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
?terminate@@YAXXZ
??0exception@@QEAA@AEBQEBD@Z
wcsncmp
_lock
_callnewh
_onexit
__dllonexit
memcpy
_wcmdln
__CxxFrameHandler4
__wgetmainargs
malloc
_exit
wcsstr
_purecall
??3@YAXPEAX@Z
_wcsnicmp
_vsnprintf
wcschr

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlAllocateHeap
RtlFreeHeap

kernel32

UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
GetProcessHeap
GetLastError
HeapFree
TerminateProcess
CompareStringW
GetCurrentProcess

wdscore

ConstructPartialMsgVW
WdsSetupLogMessageW
WdsTerminate
WdsInitialize
CurrentIP

shell32

CommandLineToArgvW

dismapi

DismCloseSession
DismShutdown
DismEnableFeature
DismDisableFeature
DismGetCapabilities
DismGetFeatures
DismInitialize
DismRemoveCapability
DismOpenSession
DismAddCapability

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW

api-ms-win-core-errorhandling-l1-1-0

SetLastError

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-heap-l1-1-0

HeapAlloc

api-ms-win-core-file-l1-1-0

CreateDirectoryW
GetFullPathNameW
GetFileAttributesW

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
desktopimgdownldr.exe
.exe windows:10 windows x64 arch:x64

42f92d2a7592cb75be2bde3c4bc27707

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

desktopimgdownldr.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm_e
_c_exit
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_exit
_o_free
_o_isalnum
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__cexit
_o___std_exception_destroy
_o___std_exception_copy
_o__callnewh
_o___p__commode
_o___p___wargv
_o___p___argc
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

CreateEventW
EnterCriticalSection
InitializeCriticalSection
InitializeCriticalSectionEx
ReleaseSemaphore
LeaveCriticalSection
WaitForSingleObject
SetEvent
AcquireSRWLockShared
ReleaseMutex
ReleaseSRWLockExclusive
DeleteCriticalSection
CreateSemaphoreExW
CreateMutexExW
AcquireSRWLockExclusive
ReleaseSRWLockShared
WaitForSingleObjectEx
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenProcessToken
TerminateProcess
GetCurrentThread
GetCurrentProcessId
OpenThreadToken
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-security-base-l1-1-0

IsValidSid
GetTokenInformation
GetSecurityDescriptorDacl
GetLengthSid

crypt32

CryptBinaryToStringW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-file-l1-1-0

CreateFileW
FindClose
FindFirstFileExW
GetFileSize
DeleteFileW
FindNextFileW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoTaskMemAlloc
CoCreateGuid
CoUninitialize
CoCreateInstance
PropVariantClear
CoTaskMemFree
CoDisconnectObject

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
SHExpandEnvironmentStringsW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

oleaut32

SysStringLen
SysFreeString

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCreateKeyExW
RegCloseKey

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

ntdll

RtlPublishWnfStateData

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW
GetPersistedFileLocationW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-shell-shdirectory-l1-1-0

ord292

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW
SetNamedSecurityInfoW

api-ms-win-core-path-l1-1-0

PathCchCombine

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dfrgui.exe
.exe windows:10 windows x64 arch:x64

e2865957eaccb2bd91ef8920388a9b82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

dfrgui.pdb

Imports

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
OpenProcessToken
EventSetInformation
EventRegister
EventUnregister
RegCloseKey
EventWriteTransfer
RegCreateKeyExW
TraceMessage
DuplicateToken
ControlTraceW
StartTraceW
EnableTraceEx2
CheckTokenMembership
GetTokenInformation
CreateWellKnownSid
RegQueryValueExW
RegSetValueExW

kernel32

FormatMessageW
FreeLibrary
GetProcAddress
LoadLibraryW
Sleep
GetFileAttributesW
CreateThread
LoadLibraryExW
LocalAlloc
GetSystemDirectoryW
ExpandEnvironmentStringsW
MoveFileExW
DeviceIoControl
CreateFileW
FindClose
FindNextFileW
FindFirstFileW
TerminateProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
InterlockedPopEntrySList
RtlCaptureStackBackTrace
InterlockedPushEntrySList
SystemTimeToFileTime
LeaveCriticalSection
EnterCriticalSection
GetVersionExW
SetEvent
DeleteCriticalSection
InitializeCriticalSection
GetVolumeNameForVolumeMountPointW
GetTimeFormatW
GetDateFormatW
SetLastError
WaitForSingleObject
CreateEventW
CloseHandle
SetErrorMode
GetProcessHeap
HeapSetInformation
RegisterApplicationRestart
GetCommandLineW
GetLocalTime
GetCurrentProcess
LocalFree
GetLastError
CreateDirectoryW
DeleteFileW

gdi32

DeleteDC
GdiFlush
SelectObject
SetLayout
CreateCompatibleDC
DeleteObject
CreateDIBSection
GetObjectW
CreateFontIndirectW
GetDeviceCaps
SetBkColor
ExtTextOutW
SetTextColor

user32

MessageBoxW
RegisterWindowMessageW
GetDlgItemTextW
SetDlgItemTextW
EnumWindows
GetWindowTextW
SendMessageTimeoutW
GetDlgItem
SendMessageW
SetWindowTextW
GetDC
ReleaseDC
SetForegroundWindow
DialogBoxParamW
GetWindowRect
MoveWindow
GetSystemMetrics
ClientToScreen
GetClientRect
DestroyIcon
GetWindowLongW
SetWindowLongW
SetFocus
GetDesktopWindow
ChangeWindowMessageFilterEx
LoadImageW
SetWindowPos
PostMessageW
ShowWindow
BeginPaint
MapWindowPoints
GetSysColor
EndPaint
SetWindowLongPtrW
EndDialog
EnableWindow
IsDlgButtonChecked
DestroyWindow
GetWindowLongPtrW
LoadStringW
CheckDlgButton
DrawFrameControl
OffsetRect
InflateRect
SetTimer
KillTimer
GetSysColorBrush

msvcrt

_initterm
__C_specific_handler
_acmdln
_ismbblead
_commode
__CxxFrameHandler3
wcstok
?terminate@@YAXXZ
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_purecall
_wtol
_wcsicmp
sprintf_s
memcpy_s
_fmode
wcscmp
memset
memcpy
_vsnwprintf
_vscwprintf
iswspace

shell32

SHGetStockIconInfo
SHGetFileInfoW
CommandLineToArgvW
ShellExecuteExW

oleaut32

SysAllocString
SystemTimeToVariantTime
SysFreeString
VariantTimeToSystemTime
VariantInit
VariantClear
SysStringLen

rpcrt4

UuidCreate

comctl32

ImageList_Destroy
ImageList_Create
ord345
ImageList_ReplaceIcon
ImageList_Add
ImageList_AddMasked
InitCommonControlsEx
ord344

ntdll

RtlFreeHeap
WinSqmAddToStream
RtlCaptureContext
RtlAllocateHeap
EtwTraceMessage
RtlNtStatusToDosError
RtlGetLastNtStatus
RtlGetPersistedStateLocation
RtlLookupFunctionEntry
RtlVirtualUnwind

sxshared

SxTracerShouldTrackFailure
SxTracerGetThreadContextRetail
SxTracerDebuggerBreak

api-ms-win-core-com-l1-1-0

CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoDisconnectObject
CoInitializeEx

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dialer.exe
.exe windows:10 windows x64 arch:x64

ea84f2a49408d51d324de27b0d115b5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

dialer.pdb

Imports

advapi32

RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW

kernel32

HeapSetInformation
LocalFree
GetModuleHandleW
GetTickCount
lstrcmpW
GetCurrentThreadId
GetLastError
FormatMessageW
LocalAlloc
CreateMutexW
lstrlenW
CloseHandle
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
Sleep

gdi32

GetStockObject
GetTextExtentPoint32W
SetBkColor
LPtoDP
CreateFontIndirectW
SelectObject

user32

ShowWindow
GetActiveWindow
LoadStringW
LoadAcceleratorsW
DrawIcon
GetSystemMetrics
EndDialog
SendMessageW
FillRect
MessageBoxW
SetWindowPos
GetDC
DestroyWindow
GetFocus
GetWindowRect
PostMessageW
CreateDialogParamW
GetMessageW
GetWindowTextLengthW
IsDialogMessageW
DefDlgProcW
SetDlgItemTextW
RegisterClassW
GetDlgItemTextW
SendDlgItemMessageW
GetSysColor
WinHelpW
SetFocus
TranslateAcceleratorW
TranslateMessage
GetClipboardData
LoadIconW
DispatchMessageW
FindWindowW
LoadCursorW
GetClientRect
GetDlgItem
IsClipboardFormatAvailable
CheckDlgButton
PostQuitMessage
GetSysColorBrush
EnableMenuItem
SystemParametersInfoW
GetParent
DialogBoxParamW
UpdateWindow
SetForegroundWindow
IsIconic
ReleaseDC
BeginPaint
EndPaint
EnableWindow
PeekMessageW

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_cexit
memset
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
wcscspn
wcsspn
_itow
_wtoi
_vsnwprintf
_exit
memmove

shell32

ShellAboutW

tapi32

lineGetRequestW
lineSetAppPriorityW
lineRegisterRequestRecipient
lineMakeCallW
lineClose
lineShutdown
lineOpenW
lineConfigDialogW
lineDeallocateCall
lineGetDevCapsW
lineDrop
lineGetAddressCapsW
lineTranslateAddressW
lineGetTranslateCapsW
lineInitializeExW
lineTranslateDialogW
lineGetAppPriorityW
lineNegotiateAPIVersion

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
directxdatabaseupdater.exe
.exe windows:10 windows x64 arch:x64

063db86451684ffb8512ccafe024c19d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DirectXDatabaseUpdater.pdb

Imports

msvcp_win

?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEBA?AVlocale@2@XZ
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??Bid@locale@std@@QEAA_KXZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?read@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@PEAG_J@Z
?good@ios_base@std@@QEBA_NXZ
?seekg@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??1_Lockit@std@@QEAA@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?id@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@2V0locale@2@A
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QEBA_JXZ
?setf@ios_base@std@@QEAAHHH@Z
?put@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@GU?$char_traits@G@std@@@2@V32@AEAVios_base@2@GPEBUtm@@PEBG3@Z
?_Getcat@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vswscanf
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__fseeki64
_o__get_initial_wide_environment
_o__get_stream_buffer_pointers
_o__gmtime64
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__lock_file
_o___p__commode
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__unlock_file
_o__wcsicmp
_o_exit
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fgetwc
_o_fputc
_o_fputwc
_o_fread
_o_free
_o_fsetpos
_o_fwrite
_o_malloc
_o_setvbuf
_o_terminate
_o_ungetc
_o_ungetwc
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o___p___wargv
_o___p___argc
wcsrchr
__std_terminate
__CxxFrameHandler4
_o___std_exception_destroy
_o___std_exception_copy
memcmp
memcpy

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister
EventActivityIdControl

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
GetModuleFileNameW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-file-l1-1-0

GetTempFileNameW
FindClose
DeleteFileW
FindFirstFileW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSectionEx
ReleaseMutex
AcquireSRWLockExclusive
ReleaseSemaphore
EnterCriticalSection
WaitForSingleObjectEx
ReleaseSRWLockExclusive
CreateSemaphoreExW
OpenSemaphoreW
ReleaseSRWLockShared
WaitForSingleObject
CreateMutexExW
DeleteCriticalSection
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeEx
StringFromGUID2
CoTaskMemFree
CoUninitialize
CLSIDFromString

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetThreadLocale

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetWindowsDirectoryW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-oobe-notification-l1-1-0

OOBEComplete

api-ms-win-security-base-l1-1-0

FreeSid
GetTokenInformation
ImpersonateLoggedOnUser
AllocateAndInitializeSid
EqualSid
RevertToSelf

api-ms-win-shell-shdirectory-l1-1-0

ord290

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

profapi

ord104

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

bcrypt

BCryptHashData
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCreateHash

dismapi

DismOpenSession
_DismRemovePackageEx
DismCloseSession
DismShutdown
DismGetPackages
DismInitialize

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
diskpart.exe
.exe windows:10 windows x64 arch:x64

118596c58b789852789b781d0af467c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

diskpart.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyW

kernel32

DeviceIoControl
CreateFileW
GetLastError
CloseHandle
SetConsoleCtrlHandler
GetStdHandle
GetModuleFileNameW
SetThreadUILanguage
GetVersionExW
GetConsoleMode
HeapSetInformation
ExitProcess
GetComputerNameW
GetFileType
RegisterApplicationRestart
ExpandEnvironmentStringsW
Sleep
WriteFile
LocalAlloc
FormatMessageW
LoadLibraryW
GetWindowsDirectoryW
WriteConsoleW
LocalFree
GetModuleHandleW
FreeLibrary
WideCharToMultiByte

msvcrt

??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
??0exception@@QEAA@AEBQEBD@Z
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
memcmp
_wtoi64
_wcsupr
_wtoi
wcsrchr
_wcstoui64
_ui64tow
_initterm
_ltow
wcstol
towupper
iswalpha
swscanf
_wcsnicmp
fgetwc
wcspbrk
setvbuf
_wfopen
fclose
setlocale
malloc
free
wcsstr
wcschr
_errno
??3@YAXPEAX@Z
wcstoul
_vsnwprintf
_callnewh
_wtol
wcsspn
_ultow
_wcsicmp
__CxxFrameHandler4
_purecall
__iob_func
memset

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
StringFromGUID2
CoCreateGuid
CoUninitialize

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW
UuidFromStringW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-core-libraryloader-l1-2-0

LoadStringW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
diskperf.exe
.exe windows:10 windows x64 arch:x64

dc6d1d7f9f08441240b20ad5298c254d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

diskperf.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_narrow_argv
_o__crt_atexit
_o__exit
_o__get_initial_narrow_environment
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o___stdio_common_vswprintf
_o__wcsicmp
_o__wcsupr
_o__wtoi
_o_exit
_o_free
_o_malloc
_o_setlocale
_o_terminate
_o_wcstok
__C_specific_handler
__current_exception
__current_exception_context
_o___p___argv
_o___p___argc
_o___stdio_common_vfwprintf
_o___acrt_iob_func
_o___p__commode

api-ms-win-crt-string-l1-1-0

memset
wcscmp

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegDeleteValueW

api-ms-win-core-file-l1-1-0

FindNextVolumeW
FindFirstVolumeW
CreateFileW
GetFileType
FindVolumeClose

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetCommandLineW

ntdll

NtQuerySystemInformation
RtlInitUnicodeString
NtClose
NtOpenFile

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-registry-l2-1-0

RegConnectRegistryW

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadStringW

api-ms-win-core-console-l1-1-0

WriteConsoleW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
diskraid.exe
.exe windows:10 windows x64 arch:x64

183225e1c1196e5fe09576daea97598d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

diskraid.pdb

Imports

advapi32

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

kernel32

Sleep
WideCharToMultiByte
lstrcmpiW
GetCurrentThreadId
GetCurrentProcessId
SetConsoleCtrlHandler
GetStdHandle
GetModuleFileNameW
SetThreadUILanguage
GetConsoleMode
GetLastError
HeapSetInformation
GetLocalTime
GetComputerNameW
GetFileType
RegisterApplicationRestart
WriteFile
LocalAlloc
FormatMessageW
WriteConsoleW
LocalFree
GetModuleHandleW

msvcrt

_wtoi
fclose
__iob_func
_wcsicmp
_wcsnicmp
setvbuf
setlocale
exit
free
fprintf
malloc
_vsnprintf
_XcptFilter
memcpy
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_wtol
_initterm
_vsnwprintf
_wfopen
__setusermatherr
fgetwc
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_cexit
memset

ws2_32

htons
WSAAddressToStringW
WSAStartup
WSACleanup

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoTaskMemFree
CoInitializeEx
CoTaskMemAlloc
CoCreateInstance
CoUninitialize

ntdll

RtlIpv6AddressToStringExW

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-libraryloader-l1-2-0

LoadStringW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

Exports

Exports

??0CDrCallTracer@@QEAA@KQEBD0PEBJ@Z
??1CDrCallTracer@@QEAA@XZ
?LogMessage@CDrCallTracer@@QEAAXKPEADZZ

Sections

.text
Size: 292KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
diskusage.exe
.exe windows:10 windows x64 arch:x64

39fc91917810b9484bd149e8bc76b39a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

diskusage.pdb

Imports

msvcrt

_wcsicmp
?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__C_specific_handler
_XcptFilter
wprintf
malloc
_wcsnicmp
free
wcschr
memmove
memcpy
memcmp
_local_unwind
_wcstoui64
atoi
_errno
wcstoul
wcscpy_s
iswspace
_vsnwprintf
memset

kernel32

RtlCompareMemory
GetDateFormatW
SystemTimeToTzSpecificLocalTime
GetTimeFormatW
GetNumberFormatW
FileTimeToSystemTime
GetLocaleInfoA
GetLocaleInfoW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetFileInformationByHandle
CreateFileW
FindNextFileW
FindFirstFileExW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FindFirstFileW
GetFullPathNameW
GetStdHandle
GetPrivateProfileIntW
FindClose
GetPrivateProfileStringW
GetConsoleMode
GetLastError
CloseHandle
GetCurrentDirectoryW
SetLastError
GetConsoleOutputCP
WriteFile
SetConsoleMode
FormatMessageW
WriteConsoleW
LocalFree
GetModuleHandleW
WideCharToMultiByte
GetFileType
Sleep
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
DeviceIoControl

advapi32

AllocateAndInitializeSid
FreeSid
CheckTokenMembership
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

ntdll

RtlLookupElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlDeleteCriticalSection
RtlIsDosDeviceName_U
RtlDosPathNameToRelativeNtPathName_U
RtlReleaseRelativeName
RtlInitializeGenericTableAvl
NtQueryDirectoryFileEx
NtClose
RtlEnterCriticalSection
RtlInitializeCriticalSection
RtlFreeHeap
RtlLeaveCriticalSection
RtlCopyUnicodeString
RtlIsNameInExpression
NtQueryInformationFile
RtlUpcaseUnicodeString
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
NtOpenFile
RtlNtStatusToDosError
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
RtlFreeUnicodeString
NtCreateFile

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dispdiag.exe
.exe windows:10 windows x64 arch:x64

5ba7d44ccb1ef9de85eee8889019345e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

dispdiag.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsnicmp
_o__wtoi
_o_exit
_o_free
_o_isspace
_o_iswprint
_o_isxdigit
_o_malloc
_o_strtoul
_o_terminate
_o_tolower
_o_wcscpy_s
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__cexit
_o__callnewh
_o__configure_wide_argv
_o___stdio_common_vswscanf
_o__configthreadlocale
_o___stdio_common_vswprintf
_o___stdio_common_vfwprintf
_o___stdio_common_vfprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
_o___acrt_iob_func
__C_specific_handler
__std_terminate
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-file-l1-1-0

WriteFile
FindFirstFileW
CreateFileW
CreateDirectoryW
FindClose
DeleteFileW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-devices-query-l1-1-0

DevGetObjectProperties
DevFreeObjectProperties

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegGetValueW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetLocalTime
GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadLibraryExW
FreeLibrary
GetProcAddress

api-ms-win-service-management-l1-1-0

OpenServiceW
OpenSCManagerW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor
SetProcessDpiAwareness

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize
CoInitializeEx

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
GetStdHandle
ExpandEnvironmentStringsW

oleaut32

SysStringByteLen
VariantClear
SysAllocStringByteLen
SysAllocString
SysFreeString

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
CreateThread
GetCurrentThreadId

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-util-l1-1-0

Beep

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
OutputDebugStringW
IsDebuggerPresent

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
ControlTraceW
StartTraceW

api-ms-win-eventing-consumer-l1-1-0

OpenTraceW
ProcessTrace

api-ms-win-core-console-l1-1-0

ReadConsoleInputW
WriteConsoleW

api-ms-win-core-synch-l1-1-0

ResetEvent
WaitForSingleObjectEx
CreateEventW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SetEvent
DeleteCriticalSection

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

devobj

DevObjCreateDeviceInfoList
DevObjGetDeviceInstanceId
DevObjEnumDeviceInterfaces
DevObjOpenDeviceInterface
DevObjGetDeviceRegistryProperty
DevObjDestroyDeviceInfoList
DevObjEnumDeviceInfo
DevObjGetDeviceProperty
DevObjGetClassDevs
DevObjGetDeviceInterfaceDetail
DevObjOpenDevRegKey

api-ms-win-ntuser-sysparams-l1-1-0

SystemParametersInfoW
EnumDisplaySettingsExW
DisplayConfigGetDeviceInfo
EnumDisplayMonitors
QueryDisplayConfig
GetSystemMetrics
GetDisplayConfigBufferSizes
EnumDisplayDevicesW
GetMonitorInfoW

api-ms-win-gdi-dpiinfo-l1-1-0

GetCurrentDpiInfo

wmiclnt

WmiExecuteMethodW
WmiDevInstToInstanceNameW
WmiQuerySingleInstanceW
WmiOpenBlock
WmiCloseBlock

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntdll

RtlAdjustPrivilege

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
djoin.exe
.exe windows:10 windows x64 arch:x64

a0d2c238122b7ace2f6a5b53a13b9e40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

djoin.pdb

Imports

msvcrt

wcsncmp
_wcsnicmp
memcpy
_onexit
__dllonexit
__CxxFrameHandler4
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
malloc
free
printf
wcschr
wcscpy_s
_vsnprintf
_wtoi
_wcsicmp
setlocale
_vsnwprintf
wcsrchr
__iob_func
fwprintf
_exit
swprintf_s
wprintf
memset

netprovfw

NetCreateProvisioningPackage
NetRequestProvisioningPackageInstall
NetpRequestProvisioningPackageInstallForIMC
NetpProvDomainJoinLicensingCheck
NetpAnalyzeProvisioningPackage

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadPreferredUILanguages

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FreeLibrary
LoadLibraryExW
LoadStringW
GetProcAddress
GetModuleFileNameW

api-ms-win-core-file-l1-1-0

DeleteFileW
GetFileAttributesW
WriteFile
GetFileSize
ReadFile
CreateDirectoryW
GetFullPathNameW
CreateFileW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCreateKeyExW
RegLoadKeyW
RegDeleteValueW
RegUnLoadKeyW
RegCloseKey
RegQueryValueExW
RegSaveKeyExW
RegOpenKeyExW

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
ExpandEnvironmentStringsW

api-ms-win-service-management-l1-1-0

StartServiceW
CloseServiceHandle
OpenSCManagerW
OpenServiceW

api-ms-win-eventing-controller-l1-1-0

StartTraceW
ControlTraceW

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

netutils

NetApiBufferFree
NetApiBufferAllocate

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

logoncli

DsGetDcNameW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetWindowsDirectoryW
GetVersionExW
GetTickCount64
GetSystemTimeAsFileTime

wkscli

NetUseDel
NetJoinDomain
NetUseAdd

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap
HeapSetInformation

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-eventing-legacy-l1-1-0

EnableTrace

ntdll

RtlNtStatusToDosError
RtlFreeHeap
RtlGetNtProductType
NtAdjustPrivilegesToken
NtOpenProcessToken
NtDuplicateToken
DbgPrint
RtlAllocateHeap
NtSetInformationThread
NtClose

api-ms-win-core-synch-l1-1-0

SetEvent
CreateEventW
LeaveCriticalSection
WaitForSingleObject
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
OpenEventW

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dllhost.exe
.exe windows:10 windows x64 arch:x64

fbdac0471446783ad621d3cab6033559

Code Sign

33:00:00:03:3b:65:5f:ae:fa:db:75:e9:d6:00:00:00:00:03:3b
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3c:43:21:80:b1:a4:bc:d6:de:8c:61:66:2e:db:ec:c1:65:8e:71:f2:9f:79:01:69:38:d6:53:ec:d1:5e:72:51
Signer

Actual PE Digest

3c:43:21:80:b1:a4:bc:d6:de:8c:61:66:2e:db:ec:c1:65:8e:71:f2:9f:79:01:69:38:d6:53:ec:d1:5e:72:51

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

dllhost.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_new_mode
_o__wcsicmp
_o_exit
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___p__commode
_o__set_fmode

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-com-private-l1-1-0

CoRegisterSurrogateEx

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-com-l1-1-0

CoUninitialize
IIDFromString
CoInitializeEx

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dllhst3g.exe
.exe windows:10 windows x64 arch:x64

fbdac0471446783ad621d3cab6033559

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

dllhst3g.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_new_mode
_o__wcsicmp
_o_exit
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___p__commode
_o__set_fmode

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-com-private-l1-1-0

CoRegisterSurrogateEx

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-com-l1-1-0

CoUninitialize
IIDFromString
CoInitializeEx

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dmcertinst.exe
.exe windows:10 windows x64 arch:x64

6fa111be22ebcbcba674021f10d664c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

dmcertinst.pdb

Imports

msvcp110_win

??0?$codecvt@GDH@std@@QEAA@_K@Z
??1?$codecvt@GDH@std@@MEAA@XZ
?_Syserror_map@std@@YAPEBDH@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?id@?$codecvt@GDH@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
??Bid@locale@std@@QEAA_KXZ
?_Getcat@?$codecvt@GDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?in@?$codecvt@GDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAG3AEAPEAG@Z
??1_Lockit@std@@QEAA@XZ
?_Xbad_alloc@std@@YAXXZ
?_Winerror_map@std@@YAPEBDH@Z
??0_Lockit@std@@QEAA@H@Z
??1_Container_base12@std@@QEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Incref@facet@locale@std@@UEAAXXZ

msvcrt

memmove
memcpy
memcmp
_CxxThrowException
memset
_fmode
__CxxFrameHandler3
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
_wcsnicmp
memmove_s
sprintf_s
__CxxFrameHandler4
_vsnprintf
swprintf_s
wcstoul
wcstok_s
_vsnwprintf
memcpy_s
??3@YAXPEAX@Z
_purecall
??1exception@@UEAA@XZ
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
??0exception@@QEAA@XZ
_unlock
_lock
_commode
wcscmp
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
free
malloc
??0exception@@QEAA@AEBV0@@Z
_wcsicmp
wcsstr
wcsrchr
??_V@YAXPEAX@Z
wcscpy_s
_vsnprintf_s

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadStringW
FreeLibrary
GetModuleFileNameW
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetStartupInfoW
OpenProcessToken
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSemaphore
AcquireSRWLockShared
DeleteCriticalSection
WaitForMultipleObjectsEx
OpenEventW
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
ReleaseSRWLockShared
SetEvent
CreateEventExW
ReleaseSRWLockExclusive
CreateMutexExW
ReleaseMutex
CreateSemaphoreExW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegQueryValueExW
RegDeleteTreeW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyExW
RegQueryInfoKeyW

api-ms-win-core-namedpipe-l1-1-0

WaitNamedPipeW

api-ms-win-core-file-l1-1-0

CreateFileW
ReadFile

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles
CoGetApartmentType
CreateStreamOnHGlobal
CoUninitialize
GetHGlobalFromStream
CoInitializeEx
CoCreateInstance

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-heap-l2-1-0

LocalAlloc
GlobalFree
LocalFree

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemTime

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock

ntdll

RtlIsStateSeparationEnabled

omadmapi

ord64
ord35

certenroll

ord45

umpdc

Pdcv2ActivationClientActivate
Pdcv2ActivationClientUnregister
Pdcv2ActivationClientRegister
Pdcv2ActivationClientRenewActivation
Pdcv2ActivationClientDeactivate

declaredconfiguration

DMOrchestratorUpdateDocStatus

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString
SysStringLen

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoInitialize
RoUninitialize
RoActivateInstance

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

ncrypt

NCryptDeleteKey
NCryptOpenKey
NCryptFreeObject
NCryptGetProperty
NCryptOpenStorageProvider

crypt32

CryptSetKeyIdentifierProperty
CertFreeCertificateContext
CryptUnprotectData
CertFindCertificateInStore
CertDeleteCertificateFromStore
CertGetCertificateContextProperty
CryptBinaryToStringW
CryptEncodeObjectEx
CertOpenStore
CertCloseStore

rpcrt4

UuidCreate

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

dmcmnutils

UnicodeToMB
HexStringToBinary
BinaryToHexString
CopyString
OmaDmRegistryGetDWORD

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dmcfghost.exe
.exe windows:10 windows x64 arch:x64

b9d23eb98585fd9233750d9597b028da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

dmcfghost.pdb

Imports

msvcrt

memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_purecall
_callnewh
malloc
_vsnwprintf
??1type_info@@UEAA@XZ
_ismbblead
__setusermatherr
??3@YAXPEAX@Z
_initterm
__C_specific_handler
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__CxxFrameHandler3
_cexit
_exit
_commode
_fmode
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
__CxxFrameHandler4
_acmdln
memset

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-synch-l1-1-0

OpenEventW
WaitForSingleObject

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadStringW
LoadLibraryExW
FreeLibrary
GetModuleHandleW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetExitCodeProcess
GetStartupInfoW
CreateProcessW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

dmpushproxy

ord9
ord11
ord10
ord3
ord1

dmcmnutils

QueryPolicy
DmInformUser
BigStrcat
DmGetCurrentUserSid
InvStrCmpIW
CopyString
OmaDmRegistrySetString

dsclient

DSCreateSharedFileToken
DSRemoveSharingToken
DSFreeString

oleaut32

SysFreeString
SysStringLen
SysAllocStringLen
SysAllocString

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-com-l1-1-0

CoUninitialize
CoTaskMemFree
CoInitializeEx

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l1-1-0

DeleteFileW
GetTempFileNameW
CreateFileW
WriteFile

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

omadmapi

ord109

dmxmlhelputils

XMLHSkipXMLProlog

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dmclient.exe
.exe windows:10 windows x64 arch:x64

24fe1092ba4708a7b9fe972d3915a0f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

dmclient.pdb

Imports

msvcrt

_cexit
__setusermatherr
_initterm
__C_specific_handler
_fmode
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_commode
?what@exception@@UEBAPEBDXZ
_CxxThrowException
_callnewh
_exit
malloc
_lock
_vsnprintf_s
_unlock
__dllonexit
??0exception@@QEAA@AEBV0@@Z
exit
memmove
??0exception@@QEAA@XZ
__CxxFrameHandler4
_onexit
??1type_info@@UEAA@XZ
__wgetmainargs
??1exception@@UEAA@XZ
memcmp
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_purecall
memcpy
?terminate@@YAXXZ
??3@YAXPEAX@Z
wcsnlen
_wtoi64
wcstod
memmove_s
vswprintf_s
_vscwprintf
_wcsicmp
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
__set_app_type
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExA
GetProcAddress
GetModuleHandleExW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegGetValueW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
LeaveCriticalSection
AcquireSRWLockShared
CreateMutexExW
WaitForSingleObject
AcquireSRWLockExclusive
ReleaseSemaphore
CreateEventExW
CreateSemaphoreExW
SetEvent
EnterCriticalSection
InitializeCriticalSectionEx
ReleaseMutex
ReleaseSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoCreateInstance
CoTaskMemFree
CLSIDFromString
CoWaitForMultipleHandles

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoUninitialize
RoGetActivationFactory
RoInitialize

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentProcess
GetCurrentThreadId
TerminateProcess
OpenThreadToken
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

GetUserPreferredUILanguages
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemTime

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-core-file-l1-1-0

FindFirstFileW
FindClose
DeleteFileW
WriteFile
ReadFile
CreateDirectoryW
FindNextFileW
GetFileSize

api-ms-win-core-file-l1-2-0

CreateFile2

api-ms-win-security-base-l1-1-0

GetTokenInformation
RevertToSelf
ImpersonateLoggedOnUser

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

crypt32

CryptStringToBinaryW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

ntdll

NtQueryWnfStateData
RtlGetDeviceFamilyInfoEnum

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

xmllite

CreateXmlReader

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedFileLocationW
GetPersistedRegistryLocationW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dnscacheugc.exe
.exe windows:10 windows x64 arch:x64

5c3e101307701f44bb632e0fa83f16a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

dnscacheugc.pdb

Imports

msvcrt

_cexit
_vsnwprintf
_initterm
_fmode
_onexit
wcschr
__dllonexit
wcsrchr
__set_app_type
exit
_unlock
_vsnprintf
_lock
__C_specific_handler
?terminate@@YAXXZ
__setusermatherr
_commode
_exit
__getmainargs
memcpy
_amsg_exit
_XcptFilter
wcstoul
_wcsnicmp
wcsncmp
memset

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

iphlpapi

ConvertStringToInterfacePhysicalAddress
ConvertInterfaceAliasToLuid
ParseNetworkString
ConvertInterfacePhysicalAddressToLuid
ConvertInterfaceLuidToGuid
ConvertInterfaceNameToLuidW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleW
FreeLibrary
LoadLibraryExW
GetProcAddress

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

ntdll

RtlFreeHeap
RtlAllocateHeap

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection

api-ms-win-core-file-l1-1-0

CreateDirectoryW
GetFullPathNameW
GetFileAttributesW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
doskey.exe
.exe windows:10 windows x64 arch:x64

a1ea9d934205151494b8180e6c772f08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

doskey.pdb

Imports

ulib

?PrepareToParse@ARGUMENT_LEXEMIZER@@QEAAEPEAVWSTRING@@@Z
??1DSTRING@@UEAA@XZ
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QEAAXE@Z
??1OBJECT@@UEAA@XZ
?IsValueSet@ARGUMENT@@QEAAEXZ
?QueryFile@SYSTEM@@SAPEAVFSN_FILE@@PEBVPATH@@EPEAE@Z
??0PATH_ARGUMENT@@QEAA@XZ
?Initialize@WSTRING@@QEAAEPEBDK@Z
?ReadLine@STREAM@@QEAAEPEAVWSTRING@@E@Z
??0STREAM_MESSAGE@@QEAA@XZ
??1STREAM_MESSAGE@@UEAA@XZ
?Initialize@STREAM_MESSAGE@@QEAAEPEAVSTREAM@@00@Z
?Set@STREAM_MESSAGE@@UEAAEKW4MESSAGE_TYPE@@K@Z
??0FLAG_ARGUMENT@@QEAA@XZ
?Initialize@WSTRING@@QEAAEPEBGK@Z
?Strchr@WSTRING@@QEBAKGK@Z
?Stricmp@WSTRING@@QEBAJPEBV1@@Z
?Initialize@PATH_ARGUMENT@@QEAAEPEADE@Z
?Initialize@WSTRING@@QEAAEPEBV1@KK@Z
?DeleteChAt@WSTRING@@QEAAXKK@Z
?QueryWSTR@WSTRING@@QEBAPEAGKKPEAGKE@Z
?Strcat@WSTRING@@QEAAEPEBV1@@Z
Get_Standard_Output_Stream
?Display@MESSAGE@@QEAAEPEBDZZ
?DisplayMsg@MESSAGE@@QEAAEKW4MESSAGE_TYPE@@KPEBDZZ
?MakeFileToken@MESSAGE@@SA_KPEBD@Z
??0STRING_ARGUMENT@@QEAA@XZ
??1STRING_ARGUMENT@@UEAA@XZ
?Initialize@STRING_ARGUMENT@@QEAAEPEAD@Z
??0ARGUMENT_LEXEMIZER@@QEAA@XZ
??1ARGUMENT_LEXEMIZER@@UEAA@XZ
?Initialize@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?PutSeparators@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
??1PATH_ARGUMENT@@UEAA@XZ
?QueryInvalidArgument@ARGUMENT_LEXEMIZER@@QEAAPEAVWSTRING@@XZ
?Initialize@FLAG_ARGUMENT@@QEAAEPEAD@Z
??0REST_OF_LINE_ARGUMENT@@QEAA@XZ
?Initialize@REST_OF_LINE_ARGUMENT@@QEAAEXZ
??0ARRAY@@QEAA@XZ
??1ARRAY@@UEAA@XZ
?Initialize@ARRAY@@QEAAEKK@Z
?Put@ARRAY@@UEAAEPEAVOBJECT@@@Z
?QueryStream@FSN_FILE@@QEAAPEAVFILE_STREAM@@W4STREAMACCESS@@K@Z
??0LONG_ARGUMENT@@QEAA@XZ
?Initialize@LONG_ARGUMENT@@QEAAEPEAD@Z
Get_Standard_Input_Stream
??0DSTRING@@QEAA@XZ

kernel32

TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
GetConsoleCommandHistoryLengthW
AddConsoleAliasW
HeapSetInformation
GetConsoleAliasesLengthW
GetConsoleMode
ExpungeConsoleCommandHistoryW
GetConsoleCommandHistoryW
GetConsoleAliasExesW
SetConsoleMode
SetConsoleNumberOfCommandsW
GetStdHandle
GetConsoleAliasesW
GetConsoleAliasExesLengthW
GetCurrentProcess

ntdll

RtlFreeHeap
RtlAllocateHeap

msvcrt

?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dpapimig.exe
.exe windows:10 windows x64 arch:x64

5bacea135d7122680523ecf81def2d51

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

dpapimig.pdb

Imports

advapi32

GetTokenInformation
GetSidIdentifierAuthority
RegEnumValueW
OpenThreadToken
GetLengthSid
ConvertSidToStringSidW
RegOpenKeyExW
OpenProcessToken
IsValidSid
RegDeleteTreeW
RegEnumKeyExW
ConvertStringSidToSidW
CopySid
GetSidSubAuthority
GetSidSubAuthorityCount
RegCloseKey

kernel32

LocalFree
GetCurrentThread
GetCommandLineW
GetCurrentProcess
CompareStringOrdinal
LocalAlloc
GetLastError
CloseHandle

user32

LoadStringW
LoadIconW
MessageBoxW
PostMessageW

msvcrt

__C_specific_handler
wcsncmp
malloc
_callnewh
free
_XcptFilter
memset
?terminate@@YAXXZ
_commode
_fmode
_acmdln
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit

crypt32

CryptUpdateProtectedState

api-ms-win-core-com-l1-1-0

CoUninitialize

samcli

NetUserModalsGet

netutils

NetApiBufferFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetStartupInfoW
TerminateProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

comctl32

PropertySheetW
ord345

ole32

CoInitialize

shell32

CommandLineToArgvW

dui70

StrToID
?GetEncodedContentString@Element@DirectUI@@QEAAJPEAG_K@Z
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?DestroyCP@TaskPage@DirectUI@@EEAAXXZ
InitThread
?Click@Button@DirectUI@@SA?AVUID@@XZ
InitProcessPriv
?CreateDUICP@TaskPage@DirectUI@@EEAAJPEAVHWNDElement@2@PEAUHWND__@@1PEAPEAVElement@2@PEAPEAVDUIXmlParser@2@@Z
?LoadParser@TaskPage@DirectUI@@MEAAJPEAPEAVDUIXmlParser@2@@Z
?PropSheet_SendMessage@TaskPage@DirectUI@@IEAA_JI_K_J@Z
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?SetMaxLength@Edit@DirectUI@@QEAAJH@Z
?LoadPage@TaskPage@DirectUI@@MEAAJPEAVHWNDElement@2@PEAUHINSTANCE__@@PEAPEAVElement@2@PEAPEAVDUIXmlParser@2@@Z
?InitPropSheetPage@TaskPage@DirectUI@@MEAAXPEAU_PROPSHEETPAGEW@@@Z
?OnQueryCancel@TaskPage@DirectUI@@MEAA_JXZ
?OnReset@TaskPage@DirectUI@@MEAA_JXZ
?OnWizBack@TaskPage@DirectUI@@MEAA_JXZ
?OnWizFinish@TaskPage@DirectUI@@MEAA_JXZ
?OnWizNext@TaskPage@DirectUI@@MEAA_JXZ
?OnQueryInitialFocus@TaskPage@DirectUI@@MEAAPEAVElement@2@XZ
?OnMessage@TaskPage@DirectUI@@MEAA_NI_K_JPEA_J@Z
?OnListenerAttach@TaskPage@DirectUI@@MEAAXPEAVElement@2@@Z
?OnListenerDetach@TaskPage@DirectUI@@MEAAXPEAVElement@2@@Z
?OnListenedPropertyChanging@TaskPage@DirectUI@@MEAA_NPEAVElement@2@PEBUPropertyInfo@2@HPEAVValue@2@2@Z
?OnListenedPropertyChanged@TaskPage@DirectUI@@MEAAXPEAVElement@2@PEBUPropertyInfo@2@HPEAVValue@2@2@Z
?OnListenedInput@TaskPage@DirectUI@@MEAAXPEAVElement@2@PEAUInputEvent@2@@Z
?CreateParserCP@TaskPage@DirectUI@@EEAAJPEAPEAVDUIXmlParser@2@@Z
?DUICreatePropertySheetPage@TaskPage@DirectUI@@QEAAJPEAUHINSTANCE__@@@Z
UnInitThread
UnInitProcessPriv
??0TaskPage@DirectUI@@QEAA@XZ
??1TaskPage@DirectUI@@UEAA@XZ

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dpnsvr.exe
.dll windows:10 windows x64 arch:x64

0666ed1f1c919f3b819158a8dd8a47af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

stub.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___std_type_info_destroy_list
_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
__C_specific_handler

api-ms-win-crt-string-l1-1-0

memset

kernel32

UnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent

Exports

Exports

DllMain

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driverquery.exe
.exe windows:10 windows x64 arch:x64

033b70299a7f2d13d2ccd201f2fd5461

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

drvqry.pdb

Imports

kernel32

GetNumberFormatW
CreateFileW
CreateFileMappingW
CloseHandle
MapViewOfFile
UnmapViewOfFile
GetDateFormatW
GetTimeFormatW
GetModuleHandleW
GetProcAddress
GetCurrentProcess
GetLocaleInfoW
GetUserDefaultLocaleName
LocaleNameToLCID
GetUserDefaultLCID
FormatMessageW
LocalAlloc
WriteConsoleW
GetStdHandle
GetLastError
GetModuleFileNameW
SetLastError
FileTimeToSystemTime
GetComputerNameExW
HeapSize
HeapReAlloc
HeapAlloc
HeapValidate
HeapFree
GetProcessHeap
ReadConsoleW
ReadFile
SetConsoleMode
MultiByteToWideChar
ExitProcess
CompareStringA
GetThreadLocale
CompareStringW
lstrlenW
lstrlenA
GetConsoleMode
GetFileType
WideCharToMultiByte
FindStringOrdinal
SetThreadUILanguage
CreateMutexW
GetConsoleOutputCP

msvcrt

memcpy
_CxxThrowException
fflush
?terminate@@YAXXZ
wcstok
??1type_info@@UEAA@XZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
free
_callnewh
malloc
wcschr
_vsnwprintf
_wcsicmp
_wtoi
localtime
_stricmp
_strnicmp
_wcsnset
_ltow
swprintf_s
_wsetlocale
__CxxFrameHandler4
__iob_func
_memicmp
_errno
wcstod
wcstol
wcstoul
_fileno
_get_osfhandle
fprintf
memset

oleaut32

SysAllocString
SysAllocStringByteLen
SysStringLen
SysFreeString
VariantInit
VariantCopy
VariantClear
VariantChangeType

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoInitializeSecurity
CoTaskMemAlloc

sspicli

GetUserNameExW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

ntdll

VerSetConditionMask
RtlVerifyVersionInfo

user32

wsprintfW
CharUpperW
LoadStringW

mpr

WNetAddConnection2W
WNetCancelConnection2W
WNetGetLastErrorW

framedynos

?ReleaseBuffer@CHString@@QEAAXH@Z
??0CHString@@QEAA@XZ
??4CHString@@QEAAAEBV0@AEBV0@@Z
?Compare@CHString@@QEBAHPEBG@Z
?Mid@CHString@@QEBA?AV1@H@Z
?GetBuffer@CHString@@QEAAPEAGH@Z
?GetBufferSetLength@CHString@@QEAAPEAGH@Z
?Format@CHString@@QEAAXPEBGZZ
?FindOneOf@CHString@@QEBAHPEBG@Z
?Left@CHString@@QEBA?AV1@H@Z
??4CHString@@QEAAAEBV0@PEBG@Z
??1CHString@@QEAA@XZ
?GetData@CHString@@IEBAPEAUCHStringData@@XZ
?Find@CHString@@QEBAHG@Z
??0CHString@@QEAA@PEBG@Z

shlwapi

StrChrW
StrCmpNW

ws2_32

WSAStartup
FreeAddrInfoW
GetAddrInfoW
GetNameInfoW
WSACleanup
WSAGetLastError

version

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

srvcli

NetServerGetInfo

netutils

NetApiBufferFree

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drvinst.exe
.exe windows:10 windows x64 arch:x64

f04ef8dc28fb63677ecd326f45ea6aa1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

drvinst.pdb

Imports

msvcrt

strncmp
wcsstr
memcmp
memcpy
memmove
?terminate@@YAXXZ
_onexit
__dllonexit
qsort
wcsrchr
_wcslwr
_lock
_resetstkoflw
_commode
toupper
_fmode
_unlock
wcschr
_initterm
_wcsnicmp
__setusermatherr
_vsnprintf
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
swscanf
_vsnwprintf
_wcsicmp
__C_specific_handler
memmove_s
_purecall
??3@YAXPEAX@Z
memcpy_s
wcsncmp
memset

ntdll

EtwEventWriteTransfer
EtwEventSetInformation
RtlIsStateSeparationEnabled
NtFlushBuffersFileEx
NtDeleteValueKey
NtSetValueKey
NtQueryValueKey
NtQueryKey
NtCreateKey
NtOpenKey
RtlInitUnicodeString
RtlFreeUnicodeString
RtlFormatCurrentUserKeyPath
RtlUpcaseUnicodeString
RtlRandomEx
RtlPrefixUnicodeString
RtlInitUnicodeStringEx
NtClose
NtSetInformationFile
NtQueryInformationFile
RtlGetVersion
RtlNtStatusToDosErrorNoTeb
RtlUpcaseUnicodeChar
ZwQueryValueKey
ZwOpenKey
ZwQuerySystemInformation
ZwClose
RtlFreeHeap
RtlReAllocateHeap
RtlAllocateHeap
RtlAppendUnicodeToString
ZwEnumerateValueKey
NtSystemDebugControl
RtlAppendUnicodeStringToString
RtlDosPathNameToNtPathName_U_WithStatus
ZwCreateFile
RtlRunOnceExecuteOnce
RtlCopyUnicodeString
ZwOpenFile
ZwEnumerateKey
ZwQueryInformationFile
ZwCreateSection
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwQueryDirectoryFile
RtlpEnsureBufferSize
RtlNtPathNameToDosPathName
RtlGetNativeSystemInformation
RtlInitString
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
LdrResSearchResource
VerSetConditionMask
RtlVerifyVersionInfo
RtlImageDirectoryEntryToData
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtQuerySystemInformation
EtwEventRegister
EtwEventUnregister
RtlNtStatusToDosError
NtQueryInformationProcess
DbgPrintEx
RtlGUIDFromString

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA
GetModuleHandleExA
GetModuleHandleExW
GetModuleFileNameA
LoadResource
GetModuleHandleW
LoadLibraryExW
GetProcAddress
FreeLibrary
LockResource

api-ms-win-core-synch-l1-1-0

ReleaseMutex
SetEvent
CreateMutexW
WaitForSingleObject
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
SleepEx
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
CreateMutexExW
WaitForMultipleObjectsEx
CreateEventW
DeleteCriticalSection
AcquireSRWLockShared
OpenEventW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapSetInformation
HeapReAlloc
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
GetLastError
SetUnhandledExceptionFilter
SetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
ExitProcess
TerminateProcess
CreateThread
GetExitCodeThread
GetCurrentProcessId
OpenProcessToken
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

LCMapStringW
GetThreadLocale
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

api-ms-win-devices-config-l1-1-1

CM_Set_DevNode_PropertyW
CM_Get_DevNode_Status
CM_Locate_DevNodeW
CM_Get_Sibling
CM_MapCrToWin32Err
CM_Get_Class_PropertyW
CM_Get_DevNode_Registry_PropertyW
CM_Set_DevNode_Registry_PropertyW
CM_Get_Child
CM_Get_DevNode_PropertyW
CM_Open_DevNode_Key
CM_Setup_DevNode
CM_Get_Device_IDW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW
GetCommandLineA

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemTime
GetSystemWindowsDirectoryW
GetWindowsDirectoryW
GetTickCount64
GetSystemInfo

api-ms-win-security-base-l1-1-0

InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
IsValidSid
DuplicateTokenEx
AddAccessAllowedAceEx
GetLengthSid
GetTokenInformation
FreeSid
CheckTokenMembership
AllocateAndInitializeSid

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
CompareStringW

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateDirectoryW
FindClose
FindFirstFileW
FlushFileBuffers
SetEndOfFile
SetFilePointer
FindNextFileW
SetFileAttributesW
GetFileSize
GetFileInformationByHandle
GetTempFileNameW
CreateFileW
GetFileAttributesExW
WriteFile
DeleteFileW
GetFullPathNameW
GetFinalPathNameByHandleW
FileTimeToLocalFileTime

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegEnumValueW
RegDeleteTreeW
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegCreateKeyExW
RegFlushKey
RegCloseKey

api-ms-win-core-file-l2-1-0

CopyFileExW
CreateHardLinkW
MoveFileExW

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-security-provider-l1-1-0

SetSecurityInfo
SetEntriesInAclW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterFile

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-apiquery-l2-1-0

IsApiSetImplemented

Sections

.text
Size: 248KB - Virtual size: 246KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dsregcmd.exe
.exe windows:10 windows x64 arch:x64

573605d3b41edde239167a3c72371f8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

dsregcmd.pdb

Imports

msvcp_win

??0_Lockit@std@@QEAA@H@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?widen@?$ctype@G@std@@QEBAGD@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Random_device@std@@YAIXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_J@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPEBD@Z
?id@?$ctype@G@std@@2V0locale@2@A
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??1_Lockit@std@@QEAA@XZ

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm
_register_thread_local_exe_atexit_callback
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__get_initial_wide_environment
_o__gmtime64_s
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__mbsinc
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__cexit
_o__strlwr_s
_o__ultoa_s
_o__errno
_o__wcsicmp
_o__wcslwr_s
memmove
_o__wtoi
_o__wtol
_o_calloc
_o_ceilf
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsftime
_o_wcsncpy_s
_o_wmemcpy_s
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_o__callnewh
_o__beginthreadex
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
_o__difftime64
_o__crt_atexit
__std_terminate
__CxxFrameHandler4
_o__configure_wide_argv
_o__configthreadlocale
wcschr
wcsstr
__std_type_info_compare
_o__exit
_CxxThrowException
__C_specific_handler_noexcept
__RTDynamicCast
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsnlen
wcspbrk
wcsspn
wcsncmp
memset
strncmp
wcscspn
wcscmp

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentThread
OpenProcessToken
GetCurrentThreadId
TerminateThread
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetExitCodeThread

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
FlushInstructionCache

api-ms-win-core-libraryloader-l1-2-0

LoadResource
FindResourceExW
GetModuleHandleW
GetModuleFileNameW
GetProcAddress
LockResource
SizeofResource
LoadLibraryExA

dsreg

DsrCLI

oleaut32

VariantCopy
VariantChangeType
LoadTypeLi
DispCallFunc
SysAllocStringLen
VariantInit
VarBstrCmp
VariantClear
SysStringByteLen
OleCreateFontIndirect
GetErrorInfo
SysAllocString
LoadRegTypeLi
SysFreeString
SysStringLen

api-ms-win-core-com-l1-1-0

CoGetClassObject
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemAlloc
CLSIDFromString
CoCreateGuid
CoUninitialize
CoInitializeEx
StringFromGUID2
CLSIDFromProgID

winhttp

WinHttpSetCredentials
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpSetStatusCallback
WinHttpCloseHandle
WinHttpOpen
WinHttpReceiveResponse
WinHttpCrackUrl
WinHttpConnect

wininet

InternetOpenW
InternetCloseHandle
InternetSetOptionW

crypt32

CryptFindOIDInfo
CryptAcquireCertificatePrivateKey
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CertOpenStore

bcrypt

BCryptDestroyHash
BCryptGetProperty
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptOpenAlgorithmProvider

ncrypt

NCryptFreeObject
NCryptDeleteKey
NCryptSignHash

gdi32

GetObjectW
GetStockObject
DeleteDC
BitBlt
SelectObject
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
GetDeviceCaps

userenv

UnloadUserProfile

secur32

GetUserNameExW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
GlobalAlloc

api-ms-win-core-synch-l1-1-0

SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ResetEvent
WaitForSingleObjectEx
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
CreateEventW

api-ms-win-rtcore-ntuser-window-l1-1-0

DestroyWindow
ClientToScreen
GetClassNameW
IsWindow
SendMessageW
GetMessageW
TranslateMessage
DispatchMessageW
SetWindowPos
PostThreadMessageW
ScreenToClient
MoveWindow
GetClientRect
GetWindow
RegisterWindowMessageW
GetDesktopWindow
GetWindowTextW
SetWindowTextW
GetWindowLongW
SetWindowLongW
CallWindowProcW
GetParent
IsChild
GetFocus
SetFocus
CreateWindowExW
PostMessageW
PostQuitMessage
DefWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
GetClassInfoExW
RegisterClassExW
SetTimer

api-ms-win-rtcore-ntuser-draw-l1-1-0

RedrawWindow

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-security-cryptoapi-l1-1-0

CryptDestroyHash
CryptSignHashW
CryptReleaseContext
CryptHashData
CryptCreateHash

api-ms-win-eventlog-legacy-l1-1-0

DeregisterEventSource
RegisterEventSourceW
ReportEventW

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCreateKeyExW
RegCloseKey

api-ms-win-core-handle-l1-1-0

CloseHandle

wkscli

NetGetJoinInformation

netutils

NetApiBufferFree

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-security-base-l1-1-0

GetTokenInformation
CopySid
GetLengthSid
EqualDomainSid
IsValidSid

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapFree
HeapAlloc
HeapSize
GetProcessHeap
HeapDestroy

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-crt-time-l1-1-0

_time64

user32

GetWindowTextLengthW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
BeginPaint
LoadIconW
GetKeyState
UnregisterClassA
EndPaint
GetDlgItem
GetSysColor
CreateAcceleratorTableW
SetCapture
ReleaseCapture
FillRect
InvalidateRgn
InvalidateRect
LoadCursorW
DestroyAcceleratorTable
ReleaseDC
GetDC

ole32

OleLockRunning
OleUninitialize
OleRun
OleInitialize

Sections

.text
Size: 292KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dstokenclean.exe
.exe windows:10 windows x64 arch:x64

f1d06b8c52f369e9c51a17b21e2bd700

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

dstokenclean.pdb

Imports

msvcrt

_XcptFilter
_exit
exit
__set_app_type
_initterm
__wgetmainargs
_fmode
_commode
_cexit
__C_specific_handler
_vsnwprintf
?terminate@@YAXXZ
_lock
_unlock
_amsg_exit
_onexit
__setusermatherr
__dllonexit
memset

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
Sleep
InitOnceComplete

api-ms-win-core-synch-l1-1-0

CreateMutexW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

dsclient

DSRemoveExpiredTokens

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dtdump.exe
.exe windows:10 windows x64 arch:x64

80a2be6c8bc4364d8eed8759fefbe837

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

dtdump.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

strcspn
memset

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsicmp
_o__wcsnicmp
_o__wcstoi64
_o__wcstoui64
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o___std_exception_destroy
_o___stdio_common_vsnprintf_s
_o___std_exception_copy
_o___p__commode
__std_terminate
__CxxFrameHandler4
_o___p___wargv
_o___p___argc
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
EnterCriticalSection
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSemaphore
ReleaseSRWLockExclusive
ReleaseMutex
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dusmtask.exe
.exe windows:10 windows x64 arch:x64

74abce029f80af86a659b17dee8ea0f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

dusmtask.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o___std_exception_destroy
_o___std_exception_copy
_o___stdio_common_vswprintf
_o___p__commode
_o___p___wargv
_o___p___argc
_o___stdio_common_vsnprintf_s
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
LoadStringW
GetModuleHandleW
FreeLibrary
LoadLibraryExA

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
EnterCriticalSection
ReleaseSemaphore
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
LeaveCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockShared
WaitForSingleObject
OpenSemaphoreW
CreateSemaphoreExW
AcquireSRWLockExclusive
ReleaseMutex
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoCreateInstance

ntdll

RtlQueryWnfStateData
RtlGetDeviceFamilyInfoEnum

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dvdplay.exe
.exe windows:10 windows x64 arch:x64

3cb4a4cdeb02e4c28fd0c394b4cd7597

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

dvdplay.pdb

Imports

advapi32

RegGetValueW

kernel32

SearchPathW
CreateProcessW
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess

api-ms-win-crt-runtime-l1-1-0

_initterm
_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e

api-ms-win-crt-private-l1-1-0

_o___p__commode
_o__cexit
_o__configthreadlocale
_o__configure_narrow_argv
_o__crt_atexit
_o__exit
_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context

api-ms-win-crt-string-l1-1-0

memset

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dwm.exe
.exe windows:10 windows x64 arch:x64

3320624db644525d7a5834de633d34f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

dwm.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_invoke_watson

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsicmp
_o__wtof
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__configure_wide_argv
_o__configthreadlocale
_o___p__commode
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o__crt_atexit
_o___std_exception_destroy
_o___std_exception_copy
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp

api-ms-win-core-windowserrorreporting-l1-1-0

WerSetFlags

api-ms-win-core-windowserrorreporting-l1-1-3

WerSetMaxProcessHoldMilliseconds

api-ms-win-core-windowserrorreporting-l1-1-1

WerRegisterCustomMetadata
WerUnregisterCustomMetadata

api-ms-win-eventlog-legacy-l1-1-0

RegisterEventSourceW
DeregisterEventSource
ReportEventW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleExA
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateSemaphoreExW
AcquireSRWLockShared
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
ReleaseSemaphore
CreateMutexExW
TryAcquireSRWLockExclusive
CreateEventW
DeleteCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
InitializeCriticalSectionEx
ReleaseMutex
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapSetInformation
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
GetLastError
SetLastError
SetErrorMode

api-ms-win-core-processthreads-l1-1-0

ProcessIdToSessionId
GetCurrentThread
ExitProcess
GetCurrentThreadId
GetStartupInfoW
OpenProcessToken
GetCurrentProcessId
GetCurrentProcess
TerminateThread
TerminateProcess
SetPriorityClass

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
CheckTokenMembership

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegGetValueW
RegSetValueExW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry
RtlCaptureStackBackTrace

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-version-l1-1-0

VerQueryValueW

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

api-ms-win-core-util-l1-1-0

Beep

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-composition-redirection-l1-1-0

DwmInitializePort

api-ms-win-composition-windowmanager-l1-1-0

ord101

api-ms-win-dx-d3dkmt-l1-1-0

D3DKMTCheckVidPnExclusiveOwnership
D3DKMTSetProcessSchedulingPriorityClass
D3DKMTEscape

api-ms-win-dx-d3dkmt-l1-1-1

D3DKMTOpenAdapterFromLuid

api-ms-win-rtcore-ntuser-private-l1-1-0

RegisterSessionPort

api-ms-win-rtcore-ntuser-private-l1-1-2

DwmKernelStartup

api-ms-win-rtcore-ntuser-window-l1-1-0

PostMessageW
DestroyWindow
DispatchMessageW
PostQuitMessage
DefWindowProcW
TranslateMessage
GetMessageW
CreateWindowExW
RegisterClassExW

win32u

NtDesktopCaptureBits

ntdll

NtAlpcSendWaitReceivePort
RtlNtStatusToDosError
RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
RtlPublishWnfStateData
NtSetInformationProcess
RtlFreeSid
RtlAllocateAndInitializeSid
EtwEventRegister
EtwEventWriteTransfer
RtlGetDeviceFamilyInfoEnum
NtQueryInformationProcess
NtQuerySystemInformation
DbgPrintEx
DbgPrompt

dxgi

DXGIDeclareAdapterRemovalSupport

coremessaging

CoreUICreate

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

dwmcore

MilCompositionEngine_Initialize

msvcp_win

_Query_perf_counter
?_Xlength_error@std@@YAXPEBD@Z
?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA
_Query_perf_frequency

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-errorhandling-l1-1-3

TerminateProcessOnMemoryExhaustion

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dxdiag.exe
.exe windows:10 windows x64 arch:x64

62f80ea69e8426aba27debfc641bfd2b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

dxdiag.pdb

Imports

advapi32

EventActivityIdControl
RegQueryValueExW
RegDeleteValueW
EventUnregister
RegOpenKeyExW
RegSetValueExW
EventSetInformation
RegCreateKeyExW
RegFlushKey
EventRegister
EventWriteTransfer
RegCloseKey
RegNotifyChangeKeyValue
RegEnumValueW
RegEnumKeyExW

kernel32

HeapSetInformation
DeleteCriticalSection
FreeLibrary
RegisterApplicationRestart
GetVersionExW
GetSystemDirectoryW
WaitForSingleObject
GetNativeSystemInfo
GetSystemInfo
GetModuleHandleW
LoadLibraryW
CloseHandle
SetEvent
GetLastError
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
GetFileAttributesW
Sleep
CreateEventW
GetCurrentThreadId
WaitForMultipleObjects
GetCommandLineW
EnterCriticalSection
Wow64EnableWow64FsRedirection
GetCurrentDirectoryW
GetFullPathNameW
lstrlenW
WriteFile
CreateFileW
WideCharToMultiByte

gdi32

SelectObject
GetTextMetricsW
GetTextExtentPoint32W

user32

ShowScrollBar
GetKeyState
AdjustWindowRectEx
CreateDialogParamW
SetScrollInfo
GetWindowLongW
EnableWindow
ReleaseDC
GetWindowRect
GetFocus
DestroyWindow
GetDC
SetWindowPos
MessageBoxW
UpdateWindow
SendMessageW
CallNextHookEx
EndDialog
DialogBoxParamW
ScrollWindow
GetDesktopWindow
PostQuitMessage
CheckDlgButton
KillTimer
GetDlgItem
GetClientRect
SetWindowsHookExW
LoadIconW
TranslateMessage
SetFocus
UnhookWindowsHookEx
IsWindowEnabled
PostMessageW
SetForegroundWindow
PeekMessageW
IsDialogMessageW
SetTimer
DispatchMessageW
ShowWindow
LoadStringW
GetWindowLongPtrW
MsgWaitForMultipleObjects
GetScrollInfo
ScreenToClient
SetWindowTextW

msvcp_win

??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z

api-ms-win-crt-string-l1-1-0

memset
wcsncmp
wcscmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o___std_exception_copy
_o___std_exception_destroy
_o___stdio_common_vsprintf
_o___stdio_common_vswprintf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswscanf
_o__beginthreadex
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_narrow_argv
_o__crt_atexit
_o__exit
_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo_noreturn
_o__putws
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsnicmp
_o__wtoi
_o__wtoi64
_o_exit
_o_free
_o_iswdigit
_o_malloc
_o_rand
_o_realloc
_o_terminate
_o_wcstok
__C_specific_handler
__current_exception
__current_exception_context
_o___p__commode
_CxxThrowException
wcsrchr
__std_terminate
wcsstr
__CxxFrameHandler4
wcschr
__CxxFrameHandler3
memcpy
memmove

comctl32

ord17
ImageList_Destroy
ImageList_Create
ImageList_ReplaceIcon

comdlg32

GetSaveFileNameW

shell32

ShellExecuteW

ole32

CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

Sections

.text
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dxgiadaptercache.exe
.exe windows:10 windows x64 arch:x64

2d0256d01e3040c4cbac0b67964dbd15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DXGIAdapterCache.pdb

Imports

msvcp_win

?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
??0_Lockit@std@@QEAA@H@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1_Lockit@std@@QEAA@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?uncaught_exception@std@@YA_NXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?put@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@GU?$char_traits@G@std@@@2@V32@AEAVios_base@2@GPEBUtm@@PEBG3@Z
?_Getcat@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_initterm
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o___std_exception_copy
_o___std_exception_destroy
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__gmtime64
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsicmp
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o___p__commode
__std_terminate
__CxxFrameHandler4
_o___p___wargv
_o___p___argc
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetProcAddress
FreeLibrary
GetModuleHandleExW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
InitializeCriticalSectionEx
AcquireSRWLockShared
AcquireSRWLockExclusive
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
CreateMutexExW
DeleteCriticalSection
CreateSemaphoreExW
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
WaitForSingleObject
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter
RaiseException

ntdll

NtCreateTransaction
NtClose
NtCommitTransaction

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegGetValueW
RegCloseKey
RegDeleteTreeW

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
easinvoker.exe
.exe windows:10 windows x64 arch:x64

3e94ccb6e60fc118db0d61a5306c8825

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:6e:e8:96:93:1a:ae:23:5a:a4:bd:af:bf:07:07:6d:f6:db:74:d7:da:bb:8a:e2:2f:8d:c5:37:2d:d1:fa:a4
Signer

Actual PE Digest

20:6e:e8:96:93:1a:ae:23:5a:a4:bd:af:bf:07:07:6d:f6:db:74:d7:da:bb:8a:e2:2f:8d:c5:37:2d:d1:fa:a4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

easinvoker.pdb

Imports

advapi32

RegGetValueW
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
GetTokenInformation
MakeAbsoluteSD
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
OpenProcessToken
EventRegister
EventUnregister

kernel32

GetProcessHeap
HeapAlloc
HeapFree
GetModuleHandleExA
ResolveDelayLoadedAPI
DelayLoadFailureHook
GetSystemWindowsDirectoryW
LocalFree
CloseHandle
GetCurrentThread
SetEvent
GetLastError
CreateEventW
WaitForSingleObject
GetCurrentProcess

msvcrt

_purecall
__CxxFrameHandler3
free
malloc
_vsnwprintf
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
memcpy
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_fmode
memset
_commode
_lock
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
exit
_wcsicmp
_callnewh
_wtoi

api-ms-win-core-com-l1-1-0

CoRevokeClassObject
CoInitializeSecurity
CoTaskMemAlloc
CoRegisterClassObject
CoInitializeEx
CoUninitialize
CoCreateInstance
CoReleaseServerProcess
CoAddRefServerProcess
CoTaskMemFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
FreeLibrary
GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-heap-l2-1-0

LocalAlloc

api-ms-win-security-base-l1-1-0

PrivilegeCheck
GetSecurityDescriptorDacl
CopySid
CreateWellKnownSid
EqualSid
GetLengthSid
CheckTokenMembership

authz

AuthzInitializeContextFromSid
AuthzAddSidsToContext
AuthzInitializeResourceManager
AuthzAccessCheck
AuthzFreeResourceManager
AuthzFreeContext

samcli

NetUserGetInfo

netutils

NetApiBufferFree

rpcrt4

RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringFreeW
RpcBindingFree
I_RpcMapWin32Status
I_RpcExceptionFilter
RpcBindingCreateW
NdrClientCall3
RpcBindingBind

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegDeleteTreeW
RegCloseKey

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-security-lsapolicy-l1-1-0

LsaClose
LsaFreeMemory
LsaQueryInformationPolicy
LsaOpenPolicy
LsaLookupSids

samlib

SamQueryInformationDomain
SamConnect
SamQuerySecurityObject
SamOpenDomain
SamQueryInformationUser
SamCloseHandle
SamFreeMemory
SamOpenUser

ntdll

NtGetCachedSigningLevel
NtQuerySystemInformation
RtlGetDeviceFamilyInfoEnum
NtDuplicateToken
NtOpenProcessToken
NtOpenThreadToken
RtlEqualSid
RtlSubAuthorityCountSid
RtlDeleteResource
RtlInitializeResource
NtClose
RtlReleaseResource
RtlAcquireResourceExclusive
RtlCopySid
RtlLengthSid
RtlGetNtProductType
RtlInitUnicodeString
RtlSubAuthoritySid
RtlInitializeSid
RtlIsMultiSessionSku
NtQueryInformationToken

user32

UpdatePerUserSystemParameters
SystemParametersInfoW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
edpnotify.exe
.exe windows:10 windows x64 arch:x64

6b247cad47b5ce87e83bbd3f31052de4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

EdpNotify.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o__configure_wide_argv
_o__wcsicmp
_o__wcsnicmp
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcstok_s
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__std_terminate
__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-com-l1-1-0

CoResumeClassObjects
CoTaskMemAlloc
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles
CoRevokeClassObject
CoAddRefServerProcess
CoReleaseServerProcess
CoRegisterClassObject

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsCreateStringReference

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoRegisterActivationFactories
RoGetActivationFactory
RoInitialize
RoRevokeActivationFactories

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
CreateEventExW
CreateMutexExW
ReleaseMutex
CreateSemaphoreExW
OpenSemaphoreW
SetEvent
WaitForSingleObjectEx
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObject

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegSetValueExW
RegCloseKey
RegGetValueW
RegCreateKeyExW
RegOpenCurrentUser

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetStartupInfoW
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
efsui.exe
.exe windows:10 windows x64 arch:x64

79780253655b3282fd06ea62fca2f32f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

efsui.pdb

Imports

advapi32

GetTokenInformation
ConvertSidToStringSidW
OpenProcessToken

kernel32

GetCommandLineW
GetCurrentProcess
GetLastError
CreateMutexW
CloseHandle
LocalAlloc
LocalFree

msvcrt

_commode
_acmdln
__C_specific_handler
?terminate@@YAXXZ
__getmainargs
_XcptFilter
_wcsicmp
_fmode
_vsnwprintf
_initterm
__setusermatherr
__set_app_type
exit
_exit
_cexit
_ismbblead
_amsg_exit

efsadu

EfsUIUtilEncryptMyDocuments
EfsUIUtilInstallDra
EfsUIUtilSelectCard
EfsUIUtilShowBalloonAndWait
EfsUIUtilPromptForPin
EfsUIUtilEnrollEfsCertificate
EfsUIUtilKeyBackup

crypt32

CryptBinaryToStringW
CryptStringToBinaryW
CertFreeCertificateContext

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

efsutil

EfsUtilGetCurrentKey

ntdll

RtlImageNtHeader

shell32

CommandLineToArgvW

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
esentutl.exe
.exe windows:10 windows x64 arch:x64

fe6591b11402803deebb84294c5a81bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

esentutl.pdb

Imports

msvcrt

__set_app_type
_exit
_amsg_exit
_XcptFilter
_wtol
_wcsnicmp
strchr
_wfullpath
_wcsupr_s
wcsstr
swprintf_s
_fmode
wcscat_s
wcscpy_s
__C_specific_handler
_commode
_cexit
_lock
_getch
_unlock
_snwscanf_s
_wsplitpath_s
__dllonexit
_onexit
?terminate@@YAXXZ
__setusermatherr
_wmakepath_s
swscanf_s
wcstol
_vsnwprintf
malloc
free
memcpy
wprintf
memcmp
wcschr
_purecall
exit
_initterm
iswascii
fwprintf
isprint
_vsnprintf
strtoul
strcspn
strrchr
wcsncmp
wcsrchr
memmove_s
iswalpha
rand_s
wcspbrk
vprintf
strstr
_wcsicmp
__iob_func
__wgetmainargs
memset

esent

JetSetSystemParameterA
JetDBUtilitiesW
JetGetSystemParameterW
JetTerm2
JetGetErrorInfoW
JetTestHook
JetDetachDatabaseW
JetInit
JetBeginSessionW
JetAttachDatabase3W
JetInit4W
JetSetSystemParameterW
JetGetLogFileInfoW
JetRestore2W
JetEndSession
JetGetDatabaseFileInfoW

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
RtlCaptureStackBackTrace

api-ms-win-core-file-l1-1-0

FindClose
CreateFileW
FindVolumeClose
FlushFileBuffers
SetFileValidData
SetFileInformationByHandle
FindNextVolumeW
ReadFile
WriteFileGather
ReadFileScatter
GetFileInformationByHandle
RemoveDirectoryW
CreateDirectoryW
GetTempFileNameW
SetEndOfFile
GetFileAttributesExW
WriteFile
GetDiskFreeSpaceExW
GetVolumePathNameW
GetFinalPathNameByHandleW
GetFileAttributesW
DeleteFileW
SetFilePointerEx
GetDiskFreeSpaceW
GetFullPathNameW
GetDriveTypeW
FindNextFileW
FindFirstVolumeW
GetVolumeInformationW
FindFirstFileW
GetFileSizeEx

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapSetInformation
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-io-l1-1-0

CreateIoCompletionPort
GetQueuedCompletionStatus
DeviceIoControl
GetOverlappedResult
PostQueuedCompletionStatus

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle
SetHandleInformation

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetVersionExW
GetLogicalProcessorInformationEx
GlobalMemoryStatusEx
GetTickCount
GetSystemInfo
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetSystemTime
GetSystemWindowsDirectoryW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
FreeLibrary
LoadLibraryExA
GetProcAddress

api-ms-win-core-file-l2-1-0

MoveFileExW
GetFileInformationByHandleEx
CopyFileExW

api-ms-win-core-processthreads-l1-1-0

SetThreadPriorityBoost
GetCurrentProcessId
SetThreadPriority
CreateThread
GetCurrentProcess
TlsAlloc
TerminateProcess
GetCurrentThread
TlsFree
TlsGetValue
GetExitCodeThread
GetCurrentThreadId
ResumeThread
CreateProcessW
TlsSetValue
OpenThread

api-ms-win-core-synch-l1-2-0

Sleep
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
LeaveCriticalSection
CreateMutexW
SetEvent
ReleaseSemaphore
WaitForSingleObject
WaitForSingleObjectEx
DeleteCriticalSection
ReleaseSRWLockExclusive
CreateEventW
AcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
SleepEx
ReleaseMutex

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
VirtualProtect
VirtualFree
VirtualAlloc
VirtualQueryEx

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetThreadIdealProcessorEx

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
DebugBreak

api-ms-win-core-localization-l1-2-0

FormatMessageW
LCMapStringW
LCMapStringEx

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-file-l2-1-1

OpenFileById

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

api-ms-win-core-errorhandling-l1-1-3

SetThreadErrorMode

api-ms-win-core-privateprofile-l1-1-0

GetProfileStringW

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 312KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
esimtool.exe
.exe windows:10 windows x64 arch:x64

3aeaa653c08dec60679fe0824a7702c2

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d4:34:11:61:ff:a0:32:e4:30:00:90:7d:f3:a8:2c:0b:a3:33:3e:2d:e9:65:c7:f9:dd:dc:c4:69:52:3b:d5:9e
Signer

Actual PE Digest

d4:34:11:61:ff:a0:32:e4:30:00:90:7d:f3:a8:2c:0b:a3:33:3e:2d:e9:65:c7:f9:dd:dc:c4:69:52:3b:d5:9e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

esimtool.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

wcsncmp
memset

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm_e
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__crt_atexit
_o__wcsicmp
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o__cexit
_o__callnewh
_o___p__commode
_o___p___wargv
_o___stdio_common_vfwprintf
_o___p___argc
_o__configure_wide_argv
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler4
_o__configthreadlocale
_o___std_exception_destroy
_o___std_exception_copy
memmove
memcpy

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
WaitForSingleObject
CreateEventW
SetEvent
DeleteCriticalSection

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-2-3

GetOsManufacturingMode

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW

luiapi

LuiCloseHandle
LuiWipeEsim
LuiRegisterForLpaNotifications
LuiDeleteProfile
LuiRegisterForEsimNotifications
LuiRegisterForAllProfileNotifications
LuiDisableProfile
LuiOpenHandle
LuiEnableProfile

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eudcedit.exe
.exe windows:10 windows x64 arch:x64

dce88ffca518310aa0a46b0b79160153

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

eudcedit.pdb

Imports

comdlg32

GetOpenFileNameW
ChooseFontW
GetSaveFileNameW

comctl32

InitCommonControlsEx

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellAboutW

gdi32

CreateSolidBrush
GetObjectW
GetTextExtentPoint32W
DeleteDC
CreateCompatibleDC
CreateBitmap
GetStockObject
GetBitmapBits
SetBitmapBits
BitBlt
StretchBlt
Rectangle
CreateCompatibleBitmap
PatBlt
CreatePolygonRgn
CreatePen
Ellipse
GetRgnBox
FillRgn
GetTextExtentExPointW
TranslateCharsetInfo
GetTextExtentPoint32A
ExtTextOutA
ExtTextOutW
OffsetRgn
GetTextMetricsW
GetLayout
DeleteObject
SetBkColor
SetTextColor
GetTextExtentPointW
EnumFontFamiliesW
EnableEUDC
CreateFontIndirectW
SelectObject
GetFontData

imm32

ImmConfigureIMEW
ImmSetConversionStatus
ImmSetCompositionStringW
ImmAssociateContext
ImmEscapeW
ImmIsIME
ImmGetCompositionStringW
ImmEnumRegisterWordW
ImmDestroyContext
ImmGetConversionStatus
ImmCreateContext
ImmRegisterWordW

ole32

CoInitialize
CoCreateInstance

msctf

TF_CreateInputProcessorProfiles
TF_CreateThreadMgr

oleaut32

SysAllocString
SysFreeString

advapi32

RegSetValueExW
EventRegister
EventSetInformation
EventWriteTransfer
RegOpenKeyExW
RegQueryValueExW
RegEnumValueW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
EventUnregister

kernel32

TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
MultiByteToWideChar
GlobalAlloc
GlobalFree
GetCurrentProcess
GlobalUnlock
lstrcmpW
lstrlenW
GetACP
GetProcAddress
GetModuleHandleW
WideCharToMultiByte
GetTickCount
GetSystemWindowsDirectoryW
lstrcmpiW
CreateFileW
CloseHandle
lstrcmpA
CompareStringW
GetTempPathW
GetTempFileNameW
MoveFileExW
CreateFileMappingW
MapViewOfFile
GetFileSize
SetUnhandledExceptionFilter
WriteFile
FormatMessageW
GetCurrentThreadId
HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
GetLastError
IsDebuggerPresent
OutputDebugStringW
SetLastError
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
LocalAlloc
WaitForSingleObject
OpenSemaphoreW
LocalFree
LocalLock
LocalUnlock
InitOnceBeginInitialize
GetCurrentProcessId
CreateMutexExW
InitOnceComplete
CreateSemaphoreExW
ReadFile
SetFilePointer
HeapSetInformation
RegisterApplicationRestart
DeleteFileW
GetSystemDefaultLCID
MoveFileW
ExpandEnvironmentStringsW
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
Sleep
GetStartupInfoW
UnmapViewOfFile
RtlCaptureContext
GlobalLock

user32

DrawMenuBar
DeleteMenu
IsIconic
IsZoomed
IsWindowVisible
SetRectEmpty
GetDialogBaseUnits
SetWindowLongW
DispatchMessageW
TranslateMessage
PeekMessageW
GetSystemMetrics
SetActiveWindow
GetCapture
GetActiveWindow
SetForegroundWindow
FindWindowW
ShowScrollBar
ReleaseCapture
SetCapture
EqualRect
OffsetRect
InvertRect
ScreenToClient
GetCursorPos
UnionRect
CopyRect
SetClipboardData
EmptyClipboard
SetRect
EnumClipboardFormats
CloseClipboard
GetClipboardData
OpenClipboard
RegisterClipboardFormatW
LoadMenuW
ClientToScreen
IntersectRect
FillRect
GetClientRect
UpdateWindow
LoadIconW
EnableScrollBar
SetScrollInfo
DefWindowProcW
PostMessageW
GetWindow
GetWindowRect
GetDC
MessageBoxW
SetWindowLongPtrW
HideCaret
CreateWindowExW
SendMessageW
EndDialog
SetWindowTextW
MessageBeep
GetWindowLongPtrW
RegisterClassExW
LoadStringW
SetCaretPos
CreateCaret
GetKeyboardLayout
GetSysColor
PtInRect
SetFocus
LoadCursorW
DestroyCaret
GetDlgItem
ActivateKeyboardLayout
ShowCaret
DrawEdge
GetClassInfoExW
GetParent
IsWindow
GetDlgItemTextW
DrawIcon
SetDlgItemTextW
SetCursor
IsWindowEnabled
GetKeyboardLayoutList
GetWindowTextW
EnableWindow
EndPaint
BeginPaint
ReleaseDC
InvalidateRect
DialogBoxParamW

mfc42u

ord1584
ord5887
ord2975
ord1471
ord822
ord3741
ord4741
ord2585
ord6636
ord4456
ord2087
ord1448
ord4122
ord2406
ord5523
ord5526
ord3481
ord1316
ord2921
ord4463
ord2397
ord5706
ord4785
ord5677
ord4775
ord6102
ord1966
ord5091
ord4759
ord4852
ord6841
ord6842
ord5444
ord4623
ord4424
ord3648
ord4363
ord6379
ord6253
ord4459
ord2136
ord2145
ord2497
ord2643
ord2644
ord4454
ord4806
ord2100
ord1053
ord647
ord428
ord4570
ord1857
ord2596
ord6556
ord2535
ord4706
ord4345
ord5838
ord4422
ord2404
ord5506
ord1716
ord1723
ord4749
ord5656
ord6806
ord5701
ord5680
ord2455
ord6457
ord6612
ord6455
ord3638
ord2089
ord4803
ord2133
ord4014
ord1036
ord613
ord4589
ord1931
ord3920
ord6110
ord337
ord852
ord1774
ord6801
ord2425
ord6440
ord4365
ord1778
ord4746
ord5663
ord2399
ord5586
ord6812
ord4694
ord5712
ord4017
ord5229
ord4789
ord2670
ord2060
ord6814
ord3933
ord5484
ord1736
ord5683
ord2457
ord2140
ord5699
ord3049
ord3243
ord3362
ord4815
ord3231
ord3366
ord3052
ord3166
ord3046
ord3535
ord4082
ord4083
ord4077
ord3164
ord4371
ord4988
ord4770
ord3805
ord1067
ord665
ord911
ord626
ord1040
ord5077
ord4473
ord6614
ord6660
ord6147
ord4548
ord1441
ord1463
ord6351
ord2665
ord3177
ord2661
ord4557
ord2898
ord3742
ord2408
ord2427
ord1574
ord286
ord3830
ord3790
ord1647
ord2900
ord2517
ord3761
ord4771
ord5702
ord4752
ord1777
ord6437
ord5406
ord5687
ord6328
ord5245
ord3183
ord4721
ord4544
ord2595
ord3820
ord2449
ord1856
ord4569
ord1650
ord1537
ord2112
ord4807
ord4612
ord310
ord826
ord1646
ord6127
ord3783
ord427
ord3740
ord336
ord851
ord3879
ord890
ord2463
ord2461
ord2420
ord3862
ord6131
ord6130
ord525
ord984
ord6577
ord5443
ord2393
ord6138
ord6243
ord6133
ord4621
ord4442
ord6511
ord2906
ord6832
ord5815
ord6880
ord6821
ord5804
ord4774
ord2456
ord5676
ord4784
ord1674
ord2671
ord5705
ord2396
ord5659
ord4364
ord4462
ord2919
ord2920
ord3536
ord5839
ord1317
ord5420
ord3482
ord4633
ord4817
ord5525
ord5521
ord3141
ord2405
ord2750
ord5522
ord2422
ord2023
ord4542
ord2589
ord4743
ord3751
ord832
ord3894
ord1035
ord6632
ord4598
ord4800
ord1063
ord659
ord1499
ord6510
ord2752
ord5065
ord3681
ord1122
ord3682
ord620
ord3916
ord4983
ord6053
ord5711
ord5730
ord4368
ord5724
ord5722
ord3468
ord2412
ord5615
ord1388
ord4191
ord6071
ord2515
ord2559
ord4836
ord6813
ord1825
ord4599
ord3774
ord867
ord6522
ord6407
ord6524
ord6603
ord6238

msvcrt

__wgetmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_wcmdln
_fmode
_commode
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
_onexit
wcstok
memcpy
_amsg_exit
_XcptFilter
_callnewh
qsort
wcsstr
wcschr
wcstol
_wtoi
??0exception@@QEAA@XZ
_vsnprintf_s
memcpy_s
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
malloc
memcmp
_CxxThrowException
_vsnwprintf
free
wcsrchr
__CxxFrameHandler4
memset

Sections

.text
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eventcreate.exe
.exe windows:10 windows x64 arch:x64

c2409212ce77aee27a3ac6c3a1c2ec8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

evcreate.pdb

Imports

msvcrt

fprintf
_get_osfhandle
_fileno
wcstoul
wcstol
wcstod
_errno
_vsnwprintf
_memicmp
__iob_func
_amsg_exit
__wgetmainargs
fflush
exit
_exit
_cexit
__setusermatherr
__C_specific_handler
_XcptFilter
_fmode
_commode
?terminate@@YAXXZ
__set_app_type
wcstok
_initterm
memset

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW

api-ms-win-eventlog-legacy-l1-1-0

DeregisterEventSource
RegisterEventSourceW
ReportEventW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
ExitProcess
GetCurrentProcessId
OpenProcessToken

api-ms-win-core-registry-l2-1-0

RegConnectRegistryW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

FindStringOrdinal
GetModuleHandleW
GetModuleFileNameW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetComputerNameExW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

ntdll

RtlVerifyVersionInfo
VerSetConditionMask

mpr

WNetCancelConnection2W
WNetAddConnection2W
WNetGetLastErrorW

ws2_32

WSACleanup
GetAddrInfoW
GetNameInfoW
WSAStartup
WSAGetLastError
FreeAddrInfoW

sspicli

GetUserNameExW

netutils

NetApiBufferFree

srvcli

NetServerGetInfo

advapi32

CloseEventLog
OpenEventLogW

user32

LoadStringW
CharUpperW

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageW
GetThreadLocale

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
WideCharToMultiByte

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrChrW

api-ms-win-core-file-l1-1-0

GetFileType
ReadFile

api-ms-win-core-console-l1-1-0

GetConsoleMode
WriteConsoleW
SetConsoleMode
ReadConsoleW
GetConsoleOutputCP

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrlenA

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-heap-l1-1-0

HeapSize
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
HeapValidate

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eventvwr.exe
.exe windows:10 windows x64 arch:x64

81e915ba07b6a006c4d31bf65a282226

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

eventvwr.pdb

Imports

kernel32

GetModuleHandleW
FormatMessageW
LocalFree
GetLastError
HeapSetInformation
GetSystemDirectoryW
GetCommandLineW
CreateFileW
CloseHandle
CreateProcessW
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
GetCurrentProcess

user32

WaitForInputIdle
DialogBoxParamW
GetWindowLongPtrW
SetWindowLongPtrW
EndDialog
GetDlgItem
LoadStringW
LoadIconW
SendDlgItemMessageW
ShowWindow
SendMessageW
DestroyWindow
SetWindowTextW
EnableWindow

msvcrt

?terminate@@YAXXZ
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
malloc
free
_vsnwprintf
_commode
_fmode
_callnewh
memset

shell32

CommandLineToArgvW

shlwapi

StrCmpNIW

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
expand.exe
.exe windows:10 windows x64 arch:x64

6cffc29fb5449a92d29d48b72eeb323d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

expand.pdb

Imports

msvcrt

memcmp
strcat_s
strnlen
toupper
_wcsicmp
_wcsnicmp
wcsncmp
memcpy
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_commode
_vsnwprintf
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
malloc
free
vswprintf_s
_vsnprintf
vsprintf_s
__C_specific_handler
strcpy_s
_wsetlocale
_snwprintf_s
fflush
atoi
printf
strncpy_s
_fmode
memset

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NlsMbCodePageTag
RtlMultiByteToUnicodeN

kernel32

MapViewOfFile
FreeLibrary
LoadResource
FindResourceExW
LCIDToLocaleName
UnmapViewOfFile
GetVersionExW
GetLocaleInfoW
LoadLibraryExW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
SetLastError
LoadLibraryExA
SearchPathW
lstrcmpA
GetStringTypeW
GetFileTime
GlobalFree
GlobalAlloc
AcquireSRWLockExclusive
RaiseException
GetLocaleInfoEx
GetTempPathW
VirtualQuery
GetSystemInfo
IsDBCSLeadByte
VirtualProtect
GetFullPathNameW
GetConsoleOutputCP
SetThreadUILanguage
GetFullPathNameA
HeapSetInformation
lstrcmpiA
lstrcmpiW
SetFileTime
LocalAlloc
_lopen
_llseek
GetLastError
CloseHandle
LocalFree
_lread
GetFileSize
_lclose
_lcreat
_lwrite
ReadFile
HeapFree
GetModuleHandleExW
GetConsoleCP
SetFilePointer
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetACP
MultiByteToWideChar
FormatMessageW
GetFileAttributesA
GetVersionExA
CreateFileMappingW
HeapAlloc
CreateThread
GetCurrentDirectoryW
GetProcAddress
GetProcessHeap
WideCharToMultiByte
Sleep
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
ReleaseSRWLockExclusive

user32

LoadStringA
CharLowerA
LoadStringW

cabinet

ord23
ord21
ord20

rpcrt4

UuidCreate

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
extrac32.exe
.exe windows:10 windows x64 arch:x64

ca57bde6a23010d35ab579fd24f18e27

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

extrac32.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
__doserrno

api-ms-win-crt-stdio-l1-1-0

_tempnam
_open

api-ms-win-crt-string-l1-1-0

strpbrk
strncmp
memset
strspn

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vsprintf
_o__cexit
_o__chmod
_o__chsize
_o__close
_o__configthreadlocale
_o__configure_narrow_argv
_o__crt_atexit
_o__eof
_o__errno
_o__exit
_o__filelength
_o__get_narrow_winmain_command_line
_o__getdrive
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__lseek
_o__mkdir
_o__read
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__stat64i32
_o__strdup
_o__stricmp
_o__unlink
_o__write
_o_atoi
_o_exit
_o_fgets
_o_free
_o_getenv
_o_isalpha
_o_isdigit
_o_malloc
_o_terminate
_o_tolower
_o_toupper
__C_specific_handler
__current_exception
__current_exception_context
_o___stdio_common_vfprintf
_o___p__commode
_o___acrt_iob_func
strchr
memcpy

kernel32

RtlVirtualUnwind
GetFileAttributesExA
GetDriveTypeA
SetFileTime
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
GetProcAddress
GetVersion
GetModuleFileNameA
FileTimeToDosDateTime
DosDateTimeToFileTime
GetCurrentProcessId
FileTimeToLocalFileTime
SetFileAttributesA
CloseHandle
CreateFileA
GetLastError
LocalFileTimeToFileTime
Sleep

user32

DispatchMessageA
GetSystemMenu
CharNextExA
EnableMenuItem
CreateDialogParamA
DestroyWindow
SendDlgItemMessageA
MessageBoxA
PeekMessageA

comctl32

ord17

cabinet

ord21
ord22
ord23
ord24
ord20

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fc.exe
.exe windows:10 windows x64 arch:x64

16ab204cb65661f82910c423b12232be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

fc.pdb

Imports

msvcrt

_fmode
?terminate@@YAXXZ
_commode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
sprintf_s
memmove

ulib

?Strcmpis@MBSTR@@SAHPEAD0@Z
?Strcmps@MBSTR@@SAHPEAD0@Z
?Stricmp@MBSTR@@SAHPEAD0@Z
?DebugDump@OBJECT@@UEBAXE@Z
?Compare@OBJECT@@UEBAJPEBV1@@Z
??1OBJECT@@UEAA@XZ
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QEAAXE@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QEAAEPEAVWSTRING@@@Z
?PutSwitches@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?PutSeparators@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?Initialize@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
??1ARGUMENT_LEXEMIZER@@UEAA@XZ
??0ARGUMENT_LEXEMIZER@@QEAA@XZ
?Initialize@STRING_ARGUMENT@@QEAAEPEAD@Z
??1STRING_ARGUMENT@@UEAA@XZ
??0STRING_ARGUMENT@@QEAA@XZ
?QueryFsnodeArray@FSN_DIRECTORY@@QEBAPEAVARRAY@@PEAVFSN_FILTER@@@Z
??0PROGRAM@@IEAA@XZ
?ValidateVersion@PROGRAM@@UEBAXKK@Z
?Usage@PROGRAM@@UEBAXXZ
?GetStandardError@PROGRAM@@UEAAPEAVSTREAM@@XZ
?GetStandardOutput@PROGRAM@@UEAAPEAVSTREAM@@XZ
?ReadMbLine@STREAM@@QEAAEPEADKPEAKEK@Z
?Fatal@PROGRAM@@UEBAXXZ
?Fatal@PROGRAM@@UEBAXKKPEADZZ
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@@Z
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@PEADZZ
??1PROGRAM@@UEAA@XZ
?Initialize@PROGRAM@@QEAAEKKK@Z
?Initialize@CLASS_DESCRIPTOR@@QEAAEPEBD@Z
?IsValueSet@ARGUMENT@@QEAAEXZ
?TruncateBase@PATH@@QEAAEXZ
?SetName@PATH@@QEAAEPEBVWSTRING@@@Z
?QueryWCExpansion@PATH@@QEAAPEAV1@PEAV1@@Z
?HasWildCard@PATH@@QEBAEXZ
??1PATH@@UEAA@XZ
?Initialize@PATH@@QEAAEPEBVWSTRING@@E@Z
?Initialize@PATH@@QEAAEPEBV1@E@Z
??0PATH@@QEAA@XZ
?SetAttributes@FSN_FILTER@@QEAAEKKK@Z
?SetFileName@FSN_FILTER@@QEAAEPEBVWSTRING@@@Z
?Initialize@FSN_FILTER@@QEAAEXZ
??1FSN_FILTER@@UEAA@XZ
??0FSN_FILTER@@QEAA@XZ
?FillAndReadByte@BYTE_STREAM@@AEAAEPEAE@Z
?Initialize@BYTE_STREAM@@QEAAEPEAVSTREAM@@K@Z
??1BYTE_STREAM@@UEAA@XZ
??0BYTE_STREAM@@QEAA@XZ
?Strcmpis@WSTRING@@SAHPEAG0@Z
?Strcmps@WSTRING@@SAHPEAG0@Z
?QueryNumber@WSTRING@@QEBAEPEAJKK@Z
?QueryString@WSTRING@@QEBAPEAV1@KK@Z
?Initialize@WSTRING@@QEAAEPEBDK@Z
??1FSTRING@@UEAA@XZ
?Initialize@FSTRING@@QEAAPEAVWSTRING@@PEAGK@Z
?Strupr@WSTRING@@QEAAPEAV1@XZ
?Stricmp@WSTRING@@QEBAJPEBV1@@Z
?Stricmp@WSTRING@@SAHPEAG0@Z
?Strcmp@WSTRING@@SAHPEAG0@Z
?QueryDirectory@SYSTEM@@SAPEAVFSN_DIRECTORY@@PEBVPATH@@E@Z
?QueryFile@SYSTEM@@SAPEAVFSN_FILE@@PEBVPATH@@EPEAE@Z
??0FSTRING@@QEAA@XZ
??0PATH_ARGUMENT@@QEAA@XZ
??1PATH_ARGUMENT@@UEAA@XZ
??0CLASS_DESCRIPTOR@@QEAA@XZ
?Initialize@PATH_ARGUMENT@@QEAAEPEADE@Z
?ReadWLine@STREAM@@QEAAEPEAGKPEAKEK@Z
??0FLAG_ARGUMENT@@QEAA@XZ
?Initialize@FLAG_ARGUMENT@@QEAAEPEAD@Z
??0ARRAY@@QEAA@XZ
??1ARRAY@@UEAA@XZ
?Initialize@ARRAY@@QEAAEKK@Z
?Put@ARRAY@@UEAAEPEAVOBJECT@@@Z
?QueryStream@FSN_FILE@@QEAAPEAVFILE_STREAM@@W4STREAMACCESS@@K@Z
??0LONG_ARGUMENT@@QEAA@XZ
?Initialize@LONG_ARGUMENT@@QEAAEPEAD@Z
??0DSTRING@@QEAA@XZ
??1DSTRING@@UEAA@XZ
?GetStandardInput@PROGRAM@@UEAAPEAVSTREAM@@XZ

ntdll

RtlCaptureContext
RtlFreeHeap
RtlAllocateHeap
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

HeapSetInformation
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sleep

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fhmanagew.exe
.exe windows:10 windows x64 arch:x64

e7f44e30c8881c871b11222b9d0bd4c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

fhmanagew.pdb

Imports

advapi32

RegDeleteKeyW
EventRegister
EventUnregister
RegGetValueW

kernel32

GetLastError
WaitForSingleObject
CloseHandle
LocalFree
GetCurrentDirectoryW
CreateFileW
DeviceIoControl
CompareStringOrdinal
GetCommandLineW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FormatMessageW
ExpandEnvironmentStringsW
LoadLibraryExW
FreeLibrary
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
GetCurrentThreadId
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
HeapDestroy
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
CreateThread
RtlCaptureContext
TerminateProcess
GetCurrentProcess

user32

PostThreadMessageW
TranslateMessage
DispatchMessageW
GetMessageW

msvcrt

_unlock
_cexit
_exit
_lock
?terminate@@YAXXZ
_initterm
_commode
_fmode
_wcmdln
wcscmp
__dllonexit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
malloc
__C_specific_handler
memmove_s
wcstoul
_vsnwprintf
memcpy_s
__CxxFrameHandler4
??3@YAXPEAX@Z
memset
__setusermatherr
??1type_info@@UEAA@XZ
exit
_onexit

oleaut32

SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString

ole32

StringFromGUID2
CoGetObject
CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitializeSecurity

fhsvcctl

FhServiceMigrationFinished
FhServiceMigrationStarting
FhServiceUnblockBackup
FhServiceOpenPipe
FhServiceClearProtectionState
FhServiceStartBackup
FhServiceClosePipe
FhServiceStopBackup
FhServiceBlockBackup

shell32

ShellExecuteExW
ord155
CommandLineToArgvW
ord176
SHCreateItemInKnownFolder
SHGetIDListFromObject

comctl32

ord344

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
find.exe
.exe windows:10 windows x64 arch:x64

53d01f599fa823367954405bf5f690b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

find.pdb

Imports

msvcrt

?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
exit

ulib

?Compare@OBJECT@@UEBAJPEBV1@@Z
??1OBJECT@@UEAA@XZ
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QEAAXE@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QEAAEPEAVWSTRING@@@Z
?PutSwitches@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?PutSeparators@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?Initialize@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
??1ARGUMENT_LEXEMIZER@@UEAA@XZ
??0ARGUMENT_LEXEMIZER@@QEAA@XZ
?Initialize@STRING_ARGUMENT@@QEAAEPEAD@Z
?QueryFile@SYSTEM@@SAPEAVFSN_FILE@@PEBVPATH@@EPEAE@Z
??0STRING_ARGUMENT@@QEAA@XZ
??0PROGRAM@@IEAA@XZ
?ValidateVersion@PROGRAM@@UEBAXKK@Z
?Usage@PROGRAM@@UEBAXXZ
?GetStandardError@PROGRAM@@UEAAPEAVSTREAM@@XZ
?GetStandardOutput@PROGRAM@@UEAAPEAVSTREAM@@XZ
?GetStandardInput@PROGRAM@@UEAAPEAVSTREAM@@XZ
?DebugDump@OBJECT@@UEBAXE@Z
?Fatal@PROGRAM@@UEBAXKKPEADZZ
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@@Z
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@PEADZZ
??1PROGRAM@@UEAA@XZ
?Initialize@PROGRAM@@QEAAEKKK@Z
?Initialize@CLASS_DESCRIPTOR@@QEAAEPEBD@Z
??0CLASS_DESCRIPTOR@@QEAA@XZ
?IsDrive@PATH@@QEBAEXZ
?SetConsoleConversions@WSTRING@@SAXXZ
?Initialize@WSTRING@@QEAAEPEBV1@KK@Z
?Initialize@WSTRING@@QEAAEPEBGK@Z
?Initialize@WSTRING@@QEAAEPEBDK@Z
?Strupr@WSTRING@@QEAAPEAV1@XZ
?Initialize@WSTRING@@QEAAEXZ
?IsValueSet@ARGUMENT@@QEAAEXZ
??0MULTIPLE_PATH_ARGUMENT@@QEAA@XZ
??1MULTIPLE_PATH_ARGUMENT@@UEAA@XZ
?Initialize@MULTIPLE_PATH_ARGUMENT@@QEAAEPEADEE@Z
?IsCorrectVersion@SYSTEM@@SAEXZ
?Fatal@PROGRAM@@UEBAXXZ
?QueryDirectory@SYSTEM@@SAPEAVFSN_DIRECTORY@@PEBVPATH@@E@Z
?ReadLine@STREAM@@QEAAEPEAVWSTRING@@E@Z
??0STREAM_MESSAGE@@QEAA@XZ
??1STREAM_MESSAGE@@UEAA@XZ
??0FLAG_ARGUMENT@@QEAA@XZ
?Initialize@FLAG_ARGUMENT@@QEAAEPEAD@Z
??0ARRAY@@QEAA@XZ
??1ARRAY@@UEAA@XZ
?Initialize@ARRAY@@QEAAEKK@Z
?Put@ARRAY@@UEAAEPEAVOBJECT@@@Z
?QueryStream@FSN_FILE@@QEAAPEAVFILE_STREAM@@W4STREAMACCESS@@K@Z
??0DSTRING@@QEAA@XZ
??1DSTRING@@UEAA@XZ
??1STRING_ARGUMENT@@UEAA@XZ

ntdll

RtlCaptureContext
RtlFreeHeap
RtlAllocateHeap
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

CompareStringW
HeapSetInformation
Sleep
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
findstr.exe
.exe windows:10 windows x64 arch:x64

faf6c2abbd03b51b5852a294eaafc7ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

findstr.pdb

Imports

msvcrt

_splitpath_s
strcat_s
clock
exit
fopen
strcpy_s
strncpy_s
_setmode
fclose
tolower
memcpy
memmove
realloc
islower
free
?terminate@@YAXXZ
_strlwr
_commode
__C_specific_handler
_initterm
__setusermatherr
malloc
isalpha
strcspn
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_itoa_s
_ultoa
sprintf_s
strcoll
isupper
_strupr
strchr
_wsetlocale
_strnicoll
_stricmp
swprintf_s
_fileno
fgets
isalnum
isxdigit
_fmode
fprintf
_isatty
__iob_func
_strncoll
memset

ntdll

RtlCaptureContext
RtlUnicodeToOemN
DbgPrint
RtlMultiByteToUnicodeN
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-file-l1-1-0

GetFileSize
FindNextFileA
CreateFileA
GetFileAttributesA
FindFirstFileA
ReadFile
WriteFile
FindClose

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler
GetConsoleOutputCP

api-ms-win-core-console-l2-1-0

SetConsoleTextAttribute
GetConsoleScreenBufferInfo

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryA
SetCurrentDirectoryA
GetStdHandle

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-localization-l1-2-0

FormatMessageA
IsDBCSLeadByte
SetThreadPreferredUILanguages

api-ms-win-core-kernel32-legacy-l1-1-0

CreateFileMappingA

api-ms-win-core-file-l1-2-2

SetFileApisToOEM

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
ExitProcess
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 518KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
finger.exe
.exe windows:10 windows x64 arch:x64

97268e1274ee1255e15dea9048e09c06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

finger.pdb

Imports

msvcrt

fflush
vswprintf_s
_setmode
_write
_fileno
_vscwprintf
wcschr
fgetpos
wcsrchr
fwprintf
_get_osfhandle
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
_wcsicmp
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
__iob_func
free
malloc
wprintf

ws2_32

FreeAddrInfoW
closesocket
send
WSAStartup
WSASetLastError
GetHostNameW
socket
connect
GetAddrInfoW
recv
WSAGetLastError

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-console-l1-1-0

GetConsoleMode

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

HeapSetInformation

mswsock

GetSocketErrorMessageW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-file-l1-1-0

GetFileType

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fixmapi.exe
.exe windows:10 windows x64 arch:x64

d8314833ef52a5350cf45df946c73dd9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

fixmapi.pdb

Imports

kernel32

GetLastError
LoadLibraryA
GetProcAddress
LoadLibraryW
FreeLibrary
lstrcmpiA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
IsDebuggerPresent

user32

MessageBoxA
DispatchMessageA
GetMessageA
PostQuitMessage

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___std_exception_copy
_o___std_exception_destroy
_o___stdio_common_vsprintf_s
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_narrow_argv
_o__crt_atexit
_o__exit
_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o_exit
_o_free
_o_malloc
_o_strtok
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o___p__commode
_o__set_new_mode
memcpy

api-ms-win-crt-string-l1-1-0

memset

ole32

HWND_UserFree64
CoRegisterPSClsid
CoUninitialize
CoInitialize
HWND_UserFree
HWND_UserSize64
HWND_UserUnmarshal
CoRegisterClassObject
HWND_UserSize
HWND_UserMarshal
HWND_UserMarshal64
HWND_UserUnmarshal64
CoRevokeClassObject

rpcrt4

NdrDllGetClassObject
NdrOleFree
NdrOleAllocate

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fltMC.exe
.exe windows:10 windows x64 arch:x64

3bb9381340f6c7b1e51ad45ab82e32d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

fltMC.pdb

Imports

api-ms-win-crt-string-l1-1-0

wcsncmp
memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o__wcsicmp
_o_exit
_o_free
_o_malloc
_o_qsort
_o_terminate
__current_exception
__current_exception_context
_o___p__commode
_o___p___wargv
_o___p___argc
_o___stdio_common_vswprintf
__C_specific_handler

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

fltlib

FilterFindClose
FilterInstanceFindClose
FilterVolumeInstanceFindClose
FilterVolumeFindFirst
FilterVolumeInstanceFindFirst
FilterInstanceFindFirst
FilterVolumeInstanceFindNext
FilterAttachAtAltitude
FilterUnload
FilterFindNext
FilterGetDosName
FilterDetach
FilterVolumeFindNext
FilterFindFirst
FilterLoad
FilterAttach
FilterInstanceFindNext
FilterVolumeFindClose

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
OpenProcessToken
GetCurrentProcess

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-file-l1-1-0

GetFileType
WriteFile

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-console-l1-1-0

WriteConsoleW
GetConsoleMode

api-ms-win-core-localization-l1-2-0

SetThreadPreferredUILanguages
FormatMessageW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fodhelper.exe
.exe windows:10 windows x64 arch:x64

3d211f37c0bd7fbab2d5afa344c97fc2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

FodHelper.pdb

Imports

advapi32

RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyW
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW

kernel32

HeapFree
GetModuleHandleExW
HeapAlloc
GetProcAddress
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
SetEvent
InitializeCriticalSectionAndSpinCount
GetLastError
DeleteCriticalSection
InitializeCriticalSectionEx
FormatMessageW
GetCurrentThreadId
GetModuleFileNameA
DebugBreak
GetModuleHandleW
IsDebuggerPresent
OutputDebugStringW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
SetLastError
CloseHandle
ReleaseSemaphore
ReleaseMutex
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForSingleObjectEx
WaitForSingleObject
OpenSemaphoreW
CreateThreadpoolTimer
HeapSetInformation
GetCommandLineW
CreateThread
ResumeThread
RaiseException
EncodePointer
GetCurrentProcessId
CreateMutexExW
CreateEventW
CreateSemaphoreExW
GetSystemDirectoryW
DecodePointer
WaitForMultipleObjects
GetFileAttributesW
GetModuleFileNameW
VirtualQuery

msvcrt

_commode
__C_specific_handler
_lock
_unlock
__dllonexit
_onexit
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
towupper
_fmode
_wcsicmp
memmove_s
?terminate@@YAXXZ
memset
_XcptFilter
_amsg_exit
wcschr
_acmdln
_purecall
__getmainargs
memmove
memcpy
memcpy_s
_vsnwprintf
__set_app_type
memcmp
wcscmp

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoSuspendClassObjects
CoReleaseServerProcess
CoAddRefServerProcess
CoTaskMemAlloc
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoResumeClassObjects
CoInitializeEx

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoInitialize
RoUninitialize

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateStringReference

rpcrt4

UuidToStringW
RpcStringFreeW

oleaut32

RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
LoadResource
LockResource

ntdll

RtlPublishWnfStateData

shell32

ShellExecuteExW
CommandLineToArgvW

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fontdrvhost.exe
.exe windows:10 windows x64 arch:x64

057a38ceae595851c54945dfc5888180

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a8:b8:fa:fb:da:7e:af:4c:e0:25:78:6a:af:36:4b:83:e3:a3:59:bf:ec:e7:48:b9:15:f3:00:69:74:9e:1a:6c
Signer

Actual PE Digest

a8:b8:fa:fb:da:7e:af:4c:e0:25:78:6a:af:36:4b:83:e3:a3:59:bf:ec:e7:48:b9:15:f3:00:69:74:9e:1a:6c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

fontdrvhost.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_narrow_environment
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow
_o__lfind
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__stricmp
_o__strlwr
memmove
_o__wcsicmp
_o__wcsnicmp
_o_atoi
_o_atol
_o_bsearch
_o_exit
_o_free
_o_isdigit
_o_islower
_o_iswdigit
_o_isxdigit
_o_malloc
_o_qsort
_o_rand
_o_rand_s
_o_realloc
_o_sqrt
_o_strtol
_o_terminate
__current_exception
__current_exception_context
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___argv
_o___p___argc
_o___acrt_iob_func
__std_terminate
__C_specific_handler
__CxxFrameHandler4
strchr
wcschr
wcsrchr
strstr
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsncmp
memset
strncmp
strcmp
strnlen

kernel32

RaiseException
InitOnceExecuteOnce
GetACP
GetOEMCP
MapViewOfFile
CreateFileMappingW
TlsGetValue
SetFileInformationByHandle
GetFileInformationByHandle
MultiByteToWideChar
UnmapViewOfFile
RtlRaiseException
MulDiv
GlobalFree
GlobalAlloc
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
ExitProcess
DeleteCriticalSection
CreateMutexExW
GetProcAddress
HeapAlloc
CreateThread
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
CloseHandle
OpenSemaphoreW
TlsAlloc
WaitForSingleObjectEx
AcquireSRWLockExclusive
CloseThreadpoolTimer
RaiseFailFastException
OutputDebugStringW
ReleaseSRWLockExclusive
GetLastError
FormatMessageW
SetProcessMitigationPolicy
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
GetEnvironmentVariableW
InitializeCriticalSection
LeaveCriticalSection
SetProcessShutdownParameters
WaitForMultipleObjects
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
SetLastError
HeapFree
CreateSemaphoreExW
TlsSetValue
GetModuleFileNameA
AcquireSRWLockShared
WideCharToMultiByte

ntdll

RtlAllocateHeap
RtlUnicodeToMultiByteN
RtlMultiByteToUnicodeN

win32u

NtGdiExtEscape

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventSetInformation

Sections

.text
Size: 648KB - Virtual size: 646KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fontview.exe
.exe windows:10 windows x64 arch:x64

ce80d2bbae2a3f37ca3bc062cbcf1f8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

fontview.pdb

Imports

kernel32

MultiByteToWideChar
GetSystemDefaultLangID
CloseHandle
MulDiv
LocalFree
GetLastError
LocalAlloc
ExitProcess
GetACP
FreeLibrary
CreateFileW
FormatMessageW
lstrlenW
GetCommandLineW
HeapSetInformation
LoadLibraryW
GetProcAddress

gdi32

ExtTextOutW
GetLayout
GetFontRealizationInfo
EndDoc
EndPage
StartPage
StartDocW
LineTo
RemoveFontResourceW
CreateCompatibleDC
TranslateCharsetInfo
CreateFontIndirectW
SelectObject
GetTextCharsetInfo
DeleteObject
DeleteDC
AddFontResourceExW
RemoveFontResourceExW
GetDeviceCaps
GetFontResourceInfoW
GetFontData
SetTextAlign
SetTextColor
SetBkMode
GetTextExtentPoint32W
GetTextMetricsW
MoveToEx

user32

GetSysColor
SetWindowTextW
SetRect
GetClientRect
BeginPaint
FillRect
EndPaint
SendMessageW
SetWindowPos
DestroyWindow
PostQuitMessage
DefWindowProcW
SetScrollInfo
PostMessageW
ScrollWindowEx
InvalidateRect
SetCursor
GetSystemMetrics
DrawTextW
LoadStringW
SystemParametersInfoW
CreateWindowExW
RegisterClassW
GetSysColorBrush
LoadCursorW
LoadIconW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
EnableWindow
GetNextDlgTabItem
CharNextW
SetFocus
GetFocus
GetDlgItem
MessageBoxW
GetDesktopWindow
MessageBeep
DispatchMessageW

msvcrt

?terminate@@YAXXZ
_lock
_unlock
_initterm
__setusermatherr
__dllonexit
_fmode
__C_specific_handler
_commode
_ismbblead
_cexit
_acmdln
_onexit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_vsnwprintf
_exit
exit
memcpy_s
memset

shlwapi

ord158
PathFindExtensionW
PathRenameExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathAppendW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoCreateInstance

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
OpenSemaphoreW
ReleaseSemaphore
WaitForSingleObjectEx
CreateMutexExW
WaitForSingleObject
ReleaseMutex

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

comdlg32

PrintDlgW

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
forfiles.exe
.exe windows:10 windows x64 arch:x64

a8949f425f8427bf3f7e4a794ce5bb87

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

forfiles.pdb

Imports

kernel32

SearchPathW
SetLastError
WaitForSingleObject
MultiByteToWideChar
GetLastError
FileTimeToSystemTime
CloseHandle
FileTimeToLocalFileTime
GetTimeFormatW
CreateProcessW
GetDateFormatW
FindFirstFileW
FindNextFileW
SetErrorMode
FindClose
GetLocaleInfoW
HeapSetInformation
GetLocalTime
GetCurrentDirectoryW
SetCurrentDirectoryW
LocalFree
FileTimeToDosDateTime
UnhandledExceptionFilter
GetModuleFileNameW
HeapSize
HeapReAlloc
HeapAlloc
HeapValidate
HeapFree
GetProcessHeap
GetConsoleOutputCP
ExitProcess
WriteConsoleW
CompareStringA
GetThreadLocale
CompareStringW
lstrlenW
GetUserDefaultLCID
GetStdHandle
GetConsoleMode
GetFileType
WideCharToMultiByte
FindStringOrdinal
FormatMessageW
SetThreadUILanguage
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
Sleep
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter

msvcrt

fflush
fprintf
_get_osfhandle
_fileno
wcstol
wcstod
_errno
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
wcstoul
toupper
_vsnwprintf
_ui64tow
_ultow
__iob_func
_memicmp
memset

ntdll

RtlVirtualUnwind
VerSetConditionMask
RtlVerifyVersionInfo
RtlLookupFunctionEntry
RtlCaptureContext

version

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

user32

CharLowerW
CharUpperW
LoadStringW

ws2_32

WSACleanup

shlwapi

StrStrW
PathRelativePathToW
StrPBrkW
StrRChrW
StrDupW
StrChrW

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fsavailux.exe
.exe windows:10 windows x64 arch:x64

b8405b23f655b93b5431e61b0384fc1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

fsavailux.pdb

Imports

msvcrt

_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
realloc
?terminate@@YAXXZ
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
free
_cexit
memset

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW

kernel32

GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
RtlLookupFunctionEntry
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
FreeLibrary
GetProcAddress
LoadLibraryW
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
DeviceIoControl
CreateFileW
GetLastError
CloseHandle
RtlCaptureContext

user32

ExitWindowsEx

ifsutil

?IsEntryPresent@AUTOREG@@SAEPEBVWSTRING@@@Z
?PushEntry@AUTOREG@@SAEPEBVWSTRING@@@Z

ulib

??0ARRAY@@QEAA@XZ
?Initialize@FLAG_ARGUMENT@@QEAAEPEAD@Z
??0FLAG_ARGUMENT@@QEAA@XZ
?IsValueSet@ARGUMENT@@QEAAEXZ
??1OBJECT@@UEAA@XZ
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QEAAXE@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QEAAEPEAVWSTRING@@@Z
?PutSwitches@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?Initialize@ARRAY@@QEAAEKK@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?Initialize@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
??1ARGUMENT_LEXEMIZER@@UEAA@XZ
??0ARGUMENT_LEXEMIZER@@QEAA@XZ
?Initialize@STRING_ARGUMENT@@QEAAEPEAD@Z
??1STRING_ARGUMENT@@UEAA@XZ
??0STRING_ARGUMENT@@QEAA@XZ
?Strcat@WSTRING@@QEAAEPEBG@Z
?Initialize@WSTRING@@QEAAEPEBDK@Z
?Put@ARRAY@@UEAAEPEAVOBJECT@@@Z
??1ARRAY@@UEAA@XZ
??0DSTRING@@QEAA@XZ
?PutSeparators@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
??1DSTRING@@UEAA@XZ

comctl32

TaskDialogIndirect

api-ms-win-core-com-l1-1-0

CoInitializeEx

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fsquirt.exe
.exe windows:10 windows x64 arch:x64

cf9f329811ec0bb29fada59b7f004646

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

fsquirt.pdb

Imports

advapi32

RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
RegOpenKeyExW
RegGetValueW
RegSetValueExW

kernel32

IsDebuggerPresent
OutputDebugStringW
SetLastError
CloseHandle
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
WaitForSingleObject
OpenSemaphoreW
GetModuleFileNameW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
CreateThreadpoolCleanupGroup
CreateThreadpoolWork
SubmitThreadpoolWork
GetCurrentProcessId
GetLastError
CreateSemaphoreExW
CreateFileW
WriteFile
RaiseException
HeapFree
ResetEvent
CreateEventW
CreateThread
MulDiv
RemoveDirectoryW
LocalFree
PowerCreateRequest
PowerSetRequest
GetFileSizeEx
GetTickCount64
GetFileAttributesW
GetTempPath2W
CreateDirectoryW
QueryPerformanceCounter
GetProcAddress
GetModuleHandleW
DebugBreak
GetModuleFileNameA
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
GetTickCount
ReadFile
WaitForMultipleObjects
GetOverlappedResult
HeapReAlloc
GetModuleHandleExW
GetProcessHeap
SetEvent
HeapAlloc
FormatMessageW
CreateMutexExW
GetSystemTimeAsFileTime

gdi32

GetDeviceCaps
GetObjectW
DeleteObject
CreateFontIndirectW

user32

GetMessageW
TranslateMessage
DispatchMessageW
GetWindowLongPtrW
ReleaseDC
LoadImageW
SetTimer
SendDlgItemMessageW
SetWindowLongPtrW
EnableWindow
SendMessageW
KillTimer
PostQuitMessage
PostThreadMessageW
LoadStringW
CharNextW
MessageBoxW
ShowWindow
GetParent
PostMessageW
GetDlgItem
SetDlgItemTextW
GetWindowTextLengthW
SetWindowTextW
SetWindowLongW
SetForegroundWindow
MapWindowPoints
GetWindowRect
GetDC

msvcrt

_fmode
_commode
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
memset
memmove
_XcptFilter
__CxxFrameHandler3
_acmdln
?what@exception@@UEBAPEBDXZ
exit
memmove_s
??0exception@@QEAA@AEBQEBD@Z
__CxxFrameHandler4
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
malloc
free
_initterm
__setusermatherr
_ismbblead
_cexit
_CxxThrowException
_exit
_get_errno
_set_errno
rand_s
_amsg_exit
__getmainargs
??0exception@@QEAA@XZ
__set_app_type
_ui64tow_s
wcstoul
__C_specific_handler
_wcsicmp
memcpy_s
_vsnwprintf
memcpy
_callnewh
strcmp

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

comctl32

PropertySheetW
InitCommonControlsEx

shell32

ord155
SHGetKnownFolderItem
SHGetFolderPathW
SHGetDesktopFolder
ord190
SHCreateShellItemArrayFromIDLists
SHSetLocalizedName
SHBrowseForFolderW
ord258
SHCreateItemFromParsingName
ShellExecuteW
SHBindToParent
SHCreateItemFromIDList

comdlg32

CommDlgExtendedError
GetOpenFileNameW

shlwapi

PathFindExtensionW
PathRemoveFileSpecW
PathAppendW
PathAddExtensionW
StrStrIA
ord174
PathFindFileNameW
StrFormatByteSizeW
PathCombineW
PathIsDirectoryW
StrRetToBufW

ws2_32

WSACleanup
getpeername
ioctlsocket
WSARecv
WSAGetOverlappedResult
WSASend
WSASetServiceW
listen
getsockname
bind
connect
WSAGetLastError
setsockopt
socket
closesocket
WSAStartup

mswsock

AcceptEx

ole32

OleInitialize
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemAlloc
CoUninitialize
CoGetInterfaceAndReleaseStream
CoCreateInstance
CoInitializeEx
OleUninitialize
PropVariantClear
CoTaskMemRealloc
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream

bthprops.cpl

BluetoothEnableDiscovery
BluetoothGetDeviceInfo
BluetoothFindRadioClose
BluetoothFindFirstRadio
BluetoothAuthenticateDeviceEx

powrprof

PowerUnregisterSuspendResumeNotification
PowerRegisterSuspendResumeNotification

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

rpcrt4

RpcStringFreeW
UuidToStringW

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fsutil.exe
.exe windows:10 windows x64 arch:x64

44298c6bce4726053bb090f3e745b8e7

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:ae:75:86:a6:71:89:70:eb:b2:42:80:4a:a7:f8:b2:a6:07:04:d7:be:d9:b0:a1:e2:82:73:2a:da:3a:8d:63
Signer

Actual PE Digest

60:ae:75:86:a6:71:89:70:eb:b2:42:80:4a:a7:f8:b2:a6:07:04:d7:be:d9:b0:a1:e2:82:73:2a:da:3a:8d:63

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

fsutil.pdb

Imports

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_initterm
memset
_cexit
memcpy
_local_unwind
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
wcstol
wcstok_s
__setusermatherr
wcstoul
iswctype
_errno
exit
calloc
wcschr
_pclose
fgetws
_wpopen
mbstowcs_s
_wcsdup
wcsncpy_s
memcpy_s
wcscpy_s
realloc
towupper
_wtoi
wcsrchr
wcscat_s
isalpha
isdigit
toupper
setlocale
_vsnwprintf
wprintf
swprintf_s
malloc
free
_wcsnicmp
__C_specific_handler
_wcsicmp
_wcstoui64
wcscmp

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlNumberOfSetBits
RtlInitializeBitMap
RtlSetBits
RtlSetBit
NtFlushBuffersFileEx
NtClose
RtlVerifyVersionInfo
VerSetConditionMask
RtlGetLastNtStatus
NtQuerySystemInformation
RtlTimeToTimeFields
RtlStringFromGUID
NtEnumerateTransactionObject
RtlGetOwnerSecurityDescriptor
RtlAllocateHeap
NtQuerySecurityObject
RtlConvertSidToUnicodeString
NtCreateFile
RtlFreeHeap
RtlDosPathNameToNtPathName_U
RtlVirtualUnwind
RtlGetCurrentTransaction
NtSetQuotaInformationFile
RtlInitializeCriticalSection
NtQueryQuotaInformationFile
RtlLengthSid
NtSetVolumeInformationFile
NtOpenFile
RtlInitUnicodeString
NtQueryVolumeInformationFile
NtQueryEaFile
NtQueryInformationFile
NtSetInformationFile
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlWriteRegistryValue
RtlDeleteRegistryValue
RtlFreeUnicodeString
RtlQueryRegistryValuesEx
RtlNtStatusToDosError
RtlGetVersion
RtlSetCurrentTransaction

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW

api-ms-win-core-file-l1-1-0

GetVolumePathNameW
CreateFileW
GetFileInformationByHandle
GetLogicalDriveStringsW
GetVolumeInformationW
QueryDosDeviceW
GetDriveTypeW
SetEndOfFile
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetFileSizeEx
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameW
FindClose
CreateDirectoryW
ReadFile
SetFilePointerEx
GetTempFileNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
DeleteFileW
GetDiskFreeSpaceExW
WriteFile

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemDirectoryW
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetTickCount
GetComputerNameExW
GetSystemInfo

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError
RaiseException

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processtopology-obsolete-l1-1-0

GetActiveProcessorCount

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleExA
GetModuleHandleW
LoadLibraryExA
GetProcAddress

api-ms-win-core-sysinfo-l1-2-6

GetDeveloperDriveEnablementState

fltlib

FilterVolumeInstanceFindNext
FilterVolumeInstanceFindFirst
FilterFindClose

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
CheckTokenMembership
FreeSid
AdjustTokenPrivileges

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
CreateProcessW
GetCurrentProcessId
OpenProcessToken
TerminateProcess

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW
LookupAccountSidW
LookupAccountNameW

api-ms-win-core-com-l1-1-0

CoTaskMemFree
StringFromIID
IIDFromString
StringFromGUID2

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
SetThreadUILanguage
FormatMessageW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-file-l2-1-0

CreateHardLinkW
GetFileInformationByHandleEx

api-ms-win-core-file-l2-1-1

OpenFileById

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-file-l1-2-2

FindNextFileNameW
FindFirstFileNameW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSetInformation
GetProcessHeap
HeapFree

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObject

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW
LookupAccountNameLocalW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
WriteConsoleW
GetConsoleMode
SetConsoleCtrlHandler

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetCurrentDirectoryW
ExpandEnvironmentStringsW
GetEnvironmentVariableW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-namedpipe-l1-1-0

CreatePipe

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW

api-ms-win-security-lsapolicy-l1-1-0

LsaFreeMemory
LsaLookupSids
LsaOpenPolicy

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

fmifs

CreatePerMachineFileSystemStateKey
ClearPerMachineFileSystemState

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

Sections

.text
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ftp.exe
.exe windows:10 windows x64 arch:x64

cad71ab7b9f2faf6b310aa6d2f4fdd5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ftp.pdb

Imports

msvcrt

?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_fstat
iswdigit
_read
memcpy_s
_wfsopen
clock
calloc
_vsnwprintf
malloc
memmove_s
fread
_wfopen
feof
_isatty
_unlink
clearerr
longjmp
fwprintf
towupper
_wchdir
_wunlink
_chdrive
free
_wgetcwd
_wgetenv
wcschr
_errno
_vscwprintf
_fileno
_write
_setmode
vswprintf_s
wcscat_s
_wtempnam
memset
wcscpy_s
_wtmpnam
_wtoi
fclose
fflush
_wcsicmp
fgetpos
towlower
iswlower
_get_osfhandle
exit
memcpy
_setjmp
__iob_func
wcscmp

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapFree
HeapAlloc
GetProcessHeap

ws2_32

bind
shutdown
WSAStartup
getsockname
connect
getservbyname
__WSAFDIsSet
htonl
select
send
WSASetLastError
WSAGetLastError
FreeAddrInfoW
ntohs
listen
closesocket
recv
GetHostNameW
GetNameInfoW
accept
socket
htons
setsockopt
GetAddrInfoW
WSARecv

mswsock

TransmitFile
s_perror

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
GetCurrentDirectoryW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-file-l1-1-0

GetFileAttributesW
GetFileType
GetTempFileNameW
ReadFile
FindFirstFileW
FindNextFileW
CreateFileW
GetFileSizeEx
FindClose
SetFilePointerEx

sspicli

GetUserNameExW

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler
SetConsoleMode
GetConsoleMode
ReadConsoleW

api-ms-win-core-localization-l1-2-0

IsDBCSLeadByte
SetThreadUILanguage
FormatMessageW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-synch-l1-1-0

ResetEvent
LeaveCriticalSection
WaitForMultipleObjectsEx
CreateEventW
EnterCriticalSection
InitializeCriticalSection
WaitForSingleObject

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
CreateProcessW
GetCurrentProcess

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-io-l1-1-0

GetOverlappedResult

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

ntdll

RtlIsTextUnicode

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fvenotify.exe
.exe windows:10 windows x64 arch:x64

e8598de8cf441813a9461602b34eefc8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

fvenotify.pdb

Imports

advapi32

AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegGetValueW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
InitiateShutdownW

kernel32

CreateMutexExW
GetCurrentProcessId
HeapSetInformation
CreateSemaphoreExW
IsDebuggerPresent
OutputDebugStringW
SetLastError
CloseHandle
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
WaitForSingleObject
OpenSemaphoreW
LoadLibraryW
RegisterApplicationRestart
GetCommandLineW
CreateMutexW
Sleep
GetTickCount
GetCurrentProcess
LocalFree
GetModuleHandleW
DebugBreak
GetModuleFileNameA
GetModuleHandleExW
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
GetStartupInfoW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetProcAddress
FreeLibrary
GetLastError
FormatMessageW
QueryPerformanceCounter
CreateFileW
LocalAlloc
GetProcessMitigationPolicy
GetModuleFileNameW
GetSystemTimeAsFileTime

gdi32

BitBlt
GetObjectW
DeleteObject
DeleteDC
SelectObject
CreateCompatibleDC

user32

DefWindowProcW
PostQuitMessage
TrackPopupMenu
GetSubMenu
LoadMenuW
GetCursorPos
PostMessageW
MoveWindow
LoadIconW
SetWindowLongPtrW
GetWindowLongPtrW
DestroyWindow
SendMessageW
SetForegroundWindow
ShowWindow
LoadStringW
CreateIconIndirect
RegisterClassExW
UnregisterDeviceNotification
CreateWindowExW
GetMessageW
TranslateMessage
RegisterWindowMessageW
DrawIconEx
GetIconInfo
DestroyIcon
LoadImageW
GetSystemMetrics
RegisterDeviceNotificationW
DispatchMessageW

msvcrt

_unlock
_fmode
__dllonexit
_onexit
?terminate@@YAXXZ
_commode
_lock
_acmdln
_initterm
__setusermatherr
_ismbblead
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
free
_callnewh
malloc
wcstol
towupper
memcpy_s
_vsnwprintf
__CxxFrameHandler3
__C_specific_handler
memset
_cexit
memcpy
wcscmp

comctl32

ord344
ord345

shell32

ShellExecuteW
Shell_NotifyIconGetRect
Shell_NotifyIconW
CommandLineToArgvW

bdeui

?RefreshStatus@BuiVolume@@QEAAJ_N@Z
?ManagementRequiresElevation@BuiVolume@@QEBA_NXZ
BuisCreateElevatedProxyObject
??1BuiVolume@@QEAA@XZ
?Init@BuiVolume@@QEAAJPEAG@Z
??0BuiVolume@@QEAA@_N@Z
?DeleteVolumeList@BuiVolume@@SAXPEAPEAU_BuiVolumeNode@@@Z
?GetAllVolumes@BuiVolume@@SAJPEAPEAU_BuiVolumeNode@@@Z
?IsFveNotifyNecessary@BuiVolume@@QEBA_NXZ
?ResumeStatusRefreshing@BuiVolume@@QEAAXXZ
?SuspendStatusRefreshing@BuiVolume@@QEAAXXZ
?CanBeResumed@BuiVolume@@QEBA_NXZ
BuisIsHardwareReadyForConversion
?ResumeConversion@BuiVolume@@QEAAJXZ
?ImplicitPauseConversion@BuiVolume@@QEAAJXZ
?SetProxyObject@BuiVolume@@QEAAXPEAUIDispatch@@@Z
BuisCreateProxyObject
?GetConvertedPercent@BuiVolume@@QEBANXZ

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeEx
CoUninitialize

Exports

Exports

??0VolumeFveStatus@@IEAA@XZ
??0VolumeFveStatus@@QEAA@K_KJW4_FVE_WIPING_STATE@@@Z
??4BuiVolume@@QEAAAEAV0@AEBV0@@Z
??4VolumeFveStatus@@QEAAAEAV0@$$QEAV0@@Z
??4VolumeFveStatus@@QEAAAEAV0@AEBV0@@Z
?FailedDryRun@VolumeFveStatus@@QEBA_NXZ
?GetExtendedFlags@VolumeFveStatus@@QEBA_KXZ
?GetLastConvertStatus@VolumeFveStatus@@QEBAJXZ
?GetStatusFlags@VolumeFveStatus@@QEBAKXZ
?HasExternalKey@VolumeFveStatus@@QEBA_NXZ
?HasPBKDF2RecoveryPassword@VolumeFveStatus@@QEBA_NXZ
?HasPassphraseProtector@VolumeFveStatus@@QEBA_NXZ
?HasPinProtector@VolumeFveStatus@@QEBA_NXZ
?HasRecoveryData@VolumeFveStatus@@QEBA_NXZ
?HasRecoveryPassword@VolumeFveStatus@@QEBA_NXZ
?HasSmartCardProtector@VolumeFveStatus@@QEBA_NXZ
?HasStartupKeyProtector@VolumeFveStatus@@QEBA_NXZ
?HasTpmProtector@VolumeFveStatus@@QEBA_NXZ
?IsConverting@VolumeFveStatus@@QEBA_NXZ
?IsCsvMetadataVolume@VolumeFveStatus@@QEBA_NXZ
?IsDEAutoProvisioned@VolumeFveStatus@@QEBA_NXZ
?IsDecrypted@VolumeFveStatus@@QEBA_NXZ
?IsDecrypting@VolumeFveStatus@@QEBA_NXZ
?IsDisabled@VolumeFveStatus@@QEBA_NXZ
?IsEDriveVolume@VolumeFveStatus@@QEBA_NXZ
?IsEncrypted@VolumeFveStatus@@QEBA_NXZ
?IsEncrypting@VolumeFveStatus@@QEBA_NXZ
?IsLocked@VolumeFveStatus@@QEBA_NXZ
?IsOn@VolumeFveStatus@@QEBA_NXZ
?IsOsCriticalVolume@VolumeFveStatus@@QEBA_NXZ
?IsOsVolume@VolumeFveStatus@@QEBA_NXZ
?IsPartiallyConverted@VolumeFveStatus@@QEBA_NXZ
?IsPaused@VolumeFveStatus@@QEBA_NXZ
?IsPreProvisioned@VolumeFveStatus@@QEBA_NXZ
?IsRoamingDevice@VolumeFveStatus@@QEBA_NXZ
?IsSecure@VolumeFveStatus@@QEBA_NXZ
?IsUnknownFveVersion@VolumeFveStatus@@QEBA_NXZ
?IsWiping@VolumeFveStatus@@QEBA_NXZ
?NO_DRIVE_LETTER@BuiVolume@@2IB
?NeedsRestart@VolumeFveStatus@@QEBA_NXZ

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
getmac.exe
.exe windows:10 windows x64 arch:x64

09d98cebd60fad97d0a14690bdb89c42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

getmac.pdb

Imports

msvcrt

fflush
fprintf
_get_osfhandle
_amsg_exit
_XcptFilter
_fileno
wcstoul
wcstol
wcstod
_errno
_vsnwprintf
_memicmp
_callnewh
__iob_func
malloc
free
wcsstr
wcstok
__wgetmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
__CxxFrameHandler4
__C_specific_handler
_fmode
_commode
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_wcsicmp
memcpy
_CxxThrowException
memset

oleaut32

SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType
VariantClear
SafeArrayGetElement
SysStringLen
SysAllocStringByteLen
SysAllocString
SysFreeString
VariantInit

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

sspicli

GetUserNameExW

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
WriteConsoleW
SetConsoleMode
GetConsoleMode
ReadConsoleW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoInitializeSecurity
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoUninitialize

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-localization-l1-2-0

GetThreadLocale
SetThreadUILanguage
FormatMessageW

wkscli

NetWkstaTransportEnum

netutils

NetApiBufferFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
TerminateProcess
ExitProcess
GetCurrentProcessId

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FindStringOrdinal
LoadStringW
GetModuleFileNameW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetComputerNameExW

user32

wsprintfW

ntdll

RtlVerifyVersionInfo
VerSetConditionMask

mpr

WNetAddConnection2W
WNetCancelConnection2W
WNetGetLastErrorW

ws2_32

WSAGetLastError
GetNameInfoW
WSACleanup
WSAStartup
FreeAddrInfoW
GetAddrInfoW

framedynos

?Empty@CHString@@QEAAXXZ
?SetAt@CHString@@QEAAXHG@Z
?GetData@CHString@@IEBAPEAUCHStringData@@XZ
?Mid@CHString@@QEBA?AV1@H@Z
??YCHString@@QEAAAEBV0@PEBG@Z
?Find@CHString@@QEBAHG@Z
?FindOneOf@CHString@@QEBAHPEBG@Z
??4CHString@@QEAAAEBV0@PEBG@Z
??1CHString@@QEAA@XZ
??0CHString@@QEAA@XZ
?Left@CHString@@QEBA?AV1@H@Z
?Format@CHString@@QEAAXPEBGZZ
?Mid@CHString@@QEBA?AV1@HH@Z
?ReleaseBuffer@CHString@@QEAAXH@Z
?GetBufferSetLength@CHString@@QEAAPEAGH@Z
?Compare@CHString@@QEBAHPEBG@Z
??4CHString@@QEAAAEBV0@AEBV0@@Z
??0CHString@@QEAA@PEBG@Z

srvcli

NetServerGetInfo

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrChrW

api-ms-win-core-file-l1-1-0

GetFileType
ReadFile

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA
lstrlenW

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapValidate
HeapAlloc

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

api-ms-win-core-string-l2-1-0

CharUpperW

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gpresult.exe
.exe windows:10 windows x64 arch:x64

c853ad8534ac03e7ad69f32a5b0b1625

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

gprslt.pdb

Imports

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
LookupAccountSidW
RegOpenKeyExW
RegCloseKey
RegGetValueW
LsaOpenPolicy
LsaNtStatusToWinError
LsaClose
LsaEnumerateAccountRights
LookupPrivilegeDisplayNameW
LsaFreeMemory

kernel32

SetThreadPreferredUILanguages
SetLastError
GetFileAttributesExW
GetLastError
CloseHandle
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
WriteConsoleW
OpenMutexW
CreateMutexW
LocalFree
FormatMessageW
GetCurrentThreadId
HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
GetModuleHandleW
GetProcAddress
IsDebuggerPresent
OutputDebugStringW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseSemaphore
ReleaseMutex
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForSingleObjectEx
EnterCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForSingleObject
OpenSemaphoreW
CreateThreadpoolTimer
GetComputerNameExW
GetComputerNameW
GetLocalTime
GetDateFormatW
GetTimeFormatW
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentProcessId
CreateMutexExW
CreateSemaphoreExW
LeaveCriticalSection
LocalAlloc
VerifyVersionInfoW
CompareStringA

msvcrt

?what@exception@@UEBAPEBDXZ
memset
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
_XcptFilter
_amsg_exit
memcmp
??0exception@@QEAA@AEBQEBDH@Z
__wgetmainargs
__set_app_type
exit
??0exception@@QEAA@AEBQEBD@Z
_cexit
__setusermatherr
_initterm
__C_specific_handler
_fmode
_commode
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
_onexit
wcstok
?terminate@@YAXXZ
__CxxFrameHandler4
_exit
wcscmp
_callnewh
malloc
_purecall
_wcsicmp
memmove_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
_vsnprintf_s
memcpy_s
_vsnwprintf
??3@YAXPEAX@Z
??1exception@@UEAA@XZ
__iob_func
_errno
wcstod
wcstol
wcstoul
wcschr
wcsstr
_fileno
_get_osfhandle
fprintf
fflush
wcstok_s
??_V@YAXPEAX@Z

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc
CoInitializeSecurity
CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

SysAllocString
VariantCopy
SysStringLen
SysAllocStringByteLen
SafeArrayGetElement
VariantChangeType
SafeArrayGetUBound
SafeArrayGetLBound
VariantClear
VariantInit
SysFreeString

sspicli

GetUserNameExW

logoncli

DsGetDcNameW

netutils

NetApiBufferFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
ExitProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-localization-l1-2-0

FindNLSString
GetThreadLocale
GetUserDefaultLCID

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
LoadStringW
GetModuleFileNameW

mpr

WNetGetLastErrorW
WNetAddConnection2W
WNetCancelConnection2W

ws2_32

WSACleanup
WSAStartup
WSAGetLastError
inet_addr
GetNameInfoW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringW

api-ms-win-core-file-l1-1-0

ReadFile
GetFileType

api-ms-win-core-console-l1-1-0

SetConsoleMode
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapValidate
HeapSize

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-string-l2-1-0

CharUpperW

srvcli

NetServerGetInfo

framedynos

??H@YA?AVCHString@@AEBV0@0@Z
??0CHString@@QEAA@PEBG@Z
?AllocSysString@CHString@@QEBAPEAGXZ
?Mid@CHString@@QEBA?AV1@H@Z
?MakeLower@CHString@@QEAAXXZ
?Format@CHString@@QEAAXPEBGZZ
?SetAt@CHString@@QEAAXHG@Z
?Find@CHString@@QEBAHPEBG@Z
?Mid@CHString@@QEBA?AV1@HH@Z
?Left@CHString@@QEBA?AV1@H@Z
??4CHString@@QEAAAEBV0@AEBV0@@Z
?Find@CHString@@QEBAHG@Z
??1CHString@@QEAA@XZ
??0CHString@@QEAA@XZ
??H@YA?AVCHString@@PEBGAEBV0@@Z
??YCHString@@QEAAAEBV0@PEBG@Z
?Empty@CHString@@QEAAXXZ
?Compare@CHString@@QEBAHPEBG@Z
?GetData@CHString@@IEBAPEAUCHStringData@@XZ
??YCHString@@QEAAAEBV0@AEBV0@@Z
?ReleaseBuffer@CHString@@QEAAXH@Z
?GetBuffer@CHString@@QEAAPEAGH@Z
??4CHString@@QEAAAEBV0@PEBG@Z
?GetBufferSetLength@CHString@@QEAAPEAGH@Z
??H@YA?AVCHString@@AEBV0@PEBG@Z
??0CHString@@QEAA@PEBD@Z
?FindOneOf@CHString@@QEBAHPEBG@Z
??0CHString@@QEAA@AEBV0@@Z

ntdsapi

DsCrackNamesW
DsBindWithCredW
DsFreeNameResultW
DsUnBindW

secur32

TranslateNameW
GetComputerObjectNameW

user32

wsprintfW

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

Sections

.text
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gpupdate.exe
.exe windows:10 windows x64 arch:x64

9ee60ed92e0d28ba89665375114f7806

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

gpupdate.pdb

Imports

advapi32

InitiateSystemShutdownExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation

kernel32

GetLastError
LocalFree
GetCurrentProcess
GetConsoleOutputCP
WaitForMultipleObjects
SetThreadUILanguage
FormatMessageW
CloseHandle
CreateThread
HeapSetInformation
GetModuleHandleW
LocalReAlloc
Sleep
LocalAlloc

msvcrt

_wsetlocale
_wcsnicmp
__set_app_type
_XcptFilter
_amsg_exit
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
getwchar
towupper
_fmode
_ultow
__wgetmainargs
exit
_wcsicmp
wcstol
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
??1type_info@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_callnewh
_vsnwprintf
wprintf
malloc
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
__CxxFrameHandler4
??3@YAXPEAX@Z
_purecall
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??1exception@@UEAA@XZ

gpapi

ord115

api-ms-win-core-libraryloader-l1-2-0

LoadStringW

userenv

ForceSyncFgPolicy

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

ntdll

RtlConvertSidToUnicodeString
NtQueryInformationToken
RtlLengthSid
RtlCopySid

user32

ExitWindowsEx

wevtapi

EvtFormatMessage
EvtNext
EvtQuery
EvtOpenPublisherMetadata
EvtClose

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
DeleteCriticalSection

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
grpconv.exe
.exe windows:10 windows x64 arch:x64

df6575a8914fbe570472a31e0cecac12

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

grpconv.pdb

Imports

advapi32

RegEnumValueW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW

kernel32

lstrlenW
GlobalUnlock
GlobalFree
ExpandEnvironmentStringsW
GetWindowsDirectoryW
GetPrivateProfileSectionW
SetErrorMode
HeapSetInformation
GetThreadLocale
GetCommandLineW
GlobalAlloc
GetSystemWindowsDirectoryW
lstrcmpW
GlobalLock
lstrcmpiW
LocalFree
LocalAlloc

user32

LoadCursorW
SetCursor
CharNextW
LoadStringW

msvcrt

_commode
?terminate@@YAXXZ
_fmode
__set_app_type
__getmainargs
_XcptFilter
exit
_acmdln
_exit
__C_specific_handler
_initterm
__setusermatherr
_amsg_exit
_cexit
_ismbblead
memmove

comctl32

ord17
ord332
ord334
ord328

shell32

ord58
ord42
ord165
SHGetFolderPathEx
ord94
ord51
SHAddToRecentDocs
ord164
ord49
SHChangeNotify

shlwapi

ord456
ord158
StrToIntW
PathUnquoteSpacesW
PathGetArgsW
PathFileExistsW
PathAppendW
PathIsUNCW
PathGetDriveNumberW
PathFindFileNameW
PathRemoveFileSpecW

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeEx
CoCreateInstance

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetStartupInfoW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

imm32

ImmDisableIME

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hcsdiag.exe
.exe windows:10 windows x64 arch:x64

bc0760aed3654197b70538c4350c093a

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:33:b1:7a:5f:c5:68:9e:ae:9d:fb:c8:df:e9:71:bb:32:7e:f3:a6:ed:ce:2f:c1:48:8f:7b:2e:b8:80:b3:c2
Signer

Actual PE Digest

7c:33:b1:7a:5f:c5:68:9e:ae:9d:fb:c8:df:e9:71:bb:32:7e:f3:a6:ed:ce:2f:c1:48:8f:7b:2e:b8:80:b3:c2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

hcsdiag.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
wcspbrk

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_abort
_o_calloc
_o_exit
_o_fputws
_o_free
_o_malloc
_o_terminate
_o_wcstod
_o_wcstoul
__current_exception
__AdjustPointer
__CxxFrameHandler3
__current_exception_context
_CxxThrowException
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__crt_atexit
_o___stdio_common_vfwprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
_o___acrt_iob_func
__std_terminate
__C_specific_handler
__CxxFrameHandler4
memcpy
_o__configure_wide_argv

api-ms-win-core-file-l1-1-0

GetFullPathNameW
WriteFile
CreateFileW
DeleteFileW
ReadFile

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
CreateSemaphoreExW
SetEvent
TryAcquireSRWLockExclusive
CreateEventExW
ReleaseMutex
AcquireSRWLockExclusive
EnterCriticalSection
WaitForSingleObject
LeaveCriticalSection
WaitForSingleObjectEx
OpenSemaphoreW
InitializeCriticalSectionEx
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
ReleaseSemaphore
ResetEvent
CreateEventW
CreateMutexExW
InitializeSRWLock

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThread
OpenProcessToken
GetCurrentProcess
OpenThreadToken
TerminateProcess
GetCurrentThreadId

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-console-l1-1-0

SetConsoleMode
GetConsoleMode

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
RtlPcToFileHeader

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-io-l1-1-1

CancelSynchronousIo

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-heap-l2-1-0

LocalFree

rpcrt4

UuidCreate

api-ms-win-core-com-l1-1-0

CoGetObjectContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
SubmitThreadpoolWork
CloseThreadpoolWork

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
SleepConditionVariableSRW
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hdwwiz.exe
.exe windows:10 windows x64 arch:x64

26d48a889ba9de2719176b5803299c09

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

HdwWiz.pdb

Imports

kernel32

GetLastError
LoadLibraryW
GetProcAddress
ExitProcess
FreeLibrary
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
TerminateProcess

msvcrt

_fmode
_commode
?terminate@@YAXXZ
__C_specific_handler
_acmdln
_XcptFilter
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
help.exe
.exe windows:10 windows x64 arch:x64

ac4bf9c2ae25ada7a4716ebeaf3cc839

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

help.pdb

Imports

kernel32

GetConsoleOutputCP
GetStdHandle
WriteFile
SetThreadUILanguage
GetConsoleMode
FormatMessageW
HeapSetInformation
WriteConsoleW
LocalFree
WideCharToMultiByte
GetFileType
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
TerminateProcess

msvcrt

exit
__setusermatherr
_initterm
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
malloc
_wcsnicmp
free
_wsystem
wcscat_s
wcscpy_s
_ultow
setlocale
_cexit

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hnsdiag.exe
.exe windows:10 windows x64 arch:x64

2f3534aa4709e69760c6fd89f3674872

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

hnsdiag.pdb

Imports

api-ms-win-crt-string-l1-1-0

wcsnlen
memset
strcspn

api-ms-win-crt-locale-l1-1-0

_unlock_locales
_lock_locales

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsdup
_o_abort
_o_calloc
_o_exit
_o_fputws
_o_free
_o_frexp
_o_localeconv
_o_malloc
_o_realloc
_o_setlocale
_o_terminate
_o_wcstod
__uncaught_exception
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__calloc_base
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___stdio_common_vfprintf
_o___std_exception_destroy
_o___acrt_iob_func
_o____mb_cur_max_func
_o____lc_locale_name_func
_o___std_exception_copy
_o___pctype_func
_o____lc_codepage_func
__CxxFrameHandler3
_o___p__commode
_o___p___wargv
_o___p___argc
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
GetModuleHandleW

rpcrt4

RpcStringFreeW
UuidFromStringW
UuidToStringW

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
AcquireSRWLockShared
EnterCriticalSection
ReleaseSRWLockShared
ReleaseSemaphore
DeleteCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
LeaveCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
WaitForSingleObject
CreateMutexExW
ReleaseMutex

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal
GetStringTypeW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW
LCMapStringEx

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-com-l1-1-0

CoTaskMemFree

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ext-ms-win-hyperv-computenetwork-l1-1-0

HcnDeleteNetwork
HcnQueryNamespaceProperties
HcnDeleteEndpoint
HcnEnumerateNetworks
HcnEnumerateLoadBalancers
HcnQueryEndpointProperties
HcnCloseNamespace
HcnCloseLoadBalancer
HcnQueryNetworkProperties
HcnOpenNetwork
HcnEnumerateEndpoints
HcnDeleteNamespace
HcnQueryLoadBalancerProperties
HcnCloseEndpoint
HcnOpenEndpoint
HcnDeleteLoadBalancer
HcnOpenLoadBalancer
HcnEnumerateNamespaces
HcnOpenNamespace
HcnCloseNetwork

computenetwork

HcnFreeGuestNetworkPortReservations
HcnEnumerateGuestNetworkPortReservations
HcnCloseGuestNetworkService
HcnOpenGuestNetworkService
HcnEnumerateGuestNetworkServices
HcnQueryGuestNetworkServiceProperties

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventRegister
EventWriteTransfer

iphlpapi

GetAdaptersAddresses

ntdll

RtlFreeHeap
RtlAllocateHeap

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

Sections

.text
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hvax64.exe
.exe windows:10 windows x64 arch:x64

d5aec1c1f764856cfb4155cee3321234

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c7:91:ad:13:03:55:23:e4:e3:5a:b1:1e:4e:88:62:2c:10:da:1c:d8:1e:05:ee:e3:e4:04:ca:37:62:da:e2:a0
Signer

Actual PE Digest

c7:91:ad:13:03:55:23:e4:e3:5a:b1:1e:4e:88:62:2c:10:da:1c:d8:1e:05:ee:e3:e4:04:ca:37:62:da:e2:a0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

hvax64.pdb

Imports

kdstub

KdInitializeLibrary

Exports

Exports

HvImageInfo
SvmBootInfo

Sections

.rdata
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 114B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CONST
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 95B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

GFIDS
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 772KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Pad1
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Pad2
Size: - Virtual size: 564KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hvix64.exe
.exe windows:10 windows x64 arch:x64

d5aec1c1f764856cfb4155cee3321234

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

71:d7:03:ea:48:a6:48:65:1e:ac:33:44:28:4f:e4:40:31:12:b3:9a:f5:0f:3e:a0:47:03:fc:ea:2c:9e:8a:6b
Signer

Actual PE Digest

71:d7:03:ea:48:a6:48:65:1e:ac:33:44:28:4f:e4:40:31:12:b3:9a:f5:0f:3e:a0:47:03:fc:ea:2c:9e:8a:6b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

hvix64.pdb

Imports

kdstub

KdInitializeLibrary

Exports

Exports

HvImageInfo
VmxBootInfo

Sections

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 114B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CONST
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 95B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

GFIDS
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 783KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Pad1
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Pad2
Size: - Virtual size: 396KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
icacls.exe
.exe windows:10 windows x64 arch:x64

446163a548337b5bcf2727bcd1cfb399

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

icacls.pdb

Imports

msvcrt

__wgetmainargs
free
_amsg_exit
printf
_wfopen
__set_app_type
exit
feof
_wcsnicmp
wcschr
swprintf_s
_XcptFilter
wcscat_s
malloc
wcscpy_s
_exit
fputws
_cexit
__C_specific_handler
_local_unwind
realloc
_ultow
?terminate@@YAXXZ
_wcsdup
_commode
wcsncpy_s
fclose
_wcsicmp
wcsrchr
_fmode
_initterm
fgetwc
_wperror
calloc
__setusermatherr
memcpy

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
NtOpenFile
RtlNtStatusToDosError
RtlFreeHeap
RtlVirtualUnwind
RtlIsCapabilitySid
NtClose
RtlReleaseRelativeName
RtlIsPackageSid
RtlDosPathNameToRelativeNtPathName_U
NtQueryInformationFile

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW
LookupAccountNameW
LookupPrivilegeValueW

api-ms-win-core-file-l1-1-0

GetFileType
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
GetFinalPathNameByHandleW
WriteFile

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorDacl
GetSecurityDescriptorControl
AdjustTokenPrivileges
GetSecurityDescriptorSacl
CopySid
DeleteAce
IsValidAcl
AddAce
SetSecurityAccessMask
InitializeAcl
GetLengthSid
EqualSid
IsValidSid

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-security-sddl-l1-1-0

ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-console-l1-1-0

GetConsoleMode
WriteConsoleW

api-ms-win-core-localization-l1-2-0

SetThreadPreferredUILanguages
FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-security-provider-l1-1-0

GetSecurityInfo
SetSecurityInfo

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
icsunattend.exe
.exe windows:10 windows x64 arch:x64

000a1ab01b6fc837af5a26b5a9854a1c

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:3e:00:bf:41:f8:cc:f1:2e:a7:fb:dd:12:36:4d:a0:ba:c3:d1:ab:b8:47:09:2c:31:8a:3e:cb:1a:62:ab:2b
Signer

Actual PE Digest

57:3e:00:bf:41:f8:cc:f1:2e:a7:fb:dd:12:36:4d:a0:ba:c3:d1:ab:b8:47:09:2c:31:8a:3e:cb:1a:62:ab:2b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

icsunattend.pdb

Imports

msvcrt

swprintf_s
__getmainargs
__set_app_type
exit
_exit
_cexit
_callnewh
_amsg_exit
malloc
free
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
_XcptFilter
__setusermatherr
memset

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
StringFromCLSID
CoCreateInstance
CoTaskMemFree
CLSIDFromString

api-ms-win-core-synch-l1-1-0

CreateEventW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-ole32-ie-l1-1-0

CoInitialize

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ie4uinit.exe
.exe windows:10 windows x64 arch:x64

65d99e4356d5139d31c3a6e8825c5f66

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ie4uinit.pdb

Imports

advapi32

RegQueryValueExW
RegEnumValueW
ConvertSidToStringSidW
EventUnregister
RegOpenKeyExW
FreeSid
RegSetValueExW
EventSetInformation
RegCreateKeyExW
EventRegister
RegCloseKey
RegSetValueW
RegOpenKeyW
RegDeleteValueW
RegCreateKeyW
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
CryptSetKeyParam
CryptDeriveKey
CryptGetKeyParam
CryptEncrypt
CryptDestroyKey
CryptVerifySignatureW
CryptSetHashParam
CryptGenRandom
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
EventWriteEx
RegGetValueW
EventWriteTransfer
GetSecurityDescriptorSacl
GetAce
SetNamedSecurityInfoW
CopySid
GetNamedSecurityInfoW
ConvertStringSidToSidW
IsValidSid
OpenProcessToken
GetKernelObjectSecurity
AddAccessAllowedAceEx
GetLengthSid
RegSetKeyValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CheckTokenMembership
GetTokenInformation
OpenThreadToken

kernel32

LockResource
DeleteFileW
CloseHandle
LoadResource
OpenFileMappingW
GetCurrentThread
QueryPerformanceFrequency
GetExitCodeProcess
GetTempPath2W
GetTempFileNameW
DuplicateHandle
CompareStringOrdinal
ExpandEnvironmentStringsW
GetStdHandle
GetLocalTime
CreateThread
FindResourceW
FormatMessageW
GetVersionExA
CreateEventW
WaitForSingleObject
SetFilePointer
lstrcmpW
GetTickCount
DelayLoadFailureHook
ResolveDelayLoadedAPI
CreateFile2
RemoveDirectoryW
AcquireSRWLockShared
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
QueueUserWorkItem
GetCurrentDirectoryW
SetEvent
FlushViewOfFile
CreateProcessW
GetSystemTime
MapViewOfFile
CreateFileMappingW
FlushFileBuffers
SetEndOfFile
LCMapStringW
GetFullPathNameW
OpenMutexW
GetFileSizeEx
SetFileTime
UnmapViewOfFile
MultiByteToWideChar
CreateMutexW
LocaleNameToLCID
DeleteCriticalSection
LoadLibraryW
GetSystemInfo
GetUserPreferredUILanguages
InitializeCriticalSection
LeaveCriticalSection
GetProductInfo
EnterCriticalSection
GetFileAttributesW
IsDebuggerPresent
DebugBreak
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
ReleaseMutex
GetModuleHandleExW
ReleaseSemaphore
SetLastError
CreateSemaphoreExW
GetModuleFileNameA
WideCharToMultiByte
GetNativeSystemInfo
IsWow64Process
InitOnceExecuteOnce
RaiseFailFastException
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetFileAttributesW
GetVersionExW
CreateFileW
FindClose
GetShortPathNameW
WriteFile
GetCurrentProcess
FindNextFileW
SetPriorityClass
FindFirstFileExW
FindFirstFileW
SizeofResource
ReadFile
LoadLibraryExW
VerifyVersionInfoW
FreeLibrary
GetModuleHandleW
GetProcessHeap
VerSetConditionMask
LocalFree
GetProcAddress
HeapAlloc
HeapSetInformation
RaiseException
GetLastError
Sleep
GetSystemDirectoryW
GetEnvironmentVariableW
SetErrorMode
GetModuleFileNameW
HeapFree
SystemTimeToFileTime
SetCurrentDirectoryW
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW

user32

PostMessageW
LoadStringW
CharNextW
PostThreadMessageW
SendMessageTimeoutW
GetMessageW
GetShellWindow

msvcrt

wcschr
wcsncmp
iswalpha
?terminate@@YAXXZ
wcscpy_s
wcscat_s
_vsnwprintf_s
fgetws
fclose
wcsncpy_s
wcsnlen
strnlen
isalnum
_wfopen_s
swscanf_s
wcsrchr
_wcsnicmp
_time64
memcpy_s
_vsnwprintf
rand_s
_wtoi
_ultow_s
memmove_s
_wcsicmp
_CxxThrowException
memcmp
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_wcmdln
_fmode
_commode
_lock
_unlock
sprintf_s
__dllonexit
_onexit
??1type_info@@UEAA@XZ
wcspbrk
memset

shell32

CommandLineToArgvW
SHChangeNotify
SHCreateItemFromParsingName
SHGetKnownFolderPath
ord155
ord165
ord526
SHGetSpecialFolderLocation
SHSetLocalizedName
ord190
SHGetDesktopFolder
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetFolderPathW

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtClose

ieadvpack

ExecuteCabW

shlwapi

StrCmpIW
SHRegSetUSValueW
StrCmpNIW
ord388
PathFileExistsW
SHDeleteKeyW
ord158
PathRemoveBlanksW
PathFindFileNameW
PathRemoveExtensionW
SHGetValueW
SHSetValueW
PathIsURLW
UrlCanonicalizeW
UrlCreateFromPathW
UrlApplySchemeW
ord2
StrCmpNIA
ord487
StrCmpNA
StrCmpNW
UrlEscapeW
UrlUnescapeW
StrCmpW
ord433
ord219
StrStrIW
SHStrDupW
PathIsNetworkPathW
SHDeleteValueW
SHRegGetUSValueW
SHRegDeleteUSValueW
StrStrW
StrTrimW
SHCopyKeyW

iertutil

ord282
ord281
ord654
ord652
ord662
ord38
ord672
ord677
ord660
ord653
ord33
ord650
ord657
ord655
ord651
ord665
ord675
ord656
ord820
ord57
ord149
ord99
ord37
ord701
ord796
ord682
ord91
ord76
ord90
ord81
ord74
ord79
ord85
ord791
ord678
ord134
ord690
ord793
ord139
ord594
ord398
ord597
ord78
ord50

oleaut32

VariantCopy
VarBstrCmp
SysAllocStringByteLen
VariantInit
VariantClear
SysFreeString
VarBstrCat
SysAllocString
SysStringLen
SysAllocStringLen
SysStringByteLen

ole32

OleUninitialize
OleInitialize
PropVariantClear
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoInitializeEx
CoCreateGuid

iedkcs32

BrandIEActiveSetup

kernelbase

GetSystemDefaultLocaleName
GetUserDefaultLocaleName
LocalAlloc
OpenGlobalizationUserSettingsKey

crypt32

CertGetNameStringW
CryptStringToBinaryA
CryptBinaryToStringA
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CryptStringToBinaryW
CertOpenStore
CertCreateCertificateContext
CertAddCertificateContextToStore
CertFreeCertificateContext
CertCloseStore
CertFindCertificateInStore
CryptImportPublicKeyInfo
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CryptHashCertificate
CertEnumCertificatesInStore
CertGetCertificateContextProperty

urlmon

CreateIUriBuilder
CreateUri

wininet

InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetCanonicalizeUrlW
InternetConnectW
InternetCrackUrlW
InternetOpenW
InternetCloseHandle

netapi32

NetApiBufferFree
NetGetJoinInformation

diagnosticdatasettings

TelIsTelemetryTypeAllowed

version

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

mlang

ord123

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ie4ushowIE.exe
.exe windows:10 windows x64 arch:x64

7c773635e988a2c9f0162df72b65d60d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ie4ushowIE.pdb

Imports

advapi32

RegSetValueW
RegQueryValueExW
RegEnumValueW
RegOpenKeyW
RegDeleteValueW
RegCreateKeyW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegCloseKey
EventUnregister
EventRegister
CryptDestroyKey
CryptDestroyHash
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptGetKeyParam
CryptEncrypt
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
EventWriteTransfer
GetSecurityDescriptorSacl
GetAce
SetNamedSecurityInfoW
CopySid
GetNamedSecurityInfoW
ConvertStringSidToSidW
IsValidSid
OpenProcessToken
GetKernelObjectSecurity
AddAccessAllowedAceEx
GetLengthSid

kernel32

HeapSetInformation
RaiseException
GetEnvironmentVariableW
SetErrorMode
GetModuleHandleExW
LocalFree
GetLocalTime
CreateThread
SetEvent
FormatMessageW
CreateEventW
WaitForSingleObject
DelayLoadFailureHook
LoadLibraryExA
AcquireSRWLockShared
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
AcquireSRWLockExclusive
CloseThreadpoolTimer
ReleaseSRWLockExclusive
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FlushViewOfFile
SystemTimeToFileTime
GetSystemTime
MapViewOfFile
CreateFileMappingW
FlushFileBuffers
SetEndOfFile
LCMapStringW
GetFullPathNameW
DuplicateHandle
CreateMutexW
OpenMutexW
GetFileSizeEx
SetFileTime
UnmapViewOfFile
IsDebuggerPresent
DebugBreak
CreateMutexExW
HeapAlloc
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
ReleaseMutex
LocalAlloc
ReleaseSemaphore
SetFilePointer
LoadLibraryExW
lstrcmpW
GetTickCount
FreeLibrary
GetModuleHandleW
GetProcAddress
SetCurrentDirectoryW
GetCurrentDirectoryW
FindResourceW
LoadResource
CloseHandle
DeleteFileW
LockResource
GetVersionExA
GetLastError
Sleep
SetFileAttributesW
GetVersionExW
CreateFileW
FindClose
GetModuleFileNameW
GetShortPathNameW
WriteFile
FindNextFileW
FindFirstFileExW
FindFirstFileW
SizeofResource
ReadFile
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
IsWow64Process
ExpandEnvironmentStringsW
GetNativeSystemInfo
WideCharToMultiByte
InitOnceExecuteOnce
HeapFree
GetProcessHeap
GetModuleFileNameA
CreateSemaphoreExW
SetLastError

user32

LoadStringW
PostThreadMessageW
PostMessageW
GetMessageW

msvcrt

memset
wcspbrk
iswalpha
wcschr
wcsncmp
wcscat_s
_purecall
memmove_s
_initterm
__setusermatherr
_cexit
_exit
_lock
_onexit
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
free
wcsrchr
_wcsnicmp
memcpy_s
_vsnwprintf
_commode
?terminate@@YAXXZ
_wcsicmp
__C_specific_handler
_wcmdln
__set_app_type
__dllonexit
exit
_fmode
memcmp
_unlock

shell32

SHCreateItemFromParsingName
SHChangeNotify
SHGetSpecialFolderPathW
SHGetDesktopFolder
ord190
ord155
SHGetFolderPathW
CommandLineToArgvW
SHGetSpecialFolderLocation
SHGetKnownFolderPath
SHSetLocalizedName
ord165
SHCreateDirectoryExW

ntdll

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

shlwapi

PathRemoveBlanksW
StrCmpIW
PathRemoveExtensionW
SHGetValueW
SHSetValueW
ord158
PathFindFileNameW
SHDeleteValueW
StrCmpNIW
PathIsNetworkPathW
StrTrimW
StrStrIW
PathFileExistsW

oleaut32

SysAllocString
SysFreeString

ole32

OleInitialize
PropVariantClear
CoInitializeEx
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoTaskMemFree
OleUninitialize

crypt32

CertOpenStore
CertEnumCertificatesInStore
CertCloseStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CryptImportPublicKeyInfo

version

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ieUnatt.exe
.exe windows:10 windows x64 arch:x64

1e4db10099a98336fe15aa0094b09cac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ieUnAtt.pdb

Imports

advapi32

RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW

kernel32

GetModuleHandleExW
ReleaseSemaphore
CreateSemaphoreExW
GetModuleFileNameA
FormatMessageW
WaitForSingleObject
ExpandEnvironmentStringsW
ReleaseMutex
GetFullPathNameW
CreateDirectoryW
GetFileAttributesW
LoadLibraryExW
FreeLibrary
GetProcessHeap
DeleteCriticalSection
GetProcAddress
HeapAlloc
CloseHandle
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
DebugBreak
IsDebuggerPresent
lstrcmpiW
LocalFree
GetLastError
GetCommandLineW
WritePrivateProfileStringW
LocalAlloc
Sleep
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
HeapFree
SetLastError
EnterCriticalSection
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection

msvcrt

_vsnprintf
wcsrchr
wcschr
memcpy_s
wcspbrk
iswalpha
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
free
_callnewh
malloc
wcsncmp
_wcsnicmp
_itow_s
iswspace
_vsnwprintf
memset

shell32

SHGetFolderPathW
CommandLineToArgvW

shlwapi

ord158
StrCmpW
StrChrW

user32

LoadStringW

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
RtlAllocateHeap
RtlFreeHeap

api-ms-win-core-com-l1-1-0

CoCreateGuid
StringFromGUID2

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iexpress.exe
.exe windows:10 windows x64 arch:x64

eb7245009d5161bc32c51ea9dcb81d49

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

iexpress.pdb

Imports

kernel32

CloseHandle
GetSystemInfo
WritePrivateProfileStringA
SetFileAttributesA
GetProcAddress
LocalFree
GetModuleHandleW
lstrcmpiA
CreateProcessA
CreateDirectoryA
FormatMessageA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileSectionA
GetExitCodeProcess
EnumResourceLanguagesA
SizeofResource
MoveFileA
SetLastError
LoadLibraryExA
EnumResourceNamesA
EnumResourceTypesA
UnmapViewOfFile
FreeResource
_llseek
GetFileInformationByHandle
GetTempPathA
FindResourceExA
CreateFileA
GlobalAlloc
GlobalFree
LoadResource
GlobalLock
CreateFileMappingA
_lread
FreeLibrary
_lclose
GetTempFileNameA
MapViewOfFile
GetTickCount
GlobalUnlock
_lwrite
GetCurrentDirectoryA
GetSystemTime
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesA
GetLastError
CopyFileA
CompareStringA
GetVersion
DeleteFileA
GetPrivateProfileSectionA
lstrcmpA
LocalAlloc
FindClose
GetFullPathNameA
GetUserDefaultUILanguage
WriteFile
FindFirstFileA
GetModuleFileNameA
Sleep
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetVersionExA
IsDBCSLeadByte
ReadFile
LockResource
GetShortPathNameA

gdi32

CreateFontIndirectA
DeleteObject
GetObjectA
GetDeviceCaps
CreateFontIndirectW
GetStockObject

user32

GetDlgItemTextA
ShowWindow
CheckRadioButton
GetWindowRect
SystemParametersInfoW
CharPrevA
CheckDlgButton
CharNextA
DispatchMessageA
GetDC
LoadStringA
PostMessageA
GetSystemMetrics
MessageBeep
IsDlgButtonChecked
CallWindowProcA
MessageBoxA
SetFocus
SendDlgItemMessageA
SendMessageA
GetDlgItem
PeekMessageA
GetWindowLongPtrA
GetParent
SetWindowLongPtrA
ReleaseDC
EnableWindow
MsgWaitForMultipleObjects
SetDlgItemTextA

msvcrt

_itoa_s
strtok
toupper
_commode
memcpy
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_fmode
?terminate@@YAXXZ
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
wcsncmp
mbstowcs
malloc
_splitpath_s
strchr
free
strtoul
_vsnprintf
memcpy_s
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

comctl32

CreatePropertySheetPageA
PropertySheetA
DestroyPropertySheetPage

comdlg32

GetOpenFileNameA
GetSaveFileNameA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

imagehlp

CheckSumMappedFile

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
immersivetpmvscmgrsvr.exe
.exe windows:10 windows x64 arch:x64

30e06e4a84d544725801993d6c1fac32

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ImmersiveTpmVscMgrSvr.pdb

Imports

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey

kernel32

GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
InitializeCriticalSection
GetCommandLineW
SetEvent
DeleteCriticalSection
RaiseException
Sleep
GetModuleFileNameW
LoadLibraryExW
CreateEventW
CreateThread
RaiseFailFastException
ResolveDelayLoadedAPI
DelayLoadFailureHook

user32

PostThreadMessageW
CharUpperW
GetMessageW
TranslateMessage
DispatchMessageW
GetSystemMetrics
UnregisterClassA
CharNextW

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
__current_exception
__current_exception_context
_CxxThrowException
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
__C_specific_handler_noexcept
_o___stdio_common_vswprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___stdio_common_vsnprintf_s
memcpy
_o___p__commode
memmove

oleaut32

SysAllocString
LoadTypeLi
SysStringLen
SysFreeString
RegisterTypeLi
UnRegisterTypeLi

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoResumeClassObjects
StringFromGUID2
CoGetMalloc
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoSuspendClassObjects
CoSetProxyBlanket
CoTaskMemFree
CoCreateGuid

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-libraryloader-l1-2-0

LockResource
FindResourceExW
FreeLibrary
LoadResource

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchRemoveFileSpec

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

api-ms-win-security-base-l1-1-0

CreateWellKnownSid

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-file-l1-1-0

CreateDirectoryW

bcrypt

BCryptDestroyKey
BCryptEncrypt
BCryptOpenAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptGetProperty
BCryptCloseAlgorithmProvider

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventActivityIdControl

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-heap-l1-1-0

HeapReAlloc

profapi

ord104

ntdll

RtlNtStatusToDosErrorNoTeb
RtlNtStatusToDosError

setupapi

SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInfoW
SetupGetInfDriverStoreLocationW
SetupDiGetDevicePropertyW
SetupDiCreateDeviceInfoList
SetupDiSetDevicePropertyW

winscard

SCardEstablishContext
SCardGetReaderDeviceInstanceIdW
SCardReleaseStartedEvent
SCardListReadersW
SCardAccessStartedEvent
SCardListReadersWithDeviceInstanceIdW
SCardDisconnect
SCardConnectW
SCardReleaseContext
SCardGetStatusChangeW
SCardListCardsW
SCardGetCardTypeProviderNameW
SCardBeginTransaction
SCardReconnect
SCardEndTransaction
SCardFreeMemory

Sections

.text
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ipconfig.exe
.exe windows:10 windows x64 arch:x64

ab420ecb16a81fbe9863414ae68c8445

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ipconfig.pdb

Imports

msvcrt

wcschr
_write
_initterm
toupper
exit
fflush
?terminate@@YAXXZ
_XcptFilter
__C_specific_handler
memcpy
_amsg_exit
__setusermatherr
__wgetmainargs
__iob_func
_fileno
_wcsicmp
_setmode
fgetpos
__set_app_type
_exit
_fmode
_commode
_cexit
setlocale
_vsnwprintf
fwprintf
_get_osfhandle
memset

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleW

iphlpapi

ConvertGuidToStringW
ConvertInterfaceLuidToGuid
FreeInterfaceDnsSettings
GetAdaptersAddresses
SetCurrentThreadCompartmentId
GetCurrentThreadCompartmentId
GetNetworkParams
ConvertInterfaceLuidToNameW
GetInterfaceDnsSettings
ConvertLengthToIpv4Mask
ConvertInterfaceIndexToLuid

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
WideCharToMultiByte

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-console-l1-1-0

GetConsoleMode

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime
GetFileType

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageW

dhcpcsvc

DhcpEnumClasses
DhcpHandlePnPEvent
DhcpReleaseParameters
DhcpAcquireParameters

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW

ntdll

RtlIpv4AddressToStringExW
RtlIpv6AddressToStringW
RtlFreeUnicodeString
RtlIpv6AddressToStringExW
RtlStringFromGUID

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetComputerNameExW
GetTickCount

dhcpcsvc6

Dhcpv6AcquireParameters
Dhcpv6SetUserClass
Dhcpv6GetUserClasses
Dhcpv6IsEnabled
Dhcpv6ReleaseParameters

ws2_32

InetNtopW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

dnsapi

DnsFree
DnsFreeConfigStructure
DnsQueryConfigAllocEx
DnsGetCacheDataTableEx
DnsQuery_W
DnsRecordStringForType
DnsResolverOp
DnsFlushResolverCache

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

nsi

NsiSetAllParameters
NsiGetAllParameters
NsiFreeTable
NsiAllocateAndGetTable

api-ms-win-security-base-l1-1-0

CheckTokenMembership
AllocateAndInitializeSid
FreeSid

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iscsicli.exe
.exe windows:10 windows x64 arch:x64

40b046298a14421629c4c5b5fea9f90e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

iscsicli.pdb

Imports

msvcrt

memcpy
?terminate@@YAXXZ
_wcsicmp
_fmode
_initterm
__setusermatherr
_cexit
_exit
__iob_func
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_wcstoui64
feof
fgetws
vswprintf_s
_wtoi
_vsnwprintf
__C_specific_handler
_commode
memset

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
GetStdHandle

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileType
WriteFile

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

ws2_32

WSAStartup
WSACleanup
WSAStringToAddressA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-devices-config-l1-1-1

CM_Get_DevNode_Registry_PropertyW

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleHandleW

api-ms-win-core-console-l1-1-0

WriteConsoleW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-windowserrorreporting-l1-1-3

RegisterApplicationRestart

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

iscsidsc

LogoutIScsiTarget
GetIScsiSessionListW
ReportIScsiInitiatorListW
RemoveIScsiStaticTargetW
RefreshISNSServerW
RemoveIScsiConnection
ClearPersistentIScsiDevices
SetupPersistentIScsiVolumes
ReportIScsiPersistentLoginsW
SendScsiInquiry
AddISNSServerW
RemoveISNSServerW
RefreshIScsiSendTargetPortalW
SetIScsiIKEInfoW
LoginIScsiTargetW
SetIScsiInitiatorCHAPSharedSecret
GetDevicesForIScsiSessionW
AddIScsiStaticTargetW
RemoveIScsiPersistentTargetW
SendScsiReadCapacity
SetIScsiGroupPresharedKey
GetIScsiVersionInformation
ReportISNSServerListW
AddIScsiConnectionW
ReportIScsiSendTargetPortalsExW
RemovePersistentIScsiDeviceW
AddPersistentIScsiDeviceW
SetIScsiTunnelModeOuterAddressW
SendScsiReportLuns
ReportIScsiTargetsW
GetIScsiInitiatorNodeNameW
GetIScsiIKEInfoW
SetIScsiInitiatorNodeNameW
RemoveIScsiSendTargetPortalW
GetIScsiTargetInformationW
AddIScsiSendTargetPortalW
ReportPersistentIScsiDevicesW
ReportActiveIScsiTargetMappingsW

iscsium

DiscpFreeMemory
DiscpFreeDeviceInterfaceList
DiscpSetRegistryValue
DiscpAllocMemory
DiscpExecuteMethod
DiscpEnumerateDeviceInterfaces
DiscpTextAddrToBinary

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iscsicpl.exe
.exe windows:10 windows x64 arch:x64

23b7709c37b2c36ea9464f15dea83d64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

iscsicpl.pdb

Imports

kernel32

GetCurrentProcessId
lstrcmpW
UnhandledExceptionFilter
GetLocaleInfoW
EnumUILanguagesW
GetUserDefaultUILanguage
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
TerminateProcess
GetCurrentProcess

gdi32

GetStockObject

user32

RegisterClassW
DestroyIcon
GetWindowLongPtrW
LoadCursorW
SendMessageW
CreateWindowExW
SetWindowLongPtrW
DestroyWindow
CharNextW
CharUpperBuffW
GetClassNameW
DefWindowProcW
GetWindow

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
__setusermatherr
memset

shell32

Control_RunDLL

shlwapi

ord10

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
isoburn.exe
.exe windows:10 windows x64 arch:x64

3e37124ba821088b03aee74827d76a53

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

isoburn.pdb

Imports

advapi32

EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
EventActivityIdControl
EventWrite
EventEnabled
RegCloseKey
RegOpenKeyExW
RegEnumKeyW

kernel32

GetModuleFileNameA
DebugBreak
GetModuleHandleW
GetProcAddress
GetLastError
IsDebuggerPresent
OutputDebugStringW
SetLastError
CloseHandle
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
AcquireSRWLockExclusive
GetModuleHandleExW
DeleteCriticalSection
WaitForSingleObject
OpenSemaphoreW
LeaveCriticalSection
CreateThread
PowerCreateRequest
PowerSetRequest
PowerClearRequest
CompareStringOrdinal
InitOnceBeginInitialize
GetCurrentProcessId
CreateMutexExW
InitOnceComplete
CreateSemaphoreExW
ReleaseSRWLockExclusive
InitializeCriticalSection
LocalFree
GetTickCount64
GetVolumePathNamesForVolumeNameW
RaiseException
HeapDestroy
GetCommandLineW
GetStartupInfoW
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
FormatMessageW
EnterCriticalSection

user32

SetWindowLongPtrW
MessageBoxW
EndDialog
SetTimer
GetDlgItem
EnableWindow
IsDlgButtonChecked
SendDlgItemMessageW
ShowWindow
GetDesktopWindow
KillTimer
PostMessageW
SetFocus
SetDlgItemTextW
RegisterWindowMessageW
LoadIconW
SetWindowTextW
LoadStringW
DialogBoxParamW
SendMessageW

msvcrt

_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_XcptFilter
_ismbblead
_callnewh
__setusermatherr
_initterm
_acmdln
memcmp
_cexit
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
malloc
free
isalpha
memcpy_s
_vsnwprintf
__C_specific_handler
toupper
memset

shlwapi

SHRegGetValueW
ord158
ord388
PathFindFileNameW

oleaut32

SysFreeString
SysAllocString
VariantClear
SysStringLen
LoadRegTypeLi
DispCallFunc

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitializeEx

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

comctl32

ord386
ord329
ord328
ord332
ord334

uxtheme

EnableThemeDialogTexture

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
klist.exe
.exe windows:10 windows x64 arch:x64

85207cdd890ace87bf7ef7906d90318b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

klist.pdb

Imports

msvcrt

_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__wgetmainargs
memcpy
?terminate@@YAXXZ
_vsnwprintf
_XcptFilter
free
_callnewh
malloc
wcstoul
wcstol
_wcsicmp
fwprintf
sprintf_s
_snwprintf_s
exit
_wsetlocale
_amsg_exit
__iob_func
memset

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

EqualSid
GetLengthSid
SetKernelObjectSecurity
GetTokenInformation
IsValidSid
CreateWellKnownSid
SetSecurityDescriptorDacl
CopySid
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
DuplicateTokenEx
GetKernelObjectSecurity
GetSidSubAuthorityCount
GetSidLengthRequired

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-psapi-l1-1-0

K32EnumProcesses

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FreeLibrary
LoadStringW
GetProcAddress

api-ms-win-core-file-l1-1-0

WriteFile
FileTimeToLocalFileTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

sspicli

LsaEnumerateLogonSessions

logoncli

DsGetDcNameW

netutils

NetApiBufferFree

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
OpenThreadToken
GetCurrentThreadId
GetCurrentThread
TerminateProcess
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

ext-ms-win-advapi32-lsa-l1-1-2

LsaNtStatusToWinError

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-security-trustee-l1-1-0

BuildTrusteeWithSidW

ntdll

RtlIpv6StringToAddressExW
RtlInitUnicodeString
RtlAdjustPrivilege
RtlInitString
RtlInitUnicodeStringEx
NtQueryInformationToken
NtDuplicateToken
NtOpenThreadToken
NtSetInformationThread
RtlIpv4StringToAddressExW
NtClose

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ksetup.exe
.exe windows:10 windows x64 arch:x64

5527a2a68b8c18db5e49e2664c4a8b67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ksetup.pdb

Imports

msvcrt

_amsg_exit
_XcptFilter
wcsncmp
fgetws
__wgetmainargs
_exit
_snwprintf_s
_cexit
wcsncat_s
wcschr
fwprintf
_wsetlocale
?terminate@@YAXXZ
realloc
_initterm
memcpy
_commode
_wcsicmp
__set_app_type
__C_specific_handler
_fmode
_wcsdup
wcstoul
exit
wcscpy_s
free
_vsnprintf
fprintf
wcsstr
malloc
isspace
getchar
iswalpha
iswupper
printf
__setusermatherr
_vsnwprintf
__iob_func
memset

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumValueW
RegQueryValueExW
RegDeleteValueW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

wldap32

ord50
ord34
ord41
ord27
ord26
ord211
ord146
ord30
ord156
ord73
ord13
ord170

api-ms-win-core-sysinfo-l1-2-0

SetComputerNameExW

logoncli

DsGetDcNameW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

sspicli

LsaCallAuthenticationPackage
LsaLookupAuthenticationPackage
LsaConnectUntrusted
LsaFreeReturnBuffer

srvcli

NetServerGetInfo

netutils

NetApiBufferFree

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleHandleW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-console-l1-1-0

GetConsoleMode
GetConsoleOutputCP
SetConsoleMode

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-file-l1-1-0

WriteFile

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

advapi32

LsaSetTrustedDomainInfoByName
LsaFreeMemory
LsaSetInformationPolicy
RegDeleteKeyW
LsaClose
LsaQueryTrustedDomainInfoByName
RegConnectRegistryW
LsaQueryInformationPolicy
LsaOpenPolicy
LsaStorePrivateData

kernel32

lstrcmpiW
lstrcmpW
GetComputerNameW

ntdll

RtlInitString
RtlInitUnicodeString
RtlCompareUnicodeString

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ktmutil.exe
.exe windows:10 windows x64 arch:x64

af7b616a91124c80d5ac086429b5fd63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ktmutil.pdb

Imports

msvcrt

_wcsicmp
?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
__wgetmainargs
_amsg_exit
_XcptFilter
exit
wprintf
free
malloc
__C_specific_handler
setlocale
__set_app_type

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlCompareMemory
NtQueryInformationEnlistment
NtOpenEnlistment
NtOpenResourceManager
NtQueryInformationTransactionManager
NtOpenTransactionManager
NtEnumerateTransactionObject
NtQueryInformationTransaction
NtOpenTransaction
RtlStringFromGUID
RtlNtStatusToDosError
RtlFreeUnicodeString

ktmw32

OpenEnlistment
CommitEnlistment
RollbackEnlistment
CommitComplete
RecoverEnlistment
OpenResourceManager
OpenTransactionManagerById

kernel32

GetCurrentProcess
GetModuleHandleW
LocalFree
FormatMessageW
WriteFile
GetConsoleOutputCP
WideCharToMultiByte
WriteConsoleW
GetConsoleMode
GetFileType
CloseHandle
GetLastError
GetVersionExW
HeapSetInformation
SetThreadUILanguage
Sleep
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
GetStdHandle
UnhandledExceptionFilter
TerminateProcess

advapi32

AllocateAndInitializeSid
CheckTokenMembership
FreeSid

ole32

IIDFromString

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
la57setup.exe
.exe windows:10 windows x64 arch:x64

f4691b4f528785bb036c81d887aea94e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

la57setup.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o_exit
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___p__commode
_o___p___wargv
_o___p___argc
_o__set_new_mode

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
WriteConsoleW
GetConsoleMode

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-file-l1-1-0

GetFileType
WriteFile

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

dismapi

DismCloseSession
DismOpenSession
DismInitialize
DismGetCapabilityInfo
DismDelete
DismGetLastErrorMessage
_DismRemoveCapabilityEx
DismShutdown

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
label.exe
.exe windows:10 windows x64 arch:x64

0381b464ac6986b68e15a9101f16060a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

label.pdb

Imports

msvcrt

?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_XcptFilter
exit
__set_app_type
__getmainargs
_exit
_amsg_exit

kernel32

TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
HeapSetInformation
GetVolumeInformationW

ulib

?Initialize@FLAG_ARGUMENT@@QEAAEPEAD@Z
??0FLAG_ARGUMENT@@QEAA@XZ
??0REST_OF_LINE_ARGUMENT@@QEAA@XZ
?Set@STREAM_MESSAGE@@UEAAEKW4MESSAGE_TYPE@@K@Z
?Initialize@STREAM_MESSAGE@@QEAAEPEAVSTREAM@@00@Z
??1STREAM_MESSAGE@@UEAA@XZ
??0STREAM_MESSAGE@@QEAA@XZ
Get_Standard_Error_Stream
?QueryCurrentDosDriveName@SYSTEM@@SAEPEAVWSTRING@@@Z
?IsValueSet@ARGUMENT@@QEAAEXZ
??1OBJECT@@UEAA@XZ
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QEAAXE@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QEAAEPEAVWSTRING@@@Z
?QueryInvalidArgument@ARGUMENT_LEXEMIZER@@QEAAPEAVWSTRING@@XZ
?DoParsing@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?Initialize@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
??1ARGUMENT_LEXEMIZER@@UEAA@XZ
??0ARGUMENT_LEXEMIZER@@QEAA@XZ
?Initialize@STRING_ARGUMENT@@QEAAEPEAD@Z
??1STRING_ARGUMENT@@UEAA@XZ
??0STRING_ARGUMENT@@QEAA@XZ
?AnalyzePath@PATH@@QEAA?AW4PATH_ANALYZE_CODE@@PEAVWSTRING@@PEAV1@0@Z
?IsGuidVolName@PATH@@QEAAEXZ
??1PATH@@UEAA@XZ
?Initialize@PATH@@QEAAEPEBVWSTRING@@E@Z
??0PATH@@QEAA@XZ
?Display@MESSAGE@@QEAAEPEBDZZ
Get_Standard_Output_Stream
?Strcat@WSTRING@@QEAAEPEBV1@@Z
?QueryWSTR@WSTRING@@QEBAPEAGKKPEAGKE@Z
?DeleteChAt@WSTRING@@QEAAXKK@Z
?Initialize@WSTRING@@QEAAEPEBV1@KK@Z
?Initialize@WSTRING@@QEAAEPEBGK@Z
?Initialize@WSTRING@@QEAAEPEBDK@Z
?Strchr@WSTRING@@QEBAKGK@Z
?Stricmp@WSTRING@@QEBAJPEBV1@@Z
?Initialize@WSTRING@@QEAAEXZ
??1DSTRING@@UEAA@XZ
?Initialize@REST_OF_LINE_ARGUMENT@@QEAAEXZ
??0ARRAY@@QEAA@XZ
??1ARRAY@@UEAA@XZ
?Initialize@ARRAY@@QEAAEKK@Z
?Put@ARRAY@@UEAAEPEAVOBJECT@@@Z
Get_Standard_Input_Stream
??0DSTRING@@QEAA@XZ
?IsYesResponse@STREAM_MESSAGE@@UEAAEE@Z

ifsutil

?DosDriveNameToNtDriveName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@@Z

ntdll

RtlFreeHeap
NtClose
NtOpenFile
NtQueryVolumeInformationFile
NtSetVolumeInformationFile

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
licensingdiag.exe
.exe windows:10 windows x64 arch:x64

af7931716d1c144815c5675cdc706f28

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

LicensingDiag.pdb

Imports

msvcrt

_wsetlocale
_fileno
_setmode
_getwch
_unlock
_lock
_open
_amsg_exit
memset
__wgetmainargs
_commode
__set_app_type
_onexit
wprintf
_exit
_fmode
_wtoi
_cexit
__setusermatherr
memmove
_wcsicmp
_vsnwprintf
_sopen_s
free
_tempnam
remove
_XcptFilter
exit
_lseek
_close
memcpy
_initterm
__C_specific_handler
__dllonexit
_write
_wcmdln
__iob_func
_read
_errno
?terminate@@YAXXZ
wcscmp

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-kernel32-legacy-l1-1-0

FileTimeToDosDateTime
GetComputerNameW
CopyFileW

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-heap-l1-1-0

HeapSetInformation
GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
GetModuleHandleW
SizeofResource
GetProcAddress
GetModuleHandleExW
LoadLibraryExW
GetModuleFileNameW
LoadResource
FreeLibrary
LockResource

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime
GetFileAttributesA
GetFileInformationByHandle
GetFileAttributesW
CreateFileA
GetFileSizeEx
CreateFileW
SetFileAttributesW
GetFullPathNameW
WriteFile
RemoveDirectoryW
DeleteFileW
CreateDirectoryW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError

cabinet

ord13
ord10
ord14
ord11

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetTickCount
GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-core-sysinfo-l1-2-0

GetSystemFirmwareTable

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-memory-l1-1-0

VirtualQuery

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
GetExitCodeProcess
GetCurrentProcess
GetCurrentThreadId
TerminateProcess
GetStartupInfoW
GetCurrentProcessId

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize

api-ms-win-security-base-l1-1-0

FreeSid
AllocateAndInitializeSid
CheckTokenMembership

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

clipc

ClipGenerateDeviceLicenseRequest
ClipGetLicenseAndPolicyForPfn
ClipOpen
ClipClose
ClipGatherDiagnostics

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedFileLocationW
GetPersistedRegistryLocationW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 416KB - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lodctr.exe
.exe windows:10 windows x64 arch:x64

58bf4d65108383678188a386decc65c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

lodctr.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o__wcsnicmp
_o__wsplitpath_s
_o__wtof
_o_exit
_o_floor
_o_terminate
_o_wcstoul
__current_exception
__current_exception_context
_o___stdio_common_vfprintf
_o___p__commode
_o___p___wargv
_o___stdio_common_vswprintf
_o___p___argc
_o___acrt_iob_func
wcschr
__C_specific_handler

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
GetStdHandle
GetCurrentDirectoryW
SearchPathW

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapReAlloc
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadPreferredUILanguages

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadStringW

loadperf

LpReleaseInstallationMutex
LpAcquireInstallationMutex
LoadPerfCounterTextStringsW
UpdatePerfNameFilesW
BackupPerfRegistryToFileW
RestorePerfRegistryFromFileW
SetServiceAsTrustedW

api-ms-win-core-file-l1-1-0

GetFileSize
ReadFile
GetFileType
WriteFile
CreateFileW

api-ms-win-core-console-l1-1-0

WriteConsoleW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegEnumKeyW

api-ms-win-base-util-l1-1-0

IsTextUnicode

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
logagent.exe
.exe windows:10 windows x64 arch:x64

b444f839d6baa9cffd50de43e20af8fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

logagent.pdb

Imports

advapi32

RegEnumKeyExA
RegDeleteValueA
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
RegSetValueExA
RegCreateKeyExA
AllocateAndInitializeSid
RegCloseKey
RegDeleteValueW
OpenProcessToken
GetTokenInformation
GetAclInformation
GetAce
EqualSid
DeleteAce
AddAce
AddAccessAllowedAce
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
SetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
GetSecurityDescriptorLength
MakeSelfRelativeSD
MakeAbsoluteSD
SetSecurityDescriptorGroup
RegQueryValueExA
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW

kernel32

RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetStartupInfoW
Sleep
EnterCriticalSection
ReleaseSemaphore
WaitForMultipleObjects
LeaveCriticalSection
InitializeCriticalSection
MultiByteToWideChar
GetVersionExA
FreeLibraryAndExitThread
GetCurrentThread
SetThreadPriority
lstrlenW
GetModuleFileNameW
GetComputerNameW
LoadLibraryA
UnhandledExceptionFilter
HeapFree
GetLastError
LoadLibraryW
CreateEventW
WaitForSingleObject
GetVersionExW
LocalAlloc
LocalFree
CloseHandle
CreateThread
HeapAlloc
DeleteCriticalSection
GetProcessHeap
WideCharToMultiByte
RtlLookupFunctionEntry
CreateEventA
WaitForSingleObjectEx
SetEvent
HeapSize
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
CreateSemaphoreA
RtlVirtualUnwind
GetModuleFileNameA
SizeofResource
VirtualProtect
VirtualAlloc
VirtualQuery
lstrcmpiA
FreeLibrary
lstrcpynA
GetProcAddress
LoadResource
IsDBCSLeadByte
HeapSetInformation
GetSystemInfo
FindResourceExA
GetCommandLineA
GetModuleHandleA
GetCurrentThreadId
LoadLibraryExA

user32

DispatchMessageA
CharPrevA
PostThreadMessageA
SetWindowLongPtrA
PostQuitMessage
GetWindowLongPtrA
CreateWindowExA
DefWindowProcA
RegisterClassA
PostMessageA
DestroyWindow
CharNextA
GetMessageA

msvcrt

iswdigit
swscanf
_wtoi
_ultow_s
_stricmp
_vsnprintf
_ultow
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
wcsrchr
iswalpha
_beginthreadex
towupper
iswcntrl
iswascii
wcsspn
wcscspn
wcschr
strchr
_strnicmp
sscanf_s
_wcsicmp
_vsnwprintf
__CxxFrameHandler4
memcpy
memset
_fmode
_acmdln
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_callnewh
strcat_s
_purecall
realloc
__C_specific_handler
malloc
_wcsnicmp
free
wcscmp

ole32

CoUninitialize
CoInitializeEx
CoInitialize
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoRegisterClassObject
CoSuspendClassObjects
CoTaskMemRealloc
CoRevokeClassObject
CoCreateGuid

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString

wininet

InternetReadFile
InternetConnectW
InternetCloseHandle
HttpSendRequestExW
InternetCrackUrlW
HttpQueryInfoW
InternetSetOptionA
HttpEndRequestA
InternetOpenW
InternetErrorDlg
InternetQueryDataAvailable
HttpQueryInfoA
HttpOpenRequestW
InternetQueryOptionA

wsock32

getsockopt
getpeername
inet_ntoa
getsockname
closesocket
bind
socket
WSACleanup
WSAStartup
setsockopt
WSAGetLastError
ntohl
htons
ntohs
WSAAsyncSelect
inet_addr
shutdown

Sections

.text
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
logman.exe
.exe windows:10 windows x64 arch:x64

eb3fed89e97c57f1b41ae544cc3ca475

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

logman.pdb

Imports

msvcrt

wcsncmp
_wcsnicmp
iswspace
??3@YAXPEAX@Z
_wmakepath_s
wprintf
memmove
?terminate@@YAXXZ
wcstok
_wsplitpath_s
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
wcsrchr
isspace
fgetws
wcsstr
_wfopen
wcschr
_errno
qsort
fseek
_wtoi
fclose
__CxxFrameHandler3
_wcsicmp
towlower
ferror
_vsnwprintf
_commode
malloc
_callnewh
memcpy
memset

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
GetTokenInformation
GetSecurityDescriptorOwner

api-ms-win-core-file-l1-1-0

SetFilePointerEx
ReadFile
CreateFileW
FindFirstFileW
FindNextFileW
WriteFile
FindClose
GetFullPathNameW
GetFileType

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
LoadResource
FreeResource
FindResourceExW
SizeofResource
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
LockResource
LoadStringW

oleaut32

VarBstrFromDate
VariantClear
VarDateFromStr
VariantChangeType
SystemTimeToVariantTime
SafeArrayDestroy
SafeArrayUnaccessData
VariantInit
SysFreeString
SafeArrayAccessData
SafeArrayCreateVector
SysAllocString
VariantTimeToSystemTime

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSetInformation
HeapFree
HeapAlloc

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentProcessId
GetCurrentThread
OpenThreadToken
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
GetStdHandle
SearchPathW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
WriteConsoleW
SetConsoleMode

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize
StringFromGUID2
CoInitializeEx
CreateStreamOnHGlobal
CoInitializeSecurity

sspicli

GetUserNameExW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalFree
GlobalFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
Sleep
WakeAllConditionVariable

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-localization-l1-2-0

SetThreadPreferredUILanguages
FormatMessageW
GetLocaleInfoEx
GetLocaleInfoW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage
GetSystemDefaultUILanguage

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lpkinstall.exe
.exe windows:10 windows x64 arch:x64

746ac32b0dc9db8451eec7938bc2161a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

lpkinstall.pdb

Imports

user32

MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageW
PeekMessageW

msvcrt

_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
__dllonexit
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
__CxxFrameHandler4
??1type_info@@UEAA@XZ
free
_onexit
abort
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
_callnewh
malloc
_purecall

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
InitializeSRWLock
CreateEventW
SetEvent
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockShared
InitializeCriticalSectionEx

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

VariantInit
SysAllocString
SysFreeString

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

ntdll

NtGetMUIRegistryInfo

ole32

CoInitialize

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lpksetup.exe
.exe windows:10 windows x64 arch:x64

69653c3a7e8474cf47adc92d06cb4e66

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

lpksetup.pdb

Imports

advapi32

EventWriteTransfer
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryValueExW
EventUnregister
EventRegister
EventSetInformation
InitiateShutdownW
RegQueryInfoKeyW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
InitializeSecurityDescriptor
CreateWellKnownSid
SetEntriesInAclW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegDeleteKeyW
RegGetValueW
RegEnumValueW
RegDeleteTreeW
OpenProcessToken
LookupPrivilegeValueW
PrivilegeCheck
AdjustTokenPrivileges

kernel32

OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
TerminateThread
GetWindowsDirectoryW
K32EnumProcesses
OpenProcess
QueryFullProcessImageNameW
GetExitCodeProcess
Sleep
MulDiv
WaitForMultipleObjectsEx
CreateEventW
GetCurrentThreadId
CreateMutexW
CreateThread
GetLocaleInfoEx
GetVersionExW
LocalFree
CreateFileW
WriteFile
GetLocalTime
RaiseException
FreeLibrary
HeapSetInformation
ExitProcess
LoadLibraryW
WaitForSingleObjectEx
GetCommandLineW
InitOnceComplete
GetModuleFileNameW
LoadLibraryExW
GetFileAttributesW
GetFileAttributesExW
GetTickCount64
GetSystemTimeAsFileTime
GetNativeSystemInfo
GetLocaleInfoW
GetSystemDefaultUILanguage
GetProductInfo
LocaleNameToLCID
EnumUILanguagesW
GetUserPreferredUILanguages
SetProcessPreferredUILanguages
NotifyUILanguageChange
GetExitCodeThread
GetDiskFreeSpaceExW
EnterCriticalSection
LeaveCriticalSection
GetTempPath2W
CreateProcessW
CreateDirectoryW
GetFileInformationByHandle
FindFirstFileW
DeleteFileW
FindNextFileW
RemoveDirectoryW
FindClose
GetSystemPreferredUILanguages
GetThreadPreferredUILanguages
GetCurrentProcess
GetUILanguageInfo
IsValidLocaleName
GetSystemDirectoryW
GetFileMUIPath
WaitForSingleObject
OutputDebugStringW
GetLastError
FormatMessageW
InitOnceBeginInitialize
ReleaseMutex
InitializeCriticalSection
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
SetEvent
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExA
GetSystemInfo
VirtualQuery

gdi32

SetTextColor
SetBkMode
CreateRectRgn
SelectObject

user32

FindWindowW
UnregisterClassA
CreateWindowExW
SetWindowLongPtrW
GetWindowLongPtrW
DestroyIcon
LoadImageW
GetSystemMetrics
EndPaint
SetActiveWindow
BeginPaint
InvalidateRect
GetWindowRect
SetWindowPos
GetClientRect
RegisterWindowMessageW
GetSysColor
SendMessageW
GetParent
LoadStringW
GetAncestor
ShowWindow
GetWindowLongW
GetFocus
SetWindowLongW
GetDlgCtrlID
SendDlgItemMessageW
GetDlgItem
EnableWindow
GetDlgItemTextW
PostMessageW
SetForegroundWindow
DefWindowProcW
SetDlgItemTextW
SendNotifyMessageW
SetTimer
KillTimer
SystemParametersInfoW
PostThreadMessageW
GetMessageW
CharNextW
UnregisterClassW
AllowSetForegroundWindow
RegisterClassExW
MessageBoxW
ExitWindowsEx
SetWindowRgn
LoadIconW
CharUpperW
DispatchMessageW
LoadCursorW
SetCursor
TranslateMessage
DestroyWindow
DrawTextW
MapWindowPoints

msvcrt

_wsetlocale
__CxxFrameHandler3
__uncaught_exception
_errno
__pctype_func
free
??0bad_cast@@QEAA@PEBD@Z
___lc_handle_func
___lc_codepage_func
__mb_cur_max
setlocale
___mb_cur_max_func
__crtLCMapStringW
_wgetcwd
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
strcspn
localeconv
memset
??1type_info@@UEAA@XZ
_onexit
__dllonexit
wcscpy_s
_lock
wcscat_s
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
malloc
wcsncpy_s
sprintf_s
_initterm
__setusermatherr
_cexit
rand
_exit
exit
__set_app_type
towlower
tolower
__wgetmainargs
_amsg_exit
_wgetenv
_XcptFilter
abort
_wcsicoll
fclose
_wcsnicmp
fgetws
_wfopen
wcstol
wcstoul
_wcsicmp
wcsstr
wcschr
_unlock
memmove
memcpy
memchr
ceil
towupper
iswctype
iswspace
toupper
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
__C_specific_handler
__CxxFrameHandler4
__crtGetStringTypeW
memmove_s
_isctype
wcscmp

shell32

ord51
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateItemInKnownFolder
SHBindToFolderIDListParent
SHGetIDListFromObject
SHGetDataFromIDListW
ord28

shlwapi

ord158
StrStrNW
StrStrIW
StrCmpIW
PathFileExistsW
PathRemoveFileSpecW
StrRetToStrW
ord219
PathMatchSpecExW
PathIsDirectoryW
PathRemoveBackslashW
PathFindExtensionW

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString
UnRegisterTypeLi
LoadTypeLi
RegisterTypeLi
SysStringLen

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoTaskMemFree
StringFromGUID2
CoSetProxyBlanket
CoRegisterClassObject
CoResumeClassObjects
CoRevokeClassObject
CoSuspendClassObjects
CoInitializeSecurity
CoGetCallContext
CoWaitForMultipleHandles
CoCreateInstance

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchAppend
PathCchCanonicalize

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-heap-l2-1-0

LocalAlloc

comctl32

ord17
PropertySheetW
CreatePropertySheetPageW
ord345
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create
ord344

dpx

DpxNewJob

ntdll

RtlGetUILanguageInfo
RtlNtStatusToDosError
RtlpSetPreferredUILanguages
NtIsUILanguageComitted
NtGetMUIRegistryInfo
RtlGetNtProductType

ole32

CoInitialize
CoGetObject

Sections

.text
Size: 488KB - Virtual size: 484KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lpremove.exe
.exe windows:10 windows x64 arch:x64

e3fa2980e95beaaf4ea84962d2493198

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

lpremove.pdb

Imports

advapi32

EventWriteTransfer
EventRegister
EventUnregister
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
EventSetInformation
EventActivityIdControl
RegQueryInfoKeyW
RegDeleteTreeW
RegDeleteKeyW
RegGetValueW

kernel32

HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
IsDebuggerPresent
SetLastError
CloseHandle
GetCurrentThreadId
ReleaseMutex
WaitForSingleObjectEx
AcquireSRWLockExclusive
WaitForSingleObject
FormatMessageW
GetTickCount64
GetExitCodeProcess
CreateProcessW
GetWindowsDirectoryW
EnumUILanguagesW
InitOnceBeginInitialize
GetCurrentProcessId
CreateMutexExW
InitOnceComplete
CreateSemaphoreExW
ReleaseSRWLockExclusive
OutputDebugStringW
GetProcAddress
OpenSemaphoreW
DelayLoadFailureHook
ResolveDelayLoadedAPI
GetModuleHandleW
GetLastError
ReleaseSemaphore

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o___std_exception_copy
_o___std_exception_destroy
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o___p__commode
_o__set_new_mode
_o__wcsdup
_o__wcsicmp
_o__wgetenv_s
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o___p___wargv
_o___p___argc
__std_terminate
__CxxFrameHandler4
_o__set_fmode
wcschr
memcpy
memmove

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeEx

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-core-localization-l1-2-0

GetSystemPreferredUILanguages

api-ms-win-core-heap-l2-1-0

LocalFree

bcp47langs

Bcp47GetMuiForm
GetUserLanguagesForUser

ntdll

NtIsUILanguageComitted
RtlNtStatusToDosError

appxdeploymentclient

ord34
ord30

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lsass.exe
.exe windows:10 windows x64 arch:x64

3bdaf07fd26e433f565a3c3ab5543b25

Code Sign

33:00:00:04:50:0d:a4:5d:0a:6c:7a:8a:57:00:00:00:00:04:50
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/08/2023, 18:38

Not After

07/08/2024, 18:38

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:5d:0b:f4:2a:44:12:23:09:69:2f:c6:50:6c:6f:fc:9a:f9:37:f4:00:7f:fa:01:56:dd:20:aa:a8:7f:84:1f
Signer

Actual PE Digest

44:5d:0b:f4:2a:44:12:23:09:69:2f:c6:50:6c:6f:fc:9a:f9:37:f4:00:7f:fa:01:56:dd:20:aa:a8:7f:84:1f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

lsass.pdb

Imports

api-ms-win-core-crt-l1-1-0

wcsncmp
wcschr
_wcsicmp
wcstol
_vsnprintf_s
strcpy_s
memcpy
memset

api-ms-win-core-crt-l2-1-0

_initterm_e
exit
_initterm

ntdll

RtlLeaveCriticalSection
NtSetInformationThread
NtFreeVirtualMemory
NtConnectPort
NtAllocateVirtualMemory
RtlReleaseResource
NtRequestWaitReplyPort
NtClose
NtAcceptConnectPort
NtReplyWaitReceivePort
RtlCaptureContext
NtListenPort
RtlLookupFunctionEntry
RtlVirtualUnwind
NtCompleteConnectPort
NtCreatePort
RtlSetDaclSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlFreeHeap
RtlSetSaclSecurityDescriptor
NtDeviceIoControlFile
RtlSetProcessIsCritical
RtlFreeSid
RtlDeriveCapabilitySidsFromName
RtlLengthRequiredSid
RtlAddMandatoryAce
NtSetSecurityObject
NtOpenEvent
RtlSubAuthoritySid
RtlAllocateHeap
RtlUnhandledExceptionFilter
RtlCreateAndSetSD
RtlInitializeSid
RtlEnterCriticalSection
RtlNtStatusToDosError
RtlAcquireResourceExclusive
NtSetInformationProcess
RtlCreateAcl
RtlCreateSecurityDescriptor
NtOpenFile
RtlInitializeResource
RtlAcquireResourceShared
DbgPrintEx
RtlAddAccessAllowedAce
RtlLengthSid
RtlAllocateAndInitializeSid
NtSetInformationFile
RtlInitUnicodeString
RtlMakeSelfRelativeSD

rpcrt4

RpcServerUseProtseqEpW
RpcServerRegisterIf3
RpcServerListen
NdrServerCallAll
NdrServerCall2
I_RpcMapWin32Status

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetErrorMode
SetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-processthreads-l1-1-0

ExitProcess
ExitThread
OpenProcessToken
TlsSetValue
TlsAlloc
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
CreateThread
TlsGetValue

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentVariableW
GetEnvironmentVariableW

api-ms-win-core-synch-l1-1-0

CreateEventW
SetEvent
OpenEventW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolThreadMaximum
CreateThreadpoolIo
CreateThreadpool
StartThreadpoolIo
TrySubmitThreadpoolCallback
CancelThreadpoolIo

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-windowserrorreporting-l1-1-0

WerSetFlags

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

Exports

Exports

LsaGetInterface
LsaImpersonateKsecCaller
LsaRegisterExtension
LsaRegisterInterface

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
makecab.exe
.exe windows:10 windows x64 arch:x64

a9326a6f3c34256d97d8cd7972acc242

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

makecab.pdb

Imports

msvcrt

__getmainargs
__set_app_type
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_amsg_exit
_commode
?terminate@@YAXXZ
memcpy
_XcptFilter
fread
feof
tolower
fwrite
ferror
memmove_s
_mkdir
_tempnam
_stat
_unlink
_vsnprintf
__doserrno
_open_osfhandle
_eof
_lseek
ctime
setvbuf
time
_ltoa_s
_errno
_open
_strnicmp
_write
_close
fprintf
_read
remove
fclose
fopen
clock
exit
isdigit
atol
strchr
strspn
atoi
_stricmp
strncmp
printf
toupper
strpbrk
malloc
free
_fmode
_strdup
__iob_func
memset

api-ms-win-core-versionansi-l1-1-1

GetFileVersionInfoSizeA
GetFileVersionInfoA

api-ms-win-core-versionansi-l1-1-0

VerQueryValueA

user32

CharNextExA

kernel32

GetFileAttributesExW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FileTimeToDosDateTime
DosDateTimeToFileTime
GetCurrentProcessId
GetFileSize
FileTimeToLocalFileTime
SetFileAttributesA
GetVersion
LocalFileTimeToFileTime
MultiByteToWideChar
GetFileAttributesW
SetFileTime
GetFullPathNameW
GetFileAttributesExA
CreateDirectoryW
GetModuleHandleW
GetProcAddress
CloseHandle
CreateFileA
GetLastError
Sleep
CreateFileW

cabinet

ord14
ord10
ord12
ord13
ord11

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manage-bde.exe
.exe windows:10 windows x64 arch:x64

407deb72ce02369dd4b5a8ed2ff6a0b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

manage-bde.pdb

Imports

advapi32

EventUnregister
EventWriteTransfer
ConvertStringSidToSidW
LookupAccountNameW
ConvertSidToStringSidW
LookupAccountSidW
EventRegister

kernel32

GetModuleHandleExW
GetProcAddress
FreeLibrary
HeapSetInformation
GetLastError
GetProcessHeap
SetThreadPreferredUILanguages
HeapFree
FormatMessageW
LoadLibraryExW
LocalFree
GetStdHandle
GetFileType
GetConsoleMode
WriteConsoleW
GetConsoleOutputCP
WideCharToMultiByte
HeapAlloc
WriteFile
SetConsoleMode
ReadConsoleW
HeapSize
GetFullPathNameW
CreateFileW
CloseHandle
LocalAlloc
LoadLibraryExA
GetModuleHandleExA
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
DelayLoadFailureHook
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount

msvcrt

__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
exit
__set_app_type
__wgetmainargs
_amsg_exit
free
memmove
_onexit
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_purecall
_callnewh
malloc
wcstok_s
_wtoi64
_wcsicmp
??_V@YAXPEAX@Z
swprintf_s
_XcptFilter
memcpy_s
_vsnwprintf
_wsplitpath_s
towupper
wcsncmp
wcstoul
_wsetlocale
__CxxFrameHandler3
??3@YAXPEAX@Z
_exit
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

oleaut32

SysAllocStringLen
VariantCopy
SafeArrayPutElement
SysStringByteLen
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayAccessData
VariantInit
SysFreeString
VariantClear
SysStringLen
SysAllocString

ole32

CoInitializeSecurity
CoInitializeEx

profapi

ord103

api-ms-win-core-string-l1-1-0

CompareStringEx

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
CoCreateInstance

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-libraryloader-l1-1-0

GetModuleFileNameW

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mblctr.exe
.exe windows:10 windows x64 arch:x64

4c05bba1330e0de78edf4eda8c5ed71c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mblctr.pdb

Imports

gdi32

SetLayout
SetViewportOrgEx
SetBrushOrgEx
BitBlt
SetTextColor
GetBkColor
SelectClipRgn
GetDeviceCaps
GdiAlphaBlend
SetBkMode
Polygon
GetStockObject
GetObjectW
GetLayout
CreateRectRgn
GdiGradientFill
LineTo
MoveToEx
SetDCPenColor
SetBkColor
CreateDIBSection
GetTextMetricsW
CreateCompatibleDC
CreateFontIndirectW
DeleteDC
DeleteObject
GetTextExtentPoint32W
SelectObject

user32

SetWindowsHookExW
NotifyWinEvent
SendDlgItemMessageW
SetWindowPos
SetTimer
FillRect
IsWindowEnabled
DrawTextW
DrawFocusRect
OffsetRect
DrawIconEx
GetKeyState
GetDlgCtrlID
CallNextHookEx
RegisterDeviceNotificationW
UnregisterDeviceNotification
GetTopWindow
GetDpiForWindow
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
GetDC
ReleaseDC
KillTimer
CallWindowProcW
SetDlgItemTextW
GetWindowTextW
EnableWindow
EnumChildWindows
SetWindowTextW
FrameRect
GetClassLongPtrW
DestroyWindow
QueryDisplayConfig
SetClassLongPtrW
PtInRect
ValidateRect
EndPaint
BeginPaint
SetRect
DrawEdge
GetWindowLongW
UnregisterClassA
CreateDialogParamW
UnregisterClassW
UnhookWindowsHookEx
GetActiveWindow
UpdateWindow
ScrollWindow
GetScrollInfo
SetScrollInfo
MoveWindow
GetWindowInfo
CopyRect
GetWindowRect
GetMonitorInfoW
MonitorFromRect
GetWindowPlacement
GetNextDlgTabItem
IsDialogMessageW
GetMessageW
LoadIconW
RegisterClassW
GetClassInfoW
ShowWindow
IsIconic
GetForegroundWindow
SetForegroundWindow
FindWindowW
DispatchMessageW
TranslateMessage
EnumDisplayDevicesW
PostQuitMessage
GetIconInfo
AllowSetForegroundWindow
LoadImageW
DestroyIcon
InvalidateRect
GetFocus
DefWindowProcW
GetWindowLongPtrW
MapWindowPoints
GetClientRect
CreateWindowExW
GetDisplayConfigBufferSizes
GetParent
SendMessageW
GetDlgItem
PostMessageW
ChangeDisplaySettingsExW
LoadStringW
EnumDisplaySettingsExW
GetSysColorBrush
GetSystemMetrics
GetSysColor
SystemParametersInfoW
LoadCursorW
SetWindowLongPtrW
InflateRect

msvcrt

memset
?terminate@@YAXXZ
wcstok
realloc
_errno
_onexit
memcpy
ceilf
__RTDynamicCast
__CxxFrameHandler3
__CxxFrameHandler4
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
_commode
_fmode
_acmdln
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
__C_specific_handler
_callnewh
malloc
_purecall
wcscspn
wcstol
_wcsicmp
free
memmove_s
memcpy_s
_vsnwprintf
wcscmp

batmeter

UnsubscribeBatteryUpdateNotification
UpdateBatteryDataAsync
QueryBatteryData
GetBatteryStatusText
BatMeterIconThemeReset
GetBatteryImmersiveIcon
CreateBatteryData
SubscribeBatteryUpdateNotification
CleanupBatteryData
SetBatteryLevel
BatMeterOnDeviceChange

shlwapi

PathFileExistsW
ord618
ord437
PathGetArgsW
ord219
PathRemoveBlanksW
StrTrimW

uxtheme

DrawThemeText
GetThemeTextExtent
GetThemeBackgroundContentRect
GetThemePartSize
BufferedPaintSetAlpha
EndBufferedPaint
DrawThemeTextEx
BeginBufferedPaint
GetThemeColor
BufferedPaintInit
OpenThemeData
CloseThemeData
BufferedPaintUnInit
DrawThemeBackground

oleaut32

SysAllocString
SysFreeString

api-ms-win-power-setting-l1-1-0

PowerGetActiveScheme
PowerSetActiveScheme
PowerReadDCValue
PowerWriteACValueIndex
PowerWriteDCValueIndex
PowerSettingRegisterNotification
PowerSettingUnregisterNotification

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
GlobalAlloc

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
TraceEvent
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage
GetTraceLoggerHandle

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeSecurity
CLSIDFromString
CreateStreamOnHGlobal
CoUninitialize

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
CreateThread
GetCurrentProcess
GetCurrentProcessId
CreateProcessW
TerminateProcess
GetStartupInfoW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc
HeapSetInformation

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
GetModuleFileNameW
FreeLibrary
LoadLibraryExA
LoadResource
GetModuleHandleExW
GetModuleHandleW
SizeofResource
LockResource

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak
OutputDebugStringA

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError
RaiseException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

ReleaseMutex
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
DeleteCriticalSection
WaitForSingleObjectEx
SetEvent
CreateMutexW
CreateSemaphoreExW
CreateMutexExW
OpenSemaphoreW
ReleaseSemaphore
InitializeCriticalSection
CreateEventW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-power-base-l1-1-0

GetPwrCapabilities

rpcrt4

UuidFromStringW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
FlushInstructionCache

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InterlockedPushEntrySList

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

powrprof

PowerApplySettingChanges
PowerDeterminePlatformRole
PowerReadFriendlyName
PowerSettingAccessCheck

comctl32

ord344
ImageList_Create
ImageList_ReplaceIcon
ImageList_DrawIndirect
ImageList_Destroy
ord345

dwmapi

DwmExtendFrameIntoClientArea
DwmIsCompositionEnabled

gdiplus

GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipImageRotateFlip
GdipCreateBitmapFromStream
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreatePen1
GdipAlloc
GdipSetSmoothingMode
GdipDrawLine
GdipCreateSolidFill
GdipDeleteBrush
GdipCreatePath
GdipDeletePath
GdipAddPathLine
GdipFillPath
GdipCreateLineBrush
GdipFillRectangle
GdipDisposeImage
GdipFree
GdipDeletePen
GdiplusStartup
GdiplusShutdown

kernel32

lstrcmpW
GlobalLock
GlobalUnlock
MulDiv
RegisterApplicationRestart

ntdll

EtwTraceMessage
NtPowerInformation

ole32

CoInitialize

shell32

ord100
SHGetKnownFolderIDList
ShellExecuteW
ord155
DuplicateIcon
ShellExecuteExW

winmm

PlaySoundW
waveOutGetNumDevs

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

Sections

.text
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 556KB - Virtual size: 553KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mcbuilder.exe
.exe windows:10 windows x64 arch:x64

62fe98d3687a2bdc3dd4016edc5e5149

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mcbuilder.pdb

Imports

kernel32

LCMapStringW
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
FreeLibrary
GetProcAddress
CompareStringW
LoadLibraryW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
GetLastError
SetLastError
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
RaiseException
HeapFree
GetModuleHandleExW
GetCurrentThread
CloseHandle
HeapAlloc
LocalFree
GetProcessHeap
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetCommandLineA
GetCommandLineW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
WriteConsoleW

ntdll

RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlFreeHeap
RtlReAllocateHeap
EtwEventEnabled
RtlAllocateHeap

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
PrivilegeCheck
RegFlushKey
RegCreateKeyExW
RegSetValueExW
OpenProcessToken
RegOpenKeyExW
RegGetValueW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
RegQueryValueExW

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mfpmp.exe
.exe windows:10 windows x64 arch:x64

4026f56715ff1b2a293fa3e6fadb2a72

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:32:b3:9c:3b:b5:6a:7b:9f:5e:0e:0c:9a:40:dc:66:7b:a0:09:31:33:67:82:6a:09:bb:c5:0b:11:fe:2f:33
Signer

Actual PE Digest

05:32:b3:9c:3b:b5:6a:7b:9f:5e:0e:0c:9a:40:dc:66:7b:a0:09:31:33:67:82:6a:09:bb:c5:0b:11:fe:2f:33

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MFPMP.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o_exit
_o_free
_o_iswalpha
_o_iswdigit
_o_malloc
_o_qsort
_o_strncpy_s
_o_terminate
_o_towupper
__C_specific_handler
__current_exception
__current_exception_context
_o___p__commode
_o__callnewh
_o__cexit

api-ms-win-crt-string-l1-1-0

memset
strnlen

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapSetInformation
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
SetErrorMode
GetErrorMode
GetLastError
RaiseException

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentVariableW
GetCommandLineW

api-ms-win-core-com-l1-1-0

CoInitializeSecurity
CoTaskMemFree
CoCreateInstance
IIDFromString
CoFreeUnusedLibraries
CoCreateFreeThreadedMarshaler
CoInitializeEx
StringFromCLSID
CoUninitialize

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-synch-l1-1-0

OpenEventW
CreateEventW
DeleteCriticalSection
ResetEvent
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEvent
WaitForMultipleObjectsEx

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TlsGetValue
TlsSetValue
TerminateProcess
GetStartupInfoW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
GetModuleHandleExW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-appmodel-runtime-l1-1-2

AppPolicyGetMediaFoundationCodecLoading

mfcore

MFCreatePMPHost

mfplat

MFStartup
MFGetCallStackTracingWeakReference
MFGetSystemTime
MFShutdown

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mmc.exe
.exe windows:10 windows x64 arch:x64

c4e2592e8fd90f2329c47be117cf9c56

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mmc.pdb

Imports

gdi32

GetTextExtentPoint32W
SelectObject
GetStockObject
PtInRegion
CreatePolygonRgn
FillRgn
GetTextMetricsW
GetLayout
SetLayout
BitBlt
GetObjectW
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
DeleteObject
GetDeviceCaps
CreateFontIndirectW

user32

GetClassNameW
wsprintfW
GetClassInfoExW
CreateWindowExW
CreateAcceleratorTableW
InvalidateRgn
CallWindowProcW
RegisterClassExW
ReleaseDC
GetDC
EndPaint
BeginPaint
GetDoubleClickTime
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
UnionRect
GetMessageTime
CopyImage
DrawIconEx
CharUpperW
GetSubMenu
DestroyIcon
DrawFrameControl
SetMenu
GetMenu
ChangeClipboardChain
SetForegroundWindow
SetActiveWindow
EnumThreadWindows
GetWindowTextW
SetClipboardViewer
KillTimer
SetTimer
SetWindowPos
DefWindowProcW
DrawFocusRect
IsWindowEnabled
TrackPopupMenuEx
GetNextDlgTabItem
GetDlgItem
CharLowerW
SetMenuDefaultItem
GetForegroundWindow
NotifyWinEvent
ReleaseCapture
GetCapture
AdjustWindowRectEx
DeferWindowPos
EndDeferWindowPos
BeginDeferWindowPos
IsZoomed
GetSystemMenu
BringWindowToTop
EnableMenuItem
SetWindowLongPtrW
GetWindowPlacement
SetWindowLongW
GetWindowLongW
SetWindowPlacement
SetParent
DrawTextW
SetWinEventHook
IsChild
LoadImageW
DrawEdge
GetSysColor
DestroyMenu
SetMenuItemInfoW
AppendMenuW
GetMenuStringW
GetMenuItemInfoW
GetMenuItemCount
CreatePopupMenu
SetWindowTextW
MoveWindow
EnumChildWindows
LoadCursorW
SetCursor
GetMessagePos
ClientToScreen
GetDlgCtrlID
ModifyMenuW
InsertMenuW
GetMenuState
DeleteMenu
SetFocus
GetFocus
ChildWindowFromPointEx
IsIconic
MapWindowPoints
ScreenToClient
GetCursorPos
GetKeyState
SetCapture
InflateRect
IsRectEmpty
InvalidateRect
ShowWindow
PtInRect
GetClientRect
GetWindowRect
GetClassInfoW
GetSysColorBrush
GetWindowTextLengthW
RegisterWindowMessageW
GetMenuItemID
FillRect
IsMenu
SendMessageW
IsWindow
PeekMessageW
DestroyWindow
CharNextW
GetParent
LoadStringW
PostMessageW
IsWindowVisible
UpdateWindow
LoadIconW
MessageBeep
GetIconInfo
PrivateExtractIconsW
CopyIcon
LoadMenuW
GetWindowLongPtrW
SendMessageTimeoutW
MessageBoxW
OffsetRect
MonitorFromPoint
GetMonitorInfoW
CopyRect
SystemParametersInfoW
SetRect
RedrawWindow
FindWindowExW
GetWindowThreadProcessId
GetWindow
EnableWindow
SetRectEmpty
GetSystemMetrics
TabbedTextOutW
GrayStringW
DestroyAcceleratorTable
LoadAcceleratorsW
TranslateAcceleratorW
IntersectRect
GetDesktopWindow

mfc42u

ord6832
ord5815
ord6821
ord5804
ord426
ord921
ord4205
ord3585
ord5920
ord1584
ord1225
ord4506
ord3038
ord6099
ord6607
ord6096
ord6599
ord4668
ord6603
ord6407
ord6138
ord5896
ord5886
ord6448
ord6228
ord3747
ord4061
ord1562
ord1869
ord3310
ord6130
ord4595
ord1056
ord3911
ord3413
ord3419
ord4858
ord4596
ord1943
ord3912
ord3532
ord5681
ord1445
ord3873
ord568
ord2122
ord6708
ord6705
ord5925
ord1006
ord629
ord1043
ord3754
ord996
ord3867
ord5584
ord5585
ord5583
ord5304
ord5114
ord5382
ord5352
ord4699
ord4722
ord5709
ord5227
ord1698
ord5710
ord4787
ord2059
ord4779
ord5980
ord4602
ord6050
ord6767
ord6418
ord5246
ord4582
ord2384
ord2328
ord2325
ord822
ord3743
ord4741
ord2586
ord999
ord549
ord1906
ord2532
ord4583
ord5082
ord1365
ord1003
ord559
ord1908
ord2517
ord1966
ord1568
ord4122
ord2145
ord2406
ord3141
ord4818
ord1316
ord2397
ord4785
ord4775
ord4947
ord3099
ord5175
ord5309
ord5269
ord4463
ord5706
ord5523
ord4852
ord6762
ord2661
ord5677
ord4806
ord428
ord4677
ord2921
ord4601
ord4570
ord1857
ord984
ord6886
ord6887
ord2629
ord1126
ord5637
ord5635
ord2781
ord3468
ord1471
ord287
ord1450
ord2408
ord1574
ord286
ord3830
ord3049
ord3243
ord3362
ord4815
ord3231
ord3366
ord3052
ord3166
ord3046
ord4082
ord4083
ord4077
ord3164
ord4371
ord1040
ord4770
ord2906
ord318
ord834
ord5615
ord6632
ord438
ord933
ord2210
ord1498
ord2211
ord6317
ord4211
ord1463
ord1677
ord2676
ord2002
ord1947
ord4598
ord4970
ord4972
ord4976
ord659
ord1063
ord4544
ord2595
ord3820
ord2449
ord2441
ord624
ord5873
ord626
ord2846
ord6750
ord6510
ord1430
ord4472
ord1337
ord6056
ord6055
ord2653
ord5723
ord347
ord859
ord1287
ord1284
ord1441
ord2752
ord2909
ord5711
ord6842
ord3682
ord2975
ord5887
ord620
ord1122
ord5730
ord5065
ord4424
ord1650
ord4539
ord2801
ord1264
ord1519
ord852
ord912
ord4983
ord6053
ord4368
ord5724
ord5722
ord2412
ord1388
ord4191
ord6071
ord2515
ord2559
ord4836
ord6813
ord3766
ord1336
ord3279
ord3592
ord5872
ord5612
ord6069
ord2001
ord3622
ord4835
ord4969
ord4971
ord5636
ord3826
ord4772
ord3484
ord4475
ord3277
ord3590
ord1339
ord5944
ord3192
ord4533
ord6070
ord5062
ord1821
ord4561
ord351
ord863
ord6464
ord1606
ord6021
ord4436
ord3282
ord3601
ord5213
ord6610
ord6769
ord2414
ord4473
ord4766
ord1499
ord2545
ord4124
ord4773
ord4984
ord6586
ord4732
ord5988
ord3254
ord5894
ord1752
ord5665
ord3140
ord5063
ord6880
ord1483
ord1286
ord4946
ord5297
ord4682
ord4690
ord5090
ord5285
ord4886
ord4901
ord4899
ord4881
ord4884
ord4879
ord5370
ord5367
ord4405
ord6440
ord4365
ord1778
ord5662
ord2399
ord5586
ord6812
ord4694
ord5712
ord4017
ord5229
ord4789
ord2670
ord2060
ord6814
ord3932
ord5484
ord1735
ord2457
ord2140
ord5699
ord4988
ord4780
ord1061
ord3933
ord1736
ord5683
ord1067
ord665
ord3397
ord3410
ord6386
ord4181
ord3647
ord4375
ord2900
ord3177
ord1946
ord4597
ord2393
ord4974
ord4975
ord657
ord3417
ord2540
ord5682
ord1536
ord4813
ord2132
ord3473
ord1389
ord2242
ord2925
ord6202
ord5974
ord6612
ord6817
ord6815
ord4612
ord4177
ord6351
ord4859
ord4623
ord622
ord3652
ord1581
ord3407
ord5467
ord6102
ord3234
ord4752
ord3920
ord408
ord904
ord2427
ord3790
ord1647
ord4945
ord4712
ord5288
ord5496
ord5663
ord3535
ord3894
ord1035
ord3783
ord4609
ord2464
ord2466
ord1648
ord5687
ord4721
ord5245
ord5406
ord5077
ord6437
ord1777
ord5702
ord4771
ord3761
ord337
ord2593
ord4747
ord3501
ord3806
ord2329
ord2371
ord4557
ord6328
ord4131
ord2857
ord6614
ord4257
ord2902
ord4262
ord660
ord1064
ord6133
ord4297
ord2776
ord6577
ord6243
ord3740
ord599
ord6734
ord2421
ord1489
ord2105
ord2594
ord4887
ord4748
ord5675
ord3502
ord3807
ord328
ord4014
ord2591
ord4745
ord3794
ord899
ord4599
ord4568
ord6754
ord310
ord826
ord6076
ord6238
ord303
ord3742
ord6015
ord3174
ord3624
ord6446
ord6661
ord6393
ord3396
ord1124
ord2876
ord2121
ord3799
ord2903
ord1856
ord4569
ord427
ord890
ord5676
ord2919
ord1548
ord4807
ord5093
ord5659
ord1476
ord1575
ord4851
ord4759
ord5522
ord5468
ord5412
ord5147
ord5176
ord1317
ord2395
ord4774
ord2456
ord4784
ord1674
ord2671
ord5705
ord2396
ord4364
ord4462

msvcrt

memset
memcmp
__RTDynamicCast
__CxxFrameHandler4
??_V@YAXPEAX@Z
_vsnwprintf
memcpy_s
_purecall
wcsncmp
_ltow
wcstoul
_ultow
wcsrchr
iswspace
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
__C_specific_handler
_wcsnicmp
_wcsicmp
malloc
free
swscanf
__wargv
__argc
wcscpy_s
realloc
_initterm
wcstol
_mbsnbcnt
_mbslen
wcsstr
_wtoi
wcschr
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
_CxxThrowException
__CxxFrameHandler3
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
wcscmp
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy

ntdll

EtwTraceMessage
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

mmcbase

?AddSnapin@BookKeeping@@SAJPEBGAEAH@Z
?InterfaceMethodActivationContextException@BookKeeping@@SAXHPEBG0KPEAU_EXCEPTION_POINTERS@@@Z
?AddSnapinInterface@BookKeeping@@SA_NPEAUIUnknown@@PEBGAEAH@Z
?ReleaseSnapinInterface@BookKeeping@@SAJPEAUIUnknown@@H@Z
?GetSnapinName@BookKeeping@@SAPEBGH@Z
?InvalidInterface@BookKeeping@@SAXHPEBG0@Z
?InterfaceMethodException@BookKeeping@@SAXHPEBG0KPEAU_EXCEPTION_POINTERS@@@Z
?MMCNullInterface@BookKeeping@@SAXHPEBG0@Z
?GetHWnd@SC@mmcerror@@SAPEAUHWND__@@XZ
?TraceSnapinError@@YAXPEBGAEBVSC@mmcerror@@@Z
?ScEmitOrPostpone@CEventBuffer@@QEAA?AVSC@mmcerror@@PEAUIDispatch@@JPEAVCComVariant@ATL@@H@Z
MMC_PickIconDlg
InsideModalLoop
?FindAllSnapinUIThreads@BookKeeping@@SAJPEAPEAKPEAK@Z
??9SC@mmcerror@@QEBA_NJ@Z
?AddItem@BookKeeping@@SAJAEAVItemHandle@@@Z
LoadStandardOverlays
?RemoveItem@BookKeeping@@SAJPEAX@Z
GetStringModule
??7SC@mmcerror@@QEBAHXZ
?FromMMC@SC@mmcerror@@QEAAAEAV12@J@Z
?Clear@SC@mmcerror@@QEAAXXZ
?FindItem@BookKeeping@@SAPEAVItemHandle@@PEAX@Z
??1?$CEventLock@UAppEvents@@@@QEAA@XZ
??0?$CEventLock@UAppEvents@@@@QEAA@XZ
?Throw@SC@mmcerror@@QEAAXJ@Z
?Throw@SC@mmcerror@@QEAAXXZ
?FromWin32@SC@mmcerror@@QEAAAEAV12@J@Z
?MMCErrorBox@@YAHPEBGI@Z
?FatalError@SC@mmcerror@@QEBAXXZ
?IsError@SC@mmcerror@@QEBA_NXZ
?AddRef@CMMCStrongReferences@@SAKXZ
?Release@CMMCStrongReferences@@SAKXZ
?GetErrorMessage@SC@mmcerror@@QEBAXIPEAG@Z
?GetHelpID@SC@mmcerror@@QEAAKXZ
??8SC@mmcerror@@QEBA_NAEBV01@@Z
?MMCErrorBox@@YAHPEBGVSC@mmcerror@@I@Z
?FromLastError@SC@mmcerror@@QEAAAEAV12@XZ
?LastRefReleased@CMMCStrongReferences@@SA_NXZ
?GetHelpFile@SC@mmcerror@@SAPEBGXZ
?ScSetConsoleEventDispatcher@CConsoleEventDispatcherProvider@@SA?AVSC@mmcerror@@PEAVCConsoleEventDispatcher@@@Z
?SetMainThreadID@SC@mmcerror@@SAXK@Z
?SetHWnd@SC@mmcerror@@SAXPEAUHWND__@@@Z
??8SC@mmcerror@@QEBA_NJ@Z
?MMCErrorBox@@YAHVSC@mmcerror@@I@Z
?ScFromMMC@@YA?AVSC@mmcerror@@J@Z
GetComObjectEventSource
?TraceAndClear@SC@mmcerror@@QEAAXXZ
?MMCErrorBox@@YAHII@Z
GetEventBuffer
MMCUpdateRegistry
?ToHr@SC@mmcerror@@QEBAJXZ
??4SC@mmcerror@@QEAAAEAV01@J@Z
??0SC@mmcerror@@QEAA@AEBV01@@Z
?SetFunctionName@SC@mmcerror@@QEAAXPEBG@Z
??BSC@mmcerror@@QEBA_NXZ
?TraceError@@YAXPEBGAEBVSC@mmcerror@@@Z
??1SC@mmcerror@@QEAA@XZ
??0SC@mmcerror@@QEAA@J@Z
?LKResult2HRESULT@BookKeeping@@SAJ_J@Z
??4SC@mmcerror@@QEAAAEAV01@AEBV01@@Z

ole32

CoCreateInstance
CoDisconnectObject
CoRegisterClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoRevokeClassObject
OleRun
CoTaskMemFree
ProgIDFromCLSID
CoCreateGuid
RevokeDragDrop
RegisterDragDrop
DoDragDrop
CoGetClassObject
CoTaskMemAlloc
StringFromCLSID
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
CoGetMalloc
GetHGlobalFromStream
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StringFromGUID2

shlwapi

ord225
ord500
ord503
ord176
PathFindFileNameW

uxtheme

IsAppThemed
IsThemeActive
OpenThemeData
DrawThemeBackground
CloseThemeData
SetWindowTheme

duser

SetGadgetStyle
GetGadgetRect

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegOpenKeyExA
RegCloseKey
RegSetValueExW
RegQueryValueExA
RegCreateKeyExW

uiautomationcore

UiaRaiseAutomationEvent
UiaDisconnectProvider
UiaClientsAreListening
UiaReturnRawElementProvider
UiaHostProviderFromHwnd

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
LoadLibraryExA
GetProcAddress
GetModuleHandleA
GetModuleHandleW
FreeLibrary
GetModuleHandleExW
GetModuleFileNameW
LoadLibraryExW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapDestroy
HeapCreate
GetProcessHeap
HeapAlloc

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
GetCurrentProcessId
GetCurrentProcess
GetStartupInfoW
TerminateProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

GetFileMUIPath
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW
DebugBreak

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
ExpandEnvironmentStringsW
GetCommandLineW
ExpandEnvironmentStringsA
SetCurrentDirectoryW

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-file-l1-1-0

GetFullPathNameW
WriteFile
GetFileTime
CreateFileW
GetFileAttributesW
GetFileSize
ReadFile
CreateDirectoryW
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
GetLongPathNameW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
RaiseException
SetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
ReleaseSRWLockExclusive
DeleteCriticalSection
LeaveCriticalSection
AcquireSRWLockExclusive
InitializeCriticalSection

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc
VirtualQuery
VirtualProtect

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalFree
GlobalAlloc

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InterlockedPushEntrySList

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

kernel32

lstrcmpW
DeactivateActCtx
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
QueryActCtxW
lstrlenW
lstrcpyW
AddAtomW
DeleteAtom
ReleaseActCtx
GlobalReAlloc
lstrcmpiW
GlobalUnlock
GlobalLock

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 396KB - Virtual size: 395KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 276KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mmgaserver.exe
.exe windows:10 windows x64 arch:x64

d3b0ea9cfac9ed7b047f67686954cfd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mmgaserver.pdb

Imports

user32

TranslateMessage
PostThreadMessageA
GetMessageA
DispatchMessageA
PeekMessageA

msvcp_win

_Cnd_broadcast
_Mtx_unlock
_Thrd_detach
_Cnd_wait
_Cnd_do_broadcast_at_thread_exit
_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
?_Throw_C_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_init_in_situ
?_Xlength_error@std@@YAXPEBD@Z
_Cnd_destroy_in_situ

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_ceilf
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o__beginthreadex
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
memmove

api-ms-win-crt-string-l1-1-0

memset
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
LoadLibraryExA
FreeLibrary
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

SetEvent
ReleaseSRWLockShared
AcquireSRWLockShared
CreateEventExW
CreateMutexExW
CreateSemaphoreExW
EnterCriticalSection
LeaveCriticalSection
ReleaseSRWLockExclusive
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
OpenSemaphoreW
ReleaseMutex
AcquireSRWLockExclusive
WaitForSingleObject
ResetEvent
ReleaseSemaphore
CreateEventW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventActivityIdControl
EventUnregister
EventSetInformation
EventRegister

api-ms-win-core-path-l1-1-0

PathCchCombine

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualProtect

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 988KB - Virtual size: 986KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mobsync.exe
.exe windows:10 windows x64 arch:x64

f247d587e13b170d2246bd033539dbfb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mobsync.pdb

Imports

advapi32

GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle

kernel32

lstrlenW
LocalAlloc
LocalFree
GetCommandLineW
HeapSetInformation
ResolveDelayLoadedAPI
DelayLoadFailureHook

user32

GetMessageW
TranslateMessage
DispatchMessageW

msvcrt

?terminate@@YAXXZ
_lock
_initterm
_commode
_fmode
__setusermatherr
_cexit
_unlock
__dllonexit
__C_specific_handler
_wcmdln
_onexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
wcsstr
towupper
wcschr
_vsnwprintf
memcpy_s
memset

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeEx
CoUninitialize

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetStartupInfoW
GetCurrentProcessId

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA
GetProcAddress

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
CreateSemaphoreExW
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSemaphore
CreateMutexExW
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

shell32

CommandLineToArgvW

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mountvol.exe
.exe windows:10 windows x64 arch:x64

72d2cd1301a2466a3d1834dc3b95be3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mountvol.pdb

Imports

msvcrt

_commode
_initterm
?terminate@@YAXXZ
_fmode
_vsnwprintf
__getmainargs
_amsg_exit
_XcptFilter
__C_specific_handler
_exit
__set_app_type
_cexit
exit
__setusermatherr
memcpy

api-ms-win-core-file-l1-1-0

FindFirstVolumeW
FindVolumeClose
WriteFile
QueryDosDeviceW
DefineDosDeviceW
DeleteVolumeMountPointW
RemoveDirectoryW
FindNextVolumeW
CreateFileW

api-ms-win-core-kernel32-legacy-l1-1-1

SetVolumeMountPointW
FindFirstVolumeMountPointW
FindVolumeMountPointClose
FindNextVolumeMountPointW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetErrorMode
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

ntdll

NtQuerySystemInformation

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-console-l1-1-0

WriteConsoleW
GetConsoleMode

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mpnotify.exe
.exe windows:10 windows x64 arch:x64

cd22ac47106d5026ea3b26ded33e58cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mpnotify.pdb

Imports

advapi32

CredIsProtectedW
RegOpenKeyExW
CheckTokenMembership
CredUnprotectW
RegCloseKey
RegQueryValueExW

kernel32

HeapFree
ExpandEnvironmentStringsW
WaitForSingleObject
LocalAlloc
CreateEventW
Sleep
GetLastError
SetEvent
CloseHandle
LoadLibraryW
HeapSetInformation
HeapAlloc
GetProcAddress
LocalFree
GetProcessHeap
FreeLibrary
ResolveDelayLoadedAPI
DelayLoadFailureHook

msvcrt

_initterm
_acmdln
_vsnwprintf
__setusermatherr
_ismbblead
_amsg_exit
__getmainargs
__set_app_type
_fmode
_commode
?terminate@@YAXXZ
memset
exit
_cexit
_exit
memcpy
__C_specific_handler
_XcptFilter

rpcrt4

NdrServerCall2
NdrServerCallAll
RpcServerInqBindings
RpcEpRegisterW
RpcEpUnregister
RpcServerListen
RpcRevertToSelf
RpcImpersonateClient
RpcServerRegisterIfEx
RpcServerUnregisterIf
RpcServerUseProtseqW
I_RpcBindingIsClientLocal
UuidFromStringW
RpcBindingInqAuthClientW
RpcBindingVectorFree

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

ntdll

RtlNtStatusToDosError

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msconfig.exe
.exe windows:10 windows x64 arch:x64

cb36d617ce59113e8a0253a8c70a500e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

msconfig.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegSetValueExW
OpenSCManagerW
EnumServicesStatusW
OpenServiceW
CloseServiceHandle
ChangeServiceConfigW
QueryServiceConfigW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
EventSetInformation
EventRegister
RegDeleteValueW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
InitiateShutdownW
EventUnregister
EventWriteTransfer

kernel32

GlobalUnlock
GlobalFree
FindFirstFileW
FindClose
GetSystemInfo
GetPhysicallyInstalledSystemMemory
GlobalMemoryStatusEx
RtlCompareMemory
LoadLibraryW
FreeLibrary
DeleteFileW
LocalAlloc
LocalFree
FormatMessageW
HeapSetInformation
LoadResource
OpenProcess
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
GetCommandLineW
CompareStringW
CreateDirectoryW
CreateSemaphoreW
GlobalLock
WideCharToMultiByte
lstrcmpiW
GetDateFormatW
GlobalAlloc
LockResource
SizeofResource
FreeResource
GetLastError
QueryDosDeviceW
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
GetProcessHeap
DecodePointer
HeapAlloc
EncodePointer
LoadLibraryExA
VirtualAlloc
GetCurrentProcess
VirtualFree
HeapFree
MultiByteToWideChar
FindResourceW
GetModuleHandleW
LoadLibraryExW
GetProcAddress
ExpandEnvironmentStringsW
GetTimeFormatW
RegisterApplicationRestart

gdi32

GetTextExtentPoint32W
SelectObject
GetTextMetricsW

user32

EndPaint
SetCursor
LoadCursorW
GetFocus
ShowWindow
IsDlgButtonChecked
EndDialog
SetFocus
GetSystemMetrics
LoadStringW
MessageBoxW
GetActiveWindow
GetDlgItem
GetDlgItemTextW
CheckDlgButton
SetDlgItemInt
SetDlgItemTextW
BeginPaint
SendMessageW
EnableWindow
CharNextW
FindWindowW
SetForegroundWindow
IsIconic
SendMessageTimeoutW
GetClientRect
GetLastActivePopup
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
IsWindowEnabled
SetWindowLongPtrW
GetDC
ReleaseDC
GetKeyState
CallWindowProcW
GetWindowLongPtrW
LoadIconW

mfc42u

ord1584
ord6813
ord4836
ord2559
ord2515
ord6071
ord4191
ord6887
ord337
ord852
ord2328
ord4557
ord5049
ord3761
ord4771
ord4988
ord4371
ord3164
ord4077
ord4083
ord4082
ord3046
ord3166
ord3052
ord3366
ord3231
ord4815
ord3362
ord3243
ord3049
ord5699
ord2140
ord2457
ord5683
ord1736
ord5484
ord3933
ord6814
ord2060
ord2670
ord4789
ord5229
ord4017
ord5702
ord4694
ord6812
ord5586
ord2399
ord5663
ord4752
ord1777
ord4365
ord6437
ord2517
ord5077
ord5406
ord5245
ord4721
ord5687
ord3174
ord6243
ord6886
ord1906
ord1126
ord2948
ord1287
ord549
ord999
ord628
ord1042
ord4582
ord626
ord1040
ord3177
ord4647
ord1463
ord4473
ord1781
ord5967
ord4826
ord2898
ord4860
ord620
ord4521
ord2783
ord624
ord2629
ord644
ord6418
ord6705
ord2785
ord5937
ord1122
ord2408
ord1358
ord4344
ord1284
ord1259
ord4046
ord3458
ord5227
ord5709
ord5246
ord4722
ord5352
ord5382
ord5114
ord5304
ord5583
ord5585
ord5584
ord1787
ord2923
ord1749
ord1264
ord2784
ord2846
ord2661
ord6326
ord3180
ord3183
ord4548
ord622
ord2845
ord1124
ord1908
ord559
ord1003
ord4583
ord5082
ord1441
ord3630
ord6199
ord4779
ord2059
ord4787
ord5710
ord1778
ord6440
ord2532
ord1698
ord4598
ord5039
ord659
ord1063
ord1430
ord318
ord834
ord5630
ord2801
ord4601
ord6641
ord6708
ord4436
ord4609
ord1365
ord2752
ord6021
ord1262
ord2906
ord6632
ord3916
ord4770
ord4983
ord6053
ord5711
ord5730
ord5065
ord4368
ord5724
ord5722
ord3468
ord2412
ord5615
ord1388

msvcrt

memmove
__CxxFrameHandler3
_CxxThrowException
_XcptFilter
wcscpy_s
_wcsicmp
__CxxFrameHandler4
??_V@YAXPEAX@Z
malloc
free
_purecall
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
__dllonexit
__setusermatherr
_initterm
__C_specific_handler
_wcmdln
_fmode
_commode
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
memcpy
_lock
_unlock
memset
_onexit
wcscat_s
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
iswdigit
wcsrchr
_wtoi
calloc
_vsnwprintf
_wtol
_itow_s
_wcsicoll
wcscmp

atl

ord35
ord44
ord20
ord21
ord16
ord23
ord57
ord18
ord17
ord43

shell32

SHEvaluateSystemCommandTemplate
ShellExecuteW

oleaut32

SysAllocString
VariantInit
VariantClear
VariantChangeType
SysFreeString

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

ord437

ntdll

RtlVirtualUnwind
RtlNtStatusToDosError
RtlCaptureContext
WinSqmAddToStream
WinSqmIncrementDWORD
RtlLookupFunctionEntry
RtlInitUnicodeString

bcd

BcdDeleteObjectReferences
BcdOpenSystemStore
BcdCreateObject
BcdOpenStoreFromFile
BcdEnumerateObjects
BcdImportStoreWithFlags
BcdDeleteElement
BcdGetElementData
BcdExportStore
BcdQueryObject
BcdCloseStore
BcdSetElementData
BcdCloseObject
BcdOpenObject
BcdDeleteObject

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree
CreateStreamOnHGlobal

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msdt.exe
.exe windows:10 windows x64 arch:x64

ae54c63c1a8c4d651508ddf79983e3ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

msdt.pdb

Imports

advapi32

EventRegister
EventWriteTransfer
EventUnregister
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
CheckTokenMembership
CreateWellKnownSid
OpenThreadToken
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
EventSetInformation
RegLoadMUIStringW

kernel32

HeapFree
SetLastError
EnterCriticalSection
CreateSemaphoreExW
GetModuleFileNameA
LocalAlloc
OpenEventW
ConnectNamedPipe
CreateNamedPipeW
GetSystemTime
LoadLibraryExW
ReleaseSemaphore
GetModuleHandleExW
LeaveCriticalSection
DosDateTimeToFileTime
FileTimeToLocalFileTime
CopyFileW
RemoveDirectoryW
SetFileAttributesW
CreateDirectoryW
GetCurrentProcess
GetCurrentThread
GetTempPath2W
GetTempFileNameW
DeleteFileW
FindClose
FindNextFileW
FindFirstFileW
LocalFileTimeToFileTime
GetFileInformationByHandle
SetFileTime
MoveFileW
SetCurrentDirectoryW
GetCurrentDirectoryW
GlobalUnlock
GlobalLock
FindResourceW
LoadResource
GlobalFree
GlobalAlloc
LockResource
FreeResource
GetUserPreferredUILanguages
ExpandEnvironmentStringsW
FreeLibrary
LocalFree
GetFileSizeEx
SizeofResource
GetFullPathNameW
GetFileAttributesW
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
SleepConditionVariableSRW
WakeAllConditionVariable
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
GetCommandLineW
ReadFile
Sleep
DecodePointer
EncodePointer
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
HeapAlloc
GetProcAddress
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
HeapSetInformation
GetExitCodeProcess
LoadLibraryW
TlsGetValue
TlsAlloc
TlsFree
TlsSetValue
GetTickCount64
InitializeCriticalSection
SetDllDirectoryW
DeleteTimerQueueTimer
CreateTimerQueueTimer
SetEvent
ResetEvent
HeapReAlloc
WaitForMultipleObjects
CreateEventW
CreateThread
GetModuleFileNameW
CreateFileW
WriteFile
FileTimeToDosDateTime

user32

SendMessageW
GetClientRect
GetSystemMetrics
SetWindowLongPtrW
CreateWindowExW
PostMessageW
SetWindowLongW
GetWindowLongW
UnhookWindowsHookEx
CallNextHookEx
GetKeyState
SetWindowsHookExW
GetFocus
IsChild
EnableWindow
SetForegroundWindow
AllowSetForegroundWindow
LoadStringW
MessageBoxW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ShowScrollBar
IsWindow
GetWindowLongPtrW
LoadImageW

msvcrt

wcstombs_s
malloc
_wcslwr_s
wcsncmp
iswdigit
wcstol
calloc
_wtol
wcschr
wcstok
mbstowcs_s
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
setlocale
___lc_collate_cp_func
_errno
_lock
_unlock
___mb_cur_max_func
___lc_handle_func
___lc_codepage_func
_ismbblead
__pctype_func
memcmp
abort
memset
??0bad_cast@@QEAA@PEBD@Z
__crtCompareStringW
free
_wsetlocale
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_wcmdln
_fmode
??0exception@@QEAA@AEBQEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
_wcsdup
realloc
_read
rand
_close
_write
time
_lseek
_commode
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
strchr
?what@exception@@UEBAPEBDXZ
wcsstr
towlower
_wcsicmp
_wcsnicmp
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
__CxxFrameHandler4
__crtLCMapStringW
wcscmp
_vsnprintf
wcstok_s
_get_osfhandle
_wopen
srand
_wremove

ntdll

WinSqmAddToStreamEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlInitUnicodeStringEx
NtOpenProcessToken
NtQueryInformationToken
NtClose
NtOpenThreadToken
RtlDestroyEnvironment
RtlExpandEnvironmentStrings
RtlCreateEnvironment
RtlSubAuthoritySid
RtlSetEnvironmentVariable
RtlNtStatusToDosError
RtlInitializeSid
DbgPrintEx

shell32

ShellExecuteExW
ShellExecuteW
CommandLineToArgvW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetKnownFolderIDList

comctl32

ImageList_ReplaceIcon
PropertySheetW
ImageList_Destroy
ImageList_Create

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
SysStringLen
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocStringLen
SafeArrayPutElement
SafeArrayCreate
SafeArrayGetElement

uxtheme

SetWindowTheme

atl

ord40
ord42

ole32

CoTaskMemAlloc
CoTaskMemFree
StringFromCLSID
CoUninitialize
CoInitializeEx
CoCreateInstance
OleInitialize
StringFromGUID2
GetHGlobalFromStream
CoCreateGuid
PropVariantClear
CreateStreamOnHGlobal

comdlg32

CommDlgExtendedError
GetOpenFileNameW

rpcrt4

UuidCreate

duser

GetGadgetFocus
ForwardGadgetMessage

wer

WerReportAddFile
WerReportSubmit
WerReportCloseHandle
WerReportSetParameter
WerReportCreate

secur32

GetUserNameExW

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData

crypt32

CertFreeCertificateContext
CertGetCertificateContextProperty
CryptHashCertificate
CertDuplicateCertificateContext

dui70

?Add@Element@DirectUI@@QEAAJPEAV12@@Z
?SetSelected@Element@DirectUI@@QEAAJ_N@Z
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?RemoveAll@Element@DirectUI@@QEAAJXZ
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?Release@Value@DirectUI@@QEAAXXZ
?ContentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z
?DestroyCP@TaskPage@DirectUI@@EEAAXXZ
?CreateParserCP@TaskPage@DirectUI@@EEAAJPEAPEAVDUIXmlParser@2@@Z
?CreateDUICP@TaskPage@DirectUI@@EEAAJPEAVHWNDElement@2@PEAUHWND__@@1PEAPEAVElement@2@PEAPEAVDUIXmlParser@2@@Z
?OnQueryInitialFocus@TaskPage@DirectUI@@MEAAPEAVElement@2@XZ
?OnWizFinish@TaskPage@DirectUI@@MEAA_JXZ
?OnReset@TaskPage@DirectUI@@MEAA_JXZ
?OnKillActive@TaskPage@DirectUI@@MEAA_JXZ
?InitPropSheetPage@TaskPage@DirectUI@@MEAAXPEAU_PROPSHEETPAGEW@@@Z
?LoadPage@TaskPage@DirectUI@@MEAAJPEAVHWNDElement@2@PEAUHINSTANCE__@@PEAPEAVElement@2@PEAPEAVDUIXmlParser@2@@Z
?LoadParser@TaskPage@DirectUI@@MEAAJPEAPEAVDUIXmlParser@2@@Z
?OnListenedInput@TaskPage@DirectUI@@MEAAXPEAVElement@2@PEAUInputEvent@2@@Z
?OnListenedPropertyChanged@TaskPage@DirectUI@@MEAAXPEAVElement@2@PEBUPropertyInfo@2@HPEAVValue@2@2@Z
?OnListenedPropertyChanging@TaskPage@DirectUI@@MEAA_NPEAVElement@2@PEBUPropertyInfo@2@HPEAVValue@2@2@Z
?OnListenerDetach@TaskPage@DirectUI@@MEAAXPEAVElement@2@@Z
?OnListenerAttach@TaskPage@DirectUI@@MEAAXPEAVElement@2@@Z
?SetTooltipMaxWidth@Element@DirectUI@@QEAAJH@Z
?SetTooltip@Element@DirectUI@@QEAAJ_N@Z
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
?SetAccDesc@Element@DirectUI@@QEAAJPEBG@Z
?SetAccValue@Element@DirectUI@@QEAAJPEBG@Z
?SetAccName@Element@DirectUI@@QEAAJPEBG@Z
?CreateGraphic@Value@DirectUI@@SAPEAV12@PEAUHICON__@@_N11@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
StrToID
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?EndDefer@Element@DirectUI@@QEAAXK@Z
?StartDefer@Element@DirectUI@@QEAAXPEAK@Z
?PropSheet_SendMessage@TaskPage@DirectUI@@IEAA_JI_K_J@Z
?Click@Button@DirectUI@@SA?AVUID@@XZ
??1TaskPage@DirectUI@@UEAA@XZ
??0TaskPage@DirectUI@@QEAA@XZ
?OnNotify@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?GetClassInfoW@HWNDHost@DirectUI@@UEAAPEAUIClassInfo@2@XZ
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?OnInput@HWNDHost@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?GetClassInfoPtr@HWNDHost@DirectUI@@SAPEAUIClassInfo@2@XZ
?Register@HWNDHost@DirectUI@@SAJXZ
?KeyFocusedProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?OnPropertyChanged@HWNDHost@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?Initialize@HWNDHost@DirectUI@@QEAAJIIPEAVElement@2@PEAK@Z
??1HWNDHost@DirectUI@@UEAA@XZ
??0HWNDHost@DirectUI@@QEAA@XZ
??1CCListView@DirectUI@@UEAA@XZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UEBAXXZ
?GetChildren@ClassInfoBase@DirectUI@@UEBAHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UEAAXXZ
?AddChild@ClassInfoBase@DirectUI@@UEAAXXZ
?IsGlobal@ClassInfoBase@DirectUI@@UEBA_NXZ
?GetModule@ClassInfoBase@DirectUI@@UEBAPEAUHINSTANCE__@@XZ
?IsSubclassOf@ClassInfoBase@DirectUI@@UEBA_NPEAUIClassInfo@2@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UEBA_NPEBUPropertyInfo@2@@Z
?GetName@ClassInfoBase@DirectUI@@UEBAPEBGXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UEBAIXZ
?GetPICount@ClassInfoBase@DirectUI@@UEBAIXZ
?GetByClassIndex@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?Release@ClassInfoBase@DirectUI@@UEAAHXZ
?GetClassInfoW@CCListView@DirectUI@@UEAAPEAUIClassInfo@2@XZ
?PostCreate@CCBase@DirectUI@@MEAAXPEAUHWND__@@@Z
?OnReceivedDialogFocus@CCBase@DirectUI@@UEAA_NPEAUIDialogElement@2@@Z
?OnLostDialogFocus@CCBase@DirectUI@@UEAA_NPEAUIDialogElement@2@@Z
?OnCustomDraw@CCBase@DirectUI@@UEAA_NPEAUtagNMCUSTOMDRAWINFO@@PEA_J@Z
?OnNotify@CCBase@DirectUI@@UEAA_NI_K_JPEA_J@Z
?DefaultAction@CCBase@DirectUI@@UEAAJXZ
?GetClassInfoW@CCBase@DirectUI@@UEAAPEAUIClassInfo@2@XZ
?MessageCallback@HWNDHost@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
??0ClassInfoBase@DirectUI@@QEAA@XZ
??0CCListView@DirectUI@@QEAA@XZ
?GetClassInfoPtr@CCBase@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@HWNDElement@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@Edit@DirectUI@@SAPEAUIClassInfo@2@XZ
?Initialize@CCBase@DirectUI@@QEAAJIPEAVElement@2@PEAK@Z
?Initialize@ClassInfoBase@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG_NPEBQEBUPropertyInfo@2@I@Z
?Register@CCBase@DirectUI@@SAJXZ
?Register@HWNDElement@DirectUI@@SAJXZ
?Register@ClassInfoBase@DirectUI@@QEAAJXZ
?ClassExist@ClassInfoBase@DirectUI@@SA_NPEAPEAUIClassInfo@2@PEBQEBUPropertyInfo@2@IPEAU32@PEAUHINSTANCE__@@PEBG_N@Z
??1CritSecLock@DirectUI@@QEAA@XZ
?GetFactoryLock@Element@DirectUI@@SAPEAU_RTL_CRITICAL_SECTION@@XZ
?Register@Edit@DirectUI@@SAJXZ
??0Edit@DirectUI@@QEAA@XZ
??1Edit@DirectUI@@UEAA@XZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?IsContentProtected@Edit@DirectUI@@UEAA_NXZ
?GetContentStringAsDisplayed@Edit@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Edit@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnGroupChanged@Element@DirectUI@@UEAAXH_N@Z
?OnInput@Edit@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnDestroy@HWNDHost@DirectUI@@UEAAXXZ
?OnEvent@HWNDHost@DirectUI@@UEAAXPEAUEvent@2@@Z
?Paint@HWNDHost@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?GetContentSize@Edit@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?SetKeyFocus@HWNDHost@DirectUI@@UEAAXXZ
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?MessageCallback@Edit@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?OnHosted@HWNDHost@DirectUI@@MEAAXPEAVElement@2@@Z
?OnUnHosted@HWNDHost@DirectUI@@MEAAXPEAVElement@2@@Z
?UpdateTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?ActivateTooltip@Element@DirectUI@@MEAAXPEAV12@K@Z
?RemoveTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?GetKeyFocused@HWNDHost@DirectUI@@UEAA_NXZ
?GetAccessibleImpl@HWNDHost@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?OnNotify@Edit@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnMessage@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnSysChar@HWNDHost@DirectUI@@UEAA_NG@Z
?OnSinkThemeChanged@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnCtrlThemeChanged@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnWindowStyleChanged@HWNDHost@DirectUI@@UEAAX_KPEBUtagSTYLESTRUCT@@@Z
?SetWindowDirection@HWNDHost@DirectUI@@UEAAXPEAUHWND__@@@Z
?EraseBkgnd@HWNDHost@DirectUI@@MEAA_NPEAUHDC__@@PEA_J@Z
?CreateHWND@Edit@DirectUI@@MEAAPEAUHWND__@@PEAU3@_N@Z
?Initialize@Edit@DirectUI@@QEAAJIPEAVElement@2@PEAK@Z
?AttachCtrlSubclassProc@HWNDHost@DirectUI@@KAXPEAUHWND__@@@Z
?GetThemedBorder@Edit@DirectUI@@QEAA_NXZ
?GetMultiline@Edit@DirectUI@@QEAA_NXZ
?OnAdjustWindowSize@HWNDHost@DirectUI@@UEAAHHHI@Z
?GetHWND@HWNDHost@DirectUI@@UEAAPEAUHWND__@@XZ
?SetWinStyle@CCBase@DirectUI@@QEAAJH@Z
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?Initialize@CCListView@DirectUI@@QEAAJIPEAVElement@2@PEAK@Z
?CreateHWND@CCBase@DirectUI@@UEAAPEAUHWND__@@PEAU3@@Z
?OnInput@CCBase@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnInput@Element@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnPropertyChanged@CCBase@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?DirectionProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
??1CCBase@DirectUI@@UEAA@XZ
??0CCBase@DirectUI@@QEAA@KPEBG@Z
?SetID@Element@DirectUI@@QEAAJPEBG@Z
?GetChildren@Element@DirectUI@@QEAAPEAV?$DynamicArray@PEAVElement@DirectUI@@$0A@@2@PEAPEAVValue@2@@Z
?DUICreatePropertySheetPage@TaskPage@DirectUI@@QEAAJPEAUHINSTANCE__@@@Z
InitProcessPriv
InitThread
UnInitThread
UnInitProcessPriv
?SetValue@Element@DirectUI@@QEAAJPEBUPropertyInfo@2@HPEAVValue@2@@Z
?GetContentString@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?SetNote@CCCommandLink@DirectUI@@QEAAJPEBG@Z
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
??1ClassInfoBase@DirectUI@@UEAA@XZ
?AddRef@ClassInfoBase@DirectUI@@UEAAXXZ

shlwapi

SHCreateStreamOnFileEx

winhttp

WinHttpGetDefaultProxyConfiguration
WinHttpReceiveResponse
WinHttpOpen
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpWriteData
WinHttpSendRequest
WinHttpConnect
WinHttpCrackUrl

cabinet

ord10
ord23
ord14
ord11
ord20
ord22
ord13

Sections

.text
Size: 428KB - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msdtc.exe
.exe windows:10 windows x64 arch:x64

15cd66f4b745b4dd6e6afeaeb7a98111

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

msdtcexe.pdb

Imports

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW
GetCommandLineA

api-ms-win-core-com-l1-1-0

CoInitializeEx
StringFromGUID2
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoGetObjectContext

msvcrt

_fmode
_commode
memcpy
_wcmdln
__C_specific_handler
memcmp
?terminate@@YAXXZ
_lock
_unlock
_initterm
__setusermatherr
__dllonexit
_cexit
_exit
exit
_onexit
wcschr
_CxxThrowException
__set_app_type
_local_unwind
__wgetmainargs
_amsg_exit
_XcptFilter
fopen
fflush
fclose
fprintf
fwprintf
__CxxFrameHandler4
_vsnwprintf
memcpy_s
_wcsicmp
_purecall
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
_stricmp
memmove_s
wcsrchr
_waccess
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
strchr
_wfopen
??1type_info@@UEAA@XZ
_callnewh
malloc
free
memset

msdtctm

ord4

ntdll

RtlVirtualUnwind
RtlReportException
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
GetExitCodeProcess
OpenProcessToken
GetStartupInfoW
GetCurrentThreadId
TlsAlloc
TlsFree
TlsGetValue
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
LoadResource
GetProcAddress
GetModuleFileNameA
FindResourceExW
LockResource
GetModuleHandleW
LoadStringW
GetModuleHandleExW
GetModuleFileNameW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemWindowsDirectoryA
GetLocalTime
GetTickCount

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExW
RegQueryValueExA
RegCloseKey

api-ms-win-core-synch-l1-1-0

CreateMutexExW
ResetEvent
ReleaseSemaphore
CreateEventA
ReleaseSRWLockShared
EnterCriticalSection
ReleaseMutex
DeleteCriticalSection
AcquireSRWLockShared
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
OpenSemaphoreW
LeaveCriticalSection
WaitForSingleObjectEx
AcquireSRWLockExclusive
WaitForSingleObject
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
SetEvent

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-file-l1-1-0

GetFullPathNameW
FindFirstFileW
SetFileAttributesW
CreateDirectoryW
DeleteFileW
FindClose
CreateFileW
FindNextFileW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

GetTokenInformation

kernel32

QueueUserWorkItem
UnregisterWaitEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msfeedssync.exe
.exe windows:10 windows x64 arch:x64

f168f4d8233b707acea545ecd8dfe920

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

msfeedssync.pdb

Imports

kernel32

GetVersion
GetProcAddress
LocalFree
GetModuleHandleW
GetStartupInfoW
LocalAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep

msvcrt

_initterm
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
wcstoul

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoCreateInstance
CLSIDFromString

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mshta.exe
.exe windows:10 windows x64 arch:x64

dcdee2ff2311b9ae7c4d768fa56524dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mshta.pdb

Imports

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
malloc
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
free
_callnewh
_ismbblead

kernel32

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
UnhandledExceptionFilter
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
MultiByteToWideChar
GetCurrentProcess
LoadLibraryA
ExpandEnvironmentStringsA
TerminateProcess
GetCurrentProcessId
FreeLibrary
LoadLibraryW
GetVersion
GetModuleHandleW
GetProcAddress

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msiexec.exe
.exe windows:10 windows x64 arch:x64

0990a9500ff8df93e0e059ee13e7c796

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

msiexec.pdb

Imports

advapi32

GetTokenInformation
SetSecurityDescriptorGroup
MakeAbsoluteSD
MakeSelfRelativeSD
RegQueryValueExW
OpenThreadToken
AddAccessAllowedAce
GetSecurityDescriptorLength
GetLengthSid
StartServiceCtrlDispatcherW
RegOpenKeyExW
InitializeAcl
InitializeSecurityDescriptor
SetThreadToken
FreeSid
OpenProcessToken
RegSetValueExW
RegisterServiceCtrlHandlerW
RegCreateKeyExW
SetServiceStatus
AllocateAndInitializeSid
EqualSid
GetAce
SetSecurityDescriptorOwner
RegEnumKeyW
RegCloseKey
RevertToSelf
AdjustTokenPrivileges
SetSecurityDescriptorDacl
LookupPrivilegeValueW

kernel32

CompareStringW
SetLastError
EnterCriticalSection
GetCommandLineW
GetCurrentProcess
lstrlenW
GetStdHandle
WriteFile
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetEnvironmentVariableW
GetLocaleInfoW
WaitForSingleObject
OpenEventW
GetVersionExW
GetSystemDefaultLangID
GetACP
OpenProcess
GetVersion
SetProcessMitigationPolicy
CreateEventW
MultiByteToWideChar
Sleep
FormatMessageW
GetLastError
OutputDebugStringW
SetEvent
GetCurrentThread
GlobalAlloc
GlobalFree
CloseHandle
LoadLibraryW
CreateThread
SetCurrentDirectoryW
GetProcAddress
DeleteCriticalSection
ExitProcess
UnhandledExceptionFilter
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
GetFileType
lstrcmpW
LoadLibraryExW
GetSystemDirectoryW
LoadLibraryExA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
DelayLoadFailureHook
GetStartupInfoW

user32

MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW
IsCharAlphaNumericW
TranslateMessage
PostThreadMessageW
PostQuitMessage
GetMessageW

msvcrt

_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
_ismbblead
__setusermatherr
_initterm
_acmdln
_fmode
_commode
_lock
_unlock
__dllonexit
_onexit
memcpy
memset
?terminate@@YAXXZ
_vsnprintf
_wcsicmp
__C_specific_handler
_vsnwprintf

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

ole32

CoUninitialize
CoRegisterClassObject
StgOpenStorage
CoRevokeClassObject
CoInitialize

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msinfo32.exe
.exe windows:10 windows x64 arch:x64

fef848f80f9f6d5071c26a32f5abf237

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

msinfo32.pdb

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegGetValueW
RegSetValueExW
EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

kernel32

CreateThreadpoolTimer
HeapAlloc
GetProcAddress
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
MulDiv
DnsHostnameToComputerNameW
GetVersionExW
GetTickCount
CreateEventW
InitializeCriticalSection
ResetEvent
CreateThread
SetEvent
TerminateThread
GetLocaleInfoW
GetNumberFormatW
GetDateFormatW
GetTimeFormatW
MultiByteToWideChar
GetNativeSystemInfo
GetSystemWow64DirectoryW
GetSystemDirectoryW
ReleaseSRWLockShared
GetModuleFileNameA
GetVolumePathNameW
GetFirmwareType
GetPhysicallyInstalledSystemMemory
WaitForThreadpoolTimerCallbacks
CreateFileW
ReadFile
SetFilePointer
FindFirstFileW
FindNextFileW
FindClose
GetTempPath2W
CreateDirectoryExW
SetFileAttributesW
DeleteFileW
RemoveDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
LoadLibraryW
GlobalLock
GlobalUnlock
GetFileSize
LocalFree
GlobalAlloc
GetComputerNameW
GetCommandLineW
HeapSetInformation
RegisterApplicationRestart
InitializeCriticalSectionEx
SetThreadpoolTimer
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CloseThreadpoolTimer
OutputDebugStringW
ReleaseSRWLockExclusive
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
LoadLibraryExW
GetSystemTimeAsFileTime
QueryPerformanceCounter
SleepConditionVariableSRW
WakeAllConditionVariable
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
LeaveCriticalSection
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
SetLastError
WaitForSingleObject
HeapFree
GlobalMemoryStatusEx
CreateSemaphoreExW
FreeLibrary

gdi32

CreateFontIndirectW
GetObjectW
CreateSolidBrush
SetTextColor
EndDoc
EndPage
StartDocW
CreateFontW
TextOutW
StartPage
GetDeviceCaps
GetTextExtentPoint32W

user32

GetSubMenu
CheckDlgButton
ReleaseDC
DrawFocusRect
GetDCEx
ClientToScreen
SetFocus
ReleaseCapture
SetCapture
PtInRect
OffsetRect
InflateRect
DestroyIcon
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
IsWindowEnabled
IsWindowVisible
GetFocus
LoadCursorW
SetCursor
ShowWindow
UpdateWindow
InvalidateRect
EmptyClipboard
CopyRect
GetClientRect
SetClassLongPtrW
LoadIconW
SetWindowPlacement
SystemParametersInfoW
LoadAcceleratorsW
MoveWindow
SetClipboardData
BeginPaint
EndPaint
IsDlgButtonChecked
GetDpiForSystem
LoadStringW
PostMessageW
MessageBoxW
GetSysColor
FillRect
RedrawWindow
LoadMenuW
SetMenu
SetWindowLongW
GetWindowLongW
GetDC
SetWindowPos
GetMenu
AdjustWindowRectEx
SetRect
SetMenuItemInfoW
GetWindowTextW
EnableWindow
CheckRadioButton
SetDlgItemTextW
SetWindowTextW
SendMessageW
GetDlgItem
PostQuitMessage
SendInput
NotifyWinEvent
CreateDialogParamW
GetMessageW
TranslateAcceleratorW
IsDialogMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
DestroyAcceleratorTable
ScreenToClient
KillTimer
SetTimer
DialogBoxParamW
EndDialog
GetWindowRect

mfc42u

ord1586
ord812
ord288
ord1082
ord2900
ord2463
ord6127
ord6133
ord6243
ord6577
ord6138
ord2574
ord851
ord6707
ord6704
ord5979
ord1358
ord5927
ord2781
ord5951
ord2785
ord1042
ord1059
ord655
ord4502
ord1383
ord1221
ord628
ord5916
ord917
ord422
ord2461
ord1471
ord287
ord1647
ord3790
ord286
ord1574
ord2427
ord3783
ord1646
ord336
ord1124
ord2801
ord2855
ord1287
ord2849
ord6887
ord626
ord1040
ord1122
ord1126
ord2975
ord5887
ord4436
ord2629
ord624
ord620
ord6545
ord6226
ord1286
ord2846
ord1284
ord6705
ord6886
ord4473
ord1463
ord2783
ord1259
ord6050
ord1606
ord424
ord919
ord4504
ord1223
ord2845
ord1006
ord420
ord915
ord568
ord1355
ord5950
ord4500
ord1219
ord1381
ord5925
ord3579
ord5914
ord6641
ord4523
ord4521
ord6708
ord1264
ord1262
ord1095
ord2841
ord6216
ord2794
ord6880
ord1483
ord3581
ord366
ord3830
ord5986
ord3221
ord3777
ord2408
ord369
ord622
ord4046

msvcrt

_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
memset
_lock
?terminate@@YAXXZ
memcmp
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
__CxxFrameHandler3
wcsncpy_s
iswascii
wcstod
_wtol
free
iswalpha
wcstoul
wcstol
_wcsicmp
swprintf_s
_wcsicoll
_wtoi
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
__CxxFrameHandler4
_wcsupr
wcscmp

atl

ord30

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtQuerySystemInformation

oleaut32

SysAllocString
VariantInit
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
VariantClear
VariantChangeType
SysAllocStringLen
SysStringLen
SysFreeString

ole32

CoUninitialize
StringFromCLSID
CoTaskMemFree
CoInitialize
CoInitializeSecurity
CoCreateGuid
CoCreateInstance

shlwapi

StrFormatByteSizeEx

setupapi

SetupIterateCabinetW

comdlg32

PrintDlgExW
GetOpenFileNameW
GetSaveFileNameW

shell32

CommandLineToArgvW
ShellAboutW

comctl32

ord410
ord412
ord413
InitCommonControlsEx

powrprof

PowerDeterminePlatformRoleEx

slc

SLGetWindowsInformationDWORD

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msra.exe
.exe windows:10 windows x64 arch:x64

31b682d0384dc895e6d219a73dc8aede

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MSRA.pdb

Imports

advapi32

RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
GetUserNameW
AllocateAndInitializeSid
CheckTokenMembership
OpenProcessToken
GetTokenInformation
FreeSid
RegQueryValueExW
CryptReleaseContext
GetLengthSid
EventActivityIdControl
CryptExportKey
CryptGenKey
CryptImportKey
EventUnregister
EventRegister
EventWrite
RegDeleteKeyValueW
RegEnumKeyW
CryptDestroyHash
CryptDestroyKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptSetKeyParam
CryptEncrypt
CryptDecrypt
CryptGenRandom
CryptGetHashParam
CryptGetUserKey

kernel32

LockResource
LoadResource
FindResourceExW
GlobalUnlock
GlobalLock
MulDiv
lstrcmpW
LoadLibraryExW
lstrcmpiW
MultiByteToWideChar
SizeofResource
FindResourceW
ExpandEnvironmentStringsW
WideCharToMultiByte
GetComputerNameW
CreateFileW
GetFileSizeEx
ReadFile
FindFirstFileW
FindClose
GetCurrentProcess
GetTickCount
GlobalAlloc
MoveFileExW
DeleteFileW
WaitForMultipleObjects
GetModuleFileNameA
GlobalFree
GlobalHandle
LeaveCriticalSection
EnterCriticalSection
GetCommandLineW
ResetEvent
QueueUserWorkItem
RegisterApplicationRestart
RaiseException
InitializeCriticalSection
DeleteCriticalSection
HeapSetInformation
SetErrorMode
SetProcessMitigationPolicy
GetFullPathNameW
CreateSemaphoreExW
LocalFree
CompareStringW
GetModuleFileNameW
FreeLibrary
SetWaitableTimer
CreateWaitableTimerW
LoadLibraryW
GetTimeFormatW
GetDateFormatW
GetLocalTime
SetEvent
CreateThread
CreateMutexW
CreateEventW
CreateDirectoryW
ResolveDelayLoadedAPI
DelayLoadFailureHook
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
CreateMutexExW
GetProcAddress
HeapAlloc
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
WriteFile
GetFileSize
GetSystemTime
CreateTimerQueue
DeleteTimerQueueTimer
CreateTimerQueueTimer
DeleteTimerQueueEx
CreateSemaphoreW
OpenMutexW
GetTempPath2W
OutputDebugStringA
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
DecodePointer
EncodePointer
LoadLibraryExA
VirtualAlloc
VirtualFree
Sleep

gdi32

DeleteObject
GetDeviceCaps
GetObjectW
GetStockObject
GetTextMetricsW
CreateFontIndirectW
SetBkColor
SetTextColor
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC

user32

FlashWindowEx
EndDialog
GetSysColorBrush
MessageBeep
ShowWindow
SendMessageW
LoadStringW
SetDlgItemTextW
MapWindowPoints
CreateWindowExW
PeekMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
LoadIconW
LoadAcceleratorsW
CopyAcceleratorTableW
GetMessageW
TranslateAcceleratorW
IsDialogMessageW
CreateDialogIndirectParamW
AllowSetForegroundWindow
ScrollWindow
GetScrollInfo
SetScrollInfo
GetDlgItem
ShowScrollBar
GetDialogBaseUnits
DestroyMenu
TrackPopupMenu
GetSubMenu
LoadMenuW
GetCaretPos
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetWindowRect
UnregisterHotKey
RegisterHotKey
SystemParametersInfoW
FrameRect
GetSystemMetrics
DialogBoxIndirectParamW
PostQuitMessage
OpenIcon
IsIconic
RegisterClassExW
LoadCursorW
DrawFocusRect
GetDCEx
SetCursor
PtInRect
IsWindowEnabled
LoadImageW
GetWindowInfo
GetActiveWindow
SetWindowContextHelpId
SetTimer
KillTimer
MapDialogRect
PostMessageW
SetForegroundWindow
SendDlgItemMessageW
UpdateWindow
EnableWindow
CharUpperW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetWindow
IsWindow
GetClassNameW
GetSysColor
CharNextW
SetWindowPos
RedrawWindow
GetClassInfoExW
CreateAcceleratorTableW
ClientToScreen
GetParent
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
FillRect
GetClientRect
InvalidateRgn
CallWindowProcW
InvalidateRect
GetDC
ReleaseDC
GetDesktopWindow
DestroyAcceleratorTable
SetWindowLongPtrW
GetWindowLongPtrW
GetWindowLongW
SetWindowLongW
DefWindowProcW
UnregisterClassA

msvcrt

__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
__dllonexit
??0exception@@QEAA@AEBQEBD@Z
memcpy
_callnewh
_onexit
??1type_info@@UEAA@XZ
_errno
realloc
memcmp
_purecall
_wcsicmp
_wtoi
_vsnprintf
_time64
malloc
swprintf_s
_fmode
_XcptFilter
_commode
?terminate@@YAXXZ
free
calloc
_amsg_exit
__wgetmainargs
__C_specific_handler
_vsnprintf_s
__set_app_type
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
srand
memcpy_s
_vsnwprintf
exit
_exit
time
_cexit
iswdigit
??_V@YAXPEAX@Z
memmove
__setusermatherr
_lock
__CxxFrameHandler4
??3@YAXPEAX@Z
_wtol
wcsncmp
towupper
_initterm
_itow
wcstok
swscanf_s
_wcmdln
_unlock
??0exception@@QEAA@AEBQEBDH@Z
wcsncpy_s
memset

ws2_32

WSAStartup
WSAGetLastError
socket
connect
closesocket
WSACleanup
GetAddrInfoW
WSAIoctl
WSASocketW
FreeAddrInfoW

ntdll

NtOpenProcessToken
NtQueryInformationToken
NtClose
WinSqmAddToStream
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlIpv4AddressToStringW
NtOpenThreadToken

ole32

GetHGlobalFromStream
CoTaskMemRealloc
CoTaskMemFree
OleInitialize
MkParseDisplayName
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoUninitialize
CoInitialize
CoCreateInstance
CreateBindCtx
CoCreateInstanceEx
CoGetObject
CoCreateGuid
CoInitializeEx
StringFromIID
CLSIDFromString

oleaut32

SysAllocStringByteLen
VariantInit
SysStringLen
SysAllocStringLen
VarBstrCmp
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysStringByteLen
VarBstrCat
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayDestroy
SafeArrayUnaccessData
SysReAllocString
DispCallFunc
SysAllocString
VariantClear
SysFreeString
VarUI4FromStr

shlwapi

PathFindExtensionW
PathFindFileNameW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

comctl32

CreatePropertySheetPageW
ord410
ord345
ord413
ImageList_LoadImageW
ord344
InitCommonControlsEx
PropertySheetW

shell32

CommandLineToArgvW
ord258
SHGetSpecialFolderPathW
ord261
ShellExecuteW

uxtheme

CloseThemeData
OpenThemeData
GetThemeColor
IsAppThemed
GetThemeFont

crypt32

CryptBinaryToStringW
CryptStringToBinaryW

ndfapi

NdfCloseIncident
NdfExecuteDiagnosis
NdfCreateIncident

sspicli

GetUserNameExW

userenv

GetProfileType

rpcrt4

RpcBindingFromStringBindingW
RpcStringBindingComposeW
I_RpcExceptionFilter
RpcBindingSetAuthInfoExW
NdrClientCall3
RpcBindingFree
RpcStringFreeW

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
StartServiceW
OpenServiceW

api-ms-win-core-heap-l2-1-0

LocalAlloc

api-ms-win-security-base-l1-1-0

CreateWellKnownSid

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-registry-l1-1-0

RegGetValueW

iphlpapi

CancelMibChangeNotify2
NotifyStableUnicastIpAddressTable
FreeMibTable

Sections

.text
Size: 308KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mtstocom.exe
.exe windows:10 windows x64 arch:x64

8458c4a2aedbacae0ec6bae61c08339e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mtstocom.pdb

Imports

advapi32

RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegisterEventSourceW
RegConnectRegistryW
BuildSecurityDescriptorW
BuildTrusteeWithNameW
BuildTrusteeWithSidW
LsaLookupNames
ReportEventW
DeregisterEventSource

kernel32

GetWindowsDirectoryA
GetLocalTime
MoveFileExW
GetFileSize
HeapSetInformation
CloseHandle
DelayLoadFailureHook
GetVersionExA
SetEvent
CreateFileA
GetLastError
OpenEventW
CreateFileW
SetFilePointer
GetModuleFileNameW
WriteFile
GetComputerNameW
LocalSize
ResolveDelayLoadedAPI

msvcrt

_fmode
_commode
_initterm
__setusermatherr
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
memset
_cexit
_exit
exit
__set_app_type
memcpy
memcmp
_local_unwind
__getmainargs
_amsg_exit
_XcptFilter
_strtime
_stricmp
wcsstr
wcschr
wcstombs
_wcsicmp
clock
_vsnwprintf
__C_specific_handler
__CxxFrameHandler4
realloc
free
malloc
_waccess
wcscmp

clbcatq

ServerGetApplicationType

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantInit

api-ms-win-core-com-l1-1-0

CoGetObjectContext
StringFromGUID2
CLSIDFromString
CoTaskMemAlloc
CoUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoInitializeEx

api-ms-win-core-string-l2-1-0

CharNextW
IsCharAlphaW
IsCharAlphaNumericW
CharPrevW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetExitCodeProcess
GetCurrentProcessId
GetCurrentThreadId
CreateProcessW
OpenThreadToken
GetCurrentProcess
SetThreadToken
TerminateProcess
GetCurrentThread
OpenProcessToken

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FindResourceExW
LoadLibraryExW
FreeLibrary
GetProcAddress
LockResource
LoadResource
LoadStringW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTickCount

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegEnumValueW
RegQueryValueExW
RegQueryInfoKeyW
RegFlushKey
RegDeleteTreeW
RegEnumKeyExW
RegOpenKeyExW

api-ms-win-core-file-l1-1-0

CreateDirectoryW
FindNextFileW
FindFirstFileW
DeleteFileW
FindClose
SetFileAttributesW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalAlloc
LocalFree

sspicli

LogonUserExExW

api-ms-win-security-base-l1-1-0

IsWellKnownSid
FreeSid
GetSidLengthRequired
GetSidSubAuthority
GetTokenInformation
AllocateAndInitializeSid
GetLengthSid
AddAccessAllowedAce
GetSecurityDescriptorDacl
CreatePrivateObjectSecurityEx
GetSidSubAuthorityCount
CopySid
DestroyPrivateObjectSecurity
AddAce
IsValidSecurityDescriptor
InitializeAcl
GetSecurityDescriptorLength

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-security-lsalookup-l1-1-0

LookupAccountNameLocalW
LookupAccountSidLocalW

api-ms-win-security-lsapolicy-l1-1-0

LsaAddAccountRights
LsaQueryInformationPolicy
LsaEnumerateAccountRights
LsaRemoveAccountRights
LsaClose
LsaFreeMemory
LsaStorePrivateData
LsaRetrievePrivateData
LsaOpenPolicy

user32

CharNextA
CharPrevA

ntdll

wcsrchr
_wcsnicmp

Exports

Exports

?GetRegNodeDispenser@@YAJPEAPEAUIRegNodeDispenser@@@Z

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nbtstat.exe
.exe windows:10 windows x64 arch:x64

cde20737aa225d4df469dded810acf10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

nbtstat.pdb

Imports

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

kernel32

LocalAlloc
Sleep
GetConsoleMode
GetEnvironmentVariableW
GetLastError
HeapSetInformation
LocalFree
WideCharToMultiByte
GetFileType
GetSystemTimeAsFileTime
GetCurrentThreadId
SetThreadUILanguage
FormatMessageW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetTickCount

msvcrt

__set_app_type
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
fgetpos
__iob_func
wcschr
_vscwprintf
_fileno
_write
_setmode
iswprint
vswprintf_s
_wtoi
fflush
_wcsicmp
_get_osfhandle
_vsnwprintf
_XcptFilter
_amsg_exit
memmove
fwprintf
exit
__wgetmainargs
memset

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
NtWaitForSingleObject
NtCreateFile
RtlUpcaseUnicodeStringToOemString
RtlVirtualUnwind
NtClose
NtDeviceIoControlFile
RtlInitUnicodeString
RtlIpv4AddressToStringW
RtlGUIDFromString
RtlIpv4StringToAddressW

ws2_32

ntohl

user32

OemToCharBuffW

mswsock

GetSocketErrorMessageW

iphlpapi

NhGetInterfaceNameFromDeviceGuid

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ndadmin.exe
.exe windows:10 windows x64 arch:x64

64f3eecff5f5a778f51d1aa0187df5c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

NDAdmin.pdb

Imports

kernel32

CreateDirectoryW
GetFileAttributesW
GetFullPathNameW
HeapAlloc
HeapFree
GetProcessHeap
FreeLibrary
ExitProcess
GetProcAddress
HeapSetInformation
LoadLibraryW
GetLastError
GetCommandLineW
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CreateEventW
WaitForSingleObjectEx
CloseHandle
SetEvent
ExpandEnvironmentStringsW
SetLastError
GetSystemWindowsDirectoryW
RaiseException

msvcrt

wcsrchr
wcschr
?terminate@@YAXXZ
_commode
_acmdln
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
swscanf
__C_specific_handler
_fmode
_resetstkoflw
memcpy

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlFormatCurrentUserKeyPath
RtlFreeUnicodeString
NtClose
RtlInitUnicodeString
NtOpenKey
NtQueryValueKey
RtlNtStatusToDosError

shell32

CommandLineToArgvW

advapi32

FreeSid
CheckTokenMembership
AllocateAndInitializeSid

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
net.exe
.exe windows:10 windows x64 arch:x64

d45c37a5c97135204ad6e116c34946c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

net.pdb

Imports

msvcrt

__C_specific_handler
_initterm
_commode
__setusermatherr
_cexit
_exit
__set_app_type
__getmainargs
wcsncat_s
_wcsdup
wcstok
_XcptFilter
wcsrchr
?terminate@@YAXXZ
wcsncpy_s
wcsncmp
wcspbrk
exit
qsort
memset
_wcsupr
wcscspn
calloc
iswctype
wcsspn
_ultow
memmove
_wcsicmp
memcpy
sprintf_s
_wcsnicmp
wcschr
_fmode
_local_unwind
_fileno
_setmode
wcscat_s
wcscpy_s
malloc
free
putchar
_vsnwprintf_s
_snwprintf_s
__iob_func
setlocale
_amsg_exit
wcscmp

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
GetStdHandle

api-ms-win-core-console-l1-1-0

SetConsoleMode
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
WriteConsoleW

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage
GetCPInfo

api-ms-win-core-synch-l1-1-0

WaitForSingleObject

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
OpenThreadToken
CreateProcessW
GetExitCodeProcess
GetCurrentThread
TerminateProcess

mpr

WNetCloseEnum
WNetCancelConnection2W
WNetEnumResourceW
WNetGetConnectionW
WNetOpenEnumW
WNetGetLastErrorW
WNetAddConnection4W

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
ImpersonateSelf
RevertToSelf

sspicli

SspiEncodeStringsAsAuthIdentity
SspiLocalFree
SspiFreeAuthIdentity
SspiMarshalAuthIdentity

wkscli

NetUseGetInfo
NetUseEnum
NetWkstaUserGetInfo
NetWkstaGetInfo

netutils

NetpwNameValidate
NetapipBufferAllocate
NetpwPathType
NetApiBufferReallocate
NetApiBufferFree
NetApiBufferAllocate

samcli

NetUserGetInfo

api-ms-win-core-file-l1-1-0

GetDriveTypeW
WriteFile
GetFileType

srvcli

NetServerGetInfo
NetShareEnum

iphlpapi

GetCurrentThreadCompartmentId

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
FreeLibrary
GetModuleHandleW
LoadLibraryExW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-console-l1-2-0

PeekConsoleInputW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

ntdll

RtlAllocateHeap

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
net1.exe
.exe windows:10 windows x64 arch:x64

76ee66a0f294eab08dcaef5e64fbf02f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

net1.pdb

Imports

msvcrt

_snwprintf_s
_vsnwprintf_s
putchar
_wcsdup
wcspbrk
wcstok
_local_unwind
memcpy
memmove
_wcsicmp
memset
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
__iob_func
__getmainargs
_amsg_exit
_XcptFilter
wcscspn
iswctype
wcsrchr
calloc
_wcsrev
malloc
free
realloc
swprintf_s
_ultow
wcsstr
wcsncat_s
_vsnwprintf
wcschr
sprintf_s
_wcsnicmp
_fileno
_setmode
setlocale
exit
wcsspn
qsort
wcsncmp
wcscpy_s
_wcsupr
wcsncpy_s
__set_app_type
_wcslwr
wcscat_s
wcstod
wcscmp

samcli

NetGroupGetInfo
NetGroupSetInfo
NetUserDel
NetGroupAdd
NetGroupGetUsers
NetGroupEnum
NetGroupAddUser
NetGroupDel
NetUserAdd
NetUserSetInfo
NetUserGetGroups
NetUserEnum
NetUserGetInfo
NetUserModalsSet
NetUserModalsGet
NetGroupDelUser

netutils

NetApiBufferAllocate
NetpwNameValidate
NetapipBufferAllocate
NetApiBufferFree
NetpwListCanonicalize
NetpwNameCompare
NetpwListTraverse
NetpwPathType
NetpwNameCanonicalize
NetApiBufferReallocate

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

dsrole

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
SetLocalTime
GetTickCount
GetComputerNameExW

api-ms-win-core-synch-l1-2-0

Sleep

srvcli

NetFileGetInfo
NetFileClose
NetFileEnum
NetSessionEnum
NetServerTransportEnum
NetServerSetInfo
NetServerGetInfo
NetConnectionEnum
NetSessionGetInfo
NetSessionDel
NetShareGetInfo
NetShareCheck
NetShareEnum
NetShareSetInfo
NetShareDel
NetShareAdd
NetShareDelSticky
NetRemoteTOD

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

GetCPInfo
FormatMessageW
SetThreadUILanguage
GetUserDefaultLCID

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
GetStdHandle

api-ms-win-core-console-l1-1-0

GetConsoleMode
SetConsoleMode
ReadConsoleW
GetConsoleOutputCP
WriteConsoleW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

HeapSetInformation

wkscli

NetUseDel
NetWkstaUserGetInfo
NetWkstaTransportEnum
NetWkstaGetInfo
NetUseEnum
NetWkstaStatisticsGet

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryExW

api-ms-win-security-base-l1-1-0

InitializeAcl
GetLengthSid
CopySid
GetSidLengthRequired
AddAccessAllowedAce
CreateWellKnownSid
GetSidSubAuthority
GetAce
EqualSid
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSidSubAuthorityCount

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
GlobalFree
GlobalAlloc

api-ms-win-core-file-l1-1-0

GetDriveTypeW
GetFileType
WriteFile

api-ms-win-core-sysinfo-l1-2-0

SetSystemTime

logoncli

DsGetDcNameW

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

cryptbase

SystemFunction036

api-ms-win-service-management-l1-1-0

OpenSCManagerW
StartServiceW
OpenServiceW
CloseServiceHandle

api-ms-win-service-core-l1-1-2

GetServiceKeyNameW
GetServiceDisplayNameW

api-ms-win-service-core-l1-1-1

EnumServicesStatusExW
EnumDependentServicesW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlCompareMemory
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-console-l1-2-0

PeekConsoleInputW

api-ms-win-core-privateprofile-l1-1-0

GetProfileStringW

api-ms-win-security-activedirectoryclient-l1-1-0

DsUnBindW
DsFreeNameResultW
DsBindWithSpnExW
DsCrackNamesW

ntdll

NtQuerySystemTime
RtlLengthSid
RtlTimeToSecondsSince1970
RtlAllocateHeap
RtlCopySid
RtlxOemStringToUnicodeSize
RtlInitString
RtlOemStringToUnicodeString
RtlInitUnicodeString
RtlInitAnsiString
RtlQueryTimeZoneInformation
NtSetInformationThread
NtAdjustPrivilegesToken
NtDuplicateToken
RtlTimeFieldsToTime
RtlNtStatusToDosError
RtlSubAuthorityCountSid
RtlInitializeSid
RtlLengthRequiredSid
RtlSubAuthoritySid
RtlGetNtProductType
NtOpenProcessToken
NtClose

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
netbtugc.exe
.exe windows:10 windows x64 arch:x64

894a8067e3107b433f0e938d4efbb5bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

netbtugc.pdb

Imports

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryInfoKeyA
RegCreateKeyExA
RegEnumKeyExA
RegQueryValueExA
RegEnumValueA
RegSetValueExA

kernel32

GetFileAttributesW
LoadLibraryExW
FreeLibrary
CreateDirectoryW
GetFullPathNameW
ExpandEnvironmentStringsW
FormatMessageA
MultiByteToWideChar
Sleep
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapFree
SetLastError
EnterCriticalSection
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetLastError
HeapAlloc
GetProcAddress
DeleteCriticalSection
GetProcessHeap

msvcrt

memcpy
memmove
_wcsnicmp
wcschr
wcsrchr
wcsncmp
malloc
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
free
_vsnprintf
memset

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
RtlAllocateHeap
RtlFreeHeap

iphlpapi

ConvertInterfacePhysicalAddressToLuid
ConvertStringToInterfacePhysicalAddress
ConvertInterfaceAliasToLuid
ConvertInterfaceNameToLuidW
ConvertInterfaceLuidToGuid

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
netcfg.exe
.exe windows:10 windows x64 arch:x64

f4666acbf024767fff0861a8ec8e8908

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

netcfg.pdb

Imports

advapi32

EventRegister
RegOpenKeyW
RegCloseKey
EventWriteTransfer
EventSetInformation

kernel32

FormatMessageW
SetThreadPreferredUILanguages
GetConsoleOutputCP
HeapSetInformation
GetModuleHandleW
GetLastError
ExitProcess
GetWindowsDirectoryW
HeapAlloc
GetProcessHeap
HeapFree
LoadLibraryExW
GetProcAddress
VirtualProtect
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
RaiseException
GetSystemInfo
FreeLibrary
VirtualQuery
LoadLibraryExA

msvcrt

_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
__set_app_type
_unlock
__dllonexit
_onexit
_CxxThrowException
_callnewh
malloc
wprintf
__wgetmainargs
_amsg_exit
__CxxFrameHandler3
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
memmove
_lock
_purecall
_wcsicmp
wcschr
wcscpy_s
exit
tolower
iswprint
_wsetlocale
_putws
_vsnwprintf
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
__CxxFrameHandler4
memcpy
_XcptFilter
memset

ole32

CoUninitialize
CoInitializeEx
CoTaskMemFree
CoCreateInstance

setupapi

SetupCopyOEMInfW
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
netiougc.exe
.exe windows:10 windows x64 arch:x64

06f9626be5ae71582d4df67e4eba810d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

netiougc.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__exit
_o__get_initial_narrow_environment
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__stricmp
_o__strnicmp
_o__wcsnicmp
_o_exit
_o_free
_o_iswdigit
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o__crt_atexit
_o__configure_narrow_argv
_o__configthreadlocale
_o__cexit
wcsrchr
wcschr
_o___stdio_common_vsprintf
_o___p__commode
_o___p___argv
_o___p___argc

api-ms-win-crt-string-l1-1-0

wcsncmp
memset

ntdll

RtlAllocateHeap
RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
RtlFreeHeap

iphlpapi

ConvertStringToInterfacePhysicalAddress
ConvertInterfacePhysicalAddressToLuid
InitializeIpForwardEntry
InternalCreateIpForwardEntry2
ConvertInterfaceAliasToLuid
ConvertInterfaceNameToLuidW
InternalCreateUnicastIpAddressEntry
ParseNetworkString
ConvertInterfaceLuidToNameW
InitializeUnicastIpAddressEntry

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus
OpenServiceA
OpenSCManagerA
StartServiceA

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-service-management-l1-1-0

CloseServiceHandle

dhcpcsvc

DhcpEnableDhcp

api-ms-win-core-registry-l1-1-0

RegEnumValueA
RegQueryInfoKeyA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-heap-l1-1-0

HeapSetInformation
GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
GetModuleHandleW
GetProcAddress
GetModuleFileNameW

nsi

NsiSetAllPersistentParametersWithMask
NsiSetAllParameters
NsiGetAllParameters
NsiGetAllPersistentParametersWithMask

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection

api-ms-win-core-file-l1-1-0

GetFileAttributesW
GetFullPathNameW
CreateDirectoryW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
netsh.exe
.exe windows:10 windows x64 arch:x64

06f091dbec9c3f0dd14808ffe59b95de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

netsh.pdb

Imports

msvcrt

wprintf
_wfopen
iswctype
_wcsnicmp
__setusermatherr
_initterm
wcspbrk
__C_specific_handler
fputwc
fflush
_fmode
_commode
wcstok
_wcslwr
fgets
_wcsicmp
_XcptFilter
?terminate@@YAXXZ
wcscpy_s
_amsg_exit
fclose
__wgetmainargs
wcschr
free
wcsrchr
__set_app_type
exit
memcpy
_exit
_cexit
_wcsdup
_wcsupr
_vsnwprintf
__iob_func
qsort
memset

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc
HeapSetInformation
HeapReAlloc

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

SetFilePointer
WriteFile
CreateFileW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadStringW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegEnumValueW
RegCreateKeyExW
RegQueryInfoKeyW
RegGetValueW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetComputerNameExW
GetVersionExW

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageW

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler
ReadConsoleW
SetConsoleMode
GetConsoleOutputCP
GetConsoleMode

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-base-l1-1-0

CheckTokenMembership
CreateWellKnownSid

api-ms-win-core-synch-l1-1-0

OpenEventW
CreateEventW
WaitForSingleObject
ResetEvent
SetEvent

api-ms-win-core-console-l2-1-0

SetConsoleActiveScreenBuffer
FillConsoleOutputCharacterW
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
FillConsoleOutputAttribute
SetConsoleScreenBufferSize
CreateConsoleScreenBuffer

oleaut32

VariantChangeType
SysFreeString
SysAllocString

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitializeEx

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

ntdll

RtlGUIDFromString
WinSqmAddToStream

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ConvertGuidToString
ConvertStringToGuid
DisplayMessageM
DisplayMessageToConsole
FreeQuotedString
FreeString
GenericMonitor
GetEnumString
InitializeConsole
MakeQuotedString
MakeString
MatchCmdLine
MatchEnumTag
MatchTagsInCmdLine
MatchToken
PreprocessCommand
PrintError
PrintMessage
PrintMessageFromModule
ProcessCommand
RefreshConsole
RegisterContext
RegisterHelper

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
newdev.exe
.exe windows:10 windows x64 arch:x64

fdb0aac8ae8648b09599fa21e577d5b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

NewDev.pdb

Imports

user32

PostMessageW
DispatchMessageW
GetMessageW
TranslateMessage

msvcrt

__getmainargs
_amsg_exit
_XcptFilter
swscanf
__C_specific_handler
exit
_initterm
wcschr
wcsrchr
__set_app_type
_exit
_cexit
_ismbblead
_acmdln
_fmode
_commode
?terminate@@YAXXZ
__setusermatherr
memcpy
_resetstkoflw

ntdll

RtlNtStatusToDosError
NtOpenKey
RtlInitUnicodeString
NtClose
RtlCaptureContext
RtlFreeUnicodeString
RtlFormatCurrentUserKeyPath
RtlLookupFunctionEntry
RtlVirtualUnwind
NtQueryValueKey

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetStartupInfoW
CreateThread
GetCurrentProcessId
ExitProcess
GetCurrentProcess
TerminateProcess

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
GetModuleHandleW

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance
CoInitializeEx

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

shell32

CommandLineToArgvW

kernel32

WaitForSingleObjectEx
CreateEventW
ExpandEnvironmentStringsW
SetLastError
GetProcessHeap
HeapFree
HeapAlloc
CreateDirectoryW
GetFileAttributesW
GetFullPathNameW
GetSystemWindowsDirectoryW
RaiseException
SetEvent

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
FreeSid
CheckTokenMembership

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nltest.exe
.exe windows:10 windows x64 arch:x64

e6d22ecaa5772b23183363959c9f82b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

nltest.pdb

Imports

msvcrt

__iob_func
qsort
_wsetlocale
fwprintf
_vsnprintf
memcpy
_vsnwprintf
memset
?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
sprintf_s
strchr
strcat_s
_stricmp
printf
strtol
strcpy_s
_strnicmp
fprintf
strtoul
wcscat_s
wcscpy_s
iswctype
strncpy_s
__C_specific_handler

ntdsapi

DsFreeDomainControllerInfoW
DsUnBindW
DsBindW
DsGetDomainControllerInfoW

logoncli

NetLogonGetTimeServiceParentDomain
DsDeregisterDnsHostRecordsA
I_NetlogonGetTrustRid
DsGetForestTrustInformationW
I_NetlogonComputeServerSignature
DsAddressToSiteNamesExA
DsGetDcOpenA
DsGetDcSiteCoverageA
DsGetDcNameA
I_NetlogonComputeClientDigest
DsEnumerateDomainTrustsA
DsGetSiteNameA
DsGetDcCloseW
I_NetLogonControl2
DsGetDcNextA
I_NetLogonControl
I_NetlogonComputeServerDigest
DsGetDcNameW
DsGetDcNameWithAccountW
I_NetGetDCList
NetGetDCName
I_NetlogonComputeClientSignature

rpcrt4

UuidToStringA
UuidToStringW
RpcStringFreeW
UuidFromStringA
RpcStringFreeA

ws2_32

freeaddrinfo
ntohs
WSAGetLastError
htonl
WSACleanup
WSAStringToAddressA
getaddrinfo
WSAStartup
WSAAddressToStringA

ntdll

RtlInitAnsiString
RtlAllocateHeap
RtlFreeHeap
RtlCompareUnicodeString
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
RtlOemStringToUnicodeString
RtlInitString
RtlLengthSid
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlSystemTimeToLocalTime
RtlInitUnicodeString
RtlFreeUnicodeString
RtlConvertSidToUnicodeString
RtlTimeToTimeFields

netutils

NetApiBufferAllocate
NetApiBufferFree
NetpwNameCompare

kernel32

SetEvent
GetLocalTime
Sleep
CreateEventW
GetOverlappedResult
CloseHandle
CreateThread
GetProcAddress
LocalFree
DeleteCriticalSection
WaitForSingleObject
GetComputerNameW
GetModuleHandleW
InitializeCriticalSection
LeaveCriticalSection
FreeLibrary
SetMailslotInfo
WaitForMultipleObjects
LoadLibraryExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
EnterCriticalSection
GetCurrentThreadId
ReadFile
WideCharToMultiByte
GetSystemTimeAsFileTime
GetTickCount
LocalAlloc
HeapFree
GetConsoleOutputCP
GetStdHandle
WriteFile
SetThreadUILanguage
HeapAlloc
GetProcessHeap
MultiByteToWideChar
CreateFileW
CreateMailslotA
GetLastError

advapi32

TraceMessage
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
RegQueryValueExW
LsaClose
InitiateSystemShutdownExW
LsaOpenPolicy
SystemFunction025
SystemFunction027
RegConnectRegistryW
GetSecurityDescriptorDacl
RegGetKeySecurity
RegCloseKey
CryptAcquireContextW
GetAclInformation
RegOpenKeyExA
FreeSid
AbortSystemShutdownW
LsaFreeMemory
RegSetValueExA
LsaQueryForestTrustInformation
GetAce
RegSetKeySecurity
AllocateAndInitializeSid
RegQueryValueExA
EqualSid

user32

LoadStringW

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 332KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nmbind.exe
.exe windows:10 windows x64 arch:x64

5b9bed4627214d7ad933eb9f17d888da

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4f:18:20:e7:a6:21:b4:97:39:91:6c:aa:d9:ce:fe:46:a3:b5:db:4d:a8:52:75:de:2e:d8:a7:c4:b6:c5:c9:9c
Signer

Actual PE Digest

4f:18:20:e7:a6:21:b4:97:39:91:6c:aa:d9:ce:fe:46:a3:b5:db:4d:a8:52:75:de:2e:d8:a7:c4:b6:c5:c9:9c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

nmbind.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm
_initterm_e
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_initial_narrow_environment
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsicmp
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o__configure_narrow_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
__CxxFrameHandler3
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___argv
_o___p___argc
_o__crt_atexit
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo
SetConsoleTextAttribute

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureStackBackTrace
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

netsetupapi

NetSetupSetObjectProperties
NetSetupFreeObjects
NetSetupCommit
NetSetupDeleteObject
NetSetupInitialize
NetSetupClose
NetSetupSynchronizeDevices
NetSetupFreeObjectProperties
NetSetupGetObjectProperties
NetSetupGetObjects

vmsif

VmsIfDriverOpen
VmsIfDriverClose
VmsIfNicDisableMiniport
VmsIfNicEnableMiniport

iphlpapi

SetCurrentThreadCompartmentScope
GetIfEntry2
ConvertInterfaceGuidToLuid

api-ms-win-core-synch-l1-2-0

Sleep

devobj

DevObjGetClassDevs
DevObjCreateDeviceInfoList
DevObjChangeState
DevObjEnumDeviceInfo
DevObjDestroyDeviceInfoList
DevObjGetDeviceProperty
DevObjOpenDeviceInfo
DevObjUninstallDevice
DevObjOpenDevRegKey

api-ms-win-core-com-l1-1-0

CLSIDFromString

api-ms-win-devices-config-l1-1-1

CM_Locate_DevNodeW
CM_Get_DevNode_Status

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
CreateSemaphoreExW
ReleaseSRWLockExclusive
LeaveCriticalSection
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
WaitForSingleObject
ReleaseSRWLockShared
ReleaseMutex
WaitForSingleObjectEx
ReleaseSemaphore
OpenSemaphoreW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-handle-l1-1-0

CloseHandle

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nmscrub.exe
.exe windows:10 windows x64 arch:x64

29fce0b185a9a33ad1ab22b207847f4f

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c6:0a:4f:b2:6d:e7:8e:d4:0a:bd:f5:8e:80:9e:a5:f8:e4:d2:2a:99:45:db:21:ac:fa:32:c3:b7:78:0b:52:d3
Signer

Actual PE Digest

c6:0a:4f:b2:6d:e7:8e:d4:0a:bd:f5:8e:80:9e:a5:f8:e4:d2:2a:99:45:db:21:ac:fa:32:c3:b7:78:0b:52:d3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

nmscrub.pdb

Imports

msvcp_win

?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_initial_narrow_environment
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__stricmp
memmove
_o__wcsicmp
_o__wcsnicmp
_o_abort
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcscpy_s
_o_wcstod
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
__CxxFrameHandler3
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o__exit
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___argv
_o___p___argc
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExA
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA

rpcrt4

UuidFromStringW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
ReleaseSemaphore
AcquireSRWLockExclusive
WaitForSingleObject
InitializeCriticalSectionEx
ReleaseMutex
ReleaseSRWLockExclusive
OpenSemaphoreW
CreateEventW
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
EnterCriticalSection
WaitForSingleObjectEx
LeaveCriticalSection
ReleaseSRWLockShared
CreateMutexExW

iphlpapi

GetIfTable2
FreeMibTable
GetAdaptersAddresses
ConvertCompartmentGuidToId
SetCurrentThreadCompartmentId

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW

ntdll

RtlIpv6AddressToStringExW
RtlIpv4AddressToStringExW

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo
SetConsoleTextAttribute

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegEnumKeyW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-com-l1-1-0

CoTaskMemFree
StringFromGUID2
CLSIDFromString

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegDeleteTreeW
RegCloseKey
RegSetValueExW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
RtlCaptureStackBackTrace

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo
GetTickCount

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery

netmgmtif

NetMgmtGetVirtualSwitchPortProperty
NetMgmtDeleteVirtualSwitchPort
NetMgmtDeleteVirtualSwitch
NetMgmtEnumerateVirtualSwitch
NetMgmtFindInternalNicByName
NetMgmtEnumerateNic
NetMgmtEnumerateAdapter
NetMgmtGetPortHandleRefCount
NetMgmtSwitchExtensionFree
NetMgmtDeleteInternalEthernetAdapter
NetMgmtUnbindExternalAdapter
NetMgmtSwitchExtensionEnumerate
NetMgmtGetVmSwitchInitState
NetMgmtEnumerateVirtualSwitchPorts
NetMgmtPortPropertyListFree
NetMgmtIsInternalEthernetAdapterEnabledLW
NetMgmtGetNetworkAdapterType
NetMgmtFindExternalNicByName
NetMgmtDeleteInternalEthernetAdapterLW
NetMgmtEnumerateVirtualSwitchPortProperty
NetMgmtPortPropertyFree
NetMgmtGetMacAddressRange

vmsif

VmsIfDriverClose
VmsIfNicDeleteMiniport
VmsIfPortGetVlanSettings
VmsIfMemFree
VmsIfDriverOpen

netsetupapi

NetSetupGetObjects
NetSetupSynchronizeDevices
NetSetupCommit
NetSetupGetObjectProperties
NetSetupClose
NetSetupFreeObjects
NetSetupFreeObjectProperties
NetSetupSetObjectProperties
NetSetupDeleteObject
NetSetupInitialize

devobj

DevObjOpenDeviceInfo
DevObjGetDeviceProperty
DevObjDestroyDeviceInfoList
DevObjChangeState
DevObjUninstallDevice
DevObjEnumDeviceInfo
DevObjGetClassDevs
DevObjOpenDevRegKey
DevObjCreateDeviceInfoList

nsi

NsiFreeTable
NsiAllocateAndGetTable

api-ms-win-devices-config-l1-1-1

CM_Get_DevNode_Status
CM_Locate_DevNodeW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

Sections

.text
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
notepad.exe
.exe windows:10 windows x64 arch:x64

0e6bccf88f4251909d1746dba78cba57

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

notepad.pdb

Imports

gdi32

SetMapMode
SetViewportExtEx
SetWindowExtEx
LPtoDP
SetBkMode
GetTextMetricsW
TextOutW
AbortDoc
EndDoc
SetAbortProc
StartDocW
StartPage
CreateDCW
EnumFontsW
GetTextFaceW
GetDeviceCaps
DeleteDC
DeleteObject
SetBkColor
CreateSolidBrush
GetTextExtentPoint32W
SelectObject
CreateCompatibleDC
EndPage
CreateFontIndirectW

user32

PostQuitMessage
BeginPaint
EndPaint
FillRect
DrawTextW
DrawFocusRect
DefWindowProcW
TrackMouseEvent
InvalidateRect
DestroyIcon
SetThreadDpiAwarenessContext
DialogBoxParamW
LoadIconW
GetFocus
MessageBoxW
ShowWindow
SetCursor
SetActiveWindow
EnableMenuItem
IsIconic
SetFocus
MessageBeep
GetForegroundWindow
GetDlgCtrlID
SetWindowPos
RedrawWindow
GetKeyboardLayout
CharNextW
SetWinEventHook
GetMessageW
TranslateAcceleratorW
IsDialogMessageW
TranslateMessage
DispatchMessageW
UnhookWinEvent
SetWindowTextW
GetMenu
GetSubMenu
OpenClipboard
IsClipboardFormatAvailable
CloseClipboard
CheckMenuItem
SetDlgItemTextW
GetDlgItemTextW
EndDialog
SendDlgItemMessageW
SetScrollPos
UpdateWindow
GetWindowPlacement
SetWindowPlacement
CharUpperW
GetSystemMenu
LoadAcceleratorsW
SetWindowLongW
MonitorFromWindow
RegisterWindowMessageW
LoadCursorW
LoadImageW
RegisterClassExW
GetWindowLongW
PeekMessageW
GetWindowTextW
EnableWindow
CreateDialogParamW
DrawTextExW
IsWindow
CreateDialogIndirectParamW
GetPropW
SetPropW
GetDlgItem
RemovePropW
CheckDlgButton
CheckRadioButton
IsDlgButtonChecked
NotifyWinEvent
CreateWindowExW
GetWindowTextLengthW
GetClientRect
DestroyWindow
GetDpiForWindow
SystemParametersInfoForDpi
SendMessageW
MoveWindow
GetDC
LoadStringW
PostMessageW
ReleaseDC

api-ms-win-crt-string-l1-1-0

wcscmp
wcsnlen
memset

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm_e
_initterm
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wtol
_o_exit
_o_free
_o_iswdigit
_o_malloc
_o_terminate
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__crt_atexit
_o___stdio_common_vswprintf
_o__configure_wide_argv
_o___std_exception_destroy
_o___std_exception_copy
_o__configthreadlocale
_o___p__commode
_o__exit
_o__cexit
_o__callnewh
_o__beginthreadex
_o__errno
wcsrchr
wcschr
__C_specific_handler
memcmp
memcpy
memmove

api-ms-win-core-libraryloader-l1-2-0

LockResource
GetModuleHandleExW
FindResourceExW
LoadResource
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
GetProcAddress
GetModuleHandleW
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseSemaphore
ReleaseSRWLockExclusive
EnterCriticalSection
SetEvent
CreateEventExW
AcquireSRWLockExclusive
ReleaseMutex
WaitForSingleObjectEx
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
OpenSemaphoreW
ReleaseSRWLockShared
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapSetInformation
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetLastError
SetLastError

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenProcessToken
CreateProcessW
TerminateProcess
GetCurrentThreadId
GetStartupInfoW
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW
FindNLSString
GetLocaleInfoW
GetACP

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance
CoInitializeEx
PropVariantClear
CoUninitialize
CoWaitForMultipleHandles
CoCreateGuid
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW
PathIsFileSpecW
PathFileExistsW

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegGetValueW
RegSetValueExW
RegEnumValueW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegDeleteKeyExW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-heap-l2-1-0

LocalUnlock
LocalFree
LocalLock
GlobalAlloc
GlobalFree
LocalAlloc
LocalReAlloc

api-ms-win-core-file-l1-1-0

DeleteFileW
GetFileAttributesW
SetEndOfFile
GetFileAttributesExW
GetFileInformationByHandle
FindClose
FindFirstFileW
CreateFileW
ReadFile
GetDiskFreeSpaceExW
GetFullPathNameW
CreateDirectoryW
WriteFile

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
GetCommandLineW
SetCurrentDirectoryW

api-ms-win-core-string-l1-1-0

FoldStringW
WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemTimeAsFileTime

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-registry-l2-1-0

RegCreateKeyW

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize
GlobalLock
GlobalUnlock

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-windowserrorreporting-l1-1-3

RegisterApplicationRestart

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation

api-ms-win-base-util-l1-1-0

IsTextUnicode

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

comctl32

ImageList_Create
ImageList_SetBkColor
ord381
ImageList_ReplaceIcon
ord410
ImageList_Draw
ImageList_GetIconSize
ord413
ImageList_Destroy
ord345
CreateStatusWindowW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nslookup.exe
.exe windows:10 windows x64 arch:x64

ec3e3c718c086fab4f7f35008a5e9116

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

nslookup.pdb

Imports

msvcrt

putc
_vsnprintf
malloc
sscanf_s
system
getenv
printf
fwrite
strchr
fputc
fprintf
memset
perror
exit
strcpy_s
fputs
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
strcat_s
gmtime
__setusermatherr
isspace
getc
_cexit
realloc
_exit
putchar
__set_app_type
ferror
__getmainargs
sprintf_s
fflush
_amsg_exit
_XcptFilter
_write
fclose
memcpy
strncmp
fgets
_strnicmp
free
strncpy_s
fread
fopen
__iob_func
strcmp

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapSetInformation
GetProcessHeap

ws2_32

htonl
WSAStartup
select
getaddrinfo
gethostname
closesocket
send
socket
connect
recv
WSAGetLastError
getprotobynumber
getservbyport
ntohs
freeaddrinfo
inet_ntoa
htons

crypt32

CryptBinaryToStringA

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter

dnsapi

DnsQueryConfigAllocEx
DnsFreeConfigStructure

api-ms-win-core-localization-l1-2-0

FormatMessageA
SetThreadUILanguage

api-ms-win-core-registry-l1-1-0

RegCloseKey

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA

mswsock

s_perror

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

ntdll

NtQueryValueKey
RtlFreeHeap
RtlUnicodeStringToAnsiString
RtlFreeUnicodeString
NtOpenKey
RtlAllocateHeap
RtlAnsiStringToUnicodeString
RtlIpv6StringToAddressExA
RtlIpv4StringToAddressA
RtlIpv6AddressToStringA
RtlInitString

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ntkrla57.exe
.sys windows:10 windows x64 arch:x64

8a6a24dc179d1d583e1d3b5fddaea3d6

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ba:9a:f7:97:de:48:80:24:6d:a6:3f:9e:aa:9a:f4:0e:17:be:5a:66:19:aa:70:b9:3e:85:8a:fd:81:b5:26:c1
Signer

Actual PE Digest

ba:9a:f7:97:de:48:80:24:6d:a6:3f:9e:aa:9a:f4:0e:17:be:5a:66:19:aa:70:b9:3e:85:8a:fd:81:b5:26:c1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ntkrla57.pdb

Imports

ext-ms-win-ntos-processparameters-l1-1-0

PsDestroyProcessParameterOverrides
PsGetProcessParameterOverrides

ext-ms-win-ntos-tm-l1-1-0

TmIsKTMCommitCoordinator
TmInitializeTransactionManager
TmGetTransactionId
TmFreezeTransactions
TmEndPropagationRequest
TmEnableCallbacks
TmDereferenceEnlistmentKey
TmCurrentTransaction
TmCreateEnlistment
TmCommitTransaction
TmCommitEnlistment
TmCommitComplete
TmCancelPropagationRequest
NtThawTransactions
NtSetInformationTransaction
NtSetInformationResourceManager
NtSetInformationEnlistment
NtRollbackTransaction
NtRollbackEnlistment
NtRollbackComplete
NtRecoverTransactionManager
NtRecoverResourceManager
NtRecoverEnlistment
NtRegisterProtocolAddressInformation
TmIsTransactionActive
TmInitSystemPhase2
TmInitSystem
NtCommitComplete
NtCommitEnlistment
TmPrePrepareComplete
TmRecoverEnlistment
TmRecoverResourceManager
TmRecoverTransactionManager
TmReferenceEnlistmentKey
TmRenameTransactionManager
TmRequestOutcomeEnlistment
TmRollbackComplete
TmRollbackEnlistment
TmRollbackTransaction
TmSetCurrentTransaction
TmSinglePhaseReject
NtCommitTransaction
TmShutdownSystem
NtRollforwardTransactionManager
NtSinglePhaseReject
NtCreateEnlistment
NtCreateResourceManager
NtSetInformationTransactionManager
NtRenameTransactionManager
NtCreateTransaction
TmThawTransactions
NtCreateTransactionManager
NtEnumerateTransactionObject
NtFreezeTransactions
NtGetNotificationResourceManager
NtOpenEnlistment
NtOpenResourceManager
NtOpenTransaction
NtOpenTransactionManager
NtPrePrepareComplete
TmPrePrepareEnlistment
TmPrepareComplete
TmPrepareEnlistment
TmPropagationComplete
TmReadOnlyEnlistment
TmPropagationFailed
NtReadOnlyEnlistment
NtQueryInformationTransactionManager
NtQueryInformationTransaction
NtQueryInformationResourceManager
NtQueryInformationEnlistment
NtPropagationFailed
NtPropagationComplete
NtPrepareEnlistment
NtPrepareComplete
NtPrePrepareEnlistment

pshed

PshedGetBootErrorPacket
PshedInitialize
PshedGetAllErrorSources
PshedAttemptErrorRecovery
PshedWriteErrorRecord
PshedBugCheckSystem
PshedFreeMemory
PshedDoPluginCtl
PshedAllocateMemory
PshedDoPfa
PshedEnableErrorSource
PshedGetInjectionCapabilities
PshedInjectError
PshedSetErrorSourceInfo
PshedSetHalEnlightenments
PshedMarkHiberPhase
PshedInitProc
PshedIsSystemWheaEnabled
PshedClearErrorRecord
PshedArePluginsPresent
PshedReadErrorRecord
PshedInitGlobal
PshedDisableErrorSource
PshedInitAvailable
PshedGetErrorSourceInfo
PshedFinalizeErrorRecord
PshedRetrieveErrorInfo

bootvid

VidInitialize
VidBitBltEx
VidDisplayString
VidSetScrollRegion
VidSetTextColor
VidCleanUp
VidBitBlt
VidScreenToBufferBlt
VidBufferToScreenBlt
VidSolidColorFill
VidResetDisplay

ext-ms-win-ntos-clipsp-l1-1-0

ClipSpInitialize

kdcom

KdSetHiberRange
KdInitialize
KdSendPacket
KdReceivePacket
KdPower

ext-ms-win-ntos-kcminitcfg-l1-1-0

CmCompleteInitMachineConfig
CmSetInitMachineConfig

ext-ms-win-ntos-ksr-l1-1-4

KsrCleanupPageDatabase
KsrInitPageDatabase
KsrFreePersistedMemory
KsrInitSystem
KsrMdlToMemoryRuns
KsrFreePersistedMemoryBlock
KsrQueryMetadata
KsrEnumeratePersistedMemory
KsrGetFirmwareInformation
KsrClaimPersistedMemory
KsrPersistMemoryWithMetadata

ext-ms-win-ntos-trace-l1-1-0

TraceInitSystem

ext-ms-win-ntos-ksecurity-l1-1-1

QueryUpdateFileEaAllowedExt

ext-ms-win-ntos-werkernel-l1-1-1

WerLiveKernelCancelReport
WerLiveKernelSubmitReport
WerLiveKernelInitSystem
WerLiveKernelCreateReport
WerLiveKernelCloseHandle
WerLiveKernelOpenDumpFile

ext-ms-win-ntos-ucode-l1-1-0

ExpMicrocodeInformationLoad
ExpMicrocodeInformationUnload
ExpMicrocodeInitialization

ext-ms-win-ntos-runlevels-l1-1-0

ExpInitializeRunLevel0

ext-ms-win-ntos-stateseparation-l1-1-0

ExpInitializeStateSeparationPhase1
ExpInitializeStateSeparationPhase0
ExpInitializeStateSeparationPhase2

ext-ms-win-fs-clfs-l1-1-0

ClfsMgmtInstallPolicy
ClfsCloseLogFileObject
ClfsMgmtDeregisterManagedClient
ClfsMgmtRegisterManagedClient
ClfsCreateLogFile
ClfsGetLogFileInformation
ClfsReadRestartArea
ClfsLsnEqual
ClfsReadLogRecord
ClfsReadNextLogRecord
ClfsTerminateReadLog
ClfsWriteRestartArea
ClfsDeleteLogByPointer
ClfsDeleteMarshallingArea
ClfsReserveAndAppendLog
ClfsLsnInvalid
ClfsFlushToLsn
ClfsLsnContainer
ClfsLsnLess
ClfsCreateMarshallingArea
ClfsAddLogContainer
ClfsLsnDifference

ci

CiInitialize

msrpc.sys

MesIncrementalHandleReset
NdrMesTypeDecode3
MesEncodeIncrementalHandleCreate
NdrMesTypeEncode3
MesDecodeBufferHandleCreate
MesHandleFree
RpcExceptionFilter

cng.sys

BCryptExportKey

ext-ms-win-ntos-globmerger-l1-1-0

CimfsMountBootVolume

Exports

Exports

AlpcCreateSecurityContext
AlpcGetHeaderSize
AlpcGetMessageAttribute
AlpcInitializeMessageAttribute
AsanWrapperMemcmp
BgkDisplayCharacter
BgkGetConsoleState
BgkGetCursorState
BgkSetCursor
CarCopyRuleViolationDetails
CarCreateRuleViolationDetails
CarDeleteRuleViolationDetails
CarDeregisterRuleClassConfiguration
CarDeregisterRuleOverride
CarInitializeRuleViolationDetails
CarQueryReportAction
CarQueryReportActionForTriage
CarRegisterDefaultRuleClassConfiguration
CarRegisterRuleClassConfiguration
CarRegisterRuleOverride
CarRegisterRuleOverrideAllContexts
CarRegisterRuleOverridesAllContexts
CarReportRuleViolation
CarReportRuleViolationForTriage
CarSetCustomIdInRuleOverride
CarSetCustomRuleIdRange
CcAddDirtyPagesToExternalCache
CcAsyncCopyRead
CcCanIWrite
CcCoherencyFlushAndPurgeCache
CcCopyRead
CcCopyReadEx
CcCopyWrite
CcCopyWriteEx
CcCopyWriteWontFlush
CcDeductDirtyPagesFromExternalCache
CcDeferWrite
CcErrorCallbackRoutine
CcFastCopyRead
CcFastCopyWrite
CcFastMdlReadWait
CcFlushCache
CcFlushCacheToLsn
CcGetCachedDirtyPageCountForFile
CcGetDirtyPages
CcGetFileObjectFromBcb
CcGetFileObjectFromSectionPtrs
CcGetFileObjectFromSectionPtrsRef
CcGetFlushedValidData
CcGetLsnForFileObject
CcGetNumberOfMappedPages
CcInitializeCacheMap
CcInitializeCacheMapEx
CcInitializeCacheMapEx2
CcIsCacheManagerCallbackNeeded
CcIsThereDirtyData
CcIsThereDirtyDataEx
CcIsThereDirtyLoggedPages
CcMapData
CcMdlRead
CcMdlReadComplete
CcMdlWriteAbort
CcMdlWriteComplete
CcPinMappedData
CcPinRead
CcPrepareMdlWrite
CcPreparePinWrite
CcPurgeCacheSection
CcRegisterExternalCache
CcRemapBcb
CcRepinBcb
CcScheduleReadAhead
CcScheduleReadAheadEx
CcSetAdditionalCacheAttributes
CcSetAdditionalCacheAttributesEx
CcSetBcbOwnerPointer
CcSetDirtyPageThreshold
CcSetDirtyPinnedData
CcSetFileSizes
CcSetFileSizesEx
CcSetLogHandleForFile
CcSetLogHandleForFileEx
CcSetLoggedDataThreshold
CcSetParallelFlushFile
CcSetReadAheadGranularity
CcSetReadAheadGranularityEx
CcTestControl
CcUninitializeCacheMap
CcUnmapFileOffsetFromSystemCache
CcUnpinData
CcUnpinDataForThread
CcUnpinRepinnedBcb
CcUnregisterExternalCache
CcWaitForCurrentLazyWriterActivity
CcZeroData
CcZeroDataOnDisk
CmCallbackGetKeyObjectID
CmCallbackGetKeyObjectIDEx
CmCallbackReleaseKeyObjectIDEx
CmGetBoundTransaction
CmGetCallbackVersion
CmKeyObjectType
CmRegisterCallback
CmRegisterCallbackEx
CmRegisterMachineHiveLoadedNotification
CmSetCallbackObjectContext
CmUnRegisterCallback
CmUnregisterMachineHiveLoadedNotification
DbgBreakPoint
DbgBreakPointWithStatus
DbgCommandString
DbgLoadImageSymbols
DbgPrint
DbgPrintEx
DbgPrintReturnControlC
DbgPrompt
DbgQueryDebugFilterState
DbgSetDebugFilterState
DbgSetDebugPrintCallback
DbgkLkmdRegisterCallback
DbgkLkmdUnregisterCallback
DbgkWerCaptureLiveKernelDump
DbgkWerCaptureLiveKernelDump2
DifFindThreadContextData
DifGetPluginPerDriverData
DifPluginSimplePerfControl
DifPopThreadContextData
DifPushThreadContextData
DifRegisterPlugin
DifUtilDbgPrint
EmClientQueryRuleState
EmClientRuleDeregisterNotification
EmClientRuleEvaluate
EmClientRuleRegisterNotification
EmProviderDeregister
EmProviderDeregisterEntry
EmProviderRegister
EmProviderRegisterEntry
EmpProviderRegister
EtwActivityIdControl
EtwEnableTrace
EtwEventEnabled
EtwProviderEnabled
EtwRegister
EtwRegisterClassicProvider
EtwSendTraceBuffer
EtwSetInformation
EtwTelemetryCoverageReport
EtwUnregister
EtwWrite
EtwWriteEndScenario
EtwWriteEx
EtwWriteStartScenario
EtwWriteString
EtwWriteTransfer
EtwpDisableStackWalkApc
EtwpReenableStackWalkApc
ExAcquireAutoExpandPushLockExclusive
ExAcquireAutoExpandPushLockShared
ExAcquireCacheAwarePushLockExclusive
ExAcquireCacheAwarePushLockExclusiveEx
ExAcquireCacheAwarePushLockSharedEx
ExAcquireFastMutex
ExAcquireFastMutexUnsafe
ExAcquireFastResourceExclusive
ExAcquireFastResourceShared
ExAcquireFastResourceSharedStarveExclusive
ExAcquireFastResourceWithFlags
ExAcquirePushLockExclusiveEx
ExAcquirePushLockSharedEx
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
ExAcquireRundownProtection
ExAcquireRundownProtectionCacheAware
ExAcquireRundownProtectionCacheAwareEx
ExAcquireRundownProtectionEx
ExAcquireSharedStarveExclusive
ExAcquireSharedWaitForExclusive
ExAcquireSpinLockExclusive
ExAcquireSpinLockExclusiveAtDpcLevel
ExAcquireSpinLockShared
ExAcquireSpinLockSharedAtDpcLevel
ExActivationObjectType
ExAllocateAutoExpandPushLock
ExAllocateCacheAwarePushLock
ExAllocateCacheAwareRundownProtection
ExAllocateFromLookasideListEx
ExAllocateFromNPagedLookasideList
ExAllocateFromPagedLookasideList
ExAllocatePool
ExAllocatePool2
ExAllocatePool3
ExAllocatePoolWithQuota
ExAllocatePoolWithQuotaTag
ExAllocatePoolWithTag
ExAllocatePoolWithTagPriority
ExAllocateTimer
ExBlockOnAddressPushLock
ExBlockPushLock
ExCancelDpcEventWait
ExCancelTimer
ExCleanupAutoExpandPushLock
ExCleanupRundownProtectionCacheAware
ExCompositionObjectType
ExConvertExclusiveToSharedLite
ExConvertFastResourceExclusiveToShared
ExConvertPushLockExclusiveToShared
ExCoreMessagingObjectType
ExCreateCallback
ExCreateDpcEvent
ExCreatePool
ExDeleteDpcEvent
ExDeleteFastResource
ExDeleteLookasideListEx
ExDeleteNPagedLookasideList
ExDeletePagedLookasideList
ExDeleteResourceLite
ExDeleteTimer
ExDesktopObjectType
ExDestroyPool
ExDisableResourceBoostLite
ExDisownFastResource
ExEnterCriticalRegionAndAcquireFastMutexUnsafe
ExEnterCriticalRegionAndAcquireResourceExclusive
ExEnterCriticalRegionAndAcquireResourceShared
ExEnterCriticalRegionAndAcquireSharedWaitForExclusive
ExEnterPriorityRegionAndAcquireResourceExclusive
ExEnterPriorityRegionAndAcquireResourceShared
ExEnumHandleTable
ExEnumerateSystemFirmwareTables
ExEventObjectType
ExExtendZone
ExFetchLicenseData
ExFlushLookasideListEx
ExFreeAutoExpandPushLock
ExFreeCacheAwarePushLock
ExFreeCacheAwareRundownProtection
ExFreePool
ExFreePool2
ExFreePoolWithTag
ExFreeToLookasideListEx
ExFreeToNPagedLookasideList
ExFreeToPagedLookasideList
ExGetCurrentProcessorCounts
ExGetCurrentProcessorCpuUsage
ExGetExclusiveWaiterCount
ExGetFirmwareEnvironmentVariable
ExGetFirmwareType
ExGetLicenseTamperState
ExGetPreviousMode
ExGetSharedWaiterCount
ExGetSystemFirmwareTable
ExInitializeAutoExpandPushLock
ExInitializeDeviceAts
ExInitializeFastOwnerEntry
ExInitializeFastResource
ExInitializeFastResourceAcquired
ExInitializeLookasideListEx
ExInitializeNPagedLookasideList
ExInitializePagedLookasideList
ExInitializePushLock
ExInitializeResourceLite
ExInitializeRundownProtection
ExInitializeRundownProtectionCacheAware
ExInitializeRundownProtectionCacheAwareEx
ExInitializeZone
ExInterlockedAddLargeInteger
ExInterlockedAddUlong
ExInterlockedExtendZone
ExInterlockedInsertHeadList
ExInterlockedInsertTailList
ExInterlockedPopEntryList
ExInterlockedPushEntryList
ExInterlockedRemoveHeadList
ExIsFastResourceContended
ExIsFastResourceHeld
ExIsFastResourceHeldExclusive
ExIsManufacturingModeEnabled
ExIsProcessorFeaturePresent
ExIsResourceAcquiredExclusiveLite
ExIsResourceAcquiredSharedLite
ExIsSoftBoot
ExLocalTimeToSystemTime
ExMoveFastResourceOwnershipWithFlags
ExNotifyBootDeviceRemoval
ExNotifyCallback
ExQueryDepthSList
ExQueryFastCacheDevLicense
ExQueryPoolBlockSize
ExQueryTimerResolution
ExQueryWnfStateData
ExQueueDpcEventWait
ExQueueWorkItem
ExRaiseAccessViolation
ExRaiseDatatypeMisalignment
ExRaiseException
ExRaiseHardError
ExRaiseStatus
ExRawInputManagerObjectType
ExReInitializeRundownProtection
ExReInitializeRundownProtectionCacheAware
ExRealTimeIsUniversal
ExRegisterBootDevice
ExRegisterCallback
ExRegisterExtension
ExReinitializeFastResource
ExReinitializeResourceLite
ExReleaseAutoExpandPushLockExclusive
ExReleaseAutoExpandPushLockShared
ExReleaseCacheAwarePushLockExclusive
ExReleaseCacheAwarePushLockExclusiveEx
ExReleaseCacheAwarePushLockSharedEx
ExReleaseDisownedFastResource
ExReleaseDisownedFastResourceExclusive
ExReleaseDisownedFastResourceShared
ExReleaseFastMutex
ExReleaseFastMutexUnsafe
ExReleaseFastMutexUnsafeAndLeaveCriticalRegion
ExReleaseFastResource
ExReleaseFastResourceExclusive
ExReleaseFastResourceShared
ExReleasePushLockEx
ExReleasePushLockExclusiveEx
ExReleasePushLockSharedEx
ExReleaseResourceAndLeaveCriticalRegion
ExReleaseResourceAndLeavePriorityRegion
ExReleaseResourceForThreadLite
ExReleaseResourceLite
ExReleaseRundownProtection
ExReleaseRundownProtectionCacheAware
ExReleaseRundownProtectionCacheAwareEx
ExReleaseRundownProtectionEx
ExReleaseSpinLockExclusive
ExReleaseSpinLockExclusiveFromDpcLevel
ExReleaseSpinLockShared
ExReleaseSpinLockSharedFromDpcLevel
ExRundownCompleted
ExRundownCompletedCacheAware
ExSecurePoolUpdate
ExSecurePoolValidate
ExSemaphoreObjectType
ExSetFirmwareEnvironmentVariable
ExSetLicenseTamperState
ExSetResourceOwnerPointer
ExSetResourceOwnerPointerEx
ExSetTimer
ExSetTimerResolution
ExShareAddressSpaceWithDevice
ExShareUltraSpaceWithDevice
ExSizeOfAutoExpandPushLock
ExSizeOfRundownProtectionCacheAware
ExSubscribeWnfStateChange
ExSvmBeginDeviceReset
ExSvmFinalizeDeviceReset
ExSystemExceptionFilter
ExSystemTimeToLocalTime
ExTimedWaitForUnblockPushLock
ExTimerObjectType
ExTryAcquireAutoExpandPushLockExclusive
ExTryAcquireAutoExpandPushLockShared
ExTryAcquireCacheAwarePushLockExclusiveEx
ExTryAcquireCacheAwarePushLockSharedEx
ExTryAcquirePushLockExclusiveEx
ExTryAcquirePushLockSharedEx
ExTryAcquireSpinLockExclusiveAtDpcLevel
ExTryAcquireSpinLockSharedAtDpcLevel
ExTryConvertPushLockSharedToExclusiveEx
ExTryConvertSharedSpinLockExclusive
ExTryQueueWorkItem
ExTryToAcquireFastMutex
ExTryToAcquireResourceExclusiveLite
ExTryToConvertFastResourceSharedToExclusive
ExUnblockOnAddressPushLockEx
ExUnblockPushLockEx
ExUnregisterCallback
ExUnregisterExtension
ExUnsubscribeWnfStateChange
ExUpdateLicenseData
ExUuidCreate
ExVerifySuite
ExWaitForRundownProtectionRelease
ExWaitForRundownProtectionReleaseCacheAware
ExWaitForUnblockPushLock
ExWindowStationObjectType
ExfAcquirePushLockExclusive
ExfAcquirePushLockShared
ExfReleasePushLock
ExfReleasePushLockExclusive
ExfReleasePushLockShared
ExfTryAcquirePushLockShared
ExfTryToWakePushLock
ExfUnblockPushLock
ExpInterlockedFlushSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
FirstEntrySList
FsRtlAcknowledgeEcp
FsRtlAcquireEofLock
FsRtlAcquireFileExclusive
FsRtlAcquireHeaderMutex
FsRtlAddBaseMcbEntry
FsRtlAddBaseMcbEntryEx
FsRtlAddLargeMcbEntry
FsRtlAddMcbEntry
FsRtlAddToTunnelCache
FsRtlAddToTunnelCacheEx
FsRtlAllocateAePushLock
FsRtlAllocateExtraCreateParameter
FsRtlAllocateExtraCreateParameterFromLookasideList
FsRtlAllocateExtraCreateParameterList
FsRtlAllocateFileLock
FsRtlAllocatePool
FsRtlAllocatePoolWithQuota
FsRtlAllocatePoolWithQuotaTag
FsRtlAllocatePoolWithTag
FsRtlAllocateResource
FsRtlAreNamesEqual
FsRtlAreThereCurrentOrInProgressFileLocks
FsRtlAreThereWaitingFileLocks
FsRtlAreVolumeStartupApplicationsComplete
FsRtlBalanceReads
FsRtlCancellableWaitForMultipleObjects
FsRtlCancellableWaitForSingleObject
FsRtlChangeBackingFileObject
FsRtlCheckLockForOplockRequest
FsRtlCheckLockForReadAccess
FsRtlCheckLockForWriteAccess
FsRtlCheckOplock
FsRtlCheckOplockEx
FsRtlCheckOplockEx2
FsRtlCheckOplockForFsFilterCallback
FsRtlCheckUpperOplock
FsRtlCopyRead
FsRtlCopyWrite
FsRtlCreateSectionForDataScan
FsRtlCurrentBatchOplock
FsRtlCurrentOplock
FsRtlCurrentOplockH
FsRtlDedupChangeInit
FsRtlDedupChangeLogOverwriteOrFree
FsRtlDedupChangeLogWrite
FsRtlDedupChangeUninit
FsRtlDeleteExtraCreateParameterLookasideList
FsRtlDeleteKeyFromTunnelCache
FsRtlDeleteTunnelCache
FsRtlDeregisterUncProvider
FsRtlDisallowLegacyFilterOnDevice
FsRtlDismountComplete
FsRtlDissectDbcs
FsRtlDissectName
FsRtlDoesDbcsContainWildCards
FsRtlDoesNameContainWildCards
FsRtlFastCheckLockForRead
FsRtlFastCheckLockForWrite
FsRtlFastUnlockAll
FsRtlFastUnlockAllByKey
FsRtlFastUnlockSingle
FsRtlFindExtraCreateParameter
FsRtlFindInTunnelCache
FsRtlFindInTunnelCacheEx
FsRtlFreeAePushLock
FsRtlFreeExtraCreateParameter
FsRtlFreeExtraCreateParameterList
FsRtlFreeFileLock
FsRtlGetCurrentProcessLoaderList
FsRtlGetEcpListFromIrp
FsRtlGetFileNameInformation
FsRtlGetFileSize
FsRtlGetIoAtEof
FsRtlGetNextBaseMcbEntry
FsRtlGetNextExtraCreateParameter
FsRtlGetNextFileLock
FsRtlGetNextLargeMcbEntry
FsRtlGetNextMcbEntry
FsRtlGetSectorSizeInformation
FsRtlGetSupportedFeatures
FsRtlGetVirtualDiskNestingLevel
FsRtlHeatInit
FsRtlHeatLogIo
FsRtlHeatLogTierMove
FsRtlHeatUninit
FsRtlIncrementCcFastMdlReadWait
FsRtlIncrementCcFastReadNoWait
FsRtlIncrementCcFastReadNotPossible
FsRtlIncrementCcFastReadResourceMiss
FsRtlIncrementCcFastReadWait
FsRtlInitExtraCreateParameterLookasideList
FsRtlInitializeBaseMcb
FsRtlInitializeBaseMcbEx
FsRtlInitializeEofLock
FsRtlInitializeExtraCreateParameter
FsRtlInitializeExtraCreateParameterList
FsRtlInitializeFileLock
FsRtlInitializeLargeMcb
FsRtlInitializeMcb
FsRtlInitializeOplock
FsRtlInitializeTunnelCache
FsRtlInsertExtraCreateParameter
FsRtlInsertPerFileContext
FsRtlInsertPerFileObjectContext

Sections

.rdata
Size: 680KB - Virtual size: 676KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 392KB - Virtual size: 389KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PROTDATA
Size: 4KB - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

GFIDS
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Pad1
Size: - Virtual size: 804KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGELK
Size: 152KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

POOLCODE
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEKD
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEVRFY
Size: 200KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEHDLS
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEBGFX
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRACESUP
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGECMRC
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

KVASCODE
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RETPOL
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INITKDBG
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

MINIEX
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 580KB - Virtual size: 577KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Pad2
Size: - Virtual size: 940KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ALMOSTRO
Size: 8KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CACHEALI
Size: 4KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEDATA
Size: 8KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEVRFD
Size: 40KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INITDATA
Size: 4KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Pad3
Size: - Virtual size: 396KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CFGRO
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Pad4
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ntoskrnl.exe
.sys windows:10 windows x64 arch:x64

8a6a24dc179d1d583e1d3b5fddaea3d6

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:23:77:d9:50:ef:76:10:0d:a3:b9:d2:2c:b0:bb:0d:8d:29:9c:e5:14:08:99:ed:d8:66:c8:c9:fd:c3:7d:14
Signer

Actual PE Digest

11:23:77:d9:50:ef:76:10:0d:a3:b9:d2:2c:b0:bb:0d:8d:29:9c:e5:14:08:99:ed:d8:66:c8:c9:fd:c3:7d:14

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ntkrnlmp.pdb

Imports

ext-ms-win-ntos-processparameters-l1-1-0

PsDestroyProcessParameterOverrides
PsGetProcessParameterOverrides

ext-ms-win-ntos-tm-l1-1-0

TmIsKTMCommitCoordinator
TmInitializeTransactionManager
TmGetTransactionId
TmFreezeTransactions
TmEndPropagationRequest
TmEnableCallbacks
TmDereferenceEnlistmentKey
TmCurrentTransaction
TmCreateEnlistment
TmCommitTransaction
TmCommitEnlistment
TmCommitComplete
TmCancelPropagationRequest
NtThawTransactions
NtSetInformationTransaction
NtSetInformationResourceManager
NtSetInformationEnlistment
NtRollbackTransaction
NtRollbackEnlistment
NtRollbackComplete
NtRecoverTransactionManager
NtRecoverResourceManager
NtRecoverEnlistment
NtRegisterProtocolAddressInformation
TmIsTransactionActive
TmInitSystemPhase2
TmInitSystem
NtCommitComplete
NtCommitEnlistment
TmPrePrepareComplete
TmRecoverEnlistment
TmRecoverResourceManager
TmRecoverTransactionManager
TmReferenceEnlistmentKey
TmRenameTransactionManager
TmRequestOutcomeEnlistment
TmRollbackComplete
TmRollbackEnlistment
TmRollbackTransaction
TmSetCurrentTransaction
TmSinglePhaseReject
NtCommitTransaction
TmShutdownSystem
NtRollforwardTransactionManager
NtSinglePhaseReject
NtCreateEnlistment
NtCreateResourceManager
NtSetInformationTransactionManager
NtRenameTransactionManager
NtCreateTransaction
TmThawTransactions
NtCreateTransactionManager
NtEnumerateTransactionObject
NtFreezeTransactions
NtGetNotificationResourceManager
NtOpenEnlistment
NtOpenResourceManager
NtOpenTransaction
NtOpenTransactionManager
NtPrePrepareComplete
TmPrePrepareEnlistment
TmPrepareComplete
TmPrepareEnlistment
TmPropagationComplete
TmReadOnlyEnlistment
TmPropagationFailed
NtReadOnlyEnlistment
NtQueryInformationTransactionManager
NtQueryInformationTransaction
NtQueryInformationResourceManager
NtQueryInformationEnlistment
NtPropagationFailed
NtPropagationComplete
NtPrepareEnlistment
NtPrepareComplete
NtPrePrepareEnlistment

pshed

PshedGetBootErrorPacket
PshedInitialize
PshedGetAllErrorSources
PshedAttemptErrorRecovery
PshedWriteErrorRecord
PshedBugCheckSystem
PshedFreeMemory
PshedDoPluginCtl
PshedAllocateMemory
PshedDoPfa
PshedEnableErrorSource
PshedGetInjectionCapabilities
PshedInjectError
PshedSetErrorSourceInfo
PshedSetHalEnlightenments
PshedMarkHiberPhase
PshedInitProc
PshedIsSystemWheaEnabled
PshedClearErrorRecord
PshedArePluginsPresent
PshedReadErrorRecord
PshedInitGlobal
PshedDisableErrorSource
PshedInitAvailable
PshedGetErrorSourceInfo
PshedFinalizeErrorRecord
PshedRetrieveErrorInfo

bootvid

VidInitialize
VidBitBltEx
VidDisplayString
VidSetScrollRegion
VidSetTextColor
VidCleanUp
VidBitBlt
VidScreenToBufferBlt
VidBufferToScreenBlt
VidSolidColorFill
VidResetDisplay

ext-ms-win-ntos-clipsp-l1-1-0

ClipSpInitialize

kdcom

KdSetHiberRange
KdInitialize
KdSendPacket
KdReceivePacket
KdPower

ext-ms-win-ntos-kcminitcfg-l1-1-0

CmCompleteInitMachineConfig
CmSetInitMachineConfig

ext-ms-win-ntos-ksr-l1-1-4

KsrCleanupPageDatabase
KsrInitPageDatabase
KsrFreePersistedMemory
KsrInitSystem
KsrMdlToMemoryRuns
KsrFreePersistedMemoryBlock
KsrQueryMetadata
KsrEnumeratePersistedMemory
KsrGetFirmwareInformation
KsrClaimPersistedMemory
KsrPersistMemoryWithMetadata

ext-ms-win-ntos-trace-l1-1-0

TraceInitSystem

ext-ms-win-ntos-ksecurity-l1-1-1

QueryUpdateFileEaAllowedExt

ext-ms-win-ntos-werkernel-l1-1-1

WerLiveKernelCancelReport
WerLiveKernelSubmitReport
WerLiveKernelInitSystem
WerLiveKernelCreateReport
WerLiveKernelCloseHandle
WerLiveKernelOpenDumpFile

ext-ms-win-ntos-ucode-l1-1-0

ExpMicrocodeInformationLoad
ExpMicrocodeInformationUnload
ExpMicrocodeInitialization

ext-ms-win-ntos-runlevels-l1-1-0

ExpInitializeRunLevel0

ext-ms-win-ntos-stateseparation-l1-1-0

ExpInitializeStateSeparationPhase1
ExpInitializeStateSeparationPhase0
ExpInitializeStateSeparationPhase2

ext-ms-win-fs-clfs-l1-1-0

ClfsMgmtInstallPolicy
ClfsCloseLogFileObject
ClfsMgmtDeregisterManagedClient
ClfsMgmtRegisterManagedClient
ClfsCreateLogFile
ClfsGetLogFileInformation
ClfsReadRestartArea
ClfsLsnEqual
ClfsReadLogRecord
ClfsReadNextLogRecord
ClfsTerminateReadLog
ClfsWriteRestartArea
ClfsDeleteLogByPointer
ClfsDeleteMarshallingArea
ClfsReserveAndAppendLog
ClfsLsnInvalid
ClfsFlushToLsn
ClfsLsnContainer
ClfsLsnLess
ClfsCreateMarshallingArea
ClfsAddLogContainer
ClfsLsnDifference

ci

CiInitialize

msrpc.sys

MesIncrementalHandleReset
NdrMesTypeDecode3
MesEncodeIncrementalHandleCreate
NdrMesTypeEncode3
MesDecodeBufferHandleCreate
MesHandleFree
RpcExceptionFilter

cng.sys

BCryptExportKey

ext-ms-win-ntos-globmerger-l1-1-0

CimfsMountBootVolume

Exports

Exports

AlpcCreateSecurityContext
AlpcGetHeaderSize
AlpcGetMessageAttribute
AlpcInitializeMessageAttribute
AsanWrapperMemcmp
BgkDisplayCharacter
BgkGetConsoleState
BgkGetCursorState
BgkSetCursor
CarCopyRuleViolationDetails
CarCreateRuleViolationDetails
CarDeleteRuleViolationDetails
CarDeregisterRuleClassConfiguration
CarDeregisterRuleOverride
CarInitializeRuleViolationDetails
CarQueryReportAction
CarQueryReportActionForTriage
CarRegisterDefaultRuleClassConfiguration
CarRegisterRuleClassConfiguration
CarRegisterRuleOverride
CarRegisterRuleOverrideAllContexts
CarRegisterRuleOverridesAllContexts
CarReportRuleViolation
CarReportRuleViolationForTriage
CarSetCustomIdInRuleOverride
CarSetCustomRuleIdRange
CcAddDirtyPagesToExternalCache
CcAsyncCopyRead
CcCanIWrite
CcCoherencyFlushAndPurgeCache
CcCopyRead
CcCopyReadEx
CcCopyWrite
CcCopyWriteEx
CcCopyWriteWontFlush
CcDeductDirtyPagesFromExternalCache
CcDeferWrite
CcErrorCallbackRoutine
CcFastCopyRead
CcFastCopyWrite
CcFastMdlReadWait
CcFlushCache
CcFlushCacheToLsn
CcGetCachedDirtyPageCountForFile
CcGetDirtyPages
CcGetFileObjectFromBcb
CcGetFileObjectFromSectionPtrs
CcGetFileObjectFromSectionPtrsRef
CcGetFlushedValidData
CcGetLsnForFileObject
CcGetNumberOfMappedPages
CcInitializeCacheMap
CcInitializeCacheMapEx
CcInitializeCacheMapEx2
CcIsCacheManagerCallbackNeeded
CcIsThereDirtyData
CcIsThereDirtyDataEx
CcIsThereDirtyLoggedPages
CcMapData
CcMdlRead
CcMdlReadComplete
CcMdlWriteAbort
CcMdlWriteComplete
CcPinMappedData
CcPinRead
CcPrepareMdlWrite
CcPreparePinWrite
CcPurgeCacheSection
CcRegisterExternalCache
CcRemapBcb
CcRepinBcb
CcScheduleReadAhead
CcScheduleReadAheadEx
CcSetAdditionalCacheAttributes
CcSetAdditionalCacheAttributesEx
CcSetBcbOwnerPointer
CcSetDirtyPageThreshold
CcSetDirtyPinnedData
CcSetFileSizes
CcSetFileSizesEx
CcSetLogHandleForFile
CcSetLogHandleForFileEx
CcSetLoggedDataThreshold
CcSetParallelFlushFile
CcSetReadAheadGranularity
CcSetReadAheadGranularityEx
CcTestControl
CcUninitializeCacheMap
CcUnmapFileOffsetFromSystemCache
CcUnpinData
CcUnpinDataForThread
CcUnpinRepinnedBcb
CcUnregisterExternalCache
CcWaitForCurrentLazyWriterActivity
CcZeroData
CcZeroDataOnDisk
CmCallbackGetKeyObjectID
CmCallbackGetKeyObjectIDEx
CmCallbackReleaseKeyObjectIDEx
CmGetBoundTransaction
CmGetCallbackVersion
CmKeyObjectType
CmRegisterCallback
CmRegisterCallbackEx
CmRegisterMachineHiveLoadedNotification
CmSetCallbackObjectContext
CmUnRegisterCallback
CmUnregisterMachineHiveLoadedNotification
DbgBreakPoint
DbgBreakPointWithStatus
DbgCommandString
DbgLoadImageSymbols
DbgPrint
DbgPrintEx
DbgPrintReturnControlC
DbgPrompt
DbgQueryDebugFilterState
DbgSetDebugFilterState
DbgSetDebugPrintCallback
DbgkLkmdRegisterCallback
DbgkLkmdUnregisterCallback
DbgkWerCaptureLiveKernelDump
DbgkWerCaptureLiveKernelDump2
DifFindThreadContextData
DifGetPluginPerDriverData
DifPluginSimplePerfControl
DifPopThreadContextData
DifPushThreadContextData
DifRegisterPlugin
DifUtilDbgPrint
EmClientQueryRuleState
EmClientRuleDeregisterNotification
EmClientRuleEvaluate
EmClientRuleRegisterNotification
EmProviderDeregister
EmProviderDeregisterEntry
EmProviderRegister
EmProviderRegisterEntry
EmpProviderRegister
EtwActivityIdControl
EtwEnableTrace
EtwEventEnabled
EtwProviderEnabled
EtwRegister
EtwRegisterClassicProvider
EtwSendTraceBuffer
EtwSetInformation
EtwTelemetryCoverageReport
EtwUnregister
EtwWrite
EtwWriteEndScenario
EtwWriteEx
EtwWriteStartScenario
EtwWriteString
EtwWriteTransfer
EtwpDisableStackWalkApc
EtwpReenableStackWalkApc
ExAcquireAutoExpandPushLockExclusive
ExAcquireAutoExpandPushLockShared
ExAcquireCacheAwarePushLockExclusive
ExAcquireCacheAwarePushLockExclusiveEx
ExAcquireCacheAwarePushLockSharedEx
ExAcquireFastMutex
ExAcquireFastMutexUnsafe
ExAcquireFastResourceExclusive
ExAcquireFastResourceShared
ExAcquireFastResourceSharedStarveExclusive
ExAcquireFastResourceWithFlags
ExAcquirePushLockExclusiveEx
ExAcquirePushLockSharedEx
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
ExAcquireRundownProtection
ExAcquireRundownProtectionCacheAware
ExAcquireRundownProtectionCacheAwareEx
ExAcquireRundownProtectionEx
ExAcquireSharedStarveExclusive
ExAcquireSharedWaitForExclusive
ExAcquireSpinLockExclusive
ExAcquireSpinLockExclusiveAtDpcLevel
ExAcquireSpinLockShared
ExAcquireSpinLockSharedAtDpcLevel
ExActivationObjectType
ExAllocateAutoExpandPushLock
ExAllocateCacheAwarePushLock
ExAllocateCacheAwareRundownProtection
ExAllocateFromLookasideListEx
ExAllocateFromNPagedLookasideList
ExAllocateFromPagedLookasideList
ExAllocatePool
ExAllocatePool2
ExAllocatePool3
ExAllocatePoolWithQuota
ExAllocatePoolWithQuotaTag
ExAllocatePoolWithTag
ExAllocatePoolWithTagPriority
ExAllocateTimer
ExBlockOnAddressPushLock
ExBlockPushLock
ExCancelDpcEventWait
ExCancelTimer
ExCleanupAutoExpandPushLock
ExCleanupRundownProtectionCacheAware
ExCompositionObjectType
ExConvertExclusiveToSharedLite
ExConvertFastResourceExclusiveToShared
ExConvertPushLockExclusiveToShared
ExCoreMessagingObjectType
ExCreateCallback
ExCreateDpcEvent
ExCreatePool
ExDeleteDpcEvent
ExDeleteFastResource
ExDeleteLookasideListEx
ExDeleteNPagedLookasideList
ExDeletePagedLookasideList
ExDeleteResourceLite
ExDeleteTimer
ExDesktopObjectType
ExDestroyPool
ExDisableResourceBoostLite
ExDisownFastResource
ExEnterCriticalRegionAndAcquireFastMutexUnsafe
ExEnterCriticalRegionAndAcquireResourceExclusive
ExEnterCriticalRegionAndAcquireResourceShared
ExEnterCriticalRegionAndAcquireSharedWaitForExclusive
ExEnterPriorityRegionAndAcquireResourceExclusive
ExEnterPriorityRegionAndAcquireResourceShared
ExEnumHandleTable
ExEnumerateSystemFirmwareTables
ExEventObjectType
ExExtendZone
ExFetchLicenseData
ExFlushLookasideListEx
ExFreeAutoExpandPushLock
ExFreeCacheAwarePushLock
ExFreeCacheAwareRundownProtection
ExFreePool
ExFreePool2
ExFreePoolWithTag
ExFreeToLookasideListEx
ExFreeToNPagedLookasideList
ExFreeToPagedLookasideList
ExGetCurrentProcessorCounts
ExGetCurrentProcessorCpuUsage
ExGetExclusiveWaiterCount
ExGetFirmwareEnvironmentVariable
ExGetFirmwareType
ExGetLicenseTamperState
ExGetPreviousMode
ExGetSharedWaiterCount
ExGetSystemFirmwareTable
ExInitializeAutoExpandPushLock
ExInitializeDeviceAts
ExInitializeFastOwnerEntry
ExInitializeFastResource
ExInitializeFastResourceAcquired
ExInitializeLookasideListEx
ExInitializeNPagedLookasideList
ExInitializePagedLookasideList
ExInitializePushLock
ExInitializeResourceLite
ExInitializeRundownProtection
ExInitializeRundownProtectionCacheAware
ExInitializeRundownProtectionCacheAwareEx
ExInitializeZone
ExInterlockedAddLargeInteger
ExInterlockedAddUlong
ExInterlockedExtendZone
ExInterlockedInsertHeadList
ExInterlockedInsertTailList
ExInterlockedPopEntryList
ExInterlockedPushEntryList
ExInterlockedRemoveHeadList
ExIsFastResourceContended
ExIsFastResourceHeld
ExIsFastResourceHeldExclusive
ExIsManufacturingModeEnabled
ExIsProcessorFeaturePresent
ExIsResourceAcquiredExclusiveLite
ExIsResourceAcquiredSharedLite
ExIsSoftBoot
ExLocalTimeToSystemTime
ExMoveFastResourceOwnershipWithFlags
ExNotifyBootDeviceRemoval
ExNotifyCallback
ExQueryDepthSList
ExQueryFastCacheDevLicense
ExQueryPoolBlockSize
ExQueryTimerResolution
ExQueryWnfStateData
ExQueueDpcEventWait
ExQueueWorkItem
ExRaiseAccessViolation
ExRaiseDatatypeMisalignment
ExRaiseException
ExRaiseHardError
ExRaiseStatus
ExRawInputManagerObjectType
ExReInitializeRundownProtection
ExReInitializeRundownProtectionCacheAware
ExRealTimeIsUniversal
ExRegisterBootDevice
ExRegisterCallback
ExRegisterExtension
ExReinitializeFastResource
ExReinitializeResourceLite
ExReleaseAutoExpandPushLockExclusive
ExReleaseAutoExpandPushLockShared
ExReleaseCacheAwarePushLockExclusive
ExReleaseCacheAwarePushLockExclusiveEx
ExReleaseCacheAwarePushLockSharedEx
ExReleaseDisownedFastResource
ExReleaseDisownedFastResourceExclusive
ExReleaseDisownedFastResourceShared
ExReleaseFastMutex
ExReleaseFastMutexUnsafe
ExReleaseFastMutexUnsafeAndLeaveCriticalRegion
ExReleaseFastResource
ExReleaseFastResourceExclusive
ExReleaseFastResourceShared
ExReleasePushLockEx
ExReleasePushLockExclusiveEx
ExReleasePushLockSharedEx
ExReleaseResourceAndLeaveCriticalRegion
ExReleaseResourceAndLeavePriorityRegion
ExReleaseResourceForThreadLite
ExReleaseResourceLite
ExReleaseRundownProtection
ExReleaseRundownProtectionCacheAware
ExReleaseRundownProtectionCacheAwareEx
ExReleaseRundownProtectionEx
ExReleaseSpinLockExclusive
ExReleaseSpinLockExclusiveFromDpcLevel
ExReleaseSpinLockShared
ExReleaseSpinLockSharedFromDpcLevel
ExRundownCompleted
ExRundownCompletedCacheAware
ExSecurePoolUpdate
ExSecurePoolValidate
ExSemaphoreObjectType
ExSetFirmwareEnvironmentVariable
ExSetLicenseTamperState
ExSetResourceOwnerPointer
ExSetResourceOwnerPointerEx
ExSetTimer
ExSetTimerResolution
ExShareAddressSpaceWithDevice
ExShareUltraSpaceWithDevice
ExSizeOfAutoExpandPushLock
ExSizeOfRundownProtectionCacheAware
ExSubscribeWnfStateChange
ExSvmBeginDeviceReset
ExSvmFinalizeDeviceReset
ExSystemExceptionFilter
ExSystemTimeToLocalTime
ExTimedWaitForUnblockPushLock
ExTimerObjectType
ExTryAcquireAutoExpandPushLockExclusive
ExTryAcquireAutoExpandPushLockShared
ExTryAcquireCacheAwarePushLockExclusiveEx
ExTryAcquireCacheAwarePushLockSharedEx
ExTryAcquirePushLockExclusiveEx
ExTryAcquirePushLockSharedEx
ExTryAcquireSpinLockExclusiveAtDpcLevel
ExTryAcquireSpinLockSharedAtDpcLevel
ExTryConvertPushLockSharedToExclusiveEx
ExTryConvertSharedSpinLockExclusive
ExTryQueueWorkItem
ExTryToAcquireFastMutex
ExTryToAcquireResourceExclusiveLite
ExTryToConvertFastResourceSharedToExclusive
ExUnblockOnAddressPushLockEx
ExUnblockPushLockEx
ExUnregisterCallback
ExUnregisterExtension
ExUnsubscribeWnfStateChange
ExUpdateLicenseData
ExUuidCreate
ExVerifySuite
ExWaitForRundownProtectionRelease
ExWaitForRundownProtectionReleaseCacheAware
ExWaitForUnblockPushLock
ExWindowStationObjectType
ExfAcquirePushLockExclusive
ExfAcquirePushLockShared
ExfReleasePushLock
ExfReleasePushLockExclusive
ExfReleasePushLockShared
ExfTryAcquirePushLockShared
ExfTryToWakePushLock
ExfUnblockPushLock
ExpInterlockedFlushSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
FirstEntrySList
FsRtlAcknowledgeEcp
FsRtlAcquireEofLock
FsRtlAcquireFileExclusive
FsRtlAcquireHeaderMutex
FsRtlAddBaseMcbEntry
FsRtlAddBaseMcbEntryEx
FsRtlAddLargeMcbEntry
FsRtlAddMcbEntry
FsRtlAddToTunnelCache
FsRtlAddToTunnelCacheEx
FsRtlAllocateAePushLock
FsRtlAllocateExtraCreateParameter
FsRtlAllocateExtraCreateParameterFromLookasideList
FsRtlAllocateExtraCreateParameterList
FsRtlAllocateFileLock
FsRtlAllocatePool
FsRtlAllocatePoolWithQuota
FsRtlAllocatePoolWithQuotaTag
FsRtlAllocatePoolWithTag
FsRtlAllocateResource
FsRtlAreNamesEqual
FsRtlAreThereCurrentOrInProgressFileLocks
FsRtlAreThereWaitingFileLocks
FsRtlAreVolumeStartupApplicationsComplete
FsRtlBalanceReads
FsRtlCancellableWaitForMultipleObjects
FsRtlCancellableWaitForSingleObject
FsRtlChangeBackingFileObject
FsRtlCheckLockForOplockRequest
FsRtlCheckLockForReadAccess
FsRtlCheckLockForWriteAccess
FsRtlCheckOplock
FsRtlCheckOplockEx
FsRtlCheckOplockEx2
FsRtlCheckOplockForFsFilterCallback
FsRtlCheckUpperOplock
FsRtlCopyRead
FsRtlCopyWrite
FsRtlCreateSectionForDataScan
FsRtlCurrentBatchOplock
FsRtlCurrentOplock
FsRtlCurrentOplockH
FsRtlDedupChangeInit
FsRtlDedupChangeLogOverwriteOrFree
FsRtlDedupChangeLogWrite
FsRtlDedupChangeUninit
FsRtlDeleteExtraCreateParameterLookasideList
FsRtlDeleteKeyFromTunnelCache
FsRtlDeleteTunnelCache
FsRtlDeregisterUncProvider
FsRtlDisallowLegacyFilterOnDevice
FsRtlDismountComplete
FsRtlDissectDbcs
FsRtlDissectName
FsRtlDoesDbcsContainWildCards
FsRtlDoesNameContainWildCards
FsRtlFastCheckLockForRead
FsRtlFastCheckLockForWrite
FsRtlFastUnlockAll
FsRtlFastUnlockAllByKey
FsRtlFastUnlockSingle
FsRtlFindExtraCreateParameter
FsRtlFindInTunnelCache
FsRtlFindInTunnelCacheEx
FsRtlFreeAePushLock
FsRtlFreeExtraCreateParameter
FsRtlFreeExtraCreateParameterList
FsRtlFreeFileLock
FsRtlGetCurrentProcessLoaderList
FsRtlGetEcpListFromIrp
FsRtlGetFileNameInformation
FsRtlGetFileSize
FsRtlGetIoAtEof
FsRtlGetNextBaseMcbEntry
FsRtlGetNextExtraCreateParameter
FsRtlGetNextFileLock
FsRtlGetNextLargeMcbEntry
FsRtlGetNextMcbEntry
FsRtlGetSectorSizeInformation
FsRtlGetSupportedFeatures
FsRtlGetVirtualDiskNestingLevel
FsRtlHeatInit
FsRtlHeatLogIo
FsRtlHeatLogTierMove
FsRtlHeatUninit
FsRtlIncrementCcFastMdlReadWait
FsRtlIncrementCcFastReadNoWait
FsRtlIncrementCcFastReadNotPossible
FsRtlIncrementCcFastReadResourceMiss
FsRtlIncrementCcFastReadWait
FsRtlInitExtraCreateParameterLookasideList
FsRtlInitializeBaseMcb
FsRtlInitializeBaseMcbEx
FsRtlInitializeEofLock
FsRtlInitializeExtraCreateParameter
FsRtlInitializeExtraCreateParameterList
FsRtlInitializeFileLock
FsRtlInitializeLargeMcb
FsRtlInitializeMcb
FsRtlInitializeOplock
FsRtlInitializeTunnelCache
FsRtlInsertExtraCreateParameter
FsRtlInsertPerFileContext
FsRtlInsertPerFileObjectContext

Sections

.rdata
Size: 832KB - Virtual size: 829KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 456KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PROTDATA
Size: 4KB - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

GFIDS
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Pad1
Size: - Virtual size: 588KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGELK
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

POOLCODE
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEKD
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEVRFY
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEHDLS
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEBGFX
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRACESUP
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGECMRC
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

KVASCODE
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RETPOL
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INITKDBG
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

MINIEX
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 600KB - Virtual size: 598KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Pad2
Size: - Virtual size: 344KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ALMOSTRO
Size: 8KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CACHEALI
Size: 4KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEDATA
Size: 8KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEVRFD
Size: 40KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INITDATA
Size: 4KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Pad3
Size: - Virtual size: 396KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CFGRO
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Pad4
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ntprint.exe
.exe windows:10 windows x64 arch:x64

598ca250c4ce0ed92cfa650d081ad874

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

NtPrint.pdb

Imports

kernel32

HeapSetInformation
GetLastError
LocalFree
FreeLibrary
GetCurrentProcessId
GetProcAddress
LoadLibraryW
LocalAlloc
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

gdi32

GetStockObject

user32

RegisterClassW
CreateWindowExW
DestroyWindow
DefWindowProcW
LoadCursorW

msvcrt

_fmode
_commode
?terminate@@YAXXZ
__C_specific_handler
__wgetmainargs
_amsg_exit
_XcptFilter
wcschr
_wcmdln
_initterm
__setusermatherr
__set_app_type
_exit
exit
_cexit
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nvspinfo.exe
.exe windows:10 windows x64 arch:x64

de5d8b97c8fedbaf7b7d7366051e6e60

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

28:a8:7a:8d:fa:12:e5:21:0b:9a:77:76:d8:db:c3:7e:2d:16:3d:3c:2d:c1:7e:41:07:1c:47:3d:5b:c9:1e:92
Signer

Actual PE Digest

28:a8:7a:8d:fa:12:e5:21:0b:9a:77:76:d8:db:c3:7e:2d:16:3d:3c:2d:c1:7e:41:07:1c:47:3d:5b:c9:1e:92

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

nvspinfo.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_invoke_watson
_initterm
_initterm_e

api-ms-win-crt-locale-l1-1-0

_unlock_locales
_lock_locales

api-ms-win-crt-string-l1-1-0

wcsnlen
memset
strcmp
wcscmp
__strncnt

api-ms-win-crt-private-l1-1-0

_o__free_base
_o__fseeki64
_o__fsopen
_o__get_initial_narrow_environment
_o__get_stream_buffer_pointers
_o__getch
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__kbhit
_o__lock_file
_o__malloc_base
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_errno
_o__set_fmode
_o__set_new_mode
_o__stricmp
_o__strtime
memmove
_o__unlock_file
_o__wcsdup
_o__wcsicmp
_o_abort
_o_atoi
_o_ceilf
_o_exit
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fgetwc
_o_fputc
_o_fputwc
_o_fread
_o_free
_o_fsetpos
_o_fwrite
_o_isalpha
_o_islower
_o_isupper
_o_malloc
_o_putwchar
_o_setlocale
_o_setvbuf
_o_strtoul
_o_terminate
_o_ungetc
_o_ungetwc
_o_wcscpy_s
_o_wcstod
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o__exit
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__configthreadlocale
_o__cexit
_o__calloc_base
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsscanf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___stdio_common_vfprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___pctype_func
_o___p__commode
_o___p___argv
_o___p___argc
_o___acrt_iob_func
_o____mb_cur_max_func
_o____lc_locale_name_func
_o____lc_codepage_func
wcschr
__CxxFrameHandler3
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-console-l2-1-0

SetConsoleCursorPosition
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
SetConsoleTextAttribute
GetConsoleScreenBufferInfo

iphlpapi

GetIfTable2
FreeMibTable
GetAdaptersAddresses
GetIfEntry2
GetIfStackTable
ConvertInterfaceGuidToLuid
SetCurrentThreadCompartmentScope

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-service-core-l1-1-1

EnumServicesStatusExW

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-localization-l1-2-0

LCMapStringEx
FormatMessageW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
CreateMutexExW
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockShared
DeleteCriticalSection
ReleaseSemaphore
ReleaseSRWLockShared
AcquireSRWLockExclusive
WaitForSingleObjectEx
CreateSemaphoreExW
CreateEventA
ReleaseSRWLockExclusive

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW

netsetupapi

NetSetupInitialize
NetSetupClose
NetSetupFreeObjectProperties
NetSetupFreeObjects
NetSetupGetObjects
NetSetupGetObjectProperties

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister

devobj

DevObjCreateDeviceInfoList
DevObjOpenDeviceInfo
DevObjGetDeviceProperty
DevObjDestroyDeviceInfoList

Sections

.text
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
odbcad32.exe
.exe windows:10 windows x64 arch:x64

69feebd40feb17dcc302c7a64d65bd53

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

odbcad32.pdb

Imports

kernel32

GetModuleFileNameW
HeapSetInformation
FreeLibrary
RegisterApplicationRestart
LoadLibraryExW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
Sleep
GetProcAddress
LoadLibraryA

user32

GetLastActivePopup
IsIconic
SetForegroundWindow
UpdateWindow
GetDesktopWindow
FindWindowW
LoadIconW
BringWindowToTop
OpenIcon
MoveWindow
RegisterClassW
ShowWindow
LoadStringW
CreateWindowExW
MessageBoxW
DestroyWindow
GetWindowRect
DefWindowProcW

msvcrt

_commode
_fmode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_wsplitpath_s
_wmakepath_s
?terminate@@YAXXZ
exit
_vsnwprintf_s

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
odbcconf.exe
.exe windows:10 windows x64 arch:x64

09ae8655c843b33d7fa4cdd4f87ad0bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

odbcconf.pdb

Imports

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA

kernel32

DeleteFileA
GetModuleFileNameA
LoadLibraryExA
GetModuleHandleA
MultiByteToWideChar
GetLastError
GetSystemDirectoryA
HeapSetInformation
GetProcAddress
FreeLibrary
FormatMessageA
RegisterApplicationRestart
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
Sleep
GetTickCount
GetSystemTimeAsFileTime

user32

MessageBoxW
LoadStringW

msvcrt

fputs
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
_ismbblead
__setusermatherr
_initterm
__C_specific_handler
_acmdln
_fmode
_commode
exit
free
_errno
fgets
fprintf
_fsopen
_vsnprintf
fclose
fflush
vfprintf
fopen
strerror
malloc
?terminate@@YAXXZ
getenv
_vsnwprintf
memset

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ofdeploy.exe
.exe windows:10 windows x64 arch:x64

09c42344ab28bcc85e705a4ed698e793

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ofdeploy.pdb

Imports

msvcp_win

?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__crt_atexit
_o_exit
_o_free
_o_malloc
_o_terminate
__current_exception
__current_exception_context
_CxxThrowException
_o__configure_wide_argv
_o___stdio_common_vswprintf_s
_o__configthreadlocale
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__callnewh
_o___p__commode
_o___p___wargv
_o___p___argc
__std_terminate
__C_specific_handler
__CxxFrameHandler4
__C_specific_handler_noexcept
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoGetMalloc

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak

api-ms-win-core-processthreads-l1-1-0

GetExitCodeProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess
CreateProcessW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSetInformation

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
AcquireSRWLockShared
CreateEventW
WaitForSingleObject
AcquireSRWLockExclusive
ReleaseSRWLockShared
InitializeCriticalSection
DeleteCriticalSection
SetEvent
ReleaseSRWLockExclusive

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-string-l1-1-0

CompareStringW

oleaut32

SysFreeString
GetErrorInfo

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

user32

PostThreadMessageW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-localization-l1-2-0

FormatMessageA
GetThreadLocale

crypt32

CertVerifyCertificateChainPolicy

api-ms-win-core-file-l1-1-0

GetTempFileNameW
WriteFile
CreateFileW

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegGetValueW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
omadmclient.exe
.exe windows:10 windows x64 arch:x64

8a4ac9e4fc1e14159ac1dd230d658cab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

omadmclient.pdb

Imports

msvcp110_win

?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z

msvcrt

strstr
wcschr
swscanf_s
iswspace
_wtoi
_wtol
wcsrchr
_wcsupr_s
wcstod
_strnicmp
_ultow_s
wcstol
wcsncmp
wcsncpy_s
_wcsnicmp
__CxxFrameHandler3
wcsstr
sprintf_s
strrchr
strchr
strtol
_errno
_set_errno
strncpy_s
memset
memmove
memcpy
memcmp
_CxxThrowException
_wcsicmp
??3@YAXPEAX@Z
__CxxFrameHandler4
??_V@YAXPEAX@Z
_vsnwprintf
memcpy_s
_purecall
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
memmove_s
malloc
_callnewh
wcscmp
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
_ismbblead
__setusermatherr
_initterm
__C_specific_handler
_acmdln
_fmode
_commode
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FindStringOrdinal
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetModuleHandleExA
LoadStringW
GetModuleFileNameA
GetProcAddress

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegGetValueW
RegCloseKey
RegNotifyChangeKeyValue
RegQueryValueExW
RegDeleteValueW
RegEnumValueW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSemaphore
CreateMutexExW
EnterCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockShared
DeleteCriticalSection
WaitForSingleObject
SetEvent
CreateEventExW
WaitForMultipleObjectsEx
CreateEventW
ResetEvent
InitializeCriticalSection
ReleaseMutex
CreateSemaphoreExW
ReleaseSRWLockExclusive
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-com-l1-1-0

CLSIDFromString
CoTaskMemAlloc
CoInitializeSecurity
CoTaskMemFree
CoUninitialize
GetHGlobalFromStream
CoInitializeEx
CoGetApartmentType
CoCreateInstance
CoWaitForMultipleHandles
CreateStreamOnHGlobal
CoCreateInstanceEx
CoCreateFreeThreadedMarshaler

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolTimer
CreateThreadpoolWork

api-ms-win-core-processthreads-l1-1-0

CreateProcessAsUserW
TerminateProcess
GetCurrentProcessId
GetStartupInfoW
GetCurrentThread
GetCurrentThreadId
OpenThreadToken
CreateProcessW
GetCurrentProcess

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetTickCount
GetLocalTime
GetSystemTime

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

crypt32

CertFindCertificateInStore
CryptEncryptMessage
CryptSignMessage
CryptDecryptMessage
CertOpenStore
CertGetCertificateChain
CertGetNameStringW
CertStrToNameW
CertVerifyCertificateChainPolicy
CertCompareCertificateName
CertFreeCertificateContext
CertCloseStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CryptHashCertificate
CryptVerifyMessageSignature

xmllite

CreateXmlWriter
CreateXmlWriterOutputWithEncodingName
CreateXmlReaderInputWithEncodingName
CreateXmlReader

coredpus

ord6
ord12
ord4
ord5
ord9
ord7
ord14
ord10
ord11
ord3
ord13
ord8

cryptsp

CryptHashData
CryptCreateHash
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW

dmcmnutils

DmInformUser
DmGetUserPermissionAsync
DmGetUserPermission
QueryPolicy
DmCancelGetUserPermissionAsync
DmPlayNotificationSound
UnicodeToMB
MBToUnicode
CopyString
DmWnfQuery
BigStrcat
DmMdmSign
DmIsTaskScheduled
DmCheckIfAadAccountLoggedOn
DmRevertToSelf
DmCreateTask
DmImpersonate
DmIsDeviceConnected
OmaDmRegistryGetDWORD
OmaDmRegistrySetDWORD
InvStrCmpNIW
DmGetActiveUserSid
InvStrCmpIW
HexStringToBinary
DmIsDeviceRoaming
BinaryToHexString
DmInitializeContainer
DmStartContainerActivity
DmStopContainerActivity
DmReleaseContainer
EncodeBase64W
EncodeBase64
SetConnectionPriority
OmaDmRegistryGetBinary
InvStrCmpW
OmaDmRegistryGetString
DecodeBase64W
SafeStringToDword
IsWvdSku
DmUnregisterRoamingNotification
DmGetAadEnrollmentResource
DmGetAadDeviceToken
DmGetAadUserToken
DmRegisterRoamingNotification

omadmapi

ord52
ord53
ord89
ord90
ord91
ord87
ord86
ord51
ord100
ord40
ord47
ord24
ord27
ord48
ord54
ord115
ord38
ord23
ord39
ord114
ord44
ord56
ord116
ord64
ord22
ord41
ord55

dmiso8601utils

FileTimeToISO8601String
ISO8601StringToFileTime
ISO8601StringToSystemTime
SystemTimeToISO8601String

profapi

ord104

api-ms-win-shcore-stream-l1-1-0

IStream_Size
SHCreateStreamOnFileEx
SHCreateMemStream

umpdc

Pdcv2ActivationClientUnregister
Pdcv2ActivationClientActivate
Pdcv2ActivationClientDeactivate
Pdcv2ActivationClientRenewActivation
Pdcv2ActivationClientRegister

dmenrollengine

GetEnrollmentSID
ord9
GetEnrollmentCertStore
GetEnrollmentType
GetIsRecoveryAllowed
GetEnrollmentPartnerOpaqueID
GetEnrollmentState
GetEnrollmentTenantID
GetEnrollmentAadSendDeviceToken
GetEnrollmentClientCertThumbprint
SetEnrollState
GetEnrollmentAuthPolicy
GetEnrollmentForceAadToken
GetRecoveryInitiatedByServer
GetRecoveryRetryCount
SetRecoveryRetryCount
GetEnrollmentAadResourceUrl

dmenterprisediagnostics

RecordDiagnosticsError

ntdll

RtlFreeHeap
RtlAllocateHeap
RtlIsStateSeparationEnabled

api-ms-win-core-processthreads-l1-1-1

OpenProcess

rpcrt4

UuidFromStringW
UuidCreate

api-ms-win-core-file-l1-1-0

CreateDirectoryW
GetFileSizeEx
DeleteFileW
ReadFile
GetTempFileNameW
GetFileAttributesW
GetFullPathNameW
CreateFileW
CompareFileTime
WriteFile

oleaut32

VariantInit
SafeArrayCreate
VariantChangeType
VariantClear
SafeArrayUnaccessData
SysAllocString
SysFreeString
SafeArrayDestroy
SafeArrayAccessData

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoActivateInstance

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification
PowerSettingUnregisterNotification

iphlpapi

ConvertInterfaceGuidToLuid
ConvertInterfaceLuidToIndex

api-ms-win-core-path-l1-1-0

PathCchSkipRoot
PathCchAppend
PathAllocCombine
PathCchCombine

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-oobe-notification-l1-1-0

OOBEComplete

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 344KB - Virtual size: 341KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
omadmprc.exe
.exe windows:10 windows x64 arch:x64

c83da75364ddd7ae6caa6691f7642981

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

omadmprc.pdb

Imports

msvcrt

_errno
sprintf_s
_set_errno
strncpy_s
strtol
strchr
malloc
??3@YAXPEAX@Z
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcmp
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_commode
__CxxFrameHandler3
memcpy
_fmode
_acmdln
strrchr
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_purecall
memmove_s
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
_vsnprintf_s
_vsnwprintf
memcpy_s
__CxxFrameHandler4
memmove
memset

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetExitCodeProcess
GetStartupInfoW
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
CreateProcessW
GetCurrentProcessId

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

CreateMutexExW
AcquireSRWLockExclusive
OpenEventW
LeaveCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockShared
TryEnterCriticalSection
ReleaseSRWLockShared
ReleaseSemaphore
OpenSemaphoreW
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
DeleteCriticalSection
CreateSemaphoreExW
InitializeCriticalSectionEx
EnterCriticalSection

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
CloseThreadpool
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpool
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum

api-ms-win-core-com-l1-1-0

CoInitializeEx
StringFromGUID2
CoCreateGuid
CoUninitialize

oleaut32

SysFreeString

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount

dmcmnutils

UnicodeToMB
MBToUnicode
DmIsDeviceRoaming
OmaDmRegistryGetDWORD
InvStrCmpNIW
GetHeader
DmDeleteTask
DmRunTask
IsWvdFeatureAllowed
CopyString
OmaDmRegistrySetString
InvStrCmpW
DmCreateTask
DmIsTaskScheduled
BigStrcat
OmaDmRegistrySetDWORD
IsWvdSku

dmpushproxy

ord11
ord10
ord9
ord3
ord1

ntdll

RtlIsStateSeparationEnabled

dmenrollengine

ord10
ord9

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW

rpcrt4

UuidCreate

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

omadmapi

ord55
ord53
ord24
ord50
ord117
ord100
ord40
ord44
ord118
ord38
ord52
ord51
ord22
ord56
ord39
ord41
ord54

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
openfiles.exe
.exe windows:10 windows x64 arch:x64

b8df5d84ff68243788ad32e37c441dde

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

OpnFiles.pdb

Imports

advapi32

RegConnectRegistryW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
LookupAccountSidW
CheckTokenMembership
AllocateAndInitializeSid
FreeSid

kernel32

CompareStringW
GetComputerNameW
GetStdHandle
GetConsoleScreenBufferInfo
VirtualAlloc
VirtualQuery
VirtualFree
GetLogicalDrives
GetSystemDirectoryW
GetDriveTypeW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
CloseHandle
SetLastError
SetThreadUILanguage
GetTimeFormatW
FileTimeToSystemTime
GetModuleFileNameW
GetComputerNameExW
HeapSize
HeapReAlloc
HeapAlloc
HeapValidate
HeapFree
GetProcessHeap
ReadConsoleW
ReadFile
SetConsoleMode
MultiByteToWideChar
GetConsoleOutputCP
ExitProcess
WriteConsoleW
CompareStringA
GetThreadLocale
lstrlenW
lstrlenA
GetConsoleMode
GetFileType
WideCharToMultiByte
GetLastError
OpenProcess
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
FormatMessageW
LocalFree
FindStringOrdinal

msvcrt

_CxxThrowException
wcstok
fflush
fprintf
_get_osfhandle
_fileno
wcstol
wcstod
_errno
_memicmp
__iob_func
__CxxFrameHandler4
_vsnwprintf
__setusermatherr
wcstoul
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_commode
_fmode
__C_specific_handler
_initterm
memset
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
free
_callnewh
malloc
_wgetcwd

user32

LoadStringW
CharUpperW

mpr

WNetCancelConnection2W
WNetAddConnection2W
WNetGetLastErrorW

ws2_32

GetAddrInfoW
WSALookupServiceEnd
WSALookupServiceNextW
WSALookupServiceBeginW
WSACleanup
WSAGetLastError
WSAStartup
GetNameInfoW
FreeAddrInfoW

framedynos

?Format@CHString@@QEAAXPEBGZZ
?Find@CHString@@QEBAHPEBG@Z
?Right@CHString@@QEBA?AV1@H@Z
??0CHString@@QEAA@XZ
?Mid@CHString@@QEBA?AV1@HH@Z
?Mid@CHString@@QEBA?AV1@H@Z
??4CHString@@QEAAAEBV0@PEBG@Z
??0CHString@@QEAA@PEBG@Z
??1CHString@@QEAA@XZ
??4CHString@@QEAAAEBV0@AEBV0@@Z
?GetData@CHString@@IEBAPEAUCHStringData@@XZ
?Left@CHString@@QEBA?AV1@H@Z
??YCHString@@QEAAAEBV0@PEBG@Z

ntdll

RtlAllocateHeap
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
VerSetConditionMask
RtlInitUnicodeString
RtlVerifyVersionInfo
NtQuerySystemInformation

shlwapi

StrChrW

version

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

srvcli

NetServerGetInfo
NetFileEnum
NetFileClose

netutils

NetApiBufferFree

sspicli

GetUserNameExW

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
osk.exe
.exe windows:10 windows x64 arch:x64

5dd120dc6a23a12489d1e4e7b5afb1aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

osk.pdb

Imports

advapi32

EventUnregister
RegOpenKeyExW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
RegSetValueExW
GetTraceEnableFlags
GetTraceLoggerHandle
EventSetInformation
TraceMessage
EventRegister
EventWriteTransfer
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW
RegGetValueW
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegNotifyChangeKeyValue
RegEnumKeyExW
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
RegLoadMUIStringW
RegDeleteTreeW
RegEnumValueW

kernel32

RaiseException
EnterCriticalSection
LeaveCriticalSection
VirtualQuery
GetSystemInfo
LoadLibraryExA
VirtualProtect
FreeLibrary
CreateThreadpoolTimer
InitializeCriticalSectionEx
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
IsDebuggerPresent
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
InitOnceComplete
OutputDebugStringW
ReleaseSemaphore
CreateSemaphoreExW
InitOnceBeginInitialize
K32GetModuleBaseNameW
K32EnumProcessModules
K32EnumProcesses
DeleteFileW
InitializeCriticalSection
DeleteProcThreadAttributeList
CreateProcessW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
OpenProcess
SetLastError
LocalFree
OOBEComplete
DebugBreak
CreateThread
SetEvent
FormatMessageW
CreateEventW
HeapFree
MultiByteToWideChar
OpenJobObjectW
WaitForSingleObject
CompareStringOrdinal
HeapSize
GetModuleFileNameA
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
DeactivateActCtx
ActivateActCtx
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
TerminateProcess
DeleteCriticalSection
GetFileAttributesW
HeapDestroy
OpenMutexW
GetSystemDefaultLocaleName
GetStringTypeExW
GetModuleHandleW
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
GetProcAddress
GlobalAddAtomW
GlobalDeleteAtom
LoadLibraryExW
MulDiv
GetTickCount
LocaleNameToLCID
GetCurrentProcessId
ResolveLocaleName
ProcessIdToSessionId
LCIDToLocaleName
FreeResource
GetUserPreferredUILanguages
GetLocaleInfoEx
ExpandEnvironmentStringsW
IsProcessInJob
HeapReAlloc
GetProcessHeap
HeapAlloc
RegisterApplicationRestart
LoadResource
FindResourceExW
HeapSetInformation
CloseHandle
LockResource
GetLastError
GetTickCount64
ReleaseMutex
CreateMutexW
SetProcessShutdownParameters
SizeofResource
GetModuleHandleExW

gdi32

GetDeviceCaps
GetStockObject

user32

GetWindowMinimizeRect
UnregisterClassA
CreateDialogParamW
GetKeyState
GetShellWindow
GetUserObjectInformationW
GetThreadDesktop
SendNotifyMessageW
SetDesktopColorTransform
ChangeWindowMessageFilterEx
MessageBoxW
SetDlgItemTextW
SendDlgItemMessageW
SetFocus
GetDlgItem
CheckDlgButton
EnableWindow
AdjustWindowRectEx
AllowSetForegroundWindow
MonitorFromPoint
MonitorFromWindow
SetWindowLongPtrW
RemovePropW
GetSystemMetrics
SetClassLongPtrW
GetWindowLongPtrW
IsWindow
GetMonitorInfoW
GetDoubleClickTime
SetPropW
LoadIconW
SetForegroundWindow
GetWindowLongW
GetWindowThreadProcessId
GetMessageExtraInfo
GetWindowRect
GetDC
GetPropW
MonitorFromRect
CallNextHookEx
GetCursorInfo
WindowFromPhysicalPoint
MapVirtualKeyExW
MapWindowPoints
GetKeyboardLayout
GetForegroundWindow
UnhookWindowsHookEx
SetLayeredWindowAttributes
LoadCursorW
GetClassNameW
SetWindowsHookExW
SetWinEventHook
GetParent
PtInRect
UnhookWinEvent
InvalidateRect
ReleaseDC
GetGUIThreadInfo
SendInput
SetWindowPos
CreateWindowExW
ScreenToClient
SendMessageW
SetTimer
GetClientRect
KillTimer
SystemParametersInfoW
LoadImageW
GetCursorPos
GetMessageW
PostMessageW
DestroyWindow
LoadStringW
ShowWindow
DispatchMessageW
IsDialogMessageW
PeekMessageW
SetWindowFeedbackSetting
TranslateMessage
FindWindowW
IsIconic
SetWindowPlacement

msvcrt

_wcslwr_s
memset
_wtoi
wcschr
memcpy_s
??3@YAXPEAX@Z
wcsrchr
memcmp
__CxxFrameHandler4
_ltow_s
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_purecall
_callnewh
malloc
__C_specific_handler
wcsstr
wcscpy_s
free
calloc
wcstoul
_vsnwprintf
??_V@YAXPEAX@Z
wcscspn
memmove_s
wcsspn
_wcsicmp
wcscmp

osksupport

UninitializeOSKSupport
InitializeOSKSupport

dwmapi

DwmSetWindowAttribute

gdiplus

GdiplusStartup
GdiplusShutdown

ntdll

WinSqmIncrementDWORD
WinSqmSetDWORD
RtlCaptureContext
RtlLookupFunctionEntry
WinSqmAddToStream
WinSqmIsOptedIn
RtlVirtualUnwind

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleacc

AccSetRunningUtilityState
AccessibleObjectFromWindow

oleaut32

SysAllocStringLen
SysStringLen
SysFreeString
SysAllocString

winmm

waveOutGetNumDevs
PlaySoundW
joyReleaseCapture
joySetCapture

wmsgapi

WmsgSendMessage

duser

InvalidateGadget

dui70

?ShowWindow@NativeHWNDHost@DirectUI@@QEAAXH@Z
UnInitThread
UnInitProcessPriv
?EndDefer@Element@DirectUI@@QEAAXK@Z
InitThread
InitProcessPriv
?WndProc@HWNDElement@DirectUI@@UEAA_JPEAUHWND__@@I_K_J@Z
?ElementFromPoint@HWNDElement@DirectUI@@QEAAPEAVElement@2@PEAUtagPOINT@@@Z
?RemoveTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?ActivateTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@K@Z
?UpdateTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?_OnUIStateChanged@HWNDElement@DirectUI@@MEAAXGG@Z
?OnWmSettingChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnWmThemeChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnGetDlgCode@HWNDElement@DirectUI@@UEAAXPEAUtagMSG@@PEA_J@Z
?OnNoChildWithShortcutFound@HWNDElement@DirectUI@@UEAAXPEAUKeyboardEvent@2@@Z
?OnInput@HWNDElement@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnImmersiveColorSchemeChanged@HWNDElement@DirectUI@@UEAAXXZ
?OnThemeChanged@HWNDElement@DirectUI@@UEAAXPEAUThemeChangedEvent@2@@Z
?OnEvent@HWNDElement@DirectUI@@UEAAXPEAUEvent@2@@Z
?OnDestroy@HWNDElement@DirectUI@@UEAAXXZ
?OnGroupChanged@HWNDElement@DirectUI@@UEAAXH_N@Z
?OnPropertyChanged@HWNDElement@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?Host@NativeHWNDHost@DirectUI@@QEAAXPEAVElement@2@@Z
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?DoubleBuffered@Element@DirectUI@@QEAAX_N@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?Initialize@HWNDElement@DirectUI@@QEAAJPEAUHWND__@@_NIPEAVElement@2@PEAK@Z
??1HWNDElement@DirectUI@@UEAA@XZ
??0HWNDElement@DirectUI@@QEAA@XZ
?GetAccessibleImpl@HWNDElement@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?Register@HWNDElement@DirectUI@@SAJXZ
?ThemeChange@HWNDElement@DirectUI@@SA?AVUID@@XZ
?GetHWND@NativeHWNDHost@DirectUI@@QEAAPEAUHWND__@@XZ
?OnCompositionChanged@HWNDElement@DirectUI@@UEAAXXZ
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?OnMessage@NativeHWNDHost@DirectUI@@UEAAJI_K_JPEA_J@Z
?Destroy@NativeHWNDHost@DirectUI@@QEAAXXZ
??0NativeHWNDHost@DirectUI@@QEAA@XZ
?Initialize@NativeHWNDHost@DirectUI@@QEAAJPEBG0PEAUHWND__@@PEAUHICON__@@HHHHHHPEAUHINSTANCE__@@I@Z
??1NativeHWNDHost@DirectUI@@UEAA@XZ
?CreateHostWindow@NativeHWNDHost@DirectUI@@UEAAPEAUHWND__@@KPEBG0KHHHHPEAU3@PEAUHMENU__@@PEAUHINSTANCE__@@PEAX@Z
?GetDisplayNode@Element@DirectUI@@QEAAPEAUHGADGET__@@XZ
?SetWidth@Element@DirectUI@@QEAAJH@Z
?SetHeight@Element@DirectUI@@QEAAJH@Z
?SetX@Element@DirectUI@@QEAAJH@Z
?SetY@Element@DirectUI@@QEAAJH@Z
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?Remove@Element@DirectUI@@QEAAJPEAV12@@Z
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
StrToID
?IsRTL@Element@DirectUI@@QEAA_NXZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?GetParent@Element@DirectUI@@QEAAPEAV12@XZ
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?SetAccessible@Element@DirectUI@@QEAAJ_N@Z
?SetLayout@Element@DirectUI@@QEAAJPEAVLayout@2@@Z
?CanSetFocus@HWNDElement@DirectUI@@UEAA_NXZ
?IsMSAAEnabled@HWNDElement@DirectUI@@UEAA_NXZ
?GetHWND@HWNDElement@DirectUI@@UEAAPEAUHWND__@@XZ
?GetClassInfoW@HWNDElement@DirectUI@@UEAAPEAUIClassInfo@2@XZ
?Create@FillLayout@DirectUI@@SAJPEAPEAVLayout@2@@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?Destroy@Layout@DirectUI@@QEAAXXZ
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?StartDefer@Element@DirectUI@@QEAAXPEAK@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetWindowClassNameAndStyle@HWNDElement@DirectUI@@UEAAXPEAPEBGPEAI@Z

shell32

ShellExecuteW

Sections

.text
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pacjsworker.exe
.exe windows:10 windows x64 arch:x64

84970980433aae64352684fdbfe4e420

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:7e:13:cc:b2:72:66:ff:0d:84:59:39:82:47:29:6c:7d:00:e0:b1:94:4a:8d:e3:36:2d:26:bf:33:22:99:cb
Signer

Actual PE Digest

b9:7e:13:cc:b2:72:66:ff:0d:84:59:39:82:47:29:6c:7d:00:e0:b1:94:4a:8d:e3:36:2d:26:bf:33:22:99:cb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

pacjsworker.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___p___wargv
_o___p__commode
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o___p___argc
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context

api-ms-win-crt-string-l1-1-0

memset

winhttp

WinHttpPacJsWorkerMain

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pcalua.exe
.exe windows:10 windows x64 arch:x64

65181227a3f528925438a98cb935f5cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

pcalua.pdb

Imports

user32

GetDesktopWindow
RegisterClassExW
GetSystemMetrics
CreateWindowExW
DefWindowProcW
SetForegroundWindow

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
_o__wtoi
_o_exit
_o_free
_o_strcpy_s
_o_terminate
_o_wcscat_s
_o_wcscpy_s
__current_exception
__current_exception_context
wcschr
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__C_specific_handler
_o___p__commode
__CxxFrameHandler4
wcsstr
strchr
wcsrchr
_CxxThrowException
memcmp
memcpy
memmove

api-ms-win-crt-string-l1-1-0

memset

ntdll

NtClose
LdrGetProcedureAddress
NtQueryInformationFile
RtlInitString
RtlInitAnsiString
NtCreateFile
RtlCaptureContext
ZwOpenKey
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlDosPathNameToRelativeNtPathName_U_WithStatus
LdrGetDllHandle
RtlInitUnicodeString
RtlDeleteCriticalSection
RtlAllocateHeap
RtlEqualString
RtlReAllocateHeap
RtlEnterCriticalSection
RtlMultiByteToUnicodeN
ZwEnumerateKey
RtlInitializeCriticalSection
RtlFreeHeap
RtlLeaveCriticalSection
EtwEventUnregister
EtwEventWrite
EtwEventRegister
ZwClose
ZwQuerySystemInformation
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlUpcaseUnicodeChar
RtlGetNativeSystemInformation
RtlInitUnicodeStringEx
ZwQueryValueKey

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExA
GetProcAddress
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
GetModuleFileNameW

api-ms-win-core-sidebyside-l1-1-0

FindActCtxSectionStringW
DeactivateActCtx
QueryActCtxW
CreateActCtxW
ActivateActCtx

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
ReleaseSRWLockShared
CreateSemaphoreExW
OpenSemaphoreW
AcquireSRWLockExclusive
CreateMutexExW
LeaveCriticalSection
AcquireSRWLockShared
DeleteCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseSRWLockExclusive
ReleaseMutex
ReleaseSemaphore
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc
HeapSetInformation

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW
OutputDebugStringA

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetStartupInfoW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-file-l1-1-0

WriteFile
CreateFileW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister

pcaui

PcaLaunchApplicationWithConsent
PcaPersistSettingsAndLaunchApplication

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pcaui.exe
.exe windows:10 windows x64 arch:x64

4bf57eba3b7099c31e7f2d38d3460f0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

pcaui.pdb

Imports

msvcp_win

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm_e
_initterm
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcslwr
_o__wcsnicmp
_o__wsplitpath_s
_o__wtoi
_o_exit
_o_free
_o_malloc
_o_memcpy_s
_o_strcpy_s
_o_terminate
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcstoul
__current_exception
__current_exception_context
__CxxFrameHandler3
_o___std_exception_destroy
_CxxThrowException
_o___std_exception_copy
wcsrchr
strchr
wcsstr
wcschr
_o___p__commode
_o__crt_atexit
_o__exit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
__C_specific_handler
__std_terminate
__CxxFrameHandler4
memcpy
memcmp
_o__wcsicmp

api-ms-win-crt-string-l1-1-0

memset
strncmp
wcscmp

ntdll

RtlMultiByteToUnicodeN
ZwEnumerateKey
RtlInitializeCriticalSection
RtlLeaveCriticalSection
EtwEventUnregister
EtwEventWrite
EtwEventRegister
ZwClose
RtlAnsiStringToUnicodeString
RtlImageDirectoryEntryToData
ZwQuerySystemInformation
RtlEnterCriticalSection
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwCreateFile
RtlTimeToTimeFields
RtlUpcaseUnicodeChar
RtlDosPathNameToNtPathName_U_WithStatus
ZwCreateSection
RtlFreeUnicodeString
RtlxAnsiStringToUnicodeSize
RtlGetNativeSystemInformation
RtlSecondsSince1970ToTime
RtlVerifyVersionInfo
RtlInitUnicodeStringEx
ZwMapViewOfSection
ZwQueryValueKey
ZwQueryInformationFile
LdrResSearchResource
ZwOpenKey
EtwTraceMessage
RtlReAllocateHeap
RtlEqualString
RtlDeleteCriticalSection
NtQueryInformationFile
NtClose
NtCreateFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
LdrGetProcedureAddress
RtlInitString
LdrGetDllHandle
RtlInitUnicodeString
RtlAllocateHeap
RtlFreeHeap
RtlGUIDFromString
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlInitAnsiString
ZwUnmapViewOfSection

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW
LoadLibraryExW
GetProcAddress
GetModuleFileNameA
FreeLibrary

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
ReleaseMutex
SetEvent
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
CreateMutexExW
ReleaseSemaphore
EnterCriticalSection
CreateEventExW
DeleteCriticalSection
CreateSemaphoreExW
InitializeCriticalSectionAndSpinCount
ResetEvent
AcquireSRWLockShared
CreateEventW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
HeapSetInformation
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
RaiseException
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

ProcessIdToSessionId
TerminateProcess
GetStartupInfoW
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentVariableW

userenv

GetUserProfileDirectoryW

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-sidebyside-l1-1-0

QueryActCtxW
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
DeactivateActCtx

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegGetValueW
RegLoadAppKeyW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-file-l1-1-0

GetFileAttributesW

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-shlwapi-legacy-l1-1-0

PathAppendW
PathFindFileNameW

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize
RoActivateInstance

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

kernel32

FindFirstFileW
GetModuleHandleExA
CreateFileW
FindClose
WriteFile
FileTimeToSystemTime
GetVolumeInformationByHandleW
RegOpenKeyExW
VerSetConditionMask
ExpandEnvironmentStringsW
ReleaseActCtx

apphelp

SdbSetEntryFlags
ord31
SdbIsNullGUID
SdbFreeFileAttributes
SdbGetEntryFlags
SdbGetFileAttributes
SdbTagToString

gdiplus

GdiplusShutdown
GdipSaveImageToFile
GdipBitmapSetPixel
GdipCreateBitmapFromScan0
GdiplusStartup
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromHICON
GdipGetImageEncoders
GdipGetImageEncodersSize

comctl32

ImageList_GetIcon

pcaui

PcaShowDialog
DisplayApphelpDialog

gdi32

DeleteObject
GetDIBits
CreateDIBSection
CreateCompatibleDC
GetObjectW
DeleteDC

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec

api-ms-win-security-cryptoapi-l1-1-0

CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
CryptDestroyHash
CryptHashData
CryptCreateHash

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pcwrun.exe
.exe windows:10 windows x64 arch:x64

f377d135d63e07adc800e6f236499a9f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

pcwrun.pdb

Imports

kernel32

GetTempPath2W
GetTempFileNameW
CreateFileW
WriteFile
CloseHandle
RaiseException
HeapFree
GetProcessHeap
GetModuleHandleW
GetLastError
FindResourceW
SizeofResource
HeapAlloc
LoadResource
LockResource
ExpandEnvironmentStringsW
CreateProcessW
HeapSetInformation
MoveFileExW
LocalFree
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime

msvcrt

_commode
__setusermatherr
?terminate@@YAXXZ
__C_specific_handler
__set_app_type
exit
_exit
_cexit
memcpy
_wcmdln
__wgetmainargs
_amsg_exit
_XcptFilter
free
_vsnwprintf
_initterm
_fmode
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

oleaut32

SysFreeString
SysStringLen
SysAllocString
VariantClear
VariantInit

shell32

CommandLineToArgvW

shlwapi

PathRemoveExtensionW
PathAddExtensionW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeEx
CoUninitialize

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
perfmon.exe
.exe windows:10 windows x64 arch:x64

c558b7a765839c058d47628a59e81cdd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

perfmon.pdb

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
RegCloseKey

kernel32

GetModuleFileNameW
FindActCtxSectionStringW
GetLocaleInfoW
WaitForSingleObject
GetFileAttributesW
DeactivateActCtx
QueryActCtxW
Sleep
FormatMessageW
GetLastError
GetThreadUILanguage
CloseHandle
OutputDebugStringA
CreateThread
HeapSetInformation
HeapAlloc
GetProcAddress
LocalFree
GetProcessHeap
CreateProcessW
FreeLibrary
CopyFileW
RegisterApplicationRestart
IsWow64Process
GetSystemDefaultUILanguage
ExpandEnvironmentStringsW
LoadLibraryW
GetLocaleInfoEx
GetUserDefaultUILanguage
GetCurrentProcess
UnmapViewOfFile
LCIDToLocaleName
FindClose
FindNextFileW
FindFirstFileW
CreateFileW
GetConsoleMode
GetFileType
WriteFile
WideCharToMultiByte
WriteConsoleW
GetConsoleOutputCP
GetStdHandle
TerminateProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
GetCommandLineW
SetLastError
HeapFree
ActivateActCtx
CreateActCtxW
FindResourceExW
LoadResource
CreateFileMappingW
MapViewOfFile
LoadLibraryExW
GetModuleHandleExW
GetVersionExW
SearchPathW

gdi32

GetDeviceCaps

user32

SetLayeredWindowAttributes
EnumWindows
SetFocus
GetMessageW
DefWindowProcW
PostMessageW
MonitorFromPoint
CheckMenuRadioItem
TranslateAcceleratorW
TranslateMessage
LoadIconW
GetClassNameW
SetWindowPos
CheckMenuItem
GetClientRect
GetDlgItem
PostQuitMessage
GetDesktopWindow
EnableMenuItem
SystemParametersInfoW
DialogBoxParamW
UpdateWindow
IsIconic
ReleaseDC
ShowWindow
IsWindow
GetSysColor
CopyRect
DispatchMessageW
LoadStringW
GetWindowRect
GetMenu
GetFocus
DestroyWindow
GetDC
LoadAcceleratorsW
CreateWindowExW
DeleteMenu
SendMessageW
WaitForInputIdle
EndDialog
SetWindowTextW
RegisterClassExW
GetWindowPlacement
GetMonitorInfoW

msvcrt

wcsncmp
malloc
_callnewh
memset
memcpy
__C_specific_handler
_vsnwprintf
memmove
towlower
_wcsicmp
wcsrchr
wcschr
_wsplitpath_s
_wmakepath_s
wcstok
__CxxFrameHandler3
_commode
_fmode
_wcmdln
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
free
_wcsnicmp
wcsstr
?terminate@@YAXXZ

atl

ord41

ole32

CoCreateInstance
CoInitialize
OleInitialize
CoUninitialize

ntdll

NtQueryInformationToken
NtOpenProcessToken
NtClose
NtOpenThreadToken
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WinSqmIncrementDWORD
WinSqmAddToStream

shlwapi

SHCreateStreamOnFileEx
ord186

shell32

ord28
SHGetIDListFromObject
CommandLineToArgvW
SHCreateDataObject
ShellExecuteExW
SHBindToParent
ord155
SHGetFolderPathEx

oleaut32

OleCreateFontIndirect
SysFreeString
VariantInit
VariantTimeToSystemTime
VarDateFromStr
VariantChangeType
SysAllocString
VariantClear

credui

CredUIPromptForCredentialsW

sspicli

GetUserNameExW

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
phoneactivate.exe
.exe windows:10 windows x64 arch:x64

da01aba632042a34353c786f41878181

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7e:19:80:30:a1:eb:87:cc:f2:78:d9:8f:e1:fb:27:81:41:0d:57:87:77:8a:ea:52:4b:9d:fb:db:a1:e9:08:60
Signer

Actual PE Digest

7e:19:80:30:a1:eb:87:cc:f2:78:d9:8f:e1:fb:27:81:41:0d:57:87:77:8a:ea:52:4b:9d:fb:db:a1:e9:08:60

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

phoneactivate.pdb

Imports

advapi32

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer
EventActivityIdControl

kernel32

HeapFree
GetModuleHandleExW
HeapAlloc
GetProcAddress
GetProcessHeap
GetLastError
CompareStringW
LocalFree
GetSystemTime
SystemTimeToFileTime
CreateEventW
SetEvent
OpenEventW
CreateMutexW
RegisterWaitForSingleObject
QueueUserWorkItem
OpenProcess
UnregisterWaitEx
CloseHandle
GetGeoInfoW
VirtualQuery
FindResourceExW
LoadResource
LockResource
GetCurrentThreadId
CompareStringEx
LoadLibraryExW
FreeLibrary
GetSystemDirectoryW

user32

GetMessageW
TranslateMessage
GetSystemMetrics
DispatchMessageW
CharNextW
ChangeWindowMessageFilter
PostThreadMessageW
CharUpperW
PostQuitMessage
CharUpperBuffW
GetWindowThreadProcessId

msvcrt

memmove
memset
memcpy
floorf
?terminate@@YAXXZ
__CxxFrameHandler3
_onexit
__dllonexit
wcscmp
_lock
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
towlower
_wcsicmp
_vsnwprintf
swscanf_s
_wtoi
wcsstr
_purecall
wcschr
_unlock

shell32

ShellExecuteExW
SHCreateItemInKnownFolder
SHGetIDListFromObject
CommandLineToArgvW

shlwapi

PathFileExistsW
ord460

windows.ui.immersive

ord100

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-synch-l1-2-0

Sleep
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetStartupInfoW
GetCurrentProcessId
TerminateProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

setupapi

SetupGetLineCountW
SetupFindFirstLineW
SetupGetStringFieldW
SetupGetLineByIndexW
SetupOpenInfFileW
SetupCloseInfFile

slc

SLGetWindowsInformation
SLDepositOfflineConfirmationId
SLGetSLIDList
SLGenerateOfflineInstallationId
SLGetLicensingStatusInformation
SLOpen
SLClose
SLGetProductSkuInformation
SLConsumeWindowsRight

sppc

SLpIsCurrentInstalledProductKeyDefaultKey

sppcext

SLGetTokenActivationGrants
SLFreeTokenActivationGrants

dui70

GetScaleFactor
?GetRoot@Element@DirectUI@@QEAAPEAV12@XZ
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?ClearButtonClicked@TouchEdit2@DirectUI@@SA?AVUID@@XZ
?Release@Value@DirectUI@@QEAAXXZ
?GetContentString@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?SetInputScope@TouchEdit2@DirectUI@@QEAAJW4__MIDL___MIDL_itf_inputscope_0000_0000_0001@@@Z
?GetSelectionIndex@TouchSelect@DirectUI@@QEAAHXZ
?SetSelectionIndex@TouchSelect@DirectUI@@QEAAJH@Z
?AddString@TouchSelect@DirectUI@@QEAAJPEBG@Z
?UserTextChanged@TouchEditBase@DirectUI@@SA?AVUID@@XZ
?ContentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z
?CreateString@Value@DirectUI@@SAPEAV12@PEBGPEAUHINSTANCE__@@@Z
?SetCaretPosition@TouchEdit2@DirectUI@@QEAAJJ@Z
?GetSelection@TouchEdit2@DirectUI@@QEAAJPEAJ0@Z
DuiCreateObject
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
?Click@TouchButton@DirectUI@@SA?AVUID@@XZ
?AddListener@Element@DirectUI@@QEAAJPEAUIElementListener@2@@Z
StrToID
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?SetDirection@Element@DirectUI@@QEAAJH@Z

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plasrv.exe
.exe windows:10 windows x64 arch:x64

71297308fdb1be310422f78b8e23f73c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

plasrv.pdb

Imports

kernel32

GetSystemDirectoryW
GetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
TerminateProcess

msvcrt

_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_vsnwprintf
?terminate@@YAXXZ

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pnputil.exe
.exe windows:10 windows x64 arch:x64

8f47eb65ebe877be06b87402556253df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

pnputil.pdb

Imports

msvcrt

?terminate@@YAXXZ
_commode
_fmode
memcpy
__C_specific_handler
_resetstkoflw
wcschr
_initterm
__setusermatherr
wcsrchr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_wcsnicmp
_wcsicmp
_vsnwprintf
memset

api-ms-win-core-heap-l1-1-0

HeapReAlloc
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetErrorMode
SetLastError
GetLastError
RaiseException

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
ExpandEnvironmentStringsW

api-ms-win-core-file-l1-1-0

WriteFile
FindFirstFileW
GetFullPathNameW
FindNextFileW
CreateDirectoryW
FindClose
GetFileAttributesW
CreateFileW

api-ms-win-core-console-l1-1-0

WriteConsoleW
GetConsoleMode

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadPreferredUILanguages

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA
FreeLibrary
LoadStringW
GetProcAddress
GetModuleHandleW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
CompareStringW

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetTickCount
GetSystemInfo
GetSystemTimeAsFileTime

api-ms-win-devices-config-l1-1-1

CM_MapCrToWin32Err
CM_Get_DevNode_Status
CM_Locate_DevNodeW
CM_Get_Class_PropertyW

devobj

DevObjClassNameFromGuid
DevObjDestroyDeviceInfoList
DevObjDeleteDevice
DevObjCreateDeviceInfoList
DevObjGetDeviceProperty
DevObjChangeState
DevObjUninstallDevice
DevObjOpenDeviceInfo
DevObjClassGuidsFromName

cfgmgr32

CM_Get_Res_Des_Data_Size
CM_Get_Device_Interface_PropertyW
CM_Free_Log_Conf_Handle
CM_Get_DevNode_PropertyW
CM_Get_Next_Res_Des
CM_Free_Res_Des_Handle
CM_Reenumerate_DevNode
CM_Get_First_Log_Conf
CM_Get_Res_Des_Data
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_SizeW

api-ms-win-devices-query-l1-1-0

DevGetObjectProperties
DevFindProperty
DevGetObjects
DevFreeObjects
DevFreeObjectProperties

ntdll

NtQueryValueKey
NtOpenKey
RtlFreeUnicodeString
RtlFormatCurrentUserKeyPath
NtClose
RtlGUIDFromString
RtlInitUnicodeString
RtlNtStatusToDosError
NtQuerySystemInformation
RtlIsStateSeparationEnabled

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenProcessToken
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-security-sddl-l1-1-0

ConvertSecurityDescriptorToStringSecurityDescriptorW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

CreateEventW
WaitForSingleObjectEx
SetEvent
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
poqexec.exe
.sys windows:10 windows x64 arch:x64

e2f919b2d48793840c2eb63490b6f095

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

poqexec.pdb

Imports

ntdll

RtlQueryFeatureConfiguration
RtlNotifyFeatureUsage
RtlRaiseStatus
sprintf_s
NtWriteFile
vsprintf_s
NtQuerySystemTime
NtOpenFile
NtSetInformationFile
NtClose
NtCreateFile
NtSetCachedSigningLevel
RtlCopyUnicodeString
RtlFindMessage
RtlFormatMessage
NtDrawText
NtDisplayString
NtQueryInformationFile
NtOpenProcess
NtQueryInformationProcess
_wcstoui64
RtlInitUnicodeString
NtOpenProcessToken
NtAdjustPrivilegesToken
NtOpenKey
NtLoadKey
NtUnloadKey
NtQueryInformationTransaction
NtCreateTransaction
NtCommitTransaction
RtlSetSystemBootStatus
NtShutdownSystem
NtCreateKey
NtFlushKey
RtlExpandEnvironmentStrings_U
NtFlushBuffersFile
NtReadFile
RtlSetHeapInformation
DbgPrintEx
RtlNtStatusToDosError
RtlAllocateHeap
RtlFreeHeap
NtDelayExecution
NtRollbackTransaction
NtQueryVolumeInformationFile
NtQueryAttributesFile
NtQuerySecurityObject
NtSetSecurityObject
NtCreateKeyTransacted
NtOpenKeyTransactedEx
NtOpenKeyEx
NtDeleteKey
NtQueryValueKey
NtSetValueKey
NtDeleteValueKey
NtFsControlFile
NtTerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
memmove
RtlNormalizeProcessParams
RtlFreeUnicodeString
NtOpenThreadToken
NtQueryInformationToken
RtlCreateAcl
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlDuplicateUnicodeString
RtlGetOwnerSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlNewSecurityObjectEx
RtlDeleteSecurityObject
RtlEqualUnicodeString
LdrLoadDll
LdrGetProcedureAddress
NtQueryPerformanceCounter
NtSetIoCompletion
NtWaitForMultipleObjects
RtlGetControlSecurityDescriptor
RtlFindAceByType
NtQuerySystemInformation
NtCreateIoCompletion
NtCreateEvent
TpSimpleTryPost
NtRemoveIoCompletion
NtSetEvent
RtlTimeToTimeFields
NtQueryKey
RtlSetOwnerSecurityDescriptor
RtlSetCurrentTransaction
NtEnumerateKey
RtlGetLengthWithoutLastFullDosOrNtPathElement
NtEnumerateValueKey
RtlGetAce
RtlpApplyLengthFunction
LdrUnloadDll
RtlQueryInformationAcl
RtlAddAccessAllowedAceEx
NtDeleteFile
RtlCaptureStackBackTrace
RtlQueryEnvironmentVariable_U
RtlGetCurrentTransaction
RtlAddAce
RtlLengthSid
NtDuplicateObject
NtYieldExecution
NtSetInformationKey
NtQueryObject
RtlDestroyEnvironment
NtQueryDirectoryFile
RtlDeleteCriticalSection
RtlEnterCriticalSection
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlConvertSidToUnicodeString
RtlValidAcl
RtlSetSaclSecurityDescriptor
RtlLengthSecurityDescriptor
RtlValidSid
RtlMakeSelfRelativeSD
NtDuplicateToken
NtSetInformationThread
RtlCopySid
RtlSetGroupSecurityDescriptor
RtlCreateEnvironmentEx
RtlUpcaseUnicodeChar
RtlDowncaseUnicodeChar
RtlReAllocateHeap
RtlDosPathNameToNtPathName_U
LdrGetDllHandleEx
DbgPrint
RtlCreateUnicodeStringFromAsciiz
iswspace
wcscpy_s
memcpy_s
strncmp
_snprintf_s
wcstoul
memcmp
memcpy
memset

Sections

.text
Size: 396KB - Virtual size: 395KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pospaymentsworker.exe
.exe windows:10 windows x64 arch:x64

4f405554d882f78a05e90f7d0e034497

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

pospaymentsworker.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcstoll
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
__std_terminate
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
GetProcAddress

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
WaitForSingleObjectEx
ReleaseSemaphore
CreateMutexExW
ReleaseMutex
CreateSemaphoreExW
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
TraceMessage

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsCreateString
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize
RoActivateInstance

api-ms-win-core-com-l1-1-0

CoTaskMemFree

api-ms-win-core-file-l1-1-0

WriteFile
ReadFile

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
powercfg.exe
.exe windows:10 windows x64 arch:x64

e85330399b67b18f4577e432ca6ce70d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

powercfg.pdb

Imports

msvcrt

memcpy
memmove
?terminate@@YAXXZ
_CxxThrowException
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
??1type_info@@UEAA@XZ
__wgetmainargs
_amsg_exit
_XcptFilter
free
_callnewh
malloc
fprintf
fflush
_wtoi
_wcstoui64
_wcsnicmp
_ui64tow_s
_itow_s
_vsnwprintf
_purecall
wcstoul
wcscat_s
wcscpy_s
_wcsicmp
__CxxFrameHandler4
__iob_func
swprintf_s
__set_app_type
memset

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtCreateFile
NtQueryObject
RtlFreeHeap
RtlInitUnicodeString
RtlAllocateHeap
RtlNtStatusToDosError
NtPowerInformation
RtlLoadString

rpcrt4

UuidEqual
UuidFromStringW
UuidToStringW
RpcStringFreeW

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-file-l1-1-0

GetFinalPathNameByHandleW
GetFileType
FindFirstFileW
CreateFileW
GetFileAttributesW
GetFullPathNameW
DeleteFileW
FindClose
FileTimeToLocalFileTime

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegEnumValueW
RegGetValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
GetTokenInformation

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
OpenProcessToken

api-ms-win-power-setting-l1-1-0

PowerGetActiveScheme
PowerWriteACValueIndex
PowerSetActiveScheme
PowerWriteDCValueIndex

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal

api-ms-win-power-base-l1-1-0

GetPwrCapabilities

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapFree
HeapSetInformation
HeapAlloc
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
LoadLibraryExW
LoadStringW
LoadLibraryExA
GetModuleHandleW

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-console-l1-1-0

GetConsoleMode
GetConsoleOutputCP
WriteConsoleW
SetConsoleCtrlHandler

api-ms-win-core-path-l1-1-0

PathCchRemoveBackslash
PathCchAppend

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-registry-l2-1-0

RegSaveKeyW

powrprof

PowerGetActualOverlayScheme
PowerApplyPowerRequestOverride
PowerGetAdaptiveStandbyDiagnostics
PowerEnumerate
PowerReadValueIncrement
PowerReadFriendlyName
PowerGetOverlaySchemes
PowerPolicyToGUIDFormat
PowerWriteDCDefaultIndex
PowerGetProfiles
PowerWriteACProfileIndex
PowerReadValueMin
PowerRemovePowerSetting
PowerCleanupOverrides
PowerRestoreIndividualDefaultPowerScheme
ReadPwrScheme
PowerReadValueUnitsSpecifier
PowerRestoreDefaultPowerSchemes
PowerReadValueMax
PowerReadProfileAlias
PowerReadACValueIndexEx
PowerWriteValueMax
PowerReplaceDefaultPowerSchemes
PowerSetActiveOverlayScheme
PowerReadPossibleFriendlyName
PowerWritePossibleValue
PowerReadPossibleValue
PowerWriteValueIncrement
PowerDeleteScheme
PowerWriteValueMin
PowerWriteDescription
PowerReadSecurityDescriptor
PowerWriteSecurityDescriptor
PowerDuplicateScheme
PowerReadDCValueIndexEx
PowerWriteDCProfileIndex
PowerWriteACDefaultIndex
GetActivePwrScheme
PowerWriteSettingAttributes
PowerWriteFriendlyName
DevicePowerOpen
DevicePowerEnumDevices
PowerReadDCValueIndex
PowerImportPowerScheme
DevicePowerClose
PowerReadACValueIndex
PowerOpenUserPowerKey
PowerReadSettingAttributes
DevicePowerSetDeviceState
PowerInformationWithPrivileges

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-service-private-l1-1-0

I_QueryTagInformation

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
prevhost.exe
.exe windows:10 windows x64 arch:x64

14e7a56ce14dad875047d7ec617bc003

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

prevhost.pdb

Imports

kernel32

GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
CreateEventW
FormatMessageW
GetLastError
OutputDebugStringW
SetEvent
WaitForSingleObjectEx
ReleaseSemaphore
CloseHandle
HeapSetInformation
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
SetLastError
HeapFree
CreateSemaphoreExW
OpenSemaphoreW
GetModuleFileNameA

user32

PeekMessageW
DispatchMessageW
MsgWaitForMultipleObjects
TranslateMessage

msvcrt

_lock
_unlock
__setusermatherr
__CxxFrameHandler3
free
_ismbblead
_cexit
?terminate@@YAXXZ
_onexit
_XcptFilter
__C_specific_handler
_initterm
_acmdln
_fmode
_exit
_callnewh
malloc
memcpy_s
_vsnwprintf
exit
__set_app_type
__getmainargs
_amsg_exit
__dllonexit
_commode
memset

api-ms-win-core-com-l1-1-0

CoRegisterSurrogate
CLSIDFromString
CoRevokeClassObject
CoGetInterfaceAndReleaseStream
CoInitializeSecurity
CoMarshalInterThreadInterfaceInStream
CoReleaseMarshalData
CoRegisterClassObject
CoCreateInstance
CoUninitialize
CoFreeUnusedLibraries
CoInitializeEx

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcess
TerminateProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

comctl32

ord328
ord386
ord329
ord334

shell32

ord176

shlwapi

ord219
ord16
ord215

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
print.exe
.exe windows:10 windows x64 arch:x64

d67c73847bd1dc0d9109ba544ad6c11d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

print.pdb

Imports

advapi32

IsTextUnicode

kernel32

HeapSetInformation
WideCharToMultiByte
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
TerminateProcess

msvcrt

_commode
?terminate@@YAXXZ
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
_fmode
_XcptFilter
__C_specific_handler

ulib

??0PATH_ARGUMENT@@QEAA@XZ
?QueryFile@SYSTEM@@SAPEAVFSN_FILE@@PEBVPATH@@EPEAE@Z
?Initialize@MULTIPLE_PATH_ARGUMENT@@QEAAEPEADEE@Z
??1MULTIPLE_PATH_ARGUMENT@@UEAA@XZ
??0MULTIPLE_PATH_ARGUMENT@@QEAA@XZ
?IsValueSet@ARGUMENT@@QEAAEXZ
?DebugDump@OBJECT@@UEBAXE@Z
?Compare@OBJECT@@UEBAJPEBV1@@Z
??1OBJECT@@UEAA@XZ
?Initialize@PRINT_STREAM@@QEAAEPEBVPATH@@@Z
?Initialize@FLAG_ARGUMENT@@QEAAEPEAD@Z
??0PRINT_STREAM@@QEAA@XZ
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QEAAXE@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QEAAEPEAVWSTRING@@@Z
?QueryInvalidArgument@ARGUMENT_LEXEMIZER@@QEAAPEAVWSTRING@@XZ
?PutSwitches@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
??0ARRAY@@QEAA@XZ
??1ARGUMENT_LEXEMIZER@@UEAA@XZ
??0ARGUMENT_LEXEMIZER@@QEAA@XZ
?Initialize@STRING_ARGUMENT@@QEAAEPEAD@Z
??1PATH_ARGUMENT@@UEAA@XZ
??0STRING_ARGUMENT@@QEAA@XZ
??0PROGRAM@@IEAA@XZ
?ValidateVersion@PROGRAM@@UEBAXKK@Z
?Usage@PROGRAM@@UEBAXXZ
?GetStandardError@PROGRAM@@UEAAPEAVSTREAM@@XZ
?GetStandardOutput@PROGRAM@@UEAAPEAVSTREAM@@XZ
?GetStandardInput@PROGRAM@@UEAAPEAVSTREAM@@XZ
?Fatal@PROGRAM@@UEBAXXZ
?Fatal@PROGRAM@@UEBAXKKPEADZZ
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@@Z
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@PEADZZ
??1PROGRAM@@UEAA@XZ
?Initialize@CLASS_DESCRIPTOR@@QEAAEPEBD@Z
??0CLASS_DESCRIPTOR@@QEAA@XZ
?Initialize@PATH@@QEAAEPEBGE@Z
??0PATH@@QEAA@XZ
?Display@MESSAGE@@QEAAEPEBDZZ
Get_Standard_Output_Stream
?Initialize@WSTRING@@QEAAEPEBDK@Z
??1ARRAY@@UEAA@XZ
?Initialize@PATH_ARGUMENT@@QEAAEPEADE@Z
?WriteByte@STREAM@@QEAAEE@Z
??0STREAM_MESSAGE@@QEAA@XZ
??1STREAM_MESSAGE@@UEAA@XZ
?Initialize@STREAM_MESSAGE@@QEAAEPEAVSTREAM@@00@Z
??1STRING_ARGUMENT@@UEAA@XZ
?Initialize@ARRAY@@QEAAEKK@Z
?Put@ARRAY@@UEAAEPEAVOBJECT@@@Z
?QueryStream@FSN_FILE@@QEAAPEAVFILE_STREAM@@W4STREAMACCESS@@K@Z
??0LONG_ARGUMENT@@QEAA@XZ
?Initialize@LONG_ARGUMENT@@QEAAEPEAD@Z
Get_Standard_Input_Stream
??1DSTRING@@UEAA@XZ
??0FLAG_ARGUMENT@@QEAA@XZ
?Initialize@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
??1PRINT_STREAM@@UEAA@XZ

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlFreeHeap
RtlAllocateHeap
RtlVirtualUnwind

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
printfilterpipelinesvc.exe
.exe windows:10 windows x64 arch:x64

fbc12e38838e6890bccd0777da4496e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

PrintFilterPipelineSvc.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
EventRegister
EventUnregister
RegQueryValueExW
RegGetValueW
EventWriteTransfer
SetThreadToken
EventWrite
EventEnabled
AccessCheck
MapGenericMask
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumValueW

kernel32

SetErrorMode
GetErrorMode
RtlCaptureStackBackTrace
CloseHandle
SetEvent
WaitForSingleObject
IsDebuggerPresent
OutputDebugStringA
SetProcessMitigationPolicy
CreateEventW
CreateThread
GetCurrentThreadId
Sleep
UnregisterWaitEx
CreateTimerQueue
RegisterWaitForSingleObject
DeleteTimerQueueEx
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
DecodePointer
EncodePointer
GetStringTypeW
HeapSetInformation
OutputDebugStringW
VerifyVersionInfoW
VerSetConditionMask
GetPrivateProfileStringW
GetPrivateProfileSectionW
AddVectoredExceptionHandler
FindResourceExW
DeleteTimerQueueTimer
CreateTimerQueueTimer
DeleteCriticalSection
GlobalLock
WaitForMultipleObjects
GlobalFree
GlobalAlloc
WriteFile
FlushFileBuffers
ReadFile
DuplicateHandle
SetEndOfFile
SetFilePointer
SetFilePointerEx
CreateFileW
GetTickCount64
InitializeCriticalSectionAndSpinCount
LoadLibraryW
GetSystemDirectoryW
GetFileAttributesW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
QueueUserWorkItem
ResetEvent
ExitProcess
ReleaseSemaphore
CreateSemaphoreW
GetCurrentThread
LocalFree
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
WideCharToMultiByte
InitializeCriticalSection
GlobalUnlock
LoadResource
SizeofResource
MultiByteToWideChar
EnterCriticalSection
RaiseException
LeaveCriticalSection
lstrcmpiW
GetModuleHandleW
LoadLibraryExW
GetProcAddress
GetLastError
FreeLibrary
GetModuleFileNameW
DebugBreak

user32

CharNextW
PostThreadMessageW
GetMessageW
DispatchMessageW
UnregisterClassA
TranslateMessage

msvcrt

??0bad_cast@@QEAA@PEBD@Z
??0bad_cast@@QEAA@AEBV0@@Z
strcspn
localeconv
sprintf_s
ldexp
wcstok_s
iswspace
wcsrchr
setlocale
__uncaught_exception
??0exception@@QEAA@AEBQEBD@Z
isupper
___lc_handle_func
___lc_codepage_func
___mb_cur_max_func
_ismbblead
islower
isspace
tolower
memchr
abort
memset
__crtLCMapStringW
__crtLCMapStringA
_wsetlocale
isalnum
isdigit
??1bad_cast@@UEAA@XZ
memcmp
memcpy
memmove
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_wcsdup
towlower
wcschr
wcsstr
wcstoul
_wcsicmp
_wcsnicmp
??0exception@@QEAA@XZ
wcscpy_s
calloc
_cexit
__setusermatherr
_initterm
_wcmdln
_fmode
_commode
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_errno
realloc
__CxxFrameHandler3
memcpy_s
_vsnwprintf
_vsnprintf
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
??1exception@@UEAA@XZ
__CxxFrameHandler4
_purecall
__C_specific_handler
wcsncpy_s
free
malloc
??0exception@@QEAA@AEBV0@@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
__pctype_func
wcscmp

oleaut32

GetErrorInfo
VariantCopy
SysFreeString
VariantClear
VariantInit
SysAllocString
VarUI4FromStr
SetErrorInfo

api-ms-win-core-com-l1-1-0

CoSuspendClassObjects
CoInitializeEx
CoUninitialize
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
CoResumeClassObjects
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CLSIDFromString
IIDFromString
GetHGlobalFromStream
CreateStreamOnHGlobal
StringFromGUID2
CoGetObjectContext
CoCreateGuid
CoRevertToSelf
CoImpersonateClient

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
EtwTraceMessage
EtwEventRegister
EtwEventUnregister
RtlReportException
EtwEventWrite
EtwEventEnabled

powrprof

PowerDeterminePlatformRole

xpspushlayer

ord5
ord4

gdi32

GdiDisableUMPDSandboxing

winspool.drv

GetPrinterDataW
GetPrinterDriverW
SetJobW
GetPrinterW
OpenPrinter2W
FreePrintPropertyValue
GetJobNamedPropertyValue
StartDocPrinterW
OpenPrinterW
ReadPrinter
EndDocPrinter
GetPrinterDriverDirectoryW
SeekPrinter
StartPagePrinter
EndPagePrinter
DocumentPropertiesW
ClosePrinter
WritePrinter

prntvpt

ord9
ord2
ord4

xpsservices

ord8

xmllite

CreateXmlReader

Sections

.text
Size: 464KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
printui.exe
.exe windows:10 windows x64 arch:x64

de8c59512ca98fb3e224769147985370

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

PrintUI.pdb

Imports

advapi32

RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyExW
RegCloseKey

kernel32

HeapSetInformation
GetProcAddress
FreeLibrary
GetCurrentProcessId
GetLastError
GetCommandLineW
LoadLibraryW
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

gdi32

GetStockObject

user32

RegisterClassW
CreateWindowExW
DestroyWindow
DefWindowProcW
LoadCursorW

msvcrt

_fmode
_commode
?terminate@@YAXXZ
__C_specific_handler
__wgetmainargs
_amsg_exit
_XcptFilter
iswspace
_wcmdln
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
proquota.exe
.exe windows:10 windows x64 arch:x64

3f32c4f6ebfec67c604916772e1803f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

proquota.pdb

Imports

advapi32

RegQueryValueExW
SetSecurityInfo
RegOpenKeyExW
GetAce
RegCloseKey
GetSecurityInfo

kernel32

CompareStringW
CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
FindNextFileW
GetCurrentProcess
ReleaseSemaphore
GetModuleHandleExW
ExpandEnvironmentStringsW
WaitForMultipleObjects
SetProcessShutdownParameters
CompareStringOrdinal
SetThreadPriority
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetEnvironmentVariableW
FindClose
WaitForSingleObject
LocalAlloc
GetCurrentThreadId
OpenEventW
FindFirstFileW
ResumeThread
ExitThread
FindFirstChangeNotificationW
CreateEventW
Sleep
FormatMessageW
GetTickCount64
GetLastError
OutputDebugStringW
SetEvent
FindCloseChangeNotification
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
CreateThread
HeapSetInformation
HeapAlloc
FindNextChangeNotification
GetProcAddress
CreateMutexExW
LocalFree
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
LocalReAlloc
DebugBreak
IsDebuggerPresent
GetModuleFileNameA
ReleaseMutex

user32

PostQuitMessage
CheckDlgButton
KillTimer
GetDlgItem
GetClientRect
LoadIconW
TranslateMessage
IsDlgButtonChecked
SendDlgItemMessageW
ShutdownBlockReasonCreate
RegisterClassW
SetDlgItemTextW
DestroyIcon
SetTimer
GetDesktopWindow
LoadStringW
GetSystemMetrics
EndDialog
SendMessageW
CreateWindowExW
MessageBoxW
SetWindowPos
GetWindowRect
PostMessageW
DefWindowProcW
GetMessageW
GetWindowLongW
GetParent
DialogBoxParamW
SetForegroundWindow
LoadImageW
DispatchMessageW
ShutdownBlockReasonDestroy

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit

api-ms-win-crt-private-l1-1-0

_o___p__commode
_o___std_exception_copy
_o___std_exception_destroy
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__cexit
_o__configthreadlocale
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_free
_o_terminate
__current_exception
__current_exception_context
__std_terminate
__C_specific_handler
__CxxFrameHandler4
_CxxThrowException
memcpy

api-ms-win-crt-string-l1-1-0

memset

shell32

SHGetFileInfoW
Shell_NotifyIconW
ord60

userenv

UnregisterGPNotification
RegisterGPNotification

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

comctl32

ord17

ole32

CoInitialize

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
provlaunch.exe
.exe windows:10 windows x64 arch:x64

5e2bd8bdc63e61f7e0d77c0b742a3dc3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

provlaunch.pdb

Imports

msvcp110_win

?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xbad_alloc@std@@YAXXZ
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z

msvcrt

??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
memset
_callnewh
malloc
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
wcstol
_errno
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
__CxxFrameHandler4
_XcptFilter
_CxxThrowException
memcpy
memmove

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleW
GetProcAddress
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
CreateMutexExW
ReleaseSemaphore
OpenSemaphoreW
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
GetExitCodeProcess
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetStartupInfoW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegEnumKeyExW
RegDeleteTreeW
RegQueryInfoKeyW
RegGetValueW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-shell-shdirectory-l1-1-0

ord290

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
provtool.exe
.exe windows:10 windows x64 arch:x64

32a66f804cdbf1298dd7e3bae661d502

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

provtool.pdb

Imports

msvcp110_win

?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z

msvcrt

memset
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
memmove
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memcpy
_CxxThrowException
malloc
_callnewh
wcscmp
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_wcsicmp
_wcsnicmp
__CxxFrameHandler3
_purecall
wcstok_s
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
wprintf
__CxxFrameHandler4

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
LoadLibraryExW
GetModuleHandleW
FreeLibrary

api-ms-win-security-base-l1-1-0

MakeAbsoluteSD

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
ReleaseSemaphore
CreateMutexExW
WaitForSingleObjectEx
WaitForSingleObject
OpenSemaphoreW
ReleaseMutex

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-com-l1-1-0

CoCreateGuid
CoUninitialize
CoInitializeSecurity
CoCreateInstance
CoInitializeEx

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegEnumValueW
RegGetValueW
RegOpenKeyExW

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

dmcommandlineutils

ProcessCommandLine
FreeCommandLineOptions

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-path-l1-1-0

PathCchCombineEx
PathCchAppendEx
PathCchCanonicalizeEx
PathCchFindExtension

api-ms-win-core-file-l1-1-0

GetFileAttributesW
FindFirstFileW
FindNextFileW
DeleteFileW
FindClose

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

profapi

ord117

crypt32

CryptBinaryToStringW

ntdll

NtQuerySystemInformation
RtlAdjustPrivilege

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
prproc.exe
.exe windows:10 windows x64 arch:x64

6c59001e0768c2b59f1f170dae94ead2

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9a:92:b6:5f:df:51:9f:e1:d9:23:0d:0e:13:42:c8:17:88:83:5f:72:76:bc:59:c6:04:df:da:d8:3e:d8:cb:5b
Signer

Actual PE Digest

9a:92:b6:5f:df:51:9f:e1:d9:23:0d:0e:13:42:c8:17:88:83:5f:72:76:bc:59:c6:04:df:da:d8:3e:d8:cb:5b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

PRPROC.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o___p__commode
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetStartupInfoW
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
psr.exe
.exe windows:10 windows x64 arch:x64

0fa671e07bc86ba0d63303fcbe0439ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

psr.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
RegGetValueW
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW
RegGetValueA

kernel32

DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
GetFullPathNameW
LocalFree
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateThreadpoolTimer
SetThreadpoolTimer
MultiByteToWideChar
WideCharToMultiByte
AcquireSRWLockShared
ReleaseSRWLockShared
LeaveCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsW
GetFileAttributesW
CreateDirectoryW
CreateEventExW
SetEvent
DeleteFileW
MoveFileExW
Wow64DisableWow64FsRedirection
GetCommandLineW
GetSystemDirectoryW
CreateMutexExW
CreateEventW
CreateMutexW
RegisterWaitForSingleObject
HeapSetInformation
IsWow64Process
GetCurrentProcess
UnregisterWait
RaiseException
InitOnceBeginInitialize
InitializeCriticalSectionEx
InitializeCriticalSection
GetModuleFileNameW
LoadLibraryExW
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
GetSystemTime
SystemTimeToTzSpecificLocalTime
CopyFileW
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
GetSystemTimeAsFileTime
Sleep
LockResource
LoadResource
FindResourceW
EncodePointer
GetProcAddress
HeapAlloc
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
OpenEventW
LoadLibraryExA
VirtualAlloc
VirtualFree
lstrcmpiW
lstrcmpiA
GetModuleHandleExW
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
ResetEvent
QueryPerformanceCounter
InitializeSListHead
GetStartupInfoW
FileTimeToLocalFileTime
CreateFileW
OpenProcess
GetCurrentDirectoryW
SetCurrentDirectoryW
DeleteFileA
GetLocaleInfoEx
TlsAlloc
TlsSetValue
GlobalHandle
WaitForSingleObject
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
InitOnceComplete
GlobalFree
TlsFree
TlsGetValue
lstrlenA
CreateFileA
ReadFile
IsDBCSLeadByte
FileTimeToDosDateTime
FindClose
GlobalReAlloc
lstrcmpA
WriteFile
GetFileAttributesExA
ReplaceFileW
SetFilePointer
DecodePointer
GetFileInformationByHandle
SetFileAttributesW
GetFileAttributesExW
GetDriveTypeA
FindFirstFileA
FindNextFileA
LoadLibraryW
FreeLibrary

gdi32

CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
DeleteDC
GetStockObject
GetObjectW
GetDeviceCaps

user32

UnregisterClassA
GetDlgItemInt
EndDialog
SetDlgItemTextW
EnableWindow
SetDlgItemInt
SendDlgItemMessageW
SetForegroundWindow
DialogBoxParamW
UnregisterClassW
KillTimer
SetTimer
GetWindowRect
GetTitleBarInfo
GetProcessDefaultLayout
LoadAcceleratorsW
DefWindowProcW
MessageBoxW
CharLowerA
SetLayeredWindowAttributes
GetDpiForWindow
DispatchMessageW
AdjustWindowRectExForDpi
PeekMessageA
DispatchMessageA
CharNextA
OemToCharBuffA
CharToOemBuffA
CharPrevA
CharUpperBuffA
RegisterClassExW
CharUpperW
CharNextW
PostThreadMessageW
GetDlgItemTextW
DestroyIcon
GetMessageW
TranslateMessage
GetWindowLongW
GetWindowLongPtrW
SetWindowLongPtrW
DestroyAcceleratorTable
GetDesktopWindow
ReleaseDC
GetDC
InvalidateRect
CallWindowProcW
InvalidateRgn
GetClientRect
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
SetWindowLongW
PostQuitMessage
MapDialogRect
SetWindowContextHelpId
TranslateAcceleratorW
GetKeyState
LoadIconW
PostMessageW
TrackPopupMenu
EnableMenuItem
DestroyMenu
GetSubMenu
LoadMenuW
LoadCursorW
GetParent
ClientToScreen
CreateAcceleratorTableW
DestroyWindow
CreateWindowExW
GetClassInfoExW
RedrawWindow
SetWindowPos
GetSysColor
GetClassNameW
IsWindow
SendMessageW
GetDlgItem
GetWindow
SetFocus
GetFocus
IsChild
EndPaint
BeginPaint
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
LoadStringW
GetSystemMetrics
GetSysColorBrush
SystemParametersInfoW
ShowWindow
MapWindowPoints
UpdateWindow

msvcp_win

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

api-ms-win-crt-string-l1-1-0

memset
strncmp

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__getdrive
_o__gmtime32
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__localtime32
_o__mktemp
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__callnewh
_o__set_new_mode
_o__wcsicmp
_o__wtoi
_o_abort
_o_calloc
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_mbstowcs_s
_o_qsort
_o_realloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
__current_exception
__current_exception_context
__CxxFrameHandler3
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__C_specific_handler
__std_terminate
__CxxFrameHandler4
strstr
_CxxThrowException
__C_specific_handler_noexcept
memcmp
memcpy
_o__cexit
memmove

uireng

UirInitializeEngine
UirStopRecordingSession
UirOutCreateOutputFile
UirGetRecordedActionInfo
UirWriteRecordedActionListXml
UirWriteRecordedActionAndCommentListMht
UirWriteUserComments
UirFreeRecordedActionInfo
UirPauseRecordingSession
UirResumeRecordingSession
UirUpdateRecordingSession
UirStartRecordingSession

comctl32

ImageList_Destroy
ImageList_GetIcon
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_Create
ord381

ntdll

EtwEventWriteNoRegistration
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

oleaut32

UnRegisterTypeLi
SysAllocString
LoadTypeLi
RegisterTypeLi
SysStringLen
VarBstrCmp
OleCreateFontIndirect
LoadRegTypeLi
SysStringByteLen
VariantClear
VariantInit
SysAllocStringLen
SysFreeString
GetErrorInfo
SetErrorInfo

ole32

CoCreateInstance
CoInitialize
CreateStreamOnHGlobal
OleLockRunning
CoCreateFreeThreadedMarshaler
CLSIDFromProgID
CLSIDFromString
OleInitialize
OleUninitialize
CoTaskMemAlloc
CoUninitialize
CoTaskMemFree
StringFromGUID2
CoCreateGuid
CoGetClassObject
CoInitializeEx

shell32

SHFileOperationW
ShellExecuteExW
ord171
SHCreateItemInKnownFolder
ShellAboutW
CommandLineToArgvW

shlwapi

PathFindExtensionW
PathAppendW
PathGetArgsW
PathRemoveExtensionW
PathFindFileNameW
PathCombineW
PathRemoveFileSpecW
PathFileExistsW
SHAutoComplete
PathFindExtensionA
PathMatchSpecExA
ord216
ord218
PathIsSameRootW

api-ms-win-crt-time-l1-1-0

_time32

Sections

.text
Size: 256KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pwlauncher.exe
.exe windows:10 windows x64 arch:x64

83c9df9631980adba74edd944ab6f667

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

pwlauncher.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
StartTraceW
EnableTrace
ControlTraceW
OpenProcessToken
GetTokenInformation
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

kernel32

FormatMessageW
LocalFree
GetTempPathW
GetLastError
GetCurrentProcessId
CloseHandle
GetCurrentProcess
SizeofResource
LockResource
LoadResource
FindResourceExW
GetConsoleOutputCP
SetThreadPreferredUILanguages
ReleaseSRWLockExclusive
Sleep
LeaveCriticalSection
EnterCriticalSection
RaiseException
DeleteCriticalSection
InitializeCriticalSection
HeapDestroy
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
WakeAllConditionVariable
SleepConditionVariableSRW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
AcquireSRWLockExclusive
UnhandledExceptionFilter
TerminateProcess

msvcrt

??1type_info@@UEAA@XZ
_onexit
__dllonexit
memcpy
_initterm
__setusermatherr
_cexit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_unlock
_lock
?terminate@@YAXXZ
_commode
_XcptFilter
__CxxFrameHandler3
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
_CxxThrowException
__C_specific_handler
_wsetlocale
swprintf_s
wprintf_s
vswprintf_s
_vscwprintf
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
free
malloc
?what@exception@@UEBAPEBDXZ
memcpy_s
memmove_s
_wcsicmp
__CxxFrameHandler4
??3@YAXPEAX@Z
_fmode
_exit
memset

user32

UnregisterClassA

ole32

CoUninitialize
CoInitializeEx
CoTaskMemFree
CoCreateInstance
StringFromCLSID
CoCreateGuid

shlwapi

PathAppendW

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlCheckPortableOperatingSystem
RtlNtStatusToDosError
RtlVirtualUnwind

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rasautou.exe
.exe windows:10 windows x64 arch:x64

69dc1709b7740448a0dc0ad149c69d48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rasautou.pdb

Imports

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExW

kernel32

VirtualFree
VirtualAlloc
LocalAlloc
MultiByteToWideChar
ProcessIdToSessionId
GetLastError
HeapSetInformation
LocalFree
GetCurrentProcessId
GetModuleHandleW
LoadLibraryExW
Sleep
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
ActivateActCtx
DeactivateActCtx
DelayLoadFailureHook
ResolveDelayLoadedAPI
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW

msvcrt

_wcsicmp
_fmode
printf
_stricmp
strstr
_XcptFilter
_amsg_exit
__wgetmainargs
?terminate@@YAXXZ
_commode
__set_app_type
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit

ntdll

NtQuerySystemInformation
RtlInitUnicodeString
NtClose
DbgPrint
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtOpenFile

rasapi32

RasGetAutodialParamW
RasEnumAutodialAddressesW
DwRasUninitialize
RasGetAutodialAddressW

rasdlg

RasDialDlgW
RasPhonebookDlgW
RasAutodialQueryDlgW

ws2_32

WSAStartup

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rasdial.exe
.exe windows:10 windows x64 arch:x64

d893fb6dd140ff7107d0e41ffbaaaec9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rasdial.pdb

Imports

kernel32

SetConsoleCtrlHandler
CompareStringW
GetCommandLineW
GetConsoleOutputCP
GetStdHandle
WriteFile
ExpandEnvironmentStringsW
SetThreadUILanguage
WaitForSingleObject
LocalAlloc
CreateFileW
CreateEventW
Sleep
FormatMessageW
GetLastError
SetEvent
GlobalAlloc
GlobalFree
CloseHandle
HeapSetInformation
LocalFree
GetModuleHandleW
WideCharToMultiByte
RtlLookupFunctionEntry
RtlVirtualUnwind
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlCaptureContext

msvcrt

?terminate@@YAXXZ
_fmode
_initterm
__setusermatherr
_exit
_commode
__iob_func
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_getwch
getchar
wcsstr
_itow
wcschr
_wcsupr
fputwc
exit
__C_specific_handler
_cexit
memset

rasapi32

RasGetConnectStatusW
RasHangUpW
RasDialW
RasFreeEapUserIdentityW
RasGetErrorStringW
RasGetEntryPropertiesW
RasGetEapUserIdentityW
RasEnumConnectionsW
RasHandleTriggerConnDisconnect
RasCompleteDialMachineCleanup

user32

LoadStringW

shell32

CommandLineToArgvW

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
raserver.exe
.exe windows:10 windows x64 arch:x64

e20b4754318a11b8eb79040b310ad904

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

RAServer.pdb

Imports

advapi32

RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
IsValidRelativeSecurityDescriptor
MakeAbsoluteSD
InitializeSecurityDescriptor
InitializeAcl
MakeSelfRelativeSD
IsValidSecurityDescriptor
AllocateAndInitializeSid
GetLengthSid
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
FreeSid
GetSecurityDescriptorDacl
IsValidAcl
GetAclInformation
GetAce
EqualSid
AddAccessDeniedAce
DeleteAce
RegEnumValueW
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
CryptGetUserKey
CryptGenKey
CryptExportKey
CryptImportKey
CryptDecrypt
CryptEncrypt
EventWrite
EventUnregister
EventRegister

kernel32

GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
CreateEventW
MultiByteToWideChar
FormatMessageW
GetLastError
OutputDebugStringW
ReleaseSemaphore
OpenSemaphoreW
CloseHandle
RaiseException
FindResourceExW
LoadResource
HeapAlloc
GetProcAddress
CreateMutexExW
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
FreeLibrary
DebugBreak
lstrcmpiW
LoadLibraryExW
IsDebuggerPresent
SetProcessMitigationPolicy
SetErrorMode
HeapSetInformation
CompareStringW
GetCommandLineW
SetEvent
Sleep
CreateThread
LoadLibraryW
ResetEvent
GetSystemDirectoryW
DelayLoadFailureHook
ResolveDelayLoadedAPI
OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
EnterCriticalSection
SetLastError
HeapFree
CreateSemaphoreExW
SizeofResource
GetModuleHandleExW
GetModuleFileNameA
WaitForSingleObjectEx

user32

TranslateMessage
DispatchMessageW
LoadStringW
UnregisterClassA
CharNextW
CharUpperW
PostThreadMessageW
GetMessageW

msvcrt

__setusermatherr
_callnewh
_wcmdln
_fmode
_commode
_errno
??0exception@@QEAA@AEBQEBDH@Z
realloc
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_initterm
memcmp
wcsncmp
_wtol
iswdigit
_cexit
_exit
exit
__set_app_type
_wtoi
wcscat_s
wcscpy_s
wcsncpy_s
malloc
free
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
__C_specific_handler
__CxxFrameHandler4
??3@YAXPEAX@Z
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
memset
_CxxThrowException
wcscmp

shlwapi

StrCmpIW

oleaut32

SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SysAllocStringByteLen
SysAllocString
UnRegisterTypeLi
LoadRegTypeLi
LoadTypeLi
SysFreeString
SysStringByteLen
RegisterTypeLi
SysStringLen
VarUI4FromStr
VarBstrCat
SysAllocStringLen
VarBstrCmp

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory

shell32

SHGetSpecialFolderPathW
ShellExecuteW

crypt32

CryptStringToBinaryW
CryptBinaryToStringW

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
CoSuspendClassObjects
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
StringFromGUID2
CoResumeClassObjects
CoInitializeEx
CoUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc

samcli

NetLocalGroupAddMembers
NetLocalGroupDel
NetLocalGroupAdd
NetLocalGroupGetInfo
NetLocalGroupGetMembers
NetLocalGroupDelMembers

netutils

NetApiBufferFree

Sections

.text
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rasphone.exe
.exe windows:10 windows x64 arch:x64

bafee5a15041b808dad2d2fdf7d204f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rasphone.pdb

Imports

advapi32

RegCloseKey
RegSetValueExW
RegDeleteKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken

kernel32

FreeLibrary
LoadLibraryExW
GetPrivateProfileStringW
FormatMessageW
GetModuleFileNameW
ActivateActCtx
DeactivateActCtx
CreateActCtxW
GetModuleHandleW
GetProcAddress
HeapSetInformation
lstrlenA
ReleaseActCtx
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetLastError
CloseHandle
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
GlobalAlloc
GlobalFree
LocalFree
GlobalReAlloc
CompareStringW

msvcrt

__argv
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
_ismbblead
__argc
_initterm
__C_specific_handler
_acmdln
_fmode
_commode
?terminate@@YAXXZ
__setusermatherr
memcpy
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
_wtol
NtQueryInformationToken
_vsnwprintf

rtutils

TracePrintfExA
TraceDeregisterExA
TraceRegisterExA

user32

CharNextW
CharPrevW
LoadStringW
MessageBoxW

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdpclip.exe
.exe windows:10 windows x64 arch:x64

e0421433defcad674f59db8672487c3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rdpclip.pdb

Imports

user32

MsgWaitForMultipleObjectsEx
PostThreadMessageW
UnregisterClassW
IsClipboardFormatAvailable
GetWindowThreadProcessId
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
EmptyClipboard
GetClipboardOwner
UnionRect
CharNextA
CharPrevA
GetClipboardFormatNameW
ChangeDisplaySettingsExW
GetMessageW
GetWindowRect
IsWindowVisible
EqualRect
EnumChildWindows
EnumDisplayMonitors
IsWindow
CloseDesktop
DispatchMessageW
SetTimer
GetMonitorInfoW
GetLayeredWindowAttributes
IsChild
EnumWindows
TranslateMessage
GetUserObjectInformationW
SetRectEmpty
GetClientRect
KillTimer
GetDesktopWindow
OpenDesktopW
GetParent
GetAncestor
GetWindowRgn
GetWindowTextW
MonitorFromWindow
OffsetRect
CopyRect
ClientToScreen
IntersectRect
GetClassNameW
SetRect
DestroyWindow
SendMessageW
RegisterClipboardFormatW
GetSystemMetrics
EnumDisplayDevicesW
EnumDisplaySettingsW
RegisterDeviceNotificationW
RegisterClassW
UnregisterDeviceNotification
LoadStringW
DefWindowProcW
PostMessageW
SetWindowLongPtrW
CreateWindowExW
GetWindowLongPtrW
RegisterClassExW
PeekMessageW
LoadCursorW
PostQuitMessage
SystemParametersInfoW
SetWinEventHook
GetClassInfoExW
GetWindowTextLengthW
UnhookWinEvent

msvcrt

?terminate@@YAXXZ
memset
memmove
malloc
__getmainargs
__set_app_type
exit
_exit
_cexit
_ismbblead
wcschr
free
__setusermatherr
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
wcsrchr
swprintf_s
_vscwprintf
_wcsnicmp
__CxxFrameHandler4
_initterm
_acmdln
memcpy
memcmp
_CxxThrowException
_fmode
_commode
_lock
_XcptFilter
_callnewh
_unlock
__dllonexit
__C_specific_handler
_errno
_wcsicmp
_wsplitpath_s
_wmakepath_s
memmove_s
_purecall
memcpy_s
_vsnwprintf
_onexit
isalpha
_strnicmp
wcsnlen
strnlen
_amsg_exit
??1type_info@@UEAA@XZ
__CxxFrameHandler3
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FreeLibraryAndExitThread
GetModuleHandleW
GetModuleHandleExW
GetModuleHandleExA
LoadLibraryExW
FreeLibrary
GetProcAddress

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetLastError
SetLastError

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventActivityIdControl
EventRegister

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
CreateEventW
ReleaseMutex
CreateEventExW
ReleaseSRWLockExclusive
WaitForSingleObject
WaitForMultipleObjectsEx
LeaveCriticalSection
AcquireSRWLockExclusive
WaitForSingleObjectEx
ReleaseSemaphore
OpenSemaphoreW
ResetEvent
InitializeCriticalSectionEx
AcquireSRWLockShared
DeleteCriticalSection
InitializeCriticalSection
CreateSemaphoreExW
CreateMutexW
ReleaseSRWLockShared
SetEvent
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapSetInformation
HeapAlloc
GetProcessHeap

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
TlsGetValue
OpenThread
SwitchToThread
GetStartupInfoW
CreateThread
GetCurrentProcess
TlsAlloc
GetCurrentProcessId
GetCurrentThread
OpenThreadToken
QueueUserAPC
ProcessIdToSessionId
TlsSetValue
OpenProcessToken
TlsFree

api-ms-win-core-localization-l1-2-0

IsDBCSLeadByte
FormatMessageW
GetCPInfo

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW
K32GetModuleFileNameExW

api-ms-win-core-file-l1-1-0

CreateFileW
ReadFileEx
WriteFile
SetFilePointerEx
QueryDosDeviceW
GetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
ReadFile
GetTempFileNameW
DefineDosDeviceW
DeleteFileW
GetFileInformationByHandle
CreateDirectoryW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegGetValueW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegEnumValueW

api-ms-win-core-com-l1-1-0

CoUninitialize
CoTaskMemAlloc
CoSetProxyBlanket
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoInitializeEx

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-security-isolatedcontainer-l1-1-1

IsProcessInWDAGContainer

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo
GetVersionExW

rpcrt4

RpcStringBindingParseW
RpcBindingToStringBindingW
NdrServerCall2
RpcServerListen
RpcRevertToSelf
RpcImpersonateClient
RpcServerRegisterIfEx
RpcServerUnregisterIfEx
RpcServerUseProtseqEpW
NdrServerCallAll
RpcStringFreeW
RpcBindingInqAuthClientW

api-ms-win-security-base-l1-1-0

CheckTokenMembership
AllocateAndInitializeSid
FreeSid
DestroyPrivateObjectSecurity
GetTokenInformation
GetLengthSid
CopySid

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
InitOnceInitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

NtCreateFile
EtwEventActivityIdControl
RtlNtStatusToDosError
NtClose
RtlMultiByteToUnicodeN
RtlInitUnicodeString

gdi32

DeleteEnhMetaFile
GetStockObject
DeleteMetaFile
ExtEscape
DeleteDC
CreateDCW
GetRgnBox
CombineRgn
DeleteObject
GetRegionData
CreateRectRgn
OffsetRgn
EqualRgn
CreateRectRgnIndirect
SetRectRgn
GetObjectW
GetPaletteEntries
CreatePalette
CreateMetaFileW
SetMetaFileBitsEx
GetMetaFileBitsEx
CloseMetaFile
PlayMetaFile

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-heap-l2-1-0

LocalAlloc
GlobalAlloc
LocalFree
GlobalFree

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-kernel32-legacy-l1-1-0

GetNamedPipeClientProcessId

api-ms-win-core-namedpipe-l1-1-0

DisconnectNamedPipe
CreateNamedPipeW
ConnectNamedPipe
SetNamedPipeHandleState

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringW

api-ms-win-security-systemfunctions-l1-1-0

SystemFunction036

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString

api-ms-win-core-heap-obsolete-l1-1-0

GlobalSize
GlobalLock
GlobalUnlock

api-ms-win-core-path-l1-1-0

PathCchCanonicalize

Sections

.text
Size: 436KB - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdpinput.exe
.exe windows:10 windows x64 arch:x64

224fd90eecbc5c37e4d8d6d4947c54cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rdpinput.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
GetTokenInformation
OpenProcessToken
OpenThreadToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
EventActivityIdControl
CloseServiceHandle
OpenSCManagerW
StartServiceW
OpenServiceW

kernel32

OpenThread
DebugBreak
CreateSemaphoreW
GetProcessHeap
SwitchToThread
HeapAlloc
GetSystemInfo
OutputDebugStringW
InitializeCriticalSection
HeapFree
GetModuleFileNameA
LocalAlloc
WaitForMultipleObjects
SetLastError
CreateMutexExW
CreateSemaphoreExW
HeapSetInformation
GetCommandLineW
GetCurrentProcess
DuplicateHandle
OpenProcess
CloseHandle
CreateMutexW
GetModuleHandleExA
IsDebuggerPresent
FreeLibrary
GetLastError
ReleaseMutex
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
TerminateProcess
WaitForSingleObject
OpenEventW
CreateEventW
SetEvent
CreateThread
LocalFree
EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
ResetEvent
DeleteCriticalSection
GetModuleHandleExW
WaitForSingleObjectEx
FreeLibraryAndExitThread
QueueUserAPC
ReadFileEx
ProcessIdToSessionId
CancelIo
WriteFile
GetOverlappedResult
LoadLibraryExW
TlsAlloc
TlsSetValue
TlsFree
TlsGetValue
GetCurrentThread
QueryPerformanceFrequency
SetWaitableTimer
CreateWaitableTimerExW
GetVersionExW
FormatMessageW
GetProcAddress
OpenSemaphoreW

user32

ScreenToClient
SystemParametersInfoW
CloseDesktop
OpenInputDesktop
SetThreadDesktop
DispatchMessageW
SendInput
GetSystemMetrics
PostMessageW
SetWindowLongPtrW
DefWindowProcW
CreateWindowExW
GetWindowLongPtrW
GetClassInfoExW
LoadCursorW
DestroyWindow
PeekMessageW
MsgWaitForMultipleObjectsEx
UnregisterClassW
PostQuitMessage
RegisterClassExW
PostThreadMessageW

msvcrt

_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_purecall
_wtoi64
_wtoi
wcsstr
memset
memcpy
memcpy_s
_vsnwprintf
__CxxFrameHandler3

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlMultiByteToUnicodeN

winsta

WinStationIsSessionRemoteable
WinStationVirtualOpenEx

wtsapi32

WTSVirtualChannelOpen
WTSUnRegisterSessionNotification
WTSRegisterSessionNotification
WTSVirtualChannelQuery
WTSVirtualChannelClose
WTSFreeMemory

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdrleakdiag.exe
.exe windows:10 windows x64 arch:x64

bbaeddb424d5e6ad0fea37aaae4fa16c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rdrleakdiag.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__cexit
memcpy
_o__wcsicmp
_o__wtol
_o_exit
_o_qsort
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___stdio_common_vswprintf
_o___p__commode
_o___p___wargv
_o___p___argc
wcsrchr

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-file-l1-1-0

CreateFileW
CreateDirectoryW
SetFilePointer
GetTempFileNameW
RemoveDirectoryW
DeleteFileW
WriteFile

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapSetInformation
HeapAlloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
SetProcessShutdownParameters
GetCurrentProcess
GetProcessTimes
GetProcessId
OpenProcessToken

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess
GetProcessMitigationPolicy

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
ReadProcessMemory
MapViewOfFile
CreateFileMappingW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
GetModuleFileNameW
LoadStringW
GetModuleHandleW
FreeLibrary

api-ms-win-core-memory-l1-1-3

SetProcessValidCallTargets

api-ms-win-eventing-provider-l1-1-0

EventWrite

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

ntdll

NtWaitForSingleObject
NtResetEvent
EtwEventRegister
NtQueryInformationThread
RtlFreeHeap
NtCreateMutant
NtSetEvent
NtQueryInformationProcess
RtlAllocateHeap
RtlNtStatusToDosError
NtCreateEvent
NtReleaseMutant
NtDuplicateObject
RtlCreateProcessReflection
NtClose
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
NtOpenProcess
RtlEqualUnicodeString
RtlInitUnicodeString
EtwEventUnregister
NtCreateThreadEx

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW
OpenServiceW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW

api-ms-win-service-core-l1-1-1

EnumServicesStatusExW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
readCloudDataSettings.exe
.exe windows:10 windows x64 arch:x64

952778e7951347b92084f804a66ed621

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

readCloudDataSettings.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm_e
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsnicmp
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_terminate
_o_towlower
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
WaitForSingleObject
ReleaseSemaphore
ReleaseMutex
SetEvent
CreateEventExW
CreateSemaphoreExW
OpenSemaphoreW
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
CoUninitialize
CoInitializeEx
CoCreateFreeThreadedMarshaler

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetStartupInfoW
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InitializeSListHead

oleaut32

SysAllocString
SysStringLen
GetErrorInfo
SetErrorInfo
SysFreeString

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
recdisc.exe
.exe windows:10 windows x64 arch:x64

a2042075d402c99a2a280af40042a5ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

recdisc.pdb

Imports

user32

ShowWindow
MessageBoxW
EndDialog
GetLastActivePopup
SetFocus
IsWindow
LoadIconW
ChangeWindowMessageFilterEx
RegisterWindowMessageW
SetWindowLongPtrW
GetWindowLongPtrW
DialogBoxParamW
GetDlgItem
DestroyIcon
SendMessageW
GetSystemMetrics
EnableWindow
PostMessageW
SetWindowTextW
GetWindowLongW

msvcrt

_vscwprintf
iswspace
memmove
memcpy
memcmp
wcsstr
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_wcsicmp
_wcsnicmp
wcschr
_vsnwprintf
memset

oleaut32

SysFreeString
SysAllocStringLen
DispCallFunc
SysStringLen
VariantClear
LoadRegTypeLi
SysAllocString

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
TraceMessage
GetTraceEnableFlags
GetTraceLoggerHandle

api-ms-win-core-file-l1-1-0

DeleteFileW
CreateDirectoryW
CreateFileW
FindClose
GetVolumePathNameW
GetLogicalDriveStringsW
GetFileAttributesW
FindNextFileW
GetDriveTypeW
GetDiskFreeSpaceExW
FindFirstFileW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetErrorMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
CoCreateGuid
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
OpenProcessToken
TlsFree
TlsGetValue
TlsSetValue
GetCurrentProcessId
GetCurrentProcess
TlsAlloc
GetCurrentThreadId
CreateThread
TerminateProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo
VerSetConditionMask

api-ms-win-core-synch-l1-2-0

InitializeConditionVariable
SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadStringW
FreeLibrary
LoadLibraryExW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
OpenServiceW

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetFileMUIPath

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
EnableTraceEx2
StartTraceW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-security-base-l1-1-0

DuplicateToken
CreateWellKnownSid
CheckTokenMembership
GetTokenInformation

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateEventW
EnterCriticalSection

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

shell32

SHParseDisplayName
ord155
SHGetFileInfoW
SHGetDesktopFolder
CommandLineToArgvW

shlwapi

StrRetToBufW
SHCreateStreamOnFileW
SHCreateStreamOnFileEx

ntdll

WinSqmAddToStream
NtQuerySystemInformation
RtlGetLastNtStatus
EtwTraceMessage
NtQueryInformationFile
NtSetInformationFile
RtlNtStatusToDosError

comctl32

ImageList_Destroy
ord345
ImageList_ReplaceIcon
ord344
ImageList_Create

bcd

BcdOpenObject
BcdOpenSystemStore
BcdGetElementData

reagent

WinReGetConfig

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
recover.exe
.exe windows:10 windows x64 arch:x64

15ec0ace85d3228adcc66943670ef7d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

recover.pdb

Imports

msvcrt

?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter

ulib

??1PATH_ARGUMENT@@UEAA@XZ
?QueryInvalidArgument@ARGUMENT_LEXEMIZER@@QEAAPEAVWSTRING@@XZ
?PutSeparators@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?Initialize@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
??1ARGUMENT_LEXEMIZER@@UEAA@XZ
??0ARGUMENT_LEXEMIZER@@QEAA@XZ
?Initialize@STRING_ARGUMENT@@QEAAEPEAD@Z
??1STRING_ARGUMENT@@UEAA@XZ
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QEAAXE@Z
?QueryFullPath@PATH@@QEBAPEAV1@XZ
?Display@MESSAGE@@QEAAEPEBDZZ
Get_Standard_Output_Stream
?Strcat@WSTRING@@QEAAEPEBV1@@Z
?QueryString@WSTRING@@QEBAPEAV1@KK@Z
?Initialize@WSTRING@@QEAAEPEBDK@Z
??1OBJECT@@UEAA@XZ
?Initialize@PATH_ARGUMENT@@QEAAEPEADE@Z
??0STREAM_MESSAGE@@QEAA@XZ
??1STREAM_MESSAGE@@UEAA@XZ
?IsValueSet@ARGUMENT@@QEAAEXZ
?QueryDriveType@SYSTEM@@SA?AW4DRIVE_TYPE@@PEBVWSTRING@@@Z
?QueryLibraryEntryPoint@SYSTEM@@SAP6A_JXZPEBVWSTRING@@0PEAPEAX@Z
?FreeLibraryHandle@SYSTEM@@SAXPEAX@Z
??0STRING_ARGUMENT@@QEAA@XZ
??0PATH_ARGUMENT@@QEAA@XZ
?Initialize@STREAM_MESSAGE@@QEAAEPEAVSTREAM@@00@Z
?Set@STREAM_MESSAGE@@UEAAEKW4MESSAGE_TYPE@@K@Z
??0FLAG_ARGUMENT@@QEAA@XZ
?Initialize@FLAG_ARGUMENT@@QEAAEPEAD@Z
??0ARRAY@@QEAA@XZ
??1ARRAY@@UEAA@XZ
?Initialize@ARRAY@@QEAAEKK@Z
?Put@ARRAY@@UEAAEPEAVOBJECT@@@Z
Get_Standard_Input_Stream
??0DSTRING@@QEAA@XZ
??1DSTRING@@UEAA@XZ
?PrepareToParse@ARGUMENT_LEXEMIZER@@QEAAEPEAVWSTRING@@@Z

ifsutil

?QueryFileSystemName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@PEAJ1@Z
?DosDriveNameToNtDriveName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@@Z

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

HeapSetInformation
Sleep
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
refsutil.exe
.exe windows:10 windows x64 arch:x64

3dee2855457795a8df5ddb338d1f718e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

refsutil.pdb

Imports

msvcp_win

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGD@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
_Thrd_join
?wcin@std@@3V?$basic_istream@GU?$char_traits@G@std@@@1@A
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?uncaught_exceptions@std@@YAHXZ
?_Throw_Cpp_error@std@@YAXH@Z
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
_Query_perf_frequency
_Thrd_hardware_concurrency
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Mtx_unlock
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
_Mtx_init_in_situ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Syserror_map@std@@YAPEBDH@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?_Winerror_map@std@@YAHH@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Query_perf_counter
?_Xlength_error@std@@YAXPEBD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
_Mtx_destroy_in_situ

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcsnicmp
_o__wcstoui64
memmove
_o__wtoi
_o__wtol
_o_calloc
_o_ceilf
_o_exit
_o_free
_o_iswalpha
_o_iswdigit
_o_malloc
_o_qsort
_o_rand
_o_terminate
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o__beginthreadex
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o__exit
_o___p___argc
_o__errno
_o___acrt_iob_func
wcsrchr
wcschr
__CxxFrameHandler3
_o____lc_codepage_func
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcsnlen
wcsncmp
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
SetConsoleCtrlHandler
WriteConsoleW
GetConsoleMode

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
CreateMutexW
CreateEventW
AcquireSRWLockExclusive
InitializeCriticalSectionEx
ReleaseMutex
CancelWaitableTimer
OpenSemaphoreW
ReleaseSemaphore
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
CreateSemaphoreExW
ReleaseSRWLockShared
SetWaitableTimer
CreateWaitableTimerExW
WaitForMultipleObjectsEx
ResetEvent
InitializeSRWLock
LeaveCriticalSection
CreateEventExW
SetEvent
ReleaseSRWLockExclusive
CreateMutexExW
CreateMutexA
CreateEventA
AcquireSRWLockShared
WaitForSingleObjectEx
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TlsFree
TerminateProcess
CreateThread
ExitProcess
OpenProcessToken

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-com-l1-1-0

CoCreateGuid

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWork
CloseThreadpool
CloseThreadpoolCleanupGroup
CreateThreadpool
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolWork
WaitForThreadpoolTimerCallbacks
SubmitThreadpoolWork
CreateThreadpoolCleanupGroup
TrySubmitThreadpoolCallback
SetThreadpoolThreadMaximum

api-ms-win-core-localization-l1-2-0

FormatMessageA
FormatMessageW

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetTickCount64
GetSystemInfo
GetSystemTimeAsFileTime

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace
RtlCompareMemory
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead
InterlockedPopEntrySList
InterlockedFlushSList

api-ms-win-core-perfcounters-l1-1-0

PerfDeleteInstance

api-ms-win-core-file-l1-1-0

CreateDirectoryW
ReadFile
GetFileSize
SetFileInformationByHandle
WriteFile
GetVolumePathNameW
GetVolumeInformationW
CreateFileW
GetFileType
SetEndOfFile
SetFilePointerEx
FindFirstFileExW
GetFileTime
GetDiskFreeSpaceW
GetFinalPathNameByHandleW
GetDiskFreeSpaceExW
GetFileInformationByHandle
FindFirstFileW
FindNextFileW
FindClose
GetFileSizeEx
FlushFileBuffers
GetFileAttributesExW

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo
SetConsoleTextAttribute

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-io-l1-1-0

GetQueuedCompletionStatus
CreateIoCompletionPort
DeviceIoControl
PostQueuedCompletionStatus
GetOverlappedResult
CancelIoEx

api-ms-win-security-base-l1-1-0

CheckTokenMembership
FreeSid
AdjustTokenPrivileges
RevertToSelf
AllocateAndInitializeSid

ntdll

RtlAcquireSRWLockShared
DbgPrintEx
RtlFreeUnicodeString
RtlSetBits
RtlClearBits
RtlInitializeResource
RtlInitializeSRWLock
RtlAcquireSRWLockExclusive
NtQuerySystemTime
RtlDeleteResource
RtlIsNameInExpression
RtlClearAllBits
RtlFindSetBits
RtlTryAcquireSRWLockShared
RtlTryAcquireSRWLockExclusive
RtlAreBitsClear
RtlFindClearBits
RtlSetBit
RtlClearBit
RtlSetAllBits
NtDeviceIoControlFile
RtlAcquireResourceExclusive
RtlReleaseResource
RtlAcquireResourceShared
RtlConvertExclusiveToShared
RtlDeleteHashTable
RtlInitEnumerationHashTable
RtlEnumerateEntryHashTable
RtlRemoveEntryHashTable
RtlEndEnumerationHashTable
RtlCreateHashTableEx
RtlExtractBitMap
RtlInitStrongEnumerationHashTable
RtlStronglyEnumerateEntryHashTable
RtlEndStrongEnumerationHashTable
RtlReleaseSRWLockExclusive
RtlLookupEntryHashTable
RtlInsertEntryHashTable
RtlCopyMemoryNonTemporal
RtlCopyBitMap
RtlWakeConditionVariable
RtlWakeAllConditionVariable
RtlSleepConditionVariableSRW
TpSetTimer
TpAllocTimer
TpWaitForTimer
TpReleaseTimer
RtlUpcaseUnicodeString
NtWriteFile
RtlNumberOfSetBitsInRange
NtReadFile
RtlNumberOfClearBits
RtlNumberOfSetBits
RtlIsNameInUnUpcasedExpression
RtlImpersonateSelf
RtlAdjustPrivilege
RtlTestBit
RtlInitializeBitMap
RtlGetLastNtStatus
RtlAreBitsSet
RtlDoesFileExists_U
NtQueryDirectoryFile
RtlCreateSystemVolumeInformationFolder
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
NtSetInformationFile
NtOpenFile
NtCreateFile
RtlNtStatusToDosError
RtlDosPathNameToNtPathName_U
RtlIsZeroMemory
RtlReleaseSRWLockShared

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-path-l1-1-0

PathCchSkipRoot

api-ms-win-core-processtopology-obsolete-l1-1-0

SetProcessAffinityMask
GetActiveProcessorCount

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-memory-l1-1-0

VirtualFree
CreateFileMappingW
UnmapViewOfFile
VirtualAlloc
MapViewOfFile

api-ms-win-core-file-l1-2-4

GetTempPath2W

rpcrt4

UuidCreate

api-ms-win-core-file-l2-1-1

OpenFileById

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

bcrypt

BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptDestroyHash
BCryptHashData
BCryptFinishHash
BCryptOpenAlgorithmProvider

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
reg.exe
.exe windows:10 windows x64 arch:x64

1085bd82b37a225f6d356012d2e69c3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

reg.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__fileno
_o__get_initial_wide_environment
_o__get_osfhandle
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__memicmp
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__crt_atexit
_o__wcstoui64
_o_exit
_o_fflush
_o_getwchar
_o_terminate
_o_wcstol
_o_wcstoul
__current_exception
__current_exception_context
_o___stdio_common_vswprintf
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o___stdio_common_vfprintf
_o___p__commode
_o___p___wargv
_o___p___argc
_o___acrt_iob_func
__C_specific_handler

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-registry-l1-1-0

RegDeleteKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW
RegSetValueExA
RegGetValueW
RegLoadKeyW
RegUnLoadKeyW
RegFlushKey
RegRestoreKeyW
RegSaveKeyExW
RegDeleteValueW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

GetTempFileNameW
DeleteFileW
GetFileType
WriteFile
SetFilePointer
GetFileSize
ReadFile
CreateFileW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
LocalReAlloc

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-processthreads-l1-1-0

ExitProcess
TerminateProcess
GetCurrentProcessId
OpenProcessToken
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
SearchPathW

api-ms-win-core-string-l2-1-0

IsCharAlphaNumericW
CharNextW
CharUpperW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-libraryloader-l1-2-0

FindStringOrdinal
GetModuleHandleW
LoadStringW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrToIntW
StrDupW
StrChrW

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrcmpW

ntdll

NtQueryKey
NtSetInformationKey

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
GetThreadLocale
FormatMessageW

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
WriteConsoleW
GetConsoleMode

api-ms-win-core-heap-l1-1-0

HeapFree
HeapValidate
HeapAlloc
HeapReAlloc
GetProcessHeap
HeapSize

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
regedt32.exe
.exe windows:10 windows x64 arch:x64

a3060ec916831020104fae5bc9414975

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

regedt32.pdb

Imports

kernel32

GetModuleHandleA
GetCommandLineA
HeapSetInformation
GetWindowsDirectoryA
GetStartupInfoA
ExitProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
Sleep
GetTickCount

msvcrt

_commode
?terminate@@YAXXZ
_fmode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter

shell32

ShellExecuteA

api-ms-win-core-shlwapi-legacy-l1-1-0

PathAppendA

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
regini.exe
.exe windows:10 windows x64 arch:x64

59eadf2e64b87e9c2b8f545b5e2b4a03

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

regini.pdb

Imports

advapi32

RegQueryValueExW
RegOpenKeyW
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetKeySecurity
RegSetValueExW
RegOpenKeyExW
RegConnectRegistryW
RegDeleteValueW
IsTextUnicode

kernel32

CreateFileW
VirtualAlloc
VirtualFree
SetLastError
CloseHandle
ReadFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
HeapAlloc
GetFileSize
GetProcessHeap
CopyFileW
GetFileTime
SetConsoleCtrlHandler
GetConsoleScreenBufferInfo
GetStdHandle
RtlCompareMemory
GetLastError
MultiByteToWideChar
HeapFree
Sleep
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter

msvcrt

memmove
wcstoul
iswctype
_vsnwprintf
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
tolower
exit
_fileno
__iob_func
_wcsicmp
wcscpy_s
strcpy_s
wcschr
_wcsnicmp
vfprintf
_isatty
memset
_stricmp
atoi

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlSetDaclSecurityDescriptor
NtOpenKey
RtlFreeUnicodeString
NtLoadKey
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U
NtFlushKey
NtClose
RtlAdjustPrivilege
RtlFormatCurrentUserKeyPath
NtUnloadKey
RtlNtStatusToDosError
RtlCreateSecurityDescriptor
RtlInitializeSid
RtlAllocateHeap
RtlSubAuthoritySid
RtlGetAce
RtlAddAce
RtlLengthSid
RtlLengthRequiredSid
RtlCopySid
RtlFreeHeap
RtlCreateAcl
RtlEqualSid
RtlGetDaclSecurityDescriptor
RtlVirtualUnwind

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
regsvr32.exe
.exe windows:10 windows x64 arch:x64

939d090d03567fad6f1ac6f2c641a4b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

regsvr32.pdb

Imports

msvcrt

wprintf
__setusermatherr
_initterm
__C_specific_handler
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
wcsncpy_s
strcat_s
__wargv
?terminate@@YAXXZ
exit
_fmode
swprintf_s
wcscat_s
wcscpy_s
_wsplitpath_s
__argc
_commode
memset

ntdll

RtlCaptureContext
EtwEventWriteNoRegistration
RtlWow64IsWowGuestMachineSupported
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSetInformation
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetErrorMode
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetExitCodeProcess
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
CreateProcessW
GetCurrentProcess
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
LoadLibraryExW
LoadLibraryExA
GetModuleHandleW
FreeLibrary
GetProcAddress

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-file-l1-1-0

SetFilePointer
CreateFileW
ReadFile

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-misc-l1-1-0

lstrcmpW
LocalAlloc
LocalFree

api-ms-win-core-wow64-l1-1-1

IsWow64Process2
GetSystemWow64Directory2W

api-ms-win-core-wow64-l1-1-0

Wow64EnableWow64FsRedirection

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rekeywiz.exe
.exe windows:10 windows x64 arch:x64

2d39e9413bd47309718b763e13774fcf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rekeywiz.pdb

Imports

advapi32

SetUserFileEncryptionKeyEx
AddUsersToEncryptedFileEx
CryptSetProvParam
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

kernel32

CloseHandle
DeleteFileW
LocalFree
GetCurrentDirectoryW
GetLastError
LocalAlloc
SetCurrentDirectoryW
ExpandEnvironmentStringsW
CreateFileW
SetErrorMode
LoadLibraryW
CreateMutexW
GetProcessHeap
HeapSetInformation
FreeLibrary
GetFullPathNameW
GetFileAttributesW
GetModuleHandleW
FindFirstFileW
FindNextFileW
FindClose
LocalReAlloc
GetLogicalDriveStringsW
GetVolumeInformationW
GetDriveTypeW
WriteFile
GetTickCount
GetDateFormatW
CreateThread
FormatMessageW
FileTimeToLocalFileTime
FileTimeToSystemTime

user32

SetDlgItemTextW
GetFocus
IsWindow
SetFocus
GetDlgItemTextW
MessageBoxW
SetWindowLongW
ShowWindow
LoadIconW
GetParent
PostMessageW
SendDlgItemMessageW
LoadCursorW
SendMessageW
GetDlgItem
EnableWindow
DestroyIcon
SetWindowLongPtrW
LoadStringW
ScreenToClient
GetMessagePos
InvalidateRect
SetCursor
MessageBoxExW

msvcrt

_wcsicmp
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_vsnwprintf
_cexit
_exit
memset
?terminate@@YAXXZ
_commode
_fmode
_acmdln
__C_specific_handler
memcpy
memcmp
_initterm
__setusermatherr
_ismbblead
exit
wcscmp

efsadu

EfsUIUtilCheckScardStatus
EfsUIUtilPromptForPinDialog
EfsUIUtilCreateSelfSignedCertificate
EfsUIUtilEnrollEfsCertificateEx

crypt32

CertSetCertificateContextProperty
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetNameStringW
CertCloseStore
CertOpenStore

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

api-ms-win-core-com-l1-1-0

CoTaskMemFree

mpr

WNetGetResourceInformationW
WNetGetProviderNameW

dsrole

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetStartupInfoW
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameW
GetModuleHandleExW

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

efsutil

EfsUtilCheckCurrentKeyCapabilities
EfsUtilGetSmartcardProviderName
EfsUtilGetCurrentUserInformation
EfsUtilGetCertContextFromCertHash
EfsUtilGetCurrentKey
EfsUtilApplyGroupPolicy

comctl32

PropertySheetW
ord345

comdlg32

CommDlgExtendedError
GetSaveFileNameW

cryptui

CryptUIDlgViewCertificateW
CryptUIDlgSelectCertificateW
CryptUIWizExport

ntdll

RtlAllocateHeap
NtQueryInformationFile
RtlRandomEx
RtlFreeHeap

shell32

ShellExecuteW
SHGetFolderPathW
SHCreateItemFromParsingName

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
relog.exe
.exe windows:10 windows x64 arch:x64

fb8ee34a945ac23f2c29fed831421a52

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

relog.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o__wcsicmp
_o__wcsnicmp
_o__wfsopen
_o__wmakepath_s
_o__wsplitpath_s
_o_exit
_o_fclose
_o_fgetws
_o_free
_o_malloc
_o_terminate
_o_wcstod
_o_wcstok_s
_o_wcstol
__current_exception
__current_exception_context
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vfwprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
_o___acrt_iob_func
wcsstr
wcschr
__C_specific_handler
__CxxFrameHandler4

api-ms-win-core-file-l1-1-0

ReadFile
FindFirstFileW
WriteFile
GetFileType
FindClose
CreateFileW
FindNextFileW
DeleteFileW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo
SetConsoleTextAttribute

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-console-l1-1-0

SetConsoleMode
ReadConsoleW
WriteConsoleW
GetConsoleOutputCP
GetConsoleMode

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadStringW
GetModuleHandleW
GetModuleFileNameW

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
FormatMessageW
SetThreadUILanguage

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-file-l2-1-2

CopyFileW

rpcrt4

UuidCreate

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

pdh

PdhBindInputDataSourceW
PdhParseCounterPathW
PdhRelogW
PdhCloseLog
PdhEnumObjectsHW
PdhEnumObjectItemsHW
PdhAddCounterW
PdhGetDataSourceTimeRangeH
PdhGetLogFileTypeW
PdhMakeCounterPathW
PdhOpenQueryH
PdhValidatePathExW
PdhExpandWildCardPathHW
PdhEnumMachinesHW

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
repair-bde.exe
.exe windows:10 windows x64 arch:x64

c367e5351e6b578f24e96ce56960c8a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

repair-bde.pdb

Imports

advapi32

EventRegister
EventSetInformation
EventWriteTransfer
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
EventUnregister

kernel32

HeapFree
ExpandEnvironmentStringsW
WriteFile
DeviceIoControl
SetFilePointerEx
VirtualAlloc
VirtualFree
ReadConsoleW
FindFirstFileW
FindClose
GetVolumeNameForVolumeMountPointW
GetLogicalDrives
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
SetEndOfFile
DeleteFileW
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterW
SetConsoleCursorPosition
WriteConsoleW
InitOnceExecuteOnce
HeapAlloc
SetConsoleMode
GetConsoleMode
GetStdHandle
CloseHandle
ReadFile
GetFileSizeEx
CreateFileW
LocalFree
FormatMessageW
SetThreadUILanguage
GetConsoleOutputCP
GetProcessHeap
GetLastError
HeapSetInformation
GetFileAttributesW
GetModuleFileNameW

msvcrt

_cexit
__setusermatherr
_vsnwprintf
_wsetlocale
wprintf
__C_specific_handler
_wcsicmp
_wcsnicmp
iswalpha
towupper
_purecall
free
malloc
_callnewh
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
swprintf_s
memcmp
memcpy
?terminate@@YAXXZ
_commode
_fmode
_exit
exit
_initterm
memset

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlSetThreadErrorMode
RtlNtStatusToDosError
RtlVirtualUnwind

bderepair

FveCreateRestoreContext
FveSupplyKeyPackage
FveSupplyWatermark
FveSupplyInformationBlock
FveAuthWithPasswordW
FveAuthWithKey
FveAuthWithClearKey
FveAuthWithPassphraseW
FveGetMetadataFromRestoreContext
FveGetConvLogOffset
FveLoadConvLog
FveGetInterruptedRangeOffset
FveRecoverBlock
FveDecryptData
FveDestroyRestoreContext

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCompareMemory

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
replace.exe
.exe windows:10 windows x64 arch:x64

b8b8661e3130fa043e26c71cd60fb430

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

replace.pdb

Imports

msvcrt

?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
exit

ulib

??0ARGUMENT_LEXEMIZER@@QEAA@XZ
?QueryPath@PATH@@QEBAPEAV1@XZ
?QueryFullPath@PATH@@QEBAPEAV1@XZ
?HasWildCard@PATH@@QEBAEXZ
?Initialize@PATH@@QEAAEPEBGE@Z
??0PATH@@QEAA@XZ
?Initialize@WSTRING@@QEAAEPEBGK@Z
?Initialize@WSTRING@@QEAAEPEBDK@Z
?DebugDump@OBJECT@@UEBAXE@Z
?Compare@OBJECT@@UEBAJPEBV1@@Z
??1PATH@@UEAA@XZ
?QueryDirectory@SYSTEM@@SAPEAVFSN_DIRECTORY@@PEBVPATH@@E@Z
??1OBJECT@@UEAA@XZ
??MTIMEINFO@@QEBAEV0@@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QEAAEPEAVWSTRING@@@Z
?Traverse@FSN_DIRECTORY@@QEBAEPEAXPEAVFSN_FILTER@@PEAVPATH@@P6AE0PEAVFSNODE@@2@Z@Z
?QueryFsnodeArray@FSN_DIRECTORY@@QEBAPEAVARRAY@@PEAVFSN_FILTER@@@Z
??0PROGRAM@@IEAA@XZ
?ValidateVersion@PROGRAM@@UEBAXKK@Z
?Usage@PROGRAM@@UEBAXXZ
?GetStandardError@PROGRAM@@UEAAPEAVSTREAM@@XZ
?GetStandardOutput@PROGRAM@@UEAAPEAVSTREAM@@XZ
??1ARGUMENT_LEXEMIZER@@UEAA@XZ
?Fatal@PROGRAM@@UEBAXXZ
?Fatal@PROGRAM@@UEBAXKKPEADZZ
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@@Z
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@PEADZZ
??1PROGRAM@@UEAA@XZ
?Initialize@PROGRAM@@QEAAEKKK@Z
?Initialize@CLASS_DESCRIPTOR@@QEAAEPEBD@Z
??0CLASS_DESCRIPTOR@@QEAA@XZ
?SetAttributes@FSNODE@@QEAAEKPEAK@Z
?GotABreak@KEYBOARD@@SAEXZ
?EnableLineMode@KEYBOARD@@QEAAEXZ
?EnableBreakHandling@KEYBOARD@@SAEXZ
?DisableLineMode@KEYBOARD@@QEAAEXZ
?Initialize@KEYBOARD@@QEAAEEE@Z
??0KEYBOARD@@QEAA@XZ
?TruncateBase@PATH@@QEAAEXZ
?AppendBase@PATH@@QEAAEPEBVWSTRING@@E@Z
?Initialize@PATH@@QEAAEPEBV1@E@Z
?SetAttributes@FSN_FILTER@@QEAAEKKK@Z
?SetFileName@FSN_FILTER@@QEAAEPEBVWSTRING@@@Z
?Initialize@FSN_FILTER@@QEAAEXZ
??1FSN_FILTER@@UEAA@XZ
??0FSN_FILTER@@QEAA@XZ
?QueryWSTR@WSTRING@@QEBAPEAGKKPEAGKE@Z
?QueryString@WSTRING@@QEBAPEAV1@KK@Z
?Initialize@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?PutMultipleSwitch@ARGUMENT_LEXEMIZER@@QEAAXPEBVWSTRING@@@Z
?PutSeparators@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?PutSwitches@ARGUMENT_LEXEMIZER@@QEAAXPEBVWSTRING@@@Z
?GetStandardInput@PROGRAM@@UEAAPEAVSTREAM@@XZ
?QueryInvalidArgument@ARGUMENT_LEXEMIZER@@QEAAPEAVWSTRING@@XZ
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QEAAXE@Z
?IsValueSet@ARGUMENT@@QEAAEXZ
?QueryFile@SYSTEM@@SAPEAVFSN_FILE@@PEBVPATH@@EPEAE@Z
??0PATH_ARGUMENT@@QEAA@XZ
??1PATH_ARGUMENT@@UEAA@XZ
?Initialize@PATH_ARGUMENT@@QEAAEPEADE@Z
??0FLAG_ARGUMENT@@QEAA@XZ
?Initialize@FLAG_ARGUMENT@@QEAAEPEAVWSTRING@@@Z
??0ARRAY@@QEAA@XZ
??1ARRAY@@UEAA@XZ
?Initialize@ARRAY@@QEAAEKK@Z
?Put@ARRAY@@UEAAEPEAVOBJECT@@@Z
??0DSTRING@@QEAA@XZ
??1DSTRING@@UEAA@XZ
UlibRealloc

ntdll

RtlCaptureContext
RtlFreeHeap
RtlAllocateHeap
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

GetCommandLineW
GetLastError
HeapSetInformation
CopyFileW
Sleep
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
resmon.exe
.exe windows:10 windows x64 arch:x64

58331e6cf4f0aafea98befc13524d945

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

resmon.pdb

Imports

kernel32

GetStartupInfoW
HeapSetInformation
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess

api-ms-win-crt-runtime-l1-1-0

_initterm
_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e

api-ms-win-crt-private-l1-1-0

_o___p__commode
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context

api-ms-win-crt-string-l1-1-0

memset

shell32

ShellExecuteExW

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeEx

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rmttpmvscmgrsvr.exe
.exe windows:10 windows x64 arch:x64

3664857ad048c7ceba1010fc935afc6a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

RmtTpmVscMgrSvr.pdb

Imports

advapi32

RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW
EventWriteTransfer
EventActivityIdControl

kernel32

GetModuleFileNameA
HeapFree
GetModuleHandleExW
GetCurrentThreadId
FormatMessageW
HeapAlloc
GetProcAddress
GetProcessHeap
GetModuleHandleW
DebugBreak
InitializeCriticalSection
GetCommandLineW
SetEvent
DeleteCriticalSection
RaiseException
RaiseFailFastException
OutputDebugStringW
IsDebuggerPresent
Sleep
CloseHandle
WaitForSingleObject
GetLastError
GetModuleFileNameW
LoadLibraryExW
CreateEventW
CreateThread
CreateSemaphoreExW
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
ReleaseSemaphore

user32

CharNextW
PostThreadMessageW
GetSystemMetrics
GetMessageW
CharUpperW
TranslateMessage
DispatchMessageW
UnregisterClassA

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm
_initterm_e
_c_exit

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
__current_exception
__current_exception_context
_CxxThrowException
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__configure_wide_argv
_o__configthreadlocale
_o__callnewh
_o___stdio_common_vswprintf
_o___p__commode
_o___stdio_common_vsnprintf_s
__C_specific_handler
__std_terminate
__CxxFrameHandler4
__C_specific_handler_noexcept
memcpy
memmove

oleaut32

SysFreeString
SysStringLen
UnRegisterTypeLi
LoadTypeLi
RegisterTypeLi
SysAllocString

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoRevertToSelf
CoUninitialize
CoInitializeEx
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoCreateGuid
CoImpersonateClient
CoSuspendClassObjects
CoResumeClassObjects
CoGetMalloc
CoTaskMemAlloc

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetCurrentProcessId

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary

api-ms-win-core-registry-l1-1-0

RegQueryValueExW

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchRemoveFileSpec

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

api-ms-win-security-base-l1-1-0

CreateWellKnownSid

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-file-l1-1-0

CreateDirectoryW

bcrypt

BCryptGetProperty
BCryptEncrypt
BCryptDestroyKey
BCryptCloseAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptOpenAlgorithmProvider

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-heap-l1-1-0

HeapReAlloc

profapi

ord104

ntdll

RtlNtStatusToDosErrorNoTeb
RtlNtStatusToDosError

setupapi

SetupDiGetDevicePropertyW
SetupDiOpenDeviceInfoW
SetupGetInfDriverStoreLocationW
SetupDiCreateDeviceInfoList
SetupDiSetDevicePropertyW
SetupDiDestroyDeviceInfoList

winscard

SCardEndTransaction
SCardReconnect
SCardBeginTransaction
SCardGetCardTypeProviderNameW
SCardGetStatusChangeW
SCardConnectW
SCardDisconnect
SCardListReadersWithDeviceInstanceIdW
SCardAccessStartedEvent
SCardReleaseStartedEvent
SCardReleaseContext
SCardEstablishContext
SCardListCardsW
SCardFreeMemory
SCardListReadersW

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rrinstaller.exe
.exe windows:10 windows x64 arch:x64

d9e0a38582bf19af73357911052e7d92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

RRInstaller.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__recalloc
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcsncpy_s
_o_wmemcpy_s
__current_exception
__current_exception_context
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
wcsstr
__C_specific_handler
_o__crt_atexit
_o___p__commode
memcpy

oleaut32

SysStringLen
SysFreeString
VarUI4FromStr
SysAllocString
SysAllocStringLen

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
LeaveCriticalSection
SetEvent
DeleteCriticalSection
EnterCriticalSection

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
GetLastError

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
LoadResource
FindResourceExW
LockResource
FreeLibrary
GetModuleFileNameW
LoadLibraryExA
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadStringW

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CLSIDFromString
CoCreateInstance
CoInitializeEx
StringFromCLSID
CoUninitialize

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetStartupInfoW
GetCurrentProcess
CreateThread
TerminateProcess

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegQueryInfoKeyW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapDestroy
HeapReAlloc
HeapSize
HeapFree

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
FlushInstructionCache

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rstrui.exe
.exe windows:10 windows x64 arch:x64

d0d50dcf48170c0c607784da3aa85347

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rstrui.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
InitiateShutdownW
OpenSCManagerW
OpenServiceW
ControlService
OpenProcessToken
CloseServiceHandle
RegCloseKey
CreateWellKnownSid
CheckTokenMembership
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
GetTokenInformation
EnableTraceEx2
StartTraceW
ControlTraceW
RegQueryInfoKeyW
InitializeSecurityDescriptor
SetEntriesInAclW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
DuplicateToken
DuplicateTokenEx
RegisterEventSourceW
ReportEventW
DeregisterEventSource

kernel32

CreateProcessW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
SetThreadPreferredUILanguages
OpenProcess
FileTimeToSystemTime
FileTimeToLocalFileTime
GetTimeFormatW
GetDateFormatW
GlobalFree
GetLocaleInfoW
GetLocaleInfoEx
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
CloseHandle
GetWindowsDirectoryW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetVolumePathNamesForVolumeNameW
LoadLibraryExW
LocalAlloc
GetSystemDirectoryW
ExpandEnvironmentStringsW
GetVolumeInformationW
GetDriveTypeW
MoveFileExW
DeviceIoControl
FindClose
FindNextFileW
FindFirstFileW
FormatMessageW
TerminateProcess
UnhandledExceptionFilter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
RegisterApplicationRestart
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
InitializeCriticalSection
CreateFileW
SetEvent
WaitForSingleObject
CreateThread
GetSystemTimeAsFileTime
FreeLibrary
LocalFree
GetLastError
CreateDirectoryW
DeleteFileW
GetFileAttributesW
GetCommandLineW
EncodePointer
DecodePointer
GetProcAddress
DeleteCriticalSection
SetLastError
HeapSetInformation
SetErrorMode
CreateEventW
GetUserDefaultLCID

gdi32

SetBkMode
DeleteDC
GdiFlush
SelectObject
SetLayout
CreateCompatibleDC
ExtTextOutW
SetBkColor
CreateDIBSection
GetDeviceCaps
CreateFontIndirectW
SetTextColor
DeleteObject

user32

GetParent
UpdateWindow
SystemParametersInfoW
LoadIconW
SetForegroundWindow
CreateDialogParamW
ShowWindow
DestroyWindow
DialogBoxParamW
GetSystemMetrics
RegisterWindowMessageW
GetDC
ReleaseDC
SetWindowLongPtrW
PostMessageW
MsgWaitForMultipleObjectsEx
DispatchMessageW
PeekMessageW
SetWindowPos
CopyRect
GetDesktopWindow
MessageBoxW
EnumWindows
SendMessageTimeoutW
GetWindowTextW
GetWindowThreadProcessId
EndPaint
MapWindowPoints
GetWindowRect
BeginPaint
GetAncestor
GetClassNameW
LoadStringW
GetWindowLongW
GetDlgItem
GetSysColor
InflateRect
OffsetRect
DrawFrameControl
SendMessageW
CallWindowProcW
IsWindow
GetWindowLongPtrW
SetClassLongPtrW
SetWindowTextW
SetWindowLongW
GetSysColorBrush
EndDialog
SetFocus
GetKeyState
EnableWindow
GetClientRect

msvcrt

wcschr
_wcsnicmp
_wcsicmp
__C_specific_handler
free
malloc
_callnewh
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
_ismbblead
__setusermatherr
_initterm
_acmdln
_fmode
_commode
_lock
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
memset
memmove
memcpy
memcmp
iswspace
_vscwprintf
_vsnwprintf
strchr
wcsstr
wcscmp

shell32

SHGetStockIconInfo
CommandLineToArgvW
ShellExecuteExW

ole32

CoInitializeSecurity
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree
CLSIDFromString

comctl32

PropertySheetW
DestroyPropertySheetPage
ord345
InitCommonControlsEx
ImageList_Create
ImageList_Add
ImageList_AddMasked
CreatePropertySheetPageW
ord344
ImageList_Destroy

ntdll

NtShutdownSystem
WinSqmAddToStream
WinSqmIncrementDWORD
WinSqmAddToStreamEx
RtlDeleteElementGenericTableAvl
RtlEnumerateGenericTableAvl
RtlGetLastNtStatus
RtlInitializeGenericTableAvl
RtlLookupElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
EtwTraceMessage
RtlNtStatusToDosError

srcore

SrFreeRpPropArray
SrFreeRestoreStatus

spp

SxTracerGetThreadContextRetail
SppFreeExternalGroupPropArray
SxTracerShouldTrackFailure
SxTracerDebuggerBreak

Sections

.text
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
runas.exe
.exe windows:10 windows x64 arch:x64

e9df230f3ced78c5c775014dece4ba58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

runas.pdb

Imports

advapi32

CredUnmarshalCredentialW
CredFree
SaferComputeTokenFromLevel
SaferGetLevelInformation
CreateProcessAsUserW
SaferCreateLevel
CredMarshalCredentialW
CredGetSessionTypes
SaferGetPolicyInformation
SaferCloseLevel
CreateProcessWithLogonW
CredWriteW
LsaQueryInformationPolicy
LsaOpenPolicy
LsaClose
LsaFreeMemory

kernel32

HeapAlloc
HeapSetInformation
WriteConsoleW
LocalFree
GetProcessHeap
SetThreadPreferredUILanguages
GetEnvironmentStringsW
GetExitCodeProcess
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
CloseHandle
UpdateProcThreadAttribute
GetLastError
FormatMessageW
GetExitCodeThread
QueryPerformanceCounter
InitializeProcThreadAttributeList
GetStdHandle
GetCommandLineW
GetCurrentProcessId
GetCurrentThreadId
DeleteProcThreadAttributeList
SetLastError
HeapFree
lstrcmpiW
GetVersionExW
lstrlenW
GetCurrentDirectoryW
GetSystemTimeAsFileTime
GetComputerNameExW
GetTickCount

msvcrt

memset
?terminate@@YAXXZ
_commode
_fmode
_acmdln
_initterm
__setusermatherr
_ismbblead
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
wcschr
wcstoul
_vsnwprintf
_resetstkoflw
__C_specific_handler
memcpy
_cexit
wcscmp

ntdll

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

credui

CredUICmdLinePromptForCredentialsW
SspiIsPromptingNeeded

user32

LoadStringW

shell32

CommandLineToArgvW

crypt32

CertCloseStore
CertOpenSystemStoreW
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext

netutils

NetApiBufferAllocate
NetApiBufferFree

sspicli

GetUserNameExW

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rundll32.exe
.exe windows:10 windows x64 arch:x64

5c68de198b5d2dd5c1129782ad19676c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rundll32.pdb

Imports

msvcrt

__wgetmainargs
_amsg_exit
__CxxFrameHandler3
__set_app_type
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
exit
_exit
_cexit
_vsnwprintf
_commode
__setusermatherr
_fmode
_wcmdln
_initterm
_lock
_XcptFilter
free
_purecall
_wtoi
memcpy_s
__C_specific_handler
_callnewh
malloc
memset

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
CoUninitialize
CoAddRefServerProcess
CoRevokeClassObject
CoCreateInstance
CoInitializeEx
CoRegisterClassObject
CoResumeClassObjects
CLSIDFromString
CoInitializeSecurity
CoReleaseServerProcess

api-ms-win-core-file-l1-1-0

CreateFileW
ReadFile
GetFileAttributesW
SetFilePointer

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
LoadStringW
FreeLibrary
LoadLibraryExW
GetProcAddress

api-ms-win-core-wow64-l1-1-1

GetSystemWow64Directory2W
IsWow64Process2

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
AcquireSRWLockExclusive
SetEvent
ReleaseMutex
ReleaseSRWLockShared
CreateEventW
AcquireSRWLockShared
ReleaseSRWLockExclusive
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapSetInformation
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetErrorMode
GetLastError
SetLastError

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
SearchPathW

api-ms-win-core-processthreads-l1-1-0

InitializeProcThreadAttributeList
UpdateProcThreadAttribute
ExitProcess
TerminateProcess
GetCurrentProcess
CreateProcessW
GetCurrentProcessId
GetStartupInfoW
GetCurrentThreadId
DeleteProcThreadAttributeList

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount

api-ms-win-core-wow64-l1-1-0

Wow64EnableWow64FsRedirection

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-console-l1-2-0

AttachConsole
FreeConsole

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-console-l1-1-0

WriteConsoleW

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-sidebyside-l1-1-0

ReleaseActCtx
ActivateActCtx
CreateActCtxW
DeactivateActCtx
QueryActCtxW

api-ms-win-downlevel-shlwapi-l1-1-0

PathIsRelativeW

api-ms-win-downlevel-shlwapi-l2-1-0

SHSetThreadRef

imagehlp

ImageDirectoryEntryToData

ntdll

NtClose
NtOpenProcessToken
RtlNtStatusToDosError
NtQueryInformationToken
RtlSetSearchPathMode
RtlWow64IsWowGuestMachineSupported
RtlImageNtHeader
NtQuerySystemInformation
NtSetInformationToken

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
runexehelper.exe
.exe windows:10 windows x64 arch:x64

cc9d7d137ab28b5bd590f8571a331100

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

RunExeHelper.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

strcspn
memset
wcsnlen

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm_e
_initterm
_c_exit

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o___stdio_common_vswprintf
memmove
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_terminate
_o_tolower
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
wcsstr
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
OpenSemaphoreW
ReleaseSemaphore
EnterCriticalSection
WaitForSingleObjectEx
AcquireSRWLockShared
CreateSemaphoreExW
DeleteCriticalSection
ReleaseSRWLockExclusive
ReleaseMutex
CreateMutexExW
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

CreateProcessAsUserW
GetExitCodeProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
OpenThreadToken
GetCurrentProcess
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
SetHandleInformation

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
ExpandEnvironmentStringsForUserW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
ExpandEnvironmentStringsW

api-ms-win-security-base-l1-1-0

DuplicateTokenEx

api-ms-win-core-path-l1-1-0

PathCchAppendEx

api-ms-win-core-file-l1-1-0

CreateFileW
SetFilePointer

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

oleaut32

SetErrorInfo
SysFreeString
SysStringLen

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
runonce.exe
.exe windows:10 windows x64 arch:x64

4067c20e2f86ef6b2b939cf1fdac37f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

runonce.pdb

Imports

advapi32

RegOpenKeyExW
RegDeleteValueW
RegCloseKey
RegEnumValueW
RegDeleteKeyW
RegQueryValueExW
EventSetInformation
EventWriteTransfer
EventRegister
EventUnregister

kernel32

LocalFree
AssignProcessToJobObject
CreateJobObjectW
SetInformationJobObject
SetTermsrvAppInstallMode
HeapSetInformation
ExitProcess
GetProcAddress
LoadLibraryW
CreateThread
GetPrivateProfileIntW
lstrlenW
CloseHandle
CreateProcessW
WaitForSingleObjectEx
LocalAlloc

gdi32

CreateSolidBrush
GetObjectW
SelectObject
GetTextExtentPointW
DeleteObject
CreateCompatibleDC
BitBlt
SetBkColor
ExtTextOutW
CreateFontIndirectW

user32

PostQuitMessage
TranslateMessage
SetCursor
LoadCursorW
DispatchMessageW
GetSystemMetrics
GetSysColor
LoadStringW
SendMessageW
GetDC
ReleaseDC
GetWindowRect
MessageBeep
PeekMessageW
MsgWaitForMultipleObjectsEx
CreatePopupMenu
GetMenuDefaultItem
DestroyMenu
DialogBoxParamW
EndDialog
GetDlgItem
SetWindowPos
LoadBitmapW
DrawTextW
PostMessageW
ExitWindowsEx
MessageBoxW
GetParent
GetWindowTextW

msvcrt

memcmp
_callnewh
malloc
_XcptFilter
_amsg_exit
__CxxFrameHandler3
free
memmove_s
wcsrchr
_purecall
memcpy_s
_vsnwprintf
_wcmdln
__wgetmainargs
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
memset
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type

comctl32

ord334
ord329
ord328

shell32

SHBindToParent
SHParseDisplayName
ord155
ord165
ord723
ord100
ord885
SHEvaluateSystemCommandTemplate

shlwapi

PathQuoteSpacesW
ord618
ord174
ord219
ord217
ord199
PathFindFileNameW
ord388
SHDeleteValueW
ord460
ord176
ord437
ord158
SHGetValueW

api-ms-win-core-com-l1-1-0

CoUninitialize
CoGetApartmentType
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetProcessId
GetStartupInfoW
GetCurrentProcessId
SetPriorityClass
ResumeThread
GetCurrentProcess
TerminateProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleA
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount
GetVersionExW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
DeleteCriticalSection
ReleaseSRWLockShared
WaitForSingleObject
AcquireSRWLockExclusive
CreateEventW
CreateMutexExW
CreateSemaphoreExW
ReleaseSRWLockExclusive
OpenSemaphoreW
InitializeCriticalSectionEx
SetEvent
CreateEventExW
ReleaseMutex
WaitForMultipleObjectsEx
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegQueryInfoKeyW
RegCreateKeyExW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal

api-ms-win-core-io-l1-1-0

CreateIoCompletionPort
DeviceIoControl
GetQueuedCompletionStatus

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchAddExtension

api-ms-win-eventing-provider-l1-1-0

EventEnabled
EventWrite

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-string-l2-1-0

CharLowerW
IsCharAlphaNumericW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-eventing-controller-l1-1-0

StopTraceW
StartTraceW
EnableTraceEx2

api-ms-win-core-file-l1-1-0

DeleteFileW
CreateFileW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

ntdll

RtlQueryUnbiasedInterruptTime
NtQuerySystemInformation
RtlNtStatusToDosError
NtQueryInformationProcess
RtlGetNtSystemRoot

ole32

CoInitialize

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sc.exe
.exe windows:10 windows x64 arch:x64

42dadbd60bbc453dd1773fdc089e19b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

sc.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_initial_wide_environment
_o__getche
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__tolower
_o__ultow
_o__wcsicmp
_o__wcsnicmp
_o__wtol
_o_exit
_o_isupper
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___stdio_common_vswprintf
wcschr
_o___p__commode
_o___p___wargv
_o___p___argc
memcpy

rpcrt4

NdrClientCall2
I_RpcExceptionFilter
RpcBindingFree
RpcStringFreeW
UuidFromStringW
UuidEqual
UuidToStringW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-file-l1-1-0

GetFileType
WriteFile

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-console-l1-1-0

GetConsoleMode
WriteConsoleW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorControl

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

ntdll

RtlInitUnicodeString
RtlCreateServiceSid
RtlAdjustPrivilege
RtlNtStatusToDosError

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
schtasks.exe
.exe windows:10 windows x64 arch:x64

44e70f20c235c150d75f6fc8b1e29cd1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

schtasks.pdb

Imports

msvcrt

memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_purecall
fflush
fprintf
_get_osfhandle
_fileno
wcstoul
wcstol
wcstod
_errno
_memicmp
srand
__iob_func
wcstok
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
_ultow_s
wcschr
_wtoi
iswdigit
iswpunct
wcstok_s
iswspace
wcspbrk
free
memcpy_s
isspace
_wtol
wcsrchr
_vsnwprintf
__CxxFrameHandler4
memset

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

oleaut32

VarBstrCat
SysFreeString
VariantChangeType
SysStringLen
SysStringByteLen
VariantTimeToSystemTime
SysAllocStringByteLen
SysAllocString
SysAllocStringLen
GetErrorInfo
VariantInit
VariantClear

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetLocalTime
GetComputerNameExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetStdHandle

api-ms-win-core-console-l1-1-0

WriteConsoleW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetConsoleMode

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-file-l1-1-0

GetFileSizeEx
CompareFileTime
CreateFileW
GetFileType
ReadFile
WriteFile
SetFilePointer

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
MultiByteToWideChar

api-ms-win-security-base-l1-1-0

CreateWellKnownSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoW
SetThreadUILanguage
GetThreadLocale

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FindStringOrdinal
LoadStringW
GetModuleFileNameW

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCreateKeyExW
RegFlushKey
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
HeapValidate
HeapSetInformation
HeapSize

api-ms-win-core-com-l1-1-0

CoInitializeSecurity
CoInitializeEx
CoCreateInstance
StringFromGUID2
CoUninitialize
IIDFromString

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

EtwTraceMessage
RtlNtStatusToDosError
RtlCreateVirtualAccountSid
RtlInitUnicodeString
RtlVerifyVersionInfo

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrRChrIW
StrStrIW
StrChrW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-string-l2-1-0

CharUpperW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrlenA

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

Sections

.text
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sdbinst.exe
.exe windows:10 windows x64 arch:x64

e1de8ed24ab8a0089a5ca81a1cb264d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

sdbinst.pdb

Imports

advapi32

RegQueryValueExW
RegEnumValueW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteKeyExW
RegCloseKey
RegDeleteKeyValueW
RegOpenKeyW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
RegDeleteKeyW
RegEnumKeyW
RegGetValueW

kernel32

WriteFile
GetModuleHandleExW
WaitForSingleObject
LocalAlloc
GetFileAttributesW
GetCurrentThreadId
ReleaseMutex
GetSystemDirectoryW
SetFileAttributesW
Sleep
GetConsoleMode
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
DeleteFileW
OpenSemaphoreW
CloseHandle
SetProcessWorkingSetSizeEx
LoadLibraryW
HeapSetInformation
HeapAlloc
WriteConsoleW
GetProcAddress
CreateMutexExW
LocalFree
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
FreeLibrary
CopyFileW
WideCharToMultiByte
GetStdHandle
GetFileType
DebugBreak
SetThreadPreferredUILanguages
IsDebuggerPresent
GetFileInformationByHandle
MoveFileExW
FindFirstFileExW
RtlCompareMemory
CreateFileW
LoadLibraryExW
FindClose
ExpandEnvironmentStringsW
FindNextFileW
CreateDirectoryW
GetTickCount
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
SetPriorityClass
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
ReleaseSemaphore
GetSystemTimeAsFileTime

msvcrt

_CxxThrowException
memset
memcmp
memmove
__CxxFrameHandler3
memcpy
?what@exception@@UEBAPEBDXZ
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
towupper
wcsrchr
_wfullpath
_vsnprintf_s
fgetwc
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
tolower
_wcsicmp
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
__CxxFrameHandler4
wcscmp
__iob_func
wcschr
_wcsnicmp
qsort
_vscwprintf
_purecall
malloc
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z

user32

LoadStringW

shell32

ord680

ntdll

NtDeleteKey
RtlFreeUnicodeString
RtlStringFromGUID
RtlCaptureContext
ZwQuerySystemInformation
RtlLookupFunctionEntry
RtlGUIDFromString
RtlAppendUnicodeStringToString
RtlAllocateHeap
RtlAppendUnicodeToString
ZwCreateFile
RtlDosPathNameToNtPathName_U_WithStatus
RtlUpcaseUnicodeString
ZwCreateSection
RtlInitUnicodeString
RtlGetNativeSystemInformation
RtlReAllocateHeap
NtClose
RtlInitUnicodeStringEx
ZwMapViewOfSection
RtlFreeHeap
ZwQueryValueKey
ZwQueryInformationFile
ZwClose
ZwOpenKey
ZwEnumerateValueKey
RtlRunOnceExecuteOnce
ZwWriteFile
ZwQuerySystemTime
NtWriteFile
NtQueryInformationFile
RtlDoesFileExists_U
RtlExpandEnvironmentStrings_U
NtCreateKey
NtSetValueKey
NtSetInformationKey
NtOpenKey
RtlCopyUnicodeString
RtlNtStatusToDosError
NtQueryKey
NtQueryInformationByName
RtlVirtualUnwind
ZwUnmapViewOfSection

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sdchange.exe
.exe windows:10 windows x64 arch:x64

9e6dde00e3a3ae8ed46a68ddd307bcdb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

sdchange.pdb

Imports

advapi32

RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteValueW

kernel32

GetModuleFileNameA
SizeofResource
CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
ReleaseSemaphore
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
MultiByteToWideChar
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
RaiseException
FindResourceExW
LoadResource
HeapAlloc
GetProcAddress
CreateMutexExW
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
FreeLibrary
DebugBreak
lstrcmpiW
LoadLibraryExW
IsDebuggerPresent
GetCommandLineW
SetEvent
Sleep
CreateEventW
CreateThread
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA

user32

DispatchMessageW
TranslateMessage
GetMessageW
CharUpperW
PostThreadMessageW
CharNextW
UnregisterClassA

msvcrt

exit
__CxxFrameHandler3
_exit
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
_cexit
??0exception@@QEAA@AEBQEBD@Z
_callnewh
__setusermatherr
memcpy
_initterm
memmove
_wcmdln
_fmode
_XcptFilter
_commode
_errno
realloc
?terminate@@YAXXZ
__set_app_type
wcscat_s
wcscpy_s
__wgetmainargs
_lock
_unlock
__dllonexit
??1type_info@@UEAA@XZ
_amsg_exit
memcmp
wcsncpy_s
malloc
free
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
__C_specific_handler
__CxxFrameHandler4
??3@YAXPEAX@Z
memset
_onexit

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

oleaut32

LoadTypeLi
SysFreeString
VarUI4FromStr
UnRegisterTypeLi
SysAllocString
RegisterTypeLi
SysStringLen
LoadRegTypeLi

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoSuspendClassObjects
CoRegisterClassObject
CoRevokeClassObject
CoResumeClassObjects

api-ms-win-security-base-l1-1-0

CreateWellKnownSid

rpcrt4

RpcStringBindingComposeW
RpcBindingFromStringBindingW
I_RpcExceptionFilter
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingFree
NdrClientCall3

api-ms-win-service-management-l1-1-0

OpenServiceW
StartServiceW
OpenSCManagerW
CloseServiceHandle

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sdclt.exe
.exe windows:10 windows x64 arch:x64

d95dfb02aeab8828c106088d7f4bbe9b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

sdclt.pdb

Imports

gdi32

GdiFlush
ExcludeClipRect
SelectObject
SetLayout
GetDeviceCaps
CreateCompatibleDC
CreateDIBSection
CreateFontIndirectW
SetTextColor
SetBkColor
DeleteObject
DeleteDC
ExtTextOutW

user32

DeferWindowPos
SendDlgItemMessageW
FindWindowExW
LoadCursorW
SetCursor
DestroyCursor
GetWindowRect
UpdateWindow
GetClientRect
SetWindowLongW
GetWindowLongW
GetParent
ShowWindow
IsWindow
CallWindowProcW
SetWindowLongPtrW
SetWindowTextW
DestroyIcon
GetWindowLongPtrW
GetDlgCtrlID
CopyRect
GetDesktopWindow
MessageBoxW
EnumWindows
SendMessageTimeoutW
EndPaint
BeginPaint
GetClassNameW
KillTimer
IsWindowVisible
LoadIconW
SystemParametersInfoW
DialogBoxParamW
EndDialog
GetSysColorBrush
GetSysColor
SetWindowPos
GetDlgItem
EndDeferWindowPos
BeginDeferWindowPos
GetWindowTextLengthW
GetAncestor
DrawFrameControl
OffsetRect
DispatchMessageW
TranslateMessage
SetFocus
GetLastActivePopup
SetForegroundWindow
CreateDialogParamW
UnregisterClassW
PostThreadMessageW
IsDialogMessageW
GetMessageW
InflateRect
GetFocus
GetWindowTextW
ChangeWindowMessageFilterEx
EqualRect
LoadImageW
RegisterWindowMessageW
CreateWindowExW
IsDlgButtonChecked
GetSystemMetrics
SendMessageW
GetDlgItemTextW
CheckDlgButton
CheckRadioButton
GetDC
SetTimer
ReleaseDC
RedrawWindow
SetDlgItemTextW
GetWindowThreadProcessId
DestroyWindow
RegisterClassExW
GetClassInfoExW
PostMessageW
DefWindowProcW
EnableWindow
MapWindowPoints

msvcrt

_wtol
wcsrchr
memcpy_s
_vsnwprintf
__C_specific_handler
_wtoi
iswspace
_vscwprintf
wcspbrk
_wcsupr
wcsncmp
free
malloc
_callnewh
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
_ismbblead
__setusermatherr
_initterm
_acmdln
wcsstr
wcschr
_wcsicmp
_wcsnicmp
wcscmp
swscanf
memcpy
memmove
_fmode
_commode
_lock
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
memset
_purecall

spp

SxTracerGetThreadContextRetail
SxTracerShouldTrackFailure
SxTracerDebuggerBreak

reagent

WinReGetConfig

wer

WerReportAddFile
WerReportSubmit
WerReportSetParameter
WerReportCreate
WerReportCloseHandle

oleaut32

VariantInit
SysAllocStringLen
SysStringLen
SysAllocString
SysFreeString

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
UnregisterTraceGuids
GetTraceEnableFlags
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceLoggerHandle

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoGetMalloc
CoWaitForMultipleHandles
StringFromGUID2
CoTaskMemRealloc
CoDisconnectObject
CLSIDFromString
CoUninitialize
CoGetClassObject
CoInitializeEx
CoInitializeSecurity
PropVariantClear

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
OpenProcess

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
SetErrorMode
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
OpenProcessToken
TlsSetValue
CreateProcessW
TerminateProcess
ProcessIdToSessionId
TlsAlloc
GetCurrentThreadId
CreateThread
TlsGetValue
GetThreadId
GetStartupInfoW

api-ms-win-security-base-l1-1-0

GetTokenInformation
AdjustTokenPrivileges
CheckTokenMembership
DuplicateToken
DuplicateTokenEx
EqualSid
CreateWellKnownSid

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree
HeapSetInformation

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegCloseKey
RegLoadKeyW
RegUnLoadKeyW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
ResetEvent
WaitForSingleObject
SetEvent
CreateEventW
EnterCriticalSection

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-file-l1-1-0

DeleteFileW
GetVolumePathNameW
RemoveDirectoryW
CreateDirectoryW
CompareFileTime
GetLongPathNameW
GetVolumeInformationW
QueryDosDeviceW
FileTimeToLocalFileTime
GetDiskFreeSpaceExW
GetFileAttributesW
FindFirstFileW
FindNextFileW
CreateFileW
FindClose

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

sspicli

GetUserNameExW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

mpr

WNetAddConnection3W

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW
LookupAccountSidW

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead
InterlockedPopEntrySList

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureStackBackTrace
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-service-management-l1-1-0

OpenServiceW
OpenSCManagerW
CloseServiceHandle

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadStringW
GetModuleHandleW
GetProcAddress
GetModuleHandleExW
GetModuleFileNameW
LoadLibraryExW

crypt32

CryptProtectMemory
CryptUnprotectMemory

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoW
GetUserDefaultLCID
GetLocaleInfoEx
GetCalendarInfoW

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId
GetComputerNameW

api-ms-win-core-localization-obsolete-l1-2-0

GetNumberFormatW

ext-ms-win-kernel32-windowserrorreporting-l1-1-1

RegisterApplicationRestart

shell32

SHGetDesktopFolder
ord75
ord102
ord77
ord727
SHBindToObject
ShellExecuteExW
ShellExecuteW
ord16
SHGetIDListFromObject
SHSetTemporaryPropertyForItem
CommandLineToArgvW
SHGetPathFromIDListW
SHGetFileInfoW
SHGetStockIconInfo
SHParseDisplayName
SHBindToParent
ord155
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHCreateItemFromParsingName

uxtheme

SetWindowTheme

ole32

CreateClassMoniker
GetRunningObjectTable
CreateBindCtx

shlwapi

StrRetToBufW
PathFileExistsW
ord219
PathIsDirectoryW
SHAutoComplete
ord172
PathIsNetworkPathW
PathCompactPathExW
PathFindFileNameW
ord174

comctl32

PropertySheetW
ord344
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_AddMasked
ImageList_Add
ImageList_Create
InitCommonControlsEx
ord345

ntdll

RtlEnumerateGenericTableWithoutSplayingAvl
RtlCheckPortableOperatingSystem
RtlGetThreadErrorMode
NtSetInformationFile
RtlGetLastNtStatus
NtSetInformationProcess
RtlNtStatusToDosError
RtlDeleteElementGenericTableAvl
RtlEnumerateGenericTableAvl
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlLookupElementGenericTableAvl
NtQuerySystemInformation
RtlSetThreadErrorMode
NtSetInformationKey
NtQueryKey
NtQueryVolumeInformationFile
NtQueryInformationFile
EtwTraceMessage
WinSqmAddToStreamEx
RtlFreeHeap
RtlAllocateHeap
WinSqmAddToStream

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

vssapi

VssFreeSnapshotPropertiesInternal
CreateVssBackupComponentsInternal
GetProviderMgmtInterfaceInternal

bcd

BcdOpenObject
BcdOpenSystemStore
BcdGetElementData
BcdCloseObject
BcdQueryObject
BcdCloseStore

api-ms-win-eventing-controller-l1-1-0

StartTraceW
ControlTraceW
EnableTraceEx2

Sections

.text
Size: 488KB - Virtual size: 484KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 476KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sdiagnhost.exe
.exe windows:10 windows x64 arch:x64

e09056e493792752cecbfcf72e839133

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

sdiagnhost.pdb

Imports

advapi32

MakeAbsoluteSD
EventUnregister
EventRegister
EventWriteTransfer
AllocateAndInitializeSid
OpenProcessToken
FreeSid
CheckTokenMembership
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
GetTokenInformation

kernel32

AllocConsole
SetCurrentDirectoryW
GetCurrentDirectoryW
CloseHandle
GetCurrentThread
FormatMessageW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
GetProcessHeap
HeapFree
WaitForSingleObject
CreateEventW
GetLastError
SetEvent
HeapSetInformation
HeapAlloc
LocalFree

msvcrt

_vsnprintf
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memset
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_purecall
_callnewh
malloc
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
__CxxFrameHandler3
memmove
_vsnwprintf

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
DbgPrintEx
RtlCaptureContext

ole32

CoUninitialize
CoRegisterClassObject
CoInitializeSecurity
CoInitializeEx
CoRevokeClassObject
CoCreateInstance

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
secinit.exe
.exe windows:10 windows x64 arch:x64

26553a8e11c5cc5cd0f898a06c1eebea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

secinit.pdb

Imports

kernel32

GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetLastError
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
CloseHandle
OpenEventW
GetCurrentThreadId
WaitForSingleObject
TerminateProcess

msvcrt

_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler

ntdll

RtlCaptureContext
NtOpenEvent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlInitUnicodeString
NtCreateEvent
NtClose

wkscli

NetJoinDomain

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
securekernel.exe
.sys windows:10 windows x64 arch:x64

797ff62f023f301099b3d49caba68f45

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fe:38:27:9c:c0:10:6d:97:e3:58:01:3e:31:e6:33:9e:e6:cd:e5:53:b5:dd:ca:36:02:bc:29:c8:7c:33:da:82
Signer

Actual PE Digest

fe:38:27:9c:c0:10:6d:97:e3:58:01:3e:31:e6:33:9e:e6:cd:e5:53:b5:dd:ca:36:02:bc:29:c8:7c:33:da:82

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

securekernel.pdb

Imports

skci

SkciInitialize
SkciValidateAmeCertChain
SkciTransferVersionResource
SkciValidateDynamicCodePages
SkciValidateImageData
SkciQueryImageUniqueID
SkciQueryImageAuthorID
SkciCompareSigningLevels
SkciCreateSecureImage
SkciSetCodeIntegrityPolicy
SkciCreateCodeCatalog
SkciMatchHotPatch
SkciQueryInformation
SkciFreeImageContext
SkciFinishImageValidation
SkciFinalizeSecureImageHash

cng.sys

BCryptHashData
BCryptDestroyHash
BCryptGetProperty
BCryptFinishHash
BCryptCreateHash
CngGetFipsAlgorithmMode
SystemPrng
BCryptKeyDerivation
BCryptDecrypt
BCryptGenerateSymmetricKey
BCryptImportKeyPair
BCryptEncrypt
EntropyRegisterSource
BCryptVerifySignature
BCryptDestroyKey
BCryptSignHash
BCryptSetProperty
EntropyProvideData
EntropyPoolTriggerReseedForIum
BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider

ext-ms-win-ntos-ksr-l1-1-0

KsrSkInitSystem

ext-ms-win-ntos-vmsvc-l1-1-0

SvcSkInitSystem

Exports

Exports

DbgPrintEx
EtwRegister
EtwSetInformation
EtwUnregister
EtwWrite
EtwWriteTransfer
ExAcquireFastMutex
ExAcquirePushLockExclusiveEx
ExAcquirePushLockSharedEx
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
ExAllocateFromLookasideListEx
ExAllocateFromNPagedLookasideList
ExAllocateFromPagedLookasideList
ExAllocatePool2
ExAllocatePoolWithTag
ExAllocateTimer
ExCreateCallback
ExDeletePagedLookasideList
ExDeleteResourceLite
ExEventObjectType
ExFreePoolWithTag
ExFreeToLookasideListEx
ExFreeToNPagedLookasideList
ExFreeToPagedLookasideList
ExInitializePagedLookasideList
ExInitializeResourceLite
ExIsResourceAcquiredSharedLite
ExNotifyCallback
ExQueryDepthSList
ExRegisterExtension
ExReleaseFastMutex
ExReleasePushLockExclusiveEx
ExReleasePushLockSharedEx
ExReleaseResourceLite
ExSetTimer
ExSubscribeWnfStateChange
ExUnsubscribeWnfStateChange
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
IoAllocateIrp
IoAllocateWorkItem
IoBuildDeviceIoControlRequest
IoCreateDevice
IoDeleteDevice
IoGetDeviceObjectPointer
IoQueueWorkItem
IoQueueWorkItemEx
IoRegisterPlugPlayNotification
IoReuseIrp
IoUnregisterPlugPlayNotificationEx
IoWMIRegistrationControl
IofCallDriver
IofCompleteRequest
IumDebugNumToString
IumDebugPrintNt
KeAcquireSpinLockRaiseToDpc
KeBugCheck
KeBugCheckEx
KeDelayExecutionThread
KeEnterCriticalRegion
KeEnterGuardedRegion
KeGetCurrentIrql
KeGetCurrentProcessorNumberEx
KeGetCurrentThread
KeInitializeEvent
KeInitializeMutex
KeInitializeSpinLock
KeLeaveCriticalRegion
KeLeaveGuardedRegion
KeQueryPerformanceCounter
KeQueryUnbiasedInterruptTime
KeReleaseMutex
KeReleaseSpinLock
KeResetEvent
KeRestoreExtendedProcessorState
KeSaveExtendedProcessorState
KeSetEvent
KeWaitForSingleObject
MmAllocateMappingAddress
MmFreeMappingAddress
MmFreePagesFromMdl
MmGetSystemRoutineAddress
MmMapLockedPagesSpecifyCache
MmMapLockedPagesWithReservedMapping
MmUnmapLockedPages
MmUnmapReservedMapping
NtQuerySystemInformation
ObReferenceObjectByHandle
ObSetSecurityObjectByPointer
ObfDereferenceObject
ObfReferenceObject
PsGetCurrentProcess
PsGetProcessCreateTimeQuadPart
PsLookupProcessByProcessId
PsSetCreateProcessNotifyRoutine
RtlAnsiStringToUnicodeString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlAssert
RtlAvlInsertNodeEx
RtlAvlRemoveNode
RtlClearAllBits
RtlClearBit
RtlCompareExchangePointerMapping
RtlCompareExchangePropertyStore
RtlCompareMemory
RtlCompareUnicodeString
RtlCompareUnicodeStrings
RtlCopyUnicodeString
RtlDuplicateUnicodeString
RtlEqualUnicodeString
RtlFindClearBitsAndSet
RtlFindExportedRoutineByName
RtlFindNextForwardRunClear
RtlFindSetBits
RtlFreeUnicodeString
RtlGetEnabledExtendedFeatures
RtlGetPersistedStateLocation
RtlGetSystemGlobalData
RtlGetVersion
RtlImageNtHeaderEx
RtlInitUnicodeString
RtlInitUnicodeStringEx
RtlInitializeBitMap
RtlIntegerToUnicodeString
RtlNtStatusToDosError
RtlNtStatusToDosErrorNoTeb
RtlNumberOfSetBits
RtlPrefixUnicodeString
RtlQueryPointerMapping
RtlQueryPropertyStore
RtlQueryRegistryValuesEx
RtlRbInsertNodeEx
RtlRbRemoveNode
RtlRemovePointerMapping
RtlRemovePropertyStore
RtlSetBit
RtlSetBits
RtlSetSystemGlobalData
RtlTimeFieldsToTime
RtlUTF8StringToUnicodeString
RtlUTF8ToUnicodeN
RtlUnicodeStringToInteger
RtlUnicodeStringToUTF8String
RtlUnicodeToUTF8N
RtlUpcaseUnicodeChar
SeAuditFipsCryptoSelftests
SeCaptureSubjectContext
SeLockSubjectContext
SeQueryAuthenticationIdToken
SeQuerySecureBootPlatformManifest
SeQuerySecureBootPolicyValue
SeReleaseSubjectContext
SeReportSecurityEventWithSubCategory
SeSetAuditParameter
SeUnlockSubjectContext
ShvlCompleteIntercept
ShvlCompleteIsolatedImport
ShvlEnableVpVtlForPartition
ShvlGetInterceptData
ShvlGetPartitionProperty
ShvlGetVpRegisters
ShvlLockSparseGpaPageMapping
ShvlModifySparseSpaPageHostAccess
ShvlSetPartitionProperty
ShvlSetVpRegisters
ShvlUnlockSparseGpaPageMapping
SkAcquirePushLockExclusive
SkAcquirePushLockShared
SkAllocateNormalModePool
SkAllocatePool
SkFreeNormalModePool
SkFreePool
SkGetIdkSignatureForData
SkInitializePushLock
SkIsSecureKernel
SkQuerySecureKernelInformation
SkQuerySystemTime
SkReleasePushLockExclusive
SkReleasePushLockShared
SkSystemExceptionFilter
SkciCreateSecureImage
SkciFinalizeSecureImageHash
SkciFinishImageValidation
SkciFreeImageContext
SkeCacheInvalidatePage
SkeEnterCriticalRegion
SkeLeaveCriticalRegion
SkeZeroPages
SkmmCancelPreRegisterHvImage
SkmmCommitPreRegisterHvImage
SkmmFreeReservedMapping
SkmmFreeSecureAllocation
SkmmMapMdl
SkmmMapMdlWithReservedMapping
SkmmPreRegisterHvImage
SkmmReleasePageRestriction
SkmmReserveMappingAddress
SkmmRestrictPage
SkmmUnmapMdl
SkobCreateHandle
SkobCreateObject
SkobDereferenceObject
SkobReferenceObject
SkobReferenceObjectByHandle
VslExchangeEntropy
ZwClose
ZwCreateKey
ZwDeleteKey
ZwDeleteValueKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwLoadDriver
ZwOpenKey
ZwQueryInformationProcess
ZwQueryKey
ZwQuerySystemInformation
ZwQueryValueKey
ZwSetSystemInformation
ZwSetValueKey
ZwUnloadDriver
__C_specific_handler
__GSHandlerCheck
__GSHandlerCheck_SEH
__chkstk
_invalid_parameter
_local_unwind
_ultow_s
_vsnwprintf
_wcsicmp
_wcsnicmp
atoi
atol
bsearch
bsearch_s
isdigit
memcmp
memcpy
memmove
memset
qsort
qsort_s
strnlen
wcscmp
wcscpy_s
wcsncmp

Sections

.text
Size: 744KB - Virtual size: 743KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

KVASCODE
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRNS
Size: 4KB - Virtual size: 728B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGELK
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ZEROPAGE
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

TABLERO
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ALMOSTRO
Size: 4KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nlsdata
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

FUNCTBL
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CFGRO
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
securekernella57.exe
.sys windows:10 windows x64 arch:x64

797ff62f023f301099b3d49caba68f45

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fa:f1:aa:43:37:93:34:80:1c:6b:c2:4e:a9:1e:f1:61:cb:15:df:d0:77:27:43:73:fd:3d:c6:d6:bb:5c:7a:8d
Signer

Actual PE Digest

fa:f1:aa:43:37:93:34:80:1c:6b:c2:4e:a9:1e:f1:61:cb:15:df:d0:77:27:43:73:fd:3d:c6:d6:bb:5c:7a:8d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

securekernella57.pdb

Imports

skci

SkciInitialize
SkciValidateAmeCertChain
SkciTransferVersionResource
SkciValidateDynamicCodePages
SkciValidateImageData
SkciQueryImageUniqueID
SkciQueryImageAuthorID
SkciCompareSigningLevels
SkciCreateSecureImage
SkciSetCodeIntegrityPolicy
SkciCreateCodeCatalog
SkciMatchHotPatch
SkciQueryInformation
SkciFreeImageContext
SkciFinishImageValidation
SkciFinalizeSecureImageHash

cng.sys

BCryptHashData
BCryptDestroyHash
BCryptGetProperty
BCryptFinishHash
BCryptCreateHash
CngGetFipsAlgorithmMode
SystemPrng
BCryptKeyDerivation
BCryptDecrypt
BCryptGenerateSymmetricKey
BCryptImportKeyPair
BCryptEncrypt
EntropyRegisterSource
BCryptVerifySignature
BCryptDestroyKey
BCryptSignHash
BCryptSetProperty
EntropyProvideData
EntropyPoolTriggerReseedForIum
BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider

ext-ms-win-ntos-ksr-l1-1-0

KsrSkInitSystem

ext-ms-win-ntos-vmsvc-l1-1-0

SvcSkInitSystem

Exports

Exports

DbgPrintEx
EtwRegister
EtwSetInformation
EtwUnregister
EtwWrite
EtwWriteTransfer
ExAcquireFastMutex
ExAcquirePushLockExclusiveEx
ExAcquirePushLockSharedEx
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
ExAllocateFromLookasideListEx
ExAllocateFromNPagedLookasideList
ExAllocateFromPagedLookasideList
ExAllocatePool2
ExAllocatePoolWithTag
ExAllocateTimer
ExCreateCallback
ExDeletePagedLookasideList
ExDeleteResourceLite
ExEventObjectType
ExFreePoolWithTag
ExFreeToLookasideListEx
ExFreeToNPagedLookasideList
ExFreeToPagedLookasideList
ExInitializePagedLookasideList
ExInitializeResourceLite
ExIsResourceAcquiredSharedLite
ExNotifyCallback
ExQueryDepthSList
ExRegisterExtension
ExReleaseFastMutex
ExReleasePushLockExclusiveEx
ExReleasePushLockSharedEx
ExReleaseResourceLite
ExSetTimer
ExSubscribeWnfStateChange
ExUnsubscribeWnfStateChange
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
IoAllocateIrp
IoAllocateWorkItem
IoBuildDeviceIoControlRequest
IoCreateDevice
IoDeleteDevice
IoGetDeviceObjectPointer
IoQueueWorkItem
IoQueueWorkItemEx
IoRegisterPlugPlayNotification
IoReuseIrp
IoUnregisterPlugPlayNotificationEx
IoWMIRegistrationControl
IofCallDriver
IofCompleteRequest
IumDebugNumToString
IumDebugPrintNt
KeAcquireSpinLockRaiseToDpc
KeBugCheck
KeBugCheckEx
KeDelayExecutionThread
KeEnterCriticalRegion
KeEnterGuardedRegion
KeGetCurrentIrql
KeGetCurrentProcessorNumberEx
KeGetCurrentThread
KeInitializeEvent
KeInitializeMutex
KeInitializeSpinLock
KeLeaveCriticalRegion
KeLeaveGuardedRegion
KeQueryPerformanceCounter
KeQueryUnbiasedInterruptTime
KeReleaseMutex
KeReleaseSpinLock
KeResetEvent
KeRestoreExtendedProcessorState
KeSaveExtendedProcessorState
KeSetEvent
KeWaitForSingleObject
MmAllocateMappingAddress
MmFreeMappingAddress
MmFreePagesFromMdl
MmGetSystemRoutineAddress
MmMapLockedPagesSpecifyCache
MmMapLockedPagesWithReservedMapping
MmUnmapLockedPages
MmUnmapReservedMapping
NtQuerySystemInformation
ObReferenceObjectByHandle
ObSetSecurityObjectByPointer
ObfDereferenceObject
ObfReferenceObject
PsGetCurrentProcess
PsGetProcessCreateTimeQuadPart
PsLookupProcessByProcessId
PsSetCreateProcessNotifyRoutine
RtlAnsiStringToUnicodeString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlAssert
RtlAvlInsertNodeEx
RtlAvlRemoveNode
RtlClearAllBits
RtlClearBit
RtlCompareExchangePointerMapping
RtlCompareExchangePropertyStore
RtlCompareMemory
RtlCompareUnicodeString
RtlCompareUnicodeStrings
RtlCopyUnicodeString
RtlDuplicateUnicodeString
RtlEqualUnicodeString
RtlFindClearBitsAndSet
RtlFindExportedRoutineByName
RtlFindNextForwardRunClear
RtlFindSetBits
RtlFreeUnicodeString
RtlGetEnabledExtendedFeatures
RtlGetPersistedStateLocation
RtlGetSystemGlobalData
RtlGetVersion
RtlImageNtHeaderEx
RtlInitUnicodeString
RtlInitUnicodeStringEx
RtlInitializeBitMap
RtlIntegerToUnicodeString
RtlNtStatusToDosError
RtlNtStatusToDosErrorNoTeb
RtlNumberOfSetBits
RtlPrefixUnicodeString
RtlQueryPointerMapping
RtlQueryPropertyStore
RtlQueryRegistryValuesEx
RtlRbInsertNodeEx
RtlRbRemoveNode
RtlRemovePointerMapping
RtlRemovePropertyStore
RtlSetBit
RtlSetBits
RtlSetSystemGlobalData
RtlTimeFieldsToTime
RtlUTF8StringToUnicodeString
RtlUTF8ToUnicodeN
RtlUnicodeStringToInteger
RtlUnicodeStringToUTF8String
RtlUnicodeToUTF8N
RtlUpcaseUnicodeChar
SeAuditFipsCryptoSelftests
SeCaptureSubjectContext
SeLockSubjectContext
SeQueryAuthenticationIdToken
SeQuerySecureBootPlatformManifest
SeQuerySecureBootPolicyValue
SeReleaseSubjectContext
SeReportSecurityEventWithSubCategory
SeSetAuditParameter
SeUnlockSubjectContext
ShvlCompleteIntercept
ShvlCompleteIsolatedImport
ShvlEnableVpVtlForPartition
ShvlGetInterceptData
ShvlGetPartitionProperty
ShvlGetVpRegisters
ShvlLockSparseGpaPageMapping
ShvlModifySparseSpaPageHostAccess
ShvlSetPartitionProperty
ShvlSetVpRegisters
ShvlUnlockSparseGpaPageMapping
SkAcquirePushLockExclusive
SkAcquirePushLockShared
SkAllocateNormalModePool
SkAllocatePool
SkFreeNormalModePool
SkFreePool
SkGetIdkSignatureForData
SkInitializePushLock
SkIsSecureKernel
SkQuerySecureKernelInformation
SkQuerySystemTime
SkReleasePushLockExclusive
SkReleasePushLockShared
SkSystemExceptionFilter
SkciCreateSecureImage
SkciFinalizeSecureImageHash
SkciFinishImageValidation
SkciFreeImageContext
SkeCacheInvalidatePage
SkeEnterCriticalRegion
SkeLeaveCriticalRegion
SkeZeroPages
SkmmCancelPreRegisterHvImage
SkmmCommitPreRegisterHvImage
SkmmFreeReservedMapping
SkmmFreeSecureAllocation
SkmmMapMdl
SkmmMapMdlWithReservedMapping
SkmmPreRegisterHvImage
SkmmReleasePageRestriction
SkmmReserveMappingAddress
SkmmRestrictPage
SkmmUnmapMdl
SkobCreateHandle
SkobCreateObject
SkobDereferenceObject
SkobReferenceObject
SkobReferenceObjectByHandle
VslExchangeEntropy
ZwClose
ZwCreateKey
ZwDeleteKey
ZwDeleteValueKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwLoadDriver
ZwOpenKey
ZwQueryInformationProcess
ZwQueryKey
ZwQuerySystemInformation
ZwQueryValueKey
ZwSetSystemInformation
ZwSetValueKey
ZwUnloadDriver
__C_specific_handler
__GSHandlerCheck
__GSHandlerCheck_SEH
__chkstk
_invalid_parameter
_local_unwind
_ultow_s
_vsnwprintf
_wcsicmp
_wcsnicmp
atoi
atol
bsearch
bsearch_s
isdigit
memcmp
memcpy
memmove
memset
qsort
qsort_s
strnlen
wcscmp
wcscpy_s
wcsncmp

Sections

.text
Size: 712KB - Virtual size: 710KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

KVASCODE
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRNS
Size: 4KB - Virtual size: 688B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGELK
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ZEROPAGE
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

TABLERO
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ALMOSTRO
Size: 4KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nlsdata
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

FUNCTBL
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CFGRO
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
services.exe
.exe windows:10 windows x64 arch:x64

3cdd0c41edd2d18fd6b02a17478ed684

Code Sign

33:00:00:04:49:80:8e:a7:5d:6e:2d:36:87:00:00:00:00:04:49
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/08/2023, 18:38

Not After

07/08/2024, 18:38

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a2:d0:da:fe:bc:cd:a7:6d:b1:80:eb:4e:79:62:dc:f9:35:b2:da:7b:e2:4f:c8:9b:7c:2b:1f:d7:71:b6:d6:57
Signer

Actual PE Digest

a2:d0:da:fe:bc:cd:a7:6d:b1:80:eb:4e:79:62:dc:f9:35:b2:da:7b:e2:4f:c8:9b:7c:2b:1f:d7:71:b6:d6:57

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

services.pdb

Imports

api-ms-win-core-crt-l1-1-0

_wcslwr_s
memcmp
memcpy
memmove
towlower
wcscmp
_wtoi
qsort_s
swprintf_s
sprintf_s
wcscpy_s
wcsnlen
wcsstr
wcstoul
memset
__C_specific_handler
_wtol
_ultow_s
wcsrchr
wcsncmp
_wcsicmp
wcschr
_wcsnicmp
iswctype
memmove_s
_vsnwprintf_s
memcpy_s

api-ms-win-core-crt-l2-1-0

exit
_onexit
_purecall
_initterm_e
_initterm
__dllonexit3

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
GetModuleFileNameA
LoadStringW
GetModuleHandleExW
LoadLibraryExW
GetProcAddress

api-ms-win-core-synch-l1-1-0

CreateWaitableTimerExW
LeaveCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
SetEvent
AcquireSRWLockExclusive
SetWaitableTimer
ReleaseSRWLockShared
CreateMutexExW
ReleaseSRWLockExclusive
OpenEventW
ReleaseSemaphore
EnterCriticalSection
CancelWaitableTimer
AcquireSRWLockShared
InitializeCriticalSection
CreateSemaphoreExW
InitializeSRWLock
WaitForSingleObject
TryAcquireSRWLockExclusive
ResetEvent
DeleteCriticalSection
WaitForMultipleObjectsEx
CreateEventW
InitializeCriticalSectionEx
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapFree
HeapSetInformation
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
SetThreadpoolTimer
CreateThreadpoolWork
CreateThreadpoolTimer
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
SubmitThreadpoolWork
TrySubmitThreadpoolCallback
CallbackMayRunLong
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolCleanupGroup
CreateThreadpool
CloseThreadpool

api-ms-win-core-processthreads-l1-1-0

GetProcessTimes
GetCurrentThread
GetCurrentProcess
OpenProcessToken
CreateProcessW
GetCurrentThreadId
TerminateProcess
GetExitCodeProcess
GetCurrentProcessId
ExitThread
CreateProcessAsUserW
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
ResumeThread
CreateThread
SetProcessShutdownParameters
SetThreadPriority
OpenThreadToken
GetProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetThreadUILanguage

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

rpcrt4

RpcServerUseProtseqEpW
RpcAsyncAbortCall
UuidCreateNil
UuidEqual
I_RpcBindingIsClientLocal
I_RpcSessionStrictContextHandle
I_RpcBindingInqLocalClientPID
RpcServerUnsubscribeForNotification
RpcServerSubscribeForNotification
I_RpcMapWin32Status
UuidCreate
RpcStringFreeW
UuidFromStringW
NdrClientCall3
I_RpcExceptionFilter
RpcStringBindingComposeW
RpcBindingFromStringBindingW
UuidToStringW
RpcBindingFree
RpcServerInqCallAttributesA
RpcServerInqDefaultPrincNameW
RpcServerRegisterAuthInfoW
RpcEpRegisterW
RpcStringBindingParseW
RpcAsyncCompleteCall
RpcImpersonateClient
RpcRevertToSelf
RpcServerInqCallAttributesW
RpcBindingToStringBindingW
RpcServerInqBindings
RpcServerUseProtseqW
RpcServerRegisterIfEx
RpcServerInqBindingHandle
RpcServerRegisterIf3
RpcBindingVectorFree
RpcServerUnregisterIf
NdrAsyncServerCall
NdrServerCall2
RpcServerRegisterIf
RpcMgmtWaitServerListen
RpcMgmtStopServerListening
RpcServerListen

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetSystemTime
GetComputerNameExW
GlobalMemoryStatusEx
GetTickCount
GetSystemTimeAsFileTime
GetTickCount64
GetSystemDirectoryW
GetVersionExW

api-ms-win-security-base-l1-1-0

GetKernelObjectSecurity
SetSecurityDescriptorGroup
AddAuditAccessAceEx
IsValidAcl
SetSecurityDescriptorControl
AddAccessAllowedAceEx
SetKernelObjectSecurity
SetSecurityDescriptorSacl
GetAce
GetSecurityDescriptorControl
CopySid
GetLengthSid
InitializeAcl
ImpersonateLoggedOnUser
GetTokenInformation
AddAccessDeniedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetFileSecurityW
EqualSid
AdjustTokenPrivileges
AddAccessAllowedAce
SetTokenInformation
AllocateLocallyUniqueId
AllocateAndInitializeSid
GetSecurityDescriptorDacl
AddAce
SetSecurityDescriptorDacl
FreeSid
RevertToSelf
CheckTokenMembership

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-registry-l1-1-0

RegGetKeySecurity
RegSetKeySecurity
RegNotifyChangeKeyValue
RegDeleteTreeW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegEnumKeyExW
RegGetValueW
RegLoadMUIStringW
RegQueryInfoKeyW
RegEnumValueW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW

api-ms-win-core-synch-l1-2-0

InitializeConditionVariable
WakeConditionVariable
WaitOnAddress
WakeByAddressAll
Sleep
SleepConditionVariableSRW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetEnvironmentVariableW
SearchPathW

api-ms-win-core-wow64-l1-1-1

IsWow64Process2
GetSystemWow64DirectoryW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventActivityIdControl
EventUnregister
EventSetInformation

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy
OpenProcess

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-file-l1-1-0

FindFirstFileW
RemoveDirectoryW
FindClose
FindNextFileW
CompareFileTime
DeleteFileW
SetFileInformationByHandle
CreateFileW
CreateDirectoryW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-sysinfo-l1-2-6

IsUserCetAvailableInEnvironment

api-ms-win-core-sysinfo-l1-2-3

GetOsManufacturingMode

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

api-ms-win-core-rtlsupport-l1-1-0

RtlCompareMemory
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

NtAccessCheck
NtAccessCheckAndAuditAlarm
NtDuplicateToken
NtAdjustPrivilegesToken
RtlMapGenericMask
RtlSetOwnerSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlCreateAcl
RtlAddAccessAllowedAce
RtlGetAce
RtlAddAccessDeniedAce
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
RtlTestProtectedAccess
RtlSetProcessIsCritical
NtSetInformationToken
RtlIsStateSeparationEnabled
NtOpenProcessToken
NtOpenEvent
TpAllocPool
TpSetPoolMinThreads
TpAllocTimer
TpAllocWork
RtlUnhandledExceptionFilter
TpSetTimer
TpWaitForTimer
RtlInitializeCriticalSection
RtlValidRelativeSecurityDescriptor
RtlQuerySecurityObject
RtlSetSecurityObject
NtQuerySystemInformation
RtlWow64IsWowGuestMachineSupported
wcscspn
RtlSetSaclSecurityDescriptor
RtlInitializeSid
RtlSubAuthorityCountSid
RtlAddAce
RtlLengthRequiredSid
RtlDeriveCapabilitySidsFromName
RtlNewSecurityObject
RtlAnsiStringToUnicodeString
RtlUnicodeStringToAnsiString
RtlInitAnsiString
RtlGetPersistedStateLocation
wcscat_s
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
RtlUnicodeStringToInteger
_ltow_s
EtwUnregisterTraceGuids
RtlEqualSid
RtlGetOwnerSecurityDescriptor
RtlCreateServiceSid
NtCloseObjectAuditAlarm
NtCreateWnfStateName
NtOpenThread
NtQueueApcThread
RtlQueueApcWow64Thread
NtQueryInformationFile
NtSetInformationFile
RtlAppendUnicodeStringToString
NtWaitForSingleObject
NtQueryDirectoryFile
NtDeleteFile
EtwEventEnabled
EtwEventRegister
EvtIntReportEventAndSourceAsync
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubAuthoritySid
RtlReplaceSystemDirectoryInPath
RtlExpandEnvironmentStrings
RtlSetControlSecurityDescriptor
RtlRegisterWait
NtDeleteKey
NtEnumerateKey
NtDeleteValueKey
NtSetValueKey
NtQueryValueKey
NtOpenKey
NtCreateKey
RtlValidSecurityDescriptor
EtwEventWrite
RtlSetEnvironmentVariable
RtlNtStatusToDosErrorNoTeb
TpReleaseTimer
RtlGetDeviceFamilyInfoEnum
TpSetTimerEx
RtlEqualUnicodeString
NtUnloadDriver
NtQueryDirectoryObject
NtOpenDirectoryObject
NtLoadDriver
RtlRandom
NtSetEvent
RtlGetNtProductType
TpReleaseWork
RtlLengthSecurityDescriptor
NtDeleteWnfStateName
NtSetInformationProcess
RtlInitializeResource
TpPostWork
RtlCopyLuid
RtlDeleteSecurityObject
RtlExpandEnvironmentStrings_U
RtlDeregisterWait
NtPowerInformation
DbgPrintEx
RtlPublishWnfStateData
RtlCompareUnicodeString
NtQueryInformationToken
NtQueryInformationProcess
RtlInitializeSRWLock
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtUnmapViewOfSection
RtlImageNtHeader
NtMapViewOfSection
NtCreateSection
NtOpenFile
RtlAppendUnicodeToString
RtlInitUnicodeStringEx
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
NtDeleteObjectAuditAlarm
RtlReleaseSRWLockExclusive
RtlAcquireResourceExclusive
RtlAcquireSRWLockExclusive
RtlDeleteRegistryValue
RtlQueryRegistryValuesEx
NtSetInformationThread
NtQueryKey
NtShutdownSystem
NtInitializeRegistry
NtSetSystemEnvironmentValue
NtQueryWnfStateData
RtlWakeAddressAll
TpReleasePool
TpSimpleTryPost
DbgPrint
RtlVerifyVersionInfo
RtlDosPathNameToNtPathName_U_WithStatus
RtlCreateProcessParametersEx
NtCreateUserProcess
wcsncpy
RtlReleaseResource
RtlAcquireResourceShared
RtlAreAllAccessesGranted
NtPrivilegeCheck
NtOpenThreadToken
RtlLengthSid
RtlCopyUnicodeString
RtlWaitOnAddress
NtFilterToken
NtClose
RtlNtStatusToDosError
RtlCopySid
RtlInitUnicodeString
EtwTraceMessage
RtlFreeHeap
RtlAllocateHeap
NtPrivilegeObjectAuditAlarm
RtlCreateSecurityDescriptor
RtlGetCurrentServiceSessionId
RtlSubscribeWnfStateChangeNotification

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-localization-private-l1-1-0

LoadStringByReference

api-ms-win-core-state-helpers-l1-1-0

GetRegistryValueWithFallbackW

dpapi

CryptResetMachineCredentials

eventaggregation

EAQueryAggregateEventData
EaFreeAggregatedEventParameters
EaQueryAggregatedEventParameters
EACreateAggregateEvent
EaCreateAggregatedEvent
BriCreateBrokeredEvent
EaDeleteAggregatedEvent
BriDeleteBrokeredEvent
EADeleteAggregateEvent

api-ms-win-eventing-controller-l1-1-0

StartTraceW
EnableTraceEx2
ControlTraceW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-devices-config-l1-1-1

CM_Get_Device_ID_ListW
CM_Get_DevNode_Status
CM_Get_Device_ID_List_SizeW
CM_Query_And_Remove_SubTreeW
CM_Get_DevNode_Registry_PropertyW
CM_Locate_DevNodeW
CM_Setup_DevNode

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

devobj

DevObjOpenDevRegKey
DevObjCreateDeviceInfoList
DevObjOpenDeviceInfo
DevObjDestroyDeviceInfoList
DevObjGetClassDevs
DevObjEnumDeviceInfo
DevObjGetDeviceInfoListDetail
DevObjGetDeviceRegistryProperty
DevObjGetDeviceInstanceId
DevObjDeleteDeviceInfo
DevObjGetDeviceProperty

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

Sections

.text
Size: 536KB - Virtual size: 533KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sessionmsg.exe
.exe windows:10 windows x64 arch:x64

3b460fdd6065007853e9170f82b041b0

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ce:a3:ce:f6:74:8b:85:f0:91:1b:f1:25:d4:6e:84:31:60:5d:ac:8b:8e:0f:83:62:4d:f1:f6:43:0a:1e:d7:0a
Signer

Actual PE Digest

ce:a3:ce:f6:74:8b:85:f0:91:1b:f1:25:d4:6e:84:31:60:5d:ac:8b:8e:0f:83:62:4d:f1:f6:43:0a:1e:d7:0a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SessionMsg.pdb

Imports

advapi32

RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
EventWriteTransfer
EventRegister
EventSetInformation

kernel32

GetTickCount
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetProcessHeap
LeaveCriticalSection
SetLastError
EnterCriticalSection
LocalFree
FormatMessageW
LockResource
WaitForSingleObject
CloseHandle
CreateThread
CreateEventW
Sleep
InitializeCriticalSection
GetCurrentThreadId
OutputDebugStringA
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
RaiseException
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
GetCommandLineW
SetEvent
DeleteCriticalSection

user32

UnregisterClassA
GetUserObjectInformationW
GetThreadDesktop
DispatchMessageW
TranslateMessage
GetMessageW
CharUpperW
PostThreadMessageW
CharNextW

msvcrt

memset
??3@YAXPEAX@Z
__CxxFrameHandler4
??_V@YAXPEAX@Z
__C_specific_handler
wcsncpy_s
malloc
free
wcscpy_s
wcscat_s
_purecall
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
_wcmdln
_fmode
_commode
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_errno
realloc
_lock
_unlock
__dllonexit
_onexit
_vsnprintf
memcpy_s

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

ole32

CoRegisterClassObject
CoInitializeEx
CoCreateInstance
StringFromGUID2
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoRevokeClassObject
CoTaskMemFree

oleaut32

SysFreeString
VarUI4FromStr
SysAllocStringLen
SysStringLen
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
SysAllocString

shlwapi

SHStrDupW

duser

DeleteHandle
CreateAction

dui70

?Initialize@Element@DirectUI@@QEAAJIPEAV12@PEAK@Z
StartMessagePump
?AccNameProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?ContentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?_ZeroRelease@Value@DirectUI@@AEAAXXZ
?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z
?CreateString@Value@DirectUI@@SAPEAV12@PEBGPEAUHINSTANCE__@@@Z
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UEBAXXZ
?GetChildren@ClassInfoBase@DirectUI@@UEBAHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UEAAXXZ
?AddChild@ClassInfoBase@DirectUI@@UEAAXXZ
?IsGlobal@ClassInfoBase@DirectUI@@UEBA_NXZ
?GetModule@ClassInfoBase@DirectUI@@UEBAPEAUHINSTANCE__@@XZ
?IsSubclassOf@ClassInfoBase@DirectUI@@UEBA_NPEAUIClassInfo@2@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UEBA_NPEBUPropertyInfo@2@@Z
?GetName@ClassInfoBase@DirectUI@@UEBAPEBGXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UEBAIXZ
?GetPICount@ClassInfoBase@DirectUI@@UEBAIXZ
?GetByClassIndex@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?Release@ClassInfoBase@DirectUI@@UEAAHXZ
?AddRef@ClassInfoBase@DirectUI@@UEAAXXZ
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?GetAccessibleImpl@Element@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnDestroy@Element@DirectUI@@UEAAXXZ
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnInput@Element@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnGroupChanged@Element@DirectUI@@UEAAXH_N@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
??1ClassInfoBase@DirectUI@@UEAA@XZ
??0ClassInfoBase@DirectUI@@QEAA@XZ
??1Element@DirectUI@@UEAA@XZ
??0Element@DirectUI@@QEAA@XZ
?GetClassInfoPtr@Element@DirectUI@@SAPEAUIClassInfo@2@XZ
?_PostEvent@Element@DirectUI@@AEAAXPEAUEvent@2@H@Z
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?Initialize@ClassInfoBase@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG_NPEBQEBUPropertyInfo@2@I@Z
?Register@ClassInfoBase@DirectUI@@QEAAJXZ
?ClassExist@ClassInfoBase@DirectUI@@SA_NPEAPEAUIClassInfo@2@PEBQEBUPropertyInfo@2@IPEAU32@PEAUHINSTANCE__@@PEBG_N@Z
?GetFactoryLock@Element@DirectUI@@SAPEAU_RTL_CRITICAL_SECTION@@XZ
?Register@Element@DirectUI@@SAJXZ
?OnEvent@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
UnInitProcessPriv
UnInitThread
InitThread
InitProcessPriv
?EndDefer@Element@DirectUI@@QEAAXK@Z
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
StrToID
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sethc.exe
.exe windows:10 windows x64 arch:x64

fed48c57aaefe98e1a80fd6c1db1365b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

sethc.pdb

Imports

advapi32

EventUnregister
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
EventRegister
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
TraceMessage
EventWriteTransfer
RegOpenKeyExW
RegEnumValueW
EventSetInformation
RegDeleteTreeW
RegLoadMUIStringW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
RegGetValueW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegCloseKey

kernel32

HeapFree
HeapReAlloc
HeapSize
ExpandEnvironmentStringsW
CreateMutexW
VirtualQuery
GetSystemInfo
MultiByteToWideChar
GetLastError
LoadLibraryExA
VirtualProtect
OOBEComplete
CloseHandle
RaiseException
HeapSetInformation
HeapAlloc
IsProcessInJob
OpenJobObjectW
InitOnceComplete
InitOnceBeginInitialize
CreateSemaphoreExW
CreateMutexExW
FreeLibrary
LoadLibraryExW
CompareStringOrdinal
CreateThreadpoolTimer
OpenSemaphoreW
WaitForSingleObject
InitializeCriticalSectionEx
WaitForSingleObjectEx
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
ReleaseMutex
ReleaseSemaphore
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
OutputDebugStringW
IsDebuggerPresent
K32GetModuleBaseNameW
K32EnumProcessModules
K32EnumProcesses
DeleteFileW
GetFileAttributesW
DeleteProcThreadAttributeList
CreateProcessW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
OpenProcess
SetLastError
GetProcAddress
DebugBreak
GetModuleFileNameA
GetModuleHandleExW
FormatMessageW
LocalFree
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
LeaveCriticalSection
SizeofResource
OpenMutexW
GetCurrentProcessId
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
GetVersionExW
GetProcessHeap
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
LoadResource
FindResourceExW
LockResource
GetProductInfo
HeapDestroy

user32

UnregisterClassA
LoadIconW
SetWindowPos
SystemParametersInfoW
LoadStringW
SetWindowTextW
MessageBoxW
GetUserObjectInformationW
GetThreadDesktop
SetDesktopColorTransform
SendNotifyMessageW
GetWindowThreadProcessId
GetShellWindow
GetKeyState
SendInput

msvcrt

_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
_wcmdln
_XcptFilter
_commode
_lock
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
memset
memcmp
??1type_info@@UEAA@XZ
wcschr
_ltow_s
_wcslwr_s
wcscspn
wcsspn
wcsrchr
??_V@YAXPEAX@Z
memmove_s
__C_specific_handler
_callnewh
malloc
free
_wcsicmp
_vsnwprintf
_purecall
_wtoi
__CxxFrameHandler4
memcpy_s
_fmode
wcscmp

ntdll

WinSqmIncrementDWORD
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
WinSqmAddToStream
WinSqmIsOptedIn

playsndsrv

PlaySoundServerInitialize

oleacc

AccessibleObjectFromWindow

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString

uxtheme

ord65

shell32

ShellExecuteW

shlwapi

PathFileExistsW
ord460

dui70

?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
StrToID
?GetClassInfoPtr@CCPushButton@DirectUI@@SAPEAUIClassInfo@2@XZ
?Click@Button@DirectUI@@SA?AVUID@@XZ
?GetKeyFocusedElement@HWNDElement@DirectUI@@SAPEAVElement@2@XZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?SetAccessible@Element@DirectUI@@QEAAJ_N@Z
?SetLayout@Element@DirectUI@@QEAAJPEAVLayout@2@@Z
?CanSetFocus@HWNDElement@DirectUI@@UEAA_NXZ
?IsMSAAEnabled@HWNDElement@DirectUI@@UEAA_NXZ
?GetHWND@HWNDElement@DirectUI@@UEAAPEAUHWND__@@XZ
?GetClassInfoW@HWNDElement@DirectUI@@UEAAPEAUIClassInfo@2@XZ
?DestroyWindow@NativeHWNDHost@DirectUI@@QEAAXXZ
??1DUIFactory@DirectUI@@QEAA@XZ
?LoadFromResource@DUIFactory@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG1PEAVElement@2@PEAKPEAPEAV42@1@Z
?Create@FillLayout@DirectUI@@SAJPEAPEAVLayout@2@@Z
?Destroy@Layout@DirectUI@@QEAAXXZ
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Add@Element@DirectUI@@QEAAJPEAV12@@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?DoubleBuffered@Element@DirectUI@@QEAAX_N@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?Host@NativeHWNDHost@DirectUI@@QEAAXPEAVElement@2@@Z
?OnPropertyChanged@HWNDElement@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnGroupChanged@HWNDElement@DirectUI@@UEAAXH_N@Z
?OnDestroy@HWNDElement@DirectUI@@UEAAXXZ
?OnEvent@HWNDElement@DirectUI@@UEAAXPEAUEvent@2@@Z
?OnThemeChanged@HWNDElement@DirectUI@@UEAAXPEAUThemeChangedEvent@2@@Z
?OnImmersiveColorSchemeChanged@HWNDElement@DirectUI@@UEAAXXZ
?OnInput@HWNDElement@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnNoChildWithShortcutFound@HWNDElement@DirectUI@@UEAAXPEAUKeyboardEvent@2@@Z
?OnGetDlgCode@HWNDElement@DirectUI@@UEAAXPEAUtagMSG@@PEA_J@Z
?OnWmThemeChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnWmSettingChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnCompositionChanged@HWNDElement@DirectUI@@UEAAXXZ
?UpdateTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?ActivateTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@K@Z
?RemoveTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?CreateStyleParser@HWNDElement@DirectUI@@UEAAJPEAPEAVDUIXmlParser@2@@Z
?WndProc@HWNDElement@DirectUI@@UEAA_JPEAUHWND__@@I_K_J@Z
?GetWindowClassNameAndStyle@HWNDElement@DirectUI@@UEAAXPEAPEBGPEAI@Z
?Register@HWNDElement@DirectUI@@SAJXZ
?GetAccessibleImpl@HWNDElement@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
??0HWNDElement@DirectUI@@QEAA@XZ
??1HWNDElement@DirectUI@@UEAA@XZ
?Initialize@HWNDElement@DirectUI@@QEAAJPEAUHWND__@@_NIPEAVElement@2@PEAK@Z
?_OnUIStateChanged@HWNDElement@DirectUI@@MEAAXGG@Z
?Create@NativeHWNDHost@DirectUI@@SAJPEBGPEAUHWND__@@PEAUHICON__@@HHHHHHIPEAPEAV12@@Z
?ShowWindow@NativeHWNDHost@DirectUI@@QEAAXH@Z
UnInitThread
StartMessagePump
InitProcessPriv
InitThread
?Destroy@NativeHWNDHost@DirectUI@@QEAAXXZ
?EndDefer@Element@DirectUI@@QEAAXK@Z
UnInitProcessPriv

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setspn.exe
.exe windows:10 windows x64 arch:x64

e6b8038038b9abf6acb11e0a8be9bb84

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

setspn.pdb

Imports

msvcrt

__set_app_type
fwprintf
__wgetmainargs
_amsg_exit
_XcptFilter
wcsncpy_s
calloc
towupper
_fmode
wcscpy_s
__C_specific_handler
exit
_commode
_exit
_wsetlocale
?terminate@@YAXXZ
wcsncat_s
_snwprintf_s
_vsnwprintf
_wcsnicmp
_initterm
__setusermatherr
_cexit
__iob_func
free
wcschr
fprintf
_wcsicmp
towlower
memcpy
memset

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleW
LoadStringW

wldap32

ord135
ord140
ord191
ord147
ord16
ord27
ord26
ord88
ord46
ord206
ord133
ord73
ord224
ord208
ord12
ord118
ord145
ord97
ord13
ord127
ord170
ord167
ord41

logoncli

DsGetDcNameWithAccountW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess
ExitProcess

netutils

NetApiBufferFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-file-l1-1-0

WriteFile

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-downlevel-shlwapi-l1-1-0

StrCmpW
StrChrW

ntdll

RtlInitUnicodeString

ntdsapi

DsUnBindW
DsBindW
DsWriteAccountSpnW
DsCrackNamesW
DsFreeNameResultW

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setupcl.exe
.sys windows:10 windows x64 arch:x64

e6ec033d50c4aa333266d896d32511bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

setupcl.pdb

Imports

ntdll

EtwEventEnabled
EtwEventUnregister
EtwEventWrite
EtwEventRegister
RtlSetHeapInformation
NtQuerySystemTime
NtDisplayString
RtlFreeUnicodeString
RtlInitUnicodeString
NtDrawText
RtlAdjustPrivilege
NtTerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
iswspace
RtlAllocateHeap
RtlNormalizeProcessParams
memset

setupcl

SclLoadStringResource
SclExecutePendedRequests
SclAcquireRequiredPrivileges
SclReleasePrivileges

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setupugc.exe
.exe windows:10 windows x64 arch:x64

905a5103d51ab5016660d5853ef0772c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

setupugc.pdb

Imports

msvcrt

iswalpha
wcscspn
wcsspn
wcsncmp
wcsrchr
_wcsnicmp
wcschr
_vscwprintf
_vsnprintf
_wcsicmp
memmove
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
__CxxFrameHandler4
qsort
iswdigit
_wtoi
_vsnwprintf
iswspace
memset

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-sysinfo-l1-2-0

SetComputerNameExW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

dnsapi

DnsValidateName_W

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetVersionExW
GetWindowsDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteKeyExW
RegDeleteValueW
RegSetValueExW
RegDeleteTreeW
RegCreateKeyExW

api-ms-win-eventing-classicprovider-l1-1-0

TraceEvent
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
FreeLibrary
LoadStringW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
OpenEventW
LeaveCriticalSection
EnterCriticalSection
SetEvent
CreateEventW
WaitForSingleObject
DeleteCriticalSection

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
OpenProcessToken
CreateThread
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
GetExitCodeProcess
CreateProcessW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-kernel32-legacy-l1-1-0

SetVolumeLabelW

wdscore

WdsDestroyBlackboard
WdsGetBlackboardValue
WdsEnumFirstBlackboardItem
WdsInitializeDataStringW
WdsCreateBlackboard
WdsSetBlackboardValue
WdsInitializeDataUInt32
WdsDeleteBlackboardValue
WdsFreeData
WdsInitialize
WdsAbortBlackboardItemEnum
WdsValidBlackboard
WdsTerminate

rpcrt4

I_RpcMapWin32Status
UuidToStringW
UuidCreate
RpcStringFreeW

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
ExpandEnvironmentStringsW

api-ms-win-core-file-l1-1-0

FindClose
GetFullPathNameW
FindNextFileW
DeleteFileW
GetFileAttributesW
SetFileAttributesW
CreateDirectoryW
SetFileInformationByHandle
GetFileInformationByHandle
GetFinalPathNameByHandleW
FindFirstFileW
GetLongPathNameW
CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

mpr

WNetCancelConnection2W
WNetAddConnection2W

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntdll

RtlSetThreadErrorMode
NtSetInformationFile
RtlNtStatusToDosError
NtQuerySystemInformation
RtlFreeHeap
RtlAllocateHeap
NtOpenFile
NtClose
NtDeviceIoControlFile
RtlInitUnicodeString
RtlGetThreadErrorMode

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setx.exe
.exe windows:10 windows x64 arch:x64

d4d91c020e7b54b5efceeae2fd69b971

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

setx.pdb

Imports

msvcrt

fflush
fprintf
_get_osfhandle
_cexit
_fileno
wcstoul
wcstod
_errno
_exit
__iob_func
__set_app_type
_vsnwprintf
__wgetmainargs
_amsg_exit
__setusermatherr
_initterm
exit
iswctype
_wtoi
fseek
_wcsnset
memmove
_XcptFilter
fgetws
wcsstr
wcstol
?terminate@@YAXXZ
wcstok
_commode
_wfopen
_fmode
_memicmp
__C_specific_handler
fclose
wcschr
memcpy
memchr
memset

api-ms-win-core-registry-l2-1-0

RegConnectRegistryW
RegCreateKeyW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrTrimW
StrChrW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetThreadLocale
SetThreadUILanguage

api-ms-win-core-file-l1-1-0

CreateFileW
ReadFile
GetFileSize
GetFileType

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSize
HeapValidate
HeapReAlloc
HeapSetInformation
GetProcessHeap
HeapFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
FindStringOrdinal
GetModuleHandleW
LoadStringW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
ExitProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetComputerNameExW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

ws2_32

FreeAddrInfoW
WSACleanup
GetNameInfoW
GetAddrInfoW
WSAGetLastError
WSAStartup

sspicli

GetUserNameExW

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrlenA

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
WideCharToMultiByte

api-ms-win-core-console-l1-1-0

GetConsoleMode
WriteConsoleW
GetConsoleOutputCP
SetConsoleMode
ReadConsoleW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-core-string-l2-1-0

CharUpperW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntdll

RtlVerifyVersionInfo

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sfc.exe
.exe windows:10 windows x64 arch:x64

4eaed373a7e95ce6cb8893fd20d42cb8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

sfc.pdb

Imports

msvcrt

memcmp
memcpy
memmove
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
wcstok
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
free
_callnewh
malloc
wcsrchr
strstr
atoi
wcsstr
wcschr
_strnicmp
wcstoul
strtoul
swscanf
_vsnwprintf
strtok
__C_specific_handler
_wtof
_wcsnicmp
_fileno
_setmode
_wcsicmp
_errno
_purecall
__iob_func
exit
wprintf
memset

ntdll

RtlFreeHeap
RtlRaiseStatus
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlExpandEnvironmentStrings_U
RtlInitAnsiString
RtlInitUnicodeString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString

oleaut32

SysFreeString
SysAllocString

powrprof

PowerDeterminePlatformRole

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoInitializeEx
CoGetMalloc
CoCreateGuid
CoCreateInstance
CoUninitialize

kernel32

LeaveCriticalSection
CreateSemaphoreExW
CreateMutexExW
RemoveDirectoryW
DeleteFileW
SetErrorMode
GetErrorMode
CopyFileW
CreateDirectoryW
GetFileAttributesW
CreateThreadpoolTimer
OpenSemaphoreW
DeleteCriticalSection
InitializeCriticalSectionEx
WaitForSingleObjectEx
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
ReleaseMutex
ReleaseSemaphore
SetLastError
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
OutputDebugStringW
IsDebuggerPresent
DebugBreak
GetModuleFileNameA
GetModuleHandleExW
EnterCriticalSection
RaiseException
SetEnvironmentVariableW
FormatMessageW
CloseHandle
HeapSetInformation
LocalFree
CompareFileTime
GetFileSizeEx
HeapFree
GetModuleFileNameW
GetUserDefaultUILanguage
GetProductInfo
WaitForSingleObject
CreateFileW
GetVersionExW
UnmapViewOfFile
QueueUserWorkItem
CreateEventW
GetLastError
SetEvent
FileTimeToSystemTime
GetDiskFreeSpaceExW
GetSystemInfo
LoadLibraryW
HeapAlloc
GetLocalTime
GetProcAddress
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
LocaleNameToLCID
CreateFileMappingW
MapViewOfFile
GetFileTime
Sleep
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LoadLibraryExW
GetWindowsDirectoryW
lstrcmpiW
OutputDebugStringA
GetTempPathW

advapi32

CheckTokenMembership
AllocateAndInitializeSid
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW
RegCloseKey
FreeSid

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
shrpubw.exe
.exe windows:10 windows x64 arch:x64

097c5a6898822dcd3568701547c0cadf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

shrpubw.pdb

Imports

advapi32

RegQueryValueExW
RegCloseKey
FreeSid
GetLengthSid
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
RegOpenKeyExW
MakeSelfRelativeSD
AllocateAndInitializeSid
LookupAccountNameW
MapGenericMask
GetSecurityDescriptorLength
GetSecurityDescriptorControl
RegOpenKeyExA
SetSecurityDescriptorDacl
RegConnectRegistryW
RegQueryValueExA

kernel32

LocalAlloc
GlobalAlloc
CreateDirectoryW
GetComputerNameExW
lstrcmpiW
LocalFree
GetFileAttributesW
GetDriveTypeW
GetLogicalDriveStringsW
FormatMessageW
GetProcAddress
ExpandEnvironmentStringsA
LoadLibraryExA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
HeapSetInformation
RegisterApplicationRestart
GetComputerNameW
GetLastError
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
FreeLibrary
LoadLibraryW

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject

user32

SystemParametersInfoW
MessageBoxW
RegisterClipboardFormatW
EnableWindow
SendMessageW
GetParent
GetActiveWindow
ReleaseDC
PostMessageW
LoadImageW
GetDC

mfc42u

ord6708
ord1126
ord4436
ord1122
ord4601
ord1463
ord2856
ord1284
ord1287
ord3916
ord4770
ord4983
ord4371
ord3164
ord4077
ord4083
ord4082
ord3046
ord3166
ord3052
ord3366
ord3231
ord4815
ord3362
ord3243
ord3049
ord6053
ord5711
ord5730
ord5065
ord4368
ord624
ord5724
ord5722
ord3468
ord2412
ord5615
ord1388
ord4191
ord6071
ord2515
ord2559
ord1366
ord6813
ord1907
ord552
ord999
ord4582
ord5077
ord3182
ord2906
ord3177
ord2661
ord5382
ord1677
ord2408
ord2676
ord1574
ord286
ord6351
ord4771
ord4988
ord5699
ord2140
ord2457
ord5683
ord1736
ord5484
ord3933
ord6814
ord2060
ord2670
ord4789
ord5227
ord4017
ord5709
ord4694
ord6812
ord5586
ord2399
ord5663
ord4752
ord1777
ord4365
ord6437
ord2517
ord5406
ord5246
ord4722
ord5687
ord4699
ord5352
ord5114
ord5304
ord5583
ord5585
ord5584
ord6328
ord6216
ord6050
ord621
ord1286
ord6632
ord620
ord6021
ord3003
ord1787
ord1259
ord4521
ord2846
ord2781
ord5979
ord4473
ord562
ord6886
ord6887
ord2629
ord1040
ord626
ord1063
ord659
ord4598
ord1584
ord6705
ord4836
ord2752

msvcrt

_wcsnicmp
??1type_info@@UEAA@XZ
memset
__set_app_type
__wgetmainargs
exit
_amsg_exit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_XcptFilter
memmove
_onexit
memcpy
wcschr
wcsrchr
iswspace
free
wcsncmp
calloc
__CxxFrameHandler4
_exit
towupper
wcscmp

comctl32

DestroyPropertySheetPage
PropertySheetW
ord17

netutils

NetpwPathType
NetpIsRemote
NetpwNameValidate
NetApiBufferFree

srvcli

NetServerDiskEnum
NetpsNameValidate
NetShareAdd
NetShareSetInfo
NetShareEnum
NetShareGetInfo
NetServerGetInfo

aclui

ord1

ws2_32

WSAStringToAddressW
WSACleanup
WSAStartup

shell32

SHGetPathFromIDListW
SHGetMalloc
ord190
ord155
ord152
ord17
ord16
ord18
SHChangeNotify
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetDesktopFolder

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoCreateInstance

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
shutdown.exe
.exe windows:10 windows x64 arch:x64

7381ef144db2b1cfea7eef9bb9b7a530

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

shutdown.pdb

Imports

msvcrt

wcsncmp
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
exit
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
_vsnwprintf

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-shutdown-l1-1-0

AbortSystemShutdownW
InitiateSystemShutdownExW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-firmware-l1-1-0

SetFirmwareEnvironmentVariableW
GetFirmwareEnvironmentVariableW

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleHandleW

api-ms-win-core-localization-l1-2-0

SetThreadPreferredUILanguages
FormatMessageW

api-ms-win-core-shutdown-l1-1-1

InitiateShutdownW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA
lstrlenW

ntdll

RtlNtStatusToDosError
NtInitiatePowerAction
NtPowerInformation
RtlAdjustPrivilege

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-console-l1-1-0

WriteConsoleW
GetConsoleMode
GetConsoleOutputCP

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetEnvironmentVariableW

api-ms-win-core-file-l1-1-0

WriteFile
GetFileType

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sigverif.exe
.exe windows:10 windows x64 arch:x64

aa4b4e6bdb1a12ef8952dd7eddde3eed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

sigverif.pdb

Imports

advapi32

OpenServiceW
QueryServiceConfigW
CloseServiceHandle
OpenSCManagerW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW

kernel32

GetFileAttributesExW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
SystemTimeToFileTime
CompareFileTime
CreateFileW
CloseHandle
DeleteFileW
WriteFile
FormatMessageW
LocalFree
SetFilePointer
GetCurrentDirectoryW
GetFileSize
CompareStringW
GetVersionExW
GetSystemInfo
MulDiv
GetCommandLineW
CreateThread
HeapSetInformation
RegisterApplicationRestart
OutputDebugStringW
GetTickCount
lstrcmpW
GetSystemDirectoryW
HeapFree
GetProcessHeap
HeapAlloc
GetSystemWindowsDirectoryW
SetEndOfFile
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
Sleep
SetLastError
GetLastError
GetFullPathNameW
GetFileAttributesW
SetCurrentDirectoryW
GetTimeFormatW
GetSystemTimeAsFileTime

gdi32

GetTextExtentPoint32W
SetBkColor
SetTextColor
SelectObject
SetTextAlign
ExtTextOutW

user32

RegisterClassW
LoadCursorW
DefWindowProcW
SetWindowLongW
InvalidateRect
EndPaint
GetSysColor
PostMessageW
GetParent
BeginPaint
LoadStringW
CheckRadioButton
FindWindowW
SetProcessDPIAware
CharUpperBuffW
LoadIconW
DialogBoxParamW
DestroyIcon
MessageBoxW
EnableWindow
SetDlgItemTextW
SetWindowLongPtrW
GetDlgItemTextW
IsDlgButtonChecked
ShowWindow
EndDialog
DestroyWindow
SetFocus
SetForegroundWindow
CreateWindowExW
MoveWindow
GetClientRect
GetWindowRect
SetClassLongPtrW
GetWindowLongW
CharLowerBuffW
GetDlgItem
SendMessageW
CheckDlgButton

msvcrt

memset
?terminate@@YAXXZ
_fmode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
iswctype
_vsnwprintf
_wcsicmp
_commode

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHGetFileInfoW

comctl32

CreateStatusWindowW
ord17
PropertySheetW

shlwapi

StrStrIW

setupapi

SetupDiDestroyDeviceInfoList
pSetupConcatenatePaths
pSetupStringFromGuid
SetupDiOpenDevRegKey
SetupDiDestroyDriverInfoList
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
CM_Get_DevNode_Status
SetupDiOpenClassRegKey
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoW
SetupDiSetSelectedDriverW
SetupOpenFileQueue
SetupDiCallClassInstaller
SetupScanFileQueueW
SetupCloseFileQueue
SetupDiGetDeviceRegistryPropertyW
SetupDiBuildClassInfoList

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wintrust

CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
IsCatalogFile
WinVerifyTrust
CryptCATAdminReleaseContext

crypt32

CertFreeCertificateContext

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sihost.exe
.exe windows:10 windows x64 arch:x64

416ee26cb8c768f6662ac36c7d016457

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

sihost.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_c_exit
_initterm_e
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__cexit
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__callnewh
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
wcsrchr
__std_terminate
__CxxFrameHandler4
memcmp
_o___stdio_common_vswprintf
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
EnterCriticalSection
LeaveCriticalSection
SetEvent
ReleaseMutex
ResetEvent
InitializeCriticalSectionEx
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
CreateMutexExW
DeleteCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseSemaphore
CreateEventW
WaitForSingleObject

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapSetInformation
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventActivityIdControl
EventSetInformation
EventUnregister

api-ms-win-core-processthreads-l1-1-0

CreateThread
SetProcessShutdownParameters
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetStartupInfoW
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoInitializeSecurity
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CoGetApartmentType
CoCreateInstance
CoTaskMemFree
CoGetMalloc
CoTaskMemRealloc
CoRegisterClassObject
StringFromGUID2
CoRevokeClassObject
CoCreateFreeThreadedMarshaler

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

coremessaging

CoreUICreate

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorDacl
GetLengthSid
CopySid
MakeAbsoluteSD
SetSecurityDescriptorDacl
GetTokenInformation

api-ms-win-security-trustee-l1-1-0

BuildTrusteeWithSidW

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

ntdll

NtSetInformationProcess

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
slui.exe
.exe windows:10 windows x64 arch:x64

301dd45e39bda479c0b8ef2f54eff747

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

slui.pdb

Imports

advapi32

EventWriteTransfer
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
EventRegister
EventUnregister
CheckTokenMembership
AllocateAndInitializeSid
FreeSid

kernel32

HeapFree
GetModuleHandleExW
CloseHandle
HeapAlloc
GetProcAddress
GetProcessHeap
GetLastError
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
FileTimeToSystemTime
DeleteCriticalSection
EncodePointer
GetCurrentThreadId
RaiseException
WaitForSingleObject
ReleaseSemaphore
SetEvent
Sleep
FreeLibrary
GetSystemDirectoryW
GetFileAttributesW
RegisterApplicationRestart
HeapSetInformation
GetCommandLineW
CreateEventW
DecodePointer
GetModuleFileNameW
VirtualQuery
LocalFree
ExpandEnvironmentStringsW
SystemTimeToFileTime
GetSystemTime
LockResource
LoadResource
FindResourceExW
FormatMessageW
LocalAlloc
LoadLibraryExW
GetCurrentProcess
SetLastError
CheckElevationEnabled
WaitForMultipleObjects
CreateSemaphoreW
FreeLibraryAndExitThread
GetCurrentThread
SetThreadPriority
CreateThread
GetThreadPriority
GetProcessAffinityMask
GetUserDefaultLCID

user32

AllowSetForegroundWindow
LoadCursorW
CallWindowProcW
GetWindowLongPtrW
DestroyWindow
SetWindowLongPtrW
MessageBoxW
SetForegroundWindow
DefWindowProcW
CreateWindowExW
GetDesktopWindow
RegisterClassW
GetWindowLongW
SetCursor

msvcrt

_lock
memset
_wcsicmp
_commode
_initterm
__setusermatherr
_onexit
_cexit
memmove
memcpy
memcmp
?terminate@@YAXXZ
__dllonexit
_unlock
__C_specific_handler
_acmdln
_exit
exit
__set_app_type
_ismbblead
_fmode
_purecall
towupper
_amsg_exit
_XcptFilter
_waccess_s
wcschr
wcsstr
_wtoi
swscanf_s
_vsnwprintf
__getmainargs
wcscmp

api-ms-win-core-com-l1-1-0

CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CoResumeClassObjects
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoAddRefServerProcess
CoSuspendClassObjects
CoReleaseServerProcess
CoUninitialize

oleaut32

SysFreeString
LoadTypeLi
SysAllocString
UnRegisterTypeLi
RegisterTypeLi
SystemTimeToVariantTime
VariantTimeToSystemTime

rpcrt4

RpcStringFreeW
I_RpcMapWin32Status
UuidToStringW

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess
GetCurrentProcessId

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

winbrand

BrandingLoadString

ntdll

WinSqmSetDWORD

ole32

MkParseDisplayName
CreateBindCtx

shell32

CommandLineToArgvW
ShellExecuteExW

sppc

SLClose
SLOpen
SLpIsCurrentInstalledProductKeyDefaultKey
SLGetGenuineInformation

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

slc

SLConsumeWindowsRight

Sections

.text
Size: 344KB - Virtual size: 341KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 228KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
smartscreen.exe
.exe windows:10 windows x64 arch:x64

7cdc8023c00d4717d8ca40319ece4551

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

smartscreen.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initialize_wide_environment
_set_app_type
_errno
_get_initial_wide_environment
_initterm
_initterm_e
exit
_exit
__p___argc
_seh_filter_exe
_invalid_parameter_noinfo_noreturn
__p___wargv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
terminate
_invalid_parameter_noinfo
_initialize_onexit_table
_register_onexit_function
_crt_atexit
abort
_configure_wide_argv

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnprintf_s
__stdio_common_vswprintf
__stdio_common_vsscanf
__stdio_common_vsprintf
_set_fmode
__stdio_common_vsprintf_s
__p__commode

api-ms-win-crt-string-l1-1-0

wcsnlen
__strncnt
islower
towlower
strncmp
isspace
tolower
_wcsdup
isupper
strcpy_s
strcspn
_wcsicmp

ntdll

RtlUnwindEx
RtlLookupFunctionEntry
RtlFreeHeap
NtCreateSection
RtlPcToFileHeader
NtQuerySection
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlIpv4AddressToStringExW
RtlIpv6AddressToStringExW

combase

ord69

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameW
FreeLibrary
GetModuleHandleExW
GetModuleFileNameA
LoadLibraryExW
GetModuleHandleExA

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
WaitForSingleObjectEx
SetEvent
CreateMutexExW
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
InitializeSRWLock
AcquireSRWLockExclusive
OpenSemaphoreW
CreateEventExW
AcquireSRWLockShared
WaitForSingleObject
InitializeCriticalSectionEx
DeleteCriticalSection
ReleaseMutex
ReleaseSRWLockExclusive
CreateSemaphoreExW
TryAcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetProcessTimes
GetProcessId
OpenThreadToken
GetCurrentThread
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoEx
LCMapStringEx
GetCPInfo
GetThreadPreferredUILanguages

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsDuplicateString
WindowsCreateString
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolWork
CloseThreadpoolTimer
SubmitThreadpoolWork
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork

api-ms-win-core-featurestaging-l1-1-0

SubscribeFeatureStateChangeNotification
RecordFeatureUsage
GetFeatureEnabledState
UnsubscribeFeatureStateChangeNotification

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
GetRestrictedErrorInfo
RoOriginateError
RoOriginateErrorW
SetRestrictedErrorInfo

api-ms-win-core-com-l1-1-0

CoMarshalInterface
CoTaskMemAlloc
CoResumeClassObjects
CoRegisterClassObject
CreateStreamOnHGlobal
CoCreateInstance
CoReleaseMarshalData
CoGetCallContext
CoGetObjectContext
CoCreateFreeThreadedMarshaler
CoDecrementMTAUsage
CoRevokeClassObject
CoImpersonateClient
CoGetInterfaceAndReleaseStream
CoTaskMemFree
CoAddRefServerProcess
CoReleaseServerProcess
CoWaitForMultipleHandles
CoInitializeSecurity
CoIncrementMTAUsage
CoRevertToSelf

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
InitOnceComplete
WakeConditionVariable
InitOnceExecuteOnce
InitializeConditionVariable
SleepConditionVariableSRW
InitOnceBeginInitialize

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoGetActivationFactory
RoRegisterActivationFactories
RoInitialize
RoUninitialize

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-fibers-l1-1-0

FlsFree
FlsAlloc
FlsGetValue
FlsSetValue

smartscreen

UriReputationFactory
GetEnforcementPolicy
SetEnforcementLevel
GetEnforcementLevel
RegisterEventLogger
FreeExperience
ResetLogger
SetAppReputationEnforcementLevel
GetAppControlEnforcementLevel
SetAppControlEnforcementLevel
CheckReputation
CheckFileReputation
ClearCache
GetAppReputationEnforcementLevel
ReportLaunch
CheckAppxPackageReputation
EventLogger

api-ms-win-crt-locale-l1-1-0

_unlock_locales
_configthreadlocale
setlocale
localeconv
___lc_codepage_func
__pctype_func
___mb_cur_max_func
_lock_locales
___lc_locale_name_func
___lc_collate_cp_func

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
malloc
free
_realloc_base
_free_base
_malloc_base
_calloc_base
realloc
calloc

api-ms-win-crt-convert-l1-1-0

strtod
strtof

api-ms-win-crt-math-l1-1-0

ldexp
pow
powf
frexp
_dclass
ceilf

api-ms-win-crt-time-l1-1-0

_Strftime
_Wcsftime
_Getdays
_Getmonths
_W_Getdays
_Gettnames
_W_Gettnames
_W_Getmonths

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-file-l1-1-0

GetDriveTypeW
CreateFileW
GetLongPathNameW

api-ms-win-core-path-l1-1-0

PathAllocCanonicalize
PathAllocCombine
PathCchStripToRoot
PathCchIsRoot

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled

api-ms-win-rtcore-ntuser-window-l1-1-0

AllowSetForegroundWindow

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
RevertToSelf
GetTokenInformation

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
GetStringTypeW
CompareStringEx
MultiByteToWideChar

crypt32

CryptProtectData
CryptUnprotectData
CryptBinaryToStringW
CryptStringToBinaryW

oleaut32

SysFreeString

ws2_32

ntohs
htons

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

cJSON_AddArrayToObject
cJSON_AddBoolToObject
cJSON_AddFalseToObject
cJSON_AddItemReferenceToArray
cJSON_AddItemReferenceToObject
cJSON_AddItemToArray
cJSON_AddItemToObject
cJSON_AddItemToObjectCS
cJSON_AddNullToObject
cJSON_AddNumberToObject
cJSON_AddObjectToObject
cJSON_AddRawToObject
cJSON_AddStringToObject
cJSON_AddTrueToObject
cJSON_Compare
cJSON_CreateArray
cJSON_CreateArrayReference
cJSON_CreateBool
cJSON_CreateDoubleArray
cJSON_CreateFalse
cJSON_CreateFloatArray
cJSON_CreateIntArray
cJSON_CreateNull
cJSON_CreateNumber
cJSON_CreateObject
cJSON_CreateObjectReference
cJSON_CreateRaw
cJSON_CreateString
cJSON_CreateStringArray
cJSON_CreateStringReference
cJSON_CreateTrue
cJSON_Delete
cJSON_DeleteItemFromArray
cJSON_DeleteItemFromObject
cJSON_DeleteItemFromObjectCaseSensitive
cJSON_DetachItemFromArray
cJSON_DetachItemFromObject
cJSON_DetachItemFromObjectCaseSensitive
cJSON_DetachItemViaPointer
cJSON_Duplicate
cJSON_GetArrayItem
cJSON_GetArraySize
cJSON_GetErrorPtr
cJSON_GetNumberValue
cJSON_GetObjectItem
cJSON_GetObjectItemCaseSensitive
cJSON_GetStringValue
cJSON_HasObjectItem
cJSON_InitHooks
cJSON_InsertItemInArray
cJSON_IsArray
cJSON_IsBool
cJSON_IsFalse
cJSON_IsInvalid
cJSON_IsNull
cJSON_IsNumber
cJSON_IsObject
cJSON_IsRaw
cJSON_IsString
cJSON_IsTrue
cJSON_Minify
cJSON_Parse
cJSON_ParseWithLength
cJSON_ParseWithLengthOpts
cJSON_ParseWithOpts
cJSON_Print
cJSON_PrintBuffered
cJSON_PrintPreallocated
cJSON_PrintUnformatted
cJSON_ReplaceItemInArray
cJSON_ReplaceItemInObject
cJSON_ReplaceItemInObjectCaseSensitive
cJSON_ReplaceItemViaPointer
cJSON_SetNumberHelper
cJSON_SetValuestring
cJSON_Version
cJSON_free
cJSON_malloc

Sections

.text
Size: 452KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
smss.exe
.sys windows:10 windows x64 arch:x64

4f94dc57f2be941dae6a11a2254f4613

Code Sign

33:00:00:03:71:ba:5e:a6:84:0f:58:fb:79:00:00:00:00:03:71
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/01/2022, 19:31

Not After

26/01/2023, 19:31

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ae:ea:30:57:bc:a1:3c:42:03:71:46:6a:9f:13:ad:e9:24:3a:3c:ea:db:08:65:56:ef:19:b0:e7:ff:97:50:16
Signer

Actual PE Digest

ae:ea:30:57:bc:a1:3c:42:03:71:46:6a:9f:13:ad:e9:24:3a:3c:ea:db:08:65:56:ef:19:b0:e7:ff:97:50:16

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

smss.pdb

Imports

ntdll

RtlComputeCrc32
RtlInitUnicodeString
NtOpenFile
NtDeviceIoControlFile
NtClose
NtQuerySystemInformation
RtlUpcaseUnicodeChar
RtlGetNtSystemRoot
NtOpenKey
RtlGetVersion
TpAllocTimer
TpSetTimer
RtlAllocateHeap
RtlFreeHeap
NtSetValueKey
RtlFreeUnicodeString
NtQueryValueKey
RtlPrefixUnicodeString
NtQueryVolumeInformationFile
NtQueryInformationProcess
RtlInitUnicodeStringEx
_vsnwprintf_s
NtCreatePagingFile
NtQueryLicenseValue
NtSetSystemInformation
RtlAppendUnicodeToString
RtlSecondsSince1970ToTime
qsort
NtSetInformationFile
NtQueryInformationFile
NtFsControlFile
RtlCompareUnicodeString
RtlAppendUnicodeStringToString
RtlCompareMemory
NtDeleteValueKey
NtFlushKey
NtUpdateWnfStateData
NtInitializeRegistry
RtlUnicodeStringToInteger
NtManagePartition
RtlSubscribeWnfStateChangeNotification
RtlAllocateAndInitializeSid
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlAddAccessAllowedAce
RtlSetDaclSecurityDescriptor
RtlSetOwnerSecurityDescriptor
NtSetSecurityObject
RtlExpandEnvironmentStrings_U
RtlDosPathNameToNtPathName_U
NtCreateFile
NtReadFile
NtCreateKey
NtAllocateVirtualMemory
NtWriteFile
EtwEventWriteTransfer
NtFreeVirtualMemory
RtlCreateUnicodeString
EtwEventWrite
EtwEventEnabled
_vsnwprintf
RtlCopyUnicodeString
RtlAddMandatoryAce
RtlSetSaclSecurityDescriptor
RtlAdjustPrivilege
RtlFreeSid
RtlLengthSid
NtCreateMutant
RtlCreateTagHeap
NtSetInformationProcess
NtAlpcCreatePort
RtlInitializeBitMap
RtlClearAllBits
RtlSetBits
NtOpenEvent
RtlCreateEnvironment
NtQuerySystemInformationEx
RtlSetCurrentEnvironment
RtlQueryRegistryValuesEx
NtCreateDirectoryObject
RtlEqualUnicodeString
NtSerializeBoot
NtSetEvent
RtlQueryPerformanceFrequency
RtlQueryPerformanceCounter
NtResumeThread
NtWaitForSingleObject
NtTerminateProcess
RtlIsStateSeparationEnabled
TpAllocWork
TpPostWork
TpWaitForWork
TpReleaseWork
_wcsupr_s
NtOpenDirectoryObject
NtCreateSymbolicLinkObject
NtMakeTemporaryObject
_stricmp
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
RtlWow64IsWowGuestMachineSupported
NtCreateEvent
RtlRandomEx
qsort_s
NtQueryObject
NtSystemDebugControl
LdrVerifyImageMatchesChecksumEx
RtlAppxIsFileOwnedByTrustedInstaller
NtQueryAttributesFile
NtQueryDirectoryFile
RtlDeleteRegistryValue
RtlWriteRegistryValue
_wcsicmp
RtlSetEnvironmentVariable
NtCreateSection
NtMapViewOfSection
NtUnmapViewOfSection
NtDuplicateObject
iswctype
RtlQueryEnvironmentVariable_U
RtlDosSearchPath_U
RtlTestBit
RtlInterlockedSetBitRun
RtlFindSetBits
RtlCreateProcessParametersEx
RtlCreateUserProcessEx
RtlDestroyProcessParameters
NtDisplayString
RtlAddProcessTrustLabelAce
RtlGetAce
NtQueryDirectoryObject
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlGetSystemTimeAndBias
RtlTimeToTimeFields
NtDeleteFile
__C_specific_handler
RtlAcquireSRWLockExclusive
NtAlpcDisconnectPort
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
NtAlpcImpersonateClientOfPort
NtOpenThreadToken
NtQueryInformationToken
NtSetInformationThread
TpSetPoolMinThreads
RtlSetThreadIsCritical
AlpcInitializeMessageAttribute
NtAlpcSendWaitReceivePort
AlpcGetMessageAttribute
NtAlpcCancelMessage
NtAlpcOpenSenderProcess
RtlInitializeSRWLock
NtAlpcAcceptConnectPort
NtConnectPort
NtRequestWaitReplyPort
RtlDeleteNoSplay
RtlSleepConditionVariableSRW
RtlWakeAllConditionVariable
NtQueryInformationJobObject
NtAssignProcessToJobObject
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
RtlGetCurrentServiceSessionId
NtDelayExecution
RtlSetHeapInformation
EtwEventSetInformation
EtwEventRegister
TpAllocPool
TpAllocAlpcCompletion
NtWaitForMultipleObjects
NtRaiseHardError
RtlInitializeConditionVariable
NtClearEvent
RtlUnicodeStringToAnsiString
NtQueryEvent
wcstoul
LdrQueryImageFileExecutionOptions
RtlAcquirePrivilege
RtlReleasePrivilege
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
RtlCompareUnicodeStrings
memcpy
RtlNormalizeProcessParams
iswspace
RtlConnectToSm
RtlSendMsgToSm
NtQueryKey
NtDeleteKey
__chkstk
memset

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
snmptrap.exe
.exe windows:10 windows x64 arch:x64

c2c94366eb9868aa74167bbe2b51aa0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

snmptrap.pdb

Imports

advapi32

AddAccessAllowedAce
GetLengthSid
StartServiceCtrlDispatcherW
InitializeAcl
InitializeSecurityDescriptor
FreeSid
RegisterServiceCtrlHandlerW
SetServiceStatus
AllocateAndInitializeSid
SetSecurityDescriptorDacl

kernel32

EnterCriticalSection
GetCommandLineW
WriteFile
CreateNamedPipeW
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
DisconnectNamedPipe
CreateEventW
GetLastError
SetEvent
GlobalAlloc
GlobalFree
CloseHandle
HeapSetInformation
ResetEvent
GetOverlappedResult
DeleteCriticalSection
GetTickCount
RegisterApplicationRestart
ConnectNamedPipe
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep

msvcrt

_commode
?terminate@@YAXXZ
_fmode
_initterm
__setusermatherr
_cexit
_exit
__getmainargs
_amsg_exit
_XcptFilter
_beginthreadex
exit
__C_specific_handler
__set_app_type

ws2_32

__WSAFDIsSet
bind
closesocket
select
WSACleanup
FreeAddrInfoW
WSAGetLastError
ioctlsocket
htons
recvfrom
GetAddrInfoW
socket
WSAStartup

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sort.exe
.exe windows:10 windows x64 arch:x64

2f5da4d37c31babdfd92e82b3bd6af2b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

sort.pdb

Imports

msvcrt

__iob_func
memcpy
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_wcsncoll
_wcsnicoll
wcscoll
strchr
atoi
strcpy_s
_strnicmp
fprintf
qsort
_stricoll
strcoll
_strnicoll
_strncoll
setlocale
_wcsicoll
exit
memset

ntdll

RtlCaptureContext
RtlUnicodeToOemN
RtlMultiByteToUnicodeN
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
CreateEventA
GetTempFileNameA
FormatMessageA
GetCurrentProcess
GetFileType
WideCharToMultiByte
GlobalMemoryStatusEx
GetProcessHeap
GetFileSize
GetOverlappedResult
HeapAlloc
ResetEvent
HeapSetInformation
GetSystemInfo
CloseHandle
CreateFileA
GetLastError
GetDiskFreeSpaceA
GetConsoleMode
MultiByteToWideChar
GetModuleHandleA
WaitForSingleObject
SetThreadUILanguage
GetProcAddress
GetModuleHandleExA
GetTempPath2A
WriteFile
VirtualAlloc
ReadFile
HeapFree
GetStdHandle
GetCPInfo
GetTickCount

advapi32

IsTextUnicode

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
spaceman.exe
.exe windows:10 windows x64 arch:x64

360e1d61ef9e9a6484288f9ccd1c34fc

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:a7:c0:bb:1f:c9:a7:b2:9b:31:ea:fa:5a:33:26:f2:4e:6f:d9:9d:f0:21:b7:10:78:71:35:d4:26:db:89:8e
Signer

Actual PE Digest

90:a7:c0:bb:1f:c9:a7:b2:9b:31:ea:fa:5a:33:26:f2:4e:6f:d9:9d:f0:21:b7:10:78:71:35:d4:26:db:89:8e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

spaceman.pdb

Imports

msvcrt

_purecall
memcpy_s
_commode
_fmode
free
memmove_s
__C_specific_handler
__dllonexit
_initterm
_onexit
__setusermatherr
_vsnwprintf
?terminate@@YAXXZ
_unlock
_cexit
_exit
memcmp
exit
__set_app_type
__wgetmainargs
_amsg_exit
_lock
_XcptFilter
_wcsicmp
memcpy
memset

bcrypt

BCryptGenRandom

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CreateThreadpoolWork
WaitForThreadpoolTimerCallbacks
SetThreadpoolThreadMinimum
WaitForThreadpoolWorkCallbacks
SetThreadpoolTimer
SubmitThreadpoolWork
CreateThreadpool
SetThreadpoolThreadMaximum
CloseThreadpool
CloseThreadpoolWork
CloseThreadpoolTimer

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
AcquireSRWLockShared
CreateMutexExW
WaitForSingleObject
InitializeCriticalSection
CreateSemaphoreExW
ReleaseSRWLockShared
CreateEventW
DeleteCriticalSection
OpenSemaphoreW
ReleaseSRWLockExclusive
LeaveCriticalSection
InitializeCriticalSectionEx
ReleaseMutex
AcquireSRWLockExclusive
WaitForSingleObjectEx
EnterCriticalSection

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister

rpcrt4

UuidToStringW
RpcStringFreeW

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameW
FreeLibrary

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentProcessId
SetThreadToken
GetCurrentProcess
TerminateProcess
GetCurrentThread
GetCurrentThreadId

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl

api-ms-win-core-file-l1-1-0

CreateFileW
GetDiskFreeSpaceW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

RevertToSelf

ntdll

RtlEnumerateGenericTableWithoutSplayingAvl
RtlDeleteElementGenericTableAvlEx
RtlInitializeGenericTableAvl
RtlInitializeBitMap
RtlFindNextForwardRunClear
RtlInsertElementGenericTableAvl

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
spaceutil.exe
.exe windows:10 windows x64 arch:x64

2512d275c8a56c2e060bf78846b73df2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

spaceutil.pdb

Imports

msvcrt

_onexit
memmove_s
__dllonexit
_unlock
_purecall
memcpy_s
_lock
_commode
_fmode
__C_specific_handler
_initterm
isspace
?terminate@@YAXXZ
_cexit
memmove
_exit
memcpy
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
free
wcsrchr
_wcstoui64
_wcsnicmp
vwprintf
__setusermatherr
memcmp
_wcsicmp
isprint
_vsnwprintf
wprintf
memset

bcrypt

BCryptGenRandom

rpcrt4

UuidFromStringW
UuidCreate
UuidToStringW
RpcStringFreeW

ntdll

RtlInitUnicodeString
ZwQueryLicenseValue
RtlEnumerateGenericTableWithoutSplayingAvl
RtlDeleteElementGenericTableAvlEx
RtlInsertElementGenericTableAvl
RtlInitAnsiString
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlNtStatusToDosError
RtlInitializeGenericTableAvl

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegOpenKeyExW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertSecurityDescriptorToStringSecurityDescriptorW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
FreeLibrary
GetModuleHandleW
GetModuleFileNameW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenThreadToken
TerminateProcess
GetCurrentThread
SetThreadToken
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-threadpool-l1-2-0

CreateThreadpool
CloseThreadpool
CloseThreadpoolWork
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
CreateThreadpoolTimer
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockShared
ReleaseSemaphore
InitializeCriticalSectionEx
WaitForSingleObject
AcquireSRWLockExclusive
OpenSemaphoreW
DeleteCriticalSection
ReleaseSRWLockExclusive
ReleaseMutex
CreateEventW
InitializeCriticalSection
LeaveCriticalSection
CreateSemaphoreExW
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

RevertToSelf

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
spoolsv.exe
.exe windows:10 windows x64 arch:x64

2b67a6339c3e75b0bca437fa4271db0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

spoolsv.pdb

Imports

user32

TranslateMessage
SendNotifyMessageW
RegisterDeviceNotificationW
UnregisterDeviceNotification
MsgWaitForMultipleObjects
DispatchMessageW
UnregisterPowerSettingNotification
PeekMessageW
RegisterPowerSettingNotification

msvcrt

exit
__set_app_type
_cexit
__setusermatherr
_initterm
_fmode
__getmainargs
_amsg_exit
_commode
_lock
_XcptFilter
_unlock
_exit
free
_callnewh
malloc
_stricmp
__C_specific_handler
memmove_s
_purecall
memcpy_s
_vsnwprintf
_onexit
wcschr
memcmp
_wcsnicmp
wcsstr
memcpy
memmove
towupper
swprintf_s
_strnicmp
towlower
__CxxFrameHandler3
?terminate@@YAXXZ
_wcsicmp
__dllonexit
memset

ntdll

NtQueryValueKey
NtOpenKeyEx
NtDeleteKey
NtQueryLicenseValue
NtSetInformationThread
NtQueryWnfStateData
RtlIsThreadWithinLoaderCallout
NtOpenThreadToken
NtClose
NtOpenProcessToken
RtlFreeHeap
RtlInitUnicodeString
NtSetInformationToken
RtlAllocateHeap
RtlIpv4StringToAddressExW
RtlIpv6StringToAddressExW
EtwEventWrite
EtwEventEnabled
RtlIpv4AddressToStringW
TpAllocPool
TpReleaseAlpcCompletion
TpWaitForAlpcCompletion
TpReleaseIoCompletion
TpWaitForIoCompletion
TpReleaseTimer
TpWaitForTimer
TpReleaseWait
TpWaitForWait
TpReleaseWork
TpWaitForWork
TpAllocAlpcCompletion
TpStartAsyncIoOperation
TpAllocIoCompletion
TpSetTimer
TpAllocTimer
TpAllocWait
TpPostWork
TpAllocWork
RtlNtStatusToDosError
TpSimpleTryPost
TpSetWait
TpCallbackMayRunLong
TpReleasePool
RtlReportException
RtlVirtualUnwind
WinSqmIsOptedIn
WinSqmSetDWORD
WinSqmAddToStreamEx
WinSqmIncrementDWORD
RtlLookupFunctionEntry
RtlCaptureContext
RtlValidRelativeSecurityDescriptor
EtwEventWriteTransfer
NtQuerySystemInformation
EtwEventRegister
EtwEventUnregister
EtwUnregisterTraceGuids
EtwEventSetInformation
EtwGetTraceEnableFlags
EtwTraceMessage
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlIpv6AddressToStringW

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
AcquireSRWLockExclusive
OpenSemaphoreW
ReleaseSRWLockExclusive
ReleaseMutex
ResetEvent
InitializeCriticalSectionEx
ReleaseSemaphore
CreateSemaphoreExW
ReleaseSRWLockShared
OpenEventW
WaitForSingleObject
AcquireSRWLockShared
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateMutexW
CreateEventW
SetEvent
LeaveCriticalSection
CreateMutexExW
EnterCriticalSection
InitializeCriticalSection

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentThreadId
CreateThread
GetCurrentProcessId
TlsSetValue
TlsGetValue
TlsFree
SetPriorityClass
ExitProcess
ExitThread
OpenThreadToken
GetCurrentThread
TerminateProcess
CreateProcessAsUserW
SetThreadToken
TlsAlloc
GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1

OpenProcess
SetProcessMitigationPolicy

api-ms-win-core-errorhandling-l1-1-0

GetErrorMode
SetErrorMode
SetUnhandledExceptionFilter
SetLastError
RaiseException
GetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegGetValueW
RegDeleteKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegDisablePredefinedCacheEx
RegQueryValueExW
RegSetKeySecurity
RegOpenKeyExW
RegGetKeySecurity
RegEnumValueW
RegSetValueExW
RegOpenCurrentUser
RegCloseKey
RegEnumKeyExW
RegDeleteValueW

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime
GetTickCount
GetSystemWindowsDirectoryW
GetSystemTime

api-ms-win-core-synch-l1-2-0

Sleep
SleepConditionVariableSRW
WakeAllConditionVariable
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSetInformation
HeapCreate
HeapDestroy
HeapFree
GetProcessHeap

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

rpcrt4

RpcServerUnsubscribeForNotification
RpcServerSubscribeForNotification
I_RpcExceptionFilter
RpcServerTestCancel
RpcAsyncAbortCall
RpcSsContextLockExclusive
RpcServerInterfaceGroupCreateW
RpcServerRegisterAuthInfoW
RpcServerInqDefaultPrincNameW
RpcMgmtSetServerStackSize
I_RpcBindingIsClientLocal
RpcRevertToSelf
RpcImpersonateClient
RpcSmDestroyClientContext
NdrClientCall3
NdrServerCall2
RpcServerInqCallAttributesW
RpcServerInqBindingHandle
RpcServerInterfaceGroupActivate
RpcBindingFromStringBindingW
I_RpcSessionStrictContextHandle
I_RpcBindingInqTransportType
RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
RpcServerInterfaceGroupDeactivate
RpcBindingToStringBindingW
RpcRaiseException
RpcStringBindingParseW
RpcObjectSetType
RpcBindingVectorFree
Ndr64AsyncClientCall
RpcBindingServerFromClient
RpcBindingInqAuthClientW
RpcEpRegisterW
RpcServerInqBindings
RpcServerRegisterIf
RpcServerRegisterIf2
RpcAsyncCompleteCall
RpcRevertToSelfEx
Ndr64AsyncServerCallAll
RpcBindingFree
RpcStringFreeW
NdrAsyncServerCall
NdrServerCallAll

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SubmitThreadpoolWork
WaitForThreadpoolTimerCallbacks
WaitForThreadpoolWorkCallbacks
CreateThreadpoolTimer
CloseThreadpoolWork
CreateThreadpoolWork
SetThreadpoolTimer

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorDacl
IsWellKnownSid
GetAce
AddAccessDeniedAceEx
CreateWellKnownSid
ImpersonateLoggedOnUser
AddAce
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAceEx
CheckTokenMembership
GetTokenInformation
RevertToSelf
SetTokenInformation
DuplicateTokenEx
DuplicateToken
GetLengthSid
CopySid
FreeSid
AllocateAndInitializeSid
GetAclInformation
EqualSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetSecurityDescriptorDacl

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

gdi32

GdiDisableUMPDSandboxing

kernelbase

LocalAlloc
GetIsEdpEnabled
lstrcmpiW

kernel32

FreeLibrary
LoadLibraryExW
GetTickCount64
AddVectoredExceptionHandler
GetComputerNameW

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

dsrole

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte

api-ms-win-core-file-l1-1-0

GetTempFileNameW
ReadFile
DeleteFileW
CreateFileW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

dnsapi

DnsQuery_W
DnsFree

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

bcrypt

BCryptOpenAlgorithmProvider
BCryptCreateHash
BCryptGetProperty
BCryptDestroyHash
BCryptHashData
BCryptFinishHash
BCryptCloseAlgorithmProvider

Exports

Exports

GetSpoolerTlsIndexes
PrvAbortPrinter
PrvAddFormW
PrvAddJobW
PrvAddMonitorW
PrvAddPerMachineConnectionW
PrvAddPortExW
PrvAddPortW
PrvAddPrintProcessorW
PrvAddPrintProvidorW
PrvAddPrinterConnectionW
PrvAddPrinterDriverExW
PrvAddPrinterDriverW
PrvAddPrinterExW
PrvAddPrinterW
PrvAdjustPointers
PrvAdjustPointersInStructuresArray
PrvAlignKMPtr
PrvAlignRpcPtr
PrvAllocSplStr
PrvAllowRemoteCalls
PrvAppendPrinterNotifyInfoData
PrvBuildOtherNamesFromMachineName
PrvCacheAddName
PrvCacheCreateAndAddNode
PrvCacheCreateAndAddNodeWithIPAddresses
PrvCacheDeleteNode
PrvCacheIsNameCluster
PrvCacheIsNameInNodeList
PrvCallDrvDevModeConversion
PrvCallRouterFindFirstPrinterChangeNotification
PrvCheckLocalCall
PrvClosePrinter
PrvConfigurePortW
PrvCreatePrinterIC
PrvDeleteFormW
PrvDeleteJobNamedProperty
PrvDeleteMonitorW
PrvDeletePerMachineConnectionW
PrvDeletePortW
PrvDeletePrintProcessorW
PrvDeletePrintProvidorW
PrvDeletePrinter
PrvDeletePrinterConnectionW
PrvDeletePrinterDataExW
PrvDeletePrinterDataW
PrvDeletePrinterDriverExW
PrvDeletePrinterDriverW
PrvDeletePrinterIC
PrvDeletePrinterKeyW
PrvDllAllocSplMem
PrvDllAllocSplStr
PrvDllFreeSplMem
PrvDllFreeSplStr
PrvDllReallocSplMem
PrvDllReallocSplStr
PrvEndDocPrinter
PrvEndPagePrinter
PrvEnumFormsW
PrvEnumJobsW
PrvEnumMonitorsW
PrvEnumPerMachineConnectionsW
PrvEnumPortsW
PrvEnumPrintProcessorDatatypesW
PrvEnumPrintProcessorsW
PrvEnumPrinterDataExW
PrvEnumPrinterDataW
PrvEnumPrinterDriversW
PrvEnumPrinterKeyW
PrvEnumPrintersW
PrvFindClosePrinterChangeNotification
PrvFlushPrinter
PrvFormatPrinterForRegistryKey
PrvFormatRegistryKeyForPrinter
PrvFreeOtherNames
PrvFreePrintPropertyValue
PrvGetFormW
PrvGetJobAttributes
PrvGetJobAttributesEx
PrvGetJobNamedPropertyValue
PrvGetJobW
PrvGetNetworkId
PrvGetPrintProcessorDirectoryW
PrvGetPrinterDataExW
PrvGetPrinterDataW
PrvGetPrinterDriverDirectoryW
PrvGetPrinterDriverExW
PrvGetPrinterDriverW
PrvGetPrinterW
PrvGetServerPolicy
PrvGetShrinkedSize
PrvGetSpoolerTlsIndexes
PrvImpersonatePrinterClient
PrvInitializeRouter
PrvIsNameTheLocalMachineOrAClusterSpooler
PrvIsNamedPipeRpcCall
PrvMIDL_user_allocate
PrvMIDL_user_allocate1
PrvMIDL_user_free
PrvMIDL_user_free1
PrvMarshallDownStructure
PrvMarshallDownStructuresArray
PrvMarshallUpStructure
PrvMarshallUpStructuresArray
PrvOldGetPrinterDriverW
PrvOpenPrinter2W
PrvOpenPrinterExW
PrvOpenPrinterPort2W
PrvOpenPrinterPortWithClientInfo
PrvOpenPrinterW
PrvPackStrings
PrvPartialReplyPrinterChangeNotification
PrvPlayGdiScriptOnPrinterIC
PrvPrinterHandleRundown
PrvPrinterMessageBoxW
PrvProvidorFindClosePrinterChangeNotification
PrvProvidorFindFirstPrinterChangeNotification
PrvReadPrinter
PrvReallocSplMem
PrvReallocSplStr
PrvRemoteFindFirstPrinterChangeNotification
PrvReplyClosePrinter
PrvReplyOpenPrinter
PrvReplyPrinterChangeNotification
PrvReplyPrinterChangeNotificationEx
PrvReportJobProcessingProgress
PrvResetPrinterW
PrvRevertToPrinterSelf
PrvRouterAddPrinterConnection2
PrvRouterAllocBidiMem
PrvRouterAllocBidiResponseContainer
PrvRouterAllocPrinterNotifyInfo
PrvRouterBroadcastMessage
PrvRouterCorePrinterDriverInstalled
PrvRouterCreatePrintAsyncNotificationChannel
PrvRouterDeletePrinterDriverPackage
PrvRouterFindCompatibleDriver
PrvRouterFindFirstPrinterChangeNotification
PrvRouterFindNextPrinterChangeNotification
PrvRouterFreeBidiMem
PrvRouterFreeBidiResponseContainer
PrvRouterFreePrinterNotifyInfo
PrvRouterGetCorePrinterDrivers
PrvRouterGetPrintClassObject
PrvRouterGetPrinterDriverPackagePath
PrvRouterInstallPrinterDriverFromPackage
PrvRouterInstallPrinterDriverPackageFromConnection
PrvRouterInternalGetPrinterDriver
PrvRouterRefreshPrinterChangeNotification
PrvRouterRegisterForPrintAsyncNotifications
PrvRouterReplyPrinter
PrvRouterSpoolerSetPolicy
PrvRouterUnregisterForPrintAsyncNotifications
PrvRouterUploadPrinterDriverPackage
PrvScheduleJob
PrvSeekPrinter
PrvSendRecvBidiData
PrvSetFormW
PrvSetJobNamedProperty
PrvSetJobW
PrvSetPortW
PrvSetPrinterDataExW
PrvSetPrinterDataW
PrvSetPrinterW
PrvSplCloseSpoolFileHandle
PrvSplCommitSpoolData
PrvSplDriverUnloadComplete
PrvSplGetClientUserHandle
PrvSplGetSpoolFileInfo
PrvSplGetUserSidStringFromToken
PrvSplInitializeWinSpoolDrv
PrvSplIsSessionZero
PrvSplIsUpgrade
PrvSplProcessPnPEvent
PrvSplProcessSessionEvent
PrvSplPromptUIInUsersSession
PrvSplQueryUserInfo
PrvSplReadPrinter
PrvSplRegisterForDeviceEvents
PrvSplRegisterForSessionEvents
PrvSplShutDownRouter
PrvSplUnregisterForDeviceEvents
PrvSplUnregisterForSessionEvents
PrvSpoolerFindClosePrinterChangeNotification
PrvSpoolerFindFirstPrinterChangeNotification
PrvSpoolerFindNextPrinterChangeNotification
PrvSpoolerFreePrinterNotifyInfo
PrvSpoolerHasInitialized
PrvSpoolerInit
PrvSpoolerRefreshPrinterChangeNotification
PrvStartDocPrinterW
PrvStartPagePrinter
PrvUndoAlignKMPtr
PrvUndoAlignRpcPtr
PrvUpdateBufferSize
PrvUpdatePrinterRegAll
PrvUpdatePrinterRegAllEx
PrvUpdatePrinterRegUser
PrvWaitForPrinterChange
PrvWaitForSpoolerInitialization
PrvWritePrinter
PrvXcvDataW
PrvbGetDevModePerUser
PrvbSetDevModePerUser
RouterLogJobInfoForBranchOffice
ServerGetPrintClassObject
SplUalCollectData
YAbortPrinter
YAddJob
YDriverUnloadComplete
YEndDocPrinter
YEndPagePrinter
YFlushPrinter
YGetPrinter
YGetPrinterDriver2
YGetPrinterDriverDirectory
YReadPrinter
YSeekPrinter
YSetJob
YSetPort
YSetPrinter
YSplReadPrinter
YStartDocPrinter
YStartPagePrinter
YWritePrinter

Sections

.text
Size: 556KB - Virtual size: 553KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 236KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sppsvc.exe
.exe windows:10 windows x64 arch:x64

148ab879c4e83a056858a141d9ad436b

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:28:e5:a4:c5:5b:79:33:7a:4e:60:86:66:93:7d:20:1f:d5:b4:32:89:9e:f0:ca:c6:fc:98:44:12:0c:38:ed
Signer

Actual PE Digest

30:28:e5:a4:c5:5b:79:33:7a:4e:60:86:66:93:7d:20:1f:d5:b4:32:89:9e:f0:ca:c6:fc:98:44:12:0c:38:ed

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

sppsvc.pdb

Imports

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
RegCloseKey
RegDeleteValueW
FreeSid
ConvertStringSidToSidW
CheckTokenMembership
AllocateAndInitializeSid
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
SetServiceStatus
EventWriteTransfer
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
RegisterEventSourceW
ReportEventW
CryptGenRandom
DeregisterEventSource
CryptReleaseContext
CryptAcquireContextW
RegFlushKey
RegOpenKeyW
OpenServiceW
OpenSCManagerW
LsaFreeMemory
StartServiceW
CloseServiceHandle
QueryServiceStatusEx
LsaQueryInformationPolicy
LsaOpenPolicy
LsaClose
ConvertSidToStringSidW
LookupAccountNameW
NotifyServiceStatusChangeW
GetTokenInformation
EqualSid
OpenProcessToken
RegEnumKeyExW
EventSetInformation
EventRegister
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptGenKey
CryptEncrypt
CryptDecrypt
CryptSignHashA
CryptVerifySignatureA
CryptExportKey
CryptGetHashParam
EventUnregister

kernel32

UnmapViewOfFile
DeleteTimerQueueEx
CreateTimerQueue
GetEnvironmentVariableW
SetEnvironmentVariableW
TerminateProcess
HeapSetInformation
RegisterWaitForSingleObject
DeleteTimerQueue
UnregisterWaitEx
FreeLibrary
LoadLibraryExW
MultiByteToWideChar
ReadFile
SystemTimeToFileTime
CompareFileTime
DeleteFileW
QueueUserWorkItem
GetFileAttributesW
GetCurrentProcessId
OpenProcess
SetFileAttributesW
WriteFile
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
GetFileSizeEx
ChangeTimerQueueTimer
GetSystemDirectoryW
GetVersionExA
CreateDirectoryW
GetSystemTimeAsFileTime
WideCharToMultiByte
K32GetProcessImageFileNameW
SetLastError
VirtualFree
VirtualAlloc
RtlAddFunctionTable
InitializeCriticalSection
RaiseFailFastException
GetModuleHandleW
RtlDeleteFunctionTable
CreateFileW
EncodePointer
InitializeCriticalSectionAndSpinCount
CreateSemaphoreW
CreateEventW
DeleteCriticalSection
DecodePointer
DeleteTimerQueueTimer
GetSystemInfo
GetVersionExW
LCMapStringW
QueryPerformanceFrequency
QueryPerformanceCounter
GetLocalTime
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
TryAcquireSRWLockExclusive
InitializeSRWLock
SetFilePointer
FlushFileBuffers
GetModuleHandleA
CopyFileW
MoveFileExW
HeapFree
GetModuleHandleExW
HeapAlloc
GetProcAddress
GetProcessHeap
FileTimeToSystemTime
LocalAlloc
LocalFree
CloseHandle
GetLastError
CreateMutexW
OpenMutexW
WaitForSingleObject
ReleaseMutex
OpenThread
GetCurrentThread
DuplicateHandle
GetCurrentProcess
GetThreadPriority
SetThreadPriority
DeviceIoControl
SleepEx
FormatMessageW
VirtualQuery
SetEvent
ReleaseSemaphore
GetModuleFileNameA
DebugBreak
IsDebuggerPresent
OutputDebugStringW
GetLocaleInfoW
GetSystemFirmwareTable
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetNativeSystemInfo
GetFileSize
RaiseException
GetModuleFileNameW
ExpandEnvironmentStringsW
Sleep
LeaveCriticalSection
GetComputerNameW
EnterCriticalSection
GetSystemTime
CreateTimerQueueTimer
GetCurrentThreadId

msvcrt

_ui64tow_s
_itow
_wtoi
malloc
free
__C_specific_handler
swscanf
memchr
memcmp
memcpy
_vsnwprintf
?terminate@@YAXXZ
_onexit
__dllonexit
memmove
_lock
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
wcscmp
swscanf_s
wcstoul
_errno
_wtof
wcsstr
memset
_unlock
_XcptFilter
memcpy_s
_wcsnicmp
_purecall
towlower
wcschr
sscanf_s
wcsncmp
_wcsicmp

rpcrt4

RpcServerInterfaceGroupClose
RpcServerInqCallAttributesW
RpcServerInterfaceGroupActivate
RpcServerInterfaceGroupCreateW
UuidToStringW
I_RpcMapWin32Status
UuidFromStringW
RpcRaiseException
RpcStringFreeW
I_RpcBindingInqLocalClientPID
UuidCreate
RpcRevertToSelfEx
RpcImpersonateClient
NdrServerCall2
NdrServerCallAll
RpcNetworkIsProtseqValidW

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoInitializeSecurity
CreateStreamOnHGlobal

bcrypt

BCryptDestroyKey
BCryptGenRandom

crypt32

CryptQueryObject
CryptImportPublicKeyInfoEx2
CertFreeCertificateContext

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-sysinfo-l1-1-0

GetTickCount

cryptxml

CryptXmlGetReference
CryptXmlVerifySignature
CryptXmlGetDocContext
CryptXmlOpenToDecode
CryptXmlGetStatus
CryptXmlClose
CryptXmlGetSignature

ntdll

NtQueryInformationThread
NtSetInformationThread
RtlQueryPackageClaims
NtQueryObject
RtlInitUnicodeString
RtlEqualUnicodeString
NtQuerySystemInformation
NtLockProductActivationKeys

ole32

CoCreateInstance

oleaut32

SafeArrayDestroy
VariantInit
SysStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopy
VariantClear
SysAllocString

xmllite

CreateXmlReader

pkeyhelper

IsDefaultPKey

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 620KB - Virtual size: 616KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
srdelayed.exe
.sys windows:10 windows x64 arch:x64

d8eae8bd2f02f588285ba4821936cd9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

srdelayed.pdb

Imports

ntdll

RtlQueryRegistryValuesEx
RtlWriteRegistryValue
_vsnwprintf
RtlDeleteRegistryValue
RtlAllocateHeap
RtlExitUserProcess
RtlEqualUnicodeString
NtWriteFile
RtlAppendUnicodeToString
RtlFreeUnicodeString
NtCreateThreadEx
RtlSetSystemBootStatus
RtlInitUnicodeString
NtSetInformationFile
NtReadFile
RtlReAllocateHeap
NtQueryAttributesFile
NtClose
RtlAdjustPrivilege
NtCreateEvent
NtShutdownSystem
NtQueryInformationFile
NtSetEvent
RtlFreeHeap
NtWaitForMultipleObjects
RtlSetHeapInformation
RtlDuplicateUnicodeString
NtWaitForSingleObject
NtOpenFile
NtTerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
memmove
iswspace
RtlNormalizeProcessParams
memcmp
memcpy
memset

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
stordiag.exe
.exe windows:10 windows x64 arch:x64

8e3cf043265aae50e81d42bf4bc291d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

stordiag_unmanaged.pdb

Imports

msvcp_win

?_Syserror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

strnlen
memset
memmove_s

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
memmove
_o__wcsnicmp
_o_exit
_o_free
_o_malloc
_o_memcpy_s
_o_strcpy_s
_o_terminate
_o_towupper
_o_wcscpy_s
_o_wcstombs_s
wcschr
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___stdio_common_vfprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
_o___acrt_iob_func
_o__exit
__std_terminate
__CxxFrameHandler4
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
memcmp
memcpy

ntdll

NtPowerInformation
RtlCaptureContext
RtlLookupFunctionEntry
NtQuerySystemInformation
RtlGetDeviceFamilyInfoEnum
RtlVirtualUnwind

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-file-l1-1-0

CreateFileW
FindFirstFileExW
ReadFile
WriteFile
SetFilePointerEx
FindNextFileW
GetFileAttributesW
FindClose
QueryDosDeviceW
CreateDirectoryW
GetFileAttributesExW
SetFileInformationByHandle

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleW
FreeLibrary
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-path-l1-1-0

PathCchStripToRoot
PathCchAddBackslash
PathCchCombine

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenProcessToken
GetCurrentThreadId
GetCurrentProcessId
CreateProcessW
TerminateProcess
GetExitCodeProcess

api-ms-win-core-com-l1-1-0

CoTaskMemFree
StringFromGUID2

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
ReleaseSemaphore
CreateMutexExW
EnterCriticalSection
CreateSemaphoreExW
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockShared
ReleaseMutex
WaitForSingleObject
OpenSemaphoreW
LeaveCriticalSection
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-localization-l1-2-0

FormatMessageW
FormatMessageA

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetLocalTime
GetComputerNameExW
GetSystemDirectoryW

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW

api-ms-win-core-file-l1-2-4

GetTempPath2W

rpcrt4

RpcAsyncCancelCall
RpcAsyncCompleteCall
RpcAsyncInitializeHandle

api-ms-win-core-sysinfo-l2-1-0

GetUserNameA

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrA

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-devices-config-l1-1-1

CM_MapCrToWin32Err
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
CreateThreadpool
CloseThreadpool
CreateThreadpoolTimer

storageusage

OpenStorageTypeSearch
CloseFindStorageSearch
FindNextStorageTypeExAsync
FindNextStorageTypeEx
RunStorageGroveler
SelectStorageVolumeEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
subst.exe
.exe windows:10 windows x64 arch:x64

657724bef967c549a066ecf72a628438

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

subst.pdb

Imports

kernel32

QueryDosDeviceW
GetLastError
DefineDosDeviceW
HeapSetInformation
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
GetTickCount

msvcrt

_commode
?terminate@@YAXXZ
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
_fmode
_XcptFilter
__C_specific_handler

ulib

?IsValueSet@ARGUMENT@@QEAAEXZ
?GetPattern@ARGUMENT@@QEAAPEAVWSTRING@@XZ
??1OBJECT@@UEAA@XZ
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QEAAXE@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QEAAEPEAVWSTRING@@@Z
?QueryInvalidArgument@ARGUMENT_LEXEMIZER@@QEAAPEAVWSTRING@@XZ
?Set@STREAM_MESSAGE@@UEAAEKW4MESSAGE_TYPE@@K@Z
?PutSeparators@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?GetLexemeAt@ARGUMENT_LEXEMIZER@@QEAAPEAVWSTRING@@K@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?Initialize@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
??1ARGUMENT_LEXEMIZER@@UEAA@XZ
??0FLAG_ARGUMENT@@QEAA@XZ
?Initialize@STRING_ARGUMENT@@QEAAEPEAD@Z
??1STRING_ARGUMENT@@UEAA@XZ
??0STRING_ARGUMENT@@QEAA@XZ
??1PATH@@UEAA@XZ
?QueryDirectory@SYSTEM@@SAPEAVFSN_DIRECTORY@@PEBVPATH@@E@Z
??0PATH@@QEAA@XZ
?Display@MESSAGE@@QEAAEPEBDZZ
Get_Standard_Output_Stream
?QueryWSTR@WSTRING@@QEBAPEAGKKPEAGKE@Z
?DeleteChAt@WSTRING@@QEAAXKK@Z
?Initialize@WSTRING@@QEAAEPEBV1@KK@Z
?Initialize@WSTRING@@QEAAEPEBGK@Z
?Initialize@WSTRING@@QEAAEPEBDK@Z
??1FSTRING@@UEAA@XZ
?Initialize@FSTRING@@QEAAPEAVWSTRING@@PEAGK@Z
?Strstr@WSTRING@@QEBAKPEBV1@@Z
?Strupr@WSTRING@@QEAAPEAV1@XZ
?Initialize@FLAG_ARGUMENT@@QEAAEPEAD@Z
??0FSTRING@@QEAA@XZ
??0PATH_ARGUMENT@@QEAA@XZ
??1PATH_ARGUMENT@@UEAA@XZ
?Initialize@PATH_ARGUMENT@@QEAAEPEADE@Z
Get_Standard_Error_Stream
??0STREAM_MESSAGE@@QEAA@XZ
??1STREAM_MESSAGE@@UEAA@XZ
?Initialize@PATH@@QEAAEPEBV1@E@Z
??0ARRAY@@QEAA@XZ
??1ARRAY@@UEAA@XZ
?Initialize@ARRAY@@QEAAEKK@Z
?Put@ARRAY@@UEAAEPEAVOBJECT@@@Z
Get_Standard_Input_Stream
??0DSTRING@@QEAA@XZ
??1DSTRING@@UEAA@XZ
?Initialize@STREAM_MESSAGE@@QEAAEPEAVSTREAM@@00@Z
??0ARGUMENT_LEXEMIZER@@QEAA@XZ
?PutSwitches@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlFreeHeap
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
RtlVirtualUnwind

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
svchost.exe
.exe windows:10 windows x64 arch:x64

76b4bae80d2c3b08bb062d97bf9ca791

Code Sign

33:00:00:03:6c:e5:7e:eb:5d:1c:c2:be:17:00:00:00:00:03:6c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/01/2022, 19:31

Not After

26/01/2023, 19:31

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e9:89:9e:4a:9b:2f:ae:e6:9a:1c:7d:74:3f:f7:ee:f7:95:7d:b9:83:3e:a0:79:ae:b0:19:17:45:09:4f:af:4b
Signer

Actual PE Digest

e9:89:9e:4a:9b:2f:ae:e6:9a:1c:7d:74:3f:f7:ee:f7:95:7d:b9:83:3e:a0:79:ae:b0:19:17:45:09:4f:af:4b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

svchost.pdb

Imports

api-ms-win-core-crt-l2-1-0

exit
_initterm_e
_initterm
__wgetmainargs

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
OpenProcessToken
ExitProcess
GetCurrentThreadId
GetCurrentProcess
SetProcessAffinityUpdateMode
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetErrorMode
GetLastError

api-ms-win-core-crt-l1-1-0

qsort_s
memset
memcpy
_wcsicmp

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
GetProcAddress

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
HeapSetInformation
GetProcessHeap

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
EnterCriticalSection
ReleaseSRWLockShared
LeaveCriticalSection
AcquireSRWLockExclusive
AcquireSRWLockShared
InitializeSRWLock

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegGetValueW
RegCloseKey
RegEnumKeyExW
RegDisablePredefinedCacheEx
RegOpenKeyExW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy

api-ms-win-core-processthreads-l1-1-2

SetProtectedPolicy

api-ms-win-core-synch-l1-2-0

InitializeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-debug-l1-1-0

DebugBreak

api-ms-win-core-localization-l1-2-0

LCMapStringW

api-ms-win-security-base-l1-1-0

MakeAbsoluteSD
GetTokenInformation
SetSecurityDescriptorOwner
AddAccessAllowedAce
SetSecurityDescriptorGroup
GetLengthSid
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-crt-utility-l1-1-0

bsearch_s

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
DeactivateActCtx
ReleaseActCtx
CreateActCtxW

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

ntdll

TpSetWait
RtlNtStatusToDosErrorNoTeb
EtwEventRegister
EtwEventEnabled
EtwEventWrite
RtlAllocateHeap
RtlFreeHeap
TpSetTimerEx
TpWaitForTimer
TpReleaseTimer
TpSetTimer
TpAllocTimer
RtlQueryHeapInformation
TpAllocWait
_vsnwprintf
RtlUnhandledExceptionFilter
NtSetInformationProcess
RtlSetProcessIsCritical
RtlImageNtHeader
RtlValidSecurityDescriptor
RtlRunOnceExecuteOnce
NtQuerySystemInformation
RtlNtStatusToDosError
RtlInitializeCriticalSection
RtlInitializeSid
RtlSubAuthoritySid
RtlGetDeviceFamilyInfoEnum
RtlReleaseSRWLockExclusive
RtlSubAuthorityCountSid
RtlAcquireSRWLockExclusive
RtlLengthRequiredSid
RtlDeriveCapabilitySidsFromName
RtlCopySid
TpReleaseWait

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sxstrace.exe
.exe windows:10 windows x64 arch:x64

762598224adf8807b79e326e61e87525

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

sxstrace.pdb

Imports

advapi32

ControlTraceW
EnableTraceEx
CloseTrace
ProcessTrace
StartTraceW
OpenTraceW

kernel32

GetConsoleOutputCP
GetStdHandle
WriteFile
RaiseException
HeapSetInformation
GetModuleHandleW
WideCharToMultiByte
SetThreadPreferredUILanguages
SetConsoleCtrlHandler
lstrlenW
GetUserDefaultLangID
CreateFileW
FormatMessageW
GetLastError
CloseHandle
UnhandledExceptionFilter
Sleep
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
SetUnhandledExceptionFilter

msvcrt

??0exception@@QEAA@AEBV0@@Z
_purecall
?what@exception@@UEBAPEBDXZ
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
??0exception@@QEAA@AEBQEBDH@Z
__C_specific_handler
_fmode
_commode
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
wcsrchr
getchar
wcsstr
_wcsnicmp
printf
_wcsicmp
_vsnwprintf
??0exception@@QEAA@AEBQEBD@Z
_initterm
__CxxFrameHandler4
??1exception@@UEAA@XZ
memset

ntdll

RtlCaptureContext
RtlFreeHeap
RtlAllocateHeap
RtlLookupFunctionEntry
RtlVirtualUnwind

user32

LoadStringW

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
systeminfo.exe
.exe windows:10 windows x64 arch:x64

62d18a0582dd061d47bd5429de1570a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

sysinfo.pdb

Imports

advapi32

RegConnectRegistryW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

kernel32

SetLastError
GetTimeFormatW
SetConsoleCursorPosition
WriteConsoleW
GetNumberFormatW
GetLocaleInfoW
GetStdHandle
LocalAlloc
FormatMessageW
GetCurrentProcess
GetModuleFileNameW
GetComputerNameExW
FileTimeToSystemTime
HeapSize
HeapReAlloc
HeapAlloc
HeapValidate
HeapFree
GetProcessHeap
GetConsoleScreenBufferInfo
ReadFile
SetConsoleMode
MultiByteToWideChar
GetConsoleOutputCP
ExitProcess
CompareStringA
GetThreadLocale
CompareStringW
lstrlenW
lstrlenA
GetUserDefaultLCID
GetConsoleMode
GetFileType
WideCharToMultiByte
FindStringOrdinal
SetThreadUILanguage
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
LocalFree
GetLastError
GetDateFormatW
ReadConsoleW
GetModuleHandleW
TerminateProcess

msvcrt

memcpy
_CxxThrowException
wcstok
fflush
fprintf
_get_osfhandle
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_wcsicmp
_ui64tow_s
_wtoi64
__CxxFrameHandler4
__iob_func
_memicmp
_vsnwprintf
_errno
wcstod
wcstol
wcstoul
_fileno
memset

ntdll

RtlVirtualUnwind
VerSetConditionMask
RtlVerifyVersionInfo
RtlLookupFunctionEntry
RtlCaptureContext

user32

CharUpperW
LoadStringW
wsprintfW

mpr

WNetCancelConnection2W
WNetGetLastErrorW

oleaut32

SafeArrayGetElement
VariantChangeType
SysAllocString
VariantCopy
VariantClear
VariantInit
SysStringLen
SafeArrayGetUBound
SysAllocStringByteLen
SysFreeString
SafeArrayGetLBound

framedynos

?Compare@CHString@@QEBAHPEBG@Z
?Left@CHString@@QEBA?AV1@H@Z
?Empty@CHString@@QEAAXXZ
?Right@CHString@@QEBA?AV1@H@Z
??4CHString@@QEAAAEBV0@AEBV0@@Z
?GetData@CHString@@IEBAPEAUCHStringData@@XZ
?Format@CHString@@QEAAXPEBGZZ
?Mid@CHString@@QEBA?AV1@H@Z
??4CHString@@QEAAAEBV0@PEBG@Z
?Find@CHString@@QEBAHG@Z
?FindOneOf@CHString@@QEBAHPEBG@Z
??1CHString@@QEAA@XZ
??0CHString@@QEAA@XZ
?GetBufferSetLength@CHString@@QEAAPEAGH@Z
?ReleaseBuffer@CHString@@QEAAXH@Z
?GetBuffer@CHString@@QEAAPEAGH@Z
?Mid@CHString@@QEBA?AV1@HH@Z
??0CHString@@QEAA@PEBG@Z
??H@YA?AVCHString@@PEBGAEBV0@@Z
??YCHString@@QEAAAEBV0@AEBV0@@Z

ws2_32

WSAStartup
WSAGetLastError
GetAddrInfoW
GetNameInfoW
FreeAddrInfoW
WSACleanup

shlwapi

StrChrW
ord487

version

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoTaskMemFree
CoUninitialize
CoTaskMemAlloc

sspicli

GetUserNameExW

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
systemreset.exe
.exe windows:10 windows x64 arch:x64

94fa4d853c97ac221db5f1040ddd3965

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

50:1e:10:59:85:bf:6d:94:51:a0:01:42:a7:2e:03:6f:e4:19:ce:f9:01:ad:7c:4c:28:fe:00:f2:64:6d:10:40
Signer

Actual PE Digest

50:1e:10:59:85:bf:6d:94:51:a0:01:42:a7:2e:03:6f:e4:19:ce:f9:01:ad:7c:4c:28:fe:00:f2:64:6d:10:40

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

systemreset.pdb

Imports

advapi32

EventRegister
EventWriteTransfer
EventSetInformation
EventUnregister
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
InitiateSystemShutdownExW
RegDeleteKeyExW
RegLoadKeyW
RegUnLoadKeyW
RegEnumValueW
RegDeleteValueW
RegSetValueExW
RegGetValueW
RegEnumKeyExW
RegDeleteTreeW
RegDeleteKeyW
RegCreateKeyExW
RegSetKeySecurity
RegGetKeySecurity
IsWellKnownSid
ConvertStringSidToSidW

kernel32

CreateSemaphoreExW
InitOnceComplete
InitOnceBeginInitialize
GetVolumeInformationW
GetWindowsDirectoryW
GetFinalPathNameByHandleW
GetLongPathNameW
GetFullPathNameW
CopyFileExW
SetFileInformationByHandle
GetFileInformationByHandleEx
MoveFileW
DeleteFileW
QueryDosDeviceW
MoveFileExW
CreateDirectoryW
FindNextFileW
GetCurrentDirectoryW
GetVolumePathNamesForVolumeNameW
SetFileAttributesW
GetFileInformationByHandle
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetFileAttributesW
DeviceIoControl
CreateFileW
GetModuleFileNameA
GetModuleFileNameW
LocalAlloc
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
CreateEventW
SetEvent
GetCommandLineW
CreateMutexW
DecodePointer
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitOnceExecuteOnce
GetSystemWindowsDirectoryW
SizeofResource
LockResource
LoadResource
FindResourceExW
LoadLibraryW
FreeLibrary
CreateThread
GetDiskFreeSpaceExW
GetSystemPowerStatus
CreateWaitableTimerW
SetWaitableTimer
WaitForMultipleObjects
Sleep
LoadLibraryExW
CompareStringEx
GetCurrentThread
GetCurrentProcess
LocalFree
FindClose
FindFirstFileW
GetProcessMitigationPolicy

user32

DispatchMessageW
LoadCursorW
TranslateMessage
CreateWindowExW
GetWindowLongPtrW
GetMessageW
PostMessageW
UnregisterClassA
RegisterClassExW
SetWindowLongPtrW
DefWindowProcW
PostQuitMessage
LoadStringW
KillTimer
SetTimer
FindWindowExW

msvcrt

_wsetlocale
__crtLCMapStringW
_wcsdup
memset
abort
__pctype_func
_ismbblead
___lc_codepage_func
___lc_handle_func
___mb_cur_max_func
_errno
setlocale
__uncaught_exception
_unlock
_lock
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
malloc
__C_specific_handler
strcspn
localeconv
??_V@YAXPEAX@Z
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
sprintf_s
??0exception@@QEAA@AEBQEBD@Z
wcsrchr
_wcsnicmp
wcschr
wcsncmp
_XcptFilter
_amsg_exit
?what@exception@@UEBAPEBDXZ
_wgetenv
wcstok_s
wcsstr
__wgetmainargs
__set_app_type
calloc
vswprintf_s
exit
_cexit
__setusermatherr
_initterm
_wcmdln
_fmode
_commode
?terminate@@YAXXZ
__dllonexit
_vscwprintf
free
memmove_s
_wcsicmp
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
_onexit
??1type_info@@UEAA@XZ
ceil
memcpy_s
??3@YAXPEAX@Z
__CxxFrameHandler4
_vsnwprintf
_exit
wcscmp

ntdll

RtlFreeHeap
RtlAllocateHeap
RtlCaptureContext
NtSetInformationFile
RtlNtStatusToDosError
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoInitializeSecurity
CLSIDFromString
CoCreateInstance

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapSize
HeapDestroy

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InitializeCriticalSectionEx

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-string-l1-1-0

CompareStringW
GetStringTypeW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-util-l1-1-0

EncodePointer

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

shell32

ShellExecuteExW

shlwapi

StrFormatByteSizeW

dui70

?ContentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?CreateString@Value@DirectUI@@SAPEAV12@PEBGPEAUHINSTANCE__@@@Z
?GetChildren@Element@DirectUI@@QEAAPEAV?$DynamicArray@PEAVElement@DirectUI@@$0A@@2@PEAPEAVValue@2@@Z
?GetRoot@Element@DirectUI@@QEAAPEAV12@XZ
?GetContentString@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?UserTextChanged@TouchEditBase@DirectUI@@SA?AVUID@@XZ
?HasContent@Element@DirectUI@@QEAA_NXZ
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?GetCheckedState@TouchCheckBox@DirectUI@@QEAA?AW4CheckedStateFlags@2@XZ
?MultipleClick@TouchButton@DirectUI@@SA?AVUID@@XZ
?SetID@Element@DirectUI@@QEAAJPEBG@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?GetParent@Element@DirectUI@@QEAAPEAV12@XZ
?Remove@Element@DirectUI@@QEAAJPEAV12@@Z
?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z
?Release@Value@DirectUI@@QEAAXXZ
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?Click@TouchButton@DirectUI@@SA?AVUID@@XZ
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?AddListener@Element@DirectUI@@QEAAJPEAUIElementListener@2@@Z
StrToID
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z

resetengine

ResetValidateScenario
ResetNotifyCancel
ResetGetDataVolumes
ResetReleaseSession
ResetTraceClientInfo
ResetCreateSession
ResetPrepareSession
ResetWillSuspendProtection
ResetClearSession
ResetStageOfflineBoot
ResetGetDiskSpaceRequired
ResetGetTelemetrySessionID
ResetUnstageOfflineBoot
ResetGetRestoredApps
ResetNotifyConfirm
ResetDisabledByPolicy

reagent

WinReSetNarratorScheduled

wdscore

ConstructPartialMsgVW
CurrentIP
WdsSetupLogMessageW

crypt32

CertVerifyCertificateChainPolicy

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

Sections

.text
Size: 220KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
systray.exe
.exe windows:10 windows x64 arch:x64

5487e920ea68f003a70eb2b7ec92c4eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

systray.pdb

Imports

kernel32

HeapSetInformation
GetCommandLineW

user32

PostMessageW
FindWindowW

msvcrt

?terminate@@YAXXZ
_fmode
_acmdln
__C_specific_handler
_commode
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetStartupInfoW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tabcal.exe
.exe windows:10 windows x64 arch:x64

82daceb0e77e2bc065b4876649e12ef4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

tabcal.pdb

Imports

gdi32

CreateFontIndirectW
DeleteObject
SetBkColor
MoveToEx
CreatePen
LineTo
SetBkMode
SetTextColor
GetLayout
SelectObject

user32

ShowWindow
ReleaseDC
InvalidateRect
ShowCursor
GetSysColorBrush
PostQuitMessage
BeginPaint
EndPaint
GetPointerDevices
GetPointerDeviceProperties
GetPointerDeviceRects
GetRawPointerDeviceData
GetPointerDevice
GetRawInputDeviceInfoW
GetMessageW
DefWindowProcW
PostMessageW
DestroyWindow
GetDC
MessageBoxW
SendMessageTimeoutW
SkipPointerFrameMessages
EnumDisplayMonitors
CreateWindowExW
CloseDesktop
DispatchMessageW
GetMonitorInfoW
EnumDisplaySettingsExW
CreateDesktopW
GetSysColor
MoveWindow
TranslateMessage
LoadIconW
LoadCursorW
GetPointerInfo
SwitchDesktop
GetPointerFrameInfoHistory
DrawTextW
SendMessageW
GetSystemMetrics
UnregisterClassW
MessageBeep
RegisterClassExW
SetThreadDesktop
ChangeDisplaySettingsExW
ord2531
GetThreadDesktop
LoadStringW

msvcrt

wcstol
fopen
fclose
_wcsdup
_vsnprintf
wcstoul
_wcslwr
fprintf
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__CxxFrameHandler4
__wgetmainargs
_amsg_exit
_vsnwprintf
memcpy
_wcsicmp
_XcptFilter
_callnewh
malloc
_wcsnicmp
free
wcsstr
wcschr
wcstok
memset

ntdll

EtwUnregisterTraceGuids
RtlVirtualUnwind
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

GetFileAttributesA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapSetInformation
GetProcessHeap

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameW

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
RegEnumValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenProcessToken
GetCurrentThreadId
CreateThread
GetStartupInfoW
OpenThreadToken
TerminateProcess
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseMutex
CreateMutexW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-security-base-l1-1-0

GetTokenInformation

hid

HidP_GetSpecificValueCaps
HidP_GetCaps
HidD_GetHidGuid

imm32

ImmDisableIME

shell32

ShellExecuteW
CommandLineToArgvW

ninput

SetInteractionConfigurationInteractionContext
CreateInteractionContext
DestroyInteractionContext
RegisterOutputCallbackInteractionContext
SetPropertyInteractionContext
ProcessPointerFramesInteractionContext

kernel32

lstrcmpiW
RegisterApplicationRestart
DelayLoadFailureHook
ResolveDelayLoadedAPI
GetCurrentThread
LocalFree

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
takeown.exe
.exe windows:10 windows x64 arch:x64

5e31d6f290f2f034d88ec70c1026c6ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

takeown.pdb

Imports

msvcrt

_amsg_exit
__wgetmainargs
__set_app_type
_cexit
__setusermatherr
_exit
toupper
fflush
fprintf
_get_osfhandle
_fileno
wcstoul
wcstol
wcstod
_errno
_memicmp
wcsrchr
wcstok
wcspbrk
memcpy
?terminate@@YAXXZ
_wcsicmp
_vsnwprintf
_commode
__iob_func
_XcptFilter
exit
_fmode
__C_specific_handler
_initterm
memset

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-core-libraryloader-l1-2-0

FindStringOrdinal
GetModuleFileNameW
LoadStringW
GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
ExitProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetComputerNameExW

api-ms-win-security-base-l1-1-0

GetTokenInformation
GetSecurityDescriptorDacl
CheckTokenMembership
GetFileSecurityW
SetFileSecurityW
GetAclInformation
SetSecurityDescriptorOwner
AdjustTokenPrivileges
AllocateAndInitializeSid
GetLengthSid
SetSecurityDescriptorDacl
FreeSid
InitializeSecurityDescriptor
InitializeAcl
AddAce

api-ms-win-core-file-l1-1-0

GetFileType
GetFullPathNameW
CreateFileW
GetVolumePathNameW
GetFileAttributesW
FindNextFileW
FindClose
ReadFile
FindFirstFileW
GetVolumeInformationW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW
LookupPrivilegeValueW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetCurrentDirectoryW

api-ms-win-core-console-l1-1-0

WriteConsoleW
SetConsoleMode
GetConsoleMode
GetConsoleOutputCP
ReadConsoleW

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageW
GetThreadLocale

sspicli

GetUserNameExW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapSetInformation
GetProcessHeap
HeapReAlloc
HeapAlloc
HeapSize
HeapValidate
HeapFree

api-ms-win-core-console-l2-1-0

FlushConsoleInputBuffer

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

ntdll

VerSetConditionMask
RtlVerifyVersionInfo

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrlenA

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

api-ms-win-core-string-l2-1-0

CharUpperW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrChrW

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tar.exe
.exe windows:10 windows x64 arch:x64

25b0e8f79a0894b627da2149a0a04bc9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

tar.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
strcspn
strncmp
strcmp
wcsncpy

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-stdio-l1-1-0

_open

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vfprintf
_o___stdio_common_vsprintf
_o__access
_o__cexit
_o__close
_o__configthreadlocale
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_narrow_environment
_o__get_osfhandle
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__localtime64_s
_o__read
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__setmode
_o__stat64i32
_o__strdup
memmove
_o_calloc
_o_exit
_o_fclose
_o_feof
_o_ferror
_o_fflush
_o_fopen
_o_fputs
_o_fread
_o_free
_o_getenv
_o_isprint
_o_isspace
_o_iswctype
_o_malloc
_o_mbtowc
_o_putchar
_o_realloc
_o_setlocale
_o_strerror
_o_strftime
_o_strtol
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___acrt_iob_func
strrchr
strchr
_o___p__commode
_o___p___argv
_o___p___argc
memcpy

api-ms-win-core-file-l1-1-0

GetFullPathNameW
SetFilePointerEx
WriteFile
ReadFile

api-ms-win-core-processenvironment-l1-1-0

SetCurrentDirectoryA
GetStdHandle
SetCurrentDirectoryW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-console-l1-1-0

SetConsoleMode
GetConsoleMode

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

archiveint

archive_match_include_pattern
archive_match_new
archive_match_free
archive_match_exclude_pattern_from_file
archive_match_include_file_time
archive_version_details
archive_match_include_date
archive_read_support_filter_program
archive_write_add_filter_by_name
archive_write_add_filter_program
archive_read_data_into_fd
archive_read_set_options
archive_match_path_unmatched_inclusions_next
archive_read_extract2
archive_entry_set_uname
archive_entry_set_gid
archive_read_extract_set_progress_callback
archive_read_add_passphrase
archive_read_support_format_all
archive_read_new
archive_entry_set_uid
archive_read_support_filter_all
archive_write_disk_set_standard_lookup
archive_entry_size
archive_read_free
archive_match_include_pattern_from_file
archive_filter_bytes
archive_read_data_skip
archive_entry_set_gname
archive_write_disk_new
archive_write_free
archive_entry_pathname
archive_clear_error
archive_read_next_header
archive_write_disk_set_options
archive_filter_name
archive_read_open_filename
archive_match_excluded
archive_read_close
archive_format_name
archive_match_path_unmatched_inclusions
archive_read_set_passphrase_callback
archive_entry_rdevmajor
archive_entry_hardlink
archive_error_string
archive_entry_strmode
archive_entry_copy_pathname
archive_entry_mtime
archive_entry_symlink
archive_match_exclude_pattern
archive_entry_nlink
archive_entry_gid
archive_entry_uname
archive_entry_rdevminor
archive_entry_uid
archive_entry_gname
archive_entry_linkresolver_set_strategy
archive_write_header
archive_write_open_fd
archive_read_disk_gname
archive_write_set_passphrase_callback
archive_read_support_format_tar
archive_read_disk_set_matching
archive_errno
archive_entry_free
archive_write_set_format_by_name
archive_write_set_options
archive_write_data
archive_read_disk_new
archive_read_support_format_gnutar
archive_entry_linkresolver_free
archive_entry_linkify
archive_write_set_format
archive_write_set_bytes_in_last_block
archive_write_new
archive_read_next_header2
archive_read_data_block
archive_filter_code
archive_entry_set_size
archive_read_disk_set_symlink_hybrid
archive_read_open_fd
archive_format
archive_read_disk_open
archive_read_disk_descend
archive_entry_linkresolver_new
archive_match_exclude_entry
archive_write_set_passphrase
archive_write_set_bytes_per_block
archive_entry_sourcepath
archive_write_set_format_pax_restricted
archive_entry_new
archive_read_disk_can_descend
archive_read_support_format_empty
archive_read_disk_set_behavior
archive_read_disk_set_symlink_physical
archive_read_disk_set_symlink_logical
archive_read_disk_set_metadata_filter_callback
archive_read_header_position
archive_read_disk_set_standard_lookup
archive_write_close
archive_read_disk_uname
archive_write_open_filename
archive_entry_filetype
archive_match_set_inclusion_recursion
archive_entry_copy_hardlink

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
taskhostw.exe
.exe windows:10 windows x64 arch:x64

1c4e2d9936e4d9f2490b08aab4d24260

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9e:45:fa:69:ce:09:79:b7:00:0c:5f:b6:21:8c:b2:bc:d3:48:59:b5:9a:2a:f2:80:ac:76:44:29:48:e1:94:86
Signer

Actual PE Digest

9e:45:fa:69:ce:09:79:b7:00:0c:5f:b6:21:8c:b2:bc:d3:48:59:b5:9a:2a:f2:80:ac:76:44:29:48:e1:94:86

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

taskhostw.pdb

Imports

msvcrt

free
malloc
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
??3@YAXPEAX@Z
__CxxFrameHandler4
memmove
_XcptFilter
memcpy_s
memmove_s
??0exception@@QEAA@AEBV0@@Z
??1type_info@@UEAA@XZ
wcsstr
?what@exception@@UEBAPEBDXZ
_CxxThrowException
__CxxFrameHandler3
memcpy
_purecall
_onexit
calloc
_callnewh
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
??1exception@@UEAA@XZ
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
memset

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapSize
HeapFree
HeapDestroy
GetProcessHeap
HeapAlloc

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetStartupInfoW
CreateThread
GetCurrentThread
SetProcessShutdownParameters
GetExitCodeThread
GetCurrentProcess
TerminateProcess
GetThreadPriority
SetThreadPriority
GetCurrentProcessId

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadStringW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-security-base-l1-1-0

InitializeAcl
AddAce
GetAclInformation
GetSecurityDescriptorOwner
SetSecurityDescriptorOwner
IsValidSid
SetSecurityDescriptorGroup
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorControl
MakeAbsoluteSD
InitializeSecurityDescriptor
GetLengthSid
CopySid
GetSidSubAuthority
CreateWellKnownSid
InitializeSid
GetSidLengthRequired
AllocateAndInitializeSid
GetSecurityDescriptorGroup
FreeSid

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
SetEvent
ResetEvent
CreateEventW
WaitForSingleObject

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

ntdll

EtwTraceMessage
NtSetInformationProcess
RtlUnhandledExceptionFilter
RtlIsMultiSessionSku
DbgPrintEx

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
taskkill.exe
.exe windows:10 windows x64 arch:x64

86aa9a65a9c8e606b1e09c96ae58bacc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

taskkill.pdb

Imports

advapi32

RegConnectRegistryW
RegCloseKey
LookupAccountSidW
OpenSCManagerW
EnumServicesStatusExW
CloseServiceHandle
RegQueryValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

kernel32

OpenProcess
CloseHandle
GetExitCodeProcess
TerminateProcess
WriteConsoleW
GetStdHandle
LocalAlloc
FormatMessageW
FreeLibrary
GetCurrentProcessId
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
GetCurrentProcess
SetLastError
GetModuleFileNameW
GetComputerNameExW
GetLastError
HeapReAlloc
HeapAlloc
HeapValidate
HeapFree
GetProcessHeap
ReadConsoleW
ReadFile
SetConsoleMode
MultiByteToWideChar
GetConsoleOutputCP
ExitProcess
CompareStringA
GetThreadLocale
CompareStringW
lstrlenW
lstrlenA
GetConsoleMode
GetFileType
WideCharToMultiByte
FindStringOrdinal
VerSetConditionMask
SetThreadUILanguage
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
LocalFree
GetCurrentThreadId
HeapSize

msvcrt

memcpy
wcsstr
wcstok
_CxxThrowException
fflush
fprintf
_get_osfhandle
_fileno
wcstol
wcstod
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
_errno
wcstoul
wcschr
_wtoi64
_wcsicmp
wcsrchr
_wcsdup
free
__CxxFrameHandler4
__iob_func
_memicmp
_vsnwprintf
memset

ntdll

RtlVirtualUnwind
RtlTimeToElapsedTimeFields
RtlLargeIntegerToChar
RtlLookupFunctionEntry
RtlCaptureContext
RtlVerifyVersionInfo

version

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

user32

LoadStringW
CharUpperW
wsprintfW
GetWindowLongW
GetWindowThreadProcessId
FindWindowExW
EnumWindows
CloseDesktop
PostMessageW
OpenDesktopW
GetThreadDesktop
EnumDesktopsW
CloseWindowStation
SetProcessWindowStation
OpenWindowStationW
GetProcessWindowStation
EnumWindowStationsW
GetWindow
GetWindowTextW
IsHungAppWindow
SetThreadDesktop

mpr

WNetAddConnection2W
WNetCancelConnection2W
WNetGetLastErrorW

oleaut32

VariantCopy
SysStringLen
SysAllocStringByteLen
VariantInit
SysFreeString
SysAllocString
VariantChangeType
VariantClear

ws2_32

FreeAddrInfoW
GetNameInfoW
GetAddrInfoW
WSAStartup
WSACleanup
WSAGetLastError

framedynos

?Empty@CHString@@QEAAXXZ
?Mid@CHString@@QEBA?AV1@HH@Z
??YCHString@@QEAAAEBV0@PEBG@Z
?GetData@CHString@@IEBAPEAUCHStringData@@XZ
?Left@CHString@@QEBA?AV1@H@Z
?Compare@CHString@@QEBAHPEBG@Z
?Find@CHString@@QEBAHG@Z
?FindOneOf@CHString@@QEBAHPEBG@Z
??4CHString@@QEAAAEBV0@PEBD@Z
??YCHString@@QEAAAEBV0@AEBV0@@Z
??1CHString@@QEAA@XZ
??0CHString@@QEAA@XZ
?ReleaseBuffer@CHString@@QEAAXH@Z
?GetBufferSetLength@CHString@@QEAAPEAGH@Z
?Mid@CHString@@QEBA?AV1@H@Z
?GetBuffer@CHString@@QEAAPEAGH@Z
?Format@CHString@@QEAAXPEBGZZ
??4CHString@@QEAAAEBV0@AEBV0@@Z
??4CHString@@QEAAAEBV0@PEBG@Z

dbghelp

EnumerateLoadedModulesW64

shlwapi

StrChrW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize

sspicli

GetUserNameExW

srvcli

NetServerGetInfo

netutils

NetApiBufferFree

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tasklist.exe
.exe windows:10 windows x64 arch:x64

fcea32abe79c10dfacc88f5335dd89de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

tasklist.pdb

Imports

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegConnectRegistryW
RegCloseKey
LookupAccountSidW
OpenSCManagerW
EnumServicesStatusExW
CloseServiceHandle
RegQueryValueExW

kernel32

GetSystemDirectoryW
LoadLibraryW
GetProcAddress
GetCurrentProcess
CloseHandle
GetNumberFormatW
OpenProcess
GetLastError
HeapSetInformation
GetCurrentThreadId
WriteConsoleW
GetStdHandle
LocalAlloc
FormatMessageW
SetLastError
GetTimeFormatW
FreeLibrary
GetComputerNameExW
HeapSize
HeapReAlloc
HeapAlloc
HeapValidate
HeapFree
GetProcessHeap
ReadConsoleW
ReadFile
SetConsoleMode
MultiByteToWideChar
GetConsoleOutputCP
ExitProcess
CompareStringA
GetThreadLocale
CompareStringW
lstrlenA
GetConsoleMode
GetFileType
WideCharToMultiByte
FindStringOrdinal
VerSetConditionMask
SetThreadUILanguage
FileTimeToSystemTime
lstrlenW
GetLocaleInfoW
GetModuleFileNameW

msvcrt

memset
memcpy
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
_wtoi64
_wcsicmp
_wcsdup
wcscpy_s
free
wcsrchr
wcschr
__CxxFrameHandler4
__iob_func
_vsnwprintf
_memicmp
_errno
wcstod
wcstol
wcstoul
_fileno
_get_osfhandle
fprintf
fflush
wcsstr
wcstok
_CxxThrowException

api-ms-win-core-com-l1-1-0

CoInitializeSecurity
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitializeEx

oleaut32

SysAllocString
SysFreeString
SysAllocStringByteLen
SysStringLen
VariantChangeType
VariantCopy
VariantClear
VariantInit

ntdll

RtlTimeToElapsedTimeFields
RtlVerifyVersionInfo
RtlQueryPackageIdentity
RtlNtStatusToDosError
NtQueryInformationProcess
RtlLargeIntegerToChar

imagehlp

EnumerateLoadedModulesW64

sspicli

GetUserNameExW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

user32

IsHungAppWindow
GetWindowTextW
wsprintfW
GetWindowThreadProcessId
FindWindowExW
EnumWindows
CloseDesktop
GetWindow
OpenDesktopW
GetThreadDesktop
EnumDesktopsW
CloseWindowStation
SetProcessWindowStation
OpenWindowStationW
GetProcessWindowStation
EnumWindowStationsW
SetThreadDesktop
GetWindowLongW

mpr

WNetAddConnection2W
WNetCancelConnection2W
WNetGetLastErrorW

ws2_32

WSAStartup
WSACleanup
WSAGetLastError
GetAddrInfoW
FreeAddrInfoW
GetNameInfoW

framedynos

?Mid@CHString@@QEBA?AV1@HH@Z
?ReleaseBuffer@CHString@@QEAAXH@Z
??4CHString@@QEAAAEBV0@PEBG@Z
?Find@CHString@@QEBAHPEBG@Z
?Mid@CHString@@QEBA?AV1@H@Z
?Compare@CHString@@QEBAHPEBG@Z
?Format@CHString@@QEAAXPEBGZZ
?Empty@CHString@@QEAAXXZ
??YCHString@@QEAAAEBV0@AEBV0@@Z
??YCHString@@QEAAAEBV0@PEBG@Z
??4CHString@@QEAAAEBV0@AEBV0@@Z
?Left@CHString@@QEBA?AV1@H@Z
??4CHString@@QEAAAEBV0@PEBD@Z
?GetBuffer@CHString@@QEAAPEAGH@Z
?FindOneOf@CHString@@QEBAHPEBG@Z
?Find@CHString@@QEBAHG@Z
??1CHString@@QEAA@XZ
??0CHString@@QEAA@XZ
?GetBufferSetLength@CHString@@QEAAPEAGH@Z
?GetData@CHString@@IEBAPEAUCHStringData@@XZ

srvcli

NetServerGetInfo

netutils

NetApiBufferFree

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrChrW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-core-string-l2-1-0

CharUpperW

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tcblaunch.exe
.dll windows:0 windows x64 arch:x64

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:ed:07:e9:3a:d3:ba:55:e9:bf:d1:bf:2f:3b:65:3b:a5:8d:b9:95:22:4c:29:43:18:37:13:2f:bd:8e:4c:2e
Signer

Actual PE Digest

25:ed:07:e9:3a:d3:ba:55:e9:bf:d1:bf:2f:3b:65:3b:a5:8d:b9:95:22:4c:29:43:18:37:13:2f:bd:8e:4c:2e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

tcblaunch.pdb

Exports

Exports

AhCreateLoadOptionsString
AhGetArcDevice
ArchBuildKernelGdt
ArchGetGdtRegister
BlAllocateSlabPages
BlAmdSlGetEnabledFeatures
BlAmdSlGetTaCommands
BlAmdSlGetTaParameterRegisters
BlAppCheckDependency
BlAppSetDependency
BlAppendBootOptionBoolean
BlAppendBootOptionString
BlAppendUnicodeToString
BlArchCpuId
BlArchDetectSmt
BlArchGetCpuVendor
BlArchGetPerformanceCounter
BlArchIsCpuIdFunctionSupported
BlArchIsFiveLevelPagingActive
BlArchIsShadowStackSupported
BlArchKernelSetup
BlArchQueryIoPortAccessSupported
BlArchSetSecrets
BlBdDebugTransitionsEnabled
BlBdDebuggerConnected
BlBdGetBootDebugDevice
BlBdGetExtensionName
BlBdGetHvDebugDevice
BlBdGetMacAddressFromSmBiosUuid
BlBdGetPciDevicePath
BlBdInitializeDeviceDescriptor
BlBdInitializeDeviceDescriptorEx
BlBdInitializeTransportExtension
BlBdLoadImageSymbols
BlBdPatchIdt
BlBdReleaseDebuggingDevice
BlBdSetupDebugDevice
BlBdSetupDebuggingDevice
BlBdStart
BlBdStop
BlBdUpdateSharedHypervisorDebugDevice
BlBootOptionExists
BlBsdCloseLog
BlBsdLogEntry
BlCopyBootOptions
BlCopyStringToUnicodeString
BlCopyStringToWcharString
BlCopyUnicodeStringToUnicodeString
BlCopyWcharStringToString
BlCreateTpmSealedBlob
BlDecryptSealedData
BlDeviceClose
BlDeviceCompare
BlDeviceGetInformation
BlDeviceGetIoInformation
BlDeviceOpen
BlDeviceSetInformation
BlDisplayFreeOemBitmap
BlDisplayGetOemBitmap
BlDisplayInvalidateOemBitmap
BlDrtmSetError
BlEnNotifyEvent
BlFileClose
BlFileCopyFile
BlFileExists
BlFileGetInformation
BlFileLoad
BlFileOpen
BlFileReadAtOffsetEx
BlFileReadEx
BlFileSetInformation
BlFileWrite
BlFveCheckPermission
BlFwGetAcpiMemoryMap
BlFwGetSystemTable
BlFwQueryEfiRuntimeVaRange
BlFwReboot
BlFwServicesAvailable
BlGetApplicationEntry
BlGetApplicationIdentifier
BlGetBootDevice
BlGetBootOptionBoolean
BlGetBootOptionDevice
BlGetBootOptionInteger
BlGetBootOptionString
BlGetDevice
BlGetDeviceIdentifier
BlGetExecutionEnvironment
BlGetLogicalProcessorCount
BlGetProcessorApicIds
BlImgFindSection
BlImgGetNtHeader
BlImgGetPEImageSize
BlImgGetSigningPolicy
BlImgGetWhqlEnforcementDateTime
BlImgIsBootUpgradedPlatform
BlImgIsUpgradeInProgress
BlImgIsUpgradedPlatform
BlImgIsWhqlDeveloperTestModeEnabled
BlImgIsWhqlDisabledBySetting
BlImgIsWhqlEnabledBySetting
BlImgIsWinPE
BlImgLoadImageWithProgress2
BlImgLoadPEImageEx
BlImgLoadPEImageWithPolicyValidatedHash
BlImgParseOsRevocationList
BlImgQueryCodeIntegrityBootOptions
BlImgRegisterCodeIntegrityCatalogDirectory
BlImgRegisterCodeIntegrityCatalogs
BlImgRsaKnownAnswerTest
BlImgSetRestrictedSigning
BlImgSetSigningPolicy
BlImgSetSysDevWhqlPolicy
BlImgSha1KnownAnswerTest
BlImgSha1MonteCarloTest
BlImgTrustCustomSignersForDrivers
BlImgUnLoadImage
BlImgVerifyFontIntegrity
BlIpmiDestroy
BlIpmiGetHwConfig
BlIpmiInitialize
BlIpmiLogCheckPoint
BlLdrBuildImagePath
BlLdrFreeDataTableEntry
BlLdrLoadDll
BlLdrLoadImage
BlLdrPreloadFile
BlLdrPreloadImage
BlLdrUnloadImage
BlLogDestroy
BlLogDiagWrite
BlLogEtwRegister
BlLogEtwWrite
BlLogEtwWriteTransfer
BlLogInitialize
BlLogIsVerboseSELEnabled
BlMmAddEnclavePageRange
BlMmAddPersistentPageRange
BlMmAllocateHeap
BlMmAllocatePages
BlMmAllocatePagesInRange
BlMmAllocatePartitionPhysicalPagesInRangeNuma
BlMmAllocatePhysicalPages
BlMmAllocatePhysicalPagesInRange
BlMmAllocatePhysicalPagesInRangeNuma
BlMmAllocateVirtualPages
BlMmClosePartition
BlMmDisableStaticDescriptors
BlMmDisableUpdates
BlMmEnableStaticDescriptors
BlMmEnableUpdates
BlMmEnumerateAllocations
BlMmFlushTlb
BlMmFreeHeap
BlMmFreePages
BlMmFreePartitionRangeAllocation
BlMmFreePhysicalPages
BlMmFreeVirtualPages
BlMmGetAllocationPages
BlMmGetMemoryMap
BlMmInitMemoryMapHandle
BlMmIsLargePageMapping
BlMmMapIoSpace
BlMmMapPhysicalAddress
BlMmMapPhysicalAddressEx
BlMmOpenPartition
BlMmPersistAllocation
BlMmProcessBadPageList
BlMmQueryLargePageSize
BlMmQueryTranslationType
BlMmRegisterPledgedType
BlMmReleaseMemoryMap
BlMmRemapVirtualAddress
BlMmSetPageProtection
BlMmTranslateEfiMemoryType
BlMmTranslateVirtualAddress
BlMmUnmapVirtualAddress
BlMmUnmapVirtualAddressEx
BlMmUnpersistAllocation
BlMmUnpersistAllocations
BlMmUnprotectAllocation
BlMmUnregisterPledgedType
BlMmUpdatesDisabled
BlMmWalkPageTable
BlMmWriteZeroPte
BlNumaGetNumaMemoryRanges
BlObtainUnusedSlabPages
BlPdAllocateData
BlPdDestroyData
BlPdFreeData
BlPdPersistAllocations
BlPdQueryData
BlPdQueryDataAll
BlPdSaveData
BlPltReadPciConfig
BlPltWritePciConfig
BlRdUnmap
BlRemoveBootOption
BlResourceFindDataFromImage
BlResourceFindMessage
BlResourceGetLanguageMapping
BlSIPolicyCheckPolicyOnDevice
BlSIPolicyDoesActivePolicyGrantPermission
BlSIPolicyLoadAndActivateTemporalPolicy
BlSealSecretToCurrentPcrValues
BlSecureBootGetNonVolatilePrivateVariable
BlSecureBootIgnoreSingleBootOption
BlSecureBootSetVolatilePrivateVariable
BlSetVirtualizationLaunched
BlSiAppLosingTpmAccess
BlSiCloseEnvironment
BlSiDrtmEnvironmentUnsafe
BlSiEnterInsecureStateEx
BlSiEnvironmentReady
BlSiFlushCurrentMeasurements
BlSiHandleHypervisorLaunchEvent
BlSiLeaveEnvironment
BlSiMeasureOsRevocationList
BlSiPaRecordConfigEvent
BlSiPaRecordDrtmConfigEvent
BlSiPaRecordEvent
BlSiSetDrtmEnvironmentUnsafe
BlSlGetSmmIsolationLevel
BlStatusError
BlStatusPrint
BlStatusRegisterErrorHandler
BlSvnGetApplicationSvn
BlSvnGetChainStatus
BlSymCryptGetAesBlockCipher
BlSymCryptGetHmacSha256Algorithm
BlTblSetEntry
BlTcbIsDrtmCapable
BlTcgFwSetAndLockMemoryOverwriteRequestControl
BlTimeGetRelativeTime
BlTimeQueryPerformanceCounter
BlTpmGetRandom
BlTpmShutdown
BlTpmStatus
BlTxtGetRlpParkPage
BlTxtGetTprArray
BlUpdateBootOptions
BlUtlCheckSum
BlUtlGetAcpiTable
BlUtlGetAcpiTableOverrides
BlUtlPopulateAcpiTableCache
BlUtlReleaseAcpiTable
BlUtlSetAcpiTableOverrides
BlUtlValidateMemoryRange
BlValidateAmeCertChain
BlValidateAnsiStringMemory
BlValidateListMemory
BlValidateMemoryRange
BlValidatePhysicalMemoryRange
BlValidateUnicodeStringMemory
BlValidateWideStringMemory
BlVsmCheckSystemPolicy
BlVsmGetSystemPolicy
BlVsmKeysAddNewKeyToArray
BlVsmKeysCreateKeyPkg
BlVsmKeysExplodePkg
BlVsmKeysFindKeyMapByType
BlVsmKeysGetCurrentLKeyRefFromArray
BlVsmKeysGetCurrentLKeyRefFromPkg
BlVsmKeysReadAndUnsealBackupLKeyPkg
BlVsmKeysReadAndUnsealLKeyPkg
BlVsmKeysSupportedByPlatform
BlVsmKeysValidateKeyPkgBuffer
BlpPdQueryData
BlpPdReleaseData
BlpVsmLKeyCheckBootmgrAuthorityInTcgLog
DbgLoadImageSymbols
DbgPrint
EfiGetMemoryAttributesTable
HvlQueryConnection
KdNetGetNetDataSize
KdNetGetParameters
LdrInitSecurityCookie
McGenEventWriteBoot
MinCrypL_HashMemory
MincryptSetWeakCryptoPolicy
OslGenRandomBytes
OslGetControlSubkey
OslGetDrtmSvn
OslGetExportRoutineInModule
OslGetLocalApicId
OslGetStringValueAtKey
OslGetSubkeyAtKey
OslGetValueAtKey
OslIsRunningInSecureKernel
OslLoadMicrocodeUpdate
RtlAnsiStringToUnicodeString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlApplyFunctionOverrideFixupsToImage
RtlApplyHotPatch
RtlAssert
RtlCheckCurrentPatchesApplied
RtlClearAllBits
RtlCompareMemory
RtlCompareUnicodeString
RtlCompareUnicodeStrings
RtlCountRequiredHotPatchAddressTableEntries
RtlEqualUnicodeString
RtlFindClearBits
RtlFindExportedRoutineByName
RtlFindHotPatchBase
RtlFindHotPatchInformation
RtlFindNextForwardRunClear
RtlFreeAnsiString
RtlFreeUnicodeString
RtlGUIDFromString
RtlImageDirectoryEntryToData
RtlImageNtHeaderEx
RtlInitAnsiString
RtlInitFunctionOverrideCapabilities
RtlInitUnicodeString
RtlInitUnicodeStringEx
RtlInitializeBitMap
RtlInitializeBootFeatureConfigurations
RtlInitializeDelayedFeatureUsageReportBuffer
RtlIntegerToUnicodeString
RtlIpv6StringToAddressW
RtlNotifyFeatureUsage
RtlNumberOfSetBits
RtlPrefixUnicodeString
RtlQueryFeatureConfiguration
RtlQueryFeatureConfigurationChangeStamp
RtlRbInsertNodeEx
RtlRbRemoveNode
RtlRegisterFeatureConfigurationChangeNotification
RtlSecureZeroMemory
RtlSetBit
RtlSetBits
RtlSizeOfDelayedFeatureUsageReportBuffer
RtlStringFromGUID
RtlUnicodeStringToAnsiString
RtlUnicodeStringToInteger
RtlUnregisterFeatureConfigurationChangeNotification
RtlUpcaseUnicodeChar
RtlValidateDelayedFeatureUsageReportBuffer
RtlValidateFeatureConfigurationBuffer
RtlValidateFeatureUsageSubscriptionBuffer
RtlValidateHotPatchBase
SIPolicyClearAllActivePolicy
SIPolicyDeletePersistentVariable
SIPolicyGetOptions
SIPolicyGetPolicyHandle
SIPolicyGetPolicyInfoFromType
SIPolicyGetSerializedPolicies
SIPolicyGetSerializedPoliciesSize
SIPolicyHashActiveCodeExecutionPolicies
SIPolicyInvalidateEAsOnRebootEnabled
SIPolicyIsPolicyActive
SIPolicyIsSamePolicyID
SIPolicyIsSignedPolicyRequired
SIPolicySetTrialMode
SIPolicyUmciEnabled
SbArePolicyOptionsSet
SbDoesActivePolicyGrantPermission
SbFreeFileData
SbGetKernelPolicyPackage
SbGetSizeOfKernelPolicyPackage
SbIsDebugPolicyActive
SbIsEnabled
SbIsEnabled2
SbIsPolicyActive
SbIsTestRootTrusted
SbIsTestSigningBlocked
SbLoadFile
SbValidateSkuUnlockToken
SipaGetDataPointers
SipaQueueConfigEntry
SipaQueueConfigEntryToQueue
SipaReadPcrsByMask
SipapAppendEntry
SipapCreateQueue
SymCryptGcmAuthPart
SymCryptGcmDecryptFinal
SymCryptGcmDecryptPart
SymCryptGcmEncryptFinal
SymCryptGcmEncryptPart
SymCryptGcmExpandKey
SymCryptGcmInit
SymCryptHmacSha256
SymCryptHmacSha256ExpandKey
SymCryptHmacSha512Selftest
SymCryptInit
SymCryptMarvin32
SymCryptMarvin32ExpandSeed
SymCryptRdrandGet
SymCryptRdrandStatus
SymCryptRdseedGet
SymCryptRdseedStatus
SymCryptRngAesFips140_2Generate
SymCryptRngAesFips140_2Instantiate
SymCryptRngAesFips140_2Uninstantiate
SymCryptRngAesGenerateSelftest
SymCryptRngAesInstantiateSelftest
SymCryptRngAesReseedSelftest
SymCryptSha1
SymCryptSha256
SymCryptSha256Append
SymCryptSha256Init
SymCryptSha256Result
SymCryptSha512
SymCryptSha512Append
SymCryptSha512Init
SymCryptSha512Result
SymCryptSp800_108
TpmApiCheckSecureNVIndex20
TpmApiCreateSecureNVIndex20
TpmApiCreateSrk20
TpmApiDrtmGetSigningKeys
TpmApiGetKeyPublicProperty20
TpmApiGetTpmVersion
TpmApiIsCurrentStatePolicyAuthorized20
TpmApiReadPublic20
TpmApiSeal20Ex
TpmApiSealPolicyAuthorized20
TpmApiTestAes256Capability20
TpmApiTestRsa3kCapability20
TpmApiUnsealEx
TpmApiUnsealPolicyAuthorized20
__GSHandlerCheck
__chkstk
_snwscanf_s
_stricmp
_strupr
_vsnprintf
_wcsicmp
_wcsnicmp
_wcstoui64
_wcsupr
bsearch
memcmp
memcpy
memmove
memset
qsort
rsa_construction_fips186_3
rsa_decryption
rsa_destruction
rsa_encryption
rsa_export
rsa_export_sizes
sprintf_s
strcat_s
strchr
strcmp
strcpy_s
strncmp
strnlen
strstr
swprintf_s
wcscat_s
wcscmp
wcscpy_s
wcsncmp
wcsnlen
wcsrchr
wcsstr

Sections

.text
Size: 796KB - Virtual size: 795KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRANSIT
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tcmsetup.exe
.exe windows:10 windows x64 arch:x64

ae7e4f06cc6d11d0e730defd22d14777

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

tcmsetup.pdb

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
CheckTokenMembership
FreeSid
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
AllocateAndInitializeSid
RegDeleteKeyW
RegCloseKey

kernel32

CompareStringW
GetCommandLineW
lstrlenW
CreateMutexW
WaitForSingleObject
ReleaseMutex
GlobalAlloc
GlobalFree
CloseHandle
HeapSetInformation
GetModuleHandleW
lstrcmpiW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetTickCount
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
Sleep

user32

MessageBoxW
LoadStringW

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_acmdln
__C_specific_handler
_initterm
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
__setusermatherr
_vsnwprintf

tapi32

lineRemoveProvider
lineAddProviderW

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
timeout.exe
.exe windows:10 windows x64 arch:x64

52d0839685a9987dd8cf02994b143429

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

timeout.pdb

Imports

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
VerSetConditionMask
RtlVerifyVersionInfo
RtlVirtualUnwind

user32

CharUpperW
LoadStringW

ws2_32

WSACleanup

shlwapi

StrChrW

version

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

kernel32

HeapAlloc
GetCurrentProcessId
TerminateProcess
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
GetModuleFileNameW
HeapSize
HeapReAlloc
HeapValidate
SetConsoleCtrlHandler
GetConsoleScreenBufferInfo
SetLastError
GetStdHandle
SetConsoleMode
SetThreadUILanguage
WaitForSingleObject
Sleep
GetConsoleMode
ReadConsoleInputW
HeapSetInformation
FlushConsoleInputBuffer
PeekConsoleInputW
ExitProcess
GetNumberOfConsoleInputEvents
GetFileType
SetConsoleCursorPosition
GetLastError
FormatMessageW
LocalFree
FindStringOrdinal
WideCharToMultiByte
lstrlenW
CompareStringW
GetThreadLocale
CompareStringA
WriteConsoleW
GetConsoleOutputCP
GetProcessHeap
HeapFree
GetCurrentThreadId

msvcrt

wcstoul
_fileno
_get_osfhandle
fprintf
fflush
_XcptFilter
_amsg_exit
__C_specific_handler
__set_app_type
wcstod
_exit
_cexit
__setusermatherr
_initterm
_fmode
_commode
?terminate@@YAXXZ
exit
_memicmp
time
_errno
wcstol
_vsnwprintf
memset
__iob_func
__wgetmainargs

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tpmvscmgr.exe
.exe windows:10 windows x64 arch:x64

5d1992edf5b2b455cdca929f7f8f0847

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

TpmVscMgr.pdb

Imports

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
MakeAbsoluteSD
EventUnregister
EventSetInformation
EventRegister
SystemFunction036
EventWriteTransfer

kernel32

HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
RaiseFailFastException
RaiseException
LocalFree
HeapSetInformation
SetThreadPreferredUILanguages
GetModuleFileNameA
CreateSemaphoreExW

msvcp_win

??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAH@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGD@Z
?setbase@std@@YA?AU?$_Smanip@H@1@H@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?put@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@G@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Xlength_error@std@@YAXPEBD@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?wcout@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
?wcerr@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm_e
_initterm
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

memcpy
_CxxThrowException
__CxxFrameHandler3
__current_exception_context
__current_exception
_o_towupper
__CxxFrameHandler4
__std_terminate
__C_specific_handler
_o___acrt_iob_func
_o___p___argc
_o___p___wargv
_o___p__commode
_o___std_exception_copy
_o___std_exception_destroy
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__fileno
_o__get_initial_wide_environment
_o__getwch
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__setmode
_o__wcsicmp
_o__wtoi
_o_exit
_o_free
_o_iswalpha
_o_iswascii
_o_iswdigit
_o_iswpunct
_o_iswspace
_o_malloc
_o_terminate
memmove

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoInitializeSecurity
CoCreateInstanceEx
StringFromGUID2
CoUninitialize
CoInitializeEx

api-ms-win-core-libraryloader-l1-2-0

LoadStringW

bcrypt

BCryptGenerateSymmetricKey
BCryptGetProperty
BCryptSetProperty
BCryptOpenAlgorithmProvider
BCryptDestroyKey
BCryptEncrypt
BCryptCloseAlgorithmProvider

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
CreateEventW
ResetEvent
SetEvent
EnterCriticalSection

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlNtStatusToDosError

ole32

CoGetObject

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tpmvscmgrsvr.exe
.exe windows:10 windows x64 arch:x64

9d92e4aef9a5ac5b0aa7aa865b7f45ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

TpmVscMgrSvr.pdb

Imports

advapi32

EventActivityIdControl
EventUnregister
EventSetInformation
EventRegister
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW
EventWriteTransfer

kernel32

GetModuleFileNameA
HeapFree
GetModuleHandleExW
GetCurrentThreadId
FormatMessageW
HeapAlloc
GetProcAddress
GetProcessHeap
GetModuleHandleW
DebugBreak
InitializeCriticalSection
GetCommandLineW
SetEvent
DeleteCriticalSection
RaiseException
RaiseFailFastException
OutputDebugStringW
IsDebuggerPresent
Sleep
CloseHandle
WaitForSingleObject
GetLastError
GetModuleFileNameW
LoadLibraryExW
CreateEventW
CreateThread
CreateSemaphoreExW
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
ReleaseSemaphore

user32

PostThreadMessageW
CharNextW
GetMessageW
TranslateMessage
CharUpperW
DispatchMessageW
UnregisterClassA
GetSystemMetrics

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm
_initterm_e
_c_exit

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
__current_exception
__current_exception_context
_CxxThrowException
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_wide_argv
_o__callnewh
_o__configthreadlocale
_o___stdio_common_vswprintf
_o___p__commode
_o___stdio_common_vsnprintf_s
_o__cexit
__C_specific_handler
__std_terminate
__CxxFrameHandler4
__C_specific_handler_noexcept
memcpy
memmove

oleaut32

SysFreeString
SysStringLen
UnRegisterTypeLi
LoadTypeLi
SysAllocString
RegisterTypeLi

api-ms-win-core-com-l1-1-0

CoRevokeClassObject
CoInitializeEx
CoTaskMemFree
CoGetMalloc
CoRegisterClassObject
CoSuspendClassObjects
StringFromGUID2
CoTaskMemAlloc
CoCreateGuid
CoUninitialize
CoCreateInstance
CoResumeClassObjects

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetCurrentProcessId

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary

api-ms-win-core-registry-l1-1-0

RegQueryValueExW

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchRemoveFileSpec

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

api-ms-win-security-base-l1-1-0

CreateWellKnownSid

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-file-l1-1-0

CreateDirectoryW

bcrypt

BCryptGetProperty
BCryptEncrypt
BCryptDestroyKey
BCryptCloseAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptOpenAlgorithmProvider

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-heap-l1-1-0

HeapReAlloc

profapi

ord104

ntdll

RtlNtStatusToDosErrorNoTeb
RtlNtStatusToDosError

setupapi

SetupDiCreateDeviceInfoList
SetupDiSetDevicePropertyW
SetupGetInfDriverStoreLocationW
SetupDiDestroyDeviceInfoList
SetupDiGetDevicePropertyW
SetupDiOpenDeviceInfoW

winscard

SCardEndTransaction
SCardReconnect
SCardBeginTransaction
SCardGetCardTypeProviderNameW
SCardGetStatusChangeW
SCardConnectW
SCardDisconnect
SCardListReadersWithDeviceInstanceIdW
SCardAccessStartedEvent
SCardReleaseStartedEvent
SCardReleaseContext
SCardEstablishContext
SCardListCardsW
SCardFreeMemory
SCardListReadersW

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tracerpt.exe
.exe windows:10 windows x64 arch:x64

ca9a62194910f325e63ea1fc2637b0dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

tracerpt.pdb

Imports

msvcrt

_stricmp
atol
_atoi64
isprint
free
_XcptFilter
strcmp
fprintf
_onexit
wcsncmp
__iob_func
fwprintf
wcsstr
iswspace
wcstoul
__dllonexit
_strnicmp
strtok_s
wprintf
_vsnprintf
wcstombs_s
__C_specific_handler
_purecall
_wsplitpath_s
fgets
vsprintf_s
vfprintf
strncpy_s
_vsnwprintf_s
_vscprintf
strcpy_s
strncmp
_vscwprintf
swprintf_s
fputs
strstr
strchr
strrchr
sprintf_s
malloc
_wmakepath_s
_getmbcp
fgetws
ferror
_errno
_callnewh
wcstok
rewind
_unlock
_lock
_wcsnicmp
?terminate@@YAXXZ
memcpy
wcschr
fclose
__CxxFrameHandler3
memset
_wcslwr
memcmp
_wfsopen
_commode
memmove
_fmode
_initterm
ceil
wcstok_s
_wfopen
qsort
wcsrchr
__setusermatherr
_cexit
_vsnwprintf
_exit
_wcsicmp
exit
__set_app_type
__wgetmainargs
_amsg_exit
wcscmp

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CreateStreamOnHGlobal
CoUninitialize

oleaut32

VarDateFromStr
VariantInit
SysAllocString
VarBstrFromDate
SystemTimeToVariantTime
SysStringLen
SysFreeString
VariantChangeType
VariantClear
VariantTimeToSystemTime

api-ms-win-eventing-tdh-l1-1-0

TdhGetPropertySize
TdhGetProperty
TdhUnloadManifest
TdhEnumerateProviderFieldInformation
TdhFormatProperty
TdhLoadManifest
TdhQueryProviderFieldInformation
TdhGetEventInformation
TdhGetEventMapInformation

ntdll

RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlAnsiCharToUnicodeChar
RtlEqualUnicodeString
RtlCompareString
RtlDeleteCriticalSection
RtlInitializeCriticalSection

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime

api-ms-win-core-localization-l1-2-0

SetThreadPreferredUILanguages
GetFileMUIPath
GetLocaleInfoEx
GetLocaleInfoW
FormatMessageW
GetUserDefaultLocaleName

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalFree
GlobalAlloc

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

ws2_32

WSAAddressToStringW
WSACleanup
WSAStartup
WSAGetLastError

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlCompareMemory
RtlVirtualUnwind
RtlRaiseException

api-ms-win-core-file-l1-1-0

CreateDirectoryW
SetFilePointer
DeleteFileW
GetFileTime
SetEndOfFile
GetFileSize
WriteFile
ReadFile
FindClose
GetTempFileNameW
GetFileType
FindFirstFileW
CreateFileW
FindNextFileW
GetFileAttributesW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-eventing-consumer-l1-1-0

ProcessTrace
CloseTrace
OpenTraceW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetVersionExW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FindResourceExW
LoadLibraryExW
LockResource
FreeLibrary
LoadResource
SizeofResource
GetProcAddress
GetModuleFileNameW
LoadStringW
FreeResource

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
CreateThread

api-ms-win-core-synch-l1-1-0

SetEvent
WaitForSingleObject

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetEnvironmentVariableW
GetCurrentDirectoryW
SearchPathW
GetStdHandle

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileEx

api-ms-win-core-console-l1-1-0

ReadConsoleW
GetConsoleOutputCP
GetConsoleMode
WriteConsoleW
SetConsoleMode

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

xmllite

CreateXmlReader

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

wevtapi

EvtIntCreateLocalLogfile
EvtClose
EvtIntWriteXmlEventToLocalLogfile
EvtIntRenderResourceEventTemplate

pdh

PdhBindInputDataSourceW
PdhComputeCounterStatistics
PdhOpenQueryH
PdhCollectQueryData
PdhAddCounterW
PdhTranslate009CounterW
PdhExpandWildCardPathHW
PdhParseCounterPathW
PdhGetLogFileTypeW
PdhGetDataSourceTimeRangeH
PdhSetQueryTimeRange
PdhCloseLog
PdhCloseQuery
PdhGetRawCounterValue

tdh

TdhLoadManifestFromBinary
TdhGetAllEventsInformation
TdhGetPropertyOffsetAndSize

imagehlp

SymGetLineFromAddr64
SymGetTypeInfo
SymGetOptions
SymEnumTypesByName
SymRegisterCallback64
SymCleanup
SymSetOptions
SymGetSymbolFileW
SymUnloadModule64
SymFromAddr

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo

dbghelp

SymInitializeW
SymSearch
SymLoadModuleExW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage
GetUserDefaultUILanguage

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

Sections

.text
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ttdinject.exe
.exe windows:10 windows x64 arch:x64

fb21581538d05bb18fa62fef3d4fd233

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:16:f0:e9:55:3c:88:5d:0c:09:55:53:46:50:0e:e9:54:2b:e5:5c:f2:7b:97:f8:46:10:5a:c9:db:79:00:3d
Signer

Actual PE Digest

6a:16:f0:e9:55:3c:88:5d:0c:09:55:53:46:50:0e:e9:54:2b:e5:5c:f2:7b:97:f8:46:10:5a:c9:db:79:00:3d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

TTDInject.pdb

Imports

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlUnwindEx
RtlLookupFunctionEntry
RtlGetVersion
NtResumeThread
NtQueryInformationThread
NtSetInformationProcess
RtlPcToFileHeader
NtQueryInformationProcess
NtSuspendThread

kernel32

WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
LoadLibraryW
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
FreeLibrary
DebugBreak
IsDebuggerPresent
CreateFileW
GetCurrentProcess
K32GetModuleFileNameExW
GetModuleHandleExW
ReleaseSemaphore
GetFileSizeEx
SetLastError
HeapFree
MultiByteToWideChar
GetSystemInfo
CreateSemaphoreExW
GetStringTypeW
GetModuleFileNameA
HeapSize
LoadLibraryExW
TerminateProcess
ResumeThread
GetModuleHandleA
Sleep
ReadProcessMemory
CreateRemoteThread
GetExitCodeProcess
WriteProcessMemory
HeapReAlloc
VirtualProtect
VirtualFree
SetEndOfFile
VirtualAlloc
GetProcessId
WriteConsoleW
Thread32Next
Thread32First
OpenProcess
CreateToolhelp32Snapshot
DecodePointer
K32GetModuleInformation
VirtualProtectEx
VirtualAllocEx
CreateProcessW
LCMapStringEx
VirtualFreeEx
VirtualQuery
VirtualQueryEx
CompareStringOrdinal
WideCharToMultiByte
GetModuleFileNameW
OpenThread
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
EncodePointer
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
ExitProcess
ReadFile
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
SetFilePointerEx
GetConsoleMode
ReadConsoleW
FlushFileBuffers
GetConsoleOutputCP
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle

ole32

CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx

advapi32

FreeSid
EventRegister
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
OpenProcessToken
EventWriteTransfer
CheckTokenMembership
RegGetValueW

Sections

.text
Size: 324KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tttracer.exe
.exe windows:10 windows x64 arch:x64

4eb59892137eb841d381713160df8d59

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:ff:78:c1:55:de:de:0a:de:73:53:47:53:62:b4:30:91:01:28:ef:75:27:e3:9b:91:dd:9e:8a:da:8f:8b:e1
Signer

Actual PE Digest

51:ff:78:c1:55:de:de:0a:de:73:53:47:53:62:b4:30:91:01:28:ef:75:27:e3:9b:91:dd:9e:8a:da:8f:8b:e1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

TTTracer.pdb

Imports

ttdrecord

ExecuteTTTracerCommandLine

ntdll

RtlCaptureContext
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwind

kernel32

CreateSemaphoreExW
HeapFree
SetLastError
GetCommandLineW
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
ReadConsoleW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
GetStringTypeW
DebugBreak
IsDebuggerPresent
SizeofResource
HeapSize
SetStdHandle
WriteFile
GetModuleFileNameW
K32GetModuleFileNameExW
HeapReAlloc
SetEnvironmentVariableW
CreateFileW
GetFileAttributesW
WriteConsoleW
GetSystemDirectoryW
GetFileSizeEx
LockResource
GetNativeSystemInfo
LoadResource
FindResourceW
SetFilePointerEx
GetModuleFileNameA
CreateMutexExW
FreeLibrary
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
EncodePointer
RaiseException
FreeEnvironmentStringsW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
ExitProcess
GetStdHandle
GetCommandLineA
LoadLibraryExW
CompareStringW
LCMapStringW
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
ReadFile

ole32

CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree

advapi32

RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
typeperf.exe
.exe windows:10 windows x64 arch:x64

a743030a338435a338d8acb1adc3177a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

typeperf.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm_e
_initterm
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o__wcsicmp
_o__wcsnicmp
_o__wfopen
_o__wfsopen
_o__wmakepath_s
_o__wsplitpath_s
_o_exit
_o_fclose
_o_fgetws
_o_free
_o_malloc
_o_terminate
_o_wcstod
_o_wcstok
_o_wcstok_s
_o_wcstol
__current_exception
__current_exception_context
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vfwprintf
_o__cexit
_o__callnewh
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
_o___acrt_iob_func
wcschr
wcsstr
__C_specific_handler

api-ms-win-core-synch-l1-1-0

SetEvent
EnterCriticalSection
LeaveCriticalSection
CreateMutexW
DeleteCriticalSection
WaitForSingleObject
CreateEventW
InitializeCriticalSection
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapValidate
HeapSetInformation
HeapFree
GetProcessHeap

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-processthreads-l1-1-0

CreateThread
TerminateThread
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-console-l1-1-0

GetConsoleMode
SetConsoleCtrlHandler
WriteConsoleW
GetConsoleOutputCP
ReadConsoleW
SetConsoleMode

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-console-l2-1-0

SetConsoleTextAttribute
GetConsoleScreenBufferInfo

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
GetLocaleInfoW
FormatMessageW

api-ms-win-core-file-l1-1-0

WriteFile
ReadFile
FindFirstFileW
FindNextFileW
CreateFileW
FindClose
GetFileType

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleW
FreeLibrary
LoadStringW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetLocalTime
GetVersionExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-security-base-l1-1-0

CheckTokenMembership
AllocateAndInitializeSid
FreeSid

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

pdh

PdhCloseQuery
PdhAddCounterW
PdhOpenLogW
PdhUpdateLogW
PdhCloseLog
PdhCollectQueryData
PdhGetFormattedCounterArrayW
PdhExpandWildCardPathW
PdhEnumObjectsW
PdhEnumObjectItemsW
PdhOpenQueryW

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tzsync.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

tzsync.pdb

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tzutil.exe
.exe windows:10 windows x64 arch:x64

6a100aac566484fe61639a77112e356a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

tzutil.pdb

Imports

msvcrt

_commode
?terminate@@YAXXZ
_fmode
_wtoi
memcpy
wcschr
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
wprintf
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
_wsetlocale
_wcsicmp
_vsnwprintf
_itow_s
memcmp
memset

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW
WideCharToMultiByte

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenProcessToken
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
WriteConsoleW
GetConsoleMode

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
GetStdHandle

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
LoadResource
FindResourceExW
LoadLibraryExW
FreeLibrary
LockResource
GetModuleHandleW
GetProcAddress

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileType

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoEx
SetThreadPreferredUILanguages

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventRegister
EventUnregister

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemTime
GetSystemDirectoryW
GetVersionExW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection

api-ms-win-core-timezone-l1-1-0

SetDynamicTimeZoneInformation
SystemTimeToFileTime
FileTimeToSystemTime
GetTimeZoneInformation
GetDynamicTimeZoneInformation

api-ms-win-core-timezone-private-l1-1-0

IsTimeZoneRedirectionEnabled

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ucsvc.exe
.exe windows:10 windows x64 arch:x64

0821f78ffa144d098ddda1d0d8a36ee6

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:f0:3b:3a:d1:8e:a6:57:66:28:59:d4:1a:be:a7:7a:24:36:13:61:58:85:5f:c7:9b:41:aa:b4:26:30:a3:82
Signer

Actual PE Digest

59:f0:3b:3a:d1:8e:a6:57:66:28:59:d4:1a:be:a7:7a:24:36:13:61:58:85:5f:c7:9b:41:aa:b4:26:30:a3:82

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ucsvc.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
strncmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsicmp
_o__wtoi
_o_exit
_o_terminate
_o_wcscat_s
__C_specific_handler
__current_exception
__current_exception_context
_o___p__commode
memcpy

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW

api-ms-win-core-registry-l2-1-0

RegEnumKeyW
RegOpenKeyW

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
OpenProcessToken
GetStartupInfoW
GetCurrentProcess

ntdll

NtSetSystemInformation
RtlImageNtHeader
RtlNtStatusToDosError

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
GetModuleHandleW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-localization-l1-2-0

FormatMessageW

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
unlodctr.exe
.exe windows:10 windows x64 arch:x64

62a71cf48f147c3afc11a1137b519507

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

unlodctr.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o__wcsnicmp
_o__wtof
_o_exit
_o_floor
_o_setlocale
_o_terminate
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
_o___stdio_common_vswprintf
_o___p__commode
_o___p___wargv
_o___p___argc

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
GetStdHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage
SetThreadPreferredUILanguages

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc
HeapSetInformation
HeapReAlloc

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadStringW

loadperf

LpAcquireInstallationMutex
UnloadPerfCounterTextStringsW
LpReleaseInstallationMutex

api-ms-win-core-file-l1-1-0

WriteFile
CreateFileW
ReadFile
GetFileType
GetFileSize

api-ms-win-core-console-l1-1-0

WriteConsoleW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegEnumKeyW

api-ms-win-base-util-l1-1-0

IsTextUnicode

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
unregmp2.exe
.exe windows:10 windows x64 arch:x64

c1f39d97b4555756cefac754b60cf093

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

unregmp2.pdb

Imports

advapi32

RegQueryValueExW
RegEnumValueW
OpenServiceW
RegDeleteValueW
ChangeServiceConfigW
QueryServiceConfigW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
ControlService
RegCreateKeyExW
RegDeleteKeyW
OpenSCManagerW
CloseServiceHandle
QueryServiceStatus
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegQueryInfoKeyW

kernel32

CloseHandle
RaiseException
HeapSetInformation
LoadResource
FindResourceW
GetTickCount
RegisterApplicationRestart
DeleteFileW
FindNextFileW
GetShortPathNameW
RemoveDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
lstrcmpW
ExpandEnvironmentStringsW
GetUserDefaultLCID
FindFirstFileExW
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetFileAttributesW
GetFileSize
GetLocalTime
GetWindowsDirectoryA
CreateFileA
GetTempPath2A
SetFilePointer
GetProfileStringW
GetPrivateProfileStringW
WritePrivateProfileStringW
WriteProfileStringW
GetFileTime
GetSystemWindowsDirectoryW
FreeLibrary
GetProcAddress
GetWindowsDirectoryW
LoadLibraryW
FileTimeToSystemTime
GetTimeZoneInformation
GetSystemDefaultLangID
GetVersionExW
GetModuleFileNameW
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LCIDToLocaleName
GetSystemDirectoryW
GetFileAttributesW
CreateFileW
FindClose
CreateHardLinkW
WriteFile
SetLastError
FindFirstFileW
SizeofResource
CreateDirectoryW
GetLastError

user32

LoadStringW

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__exit
_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__itow
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
_o__wtoi
_o__wtol
_o_exit
_o_free
_o_iswalnum
_o_iswalpha
_o_malloc
_o_mbstowcs
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o__crt_atexit
_o__configure_narrow_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___p__commode
wcsrchr
wcsstr
wcschr
memcpy

api-ms-win-crt-string-l1-1-0

memset

ole32

StringFromGUID2
CoInitialize
CoCreateGuid
CoUninitialize
CoCreateInstance
PropVariantClear

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
VariantClear
SysAllocString

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shell32

SHChangeNotify
SHGetMalloc
SHGetSpecialFolderPathW
SHCreateItemFromParsingName
SHSetLocalizedName
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFolderPathW
ShellExecuteW

shlwapi

PathAddBackslashW
PathUnExpandEnvStringsW
PathRemoveBlanksW
PathRemoveFileSpecW
PathAppendW
PathIsDirectoryW
PathAddBackslashA

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
upfc.exe
.exe windows:10 windows x64 arch:x64

0c6b468990a015bdaf464862e338a6cd

Code Sign

33:00:00:03:6c:e5:7e:eb:5d:1c:c2:be:17:00:00:00:00:03:6c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/01/2022, 19:31

Not After

26/01/2023, 19:31

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

81:ee:93:3c:5a:06:d2:0a:dc:fc:0a:2e:89:49:57:f8:20:73:93:f9:4d:7d:6c:c6:9e:a3:03:26:b0:b0:b5:da
Signer

Actual PE Digest

81:ee:93:3c:5a:06:d2:0a:dc:fc:0a:2e:89:49:57:f8:20:73:93:f9:4d:7d:6c:c6:9e:a3:03:26:b0:b0:b5:da

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

upfc.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_errno
_o__set_fmode
_o__set_new_mode
memcpy
_o__wcsicmp
_o__wtol
_o_exit
_o_free
_o_malloc
_o_strncpy_s
_o_strtol
_o_terminate
_o_wcstombs_s
__C_specific_handler
__current_exception
__current_exception_context
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
strchr
__CxxFrameHandler3
_CxxThrowException
_o___std_exception_destroy
_o__callnewh
_o___std_exception_copy
_o__cexit
_o___p__commode
_o___p___wargv
_o___p___argc

api-ms-win-crt-string-l1-1-0

memset
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
FreeLibrary
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
GetModuleHandleExW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateProcessW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

rpcrt4

UuidCreate

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoCreateInstance
CoUninitialize

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
SetWaitableTimer
SetEvent
WaitForSingleObjectEx
CreateEventExW

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW

ntdll

RtlGetPersistedStateLocation
RtlNtStatusToDosError
RtlIsStateSeparationEnabled

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-synch-l1-2-1

CreateWaitableTimerW

api-ms-win-core-path-l1-1-0

PathCchCombine

api-ms-win-core-file-l1-1-0

FindFirstFileW
FindNextFileW
FindClose

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfigW
ChangeServiceConfig2W
QueryServiceConfig2W

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorSacl

api-ms-win-security-provider-l1-1-0

SetSecurityInfo

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrW

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

xmllite

CreateXmlReader

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
upnpcont.exe
.exe windows:10 windows x64 arch:x64

7b81d592e2e0e57ebd2e87234270af60

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

upnpcont.pdb

Imports

msvcrt

_wcmdln
exit
__set_app_type
_fmode
free
_XcptFilter
_initterm
__C_specific_handler
_callnewh
_cexit
?terminate@@YAXXZ
__setusermatherr
_amsg_exit
__wgetmainargs
_exit
_commode
wcscat_s
wcscpy_s
realloc
malloc
_beginthreadex
_wcsicmp
memcpy
memcmp
memset

ntdll

RtlCaptureContext
EtwTraceMessage
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
SizeofResource
LoadResource
FindResourceExW
FreeLibrary
LoadLibraryExW
GetModuleFileNameW

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualProtect
VirtualQuery

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegEnumValueW

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
CreateEventW
SetEvent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject

api-ms-win-core-com-l1-1-0

CoSuspendClassObjects
CoCreateInstance
CoTaskMemFree
CoRegisterClassObject
CoResumeClassObjects
CoInitializeSecurity
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeEx
CoRevokeClassObject
CoUninitialize

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-file-l1-1-0

GetFullPathNameW

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
CreateThread
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
GetStartupInfoW
ExitProcess

api-ms-win-core-string-l2-1-0

CharPrevW
CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemInfo

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapSetInformation

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-obsolete-l1-1-0

lstrcpynW
lstrcmpiW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
UnregisterWait

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
userinit.exe
.exe windows:10 windows x64 arch:x64

dafdfeea533e98f48223b56b19d509d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

userinit.pdb

Imports

ntdll

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry
NtQueryInformationProcess
RtlGetActiveConsoleId

api-ms-win-core-file-l1-1-0

CompareFileTime
GetFileAttributesExW

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentVariableW
ExpandEnvironmentStringsW
SearchPathW
GetEnvironmentVariableW

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegOpenKeyExW
RegGetValueW
RegQueryValueExW
RegCloseKey
RegEnumValueW
RegCreateKeyExW
RegOpenCurrentUser

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
CreateThread
CreateProcessW
ProcessIdToSessionId
GetStartupInfoW
SetThreadPriority
GetCurrentProcessId

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableLevel
UnregisterTraceGuids
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CreateMutexExW
AcquireSRWLockShared
ReleaseMutex
InitializeCriticalSectionEx
ReleaseSemaphore
EnterCriticalSection
CreateEventExW
ReleaseSRWLockShared
ReleaseSRWLockExclusive
CreateSemaphoreExW
CreateEventW
OpenEventW
DeleteCriticalSection
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
ResetEvent
SetEvent
LeaveCriticalSection

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW

logoncli

DsGetDcNameW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSetInformation
HeapFree
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
LoadLibraryExW
LoadStringW
FindStringOrdinal
GetModuleHandleExW
GetModuleFileNameW
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

user32

GetShellWindow
GetWindowThreadProcessId

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm_e
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

__CxxFrameHandler4
__std_terminate
wcsrchr
_o___p__commode
_o___std_exception_copy
_o___std_exception_destroy
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__cexit
_o__configthreadlocale
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_CxxThrowException
memmove
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wtoi
_o_exit
_o_free
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vds.exe
.exe windows:10 windows x64 arch:x64

ec628b5a9b2bf8043ba39cad195b6b8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

vds.pdb

Imports

user32

RegisterDeviceNotificationW
DispatchMessageW
GetMessageW
UnregisterDeviceNotification
DefWindowProcW
PostThreadMessageW
MessageBoxW
LoadStringW
CharNextW
CharPrevW
PeekMessageW

msvcrt

memcmp
_initterm
??1type_info@@UEAA@XZ
??0exception@@QEAA@AEBQEBDH@Z
memcpy
_exit
towupper
??0exception@@QEAA@AEBV0@@Z
memmove
swscanf_s
_onexit
__dllonexit
_XcptFilter
wcsstr
_wtol
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
rand
time
srand
_wcsnicmp
_wcsicmp
_vsnwprintf
_unlock
_amsg_exit
__wgetmainargs
_wcmdln
_ltow
_callnewh
??0exception@@QEAA@AEBQEBD@Z
__set_app_type
__CxxFrameHandler4
??3@YAXPEAX@Z
wcsncmp
_purecall
__C_specific_handler
free
_lock
?terminate@@YAXXZ
malloc
_commode
wcscat_s
realloc
wcscpy_s
_fmode
exit
__setusermatherr
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
memset
_cexit
_CxxThrowException
__CxxFrameHandler3

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
SetEvent
WaitForSingleObject
ReleaseSemaphore
CreateEventW

ntdll

RtlReleaseResource
RtlAcquireResourceShared
RtlDeleteResource
RtlInitializeResource
RtlConvertExclusiveToShared
RtlAdjustPrivilege
NtQueryVolumeInformationFile
RtlConvertSharedToExclusive
RtlAcquireResourceExclusive

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CLSIDFromString
CoRegisterClassObject
CoInitializeSecurity
CoUninitialize
CoTaskMemRealloc
CoCreateGuid
CoTaskMemAlloc
CoCreateInstance
CoImpersonateClient
CoRevertToSelf
StringFromGUID2
CoRevokeClassObject
CoInitializeEx

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSetInformation
HeapAlloc
HeapFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FindResourceExW
SizeofResource
LoadLibraryExW
GetProcAddress
GetModuleFileNameW
LoadResource
FreeLibrary

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegQueryInfoKeyW
RegGetValueW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteTreeW
RegCreateKeyExW
RegCloseKey
RegEnumValueW
RegQueryValueExW
RegSetValueExW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcpynW
lstrlenW

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualProtect
VirtualAlloc
VirtualQuery

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventWriteTransfer
EventRegister

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorLength
DuplicateTokenEx
AdjustTokenPrivileges
MakeAbsoluteSD
IsValidSid
GetLengthSid
AddAccessAllowedAce
FreeSid
MakeSelfRelativeSD

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
CloseServiceHandle
DeleteService
CreateServiceW

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W
SetServiceObjectSecurity
QueryServiceObjectSecurity

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW
ControlService

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
SetServiceStatus

api-ms-win-core-debug-l1-1-0

OutputDebugStringW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW
ResumeThread
GetCurrentProcessId
OpenThreadToken
CreateThread
GetCurrentThread
OpenProcessToken
SetThreadToken
GetCurrentThreadId

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

devobj

DevObjEnumDeviceInterfaces
DevObjDestroyDeviceInfoList
DevObjEnumDeviceInfo
DevObjGetClassDevs
DevObjDeleteDevice
DevObjGetDeviceInterfaceDetail
DevObjCreateDeviceInfoList

api-ms-win-core-file-l1-1-0

DeleteVolumeMountPointW
DefineDosDeviceW
ReadFile
GetFileAttributesW
GetVolumePathNameW
FindVolumeClose
FindNextVolumeW
QueryDosDeviceW
WriteFile
RemoveDirectoryW
CreateFileW
GetDriveTypeW
FindFirstVolumeW
SetFilePointerEx

api-ms-win-core-io-l1-1-0

DeviceIoControl

cfgmgr32

CM_Reenumerate_DevNode_Ex

api-ms-win-core-kernel32-legacy-l1-1-1

SetVolumeMountPointW
FindFirstVolumeMountPointW
FindVolumeMountPointClose
FindNextVolumeMountPointW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-devices-config-l1-1-1

CM_Get_Parent
CM_Query_And_Remove_SubTreeW
CM_Get_DevNode_Status

api-ms-win-core-rtlsupport-l1-1-0

RtlCompareMemory
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

vdsutil

?Initialize@CVdsPnPNotificationBase@@QEAAKXZ
ReleaseRundownProtection
IsRunningOnAMD64
IsClientSKU
?InsertHeadPointer@CRtlList@@QEAAHPEAX@Z
GetInterfaceDetailData
InvalidateDiskCache
??0CVdsWmiVariantObjectArrayEnum@@QEAA@XZ
??1CVdsWmiVariantObjectArrayEnum@@QEAA@XZ
VdsWmiConnectToNamespace
?Attach@CVdsWmiVariantObjectArrayEnum@@QEAAJPEAUtagVARIANT@@@Z
?Next@CVdsWmiVariantObjectArrayEnum@@QEAAJPEAPEAUIWbemClassObject@@@Z
VdsWmiGetByteFromInstance
VdsWmiGetUlongFromInstance
VdsWmiGetObjectFromInstance
VdsWmiCopyFromVariantByteArray
?Detach@CVdsWmiVariantObjectArrayEnum@@QEAAJXZ
?Find@CRtlMap@@QEAAHAEAVCRtlEntry@@PEAV2@@Z
VdsTrace
?Insert@CRtlMap@@QEAAHAEAVCRtlEntry@@0@Z
?FindPtr@CRtlMap@@QEAAHAEAVCRtlEntry@@PEAPEAV2@@Z
?Remove@CRtlMap@@QEAAHAEAVCRtlEntry@@@Z
OpenDevice
GetDeviceName
GetDeviceAndMediaType
GetDiskLayout
GetPartitionInformation
?RegisterHandle@CVdsPnPNotificationBase@@QEAAKPEAXPEAPEAX@Z
?Append@CPrvEnumObject@@QEAAJPEAUIUnknown@@@Z
?Reset@CPrvEnumObject@@UEAAJXZ
IsVdsLoggingEnabled
VdsTraceExW
GuidToString
?InsertUnique@CRtlMap@@QEAAHAEAVCRtlEntry@@0@Z
IsNoAutoMount
IsEfiFirmware
?Clear@CPrvEnumObject@@QEAAXXZ
LockDismountVolume
GetDeviceNumber
IsDriveLetter
?Next@CPrvEnumObject@@UEAAJKPEAPEAUIUnknown@@PEAK@Z
?Skip@CPrvEnumObject@@UEAAJK@Z
?Clone@CPrvEnumObject@@UEAAJPEAPEAUIEnumVdsObject@@@Z
??0CVdsAsyncObjectBase@@QEAA@XZ
??1CVdsAsyncObjectBase@@QEAA@XZ
?SetCompletionStatus@CVdsAsyncObjectBase@@QEAAXJK@Z
?Signal@CVdsAsyncObjectBase@@QEAAXXZ
VdsIscsiIpAddressToString
VdsWmiFindInstanceOfClass
VdsWmiGetUlonglongFromInstance
?QueryStatus@CVdsAsyncObjectBase@@UEAAJPEAJPEAK@Z
VdsIscsiIpsecIdToIpAddress
VdsIscsiCheckEqualIpAddress
VdsIscsiIpAddressToIpsecId
WriteBootCode
CoFreeStringArray
GetFMIFSFormatEx2Routine
GetFMIFSEnableCompressionRoutine
RemoveTempVolumeName
MountVolume
GetFileSystemRecognitionName
GetFMIFSGetDefaultFilesystemRoutine
AssignTempVolumeName
AcquireRundownProtection
GetVolumeDiskExtentInfo
GarbageCollectDriveLetters
LockVolume
DeleteNetworkShare
GetVolumeUniqueId
GetVolumeGuidPathnames
DeleteBcdObjects
VdsIscsiCacheSessionDevices
VdsWmiGetObjectInVariantObjectArray
VdsIscsiGetIpAddressFromInstance
VdsWmiCreateClassInstance
VdsWmiSetUlongInInstance
VdsWmiCreateVariantArray
VdsWmiSetUlonglongInInstance
VdsWmiGetMethodArgumentObject
VdsWmiSetObjectInInstance
VdsWmiCallMethod
?UnregisterHandle@CVdsPnPNotificationBase@@QEAAXPEAX@Z
GetDeviceManufacturerInfo
GetMediaGeometryEx
GetStorageAccessAlignmentProperty
IsDiskClustered
IsDiskReadOnly
IsDiskCurrentStateReadOnly
CreateDeviceInfoSet
GetDeviceId
GetDeviceRegistryPropertyByInfo
VdsAllocateEmptyString
GetDeviceRegistryPropertyByInst
GetDeviceLocationEx
VdsDoesDiskHaveArcPath
GetBootFromDiskNumber
GetDiskOfflineReason
GetDiskRedundancyCount
VdsAllocateString
GetDiskIdentifiers
?WaitImpl@CVdsAsyncObjectBase@@QEAAJPEAJ@Z
IsWinPE
StartReferenceHistory
InitializeRundownProtection
VdsDisableCOMFatalExceptionHandling
UnInitializeGlobalResouce
?Initialize@CGlobalResource@@QEAAJXZ
??0CGlobalResource@@QEAA@XZ
RemoveEventSource
VdsHeapAlloc
AddEventSource
InitializeSecurityDescriptorHelper
LogInfo
LogError
?Remove@CRtlList@@QEAAXAEAVCRtlListIter@@@Z
VdsHeapFree
AllocateAndGetVolumePathName
VdsTraceEx
??0CRtlList@@QEAA@P6AXPEAVCRtlEntry@@@Z@Z
??1CRtlList@@QEAA@XZ
?Begin@CRtlList@@QEAA?AVCRtlListIter@@XZ
?End@CRtlList@@QEAA?AVCRtlListIter@@XZ
?RemoveAll@CRtlList@@QEAAXXZ
?GetEntry@CRtlListIter@@QEAAPEAVCRtlEntry@@XZ
?InsertTailPointer@CRtlList@@QEAAHPEAX@Z
?Uninitialize@CVdsAsyncObjectBase@@SAXXZ
?Uninitialize@CVdsPnPNotificationBase@@QEAAXXZ
?Next@CRtlMapIter@@QEAAAEAV1@XZ
?Next@CRtlListIter@@QEAAAEAV1@XZ
?Prev@CRtlListIter@@QEAAAEAV1@XZ
??0CVdsCallTracer@@QEAA@KPEBD@Z
??1CVdsCallTracer@@QEAA@XZ
??0CRtlMap@@QEAA@KP6AXPEAVCRtlEntry@@@Z1@Z
?Initialize@CVdsAsyncObjectBase@@SAKXZ
?Begin@CRtlMap@@QEAA?AVCRtlMapIter@@XZ
VdsTraceW
?GetEntryPointer@CRtlListIter@@QEAAPEAXXZ
VdsInitializeCriticalSection
?RemoveAll@CRtlMap@@QEAAXH@Z
??1CRtlMap@@UEAA@XZ
StopReferenceHistory
GetVolumeName
WaitForRundownProtectionRelease
??1CGlobalResource@@QEAA@XZ

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

??0?$CVdsCoTaskPtr@G@@QEAA@XZ
??0?$CVdsHandleImpl@$0?0@@QEAA@XZ
??0?$CVdsHandleImpl@$0A@@@QEAA@XZ
??0?$CVdsHeapPtr@D@@QEAA@XZ
??0?$CVdsHeapPtr@G@@QEAA@XZ
??0?$CVdsHeapPtr@J@@QEAA@XZ
??0?$CVdsHeapPtr@UFMIFS_DEF_FS_OUT@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_AUCTION_THREAD_PARAMETER@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEAA@XZ
??0?$CVdsHeapPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??0?$CVdsPtr@D@@QEAA@XZ
??0?$CVdsPtr@G@@QEAA@XZ
??0?$CVdsPtr@J@@QEAA@XZ
??0?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QEAA@XZ
??0?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QEAA@XZ
??0?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEAA@XZ
??0?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAA@XZ
??0?$CVdsPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QEAA@XZ
??0?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??0?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEAA@XZ
??0?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEAA@XZ
??0?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??0CPrvEnumObject@@QEAA@XZ
??0CRtlSharedLock@@QEAA@XZ
??0CVdsCriticalSection@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
??0CVdsPnPNotificationBase@@QEAA@XZ
??0CVdsUnlockIt@@QEAA@AEAJ@Z
??1?$CVdsCoTaskPtr@G@@QEAA@XZ
??1?$CVdsHandleImpl@$0?0@@QEAA@XZ
??1?$CVdsHandleImpl@$0A@@@QEAA@XZ
??1?$CVdsHeapPtr@D@@QEAA@XZ
??1?$CVdsHeapPtr@G@@QEAA@XZ
??1?$CVdsHeapPtr@J@@QEAA@XZ
??1?$CVdsHeapPtr@UFMIFS_DEF_FS_OUT@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_AUCTION_THREAD_PARAMETER@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEAA@XZ
??1?$CVdsHeapPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??1?$CVdsPtr@D@@QEAA@XZ
??1?$CVdsPtr@G@@QEAA@XZ
??1?$CVdsPtr@J@@QEAA@XZ
??1?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QEAA@XZ
??1?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QEAA@XZ
??1?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEAA@XZ
??1?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAA@XZ
??1?$CVdsPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QEAA@XZ
??1?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??1?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEAA@XZ
??1?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEAA@XZ
??1?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEAA@XZ
??1CPrvEnumObject@@QEAA@XZ
??1CRtlSharedLock@@QEAA@XZ
??1CVdsCriticalSection@@QEAA@XZ
??1CVdsPnPNotificationBase@@QEAA@XZ
??1CVdsUnlockIt@@QEAA@XZ
??4?$CVdsHandleImpl@$0?0@@QEAAPEAXPEAX@Z
??4?$CVdsHandleImpl@$0A@@@QEAAPEAXPEAX@Z
??4?$CVdsHeapPtr@D@@QEAAPEADPEAD@Z
??4?$CVdsHeapPtr@G@@QEAAPEAGPEAG@Z
??4?$CVdsHeapPtr@J@@QEAAPEAJPEAJ@Z
??4?$CVdsHeapPtr@UFMIFS_DEF_FS_OUT@@@@QEAAPEAUFMIFS_DEF_FS_OUT@@PEAU1@@Z
??4?$CVdsHeapPtr@U_AUCTION_THREAD_PARAMETER@@@@QEAAPEAU_AUCTION_THREAD_PARAMETER@@PEAU1@@Z
??4?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEAAPEAU_MOUNTMGR_MOUNT_POINT@@PEAU1@@Z
??4?$CVdsHeapPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEAAPEAU_MOUNTMGR_MOUNT_POINTS@@PEAU1@@Z
??4?$CVdsHeapPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEAAPEAU_SHRINK_VOLUME_THREAD_PARAMETER@@PEAU1@@Z
??8?$CVdsHandleImpl@$0?0@@QEBA_NPEAX@Z
??8?$CVdsHandleImpl@$0A@@@QEBA_NPEAX@Z
??8?$CVdsPtr@D@@QEBA_NPEAD@Z
??8?$CVdsPtr@G@@QEBA_NPEAG@Z
??8?$CVdsPtr@J@@QEBA_NPEAJ@Z
??8?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QEBA_NPEAUFMIFS_DEF_FS_OUT@@@Z
??8?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QEBA_NPEAU_AUCTION_THREAD_PARAMETER@@@Z
??8?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEBA_NPEAU_MOUNTMGR_MOUNT_POINT@@@Z
??8?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEBA_NPEAU_MOUNTMGR_MOUNT_POINTS@@@Z
??8?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEBA_NPEAU_SHRINK_VOLUME_THREAD_PARAMETER@@@Z
??9?$CVdsHandleImpl@$0?0@@QEBA_NPEAX@Z
??9?$CVdsPtr@G@@QEBA_NPEAG@Z
??9?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEBA_NPEAU_DRIVE_LAYOUT_INFORMATION_EX@@@Z
??A?$CVdsPtr@J@@QEAAAEAJJ@Z
??A?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QEAAAEAUFMIFS_DEF_FS_OUT@@K@Z
??B?$CVdsHandleImpl@$0?0@@QEAAPEAXXZ
??B?$CVdsHandleImpl@$0A@@@QEAAPEAXXZ
??B?$CVdsPtr@G@@QEBAPEAGXZ
??B?$CVdsPtr@J@@QEBAPEAJXZ
??B?$CVdsPtr@UFMIFS_DEF_FS_OUT@@@@QEBAPEAUFMIFS_DEF_FS_OUT@@XZ
??B?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QEBAPEAU_AUCTION_THREAD_PARAMETER@@XZ
??B?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEBAPEAU_CLEAN_DISK_HANDLER_PARAMETER@@XZ
??B?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QEBAPEAU_FORMAT_VOLUME_THREAD_PARAMETER@@XZ
??B?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEBAPEAU_MOUNTMGR_MOUNT_POINT@@XZ
??B?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEBAPEAU_MOUNTMGR_MOUNT_POINTS@@XZ
??B?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEBAPEAU_SHRINK_VOLUME_THREAD_PARAMETER@@XZ
??C?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QEBAPEAU_AUCTION_THREAD_PARAMETER@@XZ
??C?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEBAPEAU_CLEAN_DISK_HANDLER_PARAMETER@@XZ
??C?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEBAPEAU_DRIVE_LAYOUT_INFORMATION_EX@@XZ
??C?$CVdsPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QEBAPEAU_EXTEND_VOLUME_HANDLER_PARAMETER@@XZ
??C?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QEBAPEAU_FORMAT_VOLUME_THREAD_PARAMETER@@XZ
??C?$CVdsPtr@U_MOUNTMGR_MOUNT_POINT@@@@QEBAPEAU_MOUNTMGR_MOUNT_POINT@@XZ
??C?$CVdsPtr@U_MOUNTMGR_MOUNT_POINTS@@@@QEBAPEAU_MOUNTMGR_MOUNT_POINTS@@XZ
??C?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEBAPEAU_SHRINK_VOLUME_THREAD_PARAMETER@@XZ
??I?$CVdsHandleImpl@$0?0@@QEAAPEAPEAXXZ
??I?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAAPEAPEAU_DRIVE_LAYOUT_INFORMATION_EX@@XZ
??_FCRtlList@@QEAAXXZ
??_FCRtlMap@@QEAAXXZ
?AcquireRead@CRtlSharedLock@@AEAAXXZ
?AcquireWrite@CRtlSharedLock@@AEAAXXZ
?AllowCancel@CVdsAsyncObjectBase@@QEAAXXZ
?Attach@?$CVdsPtr@G@@QEAAXPEAG@Z
?Attach@?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEAAXPEAU_CLEAN_DISK_HANDLER_PARAMETER@@@Z
?Attach@?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAAXPEAU_DRIVE_LAYOUT_INFORMATION_EX@@@Z
?Attach@?$CVdsPtr@U_EXTEND_VOLUME_HANDLER_PARAMETER@@@@QEAAXPEAU_EXTEND_VOLUME_HANDLER_PARAMETER@@@Z
?Attach@?$CVdsPtr@U_FORMAT_VOLUME_THREAD_PARAMETER@@@@QEAAXPEAU_FORMAT_VOLUME_THREAD_PARAMETER@@@Z
?Attach@?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEAAXPEAU_SHRINK_VOLUME_THREAD_PARAMETER@@@Z
?Close@?$CVdsHandleImpl@$0?0@@QEAAXXZ
?CurrentThreadIsWriter@CRtlSharedLock@@QEAAHXZ
?Detach@?$CVdsHandleImpl@$0?0@@QEAAPEAXXZ
?Detach@?$CVdsHandleImpl@$0A@@@QEAAPEAXXZ
?Detach@?$CVdsPtr@G@@QEAAPEAGXZ
?Detach@?$CVdsPtr@U_AUCTION_THREAD_PARAMETER@@@@QEAAPEAU_AUCTION_THREAD_PARAMETER@@XZ
?Detach@?$CVdsPtr@U_CLEAN_DISK_HANDLER_PARAMETER@@@@QEAAPEAU_CLEAN_DISK_HANDLER_PARAMETER@@XZ
?Detach@?$CVdsPtr@U_DRIVE_LAYOUT_INFORMATION_EX@@@@QEAAPEAU_DRIVE_LAYOUT_INFORMATION_EX@@XZ
?Detach@?$CVdsPtr@U_SHRINK_VOLUME_THREAD_PARAMETER@@@@QEAAPEAU_SHRINK_VOLUME_THREAD_PARAMETER@@XZ
?DisallowCancel@CVdsAsyncObjectBase@@QEAAXXZ
?Downgrade@CRtlSharedLock@@AEAAXXZ
?GetOutputType@CVdsAsyncObjectBase@@QEAA?AW4_VDS_ASYNC_OUTPUT_TYPE@@XZ
?IsCancelRequested@CVdsAsyncObjectBase@@QEAAHXZ
?Release@CRtlSharedLock@@AEAAXXZ
?SetOutput@CVdsAsyncObjectBase@@QEAAXU_VDS_ASYNC_OUTPUT@@@Z
?SetOutputType@CVdsAsyncObjectBase@@QEAAXW4_VDS_ASYNC_OUTPUT_TYPE@@@Z
?SetPositionToLast@CPrvEnumObject@@QEAAXXZ
?Upgrade@CRtlSharedLock@@AEAAXXZ
?ZeroAsyncOut@CVdsAsyncObjectBase@@QEAAXXZ
?m_ExtraLogging@CVdsTraceSettings@@QEAAHXZ
?m_NoDebuggerLogging@CVdsTraceSettings@@QEAAHXZ

Sections

.text
Size: 380KB - Virtual size: 378KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vdsldr.exe
.exe windows:10 windows x64 arch:x64

07fbce9e56a20cb36370693ec7a92a93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

vdsldr.pdb

Imports

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
FreeSid

kernel32

FreeLibrary
GetLastError
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
lstrcpynW
VirtualProtect
VirtualAlloc
VirtualQuery
GetSystemInfo
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
CloseHandle
CreateEventW
CreateThread
SetProcessMitigationPolicy
GetCommandLineW
HeapSetInformation
GetCurrentThreadId
lstrcpyW
Sleep
HeapDestroy

user32

GetMessageW
DispatchMessageW
CharNextW
PostThreadMessageW
CharPrevW

msvcrt

?terminate@@YAXXZ
memcmp
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_wcmdln
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_purecall
wcscpy_s
_wcsicmp
realloc
wcscat_s
malloc
free
__C_specific_handler
??3@YAXPEAX@Z
_callnewh
memset

oleaut32

VarUI4FromStr
SysAllocString
LoadTypeLi
RegisterTypeLi
SysStringLen
SysFreeString

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
CoInitializeSecurity
CoRegisterClassObject
CoResumeClassObjects
CoRevokeClassObject
CoUninitialize
CoCreateInstanceEx
CoSuspendClassObjects
CoInitializeEx
CoTaskMemFree

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetStartupInfoW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

vdsutil

IsLocalComputer
VdsTraceEx
VdsDisableCOMFatalExceptionHandling
??1CVdsCallTracer@@QEAA@XZ
??0CVdsCallTracer@@QEAA@KPEBD@Z

Exports

Exports

?m_ExtraLogging@CVdsTraceSettings@@QEAAHXZ
?m_NoDebuggerLogging@CVdsTraceSettings@@QEAAHXZ

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
verclsid.exe
.exe windows:10 windows x64 arch:x64

fa65d753209c7382631265744de49154

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

verclsid.pdb

Imports

kernel32

GetCommandLineW
GetCurrentProcess
TerminateProcess
SetErrorMode
HeapSetInformation
ExitProcess
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
RtlVirtualUnwind
UnhandledExceptionFilter
LoadLibraryExA
DelayLoadFailureHook
GetProcAddress
RtlLookupFunctionEntry
FreeLibrary

msvcrt

_commode
_fmode
_wcmdln
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_snwscanf_s
__C_specific_handler
?terminate@@YAXXZ
memset

ole32

CoCreateInstance
CoUninitialize
IIDFromString
CoInitializeEx

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
verifier.exe
.exe windows:10 windows x64 arch:x64

582e4cda1e57085e083853d375c5f0c6

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b3:fe:59:60:e2:30:16:5a:e5:c0:34:71:e0:47:5c:fb:df:3a:a3:48:ea:e0:9d:e8:7c:7e:b7:e1:ef:ae:b2:18
Signer

Actual PE Digest

b3:fe:59:60:e2:30:16:5a:e5:c0:34:71:e0:47:5c:fb:df:3a:a3:48:ea:e0:9d:e8:7c:7e:b7:e1:ef:ae:b2:18

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

verifier.pdb

Imports

msvcrt

memcmp
wcscat_s
_wfullpath
wcschr
_wcsnicmp
swprintf_s
_wsetlocale
wcsrchr
memmove
wcscpy_s
_ltow_s
_ultow_s
memcpy
_wcsicmp
_XcptFilter
?terminate@@YAXXZ
__wgetmainargs
free
memset
wcsstr
_vsnwprintf
swscanf_s
__set_app_type
_commode
_fmode
wcsnlen
__C_specific_handler
_initterm
__setusermatherr
exit
wcsncmp
wcsncat_s
malloc
wcstok_s
memcpy_s
_cexit
_exit
_amsg_exit
wcscmp

api-ms-win-devices-config-l1-1-1

CM_MapCrToWin32Err
CM_Get_DevNode_PropertyW
CM_Locate_DevNodeW
CM_Get_Device_ID_List_SizeW
CM_Get_Device_ID_ListW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation
EventWriteTransfer

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount
GetVersionExW
GlobalMemoryStatusEx
GetSystemTimeAsFileTime

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileType
WriteFile
GetFileAttributesW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processenvironment-l1-1-0

SetStdHandle
GetStdHandle
SearchPathW
ExpandEnvironmentStringsW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-console-l1-1-0

WriteConsoleW
GetConsoleMode
GetConsoleOutputCP

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

ntdll

RtlCheckRegistryKey
RtlWriteRegistryValue
RtlAllocateHeap
RtlGetPersistedStateLocation
DbgPrint
NtQuerySystemInformation
RtlStringFromGUID
NtClose
NtDelayExecution
RtlTimeToTimeFields
RtlSystemTimeToLocalTime
RtlCreateRegistryKey
RtlEqualUnicodeString
RtlNtStatusToDosError
RtlAppendUnicodeToString
RtlQueryRegistryValuesEx
RtlDeleteRegistryValue
RtlCreateUnicodeString
RtlRandomEx
RtlCopyUnicodeString
RtlUnicodeStringToInteger
RtlTestBit
RtlInitUnicodeString
NtSetSystemInformation
NtQueryInformationToken
NtOpenProcessToken
NtAdjustPrivilegesToken
RtlSetAllBits
RtlSetBit
RtlInitializeBitMap
RtlCompareUnicodeString
RtlFreeUnicodeString
RtlFreeHeap

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-security-lsalookup-ansi-l2-1-0

LookupPrivilegeValueA

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
OpenProcessToken
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetKeySecurity
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoW
GetLocaleInfoEx

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
LoadResource
FindResourceExW
GetModuleFileNameW
LoadLibraryExW
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage
GetUserDefaultUILanguage

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-service-management-l1-1-0

OpenSCManagerW
StartServiceW
OpenServiceW
CloseServiceHandle

api-ms-win-service-winsvc-l1-1-0

ControlService
QueryServiceStatus

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
verifiergui.exe
.exe windows:10 windows x64 arch:x64

16c3da57a09bb7ff1dcf56e558e48099

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

verifiergui.pdb

Imports

msvcrt

_wcsnicmp
wcstok_s
__iob_func
_CxxThrowException
__RTDynamicCast
memcmp
memcpy
memset
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
wprintf
fputws
free
malloc
wcstoul
_putws
printf
puts
fclose
_wfopen
_wtoi
_wcsicmp
exit
_wsetlocale
__argc
__wargv
fflush
_wcsdup
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
__CxxFrameHandler4
wcsncat_s
wcscmp

ntdll

RtlLookupFunctionEntry
RtlGetPersistedStateLocation
RtlInitializeBitMap
RtlCreateUnicodeString
RtlSetBit
RtlFreeUnicodeString
RtlSetAllBits
RtlTestBit
RtlCheckRegistryKey
RtlCreateRegistryKey
RtlVirtualUnwind
RtlWriteRegistryValue
RtlDeleteRegistryValue
RtlAllocateHeap
RtlFreeHeap
RtlEqualUnicodeString
RtlCopyUnicodeString
RtlCaptureContext
NtSetSystemInformation
NtQuerySystemInformation
RtlInitUnicodeString
RtlQueryRegistryValuesEx

user32

GetClientRect
SendMessageW
GetSysColor
SetTimer
RedrawWindow
PostMessageW
PeekMessageW
TranslateMessage
DispatchMessageW
LoadStringW
LoadIconW
GetWindowRect
EnableWindow
MsgWaitForMultipleObjects
OffsetRect
DrawIcon
GetSystemMetrics
IsIconic
AppendMenuW
GetSystemMenu
GetSysColorBrush

shell32

ShellAboutW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

comdlg32

CommDlgExtendedError

wintrust

CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash

crypt32

CertFreeCertificateContext

imagehlp

ImageDirectoryEntryToDataEx
ImageUnload
ImageLoad

advapi32

AdjustTokenPrivileges
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
EventWriteTransfer
RegDeleteValueW
OpenProcessToken
LookupPrivilegeValueW
EventSetInformation
EventRegister
EventUnregister
RegCreateKeyExW

kernel32

ExpandEnvironmentStringsW
Sleep
FreeConsole
SetThreadPreferredUILanguages
GetConsoleOutputCP
HeapSetInformation
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
GetProcAddress
HeapAlloc
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
CreateEventW
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CloseThreadpoolTimer
OutputDebugStringW
ReleaseSRWLockExclusive
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
LeaveCriticalSection
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
ResetEvent
CreateThread
SetEvent
GetWindowsDirectoryW
GetCurrentDirectoryW
GlobalMemoryStatusEx
CreateFileW
WideCharToMultiByte
GetLocalTime
GetDateFormatW
GetTimeFormatW
lstrcmpiA
MultiByteToWideChar
SetCurrentDirectoryW
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
DeviceIoControl
CloseHandle

mfc42u

ord3830
ord6767
ord2661
ord2371
ord2328
ord3396
ord2923
ord2393
ord852
ord372
ord2518
ord3598
ord6021
ord6050
ord2094
ord1471
ord6632
ord3001
ord6263
ord1498
ord3867
ord996
ord4599
ord337
ord4557
ord1771
ord3761
ord5702
ord5245
ord4721
ord567
ord1005
ord1906
ord549
ord999
ord4582
ord5934
ord6223
ord286
ord1574
ord1499
ord6351
ord1124
ord4436
ord1287
ord6222
ord624
ord4521
ord2784
ord938
ord6542
ord443
ord5980
ord1123
ord3829
ord6171
ord867
ord2422
ord2023
ord4542
ord2589
ord4743
ord3751
ord832
ord3437
ord559
ord1003
ord1365
ord1441
ord1463
ord4583
ord3177
ord6102
ord4623
ord5082
ord2903
ord5470
ord525
ord984
ord3870
ord4779
ord2059
ord4787
ord5710
ord2532
ord1698
ord3774
ord2379
ord2324
ord2384
ord1584
ord5724
ord4598
ord5039
ord659
ord1063
ord626
ord1040
ord1430
ord3916
ord4770
ord4983
ord4371
ord3164
ord4077
ord4083
ord4082
ord3046
ord3166
ord3052
ord3366
ord3231
ord4815
ord3362
ord3243
ord3049
ord6053
ord5711
ord5730
ord5065
ord4368
ord2752
ord622
ord5722
ord3468
ord2412
ord5615
ord1388
ord4191
ord6071
ord2515
ord2559
ord4836
ord6813
ord6440
ord4365
ord1778
ord4752
ord5663
ord2399
ord5586
ord6812
ord4694
ord5712
ord4017
ord5229
ord4789
ord2670
ord2060
ord6814
ord3933
ord5484
ord1736
ord5683
ord2457
ord2140
ord5699
ord3535
ord4988
ord3894
ord1067
ord665
ord1035
ord2586
ord4741
ord3743
ord822
ord2593
ord4747
ord3501
ord3806
ord912
ord2329
ord4473
ord2975
ord5887
ord1122
ord6614
ord6393
ord5382
ord5077
ord5584
ord4771
ord5227
ord5709
ord1777
ord6437
ord2517
ord5406
ord5246
ord4722
ord5687
ord4699
ord5352
ord5114
ord5585
ord627
ord1041
ord1286
ord6880
ord2781
ord1261
ord1263
ord1284
ord620
ord6544
ord2629
ord6224
ord621
ord6225
ord1126
ord6705
ord6708

Sections

.text
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vfpctrl.exe
.exe windows:10 windows x64 arch:x64

6aa6298282fe48285bc918ebe7222703

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

vfpctrl.pdb

Imports

api-ms-win-crt-time-l1-1-0

_time64
clock

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vfprintf
_o___stdio_common_vfwprintf
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__gmtime64_s
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_exe
_o__set_fmode
_o__set_new_mode
memcpy
_o__wasctime_s
_o__wcsicmp
_o__wcsnicmp
_o__wcstoi64
_o__wcstoui64
_o__wfopen_s
_o__wtoi
_o_exit
_o_fclose
_o_fgetws
_o_fread
_o_fseek
_o_ftell
_o_fwrite
_o_malloc
_o_terminate
_o_wcscpy_s
_o_wcstok_s
_o_wcstol
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
_o___p__commode
_o___p___wargv
_o___p___argc
_o___acrt_iob_func
wcsrchr
wcschr
_o__set_app_type

api-ms-win-crt-string-l1-1-0

memset

vfpapi

VfcInitializeDescriptor
VfcPreserveVlan
VfcGetLayerMetadataValue
VfcReplaceGroupAndRules
VfcEnablePort
VfcProcessTuples
VmsEnumeratePort
VfcSetGroupCondition
VfcDeregisterEvent
VfcRemoveAllObject
VfcGetInformation
VfcNatEventAsync
VfcOpenDevice
VfcDeserializeObjectsOnSwitch
VfcWithdrawNatRange
VfcSetDirectInterfaceMode
VfcRemoveObject
VfcSetTraceFilteringState
VfcInterceptEventEx
MaskAddress
VfcListLayerMetadataValues
VfcListLayerActivePings
VfcAddObjectSet
VfcForceAddObjectSet
VfcListObject
VfcDeserializeObjectsGlobal
VfcInterceptEventEx2
VfcUnblockPort
VfcCleanNatRangeFlows
VfcClearLayerActivePings
VfcDisablePort
VfcPrepareForUninstall
VfcSetPktMonState
VfcDeserializeObjectsOnPort
VfcInjectPacketEx
VfcBlockLayerCreation
VfcBlockPortOnRestore
VfcReplaceLayerFlowTableAddress
VfcMatchTupleAtLayer
VfcEnablePingResponder
VfcReleaseList
VmsSendDeviceIoControl
VfcRemoveMappingEx
VfcUnblockPortOnRestore
VfcRemoveNatRange
VfcSetLayerMetadataValue
VfcSetGroupOption
VfcMonitoringPing
VfcMappingEvent
VfcDeleteLayerMetadataKey
VfcDePreserveVlan
VfcUnblockLayerCreation
VfcSampleFlowState
VfcDepositNatRange
VfcListLayerMetadataKeys
VfcRemoveMapping
VfcReplaceObjectSet
VfcSetGlobalGftMultiTenancy
VfcSetInformation
VfcSetHeuristicTimerUpdates
VfcNatEvent
VfcSerializeObjectsOnPort
VfcSerializeObjectsGlobal
VfcInterceptEventEx3
VfcDisablePingResponder
VfcInjectPacket
VfcSetPortTraceFilters
VmsSendFilterIoControlEx
VfcDeregisterEventEx
VfcPersistHostState
VfcAddObject
VfcSerializeObjectsOnSwitch
VfcBlockPort

ntdll

RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlCompareMemory
RtlGetVersion
RtlTimeToTimeFields

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

CreateEventA

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

ws2_32

WSAStartup
WSAAddressToStringW
GetHostNameW
FreeAddrInfoW
WSACleanup
GetAddrInfoW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-localization-l1-2-0

FormatMessageW

Sections

.text
Size: 252KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vmcompute.exe
.exe windows:10 windows x64 arch:x64

e5ee0f98f6e5b7709e392e01293e9349

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

16:9e:ad:08:3c:8f:d0:34:61:0a:8c:aa:c1:63:c3:b0:a3:36:a1:4f:6c:21:47:42:37:75:72:da:f4:54:a7:a7
Signer

Actual PE Digest

16:9e:ad:08:3c:8f:d0:34:61:0a:8c:aa:c1:63:c3:b0:a3:36:a1:4f:6c:21:47:42:37:75:72:da:f4:54:a7:a7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

vmcompute.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__stricmp
_o__wcsdup
_o__wcsicmp
_o__wcsnicmp
_o__wcstoui64
_o__wtof
_o__wtoi64
_o_abort
_o_calloc
_o_ceilf
_o_exit
_o_free
memmove
_o_isalpha
_o_isdigit
_o_ispunct
_o_iswalpha
_o_iswspace
_o_iswxdigit
_o_malloc
_o_rand_s
_o_realloc
_o_setlocale
_o_sqrt
_o_terminate
_o_toupper
_o_towupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstod
_o_wcstoll
_o_wcstoul
_o_wcstoull
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__exit
_o__malloc_base
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__calloc_base
_o__callnewh
_o__aligned_malloc
_o__aligned_free
strchr
wcschr
__AdjustPointer
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o__isctype
_o__invalid_parameter_noinfo_noreturn
_o__free_base
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o___std_type_info_name
_o___std_exception_destroy
_o___std_exception_copy
_o___pctype_func
_o___p__commode
_o___p___wargv
_o___p___argc
_o__get_initial_wide_environment
_o____mb_cur_max_func
_o____lc_locale_name_func
_o____lc_collate_cp_func
_o____lc_codepage_func
__std_terminate
__C_specific_handler
__CxxFrameHandler4
__RTDynamicCast
_local_unwind
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

strcmp
__isascii
wcsncmp
memset
wcsnlen

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
DuplicateTokenEx
InitializeSid
GetSidLengthRequired
GetSidSubAuthority
InitializeAcl
InitializeSecurityDescriptor
CreateRestrictedToken
ImpersonateLoggedOnUser
RevertToSelf
GetSecurityDescriptorControl
CopySid
SetSecurityDescriptorDacl
GetTokenInformation
AllocateLocallyUniqueId
MakeAbsoluteSD
GetLengthSid
SetSecurityDescriptorOwner
ImpersonateSelf
CheckTokenMembership
AccessCheck
GetAce
CreatePrivateObjectSecurityWithMultipleInheritance
IsValidSid
SetPrivateObjectSecurityEx
AddAccessAllowedAce
GetSecurityDescriptorDacl
CreateWellKnownSid
DuplicateToken
MakeSelfRelativeSD
SetSecurityDescriptorGroup
GetSecurityDescriptorLength
DestroyPrivateObjectSecurity
IsValidSecurityDescriptor
FreeSid

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FindResourceExW
LoadLibraryExW
LoadStringW
LockResource
GetProcAddress
GetModuleFileNameW
GetModuleHandleExW
LoadResource
GetModuleHandleW
FreeLibrary

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
InitializeCriticalSectionEx
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
DeleteCriticalSection
AcquireSRWLockShared
LeaveCriticalSection
CreateMutexExW
ReleaseSemaphore
ReleaseMutex
EnterCriticalSection
TryAcquireSRWLockExclusive
ResetEvent
CreateSemaphoreExW
InitializeSRWLock
ReleaseSRWLockShared
CreateEventExW
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SetEvent

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
WakeConditionVariable
WakeByAddressSingle
InitializeConditionVariable
WakeByAddressAll
SleepConditionVariableCS
SleepConditionVariableSRW
WaitOnAddress
InitOnceComplete
WakeAllConditionVariable
InitOnceExecuteOnce

api-ms-win-core-heap-l1-1-0

HeapSetInformation
GetProcessHeap
HeapFree
HeapSize
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetExitCodeProcess
GetProcessId
CreateProcessAsUserW
TerminateProcess
GetCurrentProcess
SetThreadToken
CreateThread
ResumeThread
GetCurrentProcessId
GetCurrentThread
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsGetValue
OpenThreadToken
UpdateProcThreadAttribute
OpenProcessToken
InitializeProcThreadAttributeList
TlsFree

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-service-management-l1-1-0

CreateServiceW
DeleteService
CloseServiceHandle
OpenSCManagerW
OpenServiceW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlCaptureContext
RtlCaptureStackBackTrace

ntdll

NtQueryInformationJobObject
NtDelayExecution
RtlInitUnicodeString
RtlImpersonateSelf
NtAdjustPrivilegesToken
NtOpenJobObject
NtSystemDebugControl
NtCreateEvent
NtCreateNamedPipeFile
NtOpenFile
RtlConvertDeviceFamilyInfoToString
RtlQueryRegistryValuesEx
RtlDosPathNameToNtPathName_U_WithStatus
RtlFreeUnicodeString
NtOpenSymbolicLinkObject
NtSetInformationJobObject
NtQuerySymbolicLinkObject
RtlUpcaseUnicodeChar
RtlRunOnceComplete
RtlRunOnceBeginInitialize
RtlFindNextForwardRunClear
RtlNumberOfSetBits
RtlInitializeSRWLock
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
NtSetInformationThread
RtlUTF8ToUnicodeN
TpStartAsyncIoOperation
TpCancelAsyncIoOperation
NtOpenThreadToken
NtCreateJobObject
NtSetInformationSymbolicLink
NtTerminateJobObject
NtCreateSymbolicLinkObject
NtMakeTemporaryObject
NtQueryObject
NtQueryInformationProcess
NtMakePermanentObject
NtCreateDirectoryObject
NtFsControlFile
NtCreateFile
NtOpenPartition
NtCreatePartition
NtManagePartition
RtlCompareMemory
RtlReleasePrivilege
RtlDosPathNameToRelativeNtPathName_U_WithStatus
RtlAcquirePrivilege
NtDeviceIoControlFile
RtlNtStatusToDosError
NtQueryVolumeInformationFile
RtlInitializeBitMapEx
RtlNumberOfSetBitsEx
NtQuerySystemInformationEx
RtlAllocateHeap
NtClose
RtlFreeHeap
NtQuerySystemInformation
NtWaitForSingleObject
RtlDosPathNameToNtPathName_U
NtResetEvent
LdrGetProcedureAddress
LdrGetDllHandle
RtlCreateUserThread
NtSetEvent
RtlUnicodeToUTF8N
TpWaitForIoCompletion
TpAllocIoCompletion
NtOpenProcess
TpReleaseIoCompletion
NtQueryInformationFile

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoInitializeSecurity
CoDisableCallCancellation
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoRevertToSelf
CoDisconnectObject
CoUninitialize
CoEnableCallCancellation
CoTaskMemFree
CoTaskMemAlloc
CoCancelCall

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventWrite
EventActivityIdControl
EventUnregister
EventEnabled
EventWriteEx
EventRegister
EventSetInformation

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegQueryValueExW
RegDeleteValueW
RegEnumKeyExW
RegDeleteTreeW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegGetValueW
RegSetValueExW
RegCloseKey

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy
IsProcessorFeaturePresent
OpenProcess
GetProcessMitigationPolicy

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolThreadMaximum
CreateThreadpoolIo
CloseThreadpoolIo
StartThreadpoolIo
CancelThreadpoolIo
CloseThreadpool
CallbackMayRunLong
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolTimer
SetThreadpoolWait
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
WaitForThreadpoolIoCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
TrySubmitThreadpoolCallback
WaitForThreadpoolTimerCallbacks

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalFree
LocalAlloc

api-ms-win-core-localization-l1-2-0

LCMapStringEx
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-security-provider-l1-1-0

SetSecurityInfo
GetSecurityInfo
SetEntriesInAclW

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W

api-ms-win-core-psapi-l1-1-0

K32GetModuleInformation

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsUNCServerShareW
PathIsUNCServerW
PathIsRelativeW
PathSkipRootW
PathFindExtensionW
PathFileExistsW
PathRemoveFileSpecW

api-ms-win-core-sysinfo-l1-1-0

GetLogicalProcessorInformationEx
GetTickCount
GetSystemTimeAsFileTime
GetVersionExW
GetTickCount64
GetWindowsDirectoryW
GetSystemInfo
GetSystemDirectoryW

rpcrt4

UuidFromStringW
RpcServerUnregisterIf
UuidCreate
UuidCompare
NdrClientCall3
NdrServerCallAll
RpcExceptionFilter
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcStringFreeW
RpcBindingVectorFree
RpcServerUseProtseqW
NdrServerCall2
RpcServerRegisterIf3
RpcRevertToSelfEx
RpcEpUnregister
RpcImpersonateClient2
RpcEpRegisterW
RpcServerInqCallAttributesW
RpcServerInqBindings
RpcBindingFree

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InterlockedPopEntrySList
InterlockedPushEntrySList
InitializeSListHead

vmsif

VmsIfPortSetSecurityInfo
VmsIfPortCreate
VmsIfPortDelete
VmsIfDriverOpen
VmsIfDriverClose
VmsIfSwitchEnumerate
VmsIfMemFree

netsetupapi

NetSetupGetObjectProperties
NetSetupFreeObjectProperties
NetSetupFreeObjects
NetSetupInitialize
NetSetupClose
NetSetupGetObjects

combase

ord139
ord168

hvsocket

GetHvSocketLocalAddress
GetHvSocketParentAddress

api-ms-win-crt-locale-l1-1-0

_unlock_locales
_lock_locales

api-ms-win-core-timezone-l1-1-0

GetDynamicTimeZoneInformation
SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime
GetSystemFirmwareTable

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-file-l1-1-0

FindVolumeClose
FindFirstVolumeW
SetFileAttributesW
FindNextVolumeW
GetFileType
GetVolumePathNameW
GetFinalPathNameByHandleW
SetFileTime
QueryDosDeviceW
RemoveDirectoryW
FlushFileBuffers
LockFileEx
SetFilePointerEx
UnlockFileEx
SetEndOfFile
WriteFile
GetFileSizeEx
GetFileTime
ReadFile
SetFileInformationByHandle
CompareFileTime
GetDiskFreeSpaceW
GetFileAttributesW
CreateDirectoryW
DeleteFileW
CreateFileW

api-ms-win-core-io-l1-1-0

GetOverlappedResult
CancelIoEx
DeviceIoControl

api-ms-win-core-path-l1-1-0

PathCchCombineEx
PathCchAddBackslash
PathCchSkipRoot
PathAllocCombine

bcrypt

BCryptHashData
BCryptCreateHash
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptDestroyHash

iphlpapi

GetJobCompartmentId
SetJobCompartmentId

api-ms-win-devices-config-l1-1-1

CM_Open_DevNode_Key
CM_Unregister_Notification
CM_Get_DevNode_Registry_PropertyW
CM_Get_Device_ID_ListW
CM_Locate_DevNodeW
CM_MapCrToWin32Err
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW
CM_Register_Notification
CM_Get_Device_ID_List_SizeW

xmllite

CreateXmlWriterOutputWithEncodingName
CreateXmlReaderInputWithEncodingName
CreateXmlWriter
CreateXmlReader

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
ExpandEnvironmentStringsW
SearchPathW

mpr

WNetGetResourceInformationW

api-ms-win-core-job-l2-1-0

QueryInformationJobObject
CreateJobObjectW
SetInformationJobObject

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx
CopyFile2

api-ms-win-core-debug-minidump-l1-1-0

MiniDumpWriteDump

api-ms-win-core-file-l1-2-0

CreateFile2
GetTempPathW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringEx
CompareStringOrdinal
WideCharToMultiByte
GetStringTypeW

oleaut32

VariantCopy
SafeArrayCreateVectorEx
SysAllocStringLen
SafeArrayCreateVector
SafeArrayPutElement
VariantChangeType
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetVartype
SafeArrayCopy
SysAllocStringByteLen
SafeArrayUnaccessData
VariantInit
SysStringByteLen
VariantClear
SysAllocString
SysFreeString
SafeArrayAccessData

api-ms-win-security-systemfunctions-l1-1-0

SystemFunction036

api-ms-win-core-namedpipe-l1-1-0

CreateNamedPipeW

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-eventing-tdh-l1-1-0

TdhGetManifestEventInformation

api-ms-win-core-sysinfo-l1-2-1

DnsHostnameToComputerNameExW

cfgmgr32

CM_Enumerate_Classes

api-ms-win-security-lsapolicy-l1-1-0

LsaAddAccountRights
LsaOpenPolicy
LsaClose

api-ms-win-security-lsalookup-l2-1-1

LsaManageSidNameMapping

userenv

DeleteAppContainerProfile

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

api-ms-win-core-systemtopology-l1-1-0

GetNumaHighestNodeNumber

api-ms-win-core-kernel32-legacy-l1-1-1

GetNumaAvailableMemoryNodeEx
GetNumaProcessorNodeEx

api-ms-win-core-systemtopology-l1-1-1

GetNumaProximityNodeEx

api-ms-win-core-featurestaging-l1-1-0

SubscribeFeatureStateChangeNotification
UnsubscribeFeatureStateChangeNotification
GetFeatureEnabledState
RecordFeatureUsage

fltlib

FilterConnectCommunicationPort
FilterSendMessage

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
SetFileCompletionNotificationModes

api-ms-win-core-perfcounters-l1-1-0

PerfCreateInstance
PerfSetULongCounterValue
PerfDeleteInstance
PerfSetCounterSetInfo
PerfStartProvider
PerfSetULongLongCounterValue
PerfStopProvider

ws2_32

WSASend
shutdown
listen
WSASocketW
closesocket
WSAIoctl
WSAStartup
WSARecv
htons
WSAGetLastError
bind
WSACleanup
inet_pton
setsockopt

api-ms-win-core-libraryloader-l2-1-0

QueryOptionalDelayLoadedAPI

api-ms-win-core-io-l1-1-1

GetOverlappedResultEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

profapi

ord101
ord106
ord105
ord102

api-ms-win-security-logon-l1-1-1

LogonUserW

api-ms-win-core-console-l1-2-1

ResizePseudoConsole
ClosePseudoConsole

api-ms-win-core-console-internal-l1-1-0

CreatePseudoConsoleAsUser

sspicli

LogonUserExExW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

ORCloseHive
ORCloseKey
ORCreateHive
ORCreateHiveEx
ORCreateKey
ORDeleteKey
ORDeleteValue
OREnumKey
OREnumValue
ORFlushHive
ORGetKeySecurity
ORGetValue
ORGetVirtualFlags
OROpenHive
OROpenHiveByHandle
OROpenKey
ORQueryInfoKey
ORQueryInfoKeyEx
ORQueryInfoKeyValueEx
ORRenameKey
ORSaveHive
ORSaveHiveEx
ORSaveHiveToHandle
ORSetKeySecurity
ORSetValue
ORSetVirtualFlags

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGECMRC
Size: 4KB - Virtual size: 130B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 848KB - Virtual size: 844KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vmwp.exe
.exe windows:10 windows x64 arch:x64

39c529ce40c6d6577d9511ad86038227

Code Sign

33:00:00:04:70:69:f2:ac:06:49:04:ec:1c:00:00:00:00:04:70
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/02/2024, 19:22

Not After

07/02/2025, 19:22

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:e4:48:c8:46:49:c0:8c:d0:fa:f5:1a:7e:60:15:3b:16:15:89:7d:bc:65:de:f9:ce:55:4b:eb:0d:0a:9b:62
Signer

Actual PE Digest

19:e4:48:c8:46:49:c0:8c:d0:fa:f5:1a:7e:60:15:3b:16:15:89:7d:bc:65:de:f9:ce:55:4b:eb:0d:0a:9b:62

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

vmwp.pdb

Imports

api-ms-win-crt-locale-l1-1-0

_lock_locales
_unlock_locales

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__stricmp
_o__ultow_s
_o__wcsdup
_o__wcsicmp
_o__wcstoui64
_o__wtof
_o__wtoi64
_o_abort
_o_calloc
_o_ceilf
_o_exit
_o_free
_o_frexp
_o_isalnum
_o_isdigit
_o_ispunct
_o_iswalpha
_o_iswascii
_o_iswspace
_o_iswxdigit
_o_localeconv
_o_malloc
_o_pow
_o_round
_o_setlocale
_o_terminate
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstod
_o_wcstok_s
_o_wcstoll
_o_wcstoull
__current_exception
__AdjustPointer
__CxxFrameHandler3
__current_exception_context
_CxxThrowException
_o__isctype
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o__get_initial_wide_environment
__RTtypeid
wcsstr
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__calloc_base
_o__callnewh
_o__beginthreadex
__uncaught_exception
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_name
_o___std_exception_destroy
_o___std_exception_copy
_o___pctype_func
_o___p__commode
_o___p___wargv
_o___p___argc
_o____mb_cur_max_func
_o____lc_locale_name_func
_o____lc_codepage_func
__std_terminate
__C_specific_handler
__CxxFrameHandler4
__RTDynamicCast
memcmp
memcpy
memmove

api-ms-win-crt-string-l1-1-0

wcscmp
strcmp
wcsncmp
wcsnlen
strcspn
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
FreeLibrary
GetProcAddress
SizeofResource
FindResourceExW
LoadResource
LockResource
GetModuleFileNameW
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

WaitForMultipleObjectsEx
CreateSemaphoreExW
InitializeSRWLock
EnterCriticalSection
InitializeCriticalSection
CreateEventExW
ReleaseSemaphore
TryAcquireSRWLockExclusive
WaitForSingleObject
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
InitializeCriticalSectionEx
ResetEvent
ReleaseSRWLockShared
LeaveCriticalSection
CreateMutexExW
AcquireSRWLockShared
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSetInformation
HeapAlloc
HeapSize
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegGetValueW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyExW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimerEx
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolIo
CreateThreadpoolTimer
CreateThreadpoolIo
SubmitThreadpoolWork
SetThreadpoolTimer
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CreateThreadpoolWork
StartThreadpoolIo
CloseThreadpoolTimer
CloseThreadpoolWork
SetThreadpoolThreadMaximum
CancelThreadpoolIo
WaitForThreadpoolTimerCallbacks
CreateThreadpool
TrySubmitThreadpoolCallback
CloseThreadpool

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
QueueUserAPC
GetExitCodeThread
SetThreadPriorityBoost
OpenProcessToken
TerminateProcess
SetThreadPriority
CreateThread
GetCurrentProcess
ResumeThread
ExitProcess
GetCurrentThreadId
GetCurrentThread

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlCaptureStackBackTrace
RtlPcToFileHeader
RtlVirtualUnwind

api-ms-win-core-localization-l1-2-0

FormatMessageW
LCMapStringEx

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy
GetProcessMitigationPolicy
OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemAlloc
CoInitializeSecurity
CoAddRefServerProcess
CoUninitialize
CoReleaseServerProcess
CoInitializeEx
CoRegisterClassObject
StringFromCLSID
CoResumeClassObjects
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoSuspendClassObjects
CoRevokeClassObject
CoDisconnectObject

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventActivityIdControl
EventEnabled
EventWrite
EventRegister
EventSetInformation
EventUnregister
EventWriteEx

api-ms-win-core-psapi-l1-1-0

K32GetModuleInformation

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SignalObjectAndWait
WakeConditionVariable
WakeByAddressAll
WaitOnAddress
SleepConditionVariableCS
InitOnceComplete
SleepConditionVariableSRW
InitOnceExecuteOnce
InitOnceBeginInitialize
Sleep
InitializeConditionVariable

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetTickCount
GetTickCount64
GetSystemTimeAsFileTime
GetVersionExW
GetSystemDirectoryW
GetLogicalProcessorInformationEx
GetComputerNameExW
GlobalMemoryStatusEx
GetSystemInfo

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
LocalReAlloc

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-base-l1-1-0

CopySid
GetLengthSid
GetTokenInformation
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
MakeAbsoluteSD
SetSecurityDescriptorDacl
GetSecurityDescriptorLength
MakeSelfRelativeSD

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList

vmprox

SetVmErrInfo
IsErrorReported
GetVmErrInfo

xmllite

CreateXmlWriter
CreateXmlReader
CreateXmlWriterOutputWithEncodingName
CreateXmlReaderInputWithEncodingName

ntdll

RtlNumberOfSetBitsEx
RtlDosPathNameToRelativeNtPathName_U_WithStatus
RtlAllocateHeap
RtlDosPathNameToNtPathName_U_WithStatus
RtlAreBitsClearEx
RtlFreeUnicodeString
RtlClearBitEx
RtlTestBitEx
RtlClearBitsEx
RtlNtStatusToDosError
RtlClearAllBitsEx
RtlSetAllBitsEx
RtlInitializeBitMapEx
NtQuerySystemInformation
RtlComputeCrc32
NtClose
RtlInitUnicodeString
RtlCreateProcessParametersEx
NtManagePartition
RtlInitUnicodeStringEx
RtlFreeHeap
NtCreateFile
RtlSetBitsEx
NtCreateUserProcess
NtQueryInformationFile
RtlDecompressBufferEx
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
NtPowerInformation
NtFsControlFile
RtlFindSetBitsAndClearEx
RtlInitializeBitMap
RtlCompareMemory
RtlTestBit

oleaut32

SafeArrayPutElement
SafeArrayPtrOfIndex
SetErrorInfo
VariantClear
VariantInit
VariantChangeTypeEx
SafeArrayGetElement
SafeArrayAccessData
SafeArrayRedim
SafeArrayCreateVectorEx
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
SafeArrayCreateVector
SafeArrayCreate
SafeArrayUnaccessData
SysAllocString
SafeArrayGetVartype
SafeArrayGetLBound
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetElemsize
SysFreeString
SysAllocStringLen
SysStringLen

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

ws2_32

WSAGetOverlappedResult
WSAEventSelect
ioctlsocket
WSACleanup
closesocket
WSAStartup
WSACreateEvent
WSAEnumNetworkEvents
recv
WSAPoll
WSACloseEvent
WSARecv
shutdown
WSAGetLastError
getsockname
getpeername
WSASend
InetNtopW
WSAIoctl
setsockopt

api-ms-win-core-file-l1-1-0

CompareFileTime
ReadFile
WriteFile
SetFilePointerEx
CreateFileW
DeleteFileW
CreateDirectoryW
GetFileSizeEx
GetFileAttributesW
GetDiskFreeSpaceW
SetFileTime
FlushFileBuffers
LockFileEx
GetFileInformationByHandle
UnlockFileEx
SetEndOfFile
GetFileTime
GetFinalPathNameByHandleW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
VirtualFreeEx
UnmapViewOfFile
CreateFileMappingW
VirtualFree
VirtualAlloc

api-ms-win-core-io-l1-1-0

GetOverlappedResult
CancelIoEx
DeviceIoControl

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathRemoveFileSpecW
PathSkipRootW
PathIsUNCServerShareW
PathFindExtensionW
PathIsUNCServerW
PathFindFileNameW
PathIsFileSpecW
PathIsRelativeW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW

rpcrt4

RpcBindingSetOption
RpcBindingFromStringBindingW
RpcStringBindingComposeW
UuidFromStringW
NdrServerCallAll
NdrClientCall3
RpcBindingFree
UuidCreate
RpcBindingSetAuthInfoExW
RpcEpResolveBinding
UuidCompare
NdrServerCall2
UuidToStringW
RpcStringFreeW

api-ms-win-core-path-l1-1-0

PathCchAddBackslash
PathCchCombineEx
PathCchRemoveFileSpec

combase

ord139

vid

VidWriteMemoryBlockPageRange
VidReadMemoryBlockPageRange
VidDestroyGpaRange
VidPhuEnd
VidReleasePages
VidPrefetchDirectMapRanges
VidDmWorkingSetModify
VidDmHotAddUndo
VidDmSlpSetup
VidControlGpaAccessTracking
VidCreateMemoryBlockGpaRange
VidSgxResetMemoryBlocks
VidGetPartitionProperty
VidPhuCommit
VidSetMemoryBlockClientNotifications
VidPreparePartitionOperation
VidCreateVaGpaRange
VidQueryVaGpaRangeWorkingSetInfo
VidPhuBegin
VidGpaAccessTrackingDisable
VidDmSlpDisable
VidReservePages
VidDmBalloon
VidVsmQueryProtectionsDirty
VidGetVirtualProcessorRunningStatus
VidTeardownPartitionOperation
VidVsmPrecommitMgmtVtlPageRange
VidDmSlpQuery
VidPhuOpenMemoryBlockFile
VidDmSlpWaitForDisable
VidOpenStatisticsHandle
VidDmHotAdd
VidGetSystemInformation
VidReadWriteMemoryBlockPageRange
VidGpaAccessTrackingEnable
VidPhuPersistGpaRange
VidCloseStatisticsHandle
VidDmUnBalloon
VidDestroyGpaRangeCheckSecure
VidMarkPagePoisoned
VidSetVirtualProcessorState
VidQueryMemoryBlockFaultClusterInfo
VidVsmQueryMemoryBlockProtections
VidDmMemoryBlockQueryTopology
VidSetMemoryBlockFlushAfterWrite
VidVsmGetMemoryBlockProtections
VidMemXferSendAsync
VidVsmSetMemoryBlockProtections
VidDestroyMemoryBlock
VidCreateMemoryBlock
VidCreateDaxFileMemoryBlock
VidPhuPersistMemoryBlock
VidMapMemoryBlockPageRangeEx
VidUnmapMemoryBlockPageRange
VidReadWriteMappedMemoryBlockPageRange
VidMemXferConnectOpen
VidMemXferConnectClose
VidMemXferConnectEnable
VidMemXferConnectDisable
VidStopVirtualProcessor
VidSetPartitionProperty
VidInjectSyntheticMachineCheckEvent
VidSevSnpControlStateRestore
VidAssertVirtualProcessorInterrupt
VidSetPartitionCpuFrequencyCap
VidSevSnpControlStateSave
VidStartVirtualProcessor
VidClearVirtualProcessorInterrupt
VidEncryptDecryptData
VidSetMailboxKey
VidGetRpcSession
VidInitEncryptionKeys
VidGetSecurityCookie
VidReleaseEncryptionKeys
VidAllocateMemoryBlockReadWriteBuffers
VidDestroyMemoryBlockReadWriteBuffers
VidSchedulerAssistRestore
VidGetHvPartitionId
VidDepositPartitionMemory
VidDetachPartition
VidQueryPartitionInformation
VidDeletePartition
VidSevSnpIssueNestedPspRequests
VidCreatePartition
VidSetPartitionFriendlyName
VidEpfRestore
VidAttachPartition
VidDllStatsGetPartitionCounters
VidSchedulerAssistSave
VidGetRootReferenceTime
VidEpfSuspendEnd
VidVsmGetPartitionConfig
VidGetSystemTopology
VidRestorePartitionState
VidSchedulerAssistSuspend
VidEpfSuspendBegin
VidSavePartitionState
VidRegisterCpuidResult
VidUnregisterCpuidResult
VidEpfSave
VidTranslateGpa
VidDestroySynicPort
VidRegisterHypervisorRestartHandler
VidRegisterExceptionHandler
VidRegisterApicEoiHandler
VidSetupMessageQueue
VidRegisterIoPortHandler
VidCheckForIoIntercept
VidRegisterMsrAddressHandler
VidTranslateGvaToGpa
VidCreateMmioGpaRange
VidUnregisterHandler
VidSetMemoryBlockNotificationQueue
VidRegisterTripleFaultHandler
VidRegisterCpuidHandler
VidMapVpStatePage
VidCreateSynicPort
VidHandleMessageAndGetNextMessage
VidMessageSlotHandleAndGetNext
VidMessageSlotMap
VidMapHvGlobalStatsPage
VidMapHvLocalStatsPage
VidUnmapHvGlobalStatsPage
VidUnmapHvLocalStatsPage
VidGetHvMemoryBalance
VidDllStatsGetVmPerfRootInstance
VidVsmSetPartitionConfig
VidCloneTemplateDestroy
VidCloneTemplateCreate
VidSuspendClear
VidSuspendApply
VidTrimPartitionMemory
VidChangePartitionLifeState
VidGetVirtualProcessorState
VidSetVirtualProcessorStateEx
VidVsmCheckGpaPageVtlAccess
VidIsolatedInsertPages
VidVsmEnableVpVtl
VidSetPeerProcess
VidResetPartition
VidResetPoisonedPage
VidAdjustNestedTlbSize
VidPopulateCpuidInformation

api-ms-win-crt-math-l1-1-0

_finite
_isnan

api-ms-win-core-perfcounters-l1-1-0

PerfSetULongLongCounterValue
PerfSetCounterSetInfo
PerfStopProvider
PerfDeleteInstance
PerfCreateInstance
PerfStartProvider
PerfSetCounterRefValue
PerfSetULongCounterValue

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-io-l1-1-1

GetOverlappedResultEx

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

api-ms-win-core-featurestaging-l1-1-0

UnsubscribeFeatureStateChangeNotification
GetFeatureEnabledState
SubscribeFeatureStateChangeNotification
RecordFeatureUsage

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-kernel32-legacy-l1-1-1

GetNumaAvailableMemoryNodeEx

api-ms-win-core-memory-l1-1-1

QueryMemoryResourceNotification
CreateMemoryResourceNotification

api-ms-win-core-systemtopology-l1-1-0

GetNumaNodeProcessorMaskEx
GetNumaHighestNodeNumber

api-ms-win-core-processtopology-l1-1-0

SetThreadGroupAffinity

api-ms-win-core-memory-l1-1-2

VirtualAllocExNuma

api-ms-win-core-processtopology-private-l1-1-0

SetProcessGroupAffinity

bcrypt

BCryptGenRandom
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptHashData
BCryptCreateHash
BCryptGetProperty

api-ms-win-core-processtopology-obsolete-l1-1-0

GetProcessAffinityMask

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

wintrust

WTGetSignatureInfo

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 724KB - Virtual size: 721KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vssadmin.exe
.exe windows:10 windows x64 arch:x64

d509661209ca0d9b45580702d62b63c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

vssadmin.pdb

Imports

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
DeregisterEventSource
ConvertSidToStringSidW
OpenThreadToken
RegisterEventSourceW
ReportEventW

kernel32

LoadLibraryW
FreeLibrary
GetSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetConsoleOutputCP
GetThreadLocale
GetTimeFormatW
FindVolumeClose
FlushConsoleInputBuffer
ReadConsoleW
GetConsoleMode
WriteFile
WideCharToMultiByte
WriteConsoleW
GetDateFormatW
GetFileType
RaiseException
FindNextVolumeW
FormatMessageW
GetDiskFreeSpaceExW
GetDriveTypeW
FindFirstVolumeW
GetVolumeNameForVolumeMountPointW
GetModuleHandleW
GetVolumePathNameW
GetSystemWindowsDirectoryW
DeviceIoControl
CreateFileW
GetVersionExW
LoadLibraryExW
GetCurrentThread
Sleep
GetTickCount
QueryPerformanceCounter
CloseHandle
SetLastError
GetCurrentProcess
LocalFree
GetCommandLineW
HeapSetInformation
GetLastError
GetStdHandle
SetThreadUILanguage
CompareStringW
SetConsoleMode

msvcrt

?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_commode
??1type_info@@UEAA@XZ
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
_fmode
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
??0exception@@QEAA@AEBQEBD@Z
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
malloc
swscanf
_vsnprintf
wcsncmp
__CxxFrameHandler4
iswdigit
towupper
iswalpha
wprintf
rand
srand
free
realloc
_vsnwprintf
wcschr
_wcsicmp
__set_app_type
_purecall
memset

atl

ord30

api-ms-win-core-com-l1-1-0

CoUninitialize
CoTaskMemRealloc
CoInitializeSecurity
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoGetClassObject
CLSIDFromString
CoCreateInstance

oleaut32

GetErrorInfo
SysFreeString

api-ms-win-core-libraryloader-l1-2-0

LoadStringW

api-ms-win-shlwapi-winrt-storage-l1-1-1

StrFormatByteSizeEx

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

vssapi

VssFreeSnapshotPropertiesInternal
CreateVssBackupComponentsInternal
GetProviderMgmtInterfaceInternal
ShouldBlockRevertInternal

vsstrace

ord2
ord5
ord9
ord1
ord4
ord11
ord7
ord10
ord3
ord6
ord8

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW

Sections

.text
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vulkaninfo-1-999-0-0-0.exe
.exe windows:6 windows x64 arch:x64

1a7521d1ecedf3c7d7bee3ed848bd154

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\j\msdk\build\Khronos-Tools\repo\build\vulkaninfo\RelWithDebInfo\vulkaninfo.pdb

Imports

kernel32

FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryExA
LoadLibraryA
GetConsoleScreenBufferInfo
Sleep
SetConsoleWindowInfo
SetConsoleTitleA
GetConsoleProcessList
HeapSize
CreateFileW
ReadConsoleW
SetConsoleScreenBufferSize
GetStdHandle
WideCharToMultiByte
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
GetLastError
LoadLibraryExW
InterlockedPushEntrySList
InterlockedFlushSList
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
GetCurrentThread
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointerEx
GetProcessHeap
SetConsoleCtrlHandler
GetTimeZoneInformation
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
OutputDebugStringA
OutputDebugStringW
SetStdHandle
WriteConsoleW
SetEndOfFile

user32

LoadCursorA
MonitorFromWindow

gdi32

GetStockObject

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 379KB - Virtual size: 379KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cfguard
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vulkaninfo.exe
.exe windows:6 windows x64 arch:x64

1a7521d1ecedf3c7d7bee3ed848bd154

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\j\msdk\build\Khronos-Tools\repo\build\vulkaninfo\RelWithDebInfo\vulkaninfo.pdb

Imports

kernel32

FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryExA
LoadLibraryA
GetConsoleScreenBufferInfo
Sleep
SetConsoleWindowInfo
SetConsoleTitleA
GetConsoleProcessList
HeapSize
CreateFileW
ReadConsoleW
SetConsoleScreenBufferSize
GetStdHandle
WideCharToMultiByte
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
GetLastError
LoadLibraryExW
InterlockedPushEntrySList
InterlockedFlushSList
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
GetCurrentThread
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointerEx
GetProcessHeap
SetConsoleCtrlHandler
GetTimeZoneInformation
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
OutputDebugStringA
OutputDebugStringW
SetStdHandle
WriteConsoleW
SetEndOfFile

user32

LoadCursorA
MonitorFromWindow

gdi32

GetStockObject

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 379KB - Virtual size: 379KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cfguard
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
w32tm.exe
.exe windows:10 windows x64 arch:x64

d3cfed6057b46fd01d3204f7f7d036aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

w32tm.pdb

Imports

msvcp_win

?__ExceptionPtrRethrow@@YAXPEBX@Z
?_Xlength_error@std@@YAXPEBD@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z

api-ms-win-crt-string-l1-1-0

wcscmp
wcsspn
memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__ltow
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__exit
memmove
_o__wcsicmp
_o__wcsnicmp
_o_exit
_o_free
_o_iswalpha
_o_iswdigit
_o_iswspace
_o_log
_o_malloc
_o_rand
_o_srand
_o_terminate
_o_wcstombs_s
_o_wcstoul
__current_exception
__current_exception_context
_CxxThrowException
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vfwprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
_o___acrt_iob_func
__C_specific_handler
_set_se_translator
__CxxFrameHandler4
wcschr
_local_unwind
memcmp
memcpy

api-ms-win-core-string-l2-1-0

CharUpperW

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
FreeLibrary
GetModuleHandleW
LoadLibraryExW
GetProcAddress

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-file-l1-1-0

WriteFile
GetFileType
FileTimeToLocalFileTime
GetFullPathNameW
CreateFileW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
ExpandEnvironmentStringsW

api-ms-win-core-handle-l1-1-0

CloseHandle
GetHandleInformation
SetHandleInformation

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorDacl
AdjustTokenPrivileges

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
OpenSCManagerW

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-core-synch-l1-1-0

SetEvent
OpenEventW
CreateEventW
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
ReleaseSRWLockShared
WaitForMultipleObjectsEx
ReleaseSRWLockExclusive
AcquireSRWLockShared
AcquireSRWLockExclusive

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegEnumValueW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegGetValueW

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
SetThreadStackGuarantee
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
CreateThread
GetCurrentProcess

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus

bcrypt

BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash

ws2_32

GetAddrInfoW
bind
WSAAddressToStringW
WSAGetLastError
WSACleanup
FreeAddrInfoW
connect
socket
closesocket
WSAIoctl
GetNameInfoW
WSAEventSelect
WSAStartup
setsockopt

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-console-l1-1-0

GetConsoleMode
WriteConsoleW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

iphlpapi

IcmpCreateFile
Icmp6CreateFile
GetAdaptersAddresses
GetInterfaceActiveTimestampCapabilities
IcmpCloseHandle
IcmpSendEcho
Icmp6SendEcho2
CaptureInterfaceHardwareCrossTimestamp

logoncli

DsGetDcNameW

netutils

NetApiBufferFree

api-ms-win-core-registry-l2-1-0

RegConnectRegistryW
RegOpenKeyW

api-ms-win-security-provider-l1-1-0

SetNamedSecurityInfoW

ntdll

RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlImageNtHeader
RtlConvertExclusiveToShared
RtlConvertSharedToExclusive
RtlAcquireResourceShared
RtlReleaseResource
NtSetSystemInformation
RtlAllocateHeap
RtlFreeHeap

ntdsapi

DsBindW
DsGetDomainControllerInfoW
DsUnBindW
DsFreeDomainControllerInfoW

kernel32

UnregisterWaitEx
DeleteTimerQueueTimer
CreateTimerQueueTimer
RegisterWaitForSingleObjectEx

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualQuery
VirtualProtect

nsi

NsiGetAllParameters

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
waitfor.exe
.exe windows:10 windows x64 arch:x64

ec6bdf00e84fbc5dce72206b4309e937

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

waitfor.pdb

Imports

kernel32

CloseHandle
CreateMailslotW
ReadFile
SetLastError
WideCharToMultiByte
GetConsoleOutputCP
HeapSetInformation
GetModuleFileNameW
GetComputerNameExW
HeapSize
HeapReAlloc
HeapAlloc
HeapValidate
HeapFree
GetProcessHeap
ReadConsoleW
SetConsoleMode
MultiByteToWideChar
ExitProcess
WriteConsoleW
CompareStringA
WriteFile
CompareStringW
lstrlenW
lstrlenA
GetStdHandle
GetConsoleMode
GetFileType
FindStringOrdinal
LocalFree
FormatMessageW
SetThreadUILanguage
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
GetLastError
CreateFileW
GetThreadLocale
GetComputerNameW

msvcrt

memset
wcstod
wcstoul
wcstol
_get_osfhandle
fprintf
fflush
wcstok
_errno
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_vsnwprintf
__CxxFrameHandler4
_fileno
__iob_func
_memicmp

ntdll

RtlVerifyVersionInfo
VerSetConditionMask
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

user32

LoadStringW
CharUpperW

ws2_32

GetNameInfoW
GetAddrInfoW
WSAGetLastError
WSAStartup
WSACleanup
FreeAddrInfoW

shlwapi

StrChrW

mpr

WNetAddConnection2W
WNetGetLastErrorW
WNetCancelConnection2W

version

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

srvcli

NetServerGetInfo

netutils

NetApiBufferFree

sspicli

GetUserNameExW

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wbadmin.exe
.exe windows:10 windows x64 arch:x64

0257d3a9f8fbe3f6c74b054b5a868005

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wbadmin.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
CreateWellKnownSid
CheckTokenMembership
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
GetLengthSid
IsValidSid
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
MakeAbsoluteSD
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAce
InitializeAcl
GetAclInformation
IsValidSecurityDescriptor
RegCloseKey
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
StartServiceW
RegOpenKeyExW
OpenServiceW
RegQueryValueExW
ControlTraceW
StartTraceW
EnableTrace
ImpersonateLoggedOnUser
LogonUserExExW
SetFileSecurityW
RevertToSelf
EventUnregister
EventEnabled
EventRegister
EventWrite
ConvertStringSecurityDescriptorToSecurityDescriptorW

kernel32

PeekConsoleInputW
CompareStringW
GetConsoleCP
GetDateFormatW
SystemTimeToTzSpecificLocalTime
GetTimeFormatW
GetDiskFreeSpaceExW
FlushFileBuffers
SetFileInformationByHandle
RemoveDirectoryW
GetFileInformationByHandleEx
GetSystemDirectoryW
MoveFileExW
DeleteFileW
GetFileAttributesW
DeviceIoControl
CreateDirectoryW
GetExitCodeProcess
CreateProcessW
MultiByteToWideChar
GetTickCount64
GetVolumeNameForVolumeMountPointW
GetComputerNameExW
GetVersionExW
WaitForSingleObject
GetVolumePathNameW
ExpandEnvironmentStringsW
LoadLibraryExW
LocalAlloc
SetLastError
ReadFile
ReadConsoleW
FlushConsoleInputBuffer
SetConsoleMode
FreeLibrary
WideCharToMultiByte
WriteConsoleW
WriteFile
GetDriveTypeW
CreateFileW
GetConsoleMode
GetFileType
GetStdHandle
SetThreadUILanguage
GetConsoleOutputCP
FormatMessageW
GetLastError
LocalFree
HeapSetInformation
GetTempPath2W
Sleep
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetSystemTime
RaiseException
CloseHandle
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
GetEnvironmentVariableW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetLocalTime
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
GetTimeZoneInformation
CompareFileTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetModuleHandleW

msvcrt

memcpy
memset
memcmp
wcsncmp
rand
_wcsupr
_vsnprintf
__CxxFrameHandler4
_wcsicmp
wcschr
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
__C_specific_handler
_callnewh
_purecall
_wsetlocale
malloc
memmove_s
calloc
free
wcsstr
_wcsnicmp
wcsrchr
memcpy_s
_wtol
_vsnwprintf
exit
wprintf
_wtoi
wcscspn
wcscmp

ole32

CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoTaskMemRealloc
CoUninitialize
CoTaskMemFree
CLSIDFromString
CoTaskMemAlloc

user32

LoadStringW

oleaut32

SysFreeString
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SysAllocString
SysAllocStringLen

rpcrt4

RpcStringFreeW
UuidToStringW
UuidFromStringW

ntdll

RtlNtStatusToDosError
RtlCheckPortableOperatingSystem
NtQueryInformationFile
NtQueryVolumeInformationFile
NtQuerySystemInformation

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW

credui

CredUICmdLinePromptForCredentialsW

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wbengine.exe
.exe windows:10 windows x64 arch:x64

532169210ecad1110f9151413491b287

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wbengine.pdb

Imports

advapi32

RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
TraceMessage
DuplicateTokenEx
RegQueryValueExW
GetUserNameW
EventSetInformation
EventRegister
EventUnregister
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
SetServiceStatus
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
GetLengthSid
IsValidSid
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
MakeAbsoluteSD
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAce
InitializeAcl
GetAclInformation
IsValidSecurityDescriptor
RegEnumValueW
LookupAccountNameW
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
OpenSCManagerW
CreateServiceW
CloseServiceHandle
OpenServiceW
ControlService
DeleteService
InitiateShutdownW
RegGetValueW
TraceEvent
RegUnLoadKeyW
RegLoadKeyW
EventWriteTransfer
TreeSetNamedSecurityInfoW
CheckTokenMembership
LsaNtStatusToWinError
GetSecurityDescriptorLength
EventWrite
EventEnabled
SetThreadToken
OpenThreadToken
EnableTrace
StartTraceW
ControlTraceW
LookupPrivilegeValueW
AdjustTokenPrivileges
RevertToSelf
SetFileSecurityW
LsaFreeMemory
EqualSid
GetWindowsAccountDomainSid
LogonUserExExW
ImpersonateLoggedOnUser
OpenProcessToken
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
LsaQueryInformationPolicy
LsaOpenPolicy
LsaClose
QueryServiceStatus
EnumDependentServicesW

kernel32

GetTickCount
RemoveDirectoryW
HeapSetInformation
CreateWaitableTimerW
WaitForSingleObjectEx
GetCurrentThreadId
GetDriveTypeW
CopyFileW
DeviceIoControl
CreateThread
GetCommandLineW
TlsGetValue
OutputDebugStringW
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
SetErrorMode
CancelIoEx
GetFileAttributesExW
DeleteVolumeMountPointW
QueryDosDeviceW
SetVolumeMountPointW
SetWaitableTimer
GetLogicalDrives
GetFileSize
GetLongPathNameW
SetFileValidData
SetFilePointerEx
SetEndOfFile
RtlCompareMemory
SleepEx
GetOverlappedResult
GetCurrentThread
SetFilePointer
CancelIo
GetVolumeInformationW
CompareStringOrdinal
CopyFileExW
GetLocalTime
FormatMessageW
GetSystemDirectoryW
LocalAlloc
SetLastError
GetTempPath2W
GetWindowsDirectoryW
GetUserGeoID
GetSystemInfo
GetComputerNameExW
GetVersionExW
GetProductInfo
ExpandEnvironmentStringsW
SetFileInformationByHandle
GetFileInformationByHandle
SetFileAttributesW
GetVolumeNameForVolumeMountPointW
FindNextFileW
FindFirstFileW
GetFileInformationByHandleEx
CreateDirectoryW
GetVolumePathNamesForVolumeNameW
GetDiskFreeSpaceExW
GetFileAttributesW
OutputDebugStringA
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
GetEnvironmentVariableW
HeapDestroy
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetVolumePathNameW
SizeofResource
EnterCriticalSection
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
MultiByteToWideChar
GetLastError
RaiseException
FindResourceExW
LoadResource
GetProcAddress
DeleteCriticalSection
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
GetTimeZoneInformation
SetThreadExecutionState
FileTimeToLocalFileTime
Sleep
SetVolumeLabelW
FileTimeToSystemTime
CompareFileTime
FindClose
MoveFileW
ReadFile
MoveFileExW
FlushFileBuffers
WriteFile
DeleteFileW
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetSystemTime
LocalFree
GetFileSizeEx
CreateFileW
ResetEvent
WaitForSingleObject
SetEvent
CloseHandle
CreateEventW
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
lstrcmpiW
FreeLibrary
GetModuleHandleW

user32

TranslateMessage
GetMessageW
PostThreadMessageW
LoadStringW
CharNextW
CharUpperBuffW
UnregisterClassA
DispatchMessageW
CharUpperW
MessageBoxW

msvcrt

wcsncmp
_wcsnicmp
calloc
memmove_s
_vsnwprintf
_wcsicmp
wcsncpy_s
malloc
free
_purecall
memcpy_s
__C_specific_handler
__CxxFrameHandler4
_initterm
swscanf_s
realloc
wcscpy_s
wcscat_s
memset
memmove
_scwprintf
_vsnprintf
wcsstr
wcsrchr
wcscspn
towlower
_wgetenv
_wtol
_wtoi
_wcstoi64
wcstok_s
wcschr
??_V@YAXPEAX@Z
_XcptFilter
_amsg_exit
_wcmdln
_fmode
_commode
_errno
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
wcstoul
memcmp
_callnewh
__wgetmainargs
__set_app_type
exit
_exit
_cexit
memcpy
__setusermatherr
_CxxThrowException
wcscmp

ntdll

RtlUnlockBootStatusData
WinSqmAddToStreamEx
NtCreateFile
RtlFreeHeap
RtlDosPathNameToNtPathName_U
RtlClearAllBits
RtlSetBits
RtlNumberOfSetBits
RtlInitializeBitMap
RtlFindNextForwardRunClear
RtlGetSetBootStatusData
RtlAreBitsSet
RtlAreBitsClear
RtlSetBit
EtwTraceMessage
RtlNumberOfClearBits
RtlSetAllBits
NtQueryVolumeInformationFile
NtSetInformationKey
NtQueryKey
NtQuerySystemInformation
NtQueryInformationFile
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlInitUnicodeString
RtlClearBits
RtlGetLastNtStatus
RtlNtStatusToDosError
RtlCreateSystemVolumeInformationFolder
WinSqmAddToStream

ole32

CoResumeClassObjects
CoRevokeClassObject
CoSuspendClassObjects
CoRegisterClassObject
CoUninitialize
CoInitializeEx
CoCreateInstance
StringFromGUID2
CoInitializeSecurity
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoImpersonateClient
CoCreateGuid
CreateStreamOnHGlobal
CreateClassMoniker
GetRunningObjectTable
CoDisconnectObject
CoRevertToSelf
CLSIDFromString

oleaut32

VariantClear
VariantCopy
SysFreeString
SysAllocString
SystemTimeToVariantTime
SysStringByteLen
SysAllocStringByteLen
VarUI4FromStr
VariantInit
VarBstrCmp
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
SysAllocStringLen
VarBstrCat
SysStringLen

rpcrt4

UuidCreate
UuidFromStringW
UuidToStringW
RpcStringFreeW

vssapi

VssFreeSnapshotPropertiesInternal
CreateVssBackupComponentsInternal
CreateVssExamineWriterMetadataInternal

virtdisk

OpenVirtualDisk
CompactVirtualDisk
GetVirtualDiskPhysicalPath
GetVirtualDiskInformation
AttachVirtualDisk
SetVirtualDiskInformation
CreateVirtualDisk
DetachVirtualDisk
GetVirtualDiskOperationProgress
GetStorageDependencyInformation

bcd

BcdOpenSystemStore
BcdForciblyUnloadStore
BcdCloseStore
BcdSetSystemStoreDevice
BcdImportStoreWithFlags

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupEnumPublishedInfW
pSetupGetFileTitle
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupGetInfDriverStoreLocationW

spp

SppFreeBadWritersArray

netapi32

NetShareGetInfo
NetApiBufferFree
NetShareDel
NetShareAdd

xmllite

CreateXmlReaderInputWithEncodingName
CreateXmlReader

bcrypt

BCryptHashData
BCryptGetProperty
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptCreateHash

clusapi

GetNodeClusterState

wer

WerReportSubmit
WerReportCloseHandle
WerReportAddFile
WerReportSetParameter
WerReportCreate

Exports

Exports

??0CTraceFailureHelper@@QEAA@AEAVCTraceProvider@@JPEBGKPEBX@Z
??0CTraceFunction@@QEAA@AEAVCTraceProvider@@PEBGH1PEBX@Z
??0CTraceHelper@@QEAA@AEAVCTraceProvider@@PEBGKPEBX@Z
??0CTraceProvider@@QEAA@W4COMPONENT_CODE@@@Z
??1CTraceFunction@@QEAA@XZ
??1CTraceProvider@@QEAA@XZ
??4CTraceProvider@@QEAAAEAV0@AEBV0@@Z
?EtwEnabled@CTraceProvider@@QEAA_NW4TRACE_FLAG@@@Z
?EtwTrace@CTraceProvider@@QEAAXAEBUDLS_TRACE_EVENT@@@Z
?OdsEnabled@CTraceProvider@@QEAA_NW4TRACE_FLAG@@@Z
?OdsTrace@CTraceProvider@@QEAAXAEBUDLS_TRACE_EVENT@@@Z
?QueryTaskId@CTraceProvider@@SA?AU_GUID@@XZ
?SetTraceControlInfo@CTraceProvider@@QEAAX_N_KK@Z
?Trace@CTraceProvider@@QEAAXW4TRACE_FLAG@@PEBGKPEBX1PEAD@Z
?TraceMessage@CTraceFailureHelper@@QEAAXPEBGZZ
?TraceMessage@CTraceHelper@@QEAAXW4TRACE_FLAG@@PEBGZZ
?m_dwTraceCurrSize@CTraceProvider@@0KA
?m_dwTraceLevel@CTraceProvider@@0KA
?m_dwTraceMaxNum@CTraceProvider@@0KA
?m_dwTraceMaxSize@CTraceProvider@@0KA
?m_dwTraceNextNum@CTraceProvider@@0KA
?m_errLogCriticalSection@CTraceProvider@@0U_RTL_CRITICAL_SECTION@@A
?m_errorFile@CTraceProvider@@0PEAU_iobuf@@EA
?m_errorTracingInBadState@CTraceProvider@@0_NA
?m_isCriticalSectionIntialized@CTraceProvider@@0_NA

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wecutil.exe
.exe windows:10 windows x64 arch:x64

4e18b62173a00736833bd2abe454cfaf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wecutil.pdb

Imports

msvcrt

memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
__set_app_type
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
wprintf
fgetwc
_vsnwprintf
_wcsicmp
wcstoul
_errno
iswspace
_ui64tow
__iob_func
free
memmove
swprintf_s
swscanf
_wtoi
exit
setlocale
_XcptFilter
_exit
sprintf_s
fwprintf
_cexit
__setusermatherr
_initterm
__C_specific_handler
_fmode
_commode
__CxxFrameHandler4
_lock
_unlock
__dllonexit
_onexit
_purecall
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
wcstok
memset
__wgetmainargs
_amsg_exit
??3@YAXPEAX@Z
??1exception@@UEAA@XZ
wcscmp

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
ExpandEnvironmentStringsW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-console-l1-1-0

WriteConsoleW
GetConsoleMode
GetConsoleOutputCP

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage

api-ms-win-core-file-l1-1-0

WriteFile
LocalFileTimeToFileTime
GetFullPathNameW
GetFileType
CreateFileW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
LoadLibraryExW

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

ntdll

EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage

wecapi

EcGetObjectArrayProperty
EcGetSubscriptionProperty
EcOpenSubscription
EcGetSubscriptionRunTimeStatus
EcOpenSubscriptionEnum
EcQuickConfig
EcSaveSubscription
EcRemoveObjectArrayElement
EcInsertObjectArrayElement
EcSetObjectArrayProperty
EcSetSubscriptionProperty
EcRetrySubscription
EcDeleteSubscription
EcGetObjectArraySize
EcClose
EcEnumNextSubscription

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWrite

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wermgr.exe
.exe windows:10 windows x64 arch:x64

b3e2f8838b99d9ba62ed159b31c03aa3

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a3:d7:b1:dc:f5:c7:30:0e:00:50:4d:86:1e:dd:35:a0:fe:6c:85:1e:ed:34:b9:09:e5:3e:83:c5:a6:bc:0a:58
Signer

Actual PE Digest

a3:d7:b1:dc:f5:c7:30:0e:00:50:4d:86:1e:dd:35:a0:fe:6c:85:1e:ed:34:b9:09:e5:3e:83:c5:a6:bc:0a:58

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WerMgr.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcstoui64
memmove
_o__wtoi
_o__wtoi64
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcstol
__C_specific_handler
__current_exception
__current_exception_context
_o__get_narrow_winmain_command_line
wcsrchr
__CxxFrameHandler4
__std_terminate
__CxxFrameHandler3
_CxxThrowException
_o__exit
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcscmp
wcsnlen
wcsncmp
memset

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
OpenProcessToken
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetStartupInfoW
GetCurrentThread
OpenThreadToken
GetCurrentProcess
GetProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetTickCount64
GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
SetProcessMitigationPolicy
OpenProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
LoadLibraryExW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
FreeLibrary
GetModuleHandleExA

ntdll

DbgPrintEx
RtlNtStatusToDosError
NtOpenEvent
NtClose
NtQuerySystemInformation
NtQueryInformationProcess
EtwTraceMessage
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
RtlInitUnicodeString
RtlAdjustPrivilege
NtSetSystemInformation
ZwQueryWnfStateNameInformation
ZwUpdateWnfStateData
EtwEventWriteNoRegistration
NtWaitForSingleObject
RtlAllocateAndInitializeSid
NtAlpcConnectPort
NtAlpcSendWaitReceivePort
RtlFreeSid
RtlCreateBoundaryDescriptor
RtlCreateServiceSid
RtlAddSIDToBoundaryDescriptor
RtlDeleteBoundaryDescriptor

diagnosticdatasettings

TelGetWerTelemetryMode

api-ms-win-core-windowserrorreporting-l1-1-0

GetApplicationRecoveryCallback

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegSetValueExW
RegGetValueW
RegOpenKeyExW
RegCreateKeyExW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
OpenFileMappingW
ReadProcessMemory
UnmapViewOfFile
CreateFileMappingW

api-ms-win-security-base-l1-1-0

FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetKernelObjectSecurity
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
AllocateAndInitializeSid
CheckTokenMembership
SetKernelObjectSecurity

api-ms-win-core-file-l1-1-0

GetFileAttributesW
SetFileInformationByHandle
CreateFileW
GetFinalPathNameByHandleW
SetFileAttributesW
FindFirstFileW
FindNextFileW
ReadFile
GetFileSizeEx
GetLongPathNameW
FindFirstFileExW
GetFileTime
FindClose

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventWriteTransfer
EventRegister

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-com-l1-1-0

CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoInitializeEx
CoMarshalInterface

oleaut32

SysFreeString
SysAllocString

api-ms-win-core-wow64-l1-1-0

Wow64RevertWow64FsRedirection
IsWow64Process
Wow64DisableWow64FsRedirection

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
InitializeCriticalSectionEx
CreateEventW
ReleaseMutex
DeleteCriticalSection
AcquireSRWLockShared
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
LeaveCriticalSection
CreateMutexExW
AcquireSRWLockExclusive
OpenMutexW
CreateMutexW
SetEvent
WaitForSingleObjectEx
ReleaseSRWLockExclusive
ReleaseSRWLockShared
OpenSemaphoreW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-core-toolhelp-l1-1-0

Process32NextW
CreateToolhelp32Snapshot
Process32FirstW

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

wer

WerReportCloseHandle
WerReportSubmit
WerpSetCallBack
WerpSetReportInformation
WerpGetReportInformation
WerpGetReportType
WerpGetReportSettings
WerpLoadReportFromBuffer
WerpDestroyWerString
WerpCleanWer
WerStorePurge
WerReportAddDump
WerpCreateMachineStore
WerpSetExitListeners
WerpHasOobeCompleted
WerpSubmitReportFromStore
WerpGetWerStringData
WerpEnumerateStoreNext
WerpEnumerateStoreStart
WerpOpenMachineQueue
WerpCloseStore
WerpIsOnBattery
WerpIsTransportAvailable

api-ms-win-core-namespace-l1-1-0

OpenPrivateNamespaceW
ClosePrivateNamespace

Sections

.text
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wevtutil.exe
.exe windows:10 windows x64 arch:x64

c59a01c8c232a0b5d01f2ae0d6dcd8e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wevtutil.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__purecall
_o__putws
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__ultow_s
_o__configthreadlocale
_o__wcsicmp
_o__wcstoui64
_o__wtoi
_o_exit
_o_fflush
_o_free
_o_getwc
_o_malloc
_o_setlocale
_o_terminate
_o_towupper
_o_wcscpy_s
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
_o__cexit
_o___stdio_common_vswscanf
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o__crt_atexit
_o___p___wargv
_o___p___argc
_o___acrt_iob_func
wcschr
__std_terminate
__CxxFrameHandler4
_o__configure_wide_argv
_CxxThrowException
memcpy

api-ms-win-crt-string-l1-1-0

wcscmp
wcsnlen
memset

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap
HeapSetInformation

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcessId
OpenProcessToken
CreateProcessW
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

GetThreadUILanguage
LocaleNameToLCID
SetThreadPreferredUILanguages
SetThreadUILanguage
FormatMessageW
GetThreadLocale

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
TraceMessage

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW
GetStdHandle

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

LockResource
LoadResource
GetModuleHandleW
LoadLibraryExW
GetProcAddress
SizeofResource
FindResourceExW
FreeLibrary
FreeResource

api-ms-win-core-file-l1-1-0

ReadFile
CreateFileW
GetFileAttributesW
GetFileSize
GetFileType
WriteFile
GetFullPathNameW

api-ms-win-core-console-l1-1-0

GetConsoleMode
WriteConsoleW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

oleaut32

SysFreeString
SysStringLen
VariantClear
SysAllocString
SysAllocStringLen
VariantInit

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance
CoInitializeEx

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-core-wow64-l1-1-0

Wow64RevertWow64FsRedirection
IsWow64Process
Wow64DisableWow64FsRedirection

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegDeleteKeyExW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
RegGetValueW
RegEnumKeyExW

rpcrt4

RpcStringBindingComposeW
RpcBindingFree
NdrClientCall3
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcBindingSetOption
RpcBindingFromStringBindingW

ntdll

RtlGetVersion
RtlNtStatusToDosError

api-ms-win-core-registry-l2-1-0

RegDeleteKeyTransactedW
RegOpenKeyTransactedW
RegCreateKeyTransactedW

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
GetAce
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorOwner
MakeSelfRelativeSD
AddAce
InitializeSecurityDescriptor
GetSecurityDescriptorControl
SetSecurityDescriptorGroup
MapGenericMask
InitializeAcl
GetAclInformation
IsValidSecurityDescriptor
AdjustTokenPrivileges
GetSecurityDescriptorLength

bcrypt

BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptHashData
BCryptCreateHash
BCryptDestroyHash

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wextract.exe
.exe windows:10 windows x64 arch:x64

4cea7ae85c87ddc7295d39ff9cda31d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wextract.pdb

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
LoadLibraryExA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
WaitForSingleObject
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
ExpandEnvironmentStringsA
LocalAlloc
lstrcmpA
FindNextFileA
GetCurrentProcess
FindFirstFileA
GetModuleFileNameA
GetShortPathNameA
Sleep
GetStartupInfoW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
EnumResourceLanguagesA
GetDiskFreeSpaceA
MulDiv
FindClose

gdi32

GetDeviceCaps

user32

ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetSystemMetrics
CallWindowProcA
SetWindowTextA
MessageBoxA
SendDlgItemMessageA
SendMessageA
GetDlgItem
DialogBoxIndirectParamA
GetWindowLongPtrA
SetWindowLongPtrA
SetForegroundWindow
ReleaseDC
EnableWindow
CharNextA
LoadStringA
CharPrevA
EndDialog
MessageBeep
ExitWindowsEx
SetDlgItemTextA
CharUpperA
GetDesktopWindow
PeekMessageA
GetDlgItemTextA

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_acmdln
__C_specific_handler
memset
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
memcpy_s
_vsnprintf
_initterm
memcpy

comctl32

ord17

cabinet

ord20
ord21
ord23
ord22

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
where.exe
.exe windows:10 windows x64 arch:x64

06ec8aa329a0c46c9af47004cf3c8be2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

where.pdb

Imports

msvcrt

__iob_func
_memicmp
_errno
wcstod
wcstol
wcstoul
_fileno
_get_osfhandle
fprintf
fflush
_vsnwprintf
?terminate@@YAXXZ
wcstok
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
localtime
towupper
_wstat
wcsrchr
_wgetenv
wcspbrk
memset

kernel32

TerminateProcess
HeapValidate
HeapFree
GetProcessHeap
GetConsoleOutputCP
ExitProcess
WriteConsoleW
CompareStringA
GetThreadLocale
CompareStringW
lstrlenW
GetUserDefaultLCID
GetStdHandle
GetConsoleMode
GetFileType
WideCharToMultiByte
FindStringOrdinal
LocalFree
FormatMessageW
SetThreadUILanguage
GetModuleFileNameW
FindFirstFileExW
SetLastError
GetFullPathNameW
FindNextFileW
GetLongPathNameW
SetErrorMode
GetEnvironmentVariableW
FindClose
CreateFileW
GetFileAttributesW
GetFileInformationByHandle
GetLastError
FileTimeToSystemTime
CloseHandle
HeapSetInformation
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetTimeFormatW
GetFileSize
GetDateFormatW
Sleep
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetCurrentProcess
HeapReAlloc
HeapSize
HeapAlloc

ntdll

VerSetConditionMask
RtlVerifyVersionInfo

user32

CharUpperW
LoadStringW

ws2_32

WSACleanup

shlwapi

StrChrW
StrTrimW

version

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
whoami.exe
.exe windows:10 windows x64 arch:x64

62935820e434af643547b7f5f5bd0292

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

whoami.pdb

Imports

advapi32

LookupPrivilegeDisplayNameW
LookupPrivilegeNameW
GetSidIdentifierAuthority
LookupAccountSidW
GetLengthSid
OpenProcessToken
IsValidSid
CopySid
GetSidSubAuthority
GetSidSubAuthorityCount
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
InitializeSid
EqualSid

kernel32

CloseHandle
LocalFree
HeapSetInformation
FileTimeToSystemTime
GetTimeFormatW
GetModuleFileNameW
HeapSize
HeapReAlloc
HeapAlloc
HeapValidate
HeapFree
GetProcessHeap
GetLastError
GetConsoleOutputCP
ExitProcess
WriteConsoleW
CompareStringA
GetThreadLocale
CompareStringW
lstrlenW
GetStdHandle
GetConsoleMode
GetFileType
WideCharToMultiByte
FindStringOrdinal
FormatMessageW
TerminateProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
Sleep
GetCurrentProcess
SetThreadUILanguage
SetLastError

msvcrt

fflush
fprintf
wcstok
_get_osfhandle
_fileno
wcstoul
wcstol
wcstod
_errno
_memicmp
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_purecall
_callnewh
malloc
??3@YAXPEAX@Z
_ultow
_vsnwprintf
__CxxFrameHandler4
__iob_func
memset

ntdll

RtlVerifyVersionInfo
RtlCaptureContext
RtlLookupFunctionEntry
VerSetConditionMask
RtlVirtualUnwind

user32

CharLowerW
LoadStringW
CharUpperW

ws2_32

WSACleanup

shlwapi

StrChrW

version

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

authz

InitializeClaimDictionary
GetClaimDefinitions
FreeClaimDefinitions
FreeClaimDictionary

sspicli

LsaConnectUntrusted
LsaLookupAuthenticationPackage
LsaCallAuthenticationPackage
GetUserNameExW

wkscli

NetGetJoinInformation

netutils

NetApiBufferFree

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wiaacmgr.exe
.exe windows:10 windows x64 arch:x64

d3bb4b0fbdc2b317ba7b2bb7e247b015

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wiaacmgr.pdb

Imports

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW

kernel32

GetSystemInfo
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
CloseHandle
SetEvent
WaitForSingleObject
CreateEventW
HeapSetInformation
GetCommandLineW
RegisterApplicationRestart
ActivateActCtx
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
lstrcpyW
CompareStringW
HeapDestroy
DeactivateActCtx
CreateMutexW
OpenFileMappingW
MapViewOfFile
CreateFileMappingW
ReleaseMutex
UnmapViewOfFile
CreateProcessW
SetLastError
LocalFree
VirtualAlloc
VirtualQuery
GetModuleHandleW
SetFileAttributesW
GetLastError
WritePrivateProfileStringW
GetModuleFileNameW
GetTempPath2W
CreateDirectoryW
DeleteFileW
CreateThread
FreeLibrary
GetProcAddress
LoadLibraryExW
lstrcmpiW
lstrcpynW
ReleaseActCtx
CreateActCtxW
FormatMessageW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
VirtualProtect
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetStartupInfoW
Sleep
LocalAlloc

gdi32

GetDeviceCaps

user32

DialogBoxParamW
MessageBoxIndirectW
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
SendDlgItemMessageW
LoadImageW
GetSystemMetrics
GetClientRect
DestroyIcon
EndDialog
SetDlgItemTextW
SetWindowTextW
InvalidateRect
SendMessageW
SetWindowLongPtrW
GetWindowLongPtrW
ReleaseDC
GetDC
GetDlgItem
EnableWindow
CharUpperBuffW
DispatchMessageW
GetMessageW
SetProcessDPIAware
PostThreadMessageW
SetForegroundWindow
IsWindow
CharPrevW
CharNextW
LoadStringW

msvcrt

memcmp
memcpy
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_commode
_fmode
_wcmdln
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_vsnwprintf
wcstol
wcscpy_s
realloc
wcscat_s
malloc
free
__C_specific_handler
memset

ole32

StringFromIID
CoRevokeClassObject
CoRegisterClassObject
StringFromCLSID
CoTaskMemAlloc
PropVariantClear
StringFromGUID2
CoTaskMemFree
CoCreateGuid
CoAllowSetForegroundWindow
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemRealloc

oleaut32

SysAllocString
VarUI4FromStr
RegisterTypeLi
SysAllocStringLen
SysStringLen
SysFreeString
LoadTypeLi

shell32

SHFileOperationW
ExtractIconExW

shlwapi

PathAppendW
PathParseIconLocationW

scansetting

GetDefaultProfileScan

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wiawow64.exe
.exe windows:10 windows x64 arch:x64

f08c9b92f54219f5598849d1cd014f28

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wiawow64.pdb

Imports

advapi32

RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegCloseKey

kernel32

GetProcAddress
FreeLibrary
LoadLibraryExW
LocalFree
lstrlenW
CompareStringW
PurgeComm
LocalAlloc
EscapeCommFunction
CloseHandle
SetCommMask
lstrcmpiW
ReadFile
WriteFile
CreateFileW
GetLastError
ClearCommError
SetCommTimeouts
HeapFree
SetLastError
ExpandEnvironmentStringsW
GetModuleFileNameW
SetFilePointer
SetEndOfFile
UnlockFileEx
GetCurrentThreadId
GetFileInformationByHandle
HeapAlloc
GetLocalTime
GetTimeFormatW
LockFileEx
GetProcessHeap
GetModuleHandleW
WideCharToMultiByte
GetDateFormatW
FlushFileBuffers
GetStartupInfoW
Sleep
HeapSetInformation
SetupComm
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
RtlCaptureContext
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount

user32

CharNextW
PostQuitMessage
GetMessageW
DispatchMessageW
TranslateMessage

msvcrt

memcpy
_XcptFilter
_callnewh
malloc
wcsrchr
_vscwprintf
_vsnwprintf
__CxxFrameHandler3
?terminate@@YAXXZ
_commode
_fmode
_acmdln
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
free
_amsg_exit
__C_specific_handler
memset

oleaut32

SysFreeString

ole32

FreePropVariantArray
CoInitializeSecurity
CoRegisterClassObject
CLSIDFromString
CoCreateInstance
CoUninitialize
PropVariantClear
CoInitialize
CoTaskMemFree

cfgmgr32

CM_Get_DevNode_Status

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiOpenDevRegKey
SetupDiOpenDeviceInterfaceRegKey
SetupDiEnumDeviceInterfaces

scansetting

GetImageDialog

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wifitask.exe
.exe windows:10 windows x64 arch:x64

aad5413b7dda238005c58d800c05a583

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:af:7a:15:c8:e6:50:70:94:11:4b:28:73:a1:9b:55:24:ad:af:e7:9d:9a:b2:d7:41:52:36:65:53:a0:1d:4f
Signer

Actual PE Digest

6a:af:7a:15:c8:e6:50:70:94:11:4b:28:73:a1:9b:55:24:ad:af:e7:9d:9a:b2:d7:41:52:36:65:53:a0:1d:4f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WiFiTask.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wmemcpy_s
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__crt_atexit
_o___std_exception_destroy
_o__configure_wide_argv
_o__configthreadlocale
_o__exit
_o___std_exception_copy
_o__cexit
_o__callnewh
_o___p__commode
_o___p___wargv
_o___p___argc
__std_terminate
__CxxFrameHandler4
_o__errno
wcsstr
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
memcpy

api-ms-win-crt-string-l1-1-0

memset
strcmp
wcsnlen
wcscmp

api-ms-win-security-base-l1-1-0

GetTokenInformation
MakeAbsoluteSD
CopySid

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW
LoadStringW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolCleanupGroup
CloseThreadpoolTimer
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
SetEvent
CreateEventW
WaitForSingleObject
CreateEventExW
ResetEvent
OpenEventW
EnterCriticalSection

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentThreadId
OpenProcessToken
OpenThreadToken
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
CoInitializeEx
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoUninitialize
CoInitializeSecurity

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage
UnregisterTraceGuids

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

VariantClear
SysAllocString
SysFreeString
VariantInit

ntdll

RtlGetDeviceFamilyInfoEnum
RtlIsMultiSessionSku
RtlPublishWnfStateData

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

httpapi

HttpCreateServerSession
HttpCloseUrlGroup
HttpCloseServerSession
HttpReceiveHttpRequest
HttpSetUrlGroupProperty
HttpRemoveUrlFromUrlGroup
HttpCreateUrlGroup
HttpAddUrlToUrlGroup
HttpCreateRequestQueue
HttpCloseRequestQueue
HttpTerminate
HttpSendHttpResponse
HttpInitialize

wlanapi

WlanSetProfile
WlanConnect
WlanOpenHandle
WlanDeleteProfile
WlanCloseHandle
WlanRegisterNotification
WlanSetProfileEapXmlUserData
WlanFreeMemory
WlanSetProfileMetadata
WlanEnumInterfaces

api-ms-win-core-file-l1-1-0

ReadFile
CreateFileW
WriteFile

api-ms-win-core-namedpipe-l1-1-0

ConnectNamedPipe
SetNamedPipeHandleState

api-ms-win-core-io-l1-1-0

GetOverlappedResult

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

webservices

WsFreeError
WsSetOutputToBuffer
WsGetErrorProperty
WsCreateHeap
WsGetErrorString
WsFlushWriter
WsWriteStartElement
WsReadStartElement
WsCreateServiceProxyFromTemplate
WsCall
WsWriteChars
WsCreateWriter
WsReadToStartElement
WsCloseServiceProxy
WsGetReaderNode
WsMoveReader
WsFreeServiceProxy
WsCreateXmlBuffer
WsFreeReader
WsReadChars
WsGetFaultErrorProperty
WsCreateReader
WsOpenServiceProxy
WsCreateServiceProxy
WsSetInputToBuffer
WsFreeHeap
WsWriteEndElement
WsCreateError
WsFreeWriter

crypt32

CryptDecodeObjectEx
CertFreeCertificateChainEngine
CertCloseStore
CertFreeCertificateChain
CertOpenStore
CryptStringToBinaryW
CertVerifyCertificateChainPolicy
CertFindExtension
CertCreateCertificateChainEngine
CertGetCertificateChain

rpcrt4

UuidToStringW
RpcStringFreeW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

iphlpapi

GetAdaptersInfo

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wimserv.exe
.exe windows:10 windows x64 arch:x64

fb1c25c45310c75d7cc78a0ab0119a9e

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:3d:77:fd:d4:7a:50:d5:63:67:10:18:dc:3f:23:75:56:20:0c:84:5f:b5:70:76:ed:00:18:d1:c9:78:10:8e
Signer

Actual PE Digest

04:3d:77:fd:d4:7a:50:d5:63:67:10:18:dc:3f:23:75:56:20:0c:84:5f:b5:70:76:ed:00:18:d1:c9:78:10:8e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wimserv.pdb

Imports

msvcrt

memmove
_purecall
iswspace
memmove_s
qsort
wcschr
_onexit
_unlock
_lock
?terminate@@YAXXZ
_commode
wcsstr
_strnicmp
strncpy_s
memcpy_s
_fmode
_wcmdln
strcpy_s
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
_wcsnicmp
_vsnwprintf
_wcsicmp
memcpy
swscanf_s
towupper
wcsrchr
wcsncmp
_vscwprintf
malloc
memcmp
__set_app_type
_callnewh
free
__dllonexit
__wgetmainargs
_amsg_exit
_XcptFilter
memset

ntdll

DbgPrintEx
NtYieldExecution
RtlRaiseStatus
RtlReAllocateHeap
RtlAllocateHeap
RtlGetCompressionWorkSpaceSize
RtlCompressBuffer
RtlDecompressBufferEx
NtQueryEaFile
NtSetEaFile
RtlFindAceByType
RtlSetControlSecurityDescriptor
RtlFreeHeap
NtClose
RtlDosPathNameToNtPathName_U
RtlGetLastNtStatus
NtQuerySecurityObject
NtQueryVolumeInformationFile
RtlImpersonateSelf
NtQueryInformationProcess
NtCreateFile
NtSetInformationFile
NtQueryInformationFile
RtlGetPersistedStateLocation
RtlNtStatusToDosError
RtlDeleteResource
RtlReleaseResource
RtlAcquireResourceShared
RtlAcquireResourceExclusive
RtlInitializeResource
RtlAdjustPrivilege
NtSetSecurityObject
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

rpcrt4

RpcStringFreeW
UuidFromStringW
I_RpcMapWin32Status
RpcMgmtStopServerListening
RpcServerRegisterAuthInfoW
NdrServerCall2
UuidToStringW
RpcServerUseProtseqEpW
UuidCreate
RpcServerListen
RpcRevertToSelf
RpcImpersonateClient
RpcMgmtWaitServerListen
RpcServerRegisterIf
NdrServerCallAll

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
LeaveCriticalSection
WaitForSingleObject
CreateMutexW
AcquireSRWLockExclusive
EnterCriticalSection
ResetEvent
ReleaseSRWLockExclusive
ReleaseMutex
ReleaseSemaphore
WaitForMultipleObjectsEx
InitializeCriticalSection
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

DuplicateHandle
GetHandleInformation
CloseHandle

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentProcess
TlsSetValue
TlsFree
OpenThreadToken
GetCurrentThread
GetCurrentThreadId
TlsAlloc
SetThreadToken
GetStartupInfoW
CreateThread
TlsGetValue
GetCurrentProcessId
TerminateProcess

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
FreeLibrary
GetProcAddress
GetModuleHandleExW
LoadLibraryExA
GetModuleHandleW
LoadLibraryExW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GlobalMemoryStatusEx
GetTickCount
GetSystemInfo
GetSystemTimeAsFileTime

bcrypt

BCryptOpenAlgorithmProvider
BCryptHashData
BCryptFinishHash
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptCreateHash

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-file-l1-1-0

GetVolumeInformationW
RemoveDirectoryW
DeleteFileW
SetFilePointerEx
CreateDirectoryW
SetEndOfFile
GetFileAttributesW
CreateFileW
GetFinalPathNameByHandleW
GetFullPathNameW
FlushFileBuffers
SetFilePointer
WriteFile
GetFileInformationByHandle
LockFileEx
UnlockFileEx
ReadFile
FindClose
FindFirstFileW
LocalFileTimeToFileTime
SetFileTime
GetVolumePathNameW
SetFileInformationByHandle
GetLongPathNameW
GetFileSizeEx
FindNextFileW
GetDriveTypeW
SetFileAttributesW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW
GetTempPathW

api-ms-win-security-base-l1-1-0

InitializeSecurityDescriptor
AddAccessAllowedAceEx
InitializeAcl
GetLengthSid
SetSecurityDescriptorDacl
GetTokenInformation
AddAccessAllowedAce
EqualSid
AdjustTokenPrivileges
AllocateAndInitializeSid
RevertToSelf
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorControl
GetSecurityDescriptorLength
GetAclInformation
FreeSid

api-ms-win-core-processthreads-l1-1-3

SetThreadIdealProcessor

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegQueryValueExW

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
GetEnvironmentVariableW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW
WaitForMultipleObjects

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
VirtualProtect
MapViewOfFile
UnmapViewOfFile
VirtualQuery

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-l2-1-0

CharUpperW

api-ms-win-core-kernel32-legacy-l1-1-0

DosDateTimeToFileTime

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileSectionW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 448KB - Virtual size: 445KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wininit.exe
.exe windows:10 windows x64 arch:x64

f2a24d44b58c4a23d796bf6063f86937

Code Sign

33:00:00:04:49:80:8e:a7:5d:6e:2d:36:87:00:00:00:00:04:49
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/08/2023, 18:38

Not After

07/08/2024, 18:38

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

72:09:f8:f1:41:4f:54:43:05:d3:55:e8:7d:52:a8:c0:a6:30:29:3a:70:54:b9:d6:b5:db:eb:85:f9:11:59:89
Signer

Actual PE Digest

72:09:f8:f1:41:4f:54:43:05:d3:55:e8:7d:52:a8:c0:a6:30:29:3a:70:54:b9:d6:b5:db:eb:85:f9:11:59:89

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wininit.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
wcsnlen
wcsncmp
wcscmp
strncmp

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm
_c_exit
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__ultow_s
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
_o__wcsupr
memmove
_o_exit
_o_free
_o_malloc
_o_memcpy_s
_o_strcpy_s
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstoul
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
wcsrchr
wcsstr
_o__get_narrow_winmain_command_line
_o__exit
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__C_specific_handler
wcschr
memcmp
memcpy

ntdll

RtlEnterCriticalSection
RtlUnhandledExceptionFilter
RtlLeaveCriticalSection
RtlAllocateAndInitializeSid
EtwEventActivityIdControl
RtlInitializeCriticalSection
NtSetInformationThread
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlFreeSid
RtlSetDaclSecurityDescriptor
RtlLengthSid
NtAdjustPrivilegesToken
NtAllocateLocallyUniqueId
NtQueryInformationToken
NtPrivilegeObjectAuditAlarm
RtlAdjustPrivilege
NtPowerInformation
RtlCompareUnicodeString
NtPrivilegeCheck
NtOpenThreadToken
RtlCapabilityCheckForSingleSessionSku
RtlInitUnicodeStringEx
NtOpenEvent
RtlSubscribeWnfStateChangeNotification
NtSetEvent
ZwQuerySystemInformation
RtlInitializeSid
NtReleaseMutant
RtlSubAuthoritySid
RtlAppendUnicodeToString
RtlFreeUnicodeString
RtlGetCurrentDirectory_U
RtlLengthRequiredSid
RtlAddAccessAllowedAce
RtlQueryEnvironmentVariable_U
NtCreateMutant
RtlUnlockBootStatusData
ZwClose
NtWaitForSingleObject
ZwDeviceIoControlFile
ZwCreateFile
ZwOpenFile
RtlAppendUnicodeStringToString
ZwReadFile
ZwSetInformationFile
ZwQueryInformationFile
RtlWriteRegistryValue
ZwUnloadDriver
ZwLoadDriver
RtlSetEnvironmentVariable
ZwDeleteKey
ZwOpenKey
RtlIsMultiSessionSku
RtlRemovePrivileges
NtOpenProcessToken
NtShutdownSystem
NtSetThreadExecutionState
RtlGetActiveConsoleId
CsrClientCallServer
RtlDeregisterWaitEx
NtQueryInformationProcess
RtlDestroyEnvironment
RtlCreateEnvironment
RtlGetCurrentServiceSessionId
WinSqmIsOptedIn
RtlUnsubscribeWnfNotificationWaitForCompletion
NtSetValueKey
NtCreateKey
RtlRegisterWait
NtClose
NtCreateUserProcess
RtlCreateProcessParametersEx
RtlDosPathNameToNtPathName_U_WithStatus
NtCreateEvent
NtQuerySystemEnvironmentValueEx
RtlInitUnicodeString
RtlAllocateHeap
RtlFreeHeap
RtlPublishWnfStateData
RtlGetSystemBootStatus
RtlNtStatusToDosError
EtwEventEnabled
EtwEventWrite
NtQuerySystemInformation
EtwEventWriteTransfer
EtwEventUnregister
WinSqmAddToStream
NtSystemDebugControl
RtlCaptureContext
EtwEventRegister
EtwEventSetInformation
NtSetInformationProcess
RtlSetThreadIsCritical
RtlSetProcessIsCritical
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlIsStateSeparationEnabled
EtwEventWriteStartScenario
NtCreateWnfStateName
ZwSetSystemInformation
RtlGUIDFromString
RtlStringFromGUID
ZwQueryAttributesFile
ZwWaitForSingleObject
ZwQueryKey
ZwReleaseMutant
ZwOpenMutant
ZwQuerySymbolicLinkObject
ZwQueryDirectoryObject
ZwOpenSymbolicLinkObject
ZwOpenDirectoryObject
RtlLengthSecurityDescriptor
RtlSetOwnerSecurityDescriptor
ZwLoadKey
RtlAddAccessAllowedAceEx
ZwDeleteValueKey
ZwSaveKey
ZwEnumerateKey
ZwQueryValueKey
ZwSetSecurityObject
ZwUnloadKey
ZwSetValueKey
LdrGetProcedureAddress
LdrGetDllHandle
ZwQueryInformationProcess
RtlInitAnsiString
ZwDeleteFile
ZwOpenProcess
ZwAllocateUuids
NtOpenProcessTokenEx
NtOpenThreadTokenEx
RtlImpersonateSelf
NtDeleteWnfStateName
NtOpenSymbolicLinkObject
NtOpenKey
NtQuerySymbolicLinkObject
NtDeviceIoControlFile
NtOpenFile
NtQueryValueKey
NtQueryBootEntryOrder
NtQueryBootOptions
NtTranslateFilePath
NtOpenDirectoryObject
NtQueryDirectoryObject
NtEnumerateBootEntries
ZwCreateKey

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetProcAddress
FindResourceExW
GetModuleFileNameA
LoadResource
GetModuleHandleW
LoadLibraryExW
FreeLibrary
LockResource
LoadLibraryExA
GetModuleFileNameW
GetModuleHandleExA

api-ms-win-core-synch-l1-1-0

SetEvent
EnterCriticalSection
InitializeCriticalSection
CreateMutexExW
CreateSemaphoreExW
AcquireSRWLockShared
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
SleepEx
ReleaseMutex
ReleaseSRWLockShared
DeleteCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
CreateEventW
OpenSemaphoreW
WaitForMultipleObjectsEx
ResetEvent

api-ms-win-core-heap-l1-1-0

HeapDestroy
GetProcessHeap
HeapAlloc
HeapCreate
HeapFree
HeapSetInformation

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetErrorMode
SetLastError

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

CreateRemoteThread
DeleteProcThreadAttributeList
InitializeProcThreadAttributeList
GetStartupInfoW
TerminateProcess
SetPriorityClass
CreateProcessW
OpenProcessToken
GetCurrentThread
CreateProcessAsUserW
GetCurrentProcessId
SetThreadPriority
GetExitCodeProcess
UpdateProcThreadAttribute
CreateThread
GetCurrentProcess
GetCurrentThreadId
ResumeThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegGetValueW
RegDeleteValueW
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegSetValueExW
RegUnLoadKeyW
RegQueryValueExA
RegQueryValueExW
RegDeleteTreeW
RegEnumValueW

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetWindowsDirectoryW
GetComputerNameExW
GetSystemTimeAsFileTime
GetVersionExW
GetTickCount

api-ms-win-core-file-l1-1-0

CompareFileTime
ReadFile
GetShortPathNameW
FindClose
FindFirstFileW
CreateDirectoryW
CreateFileW
GetFileAttributesW
FindFirstVolumeW
GetDriveTypeW
DeleteFileW
FindNextVolumeW
FindVolumeClose

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
SetEnvironmentVariableW

api-ms-win-security-base-l1-1-0

CheckTokenMembership
DuplicateTokenEx
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
SetTokenInformation
SetKernelObjectSecurity
CreateWellKnownSid
GetSecurityDescriptorControl
EqualSid
ImpersonateLoggedOnUser
RevertToSelf
GetTokenInformation
GetSecurityDescriptorSacl
SetFileSecurityW

rpcrt4

NdrClientCall3
RpcStringBindingComposeW
RpcMgmtIsServerListening
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoExW
NdrServerCallAll
RpcImpersonateClient
RpcBindingCreateW
RpcRevertToSelf
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
I_RpcExceptionFilter
RpcBindingFree
RpcServerListen
RpcBindingToStringBindingW
NdrServerCall2
RpcBindingServerFromClient
RpcServerInqCallAttributesW
RpcStringBindingParseW
RpcAsyncInitializeHandle
RpcEpRegisterW
UuidFromStringW
RpcServerInqBindings
RpcServerRegisterAuthInfoW
RpcExceptionFilter
Ndr64AsyncServerCallAll
NdrAsyncServerCall
RpcStringFreeW
RpcServerRegisterIf3
RpcServerTestCancel
I_RpcBindingIsClientLocal
RpcAsyncAbortCall
Ndr64AsyncClientCall
RpcBindingUnbind
RpcServerUnregisterIf
RpcAsyncCancelCall
RpcBindingCopy
RpcAsyncCompleteCall
RpcBindingBind
RpcEpUnregister
RpcBindingVectorFree
RpcServerUseProtseqW
RpcServerInqDefaultPrincNameW

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
LocalReAlloc

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy
OpenProcess

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
ControlTraceW
StartTraceW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
QueueUserWorkItem
CreateTimerQueueTimer

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

profapi

ord104
ord101
ord102

kernelbase

WTSGetServiceSessionId

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-file-l1-2-4

GetTempPath2W

crypt32

CertFindCertificateInStore
CertGetCertificateContextProperty
CertFindExtension
CertFreeCertificateContext
CertDuplicateCertificateContext
CryptBinaryToStringW
CryptDecodeObjectEx
CertCloseStore
CertOpenStore

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-rtlsupport-l1-1-0

RtlCompareMemory

Sections

.text
Size: 392KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winload.exe
.dll windows:0 windows x64 arch:x64

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:ae:21:ae:12:e9:c8:7f:0b:9d:e2:90:fb:39:07:b8:e2:06:b2:84:93:ba:80:db:66:69:4c:95:66:7f:26:d2
Signer

Actual PE Digest

52:ae:21:ae:12:e9:c8:7f:0b:9d:e2:90:fb:39:07:b8:e2:06:b2:84:93:ba:80:db:66:69:4c:95:66:7f:26:d2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

winload_prod.pdb

Exports

Exports

AhCreateLoadOptionsString
AhGetArcDevice
ArchBuildKernelGdt
ArchGetGdtRegister
BlAllocateSlabPages
BlAmdSlGetEnabledFeatures
BlAmdSlGetTaCommands
BlAmdSlGetTaParameterRegisters
BlAppCheckDependency
BlAppSetDependency
BlAppendBootOptionBoolean
BlAppendBootOptionString
BlAppendUnicodeToString
BlArchCpuId
BlArchDetectSmt
BlArchGetCpuVendor
BlArchGetPerformanceCounter
BlArchIsCpuIdFunctionSupported
BlArchIsFiveLevelPagingActive
BlArchIsShadowStackSupported
BlArchKernelSetup
BlArchQueryIoPortAccessSupported
BlArchSetSecrets
BlBdDebugTransitionsEnabled
BlBdDebuggerConnected
BlBdGetBootDebugDevice
BlBdGetExtensionName
BlBdGetHvDebugDevice
BlBdGetMacAddressFromSmBiosUuid
BlBdGetPciDevicePath
BlBdInitializeDeviceDescriptor
BlBdInitializeDeviceDescriptorEx
BlBdInitializeTransportExtension
BlBdLoadImageSymbols
BlBdPatchIdt
BlBdReleaseDebuggingDevice
BlBdSetupDebugDevice
BlBdSetupDebuggingDevice
BlBdStart
BlBdStop
BlBdUpdateSharedHypervisorDebugDevice
BlBootOptionExists
BlBsdCloseLog
BlBsdLogEntry
BlCopyBootOptions
BlCopyStringToUnicodeString
BlCopyStringToWcharString
BlCopyUnicodeStringToUnicodeString
BlCopyWcharStringToString
BlDeviceClose
BlDeviceCompare
BlDeviceGetInformation
BlDeviceGetIoInformation
BlDeviceOpen
BlDeviceSetInformation
BlDisplayFreeOemBitmap
BlDisplayGetOemBitmap
BlDisplayInvalidateOemBitmap
BlEnNotifyEvent
BlFileClose
BlFileCopyFile
BlFileExists
BlFileGetInformation
BlFileLoad
BlFileOpen
BlFileReadAtOffsetEx
BlFileReadEx
BlFileSetInformation
BlFileWrite
BlFveCheckPermission
BlFwGetAcpiMemoryMap
BlFwGetSystemTable
BlFwQueryEfiRuntimeVaRange
BlFwReboot
BlFwServicesAvailable
BlGetApplicationEntry
BlGetApplicationIdentifier
BlGetBootDevice
BlGetBootOptionBoolean
BlGetBootOptionDevice
BlGetBootOptionInteger
BlGetBootOptionString
BlGetDevice
BlGetDeviceIdentifier
BlGetExecutionEnvironment
BlGetLogicalProcessorCount
BlGetProcessorApicIds
BlImgFindSection
BlImgGetNtHeader
BlImgGetPEImageSize
BlImgGetSigningPolicy
BlImgGetWhqlEnforcementDateTime
BlImgIsBootUpgradedPlatform
BlImgIsUpgradeInProgress
BlImgIsUpgradedPlatform
BlImgIsWhqlDeveloperTestModeEnabled
BlImgIsWhqlDisabledBySetting
BlImgIsWhqlEnabledBySetting
BlImgIsWinPE
BlImgLoadImageWithProgress2
BlImgLoadPEImageEx
BlImgLoadPEImageWithPolicyValidatedHash
BlImgParseOsRevocationList
BlImgQueryCodeIntegrityBootOptions
BlImgRegisterCodeIntegrityCatalogDirectory
BlImgRegisterCodeIntegrityCatalogs
BlImgRsaKnownAnswerTest
BlImgSetRestrictedSigning
BlImgSetSigningPolicy
BlImgSetSysDevWhqlPolicy
BlImgSha1KnownAnswerTest
BlImgSha1MonteCarloTest
BlImgTrustCustomSignersForDrivers
BlImgUnLoadImage
BlImgVerifyFontIntegrity
BlIpmiDestroy
BlIpmiGetHwConfig
BlIpmiInitialize
BlIpmiLogCheckPoint
BlLdrBuildImagePath
BlLdrFreeDataTableEntry
BlLdrLoadDll
BlLdrLoadImage
BlLdrPreloadFile
BlLdrPreloadImage
BlLdrUnloadImage
BlLogDestroy
BlLogDiagWrite
BlLogEtwRegister
BlLogEtwWrite
BlLogEtwWriteTransfer
BlLogInitialize
BlLogIsVerboseSELEnabled
BlMmAddEnclavePageRange
BlMmAddPersistentPageRange
BlMmAllocateHeap
BlMmAllocatePages
BlMmAllocatePagesInRange
BlMmAllocatePartitionPhysicalPagesInRangeNuma
BlMmAllocatePhysicalPages
BlMmAllocatePhysicalPagesInRange
BlMmAllocatePhysicalPagesInRangeNuma
BlMmAllocateVirtualPages
BlMmClosePartition
BlMmDisableStaticDescriptors
BlMmDisableUpdates
BlMmEnableStaticDescriptors
BlMmEnableUpdates
BlMmEnumerateAllocations
BlMmFlushTlb
BlMmFreeHeap
BlMmFreePages
BlMmFreePartitionRangeAllocation
BlMmFreePhysicalPages
BlMmFreeVirtualPages
BlMmGetAllocationPages
BlMmGetMemoryMap
BlMmInitMemoryMapHandle
BlMmIsLargePageMapping
BlMmMapIoSpace
BlMmMapPhysicalAddress
BlMmMapPhysicalAddressEx
BlMmOpenPartition
BlMmPersistAllocation
BlMmProcessBadPageList
BlMmQueryLargePageSize
BlMmQueryTranslationType
BlMmRegisterPledgedType
BlMmReleaseMemoryMap
BlMmRemapVirtualAddress
BlMmSetPageProtection
BlMmTranslateEfiMemoryType
BlMmTranslateVirtualAddress
BlMmUnmapVirtualAddress
BlMmUnmapVirtualAddressEx
BlMmUnpersistAllocation
BlMmUnpersistAllocations
BlMmUnprotectAllocation
BlMmUnregisterPledgedType
BlMmUpdatesDisabled
BlMmWalkPageTable
BlMmWriteZeroPte
BlNumaGetNumaMemoryRanges
BlObtainUnusedSlabPages
BlPdAllocateData
BlPdDestroyData
BlPdFreeData
BlPdPersistAllocations
BlPdQueryData
BlPdQueryDataAll
BlPdSaveData
BlPltReadPciConfig
BlPltWritePciConfig
BlRdUnmap
BlRemoveBootOption
BlResourceFindDataFromImage
BlResourceFindMessage
BlResourceGetLanguageMapping
BlSIPolicyCheckPolicyOnDevice
BlSIPolicyDoesActivePolicyGrantPermission
BlSIPolicyLoadAndActivateTemporalPolicy
BlSealSecretToCurrentPcrValues
BlSecureBootGetNonVolatilePrivateVariable
BlSecureBootIgnoreSingleBootOption
BlSecureBootSetVolatilePrivateVariable
BlSetVirtualizationLaunched
BlSiAppLosingTpmAccess
BlSiCloseEnvironment
BlSiEnterInsecureStateEx
BlSiEnvironmentReady
BlSiFlushCurrentMeasurements
BlSiHandleHypervisorLaunchEvent
BlSiLeaveEnvironment
BlSiMeasureOsRevocationList
BlSiPaRecordConfigEvent
BlSiPaRecordDrtmConfigEvent
BlSiPaRecordEvent
BlSiSetDrtmEnvironmentUnsafe
BlStatusError
BlStatusPrint
BlStatusRegisterErrorHandler
BlSvnGetApplicationSvn
BlSvnGetChainStatus
BlSymCryptGetAesBlockCipher
BlSymCryptGetHmacSha256Algorithm
BlTblSetEntry
BlTcbIsDrtmCapable
BlTcgFwSetAndLockMemoryOverwriteRequestControl
BlTimeGetRelativeTime
BlTimeQueryPerformanceCounter
BlTpmGetRandom
BlTpmShutdown
BlTpmStatus
BlTxtGetRlpParkPage
BlTxtGetTprArray
BlUpdateBootOptions
BlUtlCheckSum
BlUtlGetAcpiTable
BlUtlGetAcpiTableOverrides
BlUtlPopulateAcpiTableCache
BlUtlReleaseAcpiTable
BlUtlSetAcpiTableOverrides
BlUtlValidateMemoryRange
BlValidateAmeCertChain
BlVsmCheckSystemPolicy
BlVsmGetSystemPolicy
BlVsmKeysFindKeyMapByType
BlVsmKeysGetCurrentLKeyRefFromArray
BlVsmKeysGetCurrentLKeyRefFromPkg
BlVsmKeysReadAndUnsealBackupLKeyPkg
BlVsmKeysReadAndUnsealLKeyPkg
BlVsmKeysSupportedByPlatform
BlpPdQueryData
BlpPdReleaseData
BlpVsmLKeyCheckBootmgrAuthorityInTcgLog
DbgLoadImageSymbols
DbgPrint
HvlQueryConnection
KdNetGetNetDataSize
KdNetGetParameters
LdrInitSecurityCookie
McGenEventWriteBoot
MinCrypL_HashMemory
MincryptSetWeakCryptoPolicy
OslGenRandomBytes
OslGetControlSubkey
OslGetDrtmSvn
OslGetExportRoutineInModule
OslGetLocalApicId
OslGetStringValueAtKey
OslGetSubkeyAtKey
OslGetValueAtKey
OslIsRunningInSecureKernel
OslLoadMicrocodeUpdate
RtlAnsiStringToUnicodeString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlApplyFunctionOverrideFixupsToImage
RtlApplyHotPatch
RtlAssert
RtlCheckCurrentPatchesApplied
RtlClearAllBits
RtlCompareMemory
RtlCompareUnicodeString
RtlCompareUnicodeStrings
RtlCountRequiredHotPatchAddressTableEntries
RtlEqualUnicodeString
RtlFindClearBits
RtlFindExportedRoutineByName
RtlFindHotPatchBase
RtlFindHotPatchInformation
RtlFindNextForwardRunClear
RtlFreeAnsiString
RtlFreeUnicodeString
RtlGUIDFromString
RtlImageDirectoryEntryToData
RtlImageNtHeaderEx
RtlInitAnsiString
RtlInitFunctionOverrideCapabilities
RtlInitUnicodeString
RtlInitUnicodeStringEx
RtlInitializeBitMap
RtlInitializeBootFeatureConfigurations
RtlInitializeDelayedFeatureUsageReportBuffer
RtlIntegerToUnicodeString
RtlIpv6StringToAddressW
RtlNotifyFeatureUsage
RtlNumberOfSetBits
RtlPrefixUnicodeString
RtlQueryFeatureConfiguration
RtlQueryFeatureConfigurationChangeStamp
RtlRbInsertNodeEx
RtlRbRemoveNode
RtlRegisterFeatureConfigurationChangeNotification
RtlSecureZeroMemory
RtlSetBit
RtlSetBits
RtlSizeOfDelayedFeatureUsageReportBuffer
RtlStringFromGUID
RtlUnicodeStringToAnsiString
RtlUnicodeStringToInteger
RtlUnregisterFeatureConfigurationChangeNotification
RtlUpcaseUnicodeChar
RtlValidateDelayedFeatureUsageReportBuffer
RtlValidateFeatureConfigurationBuffer
RtlValidateFeatureUsageSubscriptionBuffer
RtlValidateHotPatchBase
SIPolicyClearAllActivePolicy
SIPolicyDeletePersistentVariable
SIPolicyGetOptions
SIPolicyGetPolicyHandle
SIPolicyGetPolicyInfoFromType
SIPolicyGetSerializedPolicies
SIPolicyGetSerializedPoliciesSize
SIPolicyHashActiveCodeExecutionPolicies
SIPolicyInvalidateEAsOnRebootEnabled
SIPolicyIsPolicyActive
SIPolicyIsSamePolicyID
SIPolicyIsSignedPolicyRequired
SIPolicySetTrialMode
SIPolicyUmciEnabled
SbArePolicyOptionsSet
SbDoesActivePolicyGrantPermission
SbFreeFileData
SbGetKernelPolicyPackage
SbGetSizeOfKernelPolicyPackage
SbIsDebugPolicyActive
SbIsEnabled
SbIsEnabled2
SbIsPolicyActive
SbIsTestRootTrusted
SbIsTestSigningBlocked
SbLoadFile
SbValidateSkuUnlockToken
SipaGetDataPointers
SipaQueueConfigEntry
SipaQueueConfigEntryToQueue
SipaReadPcrsByMask
SipapAppendEntry
SipapCreateQueue
SymCryptGcmAuthPart
SymCryptGcmDecryptFinal
SymCryptGcmDecryptPart
SymCryptGcmEncryptFinal
SymCryptGcmEncryptPart
SymCryptGcmExpandKey
SymCryptGcmInit
SymCryptHmacSha256
SymCryptHmacSha256ExpandKey
SymCryptHmacSha512Selftest
SymCryptInit
SymCryptMarvin32
SymCryptMarvin32ExpandSeed
SymCryptRdrandGet
SymCryptRdrandStatus
SymCryptRdseedGet
SymCryptRdseedStatus
SymCryptRngAesFips140_2Generate
SymCryptRngAesFips140_2Instantiate
SymCryptRngAesFips140_2Uninstantiate
SymCryptRngAesGenerateSelftest
SymCryptRngAesInstantiateSelftest
SymCryptRngAesReseedSelftest
SymCryptSha1
SymCryptSha256
SymCryptSha256Append
SymCryptSha256Init
SymCryptSha256Result
SymCryptSha512
SymCryptSha512Append
SymCryptSha512Init
SymCryptSha512Result
SymCryptSp800_108
TpmApiCheckSecureNVIndex20
TpmApiCreateSecureNVIndex20
TpmApiCreateSrk20
TpmApiGetKeyPublicProperty20
TpmApiGetTpmVersion
TpmApiReadPublic20
TpmApiSeal20Ex
TpmApiTestAes256Capability20
TpmApiTestRsa3kCapability20
TpmApiUnsealEx
__GSHandlerCheck
__chkstk
_snwscanf_s
_stricmp
_strupr
_vsnprintf
_wcsicmp
_wcsnicmp
_wcstoui64
_wcsupr
bsearch
memcmp
memcpy
memmove
memset
qsort
rsa_construction_fips186_3
rsa_decryption
rsa_destruction
rsa_encryption
rsa_export
rsa_export_sizes
sprintf_s
strcat_s
strchr
strcmp
strcpy_s
strncmp
strnlen
strstr
swprintf_s
wcscat_s
wcscmp
wcscpy_s
wcsncmp
wcsnlen
wcsrchr
wcsstr

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGER32C
Size: 1024B - Virtual size: 729B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRANSIT
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGECMRC
Size: 512B - Virtual size: 106B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winlogon.exe
.exe windows:10 windows x64 arch:x64

2a4a62b9bc065d3302b5e2e678378697

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

winlogon.pdb

Imports

msvcrt

free
wcsrchr
wcspbrk
_vsnprintf_s
_vsnwprintf
malloc
_callnewh
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_wcslwr_s
_exit
_cexit
_ismbblead
_CxxThrowException
wcsstr
_wcsdup
__setusermatherr
_initterm
_acmdln
_fmode
_commode
_lock
_unlock
exit
wcschr
_vscwprintf
rand
__dllonexit
_onexit
wcstok
wcscat_s
memmove
memcpy
memcmp
_local_unwind
sprintf_s
__CxxFrameHandler3
?terminate@@YAXXZ
memset
??1type_info@@UEAA@XZ
_get_errno
_set_errno
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
__CxxFrameHandler4
_tolower
wcscpy_s
_wcsicmp
_wtoi
_wcsnicmp
_ultow
__C_specific_handler
memmove_s
_purecall
memcpy_s
iswspace
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FindResourceExW
FreeLibrary
GetProcAddress
GetModuleHandleExW
LockResource
GetModuleHandleExA
GetModuleFileNameW
LoadResource
LoadLibraryExW
LoadStringW
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
SleepConditionVariableSRW
WakeAllConditionVariable
Sleep
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
TryAcquireSRWLockExclusive
CreateEventW
CreateMutexW
SleepEx
ReleaseMutex
ResetEvent
OpenSemaphoreW
WaitForSingleObjectEx
InitializeCriticalSectionEx
LeaveCriticalSection
CreateMutexExW
OpenEventW
TryEnterCriticalSection
AcquireSRWLockShared
ReleaseSRWLockExclusive
DeleteCriticalSection
AcquireSRWLockExclusive
ReleaseSemaphore
EnterCriticalSection
InitializeCriticalSection
WaitForSingleObject
SetEvent
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree
HeapSetInformation
HeapSize

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
SetUnhandledExceptionFilter
SetLastError
RaiseException
UnhandledExceptionFilter
GetLastError

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
CreateThreadpool
SetThreadpoolThreadMaximum
SubmitThreadpoolWork
CloseThreadpoolTimer
TrySubmitThreadpoolCallback
SetThreadpoolThreadMinimum
CreateThreadpoolCleanupGroup
CloseThreadpoolWork
SetThreadpoolTimer
CloseThreadpoolCleanupGroup
CreateThreadpoolTimer
CloseThreadpoolCleanupGroupMembers
CloseThreadpool
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

DeleteProcThreadAttributeList
GetCurrentProcessId
CreateProcessAsUserW
CreateRemoteThread
CreateThread
SetThreadToken
CreateProcessW
UpdateProcThreadAttribute
GetStartupInfoW
GetCurrentThread
GetExitCodeProcess
GetCurrentProcess
ResumeThread
OpenProcessToken
TerminateProcess
SetPriorityClass
SetThreadPriority
GetProcessId
GetCurrentThreadId
InitializeProcThreadAttributeList

api-ms-win-core-localization-l1-2-0

GetThreadUILanguage
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegGetValueA
RegCreateKeyExW
RegFlushKey
RegDeleteTreeW
RegSetKeySecurity
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegGetValueW
RegDeleteValueW
RegDeleteKeyExW
RegCloseKey
RegOpenCurrentUser
RegNotifyChangeKeyValue

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
OpenProcess

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
ControlTraceW
StartTraceW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalReAlloc
LocalFree

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
CompareStringW

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-memory-l1-1-1

VirtualUnlock
GetProcessWorkingSetSizeEx
VirtualLock
SetProcessWorkingSetSizeEx

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
SearchPathW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetSystemTime
GetSystemWindowsDirectoryW
GetVersionExW
GetTickCount
GetLocalTime

api-ms-win-security-base-l1-1-0

GetTokenInformation
RevertToSelf
GetSidIdentifierAuthority
DuplicateToken
ImpersonateLoggedOnUser
GetLengthSid
CopySid
IsValidSid
CreateWellKnownSid
AdjustTokenPrivileges
EqualSid
SetTokenInformation
CreateRestrictedToken
GetSecurityDescriptorDacl
FreeSid
AllocateLocallyUniqueId
DuplicateTokenEx
CheckTokenMembership

rpcrt4

RpcMgmtIsServerListening
RpcStringFreeW
RpcBindingCopy
RpcAsyncCancelCall
Ndr64AsyncClientCall
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcAsyncInitializeHandle
RpcBindingUnbind
RpcServerInqCallAttributesW
RpcServerTestCancel
RpcServerUseProtseqEpW
NdrServerCall2
Ndr64AsyncServerCallAll
NdrServerCallAll
NdrAsyncServerCall
RpcRaiseException
RpcServerInqBindings
RpcEpRegisterW
RpcEpUnregister
RpcServerListen
RpcServerRegisterIfEx
RpcServerUnregisterIf
RpcServerUseProtseqW
I_RpcBindingIsClientLocal
RpcBindingVectorFree
RpcServerUnsubscribeForNotification
RpcServerSubscribeForNotification
NdrClientCall3
RpcStringBindingComposeW
RpcBindingFree
I_RpcExceptionFilter
RpcBindingBind
UuidFromStringW
RpcBindingCreateW
RpcRevertToSelf
RpcImpersonateClient
I_RpcBindingInqLocalClientPID
UuidCreate
UuidToStringW
RpcAsyncAbortCall
I_RpcMapWin32Status
RpcAsyncCompleteCall

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemAlloc
CoUninitialize
CoTaskMemFree
CoGetMalloc
CoTaskMemRealloc
CoInitializeEx

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-power-base-l1-1-0

PowerDeterminePlatformRoleEx

api-ms-win-core-file-l1-1-0

CreateFileW
GetShortPathNameW
GetFileAttributesW
CompareFileTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-shutdown-l1-1-1

InitiateShutdownW

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW
StartServiceW

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx
NotifyServiceStatusChangeW
QueryServiceConfigW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlCompareMemory
RtlLookupFunctionEntry

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
GetTraceEnableFlags
UnregisterTraceGuids
GetTraceLoggerHandle
RegisterTraceGuidsW

api-ms-win-security-credentials-l1-1-0

CredFree
CredUnmarshalCredentialW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW
LookupAccountNameW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-job-l2-1-0

SetInformationJobObject
TerminateJobObject
QueryInformationJobObject
AssignProcessToJobObject
CreateJobObjectW

api-ms-win-security-lsapolicy-l1-1-0

LsaStorePrivateData
LsaOpenPolicy
LsaClose
LsaQueryInformationPolicy
LsaFreeMemory

api-ms-win-core-appcompat-l1-1-0

BaseInitAppcompatCacheSupport

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-security-credentials-l2-1-0

CredReadByTokenHandle

api-ms-win-base-bootconfig-l1-1-0

NotifyBootConfigStatus

api-ms-win-eventlog-legacy-l1-1-0

RegisterEventSourceW
DeregisterEventSource
ReportEventW
GetEventLogInformation

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem
DeleteTimerQueueTimer
CreateTimerQueueTimer
UnregisterWaitEx

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
GetComputerNameW
UnregisterWait

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsRelativeW

api-ms-win-core-registry-l2-1-0

RegCreateKeyW
RegOpenKeyW

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

kernelbase

CreateProcessInternalW
AppContainerDeriveSidFromMoniker

ntdll

WinSqmIsOptedIn
NtCreateEvent
RtlAddAce
RtlSetDaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
NtAdjustPrivilegesToken
NtDuplicateToken
RtlUnhandledExceptionFilter
NtQueryInformationProcess
NtSetInformationThread
NtDeviceIoControlFile
WinSqmEndSession
RtlInitializeResource
RtlAcquireResourceExclusive
RtlReleaseResource
RtlDeleteResource
NtGetCachedSigningLevel
WinSqmSetString
NtOpenEvent
NtSetEvent
RtlGetCurrentServiceSessionId
NtDeleteWnfStateName
NtCreateWnfStateName
RtlQueryResourcePolicy
__isascii
isupper
wcstok_s
_vsnprintf
RtlGetNtProductType
RtlSetSystemBootStatus
RtlRemovePrivileges
RtlpVerifyAndCommitUILanguageSettings
NtSetInformationProcess
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
NtShutdownSystem
RtlCompareUnicodeString
RtlCreateEnvironment
TpReleaseTimer
TpWaitForTimer
TpAllocTimer
TpSetTimer
NtOpenThreadToken
NtOpenFile
RtlAppendUnicodeToString
NtOpenDirectoryObject
RtlFreeSid
NtSetSecurityObject
RtlSetSaclSecurityDescriptor
RtlAddMandatoryAce
RtlCreateAcl
RtlCreateSecurityDescriptor
RtlAllocateAndInitializeSid
RtlDestroyEnvironment
RtlCopySid
RtlNtStatusToDosErrorNoTeb
RtlSetEnvironmentVariable
RtlQueryEnvironmentVariable_U
RtlExpandEnvironmentStrings_U
RtlInitUnicodeStringEx
RtlGetAce
NtSetIRTimer
NtCreateIRTimer
NtSetInformationToken
NtCreateToken
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
TpAllocWait
WinSqmSetDWORD
TpPostWork
TpAllocWork
RtlUnsubscribeWnfNotificationWaitForCompletion
TpReleaseWork
TpWaitForWork
TpReleaseWait
TpWaitForWait
TpSetWait
NtFilterToken
NtInitiatePowerAction
RtlAdjustPrivilege
RtlPublishWnfStateData
RtlLengthSid
EtwEventWriteStartScenario
EtwEventWriteEndScenario
RtlInitUnicodeString
NtAllocateLocallyUniqueId
RtlDeregisterWait
RtlRegisterWait
RtlTimeToSecondsSince1980
WinSqmAddToStream
TpSimpleTryPost
RtlEqualSid
EtwEventEnabled
EtwEventWrite
RtlCopyLuid
NtPowerInformation
EtwEventActivityIdControl
RtlGetActiveConsoleId
RtlInitString
NtQuerySystemInformation
NtSystemDebugControl
NtQueryInformationToken
NtOpenProcessToken
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlFreeUnicodeString
RtlNtStatusToDosError
RtlDuplicateUnicodeString
NtClose
RtlOpenCurrentUser
EtwTraceMessage
EtwEventRegister
EtwEventUnregister
EtwEventWriteTransfer
EtwEventSetInformation
WinSqmStartSession

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoActivateInstance

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 668KB - Virtual size: 666KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winresume.exe
.exe windows:0 windows x64 arch:x64

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:aa:e2:37:af:8f:bc:b3:b0:32:95:43:c6:b4:a3:9a:97:7e:24:8f:f8:85:b1:39:eb:69:bd:8e:48:86:b6:a9
Signer

Actual PE Digest

54:aa:e2:37:af:8f:bc:b3:b0:32:95:43:c6:b4:a3:9a:97:7e:24:8f:f8:85:b1:39:eb:69:bd:8e:48:86:b6:a9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

PDB Paths

winresume.pdb

Sections

.text
Size: 1010KB - Virtual size: 1010KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRANSIT
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGER32C
Size: 1024B - Virtual size: 729B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winrs.exe
.exe windows:10 windows x64 arch:x64

06da253f6c30746637f78e3734a18d6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

winrs.pdb

Imports

msvcrt

memcpy
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_commode
__CxxFrameHandler4
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
malloc
isdigit
_wcsnicmp
free
_strnicmp
_purecall
_snwscanf_s
_wcsicmp
_vsnwprintf
_fmode
memset

api-ms-win-core-file-l1-1-0

ReadFile
GetFileType
WriteFile

api-ms-win-core-console-l1-1-0

SetConsoleMode
SetConsoleCtrlHandler
GetConsoleCP
GetConsoleMode
WriteConsoleW
ReadConsoleW
GetConsoleOutputCP

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapDestroy
HeapSetInformation

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
SetEvent
WaitForMultipleObjectsEx
DeleteCriticalSection
EnterCriticalSection
CreateEventW
LeaveCriticalSection
InitializeCriticalSection

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
SetStdHandle
GetCommandLineW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ExitProcess
CreateThread
TerminateProcess

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableFlags
TraceMessage
GetTraceEnableLevel

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-localization-l1-2-0

SetThreadPreferredUILanguages
FormatMessageW

api-ms-win-core-io-l1-1-0

CancelIoEx

api-ms-win-core-libraryloader-l1-1-0

LoadLibraryExW
LoadStringW
GetModuleHandleW

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-console-l2-1-0

WriteConsoleInputA

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

wsmsvc

?Alloc@WSManMemory@@SAPEAX_KHW4_NitsFaultMode@@@Z
WSManRunShellCommand
WSManCloseSession
WSManSetSessionOption
WSManDeinitialize
WSManCloseCommand
??0AutoLibrary@@QEAA@PEAUHINSTANCE__@@@Z
??1?$AutoDeleteVector@E@@QEAA@XZ
??1?$AutoDeleteVector@D@@QEAA@XZ
??1AutoLibrary@@QEAA@XZ
??1?$AutoDeleteVector@PEBG@@QEAA@XZ
??4?$AutoDeleteVector@PEBG@@QEAAAEAV0@PEAPEBG@Z
??0?$AutoDeleteVector@PEBG@@QEAA@XZ
??0?$AutoDeleteVector@D@@QEAA@PEAD@Z
??0?$AutoDeleteVector@E@@QEAA@PEAE@Z
WSManInitialize
WSManCloseOperation
??1CWSManCriticalSection@@QEAA@XZ
WSManSignalShell
WSManReceiveShellOutput
?Free@WSManMemory@@SAXPEAXH@Z
WSManCreateShell
WSManCreateSession
WSManCloseShell
WSManSendShellInput

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

??1CWSManCriticalSectionWithConditionVar@@QEAA@XZ
?GetInitError@CWSManCriticalSection@@QEBAKXZ

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winrshost.exe
.exe windows:10 windows x64 arch:x64

f4493eae4a8fb993b9a0b1f77fb558e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

winrshost.pdb

Imports

msvcrt

_lock
_unlock
_ismbblead
_exit
__dllonexit
?terminate@@YAXXZ
_commode
_fmode
exit
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_onexit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
mbtowc
_wcsicmp
memcpy
memset

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSetInformation
HeapCreate
HeapDestroy
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableFlags
TraceMessage

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
WaitForSingleObjectEx
SetEvent
InitializeCriticalSection
CreateEventW

api-ms-win-core-console-l1-1-0

SetConsoleMode
SetConsoleCtrlHandler
GetConsoleMode
AllocConsole

api-ms-win-core-kernel32-legacy-l1-1-0

GetConsoleWindow

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
CreateProcessW
GetStartupInfoW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-console-l2-1-0

SetConsoleCP
GenerateConsoleCtrlEvent
SetConsoleOutputCP
WriteConsoleInputW

api-ms-win-core-localization-l1-2-0

SetThreadPreferredUILanguages

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winver.exe
.exe windows:10 windows x64 arch:x64

92be77a081419d46930eeb51bf20d61b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

winver.pdb

Imports

kernel32

HeapSetInformation
FileTimeToLocalFileTime
GetTimeFormatW
GetModuleHandleW
GetDateFormatW
FileTimeToSystemTime

user32

LoadStringW

msvcrt

_commode
_fmode
_wcmdln
?terminate@@YAXXZ
_XcptFilter
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__C_specific_handler

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetStartupInfoW
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

shell32

ShellAboutW

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wkspbroker.exe
.exe windows:10 windows x64 arch:x64

0827a72290c6c99eecb592c538c1b7b1

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e2:37:56:7c:4e:15:30:6b:95:e4:23:2c:f1:0a:3d:8c:8d:37:29:b8:16:6b:a6:fd:18:b1:80:76:ed:32:ca:f2
Signer

Actual PE Digest

e2:37:56:7c:4e:15:30:6b:95:e4:23:2c:f1:0a:3d:8c:8d:37:29:b8:16:6b:a6:fd:18:b1:80:76:ed:32:ca:f2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wkspbroker.pdb

Imports

advapi32

RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
TraceMessage
RegQueryValueExW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
AllocateAndInitializeSid
FreeSid
IsTextUnicode
CopySid
OpenProcessToken
GetLengthSid
GetTokenInformation
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegEnumValueW
RegGetValueW
EventActivityIdControl

kernel32

LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetFileSize
CheckTokenCapability
CreateEventW
Sleep
SetEvent
GetCommandLineW
GetThreadLocale
WaitForSingleObject
GetCurrentProcessId
CloseHandle
ReadFile
GetFileSizeEx
CreateFileW
GlobalGetAtomNameW
QueryFullProcessImageNameW
GetProcessId
OpenProcess
GetPackageFamilyName
CreateThread
SetFilePointer
GetFileAttributesW
GetSystemTime
SystemTimeToFileTime
LoadLibraryW
CreateDirectoryW
GetTempPathW
ExpandEnvironmentStringsW
GetACP
CreateSemaphoreExW
CreateMutexExW
CompareStringOrdinal
CreateThreadpoolTimer
OpenSemaphoreW
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
AcquireSRWLockShared
AcquireSRWLockExclusive
WaitForSingleObjectEx
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
ReleaseMutex
SetLastError
IsDebuggerPresent
FormatMessageW
LCMapStringW
ReleaseSemaphore
DebugBreak
GetProcessHeap
LocalFree
HeapAlloc
OutputDebugStringW
LocalAlloc
GetModuleHandleExW
HeapFree
GetModuleFileNameA
OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
WideCharToMultiByte
SetFileAttributesW
CompareStringW
WriteFile
GetModuleHandleExA
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
FindResourceExW
LoadResource
SizeofResource
MultiByteToWideChar
RaiseException
lstrcmpiW
GetModuleHandleW
LoadLibraryExW
GetProcAddress
GetLastError

user32

CharLowerW
UnregisterClassA
ord2521
GetPropW
GetWindowThreadProcessId
PostThreadMessageW
CharLowerBuffW
GetClassNameW
IsWindow
EnumChildWindows
GetForegroundWindow
AllowSetForegroundWindow
PostMessageW
CharNextW
DispatchMessageW
TranslateMessage
GetMessageW
CharUpperW
GetWindowBand

msvcrt

__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_wcsicmp
??0exception@@QEAA@XZ
_vsnprintf_s
_wcslwr_s
towlower
wcstol
wcstok_s
wcstombs_s
wcschr
_initterm
toupper
wcsstr
__CxxFrameHandler4
??_V@YAXPEAX@Z
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_errno
realloc
_lock
_unlock
__dllonexit
_onexit
??3@YAXPEAX@Z
memcmp
memcpy
memmove
memset
_wcmdln
_fmode
_commode
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
memmove_s
wcscat_s
wcscpy_s
?what@exception@@UEBAPEBDXZ
_purecall
_vsnwprintf
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
memcpy_s
free
malloc
wcsncpy_s
__C_specific_handler
wcscmp

ole32

CoRevertToSelf
CoRevokeClassObject
CoRegisterClassObject
StringFromGUID2
CoInitialize
CreateStreamOnHGlobal
CoUninitialize
CoGetInterfaceAndReleaseStream
CoInitializeEx
CoMarshalInterThreadInterfaceInStream
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoImpersonateClient
CoGetCallContext

oleaut32

VarUI4FromStr
SysAllocString
VarBstrCat
SysStringLen
SysAllocStringLen
SysFreeString
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayUnlock
SafeArrayDestroy
SafeArrayCreate
SafeArrayRedim
SafeArrayLock
SysStringByteLen
SysAllocStringByteLen
UnRegisterTypeLi
LoadTypeLi
RegisterTypeLi

shell32

ShellExecuteExW

shlwapi

StrChrW
PathQuoteSpacesW
PathRemoveFileSpecW

radcui

ord2
ord1

wininet

InternetGetCookieW

ntdll

RtlFreeHeap
NtQueryInformationToken
RtlInitUnicodeString
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlEqualSid

normaliz

IdnToAscii

iphlpapi

ParseNetworkString

crypt32

CryptMsgOpenToDecode
CertGetEnhancedKeyUsage
CertGetCertificateChain
CertFindExtension
CryptProtectData
CertFreeCertificateContext
CertFreeCertificateChain
CertDuplicateCertificateContext
CertDuplicateCertificateChain
CertGetCertificateContextProperty
CryptSignMessage
CryptVerifyDetachedMessageSignature
CertCloseStore
CertVerifyCertificateChainPolicy
CryptDecodeObject
CryptMsgUpdate
CertOpenStore
CryptMsgClose
CryptBinaryToStringW
CryptStringToBinaryW

Sections

.text
Size: 220KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wksprt.exe
.exe windows:10 windows x64 arch:x64

090e8d75f5db02ec98e57cc6d68747ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wksprt.pdb

Imports

advapi32

RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
EventActivityIdControl
TraceMessage
RegQueryValueExW
RegNotifyChangeKeyValue
RegGetValueW
RegEnumValueW
RegDeleteTreeW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegSetKeyValueW
IsTextUnicode
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW

kernel32

RaiseException
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
WaitForSingleObject
GetModuleHandleExA
CreateTimerQueue
DeleteTimerQueueEx
CreateTimerQueueTimer
lstrcmpiW
GetModuleHandleW
LoadLibraryExW
GetProcAddress
GetLastError
FreeLibrary
InitializeCriticalSection
LeaveCriticalSection
GetVersionExW
FormatMessageW
EnterCriticalSection
ReleaseSemaphore
DebugBreak
TlsFree
TlsAlloc
OutputDebugStringW
GetModuleFileNameA
GetModuleHandleExW
LoadLibraryA
GetSystemTime
SystemTimeToFileTime
LoadLibraryW
LocalFree
CompareStringOrdinal
LocalAlloc
ExpandEnvironmentStringsW
GetACP
ReadFile
GetFileSize
SetFilePointer
WriteFile
GetFileAttributesW
CreateFileW
OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
GetProcessHeap
DecodePointer
HeapAlloc
MapViewOfFile
CreateFileMappingW
LCIDToLocaleName
UnmapViewOfFile
GetLocaleInfoW
GetUserDefaultUILanguage
GetLocaleInfoEx
GetSystemDefaultUILanguage
CreateSemaphoreExW
CreateMutexExW
DeleteCriticalSection
TerminateThread
CreateThread
CreateEventW
SearchPathW
GetCurrentProcessId
CompareStringW
SetEvent
DeleteTimerQueueTimer
WideCharToMultiByte
HeapFree
WaitForMultipleObjects
GetTimeFormatW
VirtualFree
GetDateFormatW
GetCurrentThreadId
DeleteFileW
GetSystemWindowsDirectoryW
Sleep
GetCurrentProcess
VirtualAlloc
LoadLibraryExA
GetCommandLineW
IsDebuggerPresent
EncodePointer
SetLastError
GetTempPath2W
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
CloseHandle

user32

GetActiveWindow
EndDialog
GetClientRect
GetDlgItem
SendMessageW
GetWindowLongPtrW
CreateDialogParamW
TrackPopupMenuEx
SetWindowTextW
PostMessageW
PostThreadMessageW
AllowSetForegroundWindow
CharNextW
CallWindowProcW
DialogBoxParamW
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
SetWindowLongPtrW
CharUpperW
DefWindowProcW
DestroyMenu
InsertMenuItemW
CreatePopupMenu
ShowWindow
LoadStringW
UnregisterClassW
UnregisterClassA
LoadIconW
RegisterWindowMessageW
EnableMenuItem
GetMenuItemCount
GetMenuItemInfoW
RemoveMenu
EndMenu
PostQuitMessage
GetCursorPos
SetForegroundWindow
GetSystemMenu

msvcrt

??1exception@@UEAA@XZ
wcsncpy_s
malloc
free
memcpy_s
??0exception@@QEAA@AEBV0@@Z
_wcsicmp
_vsnwprintf
swscanf
swprintf_s
_resetstkoflw
_purecall
calloc
wcscat_s
?what@exception@@UEBAPEBDXZ
memmove_s
wcscpy_s
_wfopen_s
_errno
fputws
fclose
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_CxxThrowException
__CxxFrameHandler3
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
??0exception@@QEAA@AEBQEBD@Z
__setusermatherr
_initterm
_wcmdln
_wcslwr_s
towlower
wcstol
wcstok_s
wcstombs_s
toupper
_fmode
_commode
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
realloc
_lock
_unlock
__dllonexit
_onexit
memmove
memcpy
memcmp
wcsncmp
_wcsnicmp
memset
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler4
_cexit
??3@YAXPEAX@Z

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateGuid
CoCreateInstance
CoUninitialize
CoInitializeEx
CoResumeClassObjects
StringFromGUID2
CoRevokeClassObject
CoSuspendClassObjects
CoRegisterClassObject

oleaut32

SysFreeString
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
SafeArrayRedim
SafeArrayCreate
SafeArrayDestroy
SafeArrayLock
SafeArrayUnlock
SafeArrayGetVartype
VariantInit
VariantClear
LoadTypeLi
LoadRegTypeLi
SafeArrayGetLBound
SafeArrayGetUBound
SysStringLen
SysAllocString
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
VarBstrCmp

comctl32

InitCommonControlsEx

shell32

SHCreateItemInKnownFolder
SHGetIDListFromObject
ShellExecuteExW
ord155
ShellExecuteW
Shell_NotifyIconW

crypt32

CertCloseStore
CryptVerifyDetachedMessageSignature
CryptSignMessage
CertGetCertificateContextProperty
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertFreeCertificateChain
CertFreeCertificateContext
CryptMsgOpenToDecode
CryptMsgUpdate
CryptMsgClose
CryptBinaryToStringW
CryptProtectData
CryptDecodeObject
CertGetEnhancedKeyUsage
CertGetCertificateChain
CertFindExtension
CryptStringToBinaryW
CertVerifyCertificateChainPolicy
CertOpenStore

webservices

WsCall
WsAddMappedHeader
WsCreateError
WsCreateHeap
WsCreateServiceProxy
WsOpenServiceProxy
WsFreeError
WsCloseServiceProxy
WsFreeServiceProxy
WsFreeHeap
WsGetErrorString
WsGetErrorProperty

shlwapi

ord388
PathRemoveFileSpecW
PathIsContentTypeW

wininet

InternetCanonicalizeUrlW
InternetCombineUrlW

normaliz

IdnToAscii

iphlpapi

ParseNetworkString

Sections

.text
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wlanext.exe
.exe windows:10 windows x64 arch:x64

1d3b6671c13d5ab37840f806c274ed8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wlanext.pdb

Imports

msvcrt

exit
__setusermatherr
_exit
__wgetmainargs
_amsg_exit
memset
_wtoi64
memcpy
_initterm
_fmode
_cexit
_commode
?terminate@@YAXXZ
_XcptFilter
__C_specific_handler
__set_app_type
wcscmp

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceEnableLevel
TraceMessage
GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableFlags

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentProcess
OpenProcessToken
GetCurrentProcessId
ExitProcess
TerminateProcess
OpenThreadToken
GetCurrentThreadId
CreateThread

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-security-base-l1-1-0

GetTokenInformation
CopySid
AdjustTokenPrivileges
EqualSid
GetLengthSid
IsValidSid

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-synch-l1-1-0

CreateEventW
InitializeCriticalSection
ResetEvent
LeaveCriticalSection
DeleteCriticalSection
EnterCriticalSection
WaitForSingleObject
SetEvent

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueue
ChangeTimerQueueTimer
QueueUserWorkItem
CreateTimerQueueTimer
DeleteTimerQueueEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-file-l1-1-0

WriteFile
CreateFileW
ReadFile

ntdll

RtlStringFromGUID
RtlNtStatusToDosError
NtDeviceIoControlFile
RtlFreeUnicodeString
NtWaitForSingleObject

api-ms-win-core-kernel32-legacy-l1-1-0

BindIoCompletionCallback

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wlrmdr.exe
.exe windows:10 windows x64 arch:x64

5300f56b60921830a01f38ba09708878

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a5:df:33:b6:2f:9d:16:9a:46:40:5f:c1:73:f5:9f:57:4a:4f:b5:39:74:72:42:fb:25:60:d0:57:db:19:d2:6b
Signer

Actual PE Digest

a5:df:33:b6:2f:9d:16:9a:46:40:5f:c1:73:f5:9f:57:4a:4f:b5:39:74:72:42:fb:25:60:d0:57:db:19:d2:6b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wlrmdr.pdb

Imports

advapi32

EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
RegOpenKeyExW
RegGetValueW
RegCloseKey
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
CreateWellKnownSid
StartServiceW
OpenServiceW
GetTokenInformation

kernel32

FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
GetCurrentThreadId
CreateThreadpoolTimer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
RaiseException
WaitForMultipleObjectsEx
GetTickCount
CreateEventExW
SetEvent
InitOnceBeginInitialize
InitOnceComplete
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
LocalAlloc
GetSystemTimeAsFileTime
LocalFree
CreateWaitableTimerW
SetWaitableTimer
RegisterWaitForSingleObject
UnregisterWaitEx
HeapSetInformation
GetCommandLineW
CreateEventW
OpenProcess
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
ReleaseMutex
SetThreadpoolTimer
ProcessIdToSessionId
ResolveDelayLoadedAPI
DelayLoadFailureHook

user32

PostThreadMessageW
DispatchMessageW
GetProcessWindowStation
LoadCursorW
SetCursor
TranslateMessage
PostQuitMessage
PeekMessageW
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
GetSystemMetrics
CreateWindowExW
SetForegroundWindow
DestroyWindow
LoadIconW
GetUserObjectInformationW
DestroyIcon
EnableWindow
GetThreadDesktop
LoadStringW
GetAncestor

msvcrt

memcmp
?terminate@@YAXXZ
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_acmdln
__C_specific_handler
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_wtol
_wtoi
wcsstr
wcschr
memmove_s
_purecall
memcpy_s
_vsnwprintf
_initterm
memset

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoCreateInstance
CoGetApartmentType
CoWaitForMultipleHandles
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsCreateStringReference
WindowsDeleteString
WindowsIsStringEmpty

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoInitialize
RoGetActivationFactory
RoUninitialize

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

sspicli

GetUserNameExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask

ntdll

NtQuerySystemInformation
NtQueryInformationProcess
RtlCompareUnicodeString
RtlNtStatusToDosError

ole32

CoInitialize

rpcrt4

RpcAsyncInitializeHandle
RpcBindingFromStringBindingW
RpcStringBindingComposeW
I_RpcExceptionFilter
RpcAsyncCompleteCall
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcAsyncCancelCall
RpcBindingFree
Ndr64AsyncClientCall

shell32

ShellExecuteW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wowreg32.exe
.exe windows:10 windows x64 arch:x64

e0b82ae16e37abdbbb63253901d0042d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wowreg32.pdb

Imports

msvcrt

_exit
exit
_cexit
_wcsicmp
__C_specific_handler
__setusermatherr
_initterm
_fmode
_commode
?terminate@@YAXXZ
_vsnwprintf
__iob_func
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
fwprintf
wcsrchr
fprintf

kernel32

MapViewOfFile
GetProcessHeap
HeapAlloc
GetSystemInfo
RaiseException
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
VirtualProtect
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
SetLastError
GetCommandLineW
OpenEventW
OpenFileMappingW
UnmapViewOfFile
GetLastError
SetEvent
CloseHandle
LoadLibraryW
ResetEvent
SetCurrentDirectoryW
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery

ntdll

DbgPrintEx

setupapi

SetupWriteTextLog

shell32

CommandLineToArgvW

user32

PeekMessageW
MsgWaitForMultipleObjectsEx
TranslateMessage
DispatchMessageW
LoadStringW

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wpnpinst.exe
.exe windows:10 windows x64 arch:x64

76cdf45a365fde68f967242e4e3f72a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wpnpinst.pdb

Imports

kernel32

WriteFile
RemoveDirectoryW
SetFileTime
SetFilePointer
FindClose
CreateFileW
GetVersionExW
GetSystemDirectoryW
SetFileAttributesW
MultiByteToWideChar
FormatMessageW
LocalFileTimeToFileTime
GetLastError
GlobalAlloc
DeleteFileW
GlobalFree
CloseHandle
LoadLibraryW
HeapSetInformation
GetCurrentDirectoryW
SetCurrentDirectoryW
FindFirstFileW
MoveFileExW
FreeLibrary
WideCharToMultiByte
GetTempFileNameW
GetTempPath2W
DosDateTimeToFileTime
lstrcmpiW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
GetTickCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
Sleep
FindNextFileW
ReadFile
GetProcAddress
CreateDirectoryW

user32

LoadStringW

msvcrt

memcpy
_fmode
_wcmdln
__C_specific_handler
_initterm
?terminate@@YAXXZ
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
wcsrchr
wcsstr
wcschr
_wcslwr
__setusermatherr
_commode
_XcptFilter
memset

winspool.drv

UploadPrinterDriverPackageW

cabinet

ord20
ord22
ord23

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wpr.exe
.exe windows:10 windows x64 arch:x64

4b86c86785413f12522c18974750ca44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WPR.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
wcscspn
wcscmp
wcsncmp
wcsspn

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm
_register_thread_local_exe_atexit_callback
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsicmp
_o__wcsnicmp
_o__wfullpath
_o__wtol
_o_abort
_o_calloc
_o_exit
_o_fflush
_o_free
_o_getchar
_o_iswalpha
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcstoul
_o_wmemcpy_s
__current_exception
__current_exception_context
_CxxThrowException
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___stdio_common_vfprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
_o___conio_common_vcprintf
_o___acrt_iob_func
wcsstr
wcsrchr
wcschr
__C_specific_handler
__CxxFrameHandler3
__C_specific_handler_noexcept
memcmp
memcpy

rpcrt4

RpcStringBindingComposeW
RpcBindingFree
Ndr64AsyncClientCall
NdrClientCall3
RpcAsyncCancelCall
RpcAsyncInitializeHandle
RpcExceptionFilter
RpcBindingFromStringBindingW
RpcStringFreeW
RpcAsyncCompleteCall
RpcBindingSetAuthInfoExW

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleW
FreeLibrary
FindResourceExW
LoadResource
GetProcAddress
GetModuleFileNameA
GetModuleFileNameW
LoadLibraryExW
GetModuleHandleExW
LockResource
SizeofResource

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
AcquireSRWLockShared
CreateSemaphoreExW
ReleaseSRWLockShared
WaitForSingleObject
InitializeCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CreateMutexExW
SetEvent
LeaveCriticalSection
ResetEvent
ReleaseSRWLockExclusive
InitializeSRWLock
TryAcquireSRWLockExclusive
ReleaseSemaphore
EnterCriticalSection
InitializeCriticalSectionEx
CreateEventW
ReleaseMutex
InitializeCriticalSectionAndSpinCount

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapReAlloc
GetProcessHeap
HeapAlloc
HeapDestroy
HeapFree
HeapSize

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter
GetLastError
SetLastError
SetErrorMode

api-ms-win-core-com-l1-1-0

CLSIDFromString
IIDFromString
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
StringFromGUID2
CoUninitialize

oleaut32

LoadTypeLi
SysAllocStringLen
LoadRegTypeLi
SysStringLen
SysAllocString
SysFreeString
CreateErrorInfo

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadPreferredUILanguages
SetThreadUILanguage

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
CreateProcessW
GetCurrentProcessId
GetExitCodeProcess
TerminateProcess
GetCurrentProcess
CreateThread

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetLocalTime
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-file-l1-1-0

ReadFile
SetFileAttributesW
DeleteFileW
FindFirstFileW
FlushFileBuffers
CreateDirectoryW
GetFileTime
GetFileSize
GetFileAttributesW
FindNextFileW
CreateFileW
FindClose
RemoveDirectoryW
WriteFile
CreateFileA

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW
PathRemoveFileSpecW
PathSkipRootW
PathAppendW
PathStripPathW
PathFileExistsW
PathAddBackslashW
PathQuoteSpacesW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
WaitForMultipleObjects
FindResourceW

xmllite

CreateXmlReader

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-base-l1-1-0

CreateWellKnownSid

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

api-ms-win-core-wow64-l1-1-0

IsWow64Process
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection

api-ms-win-eventing-controller-l1-1-0

EnumerateTraceGuidsEx
QueryAllTracesW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFileEx

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlGUIDFromString
NtQueryIntervalProfile
NtSetIntervalProfile
RtlFreeUnicodeString
RtlNtStatusToDosError
NtQuerySystemInformation
RtlGetVersion
NtSetInformationFile
RtlStringFromGUID
NtSetSystemInformation
RtlInitUnicodeString
RtlAdjustPrivilege

windowsperformancerecordercontrol

WPRCCreateInstanceUnderInstanceName
WPRCRemoveLogging
WPRCFormatError
WPRCControlLogging

Sections

.text
Size: 232KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
write.exe
.exe windows:10 windows x64 arch:x64

90a23f469ba0443719430cba4569b220

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

write.pdb

Imports

shell32

ShellExecuteW

kernel32

TerminateProcess
GetCurrentProcess
GetStartupInfoW
HeapSetInformation
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
Sleep

msvcrt

_commode
?terminate@@YAXXZ
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wscadminui.exe
.exe windows:10 windows x64 arch:x64

95dfb21a6aa7374716fd58473502a86f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wscadminui.pdb

Imports

msvcrt

_wcsicmp
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter

wscapi

wscLaunchAdminMakeDefaultUI

kernel32

TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wscript.exe
.exe windows:10 windows x64 arch:x64

4996577dd288903ac76aba0a33f90edb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wscript.pdb

Imports

msvcrt

memmove
memcpy
memcmp
wcsncmp
memset
free
_callnewh
malloc
sprintf_s
memmove_s
wcscpy_s
_vsnprintf
memcpy_s
_vsnwprintf
_beginthread
_wcsnicmp
_wcsicmp
_itow
_itow_s
wcsrchr
_endthread
__C_specific_handler
wcscat_s
_swab
swprintf_s
strcpy_s
strcmp

oleaut32

SetErrorInfo
CreateErrorInfo
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayPutElement
SafeArrayCreate
SysStringLen
SysAllocStringLen
SafeArrayCopy
LoadRegTypeLi
SafeArrayGetLBound
SysAllocStringByteLen
SysAllocString
VariantInit
VariantCopy
LoadTypeLi
SafeArrayGetElement
LoadTypeLibEx
VariantChangeType
VariantClear
UnRegisterTypeLi
SysFreeString

kernel32

InitializeCriticalSection
GetCurrentThreadId
HeapReAlloc
DeleteCriticalSection
GetFullPathNameA
GetFullPathNameW
GetCPInfo
GetFileAttributesA
GetModuleHandleA
GetStartupInfoA
ExitProcess
GetLastError
GetACP
GetFileAttributesW
GetModuleFileNameA
FindClose
CreateSemaphoreExW
HeapFree
SetLastError
GetCommandLineW
ReleaseSemaphore
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
CreateFileMappingW
WaitForSingleObject
ReleaseMutex
GetCommandLineA
MultiByteToWideChar
FormatMessageW
ReleaseSRWLockExclusive
EnterCriticalSection
OutputDebugStringW
CloseThreadpoolTimer
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
GetLocaleInfoW
ReleaseSRWLockShared
CreateThreadpoolTimer
HeapAlloc
GetLocaleInfoA
GetProcAddress
CreateMutexExW
AcquireSRWLockShared
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
WideCharToMultiByte
GetPrivateProfileIntW
LoadResource
FindFirstFileA
FindFirstFileW
IsDebuggerPresent
GetPrivateProfileStringW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
FindResourceExW
GetVersionExA
GetPrivateProfileIntA
GetConsoleMode
GetModuleFileNameW
SearchPathW
GetPrivateProfileStringA
GetStdHandle
CreateFileW
CreateEventA
CreateThread
LCIDToLocaleName
UnmapViewOfFile
FreeLibrary
SetEvent
LoadLibraryExW
LocalAlloc
GetVersionExW
LocalFree
GetSystemDefaultUILanguage
FormatMessageA
GetUserDefaultLCID
CreateFileMappingA
GetFileSize
GetLocaleInfoEx
MapViewOfFile
GetUserDefaultUILanguage
LeaveCriticalSection
WriteFile
LoadLibraryExA
SetThreadpoolTimer
GetTempPath2A
CreateFileA
GetSystemDirectoryA
GetTempFileNameA
FlushFileBuffers

user32

MsgWaitForMultipleObjects
GetClassNameA
PostMessageA
PostThreadMessageA
LoadStringA
MsgWaitForMultipleObjectsEx
SetTimer
CharNextA
LoadStringW
RegisterClassA
DefWindowProcA
CreateWindowExA
TranslateMessage
GetMessageA
DispatchMessageA
GetClassInfoA
SendMessageA
GetActiveWindow
EnumThreadWindows
PeekMessageA
GetWindowLongPtrA
KillTimer
PostQuitMessage
GetParent
SetWindowLongPtrA
IsWindowVisible
MessageBoxW

ole32

MkParseDisplayName
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CoInitializeSecurity
CreateFileMoniker
CoGetTreatAsClass
CreateBindCtx
CoRegisterMessageFilter
CoGetMalloc
CoRegisterClassObject
StringFromCLSID
CoCreateInstance
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoInitialize
CoRevokeClassObject

advapi32

RegisterEventSourceW
DeregisterEventSource
GetUserNameW
ReportEventW
LookupAccountNameW
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
IsTextUnicode
RegCreateKeyExA
RegCreateKeyExW
RegCreateKeyA
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegOpenKeyA
RegQueryValueExW
RegSetValueA
RegDeleteKeyA
ImpersonateLoggedOnUser
RegQueryValueA

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoA

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wsl.exe
.exe windows:10 windows x64 arch:x64

c8c621f6e5f92e1182cb904ec911261c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wsl.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__setmode
_o__wsetlocale
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o__get_initial_wide_environment
_o__fileno
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o__beginthreadex
__CxxFrameHandler3
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
memmove

api-ms-win-crt-string-l1-1-0

wcscmp
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameA
FreeLibrary
GetModuleFileNameW
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

TryAcquireSRWLockExclusive
CreateMutexExW
InitializeSRWLock
CreateEventExW
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
LeaveCriticalSection
CreateSemaphoreExW
AcquireSRWLockExclusive
ReleaseSemaphore
CreateEventW
OpenSemaphoreW
WaitForSingleObject
WaitForSingleObjectEx
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseMutex
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
InitializeProcThreadAttributeList
GetExitCodeProcess
UpdateProcThreadAttribute
CreateProcessW
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
DeleteProcThreadAttributeList

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
GetStdHandle

api-ms-win-core-namedpipe-l1-1-0

ConnectNamedPipe
CreateNamedPipeW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
IIDFromString
CoTaskMemFree
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoCreateGuid
CoInitializeSecurity

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-core-file-l1-1-0

WriteFile
GetFileType
CreateFileW
ReadFile

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo
SetConsoleCP
SetConsoleOutputCP
GetConsoleScreenBufferInfoEx
SetConsoleCursorPosition

api-ms-win-core-console-l1-2-1

ClosePseudoConsole
CreatePseudoConsole

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

kernelbase

LocalAlloc

ntdll

RtlStringFromGUID
RtlFreeUnicodeString

ext-ms-win-appmodel-shellexecute-l1-1-0

ShellExecuteExW

api-ms-win-shell-shellfolders-l1-1-0

SHGetKnownFolderPath

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegGetValueW

api-ms-win-core-path-l1-1-0

PathAllocCombine

api-ms-win-core-job-l2-1-0

AssignProcessToJobObject
SetInformationJobObject
CreateJobObjectW

api-ms-win-core-console-l1-1-0

SetConsoleMode
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP
GetConsoleCP

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventWriteTransfer
EventRegister

api-ms-win-core-io-l1-1-0

CancelIoEx
GetOverlappedResult

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-util-l1-1-0

DecodePointer

oleaut32

GetErrorInfo
SysFreeString
SysAllocString
SetErrorInfo
SysStringLen

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wslconfig.exe
.exe windows:10 windows x64 arch:x64

d6fbb83459a83bb12d66ed1540c4d7f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wslconfig.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__exit
_o__fileno
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__setmode
memmove
_o__wsetlocale
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o__configure_wide_argv
_o__configthreadlocale
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o__cexit
_o__callnewh
_o___std_exception_destroy
_o___std_exception_copy
__CxxFrameHandler3
_CxxThrowException
_o___p__commode
_o___p___wargv
_o___p___argc
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
FreeLibrary
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
ReleaseSemaphore
WaitForSingleObject
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
InitializeCriticalSectionEx
WaitForSingleObjectEx
OpenSemaphoreW
CreateEventW
ReleaseSRWLockShared
SetEvent
DeleteCriticalSection
ResetEvent
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockShared
InitializeSRWLock
TryAcquireSRWLockExclusive
CreateMutexExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
GetExitCodeProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeSecurity
CoCreateFreeThreadedMarshaler
CoTaskMemFree
IIDFromString
CoInitializeEx
CoUninitialize

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-shell-shellfolders-l1-1-0

SHGetKnownFolderPath

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-path-l1-1-0

PathAllocCombine

api-ms-win-core-job-l2-1-0

SetInformationJobObject
AssignProcessToJobObject
CreateJobObjectW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister
EventUnregister

oleaut32

GetErrorInfo
SysStringLen
SysAllocString
SetErrorInfo
SysFreeString

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wslg.exe
.exe windows:10 windows x64 arch:x64

84d466aef9eb146bb35230a8e217845f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wslg.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o__configure_wide_argv
_o__configthreadlocale
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o__cexit
_o__callnewh
_o___std_exception_destroy
_o___std_exception_copy
__CxxFrameHandler3
_CxxThrowException
_o___p__commode
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
FreeLibrary
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
ReleaseSemaphore
WaitForSingleObject
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
InitializeCriticalSectionEx
WaitForSingleObjectEx
OpenSemaphoreW
CreateEventW
ReleaseSRWLockShared
SetEvent
DeleteCriticalSection
ResetEvent
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockShared
InitializeSRWLock
TryAcquireSRWLockExclusive
CreateMutexExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
TerminateProcess
GetStartupInfoW
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
GetExitCodeProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeSecurity
CoCreateFreeThreadedMarshaler
CoTaskMemFree
IIDFromString
CoInitializeEx
CoUninitialize

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-shell-shellfolders-l1-1-0

SHGetKnownFolderPath

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-path-l1-1-0

PathAllocCombine

api-ms-win-core-job-l2-1-0

SetInformationJobObject
AssignProcessToJobObject
CreateJobObjectW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister
EventUnregister

oleaut32

GetErrorInfo
SysStringLen
SysAllocString
SetErrorInfo
SysFreeString

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wsmprovhost.exe
.exe windows:10 windows x64 arch:x64

35c50cc7209a454799c998cde17c6e24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wsmprovhost.pdb

Imports

msvcrt

_exit
exit
__set_app_type
__getmainargs
__CxxFrameHandler4
_ismbblead
_onexit
__dllonexit
_unlock
_cexit
_lock
??1type_info@@UEAA@XZ
_XcptFilter
_amsg_exit
?terminate@@YAXXZ
_commode
_fmode
_acmdln
__C_specific_handler
_initterm
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_purecall
__setusermatherr
memset

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
InitializeCriticalSection
DeleteCriticalSection
SetEvent
CreateEventW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-com-l1-1-0

CoRevokeClassObject
CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoRegisterClassObject

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetStartupInfoW

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

wsmsvc

?Alloc@WSManMemory@@SAPEAX_KHW4_NitsFaultMode@@@Z
??1CWSManCriticalSection@@QEAA@XZ
WSManError
CreateProvHost
?Free@WSManMemory@@SAXPEAXH@Z

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

??0?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAA@XZ
??0?$SafeMap_Iterator@VKey@Locale@@K@@QEAA@AEAV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@_N@Z
??0?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAA@AEBV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@_N@Z
??1?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVCListenerOperation@@@@@@QEAA@XZ
??1?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVIOperation@@@@@@QEAA@XZ
??1?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@QEAA@XZ
??1?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAA@XZ
??1?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@QEAA@XZ
??1?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@QEAA@XZ
??1?$SafeMap_Iterator@UPluginKey@@K@@QEAA@XZ
??1?$SafeMap_Iterator@VKey@Locale@@K@@QEAA@XZ
??1?$SafeMap_Lock@PEAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@@@QEAA@XZ
??1?$SafeMap_Lock@PEAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@@@QEAA@XZ
??1?$SafeMap_Lock@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@QEAA@XZ
??1?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAA@XZ
??1?$SafeSet@PEAVCListenerOperation@@@@QEAA@XZ
??1?$SafeSet@PEAVIOperation@@@@QEAA@XZ
??1?$SafeSet_Iterator@PEAVCListenerOperation@@@@QEAA@XZ
??1?$SafeSet_Iterator@PEAVIOperation@@@@QEAA@XZ
??1CWSManCriticalSectionWithConditionVar@@QEAA@XZ
??_7?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVCListenerOperation@@@@@@6B@
??_7?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVIOperation@@@@@@6B@
??_7?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@6B@
??_7?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@6B@
?Acquire@?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@@@UEBAXXZ
?Acquire@?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVCListenerOperation@@@@@@UEBAXXZ
?Acquire@?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@@@UEBAXXZ
?Acquire@?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVIOperation@@@@@@UEBAXXZ
?Acquire@?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@UEBAXXZ
?Acquire@?$SafeMap@UUserKey@@PEAVBlockedRecord@@V?$SafeMap_Iterator@UUserKey@@PEAVBlockedRecord@@@@@@UEBAXXZ
?Acquire@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UEBAXXZ
?Acquire@?$SafeMap@VStringKeyStore@@PEAVServerFullDuplexChannel@@V?$SafeMap_Iterator@VStringKeyStore@@PEAVServerFullDuplexChannel@@@@@@UEBAXXZ
?Acquire@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAAXXZ
?Acquired@?$SafeMap_Lock@PEAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@@@QEAA_NXZ
?Acquired@?$SafeMap_Lock@PEAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@@@QEAA_NXZ
?Acquired@?$SafeMap_Lock@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@QEAA_NXZ
?Acquired@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAA_NXZ
?AsReference@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAAAEAV1@XZ
?Data@?$SafeMap_Iterator@VKey@Locale@@K@@IEBAAEAV?$STLMap@VKey@Locale@@K@@XZ
?DeInitialize@?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@@@UEAA_NAEAVIRequestContext@@@Z
?DeInitialize@?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVCListenerOperation@@@@@@UEAA_NAEAVIRequestContext@@@Z
?DeInitialize@?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@@@UEAA_NAEAVIRequestContext@@@Z
?DeInitialize@?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVIOperation@@@@@@UEAA_NAEAVIRequestContext@@@Z
?DeInitialize@?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@UEAA_NAEAVIRequestContext@@@Z
?DeInitialize@?$SafeMap@UUserKey@@PEAVBlockedRecord@@V?$SafeMap_Iterator@UUserKey@@PEAVBlockedRecord@@@@@@UEAA_NAEAVIRequestContext@@@Z
?DeInitialize@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UEAA_NAEAVIRequestContext@@@Z
?DeInitialize@?$SafeMap@VStringKeyStore@@PEAVServerFullDuplexChannel@@V?$SafeMap_Iterator@VStringKeyStore@@PEAVServerFullDuplexChannel@@@@@@UEAA_NAEAVIRequestContext@@@Z
?GetInitError@CWSManCriticalSection@@QEBAKXZ
?GetMap@?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@QEBAAEAV?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@@@XZ
?GetMap@?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@QEBAAEAV?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@@@XZ
?GetMap@?$SafeMap_Iterator@UPluginKey@@K@@QEBAAEAV?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@XZ
?GetMap@?$SafeMap_Iterator@VKey@Locale@@K@@QEBAAEAV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@XZ
?GetMap@?$SafeMap_Lock@PEAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@@@QEBAAEBV?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@@@XZ
?GetMap@?$SafeMap_Lock@PEAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@@@QEBAAEBV?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@@@XZ
?GetMap@?$SafeMap_Lock@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@QEBAAEBV?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@XZ
?GetMap@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEBAAEBV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@XZ
?Initialize@?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@@@UEAA_NAEAVIRequestContext@@@Z
?Initialize@?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVCListenerOperation@@@@@@UEAA_NAEAVIRequestContext@@@Z
?Initialize@?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@@@UEAA_NAEAVIRequestContext@@@Z
?Initialize@?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVIOperation@@@@@@UEAA_NAEAVIRequestContext@@@Z
?Initialize@?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@UEAA_NAEAVIRequestContext@@@Z
?Initialize@?$SafeMap@UUserKey@@PEAVBlockedRecord@@V?$SafeMap_Iterator@UUserKey@@PEAVBlockedRecord@@@@@@UEAA_NAEAVIRequestContext@@@Z
?Initialize@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UEAA_NAEAVIRequestContext@@@Z
?Initialize@?$SafeMap@VStringKeyStore@@PEAVServerFullDuplexChannel@@V?$SafeMap_Iterator@VStringKeyStore@@PEAVServerFullDuplexChannel@@@@@@UEAA_NAEAVIRequestContext@@@Z
?IsValid@?$SafeMap@VStringKeyStore@@PEAVServerFullDuplexChannel@@V?$SafeMap_Iterator@VStringKeyStore@@PEAVServerFullDuplexChannel@@@@@@QEBA_NXZ
?IsValid@?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@QEBA_NXZ
?IsValid@?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@QEBA_NXZ
?IsValid@?$SafeMap_Iterator@UPluginKey@@K@@QEBA_NXZ
?IsValid@?$SafeMap_Iterator@UUserKey@@PEAVBlockedRecord@@@@QEBA_NXZ
?IsValid@?$SafeMap_Iterator@VKey@Locale@@K@@QEBA_NXZ
?IsValid@?$SafeMap_Iterator@VStringKeyStore@@PEAVServerFullDuplexChannel@@@@QEBA_NXZ
?Release@?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@@@UEBAXXZ
?Release@?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVCListenerOperation@@@@@@UEBAXXZ
?Release@?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@@@UEBAXXZ
?Release@?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVIOperation@@@@@@UEBAXXZ
?Release@?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@UEBAXXZ
?Release@?$SafeMap@UUserKey@@PEAVBlockedRecord@@V?$SafeMap_Iterator@UUserKey@@PEAVBlockedRecord@@@@@@UEBAXXZ
?Release@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UEBAXXZ
?Release@?$SafeMap@VStringKeyStore@@PEAVServerFullDuplexChannel@@V?$SafeMap_Iterator@VStringKeyStore@@PEAVServerFullDuplexChannel@@@@@@UEBAXXZ
?Reset@?$SafeMap_Iterator@VKey@Locale@@K@@QEAAXXZ
?SkipOrphans@?$SafeMap_Iterator@VKey@Locale@@K@@IEAAXXZ

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wsqmcons.exe
.exe windows:10 windows x64 arch:x64

cf044a6a8ebba03fd7a29679767e5281

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wsqmcons.pdb

Imports

msvcrt

_lock
_unlock
__C_specific_handler
_initterm
__dllonexit
__setusermatherr
_onexit
?terminate@@YAXXZ
__CxxFrameHandler3
_ismbblead
_cexit
_exit
exit
__set_app_type
_commode
__getmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
_vsnwprintf
memmove
_acmdln
free
_fmode
memcpy
memset

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
UnregisterTraceGuids
TraceMessage
GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableFlags

api-ms-win-core-file-l1-1-0

FindFirstFileW
FindClose

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
RegCreateKeyExW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation

api-ms-win-core-synch-l1-1-0

CreateMutexW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThread
SetThreadPriority
GetStartupInfoW
GetCurrentThreadId
TerminateProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-downlevel-shlwapi-l2-1-0

SHDeleteKeyW

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wuapihost.exe
.exe windows:10 windows x64 arch:x64

1cc79f8314a839e6f87b12ee994e1c4b

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c5:c1:94:c8:44:48:30:2c:f2:88:d6:df:11:c9:f4:4f:fc:f5:11:6f:b7:44:f5:65:bf:c2:04:ca:08:b7:c6:f9
Signer

Actual PE Digest

c5:c1:94:c8:44:48:30:2c:f2:88:d6:df:11:c9:f4:4f:fc:f5:11:6f:b7:44:f5:65:bf:c2:04:ca:08:b7:c6:f9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wuapihost.pdb

Imports

api-ms-win-core-com-l1-1-0

CoGetClassObject
CoRevokeClassObject
CoWaitForMultipleHandles
CoUninitialize
CoInitializeEx
CoFreeUnusedLibraries
CoRegisterClassObject

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
IsThreadpoolTimerSet
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetErrorMode
RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

CreateEventW
SetEvent
DeleteCriticalSection
InitializeCriticalSectionEx

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
GetModuleHandleW
LoadLibraryExW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlPcToFileHeader
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlUnwindEx
RtlUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetStartupInfoW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-fibers-l1-1-0

FlsSetValue
FlsGetValue
FlsAlloc
FlsFree

api-ms-win-core-util-l1-1-0

EncodePointer

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___p__commode
_o__calloc_base
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__free_base
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_abort
_o_exit
_o_free
_o_malloc
_o_strcpy_s
_o_terminate

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wuauclt.exe
.exe windows:10 windows x64 arch:x64

7f88106d6a8be4bc98d3aba7fa4b6f89

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:dd:80:3f:fc:cf:38:0b:a9:75:9c:a1:9a:9d:b3:f5:5d:f6:14:39:0f:1c:74:e8:54:fa:bf:ff:e2:7a:37:9b
Signer

Actual PE Digest

70:dd:80:3f:fc:cf:38:0b:a9:75:9c:a1:9a:9d:b3:f5:5d:f6:14:39:0f:1c:74:e8:54:fa:bf:ff:e2:7a:37:9b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wuauclt.pdb

Imports

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadResource
GetModuleHandleW
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
DeleteCriticalSection
CreateSemaphoreExW
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
WaitForSingleObject
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
SetLastError
UnhandledExceptionFilter
GetLastError
SetErrorMode

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
GetExitCodeProcess
TerminateProcess
GetStartupInfoW
CreateProcessW
GetCurrentProcessId

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-file-l1-1-0

FindFirstFileW
GetFileSizeEx
FindClose
GetFileAttributesExW
CreateFileW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

ntdll

NtQueryInformationProcess

api-ms-win-crt-private-l1-1-0

_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_abort
_o_exit
_o_free
_o_malloc
_o_terminate
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o__exit
_o__errno
_o____lc_codepage_func
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__free_base
_o__cexit
_o__calloc_base
_o__callnewh

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-featurestaging-l1-1-0

GetFeatureEnabledState
UnsubscribeFeatureStateChangeNotification
RecordFeatureUsage
SubscribeFeatureStateChangeNotification

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwind
RtlLookupFunctionEntry
RtlUnwindEx
RtlCaptureContext
RtlPcToFileHeader
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-fibers-l1-1-0

FlsGetValue
FlsAlloc
FlsFree
FlsSetValue

api-ms-win-core-util-l1-1-0

EncodePointer

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wusa.exe
.exe windows:10 windows x64 arch:x64

cbeb5956a9780dfadbdb4a7b7a1d8925

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wusa.pdb

Imports

advapi32

RegCreateKeyExW
RegSetValueExW
RegCloseKey
InitiateSystemShutdownExW
CreateProcessAsUserW
RegOpenKeyExW
ConvertSidToStringSidW
RegDeleteValueW
RegEnumKeyW
RegQueryValueExW
RegDeleteKeyW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
GetTokenInformation
CopySid
RegDeleteKeyValueW
StartTraceW
EnableTrace
ControlTraceW
CloseTrace
IsValidSid
GetLengthSid
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextW
CryptGenRandom
DecryptFileA
CryptReleaseContext
EventRegister
EventUnregister
EventEnabled
EventWrite

kernel32

GetExitCodeProcess
ProcessIdToSessionId
GetCurrentProcessId
FormatMessageW
GetModuleHandleW
CreateFileW
GetFullPathNameW
GetCurrentProcess
CreateEventW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
EnterCriticalSection
LeaveCriticalSection
CreateDirectoryA
GetFileAttributesA
MultiByteToWideChar
GetSystemDirectoryA
lstrcmpW
DeleteFileW
MoveFileExW
RemoveDirectoryW
OutputDebugStringW
GetFileAttributesW
UnhandledExceptionFilter
GetSystemDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
GetSystemWindowsDirectoryW
CloseHandle
GetExitCodeThread
FindClose
WaitForSingleObject
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCommandLineW
GetLastError
LocalFree
CreateThread
FindFirstFileW
lstrcmpiW
FindNextFileW
Sleep
TerminateProcess

gdi32

GetDeviceCaps
GetStockObject
DeleteDC
GetTextExtentPoint32W
SelectObject
CreateCompatibleDC
DeleteObject
CreateFontIndirectW

user32

ReleaseDC
GetDC
SendDlgItemMessageW
SetRect
GetClientRect
ShowWindow
SystemParametersInfoW
DialogBoxParamW
DestroyAcceleratorTable
TranslateAcceleratorW
CreateAcceleratorTableW
DestroyWindow
ShutdownBlockReasonDestroy
ShutdownBlockReasonCreate
CreateWindowExW
BeginPaint
EndDialog
UpdateWindow
LoadCursorW
LoadIconW
SetWindowLongW
EnableWindow
SetDlgItemTextW
SetFocus
GetDlgItem
EndPaint
PostMessageW
FillRect
RegisterClassExW
DefWindowProcW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
SendMessageW

msvcrt

wcschr
iswdigit
_wcsnicmp
_wcsicmp
_vsnwprintf
wcsrchr
_lock
_commode
memcpy
_wcmdln
_initterm
__setusermatherr
_cexit
_exit
memset
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
free
_callnewh
malloc
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
_fmode
exit
__C_specific_handler
_vsnprintf

oleaut32

VariantInit
SysFreeString
SysAllocString

shell32

ord730
CommandLineToArgvW
ShellExecuteExW

shlwapi

StrToIntExW
PathFindExtensionW

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WinSqmEndSession
WinSqmSetDWORD
WinSqmSetString
WinSqmStartSession

dpx

DpxNewJob

wtsapi32

WTSQueryUserToken

servicingcommon

SczEnsureBackslashTerminated
SczAllocConcat2Sz
SczFree
SczAllocFormatted
SczAlloc
SczAllocPrefixSz
SczAllocConcatSz
SczAllocFromSz

dismapi

DismUnmountImage
DismMountImage
DismInitialize

comctl32

ord344
InitCommonControlsEx

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeEx
CoUninitialize
CoInitializeSecurity
CoTaskMemFree

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xcopy.exe
.exe windows:10 windows x64 arch:x64

1effe65a4f251e4ae9fa8551f9fcdabb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

xcopy.pdb

Imports

msvcrt

__C_specific_handler
_wcsnicmp
towupper
exit
?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_wgetenv

ulib

?Initialize@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
??0ARGUMENT_LEXEMIZER@@QEAA@XZ
?Initialize@STRING_ARRAY@@QEAAEKKK@Z
??0STRING_ARRAY@@QEAA@XZ
?ConvertToUTC@TIMEINFO@@QEAAEXZ
?Initialize@TIMEINFO@@QEAAXPEBV1@@Z
??0TIMEINFO@@QEAA@XZ
?Initialize@STRING_ARGUMENT@@QEAAEPEAD@Z
??1STRING_ARGUMENT@@UEAA@XZ
??0STRING_ARGUMENT@@QEAA@XZ
?TruncateNameAtColon@PATH@@QEAAXXZ
?AppendBase@PATH@@QEAAEPEBVWSTRING@@E@Z
??1PATH@@UEAA@XZ
?Initialize@PATH@@QEAAEPEBGE@Z
?Initialize@PATH@@QEAAEPEBVWSTRING@@E@Z
?Initialize@PATH@@QEAAEPEBV1@E@Z
??0PATH@@QEAA@XZ
?QueryString@WSTRING@@QEBAPEAV1@KK@Z
?Initialize@WSTRING@@QEAAEPEBV1@KK@Z
?Initialize@WSTRING@@QEAAEPEBGK@Z
?Initialize@WSTRING@@QEAAEPEBDK@Z
?PathWasTooBig@PATH@@QEAAEXZ
?Truncate@WSTRING@@QEAAKK@Z
?Strchr@WSTRING@@QEBAKGK@Z
?Strupr@WSTRING@@QEAAPEAV1@XZ
?Strcmp@WSTRING@@QEBAJPEBV1@@Z
?GetWSTR@WSTRING@@QEBAPEBGXZ
?QueryChAt@WSTRING@@QEBAGK@Z
?QueryChCount@WSTRING@@QEBAKXZ
?QueryResourceString@BASE_SYSTEM@@SAEPEAVWSTRING@@KPEBDZZ
?ExitProgram@PROGRAM@@SAXK@Z
?FindFirstFileW@@YAPEAXPEBVPATH@@PEAU_WIN32_FIND_DATAW@@@Z
?Copy@FSN_FILE@@QEBAEPEAVPATH@@PEAW4_COPY_ERROR@@KP6AKT_LARGE_INTEGER@@222KKPEAX33@Z3PEAH@Z
?Resize@FSTRING@@UEAAEK@Z
??0FSTRING@@QEAA@XZ
?DisplaySystemError@SYSTEM@@SAXKH@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?QueryDriveType@SYSTEM@@SA?AW4DRIVE_TYPE@@PEBVWSTRING@@@Z
?RemoveNode@SYSTEM@@SAEPEAPEAVFSNODE@@E@Z
?MakeDirectory@SYSTEM@@SAPEAVFSN_DIRECTORY@@PEBVPATH@@0PEAW4_COPY_ERROR@@P6AKT_LARGE_INTEGER@@222KKPEAX33@Z3PEAHK@Z
??OTIMEINFO@@QEBAEV0@@Z
?GetNext@FSN_DIRECTORY@@QEAAPEAVFSNODE@@PEAPEAXPEAK@Z
?IsEmpty@FSN_DIRECTORY@@QEBAEXZ
?DeleteDirectory@FSN_DIRECTORY@@QEAAEXZ
?CreateDirectoryPath@FSN_DIRECTORY@@QEBAPEAV1@PEBVPATH@@@Z
??0PROGRAM@@IEAA@XZ
?ValidateVersion@PROGRAM@@UEBAXKK@Z
?Usage@PROGRAM@@UEBAXXZ
?GetStandardError@PROGRAM@@UEAAPEAVSTREAM@@XZ
?GetStandardOutput@PROGRAM@@UEAAPEAVSTREAM@@XZ
?GetStandardInput@PROGRAM@@UEAAPEAVSTREAM@@XZ
?Fatal@PROGRAM@@UEBAXXZ
?Fatal@PROGRAM@@UEBAXKKPEADZZ
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@@Z
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@PEADZZ
??1PROGRAM@@UEAA@XZ
?Initialize@PROGRAM@@QEAAEKKK@Z
?Initialize@CLASS_DESCRIPTOR@@QEAAEPEBD@Z
??0CLASS_DESCRIPTOR@@QEAA@XZ
?UseAlternateName@FSNODE@@QEAAEXZ
?SetAttributes@FSNODE@@QEAAEKPEAK@Z
?GetPFlagBreak@KEYBOARD@@QEBAQEAHXZ
?GotABreak@KEYBOARD@@SAEXZ
?EnableLineMode@KEYBOARD@@QEAAEXZ
?EnableBreakHandling@KEYBOARD@@SAEXZ
?DisableLineMode@KEYBOARD@@QEAAEXZ
?DisableBreakHandling@KEYBOARD@@SAEXZ
?Initialize@KEYBOARD@@QEAAEEE@Z
?Cast@KEYBOARD@@SAPEAV1@PEBVOBJECT@@@Z
??0KEYBOARD@@QEAA@XZ
?TruncateBase@PATH@@QEAAEXZ
?QueryFullPathString@PATH@@QEBAPEAVWSTRING@@XZ
?QueryComponentArray@PATH@@QEBAPEAVARRAY@@PEAV2@@Z
?ModifyName@PATH@@QEAAEPEBVWSTRING@@@Z
?HasWildCard@PATH@@QEBAEXZ
?EndsWithDelimiter@PATH@@QEBAEXZ
?Display@MESSAGE@@QEAAEPEBDZZ
?SetTimeInfo@FSN_FILTER@@QEAAEPEBVTIMEINFO@@W4FSN_TIME@@G@Z
?SetAttributes@FSN_FILTER@@QEAAEKKK@Z
?SetFileName@FSN_FILTER@@QEAAEPEBD@Z
?SetFileName@FSN_FILTER@@QEAAEPEBVWSTRING@@@Z
?DoesNodeMatch@FSN_FILTER@@QEAAEPEAVFSNODE@@@Z
?Initialize@FSN_FILTER@@QEAAEXZ
??0FSN_FILTER@@QEAA@XZ
?Strcat@WSTRING@@QEAAEPEBV1@@Z
??0OBJECT@@QEAA@AEBV0@@Z
??1FSTRING@@UEAA@XZ
?Initialize@FSTRING@@QEAAPEAVWSTRING@@PEAGK@Z
??9WSTRING@@QEBAEAEBV0@@Z
??8WSTRING@@QEBAEAEBV0@@Z
?Strstr@WSTRING@@QEBAKPEBV1@@Z
?Stricmp@WSTRING@@QEBAJPEBV1@@Z
?SetClassDescriptor@OBJECT@@IEAAXPEBVCLASS_DESCRIPTOR@@@Z
?SPrintfAppend@DSTRING@@UEAAEPEBGZZ
?GetLexemeAt@ARGUMENT_LEXEMIZER@@QEAAPEAVWSTRING@@K@Z
?PutMultipleSwitch@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?PutSeparators@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?PutSwitches@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QEAAEPEAVWSTRING@@@Z
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QEAAXE@Z
?SetAllowSwitchGlomming@ARGUMENT_LEXEMIZER@@QEAAXE@Z
?SetNoSpcBetweenDstAndSwitch@ARGUMENT_LEXEMIZER@@QEAAXE@Z
?PutMultiCharSwitch@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
??1OBJECT@@UEAA@XZ
?Compare@OBJECT@@UEBAJPEBV1@@Z
?DebugDump@OBJECT@@UEBAXE@Z
?GetLexeme@ARGUMENT@@QEAAPEAVWSTRING@@XZ
?GetPattern@ARGUMENT@@QEAAPEAVWSTRING@@XZ
?IsValueSet@ARGUMENT@@QEAAEXZ
?QueryDirectory@SYSTEM@@SAPEAVFSN_DIRECTORY@@PEBVPATH@@E@Z
?QueryFile@SYSTEM@@SAPEAVFSN_FILE@@PEBVPATH@@EPEAE@Z
??0PATH_ARGUMENT@@QEAA@XZ
??1PATH_ARGUMENT@@UEAA@XZ
?Initialize@PATH_ARGUMENT@@QEAAEPEADE@Z
?ReadLine@STREAM@@QEAAEPEAVWSTRING@@E@Z
??0FLAG_ARGUMENT@@QEAA@XZ
?Initialize@FLAG_ARGUMENT@@QEAAEPEAD@Z
??0ARRAY@@QEAA@XZ
??1ARRAY@@UEAA@XZ
?Initialize@ARRAY@@QEAAEKK@Z
?DeleteAllMembers@ARRAY@@UEAAEXZ
?Put@ARRAY@@UEAAEPEAVOBJECT@@@Z
?QueryStream@FSN_FILE@@QEAAPEAVFILE_STREAM@@W4STREAMACCESS@@K@Z
??0TIMEINFO_ARGUMENT@@QEAA@XZ
??1TIMEINFO_ARGUMENT@@UEAA@XZ
?Initialize@TIMEINFO_ARGUMENT@@QEAAEPEAD@Z
??0DSTRING@@QEAA@XZ
??1DSTRING@@UEAA@XZ
?Resize@DSTRING@@UEAAEK@Z
?NewBuf@DSTRING@@UEAAEK@Z
?SPrintf@DSTRING@@UEAAEPEBGZZ
?QueryWindowsErrorMessage@SYSTEM@@SAEKPEAVWSTRING@@@Z

ifsutil

?QueryFreeDiskSpace@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAVBIG_INT@@@Z

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-file-l1-1-0

GetFileTime
FindClose
SetFileTime

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-file-l2-1-0

CreateDirectoryExW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

ntdll

RtlFreeHeap
RtlAllocateHeap
RtlAdjustPrivilege
NtSetInformationProcess

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xwizard.exe
.exe windows:10 windows x64 arch:x64

a64091098129483c3d876a86009bbe1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

xwizard.pdb

Imports

msvcrt

realloc
memmove
_XcptFilter
_CxxThrowException
_amsg_exit
memcpy
_errno
?terminate@@YAXXZ
_lock
_commode
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
__wgetmainargs
_fmode
_wcmdln
_initterm
_unlock
__set_app_type
__CxxFrameHandler3
__setusermatherr
_cexit
??3@YAXPEAX@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_purecall
_callnewh
wcsncpy_s
malloc
free
memcpy_s
??_V@YAXPEAX@Z
__C_specific_handler
__CxxFrameHandler4
exit
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_exit
memset

oleaut32

VarUI4FromStr

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
GetProcAddress
GetModuleFileNameW
LoadResource
LoadLibraryExW
GetModuleHandleW
SizeofResource
FreeLibrary

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
RaiseException
SetLastError

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceEnableFlags
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

user32

CreateWindowExW
DefWindowProcW
DestroyWindow
MessageBoxW
RegisterClassW
LoadIconW
LoadCursorW

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
DeactivateActCtx
ReleaseActCtx
CreateActCtxW

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

48a4d83e58f21e6758c9f94526fbb940

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

ws2_32

api-ms-win-core-heap-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

snmpapi

api-ms-win-security-base-l1-1-0

iphlpapi

api-ms-win-core-console-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-string-l1-1-0

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 3KB

.pdata Size: 4KB - Virtual size: 468B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 48B

207487943eb7fd46bd62ed964afec4dc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-realtime-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l2-1-0

ntdll

api-ms-win-core-psapi-ansi-l1-1-0

api-ms-win-core-errorhandling-l1-1-2

api-ms-win-core-synch-l1-2-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-wow64-l1-1-1

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-delayload-l1-1-1

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 3KB

.pdata
Size: 4KB - Virtual size: 468B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 48B

.text
Size: 204KB - Virtual size: 200KB

.rdata
Size: 60KB - Virtual size: 57KB

.data
Size: 8KB - Virtual size: 8KB

.pdata
Size: 12KB - Virtual size: 9KB

.didat
Size: 4KB - Virtual size: 248B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 76KB - Virtual size: 72KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 4KB - Virtual size: 3KB

.pdata
Size: 8KB - Virtual size: 4KB

.didat
Size: 4KB - Virtual size: 16B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 416B

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

dc:02:15:1a:8a:90:8a:3d:90:19:c2:69:eb:a8:40:89:1f:82:39:86:59:bc:c4:f8:3b:b6:44:53:00:ac:3f:77
Signer