Asus[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Asus.rar
Size

13.9MB
MD5

0f1e1246632dd4f0225f08fd7641624b
SHA1

1e1714236edac3a4dc310330d11dc0110be63bdd
SHA256

610464b63283392bd944aaa52116b0967059e3f5e183c089cc8dd8393560c998
SHA512

19fa37f3bd6c80def9cefc08ecfea00c13bf9442143daf6cdf028902c7b9a9cf324c05756465af7a5b538438171a0ae8643caa369edf2ae0fe11ab30bd2cf10a
SSDEEP

393216:1iO15mHps6fylWcVAfoPKSFbVPiUW+6dIpexz9mqpGQ:1iO15Ial4cVAAB9kpx

Score

3^/10

Malware Config

Signatures

Unsigned PE 35 IoCs

Checks for missing Authenticode signature.

resource
unpack001/conhost_exe_PIDbb0_CoreMessaging.dll_7FFF16970000_x64.dll
unpack001/conhost_exe_PIDbb0_CoreUIComponents.dll_7FFF165F0000_x64.dll
unpack001/conhost_exe_PIDbb0_IMM32.DLL_7FFF1BA20000_x64.dll
unpack001/conhost_exe_PIDbb0_KERNEL32.DLL_7FFF1B680000_x64.dll
unpack001/conhost_exe_PIDbb0_KERNELBASE.dll_7FFF1A410000_x64.dll
unpack001/conhost_exe_PIDbb0_MSCTF.dll_7FFF1C280000_x64.dll
unpack001/conhost_exe_PIDbb0_OLEAUT32.dll_7FFF1CA00000_x64.dll
unpack001/conhost_exe_PIDbb0_RPCRT4.dll_7FFF1AC10000_x64.dll
unpack001/conhost_exe_PIDbb0_TextShaping.dll_7FFEFD3E0000_x64.dll
unpack001/conhost_exe_PIDbb0_WS2_32.dll_7FFF1B9A0000_x64.dll
unpack001/conhost_exe_PIDbb0_advapi32.dll_7FFF1AED0000_x64.dll
unpack001/conhost_exe_PIDbb0_bcrypt.dll_7FFF1A3E0000_x64.dll
unpack001/conhost_exe_PIDbb0_bcryptPrimitives.dll_7FFF1A220000_x64.dll
unpack001/conhost_exe_PIDbb0_clbcatq.dll_7FFF1AF80000_x64.dll
unpack001/conhost_exe_PIDbb0_combase.dll_7FFF1B030000_x64.dll
unpack001/conhost_exe_PIDbb0_comctl32.DLL_7FFF0A020000_x64.dll
unpack001/conhost_exe_PIDbb0_dwmapi.dll_7FFF17990000_x64.dll
unpack001/conhost_exe_PIDbb0_gdi32full.dll_7FFF1A710000_x64.dll
unpack001/conhost_exe_PIDbb0_hiddenmodule_143BBB10000_x86.dll
unpack001/conhost_exe_PIDbb0_hiddenmodule_143BE750000_x86.dll
unpack001/conhost_exe_PIDbb0_kernel.appcore.dll_7FFF182A0000_x64.dll
unpack001/conhost_exe_PIDbb0_msvcp_win.dll_7FFF1AB00000_x64.dll
unpack001/conhost_exe_PIDbb0_msvcrt.dll_7FFF1B900000_x64.dll
unpack001/conhost_exe_PIDbb0_ntdll.dll_7FFF1CB70000_x64.dll
unpack001/conhost_exe_PIDbb0_ntmarta.dll_7FFF19370000_x64.dll
unpack001/conhost_exe_PIDbb0_ole32.dll_7FFF1AD40000_x64.dll
unpack001/conhost_exe_PIDbb0_sechost.dll_7FFF1C1C0000_x64.dll
unpack001/conhost_exe_PIDbb0_shcore.dll_7FFF1C8D0000_x64.dll
unpack001/conhost_exe_PIDbb0_shell32.dll_7FFF1BA50000_x64.dll
unpack001/conhost_exe_PIDbb0_textinputframework.dll_7FFF038D0000_x64.dll
unpack001/conhost_exe_PIDbb0_ucrtbase.dll_7FFF1A990000_x64.dll
unpack001/conhost_exe_PIDbb0_user32.dll_7FFF1B480000_x64.dll
unpack001/conhost_exe_PIDbb0_uxtheme.dll_7FFF177A0000_x64.dll
unpack001/conhost_exe_PIDbb0_win32u.dll_7FFF1A3B0000_x64.dll
unpack001/conhost_exe_PIDbb0_wintypes.dll_7FFF15990000_x64.dll

Files

Asus.rar
.rar
conhost_exe_PIDbb0_CoreMessaging.dll_7FFF16970000_x64.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

CoreUICallComputeMaximumMessageSize
CoreUICallCreateConversationHost
CoreUICallCreateEndpointHost
CoreUICallCreateEndpointHostWithSendPriority
CoreUICallGetAddressOfParameterInBuffer
CoreUICallReceive
CoreUICallSend
CoreUICallSendVaList
CoreUIConfigureTestHost
CoreUIConfigureUserIntegration
CoreUICreate
CoreUICreateAnonymousStream
CoreUICreateClientWindowIDManager
CoreUICreateEx
CoreUICreateSystemWindowIDManager
CoreUIInitializeTestService
CoreUIOpenExisting
CoreUIRouteToTestRegistrar
CoreUIUninitializeTestService
CreateDispatcherQueueController
CreateDispatcherQueueForCurrentThread
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
GetDispatcherQueueForCurrentThread
MsgBlobCreateShared
MsgBlobCreateStack
MsgBufferShare
MsgRelease
MsgStringCreateShared
MsgStringCreateStack
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 593KB - Virtual size: 592KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_CoreUIComponents.dll_7FFF165F0000_x64.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

CoreUIClientCreate
CoreUIClientTestCreate
CoreUIConfigureTestHost
CoreUICreateDuplicateWindowFactory
CoreUICreateICoreWindowFactory
CoreUIFactoryCreate
CoreUIServerCreate
CoreUIServerTestCreate
CreateNavigationClientWindowAdapter
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
MinUserGetInputHost
MinUserGetInputRoutingInfo
MinUserInputInitialize
MinUserNotifyOneCoreTransformMode
MinUserRegisterPointerInputTarget
MinUserRequestViewHitTest
MinUserReregisterPointerInputTargets
MinUserUnregisterPointerInputTarget
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_IMM32.DLL_7FFF1BA20000_x64.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

CtfImmAppCompatEnableIMEonProtectedCode
CtfImmCoUninitialize
CtfImmDispatchDefImeMessage
CtfImmEnterCoInitCountSkipMode
CtfImmGenerateMessage
CtfImmGetCompatibleKeyboardLayout
CtfImmGetGlobalIMEStatus
CtfImmGetGuidAtom
CtfImmGetIMEFileName
CtfImmGetTMAEFlags
CtfImmHideToolbarWnd
CtfImmIsCiceroEnabled
CtfImmIsCiceroStartedInThread
CtfImmIsComStartedInThread
CtfImmIsGuidMapEnable
CtfImmIsTextFrameServiceDisabled
CtfImmLastEnabledWndDestroy
CtfImmLeaveCoInitCountSkipMode
CtfImmNotify
CtfImmRestoreToolbarWnd
CtfImmSetAppCompatFlags
CtfImmSetCiceroStartInThread
CtfImmSetDefaultRemoteKeyboardLayout
CtfImmTIMActivate
GetKeyboardLayoutCP
ImmActivateLayout
ImmAssociateContext
ImmAssociateContextEx
ImmCallImeConsoleIME
ImmConfigureIMEA
ImmConfigureIMEW
ImmCreateContext
ImmCreateIMCC
ImmCreateSoftKeyboard
ImmDestroyContext
ImmDestroyIMCC
ImmDestroySoftKeyboard
ImmDisableIME
ImmDisableIme
ImmDisableLegacyIME
ImmDisableTextFrameService
ImmEnumInputContext
ImmEnumRegisterWordA
ImmEnumRegisterWordW
ImmEscapeA
ImmEscapeW
ImmFreeLayout
ImmGenerateMessage
ImmGetAppCompatFlags
ImmGetCandidateListA
ImmGetCandidateListCountA
ImmGetCandidateListCountW
ImmGetCandidateListW
ImmGetCandidateWindow
ImmGetCompositionFontA
ImmGetCompositionFontW
ImmGetCompositionStringA
ImmGetCompositionStringW
ImmGetCompositionWindow
ImmGetContext
ImmGetConversionListA
ImmGetConversionListW
ImmGetConversionStatus
ImmGetDefaultIMEWnd
ImmGetDescriptionA
ImmGetDescriptionW
ImmGetGuideLineA
ImmGetGuideLineW
ImmGetHotKey
ImmGetIMCCLockCount
ImmGetIMCCSize
ImmGetIMCLockCount
ImmGetIMEFileNameA
ImmGetIMEFileNameW
ImmGetImeInfoEx
ImmGetImeMenuItemsA
ImmGetImeMenuItemsW
ImmGetOpenStatus
ImmGetProperty
ImmGetRegisterWordStyleA
ImmGetRegisterWordStyleW
ImmGetStatusWindowPos
ImmGetVirtualKey
ImmIMPGetIMEA
ImmIMPGetIMEW
ImmIMPQueryIMEA
ImmIMPQueryIMEW
ImmIMPSetIMEA
ImmIMPSetIMEW
ImmInstallIMEA
ImmInstallIMEW
ImmIsIME
ImmIsUIMessageA
ImmIsUIMessageW
ImmLoadIME
ImmLoadLayout
ImmLockClientImc
ImmLockIMC
ImmLockIMCC
ImmLockImeDpi
ImmNotifyIME
ImmProcessKey
ImmPutImeMenuItemsIntoMappedFile
ImmReSizeIMCC
ImmRegisterClient
ImmRegisterWordA
ImmRegisterWordW
ImmReleaseContext
ImmRequestMessageA
ImmRequestMessageW
ImmSendIMEMessageExA
ImmSendIMEMessageExW
ImmSetActiveContext
ImmSetActiveContextConsoleIME
ImmSetCandidateWindow
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmSetCompositionStringW
ImmSetCompositionWindow
ImmSetConversionStatus
ImmSetHotKey
ImmSetOpenStatus
ImmSetStatusWindowPos
ImmShowSoftKeyboard
ImmSimulateHotKey
ImmSystemHandler
ImmTranslateMessage
ImmUnlockClientImc
ImmUnlockIMC
ImmUnlockIMCC
ImmUnlockImeDpi
ImmUnregisterWordA
ImmUnregisterWordW
ImmWINNLSEnableIME
ImmWINNLSGetEnableStatus
ImmWINNLSGetIMEHotkey

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_KERNEL32.DLL_7FFF1B680000_x64.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

AcquireSRWLockExclusive
AcquireSRWLockShared
ActivateActCtx
ActivateActCtxWorker
AddAtomA
AddAtomW
AddConsoleAliasA
AddConsoleAliasW
AddDllDirectory
AddIntegrityLabelToBoundaryDescriptor
AddLocalAlternateComputerNameA
AddLocalAlternateComputerNameW
AddRefActCtx
AddRefActCtxWorker
AddResourceAttributeAce
AddSIDToBoundaryDescriptor
AddScopedPolicyIDAce
AddSecureMemoryCacheCallback
AddVectoredContinueHandler
AddVectoredExceptionHandler
AdjustCalendarDate
AllocConsole
AllocateUserPhysicalPages
AllocateUserPhysicalPagesNuma
AppPolicyGetClrCompat
AppPolicyGetCreateFileAccess
AppPolicyGetLifecycleManagement
AppPolicyGetMediaFoundationCodecLoading
AppPolicyGetProcessTerminationMethod
AppPolicyGetShowDeveloperDiagnostic
AppPolicyGetThreadInitializationType
AppPolicyGetWindowingModel
AppXGetOSMaxVersionTested
ApplicationRecoveryFinished
ApplicationRecoveryInProgress
AreFileApisANSI
AssignProcessToJobObject
AttachConsole
BackupRead
BackupSeek
BackupWrite
BaseCheckAppcompatCache
BaseCheckAppcompatCacheEx
BaseCheckAppcompatCacheExWorker
BaseCheckAppcompatCacheWorker
BaseCheckElevation
BaseCleanupAppcompatCacheSupport
BaseCleanupAppcompatCacheSupportWorker
BaseDestroyVDMEnvironment
BaseDllReadWriteIniFile
BaseDumpAppcompatCache
BaseDumpAppcompatCacheWorker
BaseElevationPostProcessing
BaseFlushAppcompatCache
BaseFlushAppcompatCacheWorker
BaseFormatObjectAttributes
BaseFormatTimeOut
BaseFreeAppCompatDataForProcessWorker
BaseGenerateAppCompatData
BaseGetNamedObjectDirectory
BaseInitAppcompatCacheSupport
BaseInitAppcompatCacheSupportWorker
BaseIsAppcompatInfrastructureDisabled
BaseIsAppcompatInfrastructureDisabledWorker
BaseIsDosApplication
BaseQueryModuleData
BaseReadAppCompatDataForProcessWorker
BaseSetLastNTError
BaseThreadInitThunk
BaseUpdateAppcompatCache
BaseUpdateAppcompatCacheWorker
BaseUpdateVDMEntry
BaseVerifyUnicodeString
BaseWriteErrorElevationRequiredEvent
Basep8BitStringToDynamicUnicodeString
BasepAllocateActivationContextActivationBlock
BasepAnsiStringToDynamicUnicodeString
BasepAppContainerEnvironmentExtension
BasepAppXExtension
BasepCheckAppCompat
BasepCheckWebBladeHashes
BasepCheckWinSaferRestrictions
BasepConstructSxsCreateProcessMessage
BasepCopyEncryption
BasepFinishPackageActivationForSxS
BasepFreeActivationContextActivationBlock
BasepFreeAppCompatData
BasepGetAppCompatData
BasepGetComputerNameFromNtPath
BasepGetExeArchType
BasepGetPackageActivationTokenForSxS
BasepInitAppCompatData
BasepIsProcessAllowed
BasepMapModuleHandle
BasepNotifyLoadStringResource
BasepPostSuccessAppXExtension
BasepProcessInvalidImage
BasepQueryAppCompat
BasepQueryModuleChpeSettings
BasepReleaseAppXContext
BasepReleaseSxsCreateProcessUtilityStruct
BasepReportFault
BasepSetFileEncryptionCompression
Beep
BeginUpdateResourceA
BeginUpdateResourceW
BindIoCompletionCallback
BuildCommDCBA
BuildCommDCBAndTimeoutsA
BuildCommDCBAndTimeoutsW
BuildCommDCBW
CallNamedPipeA
CallNamedPipeW
CallbackMayRunLong
CancelDeviceWakeupRequest
CancelIo
CancelIoEx
CancelSynchronousIo
CancelThreadpoolIo
CancelTimerQueueTimer
CancelWaitableTimer
CeipIsOptedIn
ChangeTimerQueueTimer
CheckAllowDecryptedRemoteDestinationPolicy
CheckElevation
CheckElevationEnabled
CheckForReadOnlyResource
CheckForReadOnlyResourceFilter
CheckIsMSIXPackage
CheckNameLegalDOS8Dot3A
CheckNameLegalDOS8Dot3W
CheckRemoteDebuggerPresent
CheckTokenCapability
CheckTokenMembershipEx
ClearCommBreak
ClearCommError
CloseConsoleHandle
CloseHandle
ClosePackageInfo
ClosePrivateNamespace
CloseProfileUserMapping
ClosePseudoConsole
CloseState
CloseThreadpool
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolIo
CloseThreadpoolTimer
CloseThreadpoolWait
CloseThreadpoolWork
CmdBatNotification
CommConfigDialogA
CommConfigDialogW
CompareCalendarDates
CompareFileTime
CompareStringA
CompareStringEx
CompareStringOrdinal
CompareStringW
ConnectNamedPipe
ConsoleMenuControl
ContinueDebugEvent
ConvertCalDateTimeToSystemTime
ConvertDefaultLocale
ConvertFiberToThread
ConvertNLSDayOfWeekToWin32DayOfWeek
ConvertSystemTimeToCalDateTime
ConvertThreadToFiber
ConvertThreadToFiberEx
CopyContext
CopyFile2
CopyFileA
CopyFileExA
CopyFileExW
CopyFileTransactedA
CopyFileTransactedW
CopyFileW
CopyLZFile
CreateActCtxA
CreateActCtxW
CreateActCtxWWorker
CreateBoundaryDescriptorA
CreateBoundaryDescriptorW
CreateConsoleScreenBuffer
CreateDirectoryA
CreateDirectoryExA
CreateDirectoryExW
CreateDirectoryTransactedA
CreateDirectoryTransactedW
CreateDirectoryW
CreateEnclave
CreateEventA
CreateEventExA
CreateEventExW
CreateEventW
CreateFiber
CreateFiberEx
CreateFile2
CreateFileA
CreateFileMappingA
CreateFileMappingFromApp
CreateFileMappingNumaA
CreateFileMappingNumaW
CreateFileMappingW
CreateFileTransactedA
CreateFileTransactedW
CreateFileW
CreateHardLinkA
CreateHardLinkTransactedA
CreateHardLinkTransactedW
CreateHardLinkW
CreateIoCompletionPort
CreateJobObjectA
CreateJobObjectW
CreateJobSet
CreateMailslotA
CreateMailslotW
CreateMemoryResourceNotification
CreateMutexA
CreateMutexExA
CreateMutexExW
CreateMutexW
CreateNamedPipeA
CreateNamedPipeW
CreatePipe
CreatePrivateNamespaceA
CreatePrivateNamespaceW
CreateProcessA
CreateProcessAsUserA
CreateProcessAsUserW
CreateProcessInternalA
CreateProcessInternalW
CreateProcessW
CreatePseudoConsole
CreateRemoteThread
CreateRemoteThreadEx
CreateSemaphoreA
CreateSemaphoreExA
CreateSemaphoreExW
CreateSemaphoreW
CreateSymbolicLinkA
CreateSymbolicLinkTransactedA
CreateSymbolicLinkTransactedW
CreateSymbolicLinkW
CreateTapePartition
CreateThread
CreateThreadpool
CreateThreadpoolCleanupGroup
CreateThreadpoolIo
CreateThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolWork
CreateTimerQueue
CreateTimerQueueTimer
CreateToolhelp32Snapshot
CreateUmsCompletionList
CreateUmsThreadContext
CreateWaitableTimerA
CreateWaitableTimerExA
CreateWaitableTimerExW
CreateWaitableTimerW
CtrlRoutine
DeactivateActCtx
DeactivateActCtxWorker
DebugActiveProcess
DebugActiveProcessStop
DebugBreak
DebugBreakProcess
DebugSetProcessKillOnExit
DecodePointer
DecodeSystemPointer
DefineDosDeviceA
DefineDosDeviceW
DelayLoadFailureHook
DeleteAtom
DeleteBoundaryDescriptor
DeleteCriticalSection
DeleteFiber
DeleteFileA
DeleteFileTransactedA
DeleteFileTransactedW
DeleteFileW
DeleteProcThreadAttributeList
DeleteSynchronizationBarrier
DeleteTimerQueue
DeleteTimerQueueEx
DeleteTimerQueueTimer
DeleteUmsCompletionList
DeleteUmsThreadContext
DeleteVolumeMountPointA
DeleteVolumeMountPointW
DequeueUmsCompletionListItems
DeviceIoControl
DisableThreadLibraryCalls
DisableThreadProfiling
DisassociateCurrentThreadFromCallback
DiscardVirtualMemory
DisconnectNamedPipe
DnsHostnameToComputerNameA
DnsHostnameToComputerNameExW
DnsHostnameToComputerNameW
DosDateTimeToFileTime
DosPathToSessionPathA
DosPathToSessionPathW
DuplicateConsoleHandle
DuplicateEncryptionInfoFileExt
DuplicateHandle
EnableThreadProfiling
EncodePointer
EncodeSystemPointer
EndUpdateResourceA
EndUpdateResourceW
EnterCriticalSection
EnterSynchronizationBarrier
EnterUmsSchedulingMode
EnumCalendarInfoA
EnumCalendarInfoExA
EnumCalendarInfoExEx
EnumCalendarInfoExW
EnumCalendarInfoW
EnumDateFormatsA
EnumDateFormatsExA
EnumDateFormatsExEx
EnumDateFormatsExW
EnumDateFormatsW
EnumLanguageGroupLocalesA
EnumLanguageGroupLocalesW
EnumResourceLanguagesA
EnumResourceLanguagesExA
EnumResourceLanguagesExW
EnumResourceLanguagesW
EnumResourceNamesA
EnumResourceNamesExA
EnumResourceNamesExW
EnumResourceNamesW
EnumResourceTypesA
EnumResourceTypesExA
EnumResourceTypesExW
EnumResourceTypesW
EnumSystemCodePagesA
EnumSystemCodePagesW
EnumSystemFirmwareTables
EnumSystemGeoID
EnumSystemGeoNames
EnumSystemLanguageGroupsA
EnumSystemLanguageGroupsW
EnumSystemLocalesA
EnumSystemLocalesEx
EnumSystemLocalesW
EnumTimeFormatsA
EnumTimeFormatsEx
EnumTimeFormatsW
EnumUILanguagesA
EnumUILanguagesW
EnumerateLocalComputerNamesA
EnumerateLocalComputerNamesW
EraseTape
EscapeCommFunction
ExecuteUmsThread
ExitProcess
ExitThread
ExitVDM
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
ExpungeConsoleCommandHistoryA
ExpungeConsoleCommandHistoryW
FatalAppExitA
FatalAppExitW
FatalExit
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FillConsoleOutputCharacterW
FindActCtxSectionGuid
FindActCtxSectionGuidWorker
FindActCtxSectionStringA
FindActCtxSectionStringW
FindActCtxSectionStringWWorker
FindAtomA
FindAtomW
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExA
FindFirstFileExW
FindFirstFileNameTransactedW
FindFirstFileNameW
FindFirstFileTransactedA
FindFirstFileTransactedW
FindFirstFileW
FindFirstStreamTransactedW
FindFirstStreamW
FindFirstVolumeA
FindFirstVolumeMountPointA
FindFirstVolumeMountPointW
FindFirstVolumeW
FindNLSString
FindNLSStringEx
FindNextChangeNotification
FindNextFileA
FindNextFileNameW
FindNextFileW
FindNextStreamW
FindNextVolumeA
FindNextVolumeMountPointA
FindNextVolumeMountPointW
FindNextVolumeW
FindPackagesByPackageFamily
FindResourceA
FindResourceExA
FindResourceExW
FindResourceW
FindStringOrdinal
FindVolumeClose
FindVolumeMountPointClose
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushConsoleInputBuffer
FlushFileBuffers
FlushInstructionCache
FlushProcessWriteBuffers
FlushViewOfFile
FoldStringA
FoldStringW
FormatApplicationUserModelId
FormatMessageA
FormatMessageW
FreeConsole
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
FreeLibraryWhenCallbackReturns
FreeMemoryJobObject
FreeResource
FreeUserPhysicalPages
GenerateConsoleCtrlEvent
GetACP
GetActiveProcessorCount
GetActiveProcessorGroupCount
GetAppContainerAce
GetAppContainerNamedObjectPath
GetApplicationRecoveryCallback
GetApplicationRecoveryCallbackWorker
GetApplicationRestartSettings
GetApplicationRestartSettingsWorker
GetApplicationUserModelId
GetAtomNameA
GetAtomNameW
GetBinaryType
GetBinaryTypeA
GetBinaryTypeW
GetCPInfo
GetCPInfoExA
GetCPInfoExW
GetCachedSigningLevel
GetCalendarDateFormat
GetCalendarDateFormatEx
GetCalendarDaysInMonth
GetCalendarDifferenceInDays
GetCalendarInfoA
GetCalendarInfoEx
GetCalendarInfoW
GetCalendarMonthsInYear
GetCalendarSupportedDateRange
GetCalendarWeekNumber
GetComPlusPackageInstallStatus
GetCommConfig
GetCommMask
GetCommModemStatus
GetCommProperties
GetCommState
GetCommTimeouts
GetCommandLineA
GetCommandLineW
GetCompressedFileSizeA
GetCompressedFileSizeTransactedA
GetCompressedFileSizeTransactedW
GetCompressedFileSizeW
GetComputerNameA
GetComputerNameExA
GetComputerNameExW
GetComputerNameW
GetConsoleAliasA
GetConsoleAliasExesA
GetConsoleAliasExesLengthA
GetConsoleAliasExesLengthW
GetConsoleAliasExesW
GetConsoleAliasW
GetConsoleAliasesA
GetConsoleAliasesLengthA
GetConsoleAliasesLengthW
GetConsoleAliasesW
GetConsoleCP

Sections

.text
Size: 512KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_KERNELBASE.dll_7FFF1A410000_x64.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

AccessCheck
AccessCheckAndAuditAlarmW
AccessCheckByType
AccessCheckByTypeAndAuditAlarmW
AccessCheckByTypeResultList
AccessCheckByTypeResultListAndAuditAlarmByHandleW
AccessCheckByTypeResultListAndAuditAlarmW
AcquireSRWLockExclusive
AcquireSRWLockShared
AcquireStateLock
ActivateActCtx
AddAccessAllowedAce
AddAccessAllowedAceEx
AddAccessAllowedObjectAce
AddAccessDeniedAce
AddAccessDeniedAceEx
AddAccessDeniedObjectAce
AddAce
AddAuditAccessAce
AddAuditAccessAceEx
AddAuditAccessObjectAce
AddConsoleAliasA
AddConsoleAliasW
AddDependencyToProcessPackageGraph
AddDllDirectory
AddExtensionProgId
AddMandatoryAce
AddPackageToFamilyXref
AddRefActCtx
AddResourceAttributeAce
AddSIDToBoundaryDescriptor
AddScopedPolicyIDAce
AddVectoredContinueHandler
AddVectoredExceptionHandler
AdjustTokenGroups
AdjustTokenPrivileges
AllocConsole
AllocateAndInitializeSid
AllocateLocallyUniqueId
AllocateUserPhysicalPages
AllocateUserPhysicalPagesNuma
AppContainerDeriveSidFromMoniker
AppContainerFreeMemory
AppContainerLookupDisplayNameMrtReference
AppContainerLookupMoniker
AppContainerRegisterSid
AppContainerUnregisterSid
AppPolicyGetClrCompat
AppPolicyGetCreateFileAccess
AppPolicyGetLifecycleManagement
AppPolicyGetMediaFoundationCodecLoading
AppPolicyGetProcessTerminationMethod
AppPolicyGetShowDeveloperDiagnostic
AppPolicyGetThreadInitializationType
AppPolicyGetWindowingModel
AppXFreeMemory
AppXGetApplicationData
AppXGetDevelopmentMode
AppXGetOSMaxVersionTested
AppXGetOSMinVersion
AppXGetPackageCapabilities
AppXGetPackageSid
AppXLookupDisplayName
AppXLookupMoniker
AppXPostSuccessExtension
AppXPreCreationExtension
AppXReleaseAppXContext
AppXUpdatePackageCapabilities
ApplicationUserModelIdFromProductId
AreAllAccessesGranted
AreAnyAccessesGranted
AreFileApisANSI
AreThereVisibleLogoffScriptsInternal
AreThereVisibleShutdownScriptsInternal
ArmFeatureUsageSubscriberFlushNotification
AttachConsole
BaseCheckAppcompatCache
BaseCheckAppcompatCacheEx
BaseCleanupAppcompatCacheSupport
BaseDllFreeResourceId
BaseDllMapResourceIdW
BaseDumpAppcompatCache
BaseFlushAppcompatCache
BaseFormatObjectAttributes
BaseFreeAppCompatDataForProcess
BaseGetConsoleReference
BaseGetNamedObjectDirectory
BaseInitAppcompatCacheSupport
BaseIsAppcompatInfrastructureDisabled
BaseMarkFileForDelete
BaseReadAppCompatDataForProcess
BaseUpdateAppcompatCache
BasepAdjustObjectAttributesForPrivateNamespace
BasepCopyFileCallback
BasepCopyFileExW
BasepNotifyTrackingService
Beep
CLOSE_LOCAL_HANDLE_INTERNAL
CallEnclave
CallNamedPipeW
CallbackMayRunLong
CancelIo
CancelIoEx
CancelSynchronousIo
CancelThreadpoolIo
CancelWaitableTimer
CeipIsOptedIn
ChangeTimerQueueTimer
CharLowerA
CharLowerBuffA
CharLowerBuffW
CharLowerW
CharNextA
CharNextExA
CharNextW
CharPrevA
CharPrevExA
CharPrevW
CharUpperA
CharUpperBuffA
CharUpperBuffW
CharUpperW
CheckAllowDecryptedRemoteDestinationPolicy
CheckGroupPolicyEnabled
CheckIfStateChangeNotificationExists
CheckIsMSIXPackage
CheckRemoteDebuggerPresent
CheckTokenCapability
CheckTokenMembership
CheckTokenMembershipEx
ChrCmpIA
ChrCmpIW
ClearCommBreak
ClearCommError
CloseHandle
ClosePackageInfo
ClosePrivateNamespace
ClosePseudoConsole
CloseState
CloseStateAtom
CloseStateChangeNotification
CloseStateContainer
CloseStateLock
CloseThreadpool
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolIo
CloseThreadpoolTimer
CloseThreadpoolWait
CloseThreadpoolWork
CommitStateAtom
CompareFileTime
CompareObjectHandles
CompareStringA
CompareStringEx
CompareStringOrdinal
CompareStringW
ConnectNamedPipe
ContinueDebugEvent
ConvertAuxiliaryCounterToPerformanceCounter
ConvertDefaultLocale
ConvertFiberToThread
ConvertPerformanceCounterToAuxiliaryCounter
ConvertThreadToFiber
ConvertThreadToFiberEx
ConvertToAutoInheritPrivateObjectSecurity
CopyContext
CopyFile2
CopyFileExW
CopyFileW
CopyMemoryNonTemporal
CopySid
CouldMultiUserAppsBehaviorBePossibleForPackage
CreateActCtxW
CreateAppContainerToken
CreateBoundaryDescriptorW
CreateConsoleScreenBuffer
CreateDirectoryA
CreateDirectoryExW
CreateDirectoryW
CreateEnclave
CreateEventA
CreateEventExA
CreateEventExW
CreateEventW
CreateFiber
CreateFiberEx
CreateFile2
CreateFileA
CreateFileMapping2
CreateFileMappingFromApp
CreateFileMappingNumaW
CreateFileMappingW
CreateFileW
CreateHardLinkA
CreateHardLinkW
CreateIoCompletionPort
CreateMemoryResourceNotification
CreateMutexA
CreateMutexExA
CreateMutexExW
CreateMutexW
CreateNamedPipeW
CreatePipe
CreatePrivateNamespaceW
CreatePrivateObjectSecurity
CreatePrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
CreateProcessA
CreateProcessAsUserA
CreateProcessAsUserW
CreateProcessInternalA
CreateProcessInternalW
CreateProcessW
CreatePseudoConsole
CreatePseudoConsoleAsUser
CreateRemoteThread
CreateRemoteThreadEx
CreateRestrictedToken
CreateSemaphoreExW
CreateSemaphoreW
CreateStateAtom
CreateStateChangeNotification
CreateStateContainer
CreateStateLock
CreateStateSubcontainer
CreateSymbolicLinkW
CreateThread
CreateThreadpool
CreateThreadpoolCleanupGroup
CreateThreadpoolIo
CreateThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolWork
CreateTimerQueue
CreateTimerQueueTimer
CreateWaitableTimerExW
CreateWaitableTimerW
CreateWellKnownSid
CtrlRoutine
CveEventWrite
DeactivateActCtx
DebugActiveProcess
DebugActiveProcessStop
DebugBreak
DecodePointer
DecodeRemotePointer
DecodeSystemPointer
DefineDosDeviceW
DelayLoadFailureHook
DelayLoadFailureHookLookup
DeleteAce
DeleteBoundaryDescriptor
DeleteCriticalSection
DeleteEnclave
DeleteFiber
DeleteFileA
DeleteFileW
DeleteProcThreadAttributeList
DeleteStateAtomValue
DeleteStateContainer
DeleteStateContainerValue
DeleteSynchronizationBarrier
DeleteTimerQueueEx
DeleteTimerQueueTimer
DeleteVolumeMountPointW
DeriveCapabilitySidsFromName
DestroyPrivateObjectSecurity
DeviceIoControl
DisablePredefinedHandleTableInternal
DisableThreadLibraryCalls
DisassociateCurrentThreadFromCallback
DiscardVirtualMemory
DisconnectNamedPipe
DnsHostnameToComputerNameExW
DsBindWithSpnExW
DsCrackNamesW
DsFreeDomainControllerInfoW
DsFreeNameResultW
DsFreeNgcKey
DsFreePasswordCredentials
DsGetDomainControllerInfoW
DsMakePasswordCredentialsW
DsReadNgcKeyW
DsUnBindW
DsWriteNgcKeyW
DuplicateHandle
DuplicateStateContainerHandle
DuplicateToken
DuplicateTokenEx
EmptyWorkingSet
EncodePointer
EncodeRemotePointer
EncodeSystemPointer
EnterCriticalPolicySectionInternal
EnterCriticalSection
EnterSynchronizationBarrier
EnumCalendarInfoExEx
EnumCalendarInfoExW
EnumCalendarInfoW
EnumDateFormatsExEx
EnumDateFormatsExW
EnumDateFormatsW
EnumDeviceDrivers
EnumDynamicTimeZoneInformation
EnumLanguageGroupLocalesW
EnumPageFilesA
EnumPageFilesW
EnumProcessModules
EnumProcessModulesEx
EnumProcesses
EnumResourceLanguagesExA
EnumResourceLanguagesExW
EnumResourceNamesExA
EnumResourceNamesExW
EnumResourceNamesW
EnumResourceTypesExA
EnumResourceTypesExW
EnumSystemCodePagesW
EnumSystemFirmwareTables
EnumSystemGeoID
EnumSystemGeoNames
EnumSystemLanguageGroupsW
EnumSystemLocalesA
EnumSystemLocalesEx
EnumSystemLocalesW
EnumTimeFormatsEx
EnumTimeFormatsW
EnumUILanguagesW
EnumerateExtensionNames
EnumerateStateAtomValues
EnumerateStateContainerItems
EqualDomainSid
EqualPrefixSid
EqualSid
EscapeCommFunction
EventActivityIdControl
EventEnabled
EventProviderEnabled
EventRegister
EventSetInformation
EventUnregister
EventWrite
EventWriteEx
EventWriteString
EventWriteTransfer
ExitProcess
ExitThread
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
ExpungeConsoleCommandHistoryA
ExpungeConsoleCommandHistoryW
ExtensionProgIdExists
FatalAppExitA
FatalAppExitW
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FillConsoleOutputCharacterW
FindActCtxSectionGuid
FindActCtxSectionStringW
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExA
FindFirstFileExW
FindFirstFileNameW
FindFirstFileW
FindFirstFreeAce
FindFirstStreamW
FindFirstVolumeW
FindNLSString
FindNLSStringEx
FindNextChangeNotification
FindNextFileA
FindNextFileNameW
FindNextFileW
FindNextStreamW
FindNextVolumeW
FindPackagesByPackageFamily
FindResourceExW
FindResourceW
FindStringOrdinal
FindVolumeClose
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushConsoleInputBuffer
FlushFileBuffers
FlushInstructionCache
FlushProcessWriteBuffers
FlushViewOfFile
FoldStringW
ForceSyncFgPolicyInternal
FormatApplicationUserModelId
FormatApplicationUserModelIdA
FormatMessageA
FormatMessageW
FreeConsole
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeGPOListInternalA
FreeGPOListInternalW
FreeLibrary
FreeLibraryAndExitThread
FreeLibraryWhenCallbackReturns
FreeResource
FreeSid
FreeUserPhysicalPages
GenerateConsoleCtrlEvent
GenerateGPNotificationInternal
GetACP
GetAcceptLanguagesA
GetAcceptLanguagesW
GetAce
GetAclInformation
GetAdjustObjectAttributesForPrivateNamespaceRoutine
GetAlternatePackageRoots
GetAppContainerAce
GetAppContainerNamedObjectPath
GetAppDataFolder
GetAppModelVersion
GetApplicationRecoveryCallback
GetApplicationRestartSettings
GetApplicationUserModelId
GetApplicationUserModelIdFromToken
GetAppliedGPOListInternalA
GetAppliedGPOListInternalW
GetCPFileNameFromRegistry
GetCPHashNode
GetCPInfo
GetCPInfoExW
GetCachedSigningLevel
GetCalendar
GetCalendarInfoEx
GetCalendarInfoW
GetCommConfig
GetCommMask
GetCommModemStatus
GetCommPorts
GetCommProperties
GetCommState
GetCommTimeouts
GetCommandLineA
GetCommandLineW
GetCompressedFileSizeA
GetCompressedFileSizeW
GetComputerNameExA
GetComputerNameExW
GetConsoleAliasA
GetConsoleAliasExesA
GetConsoleAliasExesLengthA
GetConsoleAliasExesLengthW
GetConsoleAliasExesW
GetConsoleAliasW
GetConsoleAliasesA
GetConsoleAliasesLengthA
GetConsoleAliasesLengthW
GetConsoleAliasesW
GetConsoleCP
GetConsoleCommandHistoryA
GetConsoleCommandHistoryLengthA
GetConsoleCommandHistoryLengthW
GetConsoleCommandHistoryW
GetConsoleCursorInfo
GetConsoleDisplayMode
GetConsoleFontSize
GetConsoleHistoryInfo
GetConsoleInputExeNameA
GetConsoleInputExeNameW
GetConsoleMode
GetConsoleOriginalTitleA
GetConsoleOriginalTitleW
GetConsoleOutputCP
GetConsoleProcessList
GetConsoleScreenBufferInfo
GetConsoleScreenBufferInfoEx
GetConsoleSelectionInfo
GetConsoleTitleA
GetConsoleTitleW
GetConsoleWindow
GetCurrencyFormatEx
GetCurrencyFormatW
GetCurrentActCtx
GetCurrentApplicationUserModelId
GetCurrentConsoleFont
GetCurrentConsoleFontEx
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentPackageApplicationContext
GetCurrentPackageApplicationResourcesContext
GetCurrentPackageContext
GetCurrentPackageFamilyName
GetCurrentPackageFullName
GetCurrentPackageGlobalizationContext
GetCurrentPackageId

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 456KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_MSCTF.dll_7FFF1C280000_x64.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

CtfImeAssociateFocus
CtfImeConfigure
CtfImeConversionList
CtfImeCreateInputContext
CtfImeCreateThreadMgr
CtfImeDestroy
CtfImeDestroyInputContext
CtfImeDestroyThreadMgr
CtfImeDispatchDefImeMessage
CtfImeEnumRegisterWord
CtfImeEscape
CtfImeEscapeEx
CtfImeGetGuidAtom
CtfImeGetRegisterWordStyle
CtfImeInquire
CtfImeInquireExW
CtfImeIsGuidMapEnable
CtfImeIsIME
CtfImeProcessCicHotkey
CtfImeProcessKey
CtfImeRegisterWord
CtfImeSelect
CtfImeSelectEx
CtfImeSetActiveContext
CtfImeSetCompositionString
CtfImeSetFocus
CtfImeToAsciiEx
CtfImeUnregisterWord
CtfNotifyIME
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
HasDeferredInputForCoreDispatcher
InputFocusMonitorCreate
SetInputScope
SetInputScopeXML
SetInputScopes
SetInputScopes2
TF_CUASAppFix
TF_CanUninitialize
TF_CleanUpPrivateMessages
TF_CreateCTFWatchdogMutex
TF_CreateCategoryMgr
TF_CreateCicLoadMutex
TF_CreateCicLoadWinStaMutex
TF_CreateDisplayAttributeMgr
TF_CreateInputProcessorProfiles
TF_CreateLangBarItemMgr
TF_CreateLangBarMgr
TF_CreateThreadMgr
TF_GetAppCompatFlags
TF_GetCompatibleKeyboardLayout
TF_GetGlobalCompartment
TF_GetInitSystemFlags
TF_GetInputScope
TF_GetShowFloatingStatus
TF_GetThreadFlags
TF_GetThreadMgr
TF_InitSystem
TF_InvalidAssemblyListCacheIfExist
TF_IsCtfmonRunning
TF_IsLanguageBarEnabled
TF_IsThreadWithFlags
TF_MapCompatibleHKL
TF_MapCompatibleKeyboardTip
TF_Notify
TF_PostAllThreadMsg
TF_RunInputCPL
TF_SendLangBandMsg
TF_SetDefaultRemoteKeyboardLayout
TF_SetShowFloatingStatus
TF_SetThreadFlags
TF_UninitSystem
TF_WaitForInitialized
TextInputClientWrapperCreate

Sections

.text
Size: 842KB - Virtual size: 842KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_OLEAUT32.dll_7FFF1CA00000_x64.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

BSTR_UserFree
BSTR_UserFree64
BSTR_UserMarshal
BSTR_UserMarshal64
BSTR_UserSize
BSTR_UserSize64
BSTR_UserUnmarshal
BSTR_UserUnmarshal64
BstrFromVector
ClearCustData
CreateDispTypeInfo
CreateErrorInfo
CreateStdDispatch
CreateTypeLib
CreateTypeLib2
DispCallFunc
DispGetIDsOfNames
DispGetParam
DispInvoke
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DosDateTimeToVariantTime
GetActiveObject
GetAltMonthNames
GetErrorInfo
GetRecordInfoFromGuids
GetRecordInfoFromTypeInfo
GetVarConversionLocaleSetting
HWND_UserFree
HWND_UserFree64
HWND_UserMarshal
HWND_UserMarshal64
HWND_UserSize
HWND_UserSize64
HWND_UserUnmarshal
HWND_UserUnmarshal64
LHashValOfNameSys
LHashValOfNameSysA
LPSAFEARRAY_Marshal
LPSAFEARRAY_Size
LPSAFEARRAY_Unmarshal
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserFree64
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserMarshal64
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserSize64
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserUnmarshal64
LoadRegTypeLib
LoadTypeLib
LoadTypeLibEx
OACleanup
OACreateTypeLib2
OaBuildVersion
OaEnablePerUserTLibRegistration
OleCreateFontIndirect
OleCreatePictureIndirect
OleCreatePropertyFrame
OleCreatePropertyFrameIndirect
OleIconToCursor
OleLoadPicture
OleLoadPictureEx
OleLoadPictureFile
OleLoadPictureFileEx
OleLoadPicturePath
OleSavePictureFile
OleTranslateColor
QueryPathOfRegTypeLib
RegisterActiveObject
RegisterTypeLib
RegisterTypeLibForUser
RevokeActiveObject
SafeArrayAccessData
SafeArrayAddRef
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayAllocDescriptorEx
SafeArrayCopy
SafeArrayCopyData
SafeArrayCreate
SafeArrayCreateEx
SafeArrayCreateVector
SafeArrayCreateVectorEx
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayGetDim
SafeArrayGetElement
SafeArrayGetElemsize
SafeArrayGetIID
SafeArrayGetLBound
SafeArrayGetRecordInfo
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SafeArrayReleaseData
SafeArrayReleaseDescriptor
SafeArraySetIID
SafeArraySetRecordInfo
SafeArrayUnaccessData
SafeArrayUnlock
SetErrorInfo
SetOaNoCache
SetVarConversionLocaleSetting
SysAddRefString
SysAllocString
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
SysReAllocString
SysReAllocStringLen
SysReleaseString
SysStringByteLen
SysStringLen
SystemTimeToVariantTime
UnRegisterTypeLib
UnRegisterTypeLibForUser
VARIANT_UserFree
VARIANT_UserFree64
VARIANT_UserMarshal
VARIANT_UserMarshal64
VARIANT_UserSize
VARIANT_UserSize64
VARIANT_UserUnmarshal
VARIANT_UserUnmarshal64
VarAbs
VarAdd
VarAnd
VarBoolFromCy
VarBoolFromDate
VarBoolFromDec
VarBoolFromDisp
VarBoolFromI1
VarBoolFromI2
VarBoolFromI4
VarBoolFromI8
VarBoolFromR4
VarBoolFromR8
VarBoolFromStr
VarBoolFromUI1
VarBoolFromUI2
VarBoolFromUI4
VarBoolFromUI8
VarBstrCat
VarBstrCmp
VarBstrFromBool
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarBstrFromDisp
VarBstrFromI1
VarBstrFromI2
VarBstrFromI4
VarBstrFromI8
VarBstrFromR4
VarBstrFromR8
VarBstrFromUI1
VarBstrFromUI2
VarBstrFromUI4
VarBstrFromUI8
VarCat
VarCmp
VarCyAbs
VarCyAdd
VarCyCmp
VarCyCmpR8
VarCyFix
VarCyFromBool
VarCyFromDate
VarCyFromDec
VarCyFromDisp
VarCyFromI1
VarCyFromI2
VarCyFromI4
VarCyFromI8
VarCyFromR4
VarCyFromR8
VarCyFromStr
VarCyFromUI1
VarCyFromUI2
VarCyFromUI4
VarCyFromUI8
VarCyInt
VarCyMul
VarCyMulI4
VarCyMulI8
VarCyNeg
VarCyRound
VarCySub
VarDateFromBool
VarDateFromCy
VarDateFromDec
VarDateFromDisp
VarDateFromI1
VarDateFromI2
VarDateFromI4
VarDateFromI8
VarDateFromR4
VarDateFromR8
VarDateFromStr
VarDateFromUI1
VarDateFromUI2
VarDateFromUI4
VarDateFromUI8
VarDateFromUdate
VarDateFromUdateEx
VarDecAbs
VarDecAdd
VarDecCmp
VarDecCmpR8
VarDecDiv
VarDecFix
VarDecFromBool
VarDecFromCy
VarDecFromDate
VarDecFromDisp
VarDecFromI1
VarDecFromI2
VarDecFromI4
VarDecFromI8
VarDecFromR4
VarDecFromR8
VarDecFromStr
VarDecFromUI1
VarDecFromUI2
VarDecFromUI4
VarDecFromUI8
VarDecInt
VarDecMul
VarDecNeg
VarDecRound
VarDecSub
VarDiv
VarEqv
VarFix
VarFormat
VarFormatCurrency
VarFormatDateTime
VarFormatFromTokens
VarFormatNumber
VarFormatPercent
VarI1FromBool
VarI1FromCy
VarI1FromDate
VarI1FromDec
VarI1FromDisp
VarI1FromI2
VarI1FromI4
VarI1FromI8
VarI1FromR4
VarI1FromR8
VarI1FromStr
VarI1FromUI1
VarI1FromUI2
VarI1FromUI4
VarI1FromUI8
VarI2FromBool
VarI2FromCy
VarI2FromDate
VarI2FromDec
VarI2FromDisp
VarI2FromI1
VarI2FromI4
VarI2FromI8
VarI2FromR4
VarI2FromR8
VarI2FromStr
VarI2FromUI1
VarI2FromUI2
VarI2FromUI4
VarI2FromUI8
VarI4FromBool
VarI4FromCy
VarI4FromDate
VarI4FromDec
VarI4FromDisp
VarI4FromI1
VarI4FromI2
VarI4FromI8
VarI4FromR4
VarI4FromR8
VarI4FromStr
VarI4FromUI1
VarI4FromUI2
VarI4FromUI4
VarI4FromUI8
VarI8FromBool
VarI8FromCy
VarI8FromDate
VarI8FromDec
VarI8FromDisp
VarI8FromI1
VarI8FromI2
VarI8FromR4
VarI8FromR8
VarI8FromStr
VarI8FromUI1
VarI8FromUI2
VarI8FromUI4
VarI8FromUI8
VarIdiv
VarImp
VarInt
VarMod
VarMonthName
VarMul
VarNeg
VarNot
VarNumFromParseNum
VarOr
VarParseNumFromStr
VarPow
VarR4CmpR8
VarR4FromBool
VarR4FromCy
VarR4FromDate
VarR4FromDec
VarR4FromDisp
VarR4FromI1
VarR4FromI2
VarR4FromI4
VarR4FromI8
VarR4FromR8
VarR4FromStr
VarR4FromUI1
VarR4FromUI2
VarR4FromUI4
VarR4FromUI8
VarR8FromBool
VarR8FromCy
VarR8FromDate
VarR8FromDec
VarR8FromDisp
VarR8FromI1
VarR8FromI2
VarR8FromI4
VarR8FromI8
VarR8FromR4
VarR8FromStr
VarR8FromUI1
VarR8FromUI2
VarR8FromUI4
VarR8FromUI8
VarR8Pow
VarR8Round
VarRound
VarSub
VarTokenizeFormatString
VarUI1FromBool
VarUI1FromCy
VarUI1FromDate
VarUI1FromDec
VarUI1FromDisp
VarUI1FromI1
VarUI1FromI2
VarUI1FromI4
VarUI1FromI8
VarUI1FromR4
VarUI1FromR8
VarUI1FromStr
VarUI1FromUI2
VarUI1FromUI4
VarUI1FromUI8
VarUI2FromBool
VarUI2FromCy
VarUI2FromDate
VarUI2FromDec
VarUI2FromDisp
VarUI2FromI1
VarUI2FromI2
VarUI2FromI4
VarUI2FromI8
VarUI2FromR4
VarUI2FromR8
VarUI2FromStr
VarUI2FromUI1
VarUI2FromUI4
VarUI2FromUI8
VarUI4FromBool
VarUI4FromCy
VarUI4FromDate
VarUI4FromDec
VarUI4FromDisp
VarUI4FromI1
VarUI4FromI2
VarUI4FromI4
VarUI4FromI8
VarUI4FromR4
VarUI4FromR8
VarUI4FromStr
VarUI4FromUI1
VarUI4FromUI2
VarUI4FromUI8
VarUI8FromBool
VarUI8FromCy
VarUI8FromDate
VarUI8FromDec
VarUI8FromDisp
VarUI8FromI1
VarUI8FromI2
VarUI8FromI8
VarUI8FromR4
VarUI8FromR8
VarUI8FromStr
VarUI8FromUI1
VarUI8FromUI2
VarUI8FromUI4
VarUdateFromDate
VarWeekdayName
VarXor
VariantChangeType
VariantChangeTypeEx
VariantClear
VariantCopy
VariantCopyInd
VariantInit
VariantTimeToDosDateTime
VariantTimeToSystemTime
VectorFromBstr

Sections

.text
Size: 594KB - Virtual size: 594KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_RPCRT4.dll_7FFF1AC10000_x64.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_QueryInterface
CreateProxyFromTypeInfo
CreateStubFromTypeInfo
DceErrorInqTextA
DceErrorInqTextW
DllGetClassObject
DllRegisterServer
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
IUnknown_Release_Proxy
I_RpcAllocate
I_RpcAsyncAbortCall
I_RpcAsyncSetHandle
I_RpcBCacheAllocate
I_RpcBCacheFree
I_RpcBindingCopy
I_RpcBindingCreateNP
I_RpcBindingHandleToAsyncHandle
I_RpcBindingInqClientTokenAttributes
I_RpcBindingInqCurrentModifiedId
I_RpcBindingInqDynamicEndpoint
I_RpcBindingInqDynamicEndpointA
I_RpcBindingInqDynamicEndpointW
I_RpcBindingInqLocalClientPID
I_RpcBindingInqMarshalledTargetInfo
I_RpcBindingInqSecurityContext
I_RpcBindingInqSecurityContextKeyInfo
I_RpcBindingInqTransportType
I_RpcBindingInqWireIdForSnego
I_RpcBindingIsClientLocal
I_RpcBindingIsServerLocal
I_RpcBindingSetPrivateOption
I_RpcBindingToStaticStringBindingW
I_RpcCertProcessAndProvision
I_RpcClearMutex
I_RpcCompleteAndFree
I_RpcDeleteMutex
I_RpcEnableWmiTrace
I_RpcExceptionFilter
I_RpcFilterDCOMActivation
I_RpcFixTransferSyntax
I_RpcFree
I_RpcFreeBuffer
I_RpcFreePipeBuffer
I_RpcFreeSystemHandle
I_RpcFreeSystemHandleCollection
I_RpcFwThisIsTheManager
I_RpcGetBuffer
I_RpcGetBufferWithObject
I_RpcGetCurrentCallHandle
I_RpcGetDefaultSD
I_RpcGetExtendedError
I_RpcGetPortAllocationData
I_RpcGetSystemHandle
I_RpcIfInqTransferSyntaxes
I_RpcInitFwImports
I_RpcInitHttpImports
I_RpcInitImports
I_RpcInitNdrImports
I_RpcLogEvent
I_RpcMapWin32Status
I_RpcMarshalBindingHandleAndInterfaceForNDF
I_RpcMgmtEnableDedicatedThreadPool
I_RpcMgmtQueryDedicatedThreadPool
I_RpcNDRCGetWireRepresentation
I_RpcNDRSContextEmergencyCleanup
I_RpcNegotiateTransferSyntax
I_RpcNsBindingSetEntryName
I_RpcNsBindingSetEntryNameA
I_RpcNsBindingSetEntryNameW
I_RpcNsInterfaceExported
I_RpcNsInterfaceUnexported
I_RpcOpenClientProcess
I_RpcOpenClientThread
I_RpcParseSecurity
I_RpcPauseExecution
I_RpcReallocPipeBuffer
I_RpcReceive
I_RpcRecordCalloutFailure
I_RpcRequestMutex
I_RpcSNCHOption
I_RpcSend
I_RpcSendReceive
I_RpcServerAllocateIpPort
I_RpcServerCheckClientRestriction
I_RpcServerDisableExceptionFilter
I_RpcServerGetAssociationID
I_RpcServerInqAddressChangeFn
I_RpcServerInqLocalConnAddress
I_RpcServerInqRemoteConnAddress
I_RpcServerInqTransportType
I_RpcServerIsClientDisconnected
I_RpcServerRegisterForwardFunction
I_RpcServerSetAddressChangeFn
I_RpcServerStartService
I_RpcServerSubscribeForDisconnectNotification
I_RpcServerSubscribeForDisconnectNotification2
I_RpcServerTurnOnOffKeepalives
I_RpcServerUnsubscribeForDisconnectNotification
I_RpcServerUseProtseq2A
I_RpcServerUseProtseq2W
I_RpcServerUseProtseqEp2A
I_RpcServerUseProtseqEp2W
I_RpcSessionStrictContextHandle
I_RpcSetDCOMAppId
I_RpcSetSystemHandle
I_RpcSsDontSerializeContext
I_RpcSystemFunction001
I_RpcSystemHandleTypeSpecificWork
I_RpcTransConnectionAllocatePacket
I_RpcTransConnectionFreePacket
I_RpcTransConnectionReallocPacket
I_RpcTransDatagramAllocate
I_RpcTransDatagramAllocate2
I_RpcTransDatagramFree
I_RpcTransGetThreadEvent
I_RpcTransGetThreadEventThreadOptional
I_RpcTransIoCancelled
I_RpcTransServerNewConnection
I_RpcTurnOnEEInfoPropagation
I_RpcVerifierCorruptionExpected
I_UuidCreate
MesBufferHandleReset
MesDecodeBufferHandleCreate
MesDecodeIncrementalHandleCreate
MesEncodeDynBufferHandleCreate
MesEncodeFixedBufferHandleCreate
MesEncodeIncrementalHandleCreate
MesHandleFree
MesIncrementalHandleReset
MesInqProcEncodingId
NDRCContextBinding
NDRCContextMarshall
NDRCContextUnmarshall
NDRSContextMarshall
NDRSContextMarshall2
NDRSContextMarshallEx
NDRSContextUnmarshall
NDRSContextUnmarshall2
NDRSContextUnmarshallEx
Ndr64AsyncClientCall
Ndr64AsyncServerCall64
Ndr64AsyncServerCallAll
Ndr64DcomAsyncClientCall
Ndr64DcomAsyncStubCall
NdrAllocate
NdrAsyncClientCall
NdrAsyncServerCall
NdrByteCountPointerBufferSize
NdrByteCountPointerFree
NdrByteCountPointerMarshall
NdrByteCountPointerUnmarshall
NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
NdrClearOutParameters
NdrClientCall2
NdrClientCall3
NdrClientContextMarshall
NdrClientContextUnmarshall
NdrClientInitialize
NdrClientInitializeNew
NdrComplexArrayBufferSize
NdrComplexArrayFree
NdrComplexArrayMarshall
NdrComplexArrayMemorySize
NdrComplexArrayUnmarshall
NdrComplexStructBufferSize
NdrComplexStructFree
NdrComplexStructMarshall
NdrComplexStructMemorySize
NdrComplexStructUnmarshall
NdrConformantArrayBufferSize
NdrConformantArrayFree
NdrConformantArrayMarshall
NdrConformantArrayMemorySize
NdrConformantArrayUnmarshall
NdrConformantStringBufferSize
NdrConformantStringMarshall
NdrConformantStringMemorySize
NdrConformantStringUnmarshall
NdrConformantStructBufferSize
NdrConformantStructFree
NdrConformantStructMarshall
NdrConformantStructMemorySize
NdrConformantStructUnmarshall
NdrConformantVaryingArrayBufferSize
NdrConformantVaryingArrayFree
NdrConformantVaryingArrayMarshall
NdrConformantVaryingArrayMemorySize
NdrConformantVaryingArrayUnmarshall
NdrConformantVaryingStructBufferSize
NdrConformantVaryingStructFree
NdrConformantVaryingStructMarshall
NdrConformantVaryingStructMemorySize
NdrConformantVaryingStructUnmarshall
NdrContextHandleInitialize
NdrContextHandleSize
NdrConvert
NdrConvert2
NdrCorrelationFree
NdrCorrelationInitialize
NdrCorrelationPass
NdrCreateServerInterfaceFromStub
NdrDcomAsyncClientCall
NdrDcomAsyncStubCall
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrEncapsulatedUnionBufferSize
NdrEncapsulatedUnionFree
NdrEncapsulatedUnionMarshall
NdrEncapsulatedUnionMemorySize
NdrEncapsulatedUnionUnmarshall
NdrFixedArrayBufferSize
NdrFixedArrayFree
NdrFixedArrayMarshall
NdrFixedArrayMemorySize
NdrFixedArrayUnmarshall
NdrFreeBuffer
NdrFullPointerFree
NdrFullPointerInsertRefId
NdrFullPointerQueryPointer
NdrFullPointerQueryRefId
NdrFullPointerXlatFree
NdrFullPointerXlatInit
NdrGetBaseInterfaceFromStub
NdrGetBuffer
NdrGetDcomProtocolVersion
NdrGetSimpleTypeBufferAlignment
NdrGetSimpleTypeBufferSize
NdrGetSimpleTypeMemorySize
NdrGetTypeFlags
NdrGetUserMarshalInfo
NdrInterfacePointerBufferSize
NdrInterfacePointerFree
NdrInterfacePointerMarshall
NdrInterfacePointerMemorySize
NdrInterfacePointerUnmarshall
NdrMapCommAndFaultStatus
NdrMesProcEncodeDecode
NdrMesProcEncodeDecode2
NdrMesProcEncodeDecode3
NdrMesSimpleTypeAlignSize
NdrMesSimpleTypeAlignSizeAll
NdrMesSimpleTypeDecode
NdrMesSimpleTypeDecodeAll
NdrMesSimpleTypeEncode
NdrMesSimpleTypeEncodeAll
NdrMesTypeAlignSize
NdrMesTypeAlignSize2
NdrMesTypeAlignSize3
NdrMesTypeDecode
NdrMesTypeDecode2
NdrMesTypeDecode3
NdrMesTypeEncode
NdrMesTypeEncode2
NdrMesTypeEncode3
NdrMesTypeFree2
NdrMesTypeFree3
NdrNonConformantStringBufferSize
NdrNonConformantStringMarshall
NdrNonConformantStringMemorySize
NdrNonConformantStringUnmarshall
NdrNonEncapsulatedUnionBufferSize
NdrNonEncapsulatedUnionFree
NdrNonEncapsulatedUnionMarshall
NdrNonEncapsulatedUnionMemorySize
NdrNonEncapsulatedUnionUnmarshall
NdrNsGetBuffer
NdrNsSendReceive
NdrOleAllocate
NdrOleFree
NdrOutInit
NdrPartialIgnoreClientBufferSize
NdrPartialIgnoreClientMarshall
NdrPartialIgnoreServerInitialize
NdrPartialIgnoreServerUnmarshall
NdrPointerBufferSize
NdrPointerFree
NdrPointerMarshall
NdrPointerMemorySize
NdrPointerUnmarshall
NdrProxyErrorHandler
NdrProxyFreeBuffer
NdrProxyGetBuffer
NdrProxyInitialize
NdrProxySendReceive
NdrRangeUnmarshall
NdrRpcSmClientAllocate
NdrRpcSmClientFree
NdrRpcSmSetClientToOsf
NdrRpcSsDefaultAllocate
NdrRpcSsDefaultFree
NdrRpcSsDisableAllocate
NdrRpcSsEnableAllocate
NdrSendReceive
NdrServerCall2
NdrServerCallAll
NdrServerCallNdr64
NdrServerContextMarshall
NdrServerContextNewMarshall
NdrServerContextNewUnmarshall
NdrServerContextUnmarshall
NdrServerInitialize
NdrServerInitializeMarshall
NdrServerInitializeNew
NdrServerInitializePartial
NdrServerInitializeUnmarshall
NdrSimpleStructBufferSize
NdrSimpleStructFree
NdrSimpleStructMarshall
NdrSimpleStructMemorySize
NdrSimpleStructUnmarshall
NdrSimpleTypeMarshall
NdrSimpleTypeUnmarshall
NdrStubCall2
NdrStubCall3
NdrStubForwardingFunction
NdrStubGetBuffer
NdrStubInitialize
NdrStubInitializeMarshall
NdrTypeFlags
NdrTypeFree
NdrTypeMarshall
NdrTypeSize
NdrTypeUnmarshall
NdrUnmarshallBasetypeInline
NdrUserMarshalBufferSize
NdrUserMarshalFree
NdrUserMarshalMarshall
NdrUserMarshalMemorySize
NdrUserMarshalSimpleTypeConvert
NdrUserMarshalUnmarshall
NdrVaryingArrayBufferSize
NdrVaryingArrayFree
NdrVaryingArrayMarshall
NdrVaryingArrayMemorySize
NdrVaryingArrayUnmarshall
NdrXmitOrRepAsBufferSize
NdrXmitOrRepAsFree
NdrXmitOrRepAsMarshall
NdrXmitOrRepAsMemorySize
NdrXmitOrRepAsUnmarshall
NdrpClientCall2
NdrpCreateProxy
NdrpCreateStub
NdrpGetProcFormatString
NdrpGetTypeFormatString
NdrpGetTypeGenCookie
NdrpMemoryIncrement
NdrpReleaseTypeFormatString
NdrpReleaseTypeGenCookie
NdrpVarVtOfTypeDesc
RpcAsyncAbortCall
RpcAsyncCancelCall
RpcAsyncCompleteCall
RpcAsyncGetCallStatus
RpcAsyncInitializeHandle
RpcAsyncRegisterInfo
RpcBindingBind
RpcBindingCopy
RpcBindingCreateA
RpcBindingCreateW
RpcBindingFree
RpcBindingFromStringBindingA
RpcBindingFromStringBindingW
RpcBindingInqAuthClientA
RpcBindingInqAuthClientExA
RpcBindingInqAuthClientExW
RpcBindingInqAuthClientW
RpcBindingInqAuthInfoA
RpcBindingInqAuthInfoExA
RpcBindingInqAuthInfoExW
RpcBindingInqAuthInfoW
RpcBindingInqMaxCalls
RpcBindingInqObject
RpcBindingInqOption
RpcBindingReset
RpcBindingServerFromClient
RpcBindingSetAuthInfoA
RpcBindingSetAuthInfoExA
RpcBindingSetAuthInfoExW
RpcBindingSetAuthInfoW
RpcBindingSetObject
RpcBindingSetOption
RpcBindingToStringBindingA
RpcBindingToStringBindingW
RpcBindingUnbind
RpcBindingVectorFree
RpcCancelThread
RpcCancelThreadEx
RpcCertGeneratePrincipalNameA
RpcCertGeneratePrincipalNameW
RpcCertMatchPrincipalName
RpcEpRegisterA
RpcEpRegisterNoReplaceA
RpcEpRegisterNoReplaceW
RpcEpRegisterW
RpcEpResolveBinding
RpcEpUnregister
RpcErrorAddRecord
RpcErrorClearInformation
RpcErrorEndEnumeration
RpcErrorGetNextRecord
RpcErrorGetNumberOfRecords
RpcErrorLoadErrorInfo
RpcErrorResetEnumeration
RpcErrorSaveErrorInfo
RpcErrorStartEnumeration
RpcExceptionFilter
RpcFreeAuthorizationContext
RpcGetAuthorizationContextForClient
RpcIfIdVectorFree
RpcIfInqId
RpcImpersonateClient
RpcImpersonateClient2
RpcImpersonateClientContainer
RpcMgmtEnableIdleCleanup
RpcMgmtEpEltInqBegin
RpcMgmtEpEltInqDone
RpcMgmtEpEltInqNextA
RpcMgmtEpEltInqNextW
RpcMgmtEpUnregister
RpcMgmtInqComTimeout
RpcMgmtInqDefaultProtectLevel
RpcMgmtInqIfIds
RpcMgmtInqServerPrincNameA
RpcMgmtInqServerPrincNameW
RpcMgmtInqStats
RpcMgmtIsServerListening
RpcMgmtSetAuthorizationFn
RpcMgmtSetCancelTimeout
RpcMgmtSetComTimeout
RpcMgmtSetServerStackSize
RpcMgmtStatsVectorFree
RpcMgmtStopServerListening
RpcMgmtWaitServerListen
RpcNetworkInqProtseqsA
RpcNetworkInqProtseqsW
RpcNetworkIsProtseqValidA
RpcNetworkIsProtseqValidW
RpcNsBindingInqEntryNameA
RpcNsBindingInqEntryNameW
RpcObjectInqType
RpcObjectSetInqFn
RpcObjectSetType
RpcProtseqVectorFreeA
RpcProtseqVectorFreeW
RpcRaiseException
RpcRevertContainerImpersonation
RpcRevertToSelf
RpcRevertToSelfEx
RpcServerCompleteSecurityCallback
RpcServerInqBindingHandle
RpcServerInqBindings
RpcServerInqBindingsEx
RpcServerInqCallAttributesA
RpcServerInqCallAttributesW
RpcServerInqDefaultPrincNameA
RpcServerInqDefaultPrincNameW
RpcServerInqIf
RpcServerInterfaceGroupActivate
RpcServerInterfaceGroupClose
RpcServerInterfaceGroupCreateA
RpcServerInterfaceGroupCreateW
RpcServerInterfaceGroupDeactivate
RpcServerInterfaceGroupInqBindings
RpcServerListen
RpcServerRegisterAuthInfoA
RpcServerRegisterAuthInfoW
RpcServerRegisterIf
RpcServerRegisterIf2
RpcServerRegisterIf3
RpcServerRegisterIfEx
RpcServerSubscribeForNotification
RpcServerTestCancel
RpcServerUnregisterIf
RpcServerUnregisterIfEx
RpcServerUnsubscribeForNotification
RpcServerUseAllProtseqs
RpcServerUseAllProtseqsEx
RpcServerUseAllProtseqsIf
RpcServerUseAllProtseqsIfEx
RpcServerUseProtseqA
RpcServerUseProtseqEpA
RpcServerUseProtseqEpExA
RpcServerUseProtseqEpExW
RpcServerUseProtseqEpW
RpcServerUseProtseqExA
RpcServerUseProtseqExW
RpcServerUseProtseqIfA

Sections

.text
Size: 866KB - Virtual size: 865KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ndr64
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_TextShaping.dll_7FFEFD3E0000_x64.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

BuildOtlCache
FreeOtlResources
GetOtlFeatureDefs
GetOtlGlyphAlternates
GetOtlLangSysList
GetOtlScriptList
GetOtlVersion
OtlAssertFailed
RepositionOtlSingleGlyph
ShapingCreateFontCacheData
ShapingDrawGlyphs
ShapingGetBreakingProperties
ShapingGetCombiningOptions
ShapingGetGlyphPositions
ShapingGetGlyphs
ShapingLoadScriptEngine
ShapingSetAssertFunction
ShapingSetInvariantAssertFunction
SubstituteOtlSingleGlyph
ValidateLogClust

Sections

.text
Size: 298KB - Virtual size: 297KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_WS2_32.dll_7FFF1B9A0000_x64.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

FreeAddrInfoEx
FreeAddrInfoExW
FreeAddrInfoW
GetAddrInfoExA
GetAddrInfoExCancel
GetAddrInfoExOverlappedResult
GetAddrInfoExW
GetAddrInfoW
GetHostNameW
GetNameInfoW
InetNtopW
InetPtonW
SetAddrInfoExA
SetAddrInfoExW
WEP
WPUCompleteOverlappedRequest
WPUGetProviderPathEx
WSAAccept
WSAAddressToStringA
WSAAddressToStringW
WSAAdvertiseProvider
WSAAsyncGetHostByAddr
WSAAsyncGetHostByName
WSAAsyncGetProtoByName
WSAAsyncGetProtoByNumber
WSAAsyncGetServByName
WSAAsyncGetServByPort
WSAAsyncSelect
WSACancelAsyncRequest
WSACancelBlockingCall
WSACleanup
WSACloseEvent
WSAConnect
WSAConnectByList
WSAConnectByNameA
WSAConnectByNameW
WSACreateEvent
WSADuplicateSocketA
WSADuplicateSocketW
WSAEnumNameSpaceProvidersA
WSAEnumNameSpaceProvidersExA
WSAEnumNameSpaceProvidersExW
WSAEnumNameSpaceProvidersW
WSAEnumNetworkEvents
WSAEnumProtocolsA
WSAEnumProtocolsW
WSAEventSelect
WSAGetLastError
WSAGetOverlappedResult
WSAGetQOSByName
WSAGetServiceClassInfoA
WSAGetServiceClassInfoW
WSAGetServiceClassNameByClassIdA
WSAGetServiceClassNameByClassIdW
WSAHtonl
WSAHtons
WSAInstallServiceClassA
WSAInstallServiceClassW
WSAIoctl
WSAIsBlocking
WSAJoinLeaf
WSALookupServiceBeginA
WSALookupServiceBeginW
WSALookupServiceEnd
WSALookupServiceNextA
WSALookupServiceNextW
WSANSPIoctl
WSANtohl
WSANtohs
WSAPoll
WSAProviderCompleteAsyncCall
WSAProviderConfigChange
WSARecv
WSARecvDisconnect
WSARecvFrom
WSARemoveServiceClass
WSAResetEvent
WSASend
WSASendDisconnect
WSASendMsg
WSASendTo
WSASetBlockingHook
WSASetEvent
WSASetLastError
WSASetServiceA
WSASetServiceW
WSASocketA
WSASocketW
WSAStartup
WSAStringToAddressA
WSAStringToAddressW
WSAUnadvertiseProvider
WSAUnhookBlockingHook
WSAWaitForMultipleEvents
WSApSetPostRoutine
WSCDeinstallProvider
WSCDeinstallProvider32
WSCDeinstallProviderEx
WSCEnableNSProvider
WSCEnableNSProvider32
WSCEnumNameSpaceProviders32
WSCEnumNameSpaceProvidersEx32
WSCEnumProtocols
WSCEnumProtocols32
WSCEnumProtocolsEx
WSCGetApplicationCategory
WSCGetApplicationCategoryEx
WSCGetProviderInfo
WSCGetProviderInfo32
WSCGetProviderPath
WSCGetProviderPath32
WSCInstallNameSpace
WSCInstallNameSpace32
WSCInstallNameSpaceEx
WSCInstallNameSpaceEx2
WSCInstallNameSpaceEx32
WSCInstallProvider
WSCInstallProvider64_32
WSCInstallProviderAndChains64_32
WSCInstallProviderEx
WSCSetApplicationCategory
WSCSetApplicationCategoryEx
WSCSetProviderInfo
WSCSetProviderInfo32
WSCUnInstallNameSpace
WSCUnInstallNameSpace32
WSCUnInstallNameSpaceEx2
WSCUpdateProvider
WSCUpdateProvider32
WSCUpdateProviderEx
WSCWriteNameSpaceOrder
WSCWriteNameSpaceOrder32
WSCWriteProviderOrder
WSCWriteProviderOrder32
WSCWriteProviderOrderEx
WahCloseApcHelper
WahCloseHandleHelper
WahCloseNotificationHandleHelper
WahCloseSocketHandle
WahCloseThread
WahCompleteRequest
WahCreateHandleContextTable
WahCreateNotificationHandle
WahCreateSocketHandle
WahDestroyHandleContextTable
WahDisableNonIFSHandleSupport
WahEnableNonIFSHandleSupport
WahEnumerateHandleContexts
WahInsertHandleContext
WahNotifyAllProcesses
WahOpenApcHelper
WahOpenCurrentThread
WahOpenHandleHelper
WahOpenNotificationHandleHelper
WahQueueUserApc
WahReferenceContextByHandle
WahRemoveHandleContext
WahWaitForNotification
WahWriteLSPEvent
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyaddr
gethostbyname
gethostname
getnameinfo
getpeername
getprotobyname
getprotobynumber
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
inet_ntop
inet_pton
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wpp_sf
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_advapi32.dll_7FFF1AED0000_x64.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

A_SHAFinal
A_SHAInit
A_SHAUpdate
AbortSystemShutdownA
AbortSystemShutdownW
AccessCheck
AccessCheckAndAuditAlarmA
AccessCheckAndAuditAlarmW
AccessCheckByType
AccessCheckByTypeAndAuditAlarmA
AccessCheckByTypeAndAuditAlarmW
AccessCheckByTypeResultList
AccessCheckByTypeResultListAndAuditAlarmA
AccessCheckByTypeResultListAndAuditAlarmByHandleA
AccessCheckByTypeResultListAndAuditAlarmByHandleW
AccessCheckByTypeResultListAndAuditAlarmW
AddAccessAllowedAce
AddAccessAllowedAceEx
AddAccessAllowedObjectAce
AddAccessDeniedAce
AddAccessDeniedAceEx
AddAccessDeniedObjectAce
AddAce
AddAuditAccessAce
AddAuditAccessAceEx
AddAuditAccessObjectAce
AddConditionalAce
AddMandatoryAce
AddUsersToEncryptedFile
AddUsersToEncryptedFileEx
AdjustTokenGroups
AdjustTokenPrivileges
AllocateAndInitializeSid
AllocateLocallyUniqueId
AreAllAccessesGranted
AreAnyAccessesGranted
AuditComputeEffectivePolicyBySid
AuditComputeEffectivePolicyByToken
AuditEnumerateCategories
AuditEnumeratePerUserPolicy
AuditEnumerateSubCategories
AuditFree
AuditLookupCategoryGuidFromCategoryId
AuditLookupCategoryIdFromCategoryGuid
AuditLookupCategoryNameA
AuditLookupCategoryNameW
AuditLookupSubCategoryNameA
AuditLookupSubCategoryNameW
AuditQueryGlobalSaclA
AuditQueryGlobalSaclW
AuditQueryPerUserPolicy
AuditQuerySecurity
AuditQuerySystemPolicy
AuditSetGlobalSaclA
AuditSetGlobalSaclW
AuditSetPerUserPolicy
AuditSetSecurity
AuditSetSystemPolicy
BackupEventLogA
BackupEventLogW
BaseRegCloseKey
BaseRegCreateKey
BaseRegDeleteKeyEx
BaseRegDeleteValue
BaseRegFlushKey
BaseRegGetVersion
BaseRegLoadKey
BaseRegOpenKey
BaseRegRestoreKey
BaseRegSaveKeyEx
BaseRegSetKeySecurity
BaseRegSetValue
BaseRegUnLoadKey
BuildExplicitAccessWithNameA
BuildExplicitAccessWithNameW
BuildImpersonateExplicitAccessWithNameA
BuildImpersonateExplicitAccessWithNameW
BuildImpersonateTrusteeA
BuildImpersonateTrusteeW
BuildSecurityDescriptorA
BuildSecurityDescriptorW
BuildTrusteeWithNameA
BuildTrusteeWithNameW
BuildTrusteeWithObjectsAndNameA
BuildTrusteeWithObjectsAndNameW
BuildTrusteeWithObjectsAndSidA
BuildTrusteeWithObjectsAndSidW
BuildTrusteeWithSidA
BuildTrusteeWithSidW
CancelOverlappedAccess
ChangeServiceConfig2A
ChangeServiceConfig2W
ChangeServiceConfigA
ChangeServiceConfigW
CheckForHiberboot
CheckTokenMembership
ClearEventLogA
ClearEventLogW
CloseCodeAuthzLevel
CloseEncryptedFileRaw
CloseEventLog
CloseServiceHandle
CloseThreadWaitChainSession
CloseTrace
CommandLineFromMsiDescriptor
ComputeAccessTokenFromCodeAuthzLevel
ControlService
ControlServiceExA
ControlServiceExW
ControlTraceA
ControlTraceW
ConvertAccessToSecurityDescriptorA
ConvertAccessToSecurityDescriptorW
ConvertSDToStringSDDomainW
ConvertSDToStringSDRootDomainA
ConvertSDToStringSDRootDomainW
ConvertSecurityDescriptorToAccessA
ConvertSecurityDescriptorToAccessNamedA
ConvertSecurityDescriptorToAccessNamedW
ConvertSecurityDescriptorToAccessW
ConvertSecurityDescriptorToStringSecurityDescriptorA
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidA
ConvertSidToStringSidW
ConvertStringSDToSDDomainA
ConvertStringSDToSDDomainW
ConvertStringSDToSDRootDomainA
ConvertStringSDToSDRootDomainW
ConvertStringSecurityDescriptorToSecurityDescriptorA
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidA
ConvertStringSidToSidW
ConvertToAutoInheritPrivateObjectSecurity
CopySid
CreateCodeAuthzLevel
CreatePrivateObjectSecurity
CreatePrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
CreateProcessAsUserA
CreateProcessAsUserW
CreateProcessWithLogonW
CreateProcessWithTokenW
CreateRestrictedToken
CreateServiceA
CreateServiceEx
CreateServiceW
CreateTraceInstanceId
CreateWellKnownSid
CredBackupCredentials
CredDeleteA
CredDeleteW
CredEncryptAndMarshalBinaryBlob
CredEnumerateA
CredEnumerateW
CredFindBestCredentialA
CredFindBestCredentialW
CredFree
CredGetSessionTypes
CredGetTargetInfoA
CredGetTargetInfoW
CredIsMarshaledCredentialA
CredIsMarshaledCredentialW
CredIsProtectedA
CredIsProtectedW
CredMarshalCredentialA
CredMarshalCredentialW
CredProfileLoaded
CredProfileLoadedEx
CredProfileUnloaded
CredProtectA
CredProtectW
CredReadA
CredReadByTokenHandle
CredReadDomainCredentialsA
CredReadDomainCredentialsW
CredReadW
CredRenameA
CredRenameW
CredRestoreCredentials
CredUnmarshalCredentialA
CredUnmarshalCredentialW
CredUnprotectA
CredUnprotectW
CredWriteA
CredWriteDomainCredentialsA
CredWriteDomainCredentialsW
CredWriteW
CredpConvertCredential
CredpConvertOneCredentialSize
CredpConvertTargetInfo
CredpDecodeCredential
CredpEncodeCredential
CredpEncodeSecret
CryptAcquireContextA
CryptAcquireContextW
CryptContextAddRef
CryptCreateHash
CryptDecrypt
CryptDeriveKey
CryptDestroyHash
CryptDestroyKey
CryptDuplicateHash
CryptDuplicateKey
CryptEncrypt
CryptEnumProviderTypesA
CryptEnumProviderTypesW
CryptEnumProvidersA
CryptEnumProvidersW
CryptExportKey
CryptGenKey
CryptGenRandom
CryptGetDefaultProviderA
CryptGetDefaultProviderW
CryptGetHashParam
CryptGetKeyParam
CryptGetProvParam
CryptGetUserKey
CryptHashData
CryptHashSessionKey
CryptImportKey
CryptReleaseContext
CryptSetHashParam
CryptSetKeyParam
CryptSetProvParam
CryptSetProviderA
CryptSetProviderExA
CryptSetProviderExW
CryptSetProviderW
CryptSignHashA
CryptSignHashW
CryptVerifySignatureA
CryptVerifySignatureW
CveEventWrite
DecryptFileA
DecryptFileW
DeleteAce
DeleteService
DeregisterEventSource
DestroyPrivateObjectSecurity
DuplicateEncryptionInfoFile
DuplicateToken
DuplicateTokenEx
ElfBackupEventLogFileA
ElfBackupEventLogFileW
ElfChangeNotify
ElfClearEventLogFileA
ElfClearEventLogFileW
ElfCloseEventLog
ElfDeregisterEventSource
ElfFlushEventLog
ElfNumberOfRecords
ElfOldestRecord
ElfOpenBackupEventLogA
ElfOpenBackupEventLogW
ElfOpenEventLogA
ElfOpenEventLogW
ElfReadEventLogA
ElfReadEventLogW
ElfRegisterEventSourceA
ElfRegisterEventSourceW
ElfReportEventA
ElfReportEventAndSourceW
ElfReportEventW
EnableTrace
EnableTraceEx
EnableTraceEx2
EncryptFileA
EncryptFileW
EncryptedFileKeyInfo
EncryptionDisable
EnumDependentServicesA
EnumDependentServicesW
EnumDynamicTimeZoneInformation
EnumServiceGroupW
EnumServicesStatusA
EnumServicesStatusExA
EnumServicesStatusExW
EnumServicesStatusW
EnumerateTraceGuids
EnumerateTraceGuidsEx
EqualDomainSid
EqualPrefixSid
EqualSid
EventAccessControl
EventAccessQuery
EventAccessRemove
EventActivityIdControl
EventEnabled
EventProviderEnabled
EventRegister
EventSetInformation
EventUnregister
EventWrite
EventWriteEndScenario
EventWriteEx
EventWriteStartScenario
EventWriteString
EventWriteTransfer
FileEncryptionStatusA
FileEncryptionStatusW
FindFirstFreeAce
FlushEfsCache
FlushTraceA
FlushTraceW
FreeEncryptedFileKeyInfo
FreeEncryptedFileMetadata
FreeEncryptionCertificateHashList
FreeInheritedFromArray
FreeSid
GetAccessPermissionsForObjectA
GetAccessPermissionsForObjectW
GetAce
GetAclInformation
GetAuditedPermissionsFromAclA
GetAuditedPermissionsFromAclW
GetCurrentHwProfileA
GetCurrentHwProfileW
GetDynamicTimeZoneInformationEffectiveYears
GetEffectiveRightsFromAclA
GetEffectiveRightsFromAclW
GetEncryptedFileMetadata
GetEventLogInformation
GetExplicitEntriesFromAclA
GetExplicitEntriesFromAclW
GetFileSecurityA
GetFileSecurityW
GetInformationCodeAuthzLevelW
GetInformationCodeAuthzPolicyW
GetInheritanceSourceA
GetInheritanceSourceW
GetKernelObjectSecurity
GetLengthSid
GetLocalManagedApplicationData
GetLocalManagedApplications
GetManagedApplicationCategories
GetManagedApplications
GetMultipleTrusteeA
GetMultipleTrusteeOperationA
GetMultipleTrusteeOperationW
GetMultipleTrusteeW
GetNamedSecurityInfoA
GetNamedSecurityInfoExA
GetNamedSecurityInfoExW
GetNamedSecurityInfoW
GetNumberOfEventLogRecords
GetOldestEventLogRecord
GetOverlappedAccessResults
GetPrivateObjectSecurity
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorRMControl
GetSecurityDescriptorSacl
GetSecurityInfo
GetSecurityInfoExA
GetSecurityInfoExW
GetServiceDisplayNameA
GetServiceDisplayNameW
GetServiceKeyNameA
GetServiceKeyNameW
GetSidIdentifierAuthority
GetSidLengthRequired
GetSidSubAuthority
GetSidSubAuthorityCount
GetStringConditionFromBinary
GetThreadWaitChain
GetTokenInformation
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
GetTrusteeFormA
GetTrusteeFormW
GetTrusteeNameA
GetTrusteeNameW
GetTrusteeTypeA
GetTrusteeTypeW
GetUserNameA
GetUserNameW
GetWindowsAccountDomainSid
I_QueryTagInformation
I_ScGetCurrentGroupStateW
I_ScIsSecurityProcess
I_ScPnPGetServiceName
I_ScQueryServiceConfig
I_ScRegisterPreshutdownRestart
I_ScReparseServiceDatabase
I_ScSendPnPMessage
I_ScSendTSMessage
I_ScSetServiceBitsA
I_ScSetServiceBitsW
I_ScValidatePnPService
IdentifyCodeAuthzLevelW
ImpersonateAnonymousToken
ImpersonateLoggedOnUser
ImpersonateNamedPipeClient
ImpersonateSelf
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
InitiateShutdownA
InitiateShutdownW
InitiateSystemShutdownA
InitiateSystemShutdownExA
InitiateSystemShutdownExW
InitiateSystemShutdownW
InstallApplication
IsTextUnicode
IsTokenRestricted
IsTokenUntrusted
IsValidAcl
IsValidRelativeSecurityDescriptor
IsValidSecurityDescriptor
IsValidSid
IsWellKnownSid
LockServiceDatabase
LogonUserA
LogonUserExA
LogonUserExExW
LogonUserExW
LogonUserW
LookupAccountNameA
LookupAccountNameW
LookupAccountSidA
LookupAccountSidW
LookupPrivilegeDisplayNameA
LookupPrivilegeDisplayNameW
LookupPrivilegeNameA
LookupPrivilegeNameW
LookupPrivilegeValueA
LookupPrivilegeValueW
LookupSecurityDescriptorPartsA
LookupSecurityDescriptorPartsW
LsaAddAccountRights
LsaAddPrivilegesToAccount
LsaClearAuditLog
LsaClose
LsaCreateAccount
LsaCreateSecret
LsaCreateTrustedDomain
LsaCreateTrustedDomainEx
LsaDelete
LsaDeleteTrustedDomain
LsaEnumerateAccountRights
LsaEnumerateAccounts
LsaEnumerateAccountsWithUserRight
LsaEnumeratePrivileges
LsaEnumeratePrivilegesOfAccount
LsaEnumerateTrustedDomains
LsaEnumerateTrustedDomainsEx
LsaFreeMemory
LsaGetAppliedCAPIDs
LsaGetQuotasForAccount
LsaGetRemoteUserName
LsaGetSystemAccessAccount
LsaGetUserName
LsaICLookupNames
LsaICLookupNamesWithCreds
LsaICLookupSids
LsaICLookupSidsWithCreds
LsaInvokeTrustScanner
LsaLookupNames
LsaLookupNames2
LsaLookupPrivilegeDisplayName
LsaLookupPrivilegeName
LsaLookupPrivilegeValue
LsaLookupSids
LsaLookupSids2
LsaManageSidNameMapping
LsaNtStatusToWinError
LsaOpenAccount
LsaOpenPolicy
LsaOpenPolicySce
LsaOpenSecret
LsaOpenTrustedDomain
LsaOpenTrustedDomainByName
LsaQueryCAPs
LsaQueryDomainInformationPolicy
LsaQueryForestTrustInformation
LsaQueryForestTrustInformation2
LsaQueryInfoTrustedDomain
LsaQueryInformationPolicy
LsaQuerySecret
LsaQuerySecurityObject
LsaQueryTrustedDomainInfo
LsaQueryTrustedDomainInfoByName
LsaRemoveAccountRights
LsaRemovePrivilegesFromAccount
LsaRetrievePrivateData
LsaSetCAPs
LsaSetDomainInformationPolicy
LsaSetForestTrustInformation
LsaSetForestTrustInformation2
LsaSetInformationPolicy
LsaSetInformationTrustedDomain
LsaSetQuotasForAccount
LsaSetSecret
LsaSetSecurityObject
LsaSetSystemAccessAccount

Sections

.text
Size: 424KB - Virtual size: 423KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_bcrypt.dll_7FFF1A3E0000_x64.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

BCryptAddContextFunction
BCryptAddContextFunctionProvider
BCryptCloseAlgorithmProvider
BCryptConfigureContext
BCryptConfigureContextFunction
BCryptCreateContext
BCryptCreateHash
BCryptCreateMultiHash
BCryptDecrypt
BCryptDeleteContext
BCryptDeriveKey
BCryptDeriveKeyCapi
BCryptDeriveKeyPBKDF2
BCryptDestroyHash
BCryptDestroyKey
BCryptDestroySecret
BCryptDuplicateHash
BCryptDuplicateKey
BCryptEncrypt
BCryptEnumAlgorithms
BCryptEnumContextFunctionProviders
BCryptEnumContextFunctions
BCryptEnumContexts
BCryptEnumProviders
BCryptEnumRegisteredProviders
BCryptExportKey
BCryptFinalizeKeyPair
BCryptFinishHash
BCryptFreeBuffer
BCryptGenRandom
BCryptGenerateKeyPair
BCryptGenerateSymmetricKey
BCryptGetFipsAlgorithmMode
BCryptGetProperty
BCryptHash
BCryptHashData
BCryptImportKey
BCryptImportKeyPair
BCryptKeyDerivation
BCryptOpenAlgorithmProvider
BCryptProcessMultiOperations
BCryptQueryContextConfiguration
BCryptQueryContextFunctionConfiguration
BCryptQueryContextFunctionProperty
BCryptQueryProviderRegistration
BCryptRegisterConfigChangeNotify
BCryptRegisterProvider
BCryptRemoveContextFunction
BCryptRemoveContextFunctionProvider
BCryptResolveProviders
BCryptSecretAgreement
BCryptSetAuditingInterface
BCryptSetContextFunctionProperty
BCryptSetProperty
BCryptSignHash
BCryptUnregisterConfigChangeNotify
BCryptUnregisterProvider
BCryptVerifySignature

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_bcryptPrimitives.dll_7FFF1A220000_x64.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

GetAsymmetricEncryptionInterface
GetCipherInterface
GetHashInterface
GetKeyDerivationInterface
GetRngInterface
GetSecretAgreementInterface
GetSignatureInterface
MSCryptConvertRsaPrivateBlobToFullRsaBlob
ProcessPrng
ProcessPrngGuid

Sections

.text
Size: 399KB - Virtual size: 398KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_clbcatq.dll_7FFF1AF80000_x64.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

ActivatorUpdateForIsRouterChanges
CLSIDFromStringByBitness
CheckMemoryGates
CoRegCleanup
ComPlusEnablePartitions
ComPlusEnableRemoteAccess
ComPlusMigrate
ComPlusPartitionsEnabled
ComPlusRemoteAccessEnabled
CreateComponentLibraryEx
DeleteAllActivatorsForClsid
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DowngradeAPL
GetCatalogObject
GetCatalogObject2
GetComputerObject
GetGlobalBabyJITEnabled
GetSimpleTableDispenser
InprocServer32FromString
OpenComponentLibraryEx
OpenComponentLibraryOnMemEx
OpenComponentLibraryOnStreamEx
ServerGetApplicationType
SetSetupOpen
SetSetupSave
SetupOpen
SetupSave
UpdateFromAppChange
UpdateFromComponentChange

Sections

.text
Size: 427KB - Virtual size: 427KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_combase.dll_7FFF1B030000_x64.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

CLIPFORMAT_UserFree
CLIPFORMAT_UserFree64
CLIPFORMAT_UserMarshal
CLIPFORMAT_UserMarshal64
CLIPFORMAT_UserSize
CLIPFORMAT_UserSize64
CLIPFORMAT_UserUnmarshal
CLIPFORMAT_UserUnmarshal64
CLSIDFromOle1Class
CLSIDFromProgID
CLSIDFromProgIDEx
CLSIDFromString
CStdAsyncStubBuffer2_Connect
CStdAsyncStubBuffer2_Disconnect
CStdAsyncStubBuffer2_Release
CStdAsyncStubBuffer_AddRef
CStdAsyncStubBuffer_Connect
CStdAsyncStubBuffer_Disconnect
CStdAsyncStubBuffer_Invoke
CStdAsyncStubBuffer_QueryInterface
CStdAsyncStubBuffer_Release
CStdStubBuffer2_Connect
CStdStubBuffer2_CountRefs
CStdStubBuffer2_Disconnect
CStdStubBuffer2_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_QueryInterface
CleanupComl2StateInAllTls
CleanupOleStateInAllTls
CleanupTlsComl2State
CleanupTlsOleState
ClearCleanupFlag
CoAddRefServerProcess
CoAllowUnmarshalerCLSID
CoCancelCall
CoCopyProxy
CoCreateErrorInfo
CoCreateFreeThreadedMarshaler
CoCreateGuid
CoCreateInstance
CoCreateInstanceEx
CoCreateInstanceFromApp
CoCreateObjectInContext
CoDeactivateObject
CoDecodeProxy
CoDecrementMTAUsage
CoDisableCallCancellation
CoDisconnectContext
CoDisconnectObject
CoEnableCallCancellation
CoFileTimeNow
CoFreeUnusedLibraries
CoFreeUnusedLibrariesEx
CoGetActivationState
CoGetApartmentID
CoGetApartmentType
CoGetCallContext
CoGetCallState
CoGetCallerTID
CoGetCancelObject
CoGetClassObject
CoGetClassVersion
CoGetContextToken
CoGetCurrentLogicalThreadId
CoGetCurrentProcess
CoGetDefaultContext
CoGetErrorInfo
CoGetInstanceFromFile
CoGetInstanceFromIStorage
CoGetInterfaceAndReleaseStream
CoGetMalloc
CoGetMarshalSizeMax
CoGetModuleArchitecture
CoGetModuleType
CoGetObjectContext
CoGetPSClsid
CoGetProcessIdentifier
CoGetStandardMarshal
CoGetStdMarshalEx
CoGetSystemSecurityPermissions
CoGetTreatAsClass
CoImpersonateClient
CoIncrementMTAUsage
CoInitializeEx
CoInitializeSecurity
CoInitializeWOW
CoInvalidateRemoteMachineBindings
CoIsHandlerConnected
CoLockObjectExternal
CoMarshalHresult
CoMarshalInterThreadInterfaceInStream
CoMarshalInterface
CoPopServiceDomain
CoPushServiceDomain
CoQueryAuthenticationServices
CoQueryClientBlanket
CoQueryProxyBlanket
CoReactivateObject
CoRegisterActivationFilter
CoRegisterClassObject
CoRegisterConsoleHandles
CoRegisterDeviceCatalog
CoRegisterInitializeSpy
CoRegisterMallocSpy
CoRegisterMessageFilter
CoRegisterPSClsid
CoRegisterRacActivationToken
CoRegisterSurrogate
CoRegisterSurrogateEx
CoReleaseMarshalData
CoReleaseServerProcess
CoResumeClassObjects
CoRetireServer
CoRevertToSelf
CoRevokeClassObject
CoRevokeConsoleHandles
CoRevokeDeviceCatalog
CoRevokeInitializeSpy
CoRevokeMallocSpy
CoRevokeRacActivationToken
CoSetCancelObject
CoSetErrorInfo
CoSetProxyBlanket
CoSuspendClassObjects
CoSwitchCallContext
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoTestCancel
CoUninitialize
CoUnloadingWOW
CoUnmarshalHresult
CoUnmarshalInterface
CoVrfCheckThreadState
CoVrfGetThreadState
CoVrfReleaseThreadState
CoWaitForMultipleHandles
CoWaitForMultipleObjects
CreateErrorInfo
CreateStreamOnHGlobal
DcomChannelSetHResult
DllDebugObjectRPCHook
DllGetActivationFactory
DllGetClassObject
EnableHookObject
FreePropVariantArray
FreePropVariantArrayWorker
GetCatalogHelper
GetErrorInfo
GetFuncDescs
GetHGlobalFromStream
GetHookInterface
GetRestrictedErrorInfo
HACCEL_UserFree
HACCEL_UserFree64
HACCEL_UserMarshal
HACCEL_UserMarshal64
HACCEL_UserSize
HACCEL_UserSize64
HACCEL_UserUnmarshal
HACCEL_UserUnmarshal64
HBITMAP_UserFree
HBITMAP_UserFree64
HBITMAP_UserMarshal
HBITMAP_UserMarshal64
HBITMAP_UserSize
HBITMAP_UserSize64
HBITMAP_UserUnmarshal
HBITMAP_UserUnmarshal64
HBRUSH_UserFree
HBRUSH_UserFree64
HBRUSH_UserMarshal
HBRUSH_UserMarshal64
HBRUSH_UserSize
HBRUSH_UserSize64
HBRUSH_UserUnmarshal
HBRUSH_UserUnmarshal64
HDC_UserFree
HDC_UserFree64
HDC_UserMarshal
HDC_UserMarshal64
HDC_UserSize
HDC_UserSize64
HDC_UserUnmarshal
HDC_UserUnmarshal64
HGLOBAL_UserFree
HGLOBAL_UserFree64
HGLOBAL_UserMarshal
HGLOBAL_UserMarshal64
HGLOBAL_UserSize
HGLOBAL_UserSize64
HGLOBAL_UserUnmarshal
HGLOBAL_UserUnmarshal64
HICON_UserFree
HICON_UserFree64
HICON_UserMarshal
HICON_UserMarshal64
HICON_UserSize
HICON_UserSize64
HICON_UserUnmarshal
HICON_UserUnmarshal64
HMENU_UserFree
HMENU_UserFree64
HMENU_UserMarshal
HMENU_UserMarshal64
HMENU_UserSize
HMENU_UserSize64
HMENU_UserUnmarshal
HMENU_UserUnmarshal64
HMONITOR_UserFree
HMONITOR_UserFree64
HMONITOR_UserMarshal
HMONITOR_UserMarshal64
HMONITOR_UserSize
HMONITOR_UserSize64
HMONITOR_UserUnmarshal
HMONITOR_UserUnmarshal64
HPALETTE_UserFree
HPALETTE_UserFree64
HPALETTE_UserMarshal
HPALETTE_UserMarshal64
HPALETTE_UserSize
HPALETTE_UserSize64
HPALETTE_UserUnmarshal
HPALETTE_UserUnmarshal64
HRGN_UserFree
HRGN_UserFree64
HRGN_UserMarshal
HRGN_UserMarshal64
HRGN_UserSize
HRGN_UserSize64
HRGN_UserUnmarshal
HRGN_UserUnmarshal64
HSTRING_UserFree
HSTRING_UserFree64
HSTRING_UserMarshal
HSTRING_UserMarshal64
HSTRING_UserSize
HSTRING_UserSize64
HSTRING_UserUnmarshal
HSTRING_UserUnmarshal64
HWND_UserFree
HWND_UserFree64
HWND_UserMarshal
HWND_UserMarshal64
HWND_UserSize
HWND_UserSize64
HWND_UserUnmarshal
HWND_UserUnmarshal64
HkOleRegisterObject
IIDFromString
InternalAppInvokeExceptionFilter
InternalCAggIdRelease
InternalCAggIdSetHandler
InternalCCFreeUnused
InternalCCGetClassInformationForDde
InternalCCGetClassInformationFromKey
InternalCCSetDdeServerWindow
InternalCMLSendReceive
InternalCMLSendReceive2
InternalCStdIdentityGetIProxyManager
InternalCStdIdentityGetInternalUnk
InternalCStdIdentityUpdateFlags
InternalCallAsProxyExceptionFilter
InternalCallFrameExceptionFilter
InternalCallerIsAppContainer
InternalCanMakeOutCall
InternalCanMakeOutCall2
InternalCoIsSurrogateProcess
InternalCoRegisterDisconnectCallback
InternalCoRegisterSurrogatedObject
InternalCoStdMarshalObject
InternalCoUnregisterDisconnectCallback
InternalCompleteObjRef
InternalCreateCAggId
InternalCreateIdentityHandler
InternalDoATClassCreate
InternalFillLocalOXIDInfo
InternalFreeObjRef
InternalGetWindowPropInterface
InternalGetWindowPropInterface2
InternalIrotEnumRunning
InternalIrotEnumRunning2
InternalIrotGetObject
InternalIrotGetObject2
InternalIrotGetObject3
InternalIrotGetTimeOfLastChange
InternalIrotGetTimeOfLastChange2
InternalIrotIsRunning
InternalIrotIsRunning2
InternalIrotNoteChangeTime
InternalIrotRegister
InternalIrotRevoke
InternalIsApartmentInitialized
InternalIsProcessInitialized
InternalMarshalObjRef
InternalNotifyDDStartOrStop
InternalOleModalLoopBlockFn
InternalRegisterWindowPropInterface
InternalRegisterWindowPropInterface2
InternalReleaseMarshalObjRef
InternalRevokeWindowPropInterface
InternalSTAInvoke
InternalServerExceptionFilter
InternalSetAptCallCtrlOnTlsIfRequired
InternalSetOleThunkWowPtr
InternalStubInvoke
InternalTlsAllocData
InternalUnmarshalObjRef
IsErrorPropagationEnabled
NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
NdrExtStubInitialize
NdrOleDllGetClassObject
NdrOleInitializeExtension
NdrProxyForwardingFunction10
NdrProxyForwardingFunction11
NdrProxyForwardingFunction12
NdrProxyForwardingFunction13
NdrProxyForwardingFunction14
NdrProxyForwardingFunction15
NdrProxyForwardingFunction16
NdrProxyForwardingFunction17
NdrProxyForwardingFunction18
NdrProxyForwardingFunction19
NdrProxyForwardingFunction20
NdrProxyForwardingFunction21
NdrProxyForwardingFunction22
NdrProxyForwardingFunction23
NdrProxyForwardingFunction24
NdrProxyForwardingFunction25
NdrProxyForwardingFunction26
NdrProxyForwardingFunction27
NdrProxyForwardingFunction28
NdrProxyForwardingFunction29
NdrProxyForwardingFunction3
NdrProxyForwardingFunction30
NdrProxyForwardingFunction31
NdrProxyForwardingFunction32
NdrProxyForwardingFunction4
NdrProxyForwardingFunction5
NdrProxyForwardingFunction6
NdrProxyForwardingFunction7
NdrProxyForwardingFunction8
NdrProxyForwardingFunction9
NdrpFindInterface
ObjectStublessClient10
ObjectStublessClient11
ObjectStublessClient12
ObjectStublessClient13
ObjectStublessClient14
ObjectStublessClient15
ObjectStublessClient16
ObjectStublessClient17
ObjectStublessClient18
ObjectStublessClient19
ObjectStublessClient20
ObjectStublessClient21
ObjectStublessClient22
ObjectStublessClient23
ObjectStublessClient24
ObjectStublessClient25
ObjectStublessClient26
ObjectStublessClient27
ObjectStublessClient28
ObjectStublessClient29
ObjectStublessClient3
ObjectStublessClient30
ObjectStublessClient31
ObjectStublessClient32
ObjectStublessClient4
ObjectStublessClient5
ObjectStublessClient6
ObjectStublessClient7
ObjectStublessClient8
ObjectStublessClient9
ProgIDFromCLSID
PropVariantClear
PropVariantCopy
ReleaseFuncDescs
RoActivateInstance
RoCaptureErrorContext
RoClearError
RoFailFastWithErrorContext
RoFailFastWithErrorContextInternal
RoFailFastWithErrorContextInternal2
RoFreeParameterizedTypeExtra
RoGetActivatableClassRegistration
RoGetActivationFactory
RoGetAgileReference
RoGetApartmentIdentifier
RoGetErrorReportingFlags
RoGetMatchingRestrictedErrorInfo
RoGetParameterizedTypeInstanceIID
RoGetServerActivatableClasses
RoInitialize
RoInspectCapturedStackBackTrace
RoInspectThreadErrorInfo
RoOriginateError
RoOriginateErrorW
RoOriginateLanguageException
RoParameterizedTypeExtraGetTypeSignature
RoRegisterActivationFactories
RoRegisterForApartmentShutdown
RoReportCapabilityCheckFailure
RoReportFailedDelegate
RoReportUnhandledError
RoResolveRestrictedErrorInfoReference
RoRevokeActivationFactories
RoSetErrorReportingFlags
RoTransformError
RoTransformErrorW
RoUninitialize
RoUnregisterForApartmentShutdown
SetCleanupFlag
SetErrorInfo
SetRestrictedErrorInfo
StringFromCLSID
StringFromGUID2
StringFromIID
UpdateDCOMSettings
UpdateProcessTracing
WdtpInterfacePointer_UserFree
WdtpInterfacePointer_UserFree64
WdtpInterfacePointer_UserMarshal
WdtpInterfacePointer_UserMarshal64
WdtpInterfacePointer_UserSize
WdtpInterfacePointer_UserSize64
WdtpInterfacePointer_UserUnmarshal
WdtpInterfacePointer_UserUnmarshal64
WindowsCompareStringOrdinal
WindowsConcatString
WindowsCreateString
WindowsCreateStringReference
WindowsDeleteString
WindowsDeleteStringBuffer
WindowsDuplicateString
WindowsGetStringLen
WindowsGetStringRawBuffer
WindowsInspectString
WindowsInspectString2
WindowsIsStringEmpty
WindowsPreallocateStringBuffer
WindowsPromoteStringBuffer
WindowsReplaceString
WindowsStringHasEmbeddedNull
WindowsSubstring
WindowsSubstringWithSpecifiedLength
WindowsTrimStringEnd
WindowsTrimStringStart

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.proxy
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 789KB - Virtual size: 789KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_comctl32.DLL_7FFF0A020000_x64.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

AddMRUStringW
AttachScrollBars
CCEnableScrollBar
CCGetScrollInfo
CCSetScrollInfo
CreateMRUListW
CreateMappedBitmap
CreatePropertySheetPage
CreatePropertySheetPageA
CreatePropertySheetPageW
CreateStatusWindow
CreateStatusWindowA
CreateStatusWindowW
CreateToolbar
CreateToolbarEx
CreateUpDownControl
DPA_Clone
DPA_Create
DPA_CreateEx
DPA_DeleteAllPtrs
DPA_DeletePtr
DPA_Destroy
DPA_DestroyCallback
DPA_EnumCallback
DPA_GetPtr
DPA_GetPtrIndex
DPA_GetSize
DPA_Grow
DPA_InsertPtr
DPA_LoadStream
DPA_Merge
DPA_SaveStream
DPA_Search
DPA_SetPtr
DPA_Sort
DSA_Clone
DSA_Create
DSA_DeleteAllItems
DSA_DeleteItem
DSA_Destroy
DSA_DestroyCallback
DSA_EnumCallback
DSA_GetItem
DSA_GetItemPtr
DSA_GetSize
DSA_InsertItem
DSA_SetItem
DSA_Sort
DefSubclassProc
DestroyPropertySheetPage
DetachScrollBars
DllGetVersion
DllInstall
DrawInsert
DrawScrollBar
DrawShadowText
DrawSizeBox
DrawStatusText
DrawStatusTextA
DrawStatusTextW
EnumMRUListW
FlatSB_EnableScrollBar
FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollProp
FlatSB_GetScrollPropPtr
FlatSB_GetScrollRange
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
FlatSB_SetScrollRange
FlatSB_ShowScrollBar
FreeMRUList
GetEffectiveClientRect
GetMUILanguage
GetWindowSubclass
HIMAGELIST_QueryInterface
HandleScrollCmd
ImageList_Add
ImageList_AddIcon
ImageList_AddMasked
ImageList_BeginDrag
ImageList_CoCreateInstance
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DestroyShared
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Duplicate
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetFlags
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_GetImageRect
ImageList_LoadImage
ImageList_LoadImageA
ImageList_LoadImageW
ImageList_Merge
ImageList_Read
ImageList_ReadEx
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_Resize
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_SetFilter
ImageList_SetFlags
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_SetOverlayImage
ImageList_Write
ImageList_WriteEx
InitCommonControls
InitCommonControlsEx
InitMUILanguage
InitializeFlatSB
LBItemFromPt
LoadIconMetric
LoadIconWithScaleDown
MakeDragList
MenuHelp
PropertySheet
PropertySheetA
PropertySheetW
QuerySystemGestureStatus
RegisterClassNameW
RemoveWindowSubclass
ScrollBar_Menu
ScrollBar_MouseMove
SetWindowSubclass
ShowHideMenuCtl
SizeBoxHwnd
Str_SetPtrW
TaskDialog
TaskDialogIndirect
UninitializeFlatSB
_TrackMouseEvent

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 290KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 291KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_dwmapi.dll_7FFF17990000_x64.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DwmAttachMilContent
DwmDefWindowProc
DwmDetachMilContent
DwmEnableBlurBehindWindow
DwmEnableComposition
DwmEnableMMCSS
DwmExtendFrameIntoClientArea
DwmFlush
DwmGetColorizationColor
DwmGetCompositionTimingInfo
DwmGetGraphicsStreamClient
DwmGetGraphicsStreamTransformHint
DwmGetTransportAttributes
DwmGetUnmetTabRequirements
DwmGetWindowAttribute
DwmInvalidateIconicBitmaps
DwmIsCompositionEnabled
DwmModifyPreviousDxFrameDuration
DwmQueryThumbnailSourceSize
DwmRegisterThumbnail
DwmRenderGesture
DwmSetDxFrameDuration
DwmSetIconicLivePreviewBitmap
DwmSetIconicThumbnail
DwmSetPresentParameters
DwmSetWindowAttribute
DwmShowContact
DwmTetherContact
DwmTetherTextContact
DwmTransitionOwnedWindow
DwmUnregisterThumbnail
DwmUpdateThumbnailProperties
DwmpAllocateSecurityDescriptor
DwmpDxGetWindowSharedSurface
DwmpDxUpdateWindowSharedSurface
DwmpDxgiIsThreadDesktopComposited
DwmpEnableDDASupport
DwmpFreeSecurityDescriptor
DwmpGetColorizationParameters
DwmpRenderFlick
DwmpSetColorizationParameters
DwmpUpdateProxyWindowForCapture

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_gdi32full.dll_7FFF1A710000_x64.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

AbortDocImpl
AbortPath
AddFontMemResourceEx
AddFontResourceA
AddFontResourceExA
AddFontResourceExW
AddFontResourceTracking
AddFontResourceWImpl
AngleArc
AnimatePalette
AnyLinkedFonts
Arc
ArcTo
BeginPath
BeginPathImpl
BitBlt
CancelDC
CheckColorsInGamut
ChoosePixelFormat
Chord
ClearBitmapAttributes
ClearBrushAttributes
CloseEnhMetaFile
CloseFigure
CloseFigureImpl
CloseMetaFile
ColorCorrectPalette
ColorMatchToTarget
CombineTransform
CopyEnhMetaFileA
CopyEnhMetaFileW
CopyMetaFileA
CopyMetaFileW
CreateBitmap
CreateBitmapIndirect
CreateBrushIndirect
CreateColorSpaceA
CreateColorSpaceW
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDCAImpl
CreateDCExW
CreateDCW
CreateDIBPatternBrush
CreateDIBPatternBrushPt
CreateDIBSection
CreateDIBitmap
CreateDPIScaledDIBSection
CreateDiscardableBitmap
CreateEllipticRgn
CreateEllipticRgnIndirect
CreateEnhMetaFileA
CreateEnhMetaFileW
CreateFontA
CreateFontIndirectA
CreateFontIndirectExA
CreateFontIndirectExW
CreateFontIndirectW
CreateFontIndirectWImpl
CreateFontW
CreateHalftonePalette
CreateHatchBrush
CreateICA
CreateICW
CreateMetaFileA
CreateMetaFileW
CreatePalette
CreatePatternBrush
CreatePen
CreatePenIndirect
CreatePolyPolygonRgn
CreateRectRgn
CreateRoundRectRgn
CreateScalableFontResourceA
CreateScalableFontResourceWImpl
CreateScaledCompatibleBitmap
CreateSessionMappedDIBSection
CreateSolidBrush
DPtoLP
DeleteColorSpace
DeleteDC
DeleteEMFSpoolData
DeleteEnhMetaFile
DeleteMetaFile
DescribePixelFormat
DeviceCapabilitiesExA
DocumentEventEx
DrawEscape
DwmCreatedBitmapRemotingOutput
DwmGetDirtyRgnImpl
Ellipse
EndDoc
EndDocImpl
EndFormPage
EndPage
EndPageImpl
EndPath
EndPathImpl
EngAcquireSemaphore
EngComputeGlyphSet
EngCreateBitmap
EngCreateDeviceBitmap
EngCreateDeviceSurface
EngCreatePalette
EngCreateSemaphore
EngDeletePalette
EngDeleteSemaphore
EngDeleteSurface
EngFindResource
EngFreeModule
EngGetCurrentCodePage
EngGetDriverName
EngGetPrinterDataFileName
EngLoadModule
EngMultiByteToUnicodeN
EngMultiByteToWideChar
EngQueryEMFInfo
EngQueryLocalTime
EngReleaseSemaphore
EngUnicodeToMultiByteN
EngWideCharToMultiByte
EnumEnhMetaFile
EnumFontFamiliesA
EnumFontFamiliesExA
EnumFontFamiliesExW
EnumFontFamiliesW
EnumFontsA
EnumFontsW
EnumICMProfilesA
EnumICMProfilesW
EnumMetaFile
EnumObjects
EscapeImpl
EudcLoadLinkW
EudcUnloadLinkW
ExcludeClipRect
ExtCreatePen
ExtEscapeImpl
ExtFloodFill
ExtSelectClipRgnImpl
ExtTextOutA
ExtTextOutAImpl
ExtTextOutW
ExtTextOutWImpl
FillPath
FillPathImpl
FillRgn
FixBrushOrgEx
FlattenPath
FloodFill
FontIsLinked
FrameRgn
GdiAddFontResourceW
GdiAddGlsBounds
GdiAddGlsRecord
GdiAddInitialFonts
GdiAlphaBlend
GdiArtificialDecrementDriver
GdiCleanCacheDC
GdiComment
GdiConsoleTextOut
GdiConvertAndCheckDC
GdiConvertBitmap
GdiConvertBitmapV5
GdiConvertBrush
GdiConvertDC
GdiConvertEnhMetaFile
GdiConvertFont
GdiConvertMetaFilePict
GdiConvertPalette
GdiConvertRegion
GdiConvertToDevmodeW
GdiCreateLocalEnhMetaFile
GdiCreateLocalMetaFilePict
GdiCurrentProcessSplWow64
GdiDeleteLocalDC
GdiDeleteSpoolFileHandle
GdiDescribePixelFormat
GdiDllInitialize
GdiDllInitializeWrapper
GdiDrawStream
GdiEndDocEMF
GdiEndPageEMF
GdiEntry1
GdiEntry10
GdiEntry11
GdiEntry12
GdiEntry14
GdiEntry15
GdiEntry16
GdiEntry2
GdiEntry3
GdiEntry4
GdiEntry5
GdiEntry6
GdiEntry7
GdiEntry8
GdiEntry9
GdiFixUpHandle
GdiFlush
GdiGetBatchLimit
GdiGetBitmapBitsSize
GdiGetCharDimensions
GdiGetDC
GdiGetDevmodeForPage
GdiGetLocalBrush
GdiGetLocalDC
GdiGetLocalFont
GdiGetPageCount
GdiGetPageHandle
GdiGetSpoolFileHandle
GdiGetVariationStoreDelta
GdiGradientFill
GdiHandleBeingTracked
GdiInitializeLanguagePack
GdiIsMetaFileDC
GdiIsMetaPrintDC
GdiIsPlayMetafileDC
GdiIsScreenDC
GdiIsUMPDSandboxingEnabled
GdiLoadType1Fonts
GdiPlayDCScript
GdiPlayEMF
GdiPlayJournal
GdiPlayPageEMF
GdiPlayPrivatePageEMF
GdiPlayScript
GdiPrinterThunk
GdiProcessSetup
GdiQueryTable
GdiRealizationInfo
GdiReleaseLocalDC
GdiResetDCEMF
GdiSetAttrs
GdiSetBatchLimit
GdiSetPixelFormat
GdiSetServerAttr
GdiStartDocEMF
GdiStartPageEMF
GdiSupportsFontChangeEvent
GdiSwapBuffers
GdiTrackHCreate
GdiTrackHDelete
GdiTransparentBlt
GdiValidateHandle
GditGetCallerTLStorage
GditPopCallerInfo
GditPushCallerInfo
GetArcDirection
GetAspectRatioFilterEx
GetBitmapAttributes
GetBitmapBits
GetBitmapDimensionEx
GetBkColor
GetBkMode
GetBoundsRect
GetBrushAttributes
GetBrushOrgEx
GetCharABCWidthsA
GetCharABCWidthsFloatA
GetCharABCWidthsFloatI
GetCharABCWidthsFloatW
GetCharABCWidthsI
GetCharABCWidthsW
GetCharWidth32A
GetCharWidth32W
GetCharWidthA
GetCharWidthFloatA
GetCharWidthFloatW
GetCharWidthI
GetCharWidthW
GetCharacterPlacementA
GetCharacterPlacementW
GetClipBox
GetClipBoxImpl
GetClipRgn
GetCodePage
GetColorAdjustment
GetColorSpace
GetCurrentObject
GetCurrentPositionEx
GetDCBrushColor
GetDCDpiScaleValue
GetDCOrgEx
GetDCPenColor
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetDeviceGammaRamp
GetETM
GetEUDCTimeStamp
GetEUDCTimeStampExW
GetEnhMetaFileA
GetEnhMetaFileBits
GetEnhMetaFileDescriptionA
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetEnhMetaFilePixelFormat
GetEnhMetaFileW
GetFontAssocStatus
GetFontData
GetFontDataImpl
GetFontFileData
GetFontFileInfo
GetFontLanguageInfo
GetFontRealizationInfo
GetFontResourceInfoW
GetFontUnicodeRanges
GetGlyphIndicesA
GetGlyphIndicesW
GetGlyphOutlineA
GetGlyphOutlineW
GetGlyphOutlineWow
GetGraphicsMode
GetHFONT
GetICMProfileA
GetICMProfileW
GetKerningPairsA
GetKerningPairsW
GetLayout
GetLogColorSpaceA
GetLogColorSpaceW
GetMapMode
GetMetaFileA
GetMetaFileBitsEx
GetMetaFileW
GetMetaRgn
GetMiterLimit
GetNearestColor
GetNearestPaletteIndex
GetObjectA
GetObjectType
GetObjectW
GetOutlineTextMetricsA
GetOutlineTextMetricsW
GetPaletteEntries
GetPath
GetPixel
GetPixelFormat
GetPolyFillMode
GetProcessSessionFonts
GetROP2
GetRandomRgn
GetRasterizerCaps
GetRegionData
GetRelAbs
GetRgnBox
GetStockObject
GetStretchBltMode
GetStringBitmapA
GetSystemPaletteEntries
GetSystemPaletteUse
GetTextAlign
GetTextCharacterExtra
GetTextCharset
GetTextCharsetInfo
GetTextColor
GetTextExtentExPointA
GetTextExtentExPointI
GetTextExtentExPointW
GetTextExtentExPointWPri
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentPointA
GetTextExtentPointI
GetTextExtentPointW
GetTextFaceA
GetTextFaceAliasW
GetTextFaceW
GetTextMetricsA
GetTextMetricsAImpl
GetTextMetricsW
GetTransform
GetViewportExtEx
GetViewportOrgEx
GetWinMetaFileBits
GetWindowExtEx
GetWindowOrgEx
GetWorldTransform
IcmDeleteLocalDC
IcmReleaseCachedColorSpace
IntersectClipRect
IntersectClipRectImpl
InvertRgn
IsValidEnhMetaRecord
IsValidEnhMetaRecordOffExt
LPtoDP
LineDDA
LineTo
LineToImpl
LpkDrawTextEx
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkPresent
LpkTabbedTextOut
LpkUseGDIWidthCache
MF16_DeleteObject
MF_DeleteObject
MaskBlt
MirrorRgn
ModerncoreCreateICW
ModerncoreDeleteDC
ModerncoreGdiInit
ModifyWorldTransform
MoveToEx
MoveToExImpl
NamedEscape
NtGdiAbortDoc
NtGdiAbortPath
NtGdiAddEmbFontToDC
NtGdiAddFontMemResourceEx
NtGdiAddFontResourceW
NtGdiAddRemoteFontToDC
NtGdiAddRemoteMMInstanceToDC
NtGdiAlphaBlend
NtGdiAngleArc
NtGdiAnyLinkedFonts
NtGdiArcInternal
NtGdiBRUSHOBJ_DeleteRbrush
NtGdiBRUSHOBJ_hGetColorTransform
NtGdiBRUSHOBJ_pvAllocRbrush
NtGdiBRUSHOBJ_pvGetRbrush
NtGdiBRUSHOBJ_ulGetBrushColor
NtGdiBeginGdiRendering
NtGdiBeginPath
NtGdiBitBlt
NtGdiCLIPOBJ_bEnum
NtGdiCLIPOBJ_cEnumStart
NtGdiCLIPOBJ_ppoGetPath
NtGdiCancelDC
NtGdiChangeGhostFont
NtGdiCheckBitmapBits
NtGdiClearBitmapAttributes
NtGdiClearBrushAttributes
NtGdiCloseFigure
NtGdiColorCorrectPalette
NtGdiCombineRgn
NtGdiCombineTransform
NtGdiComputeXformCoefficients
NtGdiConfigureOPMProtectedOutput
NtGdiConvertMetafileRect
NtGdiCreateBitmap
NtGdiCreateBitmapFromDxSurface
NtGdiCreateBitmapFromDxSurface2
NtGdiCreateClientObj
NtGdiCreateColorSpace
NtGdiCreateColorTransform
NtGdiCreateCompatibleBitmap
NtGdiCreateCompatibleDC
NtGdiCreateDIBBrush
NtGdiCreateDIBSection
NtGdiCreateDIBitmapInternal
NtGdiCreateEllipticRgn
NtGdiCreateHalftonePalette
NtGdiCreateHatchBrushInternal
NtGdiCreateMetafileDC
NtGdiCreateOPMProtectedOutput
NtGdiCreateOPMProtectedOutputs
NtGdiCreatePaletteInternal
NtGdiCreatePatternBrushInternal
NtGdiCreatePen
NtGdiCreateRectRgn
NtGdiCreateRoundRectRgn
NtGdiCreateServerMetaFile
NtGdiCreateSessionMappedDIBSection
NtGdiCreateSolidBrush
NtGdiD3dContextCreate
NtGdiD3dContextDestroy
NtGdiD3dContextDestroyAll
NtGdiD3dDrawPrimitives2
NtGdiD3dValidateTextureStageState
NtGdiDDCCIGetCapabilitiesString
NtGdiDDCCIGetCapabilitiesStringLength
NtGdiDDCCIGetTimingReport
NtGdiDDCCIGetVCPFeature
NtGdiDDCCISaveCurrentSettings
NtGdiDDCCISetVCPFeature
NtGdiDdAddAttachedSurface
NtGdiDdAlphaBlt
NtGdiDdAttachSurface
NtGdiDdBeginMoCompFrame
NtGdiDdBlt
NtGdiDdCanCreateD3DBuffer
NtGdiDdCanCreateSurface
NtGdiDdColorControl
NtGdiDdCreateD3DBuffer
NtGdiDdCreateDirectDrawObject
NtGdiDdCreateFullscreenSprite
NtGdiDdCreateMoComp
NtGdiDdCreateSurface
NtGdiDdCreateSurfaceEx
NtGdiDdCreateSurfaceObject
NtGdiDdDeleteDirectDrawObject
NtGdiDdDeleteSurfaceObject
NtGdiDdDestroyD3DBuffer

Sections

.text
Size: 659KB - Virtual size: 659KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_hiddenmodule_143BBB10000_x86.dll
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_hiddenmodule_143BE750000_x86.dll
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_kernel.appcore.dll_7FFF182A0000_x64.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

AcquireStateLock
AddDependencyToProcessPackageGraph
AddExtensionProgId
AddPackageToFamilyXref
AppContainerDeriveSidFromMoniker
AppContainerFreeMemory
AppContainerLookupDisplayNameMrtReference
AppContainerLookupMoniker
AppContainerRegisterSid
AppContainerUnregisterSid
AppPolicyGetClrCompat
AppPolicyGetCreateFileAccess
AppPolicyGetLifecycleManagement
AppPolicyGetMediaFoundationCodecLoading
AppPolicyGetProcessTerminationMethod
AppPolicyGetShowDeveloperDiagnostic
AppPolicyGetThreadInitializationType
AppPolicyGetWindowingModel
AppXFreeMemory
AppXGetApplicationData
AppXGetDevelopmentMode
AppXGetOSMaxVersionTested
AppXGetOSMinVersion
AppXGetPackageCapabilities
AppXGetPackageSid
AppXLookupDisplayName
AppXLookupMoniker
AppXUpdatePackageCapabilities
ApplicationUserModelIdFromProductId
BuildProcThreadAttributeListFromBlob
CheckIfStateChangeNotificationExists
ClosePackageInfo
CloseState
CloseStateAtom
CloseStateChangeNotification
CloseStateContainer
CloseStateLock
CommitStateAtom
CouldMultiUserAppsBehaviorBePossibleForPackage
CreateStateAtom
CreateStateChangeNotification
CreateStateContainer
CreateStateLock
CreateStateSubcontainer
DeleteStateAtomValue
DeleteStateContainer
DeleteStateContainerValue
DuplicateStateContainerHandle
EnumerateExtensionNames
EnumerateStateAtomValues
EnumerateStateContainerItems
ExtensionProgIdExists
FindPackagesByPackageFamily
FormatApplicationUserModelId
FormatApplicationUserModelIdA
GenerateProcThreadAttributeBlob
GetAlternatePackageRoots
GetAppDataFolder
GetAppModelVersion
GetApplicationUserModelId
GetApplicationUserModelIdFromToken
GetCurrentApplicationUserModelId
GetCurrentPackageApplicationContext
GetCurrentPackageApplicationResourcesContext
GetCurrentPackageContext
GetCurrentPackageFamilyName
GetCurrentPackageFullName
GetCurrentPackageGlobalizationContext
GetCurrentPackageId
GetCurrentPackageInfo
GetCurrentPackageInfo2
GetCurrentPackageInfo3
GetCurrentPackagePath
GetCurrentPackagePath2
GetCurrentPackageResourcesContext
GetCurrentPackageSecurityContext
GetCurrentTargetPlatformContext
GetEffectivePackageStatusForUser
GetEffectivePackageStatusForUserSid
GetExtensionApplicationUserModelId
GetExtensionProgIds
GetExtensionProperty
GetExtensionProperty2
GetHivePath
GetPackageApplicationContext
GetPackageApplicationIds
GetPackageApplicationProperty
GetPackageApplicationPropertyString
GetPackageApplicationResourcesContext
GetPackageContext
GetPackageFamilyName
GetPackageFamilyNameFromProgId
GetPackageFamilyNameFromToken
GetPackageFullName
GetPackageFullNameFromToken
GetPackageGlobalizationContext
GetPackageGlobalizationProperty
GetPackageId
GetPackageInfo
GetPackageInfo2
GetPackageInfo3
GetPackageInstallTime
GetPackageOSMaxVersionTested
GetPackagePath
GetPackagePathByFullName
GetPackagePathByFullName2
GetPackagePathOnVolume
GetPackageProperty
GetPackagePropertyString
GetPackageResourcesContext
GetPackageResourcesProperty
GetPackageSecurityContext
GetPackageSecurityProperty
GetPackageStatus
GetPackageStatusForUser
GetPackageStatusForUserSid
GetPackageTargetPlatformProperty
GetPackageVolumeSisPath
GetPackagesByPackageFamily
GetProtocolAumid
GetProtocolProperty
GetPublisherCacheFolder
GetPublisherRootFolder
GetRoamingLastObservedChangeTime
GetSecureSystemAppDataFolder
GetSerializedAtomBytes
GetSharedLocalFolder
GetStagedPackageOrigin
GetStagedPackagePathByFullName
GetStagedPackagePathByFullName2
GetStateContainerDepth
GetStateFolder
GetStateRootFolder
GetStateRootFolderBase
GetStateSettingsFolder
GetStateVersion
GetSystemAppDataFolder
GetSystemAppDataKey
GetSystemMetadataPath
GetSystemMetadataPathForPackage
GetSystemMetadataPathForPackageFamily
GetSystemStateRootFolder
GetTargetPlatformContext
IncrementPackageStatusVersion
InvalidateAppModelVersionCache
IsDeveloperModeEnabled
IsDeveloperModePolicyApplied
IsMrtResourceRedirectionEnabled
IsOnDemandRegistrationSupportedForExtensionCategory
IsSideloadingEnabled
IsSideloadingPolicyApplied
OpenPackageInfoByFullName
OpenPackageInfoByFullNameForMachine
OpenPackageInfoByFullNameForUser
OpenState
OpenStateAtom
OpenStateExplicit
OpenStateExplicitForUserSid
OpenStateExplicitForUserSidString
OverrideRoamingDataModificationTimesInRange
PackageFamilyNameFromFullName
PackageFamilyNameFromFullNameA
PackageFamilyNameFromId
PackageFamilyNameFromIdA
PackageFamilyNameFromProductId
PackageFullNameFromId
PackageFullNameFromIdA
PackageFullNameFromProductId
PackageIdFromFullName
PackageIdFromFullNameA
PackageIdFromProductId
PackageNameAndPublisherIdFromFamilyName
PackageNameAndPublisherIdFromFamilyNameA
PackageRelativeApplicationIdFromProductId
PackageSidFromFamilyName
PackageSidFromProductId
ParseApplicationUserModelId
ParseApplicationUserModelIdA
ProductIdFromPackageFamilyName
PsmActivateApplicationByToken
PsmAdjustActivationToken
PsmAdjustActivationTokenEx
PsmAdjustActivationTokenPkgClaim
PsmAdjustActivationTokenWithDynamicId
PsmCreateBrokerToken
PsmCreateMatchToken
PsmQueryBackgroundActivationType
PsmRegisterApplicationProcess
PsmRegisterDesktopProcess
PsmRegisterDesktopProcessWithAppContainerToken
PsmRegisterServiceProcess
PublishStateChangeNotification
PublisherFromPackageFullName
QueryStateAtomValueInfo
QueryStateContainerCreatedNew
QueryStateContainerItemInfo
ReadStateAtomValue
ReadStateContainerValue
RefreshPackageInfo
RegisterStateChangeNotification
RegisterStateLock
ReleaseStateLock
RemoveExtensionProgIds
RemovePackageFromFamilyXref
RemovePackageStatus
RemovePackageStatusForUser
ResetState
SaveAlternatePackageRootPath
SaveStateRootFolderPath
SetExtensionProperty
SetIsDeveloperModeEnabled
SetIsSideloadingEnabled
SetProtocolProperty
SetRoamingLastObservedChangeTime
SetStateVersion
SharedLocalIsEnabled
SubscribeStateChangeNotification
UnregisterStateChangeNotification
UnregisterStateLock
UnsubscribeStateChangeNotification
UpdatePackageStatus
UpdatePackageStatusForUser
UpdatePackageStatusForUserSid
VerifyApplicationUserModelId
VerifyApplicationUserModelIdA
VerifyPackageFamilyName
VerifyPackageFamilyNameA
VerifyPackageFullName
VerifyPackageFullNameA
VerifyPackageId
VerifyPackageIdA
VerifyPackagePublisher
VerifyPackagePublisherA
VerifyPackageRelativeApplicationId
VerifyPackageRelativeApplicationIdA
WriteStateAtomValue
WriteStateContainerValue

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_msvcp_win.dll_7FFF1AB00000_x64.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
??0?$_Yarn@D@std@@QEAA@AEBV01@@Z
??0?$_Yarn@D@std@@QEAA@PEBD@Z
??0?$_Yarn@D@std@@QEAA@XZ
??0?$_Yarn@G@std@@QEAA@AEBV01@@Z
??0?$_Yarn@G@std@@QEAA@PEBG@Z
??0?$_Yarn@G@std@@QEAA@XZ
??0?$_Yarn@_W@std@@QEAA@AEBV01@@Z
??0?$_Yarn@_W@std@@QEAA@PEB_W@Z
??0?$_Yarn@_W@std@@QEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IEAA@$$QEAV01@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@W4_Uninitialized@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@AEBV01@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$codecvt@DDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@DDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@KW4_Codecvt_mode@1@_K@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@KW4_Codecvt_mode@1@_K@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_UDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
??0?$ctype@D@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@D@std@@QEAA@PEBF_N_K@Z
??0?$ctype@G@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@G@std@@QEAA@_K@Z
??0?$ctype@_W@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$ctype@_W@std@@QEAA@_K@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAA@_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAA@PEBD_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@AEBV_Locinfo@1@_K@Z
??0?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAA@_K@Z
??0Init@ios_base@std@@QEAA@XZ
??0_Facet_base@std@@QEAA@AEBV01@@Z
??0_Facet_base@std@@QEAA@XZ
??0_Init_locks@std@@QEAA@XZ
??0_Locimp@locale@std@@AEAA@AEBV012@@Z
??0_Locimp@locale@std@@AEAA@_N@Z
??0_Locinfo@std@@QEAA@HPEBD@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
??0_Lockit@std@@QEAA@XZ
??0_Timevec@std@@QEAA@AEBV01@@Z
??0_Timevec@std@@QEAA@PEAX@Z
??0_UShinit@std@@QEAA@XZ
??0_Winit@std@@QEAA@XZ
??0codecvt_base@std@@QEAA@_K@Z
??0ctype_base@std@@QEAA@_K@Z
??0facet@locale@std@@IEAA@_K@Z
??0id@locale@std@@QEAA@_K@Z
??0ios_base@std@@IEAA@XZ
??0task_continuation_context@Concurrency@@AEAA@XZ
??0time_base@std@@QEAA@_K@Z
??1?$_Yarn@D@std@@QEAA@XZ
??1?$_Yarn@G@std@@QEAA@XZ
??1?$_Yarn@_W@std@@QEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$codecvt@DDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@_SDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@_UDU_Mbstatet@@@std@@MEAA@XZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??1?$ctype@D@std@@MEAA@XZ
??1?$ctype@G@std@@MEAA@XZ
??1?$ctype@_W@std@@MEAA@XZ
??1?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@MEAA@XZ
??1?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@MEAA@XZ
??1?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@MEAA@XZ
??1Init@ios_base@std@@QEAA@XZ
??1_Facet_base@std@@UEAA@XZ
??1_Init_locks@std@@QEAA@XZ
??1_Locimp@locale@std@@MEAA@XZ
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??1_Timevec@std@@QEAA@XZ
??1_UShinit@std@@QEAA@XZ
??1_Winit@std@@QEAA@XZ
??1codecvt_base@std@@UEAA@XZ
??1ctype_base@std@@UEAA@XZ
??1facet@locale@std@@MEAA@XZ
??1ios_base@std@@UEAA@XZ
??1time_base@std@@UEAA@XZ
??4?$_Iosb@H@std@@QEAAAEAV01@$$QEAV01@@Z
??4?$_Iosb@H@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??4?$_Yarn@G@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@G@std@@QEAAAEAV01@PEBG@Z
??4?$_Yarn@_W@std@@QEAAAEAV01@AEBV01@@Z
??4?$_Yarn@_W@std@@QEAAAEAV01@PEB_W@Z
??4?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_iostream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_iostream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_istream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@GU?$char_traits@G@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_ostream@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@$$QEAV01@@Z
??4?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAAEAV01@AEBV01@@Z
??4Init@ios_base@std@@QEAAAEAV012@AEBV012@@Z
??4_Crt_new_delete@std@@QEAAAEAU01@$$QEAU01@@Z
??4_Crt_new_delete@std@@QEAAAEAU01@AEBU01@@Z
??4_Facet_base@std@@QEAAAEAV01@AEBV01@@Z
??4_Init_locks@std@@QEAAAEAV01@AEBV01@@Z
??4_Timevec@std@@QEAAAEAV01@AEBV01@@Z
??4_UShinit@std@@QEAAAEAV01@AEBV01@@Z
??4_Winit@std@@QEAAAEAV01@AEBV01@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@GU?$char_traits@G@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAF@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAG@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAJ@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAM@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAN@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAO@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAPEAX@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_J@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@DU?$char_traits@D@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@GU?$char_traits@G@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV?$basic_ios@_WU?$char_traits@_W@std@@@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
??7ios_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??Bios_base@std@@QEBA_NXZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_iostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_iostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_istream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_istream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@
??_7?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@6B@
??_7?$codecvt@DDU_Mbstatet@@@std@@6B@
??_7?$codecvt@GDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_SDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_UDU_Mbstatet@@@std@@6B@
??_7?$codecvt@_WDU_Mbstatet@@@std@@6B@
??_7?$ctype@D@std@@6B@
??_7?$ctype@G@std@@6B@
??_7?$ctype@_W@std@@6B@
??_7?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
??_7?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@6B@
??_7?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@6B@
??_7_Facet_base@std@@6B@
??_7_Locimp@locale@std@@6B@
??_7codecvt_base@std@@6B@
??_7ctype_base@std@@6B@
??_7facet@locale@std@@6B@
??_7ios_base@std@@6B@
??_7time_base@std@@6B@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_istream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@GU?$char_traits@G@std@@@std@@7B?$basic_ostream@GU?$char_traits@G@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_istream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_iostream@_WU?$char_traits@_W@std@@@std@@7B?$basic_ostream@_WU?$char_traits@_W@std@@@1@@
??_8?$basic_istream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_istream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_istream@_WU?$char_traits@_W@std@@@std@@7B@
??_8?$basic_ostream@DU?$char_traits@D@std@@@std@@7B@
??_8?$basic_ostream@GU?$char_traits@G@std@@@std@@7B@
??_8?$basic_ostream@_WU?$char_traits@_W@std@@@std@@7B@
??_D?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??_D?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??_D?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??_F?$codecvt@DDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@GDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@_SDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@_UDU_Mbstatet@@@std@@QEAAXXZ
??_F?$codecvt@_WDU_Mbstatet@@@std@@QEAAXXZ
??_F?$ctype@D@std@@QEAAXXZ
??_F?$ctype@G@std@@QEAAXXZ
??_F?$ctype@_W@std@@QEAAXXZ
??_F?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEAAXXZ
??_F?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEAAXXZ
??_F_Locinfo@std@@QEAAXXZ
??_F_Timevec@std@@QEAAXXZ
??_Fcodecvt_base@std@@QEAAXXZ
??_Fctype_base@std@@QEAAXXZ
??_Ffacet@locale@std@@QEAAXXZ
??_Fid@locale@std@@QEAAXXZ
??_Ftime_base@std@@QEAAXXZ
?CaptureCallstack@platform@details@Concurrency@@YA_KPEAPEAX_K1@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?GetNextAsyncId@platform@details@Concurrency@@YAIXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Addcats@_Locinfo@std@@QEAAAEAV12@HPEBD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Addstd@ios_base@std@@SAXPEAV12@@Z
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?_Atexit@@YAXP6AXXZ@Z
?_BADOFF@std@@3_JB
?_C_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_C_str@?$_Yarn@G@std@@QEBAPEBGXZ
?_C_str@?$_Yarn@_W@std@@QEBAPEB_WXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Callfns@ios_base@std@@AEAAXW4event@12@@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Clocptr@_Locimp@locale@std@@0PEAV123@EA
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Donarrow@?$ctype@G@std@@IEBADGD@Z
?_Donarrow@?$ctype@_W@std@@IEBAD_WD@Z
?_Dowiden@?$ctype@G@std@@IEBAGD@Z
?_Dowiden@?$ctype@_W@std@@IEBA_WD@Z
?_Empty@?$_Yarn@D@std@@QEBA_NXZ
?_Empty@?$_Yarn@G@std@@QEBA_NXZ
?_Empty@?$_Yarn@_W@std@@QEBA_NXZ
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Ffmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Ffmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Ffmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAPEADPEADDH@Z
?_Findarr@ios_base@std@@AEAAAEAU_Iosarray@12@H@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Fput@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBD_K@Z
?_Fput@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@GU?$char_traits@G@std@@@2@V32@AEAVios_base@2@GPEBD_K@Z
?_Fput@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AEAVios_base@2@_WPEBD_K@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_SDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_UDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@facet@locale@std@@SA_KPEAPEBV123@PEBV23@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Getctype@_Locinfo@std@@QEBA?AU_Ctypevec@@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getdateorder@_Locinfo@std@@QEBAHXZ
?_Getdays@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getffld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getffldx@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1AEAVios_base@2@PEAH@Z
?_Getfmt@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getfmt@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getfmt@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEBA?AV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Getifld@?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@1HAEBVlocale@2@@Z
?_Getifld@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@1HAEBVlocale@2@@Z
?_Getifld@?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHPEADAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@1HAEBVlocale@2@@Z
?_Getint@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@0HHAEAHAEBV?$ctype@D@2@@Z
?_Getint@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@0HHAEAHAEBV?$ctype@G@2@@Z
?_Getint@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAHAEAV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@2@0HHAEAHAEBV?$ctype@_W@2@@Z
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_Getmonths@_Locinfo@std@@QEBAPEBDXZ
?_Getname@_Locinfo@std@@QEBAPEBDXZ
?_Getptr@_Timevec@std@@QEBAPEAXXZ
?_Gettnames@_Locinfo@std@@QEBA?AV_Timevec@2@XZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gnavail@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBA_JXZ
?_Gnavail@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBA_JXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Gnpreinc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnpreinc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gnpreinc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Id_cnt@id@locale@std@@0HA
?_Ifmt@?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@AEBAPEADPEADPEBDH@Z
?_Ifmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@AEBAPEADPEADPEBDH@Z
?_Ifmt@?$num_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@AEBAPEADPEADPEBDH@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Index@ios_base@std@@0HA

Sections

.text
Size: 336KB - Virtual size: 335KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_msvcrt.dll_7FFF1B900000_x64.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

??0__non_rtti_object@@QEAA@AEBV0@@Z
??0__non_rtti_object@@QEAA@PEBD@Z
??0bad_cast@@AAE@PBQBD@Z
??0bad_cast@@AEAA@PEBQEBD@Z
??0bad_cast@@QAE@ABQBD@Z
??0bad_cast@@QEAA@AEBQEBD@Z
??0bad_cast@@QEAA@AEBV0@@Z
??0bad_cast@@QEAA@PEBD@Z
??0bad_typeid@@QEAA@AEBV0@@Z
??0bad_typeid@@QEAA@PEBD@Z
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1__non_rtti_object@@UEAA@XZ
??1bad_cast@@UEAA@XZ
??1bad_typeid@@UEAA@XZ
??1exception@@UEAA@XZ
??1type_info@@UEAA@XZ
??2@YAPEAX_K@Z
??2@YAPEAX_KHPEBDH@Z
??3@YAXPEAX@Z
??4__non_rtti_object@@QEAAAEAV0@AEBV0@@Z
??4bad_cast@@QEAAAEAV0@AEBV0@@Z
??4bad_typeid@@QEAAAEAV0@AEBV0@@Z
??4exception@@QEAAAEAV0@AEBV0@@Z
??8type_info@@QEBAHAEBV0@@Z
??9type_info@@QEBAHAEBV0@@Z
??_7__non_rtti_object@@6B@
??_7bad_cast@@6B@
??_7bad_typeid@@6B@
??_7exception@@6B@
??_Fbad_cast@@QEAAXXZ
??_Fbad_typeid@@QEAAXXZ
??_U@YAPEAX_K@Z
??_U@YAPEAX_KHPEBDH@Z
??_V@YAXPEAX@Z
?_query_new_handler@@YAP6AH_K@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?before@type_info@@QEBAHAEBV1@@Z
?name@type_info@@QEBAPEBDXZ
?raw_name@type_info@@QEBAPEBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?terminate@@YAXXZ
?unexpected@@YAXXZ
?what@exception@@UEBAPEBDXZ
_CrtCheckMemory
_CrtDbgBreak
_CrtDbgReport
_CrtDbgReportV
_CrtDbgReportW
_CrtDbgReportWV
_CrtDoForAllClientObjects
_CrtDumpMemoryLeaks
_CrtIsMemoryBlock
_CrtIsValidHeapPointer
_CrtIsValidPointer
_CrtMemCheckpoint
_CrtMemDifference
_CrtMemDumpAllObjectsSince
_CrtMemDumpStatistics
_CrtReportBlockType
_CrtSetAllocHook
_CrtSetBreakAlloc
_CrtSetDbgBlockType
_CrtSetDbgFlag
_CrtSetDumpClient
_CrtSetReportFile
_CrtSetReportHook
_CrtSetReportHook2
_CrtSetReportMode
_CxxThrowException
_Getdays
_Getmonths
_Gettnames
_HUGE
_Strftime
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
_XcptFilter
__AdjustPointer
__C_specific_handler
__CppXcptFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__DestructExceptionObject
__ExceptionPtrAssign
__ExceptionPtrCompare
__ExceptionPtrCopy
__ExceptionPtrCopyException
__ExceptionPtrCreate
__ExceptionPtrCurrentException
__ExceptionPtrDestroy
__ExceptionPtrRethrow
__ExceptionPtrSwap
__ExceptionPtrToBool
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__crtCompareStringA
__crtCompareStringW
__crtGetLocaleInfoW
__crtGetStringTypeW
__crtLCMapStringA
__crtLCMapStringW
__daylight
__dllonexit
__doserrno
__dstbias
__fpecode
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv_init
__mb_cur_max
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__set_app_type
__setlc_active
__setusermatherr
__strncnt
__threadhandle
__threadid
__toascii
__unDName
__unDNameEx
__uncaught_exception
__unguarded_readlc_active
__wargv
__wcserror
__wcserror_s
__wcsncnt
__wgetmainargs
__winitenv
_abs64
_access
_access_s
_acmdln
_aexit_rtn
_aligned_free
_aligned_free_dbg
_aligned_malloc
_aligned_malloc_dbg
_aligned_offset_malloc
_aligned_offset_malloc_dbg
_aligned_offset_realloc
_aligned_offset_realloc_dbg
_aligned_realloc
_aligned_realloc_dbg
_amsg_exit
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_beep
_beginthread
_beginthreadex
_c_exit
_cabs
_callnewh
_calloc_dbg
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chgsignf
_chmod
_chsize
_chsize_s
_chvalidator
_chvalidator_l
_clearfp
_close
_commit
_commode
_control87
_controlfp
_controlfp_s
_copysign
_copysignf
_cprintf
_cprintf_l
_cprintf_p
_cprintf_p_l
_cprintf_s
_cprintf_s_l
_cputs
_cputws
_creat
_create_locale
_crtAssertBusy
_crtBreakAlloc
_crtDbgFlag
_cscanf
_cscanf_l
_cscanf_s
_cscanf_s_l
_ctime32
_ctime32_s
_ctime64
_ctime64_s
_ctype
_cwait
_cwprintf
_cwprintf_l
_cwprintf_p
_cwprintf_p_l
_cwprintf_s
_cwprintf_s_l
_cwscanf
_cwscanf_l
_cwscanf_s
_cwscanf_s_l
_daylight
_difftime32
_difftime64
_dstbias
_dup
_dup2
_ecvt
_ecvt_s
_endthread
_endthreadex
_environ
_eof
_errno
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_expand_dbg
_fcloseall
_fcvt
_fcvt_s
_fdopen
_fgetchar
_fgetwchar
_filbuf
_fileinfo
_filelength
_filelengthi64
_fileno
_findclose
_findfirst
_findfirst64
_findfirsti64
_findnext
_findnext64
_findnexti64
_finite
_finitef
_flsbuf
_flushall
_fmode
_fpclass
_fpclassf
_fpreset
_fprintf_l
_fprintf_p
_fprintf_p_l
_fprintf_s_l
_fputchar
_fputwchar
_free_dbg
_free_locale
_freea
_freea_s
_fscanf_l
_fscanf_s_l
_fseeki64
_fsopen
_fstat
_fstat64
_fstati64
_ftime
_ftime32
_ftime32_s
_ftime64
_ftime64_s
_fullpath
_fullpath_dbg
_futime
_futime32
_futime64
_fwprintf_l
_fwprintf_p
_fwprintf_p_l
_fwprintf_s_l
_fwscanf_l
_fwscanf_s_l
_gcvt
_gcvt_s
_get_current_locale
_get_doserrno
_get_environ
_get_errno
_get_fileinfo
_get_fmode
_get_heap_handle
_get_osfhandle
_get_osplatform
_get_osver
_get_output_format
_get_pgmptr
_get_sbh_threshold
_get_wenviron
_get_winmajor
_get_winminor
_get_winver
_get_wpgmptr
_getch
_getche
_getcwd
_getdcwd
_getdiskfree
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getwch
_getwche
_getws
_gmtime32
_gmtime32_s
_gmtime64
_gmtime64_s
_heapchk
_heapmin
_heapset
_heapwalk
_hypot
_hypotf
_i64toa
_i64toa_s
_i64tow
_i64tow_s
_initterm
_initterm_e
_invalid_parameter
_iob
_isalnum_l
_isalpha_l
_isatty
_iscntrl_l
_isctype
_isctype_l
_isdigit_l
_isgraph_l
_isleadbyte_l
_islower_l
_ismbbalnum
_ismbbalnum_l
_ismbbalpha
_ismbbalpha_l
_ismbbgraph
_ismbbgraph_l
_ismbbkalnum
_ismbbkalnum_l
_ismbbkana
_ismbbkana_l
_ismbbkprint
_ismbbkprint_l
_ismbbkpunct
_ismbbkpunct_l
_ismbblead
_ismbblead_l
_ismbbprint
_ismbbprint_l
_ismbbpunct
_ismbbpunct_l
_ismbbtrail
_ismbbtrail_l
_ismbcalnum
_ismbcalnum_l
_ismbcalpha
_ismbcalpha_l
_ismbcdigit
_ismbcdigit_l
_ismbcgraph
_ismbcgraph_l
_ismbchira
_ismbchira_l
_ismbckata
_ismbckata_l
_ismbcl0
_ismbcl0_l
_ismbcl1
_ismbcl1_l
_ismbcl2
_ismbcl2_l
_ismbclegal
_ismbclegal_l
_ismbclower
_ismbclower_l
_ismbcprint
_ismbcprint_l
_ismbcpunct
_ismbcpunct_l
_ismbcspace
_ismbcspace_l
_ismbcsymbol
_ismbcsymbol_l
_ismbcupper
_ismbcupper_l
_ismbslead
_ismbslead_l
_ismbstrail
_ismbstrail_l
_isnan
_isnanf
_isprint_l
_isspace_l
_isupper_l
_iswalnum_l
_iswalpha_l
_iswcntrl_l
_iswctype_l
_iswdigit_l
_iswgraph_l
_iswlower_l
_iswprint_l
_iswpunct_l
_iswspace_l
_iswupper_l
_iswxdigit_l
_isxdigit_l
_itoa
_itoa_s
_itow
_itow_s
_j0
_j1
_jn
_kbhit
_lfind
_lfind_s
_local_unwind
_localtime32
_localtime32_s
_localtime64
_localtime64_s
_lock
_locking
_logb
_logbf
_lrotl
_lrotr
_lsearch
_lsearch_s
_lseek
_lseeki64
_ltoa
_ltoa_s
_ltow

Sections

.text
Size: 466KB - Virtual size: 465KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_ntdll.dll_7FFF1CB70000_x64.dll
.dll windows:10 windows x64 arch:x64

e7d4cf3508f9a9e321bc4c8327e897ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntdll

NtdllDefWindowProc_A
NtdllDefWindowProc_A
NtdllDefWindowProc_A
NtdllDialogWndProc_A
NtdllDefWindowProc_W
NtdllDefWindowProc_W
NtdllDefWindowProc_W
NtdllDialogWndProc_W
LdrStandardizeSystemPath
LdrStandardizeSystemPath
RtlAllocateMemoryBlockLookaside
RtlFreeMemoryBlockLookaside
RtlInterlockedPopEntrySList
NtOpenFile
NtCreateSection
NtQueryAttributesFile
NtOpenSection
NtMapViewOfSection
NtWriteVirtualMemory
NtResumeThread
NtOpenSemaphore
NtOpenMutant
NtOpenEvent
NtCreateUserProcess
NtCreateSemaphore
NtCreateMutant
NtCreateEvent
NtSetDriverEntryOrder
NtQueryDriverEntryOrder
NtAccessCheck
NtCreateThread
NtCreateThreadEx
NtCreateProcess
NtCreateProcessEx
NtCreateJobObject
NtCreateEnclave
NtOpenThread
NtOpenProcess
NtOpenJobObject
NtSetInformationThread
NtSetInformationProcess
NtDeleteFile
NtCreateFile
NtMapViewOfSectionEx
NtExtendSection
RtlAllocateMemoryZone
RtlMapSecurityErrorToNtStatus
NtClose
NtDeviceIoControlFile
NtCreateFile
NtOpenKey
NtClose
NtQueryValueKey
NtQueryInformationToken
NtQueryValueKey
NtOpenKey
_setjmpex
WinSqmCommonDatapointDelete
CsrIdentifyAlertableThread
LdrStandardizeSystemPath
RtlUnwindEx

kernel32

BaseThreadInitThunk

kernelbase

ReleaseActCtx

Exports

Exports

A_SHAFinal
A_SHAInit
A_SHAUpdate
AlpcAdjustCompletionListConcurrencyCount
AlpcFreeCompletionListMessage
AlpcGetCompletionListLastMessageInformation
AlpcGetCompletionListMessageAttributes
AlpcGetHeaderSize
AlpcGetMessageAttribute
AlpcGetMessageFromCompletionList
AlpcGetOutstandingCompletionListMessageCount
AlpcInitializeMessageAttribute
AlpcMaxAllowedMessageLength
AlpcRegisterCompletionList
AlpcRegisterCompletionListWorkerThread
AlpcRundownCompletionList
AlpcUnregisterCompletionList
AlpcUnregisterCompletionListWorkerThread
ApiSetQueryApiSetPresence
ApiSetQueryApiSetPresenceEx
CsrAllocateCaptureBuffer
CsrAllocateMessagePointer
CsrCaptureMessageBuffer
CsrCaptureMessageMultiUnicodeStringsInPlace
CsrCaptureMessageString
CsrCaptureTimeout
CsrClientCallServer
CsrClientConnectToServer
CsrFreeCaptureBuffer
CsrGetProcessId
CsrIdentifyAlertableThread
CsrSetPriorityClass
CsrVerifyRegion
DbgBreakPoint
DbgPrint
DbgPrintEx
DbgPrintReturnControlC
DbgPrompt
DbgQueryDebugFilterState
DbgSetDebugFilterState
DbgUiConnectToDbg
DbgUiContinue
DbgUiConvertStateChangeStructure
DbgUiConvertStateChangeStructureEx
DbgUiDebugActiveProcess
DbgUiGetThreadDebugObject
DbgUiIssueRemoteBreakin
DbgUiRemoteBreakin
DbgUiSetThreadDebugObject
DbgUiStopDebugging
DbgUiWaitStateChange
DbgUserBreakPoint
EtwCheckCoverage
EtwCreateTraceInstanceId
EtwDeliverDataBlock
EtwEnumerateProcessRegGuids
EtwEventActivityIdControl
EtwEventEnabled
EtwEventProviderEnabled
EtwEventRegister
EtwEventSetInformation
EtwEventUnregister
EtwEventWrite
EtwEventWriteEndScenario
EtwEventWriteEx
EtwEventWriteFull
EtwEventWriteNoRegistration
EtwEventWriteStartScenario
EtwEventWriteString
EtwEventWriteTransfer
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwLogTraceEvent
EtwNotificationRegister
EtwNotificationUnregister
EtwProcessPrivateLoggerRequest
EtwRegisterSecurityProvider
EtwRegisterTraceGuidsA
EtwRegisterTraceGuidsW
EtwReplyNotification
EtwSendNotification
EtwSetMark
EtwTraceEventInstance
EtwTraceMessage
EtwTraceMessageVa
EtwUnregisterTraceGuids
EtwWriteUMSecurityEvent
EtwpCreateEtwThread
EtwpGetCpuSpeed
EvtIntReportAuthzEventAndSourceAsync
EvtIntReportEventAndSourceAsync
ExpInterlockedPopEntrySListEnd
ExpInterlockedPopEntrySListFault
ExpInterlockedPopEntrySListResume
KiRaiseUserExceptionDispatcher
KiUserApcDispatcher
KiUserCallbackDispatcher
KiUserExceptionDispatcher
KiUserInvertedFunctionTable
LdrAccessResource
LdrAddDllDirectory
LdrAddLoadAsDataTable
LdrAddRefDll
LdrAppxHandleIntegrityFailure
LdrCallEnclave
LdrControlFlowGuardEnforced
LdrCreateEnclave
LdrDeleteEnclave
LdrDisableThreadCalloutsForDll
LdrEnumResources
LdrEnumerateLoadedModules
LdrFastFailInLoaderCallout
LdrFindEntryForAddress
LdrFindResourceDirectory_U
LdrFindResourceEx_U
LdrFindResource_U
LdrFlushAlternateResourceModules
LdrGetDllDirectory
LdrGetDllFullName
LdrGetDllHandle
LdrGetDllHandleByMapping
LdrGetDllHandleByName
LdrGetDllHandleEx
LdrGetDllPath
LdrGetFailureData
LdrGetFileNameFromLoadAsDataTable
LdrGetKnownDllSectionHandle
LdrGetProcedureAddress
LdrGetProcedureAddressEx
LdrGetProcedureAddressForCaller
LdrInitShimEngineDynamic
LdrInitializeEnclave
LdrInitializeThunk
LdrIsModuleSxsRedirected
LdrLoadAlternateResourceModule
LdrLoadAlternateResourceModuleEx
LdrLoadDll
LdrLoadEnclaveModule
LdrLockLoaderLock
LdrOpenImageFileOptionsKey
LdrProcessInitializationComplete
LdrProcessRelocationBlock
LdrProcessRelocationBlockEx
LdrQueryImageFileExecutionOptions
LdrQueryImageFileExecutionOptionsEx
LdrQueryImageFileKeyOption
LdrQueryModuleServiceTags
LdrQueryOptionalDelayLoadedAPI
LdrQueryProcessModuleInformation
LdrRegisterDllNotification
LdrRemoveDllDirectory
LdrRemoveLoadAsDataTable
LdrResFindResource
LdrResFindResourceDirectory
LdrResGetRCConfig
LdrResRelease
LdrResSearchResource
LdrResolveDelayLoadedAPI
LdrResolveDelayLoadsFromDll
LdrRscIsTypeExist
LdrSetAppCompatDllRedirectionCallback
LdrSetDefaultDllDirectories
LdrSetDllDirectory
LdrSetDllManifestProber
LdrSetImplicitPathOptions
LdrSetMUICacheType
LdrShutdownProcess
LdrShutdownThread
LdrStandardizeSystemPath
LdrSystemDllInitBlock
LdrUnloadAlternateResourceModule
LdrUnloadAlternateResourceModuleEx
LdrUnloadDll
LdrUnlockLoaderLock
LdrUnregisterDllNotification
LdrUpdatePackageSearchPath
LdrVerifyImageMatchesChecksum
LdrVerifyImageMatchesChecksumEx
LdrpResGetMappingSize
LdrpResGetResourceDirectory
MD4Final
MD4Init
MD4Update
MD5Final
MD5Init
MD5Update
NlsAnsiCodePage
NlsMbCodePageTag
NlsMbOemCodePageTag
NtAcceptConnectPort
NtAccessCheck
NtAccessCheckAndAuditAlarm
NtAccessCheckByType
NtAccessCheckByTypeAndAuditAlarm
NtAccessCheckByTypeResultList
NtAccessCheckByTypeResultListAndAuditAlarm
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
NtAcquireCrossVmMutant
NtAcquireProcessActivityReference
NtAddAtom
NtAddAtomEx
NtAddBootEntry
NtAddDriverEntry
NtAdjustGroupsToken
NtAdjustPrivilegesToken
NtAdjustTokenClaimsAndDeviceGroups
NtAlertResumeThread
NtAlertThread
NtAlertThreadByThreadId
NtAllocateLocallyUniqueId
NtAllocateReserveObject
NtAllocateUserPhysicalPages
NtAllocateUserPhysicalPagesEx
NtAllocateUuids
NtAllocateVirtualMemory
NtAllocateVirtualMemoryEx
NtAlpcAcceptConnectPort
NtAlpcCancelMessage
NtAlpcConnectPort
NtAlpcConnectPortEx
NtAlpcCreatePort
NtAlpcCreatePortSection
NtAlpcCreateResourceReserve
NtAlpcCreateSectionView
NtAlpcCreateSecurityContext
NtAlpcDeletePortSection
NtAlpcDeleteResourceReserve
NtAlpcDeleteSectionView
NtAlpcDeleteSecurityContext
NtAlpcDisconnectPort
NtAlpcImpersonateClientContainerOfPort
NtAlpcImpersonateClientOfPort
NtAlpcOpenSenderProcess
NtAlpcOpenSenderThread
NtAlpcQueryInformation
NtAlpcQueryInformationMessage
NtAlpcRevokeSecurityContext
NtAlpcSendWaitReceivePort
NtAlpcSetInformation
NtApphelpCacheControl
NtAreMappedFilesTheSame
NtAssignProcessToJobObject
NtAssociateWaitCompletionPacket
NtCallEnclave
NtCallbackReturn
NtCancelIoFile
NtCancelIoFileEx
NtCancelSynchronousIoFile
NtCancelTimer
NtCancelTimer2
NtCancelWaitCompletionPacket
NtClearEvent
NtClose
NtCloseObjectAuditAlarm
NtCommitComplete
NtCommitEnlistment
NtCommitRegistryTransaction
NtCommitTransaction
NtCompactKeys
NtCompareObjects
NtCompareSigningLevels
NtCompareTokens
NtCompleteConnectPort
NtCompressKey
NtConnectPort
NtContinue
NtContinueEx
NtConvertBetweenAuxiliaryCounterAndPerformanceCounter
NtCopyFileChunk
NtCreateCrossVmEvent
NtCreateCrossVmMutant
NtCreateDebugObject
NtCreateDirectoryObject
NtCreateDirectoryObjectEx
NtCreateEnclave
NtCreateEnlistment
NtCreateEvent
NtCreateEventPair
NtCreateFile
NtCreateIRTimer
NtCreateIoCompletion
NtCreateJobObject
NtCreateJobSet
NtCreateKey
NtCreateKeyTransacted
NtCreateKeyedEvent
NtCreateLowBoxToken
NtCreateMailslotFile
NtCreateMutant
NtCreateNamedPipeFile
NtCreatePagingFile
NtCreatePartition
NtCreatePort
NtCreatePrivateNamespace
NtCreateProcess
NtCreateProcessEx
NtCreateProfile
NtCreateProfileEx
NtCreateRegistryTransaction
NtCreateResourceManager
NtCreateSection
NtCreateSectionEx
NtCreateSemaphore
NtCreateSymbolicLinkObject
NtCreateThread
NtCreateThreadEx
NtCreateTimer
NtCreateTimer2
NtCreateToken
NtCreateTokenEx
NtCreateTransaction
NtCreateTransactionManager
NtCreateUserProcess
NtCreateWaitCompletionPacket
NtCreateWaitablePort
NtCreateWnfStateName
NtCreateWorkerFactory
NtDebugActiveProcess
NtDebugContinue
NtDelayExecution
NtDeleteAtom
NtDeleteBootEntry
NtDeleteDriverEntry
NtDeleteFile
NtDeleteKey
NtDeleteObjectAuditAlarm
NtDeletePrivateNamespace
NtDeleteValueKey
NtDeleteWnfStateData
NtDeleteWnfStateName
NtDeviceIoControlFile
NtDirectGraphicsCall
NtDisableLastKnownGood
NtDisplayString
NtDrawText
NtDuplicateObject
NtDuplicateToken
NtEnableLastKnownGood
NtEnumerateBootEntries
NtEnumerateDriverEntries
NtEnumerateKey
NtEnumerateSystemEnvironmentValuesEx
NtEnumerateTransactionObject
NtEnumerateValueKey
NtExtendSection
NtFilterBootOption
NtFilterToken
NtFilterTokenEx
NtFindAtom
NtFlushBuffersFile
NtFlushBuffersFileEx
NtFlushInstallUILanguage
NtFlushInstructionCache
NtFlushKey
NtFlushProcessWriteBuffers
NtFlushVirtualMemory
NtFlushWriteBuffer
NtFreeUserPhysicalPages
NtFreeVirtualMemory
NtFreezeRegistry
NtFreezeTransactions
NtFsControlFile
NtGetCachedSigningLevel
NtGetCompleteWnfStateSubscription
NtGetContextThread
NtGetCurrentProcessorNumber
NtGetCurrentProcessorNumberEx
NtGetDevicePowerState
NtGetMUIRegistryInfo
NtGetNextProcess
NtGetNextThread
NtGetNlsSectionPtr
NtGetNotificationResourceManager
NtGetTickCount
NtGetWriteWatch
NtImpersonateAnonymousToken
NtImpersonateClientOfPort
NtImpersonateThread
NtInitializeEnclave
NtInitializeNlsFiles
NtInitializeRegistry
NtInitiatePowerAction
NtIsProcessInJob
NtIsSystemResumeAutomatic
NtIsUILanguageComitted
NtListenPort
NtLoadDriver
NtLoadEnclaveData
NtLoadKey
NtLoadKey2
NtLoadKey3
NtLoadKeyEx
NtLockFile
NtLockProductActivationKeys
NtLockRegistryKey
NtLockVirtualMemory
NtMakePermanentObject
NtMakeTemporaryObject
NtManageHotPatch
NtManagePartition
NtMapCMFModule
NtMapUserPhysicalPages
NtMapUserPhysicalPagesScatter
NtMapViewOfSection
NtMapViewOfSectionEx
NtModifyBootEntry
NtModifyDriverEntry
NtNotifyChangeDirectoryFile
NtNotifyChangeDirectoryFileEx
NtNotifyChangeKey
NtNotifyChangeMultipleKeys
NtNotifyChangeSession
NtOpenDirectoryObject
NtOpenEnlistment
NtOpenEvent
NtOpenEventPair
NtOpenFile
NtOpenIoCompletion
NtOpenJobObject
NtOpenKey
NtOpenKeyEx
NtOpenKeyTransacted
NtOpenKeyTransactedEx
NtOpenKeyedEvent
NtOpenMutant
NtOpenObjectAuditAlarm
NtOpenPartition
NtOpenPrivateNamespace
NtOpenProcess
NtOpenProcessToken
NtOpenProcessTokenEx
NtOpenRegistryTransaction
NtOpenResourceManager
NtOpenSection
NtOpenSemaphore
NtOpenSession
NtOpenSymbolicLinkObject
NtOpenThread
NtOpenThreadToken
NtOpenThreadTokenEx
NtOpenTimer
NtOpenTransaction
NtOpenTransactionManager
NtPlugPlayControl
NtPowerInformation
NtPrePrepareComplete
NtPrePrepareEnlistment
NtPrepareComplete
NtPrepareEnlistment
NtPrivilegeCheck
NtPrivilegeObjectAuditAlarm
NtPrivilegedServiceAuditAlarm
NtPropagationComplete
NtPropagationFailed
NtProtectVirtualMemory
NtPssCaptureVaSpaceBulk
NtPulseEvent
NtQueryAttributesFile
NtQueryAuxiliaryCounterFrequency
NtQueryBootEntryOrder
NtQueryBootOptions
NtQueryDebugFilterState
NtQueryDefaultLocale
NtQueryDefaultUILanguage
NtQueryDirectoryFile
NtQueryDirectoryFileEx
NtQueryDirectoryObject
NtQueryDriverEntryOrder
NtQueryEaFile
NtQueryEvent
NtQueryFullAttributesFile
NtQueryInformationAtom
NtQueryInformationByName
NtQueryInformationEnlistment
NtQueryInformationFile
NtQueryInformationJobObject
NtQueryInformationPort
NtQueryInformationProcess
NtQueryInformationResourceManager
NtQueryInformationThread
NtQueryInformationToken
NtQueryInformationTransaction
NtQueryInformationTransactionManager
NtQueryInformationWorkerFactory
NtQueryInstallUILanguage
NtQueryIntervalProfile
NtQueryIoCompletion
NtQueryKey
NtQueryLicenseValue
NtQueryMultipleValueKey
NtQueryMutant
NtQueryObject
NtQueryOpenSubKeys
NtQueryOpenSubKeysEx
NtQueryPerformanceCounter
NtQueryPortInformationProcess
NtQueryQuotaInformationFile
NtQuerySection
NtQuerySecurityAttributesToken

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT
Size: 512B - Virtual size: 505B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mrdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 449KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_ntmarta.dll_7FFF19370000_x64.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

AccConvertAccessMaskToActrlAccess
AccConvertAccessToSD
AccConvertAccessToSecurityDescriptor
AccConvertAclToAccess
AccConvertSDToAccess
AccFreeIndexArray
AccGetAccessForTrustee
AccGetExplicitEntries
AccGetInheritanceSource
AccLookupAccountName
AccLookupAccountSid
AccLookupAccountTrustee
AccProvCancelOperation
AccProvGetAccessInfoPerObjectType
AccProvGetAllRights
AccProvGetCapabilities
AccProvGetOperationResults
AccProvGetTrusteesAccess
AccProvGrantAccessRights
AccProvHandleGetAccessInfoPerObjectType
AccProvHandleGetAllRights
AccProvHandleGetTrusteesAccess
AccProvHandleGrantAccessRights
AccProvHandleIsAccessAudited
AccProvHandleIsObjectAccessible
AccProvHandleRevokeAccessRights
AccProvHandleRevokeAuditRights
AccProvHandleSetAccessRights
AccProvIsAccessAudited
AccProvIsObjectAccessible
AccProvRevokeAccessRights
AccProvRevokeAuditRights
AccProvSetAccessRights
AccRewriteGetExplicitEntriesFromAcl
AccRewriteGetHandleRights
AccRewriteGetNamedRights
AccRewriteSetEntriesInAcl
AccRewriteSetHandleRights
AccRewriteSetNamedRights
AccSetEntriesInAList
AccTreeResetNamedSecurityInfo
EventGuidToName
EventNameFree
GetExplicitEntriesFromAclW
GetMartaExtensionInterface
GetNamedSecurityInfoW
GetSecurityInfo
SetEntriesInAclW
SetNamedSecurityInfoW
SetSecurityInfo

Sections

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ERRATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_ole32.dll_7FFF1AD40000_x64.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

BindMoniker
CLIPFORMAT_UserFree
CLIPFORMAT_UserFree64
CLIPFORMAT_UserFreeExt
CLIPFORMAT_UserMarshal
CLIPFORMAT_UserMarshal64
CLIPFORMAT_UserMarshalExt
CLIPFORMAT_UserSize
CLIPFORMAT_UserSize64
CLIPFORMAT_UserSizeExt
CLIPFORMAT_UserUnmarshal
CLIPFORMAT_UserUnmarshal64
CLIPFORMAT_UserUnmarshalExt
CLSIDFromOle1Class
CLSIDFromProgID
CLSIDFromProgIDEx
CLSIDFromString
CStdAsyncStubBuffer2_Connect
CStdAsyncStubBuffer2_Disconnect
CStdAsyncStubBuffer2_Release
CStdAsyncStubBuffer_AddRef
CStdAsyncStubBuffer_Connect
CStdAsyncStubBuffer_Disconnect
CStdAsyncStubBuffer_Invoke
CStdAsyncStubBuffer_QueryInterface
CStdAsyncStubBuffer_Release
CStdStubBuffer2_Connect
CStdStubBuffer2_CountRefs
CStdStubBuffer2_Disconnect
CStdStubBuffer2_QueryInterface
CheckInitDde
CleanROTForApartment
ClipboardProcessUninitialize
CoAddRefServerProcess
CoAicGetTokenForCOM
CoAllowSetForegroundWindow
CoAllowUnmarshalerCLSID
CoBuildVersion
CoCancelCall
CoCheckElevationEnabled
CoCopyProxy
CoCreateFreeThreadedMarshaler
CoCreateGuid
CoCreateInstance
CoCreateInstanceEx
CoCreateInstanceFromApp
CoCreateObjectInContext
CoDeactivateObject
CoDecodeProxy
CoDecrementMTAUsage
CoDisableCallCancellation
CoDisconnectContext
CoDisconnectObject
CoDosDateTimeToFileTime
CoEnableCallCancellation
CoFileTimeNow
CoFileTimeToDosDateTime
CoFreeAllLibraries
CoFreeLibrary
CoFreeUnusedLibraries
CoFreeUnusedLibrariesEx
CoGetActivationState
CoGetApartmentID
CoGetApartmentType
CoGetCallContext
CoGetCallState
CoGetCallerTID
CoGetCancelObject
CoGetClassObject
CoGetClassVersion
CoGetComCatalog
CoGetContextToken
CoGetCurrentLogicalThreadId
CoGetCurrentProcess
CoGetDefaultContext
CoGetInstanceFromFile
CoGetInstanceFromIStorage
CoGetInterceptor
CoGetInterceptorForOle32
CoGetInterceptorFromTypeInfo
CoGetInterfaceAndReleaseStream
CoGetMalloc
CoGetMarshalSizeMax
CoGetModuleType
CoGetObject
CoGetObjectContext
CoGetPSClsid
CoGetProcessIdentifier
CoGetStandardMarshal
CoGetStdMarshalEx
CoGetSystemSecurityPermissions
CoGetSystemWow64DirectoryW
CoGetTreatAsClass
CoHandlePriorityEventsFromMessagePump
CoImpersonateClient
CoIncrementMTAUsage
CoInitialize
CoInitializeEx
CoInitializeSecurity
CoInitializeWOW
CoInstall
CoInvalidateRemoteMachineBindings
CoIsHandlerConnected
CoIsOle1Class
CoLoadLibrary
CoLockObjectExternal
CoMarshalHresult
CoMarshalInterThreadInterfaceInStream
CoMarshalInterface
CoPopServiceDomain
CoPushServiceDomain
CoQueryAuthenticationServices
CoQueryClientBlanket
CoQueryProxyBlanket
CoQueryReleaseObject
CoReactivateObject
CoRegisterActivationFilter
CoRegisterChannelHook
CoRegisterClassObject
CoRegisterInitializeSpy
CoRegisterMallocSpy
CoRegisterMessageFilter
CoRegisterPSClsid
CoRegisterSurrogate
CoRegisterSurrogateEx
CoReleaseMarshalData
CoReleaseServerProcess
CoResumeClassObjects
CoRetireServer
CoRevertToSelf
CoRevokeClassObject
CoRevokeInitializeSpy
CoRevokeMallocSpy
CoSetCancelObject
CoSetMessageDispatcher
CoSetProxyBlanket
CoSetState
CoSuspendClassObjects
CoSwitchCallContext
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoTestCancel
CoTreatAsClass
CoUninitialize
CoUnloadingWOW
CoUnmarshalHresult
CoUnmarshalInterface
CoVrfCheckThreadState
CoVrfGetThreadState
CoVrfReleaseThreadState
CoWaitForMultipleHandles
CoWaitForMultipleObjects
ComPs_NdrDllCanUnloadNow
ComPs_NdrDllGetClassObject
ComPs_NdrDllRegisterProxy
ComPs_NdrDllUnregisterProxy
CreateAntiMoniker
CreateBindCtx
CreateClassMoniker
CreateDataAdviseHolder
CreateDataCache
CreateErrorInfo
CreateFileMoniker
CreateGenericComposite
CreateILockBytesOnHGlobal
CreateItemMoniker
CreateObjrefMoniker
CreateOleAdviseHolder
CreatePointerMoniker
CreateStdProgressIndicator
CreateStreamOnHGlobal
DcomChannelSetHResult
DdeBindToObject
DeletePatternAndExtensionTables
DestroyRunningObjectTable
DllDebugObjectRPCHook
DllGetClassObject
DllGetClassObjectWOW
DllRegisterServer
DoDragDrop
DragDropSetFDT
EnableHookObject
FindExt
FmtIdToPropStgName
FreePropVariantArray
GetActiveObjectExt
GetClassFile
GetConvertStg
GetDocumentBitStg
GetErrorInfo
GetHGlobalFromILockBytes
GetHGlobalFromStream
GetHookInterface
GetObjectFromRotByPath
GetRunningObjectTable
HACCEL_UserFree
HACCEL_UserFree64
HACCEL_UserMarshal
HACCEL_UserMarshal64
HACCEL_UserSize
HACCEL_UserSize64
HACCEL_UserUnmarshal
HACCEL_UserUnmarshal64
HBITMAP_UserFree
HBITMAP_UserFree64
HBITMAP_UserMarshal
HBITMAP_UserMarshal64
HBITMAP_UserSize
HBITMAP_UserSize64
HBITMAP_UserUnmarshal
HBITMAP_UserUnmarshal64
HBRUSH_UserFree
HBRUSH_UserFree64
HBRUSH_UserMarshal
HBRUSH_UserMarshal64
HBRUSH_UserSize
HBRUSH_UserSize64
HBRUSH_UserUnmarshal
HBRUSH_UserUnmarshal64
HDC_UserFree
HDC_UserFree64
HDC_UserMarshal
HDC_UserMarshal64
HDC_UserSize
HDC_UserSize64
HDC_UserUnmarshal
HDC_UserUnmarshal64
HENHMETAFILE_UserFree
HENHMETAFILE_UserFree64
HENHMETAFILE_UserMarshal
HENHMETAFILE_UserMarshal64
HENHMETAFILE_UserSize
HENHMETAFILE_UserSize64
HENHMETAFILE_UserUnmarshal
HENHMETAFILE_UserUnmarshal64
HGLOBAL_UserFree
HGLOBAL_UserFree64
HGLOBAL_UserMarshal
HGLOBAL_UserMarshal64
HGLOBAL_UserSize
HGLOBAL_UserSize64
HGLOBAL_UserUnmarshal
HGLOBAL_UserUnmarshal64
HICON_UserFree
HICON_UserFree64
HICON_UserMarshal
HICON_UserMarshal64
HICON_UserSize
HICON_UserSize64
HICON_UserUnmarshal
HICON_UserUnmarshal64
HMENU_UserFree
HMENU_UserFree64
HMENU_UserMarshal
HMENU_UserMarshal64
HMENU_UserSize
HMENU_UserSize64
HMENU_UserUnmarshal
HMENU_UserUnmarshal64
HMETAFILEPICT_UserFree
HMETAFILEPICT_UserFree64
HMETAFILEPICT_UserMarshal
HMETAFILEPICT_UserMarshal64
HMETAFILEPICT_UserSize
HMETAFILEPICT_UserSize64
HMETAFILEPICT_UserUnmarshal
HMETAFILEPICT_UserUnmarshal64
HMETAFILE_UserFree
HMETAFILE_UserFree64
HMETAFILE_UserMarshal
HMETAFILE_UserMarshal64
HMETAFILE_UserSize
HMETAFILE_UserSize64
HMETAFILE_UserUnmarshal
HMETAFILE_UserUnmarshal64
HMONITOR_UserFree
HMONITOR_UserFree64
HMONITOR_UserMarshal
HMONITOR_UserMarshal64
HMONITOR_UserSize
HMONITOR_UserSize64
HMONITOR_UserUnmarshal
HMONITOR_UserUnmarshal64
HPALETTE_UserFree
HPALETTE_UserFree64
HPALETTE_UserFreeExt
HPALETTE_UserMarshal
HPALETTE_UserMarshal64
HPALETTE_UserMarshalExt
HPALETTE_UserSize
HPALETTE_UserSize64
HPALETTE_UserSizeExt
HPALETTE_UserUnmarshal
HPALETTE_UserUnmarshal64
HPALETTE_UserUnmarshalExt
HRGN_UserFree
HRGN_UserMarshal
HRGN_UserSize
HRGN_UserUnmarshal
HWND_UserFree
HWND_UserFree64
HWND_UserFree64Ext
HWND_UserFreeExt
HWND_UserMarshal
HWND_UserMarshal64
HWND_UserMarshal64Ext
HWND_UserMarshalExt
HWND_UserSize
HWND_UserSize64
HWND_UserSize64Ext
HWND_UserSizeExt
HWND_UserUnmarshal
HWND_UserUnmarshal64
HWND_UserUnmarshal64Ext
HWND_UserUnmarshalExt
HkOleRegisterObject
IIDFromString
IsAccelerator
IsEqualGUID
IsRoInitializeASTAAllowedInDesktop
IsValidIid
IsValidInterface
IsValidPtrIn
IsValidPtrOut
MkParseDisplayName
MonikerCommonPrefixWith
MonikerLoadTypeLib
MonikerRelativePathTo
NdrOleInitializeExtension
NdrProxyForwardingFunction10
NdrProxyForwardingFunction11
NdrProxyForwardingFunction12
NdrProxyForwardingFunction13
NdrProxyForwardingFunction14
NdrProxyForwardingFunction15
NdrProxyForwardingFunction16
NdrProxyForwardingFunction17
NdrProxyForwardingFunction18
NdrProxyForwardingFunction19
NdrProxyForwardingFunction20
NdrProxyForwardingFunction21
NdrProxyForwardingFunction22
NdrProxyForwardingFunction23
NdrProxyForwardingFunction24
NdrProxyForwardingFunction25
NdrProxyForwardingFunction26
NdrProxyForwardingFunction27
NdrProxyForwardingFunction28
NdrProxyForwardingFunction29
NdrProxyForwardingFunction3
NdrProxyForwardingFunction30
NdrProxyForwardingFunction31
NdrProxyForwardingFunction32
NdrProxyForwardingFunction4
NdrProxyForwardingFunction5
NdrProxyForwardingFunction6
NdrProxyForwardingFunction7
NdrProxyForwardingFunction8
NdrProxyForwardingFunction9
ObjectStublessClient10
ObjectStublessClient11
ObjectStublessClient12
ObjectStublessClient13
ObjectStublessClient14
ObjectStublessClient15
ObjectStublessClient16
ObjectStublessClient17
ObjectStublessClient18
ObjectStublessClient19
ObjectStublessClient20
ObjectStublessClient21
ObjectStublessClient22
ObjectStublessClient23
ObjectStublessClient24
ObjectStublessClient25
ObjectStublessClient26
ObjectStublessClient27
ObjectStublessClient28
ObjectStublessClient29
ObjectStublessClient3
ObjectStublessClient30
ObjectStublessClient31
ObjectStublessClient32
ObjectStublessClient4
ObjectStublessClient5
ObjectStublessClient6
ObjectStublessClient7
ObjectStublessClient8
ObjectStublessClient9
Ole32DllGetClassObject
OleBuildVersion
OleConvertIStorageToOLESTREAM
OleConvertIStorageToOLESTREAMEx
OleConvertOLESTREAMToIStorage
OleConvertOLESTREAMToIStorage2
OleConvertOLESTREAMToIStorageEx
OleConvertOLESTREAMToIStorageEx2
OleCreate
OleCreateDefaultHandler
OleCreateEmbeddingHelper
OleCreateEx
OleCreateFontIndirectExt
OleCreateFromData
OleCreateFromDataEx
OleCreateFromFile
OleCreateFromFileEx
OleCreateLink
OleCreateLinkEx
OleCreateLinkFromData
OleCreateLinkFromDataEx
OleCreateLinkToFile
OleCreateLinkToFileEx
OleCreateMenuDescriptor
OleCreatePictureIndirectExt
OleCreatePropertyFrameIndirectExt
OleCreateStaticFromData
OleDestroyMenuDescriptor
OleDoAutoConvert
OleDraw
OleDuplicateData
OleFlushClipboard
OleGetAutoConvert
OleGetClipboard
OleGetClipboardWithEnterpriseInfo
OleGetIconOfClass
OleGetIconOfFile
OleGetPackageClipboardOwner
OleIconToCursorExt
OleInitialize
OleInitializeWOW
OleIsCurrentClipboard
OleIsRunning
OleLoad
OleLoadFromStream
OleLoadPictureExt
OleLoadPictureFileExt
OleLoadPicturePathExt
OleLockRunning
OleMetafilePictFromIconAndLabel
OleNoteObjectVisible
OleQueryCreateFromData
OleQueryLinkFromData
OleRegEnumFormatEtc
OleRegEnumVerbs
OleRegGetMiscStatus
OleRegGetUserType
OleReleaseEnumVerbCache
OleRun
OleSave
OleSavePictureFileExt
OleSaveToStream
OleSetAutoConvert
OleSetClipboard
OleSetContainedObject
OleSetMenuDescriptor
OleTranslateAccelerator
OleTranslateColorExt
OleUninitialize
OpenOrCreateStream
ProgIDFromCLSID
PropStgNameToFmtId
PropSysAllocString
PropSysFreeString
PropVariantChangeType
PropVariantClear
PropVariantCopy
ReadClassStg
ReadClassStm
ReadFmtUserTypeStg
ReadOleStg
ReadStorageProperties
ReadStringStream
RegisterActiveObjectExt
RegisterDragDrop
ReleaseStgMedium
RevokeActiveObjectExt
RevokeDragDrop
RoGetAgileReference
SNB_UserFree
SNB_UserFree64
SNB_UserMarshal
SNB_UserMarshal64
SNB_UserSize
SNB_UserSize64
SNB_UserUnmarshal
SNB_UserUnmarshal64
STGMEDIUM_UserFree
STGMEDIUM_UserFree64
STGMEDIUM_UserFreeExt
STGMEDIUM_UserMarshal
STGMEDIUM_UserMarshal64
STGMEDIUM_UserMarshalExt
STGMEDIUM_UserSize
STGMEDIUM_UserSize64
STGMEDIUM_UserSizeExt
STGMEDIUM_UserUnmarshal
STGMEDIUM_UserUnmarshal64
STGMEDIUM_UserUnmarshalExt
SetConvertStg

Sections

.text
Size: 814KB - Virtual size: 813KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_sechost.dll_7FFF1C1C0000_x64.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

AuditComputeEffectivePolicyBySid
AuditEnumerateCategories
AuditEnumeratePerUserPolicy
AuditEnumerateSubCategories
AuditFree
AuditLookupCategoryNameW
AuditLookupSubCategoryNameW
AuditQueryGlobalSaclW
AuditQueryPerUserPolicy
AuditQuerySecurity
AuditQuerySystemPolicy
AuditSetGlobalSaclW
AuditSetPerUserPolicy
AuditSetSecurity
AuditSetSystemPolicy
BuildSecurityDescriptorForSharingAccess
BuildSecurityDescriptorForSharingAccessEx
CapabilityCheck
CapabilityCheckForSingleSessionSku
ChangeServiceConfig2A
ChangeServiceConfig2W
ChangeServiceConfigA
ChangeServiceConfigW
CloseServiceHandle
CloseTrace
ControlService
ControlServiceExA
ControlServiceExW
ControlTraceA
ControlTraceW
ConvertSDToStringSDRootDomainW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSDToSDDomainA
ConvertStringSDToSDDomainW
ConvertStringSDToSDRootDomainW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
CreateIsolatedProcess
CreateIsolationContainer
CreateServiceA
CreateServiceEx
CreateServiceW
CredBackupCredentials
CredDeleteA
CredDeleteW
CredEncryptAndMarshalBinaryBlob
CredEnumerateA
CredEnumerateW
CredFindBestCredentialA
CredFindBestCredentialW
CredFree
CredGetSessionTypes
CredGetTargetInfoA
CredGetTargetInfoW
CredIsMarshaledCredentialW
CredIsProtectedA
CredIsProtectedW
CredMarshalCredentialA
CredMarshalCredentialW
CredParseUserNameWithType
CredProfileLoaded
CredProfileLoadedEx
CredProfileUnloaded
CredProtectA
CredProtectEx
CredProtectW
CredReadA
CredReadByTokenHandle
CredReadDomainCredentialsA
CredReadDomainCredentialsW
CredReadW
CredRestoreCredentials
CredUnmarshalCredentialA
CredUnmarshalCredentialW
CredUnprotectA
CredUnprotectEx
CredUnprotectW
CredWriteA
CredWriteDomainCredentialsA
CredWriteDomainCredentialsW
CredWriteW
CredpConvertCredential
CredpConvertOneCredentialSize
CredpConvertTargetInfo
CredpDecodeCredential
CredpEncodeCredential
CredpEncodeSecret
DeleteIsolationContainer
DeleteService
EnableTraceEx2
EnumDependentServicesW
EnumServicesStatusExW
EnumerateIdentityProviders
EnumerateTraceGuidsEx
EtwQueryRealtimeConsumer
EventAccessControl
EventAccessQuery
EventAccessRemove
FreeContainer
FreeTransientObjectSecurityDescriptor
GetDefaultIdentityProvider
GetEmbeddedContainerIsolationPolicy
GetEmbeddedImageMitigationPolicy
GetIdentityProviderInfoByGUID
GetIdentityProviderInfoByName
GetServiceDirectory
GetServiceDisplayNameW
GetServiceKeyNameW
GetServiceProcessToken
GetServiceRegistryStateKey
I_QueryTagInformation
I_RegisterSvchostNotificationCallback
I_ScBroadcastServiceControlMessage
I_ScIsSecurityProcess
I_ScPnPGetServiceName
I_ScQueryServiceConfig
I_ScRegisterDeviceNotification
I_ScRegisterPreshutdownRestart
I_ScReparseServiceDatabase
I_ScRpcBindA
I_ScRpcBindW
I_ScSendPnPMessage
I_ScSendTSMessage
I_ScSetServiceBitsA
I_ScSetServiceBitsW
I_ScUnregisterDeviceNotification
I_ScValidatePnPService
LocalGetConditionForString
LocalGetReferencedTokenTypesForCondition
LocalGetStringForCondition
LocalRpcBindingCreateWithSecurity
LocalRpcBindingSetAuthInfoEx
LookupAccountNameLocalA
LookupAccountNameLocalW
LookupAccountSidLocalA
LookupAccountSidLocalW
LsaAddAccountRights
LsaClose
LsaCreateSecret
LsaDelete
LsaEnumerateAccountRights
LsaEnumerateAccountsWithUserRight
LsaFreeMemory
LsaICLookupNames
LsaICLookupNamesWithCreds
LsaICLookupSids
LsaICLookupSidsWithCreds
LsaLookupClose
LsaLookupFreeMemory
LsaLookupGetDomainInfo
LsaLookupManageSidNameMapping
LsaLookupNames2
LsaLookupOpenLocalPolicy
LsaLookupSids
LsaLookupSids2
LsaLookupTranslateNames
LsaLookupTranslateSids
LsaLookupUserAccountType
LsaOpenPolicy
LsaOpenSecret
LsaQueryInformationPolicy
LsaQuerySecret
LsaRemoveAccountRights
LsaRetrievePrivateData
LsaSetInformationPolicy
LsaSetSecret
LsaStorePrivateData
NotifyServiceStatusChange
NotifyServiceStatusChangeA
NotifyServiceStatusChangeW
OpenSCManagerA
OpenSCManagerW
OpenServiceA
OpenServiceW
OpenTraceW
ProcessTrace
QueryAllTracesA
QueryAllTracesW
QueryLocalUserServiceName
QueryServiceConfig2A
QueryServiceConfig2W
QueryServiceConfigA
QueryServiceConfigW
QueryServiceDynamicInformation
QueryServiceObjectSecurity
QueryServiceStatus
QueryServiceStatusEx
QueryTraceProcessingHandle
QueryTransientObjectSecurityDescriptor
QueryUserServiceName
QueryUserServiceNameForContext
RegisterServiceCtrlHandlerA
RegisterServiceCtrlHandlerExA
RegisterServiceCtrlHandlerExW
RegisterServiceCtrlHandlerW
RegisterTraceGuidsA
ReleaseIdentityProviderEnumContext
RemoveTraceCallback
RpcClientCapabilityCheck
SetLocalRpcServerInterfaceSecurity
SetLocalRpcServerProtseqSecurity
SetServiceObjectSecurity
SetServiceStatus
SetTraceCallback
StartServiceA
StartServiceCtrlDispatcherA
StartServiceCtrlDispatcherW
StartServiceW
StartTraceA
StartTraceW
StopTraceW
SubscribeServiceChangeNotifications
TraceQueryInformation
TraceSetInformation
UnsubscribeServiceChangeNotifications
WaitServiceState

Sections

.text
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_shcore.dll_7FFF1C8D0000_x64.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

CommandLineToArgvW
CreateRandomAccessStreamOnFile
CreateRandomAccessStreamOverStream
CreateStreamOverRandomAccessStream
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
GetCurrentProcessExplicitAppUserModelID
GetDpiForMonitor
GetDpiForShellUIComponent
GetFeatureEnabledState
GetFeatureVariant
GetProcessDpiAwareness
GetProcessReference
GetScaleFactorForDevice
GetScaleFactorForMonitor
IStream_Copy
IStream_Read
IStream_ReadStr
IStream_Reset
IStream_Size
IStream_Write
IStream_WriteStr
IUnknown_AtomicRelease
IUnknown_GetSite
IUnknown_QueryService
IUnknown_Set
IUnknown_SetSite
IsOS
IsProcessInIsolatedContainer
IsProcessInWDAGContainer
RecordFeatureError
RecordFeatureUsage
RegisterScaleChangeEvent
RegisterScaleChangeNotifications
RevokeScaleChangeNotifications
SHAnsiToAnsi
SHAnsiToUnicode
SHCopyKeyA
SHCopyKeyW
SHCreateMemStream
SHCreateStreamOnFileA
SHCreateStreamOnFileEx
SHCreateStreamOnFileW
SHCreateThread
SHCreateThreadRef
SHCreateThreadWithHandle
SHDeleteEmptyKeyA
SHDeleteEmptyKeyW
SHDeleteKeyA
SHDeleteKeyW
SHDeleteValueA
SHDeleteValueW
SHEnumKeyExA
SHEnumKeyExW
SHEnumValueA
SHEnumValueW
SHGetThreadRef
SHGetValueA
SHGetValueW
SHOpenRegStream2A
SHOpenRegStream2W
SHOpenRegStreamA
SHOpenRegStreamW
SHQueryInfoKeyA
SHQueryInfoKeyW
SHQueryValueExA
SHQueryValueExW
SHRegDuplicateHKey
SHRegGetIntW
SHRegGetPathA
SHRegGetPathW
SHRegGetValueA
SHRegGetValueFromHKCUHKLM
SHRegGetValueW
SHRegSetPathA
SHRegSetPathW
SHReleaseThreadRef
SHSetThreadRef
SHSetValueA
SHSetValueW
SHStrDupA
SHStrDupW
SHTaskPoolAllowThreadReuse
SHTaskPoolDoNotWaitForMoreTasks
SHTaskPoolGetCurrentThreadLifetime
SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask
SHTaskPoolSetThreadReuseAllowed
SHUnicodeToAnsi
SHUnicodeToUnicode
SetCurrentProcessExplicitAppUserModelID
SetProcessDpiAwareness
SetProcessReference
SubscribeFeatureStateChangeNotification
UnregisterScaleChangeEvent
UnsubscribeFeatureStateChangeNotification

Sections

.text
Size: 466KB - Virtual size: 465KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_shell32.dll_7FFF1BA50000_x64.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

AppCompat_RunDLLW
AssocCreateForClasses
AssocElemCreateForKey
AssocGetDetailsOfPropKey
CDefFolderMenu_Create2
CIDLData_CreateFromIDArray
CStorageItem_GetValidatedStorageItemObject
CallFileCopyHook
CheckEscapesW
CommandLineToArgvW
Control_RunDLL
Control_RunDLLA
Control_RunDLLAsUserW
Control_RunDLLW
CreateStorageItemFromPath_FullTrustCaller
CreateStorageItemFromPath_FullTrustCaller_ForPackage
CreateStorageItemFromPath_PartialTrustCaller
CreateStorageItemFromShellItem_FullTrustCaller
CreateStorageItemFromShellItem_FullTrustCaller_ForPackage
CreateStorageItemFromShellItem_FullTrustCaller_ForPackage_WithProcessHandle
CreateStorageItemFromShellItem_FullTrustCaller_UseImplicitFlagsAndPackage
DAD_AutoScroll
DAD_DragEnterEx
DAD_DragEnterEx2
DAD_DragLeave
DAD_DragMove
DAD_SetDragImage
DAD_ShowDragImage
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllGetVersion
DllInstall
DllRegisterServer
DllUnregisterServer
DoEnvironmentSubstA
DoEnvironmentSubstW
DragAcceptFiles
DragFinish
DragQueryFile
DragQueryFileA
DragQueryFileAorW
DragQueryFileW
DragQueryPoint
DriveType
DuplicateIcon
ExtractAssociatedIconA
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractAssociatedIconW
ExtractIconA
ExtractIconEx
ExtractIconExA
ExtractIconExW
ExtractIconW
FindExecutableA
FindExecutableW
FreeIconList
GetCurrentProcessExplicitAppUserModelID
GetFileNameFromBrowse
GetSystemPersistedStorageItemList
ILAppendID
ILClone
ILCloneFirst
ILCombine
ILCreateFromPath
ILCreateFromPathA
ILCreateFromPathW
ILFindChild
ILFindLastID
ILFree
ILGetNext
ILGetSize
ILIsEqual
ILIsParent
ILLoadFromStreamEx
ILRemoveLastID
ILSaveToStream
InitNetworkAddressControl
InternalExtractIconListA
InternalExtractIconListW
IsDesktopExplorerProcess
IsLFNDrive
IsLFNDriveA
IsLFNDriveW
IsNetDrive
IsProcessAnExplorer
IsUserAnAdmin
LaunchMSHelp_RunDLLW
OpenAs_RunDLL
OpenAs_RunDLLA
OpenAs_RunDLLW
OpenRegStream
Options_RunDLL
Options_RunDLLA
Options_RunDLLW
PathCleanupSpec
PathGetShortPath
PathIsExe
PathIsSlowA
PathIsSlowW
PathMakeUniqueName
PathQualify
PathResolve
PathYetAnotherMakeUniqueName
PickIconDlg
PifMgr_CloseProperties
PifMgr_GetProperties
PifMgr_OpenProperties
PifMgr_SetProperties
PrepareDiscForBurnRunDllW
PrintersGetCommand_RunDLL
PrintersGetCommand_RunDLLA
PrintersGetCommand_RunDLLW
ReadCabinetState
RealDriveType
RealShellExecuteA
RealShellExecuteExA
RealShellExecuteExW
RealShellExecuteW
RegenerateUserEnvironment
RestartDialog
RestartDialogEx
RunAsNewUser_RunDLLW
SHAddDefaultPropertiesByExt
SHAddFromPropSheetExtArray
SHAddToRecentDocs
SHAlloc
SHAppBarMessage
SHAssocEnumHandlers
SHAssocEnumHandlersForProtocolByApplication
SHBindToFolderIDListParent
SHBindToFolderIDListParentEx
SHBindToObject
SHBindToParent
SHBrowseForFolder
SHBrowseForFolderA
SHBrowseForFolderW
SHCLSIDFromString
SHChangeNotification_Lock
SHChangeNotification_Unlock
SHChangeNotify
SHChangeNotifyDeregister
SHChangeNotifyRegister
SHChangeNotifyRegisterThread
SHChangeNotifySuspendResume
SHCloneSpecialIDList
SHCoCreateInstance
SHCoCreateInstanceWorker
SHCreateAssociationRegistration
SHCreateCategoryEnum
SHCreateDataObject
SHCreateDefaultContextMenu
SHCreateDefaultExtractIcon
SHCreateDefaultPropertiesOp
SHCreateDirectory
SHCreateDirectoryExA
SHCreateDirectoryExW
SHCreateDrvExtIcon
SHCreateFileExtractIconW
SHCreateItemFromIDList
SHCreateItemFromParsingName
SHCreateItemFromRelativeName
SHCreateItemInKnownFolder
SHCreateItemWithParent
SHCreateLocalServerRunDll
SHCreateProcessAsUserW
SHCreatePropSheetExtArray
SHCreateQueryCancelAutoPlayMoniker
SHCreateShellFolderView
SHCreateShellFolderViewEx
SHCreateShellItem
SHCreateShellItemArray
SHCreateShellItemArrayFromDataObject
SHCreateShellItemArrayFromIDLists
SHCreateShellItemArrayFromShellItem
SHCreateStdEnumFmtEtc
SHDefExtractIconA
SHDefExtractIconW
SHDestroyPropSheetExtArray
SHDoDragDrop
SHELL32_AddToBackIconTable
SHELL32_AddToFrontIconTable
SHELL32_AreAllItemsAvailable
SHELL32_CCommonPlacesFolder_CreateInstance
SHELL32_CDBurn_CloseSession
SHELL32_CDBurn_DriveSupportedForDataBurn
SHELL32_CDBurn_Erase
SHELL32_CDBurn_GetCDInfo
SHELL32_CDBurn_GetLiveFSDiscInfo
SHELL32_CDBurn_GetStagingPathOrNormalPath
SHELL32_CDBurn_GetTaskInfo
SHELL32_CDBurn_IsBlankDisc
SHELL32_CDBurn_IsBlankDisc2
SHELL32_CDBurn_IsLiveFS
SHELL32_CDBurn_OnDeviceChange
SHELL32_CDBurn_OnEject
SHELL32_CDBurn_OnMediaChange
SHELL32_CDefFolderMenu_Create2
SHELL32_CDefFolderMenu_Create2Ex
SHELL32_CDefFolderMenu_MergeMenu
SHELL32_CDrivesContextMenu_Create
SHELL32_CDrivesDropTarget_Create
SHELL32_CDrives_CreateSFVCB
SHELL32_CFSDropTarget_CreateInstance
SHELL32_CFSFolderCallback_Create
SHELL32_CFillPropertiesTask_CreateInstance
SHELL32_CLibraryDropTarget_CreateInstance
SHELL32_CLocationContextMenu_Create
SHELL32_CLocationFolderUI_CreateInstance
SHELL32_CMountPoint_DoAutorun
SHELL32_CMountPoint_DoAutorunPrompt
SHELL32_CMountPoint_IsAutoRunDriveAndEnabledByPolicy
SHELL32_CMountPoint_ProcessAutoRunFile
SHELL32_CMountPoint_WantAutorunUI
SHELL32_CMountPoint_WantAutorunUIGetReady
SHELL32_CNetFolderUI_CreateInstance
SHELL32_CPL_CategoryIdArrayFromVariant
SHELL32_CPL_IsLegacyCanonicalNameListedUnderKey
SHELL32_CPL_ModifyWowDisplayName
SHELL32_CRecentDocsContextMenu_CreateInstance
SHELL32_CTransferConfirmation_CreateInstance
SHELL32_CallFileCopyHooks
SHELL32_CanDisplayWin8CopyDialog
SHELL32_CloseAutoplayPrompt
SHELL32_CommandLineFromMsiDescriptor
SHELL32_CopySecondaryTiles
SHELL32_CreateConfirmationInterrupt
SHELL32_CreateConflictInterrupt
SHELL32_CreateDefaultOperationDataProvider
SHELL32_CreateFileFolderContextMenu
SHELL32_CreateLinkInfoW
SHELL32_CreateQosRecorder
SHELL32_CreateSharePointView
SHELL32_Create_IEnumUICommand
SHELL32_DestroyLinkInfo
SHELL32_EncryptDirectory
SHELL32_EncryptedFileKeyInfo
SHELL32_EnumCommonTasks
SHELL32_FreeEncryptedFileKeyInfo
SHELL32_GenerateAppID
SHELL32_GetAppIDRoot
SHELL32_GetCommandProviderForFolderType
SHELL32_GetDPIAdjustedLogicalSize
SHELL32_GetDiskCleanupPath
SHELL32_GetFileNameFromBrowse
SHELL32_GetIconOverlayManager
SHELL32_GetLinkInfoData
SHELL32_GetRatingBucket
SHELL32_GetSqmableFileName
SHELL32_GetThumbnailAdornerFromFactory
SHELL32_GetThumbnailAdornerFromFactory2
SHELL32_HandleUnrecognizedFileSystem
SHELL32_IconCacheCreate
SHELL32_IconCacheDestroy
SHELL32_IconCacheHandleAssociationChanged
SHELL32_IconCacheRestore
SHELL32_IconCache_AboutToExtractIcons
SHELL32_IconCache_DoneExtractingIcons
SHELL32_IconCache_ExpandEnvAndSearchPath
SHELL32_IconCache_RememberRecentlyExtractedIconsW
SHELL32_IconOverlayManagerInit
SHELL32_IsGetKeyboardLayoutPresent
SHELL32_IsSystemUpgradeInProgress
SHELL32_IsValidLinkInfo
SHELL32_LegacyEnumSpecialTasksByType
SHELL32_LegacyEnumTasks
SHELL32_LookupBackIconIndex
SHELL32_LookupFrontIconIndex
SHELL32_NormalizeRating
SHELL32_NotifyLinkTrackingServiceOfMove
SHELL32_PifMgr_CloseProperties
SHELL32_PifMgr_GetProperties
SHELL32_PifMgr_OpenProperties
SHELL32_PifMgr_SetProperties
SHELL32_Printers_CreateBindInfo
SHELL32_Printjob_GetPidl
SHELL32_PurgeSystemIcon
SHELL32_RefreshOverlayImages
SHELL32_ResolveLinkInfoW
SHELL32_SHAddSparseIcon
SHELL32_SHCreateByValueOperationInterrupt
SHELL32_SHCreateDefaultContextMenu
SHELL32_SHCreateLocalServer
SHELL32_SHCreateShellFolderView
SHELL32_SHDuplicateEncryptionInfoFile
SHELL32_SHEncryptFile
SHELL32_SHFormatDriveAsync
SHELL32_SHGetThreadUndoManager
SHELL32_SHGetUserNameW
SHELL32_SHIsVirtualDevice
SHELL32_SHLaunchPropSheet
SHELL32_SHLogILFromFSIL
SHELL32_SHOpenWithDialog
SHELL32_SHStartNetConnectionDialogW
SHELL32_SHUICommandFromGUID
SHELL32_SendToMenu_InvokeTargetedCommand
SHELL32_SendToMenu_VerifyTargetedCommand
SHELL32_ShowHideIconOnlyOnDesktop
SHELL32_SimpleRatingToFilterCondition
SHELL32_StampIconForFile
SHELL32_SuspendUndo
SHELL32_TryVirtualDiscImageDriveEject
SHELL32_VerifySaferTrust
SHEmptyRecycleBinA
SHEmptyRecycleBinW
SHEnableServiceObject
SHEnumerateUnreadMailAccountsW
SHEvaluateSystemCommandTemplate
SHExecuteErrorMessageBox
SHExtractIconsW
SHFileOperation
SHFileOperationA
SHFileOperationW
SHFindFiles
SHFind_InitMenuPopup
SHFlushSFCache
SHFormatDrive
SHFree
SHFreeNameMappings
SHGetAttributesFromDataObject
SHGetDataFromIDListA
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetDiskFreeSpaceA
SHGetDiskFreeSpaceExA
SHGetDiskFreeSpaceExW
SHGetDriveMedia
SHGetFileInfo
SHGetFileInfoA
SHGetFileInfoW
SHGetFolderLocation
SHGetFolderPathA
SHGetFolderPathAndSubDirA
SHGetFolderPathAndSubDirW
SHGetFolderPathEx
SHGetFolderPathW
SHGetIDListFromObject
SHGetIconOverlayIndexA
SHGetIconOverlayIndexW
SHGetImageList
SHGetInstanceExplorer
SHGetItemFromDataObject
SHGetItemFromObject
SHGetKnownFolderIDList
SHGetKnownFolderItem
SHGetKnownFolderPath
SHGetLocalizedName
SHGetMalloc
SHGetNameFromIDList
SHGetNewLinkInfo
SHGetNewLinkInfoA
SHGetNewLinkInfoW
SHGetPathFromIDList
SHGetPathFromIDListA
SHGetPathFromIDListEx
SHGetPathFromIDListW
SHGetPropertyStoreForWindow
SHGetPropertyStoreFromIDList
SHGetPropertyStoreFromParsingName
SHGetRealIDL
SHGetSetFolderCustomSettings
SHGetSetSettings
SHGetSettings
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHGetStockIconInfo
SHGetTemporaryPropertyForItem
SHGetUnreadMailCountW
SHHandleUpdateImage
SHHelpShortcuts_RunDLL
SHHelpShortcuts_RunDLLA
SHHelpShortcuts_RunDLLW
SHILCreateFromPath
SHInvokePrinterCommandA
SHInvokePrinterCommandW
SHIsFileAvailableOffline
SHLimitInputEdit
SHLoadInProc
SHLoadNonloadedIconOverlayIdentifiers
SHMapPIDLToSystemImageListIndex
SHMultiFileProperties
SHObjectProperties
SHOpenFolderAndSelectItems
SHOpenPropSheetW
SHOpenWithDialog
SHParseDisplayName
SHPathPrepareForWriteA
SHPathPrepareForWriteW
SHPropStgCreate
SHPropStgReadMultiple
SHPropStgWriteMultiple
SHQueryRecycleBinA
SHQueryRecycleBinW
SHQueryUserNotificationState
SHRemoveLocalizedName
SHReplaceFromPropSheetExtArray
SHResolveLibrary
SHRestricted
SHSetDefaultProperties
SHSetFolderPathA
SHSetFolderPathW
SHSetInstanceExplorer
SHSetKnownFolderPath
SHSetLocalizedName
SHSetTemporaryPropertyForItem
SHSetUnreadMailCountW
SHShellFolderView_Message
SHShowManageLibraryUI
SHSimpleIDListFromPath
SHStartNetConnectionDialogW
SHTestTokenMembership
SHUpdateImageA
SHUpdateImageW
SHUpdateRecycleBinIcon
SHValidateUNC
SetCurrentProcessExplicitAppUserModelID
SheChangeDirA
SheChangeDirExW
SheGetDirA
SheSetCurDrive
ShellAboutA
ShellAboutW
ShellExec_RunDLL
ShellExec_RunDLLA
ShellExec_RunDLLW
ShellExecuteA
ShellExecuteEx
ShellExecuteExA
ShellExecuteExW
ShellExecuteW
ShellHookProc
ShellMessageBoxA
ShellMessageBoxW
Shell_GetCachedImageIndex
Shell_GetCachedImageIndexA
Shell_GetCachedImageIndexW
Shell_GetImageLists
Shell_MergeMenus
Shell_NotifyIcon
Shell_NotifyIconA
Shell_NotifyIconGetRect
Shell_NotifyIconW
SignalFileOpen
StateRepoNewMenuCache_EnsureCacheAsync
StateRepoNewMenuCache_RebuildCacheAsync
StgMakeUniqueName
StrChrA
StrChrIA
StrChrIW
StrChrW
StrCmpNA
StrCmpNIA
StrCmpNIW
StrCmpNW
StrNCmpA
StrNCmpIA
StrNCmpIW
StrNCmpW
StrRChrA
StrRChrIA
StrRChrIW
StrRChrW
StrRStrA
StrRStrIA
StrRStrIW
StrRStrW
StrStrA
StrStrIA
StrStrIW
StrStrW
UsersLibrariesFolderUI_CreateInstance
WOWShellExecute
WaitForExplorerRestartW
Win32DeleteFile
WriteCabinetState

Sections

.text
Size: 5.7MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 316KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_textinputframework.dll_7FFF038D0000_x64.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
InputFocusChanged
NavigateFocusInfoCreate
TextInputClientCreate
TextInputClientCreate2
TextInputHostCreate
TextInputHostCreate2
TextInputHostCreateEx
TextInputHostGetCurrent
TextInputHostSiteCreate
TextInputServerCreate
TsfOneCreate
tsfGetAsyncKeyState
tsfGetKeyState
tsfGetKeyboardState

Sections

.text
Size: 705KB - Virtual size: 704KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_ucrtbase.dll_7FFF1A990000_x64.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

_Cbuild
_Cmulcc
_Cmulcr
_CreateFrameInfo
_CxxThrowException
_Exit
_FCbuild
_FCmulcc
_FCmulcr
_FindAndUnlinkFrame
_GetImageBase
_GetThrowImageBase
_Getdays
_Getmonths
_Gettnames
_IsExceptionObjectToBeDestroyed
_LCbuild
_LCmulcc
_LCmulcr
_SetImageBase
_SetThrowImageBase
_SetWinRTOutOfMemoryExceptionCallback
_Strftime
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__C_specific_handler
__C_specific_handler_noexcept
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxFrameHandler4
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__NLG_Dispatch2
__NLG_Return2
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
___lc_codepage_func
___lc_collate_cp_func
___lc_locale_name_func
___mb_cur_max_func
___mb_cur_max_l_func
__acrt_iob_func
__conio_common_vcprintf
__conio_common_vcprintf_p
__conio_common_vcprintf_s
__conio_common_vcscanf
__conio_common_vcwprintf
__conio_common_vcwprintf_p
__conio_common_vcwprintf_s
__conio_common_vcwscanf
__current_exception
__current_exception_context
__daylight
__dcrt_get_wide_environment_from_os
__dcrt_initial_narrow_environment
__doserrno
__dstbias
__fpe_flt_rounds
__fpecode
__initialize_lconv_for_unsigned_char
__intrinsic_setjmp
__intrinsic_setjmpex
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__p___argc
__p___argv
__p___wargv
__p__acmdln
__p__commode
__p__environ
__p__fmode
__p__mbcasemap
__p__mbctype
__p__pgmptr
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__processing_throw
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__setusermatherr
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__stdio_common_vfprintf
__stdio_common_vfprintf_p
__stdio_common_vfprintf_s
__stdio_common_vfscanf
__stdio_common_vfwprintf
__stdio_common_vfwprintf_p
__stdio_common_vfwprintf_s
__stdio_common_vfwscanf
__stdio_common_vsnprintf_s
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf
__stdio_common_vsprintf_p
__stdio_common_vsprintf_s
__stdio_common_vsscanf
__stdio_common_vswprintf
__stdio_common_vswprintf_p
__stdio_common_vswprintf_s
__stdio_common_vswscanf
__strncnt
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__wcserror
__wcserror_s
__wcsncnt
_abs64
_access
_access_s
_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_atoll_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_base
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chgsignf
_chmod
_chsize
_chsize_s
_clearfp
_close
_commit
_configthreadlocale
_configure_narrow_argv
_configure_wide_argv
_control87
_controlfp
_controlfp_s
_copysign
_copysignf
_cputs
_cputws
_creat
_create_locale
_crt_at_quick_exit
_crt_atexit
_ctime32
_ctime32_s
_ctime64
_ctime64_s
_cwait
_d_int
_dclass
_dexp
_difftime32
_difftime64
_dlog
_dnorm
_dpcomp
_dpoly
_dscale
_dsign
_dsin
_dtest
_dunscale
_dup
_dup2
_dupenv_s
_ecvt
_ecvt_s
_endthread
_endthreadex
_eof
_errno
_except1
_execl
_execle
_execlp
_execlpe
_execute_onexit_table
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fclose_nolock
_fcloseall
_fcvt
_fcvt_s
_fd_int
_fdclass
_fdexp
_fdlog
_fdnorm
_fdopen
_fdpcomp
_fdpoly
_fdscale
_fdsign
_fdsin
_fdtest
_fdunscale
_fflush_nolock
_fgetc_nolock
_fgetchar
_fgetwc_nolock
_fgetwchar
_filelength
_filelengthi64
_fileno
_findclose
_findfirst32
_findfirst32i64
_findfirst64
_findfirst64i32
_findnext32
_findnext32i64
_findnext64
_findnext64i32
_finite
_finitef
_flushall
_fpclass
_fpclassf
_fpieee_flt
_fpreset
_fputc_nolock
_fputchar
_fputwc_nolock
_fputwchar
_fread_nolock
_fread_nolock_s
_free_base
_free_locale
_fseek_nolock
_fseeki64
_fseeki64_nolock
_fsopen
_fstat32
_fstat32i64
_fstat64
_fstat64i32
_ftell_nolock
_ftelli64
_ftelli64_nolock
_ftime32
_ftime32_s
_ftime64
_ftime64_s
_fullpath
_futime32
_futime64
_fwrite_nolock
_gcvt
_gcvt_s
_get_FMA3_enable
_get_current_locale
_get_daylight
_get_doserrno
_get_dstbias
_get_errno
_get_fmode
_get_heap_handle
_get_initial_narrow_environment
_get_initial_wide_environment
_get_invalid_parameter_handler
_get_narrow_winmain_command_line
_get_osfhandle
_get_pgmptr
_get_printf_count_output
_get_purecall_handler
_get_stream_buffer_pointers
_get_terminate
_get_thread_local_invalid_parameter_handler
_get_timezone
_get_tzname
_get_unexpected
_get_wide_winmain_command_line
_get_wpgmptr
_getc_nolock
_getch
_getch_nolock
_getche
_getche_nolock
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getwc_nolock
_getwch
_getwch_nolock
_getwche
_getwche_nolock
_getws
_getws_s
_gmtime32
_gmtime32_s
_gmtime64
_gmtime64_s
_heapchk
_heapmin
_heapwalk
_hypot
_hypotf
_i64toa
_i64toa_s
_i64tow
_i64tow_s
_initialize_narrow_environment
_initialize_onexit_table
_initialize_wide_environment
_initterm
_initterm_e
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_invoke_watson
_is_exception_typeof
_isalnum_l
_isalpha_l
_isatty
_isblank_l
_iscntrl_l
_isctype
_isctype_l
_isdigit_l
_isgraph_l
_isleadbyte_l
_islower_l
_ismbbalnum
_ismbbalnum_l
_ismbbalpha
_ismbbalpha_l
_ismbbblank
_ismbbblank_l
_ismbbgraph
_ismbbgraph_l
_ismbbkalnum
_ismbbkalnum_l
_ismbbkana
_ismbbkana_l
_ismbbkprint
_ismbbkprint_l
_ismbbkpunct
_ismbbkpunct_l
_ismbblead
_ismbblead_l
_ismbbprint
_ismbbprint_l
_ismbbpunct
_ismbbpunct_l
_ismbbtrail
_ismbbtrail_l
_ismbcalnum
_ismbcalnum_l
_ismbcalpha
_ismbcalpha_l
_ismbcblank
_ismbcblank_l
_ismbcdigit
_ismbcdigit_l
_ismbcgraph
_ismbcgraph_l
_ismbchira
_ismbchira_l
_ismbckata
_ismbckata_l
_ismbcl0
_ismbcl0_l
_ismbcl1
_ismbcl1_l
_ismbcl2
_ismbcl2_l
_ismbclegal
_ismbclegal_l
_ismbclower
_ismbclower_l
_ismbcprint
_ismbcprint_l
_ismbcpunct
_ismbcpunct_l
_ismbcspace
_ismbcspace_l
_ismbcsymbol
_ismbcsymbol_l
_ismbcupper
_ismbcupper_l
_ismbslead
_ismbslead_l
_ismbstrail
_ismbstrail_l
_isnan
_isnanf
_isprint_l
_ispunct_l
_isspace_l
_isupper_l
_iswalnum_l
_iswalpha_l
_iswblank_l
_iswcntrl_l
_iswcsym_l
_iswcsymf_l
_iswctype_l
_iswdigit_l
_iswgraph_l
_iswlower_l
_iswprint_l
_iswpunct_l
_iswspace_l
_iswupper_l
_iswxdigit_l
_isxdigit_l
_itoa
_itoa_s
_itow
_itow_s
_j0
_j1
_jn
_kbhit
_ld_int
_ldclass
_ldexp
_ldlog
_ldpcomp
_ldpoly
_ldscale
_ldsign
_ldsin
_ldtest
_ldunscale
_lfind
_lfind_s
_loaddll
_local_unwind

Sections

.text
Size: 718KB - Virtual size: 718KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_user32.dll_7FFF1B480000_x64.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

ActivateKeyboardLayout
AddClipboardFormatListener
AddVisualIdentifier
AdjustWindowRect
AdjustWindowRectEx
AdjustWindowRectExForDpi
AlignRects
AllowForegroundActivation
AllowSetForegroundWindow
AnimateWindow
AnyPopup
AppendMenuA
AppendMenuW
AreDpiAwarenessContextsEqual
ArrangeIconicWindows
AttachThreadInput
BeginDeferWindowPos
BeginPaint
BlockInput
BringWindowToTop
BroadcastSystemMessage
BroadcastSystemMessageA
BroadcastSystemMessageExA
BroadcastSystemMessageExW
BroadcastSystemMessageW
BuildReasonArray
CalcMenuBar
CalculatePopupWindowPosition
CallMsgFilter
CallMsgFilterA
CallMsgFilterW
CallNextHookEx
CallWindowProcA
CallWindowProcW
CancelShutdown
CascadeChildWindows
CascadeWindows
ChangeClipboardChain
ChangeDisplaySettingsA
ChangeDisplaySettingsExA
ChangeDisplaySettingsExW
ChangeDisplaySettingsW
ChangeMenuA
ChangeMenuW
ChangeWindowMessageFilter
ChangeWindowMessageFilterEx
CharLowerA
CharLowerBuffA
CharLowerBuffW
CharLowerW
CharNextA
CharNextExA
CharNextW
CharPrevA
CharPrevExA
CharPrevW
CharToOemA
CharToOemBuffA
CharToOemBuffW
CharToOemW
CharUpperA
CharUpperBuffA
CharUpperBuffW
CharUpperW
CheckBannedOneCoreTransformApi
CheckDBCSEnabledExt
CheckDlgButton
CheckMenuItem
CheckMenuRadioItem
CheckProcessForClipboardAccess
CheckProcessSession
CheckRadioButton
CheckWindowThreadDesktop
ChildWindowFromPoint
ChildWindowFromPointEx
CliImmSetHotKey
ClientThreadSetup
ClientToScreen
ClipCursor
CloseClipboard
CloseDesktop
CloseGestureInfoHandle
CloseTouchInputHandle
CloseWindow
CloseWindowStation
ConsoleControl
ControlMagnification
CopyAcceleratorTableA
CopyAcceleratorTableW
CopyIcon
CopyImage
CopyRect
CountClipboardFormats
CreateAcceleratorTableA
CreateAcceleratorTableW
CreateCaret
CreateCursor
CreateDCompositionHwndTarget
CreateDesktopA
CreateDesktopExA
CreateDesktopExW
CreateDesktopW
CreateDialogIndirectParamA
CreateDialogIndirectParamAorW
CreateDialogIndirectParamW
CreateDialogParamA
CreateDialogParamW
CreateIcon
CreateIconFromResource
CreateIconFromResourceEx
CreateIconIndirect
CreateMDIWindowA
CreateMDIWindowW
CreateMenu
CreatePopupMenu
CreateSyntheticPointerDevice
CreateSystemThreads
CreateWindowExA
CreateWindowExW
CreateWindowInBand
CreateWindowInBandEx
CreateWindowIndirect
CreateWindowStationA
CreateWindowStationW
CsrBroadcastSystemMessageExW
CtxInitUser32
DdeAbandonTransaction
DdeAccessData
DdeAddData
DdeClientTransaction
DdeCmpStringHandles
DdeConnect
DdeConnectList
DdeCreateDataHandle
DdeCreateStringHandleA
DdeCreateStringHandleW
DdeDisconnect
DdeDisconnectList
DdeEnableCallback
DdeFreeDataHandle
DdeFreeStringHandle
DdeGetData
DdeGetLastError
DdeGetQualityOfService
DdeImpersonateClient
DdeInitializeA
DdeInitializeW
DdeKeepStringHandle
DdeNameService
DdePostAdvise
DdeQueryConvInfo
DdeQueryNextServer
DdeQueryStringA
DdeQueryStringW
DdeReconnect
DdeSetQualityOfService
DdeSetUserHandle
DdeUnaccessData
DdeUninitialize
DefDlgProcA
DefDlgProcW
DefFrameProcA
DefFrameProcW
DefMDIChildProcA
DefMDIChildProcW
DefRawInputProc
DefWindowProcA
DefWindowProcW
DeferWindowPos
DeferWindowPosAndBand
DelegateInput
DeleteMenu
DeregisterShellHookWindow
DestroyAcceleratorTable
DestroyCaret
DestroyCursor
DestroyDCompositionHwndTarget
DestroyIcon
DestroyMenu
DestroyReasons
DestroySyntheticPointerDevice
DestroyWindow
DialogBoxIndirectParamA
DialogBoxIndirectParamAorW
DialogBoxIndirectParamW
DialogBoxParamA
DialogBoxParamW
DisableProcessWindowsGhosting
DispatchMessageA
DispatchMessageW
DisplayConfigGetDeviceInfo
DisplayConfigSetDeviceInfo
DisplayExitWindowsWarnings
DlgDirListA
DlgDirListComboBoxA
DlgDirListComboBoxW
DlgDirListW
DlgDirSelectComboBoxExA
DlgDirSelectComboBoxExW
DlgDirSelectExA
DlgDirSelectExW
DoSoundConnect
DoSoundDisconnect
DragDetect
DragObject
DrawAnimatedRects
DrawCaption
DrawCaptionTempA
DrawCaptionTempW
DrawEdge
DrawFocusRect
DrawFrame
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawMenuBarTemp
DrawStateA
DrawStateW
DrawTextA
DrawTextExA
DrawTextExW
DrawTextW
DwmGetDxRgn
DwmGetDxSharedSurface
DwmGetRemoteSessionOcclusionEvent
DwmGetRemoteSessionOcclusionState
DwmKernelShutdown
DwmKernelStartup
DwmLockScreenUpdates
DwmValidateWindow
EditWndProc
EmptyClipboard
EnableMenuItem
EnableMouseInPointer
EnableNonClientDpiScaling
EnableOneCoreTransformMode
EnableScrollBar
EnableSessionForMMCSS
EnableWindow
EndDeferWindowPos
EndDeferWindowPosEx
EndDialog
EndMenu
EndPaint
EndTask
EnterReaderModeHelper
EnumChildWindows
EnumClipboardFormats
EnumDesktopWindows
EnumDesktopsA
EnumDesktopsW
EnumDisplayDevicesA
EnumDisplayDevicesW
EnumDisplayMonitors
EnumDisplaySettingsA
EnumDisplaySettingsExA
EnumDisplaySettingsExW
EnumDisplaySettingsW
EnumPropsA
EnumPropsExA
EnumPropsExW
EnumPropsW
EnumThreadWindows
EnumWindowStationsA
EnumWindowStationsW
EnumWindows
EqualRect
EvaluateProximityToPolygon
EvaluateProximityToRect
ExcludeUpdateRgn
ExitWindowsEx
FillRect
FindWindowA
FindWindowExA
FindWindowExW
FindWindowW
FlashWindow
FlashWindowEx
FrameRect
FreeDDElParam
FrostCrashedWindow
GetActiveWindow
GetAltTabInfo
GetAltTabInfoA
GetAltTabInfoW
GetAncestor
GetAppCompatFlags
GetAppCompatFlags2
GetAsyncKeyState
GetAutoRotationState
GetAwarenessFromDpiAwarenessContext
GetCIMSSM
GetCapture
GetCaretBlinkTime
GetCaretPos
GetClassInfoA
GetClassInfoExA
GetClassInfoExW
GetClassInfoW
GetClassLongA
GetClassLongPtrA
GetClassLongPtrW
GetClassLongW
GetClassNameA
GetClassNameW
GetClassWord
GetClientRect
GetClipCursor
GetClipboardAccessToken
GetClipboardData
GetClipboardFormatNameA
GetClipboardFormatNameW
GetClipboardOwner
GetClipboardSequenceNumber
GetClipboardViewer
GetComboBoxInfo
GetCurrentInputMessageSource
GetCursor
GetCursorFrameInfo
GetCursorInfo
GetCursorPos
GetDC
GetDCEx
GetDesktopID
GetDesktopWindow
GetDialogBaseUnits
GetDialogControlDpiChangeBehavior
GetDialogDpiChangeBehavior
GetDisplayAutoRotationPreferences
GetDisplayConfigBufferSizes
GetDlgCtrlID
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
GetDlgItemTextW
GetDoubleClickTime
GetDpiAwarenessContextForProcess
GetDpiForMonitorInternal
GetDpiForSystem
GetDpiForWindow
GetDpiFromDpiAwarenessContext
GetExtendedPointerDeviceProperty
GetFocus
GetForegroundWindow
GetGUIThreadInfo
GetGestureConfig
GetGestureExtraArgs
GetGestureInfo
GetGuiResources
GetIconInfo
GetIconInfoExA
GetIconInfoExW
GetInputDesktop
GetInputLocaleInfo
GetInputState
GetInternalWindowPos
GetKBCodePage
GetKeyNameTextA
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameA
GetKeyboardLayoutNameW
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetLastInputInfo
GetLayeredWindowAttributes
GetListBoxInfo
GetMagnificationDesktopColorEffect
GetMagnificationDesktopMagnification
GetMagnificationDesktopSamplingMode
GetMagnificationLensCtxInformation
GetMenu
GetMenuBarInfo
GetMenuCheckMarkDimensions
GetMenuContextHelpId
GetMenuDefaultItem
GetMenuInfo
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuItemInfoW
GetMenuItemRect
GetMenuState
GetMenuStringA
GetMenuStringW
GetMessageA
GetMessageExtraInfo
GetMessagePos
GetMessageTime
GetMessageW
GetMonitorInfoA
GetMonitorInfoW
GetMouseMovePointsEx
GetNextDlgGroupItem
GetNextDlgTabItem
GetOpenClipboardWindow
GetParent
GetPhysicalCursorPos
GetPointerCursorId
GetPointerDevice
GetPointerDeviceCursors
GetPointerDeviceInputSpace
GetPointerDeviceOrientation
GetPointerDeviceProperties
GetPointerDeviceRects
GetPointerDevices
GetPointerFrameArrivalTimes
GetPointerFrameInfo
GetPointerFrameInfoHistory
GetPointerFramePenInfo
GetPointerFramePenInfoHistory
GetPointerFrameTimes
GetPointerFrameTouchInfo
GetPointerFrameTouchInfoHistory
GetPointerInfo
GetPointerInfoHistory
GetPointerInputTransform
GetPointerPenInfo
GetPointerPenInfoHistory
GetPointerTouchInfo
GetPointerTouchInfoHistory
GetPointerType
GetPriorityClipboardFormat
GetProcessDefaultLayout
GetProcessDpiAwarenessInternal
GetProcessUIContextInformation
GetProcessWindowStation
GetProgmanWindow
GetPropA
GetPropW
GetQueueStatus
GetRawInputBuffer
GetRawInputData
GetRawInputDeviceInfoA
GetRawInputDeviceInfoW
GetRawInputDeviceList
GetRawPointerDeviceData
GetReasonTitleFromReasonCode
GetRegisteredRawInputDevices
GetScrollBarInfo
GetScrollInfo
GetScrollPos
GetScrollRange
GetSendMessageReceiver
GetShellChangeNotifyWindow
GetShellWindow
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemDpiForProcess
GetSystemMenu
GetSystemMetrics
GetSystemMetricsForDpi
GetTabbedTextExtentA
GetTabbedTextExtentW
GetTaskmanWindow
GetThreadDesktop
GetThreadDpiAwarenessContext
GetThreadDpiHostingBehavior
GetTitleBarInfo
GetTopLevelWindow
GetTopWindow
GetTouchInputInfo
GetUnpredictedMessagePos
GetUpdateRect
GetUpdateRgn
GetUpdatedClipboardFormats
GetUserObjectInformationA
GetUserObjectInformationW
GetUserObjectSecurity
GetWinStationInfo
GetWindow
GetWindowBand
GetWindowCompositionAttribute
GetWindowCompositionInfo
GetWindowContextHelpId
GetWindowDC
GetWindowDisplayAffinity
GetWindowDpiAwarenessContext
GetWindowDpiHostingBehavior
GetWindowFeedbackSetting
GetWindowInfo
GetWindowLongA
GetWindowLongPtrA
GetWindowLongPtrW
GetWindowLongW
GetWindowMinimizeRect
GetWindowModuleFileName
GetWindowModuleFileNameA
GetWindowModuleFileNameW
GetWindowPlacement
GetWindowProcessHandle
GetWindowRect
GetWindowRgn
GetWindowRgnBox
GetWindowRgnEx

Sections

.text
Size: 573KB - Virtual size: 572KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 900KB - Virtual size: 900KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_uxtheme.dll_7FFF177A0000_x64.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

BeginBufferedAnimation
BeginBufferedPaint
BeginPanningFeedback
BufferedPaintClear
BufferedPaintInit
BufferedPaintRenderAnimation
BufferedPaintSetAlpha
BufferedPaintStopAllAnimations
BufferedPaintUnInit
CloseThemeData
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DrawThemeBackground
DrawThemeBackgroundEx
DrawThemeEdge
DrawThemeIcon
DrawThemeParentBackground
DrawThemeParentBackgroundEx
DrawThemeText
DrawThemeTextEx
EnableThemeDialogTexture
EnableTheming
EndBufferedAnimation
EndBufferedPaint
EndPanningFeedback
GetBufferedPaintBits
GetBufferedPaintDC
GetBufferedPaintTargetDC
GetBufferedPaintTargetRect
GetColorFromPreference
GetCurrentThemeName
GetImmersiveColorFromColorSetEx
GetImmersiveUserColorSetPreference
GetThemeAnimationProperty
GetThemeAnimationTransform
GetThemeAppProperties
GetThemeBackgroundContentRect
GetThemeBackgroundExtent
GetThemeBackgroundRegion
GetThemeBitmap
GetThemeBool
GetThemeColor
GetThemeDocumentationProperty
GetThemeEnumValue
GetThemeFilename
GetThemeFont
GetThemeInt
GetThemeIntList
GetThemeMargins
GetThemeMetric
GetThemePartSize
GetThemePosition
GetThemePropertyOrigin
GetThemeRect
GetThemeStream
GetThemeString
GetThemeSysBool
GetThemeSysColor
GetThemeSysColorBrush
GetThemeSysFont
GetThemeSysInt
GetThemeSysSize
GetThemeSysString
GetThemeTextExtent
GetThemeTextMetrics
GetThemeTimingFunction
GetThemeTransitionDuration
GetUserColorPreference
GetWindowTheme
HitTestThemeBackground
IsAppThemed
IsCompositionActive
IsThemeActive
IsThemeBackgroundPartiallyTransparent
IsThemeDialogTextureEnabled
IsThemePartDefined
OpenThemeData
OpenThemeDataEx
OpenThemeDataForDpi
SetThemeAppProperties
SetWindowTheme
SetWindowThemeAttribute
ThemeInitApiHook
UpdatePanningFeedback

Sections

.text
Size: 373KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_win32u.dll_7FFF1A3B0000_x64.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

NtBindCompositionSurface
NtCloseCompositionInputSink
NtCompositionInputThread
NtCompositionSetDropTarget
NtCompositorNotifyExitWindows
NtCompositorNotifyForegroundChanged
NtCompositorUpdateLastInputTime
NtConfigureInputSpace
NtCreateCompositionInputSink
NtCreateCompositionSurfaceHandle
NtCreateImplicitCompositionInputSink
NtDCompositionAddCrossDeviceVisualChild
NtDCompositionBeginFrame
NtDCompositionCommitChannel
NtDCompositionCommitSynchronizationObject
NtDCompositionConfirmFrame
NtDCompositionConnectPipe
NtDCompositionCreateAndBindSharedSection
NtDCompositionCreateChannel
NtDCompositionCreateConnection
NtDCompositionCreateDwmChannel
NtDCompositionCreateSharedResourceHandle
NtDCompositionCreateSynchronizationObject
NtDCompositionDestroyChannel
NtDCompositionDestroyConnection
NtDCompositionDiscardFrame
NtDCompositionDuplicateHandleToProcess
NtDCompositionDuplicateSwapchainHandleToDwm
NtDCompositionEnableMMCSS
NtDCompositionGetBatchId
NtDCompositionGetChannels
NtDCompositionGetConnectionBatch
NtDCompositionGetDeletedResources
NtDCompositionGetFrameLegacyTokens
NtDCompositionGetFrameStatistics
NtDCompositionGetFrameSurfaceUpdates
NtDCompositionGetMaterialProperty
NtDCompositionProcessChannelBatchBuffer
NtDCompositionReferenceSharedResourceOnDwmChannel
NtDCompositionRegisterThumbnailVisual
NtDCompositionRegisterVirtualDesktopVisual
NtDCompositionReleaseAllResources
NtDCompositionRemoveCrossDeviceVisualChild
NtDCompositionRetireFrame
NtDCompositionSetChannelCommitCompletionEvent
NtDCompositionSetChannelConnectionId
NtDCompositionSetChildRootVisual
NtDCompositionSetDebugCounter
NtDCompositionSetMaterialProperty
NtDCompositionSubmitDWMBatch
NtDCompositionSuspendAnimations
NtDCompositionSynchronize
NtDCompositionTelemetryAnimationScenarioBegin
NtDCompositionTelemetryAnimationScenarioReference
NtDCompositionTelemetryAnimationScenarioUnreference
NtDCompositionTelemetrySetApplicationId
NtDCompositionTelemetryTouchInteractionBegin
NtDCompositionTelemetryTouchInteractionEnd
NtDCompositionTelemetryTouchInteractionUpdate
NtDCompositionUpdatePointerCapture
NtDCompositionWaitForChannel
NtDesktopCaptureBits
NtDuplicateCompositionInputSink
NtDxgkCreateTrackedWorkload
NtDxgkDestroyTrackedWorkload
NtDxgkDispMgrOperation
NtDxgkDisplayPortOperation
NtDxgkDuplicateHandle
NtDxgkEnumAdapters3
NtDxgkGetAvailableTrackedWorkloadIndex
NtDxgkGetProcessList
NtDxgkGetTrackedWorkloadStatistics
NtDxgkOutputDuplPresentToHwQueue
NtDxgkPinResources
NtDxgkRegisterVailProcess
NtDxgkResetTrackedWorkloadStatistics
NtDxgkSubmitPresentBltToHwQueue
NtDxgkSubmitPresentToHwQueue
NtDxgkUnpinResources
NtDxgkUpdateTrackedWorkload
NtDxgkVailConnect
NtDxgkVailDisconnect
NtDxgkVailPromoteCompositionSurface
NtEnableOneCoreTransformMode
NtFlipObjectAddContent
NtFlipObjectAddPoolBuffer
NtFlipObjectConsumerAcquirePresent
NtFlipObjectConsumerAdjustUsageReference
NtFlipObjectConsumerBeginProcessPresent
NtFlipObjectConsumerEndProcessPresent
NtFlipObjectConsumerPostMessage
NtFlipObjectConsumerQueryBufferInfo
NtFlipObjectCreate
NtFlipObjectDisconnectEndpoint
NtFlipObjectEnablePresentStatisticsType
NtFlipObjectOpen
NtFlipObjectPresentCancel
NtFlipObjectQueryBufferAvailableEvent
NtFlipObjectQueryEndpointConnected
NtFlipObjectQueryNextMessageToProducer
NtFlipObjectReadNextMessageToProducer
NtFlipObjectRemoveContent
NtFlipObjectRemovePoolBuffer
NtFlipObjectSetContent
NtFlipObjectSetMaximumBackchannelQueueDepth
NtGdiAbortDoc
NtGdiAbortPath
NtGdiAddEmbFontToDC
NtGdiAddFontMemResourceEx
NtGdiAddFontResourceW
NtGdiAddInitialFonts
NtGdiAddRemoteFontToDC
NtGdiAddRemoteMMInstanceToDC
NtGdiAlphaBlend
NtGdiAngleArc
NtGdiAnyLinkedFonts
NtGdiArcInternal
NtGdiBRUSHOBJ_DeleteRbrush
NtGdiBRUSHOBJ_hGetColorTransform
NtGdiBRUSHOBJ_pvAllocRbrush
NtGdiBRUSHOBJ_pvGetRbrush
NtGdiBRUSHOBJ_ulGetBrushColor
NtGdiBeginGdiRendering
NtGdiBeginPath
NtGdiBitBlt
NtGdiCLIPOBJ_bEnum
NtGdiCLIPOBJ_cEnumStart
NtGdiCLIPOBJ_ppoGetPath
NtGdiCancelDC
NtGdiChangeGhostFont
NtGdiCheckBitmapBits
NtGdiClearBitmapAttributes
NtGdiClearBrushAttributes
NtGdiCloseFigure
NtGdiColorCorrectPalette
NtGdiCombineRgn
NtGdiCombineTransform
NtGdiComputeXformCoefficients
NtGdiConfigureOPMProtectedOutput
NtGdiConvertMetafileRect
NtGdiCreateBitmap
NtGdiCreateBitmapFromDxSurface
NtGdiCreateBitmapFromDxSurface2
NtGdiCreateClientObj
NtGdiCreateColorSpace
NtGdiCreateColorTransform
NtGdiCreateCompatibleBitmap
NtGdiCreateCompatibleDC
NtGdiCreateDIBBrush
NtGdiCreateDIBSection
NtGdiCreateDIBitmapInternal
NtGdiCreateEllipticRgn
NtGdiCreateHalftonePalette
NtGdiCreateHatchBrushInternal
NtGdiCreateMetafileDC
NtGdiCreateOPMProtectedOutput
NtGdiCreateOPMProtectedOutputs
NtGdiCreatePaletteInternal
NtGdiCreatePatternBrushInternal
NtGdiCreatePen
NtGdiCreateRectRgn
NtGdiCreateRoundRectRgn
NtGdiCreateServerMetaFile
NtGdiCreateSessionMappedDIBSection
NtGdiCreateSolidBrush
NtGdiDDCCIGetCapabilitiesString
NtGdiDDCCIGetCapabilitiesStringLength
NtGdiDDCCIGetTimingReport
NtGdiDDCCIGetVCPFeature
NtGdiDDCCISaveCurrentSettings
NtGdiDDCCISetVCPFeature
NtGdiDdCreateFullscreenSprite
NtGdiDdDDIAbandonSwapChain
NtGdiDdDDIAcquireKeyedMutex
NtGdiDdDDIAcquireKeyedMutex2
NtGdiDdDDIAcquireSwapChain
NtGdiDdDDIAddSurfaceToSwapChain
NtGdiDdDDIAdjustFullscreenGamma
NtGdiDdDDICacheHybridQueryValue
NtGdiDdDDIChangeVideoMemoryReservation
NtGdiDdDDICheckExclusiveOwnership
NtGdiDdDDICheckMonitorPowerState
NtGdiDdDDICheckMultiPlaneOverlaySupport
NtGdiDdDDICheckMultiPlaneOverlaySupport2
NtGdiDdDDICheckMultiPlaneOverlaySupport3
NtGdiDdDDICheckOcclusion
NtGdiDdDDICheckSharedResourceAccess
NtGdiDdDDICheckVidPnExclusiveOwnership
NtGdiDdDDICloseAdapter
NtGdiDdDDIConfigureSharedResource
NtGdiDdDDICreateAllocation
NtGdiDdDDICreateBundleObject
NtGdiDdDDICreateContext
NtGdiDdDDICreateContextVirtual
NtGdiDdDDICreateDCFromMemory
NtGdiDdDDICreateDevice
NtGdiDdDDICreateHwContext
NtGdiDdDDICreateHwQueue
NtGdiDdDDICreateKeyedMutex
NtGdiDdDDICreateKeyedMutex2
NtGdiDdDDICreateOutputDupl
NtGdiDdDDICreateOverlay
NtGdiDdDDICreatePagingQueue
NtGdiDdDDICreateProtectedSession
NtGdiDdDDICreateSwapChain
NtGdiDdDDICreateSynchronizationObject
NtGdiDdDDIDDisplayEnum
NtGdiDdDDIDestroyAllocation
NtGdiDdDDIDestroyAllocation2
NtGdiDdDDIDestroyContext
NtGdiDdDDIDestroyDCFromMemory
NtGdiDdDDIDestroyDevice
NtGdiDdDDIDestroyHwContext
NtGdiDdDDIDestroyHwQueue
NtGdiDdDDIDestroyKeyedMutex
NtGdiDdDDIDestroyOutputDupl
NtGdiDdDDIDestroyOverlay
NtGdiDdDDIDestroyPagingQueue
NtGdiDdDDIDestroyProtectedSession
NtGdiDdDDIDestroySynchronizationObject
NtGdiDdDDIDispMgrCreate
NtGdiDdDDIDispMgrSourceOperation
NtGdiDdDDIDispMgrTargetOperation
NtGdiDdDDIEnumAdapters
NtGdiDdDDIEnumAdapters2
NtGdiDdDDIEscape
NtGdiDdDDIEvict
NtGdiDdDDIExtractBundleObject
NtGdiDdDDIFlipOverlay
NtGdiDdDDIFlushHeapTransitions
NtGdiDdDDIFreeGpuVirtualAddress
NtGdiDdDDIGetAllocationPriority
NtGdiDdDDIGetCachedHybridQueryValue
NtGdiDdDDIGetContextInProcessSchedulingPriority
NtGdiDdDDIGetContextSchedulingPriority
NtGdiDdDDIGetDWMVerticalBlankEvent
NtGdiDdDDIGetDeviceState
NtGdiDdDDIGetDisplayModeList
NtGdiDdDDIGetMemoryBudgetTarget
NtGdiDdDDIGetMultiPlaneOverlayCaps
NtGdiDdDDIGetMultisampleMethodList
NtGdiDdDDIGetOverlayState
NtGdiDdDDIGetPostCompositionCaps
NtGdiDdDDIGetPresentHistory
NtGdiDdDDIGetPresentQueueEvent
NtGdiDdDDIGetProcessDeviceRemovalSupport
NtGdiDdDDIGetProcessSchedulingPriorityBand
NtGdiDdDDIGetProcessSchedulingPriorityClass
NtGdiDdDDIGetResourcePresentPrivateDriverData
NtGdiDdDDIGetRuntimeData
NtGdiDdDDIGetScanLine
NtGdiDdDDIGetSetSwapChainMetadata
NtGdiDdDDIGetSharedPrimaryHandle
NtGdiDdDDIGetSharedResourceAdapterLuid
NtGdiDdDDIGetSharedResourceAdapterLuidFlipManager
NtGdiDdDDIGetYieldPercentage
NtGdiDdDDIInvalidateActiveVidPn
NtGdiDdDDIInvalidateCache
NtGdiDdDDILock
NtGdiDdDDILock2
NtGdiDdDDIMakeResident
NtGdiDdDDIMapGpuVirtualAddress
NtGdiDdDDIMarkDeviceAsError
NtGdiDdDDINetDispGetNextChunkInfo
NtGdiDdDDINetDispQueryMiracastDisplayDeviceStatus
NtGdiDdDDINetDispQueryMiracastDisplayDeviceSupport
NtGdiDdDDINetDispStartMiracastDisplayDevice
NtGdiDdDDINetDispStopMiracastDisplayDevice
NtGdiDdDDIOfferAllocations
NtGdiDdDDIOpenAdapterFromDeviceName
NtGdiDdDDIOpenAdapterFromHdc
NtGdiDdDDIOpenAdapterFromLuid
NtGdiDdDDIOpenBundleObjectNtHandleFromName
NtGdiDdDDIOpenKeyedMutex
NtGdiDdDDIOpenKeyedMutex2
NtGdiDdDDIOpenKeyedMutexFromNtHandle
NtGdiDdDDIOpenNtHandleFromName
NtGdiDdDDIOpenProtectedSessionFromNtHandle
NtGdiDdDDIOpenResource
NtGdiDdDDIOpenResourceFromNtHandle
NtGdiDdDDIOpenSwapChain
NtGdiDdDDIOpenSyncObjectFromNtHandle
NtGdiDdDDIOpenSyncObjectFromNtHandle2
NtGdiDdDDIOpenSyncObjectNtHandleFromName
NtGdiDdDDIOpenSynchronizationObject
NtGdiDdDDIOutputDuplGetFrameInfo
NtGdiDdDDIOutputDuplGetMetaData
NtGdiDdDDIOutputDuplGetPointerShapeData
NtGdiDdDDIOutputDuplPresent
NtGdiDdDDIOutputDuplReleaseFrame
NtGdiDdDDIPollDisplayChildren
NtGdiDdDDIPresent
NtGdiDdDDIPresentMultiPlaneOverlay
NtGdiDdDDIPresentMultiPlaneOverlay2
NtGdiDdDDIPresentMultiPlaneOverlay3
NtGdiDdDDIPresentRedirected
NtGdiDdDDIQueryAdapterInfo
NtGdiDdDDIQueryAllocationResidency
NtGdiDdDDIQueryClockCalibration
NtGdiDdDDIQueryFSEBlock
NtGdiDdDDIQueryProcessOfferInfo
NtGdiDdDDIQueryProtectedSessionInfoFromNtHandle
NtGdiDdDDIQueryProtectedSessionStatus
NtGdiDdDDIQueryRemoteVidPnSourceFromGdiDisplayName
NtGdiDdDDIQueryResourceInfo
NtGdiDdDDIQueryResourceInfoFromNtHandle
NtGdiDdDDIQueryStatistics
NtGdiDdDDIQueryVidPnExclusiveOwnership
NtGdiDdDDIQueryVideoMemoryInfo
NtGdiDdDDIReclaimAllocations
NtGdiDdDDIReclaimAllocations2
NtGdiDdDDIReleaseKeyedMutex
NtGdiDdDDIReleaseKeyedMutex2
NtGdiDdDDIReleaseProcessVidPnSourceOwners
NtGdiDdDDIReleaseSwapChain
NtGdiDdDDIRemoveSurfaceFromSwapChain
NtGdiDdDDIRender
NtGdiDdDDIReserveGpuVirtualAddress
NtGdiDdDDISetAllocationPriority
NtGdiDdDDISetContextInProcessSchedulingPriority
NtGdiDdDDISetContextSchedulingPriority
NtGdiDdDDISetDisplayMode
NtGdiDdDDISetDodIndirectSwapchain
NtGdiDdDDISetFSEBlock
NtGdiDdDDISetGammaRamp
NtGdiDdDDISetHwProtectionTeardownRecovery
NtGdiDdDDISetMemoryBudgetTarget
NtGdiDdDDISetMonitorColorSpaceTransform
NtGdiDdDDISetProcessDeviceRemovalSupport
NtGdiDdDDISetProcessSchedulingPriorityBand
NtGdiDdDDISetProcessSchedulingPriorityClass
NtGdiDdDDISetQueuedLimit
NtGdiDdDDISetStablePowerState
NtGdiDdDDISetStereoEnabled
NtGdiDdDDISetSyncRefreshCountWaitTarget
NtGdiDdDDISetVidPnSourceHwProtection
NtGdiDdDDISetVidPnSourceOwner
NtGdiDdDDISetYieldPercentage
NtGdiDdDDIShareObjects
NtGdiDdDDISharedPrimaryLockNotification
NtGdiDdDDISharedPrimaryUnLockNotification
NtGdiDdDDISignalSynchronizationObject
NtGdiDdDDISignalSynchronizationObjectFromCpu
NtGdiDdDDISignalSynchronizationObjectFromGpu
NtGdiDdDDISignalSynchronizationObjectFromGpu2
NtGdiDdDDISubmitCommand
NtGdiDdDDISubmitCommandToHwQueue
NtGdiDdDDISubmitSignalSyncObjectsToHwQueue
NtGdiDdDDISubmitWaitForSyncObjectsToHwQueue
NtGdiDdDDITrimProcessCommitment
NtGdiDdDDIUnOrderedPresentSwapChain
NtGdiDdDDIUnlock
NtGdiDdDDIUnlock2
NtGdiDdDDIUpdateAllocationProperty
NtGdiDdDDIUpdateGpuVirtualAddress
NtGdiDdDDIUpdateOverlay
NtGdiDdDDIWaitForIdle
NtGdiDdDDIWaitForSynchronizationObject
NtGdiDdDDIWaitForSynchronizationObjectFromCpu
NtGdiDdDDIWaitForSynchronizationObjectFromGpu
NtGdiDdDDIWaitForVerticalBlankEvent
NtGdiDdDDIWaitForVerticalBlankEvent2
NtGdiDdDestroyFullscreenSprite
NtGdiDdNotifyFullscreenSpriteUpdate
NtGdiDdQueryVisRgnUniqueness
NtGdiDeleteClientObj
NtGdiDeleteColorSpace
NtGdiDeleteColorTransform
NtGdiDeleteObjectApp
NtGdiDescribePixelFormat
NtGdiDestroyOPMProtectedOutput
NtGdiDestroyPhysicalMonitor
NtGdiDoBanding
NtGdiDoPalette
NtGdiDrawEscape
NtGdiDrawStream
NtGdiDwmCreatedBitmapRemotingOutput
NtGdiEllipse
NtGdiEnableEudc
NtGdiEndDoc
NtGdiEndGdiRendering
NtGdiEndPage
NtGdiEndPath
NtGdiEngAlphaBlend
NtGdiEngAssociateSurface
NtGdiEngBitBlt
NtGdiEngCheckAbort
NtGdiEngComputeGlyphSet
NtGdiEngCopyBits
NtGdiEngCreateBitmap
NtGdiEngCreateClip
NtGdiEngCreateDeviceBitmap
NtGdiEngCreateDeviceSurface
NtGdiEngCreatePalette
NtGdiEngDeleteClip
NtGdiEngDeletePalette
NtGdiEngDeletePath
NtGdiEngDeleteSurface
NtGdiEngEraseSurface
NtGdiEngFillPath
NtGdiEngGradientFill
NtGdiEngLineTo
NtGdiEngLockSurface
NtGdiEngMarkBandingSurface
NtGdiEngPaint
NtGdiEngPlgBlt
NtGdiEngStretchBlt
NtGdiEngStretchBltROP
NtGdiEngStrokeAndFillPath
NtGdiEngStrokePath
NtGdiEngTextOut
NtGdiEngTransparentBlt
NtGdiEngUnlockSurface
NtGdiEnsureDpiDepDefaultGuiFontForPlateau
NtGdiEnumFonts
NtGdiEnumObjects
NtGdiEqualRgn
NtGdiEudcLoadUnloadLink
NtGdiExcludeClipRect
NtGdiExtCreatePen
NtGdiExtCreateRegion
NtGdiExtEscape
NtGdiExtFloodFill
NtGdiExtGetObjectW
NtGdiExtSelectClipRgn
NtGdiExtTextOutW
NtGdiFONTOBJ_cGetAllGlyphHandles
NtGdiFONTOBJ_cGetGlyphs
NtGdiFONTOBJ_pQueryGlyphAttrs
NtGdiFONTOBJ_pfdg
NtGdiFONTOBJ_pifi
NtGdiFONTOBJ_pvTrueTypeFontFile
NtGdiFONTOBJ_pxoGetXform
NtGdiFONTOBJ_vGetInfo
NtGdiFillPath
NtGdiFillRgn
NtGdiFlattenPath
NtGdiFlush
NtGdiFontIsLinked
NtGdiForceUFIMapping
NtGdiFrameRgn
NtGdiFullscreenControl
NtGdiGetAndSetDCDword
NtGdiGetAppClipBox
NtGdiGetAppliedDeviceGammaRamp
NtGdiGetBitmapBits
NtGdiGetBitmapDimension
NtGdiGetBitmapDpiScaleValue
NtGdiGetBoundsRect
NtGdiGetCOPPCompatibleOPMInformation
NtGdiGetCertificate
NtGdiGetCertificateByHandle
NtGdiGetCertificateSize
NtGdiGetCertificateSizeByHandle
NtGdiGetCharABCWidthsW
NtGdiGetCharSet
NtGdiGetCharWidthInfo
NtGdiGetCharWidthW
NtGdiGetCharacterPlacementW
NtGdiGetColorAdjustment
NtGdiGetColorSpaceforBitmap
NtGdiGetCurrentDpiInfo
NtGdiGetDCDpiScaleValue
NtGdiGetDCDword
NtGdiGetDCObject
NtGdiGetDCPoint
NtGdiGetDCforBitmap
NtGdiGetDIBitsInternal
NtGdiGetDeviceCaps
NtGdiGetDeviceCapsAll
NtGdiGetDeviceGammaRamp
NtGdiGetDeviceWidth
NtGdiGetDhpdev
NtGdiGetETM
NtGdiGetEmbUFI
NtGdiGetEmbedFonts
NtGdiGetEntry
NtGdiGetEudcTimeStampEx
NtGdiGetFontData
NtGdiGetFontFileData
NtGdiGetFontFileInfo
NtGdiGetFontResourceInfoInternalW
NtGdiGetFontUnicodeRanges
NtGdiGetGammaRampCapability
NtGdiGetGlyphIndicesW
NtGdiGetGlyphIndicesWInternal
NtGdiGetGlyphOutline
NtGdiGetKerningPairs
NtGdiGetLinkedUFIs
NtGdiGetMiterLimit
NtGdiGetMonitorID
NtGdiGetNearestColor
NtGdiGetNearestPaletteIndex
NtGdiGetNumberOfPhysicalMonitors
NtGdiGetOPMInformation
NtGdiGetOPMRandomNumber
NtGdiGetObjectBitmapHandle
NtGdiGetOutlineTextMetricsInternalW
NtGdiGetPath
NtGdiGetPerBandInfo

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost_exe_PIDbb0_wintypes.dll_7FFF15990000_x64.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
RoCreateNonAgilePropertySet
RoCreatePropertySetSerializer
RoGetBufferMarshaler
RoGetMetaDataFile
RoIsApiContractMajorVersionPresent
RoIsApiContractPresent
RoParseTypeName
RoResolveNamespace

Sections

.text
Size: 482KB - Virtual size: 482KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 734KB - Virtual size: 733KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 593KB - Virtual size: 592KB

.rdata Size: 227KB - Virtual size: 226KB

.data Size: 11KB - Virtual size: 11KB

.pdata Size: 52KB - Virtual size: 52KB

.didat Size: 512B - Virtual size: 504B

.rsrc Size: 56KB - Virtual size: 55KB

.reloc Size: 52KB - Virtual size: 52KB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 15KB - Virtual size: 15KB

.pdata Size: 161KB - Virtual size: 160KB

.didat Size: 512B - Virtual size: 496B

.rsrc Size: 252KB - Virtual size: 252KB

.reloc Size: 84KB - Virtual size: 84KB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 118KB - Virtual size: 118KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 3KB - Virtual size: 3KB

.pdata Size: 4KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 504B

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 20KB - Virtual size: 20KB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 512KB - Virtual size: 512KB

.rdata Size: 207KB - Virtual size: 206KB

.data Size: 4KB - Virtual size: 4KB

.pdata Size: 22KB - Virtual size: 21KB

.didat Size: 512B - Virtual size: 104B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 92KB - Virtual size: 92KB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 18KB - Virtual size: 18KB

.pdata Size: 63KB - Virtual size: 62KB

.didat Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 456KB - Virtual size: 456KB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 842KB - Virtual size: 842KB

.rdata Size: 174KB - Virtual size: 174KB

.data Size: 11KB - Virtual size: 11KB

.pdata Size: 48KB - Virtual size: 48KB

.text
Size: 593KB - Virtual size: 592KB

.rdata
Size: 227KB - Virtual size: 226KB

.data
Size: 11KB - Virtual size: 11KB

.pdata
Size: 52KB - Virtual size: 52KB

.didat
Size: 512B - Virtual size: 504B

.rsrc
Size: 56KB - Virtual size: 55KB

.reloc
Size: 52KB - Virtual size: 52KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 15KB - Virtual size: 15KB

.pdata
Size: 161KB - Virtual size: 160KB

.didat
Size: 512B - Virtual size: 496B

.rsrc
Size: 252KB - Virtual size: 252KB

.reloc
Size: 84KB - Virtual size: 84KB

.text
Size: 118KB - Virtual size: 118KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 3KB - Virtual size: 3KB

.pdata
Size: 4KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 504B

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 20KB - Virtual size: 20KB

.text
Size: 512KB - Virtual size: 512KB

.rdata
Size: 207KB - Virtual size: 206KB

.data
Size: 4KB - Virtual size: 4KB

.pdata
Size: 22KB - Virtual size: 21KB

.didat
Size: 512B - Virtual size: 104B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 92KB - Virtual size: 92KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 18KB - Virtual size: 18KB

.pdata
Size: 63KB - Virtual size: 62KB

.didat
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 456KB - Virtual size: 456KB

.text
Size: 842KB - Virtual size: 842KB

.rdata
Size: 174KB - Virtual size: 174KB

.data
Size: 11KB - Virtual size: 11KB

.pdata
Size: 48KB - Virtual size: 48KB

.didat
Size: 512B - Virtual size: 184B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 48KB - Virtual size: 48KB

.text
Size: 594KB - Virtual size: 594KB

.rdata
Size: 150KB - Virtual size: 149KB

.data
Size: 8KB - Virtual size: 8KB

.pdata
Size: 36KB - Virtual size: 35KB

.didat
Size: 512B - Virtual size: 448B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 32KB - Virtual size: 32KB

.text
Size: 866KB - Virtual size: 865KB

.ndr64
Size: 26KB - Virtual size: 26KB

.rdata
Size: 171KB - Virtual size: 171KB

.data
Size: 6KB - Virtual size: 6KB

.pdata
Size: 50KB - Virtual size: 50KB

.didat
Size: 1024B - Virtual size: 648B

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 80KB - Virtual size: 80KB

.text
Size: 298KB - Virtual size: 297KB

.rdata
Size: 363KB - Virtual size: 363KB

.data
Size: 2KB - Virtual size: 2KB

.pdata
Size: 10KB - Virtual size: 9KB

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 257KB - Virtual size: 256KB

.wpp_sf
Size: 12KB - Virtual size: 11KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 2KB - Virtual size: 2KB

.pdata
Size: 12KB - Virtual size: 12KB

.didat
Size: 512B - Virtual size: 144B

.rsrc
Size: 70KB - Virtual size: 69KB

.reloc
Size: 20KB - Virtual size: 20KB