archive[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

archive.7z
Size

16.9MB
MD5

ebb56b8a9b8bc63b55ce8d18af8eab2a
SHA1

a9ab905180135f68d215f49b6d57471df6b5569f
SHA256

d7b5f30caa3f18578760d50ea5823254848c4f42561523b186ed89436f6bfa0b
SHA512

71fde81ba34976ce0524862583aba10c25f89d38846ebc125b615ba2b7fb09b88723f1a2545169b3726ff0ed8a4cf05e9d35619a376bd1f2cc2312bd48417ba1
SSDEEP

393216:zMoBwrYBaunc5lFOVtrLmxIqDDU5QnjVnuhkkPkhKVZvs:Ao6rsaicvFwtr6x1UAVnoyhKVZvs

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/setup.exe
unpack001/updates/Cache_Data/certmgr.dll
unpack001/updates/Windows.Networking.Vpn.dll
unpack001/updates/WsmSvc.dll
unpack001/updates/dll/SettingsHandlers_OneDriveBackup.dll
unpack001/updates/dll/System.AddIn.dll
unpack001/updates/dll/System.Speech.dll
unpack001/updates/dll/System.Transactions.dll
unpack001/updates/dll/System.Web.DynamicData.Design.dll
unpack001/updates/dll/WindowsBase.resources.dll
unpack001/updates/res_mods/GdiPlus.dll
unpack001/updates/updates/Uninstall/unins000.exe

Files

archive.7z
.7z

Password: 1234
setup.exe
.exe windows:5 windows x86 arch:x86

Password: 1234

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 516KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AgeCampbell/Korea
AlaskaStrip/American
AlaskaStrip/Bio
AlaskaStrip/Finance
AlaskaStrip/Furnishings
AlaskaStrip/Identifier
AlaskaStrip/Jpeg
AlaskaStrip/Networks
AlaskaStrip/Political
AlaskaStrip/Prevent
AlaskaStrip/Probe
AlaskaStrip/Quotes
AlaskaStrip/School
AlaskaStrip/Scout
AlaskaStrip/Tape
LandingCaribbean/Banks
LandingCaribbean/Patents
LandingCaribbean/Pursuit
LandingCaribbean/Sm
ReceiversGuilty/Exclusion
ReceiversGuilty/Retired
TrendsCitations/Bulgarian
TrendsCitations/Drill
TrendsCitations/Ears
updates/Cache_Data/AudioEng.dll
.dll regsvr32 windows:10 windows x86 arch:x86

Password: 1234

40e63787dbd8b01e488b84c1b879e331

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f1:01:e3:e1:c5:ee:48:ab:ed:e3:6c:68:fb:4c:1e:a9:e4:95:a9:75:79:c0:94:fe:bd:90:3a:6f:29:ba:77:15
Signer

Actual PE Digest

f1:01:e3:e1:c5:ee:48:ab:ed:e3:6c:68:fb:4c:1e:a9:e4:95:a9:75:79:c0:94:fe:bd:90:3a:6f:29:ba:77:15

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AUDIOENG.pdb

Imports

oleaut32

VarUI4FromStr

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapReAlloc
HeapSize
HeapAlloc
HeapDestroy
HeapFree

api-ms-win-core-com-l1-1-0

StringFromGUID2
StringFromCLSID
CoCreateFreeThreadedMarshaler
CoDisconnectObject
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoCreateGuid
PropVariantClear
IIDFromString
StringFromIID

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

GetThreadLocale
SetThreadLocale
FormatMessageW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
ReleaseMutex
InitializeCriticalSectionEx
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
InitializeCriticalSection
CreateSemaphoreExW
CreateWaitableTimerExW
CancelWaitableTimer
ReleaseSRWLockExclusive
CreateEventExW
SetWaitableTimer
WaitForSingleObjectEx
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeSRWLock
AcquireSRWLockExclusive
ResetEvent
WaitForSingleObject
OpenSemaphoreW
CreateEventA
CreateEventW
WaitForMultipleObjectsEx
EnterCriticalSection
SetEvent
CreateMutexExW

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
SetThreadPriority
GetCurrentThreadId
TerminateProcess
TlsGetValue
CreateThread

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
LoadResource
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
LockResource
GetProcAddress
GetModuleHandleW
FreeLibrary
DisableThreadLibraryCalls
LoadLibraryExW
FindResourceExW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventActivityIdControl
EventProviderEnabled
EventRegister
EventUnregister

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCreateKeyExA
RegQueryValueExA
RegQueryValueExW
RegGetValueW
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteKeyExW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW

ntdll

RtlAllocateMemoryBlockLookaside
EtwLogTraceEvent
RtlPublishWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
NtQueryInformationProcess
RtlUnlockMemoryBlockLookaside
RtlCreateMemoryBlockLookaside
RtlLockModuleSection
RtlUnlockModuleSection
RtlLockMemoryBlockLookaside
RtlUnlockCurrentThread
RtlFreeMemoryBlockLookaside
RtlLockCurrentThread
RtlReportException
RtlNtStatusToDosError
RtlDestroyMemoryBlockLookaside
RtlExtendMemoryBlockLookaside
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
NtSetTimerResolution
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
NtClose

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
TraceEvent
UnregisterTraceGuids

rpcrt4

RpcStringBindingComposeW
NdrClientCall4
RpcStringFreeW
RpcBindingFromStringBindingW
I_RpcExceptionFilter
RpcBindingFree

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete
WakeByAddressAll
WaitOnAddress
InitOnceInitialize
Sleep

propsys

PropVariantToString
PropVariantToBuffer
PropVariantGetElementCount

api-ms-win-crt-math-l1-1-0

_isnan
_finite

api-ms-win-crt-string-l1-1-0

memmove_s
strnlen
memset
strncmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__wcsicmp
_o__wfopen_s
_o__wmkdir
_o__wstat32
_o__wtof
_o_atoi
_o_calloc
_o_ceil
_o_fclose
_o_fgets
_o_floor
_o_fopen
_o_fread
_o_free
_o_fseek
_o_fwrite
_o_malloc
_o_memcpy_s
_o_qsort
_o_realloc
_o_strcat_s
_o_strcpy_s
_o_strncpy_s
_o_strtod
_o_terminate
_o_toupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstombs_s
strchr
strstr
_except_handler4_common
_o__configure_narrow_argv
_o__CItan
_o__CIsqrt
_o__CIsin
_o__CIpow
_o__CIlog10
_o__CIlog
_o__CIfmod
_o__CIexp
_CxxThrowException
_o__aligned_malloc
memcmp
_o__CIcos
_o__CIatan2
memcpy
_o__aligned_free
_o__CIasin
_o__CIacos
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsscanf
_o___stdio_common_vsprintf_s
_o___acrt_iob_func
__std_terminate
_o___stdio_common_vsprintf
__CxxFrameHandler3
_o__crt_atexit
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___stdio_common_vfprintf_s
_o__cexit
_o___stdio_common_vfprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
memmove

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolTimer
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolTimer
CreateThreadpoolCleanupGroup
SetThreadpoolThreadMaximum
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
SetThreadpoolThreadMinimum
CreateThreadpool
CloseThreadpool
CreateThreadpoolTimer

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsCompareStringOrdinal
WindowsConcatString

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathFindFileNameW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-path-l1-1-0

PathCchRenameExtension

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueue

api-ms-win-core-file-l1-1-0

ReadFile
WriteFile
GetFileSize
CreateFileA

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-memory-l1-1-1

SetProcessWorkingSetSizeEx
GetProcessWorkingSetSizeEx

api-ms-win-core-heap-l2-1-0

LocalAlloc

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

avrt

AvRevertMmThreadCharacteristics
AvTaskIndexYield
AvTaskIndexYieldCancel
AvThreadOpenTaskIndex
AvQuerySystemResponsiveness
AvSetMmThreadCharacteristicsA
AvSetMmThreadPriority
AvSetMultimediaMode

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AERT_Allocate
AERT_Free
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/Cache_Data/CbsCore.dll
.dll windows:10 windows x86 arch:x86

Password: 1234

f6f01a36a4d540ac399445a36f5e9173

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:29

Not After

02/12/2021, 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:0a:c0:ca:0a:e2:c6:60:fe:a7:a0:4e:c6:66:a6:87:2a:4f:c7:08:16:f8:35:d1:f4:e3:f4:75:6d:43:3e:3c
Signer

Actual PE Digest

77:0a:c0:ca:0a:e2:c6:60:fe:a7:a0:4e:c6:66:a6:87:2a:4f:c7:08:16:f8:35:d1:f4:e3:f4:75:6d:43:3e:3c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

cbscore.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__itow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__stricmp
_o__strnicmp
_o__ui64tow_s
_o__wcsnicmp
_o__wtoi
_o__wtol
memmove
_o_free
_o_isdigit
_o_isspace
_o_malloc
_o_memcpy_s
_o_strncpy_s
_o_strtol
_o_toupper
_o_towlower
_o_wcscat_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstoul
_o_wmemcpy_s
wcsstr
wcsrchr
wcschr
_except_handler4_common
_o__crt_atexit
_o__configure_narrow_argv
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__cexit
_o__callnewh
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsscanf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o__execute_onexit_table
_o__invalid_parameter_noinfo
_o__errno
_o__wcsicmp
__CxxFrameHandler3
strrchr
strchr
strstr
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsncmp
strncmp
wcsnlen
memset

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
ReleaseSemaphore
InitializeCriticalSectionEx
ReleaseMutex
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
OpenSemaphoreW
ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockShared
CreateMutexW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
WaitForMultipleObjectsEx
EnterCriticalSection
WaitForSingleObject
ResetEvent
OpenEventW
WaitForSingleObjectEx
SetEvent
TryEnterCriticalSection
CreateEventW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleExW
LoadStringW
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
FreeLibrary
LoadLibraryExA
GetModuleFileNameA

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegSetKeySecurity
RegLoadKeyW
RegUnLoadKeyW
RegEnumValueW
RegQueryValueExW
RegRestoreKeyW
RegSetValueExW
RegDeleteValueW
RegGetKeySecurity
RegQueryInfoKeyW
RegSaveKeyExW
RegCloseKey
RegFlushKey

api-ms-win-core-localization-obsolete-l1-2-0

EnumUILanguagesW
CompareStringA

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetEnvironmentVariableW

api-ms-win-core-file-l1-1-0

WriteFile
SetFileAttributesW
DeleteFileW
GetFileInformationByHandle
SetEndOfFile
CreateDirectoryW
FindClose
GetVolumePathNameW
CreateFileW
ReadFile
GetFileTime
FindNextFileW
FindFirstFileW
CompareFileTime
GetFileSizeEx
GetFullPathNameW
GetFileAttributesW
GetFileSize
GetFinalPathNameByHandleW
SetFileTime
FlushFileBuffers
GetFileAttributesExW
GetDiskFreeSpaceExW
SetFileInformationByHandle
SetFilePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetWindowsDirectoryW
GetSystemTime
GetSystemWindowsDirectoryW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetVersionExW
GetTickCount
GetSystemInfo

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetThreadPriority
TlsGetValue
TlsFree
GetCurrentThread
CreateThread
TlsSetValue
TerminateProcess
SetThreadToken
SetThreadPriority
OpenThreadToken
GetCurrentProcessId
TlsAlloc
GetExitCodeThread
CreateProcessW
GetExitCodeProcess
OpenProcessToken
GetCurrentProcess
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
ResumeThread

api-ms-win-core-registry-l2-1-0

RegDeleteKeyTransactedW
RegOpenKeyTransactedW
RegDeleteKeyW
RegCreateKeyTransactedW

api-ms-win-security-base-l1-1-0

GetKernelObjectSecurity
ImpersonateSelf
GetAclInformation
SetSecurityDescriptorDacl
GetAce
CreateRestrictedToken
DuplicateToken
InitializeSecurityDescriptor
GetTokenInformation
GetLengthSid
IsValidSid
AllocateAndInitializeSid
CopySid
SetFileSecurityW
AdjustTokenPrivileges
DuplicateTokenEx
IsValidAcl
IsValidSecurityDescriptor
DestroyPrivateObjectSecurity
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorControl
CreatePrivateObjectSecurityWithMultipleInheritance
AddAccessAllowedAceEx
InitializeAcl
CheckTokenMembership
AddAce
FreeSid
RevertToSelf

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalLock

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-com-l1-1-0

CoImpersonateClient
CoTaskMemFree
StringFromCLSID
CoRevertToSelf
CoUnmarshalInterface
CoTaskMemAlloc
CLSIDFromString
CoGetMalloc
CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize
CoGetCallContext
CoCreateInstance
StringFromGUID2
CoCreateGuid

api-ms-win-core-kernel32-legacy-l1-1-0

RaiseFailFastException
MoveFileW
CopyFileW
LoadLibraryW

api-ms-win-core-file-l2-1-0

CreateHardLinkW
CopyFileExW
GetFileInformationByHandleEx
MoveFileExW

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventRegister
EventUnregister
EventWriteTransfer
EventProviderEnabled

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-kernel32-private-l1-1-1

PrivCopyFileExW

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW
SetNamedSecurityInfoW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpA

api-ms-win-eventing-legacy-l1-1-0

FlushTraceW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-heap-l1-1-0

HeapFree
HeapDestroy
GetProcessHeap
HeapAlloc
HeapCreate

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetThreadPreferredUILanguages
GetLocaleInfoEx

api-ms-win-core-memory-l1-1-0

WriteProcessMemory
VirtualQueryEx
UnmapViewOfFile
ReadProcessMemory
CreateFileMappingW
MapViewOfFile

api-ms-win-security-cryptoapi-l1-1-0

CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
CryptAcquireContextA
CryptGetHashParam

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-core-file-l1-2-1

GetCompressedFileSizeW

ntdll

NtDeleteValueKey
RtlAddAce
NtQueryAttributesFile
NtFlushBuffersFile
NtDuplicateObject
NtFsControlFile
NtYieldExecution
NtOpenThreadToken
RtlCreateAcl
NtCreateKey
NtOpenKeyTransactedEx
NtQueryVolumeInformationFile
RtlCreateSecurityDescriptor
RtlDestroyEnvironment
NtQueryDirectoryFile
NtQuerySecurityObject
NtSetValueKey
RtlGetDaclSecurityDescriptor
RtlDeleteSecurityObject
RtlCopyUnicodeString
RtlDuplicateUnicodeString
RtlAppendUnicodeStringToString
RtlEqualUnicodeString
RtlLengthSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlMakeSelfRelativeSD
RtlSetEnvironmentVariable
RtlCreateEnvironment
RtlDeleteCriticalSection
RtlQueryInformationAcl
RtlDestroyHeap
RtlLeaveCriticalSection
NtQuerySystemTime
RtlSetControlSecurityDescriptor
RtlAnsiCharToUnicodeChar
RtlUnicodeToMultiByteN
RtlIsTextUnicode
RtlUnicodeToMultiByteSize
RtlConvertSidToUnicodeString
RtlValidAcl
NtAdjustPrivilegesToken
RtlSetSaclSecurityDescriptor
RtlValidSid
NtDuplicateToken
RtlGetSaclSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlAllocateAndInitializeSid
RtlGetGroupSecurityDescriptor
RtlCopySid
RtlSetGroupSecurityDescriptor
RtlFindAceByType
NtQueryInformationToken
NtDelayExecution
RtlGetCurrentTransaction
RtlExpandEnvironmentStrings_U
NtQueryLicenseValue
RtlNtStatusToDosErrorNoTeb
RtlTimeToTimeFields
LdrGetDllHandle
DbgPrint
RtlCreateUnicodeStringFromAsciiz
RtlRunOnceComplete
RtlRunOnceBeginInitialize
RtlFindNextForwardRunClear
RtlNumberOfSetBits
RtlInitializeSRWLock
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlpApplyLengthFunction
NtQueryPerformanceCounter
RtlGetAce
NtOpenKeyEx
RtlSetDaclSecurityDescriptor
NtEnumerateValueKey
NtWriteFile
RtlGetLengthWithoutLastFullDosOrNtPathElement
NtEnumerateKey
RtlSetCurrentTransaction
RtlSetOwnerSecurityDescriptor
NtOpenProcessToken
NtDeleteKey
NtQueryKey
RtlReAllocateHeap
RtlUpcaseUnicodeChar
RtlDowncaseUnicodeChar
DbgPrintEx
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
NtWaitForSingleObject
NtQueryEaFile
RtlReleaseRelativeName
NtSetEaFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtLoadKey2
NtOpenFile
RtlQueryEnvironmentVariable_U
NtSetSecurityObject
NtDeleteFile
RtlNewSecurityObjectEx
NtCreateKeyTransacted
RtlAddAccessAllowedAceEx
RtlCreateEnvironmentEx
NtSetInformationFile
NtReadFile
NtClose
NtQueryInformationProcess
NtQueryOpenSubKeysEx
RtlInitUnicodeString
NtQueryObject
NtSetInformationThread
NtQueryInformationThread
NtCreateTransaction
NtRollbackTransaction
RtlInitUnicodeStringEx
NtCommitTransaction
RtlDosPathNameToNtPathName_U
NtQueryInformationFile
RtlFreeHeap
NtCreateFile
RtlAllocateHeap
RtlLengthSid
NtOpenKey
NtQueryValueKey
LdrGetProcedureAddress
LdrUnloadDll
LdrLoadDll
RtlNtStatusToDosError
RtlDestroyProcessParameters
RtlCreateHeap
RtlCreateProcessParameters
RtlCreateUserProcess
NtResumeThread
RtlFreeSid
NtUnloadKey2
RtlEnterCriticalSection
RtlTimeToSecondsSince1980
RtlInitializeCriticalSection
RtlRaiseStatus

userenv

GetProfilesDirectoryW

rpcrt4

UuidCreate

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

crypt32

CryptMsgUpdate
CertGetSubjectCertificateFromStore
CertVerifyCertificateChainPolicy
CertOpenStore
CertFreeCertificateChain
CryptHashCertificate2
CertCreateCTLContext
CryptDecodeObject
CertFreeCTLContext
CertCreateContext
CryptStringToBinaryW
CertAddStoreToCollection
CertAddEncodedCertificateToStore
CryptMsgClose
CertGetEnhancedKeyUsage
CertCloseStore
CertGetCertificateChain
CertFreeCertificateContext
CryptMsgGetAndVerifySigner
CertFindSubjectInCTL
CryptMsgOpenToDecode
CryptMsgGetParam

bcrypt

BCryptDestroyHash
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptCreateHash
BCryptFinishHash

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain

Exports

Exports

CbsCoreEnsureNoStartupProcessing
CbsCoreFinalize
CbsCoreFinalizeShutdownProcessing
CbsCoreGetActiveOfflineSession
CbsCoreInitialize
CbsCoreInitializeDelayedPortion
CbsCoreIsExecutionEngineIdle
CbsCoreLoadComponentStore
CbsCorePrepareShutdownProcessing
CbsCoreServiceIdleProcessing
CbsCoreSetCustomLogging
CbsCoreSetState
CbsCoreShutdownProcessing
CbsCoreStartupProcessing
CbsCoreStopIdleProcessing
CbsCreateSessionNotify
CbsCreateSessionNotifyFinalize
CbsCreateSessionNotifyInitialize
CbsSetCbsCorePathInOfflineImage
SetRebootInProgressFlag
SetTestMode

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/Cache_Data/Microsoft.Uev.AppAgent.dll
.dll windows:10 windows x86 arch:x86

Password: 1234

63572ceb3e4dacb5a08c6127c47231ff

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a7:45:8d:f3:ea:91:52:2c:3b:1c:86:c0:86:91:fb:2f:cf:15:b5:00:a5:ad:cd:6f:a8:b6:4e:88:3b:80:15:8f
Signer

Actual PE Digest

a7:45:8d:f3:ea:91:52:2c:3b:1c:86:c0:86:91:fb:2f:cf:15:b5:00:a5:ad:cd:6f:a8:b6:4e:88:3b:80:15:8f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Microsoft.Uev.AppAgent.pdb

Imports

msvcrt

___mb_cur_max_func
_ismbblead
memset
islower
_wcsdup
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
__crtCompareStringW
__crtCompareStringA
wcscpy_s
_errno
malloc
__crtLCMapStringW
memmove_s
free
__crtLCMapStringA
_vsnprintf_s
localeconv
_wsetlocale
calloc
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
??3@YAXPAX@Z
abort
realloc
ldexp
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_Getdays
_Getmonths
_W_Getdays
___lc_codepage_func
_W_Getmonths
_W_Gettnames
_Wcsftime
_callnewh
__mb_cur_max
_lock
_Gettnames
?what@exception@@UBEPBDXZ
_unlock
_Strftime
_purecall
setlocale
isspace
_CxxThrowException
tolower
memcpy
___lc_handle_func
memchr
___lc_collate_cp_func
strcspn
memcmp
_wcsicmp
memmove
isalnum
isdigit
isupper
__pctype_func
sprintf_s
__uncaught_exception
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
__dllonexit
??0exception@@QAE@ABV0@@Z
_onexit
memcpy_s
??1type_info@@UAE@XZ
_except_handler4_common
fclose
fwrite
?name@type_info@@QBEPBDXZ
swprintf_s
fputc
fflush
fgetc
fgetpos
setvbuf
ungetc
fsetpos
_fseeki64
_mkgmtime
_gmtime64
_wtoi
strchr
ldiv
time
_wcsnicmp
_stricmp
mbstowcs_s
ftell
_wfopen_s
fseek
fread
towlower
ferror
feof
__ExceptionPtrCreate
__ExceptionPtrCopy
__ExceptionPtrDestroy
__ExceptionPtrCurrentException
__ExceptionPtrRethrow
wcsncpy_s
wprintf
_putws
??1bad_typeid@@UAE@XZ
??0bad_typeid@@QAE@ABV0@@Z
__RTtypeid
strerror
_beginthreadex
?before@type_info@@QBEHABV1@@Z
_wfsopen
??0bad_cast@@QAE@ABV0@@Z
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
_vsnwprintf
??_V@YAXPAX@Z
__CxxFrameHandler3
__RTDynamicCast
_ftol2

user32

RegisterClassExW
LoadStringW
DispatchMessageW
ShutdownBlockReasonCreate
WaitForInputIdle
GetWindowLongW
LoadCursorW
SetWindowLongW
ShutdownBlockReasonDestroy
CreateWindowExW
DefWindowProcW
SendNotifyMessageW
SetSysColors
GetDoubleClickTime
GetSysColor
GetMessageW
TranslateMessage
LoadIconW

kernel32

DecodePointer
EncodePointer
GetLocaleInfoW
WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar
QueryFullProcessImageNameW
ExitProcess
Sleep
OpenEventW
EnterCriticalSection
SetLastError
HeapFree
CreateSemaphoreExW
CreateEventA
GetSystemInfo
LocalLock
GetModuleFileNameA
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetProcessId
GetModuleFileNameW
GetCurrentThreadId
ReleaseMutex
CreateEventW
TerminateProcess
GetCurrentProcess
WakeAllConditionVariable
ResetEvent
IsDebuggerPresent
FormatMessageW
GetLastError
LoadLibraryExW
LocalUnlock
DebugBreak
FreeLibrary
GetModuleHandleW
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
LeaveCriticalSection
LocalFree
CreateMutexExW
GetProcAddress
ReleaseSRWLockExclusive
OutputDebugStringW
SetEvent
CloseThreadpoolTimer
AcquireSRWLockExclusive
GetLocalTime
HeapAlloc
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
RaiseException
CloseHandle
ReleaseSemaphore
GetModuleHandleExW
DisableThreadLibraryCalls
AcquireSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx

gdi32

GetStockObject

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
OleRun

advapi32

EventUnregister
SetSecurityInfo
EventWriteTransfer
EventRegister
EventSetInformation
RegGetValueW

shell32

DoEnvironmentSubstW
SHChangeNotify

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
GetExitCodeProcess
TlsGetValue
TlsSetValue
TlsFree
SwitchToThread
ProcessIdToSessionId
TlsAlloc
GetCurrentThread
CreateThread
GetExitCodeThread
OpenProcessToken
SetThreadPriority
ResumeThread

oleaut32

SysAllocString
SysFreeString
VariantInit
SysStringLen
SysAllocStringByteLen
SysAllocStringLen
VariantCopy
SafeArrayPutElement
SafeArrayCreateEx
SafeArrayGetLBound
SafeArrayGetUBound
LoadRegTypeLi
GetRecordInfoFromTypeInfo
SafeArrayRedim
SafeArrayAccessData
SafeArrayCreate
SafeArrayUnaccessData
SafeArrayDestroy
VariantClear

api-ms-win-core-wow64-l1-1-0

Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache
GetThreadContext
GetProcessMitigationPolicy
SetThreadContext

api-ms-win-core-file-l1-1-0

GetFileSize
GetFileAttributesW
GetFileTime
DeleteFileW
FindNextFileW
FindClose
SetFileAttributesW
GetLongPathNameW
FindFirstFileW
CreateFileW
CreateDirectoryW
ReadFile
RemoveDirectoryW
SetFileTime
GetFileAttributesExW
WriteFile

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCurrentDirectoryW

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW

api-ms-win-core-file-l2-1-0

CreateHardLinkW
MoveFileExW
CopyFileExW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegDeleteTreeW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyExW
RegEnumValueW
RegCloseKey
RegDeleteValueW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrlenA

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl

api-ms-win-core-synch-l1-1-0

SetWaitableTimer
OpenEventA
WaitForMultipleObjectsEx
CreateMutexW
CreateEventExW

api-ms-win-core-synch-ansi-l1-1-0

CreateSemaphoreA

api-ms-win-core-namedpipe-l1-1-0

WaitNamedPipeW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork

api-ms-win-security-base-l1-1-0

CheckTokenMembership
EqualSid
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
CreateWellKnownSid

api-ms-win-ntuser-sysparams-l1-1-0

SystemParametersInfoW
GetSystemMetrics

api-ms-win-core-localization-l1-2-0

GetUserDefaultLCID
FormatMessageA

api-ms-win-core-handle-l1-1-0

DuplicateHandle

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA
GetModuleHandleA

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc

api-ms-win-core-heap-l2-1-0

LocalAlloc

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-file-l1-2-2

AreFileApisANSI

api-ms-win-core-synch-l1-2-1

CreateWaitableTimerW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency

activeds

ord3

Exports

Exports

OrdinalOne

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/Cache_Data/certmgr.dll
.dll regsvr32 windows:10 windows x86 arch:x86

Password: 1234

ca188497e79abc1def20615c73631f36

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

certmgr.pdb

Imports

mfc42u

ord3718
ord797
ord2362
ord2291
ord2371
ord3133
ord4294
ord4162
ord6193
ord6375
ord2110
ord3871
ord1197
ord3867
ord2857
ord4215
ord2576
ord3649
ord2430
ord1143
ord1637
ord2858
ord6266
ord3905
ord3288
ord4238
ord2293
ord6211
ord3296
ord1635
ord3084
ord2776
ord941
ord4118
ord5949
ord5852
ord496
ord4616
ord4254
ord4709
ord3695
ord4425
ord2046
ord4433
ord5284
ord1683
ord3870
ord3798
ord4253
ord489
ord768
ord2281
ord2729
ord1258
ord1899
ord491
ord3614
ord2406
ord3621
ord2854
ord1634
ord826
ord269
ord600
ord1240
ord1571
ord1250
ord1568
ord1570
ord342
ord1179
ord1248
ord1115
ord1194
ord1563
ord3733
ord1083
ord5617
ord4399
ord6640
ord2820
ord6279
ord6278
ord925
ord922
ord5568
ord2914
ord1128
ord2717
ord3948
ord561
ord815
ord2821
ord2810
ord538
ord2578
ord6303
ord521
ord602
ord3562
ord3569
ord4390
ord2567
ord616
ord535
ord1001
ord3577
ord4392
ord802
ord542
ord3087
ord6330
ord940
ord825
ord942
ord3281
ord6451
ord6896
ord4219
ord268
ord1560
ord2644
ord2385
ord1662
ord6898
ord2859
ord4970
ord3991
ord795
ord3716
ord693
ord3635
ord3365
ord4396
ord2574
ord823
ord5155
ord5156
ord5154
ord4899
ord4736
ord4942
ord4352
ord5261
ord4371
ord4848
ord4992
ord2506
ord6048
ord1767
ord5283
ord4829
ord4419
ord3694
ord1184
ord6928
ord858
ord6195
ord4155
ord4704
ord2294
ord692
ord3634
ord4395
ord2573
ord4214
ord2016
ord2405
ord6362
ord2570
ord4213
ord2015
ord2403
ord4847
ord1594
ord4272
ord4370
ord5276
ord3592
ord810
ord3728
ord3393
ord686
ord384
ord5947
ord2637
ord3092
ord4229
ord641
ord324
ord6024
ord5798
ord2809
ord3090
ord2634
ord4198
ord927
ord2520
ord1008
ord5855
ord3979
ord1565
ord6868
ord4124
ord2755
ord5706
ord2910
ord5817
ord3657
ord998
ord5977
ord609
ord4199
ord2455
ord1644
ord2756
ord6137
ord543
ord803
ord3579
ord713
ord414
ord3697
ord5436
ord6379
ord5446
ord6390
ord3658
ord501
ord1145
ord5603
ord773
ord5293
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord2606
ord3396
ord1764
ord656
ord567
ord818
ord3605
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord3397
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1768
ord4073
ord6051
ord861
ord1165
ord6466
ord800
ord540
ord771

msvcrt

memset
_purecall
wcslen
wcscmp
_stricmp
memcmp
_wcsicmp
free
wcstok_s
realloc
strlen
mbstowcs
strcmp
??_V@YAXPAX@Z
memcpy
_wcsupr
wcsstr
wcscspn
_vsnwprintf
__CxxFrameHandler3
wcschr
wcscoll
malloc
_wcsnicmp
wcstol
wcsncmp
iswdigit
swprintf_s
_wtol
wcscat_s
wcscpy_s
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
__RTDynamicCast
_itow
wcstoul
wcsrchr
iswspace
_beginthreadex
_endthreadex
memmove
qsort
_wtoi

atl

ord44
ord32
ord16
ord21
ord15
ord30
ord43

ntdll

RtlInitUnicodeString
RtlCompareUnicodeString
RtlNtStatusToDosError

certca

ord416
ord411
ord413
ord414
ord445
ord450
ord451
ord433
ord459
ord405
ord442
ord444
ord446
ord412
ord424
ord455
ord452
ord453
ord460
ord435
ord404

certenroll

ord29
ord16
ord19
ord15
ord18
ord31
ord21
ord23
ord22
ord40
ord33

kernel32

GetCurrentProcessId
QueryPerformanceCounter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
DecodePointer
EncodePointer
LoadLibraryExA
VirtualAlloc
VirtualFree
FreeLibrary
HeapFree
UnmapViewOfFile
MapViewOfFile
GetProcessHeap
HeapAlloc
CreateFileMappingW
GetUserDefaultLangID
GetFileTime
GetFileSizeEx
ResetEvent
SetEvent
WaitForSingleObject
CreateEventW
GlobalUnlock
GlobalLock
WideCharToMultiByte
ReadFile
GetFileSize
CreateFileW
GetCurrentThreadId
CloseHandle
GetCurrentProcess
GetComputerNameW
GlobalFree
GlobalAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryA
CompareStringW
GetSystemWindowsDirectoryW
GetVersionExW
FormatMessageW
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCommandLineW
OutputDebugStringA
GetModuleFileNameW
LoadLibraryW
LoadLibraryExW
GetModuleHandleW
GetModuleHandleA
GetProcAddress
SetLastError
MultiByteToWideChar
GetACP
SystemTimeToFileTime
GetSystemTime
CompareFileTime
RaiseException
lstrcmpiW
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetLastError
GetTickCount
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
GetComputerNameExW
ExpandEnvironmentStringsA
InitOnceExecuteOnce

user32

ScreenToClient
GetWindowRect
GetMenu
EnableMenuItem
SetMenu
LoadMenuW
DestroyWindow
CallWindowProcW
DefWindowProcW
SetFocus
GetKeyState
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
IsDlgButtonChecked
CheckDlgButton
GetSysColor
GetClientRect
MessageBoxW
SetWindowLongW
GetWindowTextW
ShowWindow
SetWindowTextW
SendDlgItemMessageW
GetWindow
GetDlgItem
GetSystemMetrics
RegisterClipboardFormatW
GetParent
PostMessageW
WinHelpW
GetDlgCtrlID
SendMessageW
EnableWindow
LoadBitmapW
LoadImageW
LoadIconW
DestroyIcon
IsWindowVisible
UpdateWindow
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowThreadProcessId
FindWindowExW
ChildWindowFromPointEx
GetSubMenu
InvalidateRect
LoadStringW
GetFocus
ReleaseDC
GetDC
GetWindowLongW
SystemParametersInfoW

oleaut32

SafeArrayGetUBound
SafeArrayGetLBound
SysFreeString
SysAllocString
SysStringLen
VariantClear
SysAllocStringLen
SysStringByteLen
SafeArrayUnaccessData
BstrFromVector
SafeArrayAccessData
VariantInit

ole32

CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
ReleaseStgMedium
CoCreateGuid
CLSIDFromString
CoInitialize
StringFromCLSID
CoTaskMemAlloc
GetHGlobalFromStream
CoTaskMemFree

advapi32

RegOpenKeyExA
GetSecurityDescriptorLength
CopySid
GetLengthSid
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
GetUserNameW
SaferCreateLevel
SaferCloseLevel
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
OpenProcessToken
GetTokenInformation
SaferGetLevelInformation
SaferiPopulateDefaultsInRegistry
SaferGetPolicyInformation
RegQueryValueExA
RegSetValueExA
RegDeleteTreeW
CryptGetProvParam
LookupAccountNameW
OpenSCManagerW
GetServiceDisplayNameW
CloseServiceHandle
SaferSetPolicyInformation
SaferSetLevelInformation
SaferiChangeRegistryScope
CryptSetProvParam
EnumServicesStatusW

netutils

NetpwNameValidate
NetApiBufferFree
NetpwNameCanonicalize

dsrole

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

srvcli

NetServerGetInfo

shell32

SHGetPathFromIDListW
SHGetMalloc
SHBindToParent
SHBrowseForFolderW
SHGetFileInfoW

cryptui

CryptUIDlgSelectCertificateW
CryptUIDlgViewCertificatePropertiesW
CryptUIDlgAddPolicyServerWithPriority
CryptUIWizBuildCTL
CryptUIWizExport
CryptUIWizImport
CryptUIGetCertificatePropertiesPagesW
CryptUIDlgViewCRLW
CryptUIDlgPropertyPolicy
CryptUIDlgViewCertificateW
CryptUIDlgViewCTLW

crypt32

CryptBinaryToStringW
CryptEncodeObject
CryptMsgGetParam
CryptMsgUpdate
CertAddEncodedCTLToStore
CertAddStoreToCollection
CertGetCRLFromStore
CertAddCRLContextToStore
CertEnumCRLsInStore
CertEnumCTLsInStore
CertGetSubjectCertificateFromStore
CertDeleteCRLFromStore
CertGetStoreProperty
CryptFindLocalizedName
CertFreeCRLContext
CertControlStore
CryptMsgClose
CryptDecodeObject
CertFindExtension
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertGetEnhancedKeyUsage
CertDeleteCertificateFromStore
CertFindCertificateInStore
CertSetCertificateContextProperty
CryptDecodeObjectEx
CertNameToStrW
CryptFindOIDInfo
CertGetNameStringW
CryptImportPublicKeyInfoEx2
CertGetCertificateChain
CertFreeCertificateChain
CertCompareCertificate
CryptAcquireCertificatePrivateKey
CertGetCTLContextProperty
CertDeleteCTLFromStore
CertFindCTLInStore
CertVerifyRevocation
CertVerifyTimeValidity
CryptMsgEncodeAndSignCTL
CertEnumCertificatesInStore
CertOpenStore
CertCloseStore
CertEnumSystemStore
CryptFindCertificateKeyProvInfo
CertEnumPhysicalStore
CryptEnumOIDInfo
CertAddCertificateContextToStore
CertAddCTLContextToStore
CertDuplicateCTLContext
CertFreeCTLContext
CertGetIntendedKeyUsage
CertDuplicateCRLContext
CryptMsgOpenToDecode
CertGetPublicKeyLength
CertAddSerializedElementToStore
CryptQueryObject

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject

ntdsapi

DsCrackNamesW
DsFreeNameResultW
DsBindW
DsUnBindW

ncrypt

BCryptDestroyKey
BCryptOpenAlgorithmProvider
BCryptCreateHash
BCryptHashData
NCryptSetProperty
NCryptGetProperty
NCryptIsKeyHandle
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptFinishHash
BCryptGetProperty

shlwapi

SHDeleteKeyW
PathFindExtensionW
StrTrimW

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetFileHash

version

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

imagehlp

ImageLoad
ImageUnload

secur32

GetUserNameExW

aclui

ord2

iphlpapi

ParseNetworkString

slc

SLGetWindowsInformationDWORD

logoncli

DsGetDcNameW

activeds

ord9

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 648KB - Virtual size: 647KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/Cache_Data/clr.dll
.dll windows:6 windows x86 arch:x86

Password: 1234

01513932f96e7c52f6301f4cdc793a75

Code Sign

33:00:00:03:af:30:40:0e:4c:a3:4d:05:41:00:00:00:00:03:af
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:09

Not After

14/11/2024, 19:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b7:cc:44:7d:04:ec:ce:b0:84:cd:72:99:af:3a:3a:da:9a:3d:eb:13:36:16:2a:a5:6e:25:0f:de:6f:d2:4c:a8
Signer

Actual PE Digest

b7:cc:44:7d:04:ec:ce:b0:84:cd:72:99:af:3a:3a:da:9a:3d:eb:13:36:16:2a:a5:6e:25:0f:de:6f:d2:4c:a8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

clr.pdb

Imports

kernel32

LCMapStringW
IsDBCSLeadByte
GetACP
GetCPInfo
SetConsoleTitleW
AllocConsole
FreeConsole
GetTempFileNameW
GetTempPathW
MoveFileExW
MoveFileW
FlushFileBuffers
CompareFileTime
GetFileTime
QueryInformationJobObject
IsProcessInJob
VirtualUnlock
OutputDebugStringA
DeleteFileW
SetThreadAffinityMask
SetThreadGroupAffinity
GetWriteWatch
ResetWriteWatch
SetThreadIdealProcessor
ReadProcessMemory
GetUserDefaultLCID
GetSystemDefaultLCID
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
GetSystemTimeAsFileTime
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
CreateMemoryResourceNotification
GetDriveTypeW
InterlockedFlushSList
InitializeSListHead
InterlockedPopEntrySList
PeekNamedPipe
GetProcessTimes
VerifyVersionInfoW
IsProcessorFeaturePresent
LeaveCriticalSection
EnterCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
TerminateProcess
UnhandledExceptionFilter
SetXStateFeaturesMask
InitializeContext
GetEnabledXStateFeatures
SetThreadContext
GetThreadContext
ResetEvent
GetFileAttributesExW
ReadFile
FindFirstFileW
FindClose
GetSystemDirectoryW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
GetWindowsDirectoryW
ReleaseActCtx
IsWow64Process
SizeofResource
LockResource
FindResourceExW
LoadResource
FindNextFileW
GetEnvironmentVariableA
CreateProcessW
QueryActCtxW
GetNativeSystemInfo
LoadLibraryW
EncodePointer
DecodePointer
EnumTimeFormatsW
CompareStringW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
EnumCalendarInfoExW
GetLocaleInfoW
GetCalendarInfoW
GetDateFormatW
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
LoadLibraryA
MapViewOfFile
HeapReAlloc
LocalAlloc
LoadLibraryExA
SetFileAttributesW
CopyFileW
RemoveDirectoryW
GetFileSizeEx
SetEndOfFile
GetSystemDirectoryA
CreateFileA
SetFileTime
WritePrivateProfileStringW
DeviceIoControl
FindResourceW
GetLocalTime
GetVolumeInformationW
LocalFileTimeToFileTime
DosDateTimeToFileTime
SystemTimeToFileTime
lstrlenA
GetDiskFreeSpaceA
GetWindowsDirectoryA
GetTimeFormatW
GetSystemTime
FlushViewOfFile
IsDBCSLeadByteEx
GetStringTypeW
CreateHardLinkW
SetPriorityClass
SetFilePointerEx
ExitThread
OpenFileMappingW
SearchPathW
GetTimeZoneInformation
GetNLSVersionEx
IsValidLocale
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
GetConsoleTitleW
InterlockedExchange
GetVersionExW
MultiByteToWideChar
FormatMessageW
ExitProcess
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleExW
GetPrivateProfileIntW
GetLastError
GetTickCount
SetEvent
GetCurrentProcessorNumber
QueueUserAPC
CloseHandle
WaitForSingleObject
GlobalMemoryStatusEx
CreateIoCompletionPort
GetProcAddress
SetLastError
GetThreadLocale
QueryPerformanceCounter
QueryPerformanceFrequency
PostQueuedCompletionStatus
FlushProcessWriteBuffers
CreateThread
ResumeThread
SleepEx
WaitForMultipleObjectsEx
GetQueuedCompletionStatus
GetCurrentThread
OutputDebugStringW
DebugBreak
GetModuleHandleW
GetCurrentProcess
ReleaseMutex
ReleaseSemaphore
CreateMutexW
CreateEventW
CreateSemaphoreW
LocalFree
GetCurrentProcessId
OpenProcess
ProcessIdToSessionId
GetCurrentThreadId
SetConsoleCtrlHandler
GetTickCount64
GetCommandLineW
GetCurrentDirectoryW
lstrlenW
GetFullPathNameW
GetShortPathNameW
GetLongPathNameW
GetSystemInfo
TlsGetValue
GetUserDefaultLangID
GetEnvironmentVariableW
SetEnvironmentVariableW
GetProcessId
GetOverlappedResult
CancelIo
GetProcessHeap
HeapFree
InterlockedPushEntrySList
WriteFile
GetStdHandle
WideCharToMultiByte
GetConsoleOutputCP
GetFileInformationByHandle
GetFileAttributesW
CreateDirectoryW
GetProcessAffinityMask
SetThreadLocale
MapViewOfFileEx
VirtualQuery
UnmapViewOfFile
SetErrorMode
FreeLibrary
FreeLibraryAndExitThread
IsDebuggerPresent
RaiseException
GetStringTypeExW
CreateFileMappingW
GetFileSize
TlsSetValue
GetModuleHandleA
TlsAlloc
TlsFree
HeapAlloc
FlushInstructionCache
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateFileW
WaitNamedPipeW
SetNamedPipeHandleState
OpenEventW
TransactNamedPipe
VirtualAlloc
VirtualFree
VirtualProtect
HeapCreate
HeapDestroy
HeapValidate
SwitchToThread
GetEnvironmentStringsW
FreeEnvironmentStringsW
DuplicateHandle
WaitForSingleObjectEx
SetThreadPriority
GetThreadPriority
SignalObjectAndWait
SetThreadStackGuarantee
IsThreadAFiber
Sleep
SuspendThread
GetThreadTimes
SetFilePointer

vcruntime140_clr0400

_CxxThrowException
memchr
__CxxFrameHandler3
wcsrchr
memcpy
_purecall
memcmp
strchr
wcsstr
strrchr
wcschr
_except_handler4_common
__current_exception
__current_exception_context
__std_type_info_destroy_list
memset
memmove

ucrtbase_clr0400

iswspace
__stdio_common_vswprintf_p
_wcsnicmp
_ltow_s
wcsnlen
atoi
toupper
_time64
_strdup
fopen
fwrite
__stdio_common_vsnprintf_s
_register_onexit_function
fputs
_wfopen
wcsncmp
isalpha
fflush
_copysign
modf
towupper
__stdio_common_vswscanf
towlower
iswupper
_wtoi
__acrt_iob_func
_wcstoui64
__stdio_common_vsscanf
isdigit
_strnicmp
strncpy_s
_errno
_invalid_parameter_noinfo
atol
strnlen
wcstoul
iswascii
__stdio_common_vfwprintf
_wcslwr_s
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf_s
strcat_s
__stdio_common_vfprintf
strcpy_s
strncmp
qsort
_controlfp_s
__stdio_common_vsprintf
_wcsicmp
strcmp
strlen
_itow_s
__stdio_common_vswprintf_s
_stricmp
__stdio_common_vswprintf
wcsncpy_s
wcscat_s
wcscpy_s
_flushall
_execute_onexit_table
_crt_atexit
_cexit
terminate
ceil
_putws
strncat_s
wcstok_s
bsearch
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
isxdigit
malloc
free
strtoul
_wmakepath_s
_wsplitpath_s
wmemcpy_s
iswxdigit
iswdigit
isupper
_isnan
fopen_s
wcsncat_s
_initialize_onexit_table
fclose
_CIacos
_CIasin
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsinh
_CItanh
floor

ntdll

RtlEnterCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
vDbgPrintExWithPrefix
NtYieldExecution
RtlNtStatusToDosError
VerSetConditionMask
RtlCaptureContext
RtlUnwind
RtlLeaveCriticalSection

user32

DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
TranslateMessage
GetDesktopWindow
LoadStringW
GetUserObjectInformationW
GetProcessWindowStation
InSendMessage
GetFocus

shlwapi

PathCreateFromUrlW
UrlCanonicalizeW
PathAddBackslashW
UrlUnescapeW
StrCmpW
StrStrW
UrlCombineW
PathIsURLW
UrlGetPartW
StrRChrW
PathRemoveExtensionW
PathRemoveFileSpecW
StrChrW
StrToIntW
StrCmpNW
PathFindExtensionW
PathIsRelativeW
PathRemoveBackslashW
UrlEscapeW
PathIsUNCW
UrlIsW
PathCanonicalizeW
PathFindFileNameW
PathCombineW

advapi32

CryptSetProvParam
CryptEncrypt
CryptGetDefaultProviderW
CryptDecrypt
CryptDeriveKey
CryptSetKeyParam
DeleteAce
SaferCloseLevel
SetTokenInformation
CreateWellKnownSid
ConvertStringSidToSidW
SaferCreateLevel
AddAccessAllowedAceEx
SaferComputeTokenFromLevel
CryptVerifySignatureW
LookupAccountSidW
CryptEnumProvidersW
CryptGenKey
GetNamedSecurityInfoW
CryptSignHashW
CryptVerifySignatureA
CryptSetHashParam
RegQueryInfoKeyA
RegDeleteValueW
IsValidSid
GetSidIdentifierAuthority
CryptGetKeyParam
CryptImportKey
CryptGetProvParam
CryptAcquireContextA
CryptDestroyKey
CryptGetUserKey
CryptExportKey
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CopySid
DuplicateToken
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegEnumValueW
GetSidSubAuthorityCount
GetSidSubAuthority
AddAccessAllowedAce
GetLengthSid
EventWriteTransfer
RegQueryInfoKeyW
RegQueryValueW
RegOpenKeyExW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
ImpersonateLoggedOnUser
EventUnregister
EventRegister
SetThreadToken
RevertToSelf
GetAce
InitializeAcl
GetSecurityDescriptorDacl
SetKernelObjectSecurity
RegQueryValueExW
RegEnumKeyExW
RegCloseKey
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
EventWrite

Exports

Exports

AttachProfiler
CertCreateAuthenticodeLicense
CertFreeAuthenticodeSignerInfo
CertFreeAuthenticodeTimestamperInfo
CertTimestampAuthenticodeLicense
CertVerifyAuthenticodeLicense
ClearDownloadCache
ClrCreateManagedInstance
CoEEShutDownCOM
CoInitializeCor
CoInitializeEE
CoUninitializeCor
CoUninitializeEE
CompareAssemblyIdentity
CompareAssemblyIdentityWithConfig
CopyPDBs
CorDllMainForThunk
CorExitProcess
CorLaunchApplication
CorMarkThreadInThreadPool
CreateActContext
CreateApplicationContext
CreateAssemblyCache
CreateAssemblyConfigCookie
CreateAssemblyEnum
CreateAssemblyNameObject
CreateCMSFromXml
CreateHistoryReader
CreateInstallReferenceEnum
DeleteShadowCache
DestroyAssemblyConfigCookie
DllCanUnloadNowInternal
DllGetActivationFactoryImpl
DllGetClassObjectInternal
DllRegisterServerInternal
DllUnregisterServerInternal
EEDllRegisterServer
EEDllUnregisterServer
GetAddrOfContractShutoffFlag
GetAppIdAuthority
GetAssemblyIdentityFromFile
GetAssemblyMDImport
GetCLRFunction
GetCLRIdentityManager
GetCachePath
GetClassActivatorForApplicationImpl
GetHashFromAssemblyFile
GetHashFromAssemblyFileW
GetHashFromBlob
GetHashFromFile
GetHashFromFileW
GetHashFromHandle
GetHistoryFileDirectory
GetIdentityAuthority
GetMetaDataInternalInterface
GetMetaDataInternalInterfaceFromPublic
GetMetaDataPublicInterfaceFromInternal
GetPermissionRequests
GetPrivateContextsPerfCounters
GetUserStateManager
GetUserStore
IEE
InitializeFusion
InstallCustomModule
LegacyNGenCompile
LegacyNGenCreateZapper
LegacyNGenFreeZapper
LegacyNGenTryEnumerateFusionCache
LoadStringRC
LoadStringRCEx
LogHelp_LogAssert
LogHelp_NoGuiOnAssert
LogHelp_TerminateOnAssert
LookupHistoryAssembly
MetaDataGetDispenser
NGenCreateNGenWorker
NukeDownloadedCache
ParseManifest
PostErrorVA
PreBindAssembly
PreBindAssemblyEx
ReOpenMetaDataWithMemory
ReOpenMetaDataWithMemoryEx
SetMSIHandleForLogging
SetRuntimeInfo
StrongNameCompareAssemblies
StrongNameDigestEmbed
StrongNameDigestGenerate
StrongNameDigestSign
StrongNameErrorInfo
StrongNameFreeBuffer
StrongNameGetBlob
StrongNameGetBlobFromImage
StrongNameGetPublicKey
StrongNameGetPublicKeyEx
StrongNameHashSize
StrongNameKeyDelete
StrongNameKeyGen
StrongNameKeyGenEx
StrongNameKeyInstall
StrongNameSignatureGeneration
StrongNameSignatureGenerationEx
StrongNameSignatureSize
StrongNameSignatureVerification
StrongNameSignatureVerificationEx
StrongNameSignatureVerificationEx2
StrongNameSignatureVerificationFromImage
StrongNameTokenFromAssembly
StrongNameTokenFromAssemblyEx
StrongNameTokenFromPublicKey
TranslateSecurityAttributes
_AxlGetIssuerPublicKeyHash
_AxlPublicKeyBlobToPublicKeyToken
_AxlRSAKeyValueToPublicKeyToken
_CorDllMain
_CorExeMain
_CorExeMain2
_GC_Initialize@16
_GC_IsCompatibleWithRuntime@8
_IsOS@4

Sections

.text
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 54KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 382KB - Virtual size: 382KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/Cache_Data/mfmp4srcsnk.dll
.dll windows:10 windows x86 arch:x86

Password: 1234

3f51a4af7b71901479685a8ba49bffb5

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:a1:f3:6b:1b:80:ce:29:9c:41:c6:fb:0a:db:17:80:fc:06:6c:f8:e6:0c:27:56:b7:93:b4:9d:dd:57:65:9f
Signer

Actual PE Digest

27:a1:f3:6b:1b:80:ce:29:9c:41:c6:fb:0a:db:17:80:fc:06:6c:f8:e6:0c:27:56:b7:93:b4:9d:dd:57:65:9f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mfmp4srcsnk.pdb

Imports

msvcrt

memmove
wcstoul
_snwscanf_s
wcsnlen
__CxxFrameHandler3
_snwprintf_s
_onexit
swprintf_s
__dllonexit
_unlock
wcscat_s
memcpy_s
wcstol
swscanf_s
_ltoa_s
qsort
realloc
_gcvt_s
_ui64tow_s
iswdigit
_i64tow_s
_ultoa_s
_ultow_s
_i64toa_s
_lock
_errno
_except_handler4_common
_wtof
strnlen
_wcsicmp
wcsncmp
_callnewh
sscanf_s
strncpy_s
_XcptFilter
_amsg_exit
_vsnprintf
_vsnwprintf
_ultow
_scwprintf
iswprint
wcsncpy_s
malloc
free
_purecall
_initterm
_CIacos
_CIcos
_CIlog
_CIsin
_CIsqrt
_ftol2
_ftol2_sse
ceil
floor
memcmp
memcpy
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
FreeLibrary
SizeofResource
LoadStringW
FindStringOrdinal
LoadResource
GetModuleHandleExW
GetModuleHandleW
LoadLibraryExW
FindResourceExW
DisableThreadLibraryCalls
GetProcAddress
GetModuleFileNameA

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
RaiseException
SetLastError

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
DeleteCriticalSection
AcquireSRWLockExclusive
ReleaseSemaphore
LeaveCriticalSection
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
ReleaseMutex
InitializeCriticalSection
ReleaseSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
CreateSemaphoreExW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegEnumKeyExW
RegCreateKeyExW
RegGetValueW
RegSetValueExW
RegDeleteValueW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventEnabled
EventRegister
EventWriteTransfer

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceEnableFlags
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
RegisterTraceGuidsW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
GetCurrentProcess
TerminateProcess
TlsGetValue
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime

api-ms-win-core-url-l1-1-0

HashData

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA
DebugBreak
OutputDebugStringW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureUsage
GetFeatureEnabledState
UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-memory-l1-1-0

MapViewOfFileEx
VirtualQueryEx
UnmapViewOfFile
CreateFileMappingW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-shell-shdirectory-l1-1-0

ord290

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetVersionExW
GetSystemTime

rtworkq

RtwqSetLongRunning

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/Windows.Networking.Vpn.dll
.dll regsvr32 windows:10 windows x86 arch:x86

Password: 1234

46c790b1299f41735d780784e230830e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Windows.Networking.Vpn.pdb

Imports

msvcrt

__dllonexit
_onexit
?what@exception@@UBEPBDXZ
??1type_info@@UAE@XZ
_except_handler4_common
memcmp
_ftol2_sse
__RTDynamicCast
_CIlog10
__CxxFrameHandler3
_XcptFilter
toupper
memmove
_amsg_exit
wcscspn
_unlock
_CxxThrowException
memcpy
_lock
?terminate@@YAXXZ
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
wcstok
_wcsicmp
_wtoi
realloc
free
malloc
??_V@YAXPAX@Z
memmove_s
_purecall
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??3@YAXPAX@Z
memcpy_s
_vsnwprintf
_initterm
_callnewh
swprintf_s
memset

ntdll

RtlLengthSid
RtlIpv6AddressToStringExW
RtlIpv4AddressToStringExW
RtlCopySid
RtlNtStatusToDosError
RtlEqualSid
EtwTraceMessage
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlFreeSid
RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
RtlIsStateSeparationEnabled

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
TryAcquireSRWLockExclusive
InitializeSRWLock
WaitForSingleObject
InitializeCriticalSectionEx
SetEvent
ResetEvent
DeleteCriticalSection
EnterCriticalSection
ReleaseSRWLockShared
OpenSemaphoreW
LeaveCriticalSection
CreateEventExW
CreateEventW
WaitForSingleObjectEx
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
CreateMutexExW
ReleaseMutex
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentProcess
OpenProcessToken
GetCurrentProcessId
GetCurrentThreadId
SetThreadToken
GetCurrentThread
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-string-l1-1-0

WindowsConcatString
WindowsDuplicateString
HSTRING_UserSize
WindowsGetStringLen
WindowsSubstring
WindowsSubstringWithSpecifiedLength
HSTRING_UserUnmarshal
WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsIsStringEmpty
HSTRING_UserMarshal
HSTRING_UserFree

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
TraceMessage
GetTraceEnableFlags
GetTraceLoggerHandle
UnregisterTraceGuids
GetTraceEnableLevel

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
GetRestrictedErrorInfo
RoOriginateErrorW
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-com-l1-1-0

CoRevertToSelf
CoCreateGuid
StringFromGUID2
CoInitializeEx
CoUninitialize
CoImpersonateClient
CoCreateInstance
CoGetApartmentType
CoTaskMemAlloc
CreateStreamOnHGlobal
CoReleaseMarshalData
CoMarshalInterface
CoCreateInstanceEx
CoTaskMemFree
CoCreateFreeThreadedMarshaler

bcrypt

BCryptDestroyHash
BCryptHashData
BCryptFinishHash
BCryptCreateHash

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister
EventProviderEnabled

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolWorkCallbacks
WaitForThreadpoolTimerCallbacks
FreeLibraryWhenCallbackReturns
WaitForThreadpoolWaitCallbacks
SetThreadpoolTimer
SetThreadpoolWait
CloseThreadpoolTimer
SubmitThreadpoolWork
CreateThreadpoolWait
CloseThreadpoolWait
CreateThreadpoolWork
CloseThreadpoolWork

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetLocalTime

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoInitialize
RoUninitialize
RoActivateInstance

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

GetTokenInformation
RevertToSelf
CreateWellKnownSid
GetAce

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
CompareStringW

crypt32

CertGetCertificateContextProperty
CertCloseStore
CertFreeCertificateContext
CertSetCertificateContextProperty
CryptAcquireCertificatePrivateKey
CertFindCertificateInStore
CertOpenStore
CryptFindOIDInfo

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient12
CStdStubBuffer2_Disconnect
ObjectStublessClient7
ObjectStublessClient13
CStdStubBuffer2_QueryInterface
NdrProxyForwardingFunction4
NdrProxyForwardingFunction5
ObjectStublessClient14
ObjectStublessClient8
ObjectStublessClient11
ObjectStublessClient10
ObjectStublessClient16
NdrProxyForwardingFunction3
CStdStubBuffer2_Connect
ObjectStublessClient3
ObjectStublessClient18
ObjectStublessClient20
CStdStubBuffer2_CountRefs
ObjectStublessClient19
ObjectStublessClient17
ObjectStublessClient21
ObjectStublessClient9
ObjectStublessClient15
ObjectStublessClient6

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW

api-ms-win-security-provider-l1-1-0

GetSecurityInfo
SetSecurityInfo

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

cryptsp

CryptCreateHash
CryptReleaseContext
CryptHashData
CryptSignHashW
CryptDestroyHash
CryptSetProvParam

fwpolicyiomgr

FwEmptyWFRule

api-ms-win-appmodel-state-l1-2-0

GetStateFolder
CloseState
OpenStateExplicitForUserSidString

api-ms-win-appmodel-runtime-l1-1-0

GetCurrentPackageFamilyName

api-ms-win-appmodel-runtime-l1-1-1

VerifyPackageFamilyName

api-ms-win-rtcore-ntuser-window-l1-1-0

AllowSetForegroundWindow

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
LaunchStoreForPluginW
VpnClientGetCostedNetworkSettings
VpnClientGetProxyForUrlAndSingleSessionDeviceUser
VpnClientPluginGetSecurity
VpnClientPluginInstall
VpnClientPluginManifestFind
VpnClientPluginUninstall
VpnClientSetCostedNetworkSettings
VpnPluginEnumerate
VpnPluginListFree

Sections

.text
Size: 820KB - Virtual size: 819KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 167KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/WsmSvc.dll
.dll windows:10 windows x86 arch:x86

1733d72a0061e382d31cda4dcb76c930

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WsmSvc.pdb

Imports

msvcrt

_ftol2_sse
wcschr
_vsnwprintf
__CxxFrameHandler3
_scwprintf
??0exception@@QAE@XZ
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_CxxThrowException
memcpy
memmove
_XcptFilter
_amsg_exit
free
malloc
_initterm
?terminate@@YAXXZ
_purecall
swscanf_s
_wcsrev
iswalnum
fwprintf
wcscpy_s
_i64tow_s
fclose
fopen_s
strchr
ldiv
_fpclass
_HUGE
wcstod
wcsspn
rand
srand
_itow_s
swprintf_s
_ultow_s
wcstoul
wcscspn
wcspbrk
_ftol2
wcsstr
wcsrchr
isdigit
_vsnprintf
_scprintf
isspace
_strnicmp
time
rand_s
__iob_func
_wtoi
_wtof
_atoi64
_wtoi64
memmove_s
_vsnprintf_s
memcpy_s
strncmp
wcsncmp
_wcsnicmp
iswxdigit
tolower
iswdigit
iswspace
_wcsicmp
??1type_info@@UAE@XZ
_lock
_unlock
memcmp
_except_handler4_common
_onexit
__dllonexit
memset

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

oleaut32

SysFreeString
GetErrorInfo
VariantInit
SysAllocString
SysAllocStringLen
VariantClear
SysStringLen
VarCmp

crypt32

CertVerifyCertificateChainPolicy
CertGetIntendedKeyUsage
CertCreateCertificateContext
CryptStringToBinaryA
CertFreeCertificateChain
CryptBinaryToStringW
CertGetCertificateContextProperty
CertAddEnhancedKeyUsageIdentifier
CertCreateSelfSignCertificate
CertStrToNameW
CertCloseStore
CertGetCertificateChain
CryptDecodeObjectEx
CertFindExtension
CertGetEnhancedKeyUsage
CryptAcquireCertificatePrivateKey
CertGetNameStringW
CertFindCertificateInStore
CertOpenStore
CryptStringToBinaryW
CertFreeCertificateContext

api-ms-win-security-base-l1-1-0

RevertToSelf
GetKernelObjectSecurity
CopySid
InitializeSecurityDescriptor
GetLengthSid
MakeSelfRelativeSD
ImpersonateSelf
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
IsValidSid
CreateWellKnownSid
CheckTokenMembership
GetTokenInformation
FreeSid
SetKernelObjectSecurity
ImpersonateLoggedOnUser
AdjustTokenPrivileges
IsWellKnownSid
EqualSid
DuplicateTokenEx
AddAccessAllowedAceEx
GetSecurityDescriptorSacl
MapGenericMask
GetSecurityDescriptorDacl
GetAce
SetSecurityDescriptorGroup
GetSecurityDescriptorLength
MakeAbsoluteSD
InitializeAcl
AccessCheckAndAuditAlarmW
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
SetSecurityDescriptorOwner
AllocateAndInitializeSid

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
UnregisterWaitEx
QueueUserWorkItem
DeleteTimerQueueTimer

api-ms-win-core-heap-obsolete-l1-1-0

GlobalFree
LocalFree
LocalAlloc

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleExW
GetModuleFileNameA
FreeLibrary
LoadLibraryExW
GetModuleHandleW
GetProcAddress
DisableThreadLibraryCalls

api-ms-win-core-registry-l1-1-0

RegDeleteKeyExW
RegOpenKeyExW
RegQueryValueExW
RegDeleteTreeW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegSetKeySecurity
RegNotifyChangeKeyValue
RegCloseKey
RegGetValueW
RegCopyTreeW

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
TraceMessage
GetTraceLoggerHandle
UnregisterTraceGuids

api-ms-win-core-synch-l1-1-0

OpenEventW
SetEvent
WaitForSingleObject
CreateEventW
CreateMutexExW
ResetEvent
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
WaitForMultipleObjectsEx
DeleteCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
LeaveCriticalSection
ReleaseSemaphore
ReleaseMutex
ReleaseSRWLockShared
OpenSemaphoreW
EnterCriticalSection
WaitForSingleObjectEx
InitializeCriticalSectionEx
TryEnterCriticalSection

api-ms-win-core-kernel32-legacy-l1-1-0

UnregisterWait
RegisterWaitForSingleObject

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree
HeapSize
HeapDestroy
HeapReAlloc

api-ms-win-core-processthreads-l1-1-0

CreateThread
ExitProcess
GetCurrentProcessId
SetThreadToken
OpenThreadToken
GetCurrentThreadId
TerminateProcess
GetCurrentThread
OpenThread
GetCurrentProcess
OpenProcessToken

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
SleepConditionVariableCS
InitializeConditionVariable
Sleep
WakeAllConditionVariable

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetComputerNameExW
GetTickCount
GetLocalTime
GetVersionExW
GetSystemTime
GetTickCount64
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetSystemDirectoryA

miutils

ClassCache_AddClass
Instance_SetResourceURI
RtlTryAcquireFastLockExclusive
RtlQueueAcquireFastLockShared
Instance_New
OSC_Batch_Strdup
ClassCache_GetClass
Instance_GetResourceURI
RtlQueueAcquireFastLockExclusive
ClassCache_New
RtlReleaseFastLockShared
RtlTryAcquireFastLockShared
RtlInterlockedWakeAll
RtlReleaseFastLockExclusive
RtlInterlockedCompareWait
RCClass_New
OSC_Batch_Destroy
OSC_Batch_Get
MiErrorCategoryFromWindowsError
ClassCache_Delete
Instance_InitDynamic

api-ms-win-core-localization-l1-2-0

GetThreadLocale
FindNLSString
SetThreadPreferredUILanguages
GetLocaleInfoW
GetThreadUILanguage
SetThreadUILanguage
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringA
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolCleanupGroupMembers
CancelThreadpoolIo
StartThreadpoolIo
CloseThreadpoolIo
WaitForThreadpoolIoCallbacks
CreateThreadpoolIo
SetThreadpoolWait
CreateThreadpoolCleanupGroup
FreeLibraryWhenCallbackReturns
SubmitThreadpoolWork
CreateThreadpoolWork
CloseThreadpoolCleanupGroup
CloseThreadpoolTimer
CloseThreadpoolWork
CreateThreadpoolWait
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolWaitCallbacks

rpcrt4

UuidFromStringW
UuidCreate

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
SystemTimeToFileTime
FileTimeToSystemTime

dsrole

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

api-ms-win-core-localization-obsolete-l1-1-0

EnumUILanguagesW
GetUserDefaultUILanguage

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InterlockedPushEntrySList
QueryDepthSList
InitializeSListHead
InterlockedFlushSList

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW

api-ms-win-security-lsapolicy-l1-1-0

LsaFreeMemory
LsaRemoveAccountRights
LsaQueryInformationPolicy
LsaOpenPolicy
LsaClose
LsaAddAccountRights

api-ms-win-core-file-l1-1-0

GetFullPathNameW
CreateFileW
LocalFileTimeToFileTime
CompareFileTime

ntdll

NtCompareTokens
RtlInitString
RtlAllocateAndInitializeSid
RtlInitUnicodeString
EtwEventWriteTransfer
RtlFreeSid
RtlCreateUnicodeStringFromAsciiz
RtlFreeUnicodeString
RtlNtStatusToDosError
EtwEventRegister
NtAllocateLocallyUniqueId
EtwEventUnregister
EtwEventWrite
EtwEventEnabled
EtwEventProviderEnabled

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-security-credentials-l1-1-0

CredReadW
CredDeleteW
CredFree
CredWriteW

api-ms-win-core-job-l2-1-0

QueryInformationJobObject
AssignProcessToJobObject
OpenJobObjectW
CreateJobObjectW
SetInformationJobObject

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-downlevel-advapi32-l4-1-0

LsaManageSidNameMapping

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

pcwum

PerfSetCounterRefValue
PerfCreateInstance
PerfStopProvider
PerfSetCounterSetInfo
PerfStartProvider
PerfDeleteInstance

mi

MI_Application_InitializeV1
mi_clientFT_V1

Exports

Exports

??0?$AutoCleanup@V?$AutoDelete@D@@PAD@@QAE@PAD@Z
??0?$AutoCleanup@V?$AutoDelete@G@@PAG@@QAE@PAG@Z
??0?$AutoCleanup@V?$AutoDelete@UIPRange@CWSManIPFilter@@@@PAUIPRange@CWSManIPFilter@@@@QAE@PAUIPRange@CWSManIPFilter@@@Z
??0?$AutoCleanup@V?$AutoDelete@U_SID@@@@PAU_SID@@@@QAE@PAU_SID@@@Z
??0?$AutoCleanup@V?$AutoDelete@U_WSMAN_STREAM_ID_SET@@@@PAU_WSMAN_STREAM_ID_SET@@@@QAE@PAU_WSMAN_STREAM_ID_SET@@@Z
??0?$AutoCleanup@V?$AutoDelete@V?$Handle@VISubscription@@@@@@PAV?$Handle@VISubscription@@@@@@QAE@PAV?$Handle@VISubscription@@@@@Z
??0?$AutoCleanup@V?$AutoDelete@V?$SafeMap_Iterator@VStringKeyCI@@K@@@@PAV?$SafeMap_Iterator@VStringKeyCI@@K@@@@QAE@PAV?$SafeMap_Iterator@VStringKeyCI@@K@@@Z
??0?$AutoCleanup@V?$AutoDelete@V?$SafeMap_Iterator@W4WSManSessionOption@@PAVOptionValue@SessionOptions@Client@WSMan@@@@@@PAV?$SafeMap_Iterator@W4WSManSessionOption@@PAVOptionValue@SessionOptions@Client@WSMan@@@@@@QAE@PAV?$SafeMap_Iterator@W4WSManSessionOption@@PAVOptionValue@SessionOptions@Client@WSMan@@@@@Z
??0?$AutoCleanup@V?$AutoDelete@V?$SafeSet@PAVCCertMapping@@@@@@PAV?$SafeSet@PAVCCertMapping@@@@@@QAE@PAV?$SafeSet@PAVCCertMapping@@@@@Z
??0?$AutoCleanup@V?$AutoDelete@V?$SafeSet@PAVCShellUriSettings@@@@@@PAV?$SafeSet@PAVCShellUriSettings@@@@@@QAE@PAV?$SafeSet@PAVCShellUriSettings@@@@@Z
??0?$AutoCleanup@V?$AutoDelete@V?$SafeSet_Iterator@PAVCListenerOperation@@@@@@PAV?$SafeSet_Iterator@PAVCListenerOperation@@@@@@QAE@PAV?$SafeSet_Iterator@PAVCListenerOperation@@@@@Z
??0?$AutoCleanup@V?$AutoDelete@V?$SimpleStack@VCListenerOperation@@@@@@PAV?$SimpleStack@VCListenerOperation@@@@@@QAE@PAV?$SimpleStack@VCListenerOperation@@@@@Z
??0?$AutoCleanup@V?$AutoDelete@V?$SimpleStack@VShellHostEntry@@@@@@PAV?$SimpleStack@VShellHostEntry@@@@@@QAE@PAV?$SimpleStack@VShellHostEntry@@@@@Z
??0?$AutoCleanup@V?$AutoDelete@V?$set@PAVCListenerSettings@@VCListenerSettingsLessFunctor@CServiceConfigSettings@@V?$transport_allocator@PAVCListenerSettings@@@@@std@@@@PAV?$set@PAVCListenerSettings@@VCListenerSettingsLessFunctor@CServiceConfigSettings@@V?$transport_allocator@PAVCListenerSettings@@@@@std@@@@QAE@PAV?$set@PAVCListenerSettings@@VCListenerSettingsLessFunctor@CServiceConfigSettings@@V?$transport_allocator@PAVCListenerSettings@@@@@std@@@Z
??0?$AutoCleanup@V?$AutoDelete@V?$set@Usockaddr_storage@@VSockAddrLessFunctor@CListenerSettings@@V?$transport_allocator@Usockaddr_storage@@@@@std@@@@PAV?$set@Usockaddr_storage@@VSockAddrLessFunctor@CListenerSettings@@V?$transport_allocator@Usockaddr_storage@@@@@std@@@@QAE@PAV?$set@Usockaddr_storage@@VSockAddrLessFunctor@CListenerSettings@@V?$transport_allocator@Usockaddr_storage@@@@@std@@@Z
??0?$AutoCleanup@V?$AutoDelete@V?$vector@PAVHandleImpl@Client@WSMan@@V?$transport_allocator@PAVHandleImpl@Client@WSMan@@@@@std@@@@PAV?$vector@PAVHandleImpl@Client@WSMan@@V?$transport_allocator@PAVHandleImpl@Client@WSMan@@@@@std@@@@QAE@PAV?$vector@PAVHandleImpl@Client@WSMan@@V?$transport_allocator@PAVHandleImpl@Client@WSMan@@@@@std@@@Z
??0?$AutoCleanup@V?$AutoDelete@V?$vector@PAVIServiceConfigObserver@@V?$transport_allocator@PAVIServiceConfigObserver@@@@@std@@@@PAV?$vector@PAVIServiceConfigObserver@@V?$transport_allocator@PAVIServiceConfigObserver@@@@@std@@@@QAE@PAV?$vector@PAVIServiceConfigObserver@@V?$transport_allocator@PAVIServiceConfigObserver@@@@@std@@@Z
??0?$AutoCleanup@V?$AutoDelete@VAdminSid@CSecurity@@@@PAVAdminSid@CSecurity@@@@QAE@PAVAdminSid@CSecurity@@@Z
??0?$AutoCleanup@V?$AutoDelete@VBlockedRecord@@@@PAVBlockedRecord@@@@QAE@PAVBlockedRecord@@@Z
??0?$AutoCleanup@V?$AutoDelete@VCBaseConfigCache@@@@PAVCBaseConfigCache@@@@QAE@PAVCBaseConfigCache@@@Z
??0?$AutoCleanup@V?$AutoDelete@VCCertMapping@@@@PAVCCertMapping@@@@QAE@PAVCCertMapping@@@Z
??0?$AutoCleanup@V?$AutoDelete@VCConfigChangeSource@@@@PAVCConfigChangeSource@@@@QAE@PAVCConfigChangeSource@@@Z
??0?$AutoCleanup@V?$AutoDelete@VCListenerSettings@@@@PAVCListenerSettings@@@@QAE@PAVCListenerSettings@@@Z
??0?$AutoCleanup@V?$AutoDelete@VCObserverConfigChangeErrors@@@@PAVCObserverConfigChangeErrors@@@@QAE@PAVCObserverConfigChangeErrors@@@Z
??0?$AutoCleanup@V?$AutoDelete@VCServiceWatcher@CServiceConfigCache@@@@PAVCServiceWatcher@CServiceConfigCache@@@@QAE@PAVCServiceWatcher@CServiceConfigCache@@@Z
??0?$AutoCleanup@V?$AutoDelete@VCShellUriSettings@@@@PAVCShellUriSettings@@@@QAE@PAVCShellUriSettings@@@Z
??0?$AutoCleanup@V?$AutoDelete@VCWSManEPR@@@@PAVCWSManEPR@@@@QAE@PAVCWSManEPR@@@Z
??0?$AutoCleanup@V?$AutoDelete@VCWSManResource@@@@PAVCWSManResource@@@@QAE@PAVCWSManResource@@@Z
??0?$AutoCleanup@V?$AutoDelete@VCertHash@@@@PAVCertHash@@@@QAE@PAVCertHash@@@Z
??0?$AutoCleanup@V?$AutoDelete@VConfigUpdate@@@@PAVConfigUpdate@@@@QAE@PAVConfigUpdate@@@Z
??0?$AutoCleanup@V?$AutoDelete@VEnumSinkEx@@@@PAVEnumSinkEx@@@@QAE@PAVEnumSinkEx@@@Z
??0?$AutoCleanup@V?$AutoDelete@VEnumSinkEx@@@@PAVEnumSinkEx@@@@QAE@XZ
??0?$AutoCleanup@V?$AutoDelete@VEventHandler@WSMan@@@@PAVEventHandler@WSMan@@@@QAE@PAVEventHandler@WSMan@@@Z
??0?$AutoCleanup@V?$AutoDelete@VExpiredOperationIdRecord@@@@PAVExpiredOperationIdRecord@@@@QAE@PAVExpiredOperationIdRecord@@@Z
??0?$AutoCleanup@V?$AutoDelete@VGPApiManager@@@@PAVGPApiManager@@@@QAE@PAVGPApiManager@@@Z
??0?$AutoCleanup@V?$AutoDelete@VGeneralSinkEx@@@@PAVGeneralSinkEx@@@@QAE@PAVGeneralSinkEx@@@Z
??0?$AutoCleanup@V?$AutoDelete@VGeneralSinkEx@@@@PAVGeneralSinkEx@@@@QAE@XZ
??0?$AutoCleanup@V?$AutoDelete@VIChannelObserverFactory@@@@PAVIChannelObserverFactory@@@@QAE@PAVIChannelObserverFactory@@@Z
??0?$AutoCleanup@V?$AutoDelete@VIQueryDASHSMASHInterface@@@@PAVIQueryDASHSMASHInterface@@@@QAE@PAVIQueryDASHSMASHInterface@@@Z
??0?$AutoCleanup@V?$AutoDelete@VIQueryDASHSMASHInterface@@@@PAVIQueryDASHSMASHInterface@@@@QAE@XZ
??0?$AutoCleanup@V?$AutoDelete@VISpecification@@@@PAVISpecification@@@@QAE@PAVISpecification@@@Z
??0?$AutoCleanup@V?$AutoDelete@VISpecification@@@@PAVISpecification@@@@QAE@XZ
??0?$AutoCleanup@V?$AutoDelete@VInteractiveSid@CSecurity@@@@PAVInteractiveSid@CSecurity@@@@QAE@PAVInteractiveSid@CSecurity@@@Z
??0?$AutoCleanup@V?$AutoDelete@VIpHlpApiDllLoader@@@@PAVIpHlpApiDllLoader@@@@QAE@PAVIpHlpApiDllLoader@@@Z
??0?$AutoCleanup@V?$AutoDelete@VMachineName@@@@PAVMachineName@@@@QAE@PAVMachineName@@@Z
??0?$AutoCleanup@V?$AutoDelete@VNetworkServiceSid@CSecurity@@@@PAVNetworkServiceSid@CSecurity@@@@QAE@PAVNetworkServiceSid@CSecurity@@@Z
??0?$AutoCleanup@V?$AutoDelete@VNtDsApiDllLoader@@@@PAVNtDsApiDllLoader@@@@QAE@PAVNtDsApiDllLoader@@@Z
??0?$AutoCleanup@V?$AutoDelete@VOptionValue@SessionOptions@Client@WSMan@@@@PAVOptionValue@SessionOptions@Client@WSMan@@@@QAE@PAVOptionValue@SessionOptions@Client@WSMan@@@Z
??0?$AutoCleanup@V?$AutoDelete@VPacketCreator@@@@PAVPacketCreator@@@@QAE@PAVPacketCreator@@@Z
??0?$AutoCleanup@V?$AutoDelete@VPacketParser@@@@PAVPacketParser@@@@QAE@PAVPacketParser@@@Z
??0?$AutoCleanup@V?$AutoDelete@VResources@Locale@@@@PAVResources@Locale@@@@QAE@PAVResources@Locale@@@Z
??0?$AutoCleanup@V?$AutoDelete@VRunAsConfiguration@@@@PAVRunAsConfiguration@@@@QAE@PAVRunAsConfiguration@@@Z
??0?$AutoCleanup@V?$AutoDelete@VSafeBufferWrite@@@@PAVSafeBufferWrite@@@@QAE@PAVSafeBufferWrite@@@Z
??0?$AutoCleanup@V?$AutoDelete@VSecurityEntry@Catalog@@@@PAVSecurityEntry@Catalog@@@@QAE@PAVSecurityEntry@Catalog@@@Z
??0?$AutoCleanup@V?$AutoDelete@VSendPacketArgs@RobustConnectionBuffer@@@@PAVSendPacketArgs@RobustConnectionBuffer@@@@QAE@PAVSendPacketArgs@RobustConnectionBuffer@@@Z
??0?$AutoCleanup@V?$AutoDelete@VServiceSoapProcessor@@@@PAVServiceSoapProcessor@@@@QAE@PAVServiceSoapProcessor@@@Z
??0?$AutoCleanup@V?$AutoDelete@VShell32DllLoader@@@@PAVShell32DllLoader@@@@QAE@PAVShell32DllLoader@@@Z
??0?$AutoCleanup@V?$AutoDelete@VShlWApiDllLoader@@@@PAVShlWApiDllLoader@@@@QAE@PAVShlWApiDllLoader@@@Z
??0?$AutoCleanup@V?$AutoDelete@VSubscriptionEnumerator@@@@PAVSubscriptionEnumerator@@@@QAE@PAVSubscriptionEnumerator@@@Z
??0?$AutoCleanup@V?$AutoDelete@VSubscriptionManager@@@@PAVSubscriptionManager@@@@QAE@PAVSubscriptionManager@@@Z
??0?$AutoCleanup@V?$AutoDelete@VTSTRBUFFER@@@@PAVTSTRBUFFER@@@@QAE@PAVTSTRBUFFER@@@Z
??0?$AutoCleanup@V?$AutoDelete@VTSTRBUFFER@@@@PAVTSTRBUFFER@@@@QAE@XZ
??0?$AutoCleanup@V?$AutoDelete@VUniqueStringOverflow@@@@PAVUniqueStringOverflow@@@@QAE@PAVUniqueStringOverflow@@@Z
??0?$AutoCleanup@V?$AutoDelete@VUser32DllLoader@@@@PAVUser32DllLoader@@@@QAE@PAVUser32DllLoader@@@Z
??0?$AutoCleanup@V?$AutoDelete@VWSMANCONFIGTABLE_IDENTITY@@@@PAVWSMANCONFIGTABLE_IDENTITY@@@@QAE@PAVWSMANCONFIGTABLE_IDENTITY@@@Z
??0?$AutoCleanup@V?$AutoDelete@VWSManMemCryptManager@@@@PAVWSManMemCryptManager@@@@QAE@PAVWSManMemCryptManager@@@Z
??0?$AutoCleanup@V?$AutoDelete@VWmiEnumContext@@@@PAVWmiEnumContext@@@@QAE@PAVWmiEnumContext@@@Z
??0?$AutoCleanup@V?$AutoDelete@VWmiEnumContext@@@@PAVWmiEnumContext@@@@QAE@XZ
??0?$AutoCleanup@V?$AutoDelete@VXmlReader@@@@PAVXmlReader@@@@QAE@PAVXmlReader@@@Z
??0?$AutoCleanup@V?$AutoDeleteVector@$$CBG@@PBG@@QAE@PBG@Z
??0?$AutoCleanup@V?$AutoDeleteVector@D@@PAD@@QAE@PAD@Z
??0?$AutoCleanup@V?$AutoDeleteVector@E@@PAE@@QAE@PAE@Z
??0?$AutoCleanup@V?$AutoDeleteVector@E@@PAE@@QAE@XZ
??0?$AutoCleanup@V?$AutoDeleteVector@G@@PAG@@QAE@PAG@Z
??0?$AutoCleanup@V?$AutoDeleteVector@G@@PAG@@QAE@XZ
??0?$AutoCleanup@V?$AutoDeleteVector@H@@PAH@@QAE@PAH@Z
??0?$AutoCleanup@V?$AutoDeleteVector@PAG@@PAPAG@@QAE@PAPAG@Z
??0?$AutoCleanup@V?$AutoDeleteVector@PAG@@PAPAG@@QAE@XZ
??0?$AutoCleanup@V?$AutoDeleteVector@PBG@@PAPBG@@QAE@PAPBG@Z
??0?$AutoCleanup@V?$AutoDeleteVector@PBG@@PAPBG@@QAE@XZ
??0?$AutoCleanup@V?$AutoDeleteVector@U_CONFIG_UPDATE@@@@PAU_CONFIG_UPDATE@@@@QAE@PAU_CONFIG_UPDATE@@@Z
??0?$AutoCleanup@V?$AutoDeleteVector@U_WINRS_CREATE_SHELL_ENVIRONMENT_VARIABLE@@@@PAU_WINRS_CREATE_SHELL_ENVIRONMENT_VARIABLE@@@@QAE@PAU_WINRS_CREATE_SHELL_ENVIRONMENT_VARIABLE@@@Z
??0?$AutoCleanup@V?$AutoDeleteVector@U_WINRS_CREATE_SHELL_ENVIRONMENT_VARIABLE@@@@PAU_WINRS_CREATE_SHELL_ENVIRONMENT_VARIABLE@@@@QAE@XZ
??0?$AutoCleanup@V?$AutoDeleteVector@U_WINRS_RUN_COMMAND_ARG@@@@PAU_WINRS_RUN_COMMAND_ARG@@@@QAE@PAU_WINRS_RUN_COMMAND_ARG@@@Z
??0?$AutoCleanup@V?$AutoDeleteVector@U_WINRS_RUN_COMMAND_ARG@@@@PAU_WINRS_RUN_COMMAND_ARG@@@@QAE@XZ
??0?$AutoCleanup@V?$AutoDeleteVector@U_WSMAN_OPTION@@@@PAU_WSMAN_OPTION@@@@QAE@PAU_WSMAN_OPTION@@@Z
??0?$AutoCleanup@V?$AutoDeleteVector@X@@PAX@@QAE@PAX@Z
??0?$AutoCleanup@V?$AutoFree@E@@PAE@@QAE@PAE@Z
??0?$AutoCleanup@V?$AutoLocklessItemRecycle@VPacket@@@@PAVPacket@@@@QAE@PAVPacket@@@Z
??0?$AutoCleanup@V?$AutoRelease@UIAppHostAdminManager@@@@PAUIAppHostAdminManager@@@@QAE@PAUIAppHostAdminManager@@@Z
??0?$AutoCleanup@V?$AutoRelease@UIAppHostChildElementCollection@@@@PAUIAppHostChildElementCollection@@@@QAE@PAUIAppHostChildElementCollection@@@Z
??0?$AutoCleanup@V?$AutoRelease@UIAppHostConfigException@@@@PAUIAppHostConfigException@@@@QAE@PAUIAppHostConfigException@@@Z
??0?$AutoCleanup@V?$AutoRelease@UIAppHostElement@@@@PAUIAppHostElement@@@@QAE@PAUIAppHostElement@@@Z
??0?$AutoCleanup@V?$AutoRelease@UIAppHostElementCollection@@@@PAUIAppHostElementCollection@@@@QAE@PAUIAppHostElementCollection@@@Z
??0?$AutoCleanup@V?$AutoRelease@UIAppHostProperty@@@@PAUIAppHostProperty@@@@QAE@PAUIAppHostProperty@@@Z
??0?$AutoCleanup@V?$AutoRelease@UIAppHostPropertyCollection@@@@PAUIAppHostPropertyCollection@@@@QAE@PAUIAppHostPropertyCollection@@@Z
??0?$AutoCleanup@V?$AutoRelease@UIClientSecurity@@@@PAUIClientSecurity@@@@QAE@PAUIClientSecurity@@@Z
??0?$AutoCleanup@V?$AutoRelease@UIClientSecurity@@@@PAUIClientSecurity@@@@QAE@XZ
??0?$AutoCleanup@V?$AutoRelease@UIEnumWbemClassObject@@@@PAUIEnumWbemClassObject@@@@QAE@PAUIEnumWbemClassObject@@@Z
??0?$AutoCleanup@V?$AutoRelease@UIEnumWbemClassObject@@@@PAUIEnumWbemClassObject@@@@QAE@XZ
??0?$AutoCleanup@V?$AutoRelease@UIErrorInfo@@@@PAUIErrorInfo@@@@QAE@PAUIErrorInfo@@@Z
??0?$AutoCleanup@V?$AutoRelease@UIErrorInfo@@@@PAUIErrorInfo@@@@QAE@XZ
??0?$AutoCleanup@V?$AutoRelease@UIUnknown@@@@PAUIUnknown@@@@QAE@PAUIUnknown@@@Z
??0?$AutoCleanup@V?$AutoRelease@UIUnknown@@@@PAUIUnknown@@@@QAE@XZ
??0?$AutoCleanup@V?$AutoRelease@UIWbemClassObject@@@@PAUIWbemClassObject@@@@QAE@PAUIWbemClassObject@@@Z
??0?$AutoCleanup@V?$AutoRelease@UIWbemClassObject@@@@PAUIWbemClassObject@@@@QAE@XZ
??0?$AutoCleanup@V?$AutoRelease@UIWbemContext@@@@PAUIWbemContext@@@@QAE@PAUIWbemContext@@@Z
??0?$AutoCleanup@V?$AutoRelease@UIWbemContext@@@@PAUIWbemContext@@@@QAE@XZ
??0?$AutoCleanup@V?$AutoRelease@UIWbemLocator@@@@PAUIWbemLocator@@@@QAE@PAUIWbemLocator@@@Z
??0?$AutoCleanup@V?$AutoRelease@UIWbemLocator@@@@PAUIWbemLocator@@@@QAE@XZ
??0?$AutoCleanup@V?$AutoRelease@UIWbemObjectTextSrc@@@@PAUIWbemObjectTextSrc@@@@QAE@PAUIWbemObjectTextSrc@@@Z
??0?$AutoCleanup@V?$AutoRelease@UIWbemObjectTextSrc@@@@PAUIWbemObjectTextSrc@@@@QAE@XZ
??0?$AutoCleanup@V?$AutoRelease@UIWbemPath@@@@PAUIWbemPath@@@@QAE@PAUIWbemPath@@@Z
??0?$AutoCleanup@V?$AutoRelease@UIWbemPath@@@@PAUIWbemPath@@@@QAE@XZ
??0?$AutoCleanup@V?$AutoRelease@UIWbemPathKeyList@@@@PAUIWbemPathKeyList@@@@QAE@PAUIWbemPathKeyList@@@Z
??0?$AutoCleanup@V?$AutoRelease@UIWbemPathKeyList@@@@PAUIWbemPathKeyList@@@@QAE@XZ
??0?$AutoCleanup@V?$AutoRelease@UIWbemQualifierSet@@@@PAUIWbemQualifierSet@@@@QAE@PAUIWbemQualifierSet@@@Z
??0?$AutoCleanup@V?$AutoRelease@UIWbemQualifierSet@@@@PAUIWbemQualifierSet@@@@QAE@XZ
??0?$AutoCleanup@V?$AutoRelease@UIWbemQuery@@@@PAUIWbemQuery@@@@QAE@PAUIWbemQuery@@@Z
??0?$AutoCleanup@V?$AutoRelease@UIWbemQuery@@@@PAUIWbemQuery@@@@QAE@XZ
??0?$AutoCleanup@V?$AutoRelease@UIWbemServices@@@@PAUIWbemServices@@@@QAE@PAUIWbemServices@@@Z
??0?$AutoCleanup@V?$AutoRelease@UIWbemServices@@@@PAUIWbemServices@@@@QAE@XZ
??0?$AutoCleanup@V?$AutoRelease@VApplication@Client@WSMan@@@@PAVApplication@Client@WSMan@@@@QAE@PAVApplication@Client@WSMan@@@Z
??0?$AutoCleanup@V?$AutoRelease@VCBaseConfigCache@@@@PAVCBaseConfigCache@@@@QAE@PAVCBaseConfigCache@@@Z
??0?$AutoCleanup@V?$AutoRelease@VCClientConfigSettings@@@@PAVCClientConfigSettings@@@@QAE@PAVCClientConfigSettings@@@Z
??0?$AutoCleanup@V?$AutoRelease@VCCommonConfigSettings@@@@PAVCCommonConfigSettings@@@@QAE@PAVCCommonConfigSettings@@@Z
??0?$AutoCleanup@V?$AutoRelease@VCConfigCacheMap@CBaseConfigCache@@@@PAVCConfigCacheMap@CBaseConfigCache@@@@QAE@PAVCConfigCacheMap@CBaseConfigCache@@@Z
??0?$AutoCleanup@V?$AutoRelease@VCConfigManager@@@@PAVCConfigManager@@@@QAE@PAVCConfigManager@@@Z
??0?$AutoCleanup@V?$AutoRelease@VCRemoteOperation@@@@PAVCRemoteOperation@@@@QAE@PAVCRemoteOperation@@@Z
??0?$AutoCleanup@V?$AutoRelease@VCRemoteSession@@@@PAVCRemoteSession@@@@QAE@PAVCRemoteSession@@@Z
??0?$AutoCleanup@V?$AutoRelease@VCRequestContext@@@@PAVCRequestContext@@@@QAE@PAVCRequestContext@@@Z
??0?$AutoCleanup@V?$AutoRelease@VCServiceCommonConfigSettings@@@@PAVCServiceCommonConfigSettings@@@@QAE@PAVCServiceCommonConfigSettings@@@Z
??0?$AutoCleanup@V?$AutoRelease@VCServiceConfigCache@@@@PAVCServiceConfigCache@@@@QAE@PAVCServiceConfigCache@@@Z
??0?$AutoCleanup@V?$AutoRelease@VCServiceConfigSettings@@@@PAVCServiceConfigSettings@@@@QAE@PAVCServiceConfigSettings@@@Z
??0?$AutoCleanup@V?$AutoRelease@VCWSManEPR@@@@PAVCWSManEPR@@@@QAE@PAVCWSManEPR@@@Z
??0?$AutoCleanup@V?$AutoRelease@VCWSManEPR@@@@PAVCWSManEPR@@@@QAE@XZ
??0?$AutoCleanup@V?$AutoRelease@VCWSManGroupPolicyCache@@@@PAVCWSManGroupPolicyCache@@@@QAE@PAVCWSManGroupPolicyCache@@@Z
??0?$AutoCleanup@V?$AutoRelease@VCWSManGroupPolicyManager@@@@PAVCWSManGroupPolicyManager@@@@QAE@PAVCWSManGroupPolicyManager@@@Z
??0?$AutoCleanup@V?$AutoRelease@VCWSManObject@@@@PAVCWSManObject@@@@QAE@PAVCWSManObject@@@Z
??0?$AutoCleanup@V?$AutoRelease@VCWSManResource@@@@PAVCWSManResource@@@@QAE@PAVCWSManResource@@@Z
??0?$AutoCleanup@V?$AutoRelease@VCWinRSPluginConfigCache@@@@PAVCWinRSPluginConfigCache@@@@QAE@PAVCWinRSPluginConfigCache@@@Z
??0?$AutoCleanup@V?$AutoRelease@VCWinRSPluginConfigCache@@@@PAVCWinRSPluginConfigCache@@@@QAE@XZ
??0?$AutoCleanup@V?$AutoRelease@VCWinRSPluginConfigSettings@@@@PAVCWinRSPluginConfigSettings@@@@QAE@PAVCWinRSPluginConfigSettings@@@Z
??0?$AutoCleanup@V?$AutoRelease@VCommand@Client@WSMan@@@@PAVCommand@Client@WSMan@@@@QAE@PAVCommand@Client@WSMan@@@Z
??0?$AutoCleanup@V?$AutoRelease@VConfigNotification@@@@PAVConfigNotification@@@@QAE@PAVConfigNotification@@@Z
??0?$AutoCleanup@V?$AutoRelease@VConnectShellOperation@Client@WSMan@@@@PAVConnectShellOperation@Client@WSMan@@@@QAE@PAVConnectShellOperation@Client@WSMan@@@Z
??0?$AutoCleanup@V?$AutoRelease@VCreateShellOperation@Client@WSMan@@@@PAVCreateShellOperation@Client@WSMan@@@@QAE@PAVCreateShellOperation@Client@WSMan@@@Z
??0?$AutoCleanup@V?$AutoRelease@VDeleteShellOperation@Client@WSMan@@@@PAVDeleteShellOperation@Client@WSMan@@@@QAE@PAVDeleteShellOperation@Client@WSMan@@@Z
??0?$AutoCleanup@V?$AutoRelease@VDisconnectOperation@Client@WSMan@@@@PAVDisconnectOperation@Client@WSMan@@@@QAE@PAVDisconnectOperation@Client@WSMan@@@Z
??0?$AutoCleanup@V?$AutoRelease@VEnumSinkEx@@@@PAVEnumSinkEx@@@@QAE@PAVEnumSinkEx@@@Z
??0?$AutoCleanup@V?$AutoRelease@VEnumSinkEx@@@@PAVEnumSinkEx@@@@QAE@XZ
??0?$AutoCleanup@V?$AutoRelease@VGeneralSinkEx@@@@PAVGeneralSinkEx@@@@QAE@PAVGeneralSinkEx@@@Z
??0?$AutoCleanup@V?$AutoRelease@VGeneralSinkEx@@@@PAVGeneralSinkEx@@@@QAE@XZ
??0?$AutoCleanup@V?$AutoRelease@VIISConfigSettings@@@@PAVIISConfigSettings@@@@QAE@PAVIISConfigSettings@@@Z
??0?$AutoCleanup@V?$AutoRelease@VIPCSoapProcessor@@@@PAVIPCSoapProcessor@@@@QAE@PAVIPCSoapProcessor@@@Z
??0?$AutoCleanup@V?$AutoRelease@VIRequestContext@@@@PAVIRequestContext@@@@QAE@PAVIRequestContext@@@Z
??0?$AutoCleanup@V?$AutoRelease@VIRequestContext@@@@PAVIRequestContext@@@@QAE@XZ
??0?$AutoCleanup@V?$AutoRelease@VISubscription@@@@PAVISubscription@@@@QAE@PAVISubscription@@@Z
??0?$AutoCleanup@V?$AutoRelease@VInboundRequestDetails@@@@PAVInboundRequestDetails@@@@QAE@PAVInboundRequestDetails@@@Z
??0?$AutoCleanup@V?$AutoRelease@VReceiveOperation@Client@WSMan@@@@PAVReceiveOperation@Client@WSMan@@@@QAE@PAVReceiveOperation@Client@WSMan@@@Z
??0?$AutoCleanup@V?$AutoRelease@VReconnectOperation@Client@WSMan@@@@PAVReconnectOperation@Client@WSMan@@@@QAE@PAVReconnectOperation@Client@WSMan@@@Z
??0?$AutoCleanup@V?$AutoRelease@VSendOperation@Client@WSMan@@@@PAVSendOperation@Client@WSMan@@@@QAE@PAVSendOperation@Client@WSMan@@@Z
??0?$AutoCleanup@V?$AutoRelease@VShell@Client@WSMan@@@@PAVShell@Client@WSMan@@@@QAE@PAVShell@Client@WSMan@@@Z
??0?$AutoCleanup@V?$AutoRelease@VShellInfo@@@@PAVShellInfo@@@@QAE@PAVShellInfo@@@Z
??0?$AutoCleanup@V?$AutoRelease@VSignalOperation@Client@WSMan@@@@PAVSignalOperation@Client@WSMan@@@@QAE@PAVSignalOperation@Client@WSMan@@@Z
??0?$AutoCleanup@V?$AutoRelease@VUserRecord@@@@PAVUserRecord@@@@QAE@PAVUserRecord@@@Z
??0?$AutoCleanup@V?$AutoRelease@VWSManHttpListener@@@@PAVWSManHttpListener@@@@QAE@PAVWSManHttpListener@@@Z
??0?$AutoCleanup@V?$AutoReleaseEx@VHostMappingTableEntry@@@@PAVHostMappingTableEntry@@@@QAE@PAVHostMappingTableEntry@@@Z
??0?$AutoCleanup@V?$AutoReleaseEx@VShell@Client@WSMan@@@@PAVShell@Client@WSMan@@@@QAE@PAVShell@Client@WSMan@@@Z
??0?$AutoCleanup@VAutoBstr@@PAG@@QAE@PAG@Z
??0?$AutoCleanup@VAutoBstr@@PAG@@QAE@XZ
??0?$AutoCleanup@VAutoBstrNoAlloc@@PAG@@QAE@PAG@Z
??0?$AutoCleanup@VAutoBstrNoAlloc@@PAG@@QAE@XZ
??0?$AutoCleanup@VAutoCertContext@@PBU_CERT_CONTEXT@@@@QAE@PBU_CERT_CONTEXT@@@Z
??0?$AutoCleanup@VAutoCertContext@@PBU_CERT_CONTEXT@@@@QAE@XZ
??0?$AutoCleanup@VAutoChainContext@@PBU_CERT_CHAIN_CONTEXT@@@@QAE@PBU_CERT_CHAIN_CONTEXT@@@Z
??0?$AutoCleanup@VAutoChainContext@@PBU_CERT_CHAIN_CONTEXT@@@@QAE@XZ
??0?$AutoCleanup@VAutoCoTaskMemFree@@PAX@@QAE@PAX@Z
??0?$AutoCleanup@VAutoCoTaskMemFree@@PAX@@QAE@XZ
??0?$AutoCleanup@VAutoFwXmlCloseParser@@PAX@@QAE@PAX@Z
??0?$AutoCleanup@VAutoFwXmlCloseParser@@PAX@@QAE@XZ
??0?$AutoCleanup@VAutoHandle@@PAX@@QAE@PAX@Z
??0?$AutoCleanup@VAutoHandle@@PAX@@QAE@XZ
??0?$AutoCleanup@VAutoImpersonateUser@@PAX@@QAE@PAX@Z
??0?$AutoCleanup@VAutoImpersonateUser@@PAX@@QAE@XZ
??0?$AutoCleanup@VAutoLibrary@@PAUHINSTANCE__@@@@QAE@PAUHINSTANCE__@@@Z
??0?$AutoCleanup@VAutoLibrary@@PAUHINSTANCE__@@@@QAE@XZ
??0?$AutoCleanup@VAutoLocalFree@@PAX@@QAE@PAX@Z
??0?$AutoCleanup@VAutoLocalFree@@PAX@@QAE@XZ
??0?$AutoCleanup@VAutoMIClass@@PAU_MI_Class@@@@QAE@PAU_MI_Class@@@Z
??0?$AutoCleanup@VAutoMIClass@@PAU_MI_Class@@@@QAE@XZ
??0?$AutoCleanup@VAutoMIInstance@@PAU_MI_Instance@@@@QAE@PAU_MI_Instance@@@Z
??0?$AutoCleanup@VAutoMIInstance@@PAU_MI_Instance@@@@QAE@XZ
??0?$AutoCleanup@VAutoObject@@PAUWSMAN_OBJECT@@@@QAE@PAUWSMAN_OBJECT@@@Z
??0?$AutoCleanup@VAutoObject@@PAUWSMAN_OBJECT@@@@QAE@XZ
??0?$AutoCleanup@VAutoRegKey@@PAUHKEY__@@@@QAE@PAUHKEY__@@@Z
??0?$AutoCleanup@VAutoRegKey@@PAUHKEY__@@@@QAE@XZ
??0?$AutoCleanup@VAutoSecurityDescriptor@@PAX@@QAE@PAX@Z
??0?$AutoCleanup@VAutoSecurityDescriptor@@PAX@@QAE@XZ
??0?$AutoCleanup@VAutoWaitHandle@@PAX@@QAE@PAX@Z
??0?$AutoCleanup@VAutoWaitHandle@@PAX@@QAE@XZ
??0?$AutoDelete@D@@QAE@XZ
??0?$AutoDelete@G@@QAE@PAG@Z
??0?$AutoDelete@G@@QAE@XZ
??0?$AutoDelete@UIPRange@CWSManIPFilter@@@@QAE@XZ
??0?$AutoDelete@U_SID@@@@QAE@PAU_SID@@@Z
??0?$AutoDelete@U_WSMAN_STREAM_ID_SET@@@@QAE@PAU_WSMAN_STREAM_ID_SET@@@Z
??0?$AutoDelete@V?$Handle@VISubscription@@@@@@QAE@PAV?$Handle@VISubscription@@@@@Z
??0?$AutoDelete@V?$SafeMap_Iterator@VStringKeyCI@@K@@@@QAE@XZ
??0?$AutoDelete@V?$SafeMap_Iterator@W4WSManSessionOption@@PAVOptionValue@SessionOptions@Client@WSMan@@@@@@QAE@XZ
??0?$AutoDelete@V?$SafeSet@PAVCCertMapping@@@@@@QAE@PAV?$SafeSet@PAVCCertMapping@@@@@Z
??0?$AutoDelete@V?$SafeSet@PAVCCertMapping@@@@@@QAE@XZ
??0?$AutoDelete@V?$SafeSet@PAVCShellUriSettings@@@@@@QAE@PAV?$SafeSet@PAVCShellUriSettings@@@@@Z
??0?$AutoDelete@V?$SafeSet@PAVCShellUriSettings@@@@@@QAE@XZ
??0?$AutoDelete@V?$SafeSet_Iterator@PAVCListenerOperation@@@@@@QAE@XZ
??0?$AutoDelete@V?$SimpleStack@VCListenerOperation@@@@@@QAE@XZ
??0?$AutoDelete@V?$SimpleStack@VShellHostEntry@@@@@@QAE@XZ
??0?$AutoDelete@V?$set@PAVCListenerSettings@@VCListenerSettingsLessFunctor@CServiceConfigSettings@@V?$transport_allocator@PAVCListenerSettings@@@@@std@@@@QAE@PAV?$set@PAVCListenerSettings@@VCListenerSettingsLessFunctor@CServiceConfigSettings@@V?$transport_allocator@PAVCListenerSettings@@@@@std@@@Z
??0?$AutoDelete@V?$set@PAVCListenerSettings@@VCListenerSettingsLessFunctor@CServiceConfigSettings@@V?$transport_allocator@PAVCListenerSettings@@@@@std@@@@QAE@XZ
??0?$AutoDelete@V?$set@Usockaddr_storage@@VSockAddrLessFunctor@CListenerSettings@@V?$transport_allocator@Usockaddr_storage@@@@@std@@@@QAE@XZ
??0?$AutoDelete@V?$vector@PAVHandleImpl@Client@WSMan@@V?$transport_allocator@PAVHandleImpl@Client@WSMan@@@@@std@@@@QAE@XZ
??0?$AutoDelete@V?$vector@PAVIServiceConfigObserver@@V?$transport_allocator@PAVIServiceConfigObserver@@@@@std@@@@QAE@XZ
??0?$AutoDelete@VAdminSid@CSecurity@@@@QAE@PAVAdminSid@CSecurity@@@Z
??0?$AutoDelete@VBlockedRecord@@@@QAE@XZ
??0?$AutoDelete@VCBaseConfigCache@@@@QAE@PAVCBaseConfigCache@@@Z
??0?$AutoDelete@VCCertMapping@@@@QAE@PAVCCertMapping@@@Z
??0?$AutoDelete@VCConfigChangeSource@@@@QAE@XZ
??0?$AutoDelete@VCListenerSettings@@@@QAE@PAVCListenerSettings@@@Z
??0?$AutoDelete@VCObserverConfigChangeErrors@@@@QAE@XZ
??0?$AutoDelete@VCServiceWatcher@CServiceConfigCache@@@@QAE@PAVCServiceWatcher@CServiceConfigCache@@@Z
??0?$AutoDelete@VCServiceWatcher@CServiceConfigCache@@@@QAE@XZ
??0?$AutoDelete@VCShellUriSettings@@@@QAE@PAVCShellUriSettings@@@Z
??0?$AutoDelete@VCWSManEPR@@@@QAE@PAVCWSManEPR@@@Z
??0?$AutoDelete@VCWSManResource@@@@QAE@PAVCWSManResource@@@Z
??0?$AutoDelete@VCWSManResource@@@@QAE@XZ
??0?$AutoDelete@VCertHash@@@@QAE@PAVCertHash@@@Z
??0?$AutoDelete@VCertHash@@@@QAE@XZ
??0?$AutoDelete@VConfigUpdate@@@@QAE@PAVConfigUpdate@@@Z
??0?$AutoDelete@VConfigUpdate@@@@QAE@XZ
??0?$AutoDelete@VEnumSinkEx@@@@QAE@PAVEnumSinkEx@@@Z
??0?$AutoDelete@VEnumSinkEx@@@@QAE@XZ
??0?$AutoDelete@VEventHandler@WSMan@@@@QAE@PAVEventHandler@WSMan@@@Z
??0?$AutoDelete@VExpiredOperationIdRecord@@@@QAE@PAVExpiredOperationIdRecord@@@Z
??0?$AutoDelete@VGPApiManager@@@@QAE@XZ
??0?$AutoDelete@VGeneralSinkEx@@@@QAE@PAVGeneralSinkEx@@@Z
??0?$AutoDelete@VGeneralSinkEx@@@@QAE@XZ
??0?$AutoDelete@VIChannelObserverFactory@@@@QAE@PAVIChannelObserverFactory@@@Z
??0?$AutoDelete@VIChannelObserverFactory@@@@QAE@XZ
??0?$AutoDelete@VIQueryDASHSMASHInterface@@@@QAE@PAVIQueryDASHSMASHInterface@@@Z
??0?$AutoDelete@VIQueryDASHSMASHInterface@@@@QAE@XZ
??0?$AutoDelete@VISpecification@@@@QAE@PAVISpecification@@@Z
??0?$AutoDelete@VISpecification@@@@QAE@XZ
??0?$AutoDelete@VInteractiveSid@CSecurity@@@@QAE@PAVInteractiveSid@CSecurity@@@Z
??0?$AutoDelete@VIpHlpApiDllLoader@@@@QAE@PAVIpHlpApiDllLoader@@@Z
??0?$AutoDelete@VMachineName@@@@QAE@PAVMachineName@@@Z
??0?$AutoDelete@VNetworkServiceSid@CSecurity@@@@QAE@PAVNetworkServiceSid@CSecurity@@@Z
??0?$AutoDelete@VNtDsApiDllLoader@@@@QAE@PAVNtDsApiDllLoader@@@Z
??0?$AutoDelete@VOptionValue@SessionOptions@Client@WSMan@@@@QAE@PAVOptionValue@SessionOptions@Client@WSMan@@@Z
??0?$AutoDelete@VPacketCreator@@@@QAE@PAVPacketCreator@@@Z
??0?$AutoDelete@VPacketCreator@@@@QAE@XZ
??0?$AutoDelete@VPacketParser@@@@QAE@XZ
??0?$AutoDelete@VResources@Locale@@@@QAE@PAVResources@Locale@@@Z
??0?$AutoDelete@VRunAsConfiguration@@@@QAE@PAVRunAsConfiguration@@@Z
??0?$AutoDelete@VSafeBufferWrite@@@@QAE@PAVSafeBufferWrite@@@Z
??0?$AutoDelete@VSecurityEntry@Catalog@@@@QAE@PAVSecurityEntry@Catalog@@@Z
??0?$AutoDelete@VSendPacketArgs@RobustConnectionBuffer@@@@QAE@PAVSendPacketArgs@RobustConnectionBuffer@@@Z
??0?$AutoDelete@VServiceSoapProcessor@@@@QAE@XZ
??0?$AutoDelete@VShell32DllLoader@@@@QAE@PAVShell32DllLoader@@@Z
??0?$AutoDelete@VShlWApiDllLoader@@@@QAE@PAVShlWApiDllLoader@@@Z
??0?$AutoDelete@VSubscriptionEnumerator@@@@QAE@XZ
??0?$AutoDelete@VSubscriptionManager@@@@QAE@PAVSubscriptionManager@@@Z
??0?$AutoDelete@VTSTRBUFFER@@@@QAE@PAVTSTRBUFFER@@@Z
??0?$AutoDelete@VTSTRBUFFER@@@@QAE@XZ
??0?$AutoDelete@VUniqueStringOverflow@@@@QAE@XZ
??0?$AutoDelete@VUser32DllLoader@@@@QAE@PAVUser32DllLoader@@@Z
??0?$AutoDelete@VWSMANCONFIGTABLE_IDENTITY@@@@QAE@PAVWSMANCONFIGTABLE_IDENTITY@@@Z
??0?$AutoDelete@VWSManMemCryptManager@@@@QAE@PAVWSManMemCryptManager@@@Z
??0?$AutoDelete@VWmiEnumContext@@@@QAE@PAVWmiEnumContext@@@Z
??0?$AutoDelete@VWmiEnumContext@@@@QAE@XZ
??0?$AutoDelete@VXmlReader@@@@QAE@PAVXmlReader@@@Z
??0?$AutoDelete@VXmlReader@@@@QAE@XZ
??0?$AutoDeleteVector@$$CBG@@QAE@XZ
??0?$AutoDeleteVector@D@@QAE@PAD@Z
??0?$AutoDeleteVector@D@@QAE@XZ
??0?$AutoDeleteVector@E@@QAE@PAE@Z
??0?$AutoDeleteVector@E@@QAE@XZ
??0?$AutoDeleteVector@G@@QAE@PAG@Z
??0?$AutoDeleteVector@G@@QAE@XZ
??0?$AutoDeleteVector@H@@QAE@PAH@Z
??0?$AutoDeleteVector@PAG@@QAE@PAPAG@Z
??0?$AutoDeleteVector@PAG@@QAE@XZ
??0?$AutoDeleteVector@PBG@@QAE@PAPBG@Z
??0?$AutoDeleteVector@PBG@@QAE@XZ
??0?$AutoDeleteVector@U_CONFIG_UPDATE@@@@QAE@XZ
??0?$AutoDeleteVector@U_WINRS_CREATE_SHELL_ENVIRONMENT_VARIABLE@@@@QAE@PAU_WINRS_CREATE_SHELL_ENVIRONMENT_VARIABLE@@@Z
??0?$AutoDeleteVector@U_WINRS_CREATE_SHELL_ENVIRONMENT_VARIABLE@@@@QAE@XZ
??0?$AutoDeleteVector@U_WINRS_RUN_COMMAND_ARG@@@@QAE@PAU_WINRS_RUN_COMMAND_ARG@@@Z
??0?$AutoDeleteVector@U_WINRS_RUN_COMMAND_ARG@@@@QAE@XZ
??0?$AutoDeleteVector@U_WSMAN_OPTION@@@@QAE@PAU_WSMAN_OPTION@@@Z
??0?$AutoDeleteVector@U_WSMAN_OPTION@@@@QAE@XZ
??0?$AutoDeleteVector@X@@QAE@PAX@Z
??0?$AutoDeleteVector@X@@QAE@XZ
??0?$AutoFree@E@@QAE@PAE@Z
??0?$AutoFree@E@@QAE@XZ
??0?$AutoLocklessItemRecycle@VPacket@@@@QAE@PAVPacket@@@Z
??0?$AutoLocklessItemRecycle@VPacket@@@@QAE@XZ
??0?$AutoRelease@UIAppHostAdminManager@@@@QAE@PAUIAppHostAdminManager@@@Z
??0?$AutoRelease@UIAppHostChildElementCollection@@@@QAE@XZ
??0?$AutoRelease@UIAppHostConfigException@@@@QAE@PAUIAppHostConfigException@@@Z
??0?$AutoRelease@UIAppHostElement@@@@QAE@PAUIAppHostElement@@@Z
??0?$AutoRelease@UIAppHostElement@@@@QAE@XZ
??0?$AutoRelease@UIAppHostElementCollection@@@@QAE@XZ
??0?$AutoRelease@UIAppHostProperty@@@@QAE@XZ
??0?$AutoRelease@UIAppHostPropertyCollection@@@@QAE@XZ
??0?$AutoRelease@UIClientSecurity@@@@QAE@PAUIClientSecurity@@@Z
??0?$AutoRelease@UIClientSecurity@@@@QAE@XZ
??0?$AutoRelease@UIEnumWbemClassObject@@@@QAE@PAUIEnumWbemClassObject@@@Z
??0?$AutoRelease@UIEnumWbemClassObject@@@@QAE@XZ
??0?$AutoRelease@UIErrorInfo@@@@QAE@PAUIErrorInfo@@@Z
??0?$AutoRelease@UIErrorInfo@@@@QAE@XZ
??0?$AutoRelease@UIUnknown@@@@QAE@PAUIUnknown@@@Z
??0?$AutoRelease@UIUnknown@@@@QAE@XZ
??0?$AutoRelease@UIWbemClassObject@@@@QAE@PAUIWbemClassObject@@@Z
??0?$AutoRelease@UIWbemClassObject@@@@QAE@XZ
??0?$AutoRelease@UIWbemContext@@@@QAE@PAUIWbemContext@@@Z
??0?$AutoRelease@UIWbemContext@@@@QAE@XZ
??0?$AutoRelease@UIWbemLocator@@@@QAE@PAUIWbemLocator@@@Z
??0?$AutoRelease@UIWbemLocator@@@@QAE@XZ
??0?$AutoRelease@UIWbemObjectTextSrc@@@@QAE@PAUIWbemObjectTextSrc@@@Z
??0?$AutoRelease@UIWbemObjectTextSrc@@@@QAE@XZ
??0?$AutoRelease@UIWbemPath@@@@QAE@PAUIWbemPath@@@Z
??0?$AutoRelease@UIWbemPath@@@@QAE@XZ
??0?$AutoRelease@UIWbemPathKeyList@@@@QAE@PAUIWbemPathKeyList@@@Z
??0?$AutoRelease@UIWbemPathKeyList@@@@QAE@XZ
??0?$AutoRelease@UIWbemQualifierSet@@@@QAE@PAUIWbemQualifierSet@@@Z
??0?$AutoRelease@UIWbemQualifierSet@@@@QAE@XZ
??0?$AutoRelease@UIWbemQuery@@@@QAE@PAUIWbemQuery@@@Z
??0?$AutoRelease@UIWbemQuery@@@@QAE@XZ
??0?$AutoRelease@UIWbemServices@@@@QAE@PAUIWbemServices@@@Z
??0?$AutoRelease@UIWbemServices@@@@QAE@XZ
??0?$AutoRelease@VApplication@Client@WSMan@@@@QAE@XZ
??0?$AutoRelease@VCBaseConfigCache@@@@QAE@PAVCBaseConfigCache@@@Z
??0?$AutoRelease@VCClientConfigSettings@@@@QAE@PAVCClientConfigSettings@@@Z
??0?$AutoRelease@VCClientConfigSettings@@@@QAE@XZ
??0?$AutoRelease@VCCommonConfigSettings@@@@QAE@PAVCCommonConfigSettings@@@Z
??0?$AutoRelease@VCCommonConfigSettings@@@@QAE@XZ
??0?$AutoRelease@VCConfigCacheMap@CBaseConfigCache@@@@QAE@PAVCConfigCacheMap@CBaseConfigCache@@@Z
??0?$AutoRelease@VCConfigCacheMap@CBaseConfigCache@@@@QAE@XZ
??0?$AutoRelease@VCConfigManager@@@@QAE@PAVCConfigManager@@@Z
??0?$AutoRelease@VCConfigManager@@@@QAE@XZ
??0?$AutoRelease@VCRemoteOperation@@@@QAE@PAVCRemoteOperation@@@Z
??0?$AutoRelease@VCRemoteSession@@@@QAE@PAVCRemoteSession@@@Z
??0?$AutoRelease@VCRemoteSession@@@@QAE@XZ
??0?$AutoRelease@VCRequestContext@@@@QAE@PAVCRequestContext@@@Z
??0?$AutoRelease@VCRequestContext@@@@QAE@XZ
??0?$AutoRelease@VCServiceCommonConfigSettings@@@@QAE@PAVCServiceCommonConfigSettings@@@Z
??0?$AutoRelease@VCServiceCommonConfigSettings@@@@QAE@XZ
??0?$AutoRelease@VCServiceConfigCache@@@@QAE@PAVCServiceConfigCache@@@Z
??0?$AutoRelease@VCServiceConfigCache@@@@QAE@XZ
??0?$AutoRelease@VCServiceConfigSettings@@@@QAE@PAVCServiceConfigSettings@@@Z
??0?$AutoRelease@VCServiceConfigSettings@@@@QAE@XZ
??0?$AutoRelease@VCWSManEPR@@@@QAE@PAVCWSManEPR@@@Z
??0?$AutoRelease@VCWSManEPR@@@@QAE@XZ
??0?$AutoRelease@VCWSManGroupPolicyCache@@@@QAE@PAVCWSManGroupPolicyCache@@@Z
??0?$AutoRelease@VCWSManGroupPolicyManager@@@@QAE@PAVCWSManGroupPolicyManager@@@Z
??0?$AutoRelease@VCWSManObject@@@@QAE@PAVCWSManObject@@@Z
??0?$AutoRelease@VCWSManResource@@@@QAE@PAVCWSManResource@@@Z
??0?$AutoRelease@VCWSManResource@@@@QAE@XZ
??0?$AutoRelease@VCWinRSPluginConfigCache@@@@QAE@PAVCWinRSPluginConfigCache@@@Z
??0?$AutoRelease@VCWinRSPluginConfigCache@@@@QAE@XZ
??0?$AutoRelease@VCWinRSPluginConfigSettings@@@@QAE@PAVCWinRSPluginConfigSettings@@@Z
??0?$AutoRelease@VCommand@Client@WSMan@@@@QAE@PAVCommand@Client@WSMan@@@Z
??0?$AutoRelease@VConfigNotification@@@@QAE@PAVConfigNotification@@@Z
??0?$AutoRelease@VConnectShellOperation@Client@WSMan@@@@QAE@PAVConnectShellOperation@Client@WSMan@@@Z
??0?$AutoRelease@VCreateShellOperation@Client@WSMan@@@@QAE@PAVCreateShellOperation@Client@WSMan@@@Z
??0?$AutoRelease@VDeleteShellOperation@Client@WSMan@@@@QAE@PAVDeleteShellOperation@Client@WSMan@@@Z
??0?$AutoRelease@VDisconnectOperation@Client@WSMan@@@@QAE@PAVDisconnectOperation@Client@WSMan@@@Z
??0?$AutoRelease@VEnumSinkEx@@@@QAE@PAVEnumSinkEx@@@Z
??0?$AutoRelease@VEnumSinkEx@@@@QAE@XZ
??0?$AutoRelease@VGeneralSinkEx@@@@QAE@PAVGeneralSinkEx@@@Z
??0?$AutoRelease@VGeneralSinkEx@@@@QAE@XZ
??0?$AutoRelease@VIISConfigSettings@@@@QAE@XZ
??0?$AutoRelease@VIPCSoapProcessor@@@@QAE@PAVIPCSoapProcessor@@@Z
??0?$AutoRelease@VIRequestContext@@@@QAE@PAVIRequestContext@@@Z
??0?$AutoRelease@VIRequestContext@@@@QAE@XZ
??0?$AutoRelease@VISubscription@@@@QAE@PAVISubscription@@@Z
??0?$AutoRelease@VInboundRequestDetails@@@@QAE@XZ
??0?$AutoRelease@VReceiveOperation@Client@WSMan@@@@QAE@PAVReceiveOperation@Client@WSMan@@@Z
??0?$AutoRelease@VReconnectOperation@Client@WSMan@@@@QAE@PAVReconnectOperation@Client@WSMan@@@Z
??0?$AutoRelease@VSendOperation@Client@WSMan@@@@QAE@PAVSendOperation@Client@WSMan@@@Z
??0?$AutoRelease@VShell@Client@WSMan@@@@QAE@PAVShell@Client@WSMan@@@Z
??0?$AutoRelease@VShellInfo@@@@QAE@XZ
??0?$AutoRelease@VSignalOperation@Client@WSMan@@@@QAE@PAVSignalOperation@Client@WSMan@@@Z
??0?$AutoRelease@VUserRecord@@@@QAE@XZ
??0?$AutoRelease@VWSManHttpListener@@@@QAE@PAVWSManHttpListener@@@Z
??0?$AutoReleaseEx@VHostMappingTableEntry@@@@QAE@XZ
??0?$AutoReleaseEx@VShell@Client@WSMan@@@@QAE@PAVShell@Client@WSMan@@@Z
??0?$ILoader@VAdminSid@CSecurity@@@@QAE@P8AdminSid@CSecurity@@AE_NAAVIRequestContext@@@Z1@Z
??0?$ILoader@VEventHandler@WSMan@@@@QAE@P8EventHandler@WSMan@@AE_NAAVIRequestContext@@@Z1@Z
??0?$ILoader@VInteractiveSid@CSecurity@@@@QAE@P8InteractiveSid@CSecurity@@AE_NAAVIRequestContext@@@Z1@Z
??0?$ILoader@VIpHlpApiDllLoader@@@@QAE@P8IpHlpApiDllLoader@@AE_NAAVIRequestContext@@@Z1@Z
??0?$ILoader@VMachineName@@@@QAE@P8MachineName@@AE_NAAVIRequestContext@@@Z1@Z
??0?$ILoader@VNetworkServiceSid@CSecurity@@@@QAE@P8NetworkServiceSid@CSecurity@@AE_NAAVIRequestContext@@@Z1@Z
??0?$ILoader@VNtDsApiDllLoader@@@@QAE@P8NtDsApiDllLoader@@AE_NAAVIRequestContext@@@Z1@Z
??0?$ILoader@VResources@Locale@@@@QAE@P8Resources@Locale@@AE_NAAVIRequestContext@@@Z1@Z
??0?$ILoader@VShell32DllLoader@@@@QAE@P8Shell32DllLoader@@AE_NAAVIRequestContext@@@Z1@Z
??0?$ILoader@VShlWApiDllLoader@@@@QAE@P8ShlWApiDllLoader@@AE_NAAVIRequestContext@@@Z1@Z
??0?$ILoader@VSubscriptionManager@@@@QAE@P8SubscriptionManager@@AE_NAAVIRequestContext@@@Z1@Z
??0?$ILoader@VUser32DllLoader@@@@QAE@P8User32DllLoader@@AE_NAAVIRequestContext@@@Z1@Z
??0?$ILoader@VWSManMemCryptManager@@@@QAE@P8WSManMemCryptManager@@AE_NAAVIRequestContext@@@Z1@Z
??0?$Loader@VAdminSid@CSecurity@@$00@@QAE@XZ
??0?$Loader@VEventHandler@WSMan@@$00@@QAE@XZ
??0?$Loader@VInteractiveSid@CSecurity@@$00@@QAE@XZ
??0?$Loader@VIpHlpApiDllLoader@@$00@@QAE@XZ
??0?$Loader@VMachineName@@$00@@QAE@XZ
??0?$Loader@VNetworkServiceSid@CSecurity@@$00@@QAE@XZ
??0?$Loader@VNtDsApiDllLoader@@$00@@QAE@XZ
??0?$Loader@VResources@Locale@@$0A@@@QAE@XZ
??0?$Loader@VShell32DllLoader@@$00@@QAE@XZ
??0?$Loader@VShlWApiDllLoader@@$00@@QAE@XZ
??0?$Loader@VUser32DllLoader@@$00@@QAE@XZ
??0?$Loader@VWSManMemCryptManager@@$00@@QAE@XZ
??0?$LoaderSerializer@VAdminSid@CSecurity@@$00@@QAE@P8AdminSid@CSecurity@@AE_NAAVIRequestContext@@@Z1@Z
??0?$LoaderSerializer@VEventHandler@WSMan@@$00@@QAE@P8EventHandler@WSMan@@AE_NAAVIRequestContext@@@Z1@Z
??0?$LoaderSerializer@VInteractiveSid@CSecurity@@$00@@QAE@P8InteractiveSid@CSecurity@@AE_NAAVIRequestContext@@@Z1@Z
??0?$LoaderSerializer@VIpHlpApiDllLoader@@$00@@QAE@P8IpHlpApiDllLoader@@AE_NAAVIRequestContext@@@Z1@Z
??0?$LoaderSerializer@VMachineName@@$00@@QAE@P8MachineName@@AE_NAAVIRequestContext@@@Z1@Z
??0?$LoaderSerializer@VNetworkServiceSid@CSecurity@@$00@@QAE@P8NetworkServiceSid@CSecurity@@AE_NAAVIRequestContext@@@Z1@Z
??0?$LoaderSerializer@VNtDsApiDllLoader@@$00@@QAE@P8NtDsApiDllLoader@@AE_NAAVIRequestContext@@@Z1@Z
??0?$LoaderSerializer@VResources@Locale@@$0A@@@QAE@P8Resources@Locale@@AE_NAAVIRequestContext@@@Z1@Z
??0?$LoaderSerializer@VShell32DllLoader@@$00@@QAE@P8Shell32DllLoader@@AE_NAAVIRequestContext@@@Z1@Z
??0?$LoaderSerializer@VShlWApiDllLoader@@$00@@QAE@P8ShlWApiDllLoader@@AE_NAAVIRequestContext@@@Z1@Z
??0?$LoaderSerializer@VSubscriptionManager@@$01@@QAE@P8SubscriptionManager@@AE_NAAVIRequestContext@@@Z1@Z
??0?$LoaderSerializer@VUser32DllLoader@@$00@@QAE@P8User32DllLoader@@AE_NAAVIRequestContext@@@Z1@Z
??0?$LoaderSerializer@VWSManMemCryptManager@@$00@@QAE@P8WSManMemCryptManager@@AE_NAAVIRequestContext@@@Z1@Z
??0?$PacketElement@K@PacketParser@@QAE@XZ
??0?$PacketElement@PAU_FWXML_ELEMENT@@@PacketParser@@QAE@XZ
??0?$PacketElement@PBG@PacketParser@@QAE@XZ
??0?$PacketElement@_K@PacketParser@@QAE@XZ
??0?$SafeMap@PAVCCertMapping@@UEmpty@@V?$SafeSet_Iterator@PAVCCertMapping@@@@@@QAE@XZ
??0?$SafeMap@PAVCListenerOperation@@UEmpty@@V?$SafeSet_Iterator@PAVCListenerOperation@@@@@@QAE@XZ
??0?$SafeMap@PAVCShellUriSettings@@UEmpty@@V?$SafeSet_Iterator@PAVCShellUriSettings@@@@@@QAE@XZ
??0?$SafeMap@PAXUEmpty@@V?$SafeSet_Iterator@PAX@@@@QAE@XZ
??0?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@QAE@XZ
??0?$SafeMap@UUserKey@@PAVBlockedRecord@@V?$SafeMap_Iterator@UUserKey@@PAVBlockedRecord@@@@@@QAE@XZ
??0?$SafeMap@VCertThumbprintKey@@VCertThumbprintMappedSet@CServiceConfigSettings@@V?$SafeMap_Iterator@VCertThumbprintKey@@VCertThumbprintMappedSet@CServiceConfigSettings@@@@@@QAE@XZ
??0?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAE@XZ
??0?$SafeMap@VStringKeyCI@@KV?$SafeMap_Iterator@VStringKeyCI@@K@@@@QAE@XZ
??0?$SafeMap@VStringKeyCI@@UUSER_CONTEXT_INFO@WSManHttpListener@@V?$SafeMap_Iterator@VStringKeyCI@@UUSER_CONTEXT_INFO@WSManHttpListener@@@@@@QAE@XZ
??0?$SafeMap@VStringKeyStore@@PAVExpiredOperationIdRecord@@V?$SafeMap_Iterator@VStringKeyStore@@PAVExpiredOperationIdRecord@@@@@@QAE@XZ
??0?$SafeMap@VStringKeyStore@@PAVServerFullDuplexChannel@@V?$SafeMap_Iterator@VStringKeyStore@@PAVServerFullDuplexChannel@@@@@@QAE@XZ
??0?$SafeMap@W4WSManSessionOption@@PAVOptionValue@SessionOptions@Client@WSMan@@V?$SafeMap_Iterator@W4WSManSessionOption@@PAVOptionValue@SessionOptions@Client@WSMan@@@@@@QAE@XZ
??0?$SafeMap@_KPAVSendPacketArgs@RobustConnectionBuffer@@V?$SafeMap_Iterator@_KPAVSendPacketArgs@RobustConnectionBuffer@@@@@@QAE@XZ
??0?$SafeMap_Iterator@PAVCCertMapping@@UEmpty@@@@QAE@AAV?$SafeMap@PAVCCertMapping@@UEmpty@@V?$SafeMap_Iterator@PAVCCertMapping@@UEmpty@@@@@@_N@Z
??0?$SafeMap_Iterator@PAVCListenerOperation@@UEmpty@@@@QAE@AAV?$SafeMap@PAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PAVCListenerOperation@@UEmpty@@@@@@_N@Z
??0?$SafeMap_Iterator@PAVCShellUriSettings@@UEmpty@@@@QAE@AAV?$SafeMap@PAVCShellUriSettings@@UEmpty@@V?$SafeMap_Iterator@PAVCShellUriSettings@@UEmpty@@@@@@_N@Z
??0?$SafeMap_Iterator@PAXUEmpty@@@@QAE@AAV?$SafeMap@PAXUEmpty@@V?$SafeMap_Iterator@PAXUEmpty@@@@@@_N@Z
??0?$SafeMap_Iterator@UPluginKey@@K@@QAE@AAV?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@_N@Z
??0?$SafeMap_Iterator@UUserKey@@PAVBlockedRecord@@@@QAE@AAV?$SafeMap@UUserKey@@PAVBlockedRecord@@V?$SafeMap_Iterator@UUserKey@@PAVBlockedRecord@@@@@@_N@Z
??0?$SafeMap_Iterator@VCertThumbprintKey@@VCertThumbprintMappedSet@CServiceConfigSettings@@@@QAE@AAV?$SafeMap@VCertThumbprintKey@@VCertThumbprintMappedSet@CServiceConfigSettings@@V?$SafeMap_Iterator@VCertThumbprintKey@@VCertThumbprintMappedSet@CServiceConfigSettings@@@@@@_N@Z
??0?$SafeMap_Iterator@VKey@Locale@@K@@QAE@AAV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@_N@Z
??0?$SafeMap_Iterator@VStringKeyCI@@K@@QAE@AAV?$SafeMap@VStringKeyCI@@KV?$SafeMap_Iterator@VStringKeyCI@@K@@@@_N@Z
??0?$SafeMap_Iterator@VStringKeyCI@@UUSER_CONTEXT_INFO@WSManHttpListener@@@@QAE@AAV?$SafeMap@VStringKeyCI@@UUSER_CONTEXT_INFO@WSManHttpListener@@V?$SafeMap_Iterator@VStringKeyCI@@UUSER_CONTEXT_INFO@WSManHttpListener@@@@@@_N@Z
??0?$SafeMap_Iterator@VStringKeyStore@@PAVExpiredOperationIdRecord@@@@QAE@AAV?$SafeMap@VStringKeyStore@@PAVExpiredOperationIdRecord@@V?$SafeMap_Iterator@VStringKeyStore@@PAVExpiredOperationIdRecord@@@@@@_N@Z
??0?$SafeMap_Iterator@VStringKeyStore@@PAVServerFullDuplexChannel@@@@QAE@AAV?$SafeMap@VStringKeyStore@@PAVServerFullDuplexChannel@@V?$SafeMap_Iterator@VStringKeyStore@@PAVServerFullDuplexChannel@@@@@@_N@Z
??0?$SafeMap_Iterator@W4WSManSessionOption@@PAVOptionValue@SessionOptions@Client@WSMan@@@@QAE@AAV?$SafeMap@W4WSManSessionOption@@PAVOptionValue@SessionOptions@Client@WSMan@@V?$SafeMap_Iterator@W4WSManSessionOption@@PAVOptionValue@SessionOptions@Client@WSMan@@@@@@_N@Z
??0?$SafeMap_Iterator@_KPAVSendPacketArgs@RobustConnectionBuffer@@@@QAE@AAV?$SafeMap@_KPAVSendPacketArgs@RobustConnectionBuffer@@V?$SafeMap_Iterator@_KPAVSendPacketArgs@RobustConnectionBuffer@@@@@@_N@Z
??0?$SafeMap_Lock@PAVCCertMapping@@UEmpty@@V?$SafeMap_Iterator@PAVCCertMapping@@UEmpty@@@@@@QAE@ABV?$SafeMap@PAVCCertMapping@@UEmpty@@V?$SafeMap_Iterator@PAVCCertMapping@@UEmpty@@@@@@_N@Z
??0?$SafeMap_Lock@PAVCCertMapping@@UEmpty@@V?$SafeSet_Iterator@PAVCCertMapping@@@@@@QAE@ABV?$SafeMap@PAVCCertMapping@@UEmpty@@V?$SafeSet_Iterator@PAVCCertMapping@@@@@@_N@Z
??0?$SafeMap_Lock@PAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PAVCListenerOperation@@UEmpty@@@@@@QAE@ABV?$SafeMap@PAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PAVCListenerOperation@@UEmpty@@@@@@_N@Z
??0?$SafeMap_Lock@PAVCListenerOperation@@UEmpty@@V?$SafeSet_Iterator@PAVCListenerOperation@@@@@@QAE@ABV?$SafeMap@PAVCListenerOperation@@UEmpty@@V?$SafeSet_Iterator@PAVCListenerOperation@@@@@@_N@Z
??0?$SafeMap_Lock@PAVCShellUriSettings@@UEmpty@@V?$SafeMap_Iterator@PAVCShellUriSettings@@UEmpty@@@@@@QAE@ABV?$SafeMap@PAVCShellUriSettings@@UEmpty@@V?$SafeMap_Iterator@PAVCShellUriSettings@@UEmpty@@@@@@_N@Z
??0?$SafeMap_Lock@PAVCShellUriSettings@@UEmpty@@V?$SafeSet_Iterator@PAVCShellUriSettings@@@@@@QAE@ABV?$SafeMap@PAVCShellUriSettings@@UEmpty@@V?$SafeSet_Iterator@PAVCShellUriSettings@@@@@@_N@Z
??0?$SafeMap_Lock@PAXUEmpty@@V?$SafeMap_Iterator@PAXUEmpty@@@@@@QAE@ABV?$SafeMap@PAXUEmpty@@V?$SafeMap_Iterator@PAXUEmpty@@@@@@_N@Z
??0?$SafeMap_Lock@PAXUEmpty@@V?$SafeSet_Iterator@PAX@@@@QAE@ABV?$SafeMap@PAXUEmpty@@V?$SafeSet_Iterator@PAX@@@@_N@Z
??0?$SafeMap_Lock@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@QAE@ABV?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@_N@Z
??0?$SafeMap_Lock@UUserKey@@PAVBlockedRecord@@V?$SafeMap_Iterator@UUserKey@@PAVBlockedRecord@@@@@@QAE@ABV?$SafeMap@UUserKey@@PAVBlockedRecord@@V?$SafeMap_Iterator@UUserKey@@PAVBlockedRecord@@@@@@_N@Z
??0?$SafeMap_Lock@VCertThumbprintKey@@VCertThumbprintMappedSet@CServiceConfigSettings@@V?$SafeMap_Iterator@VCertThumbprintKey@@VCertThumbprintMappedSet@CServiceConfigSettings@@@@@@QAE@ABV?$SafeMap@VCertThumbprintKey@@VCertThumbprintMappedSet@CServiceConfigSettings@@V?$SafeMap_Iterator@VCertThumbprintKey@@VCertThumbprintMappedSet@CServiceConfigSettings@@@@@@_N@Z
??0?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QAE@ABV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@_N@Z
??0?$SafeMap_Lock@VStringKeyCI@@KV?$SafeMap_Iterator@VStringKeyCI@@K@@@@QAE@ABV?$SafeMap@VStringKeyCI@@KV?$SafeMap_Iterator@VStringKeyCI@@K@@@@_N@Z
??0?$SafeMap_Lock@VStringKeyCI@@UEmpty@@V?$SafeSet_Iterator@VStringKeyCI@@@@@@QAE@ABV?$SafeMap@VStringKeyCI@@UEmpty@@V?$SafeSet_Iterator@VStringKeyCI@@@@@@_N@Z
??0?$SafeMap_Lock@VStringKeyCI@@UUSER_CONTEXT_INFO@WSManHttpListener@@V?$SafeMap_Iterator@VStringKeyCI@@UUSER_CONTEXT_INFO@WSManHttpListener@@@@@@QAE@ABV?$SafeMap@VStringKeyCI@@UUSER_CONTEXT_INFO@WSManHttpListener@@V?$SafeMap_Iterator@VStringKeyCI@@UUSER_CONTEXT_INFO@WSManHttpListener@@@@@@_N@Z
??0?$SafeMap_Lock@VStringKeyStore@@PAVExpiredOperationIdRecord@@V?$SafeMap_Iterator@VStringKeyStore@@PAVExpiredOperationIdRecord@@@@@@QAE@ABV?$SafeMap@VStringKeyStore@@PAVExpiredOperationIdRecord@@V?$SafeMap_Iterator@VStringKeyStore@@PAVExpiredOperationIdRecord@@@@@@_N@Z
??0?$SafeMap_Lock@VStringKeyStore@@PAVServerFullDuplexChannel@@V?$SafeMap_Iterator@VStringKeyStore@@PAVServerFullDuplexChannel@@@@@@QAE@ABV?$SafeMap@VStringKeyStore@@PAVServerFullDuplexChannel@@V?$SafeMap_Iterator@VStringKeyStore@@PAVServerFullDuplexChannel@@@@@@_N@Z
??0?$SafeMap_Lock@W4WSManSessionOption@@PAVOptionValue@SessionOptions@Client@WSMan@@V?$SafeMap_Iterator@W4WSManSessionOption@@PAVOptionValue@SessionOptions@Client@WSMan@@@@@@QAE@ABV?$SafeMap@W4WSManSessionOption@@PAVOptionValue@SessionOptions@Client@WSMan@@V?$SafeMap_Iterator@W4WSManSessionOption@@PAVOptionValue@SessionOptions@Client@WSMan@@@@@@_N@Z
??0?$SafeMap_Lock@_KPAVSendPacketArgs@RobustConnectionBuffer@@V?$SafeMap_Iterator@_KPAVSendPacketArgs@RobustConnectionBuffer@@@@@@QAE@ABV?$SafeMap@_KPAVSendPacketArgs@RobustConnectionBuffer@@V?$SafeMap_Iterator@_KPAVSendPacketArgs@RobustConnectionBuffer@@@@@@_N@Z
??0?$SafeSet@PAVCCertMapping@@@@QAE@XZ
??0?$SafeSet@PAVCListenerOperation@@@@QAE@XZ
??0?$SafeSet@PAVCShellUriSettings@@@@QAE@XZ
??0?$SafeSet@PAX@@QAE@XZ
??0?$SafeSet_Iterator@PAVCCertMapping@@@@QAE@AAV?$SafeMap@PAVCCertMapping@@UEmpty@@V?$SafeSet_Iterator@PAVCCertMapping@@@@@@_N@Z
??0?$SafeSet_Iterator@PAVCCertMapping@@@@QAE@AAV?$SafeSet@PAVCCertMapping@@@@@Z
??0?$SafeSet_Iterator@PAVCListenerOperation@@@@QAE@AAV?$SafeMap@PAVCListenerOperation@@UEmpty@@V?$SafeSet_Iterator@PAVCListenerOperation@@@@@@_N@Z
??0?$SafeSet_Iterator@PAVCListenerOperation@@@@QAE@AAV?$SafeSet@PAVCListenerOperation@@@@@Z
??0?$SafeSet_Iterator@PAVCShellUriSettings@@@@QAE@AAV?$SafeMap@PAVCShellUriSettings@@UEmpty@@V?$SafeSet_Iterator@PAVCShellUriSettings@@@@@@_N@Z
??0?$SafeSet_Iterator@PAX@@QAE@AAV?$SafeMap@PAXUEmpty@@V?$SafeSet_Iterator@PAX@@@@_N@Z
??0?$SimpleQueue@T_LARGE_INTEGER@@@@QAE@XZ
??0AutoBstr@@QAE@PAG@Z
??0AutoBstr@@QAE@XZ
??0AutoBstrNoAlloc@@QAE@PAG@Z

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/Aspnet_perf.dll
.dll windows:6 windows x86 arch:x86

33099121b9268fefa42b3a9b21dd165f

Code Sign

33:00:00:01:3a:28:a9:62:84:34:04:3a:68:00:00:00:00:01:3a
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/10/2019, 23:17

Not After

21/01/2021, 23:17

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:AB41-4B27-F026,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e1:4e:5d:6f:c4:ab:f0:8c:78:2d:74:33:fd:a3:20:83:3f:f1:c8:08:b9:38:a2:52:32:44:6a:db:22:7b:0b:1a
Signer

Actual PE Digest

e1:4e:5d:6f:c4:ab:f0:8c:78:2d:74:33:fd:a3:20:83:3f:f1:c8:08:b9:38:a2:52:32:44:6a:db:22:7b:0b:1a

Digest Algorithm

sha256

PE Digest Matches

true

b5:00:f6:37:29:ed:8d:a7:fd:ac:20:92:8f:b6:31:0b:ba:ff:39:cf
Signer

Actual PE Digest

b5:00:f6:37:29:ed:8d:a7:fd:ac:20:92:8f:b6:31:0b:ba:ff:39:cf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

aspnet_perf.pdb

Imports

kernel32

GetLastError
GetOverlappedResult
CancelIo
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InterlockedCompareExchange
SwitchToThread
CloseHandle
ExitThread
ResumeThread
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
HeapAlloc
HeapReAlloc
WriteFile
HeapCreate
ReadFile
CreateFileW
LoadLibraryW
GetModuleFileNameW
DisableThreadLibraryCalls
GetProcessHeap
CreateThread
TerminateProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
QueryPerformanceCounter
HeapFree
GetProcessAffinityMask
GetCurrentProcess
HeapSize
Sleep

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegEnumValueW

vcruntime140_clr0400

memset
__std_type_info_destroy_list
_except_handler4_common
memcpy
memcmp

ucrtbase_clr0400

__stdio_common_vswscanf
wcsncmp
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit

Exports

Exports

ClosePerfCommonData
CloseStateServicePerfData
CloseVersionedPerfData
CollectPerfCommonData
CollectStateServicePerfData
CollectVersionedPerfData
GetPerfCountersRevision
OpenPerfCommonData
OpenStateServicePerfData
OpenVersionedPerfData

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/InstallUtilLib.dll
.dll windows:5 windows x86 arch:x86

822076004448a06c9b61fe57e1705503

Code Sign

33:00:00:01:27:f8:da:df:a8:8b:f4:8a:59:00:00:00:00:01:27
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/09/2019, 20:39

Not After

04/12/2020, 20:39

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Operations Puerto Rico+OU=Thales TSS ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

72:f1:4d:71:0b:75:ae:11:98:99:6a:f4:00:ff:ed:e0:b4:21:00:ff:0c:18:e8:f1:bc:d1:c0:d6:86:1a:f5:e5
Signer

Actual PE Digest

72:f1:4d:71:0b:75:ae:11:98:99:6a:f4:00:ff:ed:e0:b4:21:00:ff:0c:18:e8:f1:bc:d1:c0:d6:86:1a:f5:e5

Digest Algorithm

sha256

PE Digest Matches

true

dc:6c:b7:27:cd:5b:64:b8:dd:dd:e3:30:12:f9:89:aa:f1:60:88:8c
Signer

Actual PE Digest

dc:6c:b7:27:cd:5b:64:b8:dd:dd:e3:30:12:f9:89:aa:f1:60:88:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

InstallUtilLib.pdb

Imports

kernel32

GetProcAddress
LoadLibraryW
GetLastError
SetErrorMode
InterlockedExchange
InterlockedCompareExchange
SwitchToThread
FreeLibrary
LocalAlloc
LocalFree
FormatMessageW
lstrlenW
LoadLibraryA
MultiByteToWideChar
RaiseException
CloseHandle
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
HeapReAlloc
HeapSize
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
InterlockedFlushSList
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
WideCharToMultiByte
HeapFree
HeapAlloc
GetACP
GetStdHandle
GetFileType
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStringTypeW
SetStdHandle
CreateFileW

user32

MessageBoxW

oleaut32

SysFreeString
SysAllocString

msi

ord125
ord74
ord103
ord121
ord17

mscoree

ClrCreateManagedInstance
CorBindToRuntimeHost

Exports

Exports

ManagedInstall
_DecodePointerInternal@4
_EncodePointerInternal@4

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/PenIMC_v0400.dll
.dll windows:6 windows x86 arch:x86

10764327bfaac46b699ab3d849224585

Code Sign

33:00:00:01:2a:30:bf:85:c5:0e:b1:e2:8c:00:00:00:00:01:2a
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/09/2019, 20:40

Not After

04/12/2020, 20:40

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Operations Puerto Rico+OU=Thales TSS ESN:7D2E-3782-B0F7,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ed:b6:f1:80:b4:9a:07:13:e5:bf:20:9e:86:0e:61:d0:74:99:5d:8a:57:0d:6c:b8:db:3c:18:61:e6:89:d1:8b
Signer

Actual PE Digest

ed:b6:f1:80:b4:9a:07:13:e5:bf:20:9e:86:0e:61:d0:74:99:5d:8a:57:0d:6c:b8:db:3c:18:61:e6:89:d1:8b

Digest Algorithm

sha256

PE Digest Matches

true

3d:01:52:b0:96:0a:97:e8:33:58:2b:ba:df:7b:3d:2b:d4:15:33:c5
Signer

Actual PE Digest

3d:01:52:b0:96:0a:97:e8:33:58:2b:ba:df:7b:3d:2b:d4:15:33:c5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Placeholder.pdb

Imports

vcruntime140_clr0400

__std_type_info_destroy_list
memset
_except_handler4_common

ucrtbase_clr0400

_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm

kernel32

SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
UnhandledExceptionFilter

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/PresentationNative_v0400.dll
.dll windows:6 windows x86 arch:x86

1dca172dc886a8a79fd3c0091bf90812

Code Sign

33:00:00:01:2f:0d:ca:5a:e9:ea:70:8d:f5:00:00:00:00:01:2f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/09/2019, 20:40

Not After

04/12/2020, 20:40

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Operations Puerto Rico+OU=Thales TSS ESN:728D-C45F-F9EB,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

80:5a:66:3d:d4:69:f7:fa:68:b5:18:aa:b3:60:e6:03:21:24:fb:86:f1:f7:08:4a:48:99:8c:eb:7e:aa:9c:aa
Signer

Actual PE Digest

80:5a:66:3d:d4:69:f7:fa:68:b5:18:aa:b3:60:e6:03:21:24:fb:86:f1:f7:08:4a:48:99:8c:eb:7e:aa:9c:aa

Digest Algorithm

sha256

PE Digest Matches

true

67:a8:8a:08:bf:16:81:5f:ff:87:0d:4b:2a:30:10:ca:d2:98:6b:60
Signer

Actual PE Digest

67:a8:8a:08:bf:16:81:5f:ff:87:0d:4b:2a:30:10:ca:d2:98:6b:60

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PresentationNative_v0400.pdb

Imports

kernel32

GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetCurrentThread
TerminateThread
IsDebuggerPresent
VerSetConditionMask
GetSystemTimeAsFileTime
OutputDebugStringW
GetLastError
GlobalDeleteAtom
SetLastError
GetProcessHeap
LeaveCriticalSection
GetProcAddress
EnterCriticalSection
LoadLibraryExW
InitializeCriticalSectionEx
InitializeSListHead
OutputDebugStringA
HeapReAlloc
DeleteCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
HeapAlloc
HeapFree

ole32

CoCreateInstance
CoTaskMemFree

oleaut32

SysAllocString
VariantInit
VariantChangeType
VariantClear

user32

SetScrollPos
SetFocus
MapWindowPoints
GetWindowTextLengthW
GetWindowTextW
SetWindowLongW
GetWindow
GetParent
GetMenuBarInfo
GetKeyboardLayoutList
GetAncestor
FindWindowExW
EnableWindow
GetWindowLongW

gdi32

GetTextExtentPoint32W

mscoree

CLRCreateInstance

vcruntime140_clr0400

memset
_except_handler4_common
__std_type_info_destroy_list
_purecall
__CxxFrameHandler3
memcpy

ucrtbase_clr0400

_initterm_e
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initterm
_initialize_onexit_table
_initialize_narrow_environment
wcscpy_s
free
iswpunct
_cexit
_configure_narrow_argv
__stdio_common_vsprintf
_seh_filter_dll

ntdll

DbgPrompt
DbgBreakPoint
DbgPrintEx
NtQuerySystemInformation
RtlVerifyVersionInfo

Exports

Exports

CreateDocContext
CreateInstalledObjectsInfo
CreateTextAnalysisSink
CreateTextAnalysisSource
DestroyDocContext
DestroyInstalledObjectsInfo
EnableWindowWrapper
FindWindowExWrapper
FsAddFigureObstacle
FsClearUpdateInfoInPage
FsClearUpdateInfoInSubpage
FsClearUpdateInfoInSubtrack
FsClearUpdateInfoInTableSrv
FsCommitFilledRectangle
FsCompareSubpages
FsCompareSubtrack
FsCompareTableSrv
FsCreateDocContext
FsCreateDummyFootnoteRejector
FsCreatePageBottomless
FsCreatePageFinite
FsCreateSubpageBottomless
FsCreateSubpageFinite
FsDestroyDocContext
FsDestroyFootnoteRejector
FsDestroyPage
FsDestroyPageBreakRecord
FsDestroySubpage
FsDestroySubpageBreakRecord
FsDestroySubtrack
FsDestroySubtrackBreakRecord
FsDestroyTableSrv
FsDestroyTableSrvBreakRecord
FsDuplicateGeometry
FsDuplicatePageBreakRecord
FsDuplicateSubpageBreakRecord
FsDuplicateSubtrackBreakRecord
FsDuplicateTableSrvBreakRecord
FsFAllFootnotesAllowed
FsFFootnoteAllowed
FsFormatSubtrackBottomless
FsFormatSubtrackFinite
FsFormatTableSrvBottomless
FsFormatTableSrvFinite
FsGetClientHandle
FsGetColumnRectangle
FsGetEmptySpaces
FsGetFigureObstacleData
FsGetFloaterFsimethods
FsGetIntervals
FsGetMaxNumberEmptySpaces
FsGetMaxNumberIntervals
FsGetNextTick
FsGetNumberSubpageFootnotes
FsGetNumberSubtrackFootnotes
FsGetPageRectangle
FsGetShiftOffset
FsGetSubpageColumnBalancingInfo
FsGetSubpageFootnoteInfo
FsGetSubtrackColumnBalancingInfo
FsGetSubtrackFootnoteInfo
FsGetTableObjFsimethods
FsGetTableSrvColumnBalancingInfo
FsGetTableSrvFootnoteInfo
FsGetTableSrvNumberFootnotes
FsJustifySubpage
FsQueryAttachedObjectList
FsQueryCompositeColumnDetails
FsQueryCompositeColumnFootnoteList
FsQueryDcpLineVariantsFromCachedTextPara
FsQueryEndnoteColumnDetails
FsQueryFigureObjectDetails
FsQueryFloaterDetails
FsQueryFootnoteColumnDetails
FsQueryFootnoteColumnTrackList
FsQueryHeightDefinedColumnSpanAreaList
FsQueryLineCompositeElementList
FsQueryLineListComposite
FsQueryLineListSingle
FsQueryPageDetails
FsQueryPageFootnoteColumnList
FsQueryPageSectionList
FsQuerySectionBasicColumnList
FsQuerySectionCompositeColumnList
FsQuerySectionDetails
FsQuerySectionEndnoteColumnList
FsQuerySegmentDefinedColumnSpanAreaList
FsQuerySubpageBasicColumnList
FsQuerySubpageDetails
FsQuerySubpageHeightDefinedColumnSpanAreaList
FsQuerySubpageSegmentDefinedColumnSpanAreaList
FsQuerySubtrackDetails
FsQuerySubtrackParaList
FsQueryTableObjCellList
FsQueryTableObjDetails
FsQueryTableObjFigureCountWord
FsQueryTableObjFigureListWord
FsQueryTableObjRowDetails
FsQueryTableObjRowList
FsQueryTableObjTableProperDetails
FsQueryTableSrvCellList
FsQueryTableSrvRowDetails
FsQueryTableSrvRowList
FsQueryTableSrvTableDetails
FsQueryTextDetails
FsQueryTrackDetails
FsQueryTrackParaList
FsRegisterFloatObstacle
FsReleaseGeometry
FsResolveOverlap
FsRestoreGeometry
FsShiftSubtrackVertical
FsSynchronizeBottomlessSubtrack
FsTransferDisplayInfoSubpage
FsTransferDisplayInfoSubtrack
FsTransferDisplayInfoTableSrv
FsTransformBbox
FsTransformPoint
FsTransformRectangle
FsTransformVector
FsUpdateBottomlessPage
FsUpdateBottomlessSubpage
FsUpdateBottomlessSubtrack
FsUpdateBottomlessTableSrv
FsUpdateFinitePage
GetAncestorWrapper
GetFloaterHandlerInfo
GetKeyboardLayoutListWrapper
GetMenuBarInfoWrapper
GetNumberSubstitutionList
GetParentWrapper
GetScriptAnalysisList
GetTableObjHandlerInfo
GetTextExtentPoint32Wrapper
GetWindowLongPtrWrapper
GetWindowLongWrapper
GetWindowTextLengthWrapper
GetWindowTextWrapper
GetWindowWrapper
GlobalDeleteAtomWrapper
IsPrintPackageTargetSupported
IsStartXpsPrintJobSupported
IsWindows10OrGreater
IsWindows10RS1OrGreater
IsWindows10RS2OrGreater
IsWindows10RS3OrGreater
IsWindows10RS5OrGreater
IsWindows10TH1OrGreater
IsWindows10TH2OrGreater
IsWindows7OrGreater
IsWindows7SP1OrGreater
IsWindows8OrGreater
IsWindows8Point1OrGreater
IsWindowsServer
IsWindowsVistaOrGreater
IsWindowsVistaSP1OrGreater
IsWindowsVistaSP2OrGreater
IsWindowsXPOrGreater
IsWindowsXPSP1OrGreater
IsWindowsXPSP2OrGreater
IsWindowsXPSP3OrGreater
LateBoundStartXpsPrintJob
LoAcquireBreakRecord
LoAcquirePenaltyModule
LoCloneBreakRecord
LoCreateBreaks
LoCreateContext
LoCreateLine
LoCreateParaBreakingSession
LoDestroyContext
LoDisplayLine
LoDisposeBreakRecord
LoDisposeLine
LoDisposeParaBreakingSession
LoDisposePenaltyModule
LoEnumLine
LoGetEscString
LoGetPenaltyModuleInternalHandle
LoQueryLineCpPpoint
LoQueryLinePointPcp
LoRelievePenaltyResource
LoSetBreaking
LoSetDoc
LoSetTabs
LocbkGetObjectHandlerInfo
MILGetClassificationTables
MapWindowPointsWrapper
NlCreateHyphenator
NlDestroyHyphenator
NlGetClassObject
NlHyphenate
NlLoad
NlUnload
PrintToPackageTarget
SetFocusWrapper
SetScrollPosWrapper
SetWindowLongPtrWrapper
SetWindowLongWrapper
TryGetRequestedCLRRuntime

Sections

.text
Size: 873KB - Virtual size: 872KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/PrimitiveTransformers.dll
.dll windows:10 windows x64 arch:x64

df3ec708e62f0fccfe951a485496547f

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ad:27:ce:82:8a:11:d3:be:7a:e0:95:9c:e1:c3:31:c8:bf:f4:c3:9f:69:c1:f5:cc:02:b1:a0:ec:5d:fc:6d:fd
Signer

Actual PE Digest

ad:27:ce:82:8a:11:d3:be:7a:e0:95:9c:e1:c3:31:c8:bf:f4:c3:9f:69:c1:f5:cc:02:b1:a0:ec:5d:fc:6d:fd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

PrimitiveTransformers.pdb

Imports

msvcrt

memcmp
memset
memcpy
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
__C_specific_handler

api-ms-win-core-libraryloader-l1-1-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSection

api-ms-win-core-heap-l1-1-0

HeapDestroy

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

wcp

?RtlTraceFormat_PCULONG@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCLUNICODE_STRING_AsLiteralString@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
RtlSplitLUnicodeString
?RtlTraceVa@Rtl@WCP@Windows@@YAXKKPEAU_RTL_TRACING_FACILITY@123@QEBD_KPEAD@Z
RtlHashLUnicodeString
RtlReallocateLUnicodeString
RtlDecodeUtf16LE
RtlFreeLBlob
RtlAllocateLBlob
RtlDuplicateLUnicodeString
RtlCombineNtPathSegments
RtlSplitNtPath
RtlFreeLUnicodeString
RtlReportErrorOrigination
ConvertNtStatusToHResult
?GetNtFilePathParameter@Rtl@Transformers@WCP@Windows@@YAJKPEAUICSITransformerServices@@AEBU_LUNICODE_STRING@@PEAV?$Auto@U_LUNICODE_STRING@@@4@PEAKK@Z
?GetNtRegistryPathParameter@Rtl@Transformers@WCP@Windows@@YAJKPEAUICSITransformerServices@@AEBU_LUNICODE_STRING@@PEAV?$Auto@U_LUNICODE_STRING@@@4@PEAKK@Z
?GetLUnicodeParameter@Rtl@Transformers@WCP@Windows@@YAJKPEAUICSITransformerServices@@AEBU_LUNICODE_STRING@@PEAV?$Auto@U_LUNICODE_STRING@@@4@PEAK@Z

Exports

Exports

DllCanUnloadNow
DllCsiGetHandler

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/ServiceModelPerformanceCounters.dll
.dll windows:6 windows x86 arch:x86

28e7b9798d6684e7e1487700c6fbd72f

Code Sign

33:00:00:01:30:30:3e:28:0c:ec:3c:4d:01:00:00:00:00:01:30
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/09/2019, 20:40

Not After

04/12/2020, 20:40

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Operations Puerto Rico+OU=Thales TSS ESN:5847-F761-4F70,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d4:e2:4c:b9:90:da:0b:fa:28:e2:33:63:c5:c7:c6:a9:12:5e:ac:37:6b:dc:63:14:8b:98:20:6d:ce:57:06:00
Signer

Actual PE Digest

d4:e2:4c:b9:90:da:0b:fa:28:e2:33:63:c5:c7:c6:a9:12:5e:ac:37:6b:dc:63:14:8b:98:20:6d:ce:57:06:00

Digest Algorithm

sha256

PE Digest Matches

true

64:3a:da:d5:12:0e:93:75:0d:9b:1c:a8:24:99:96:8c:cb:03:a2:38
Signer

Actual PE Digest

64:3a:da:d5:12:0e:93:75:0d:9b:1c:a8:24:99:96:8c:cb:03:a2:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ServiceModelPerformanceCounters.pdb

Imports

kernel32

IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
LCMapStringW
TerminateProcess
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
DecodePointer
CreateFileW
RaiseException
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/SettingsHandlers_OneDriveBackup.dll
.dll windows:10 windows x64 arch:x64

d8d8b3c8cea022e3fef194f7c16e2106

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_OneDriveBackup.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o___std_exception_copy
memmove
_o_bsearch_s
_o_free
_o_malloc
_o_terminate
__C_specific_handler
_o__configure_narrow_argv
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
__std_terminate
__CxxFrameHandler3
_CxxThrowException
__CxxFrameHandler4
memcmp
memcpy
_o__cexit
_o__callnewh
_o___std_type_info_destroy_list
_o___std_exception_destroy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleHandleExW
LockResource
LoadResource
GetModuleFileNameA
FindResourceExW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
EnterCriticalSection
ReleaseSemaphore
ReleaseMutex
ReleaseSRWLockExclusive
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitializeSRWLock

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
RaiseException
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
CreateThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsCreateString
WindowsDeleteString

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

netapi32

NetGetAadJoinInformation
NetFreeAadJoinInformation
NetApiBufferFree
NetGetJoinInformation

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoGetActivationFactory
RoInitialize

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetSetting

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/System.AddIn.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.AddIn.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/System.Speech.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Speech.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 664KB - Virtual size: 661KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/System.Transactions.dll
.dll windows:5 windows x86 arch:x86

7469780bb6fda5f25da4408eda0b3bb8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Transactions.pdb

Imports

msvcr80

_crt_debugger_hook
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
_wcsicmp
??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

GetLastError
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
Sleep
GetSystemDirectoryW
LoadLibraryExW
GetProcAddress
CloseHandle
GetSystemInfo
EnterCriticalSection
LeaveCriticalSection
SetEvent
GetCurrentProcess
DuplicateHandle
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount

ole32

CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoTaskMemFree

mscoree

_CorDllMain

Exports

Exports

_GetNotificationFactory@8

Sections

.text
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/System.Web.DynamicData.Design.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Web.DynamicData.Design.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/WMINet_Utils.dll
.dll regsvr32 windows:6 windows x86 arch:x86

2c305302a504b098dd13608a5e3f7401

Code Sign

33:00:00:01:39:87:5d:99:a9:13:4e:5c:e2:00:00:00:00:01:39
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/10/2019, 23:17

Not After

21/01/2021, 23:17

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:179E-4BB0-8246,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8e:61:1e:ec:60:b9:01:f4:fb:b8:98:93:9c:ad:09:0d:64:c9:24:d9:70:24:e6:08:1d:22:38:42:3a:91:b3:9b
Signer

Actual PE Digest

8e:61:1e:ec:60:b9:01:f4:fb:b8:98:93:9c:ad:09:0d:64:c9:24:d9:70:24:e6:08:1d:22:38:42:3a:91:b3:9b

Digest Algorithm

sha256

PE Digest Matches

true

e4:30:20:2c:b5:aa:fa:be:c9:50:06:09:5b:33:b7:84:75:23:a9:c3
Signer

Actual PE Digest

e4:30:20:2c:b5:aa:fa:be:c9:50:06:09:5b:33:b7:84:75:23:a9:c3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WMINet_Utils.pdb

Imports

advapi32

AddAce
AllocateAndInitializeSid
CopySid
FreeSid
GetLengthSid
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCloseKey
RegCreateKeyExA
RegSetKeySecurity
SetThreadToken
OpenProcessToken
OpenThreadToken
AdjustTokenPrivileges
GetTokenInformation
RevertToSelf

kernel32

GetLastError
HeapDestroy
HeapAlloc
HeapFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
GetVersionExA
DisableThreadLibraryCalls
CloseHandle
GetCurrentProcess
GetCurrentThread
GetSystemDirectoryA
GetProcAddress
LoadLibraryExA
TerminateProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcessHeap
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter

vcruntime140_clr0400

memset
__std_type_info_destroy_list
_CxxThrowException
_except_handler4_common
__CxxFrameHandler3
__std_terminate
__std_exception_destroy
__std_exception_copy

ucrtbase_clr0400

free
_cexit
_initterm_e
_initterm
_wcsnicmp
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
malloc
_callnewh

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

oleaut32

GetErrorInfo
SysAllocStringLen
SysFreeString
SysStringLen
SysAllocString

Exports

Exports

BeginEnumeration
BeginMethodEnumeration
BlessIWbemServices
BlessIWbemServicesObject
Clone
CloneEnumWbemClassObject
CompareTo
ConnectServerWmi
CreateClassEnumWmi
CreateInstanceEnumWmi
Delete
DeleteMethod
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EndEnumeration
EndMethodEnumeration
ExecNotificationQueryWmi
ExecQueryWmi
Get
GetCurrentApartmentType
GetDemultiplexedStub
GetErrorInfo
GetMethod
GetMethodOrigin
GetMethodQualifierSet
GetNames
GetObjectText
GetPropertyHandle
GetPropertyInfoByHandle
GetPropertyOrigin
GetPropertyQualifierSet
GetQualifierSet
InheritsFrom
Initialize
Lock
Next
NextMethod
Put
PutClassWmi
PutInstanceWmi
PutMethod
QualifierSet_BeginEnumeration
QualifierSet_Delete
QualifierSet_EndEnumeration
QualifierSet_Get
QualifierSet_GetNames
QualifierSet_Next
QualifierSet_Put
ReadDWORD
ReadPropertyValue
ReadQWORD
ResetSecurity
SetSecurity
SpawnDerivedClass
SpawnInstance
UFunc
Unlock
VerifyClientKey
WriteDWORD
WriteDouble
WritePropertyValue
WriteQWORD
WriteSingle

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/WindowsBase.resources.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/msvcr90.dll
.dll windows:5 windows x86 arch:x86

0fda4497453286b1daa098623dfc53ce

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:13:79:94:a8:94:70:d8:e8:ea:19:5c:85:d8:c4:57:81:82:2d:8c
Signer

Actual PE Digest

54:13:79:94:a8:94:70:d8:e8:ea:19:5c:85:d8:c4:57:81:82:2d:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcr90.i386.pdb

Imports

kernel32

GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetSystemWindowsDirectoryW
GetSystemDirectoryW
GetLongPathNameW
GetCurrentThreadId
TlsGetValue
DebugBreak
OutputDebugStringA
GetCommandLineA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
GetLogicalDrives
GetDiskFreeSpaceA
FileTimeToSystemTime
FileTimeToLocalFileTime
SetErrorMode
Beep
GetFileAttributesA
SetFileAttributesA
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
GetCurrentProcessId
CreateDirectoryA
MoveFileA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
DeleteFileW
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
LoadLibraryA
FreeLibrary
CreateProcessW
ReadFile
DuplicateHandle
GetCurrentProcess
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocalTime
WideCharToMultiByte
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetLocalTime
MultiByteToWideChar
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
RtlUnwind
RaiseException
HeapFree
HeapAlloc
GetProcessHeap
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapSize
HeapReAlloc
VirtualAlloc
HeapValidate
HeapCompact
HeapWalk
VirtualProtect
GetSystemInfo
VirtualQuery
SetHandleCount
GetFileType
GetStartupInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
CreateFileA
FlushFileBuffers
CreatePipe
CreateFileW
SetStdHandle
ReadConsoleInputA
SetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
IsDBCSLeadByteEx
ReadConsoleA
ReadConsoleW
SetEndOfFile
GetFileInformationByHandle
PeekNamedPipe
InterlockedExchange
LockFile
UnlockFile
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
FreeEnvironmentStringsA
GetEnvironmentStrings
QueryPerformanceCounter
GetTickCount
GetStringTypeW
GetStringTypeA
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
GetLocaleInfoW
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LoadLibraryW
GetModuleHandleA

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??0bad_typeid@std@@QAE@ABV01@@Z
??0bad_typeid@std@@QAE@PBD@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1__non_rtti_object@std@@UAE@XZ
??1bad_cast@std@@UAE@XZ
??1bad_typeid@std@@UAE@XZ
??1exception@std@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??2@YAPAXIHPBDH@Z
??3@YAXPAX@Z
??4__non_rtti_object@std@@QAEAAV01@ABV01@@Z
??4bad_cast@std@@QAEAAV01@ABV01@@Z
??4bad_typeid@std@@QAEAAV01@ABV01@@Z
??4exception@std@@QAEAAV01@ABV01@@Z
??8type_info@@QBE_NABV0@@Z
??9type_info@@QBE_NABV0@@Z
??_7__non_rtti_object@std@@6B@
??_7bad_cast@std@@6B@
??_7bad_typeid@std@@6B@
??_7exception@@6B@
??_7exception@std@@6B@
??_Fbad_cast@std@@QAEXXZ
??_Fbad_typeid@std@@QAEXXZ
??_U@YAPAXI@Z
??_U@YAPAXIHPBDH@Z
??_V@YAXPAX@Z
?_Name_base@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Name_base_internal@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Type_info_dtor@type_info@@CAXPAV1@@Z
?_Type_info_dtor_internal@type_info@@CAXPAV1@@Z
?_ValidateExecute@@YAHP6GHXZ@Z
?_ValidateRead@@YAHPBXI@Z
?_ValidateWrite@@YAHPAXI@Z
?_inconsistency@@YAXXZ
?_invalid_parameter@@YAXPBG00II@Z
?_is_exception_typeof@@YAHABVtype_info@@PAU_EXCEPTION_POINTERS@@@Z
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
?_open@@YAHPBDHH@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZH@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?_sopen@@YAHPBDHHH@Z
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?_wopen@@YAHPB_WHH@Z
?_wsopen@@YAHPB_WHHH@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZH@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZH@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?swprintf@@YAHPAGIPBGZZ
?swprintf@@YAHPA_WIPB_WZZ
?terminate@@YAXXZ
?unexpected@@YAXXZ
?vswprintf@@YAHPA_WIPB_WPAD@Z
?what@exception@std@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CRT_RTC_INITW
_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_Getdays
_Getmonths
_Gettnames
_HUGE
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_Strftime
_XcptFilter
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CppXcptFilter
__CxxCallUnwindDelDtor
__CxxCallUnwindDtor
__CxxCallUnwindStdDelDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__STRINGTOLD_L
__TypeMatch
___fls_getvalue@4
___fls_setvalue@8
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___mb_cur_max_l_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__clean_type_info_names_internal
__control87_2
__create_locale
__crtCompareStringA
__crtCompareStringW
__crtGetLocaleInfoW
__crtGetStringTypeW
__crtLCMapStringA
__crtLCMapStringW
__daylight
__dllonexit
__doserrno
__dstbias
__fpecode
__free_locale
__get_app_type
__get_current_locale
__get_flsindex
__get_tlsindex
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__lc_clike
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv
__lconv_init
__libm_sse2_acos
__libm_sse2_acosf
__libm_sse2_asin
__libm_sse2_asinf
__libm_sse2_atan
__libm_sse2_atan2
__libm_sse2_atanf
__libm_sse2_cos
__libm_sse2_cosf
__libm_sse2_exp
__libm_sse2_expf
__libm_sse2_log
__libm_sse2_log10
__libm_sse2_log10f
__libm_sse2_logf
__libm_sse2_pow
__libm_sse2_powf
__libm_sse2_sin
__libm_sse2_sinf
__libm_sse2_tan
__libm_sse2_tanf
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__set_app_type
__set_flsgetvalue
__setlc_active
__setusermatherr
__strncnt
__swprintf_l
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__unDNameHelper
__uncaught_exception
__unguarded_readlc_active
__vswprintf_l
__wargv
__wcserror
__wcserror_s
__wcsncnt
__wgetmainargs
__winitenv
_abnormal_termination
_abs64
_access
_access_s
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_amsg_exit
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_crt
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_chsize_s
_clearfp
_close
_commit
_commode
_configthreadlocale
_control87
_controlfp
_controlfp_s
_copysign
_cprintf
_cprintf_l
_cprintf_p
_cprintf_p_l
_cprintf_s
_cprintf_s_l
_cputs
_cputws
_creat
_create_locale
_crt_debugger_hook
_cscanf
_cscanf_l
_cscanf_s
_cscanf_s_l
_ctime32
_ctime32_s
_ctime64
_ctime64_s
_cwait
_cwprintf
_cwprintf_l
_cwprintf_p
_cwprintf_p_l
_cwprintf_s
_cwprintf_s_l
_cwscanf
_cwscanf_l
_cwscanf_s
_cwscanf_s_l
_daylight
_decode_pointer
_difftime32
_difftime64
_dosmaperr
_dstbias
_dup
_dup2
_dupenv_s
_ecvt
_ecvt_s
_encode_pointer
_encoded_null
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_except_handler4_common
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fclose_nolock
_fcloseall
_fcvt
_fcvt_s
_fdopen
_fflush_nolock
_fgetchar
_fgetwc_nolock
_fgetwchar
_filbuf
_filelength
_filelengthi64
_fileno
_findclose
_findfirst32
_findfirst32i64
_findfirst64
_findfirst64i32
_findnext32
_findnext32i64
_findnext64
_findnext64i32
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fprintf_l
_fprintf_p
_fprintf_p_l
_fprintf_s_l
_fputchar
_fputwc_nolock
_fputwchar
_fread_nolock
_fread_nolock_s
_free_locale
_freea
_freea_s
_freefls
_fscanf_l
_fscanf_s_l
_fseek_nolock
_fseeki64
_fseeki64_nolock
_fsopen
_fstat32
_fstat32i64
_fstat64
_fstat64i32
_ftell_nolock
_ftelli64
_ftelli64_nolock
_ftime32
_ftime32_s
_ftime64
_ftime64_s
_ftol
_fullpath
_futime32
_futime64
_fwprintf_l
_fwprintf_p
_fwprintf_p_l
_fwprintf_s_l
_fwrite_nolock
_fwscanf_l
_fwscanf_s_l
_gcvt
_gcvt_s
_get_amblksiz
_get_current_locale
_get_daylight
_get_doserrno
_get_dstbias
_get_errno
_get_fmode
_get_heap_handle
_get_invalid_parameter_handler
_get_osfhandle
_get_output_format
_get_pgmptr
_get_printf_count_output
_get_purecall_handler
_get_sbh_threshold
_get_terminate
_get_timezone
_get_tzname
_get_unexpected
_get_wpgmptr
_getc_nolock
_getch
_getch_nolock
_getche
_getche_nolock
_getcwd
_getdcwd
_getdcwd_nolock
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getptd
_getsystime
_getw
_getwch
_getwch_nolock
_getwche
_getwche_nolock
_getws
_getws_s
_global_unwind2
_gmtime32

Sections

.text
Size: 598KB - Virtual size: 598KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/sppinst.dll
.dll windows:10 windows x64 arch:x64

bad65dbeacd0fec7bc112c5f4dea09f2

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

76:bf:a9:a2:93:b3:ba:77:21:4b:13:2c:65:64:8a:4c:50:4f:ae:2f:35:b5:8a:e5:cf:0e:73:07:eb:29:31:00
Signer

Actual PE Digest

76:bf:a9:a2:93:b3:ba:77:21:4b:13:2c:65:64:8a:4c:50:4f:ae:2f:35:b5:8a:e5:cf:0e:73:07:eb:29:31:00

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sppinst.pdb

Imports

msvcrt

_unlock
_lock
_onexit
memcpy
malloc
free
_amsg_exit
__dllonexit
__C_specific_handler
memmove
_vsnwprintf
_XcptFilter
_initterm
_purecall
memcmp
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

oleaut32

SysFreeString

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-libraryloader-l1-1-0

FreeLibrary
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleExW
LoadLibraryExW

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-1-0

CreateEventW
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
ReleaseSemaphore
SetEvent
LeaveCriticalSection

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetVersionExA

api-ms-win-core-kernel32-legacy-l1-1-0

CreateSemaphoreW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/webengine.dll
.dll windows:6 windows x86 arch:x86

8603c13963bd7ceef1ddddf8b79927cc

Code Sign

33:00:00:01:2e:8f:84:66:68:39:bf:05:bd:00:00:00:00:01:2e
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/09/2019, 20:40

Not After

04/12/2020, 20:40

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Operations Puerto Rico+OU=Thales TSS ESN:B1B7-F67F-FEC2,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:85:b6:26:52:d4:c2:3c:63:60:5e:1c:d0:5a:0e:8d:58:c7:4c:3b:e6:d4:8d:d3:61:3f:42:96:5e:62:93:91
Signer

Actual PE Digest

61:85:b6:26:52:d4:c2:3c:63:60:5e:1c:d0:5a:0e:8d:58:c7:4c:3b:e6:d4:8d:d3:61:3f:42:96:5e:62:93:91

Digest Algorithm

sha256

PE Digest Matches

true

20:c5:ff:9d:5c:a9:db:ce:50:3d:f3:af:0a:da:94:91:ae:70:88:5d
Signer

Actual PE Digest

20:c5:ff:9d:5c:a9:db:ce:50:3d:f3:af:0a:da:94:91:ae:70:88:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

webengine.pdb

Imports

kernel32

DisableThreadLibraryCalls
GetModuleFileNameW
GetProcAddress
lstrlenW
LoadLibraryW
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess

vcruntime140_clr0400

memset
_except_handler4_common
__std_type_info_destroy_list

ucrtbase_clr0400

_execute_onexit_table
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_cexit
_initialize_narrow_environment

Exports

Exports

GetIsapiProcessHost

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/mscordbi.dll
.dll windows:6 windows x86 arch:x86

37dcc12b692cfefb25f541225a3d8f67

Code Sign

33:00:00:01:2f:0d:ca:5a:e9:ea:70:8d:f5:00:00:00:00:01:2f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/09/2019, 20:40

Not After

04/12/2020, 20:40

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Operations Puerto Rico+OU=Thales TSS ESN:728D-C45F-F9EB,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c2:bf:f4:8b:bd:c4:0a:0e:8d:39:14:9c:c8:df:28:66:33:18:85:4d:d5:81:fe:2f:ca:28:00:67:d0:fd:dc:cd
Signer

Actual PE Digest

c2:bf:f4:8b:bd:c4:0a:0e:8d:39:14:9c:c8:df:28:66:33:18:85:4d:d5:81:fe:2f:ca:28:00:67:d0:fd:dc:cd

Digest Algorithm

sha256

PE Digest Matches

true

7e:e6:bd:a7:71:e2:35:e1:7e:96:40:9c:b0:76:79:8e:c0:c2:86:42
Signer

Actual PE Digest

7e:e6:bd:a7:71:e2:35:e1:7e:96:40:9c:b0:76:79:8e:c0:c2:86:42

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mscordbi.pdb

Imports

ole32

CoTaskMemFree
CreateStreamOnHGlobal
CoCreateGuid
CoCreateFreeThreadedMarshaler
IIDFromString
CoTaskMemAlloc

oleaut32

CreateErrorInfo
VariantInit
SetErrorInfo

ntdll

VerSetConditionMask
RtlUnwind

kernel32

SetThreadContext
ContinueDebugEvent
LoadLibraryExW
FreeLibrary
OpenProcess
ReleaseMutex
ReadProcessMemory
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
Sleep
CreateToolhelp32Snapshot
Thread32First
Thread32Next
Module32FirstW
Module32NextW
GetModuleFileNameW
VirtualQueryEx
DebugActiveProcess
WaitForDebugEvent
OpenThread
GetCurrentProcessId
IsWow64Process
WriteProcessMemory
SetLastError
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetProcessHeap
RaiseException
GetSystemInfo
VerifyVersionInfoW
OutputDebugStringW
DebugBreak
GetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
FindClose
MultiByteToWideChar
GetCurrentThread
SwitchToThread
GetCPInfo
GetACP
FormatMessageW
IsDBCSLeadByte
LocalFree
LCMapStringW
CreateProcessW
HeapCreate
TlsSetValue
VirtualProtect
VirtualFree
TerminateProcess
VirtualAlloc
CreateMutexW
HeapValidate
WaitForSingleObjectEx
TlsAlloc
HeapDestroy
CreateSemaphoreW
SleepEx
TlsGetValue
TlsFree
VirtualQuery
CreateActCtxW
ActivateActCtx
GetThreadContext
DeactivateActCtx
GetWindowsDirectoryW
ReleaseActCtx
IsDebuggerPresent
EncodePointer
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
InitializeSListHead
GetStartupInfoW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetStdHandle
GetFileType
GetStringTypeW
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
SetStdHandle
SetFilePointerEx
WriteConsoleW
HeapSize
HeapReAlloc
InterlockedFlushSList
OpenFileMappingW
GetFileAttributesExW
SetFilePointer
ReadFile
CreateThread
DuplicateHandle
ResumeThread
SuspendThread
GetModuleHandleW
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
ResetEvent
GetLastError
SetEvent
CreateEventW
InitializeCriticalSection
CloseHandle
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjectsEx
DeleteCriticalSection
GetProcAddress
WaitForSingleObject
ReleaseSemaphore
SetErrorMode

user32

LoadStringW
GetUserObjectInformationW
GetProcessWindowStation

advapi32

ReportEventW
EqualSid
RevertToSelf
CopySid
GetSecurityDescriptorOwner
GetKernelObjectSecurity
GetLengthSid
SetThreadToken
OpenThreadToken
GetTokenInformation
EventWrite
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW
RegisterEventSourceW
DeregisterEventSource
GetSidSubAuthorityCount
GetSidSubAuthority

wtsapi32

WTSEnumerateProcessesW
WTSFreeMemory

Exports

Exports

CreateCordbObject
DllGetClassObjectInternal
OpenVirtualProcess
OpenVirtualProcess2
OpenVirtualProcessImpl

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/msxml6.dll
.dll regsvr32 windows:10 windows x86 arch:x86

c996611b797005e13c21196faba27f93

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f5:bb:12:a6:9d:dc:23:84:99:a5:58:dc:02:84:64:fc:c8:25:0f:a3:3e:0f:b0:dc:20:56:be:d1:28:93:34:1c
Signer

Actual PE Digest

f5:bb:12:a6:9d:dc:23:84:99:a5:58:dc:02:84:64:fc:c8:25:0f:a3:3e:0f:b0:dc:20:56:be:d1:28:93:34:1c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msxml6.pdb

Imports

msvcrt

_wtol
wcschr
memmove
memcpy
qsort
__CxxFrameHandler3
memcmp
floor
ceil
_initterm
malloc
free
_amsg_exit
_XcptFilter
_except_handler4_common
_ftol2_sse
_ftol2
_CIfmod
_wtof
_clearfp
_onexit
__dllonexit
_controlfp
wcsncmp
_unlock
_lock
wcsrchr
memmove_s
_resetstkoflw
bsearch
_purecall
memcpy_s
_vsnwprintf
memset

ntdll

RtlAllocateHeap
NtQuerySystemInformation
RtlCopyUnicodeString
RtlFreeHeap
NtQuerySecurityAttributesToken
RtlCompareMemory
NtQuerySecurityPolicy
RtlInitUnicodeString
EtwTraceMessageVa
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
RtlNtStatusToDosError

combase

ord24
ord3
ord17
ord19
ord14
ord22
ord23
CStdStubBuffer_Connect
CStdStubBuffer2_Connect
ord35
CStdStubBuffer2_Disconnect
ord25
ord6
ord11
CStdStubBuffer_Invoke
CStdStubBuffer_DebugServerQueryInterface
ord2
CStdStubBuffer_IsIIDSupported
NdrCStdStubBuffer_Release
CStdStubBuffer2_CountRefs
ord10
ord12
ord4
ord26
CStdStubBuffer2_QueryInterface
ord18
ord32
CStdStubBuffer_AddRef
GetErrorInfo
SetErrorInfo
CreateErrorInfo
ord33
ord34
ord5
ord7
ord21
ord8
ord20
CStdStubBuffer_CountRefs
ord16
ord27
ord9
NdrCStdStubBuffer2_Release
CStdStubBuffer_Disconnect
CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerRelease
ord15
ord13

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
SizeofResource
GetProcAddress
GetModuleFileNameA
LockResource
LoadResource
LoadLibraryExW
FindResourceExW
GetModuleHandleW
FreeLibrary
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
ReleaseMutex
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
DeleteCriticalSection
WaitForSingleObject
ReleaseSRWLockShared
SleepEx
AcquireSRWLockShared
CreateMutexExW
CreateEventExW
WaitForMultipleObjectsEx
InitializeSRWLock
SetEvent
OpenSemaphoreW
ResetEvent
CreateEventW
InitializeCriticalSection
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
HeapCreate

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
SubmitThreadpoolWork
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWork
FreeLibraryWhenCallbackReturns
CallbackMayRunLong

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
GetCurrentProcessId
GetCurrentProcess
SetThreadToken
GetCurrentThread
OpenProcessToken
TerminateProcess
TlsGetValue
SwitchToThread
TlsAlloc
TlsFree
OpenThreadToken
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

GetThreadLocale
GetCPInfo
LCMapStringW
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

IUnknown_AddRef_Proxy
NdrStubForwardingFunction
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleFree
IUnknown_Release_Proxy
IUnknown_QueryInterface_Proxy
NdrOleAllocate
NdrStubCall2

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserUnmarshal
HSTRING_UserFree
WindowsGetStringRawBuffer
WindowsConcatString
HSTRING_UserMarshal
WindowsCreateStringReference
WindowsDeleteString
WindowsStringHasEmbeddedNull
HSTRING_UserSize
WindowsDeleteStringBuffer
WindowsIsStringEmpty
WindowsPromoteStringBuffer
WindowsCreateString
WindowsPreallocateStringBuffer

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError
RoTransformErrorW
SetRestrictedErrorInfo
GetRestrictedErrorInfo
RoOriginateErrorW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-memory-l1-1-0

VirtualQuery

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-string-l2-1-0

CharLowerW
CharUpperBuffW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize
RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
RoReportFailedDelegate

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

RevertToSelf
GetTokenInformation

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-url-l1-1-0

UrlUnescapeW
GetAcceptLanguagesW
UrlCreateFromPathW
PathIsURLW
UrlGetLocationW
PathCreateFromUrlW
UrlCanonicalizeW
UrlIsW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpW
StrCmpNW
StrToIntW
StrCmpNIW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-file-l1-1-0

FlushFileBuffers
CreateFileW
GetFileType
ReadFile
WriteFile
SetEndOfFile

api-ms-win-core-shlwapi-legacy-l1-1-0

PathSearchAndQualifyW
PathIsRelativeW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllRegisterServer
DllSetProperty
DllUnregisterServer

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wpp_sf
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/res_mods/1.25.0.0/readme.txt
updates/res_mods/GdiPlus.dll
.dll windows:10 windows x86 arch:x86

a56220c2309938f551658c7cdd527f0f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

gdiplus.pdb

Imports

msvcrt

_lock
_initterm
malloc
_unlock
_XcptFilter
_vsnprintf
wcsnlen
_wcsdup
__dllonexit
wcscpy_s
_wcsupr_s
wcsncpy_s
wcsrchr
memcpy
memcmp
floor
_finite
wcsstr
wcsncmp
_wtoi
_onexit
_except_handler4_common
memmove
free
_amsg_exit
memmove_s
_purecall
memcpy_s
_vsnwprintf
_resetstkoflw
_CIatan
_CIatan2
_CIcos
_CIexp
_CIfmod
_CIlog
_CIsin
_CIsqrt
_ftol2
_ftol2_sse
memset

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FindResourceExW
GetModuleHandleA
LoadResource
FreeLibrary
LoadLibraryExA
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameW
GetProcAddress
LockResource
GetModuleHandleExW
GetModuleFileNameA
FreeLibraryAndExitThread

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
LeaveCriticalSection
SetEvent
CreateEventA
DeleteCriticalSection
EnterCriticalSection
OpenSemaphoreW
InitializeCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseSRWLockShared
CreateSemaphoreExW
ReleaseMutex
ReleaseSRWLockExclusive
WaitForSingleObjectEx
AcquireSRWLockExclusive
AcquireSRWLockShared
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapCreate
HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapDestroy

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
OpenProcessToken
GetCurrentProcessId
CreateThread

api-ms-win-core-localization-l1-2-0

IsDBCSLeadByteEx
LocaleNameToLCID
ConvertDefaultLocale
FormatMessageW
GetLocaleInfoW
IsValidLocale
GetACP
GetSystemDefaultLCID

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-com-l1-1-0

CoTaskMemFree
PropVariantClear
CreateStreamOnHGlobal
CoTaskMemAlloc

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalReAlloc
GlobalAlloc
GlobalFree
LocalFree

api-ms-win-core-file-l1-1-0

SetFilePointer
GetFileTime
GetFileInformationByHandle
CreateFileA
ReadFile
WriteFile
CreateFileW
LockFile
FlushFileBuffers
GetFileSize
SetEndOfFile
UnlockFile

api-ms-win-core-memory-l1-1-0

VirtualAlloc
MapViewOfFile
UnmapViewOfFile
VirtualFree

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
MultiByteToWideChar

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetVersionExA
GetSystemInfo

api-ms-win-core-processenvironment-l1-1-0

SearchPathW

api-ms-win-core-rtlsupport-l1-2-0

RtlRaiseException

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-kernel32-legacy-l1-1-0

CreateFileMappingA
MulDiv

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalSize
GlobalUnlock

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

user32

WindowFromDC
GetWindowRect
GetSysColor
DefWindowProcW
RegisterClassW
RegisterWindowMessageW
CreateWindowExW
SetWindowPos
DestroyWindow
UnregisterClassW
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
GetClientRect
GetIconInfo
CreateIconIndirect
GetDCEx
GetWindowLongW
GetClassLongW
ClientToScreen
IntersectRect
IsRectEmpty
LoadImageW
GetSystemMetrics
SystemParametersInfoW
GetDC
ReleaseDC
DispatchMessageW
InflateRect
SetRectEmpty
UnionRect
GetDesktopWindow
OffsetRect

gdi32

SetICMMode
LPtoDP
GetDCOrgEx
GetRandomRgn
GetDeviceCaps
ArcTo
SetArcDirection
SetPaletteEntries
ResizePalette
RoundRect
Ellipse
Pie
Chord
Arc
AngleArc
PolyDraw
GetPath
AbortPath
FlattenPath
WidenPath
GetTextCharset
GetCurrentPositionEx
GetWinMetaFileBits
PlayEnhMetaFile
ExcludeClipRect
GetRgnBox
OffsetClipRgn
PlgBlt
BitBlt
OffsetViewportOrgEx
SetMapperFlags
CombineTransform
ScaleViewportExtEx
ScaleWindowExtEx
IsValidEnhMetaRecordOffExt
CreatePen
CreateDIBitmap
CreatePatternBrush
EnumFontsW
GetClipRgn
ExtCreateRegion
SelectClipPath
PolyPolyline
Polyline
StrokeAndFillPath
FillPath
PolyBezier
SetPolyFillMode
LineTo
ModifyWorldTransform
GetGraphicsMode
ExtTextOutA
ExtSelectClipRgn
GetPixel
SetMiterLimit
FillRgn
CreateSolidBrush
StrokePath
EndPath
CloseFigure
PolylineTo
PolyBezierTo
MoveToEx
BeginPath
StretchBlt
GetNearestPaletteIndex
CreateCompatibleBitmap
GetNearestColor
SetStretchBltMode
PolyPolygon
PlayMetaFileRecord
SetTextJustification
SetTextAlign
Polygon
IntersectClipRect
CreatePenIndirect
ExtCreatePen
DPtoLP
CreateDIBPatternBrushPt
Rectangle
SetROP2
GetROP2
GetWorldTransform
CombineRgn
StretchDIBits
GetPolyFillMode
GetArcDirection
GetTextAlign
GetBkMode
GetMiterLimit
GetWindowExtEx
GetViewportExtEx
GetWindowOrgEx
GetMapMode
SelectClipRgn
SetBrushOrgEx
GetTextColor
GetBkColor
TranslateCharsetInfo
GetTextCharsetInfo
ExtTextOutW
SetBitmapBits
GetDCDpiScaleValue
SetDIBColorTable
CreateEnhMetaFileW
GdiComment
GetEnhMetaFileBits
CopyMetaFileA
CopyEnhMetaFileA
GetEnhMetaFileW
GetMetaFileW
GetObjectType
GetEnhMetaFileHeader
GetMetaFileBitsEx
SetMetaFileBitsEx
CloseEnhMetaFile
PlayMetaFile
CreateEnhMetaFileA
SetEnhMetaFileBits
DeleteMetaFile
DeleteEnhMetaFile
SetWorldTransform
SetGraphicsMode
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
SetMapMode
SaveDC
SetMetaRgn
EnumMetaFile
EnumEnhMetaFile
PlayEnhMetaFileRecord
RestoreDC
DrawEscape
CreateICA
EnumFontFamiliesExW
GetTextFaceW
GetTextMetricsW
CreateFontIndirectA
CreateFontIndirectW
RealizePalette
GetPaletteEntries
SetDIBits
SetBkMode
SetBkColor
SetTextColor
CreateBitmap
PatBlt
CreateBrushIndirect
GdiFlush
CreateDIBSection
GetObjectW
GetStockObject
GetDIBColorTable
DeleteDC
GetDIBits
SelectObject
CreateCompatibleDC
SelectPalette
Escape
ExtEscape
GetObjectA
GetCurrentObject
DeleteObject
GetViewportOrgEx
GetRegionData
GetSystemPaletteEntries
CreatePalette
GetSystemPaletteUse
ScaleRgn
CreateRectRgn

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

GdipAddPathArc
GdipAddPathArcI
GdipAddPathBezier
GdipAddPathBezierI
GdipAddPathBeziers
GdipAddPathBeziersI
GdipAddPathClosedCurve
GdipAddPathClosedCurve2
GdipAddPathClosedCurve2I
GdipAddPathClosedCurveI
GdipAddPathCurve
GdipAddPathCurve2
GdipAddPathCurve2I
GdipAddPathCurve3
GdipAddPathCurve3I
GdipAddPathCurveI
GdipAddPathEllipse
GdipAddPathEllipseI
GdipAddPathLine
GdipAddPathLine2
GdipAddPathLine2I
GdipAddPathLineI
GdipAddPathPath
GdipAddPathPie
GdipAddPathPieI
GdipAddPathPolygon
GdipAddPathPolygonI
GdipAddPathRectangle
GdipAddPathRectangleI
GdipAddPathRectangles
GdipAddPathRectanglesI
GdipAddPathString
GdipAddPathStringI
GdipAlloc
GdipBeginContainer
GdipBeginContainer2
GdipBeginContainerI
GdipBitmapApplyEffect
GdipBitmapConvertFormat
GdipBitmapCreateApplyEffect
GdipBitmapGetHistogram
GdipBitmapGetHistogramSize
GdipBitmapGetPixel
GdipBitmapLockBits
GdipBitmapSetPixel
GdipBitmapSetResolution
GdipBitmapUnlockBits
GdipClearPathMarkers
GdipCloneBitmapArea
GdipCloneBitmapAreaI
GdipCloneBrush
GdipCloneCustomLineCap
GdipCloneFont
GdipCloneFontFamily
GdipCloneImage
GdipCloneImageAttributes
GdipCloneMatrix
GdipClonePath
GdipClonePen
GdipCloneRegion
GdipCloneStringFormat
GdipClosePathFigure
GdipClosePathFigures
GdipCombineRegionPath
GdipCombineRegionRect
GdipCombineRegionRectI
GdipCombineRegionRegion
GdipComment
GdipConvertToEmfPlus
GdipConvertToEmfPlusToFile
GdipConvertToEmfPlusToStream
GdipCreateAdjustableArrowCap
GdipCreateBitmapFromDirectDrawSurface
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromGraphics
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipCreateBitmapFromResource
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateCachedBitmap
GdipCreateCustomLineCap
GdipCreateEffect
GdipCreateFont
GdipCreateFontFamilyFromName
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCreateFontFromLogfontW
GdipCreateFromHDC
GdipCreateFromHDC2
GdipCreateFromHWND
GdipCreateFromHWNDICM
GdipCreateHBITMAPFromBitmap
GdipCreateHICONFromBitmap
GdipCreateHalftonePalette
GdipCreateHatchBrush
GdipCreateImageAttributes
GdipCreateLineBrush
GdipCreateLineBrushFromRect
GdipCreateLineBrushFromRectI
GdipCreateLineBrushFromRectWithAngle
GdipCreateLineBrushFromRectWithAngleI
GdipCreateLineBrushI
GdipCreateMatrix
GdipCreateMatrix2
GdipCreateMatrix3
GdipCreateMatrix3I
GdipCreateMetafileFromEmf
GdipCreateMetafileFromFile
GdipCreateMetafileFromStream
GdipCreateMetafileFromWmf
GdipCreateMetafileFromWmfFile
GdipCreatePath
GdipCreatePath2
GdipCreatePath2I
GdipCreatePathGradient
GdipCreatePathGradientFromPath
GdipCreatePathGradientI
GdipCreatePathIter
GdipCreatePen1
GdipCreatePen2
GdipCreateRegion
GdipCreateRegionHrgn
GdipCreateRegionPath
GdipCreateRegionRect
GdipCreateRegionRectI
GdipCreateRegionRgnData
GdipCreateSolidFill
GdipCreateStreamOnFile
GdipCreateStringFormat
GdipCreateTexture
GdipCreateTexture2
GdipCreateTexture2I
GdipCreateTextureIA
GdipCreateTextureIAI
GdipDeleteBrush
GdipDeleteCachedBitmap
GdipDeleteCustomLineCap
GdipDeleteEffect
GdipDeleteFont
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeleteMatrix
GdipDeletePath
GdipDeletePathIter
GdipDeletePen
GdipDeletePrivateFontCollection
GdipDeleteRegion
GdipDeleteStringFormat
GdipDisposeImage
GdipDisposeImageAttributes
GdipDrawArc
GdipDrawArcI
GdipDrawBezier
GdipDrawBezierI
GdipDrawBeziers
GdipDrawBeziersI
GdipDrawCachedBitmap
GdipDrawClosedCurve
GdipDrawClosedCurve2
GdipDrawClosedCurve2I
GdipDrawClosedCurveI
GdipDrawCurve
GdipDrawCurve2
GdipDrawCurve2I
GdipDrawCurve3
GdipDrawCurve3I
GdipDrawCurveI
GdipDrawDriverString
GdipDrawEllipse
GdipDrawEllipseI
GdipDrawImage
GdipDrawImageFX
GdipDrawImageI
GdipDrawImagePointRect
GdipDrawImagePointRectI
GdipDrawImagePoints
GdipDrawImagePointsI
GdipDrawImagePointsRect
GdipDrawImagePointsRectI
GdipDrawImageRect
GdipDrawImageRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipDrawLine
GdipDrawLineI
GdipDrawLines
GdipDrawLinesI
GdipDrawPath
GdipDrawPie
GdipDrawPieI
GdipDrawPolygon
GdipDrawPolygonI
GdipDrawRectangle
GdipDrawRectangleI
GdipDrawRectangles
GdipDrawRectanglesI
GdipDrawString
GdipEmfToWmfBits
GdipEndContainer
GdipEnumerateMetafileDestPoint
GdipEnumerateMetafileDestPointI
GdipEnumerateMetafileDestPoints
GdipEnumerateMetafileDestPointsI
GdipEnumerateMetafileDestRect
GdipEnumerateMetafileDestRectI
GdipEnumerateMetafileSrcRectDestPoint
GdipEnumerateMetafileSrcRectDestPointI
GdipEnumerateMetafileSrcRectDestPoints
GdipEnumerateMetafileSrcRectDestPointsI
GdipEnumerateMetafileSrcRectDestRect
GdipEnumerateMetafileSrcRectDestRectI
GdipFillClosedCurve
GdipFillClosedCurve2
GdipFillClosedCurve2I
GdipFillClosedCurveI
GdipFillEllipse
GdipFillEllipseI
GdipFillPath
GdipFillPie
GdipFillPieI
GdipFillPolygon
GdipFillPolygon2
GdipFillPolygon2I
GdipFillPolygonI
GdipFillRectangle
GdipFillRectangleI
GdipFillRectangles
GdipFillRectanglesI
GdipFillRegion
GdipFindFirstImageItem
GdipFindNextImageItem
GdipFlattenPath
GdipFlush
GdipFree
GdipGetAdjustableArrowCapFillState
GdipGetAdjustableArrowCapHeight
GdipGetAdjustableArrowCapMiddleInset
GdipGetAdjustableArrowCapWidth
GdipGetAllPropertyItems
GdipGetBrushType
GdipGetCellAscent
GdipGetCellDescent
GdipGetClip
GdipGetClipBounds
GdipGetClipBoundsI
GdipGetCompositingMode
GdipGetCompositingQuality
GdipGetCustomLineCapBaseCap
GdipGetCustomLineCapBaseInset
GdipGetCustomLineCapStrokeCaps
GdipGetCustomLineCapStrokeJoin
GdipGetCustomLineCapType
GdipGetCustomLineCapWidthScale
GdipGetDC
GdipGetDpiX
GdipGetDpiY
GdipGetEffectParameterSize
GdipGetEffectParameters
GdipGetEmHeight
GdipGetEncoderParameterList
GdipGetEncoderParameterListSize
GdipGetFamily
GdipGetFamilyName
GdipGetFontCollectionFamilyCount
GdipGetFontCollectionFamilyList
GdipGetFontHeight
GdipGetFontHeightGivenDPI
GdipGetFontSize
GdipGetFontStyle
GdipGetFontUnit
GdipGetGenericFontFamilyMonospace
GdipGetGenericFontFamilySansSerif
GdipGetGenericFontFamilySerif
GdipGetHatchBackgroundColor
GdipGetHatchForegroundColor
GdipGetHatchStyle
GdipGetHemfFromMetafile
GdipGetImageAttributesAdjustedPalette
GdipGetImageBounds
GdipGetImageDecoders
GdipGetImageDecodersSize
GdipGetImageDimension
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetImageFlags
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetImageHorizontalResolution
GdipGetImageItemData
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipGetImageThumbnail
GdipGetImageType
GdipGetImageVerticalResolution
GdipGetImageWidth
GdipGetInterpolationMode
GdipGetLineBlend
GdipGetLineBlendCount
GdipGetLineColors
GdipGetLineGammaCorrection
GdipGetLinePresetBlend
GdipGetLinePresetBlendCount
GdipGetLineRect
GdipGetLineRectI
GdipGetLineSpacing
GdipGetLineTransform
GdipGetLineWrapMode
GdipGetLogFontA
GdipGetLogFontW
GdipGetMatrixElements
GdipGetMetafileDownLevelRasterizationLimit
GdipGetMetafileHeaderFromEmf
GdipGetMetafileHeaderFromFile
GdipGetMetafileHeaderFromMetafile
GdipGetMetafileHeaderFromStream
GdipGetMetafileHeaderFromWmf
GdipGetNearestColor
GdipGetPageScale
GdipGetPageUnit
GdipGetPathData
GdipGetPathFillMode
GdipGetPathGradientBlend
GdipGetPathGradientBlendCount
GdipGetPathGradientCenterColor
GdipGetPathGradientCenterPoint
GdipGetPathGradientCenterPointI
GdipGetPathGradientFocusScales
GdipGetPathGradientGammaCorrection
GdipGetPathGradientPath
GdipGetPathGradientPointCount
GdipGetPathGradientPresetBlend
GdipGetPathGradientPresetBlendCount
GdipGetPathGradientRect
GdipGetPathGradientRectI
GdipGetPathGradientSurroundColorCount
GdipGetPathGradientSurroundColorsWithCount
GdipGetPathGradientTransform
GdipGetPathGradientWrapMode
GdipGetPathLastPoint
GdipGetPathPoints
GdipGetPathPointsI
GdipGetPathTypes
GdipGetPathWorldBounds
GdipGetPathWorldBoundsI
GdipGetPenBrushFill
GdipGetPenColor
GdipGetPenCompoundArray
GdipGetPenCompoundCount
GdipGetPenCustomEndCap
GdipGetPenCustomStartCap
GdipGetPenDashArray
GdipGetPenDashCap197819
GdipGetPenDashCount
GdipGetPenDashOffset
GdipGetPenDashStyle
GdipGetPenEndCap
GdipGetPenFillType
GdipGetPenLineJoin
GdipGetPenMiterLimit
GdipGetPenMode
GdipGetPenStartCap
GdipGetPenTransform
GdipGetPenUnit
GdipGetPenWidth
GdipGetPixelOffsetMode
GdipGetPointCount
GdipGetPropertyCount
GdipGetPropertyIdList
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGetPropertySize
GdipGetRegionBounds
GdipGetRegionBoundsI
GdipGetRegionData
GdipGetRegionDataSize
GdipGetRegionHRgn
GdipGetRegionScans
GdipGetRegionScansCount
GdipGetRegionScansI
GdipGetRenderingOrigin
GdipGetSmoothingMode
GdipGetSolidFillColor
GdipGetStringFormatAlign
GdipGetStringFormatDigitSubstitution
GdipGetStringFormatFlags
GdipGetStringFormatHotkeyPrefix
GdipGetStringFormatLineAlign
GdipGetStringFormatMeasurableCharacterRangeCount
GdipGetStringFormatTabStopCount
GdipGetStringFormatTabStops
GdipGetStringFormatTrimming
GdipGetTextContrast
GdipGetTextRenderingHint
GdipGetTextureImage
GdipGetTextureTransform
GdipGetTextureWrapMode
GdipGetVisibleClipBounds
GdipGetVisibleClipBoundsI
GdipGetWorldTransform
GdipGraphicsClear
GdipGraphicsSetAbort
GdipImageForceValidation
GdipImageGetFrameCount
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageRotateFlip
GdipImageSelectActiveFrame
GdipImageSetAbort
GdipInitializePalette
GdipInvertMatrix
GdipIsClipEmpty
GdipIsEmptyRegion
GdipIsEqualRegion
GdipIsInfiniteRegion
GdipIsMatrixEqual
GdipIsMatrixIdentity
GdipIsMatrixInvertible
GdipIsOutlineVisiblePathPoint
GdipIsOutlineVisiblePathPointI
GdipIsStyleAvailable
GdipIsVisibleClipEmpty
GdipIsVisiblePathPoint
GdipIsVisiblePathPointI
GdipIsVisiblePoint
GdipIsVisiblePointI
GdipIsVisibleRect
GdipIsVisibleRectI
GdipIsVisibleRegionPoint
GdipIsVisibleRegionPointI
GdipIsVisibleRegionRect
GdipIsVisibleRegionRectI
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipMeasureCharacterRanges
GdipMeasureDriverString
GdipMeasureString
GdipMultiplyLineTransform
GdipMultiplyMatrix
GdipMultiplyPathGradientTransform
GdipMultiplyPenTransform
GdipMultiplyTextureTransform
GdipMultiplyWorldTransform
GdipNewInstalledFontCollection
GdipNewPrivateFontCollection
GdipPathIterCopyData
GdipPathIterEnumerate
GdipPathIterGetCount
GdipPathIterGetSubpathCount
GdipPathIterHasCurve
GdipPathIterIsValid
GdipPathIterNextMarker
GdipPathIterNextMarkerPath
GdipPathIterNextPathType
GdipPathIterNextSubpath
GdipPathIterNextSubpathPath
GdipPathIterRewind
GdipPlayMetafileRecord
GdipPlayTSClientRecord
GdipPrivateAddFontFile
GdipPrivateAddMemoryFont
GdipRecordMetafile
GdipRecordMetafileFileName
GdipRecordMetafileFileNameI
GdipRecordMetafileI
GdipRecordMetafileStream
GdipRecordMetafileStreamI
GdipReleaseDC
GdipRemovePropertyItem
GdipResetClip
GdipResetImageAttributes
GdipResetLineTransform
GdipResetPageTransform
GdipResetPath
GdipResetPathGradientTransform
GdipResetPenTransform
GdipResetTextureTransform
GdipResetWorldTransform
GdipRestoreGraphics
GdipReversePath
GdipRotateLineTransform
GdipRotateMatrix
GdipRotatePathGradientTransform
GdipRotatePenTransform
GdipRotateTextureTransform
GdipRotateWorldTransform
GdipSaveAdd
GdipSaveAddImage
GdipSaveGraphics
GdipSaveImageToFile
GdipSaveImageToStream
GdipScaleLineTransform
GdipScaleMatrix

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/updates/Cache_Data/data_3
updates/updates/ILU.dll
.dll windows:6 windows x86 arch:x86

3767ebafb33fc69d2c48fc442fbb7241

Code Sign

54:7a:4b:d0:88:9d:3b:3a:47:cb:e4:b6
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/09/2023, 11:26

Not After

04/09/2024, 11:26

Subject

SERIALNUMBER=1037816024883,CN=LESTA LLC,O=LESTA LLC,STREET=Karl Faberge Square\, 8B room 40n,L=Saint Petersburg,ST=Saint Petersburg,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13105361696e742050657465727362757267,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:45

Not After

08/05/2033, 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:6f:22:25:d9:7f:0d:9a:97:18:e3:52:c3:65:30:ab:35:e6:f4:86:cf:7f:ca:0d:f4:3d:18:4f:0e:49:0b:a0
Signer

Actual PE Digest

3a:6f:22:25:d9:7f:0d:9a:97:18:e3:52:c3:65:30:ab:35:e6:f4:86:cf:7f:ca:0d:f4:3d:18:4f:0e:49:0b:a0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\branches\msvs2019\programming\bigworld_client\third_party\resil\projects\msvc14\Release-msvcrt\ILU.pdb

Imports

resil

_ilLoadImage@4
ilDeleteImages
ilGenImages
_ilConvertPal@4
_ilGetBppPal@4
_ilGetCurName@0
_ilIsImage@4
_ilClearImage@0
_ilGetClear@12
ilTexImage
ilBindImage
_iMirror@0
_iFlipBuffer@16
_ilResizeImage@24
_ilClearImage_@4
_iGetIntegervImage@12
ilGetData
_ilSetError@4
_icalloc@8
_ilCopyPixels@36
ilGetInteger
_ilCloseImage@4
_ilSetCurImage@4
_ifree@4
ilConvertImage
_ilGetPalBaseType@4
_ilGetCurImage@0
_ialloc@4
_ilCopyImageAttr@8
_ilNewImage@20
_iConvertImage@12

vcruntime140

memset
memcpy
_except_handler4_common
__std_type_info_destroy_list

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-runtime-l1-1-0

_initterm
_cexit
_execute_onexit_table
_seh_filter_dll
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_initterm_e

kernel32

GetSystemTimeAsFileTime
IsDebuggerPresent
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-crt-math-l1-1-0

ceil
_libm_sse2_sin_precise
_CIfmod
_libm_sse2_cos_precise
floor
_libm_sse2_sqrt_precise
_libm_sse2_pow_precise

Exports

Exports

_iluAlienify@0
_iluBlurAvg@4
_iluBlurGaussian@4
_iluBuildMipmaps@0
_iluColoursUsed@0
_iluCompareImage@4
_iluContrast@4
_iluConvolution@12
_iluCrop@24
_iluDeleteImage@4
_iluEdgeDetectE@0
_iluEdgeDetectP@0
_iluEdgeDetectS@0
_iluEmboss@0
_iluEnlargeCanvas@12
_iluEnlargeImage@12
_iluEqualize@0
_iluErrorString@4
_iluFlipImage@0
_iluGammaCorrect@4
_iluGenImage@0
_iluGetImageInfo@4
_iluGetInteger@4
_iluGetIntegerv@8
_iluGetString@4
_iluImageParameter@8
_iluInvertAlpha@0
_iluLoadImage@4
_iluMirror@0
_iluNegative@0
_iluNoisify@4
_iluPixelize@4
_iluRegionfv@8
_iluRegioniv@8
_iluReplaceColour@16
_iluRotate3D@16
_iluRotate3D_@20
_iluRotate@4
_iluRotate_@8
_iluSaturate1f@4
_iluSaturate4f@16
_iluScaleAlpha@4
_iluScaleColours@12
_iluScale_@16
_iluSetLanguage@4
_iluSharpen@8
_iluSwapColours@0
_iluWave@4
iluInit
iluScale

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/updates/Uninstall/unins000.exe
.exe windows:5 windows x86 arch:x86

ab2499e0e72dfad09db9c131cd20670f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
GetActiveObject
RegisterTypeLib
LoadTypeLib
SysFreeString
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
GetUserNameW
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
AdjustTokenPrivileges

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
WindowFromPoint
WaitMessage
WaitForInputIdle
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRectEmpty
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClassLongW
SetCapture
SetActiveWindow
SendNotifyMessageW
SendMessageTimeoutW
SendMessageA
SendMessageW
ScrollWindowEx
ScrollWindow
ScreenToClient
ReplyMessage
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OffsetRect
OemToCharBuffA
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MoveWindow
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageW
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClientRect
GetClassNameW
GetClassLongW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
ExitWindowsEx
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CopyIcon
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BringWindowToTop
BeginPaint
AppendMenuW
CharToOemBuffA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
SetCurrentDirectoryW
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCurrentDirectoryW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
lstrcpyW
lstrcmpW
WriteProfileStringW
WritePrivateProfileStringW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualFree
VirtualAlloc
TransactNamedPipe
TerminateProcess
SwitchToThread
SizeofResource
SignalObjectAndWait
SetThreadLocale
SetNamedPipeHandleState
SetLastError
SetFileTime
SetFilePointer
SetFileAttributesW
SetEvent
SetErrorMode
SetEndOfFile
SetCurrentDirectoryW
ResumeThread
ResetEvent
RemoveDirectoryW
ReleaseMutex
ReadFile
QueryPerformanceCounter
OpenProcess
OpenMutexW
MultiByteToWideChar
MulDiv
MoveFileExW
MoveFileW
LockResource
LocalFree
LocalFileTimeToFileTime
LoadResource
LoadLibraryExW
LoadLibraryW
LeaveCriticalSection
IsDBCSLeadByte
IsBadWritePtr
InitializeCriticalSection
GlobalUnlock
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryW
GetVersionExW
GetVersion
GetUserDefaultLangID
GetTickCount
GetThreadLocale
GetSystemTimeAsFileTime
GetSystemInfo
GetSystemDirectoryW
GetStdHandle
GetShortPathNameW
GetProfileStringW
GetProcAddress
GetPrivateProfileStringW
GetOverlappedResult
GetModuleHandleW
GetModuleFileNameW
GetLogicalDrives
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetExitCodeProcess
GetEnvironmentVariableW
GetDriveTypeW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryW
GetComputerNameW
GetCommandLineW
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchangeAdd
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FlushFileBuffers
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
EnumCalendarInfoW
EnterCriticalSection
DeviceIoControl
DeleteFileW
DeleteCriticalSection
CreateThread
CreateProcessW
CreateNamedPipeW
CreateMutexW
CreateFileW
CreateEventW
CreateDirectoryW
CopyFileW
CompareStringW
CompareFileTime
CloseHandle
Sleep

msimg32

AlphaBlend

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetViewportOrgEx
SetTextColor
SetTextAlign
SetStretchBltMode
SetROP2
SetPixel
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
RemoveFontResourceW
Rectangle
RectVisible
RealizePalette
Polyline
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
LineDDA
IntersectClipRect
GetWindowOrgEx
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
FrameRgn
ExtTextOutW
ExtFloodFill
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
Chord
BitBlt
Arc
AddFontResourceW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

mpr

WNetOpenEnumW
WNetGetUniversalNameW
WNetGetConnectionW
WNetEnumResourceW
WNetCloseEnum

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
StringFromCLSID
CoCreateInstance
CoFreeUnusedLibraries
CoUninitialize
CoInitialize
IsEqualGUID
CoDisconnectObject

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

shell32

ShellExecuteExW
ShellExecuteW
SHGetFileInfoW
ExtractIconW
SHGetPathFromIDListW
SHGetMalloc
SHChangeNotify
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
updates/updates/app_type.xml
.xml
updates/wpfgfx_v0400.dll
.dll windows:6 windows x86 arch:x86

7336ff0c696f257cdccd3f807e9476e2

Code Sign

33:00:00:01:3b:d1:be:db:f2:e2:e6:18:73:00:00:00:00:01:3b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/10/2019, 23:17

Not After

21/01/2021, 23:17

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:A841-4BB4-CA93,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3b:e1:84:1d:2b:7f:65:52:39:38:2f:07:ac:a2:ae:b7:7d:1b:b6:b0:ee:b9:6a:1d:33:27:68:0e:4e:d8:89:d1
Signer

Actual PE Digest

3b:e1:84:1d:2b:7f:65:52:39:38:2f:07:ac:a2:ae:b7:7d:1b:b6:b0:ee:b9:6a:1d:33:27:68:0e:4e:d8:89:d1

Digest Algorithm

sha256

PE Digest Matches

true

54:bc:9d:5f:99:c6:ac:6b:c1:58:bf:7d:5b:c0:b5:d4:1a:5d:f6:ea
Signer

Actual PE Digest

54:bc:9d:5f:99:c6:ac:6b:c1:58:bf:7d:5b:c0:b5:d4:1a:5d:f6:ea

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wpfgfx_v0400.pdb

Imports

advapi32

RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
AllocateLocallyUniqueId
RegCloseKey
TraceEvent
UnregisterTraceGuids
RegOpenKeyExW
RegQueryValueExW

kernel32

LoadLibraryExW
GetCurrentProcessId
CloseHandle
SetEvent
WaitForSingleObject
ResetEvent
CreateEventW
CreateThread
SetThreadPriority
GetCurrentThreadId
TryEnterCriticalSection
MulDiv
QueryPerformanceCounter
Sleep
FindResourceW
LoadResource
LockResource
FindClose
QueryPerformanceFrequency
InitializeSListHead
InterlockedPushEntrySList
QueryDepthSList
InterlockedFlushSList
VerSetConditionMask
SleepEx
RtlCaptureStackBackTrace
IsDebuggerPresent
ExitProcess
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
TerminateThread
GetCurrentThread
FindFirstFileW
GetSystemDirectoryW
SystemTimeToFileTime
LoadLibraryA
LoadLibraryExA
DebugBreak
GetModuleFileNameW
FreeLibrary
OutputDebugStringW
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
GetLastError
VirtualFree
VirtualAlloc
CreateFileMappingW
GetSystemTimeAsFileTime
WaitForSingleObjectEx
MapViewOfFile
UnmapViewOfFile
SizeofResource
GetTickCount
WaitForMultipleObjects
DisableThreadLibraryCalls
IsProcessorFeaturePresent
TerminateProcess
RaiseException
GetSystemInfo
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
GetProcAddress
VirtualProtect
GetVersionExW
GlobalUnlock
VirtualQuery

gdi32

SelectPalette
OffsetRgn
CreateCompatibleBitmap
RealizePalette
GetDIBits
GetSystemPaletteEntries
CreatePalette
DrawEscape
CreateCompatibleDC
SetLayout
GetRgnBox
SetRectRgn
CreateRectRgn
GetRegionData
RectInRegion
CombineRgn
CreateRectRgnIndirect
SelectObject
CreateDIBSection
DeleteObject
CreateICW
GetDeviceCaps
DeleteDC
BitBlt
GetRandomRgn

vcruntime140_clr0400

__RTDynamicCast
memcpy
memcmp
_CxxThrowException
__std_type_info_destroy_list
memset
_except_handler4_common
__vcrt_InitializeCriticalSectionEx
_set_se_translator
_purecall
__std_exception_destroy
memmove
__CxxFrameHandler3
__std_exception_copy

ucrtbase_clr0400

_copysign
_initterm_e
_initterm
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
modf
qsort
nextafterf
__stdio_common_vswprintf
_finite
_isnan
_wtoi
terminate
_invalid_parameter_noinfo_noreturn
_execute_onexit_table
_CIatan2
_CIcos
_CIexp
_CIfmod
_CIlog
_CIpow
_CIsin
_CIsqrt
_CItan
floor

msvcp140_clr0400

?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
_Mtx_init_in_situ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Winerror_message@std@@YAKKPADK@Z
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Mtx_destroy_in_situ

user32

GetMonitorInfoW
SystemParametersInfoW
EnumDisplaySettingsW
GetWindowLongW
GetParent
ScreenToClient
EnumDisplayMonitors
IsWindow
PeekMessageW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects
GetDesktopWindow
RegisterWindowMessageW
PostMessageW
WindowFromDC
SetRect
IntersectRect
EqualRect
GetGuiResources
ClientToScreen
GetClientRect
InvalidateRect
ReleaseDC
GetDC
GetWindowDC
SetLayeredWindowAttributes
EnumDisplayDevicesW
MonitorFromWindow
OffsetRect
UpdateLayeredWindow
IsRectEmpty
GetWindowRect

ole32

CoUninitialize
CoTaskMemAlloc
PropVariantCopy
PropVariantClear
CoInitialize
CoCreateInstance
CoTaskMemFree

oleaut32

VariantInit
SysAllocString
SysFreeString
VariantClear

ntdll

DbgBreakPoint
DbgPrompt
NtQuerySystemInformation
DbgPrintEx
RtlClearBits
RtlFindClearBitsAndSet
RtlSetBits
RtlInitializeBitMap
RtlVerifyVersionInfo
RtlInterlockedFlushSList

Exports

Exports

GetNextPerfElementId
IWICColorContext_GetExifColorSpace_Proxy
IWICColorContext_GetProfileBytes_Proxy
IWICColorContext_GetType_Proxy
InteropDeviceBitmap_AddDirtyRect
InteropDeviceBitmap_Create
InteropDeviceBitmap_Detach
InteropDeviceBitmap_GetAsSoftwareBitmap
MIL3DCalcProjected2DBounds
MILAddRef
MILCreateEventProxy
MILCreateFactory
MILCreateStreamFromStreamDescriptor
MILFactoryCreateBitmapRenderTarget
MILFactoryCreateMediaPlayer
MILFactoryCreateSWRenderTargetForBitmap
MILIStreamWrite
MILLoadResource
MILMediaCanPause
MILMediaClose
MILMediaGetBufferingProgress
MILMediaGetDownloadProgress
MILMediaGetMediaLength
MILMediaGetNaturalHeight
MILMediaGetNaturalWidth
MILMediaGetPosition
MILMediaHasAudio
MILMediaHasVideo
MILMediaIsBuffering
MILMediaNeedUIFrameUpdate
MILMediaOpen
MILMediaProcessExitHandler
MILMediaSetBalance
MILMediaSetIsScrubbingEnabled
MILMediaSetPosition
MILMediaSetRate
MILMediaSetVolume
MILMediaShutdown
MILMediaStop
MILQueryInterface
MILRelease
MILRenderTargetBitmapClear
MILRenderTargetBitmapGetBitmap
MILSwDoubleBufferedBitmapAddDirtyRect
MILSwDoubleBufferedBitmapCreate
MILSwDoubleBufferedBitmapGetBackBuffer
MILSwDoubleBufferedBitmapProtectBackBuffer
MILUpdateSystemParametersInfo
MilChannel_AppendCommandData
MilChannel_BeginCommand
MilChannel_CloseBatch
MilChannel_CommitChannel
MilChannel_EndCommand
MilChannel_GetMarshalType
MilChannel_SetNotificationWindow
MilChannel_SetReceiveBroadcastMessages
MilCompositionEngine_DeinitializePartitionManager
MilCompositionEngine_EnterCompositionEngineLock
MilCompositionEngine_ExitCompositionEngineLock
MilCompositionEngine_GetComposedEventId
MilCompositionEngine_InitializePartitionManager
MilCompositionEngine_UpdateSchedulerSettings
MilComposition_PeekNextMessage
MilComposition_SyncFlush
MilComposition_WaitForNextMessage
MilConnection_CreateChannel
MilConnection_DestroyChannel
MilContent_AttachToHwnd
MilContent_DetachFromHwnd
MilGlyphRun_GetGlyphOutline
MilGlyphRun_ReleasePathGeometryData
MilPlayer_Create
MilPlayer_Process
MilResource_CreateCWICWrapperBitmap
MilResource_CreateOrAddRefOnChannel
MilResource_DuplicateHandle
MilResource_GetRefCountOnChannel
MilResource_ReleaseOnChannel
MilResource_SendCommand
MilResource_SendCommandBitmapSource
MilResource_SendCommandMedia
MilUtility_ArcToBezier
MilUtility_CopyPixelBuffer
MilUtility_GeometryGetArea
MilUtility_GetPointAtLengthFraction
MilUtility_GetTileBrushMapping
MilUtility_PathGeometryBounds
MilUtility_PathGeometryCombine
MilUtility_PathGeometryFlatten
MilUtility_PathGeometryHitTest
MilUtility_PathGeometryHitTestPathGeometry
MilUtility_PathGeometryOutline
MilUtility_PathGeometryWiden
MilUtility_PolygonBounds
MilUtility_PolygonHitTest
MilVersionCheck
MilVisualTarget_AttachToHwnd
MilVisualTarget_DetachFromHwnd
RenderOptions_ForceSoftwareRenderingModeForProcess
RenderOptions_IsSoftwareRenderingForcedForProcess
SetMilPerfInstrumentationFlags
WgxConnection_Create
WgxConnection_Disconnect
WgxConnection_SameThreadPresent
WgxConnection_ShouldForceSoftwareForGraphicsStreamClient

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/wsp_health.dll
.dll regsvr32 windows:10 windows x86 arch:x86

df1d57630c25e1ade71bd85935a390f9

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8f:31:bb:f8:71:e7:11:95:c9:ab:de:ac:e6:d8:37:ec:c0:6e:34:9a:87:11:5f:35:f1:06:3d:3e:0a:f6:c7:aa
Signer

Actual PE Digest

8f:31:bb:f8:71:e7:11:95:c9:ab:de:ac:e6:d8:37:ec:c0:6e:34:9a:87:11:5f:35:f1:06:3d:3e:0a:f6:c7:aa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wsp_health.pdb

Imports

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetComputerNameExW
GetTickCount64

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW
GetModuleFileNameW
LoadStringW
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventActivityIdControl
EventWriteTransfer
EventSetInformation
EventUnregister

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetCurrentProcess
ExitProcess
OpenProcessToken
TlsFree
TlsSetValue
TerminateProcess
SetThreadToken
GetStartupInfoW
TlsGetValue
TlsAlloc
OpenThreadToken

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-heap-l1-1-0

HeapSize
HeapReAlloc
GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-synch-l1-1-0

CreateMutexExW
CreateSemaphoreExW
CreateEventW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeSRWLock
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
OpenSemaphoreW
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeCriticalSection
WaitForSingleObject
SetEvent
ResetEvent
ReleaseSemaphore
ReleaseMutex
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCommandLineW
SetStdHandle
GetStdHandle

api-ms-win-core-file-l1-1-0

FindClose
WriteFile
GetFileType
FindNextFileW
FindFirstFileExW
FlushFileBuffers
CreateFileW
SetFilePointerEx
FileTimeToLocalFileTime

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
MultiByteToWideChar
CompareStringEx
GetStringTypeW
CompareStringOrdinal

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
EnumSystemLocalesW
LCMapStringW
GetOEMCP
FormatMessageA
IsValidLocale
GetUserDefaultLCID
IsValidCodePage
LCMapStringEx
GetCPInfo
FormatMessageW
GetACP

api-ms-win-core-console-l1-1-0

WriteConsoleW
GetConsoleMode
GetConsoleOutputCP

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InterlockedPushEntrySList
InitializeSListHead
InterlockedPopEntrySList

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwind

api-ms-win-core-fibers-l1-1-0

FlsFree
FlsSetValue
FlsGetValue
FlsAlloc

ntdll

NtQuerySystemInformation
RtlNtStatusToDosError
RtlIpv4StringToAddressExW
RtlIpv6StringToAddressExW
RtlInitializeGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlEnumerateGenericTableAvl
RtlRemoveVectoredExceptionHandler

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
GetTokenInformation
DuplicateTokenEx
GetLengthSid
IsValidSid
CopySid

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-security-provider-l1-1-0

GetSecurityInfo

mispace

WspReferencesOfRemoteInstance
WspEnumerateRemoteInstances
WspProviderExit
WspGetSubsystemFilter
WspCheckMinimumSubsystemVersion
WspFreeString
WspIsRemoteInstance
WspInvokeRemoteMethod
WspPackObjectId
WspProviderEnter
WspUnpackObjectId
WspGetClassName
WspGetRemoteInstance

api-ms-win-core-synch-l1-2-0

InitOnceInitialize
Sleep
InitOnceExecuteOnce

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoCreateInstanceEx
CoCreateInstance

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
WaitForThreadpoolWorkCallbacks
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
CreateThreadpoolCleanupGroup
CloseThreadpoolWork
SubmitThreadpoolWork

crypt32

CryptUnprotectMemory
CryptProtectMemory

oleaut32

SysAllocString
SysFreeString

clusapi

CloseClusterGroup
CloseClusterResource
CloseClusterNetwork
CloseClusterNetInterface
GetClusterNetworkState
ClusterNetworkControl
SetClusterNetworkName
OpenClusterNetworkEx
EvictClusterNodeEx
ClusterNodeEnumEx
ResumeClusterNodeEx
PauseClusterNodeEx
GetClusterNodeState
ClusterNetInterfaceControl
GetClusterNetInterfaceState
ClusterNodeControl
OpenClusterNodeEx
CreateClusterResource
SetClusterGroupNodeList
SetClusterGroupName
CancelClusterGroupOperation
MoveClusterGroupEx
OnlineClusterGroupEx
OfflineClusterGroupEx
ClusterResourceTypeControl
DeleteClusterResourceType
DeleteClusterGroup
GetNodeClusterState
ClusterNodeGetEnumCountEx
CCHlpGetDNSHostLabel
ClusterResourceTypeOpenEnum
ClusterResourceTypeEnum
ClusterResourceTypeGetEnumCount
ClusterResourceOpenEnum
ClusterResourceEnum
ClusterResourceGetEnumCount
DestroyClusterGroup
ClusterNetworkOpenEnum
ClusterNetworkEnum
ClusterNetworkGetEnumCount
ClusterGroupOpenEnum
GetClusterGroupState
ClusterGroupEnum
ClusterGroupGetEnumCount
ClusterGroupOpenEnumEx
ClusterGroupEnumEx
ClusterGroupGetEnumCountEx
CreateCluster
CCHlpConfigureNode
CCHlpCreateClusterNameInAD
CreateClusterNotifyPortV2
RegisterClusterResourceTypeNotifyV2
ClusterResourceOpenEnumEx
ClusterResourceEnumEx
ClusterResourceGetEnumCountEx
GetClusterNotifyV2
CloseClusterNode
ClusterResourceCloseEnumEx
ClusterGroupCloseEnumEx
ClusterRegSetValue
ClusterGroupControl
OpenClusterGroupEx
ClusterNodeCloseEnumEx
RemoveClusterResourceNode
GetClusterKey
ClusterCloseEnumEx
ClusterGroupCloseEnum
AddClusterResourceNode
ClusterResourceCloseEnum
ClusterResourceTypeCloseEnum
GetClusterResourceKey
ClusterRegCloseKey
FailClusterResource
ClusterNetworkCloseEnum
RestartClusterResource
CloseClusterNotifyPort
SetClusterResourceDependencyExpression
GetClusterResourceDependencyExpression
OpenClusterEx
RemoveClusterResourceDependency
AddClusterNode
GetClusterInformation
GetClusterQuorumResource
AddClusterResourceDependency
ClusterControl
ChangeClusterResourceGroup
AddResourceToClusterSharedVolumes
OnlineClusterResourceEx
RemoveResourceFromClusterSharedVolumes
SetClusterQuorumResource
OfflineClusterResourceEx
SetClusterName
CreateClusterGroupEx
ClusterCloseEnum
GetClusterNodeKey
CreateClusterResourceType
DestroyCluster
CCHlpGetClusterServiceSecret
CCHlpAddNodeUpdateCluster
OpenClusterNode
ClusterUpgradeFunctionalLevel
ClusterGetEnumCount
ClusterOpenEnum
ClusterEnum
MoveClusterGroup
GetClusterFromResource
OpenClusterResource
CloseCluster
ClusterOpenEnumEx
ClusterEnumEx
ClusterGetEnumCountEx
ClusterRegQueryValue
ClusterNodeOpenEnumEx
OpenClusterResourceEx
ClusterResourceControl
SetClusterResourceName
OpenClusterNetInterfaceEx
GetClusterResourceState
DeleteClusterResource

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueEx

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

cryptsp

CryptGenRandom
CryptReleaseContext
CryptAcquireContextW

sscore

SsCoreUninitialize

ws2_32

htons
WSAStringToAddressW
WSAAddressToStringW
WSAGetLastError

resutils

ResUtilGetResourceName

mi

MI_Application_InitializeV1
mi_clientFT_V1

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main
PreShutdown
SetShutdownCallback
SmpUnload

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 1234

Password: 1234

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 458KB

.ndata Size: - Virtual size: 516KB

.rsrc Size: 45KB - Virtual size: 45KB

.reloc Size: 4KB - Virtual size: 3KB

Password: 1234

40e63787dbd8b01e488b84c1b879e331

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5fCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

f1:01:e3:e1:c5:ee:48:ab:ed:e3:6c:68:fb:4c:1e:a9:e4:95:a9:75:79:c0:94:fe:bd:90:3a:6f:29:ba:77:15Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

oleaut32

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-registry-l1-1-0

ntdll

api-ms-win-core-profile-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

rpcrt4

api-ms-win-core-synch-l1-2-0

propsys

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-synch-l1-2-1

api-ms-win-core-memory-l1-1-1

api-ms-win-core-heap-l2-1-0

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 458KB

.ndata
Size: - Virtual size: 516KB

.rsrc
Size: 45KB - Virtual size: 45KB

.reloc
Size: 4KB - Virtual size: 3KB

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

f1:01:e3:e1:c5:ee:48:ab:ed:e3:6c:68:fb:4c:1e:a9:e4:95:a9:75:79:c0:94:fe:bd:90:3a:6f:29:ba:77:15
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

RT_CODE
Size: 14KB - Virtual size: 13KB

RT_BSS
Size: - Virtual size: 40B

.data
Size: 16KB - Virtual size: 40KB

.idata
Size: 11KB - Virtual size: 11KB

.didat
Size: 512B - Virtual size: 120B

RT_DATA
Size: 8KB - Virtual size: 7KB

RT_CONST
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 50KB - Virtual size: 50KB

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

77:0a:c0:ca:0a:e2:c6:60:fe:a7:a0:4e:c6:66:a6:87:2a:4f:c7:08:16:f8:35:d1:f4:e3:f4:75:6d:43:3e:3c
Signer