968604ff6b863b0290aa50e25cd5df4521d88b9eadbc91be9a371d29caa8f4a1

Sharing

Copy URL

Twitter E-mail

General

Target

968604ff6b863b0290aa50e25cd5df4521d88b9eadbc91be9a371d29caa8f4a1
Size

3.9MB
MD5

f8556cacc1e3e3d32474abc388769f8b
SHA1

6d66b7cea78696a51580dc2962b743d06b4b4f6a
SHA256

968604ff6b863b0290aa50e25cd5df4521d88b9eadbc91be9a371d29caa8f4a1
SHA512

ee8b0815aaced717cc29560e1b29fbd006d76d38509186e581c743f6524e9ece4c6132181894d9a37d3ee7023622ba29f0def3de39221f7216a5ccff1e46dcfa
SSDEEP

98304:lCBkfOGZpC438mZirJKDIpVF2rran4r3K2FuZ:lCBSn39irQD6affF8

Score

1^/10

Malware Config

Signatures

Files

968604ff6b863b0290aa50e25cd5df4521d88b9eadbc91be9a371d29caa8f4a1
.cab
DesktopTargetServicedCompDB_Neutral.xml.cab
.cab
DesktopTargetServicedCompdb_Neutral.xml
.xml
Mitigation.dll
.dll windows:10 windows x64 arch:x64

43251209d7432f5b4f4ccc5292624d37

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d9:5f:4c:db:b2:8b:d1:8b:6f:82:a9:a6:62:0d:0e:81:33:e6:d9:d4:1f:af:7b:51:7f:39:9b:cc:1e:7b:c4:92
Signer

Actual PE Digest

d9:5f:4c:db:b2:8b:d1:8b:6f:82:a9:a6:62:0d:0e:81:33:e6:d9:d4:1f:af:7b:51:7f:39:9b:cc:1e:7b:c4:92

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

Mitigation.pdb

Imports

msvcrt

wcschr
_wcsnicmp
wcstoul
_purecall
iswspace
wcsrchr
_wcstoui64
__CxxFrameHandler3
memcmp
memcpy
memmove
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_vsnwprintf
_wcsicmp
memcpy_s
sprintf_s
swscanf_s
memset

ntdll

NtQueryInformationFile
RtlExpandEnvironmentStrings
NtClose
RtlReAllocateHeap
NtReadFile
RtlInitUnicodeString
NtWriteFile
RtlRaiseStatus
NtWaitForSingleObject
NtYieldExecution
RtlDosPathNameToNtPathName_U_WithStatus
RtlNtStatusToDosError
NtSetInformationFile
RtlAdjustPrivilege
RtlFreeHeap
RtlAllocateHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlGetVersion
NtOpenFile

kernel32

GetFileAttributesW
GetTimeZoneInformation
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
DisableThreadLibraryCalls
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentDirectoryW
GetFullPathNameW
LoadLibraryExW
Sleep
CreateFileW
FreeLibrary
CloseHandle
FindNextFileW
DeleteFileW
FindFirstFileW
GetSystemDirectoryW
FindClose
CompareStringW
GetProductInfo
GetLastError
GetSystemWindowsDirectoryW
GetProcessHeap
GetProcAddress
HeapAlloc
GetModuleHandleExW
HeapFree
OutputDebugStringW
CopyFileExW
SetFileInformationByHandle
GetCurrentThreadId
SetFileAttributesW
DeviceIoControl
SetLastError
GetFileInformationByHandleEx
GetSystemInfo
GetLongPathNameW
GetFinalPathNameByHandleW
CreateDirectoryW
SizeofResource
EnterCriticalSection
ExpandEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
WaitForSingleObject
LockResource
LoadResource
FindResourceW
LocalFree
MoveFileExW
DeleteCriticalSection
CreateProcessW
CopyFileW
WideCharToMultiByte
GetExitCodeProcess
GetFileInformationByHandle
IsDebuggerPresent
RaiseException

advapi32

OpenProcessToken
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
RegCreateKeyExW
SetNamedSecurityInfoW
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
RegSetKeySecurity
RegCopyTreeW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
AdjustTokenPrivileges
EventUnregister
EventRegister
RegDeleteKeyW
RegOpenKeyExW
EventWriteTransfer
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyValueW
StartServiceW
ControlService
QueryServiceStatus
ChangeServiceConfigW
OpenServiceW
OpenSCManagerW
RegSetKeyValueW
CloseServiceHandle

wintrust

CryptCATAdminReleaseContext
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext
WinVerifyTrust
WTHelperGetProvSignerFromChain
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
WTHelperProvDataFromStateData

crypt32

CertVerifyCertificateChainPolicy

Exports

Exports

CleanupCommitRequiredRegistryEntries
CleanupSafeOsImages
CreateMitigationManager
CryptcatsvcRebuild
DllMain
FixupEditionId

Sections

.text
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ReserveManager.dll
.dll windows:10 windows x64 arch:x64

e19f7d42b6ac1177ba275ae4681c9653

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e3:74:93:6d:ac:3d:59:ae:ff:77:7a:66:e6:5e:1e:5a:c6:3f:42:7c:86:30:97:b9:e5:28:b9:cb:00:82:e4:9e
Signer

Actual PE Digest

e3:74:93:6d:ac:3d:59:ae:ff:77:7a:66:e6:5e:1e:5a:c6:3f:42:7c:86:30:97:b9:e5:28:b9:cb:00:82:e4:9e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ReserveManager.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wcsnicmp
_o_free
_o_malloc
_o_realloc
_o_terminate
__C_specific_handler
_CxxThrowException
wcsstr
_o___stdio_common_vswprintf
_o__execute_onexit_table
_o___stdio_common_vsprintf_s
_o__crt_atexit
_o__configure_narrow_argv
_o___stdio_common_vsnprintf_s
_o__errno
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__callnewh
__CxxFrameHandler3
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcsncmp
strncmp
wcsncat

ntdll

NtDelayExecution
NtDuplicateToken
RtlDosPathNameToNtPathName_U
NtOpenKey
NtQueryObject
RtlInitializeCriticalSection
NtSetInformationThread
RtlDeleteCriticalSection
RtlUpcaseUnicodeChar
RtlReAllocateHeap
RtlFreeHeap
RtlAllocateHeap
RtlRaiseStatus
DbgPrintEx
NtAdjustPrivilegesToken
NtOpenProcessToken
NtOpenThreadToken
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtLoadKey2
NtSetInformationFile
NtCreateFile
RtlFormatCurrentUserKeyPath
RtlNtStatusToDosErrorNoTeb
RtlNtStatusToDosError
RtlFreeUnicodeString
NtFsControlFile
NtClose
NtUnloadKey2
NtFlushKey
NtCreatePrivateNamespace
NtQueryInformationFile
NtCreateMutant
NtOpenPrivateNamespace
VerSetConditionMask

api-ms-win-core-libraryloader-l1-1-0

GetProcAddress
GetModuleHandleW
LoadLibraryExW
GetModuleFileNameA
FreeLibrary
GetModuleHandleExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventActivityIdControl
EventUnregister
EventRegister

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegCloseKey
RegDeleteKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegGetValueW
RegOpenKeyExW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

rpcrt4

UuidCreate

api-ms-win-core-file-l1-1-0

DeleteFileW
SetFileAttributesW
GetFileAttributesW
RemoveDirectoryW
GetFullPathNameW
CreateDirectoryW
GetDiskFreeSpaceExW
GetFileInformationByHandle
CreateFileW
FindClose
GetFinalPathNameByHandleW
GetDiskFreeSpaceW
FindFirstFileW
FindNextFileW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeEx
CoUninitialize

api-ms-win-core-file-l2-1-1

OpenFileById

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
ReleaseSemaphore
CreateSemaphoreExW
WaitForSingleObjectEx
CreateMutexExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObject
ReleaseMutex

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-security-base-l1-1-0

GetTokenInformation
CreateWellKnownSid
AdjustTokenPrivileges

api-ms-win-core-registry-l2-1-0

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-kernel32-legacy-l1-1-0

LoadLibraryW

Exports

Exports

DisableReserves
EnableReserves
ForcePrepareForUninstall
ForcePrepareTIForReserveInitialization
GetReserveState
GetUpdateReserveManager
GetUpdateReserveManagerCBS
InitializeReservesAndUpdatePolicy
PrepareMachineForAuditMode
PrepareMachineForSysprepCleanup
ValidateMachineForSysprep

Sections

.text
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TurboStack.dll
.dll windows:10 windows x64 arch:x64

a00253d4dfa2fc52aa11f0ac28638036

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8e:5c:3e:3b:a9:2b:1a:61:31:00:b9:45:92:87:11:66:b6:1f:56:6b:5a:1f:14:d5:97:9b:48:30:5a:45:f1:80
Signer

Actual PE Digest

8e:5c:3e:3b:a9:2b:1a:61:31:00:b9:45:92:87:11:66:b6:1f:56:6b:5a:1f:14:d5:97:9b:48:30:5a:45:f1:80

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

TurboStack.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
_o__wsplitpath_s
memmove
_o_free
_o_isdigit
_o_malloc
_o_terminate
_o_tolower
_o_wcstoul
__C_specific_handler
wcschr
wcsrchr
wcsstr
__CxxFrameHandler3
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_CxxThrowException
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsncmp
memset

wcp

?RtlTraceFormat_PCLUTF8_STRING_AsLiteralString@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_IRtlDefinitionAppId@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?ParseProcessorArchitecture@Rtl@Identity@Windows@@YAJAEBU_LUNICODE_STRING@@PEAVPSEUDO_ARCH@123@PEA_N@Z
?CompareIdentityAttributeValue@Rtl@Identity@Windows@@YAJPEBU_LUNICODE_STRING@@0PEAH@Z
RtlDuplicateLUnicodeString
RtlDecodeUtf16LE
RtlEncodeUtf16LE
?ParseFromBlob@WcpManifest@@QEAAJAEBU_LBLOB@@PEAVStopWatch@Rtl@Windows@@@Z
?Initialize@CComponentAccessor@@QEAAJPEAUIRtlDefinitionIdentity@Rtl@Identity@Windows@@PEAUIRtlIdentityAuthority@345@@Z
RtlSmartUcsEncoder_Utf16LE
ApplyTransactionPOQsToSil
WriteWinnersFromChangelist
??0CRawInstallMap@InstallMap@@QEAA@XZ
??1CRawInstallMap@InstallMap@@QEAA@XZ
?Initialize@CRawInstallMap@InstallMap@@QEAAJ_NPEAUIRtlIdentityAuthority@Rtl@Identity@Windows@@PEAUIRtlKey@46@PEAUIRtlSystemIsolationLayer@46@@Z
?OpenFamilyMap@CRawInstallMap@InstallMap@@QEAAJ_NPEAUIRtlDefinitionIdentity@Rtl@Identity@Windows@@PEAUMapForFamily@2@PEA_N@Z
?AddInstallMarkToFamily@CRawInstallMap@InstallMap@@QEAAJPEAUMapForFamily@2@AEBT_FOUR_PART_VERSION@@@Z
?RemoveInstallMarkFromFamily@CRawInstallMap@InstallMap@@QEAAJPEAUMapForFamily@2@AEBT_FOUR_PART_VERSION@@@Z
?GetComponentWinningVersion@CRawInstallMap@InstallMap@@QEAAJPEAUIRtlDefinitionIdentity@Rtl@Identity@Windows@@PEAT_FOUR_PART_VERSION@@PEA_N_N@Z
?CleanupInstallMap@CRawInstallMap@InstallMap@@QEAAJXZ
RtlHashLUnicodeString
RtlCopyLUnicodeString
??1PrivilegeAcquisition@RtlSystemUtil@@QEAA@XZ
?Acquire@PrivilegeAcquisition@RtlSystemUtil@@QEAAJAEBU?$Vector@$$CBJ@Windows@@@Z
DelayExecution
RtlGetEncodingSizeUtf16
RtlDowncaseUCSCharacter
?DoesTargetHaveTestRootCert@@YAJPEAUIRtlSystemIsolationLayerPublic@Rtl@Windows@@PEA_N@Z
RtlDecodeUtf8
RtlCombineNtPathSegments
RtlConvertWin32FilePathToNtFilePath
?CoTaskMemFree@COM@Windows@@YAXPEBX@Z
?GetCurrentDllWin32Path@COM@Windows@@YAJPEAXPEAV?$Auto@U_LUNICODE_STRING@@@2@@Z
?GetWin32PathOfSiblingFile@COM@Windows@@YAJPEAXPEB_WPEAV?$Auto@U_LUNICODE_STRING@@@2@@Z
RtlCreateDefaultXmlWriter
RtlGetAppIdAuthority
?get_RebootIndicator@LocalInstallerServices@COM@WCP@Windows@@UEAAJPEAW4RebootIndicators@@@Z
ConvertNtStatusToHResult
RtlReportErrorPropagation
RtlReportErrorOrigination
?FileHashAlgorithmToDigest@Rtl@Cms@Windows@@YA?AW4_CMS_HASH_DIGESTMETHOD@23@K@Z
?put_RebootIndicator@LocalInstallerServices@COM@WCP@Windows@@UEAAJW4RebootIndicators@@@Z
?Close@?$Auto@U_SECURITY_DESCRIPTOR@@@Windows@@QEAAXXZ
?SilCreateKeys@Rtl@Windows@@YAJPEAUIRtlSystemIsolationLayerPublic@12@AEBU_LUNICODE_STRING@@@Z
?SilCreateDirectories@Rtl@Windows@@YAJPEAUIRtlSystemIsolationLayerPublic@12@AEBU_LUNICODE_STRING@@@Z
RtlReplaceSystemPathMappings
RtlGetSystem
?VerifyAdvancedInstaller@LocalInstallerServices@COM@WCP@Windows@@UEAAJPEB_W00PEAK@Z
?SilGetRegistryDWORD@Rtl@Windows@@YAJKPEAUIRtlKey@12@AEBU_LUNICODE_STRING@@PEAK2@Z
?MarkServicingStackCorruptHelper@LocalInstallerServices@COM@WCP@Windows@@UEAAJXZ
SilCreateBufferedSil
?ReplaceMacros@LocalInstallerServices@COM@WCP@Windows@@UEAAJKPEB_WPEAPEA_WPEAUIDefinitionIdentity@@@Z
?GetUTF8FileWriterStream@Rtl@Windows@@YAJPEAUIRtlFile@12@PEAV?$Auto@PEAUIRtlWOFOUCSStream@Rtl@Windows@@@2@@Z
MergeTwoChangeLists
?Release@LocalInstallerServices@COM@WCP@Windows@@UEAAKXZ
?AddRef@LocalInstallerServices@COM@WCP@Windows@@UEAAKXZ
?QueryInterface@LocalInstallerServices@COM@WCP@Windows@@UEAAJAEBU_GUID@@PEAPEAX@Z
GetFriendlyInstallerName
?TraceChangeList@Rtl@ComponentStore@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
??$ReplaceVariablesInStringCallthrough@U_LUNICODE_STRING@@@Rtl@Implementation@WCP@Windows@@YAJPEAXP6A?AU_RTL_UCSCHAR_DECODER_RETURN_VALUE@@PEBE1@ZPEBU_LBLOB@@PEAU_RTL_SMART_LBLOB_UCSCHAR_WRITING_CONTEXT@@@Z
ConvertHResultToNtStatus
?CompareSecurityDescriptorFromObjectAgainstManifest@Rtl@Implementation@WCP@Windows@@YAJKPEBU_SECURITY_DESCRIPTOR@@0PEA_N@Z
?ResolvePendingPhases@COM@Windows@@YAJKPEAVCQueueExecutor@12@PEA_N@Z
??0AIAsimovProvider@COM@Windows@@QEAA@XZ
?ConvertIn@COM@Windows@@YAJPEAUIDefinitionIdentity@@PEAPEAUIRtlDefinitionIdentity@Rtl@Identity@2@@Z
?FinalizeValue@CComponentInformationTableTraits@COM@Windows@@SAXAEAV?$Auto@PEAVCComponentInformation@COM@Windows@@@3@@Z
?Initialize@CQueueExecutor@COM@Windows@@QEAAJKPEB_WPEAVIComponentStoreHelper@23@PEAUIRtlSystemIsolationLayer@Rtl@3@PEAVCTransactionContent@23@@Z
??1CQueueExecutor@COM@Windows@@QEAA@XZ
??1CComponentInformation@COM@Windows@@QEAA@XZ
ExecuteMidgroundInstallers
?CopyOutPath@COM@Windows@@YAJPEBU_LUNICODE_STRING@@PEAPEA_W@Z
??1CShortcutInstaller@@QEAA@XZ
??1CGacPrimitiveInstaller@@QEAA@XZ
??0CGacPrimitiveInstaller@@QEAA@XZ
?ParseBase16String@Rtl@Implementation@WCP@Windows@@YAJKPEBE0P6A?AU_RTL_UCSCHAR_DECODER_RETURN_VALUE@@00@ZPEAU_LBLOB@@PEA_N@Z
??0CSecurityDescriptorFactory@Rtl@Implementation@WCP@Windows@@QEAA@XZ
??1CSecurityDescriptorFactory@Rtl@Implementation@WCP@Windows@@QEAA@XZ
?DecomposeSecurityDescriptor@Rtl@Implementation@WCP@Windows@@YAJPEBU_SECURITY_DESCRIPTOR@@PEAKPEAV?$Auto@U_SID@@@4@2PEAV?$Auto@U_ACL@@@4@3PEAG@Z
?FormatFourPartVersion@Rtl@Implementation@WCP@Windows@@YAJKAEBT_FOUR_PART_VERSION@@PEAE1P6A?AU_RTL_UCSCHAR_ENCODER_RETURN_VALUE@@K11@ZPEAPEAE@Z
?DecompressManifest@Rtl@Implementation@WCP@Windows@@YAJKPEAV?$Auto@U_LBLOB@@@4@PEAK@Z
??1CSysprepInstaller@@QEAA@XZ
??0CXmlCursor@@QEAA@XZ
?SilGetRegistryString@Rtl@Windows@@YAJKPEAUIRtlSystemIsolationLayerPublic@12@AEBU_LUNICODE_STRING@@1PEAV?$Auto@U_LUNICODE_STRING@@@2@PEAK@Z
?RtlTraceFormat_PCFOUR_PART_VERSION@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCULONGLONG@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCNTSTATUS@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCLONG@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCWSTR_AsLiteralString@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
??1CMigInfoInstaller@@QEAA@XZ
?RtlTraceFormat_PCLUNICODE_STRING_AsLiteralString@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCLBLOB@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
??0CMigInfoInstaller@@QEAA@XZ
?RtlTraceFormat_PCSTR_AsLiteralString@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCbool@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
??0CFileInstaller@@QEAA@XZ
?RtlTraceFormat_PCUSHORT_AsProcessorArchitecture@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCULONG@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
??1CRegistryInstaller@@QEAA@XZ
?RtlTraceVa@Rtl@WCP@Windows@@YAXKKPEAU_RTL_TRACING_FACILITY@123@QEBD_KPEAD@Z
?RtlTraceFormat_PCHRESULT@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
IsCompactOSEnabled
?RtlTraceFormat_IRtlBaseIdentity@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
??0CRegistryInstaller@@QEAA@XZ
?RtlIsTracingEnabled@Rtl@WCP@Windows@@YA_NPEAU_RTL_TRACING_FACILITY@123@K@Z
RtlHashLUtf8String
RtlFreeLUtf8String
?RtlTraceFormat@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBUIRtlSystemIsolationLayerWithPOQ@13@@Z
?RtlFormatIntoStreamFromParameterList@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@QEBD_KQEBU_RTL_TRACING_PARAMETER@123@@Z
?RtlTraceFormat_PCULONG_AsWin32Error@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
??1CSettingsInstaller@@QEAA@XZ
??1CBackupFileCreator@PrimitiveInstaller@@QEAA@XZ
?Close@?$Auto@U_SID@@@Windows@@QEAAXXZ
??0CBackupFileCreator@PrimitiveInstaller@@QEAA@XZ
IsIdentityPnPDriver
RtlGetIdentityAuthority
?GetOutputStreamStreamFromSink@Tracing@Windows@@YAXPEAUIRtlOutputSink@Rtl@2@PEAPEAUIRtlFormattedOutputStream@42@@Z
?DestroyOutputStream@Tracing@Windows@@YAXPEAUIRtlFormattedOutputStream@Rtl@2@@Z
?Close@?$Auto@U_ACL@@@Windows@@QEAAXXZ
??0CBaseInstaller@PrimitiveInstaller@@IEAA@XZ
RtlGetPendingXmlVersion
RtlSplitNtPath
RtlReallocateLUnicodeString
?Close@CApplicationAccessor@@QEAAXXZ
?Initialize@CApplicationAccessor@@QEAAJPEAUIRtlDefinitionAppId@Rtl@AppId@Windows@@PEAUIRtlAppIdAuthority@345@@Z
?GenerateCatalogThumbprint@@YAJPEBU_LBLOB@@PEAV?$Auto@U_LUNICODE_STRING@@@Windows@@@Z
RtlSmartMultiUcsEncoder_Utf16LE
?RtlRunPrimitiveOperationsInXmlAgainstSil@@YAJW4RtlRunPrimitivesFlags@@_KPEAUIRtlSystemIsolationLayer@Rtl@Windows@@PEBU_LBLOB@@AEBU?$Vector@QEBU_UNICODE_STRING@@@4@P6AJPEBU_UNICODE_STRING@@PEAX@ZPEBU_POQ_PROGRESS_INFORMATION@@PEAU_POQ_CHECKPOINT_INFORMATION@@PEAU_POQ_FAILURE_INFORMATION@@PEAW4RtlRunPrimitivesDisposition@@@Z
RtlSplitLUnicodeString
RtlCompareLUnicodeStrings
??0CRawStoreLayout@ComponentStore@@QEAA@XZ
??1CRawStoreLayout@ComponentStore@@QEAA@XZ
?IsComponentFileStaged@CRawStoreLayout@ComponentStore@@SAJKAEBUComponentData@2@AEBU_LUNICODE_STRING@@PEA_N@Z
?GetTemporaryDirectory@CRawStoreLayout@ComponentStore@@QEAAJKPEAV?$Auto@PEAUIRtlDirectory@Rtl@Windows@@@Windows@@@Z
?InitializeTlcCanonicalData@CRawStoreLayout@ComponentStore@@QEAAJAEBVCApplicationAccessor@@PEAUTlcData@2@PEA_N@Z
?AddComponentImplication@CRawStoreLayout@ComponentStore@@QEAAJAEBUComponentData@2@PEAUTlcData@2@@Z
?RemoveComponentImplication@CRawStoreLayout@ComponentStore@@QEAAJAEBUComponentData@2@PEAUTlcData@2@@Z
?AddTlcMark@CRawStoreLayout@ComponentStore@@QEAAJKAEBUTlcInstaller@2@PEAUTlcData@2@@Z
?RemoveTlcMark@CRawStoreLayout@ComponentStore@@QEAAJKAEBUTlcInstaller@2@PEAUTlcData@2@@Z
?AddCatalogMarkFromTlc@CRawStoreLayout@ComponentStore@@QEAAJAEBU_LUNICODE_STRING@@PEAUTlcData@2@@Z
?Scavenge@CRawStoreLayout@ComponentStore@@QEAAJ_NAEBUScavengeControl@12@PEAUIRtlDirectory@Rtl@Windows@@PEAUIScavengeLastDitch@12@@Z
?DeletePendingFiles@CRawStoreLayout@ComponentStore@@QEAAJXZ
?ManuallyMarkComponentStaged@CRawStoreLayout@ComponentStore@@QEAAJAEBVCComponentAccessor@@PEBU_LBLOB@@@Z
?SetComponentFlag@CRawStoreLayout@ComponentStore@@QEAAJ_NKAEBUComponentData@2@@Z
?QueryComponentFlag@CRawStoreLayout@ComponentStore@@SAJAEBUComponentData@2@PEA_NPEAK@Z
?IsComponentFileDeltaOrLZMSCompressed@CRawStoreLayout@ComponentStore@@QEAAJAEBUComponentData@2@AEBU_LUNICODE_STRING@@PEA_N@Z
?Initialize@VersionedIndexHelper@ComponentStore@@QEAAJPEAUIRtlKey@Rtl@Windows@@_NPEAVIStoreLayoutHelper@2@PEAUIRtlIdentityAuthority@4Identity@5@@Z
?OpenComponentDerivedData@VersionedIndexHelper@ComponentStore@@QEAAJ_NPEBU_LUNICODE_STRING@@1PEAUComponentData@2@PEA_N@Z
?InitComponentData@VersionedIndexHelper@ComponentStore@@QEAAJ_NPEAUIRtlDefinitionIdentity@Rtl@Identity@Windows@@PEAUComponentData@2@PEA_N@Z
?QueryUnchangedFileVersions@VersionedIndexHelper@ComponentStore@@QEAAJ_N0PEAUIRtlDefinitionIdentity@Rtl@Identity@Windows@@AEBU_LUNICODE_STRING@@AEBU_LBLOB@@PEAV?$CVector@T_FOUR_PART_VERSION@@VCCallDisposition@Rtl@BUCL@@@BUCL@@PEA_N@Z
?ReadKeyValue@ComponentStore@@YAJPEAUIRtlKey@Rtl@Windows@@PEBU_LUNICODE_STRING@@PEAV?$Auto@U_LBLOB@@@4@PEAPEBU_KEY_VALUE_PARTIAL_INFORMATION@@PEA_N@Z
?FinalizeChanges@CCoordinator@PrimitiveInstaller@@QEAAJXZ
?ProcessChange@CCoordinator@PrimitiveInstaller@@QEAAJAEBUComponentChange@2@@Z
RtlCopyLBlob
?Initialize@CCoordinator@PrimitiveInstaller@@QEAAJKKKPEAUIRtlPrimitiveInstallerSupport@Rtl@PrimitiveInstallers@Windows@@PEAUIRtlPrimitiveInstallerRepairCallback@456@PEAUIRtlSystemIsolationLayer@46@@Z
RtlTranscodeLBlobs
?Close@CCatalog@@QEAAJXZ
?ReplaceSystemPathStringWithDefaultMacro@Rtl@ComponentMacroReplacement@@YAJW4ReplaceSystemPathStringWithDefaultMacroFlags@12@AEBU_LUNICODE_STRING@@PEAV?$Auto@U_LUNICODE_STRING@@@Windows@@PEAW4ReplaceSystemPathStringWithDefaultMacroDisposition@12@@Z
?Create@CCatalog@@QEAAJKKPEBU_LBLOB@@PEAK@Z
?VerifySigner@CCatalog@@QEAAJPEAUIRtlSystemIsolationLayer@Rtl@Windows@@@Z
RtlCreateUtf8UCSStringBuilder
?VerifyCertChainRoot@CCatalog@@QEAAJKPEAK@Z
?FindSubject@CCatalog@@QEBAJKPEBU_LBLOB@@PEA_NPEAJ@Z
RtlXmlDestroyNextLogicalThing
?RtlWcpParseManifestFromXml@Rtl@Implementation@WCP@Windows@@YAJKPEBU_LBLOB@@PEAUIParseErrorCallback@1Microdom@4@PEAUIRtlManifestParseErrorCallback@1ManifestParser@4@PEAV?$Auto@PEAVIRtlCdf@Rtl@Cdf@Windows@@@4@@Z
?SilGetRegistryDWORD@Rtl@Windows@@YAJKPEAUIRtlSystemIsolationLayerPublic@12@AEBU_LUNICODE_STRING@@1PEAK2@Z
RtlAllocateLBlob
RtlParseDottedVersion
?ParseFromBlob@WcpManifest@@QEAAJW4ParseDocumentFlags@XmlParserGenerator@@AEBU_LBLOB@@PEAVStopWatch@Rtl@Windows@@@Z
RtlHashLBlob
?GetComponentAbsolutePath@CRawStoreLayout@ComponentStore@@QEAAJKPEAUIRtlDefinitionIdentity@Rtl@Identity@Windows@@PEAV?$Auto@U_LUNICODE_STRING@@@6@@Z
?InitializeStoreContext@CRawStoreLayout@ComponentStore@@QEAAJKPEAUIRtlIdentityAuthority@Rtl@Identity@Windows@@PEAUIRtlAppIdAuthority@4AppId@6@PEAUIRtlSystemIsolationLayer@46@2PEAUIRtlKey@46@3AEAVCRawInstallMap@InstallMap@@PEAUIRtlDirectory@46@5@Z
GetPrimitiveInstallerSupport
?Finalize@ExecutionQueueDeriver@AiQueue@@QEAAJPEAV?$Auto@U?$Vector@VExecutionQueueEntry@AiQueue@@@Windows@@@Windows@@PEAK@Z
?AddInspect@ExecutionQueueDeriver@AiQueue@@QEAAJAEBVWcpManifest@@@Z
?AddChange@ExecutionQueueDeriver@AiQueue@@QEAAJPEBVWcpManifest@@0@Z
?DoesManifestContainAIs@ExecutionQueueDeriver@AiQueue@@QEAAJAEBVWcpManifest@@PEA_N@Z
?ShouldRunAIs@ExecutionQueueDeriver@AiQueue@@QEAAJPEAUIRtlDefinitionIdentity@Rtl@Identity@Windows@@PEA_N@Z
?Initialize@ExecutionQueueDeriver@AiQueue@@QEAAJKKK_KPEAUIRtlSystemIsolationLayer@Rtl@Windows@@1PEBV?$CVector@UTransformsChangeQueueEntry@AiQueue@@VCCallDisposition@Rtl@BUCL@@@BUCL@@@Z
IsSkuAssembly
?ConvertStringSecurityDescriptor@CSecurityDescriptorFactory@Rtl@Implementation@WCP@Windows@@QEBAJKAEBU_LUNICODE_STRING@@PEAV?$Auto@U_SECURITY_DESCRIPTOR@@@5@PEAK@Z
?ReplaceMacros@LocalTransformerServices@COM@WCP@Windows@@UEAAJKPEB_WPEAPEA_WK@Z
?GetParameter@LocalTransformerServices@COM@WCP@Windows@@UEAAJKPEB_WPEAPEA_WPEAK@Z
?TryGetRollbackStorageDirectory@LocalTransformerServices@COM@WCP@Windows@@UEAAJKPEAPEAUIRtlDirectory@Rtl@4@@Z
?TryGetRollbackStorageKey@LocalTransformerServices@COM@WCP@Windows@@UEAAJKPEAPEAUIRtlKey@Rtl@4@@Z
?GetUserProfile@LocalTransformerServices@COM@WCP@Windows@@UEAAJPEAPEAUIRtlUserProfile@Rtl@4@@Z
?GetSystem@LocalTransformerServices@COM@WCP@Windows@@UEAAJPEAPEAUIRtlSystemIsolationLayerPublic@Rtl@4@@Z
?GetIsolationAllocator@LocalTransformerServices@COM@WCP@Windows@@UEAAJPEAPEAUIMalloc@@@Z
?Release@LocalTransformerServices@COM@WCP@Windows@@UEAAKXZ
?AddRef@LocalTransformerServices@COM@WCP@Windows@@UEAAKXZ
?QueryInterface@LocalTransformerServices@COM@WCP@Windows@@UEAAJAEBU_GUID@@PEAPEAX@Z
?IsSafeMode@LocalInstallerServices@COM@WCP@Windows@@UEAAJPEA_N@Z
?IsPhysicallyOffline@LocalInstallerServices@COM@WCP@Windows@@UEAA_NXZ
?QuerySingleResourceOwnershipConfiguration@LocalInstallerServices@COM@WCP@Windows@@UEAAJPEA_N@Z
?QuerySmiHiveUpdatesConfiguration@LocalInstallerServices@COM@WCP@Windows@@UEAAJPEAK@Z
?IsSkuAssembly@LocalInstallerServices@COM@WCP@Windows@@UEAA_NXZ
?IsStateSeparated@LocalInstallerServices@COM@WCP@Windows@@UEAA_NXZ
?PoqWasExecutedInline@LocalInstallerServices@COM@WCP@Windows@@UEAA_NXZ
?IsMobileStore@LocalInstallerServices@COM@WCP@Windows@@UEAA_NXZ
?get_UserProfile@LocalInstallerServices@COM@WCP@Windows@@UEAAJPEAPEAUIRtlUserProfile@Rtl@4@@Z
?get_System@LocalInstallerServices@COM@WCP@Windows@@UEAAJPEAPEAUIRtlSystemIsolationLayerPublic@Rtl@4@@Z
?get_IsolationAllocator@LocalInstallerServices@COM@WCP@Windows@@UEAAJPEAPEAUIMalloc@@@Z
?AddInstallerFailureAnnotation@LocalInstallerServices@COM@WCP@Windows@@UEAAJKPEA_W@Z
?AcquireInstallerComponentPath@LocalInstallerServices@COM@WCP@Windows@@UEAAJKPEAUIDefinitionIdentity@@PEAPEA_WPEAK@Z
?VirtualPathToPhysical@LocalInstallerServices@COM@WCP@Windows@@UEAAJKPEB_WPEAPEA_W@Z
?CompressManifest@Rtl@Implementation@WCP@Windows@@YAJK_NPEBU_LBLOB@@PEAUIRtlFile@14@@Z
?get_TargetProcessorArchitecture@LocalInstallerServices@COM@WCP@Windows@@UEAAJPEAK@Z
RtlDestroyGrowingList
RtlIndexIntoGrowingList
RtlReallocateUnicodeString
ExpandAndNullTerminateEnvironmentVariableString
RtlConvertNtRegistryPathToWin32RegistryPath
?CoTaskMemAlloc@COM@Windows@@YAPEAX_K@Z
SilCreateRerootedSil
?IsManifestCompressed@Rtl@Implementation@WCP@Windows@@YAJPEBU_LBLOB@@PEA_N@Z
?RtlTraceFormat_PCULONG_AsHexadecimalOnly@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
RtlConvertWin32RegistryPathToNtRegistryPathWithSid
RtlDeallocateUnicodeString
RtlFreeLUnicodeString
RtlFreeLBlob
RtlDecodeBase64LUtf8StringToLBlob
RtlInitLUnicodeStringFromNullTerminatedString
RtlGetEncodingSizeUtf8
RtlEncodeUtf8
RtlReallocateLUtf8String
RtlCopyLUtf8StringToLUnicodeString
RtlXmlExtentToUtf8String
RtlCalculateUtf16StringLengthFromLUtf8String
?Next@CXmlCursor@@QEAAJXZ
RtlMurmurHashLBlob
RtlConvertNtFilePathToWin32FilePath
?FsnpDowncaseChar@@YAKK@Z
ORAdvanceSubkeyEnumerator
ORSaveHive
ORQueryValueEnumerator
ORQueryInfoKey
ORStartSubkeyEnumerator
ORCleanupValueEnumerator
ORAdvanceValueEnumerator
ORSetKeySecurity
ORCreateHive
OROpenKey
ORDeleteValue
ORInitializeSubkeyEnumerator
ORInitializeValueEnumerator
ORCloseKey
ORQuerySubkeyEnumerator
OROpenHive
ORGetValue
ORCloseHive
ORCreateKey
ORCleanupSubkeyEnumerator
ORStartValueEnumerator
ORGetKeySecurity
ORSetValue
ORDeleteKey
WcpSetHelperCallback
?LookupStringReplacement@MacroReplacement@@YAJKKAEBU_LUNICODE_STRING@@PEAUIRtlSystemIsolationLayer@Rtl@Windows@@PEAXPEAUIRtlDefinitionIdentity@4Identity@5@PEAV?$Auto@U_LUNICODE_STRING@@@5@PEAK@Z
?ChooseBitnessFromIdentityAndTarget@MacroReplacement@@YAJKPEAUIRtlDefinitionIdentity@Rtl@Identity@Windows@@PEAK@Z
RtlGetDirectSystem
?Initialize@CXmlCursor@@QEAAJPEAX_K@Z
?ReplaceVariablesInString@Rtl@Implementation@WCP@Windows@@YAJPEBU_LBLOB@@P6A?AU_RTL_UCSCHAR_DECODER_RETURN_VALUE@@PEBE1@ZPEAXP6AJ320PEAU_RTL_SMART_LBLOB_UCSCHAR_WRITING_CONTEXT@@@ZP6AJKPEAU_RTL_SMART_LBLOB_WRITING_CONTEXT@@@ZP6AJQEBK_K6@ZPEAU5@@Z
RtlInitUnicodeStringFromLUnicodeString
RtlNsDestroy

wimgapi

WIMCloseHandle
WIMUnmountImage
WIMExtractImagePath
WIMSetTemporaryPath
WIMApplyImage
WIMLoadImage
WIMGetMountedImageInfo
WIMCreateFile

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentThread
CreateThread

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GlobalMemoryStatusEx
GetSystemTime
GetWindowsDirectoryW
GetVersionExW
GetSystemInfo
GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-1-0

GetModuleFileNameW
GetProcAddress
LoadLibraryExA
FreeLibrary
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameA
LoadLibraryExW
GetModuleHandleExW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
RaiseException
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
EnterCriticalSection
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
SetEvent
InitializeCriticalSectionEx
CreateSemaphoreExW
DeleteCriticalSection
InitializeCriticalSection
AcquireSRWLockShared
ReleaseSemaphore
LeaveCriticalSection
ReleaseSRWLockExclusive
CreateEventW
ReleaseMutex
WaitForSingleObject
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoCreateGuid
CoGetMalloc
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

SetFileAttributesW
GetFileAttributesW
ReadFile
WriteFile
CreateFileW
CompareFileTime
FindFirstFileW
FindNextFileW
GetVolumeInformationByHandleW
FindFirstFileExW
FindClose
DeleteFileW
CreateDirectoryW
SetFileInformationByHandle
GetFileAttributesExW
RemoveDirectoryW
GetFinalPathNameByHandleW
GetFullPathNameW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetEnvironmentVariableW

api-ms-win-core-kernel32-legacy-l1-1-0

LoadLibraryW

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx
MoveFileExW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertSecurityDescriptorToStringSecurityDescriptorW

api-ms-win-security-provider-l1-1-0

GetSecurityInfo

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-kernel32-private-l1-1-1

PrivCopyFileExW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathMatchSpecW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

ntdll

RtlNtStatusToDosError
LdrLoadDll
LdrUnloadDll
LdrGetProcedureAddress
NtWaitForSingleObject
RtlReleaseRelativeName
NtSetEaFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
RtlInitUnicodeString
NtQueryOpenSubKeysEx
NtQueryInformationProcess
RtlDestroyEnvironment
RtlCreateEnvironment
RtlSetEnvironmentVariable
NtOpenKey
NtLoadKey2
RtlFreeHeap
RtlAllocateHeap
NtCreateFile
RtlRaiseStatus
NtClose
NtUnloadKey2
NtFlushKey
NtQueryPerformanceCounter

bcrypt

BCryptGetProperty
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptHashData
BCryptCreateHash
BCryptOpenAlgorithmProvider

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

Exports

Exports

ApplyContainerChanges
CreateImageManifest
GetIServicingCommitter
GetIServicingFileHashProvider
GetIServicingQuerier
GetIServicingStager
InstallPackagesToFolder

Sections

.text
Size: 571KB - Virtual size: 571KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UAOneSettings.dll
.dll windows:10 windows x64 arch:x64

4b29f477875fabaffb50a200ea9805b0

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

55:6d:07:38:c9:6c:26:a1:d7:e4:88:35:49:f3:9f:a0:13:dd:26:f9:5f:a4:4b:10:b4:1f:76:d5:95:24:1b:b3
Signer

Actual PE Digest

55:6d:07:38:c9:6c:26:a1:d7:e4:88:35:49:f3:9f:a0:13:dd:26:f9:5f:a4:4b:10:b4:1f:76:d5:95:24:1b:b3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

UAOneSettings.pdb

Imports

msvcrt

__dllonexit
_onexit
_XcptFilter
_CxxThrowException
_callnewh
_unlock
??1type_info@@UEAA@XZ
memset
memmove
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
memcpy
?terminate@@YAXXZ
__CxxFrameHandler3
__C_specific_handler
??0exception@@QEAA@AEBQEBDH@Z
_initterm
_lock
_wtof
wcscpy_s
malloc
free
wcschr
_purecall
_wcsicmp
wcsrchr
_wtoi
_vsnwprintf
_amsg_exit
_wcsnicmp
??0exception@@QEAA@AEBV0@@Z
wcscmp

ntdll

RtlFreeHeap
RtlAllocateHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlGetVersion
NtQueryLicenseValue

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCreateKeyExW
RegCloseKey
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegDeleteTreeW
RegOpenKeyExW
RegEnumKeyExW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
ReleaseMutex
CreateMutexW
DeleteCriticalSection
EnterCriticalSection

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameW
DisableThreadLibraryCalls
GetProcAddress
LoadLibraryExW
FreeLibrary

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-string-l2-1-0

CharNextW

oleaut32

SysFreeString
SysAllocString

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

ExitProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW

winhttp

WinHttpConnect
WinHttpSetCredentials
WinHttpSendRequest
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpOpen
WinHttpGetProxyForUrl
WinHttpReceiveResponse
WinHttpGetDefaultProxyConfiguration
WinHttpQueryAuthSchemes
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpQueryDataAvailable
WinHttpSetOption

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW
GetFileVersionInfoW

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory

api-ms-win-core-file-l1-1-0

GetFileAttributesW
GetFullPathNameW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l2-1-0

GlobalFree

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
RevertToSelf

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId

api-ms-win-security-credentials-l1-1-0

CredReadW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent

Exports

Exports

CreateOneSettingsHelper
CreateOneSettingsHelperEx
DllMain

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UpdateAgent.dll
.dll windows:10 windows x64 arch:x64

dbf667f40ea4bb9faec2141682d60fa2

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:24:7e:df:8c:a0:67:75:12:f1:61:f8:f5:8b:6d:76:aa:bc:18:2c:84:b3:31:b7:4e:31:ce:92:96:ae:93:e8
Signer

Actual PE Digest

4e:24:7e:df:8c:a0:67:75:12:f1:61:f8:f5:8b:6d:76:aa:bc:18:2c:84:b3:31:b7:4e:31:ce:92:96:ae:93:e8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

UpdateAgent.pdb

Imports

ntdll

NtAdjustPrivilegesToken
RtlReAllocateHeap
RtlUpcaseUnicodeChar
RtlDowncaseUnicodeChar
RtlSetSaclSecurityDescriptor
DbgPrintEx
RtlLengthSid
RtlCompareUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
RtlLengthSecurityDescriptor
NtSetInformationFile
RtlNtStatusToDosError
RtlGetGroupSecurityDescriptor
RtlAdjustPrivilege
NtQueryLicenseValue
NtSetInformationProcess
RtlCopySid
RtlSetEnvironmentVariable
RtlDuplicateUnicodeString
NtQueryPerformanceCounter
RtlValidAcl
RtlInitUnicodeString
NtSetInformationThread
NtQueryInformationThread
RtlValidSid
NtOpenProcessToken
RtlInitUnicodeStringEx
RtlSetOwnerSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlMakeSelfRelativeSD
NtOpenThreadToken
RtlSetGroupSecurityDescriptor
RtlCreateSecurityDescriptor
RtlFindAceByType
RtlGetDaclSecurityDescriptor
NtLoadKey2
NtFlushKey
NtShutdownSystem
NtUnloadKey2
RtlDeleteSecurityObject
NtDuplicateToken
NtDelayExecution
RtlDestroyEnvironment
RtlCreateEnvironmentEx
RtlExpandEnvironmentStrings_U
VerSetConditionMask
RtlSetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetVersion
RtlQueryInformationAcl
RtlGetOwnerSecurityDescriptor
RtlCreateUnicodeStringFromAsciiz
NtQueryValueKey
DbgPrint
NtCreateFile
RtlFreeHeap
NtQueryVolumeInformationFile
NtYieldExecution
NtQueryKey
NtDeleteKey
RtlSetCurrentTransaction
NtEnumerateKey
RtlGetLengthWithoutLastFullDosOrNtPathElement
NtEnumerateValueKey
NtOpenKeyEx
RtlGetAce
RtlpApplyLengthFunction
RtlAddAccessAllowedAceEx
NtReadFile
NtCreateKeyTransacted
RtlNewSecurityObjectEx
NtDeleteFile
RtlCaptureStackBackTrace
NtSetSecurityObject
RtlGetCurrentTransaction
NtDeleteValueKey
RtlAddAce
NtQueryAttributesFile
NtFlushBuffersFile
NtDuplicateObject
NtFsControlFile
NtQueryInformationFile
RtlCreateAcl
NtCreateKey
NtOpenKeyTransactedEx
NtQueryDirectoryFile
NtQuerySecurityObject
NtSetValueKey
NtOpenFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtSetEaFile
RtlReleaseRelativeName
NtQueryEaFile
NtWaitForSingleObject
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
RtlEqualUnicodeString
RtlCreateEnvironment
NtQuerySystemTime
RtlSetControlSecurityDescriptor
RtlAnsiCharToUnicodeChar
RtlUnicodeToMultiByteN
RtlIsTextUnicode
RtlUnicodeToMultiByteSize
RtlConvertSidToUnicodeString
RtlRunOnceComplete
RtlRunOnceBeginInitialize
RtlFindNextForwardRunClear
RtlNumberOfSetBits
RtlInitializeSRWLock
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlExpandEnvironmentStrings
NtQueryInformationToken
NtClose
RtlQueryEnvironmentVariable_U
LdrLoadDll
RtlDosPathNameToNtPathName_U
LdrUnloadDll
LdrGetDllHandle
NtOpenKey
NtWriteFile
LdrGetProcedureAddress
NtQueryObject
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlTimeToTimeFields
RtlDeleteCriticalSection
RtlNtStatusToDosErrorNoTeb
RtlRaiseStatus
RtlCreateHeap
RtlAllocateHeap
RtlDestroyHeap
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlAllocateAndInitializeSid

advapi32

CreatePrivateObjectSecurityWithMultipleInheritance
MakeSelfRelativeSD
DestroyPrivateObjectSecurity
IsValidSecurityDescriptor
GetSecurityDescriptorLength
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
ConvertStringSidToSidW
CheckTokenMembership
AddAccessAllowedAceEx
IsValidAcl
GetTokenInformation
AdjustTokenPrivileges
IsValidSid
InitiateSystemShutdownExW
RegQueryValueExW
RegDeleteKeyW
OpenThreadToken
AddAccessAllowedAce
RegEnumValueW
RegEnumKeyExW
EqualSid
GetLengthSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteValueW
EventProviderEnabled
EventUnregister
RegOpenKeyExW
InitializeAcl
InitializeSecurityDescriptor
FreeSid
OpenProcessToken
SetSecurityInfo
RegSetValueExW
GetSecurityDescriptorControl
EventWriteString
RegSetKeySecurity
EnableTraceEx2
ControlTraceW
SetSecurityDescriptorDacl
RegCloseKey
EventWriteTransfer
CopySid
EventRegister
AllocateAndInitializeSid
RegCreateKeyExW

kernel32

GetModuleHandleW
FreeLibrary
CopyFileW
WideCharToMultiByte
GetLastError
GetTickCount64
DebugBreak
GetSystemWindowsDirectoryW
GetProcessHeap
MoveFileW
LoadLibraryExW
IsDebuggerPresent
SetUnhandledExceptionFilter
GetExitCodeProcess
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LCMapStringW
GetLocaleInfoW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
ExitProcess
HeapSize
HeapReAlloc
RaiseException
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
VirtualQuery
GetModuleFileNameW
InterlockedFlushSList
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
EncodePointer
CompareStringOrdinal
LocalAlloc
GetCurrentProcessId
DeleteCriticalSection
FormatMessageW
AcquireSRWLockShared
LocalFree
CreateMutexExW
CreateProcessW
GetProcAddress
ReleaseSRWLockExclusive
HeapAlloc
OutputDebugStringW
ResetEvent
VerifyVersionInfoW
Sleep
MultiByteToWideChar
CreateEventW
CreateThreadpoolTimer
GetVolumeNameForVolumeMountPointW
GlobalMemoryStatusEx
OpenProcess
RaiseFailFastException
GetSystemDirectoryW
ReleaseMutex
GetVersionExW
GetSystemInfo
GetVolumePathNamesForVolumeNameW
GetCurrentThreadId
GetFileAttributesW
CreateFileW
WaitForSingleObject
FindClose
ReleaseSRWLockShared
lstrcmpW
GetErrorMode
WriteConsoleW
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
SetStdHandle
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindFirstFileExW
LoadLibraryExA
VirtualProtect
SetFilePointerEx
GetPriorityClass
GetTimeZoneInformation
GetExitCodeThread
WaitForThreadpoolTimerCallbacks
WaitForMultipleObjects
SetPriorityClass
GlobalUnlock
GlobalMemoryStatus
GetFileType
CreateProcessA
GlobalLock
HeapDestroy
HeapCompact
GetOverlappedResult
GetVersionExA
GlobalSize
GetPrivateProfileStringW
GetLogicalDriveStringsW
HeapValidate
DuplicateHandle
HeapWalk
GetComputerNameExW
SetEndOfFile
SetErrorMode
SetFileTime
VirtualAlloc
GetShortPathNameW
VirtualFree
HeapCreate
GetLogicalDrives
GetVolumeInformationW
InitializeCriticalSectionEx
CreateMutexW
GetEnvironmentVariableW
SetThreadpoolTimer
LeaveCriticalSection
OpenEventW
InitializeCriticalSectionAndSpinCount
GetProcessId
GetCommandLineW
CopyFileExW
GetFileInformationByHandle
GetDiskFreeSpaceW
RemoveDirectoryW
WaitForMultipleObjectsEx
CloseHandle
OpenSemaphoreW
CreateFileMappingA
ExpandEnvironmentStringsW
DeleteFileA
CreateFileA
GetVersion
CreateMutexA
SetFileAttributesW
OutputDebugStringA
SystemTimeToTzSpecificLocalTime
GetSystemTime
GetModuleHandleExW
LoadLibraryW
GetWindowsDirectoryW
MoveFileExW
FileTimeToSystemTime
GetFullPathNameW
ReleaseSemaphore
GetCurrentProcess
FindNextFileW
DeleteFileW
EnterCriticalSection
SetLastError
GetTickCount
GetFileInformationByHandleEx
HeapFree
CreateSemaphoreExW
DeviceIoControl
CompareStringW
GetDriveTypeW
SetThreadPriority
SetFilePointer
SetFileInformationByHandle
GetThreadPriority
GlobalAlloc
GlobalFree
FlushFileBuffers
GetFileSizeEx
FindFirstFileW
GetModuleFileNameA
ReadFile
CreateDirectoryW
WaitForSingleObjectEx
AcquireSRWLockExclusive
GetCurrentThread
GetDiskFreeSpaceExW
CloseThreadpoolTimer
TryEnterCriticalSection
InitializeSRWLock
InitOnceExecuteOnce
GetCurrentDirectoryW
GetFinalPathNameByHandleW
GetLongPathNameW
SetEvent
MapViewOfFile
CreateFileMappingW
LCIDToLocaleName
WriteFile
ResolveLocaleName
CreateThread
InitializeCriticalSection
GetTempPathW
UnmapViewOfFile
GetLocalTime
GetFileSize
GetTempFileNameW

ole32

CoGetMalloc
CoTaskMemAlloc
StringFromGUID2
CoCreateGuid
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoSetProxyBlanket
CoInitializeEx

user32

CharNextW
UnregisterClassA

oleaut32

SysAllocString
SysFreeString
SystemTimeToVariantTime
VariantTimeToSystemTime

crypt32

CryptHashCertificate2
CertVerifyCertificateChainPolicy

wintrust

WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust

rpcrt4

UuidCreate
RpcStringFreeW
UuidFromStringW
I_RpcMapWin32Status
UuidToStringW

shlwapi

PathMatchSpecW

wer

WerReportCloseHandle
WerReportAddFile
WerReportSetParameter
WerReportSetUIOption
WerReportSubmit
WerReportCreate

version

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

cfgmgr32

CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_PropertyW

Exports

Exports

CreateDeploymentSession
CreateDeploymentSessionEx
CreateOfflineDeploymentSession
UA_CommitActionList
UA_CreateActionList
UA_CreateDownloadList
UA_CreateDownloadListFromActionList
UA_CreatePackageListFromDownloadList
UA_InstallActionList
UA_ReleaseDownloadList

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 628KB - Virtual size: 627KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinREAgent.dll
.dll windows:10 windows x64 arch:x64

31a2a8d234caefbfc3cd9ba177b24871

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9d:b0:1f:d9:14:3e:31:6e:ea:5c:d1:ef:4f:66:ff:a3:3b:d1:92:9a:c1:db:47:cd:69:a8:f1:f5:ac:ec:00:c0
Signer

Actual PE Digest

9d:b0:1f:d9:14:3e:31:6e:ea:5c:d1:ef:4f:66:ff:a3:3b:d1:92:9a:c1:db:47:cd:69:a8:f1:f5:ac:ec:00:c0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WinREAgent.pdb

Imports

msvcrt

__RTDynamicCast
memcmp
memcpy
??0exception@@QEAA@AEBV0@@Z
memcpy_s
_vsnprintf_s
??0exception@@QEAA@XZ
memmove_s
_wcsicmp
free
_vscwprintf
calloc
_purecall
__C_specific_handler
wcscpy_s
malloc
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_callnewh
_CxxThrowException
_XcptFilter
_amsg_exit
__CxxFrameHandler3
_initterm
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
_onexit
_errno
memset
_wtol
_wtoi64
_wtoi
sprintf_s
strchr
_set_errno
strtol
strncpy_s
wcschr
??1exception@@UEAA@XZ
_vsnwprintf
_wcsnicmp
wcsrchr
vswprintf_s
wcscmp

advapi32

RegLoadKeyW
RegGetValueW
RegDeleteKeyW
RegGetKeySecurity
SetFileSecurityW
GetFileSecurityW
ConvertSecurityDescriptorToStringSecurityDescriptorW
SetSecurityDescriptorControl
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetAce
AddAccessAllowedAce
InitializeAcl
CopySid
GetLengthSid
GetTokenInformation
OpenThreadToken
EventSetInformation
RegDeleteKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegSetKeySecurity
RegDeleteTreeW
RegSetValueExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
AdjustTokenPrivileges
EventWriteTransfer
EventRegister
EventUnregister
AllocateAndInitializeSid
OpenProcessToken

kernel32

HeapSize
HeapReAlloc
HeapDestroy
InitializeCriticalSection
RaiseException
CompareStringW
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
WideCharToMultiByte
GetSystemWindowsDirectoryW
FindResourceExW
LoadResource
LockResource
SizeofResource
TlsSetValue
TlsGetValue
TlsAlloc
GetPrivateProfileSectionNamesW
CopyFile2
GetCurrentThread
CreateSemaphoreExW
GetVolumePathNamesForVolumeNameW
MoveFileTransactedW
CreateEventW
LeaveCriticalSection
LocalFree
SetEvent
SetEnvironmentVariableW
GetPrivateProfileSectionW
CreateMutexExW
WritePrivateProfileStringW
FlushFileBuffers
SetFileInformationByHandle
GetFileInformationByHandle
GetCurrentProcessId
FreeLibrary
GetDiskFreeSpaceExW
GetFileInformationByHandleEx
DeleteFileW
SetFileAttributesW
DeviceIoControl
GetSystemDirectoryW
GetCurrentDirectoryW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetFinalPathNameByHandleW
GetLastError
GetProcAddress
GetModuleHandleW
DebugBreak
GetModuleFileNameA
GetModuleHandleExW
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
FormatMessageW
GetVersionExW
GetLongPathNameW
GetFullPathNameW
CreateDirectoryW
CreateThreadpoolTimer
OpenSemaphoreW
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
MultiByteToWideChar
WaitForSingleObjectEx
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
ReleaseMutex
ReleaseSemaphore
CloseHandle
SetLastError
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
OutputDebugStringW
IsDebuggerPresent

user32

UnregisterClassA

reagent

WinReInstallOnTargetOS
WinReGetConfig
WinReHashWimFile
WinReSetupBackupWinRE

oleaut32

SysAllocString
SysFreeString

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW

api-ms-win-core-file-l1-1-0

CreateFileW
FindNextFileW
GetFileAttributesW
FindClose
QueryDosDeviceW
FindFirstFileW

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegUnLoadKeyW
RegCloseKey
RegEnumValueW

crypt32

CertVerifyCertificateChainPolicy

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

dismapi

DismOpenSession
DismShutdown
DismInitialize
DismUnmountImage
DismMountImage
DismGetImageInfo
DismDelete
DismAddPackage
DismCloseSession
_DismCleanImage

wdscore

WdsInitialize
WdsTerminate
WdsSetupLogMessageW
ConstructPartialMsgVW
CurrentIP

wimgapi

WIMRegisterMessageCallback
WIMCloseHandle
WIMUnmountImage
WIMRegisterLogFile
WIMExportImage
WIMLoadImage
WIMSetTemporaryPath
WIMGetAttributes
WIMCreateFile
WIMUnregisterMessageCallback
WIMUnregisterLogFile

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemFree

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

rpcrt4

UuidCreate

ktmw32

CreateTransaction
CommitTransaction

ntdll

RtlSetThreadErrorMode
NtSetInformationFile
RtlFreeHeap
RtlAllocateHeap
RtlNtStatusToDosError

bcrypt

BCryptCloseAlgorithmProvider

Exports

Exports

BackupWinRE
CreateWinREServicingManager
GetWinREAgentVersion
GetWinREPartitionFreeSpace
GetWinREVersion
LoadWinREServicingManager
RestoreWinRE
SaveWinREServicingManager

Sections

.text
Size: 313KB - Virtual size: 313KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dpx.dll
.dll windows:10 windows x64 arch:x64

5d1f71f36e7d3779a6599514bdcf59c2

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:f5:1c:e7:b0:ed:7f:ea:1a:22:9d:bb:96:39:35:78:15:6e:76:09:a1:2c:09:d3:6b:79:8a:c6:65:61:b1:e0
Signer

Actual PE Digest

0c:f5:1c:e7:b0:ed:7f:ea:1a:22:9d:bb:96:39:35:78:15:6e:76:09:a1:2c:09:d3:6b:79:8a:c6:65:61:b1:e0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dpx.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__wcsicmp
memmove
_o__wsplitpath_s
_o_free
_o_malloc
_o_memcpy_s
_o_strncpy_s
_o_strtol
_o_terminate
_o_toupper
_o_wcscpy_s
_o_wmemcpy_s
__CxxFrameHandler3
wcsstr
__C_specific_handler
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
strrchr
strchr
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o__execute_onexit_table
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o__errno
_o___std_exception_copy
_o___acrt_iob_func
_CxxThrowException
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcsncmp
strncmp
memmove_s

ntdll

NtClose
RtlVirtualUnwind
RtlComputeCrc32
RtlLookupFunctionEntry
RtlCaptureContext
RtlDeleteCriticalSection
DbgPrintEx
RtlRaiseStatus
RtlNtStatusToDosError
VerSetConditionMask
RtlInitializeCriticalSection

api-ms-win-core-libraryloader-l1-1-0

GetProcAddress
LoadLibraryExA
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegOpenCurrentUser
RegQueryInfoKeyW
RegSetValueExW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-synch-l1-1-0

CreateEventW
WaitForSingleObjectEx
CreateSemaphoreExW
ResetEvent
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
ReleaseSemaphore
EnterCriticalSection
WaitForSingleObject
ReleaseMutex
SetEvent
OpenSemaphoreW
DeleteCriticalSection
CreateMutexExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc
VirtualQuery
VirtualProtect

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
ExpandEnvironmentStringsW

api-ms-win-core-file-l1-1-0

CreateDirectoryW
GetDiskFreeSpaceExW
FindFirstFileExW
SetFileAttributesW
RemoveDirectoryW
GetFinalPathNameByHandleW
GetFileSize
SetFilePointer
FindClose
FindNextFileW
GetFullPathNameW
FindFirstFileW
ReadFile
GetFileSizeEx
SetFilePointerEx
LocalFileTimeToFileTime
WriteFile
GetFileAttributesW
SetFileTime
SetEndOfFile
DeleteFileW
CreateFileW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetWindowsDirectoryW
GetTickCount
GetSystemInfo

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

api-ms-win-security-cryptoapi-l1-1-0

CryptDestroyKey
CryptGetKeyParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptDecrypt
CryptSetKeyParam
CryptImportKey
CryptGetHashParam
CryptReleaseContext

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-core-file-l2-1-0

MoveFileExW
CreateHardLinkW

api-ms-win-core-kernel32-legacy-l1-1-0

LoadLibraryW
DosDateTimeToFileTime

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegEnumKeyW
RegCreateKeyW
RegDeleteKeyW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetProcessId
GetCurrentThreadId

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-shlwapi-legacy-l1-1-0

PathMatchSpecW

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoCreateGuid

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-localization-l1-2-0

FormatMessageW
LCMapStringW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

rpcrt4

UuidCreate

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister
EventProviderEnabled

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-eventing-controller-l1-1-0

ControlTraceW

api-ms-win-eventing-classicprovider-l1-1-0

TraceEvent
UnregisterTraceGuids
GetTraceEnableFlags
GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableLevel

Exports

Exports

DpxCheckJobExists
DpxCheckJobExistsEx
DpxDeleteJob
DpxDeleteJobEx
DpxFreeMemory
DpxNewJob
DpxNewJobEx
DpxRestoreJob
DpxRestoreJobEx
DpxRestoreOrNewJob
DpxRestoreOrNewJobEx

Sections

.text
Size: 518KB - Virtual size: 517KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wcp.dll
.dll windows:10 windows x64 arch:x64

a56de06c3c1281f3f1fd561c2ab69204

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ea:7a:b8:91:e6:60:4e:78:da:6e:3c:f8:ec:ba:1e:27:de:39:38:f8:0d:3c:18:82:bb:3a:46:1d:64:26:a5:e6
Signer

Actual PE Digest

ea:7a:b8:91:e6:60:4e:78:da:6e:3c:f8:ec:ba:1e:27:de:39:38:f8:0d:3c:18:82:bb:3a:46:1d:64:26:a5:e6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wcp.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
strncmp
wcsnlen
memmove_s

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__i64tow_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__ltow_s
_o__register_onexit_function
_o__seh_filter_dll
_o__ui64tow_s
_o__ultow
_o__ultow_s
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
_o__wcstoi64
_o__wcstoui64
_o__wcsupr
_o__wtol
memmove
_o_bsearch
_o_fflush
_o_free
_o_iswctype
_o_malloc
_o_memcpy_s
_o_qsort
_o_strcpy_s
_o_terminate
_o_tolower
_o_toupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstoul
strrchr
wcsstr
wcsrchr
__CxxFrameHandler3
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsscanf
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
strstr
wcschr
_o___stdio_common_vfwprintf
_o___std_type_info_destroy_list
_o___acrt_iob_func
strchr
__C_specific_handler
memcmp
memcpy

rpcrt4

RpcStringFreeW
UuidFromStringW
UuidToStringW

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegFlushKey
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegGetValueW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-libraryloader-l1-1-0

FreeLibrary
GetModuleHandleExW
LoadResource
FindResourceExW
LockResource
GetModuleFileNameW
GetModuleFileNameA
GetProcAddress
LoadLibraryExW
GetModuleHandleW
SizeofResource

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlCompareMemory
RtlRaiseException
RtlPcToFileHeader
RtlCaptureStackBackTrace

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
TlsAlloc
CreateThread
GetExitCodeProcess
CreateProcessW
TlsGetValue
TlsSetValue
TlsFree
GetCurrentProcess
OpenProcessToken
GetCurrentThread
OpenThreadToken

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
WaitForSingleObjectEx
ResetEvent
SetEvent
ReleaseMutex
WaitForMultipleObjectsEx
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
CreateEventW
DeleteCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockShared
WaitForSingleObject
ReleaseSRWLockShared
OpenSemaphoreW
CreateMutexExW
LeaveCriticalSection
CreateSemaphoreExW
ReleaseSemaphore

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW
GetTickCount64
GetSystemInfo
GlobalMemoryStatusEx

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventRegister
EventWriteTransfer

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask
GetNativeSystemInfo
GetProductInfo

api-ms-win-eventing-legacy-l1-1-0

FlushTraceW

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree
LocalReAlloc

api-ms-win-security-base-l1-1-0

GetSidSubAuthority
GetSidLengthRequired
GetAce
CreateWellKnownSid
CreatePrivateObjectSecurityWithMultipleInheritance
InitializeSid
IsValidSid
InitializeAcl
SetPrivateObjectSecurityEx
GetLengthSid
GetTokenInformation
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
DestroyPrivateObjectSecurity
GetSecurityDescriptorLength
SetSecurityDescriptorGroup
MakeSelfRelativeSD
InitializeSecurityDescriptor
GetSecurityDescriptorControl

api-ms-win-core-kernel32-legacy-l1-1-0

LoadLibraryA
LoadLibraryW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW

api-ms-win-core-file-l1-1-0

SetFileAttributesW
GetFinalPathNameByHandleW
ReadFile
GetFileAttributesW
CreateFileW
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
WriteFile
DeleteFileW
SetEndOfFile

api-ms-win-core-namedpipe-l1-1-0

CreatePipe

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-service-management-l1-1-0

OpenSCManagerW
DeleteService
CloseServiceHandle
StartServiceW
OpenServiceW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus
ControlService

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-security-cryptoapi-l1-1-0

CryptGetHashParam
CryptDestroyKey
CryptAcquireContextW
CryptExportKey
CryptReleaseContext
CryptHashData
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpA

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-libraryloader-l1-1-1

EnumResourceLanguagesExW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-security-lsapolicy-l1-1-0

LsaClose
LsaFreeMemory
LsaQueryInformationPolicy
LsaOpenPolicy

ntdll

RtlUnicodeToMultiByteN
RtlIsTextUnicode
RtlUnicodeToMultiByteSize
RtlConvertSidToUnicodeString
NtAllocateLocallyUniqueId
NtQueryInformationToken
RtlLengthRequiredSid
RtlFreeSid
RtlTimeToTimeFields
RtlDosPathNameToNtPathName_U
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
RtlFormatCurrentUserKeyPath
RtlDowncaseUnicodeChar
RtlUpcaseUnicodeChar
DbgPrintEx
RtlReAllocateHeap
RtlMapGenericMask
RtlGetSaclSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlAllocateAndInitializeSid
RtlAddAccessAllowedAce
RtlGetGroupSecurityDescriptor
RtlEqualSid
NtQueryLicenseValue
RtlValidAcl
NtAdjustPrivilegesToken
RtlSetSaclSecurityDescriptor
RtlValidSid
NtDuplicateToken
NtSetInformationThread
RtlSetGroupSecurityDescriptor
RtlFindAceByType
NtQuerySystemInformation
RtlCreateEnvironmentEx
RtlExpandEnvironmentStrings_U
RtlNtStatusToDosError
RtlAbsoluteToSelfRelativeSD
RtlRunOnceComplete
RtlRunOnceBeginInitialize
RtlFindNextForwardRunClear
RtlNumberOfSetBits
RtlInitializeSRWLock
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlGetControlSecurityDescriptor
RtlAnsiCharToUnicodeChar
NtSetIoCompletion
NtWaitForMultipleObjects
NtCreateIoCompletion
NtCreateEvent
TpSimpleTryPost
NtRemoveIoCompletion
NtSetEvent
RtlFreeUnicodeString
RtlInitializeSid
RtlAddAuditAccessObjectAce
RtlAddAuditAccessAceEx
RtlAddAccessDeniedAceEx
NtOpenFile
RtlAddAccessDeniedObjectAce
RtlFirstFreeAce
RtlTimeToSecondsSince1980
RtlEqualUnicodeString
NtQueryInformationFile
RtlAppendUnicodeStringToString
RtlDuplicateUnicodeString
RtlCopyUnicodeString
NtQueryEaFile
RtlReleaseRelativeName
RtlSetControlSecurityDescriptor
RtlCreateUnicodeStringFromAsciiz
DbgPrint
RtlRaiseStatus
RtlLeaveCriticalSection
RtlFreeHeap
RtlInitializeCriticalSection
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlEnterCriticalSection
LdrDisableThreadCalloutsForDll
NtQueryInformationProcess
RtlAllocateHeap
RtlDeleteCriticalSection
NtSetEaFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
RtlDeleteSecurityObject
NtQueryValueKey
RtlGetDaclSecurityDescriptor
NtSetValueKey
NtQuerySecurityObject
NtQueryDirectoryFile
NtQueryObject
NtQueryVolumeInformationFile
NtOpenKeyTransactedEx
NtCreateKey
RtlCreateAcl
NtOpenThreadToken
RtlComputeCrc32
NtQueryInformationThread
NtFsControlFile
NtDuplicateObject
NtFlushBuffersFile
RtlInitUnicodeStringEx
NtQueryAttributesFile
RtlAddAce
RtlMakeSelfRelativeSD
NtWaitForSingleObject
NtDeleteValueKey
RtlGetCurrentTransaction
NtSetSecurityObject
NtDeleteFile
RtlNewSecurityObjectEx
NtCreateKeyTransacted
RtlAddAccessAllowedAceEx
NtSetInformationFile
RtlQueryInformationAcl
RtlpApplyLengthFunction
RtlGetAce
NtOpenKeyEx
NtEnumerateValueKey
NtWriteFile
RtlGetLengthWithoutLastFullDosOrNtPathElement
NtEnumerateKey
RtlSetCurrentTransaction
RtlSetOwnerSecurityDescriptor
NtOpenProcessToken
NtDeleteKey
NtQueryKey
NtReadFile
RtlNtStatusToDosErrorNoTeb
RtlLengthSecurityDescriptor
RtlCreateEnvironment
RtlDestroyEnvironment
RtlSetEnvironmentVariable
NtDelayExecution
LdrUnloadDll
LdrLoadDll
RtlInitUnicodeString
RtlLengthSid
RtlAppendUnicodeToString
RtlCompareUnicodeString
RtlCreateServiceSid
RtlSubAuthoritySid
RtlSubAuthorityCountSid
RtlCopySid
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAnsiStringToUnicodeString
RtlInitAnsiString
NtLoadKey2
NtOpenKey
NtFlushKey
NtUnloadKey2
NtCreateFile
LdrGetProcedureAddress
RtlQueryEnvironmentVariable_U
NtClose
NtQuerySystemTime
LdrGetDllHandle
NtYieldExecution
RtlHashUnicodeString
NtOpenProcess
NtDeviceIoControlFile
ZwQuerySystemInformation
RtlGUIDFromString
RtlStringFromGUID
ZwQueryAttributesFile
ZwWaitForSingleObject
ZwQueryKey
ZwReleaseMutant
ZwOpenFile
ZwOpenMutant
ZwClose
ZwCreateKey
ZwLoadKey
ZwDeleteValueKey
ZwDeleteKey
ZwEnumerateKey
ZwQueryValueKey
ZwSetSecurityObject
ZwUnloadKey
ZwSetValueKey
ZwOpenKey
ZwAllocateUuids
ZwQuerySymbolicLinkObject
ZwDeviceIoControlFile
ZwQueryDirectoryObject
ZwOpenSymbolicLinkObject
ZwOpenDirectoryObject
ZwQueryInformationProcess
ZwQueryInformationFile
ZwOpenProcess
NtOpenProcessTokenEx
NtOpenThreadTokenEx
RtlImpersonateSelf
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
NtQueryBootEntryOrder
NtQueryBootOptions
NtTranslateFilePath
NtOpenDirectoryObject
NtQueryDirectoryObject
NtEnumerateBootEntries
RtlAddAccessAllowedObjectAce
NtQueryPerformanceCounter

bcrypt

BCryptFinishHash
BCryptDestroyHash
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptGetProperty

crypt32

CertAddStoreToCollection
CertFreeCTLContext
CertAddEncodedCertificateToStore
CryptMsgClose
CertGetEnhancedKeyUsage
CryptMsgUpdate
CertGetCertificateChain
CertFreeCertificateContext
CryptMsgGetAndVerifySigner
CertFindSubjectInCTL
CryptMsgOpenToDecode
CertCloseStore
CryptMsgGetParam
CertCreateCTLContext
CryptHashCertificate2
CertFreeCertificateChain
CryptImportPublicKeyInfoEx
CertOpenStore
CertVerifyCertificateChainPolicy
CertGetSubjectCertificateFromStore
CryptDecodeObject

Exports

Exports

??$ReplaceVariablesInStringCallthrough@U_LUNICODE_STRING@@@Rtl@Implementation@WCP@Windows@@YAJPEAXP6A?AU_RTL_UCSCHAR_DECODER_RETURN_VALUE@@PEBE1@ZPEBU_LBLOB@@PEAU_RTL_SMART_LBLOB_UCSCHAR_WRITING_CONTEXT@@@Z
??0AIAsimovProvider@COM@Windows@@QEAA@XZ
??0CBackupFileCreator@PrimitiveInstaller@@QEAA@XZ
??0CBaseInstaller@PrimitiveInstaller@@IEAA@XZ
??0CCoordinator@PrimitiveInstaller@@QEAA@XZ
??0CFileInstaller@@QEAA@XZ
??0CGacPrimitiveInstaller@@QEAA@XZ
??0CMigInfoInstaller@@QEAA@XZ
??0CQueueExecutor@COM@Windows@@QEAA@XZ
??0CRawInstallMap@InstallMap@@QEAA@XZ
??0CRawStoreLayout@ComponentStore@@QEAA@XZ
??0CRegistryInstaller@@QEAA@XZ
??0CSecurityDescriptorFactory@Rtl@Implementation@WCP@Windows@@QEAA@XZ
??0CXmlCursor@@QEAA@XZ
??1AIAsimovProvider@COM@Windows@@QEAA@XZ
??1AutoLZMSDecoder@Rtl@WCP@Windows@@QEAA@XZ
??1AutoLZMSEncoder@Rtl@WCP@Windows@@QEAA@XZ
??1CBackupFileCreator@PrimitiveInstaller@@QEAA@XZ
??1CComponentInformation@COM@Windows@@QEAA@XZ
??1CCoordinator@PrimitiveInstaller@@QEAA@XZ
??1CGacPrimitiveInstaller@@QEAA@XZ
??1CMigInfoInstaller@@QEAA@XZ
??1CQueueExecutor@COM@Windows@@QEAA@XZ
??1CRawInstallMap@InstallMap@@QEAA@XZ
??1CRawStoreLayout@ComponentStore@@QEAA@XZ
??1CRegistryInstaller@@QEAA@XZ
??1CSecurityDescriptorFactory@Rtl@Implementation@WCP@Windows@@QEAA@XZ
??1CSettingsInstaller@@QEAA@XZ
??1CShortcutInstaller@@QEAA@XZ
??1CSysprepInstaller@@QEAA@XZ
??1PrivilegeAcquisition@RtlSystemUtil@@QEAA@XZ
?Acquire@PrivilegeAcquisition@RtlSystemUtil@@QEAAJAEBU?$Vector@$$CBJ@Windows@@@Z
?AcquireInstallerComponentPath@LocalInstallerServices@COM@WCP@Windows@@UEAAJKPEAUIDefinitionIdentity@@PEAPEA_WPEAK@Z
?AddCatalogMarkFromTlc@CRawStoreLayout@ComponentStore@@QEAAJAEBU_LUNICODE_STRING@@PEAUTlcData@2@@Z
?AddChange@ExecutionQueueDeriver@AiQueue@@QEAAJPEBVWcpManifest@@0@Z
?AddComponentImplication@CRawStoreLayout@ComponentStore@@QEAAJAEBUComponentData@2@PEAUTlcData@2@@Z
?AddInspect@ExecutionQueueDeriver@AiQueue@@QEAAJAEBVWcpManifest@@@Z
?AddInstallMarkToFamily@CRawInstallMap@InstallMap@@QEAAJPEAUMapForFamily@2@AEBT_FOUR_PART_VERSION@@@Z
?AddInstallerFailureAnnotation@LocalInstallerServices@COM@WCP@Windows@@UEAAJKPEA_W@Z
?AddRef@LocalInstallerServices@COM@WCP@Windows@@UEAAKXZ
?AddRef@LocalTransformerServices@COM@WCP@Windows@@UEAAKXZ
?AddTlcMark@CRawStoreLayout@ComponentStore@@QEAAJKAEBUTlcInstaller@2@PEAUTlcData@2@@Z
?Canonicalize@CBaseCanonicalizer@@QEAAJPEAUIRtlMicrodom@Rtl@Microdom@Windows@@AEBU?$Vector@UNode@Rtl@Microdom@Windows@@@5@PEAUIRtlWOFOStream@35@@Z
?Canonicalize@CC14NCanonicalizer@@MEAAJUElement@Rtl@Microdom@Windows@@@Z
?Canonicalize@CC14NCanonicalizer@@MEAAJUProcessingInstruction@Rtl@Microdom@Windows@@@Z
?Canonicalize@CC14NCanonicalizer@@MEAAJUText@Rtl@Microdom@Windows@@@Z
?CheckComponentFileFlag@CRawStoreLayout@ComponentStore@@QEAAJKPEAUIRtlDefinitionIdentity@Rtl@Identity@Windows@@U_LUNICODE_STRING@@PEA_N@Z
?CheckComponentFlag@CRawStoreLayout@ComponentStore@@QEAAJKPEAUIRtlDefinitionIdentity@Rtl@Identity@Windows@@PEA_N@Z
?ChooseBitnessFromIdentityAndTarget@MacroReplacement@@YAJKPEAUIRtlDefinitionIdentity@Rtl@Identity@Windows@@PEAK@Z
?CleanupInstallMap@CRawInstallMap@InstallMap@@QEAAJXZ
?Close@?$Auto@U_ACL@@@Windows@@QEAAXXZ
?Close@?$Auto@U_SECURITY_DESCRIPTOR@@@Windows@@QEAAXXZ
?Close@?$Auto@U_SID@@@Windows@@QEAAXXZ
?Close@AutoDeltaBlob@Rtl@Windows@@QEAAXXZ
?Close@CApplicationAccessor@@QEAAXXZ
?Close@CCatalog@@QEAAJXZ
?CmsGetFileHashInformation@WcpManifest@@SAJAEBUFile@WcpManifestParser@@PEAUHashInfo@Rtl@ManifestParser@Windows@@@Z
?CoTaskMemAlloc@COM@Windows@@YAPEAX_K@Z
?CoTaskMemFree@COM@Windows@@YAXPEBX@Z
?CompareIdentityAttributeValue@Rtl@Identity@Windows@@YAJPEBU_LUNICODE_STRING@@0PEAH@Z
?CompareSecurityDescriptorFromObjectAgainstManifest@Rtl@Implementation@WCP@Windows@@YAJKPEBU_SECURITY_DESCRIPTOR@@0PEA_N@Z
?CompressManifest@Rtl@Implementation@WCP@Windows@@YAJK_NPEBU_LBLOB@@PEAUIRtlFile@14@@Z
?ConvertIn@COM@Windows@@YAJPEAUIDefinitionIdentity@@PEAPEAUIRtlDefinitionIdentity@Rtl@Identity@2@@Z
?ConvertSecurityDescriptorToString@CSecurityDescriptorFactory@Rtl@Implementation@WCP@Windows@@QEBAJKPEAXKPEAV?$Auto@U_LUNICODE_STRING@@@5@PEAK@Z
?ConvertStringSecurityDescriptor@CSecurityDescriptorFactory@Rtl@Implementation@WCP@Windows@@QEBAJKAEBU_LUNICODE_STRING@@PEAV?$Auto@U_SECURITY_DESCRIPTOR@@@5@PEAK@Z
?CopyOutPath@COM@Windows@@YAJPEBU_LUNICODE_STRING@@PEAPEA_W@Z
?Create@CCatalog@@QEAAJKKPEBU_LBLOB@@PEAK@Z
?DecomposeSecurityDescriptor@Rtl@Implementation@WCP@Windows@@YAJPEBU_SECURITY_DESCRIPTOR@@PEAKPEAV?$Auto@U_SID@@@4@2PEAV?$Auto@U_ACL@@@4@3PEAG@Z
?DecompressManifest@Rtl@Implementation@WCP@Windows@@YAJKPEAV?$Auto@U_LBLOB@@@4@PEAK@Z
?DeletePendingFiles@CRawStoreLayout@ComponentStore@@QEAAJXZ
?DeltaCompressFile@Rtl@Windows@@YAJKKPEAU_LBLOB@@PEBU3@0PEAUIRtlFile@12@@Z
?DeltaCompressFile@Rtl@Windows@@YAJKPEAUIRtlFile@12@PEBU_LBLOB@@00@Z
?DeltaDecompressBuffer@Rtl@Windows@@YAJKPEAU_LBLOB@@_K0PEAVAutoDeltaBlob@12@2@Z
?DeltaDecompressBuffer@Rtl@Windows@@YAJKPEAU_LBLOB@@_K0PEAVAutoDeltaBlob@12@@Z
?DeltaDecompressFile@Rtl@Windows@@YAJPEAUIRtlFile@12@_K00@Z
?DeltaDecompressFile@Rtl@Windows@@YAJPEAUIRtlFile@12@_K00PEAVAutoDeltaBlob@12@@Z
?DestroyOutputStream@Tracing@Windows@@YAXPEAUIRtlFormattedOutputStream@Rtl@2@@Z
?DoesManifestContainAIs@ExecutionQueueDeriver@AiQueue@@QEAAJAEBVWcpManifest@@PEA_N@Z
?DoesTargetHaveTestRootCert@@YAJPEAUIRtlSystemIsolationLayerPublic@Rtl@Windows@@PEA_N@Z
?FileHashAlgorithmToDigest@Rtl@Cms@Windows@@YA?AW4_CMS_HASH_DIGESTMETHOD@23@K@Z
?FilePathCombine@COM@Windows@@YAJPEBGAEBU_LUNICODE_STRING@@PEAV?$Auto@U_LUNICODE_STRING@@@2@@Z
?Finalize@CC14NCanonicalizer@@MEAAJXZ
?Finalize@ExecutionQueueDeriver@AiQueue@@QEAAJPEAV?$Auto@U?$Vector@VExecutionQueueEntry@AiQueue@@@Windows@@@Windows@@PEAK@Z
?FinalizeChanges@CCoordinator@PrimitiveInstaller@@QEAAJXZ
?FinalizeValue@CComponentInformationTableTraits@COM@Windows@@SAXAEAV?$Auto@PEAVCComponentInformation@COM@Windows@@@3@@Z
?FindSubject@CCatalog@@QEBAJKPEBU_LBLOB@@PEA_NPEAJ@Z
?FindUnchangedMatchingVersions@VersionedIndexHelper@ComponentStore@@QEAAJPEAUIRtlDefinitionIdentity@Rtl@Identity@Windows@@AEBU_LUNICODE_STRING@@KKAEBU_LBLOB@@PEAV?$CVector@T_FOUR_PART_VERSION@@VCCallDisposition@Rtl@BUCL@@@BUCL@@@Z
?FormatFourPartVersion@Rtl@Implementation@WCP@Windows@@YAJKAEBT_FOUR_PART_VERSION@@PEAE1P6A?AU_RTL_UCSCHAR_ENCODER_RETURN_VALUE@@K11@ZPEAPEAE@Z
?FormatNumberIntoBuffer@Rtl@Implementation@WCP@Windows@@YAJ_KKPEAE1P6A?AU_RTL_UCSCHAR_ENCODER_RETURN_VALUE@@K11@ZPEAPEAE@Z
?FsnpDowncaseChar@@YAKK@Z
?GenerateCatalogThumbprint@@YAJPEAUIRtlFile@Rtl@Windows@@PEAV?$Auto@U_LUNICODE_STRING@@@3@@Z
?GenerateCatalogThumbprint@@YAJPEBU_LBLOB@@PEAV?$Auto@U_LUNICODE_STRING@@@Windows@@@Z
?GetComponentAbsolutePath@CRawStoreLayout@ComponentStore@@QEAAJKPEAUIRtlDefinitionIdentity@Rtl@Identity@Windows@@PEAV?$Auto@U_LUNICODE_STRING@@@6@@Z
?GetComponentFileAbsolutePath@CRawStoreLayout@ComponentStore@@QEAAJKPEAUIRtlDefinitionIdentity@Rtl@Identity@Windows@@AEBU_LUNICODE_STRING@@PEAV?$Auto@U_LUNICODE_STRING@@@6@2@Z
?GetComponentWinningVersion@CRawInstallMap@InstallMap@@QEAAJPEAUIRtlDefinitionIdentity@Rtl@Identity@Windows@@PEAT_FOUR_PART_VERSION@@PEA_N_N@Z
?GetCompressedFileType@Rtl@WCP@Windows@@YAKPEBU_LBLOB@@@Z
?GetCurrentDllWin32Path@COM@Windows@@YAJPEAXPEAV?$Auto@U_LUNICODE_STRING@@@2@@Z
?GetExternalDirPath@CRawStoreLayout@ComponentStore@@QEAAJPEAPEBU_LUNICODE_STRING@@@Z
?GetIsolationAllocator@LocalTransformerServices@COM@WCP@Windows@@UEAAJPEAPEAUIMalloc@@@Z
?GetLUnicodeParameter@Rtl@Transformers@WCP@Windows@@YAJKPEAUICSITransformerServices@@AEBU_LUNICODE_STRING@@PEAV?$Auto@U_LUNICODE_STRING@@@4@PEAK@Z
?GetNtFilePathParameter@Rtl@Transformers@WCP@Windows@@YAJKPEAUICSITransformerServices@@AEBU_LUNICODE_STRING@@PEAV?$Auto@U_LUNICODE_STRING@@@4@PEAKK@Z
?GetNtRegistryPathParameter@Rtl@Transformers@WCP@Windows@@YAJKPEAUICSITransformerServices@@AEBU_LUNICODE_STRING@@PEAV?$Auto@U_LUNICODE_STRING@@@4@PEAKK@Z
?GetOutputStreamStreamFromSink@Tracing@Windows@@YAXPEAUIRtlOutputSink@Rtl@2@PEAPEAUIRtlFormattedOutputStream@42@@Z
?GetParameter@LocalTransformerServices@COM@WCP@Windows@@UEAAJKPEB_WPEAPEA_WPEAK@Z
?GetRootDirPath@CRawStoreLayout@ComponentStore@@QEAAJPEAPEBU_LUNICODE_STRING@@@Z
?GetSignerPublicKeyToken@CCatalog@@QEAAJPEAUIRtlSystemIsolationLayer@Rtl@Windows@@PEAU_LBLOB@@@Z
?GetSystem@LocalTransformerServices@COM@WCP@Windows@@UEAAJPEAPEAUIRtlSystemIsolationLayerPublic@Rtl@4@@Z
?GetTemporaryDirectory@CRawStoreLayout@ComponentStore@@QEAAJKPEAV?$Auto@PEAUIRtlDirectory@Rtl@Windows@@@Windows@@@Z
?GetUTF8FileWriterStream@Rtl@Windows@@YAJPEAUIRtlFile@12@PEAV?$Auto@PEAUIRtlWOFOUCSStream@Rtl@Windows@@@2@@Z
?GetUserProfile@LocalTransformerServices@COM@WCP@Windows@@UEAAJPEAPEAUIRtlUserProfile@Rtl@4@@Z
?GetWin32FilePathParameter@COM@Transformers@WCP@Windows@@YAJKPEAUICSITransformerServices@@PEBGPEAPEAGPEAKK@Z
?GetWin32PathOfSiblingFile@COM@Windows@@YAJPEAXPEBGPEAV?$Auto@U_LUNICODE_STRING@@@2@@Z
?GetWin32PathOfSiblingFile@COM@Windows@@YAJPEAXPEB_WPEAV?$Auto@U_LUNICODE_STRING@@@2@@Z
?GetWin32RegistryPathParameter@COM@Transformers@WCP@Windows@@YAJKPEAUICSITransformerServices@@PEBGPEAPEAUHKEY__@@PEAPEAGPEAKK@Z
?InitComponentData@VersionedIndexHelper@ComponentStore@@QEAAJ_NPEAUIRtlDefinitionIdentity@Rtl@Identity@Windows@@PEAUComponentData@2@PEA_N@Z
?Initialize@AutoLZMSDecoder@Rtl@WCP@Windows@@QEAAJXZ
?Initialize@AutoLZMSEncoder@Rtl@WCP@Windows@@QEAAJXZ
?Initialize@CApplicationAccessor@@QEAAJPEAUIRtlDefinitionAppId@Rtl@AppId@Windows@@PEAUIRtlAppIdAuthority@345@@Z
?Initialize@CBaseCanonicalizer@@MEAAJPEAUIRtlMicrodom@Rtl@Microdom@Windows@@AEBU?$Vector@UNode@Rtl@Microdom@Windows@@@5@PEAUIRtlWOFOStream@35@@Z
?Initialize@CC14NCanonicalizer@@MEAAJPEAUIRtlMicrodom@Rtl@Microdom@Windows@@AEBU?$Vector@UNode@Rtl@Microdom@Windows@@@5@PEAUIRtlWOFOStream@35@@Z
?Initialize@CComponentAccessor@@QEAAJPEAUIRtlDefinitionIdentity@Rtl@Identity@Windows@@PEAUIRtlIdentityAuthority@345@@Z
?Initialize@CCoordinator@PrimitiveInstaller@@QEAAJKKKPEAUIRtlPrimitiveInstallerSupport@Rtl@PrimitiveInstallers@Windows@@PEAUIRtlPrimitiveInstallerRepairCallback@456@PEAUIRtlSystemIsolationLayer@46@@Z
?Initialize@CQueueExecutor@COM@Windows@@QEAAJKPEB_WPEAVIComponentStoreHelper@23@PEAUIRtlSystemIsolationLayer@Rtl@3@PEAVCTransactionContent@23@@Z
?Initialize@CRawInstallMap@InstallMap@@QEAAJ_NPEAUIRtlIdentityAuthority@Rtl@Identity@Windows@@PEAUIRtlKey@46@PEAUIRtlSystemIsolationLayer@46@@Z
?Initialize@CXmlCursor@@QEAAJPEAX_K@Z
?Initialize@ExecutionQueueDeriver@AiQueue@@QEAAJKKK_KPEAUIRtlSystemIsolationLayer@Rtl@Windows@@1PEBV?$CVector@UTransformsChangeQueueEntry@AiQueue@@VCCallDisposition@Rtl@BUCL@@@BUCL@@@Z
?Initialize@VersionedIndexHelper@ComponentStore@@QEAAJPEAUIRtlKey@Rtl@Windows@@_NPEAVIStoreLayoutHelper@2@PEAUIRtlIdentityAuthority@4Identity@5@@Z
?InitializeDeltaCompressor@Rtl@Windows@@YAJPEAX@Z
?InitializeStoreContext@CRawStoreLayout@ComponentStore@@QEAAJKPEAUIRtlIdentityAuthority@Rtl@Identity@Windows@@PEAUIRtlAppIdAuthority@4AppId@6@PEAUIRtlSystemIsolationLayer@46@2PEAUIRtlKey@46@3AEAVCRawInstallMap@InstallMap@@PEAUIRtlDirectory@46@5@Z
?InitializeTlcCanonicalData@CRawStoreLayout@ComponentStore@@QEAAJAEBVCApplicationAccessor@@PEAUTlcData@2@PEA_N@Z
?IsComponentFileDeltaOrLZMSCompressed@CRawStoreLayout@ComponentStore@@QEAAJAEBUComponentData@2@AEBU_LUNICODE_STRING@@PEA_N@Z
?IsComponentFileStaged@CRawStoreLayout@ComponentStore@@QEAAJKPEAUIRtlDefinitionIdentity@Rtl@Identity@Windows@@AEBU_LUNICODE_STRING@@PEA_N@Z
?IsComponentFileStaged@CRawStoreLayout@ComponentStore@@SAJKAEBUComponentData@2@AEBU_LUNICODE_STRING@@PEA_N@Z
?IsDeltaCompressorAvailable@Rtl@Windows@@YAJPEA_N@Z
?IsManifestCompressed@Rtl@Implementation@WCP@Windows@@YAJPEBU_LBLOB@@PEA_N@Z
?IsMobileStore@LocalInstallerServices@COM@WCP@Windows@@UEAA_NXZ
?IsPhysicallyOffline@LocalInstallerServices@COM@WCP@Windows@@UEAA_NXZ
?IsSafeMode@LocalInstallerServices@COM@WCP@Windows@@UEAAJPEA_N@Z
?IsSkuAssembly@LocalInstallerServices@COM@WCP@Windows@@UEAA_NXZ
?IsStateSeparated@LocalInstallerServices@COM@WCP@Windows@@UEAA_NXZ
?LZMSCompressFile@Rtl@WCP@Windows@@YAJPEBU_LBLOB@@PEAUIRtlFile@13@1@Z
?LZMSDecompressBuffer@Rtl@WCP@Windows@@YAJ_KPEBU_LBLOB@@AEAV?$Auto@U_LBLOB@@@3@@Z
?LZMSDecompressFile@Rtl@WCP@Windows@@YAJ_KPEAUIRtlFile@13@1@Z
?LoadFirstResourceLanguageAgnostic@Rtl@Windows@@YAJKPEAUHINSTANCE__@@PEBG1PEAU_LBLOB@@@Z
?LookupStringReplacement@MacroReplacement@@YAJKKAEBU_LUNICODE_STRING@@PEAUIRtlSystemIsolationLayer@Rtl@Windows@@PEAXPEAUIRtlDefinitionIdentity@4Identity@5@PEAV?$Auto@U_LUNICODE_STRING@@@5@PEAK@Z
?ManuallyMarkComponentStaged@CRawStoreLayout@ComponentStore@@QEAAJAEBVCComponentAccessor@@PEBU_LBLOB@@@Z
?MarkServicingStackCorruptHelper@LocalInstallerServices@COM@WCP@Windows@@UEAAJXZ
?Next@CXmlCursor@@QEAAJXZ
?OpenComponentDerivedData@VersionedIndexHelper@ComponentStore@@QEAAJ_NPEBU_LUNICODE_STRING@@1PEAUComponentData@2@PEA_N@Z
?OpenFamilyMap@CRawInstallMap@InstallMap@@QEAAJ_NPEAUIRtlDefinitionIdentity@Rtl@Identity@Windows@@PEAUMapForFamily@2@PEA_N@Z
?ParseBase16String@Rtl@Implementation@WCP@Windows@@YAJKPEBE0P6A?AU_RTL_UCSCHAR_DECODER_RETURN_VALUE@@00@ZPEAU_LBLOB@@PEA_N@Z
?ParseFromBlob@WcpManifest@@QEAAJAEBU_LBLOB@@PEAVStopWatch@Rtl@Windows@@@Z
?ParseFromBlob@WcpManifest@@QEAAJW4ParseDocumentFlags@XmlParserGenerator@@AEBU_LBLOB@@PEAVStopWatch@Rtl@Windows@@@Z
?ParseGuid@Rtl@Implementation@WCP@Windows@@YAJPEBE0P6A?AU_RTL_UCSCHAR_DECODER_RETURN_VALUE@@00@ZPEAU_GUID@@PEA_N@Z
?ParseProcessorArchitecture@Rtl@Identity@Windows@@YAJAEBU_LUNICODE_STRING@@PEAVPSEUDO_ARCH@123@PEA_N@Z
?PoqWasExecutedInline@LocalInstallerServices@COM@WCP@Windows@@UEAA_NXZ
?ProcessChange@CCoordinator@PrimitiveInstaller@@QEAAJAEBUComponentChange@2@@Z
?QueryComponentFlag@CRawStoreLayout@ComponentStore@@SAJAEBUComponentData@2@PEA_NPEAK@Z
?QueryConfigurationOption@CRawStoreLayout@ComponentStore@@QEBAJAEBU_GUID@@KPEAK@Z
?QueryConfigurationOption@CRawStoreLayout@ComponentStore@@QEBAJAEBU_GUID@@_NPEA_N@Z
?QueryInterface@LocalInstallerServices@COM@WCP@Windows@@UEAAJAEBU_GUID@@PEAPEAX@Z
?QueryInterface@LocalTransformerServices@COM@WCP@Windows@@UEAAJAEBU_GUID@@PEAPEAX@Z
?QuerySingleResourceOwnershipConfiguration@LocalInstallerServices@COM@WCP@Windows@@UEAAJPEA_N@Z
?QuerySmiHiveUpdatesConfiguration@LocalInstallerServices@COM@WCP@Windows@@UEAAJPEAK@Z
?QueryUnchangedFileVersions@VersionedIndexHelper@ComponentStore@@QEAAJ_N0PEAUIRtlDefinitionIdentity@Rtl@Identity@Windows@@AEBU_LUNICODE_STRING@@AEBU_LBLOB@@PEAV?$CVector@T_FOUR_PART_VERSION@@VCCallDisposition@Rtl@BUCL@@@BUCL@@PEA_N@Z
?ReadAt@CBufferedStream@@QEAAJ_K0PEAXPEA_K@Z
?ReadKeyValue@ComponentStore@@YAJPEAUIRtlKey@Rtl@Windows@@PEBU_LUNICODE_STRING@@PEAV?$Auto@U_LBLOB@@@4@PEAPEBU_KEY_VALUE_PARTIAL_INFORMATION@@PEA_N@Z
?Release@LocalInstallerServices@COM@WCP@Windows@@UEAAKXZ
?Release@LocalTransformerServices@COM@WCP@Windows@@UEAAKXZ
?RemoveComponentImplication@CRawStoreLayout@ComponentStore@@QEAAJAEBUComponentData@2@PEAUTlcData@2@@Z
?RemoveInstallMarkFromFamily@CRawInstallMap@InstallMap@@QEAAJPEAUMapForFamily@2@AEBT_FOUR_PART_VERSION@@@Z
?RemoveTlcMark@CRawStoreLayout@ComponentStore@@QEAAJKAEBUTlcInstaller@2@PEAUTlcData@2@@Z
?ReplaceMacros@LocalInstallerServices@COM@WCP@Windows@@UEAAJKPEB_WPEAPEA_WPEAUIDefinitionIdentity@@@Z
?ReplaceMacros@LocalTransformerServices@COM@WCP@Windows@@UEAAJKPEB_WPEAPEA_WK@Z
?ReplaceSystemPathStringWithDefaultMacro@Rtl@ComponentMacroReplacement@@YAJW4ReplaceSystemPathStringWithDefaultMacroFlags@12@AEBU_LUNICODE_STRING@@PEAV?$Auto@U_LUNICODE_STRING@@@Windows@@PEAW4ReplaceSystemPathStringWithDefaultMacroDisposition@12@@Z
?ReplaceVariablesInString@Rtl@Implementation@WCP@Windows@@YAJPEBU_LBLOB@@P6A?AU_RTL_UCSCHAR_DECODER_RETURN_VALUE@@PEBE1@ZPEAXP6AJ320PEAU_RTL_SMART_LBLOB_UCSCHAR_WRITING_CONTEXT@@@ZP6AJKPEAU_RTL_SMART_LBLOB_WRITING_CONTEXT@@@ZP6AJQEBK_K6@ZPEAU5@@Z
?ResolvePendingPhases@COM@Windows@@YAJKPEAVCQueueExecutor@12@PEA_N@Z
?RtlCaptureTracingParameterList@Rtl@WCP@Windows@@YAXK_KPEADQEAU_RTL_TRACING_PARAMETER@123@@Z
?RtlFormatIntoStreamFromParameterList@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@QEBD_KQEBU_RTL_TRACING_PARAMETER@123@@Z
?RtlGetFacilityTracingFlags@Rtl@WCP@Windows@@YAKPEAU_RTL_TRACING_FACILITY@123@@Z
?RtlGetVersionResourceFromSelf@@YAXPEAU_RTL_VERSION_RESOURCE@@@Z
?RtlIsTracingEnabled@Rtl@WCP@Windows@@YA_NPEAU_RTL_TRACING_FACILITY@123@K@Z
?RtlRunPrimitiveOperationsInXmlAgainstSil@@YAJW4RtlRunPrimitivesFlags@@_KPEAUIRtlSystemIsolationLayer@Rtl@Windows@@PEBU_LBLOB@@AEBU?$Vector@QEBU_UNICODE_STRING@@@4@P6AJPEBU_UNICODE_STRING@@PEAX@ZPEBU_POQ_PROGRESS_INFORMATION@@PEAU_POQ_CHECKPOINT_INFORMATION@@PEAU_POQ_FAILURE_INFORMATION@@PEAW4RtlRunPrimitivesDisposition@@@Z
?RtlShutdownTracing@Rtl@WCP@Windows@@YAXXZ
?RtlTraceEx@Rtl@WCP@Windows@@YAXPEBU_RTL_TRACING_STATIC_DATA@123@QEBQEBX@Z
?RtlTraceFailureFromGroupList@Rtl@WCP@Windows@@YAXKKPEAU_RTL_TRACING_FACILITY@123@PEBU_RTL_TRACING_FAILURE_DATA@123@_KQEBU_RTL_FORMATTING_GROUP@123@@Z
?RtlTraceFormat@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBUIRtlSystemIsolationLayerWithPOQ@13@@Z
?RtlTraceFormat_FormattableObject@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_HANDLE@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_IRtlBaseIdentity@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_IRtlDefinitionAppId@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCBOOLEAN@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCFOUR_PART_VERSION@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCGUID@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCHRESULT@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCLARGE_INTEGER_AsReadableTime@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCLARGE_INTEGER_AsTime@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCLBLOB@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCLBLOB_AsBase64@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCLBLOB_LimitLength@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCLONG@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCLUNICODE_STRING@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCLUNICODE_STRING_AsLiteralString@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCLUTF8_STRING@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCLUTF8_STRING_AsLiteralString@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCNTSTATUS@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCPCVOID@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCPCVOID_AsOptDerefPCVOID@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCSIZE_T@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCSTR@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCSTR_AsLiteralString@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCULONG@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCULONGLONG@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCULONGLONG_AsDecimalOnly@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCULONGLONG_AsTickDelta@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCULONG_AsDecimalOnly@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCULONG_AsHexadecimalOnly@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCULONG_AsHexadecimalOnly_ShortZero@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCULONG_AsRegValueType@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCULONG_AsSpecialCount@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCULONG_AsWin32Error@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCULONG_PTR@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCUNICODE_STRING@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCUSHORT_AsProcessorArchitecture@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCVOID@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCWSTR@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCWSTR_Array@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCWSTR_AsLiteralString@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCbool@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCbool_AsSuccessIndicator@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_RegistryValue@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFromGroupList@Rtl@WCP@Windows@@YAXKPEAU_RTL_TRACING_FACILITY@123@PEBU_RTL_TRACING_FAILURE_DATA@123@_KQEBU_RTL_FORMATTING_GROUP@123@@Z
?RtlTraceVa@Rtl@WCP@Windows@@YAXKKPEAU_RTL_TRACING_FACILITY@123@QEBD_KPEAD@Z
?RtlWcpParseManifestFromXml@Rtl@Implementation@WCP@Windows@@YAJKPEBU_LBLOB@@PEAUIParseErrorCallback@1Microdom@4@PEAUIRtlManifestParseErrorCallback@1ManifestParser@4@PEAV?$Auto@PEAVIRtlCdf@Rtl@Cdf@Windows@@@4@@Z
?RtlpSetSystem@WcpDllDebug@@YAJKPEAUIRtlSystemIsolationLayer@Rtl@Windows@@@Z
?Scavenge@CRawStoreLayout@ComponentStore@@QEAAJ_NAEBUScavengeControl@12@PEAUIRtlDirectory@Rtl@Windows@@PEAUIScavengeLastDitch@12@@Z
?SetComponentFileStageFlag@CRawStoreLayout@ComponentStore@@QEAAJ_NPEAUIRtlDefinitionIdentity@Rtl@Identity@Windows@@AEBU_LUNICODE_STRING@@@Z
?SetComponentFlag@CRawStoreLayout@ComponentStore@@QEAAJ_NKAEBUComponentData@2@@Z
?SetComponentFlag@CRawStoreLayout@ComponentStore@@QEAAJ_NKPEAUIRtlDefinitionIdentity@Rtl@Identity@Windows@@@Z
?ShouldRunAIs@ExecutionQueueDeriver@AiQueue@@QEAAJPEAUIRtlDefinitionIdentity@Rtl@Identity@Windows@@PEA_N@Z
?SilCreateDirectories@Rtl@Windows@@YAJPEAUIRtlSystemIsolationLayerPublic@12@AEBU_LUNICODE_STRING@@@Z
?SilCreateKeys@Rtl@Windows@@YAJPEAUIRtlSystemIsolationLayerPublic@12@AEBU_LUNICODE_STRING@@@Z
?SilGetRegistryDWORD@Rtl@Windows@@YAJKPEAUIRtlKey@12@AEBU_LUNICODE_STRING@@PEAK2@Z
?SilGetRegistryDWORD@Rtl@Windows@@YAJKPEAUIRtlSystemIsolationLayerPublic@12@AEBU_LUNICODE_STRING@@1PEAK2@Z
?SilGetRegistryString@Rtl@Windows@@YAJKPEAUIRtlSystemIsolationLayerPublic@12@AEBU_LUNICODE_STRING@@1PEAV?$Auto@U_LUNICODE_STRING@@@2@PEAK@Z
?SplitWin32RegistryPathIntoBaseAndSubKey@COM@Windows@@YAJPEBGPEAPEAUHKEY__@@PEAPEBG@Z
?TraceChangeList@Rtl@ComponentStore@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?TraceETWEvent@Rtl@WCP@Windows@@YAXU_EVENT_DESCRIPTOR@@PEBGZZ
?TrimNamespaceTable@CC14NCanonicalizer@@MEAAJUElement@Rtl@Microdom@Windows@@PEAVCNamespaceTable@@PEAVCAttributeTable@@@Z
?TryGetRollbackStorageDirectory@LocalTransformerServices@COM@WCP@Windows@@UEAAJKPEAPEAUIRtlDirectory@Rtl@4@@Z
?TryGetRollbackStorageKey@LocalTransformerServices@COM@WCP@Windows@@UEAAJKPEAPEAUIRtlKey@Rtl@4@@Z
?TryGetWin32DirectoryRollbackStoragePath@COM@Transformers@WCP@Windows@@YAJKPEAUICSITransformerServices@@PEAPEAG@Z
?TryGetWin32RegistryRollbackStoragePath@COM@Transformers@WCP@Windows@@YAJKPEAUICSITransformerServices@@PEAPEAUHKEY__@@PEAPEAG@Z
?VerifyAdvancedInstaller@LocalInstallerServices@COM@WCP@Windows@@UEAAJPEB_W00PEAK@Z
?VerifyCertChainRoot@CCatalog@@QEAAJKPEAK@Z
?VerifySigner@CCatalog@@QEAAJPEAUIRtlSystemIsolationLayer@Rtl@Windows@@@Z
?VirtualNtRegistryPathToPhysical@Rtl@Transformers@WCP@Windows@@YAJPEAUICSITransformerServices@@AEBU_LUNICODE_STRING@@PEAV?$Auto@U_LUNICODE_STRING@@@4@K@Z
?VirtualPathToPhysical@LocalInstallerServices@COM@WCP@Windows@@UEAAJKPEB_WPEAPEA_W@Z
?VirtualWin32RegistryPathToPhysical@COM@Transformers@WCP@Windows@@YAJPEAUICSITransformerServices@@PEBGPEAPEAUHKEY__@@PEAPEAGK@Z
?WriteAt@CBufferedStream@@QEAAJ_K0PEBXPEA_K@Z
?get_IsolationAllocator@LocalInstallerServices@COM@WCP@Windows@@UEAAJPEAPEAUIMalloc@@@Z
?get_RebootIndicator@LocalInstallerServices@COM@WCP@Windows@@UEAAJPEAW4RebootIndicators@@@Z
?get_System@LocalInstallerServices@COM@WCP@Windows@@UEAAJPEAPEAUIRtlSystemIsolationLayerPublic@Rtl@4@@Z
?get_TargetProcessorArchitecture@LocalInstallerServices@COM@WCP@Windows@@UEAAJPEAK@Z
?get_UserProfile@LocalInstallerServices@COM@WCP@Windows@@UEAAJPEAPEAUIRtlUserProfile@Rtl@4@@Z
?put_RebootIndicator@LocalInstallerServices@COM@WCP@Windows@@UEAAJW4RebootIndicators@@@Z
?utiludom_GetElementImmediateChildrenByName@@YAJPEAUIRtlMicrodom@Rtl@Microdom@Windows@@UElement@234@PEBU_LUTF8_STRING@@2PEAV?$Auto@U?$Vector@UElement@Rtl@Microdom@Windows@@@Windows@@@4@@Z
?utiludom_GetElementNameDetails@@YAJPEAUIRtlMicrodom@Rtl@Microdom@Windows@@UElement@234@PEAPEBU_LUTF8_STRING@@22@Z
AddTrusteeCapabilities
AllocateTrusteeData
ApplyTransactionPOQsToSil
ConvertHResultToNtStatus
ConvertNtStatusToHResult
CreateNewOfflineStore
CreateNewPseudoWindows
CreateNewPseudoWindowsEx
CreateNewWindows
DelayExecution
DeleteTrusteeCapabilities
DeleteTrusteeData
DismountRegistryHives
DllCsiGetHandler
EnumerateFileRedirections
EnumerateRegistryRedirections
ExecuteMidgroundInstallers
ExpandAndNullTerminateEnvironmentVariableString
FreeAndZeroCSI_BROKEN_COMPONENT
FreeAndZeroCSI_REPAIRED_COMPONENT
FreeRedirectionsMemory
GetAppIdAuthority
GetFriendlyInstallerName
GetGroupTrusteeDataCountFromManifest
GetGroupTrusteeDataFromManifest
GetIdentityAuthority
GetPrimitiveInstallerSupport
GetSystemStore
GetVersionString
InitializeCSI_BROKEN_COMPONENT
InitializeCSI_REPAIRED_COMPONENT
IsCompactOSEnabled
IsIdentityPnPDriver
IsSkuAssembly
MapToPrivilegeName
MapToWellKnownSidType
MergeTwoChangeLists
ORAdvanceSubkeyEnumerator
ORAdvanceValueEnumerator
ORCleanupSubkeyEnumerator
ORCleanupValueEnumerator
ORCloseHive
ORCloseKey
ORCreateHive
ORCreateHiveEx
ORCreateKey
ORDeleteKey
ORDeleteValue
OREnumKey
OREnumValue
ORFlushHive
ORGetKeySecurity
ORGetValue
ORGetVirtualFlags
ORInitializeSubkeyEnumerator
ORInitializeValueEnumerator
OROpenHive
OROpenHiveByHandle
OROpenKey
ORQueryInfoKey
ORQueryInfoKeyEx
ORQueryInfoKeyValueEx
ORQuerySubkeyEnumerator
ORQueryValueEnumerator
ORRenameKey
ORSaveHive
ORSaveHiveEx
ORSaveHiveToHandle
ORSetKeySecurity
ORSetValue
ORSetVirtualFlags
ORStartSubkeyEnumerator
ORStartValueEnumerator
OpenExistingOfflineStore
ParseManifest
ParseManifestEx
PoqParsePoqexecLog
RtlAllocateLBlob
RtlAllocateLUnicodeString
RtlAllocateLUtf8String
RtlAllocateUnicodeString
RtlAppendLUnicodeStringToLUnicodeString
RtlAppendLUtf8StringToLUnicodeString
RtlAppendLUtf8StringToLUtf8String
RtlAppendUcsCharacterToLUnicodeString
RtlAppendUcsCharactersToLUnicodeString
RtlBase64EncodeLBlobToLUnicodeString
RtlCalculateUtf16StringLengthFromLUtf8String
RtlCombineNtPathSegments
RtlCommitSmartLBlobUcsWritingContext
RtlCompareEncodedLBlobs
RtlCompareLUnicodeStringToLUtf8String
RtlCompareLUnicodeStrings
RtlCompareLUtf8Strings
RtlConcatenateLUnicodeStrings
RtlConcatenateLUtf8Strings
RtlConvertNtFilePathToWin32FilePath
RtlConvertNtRegistryPathToWin32RegistryPath
RtlConvertWin32FilePathToNtFilePath
RtlConvertWin32RegistryPathToNtRegistryPath
RtlConvertWin32RegistryPathToNtRegistryPathWithSid
RtlCopyLBlob
RtlCopyLUnicodeString
RtlCopyLUtf8String
RtlCopyLUtf8StringToLUnicodeString
RtlCreateCdfEx
RtlCreateDefaultMicrodomXmlWriter
RtlCreateDefaultXmlWriter
RtlCreateMicrodom
RtlCreateMicrodomUpdateContext
RtlCreateUpdatedMicrodomAsMicrodom
RtlCreateUpdatedMicrodomAsUtf8
RtlCreateUtf16LEUCSStringBuilder
RtlCreateUtf8UCSStringBuilder
RtlDeallocateUnicodeString
RtlDecodeBase64LUnicodeStringToLBlob
RtlDecodeBase64LUtf8StringToLBlob
RtlDecodeUtf16LE
RtlDecodeUtf8
RtlDestroyGrowingList
RtlDestroyMicrodomUpdateContext
RtlDetermineTranscodedLBlobSize
RtlDoesLUnicodeStringMatchExpression
RtlDowncaseUCSCharacter
RtlDuplicateCountedStringToLUnicodeString
RtlDuplicateLBlob
RtlDuplicateLUnicodeString
RtlDuplicateLUnicodeStringToLUtf8String
RtlDuplicateLUtf8String
RtlDuplicateLUtf8StringToLUnicodeString
RtlDuplicateNullTerminatedAnsiStringToLUnicodeString
RtlDuplicateNullTerminatedStringToLUnicodeString
RtlDuplicateUnicodeStringToLUnicodeString
RtlDuplicateUnicodeStringToLUtf8String
RtlEncodeUtf16LE
RtlEncodeUtf8
RtlEqualLUnicodeStringPrefix
RtlEqualLUnicodeStringSuffix
RtlEqualLUnicodeStrings
RtlEqualLUtf8StringPrefix
RtlEqualLUtf8Strings
RtlExecuteXPathOverMicrodom
RtlFilterLUnicodeString
RtlFinalizeSmartLBlobUcsWritingContext
RtlFreeLBlob
RtlFreeLUnicodeString
RtlFreeLUtf8String
RtlGetAppIdAuthority
RtlGetCharacterSetDecoder
RtlGetDirectSystem
RtlGetEncodingSizeUtf16
RtlGetEncodingSizeUtf8
RtlGetHashAlgorithmHashLength
RtlGetIdentityAuthority
RtlGetPendingXmlVersion
RtlGetSystem
RtlHashLBlob
RtlHashLUnicodeString
RtlHashLUtf8String
RtlIndexIntoGrowingList
RtlInitLUnicodeStringFromNullTerminatedString
RtlInitLUnicodeStringFromUnicodeString
RtlInitUnicodeStringFromLUnicodeString
RtlInitializeGrowingList
RtlInitializeSmartLBlobWritingContext
RtlInitializeSmartLUnicodeStringWritingContext
RtlInitializeSmartLUtf8StringWritingContext
RtlIsLBlobValid
RtlIsLUnicodeStringValid
RtlLengthOfUcsCharacterEncodedAsUtf8
RtlMatchLUnicodeStringAgainstLUtf8StringList
RtlMatchLUnicodeStringAgainstList
RtlMatchLUnicodeStringAgainstPointerList
RtlMatchLUtf8StringAgainstList
RtlMatchLUtf8StringAgainstPointerList
RtlMicrodomUpdateCreateAttributeNs
RtlMicrodomUpdateCreateElementNs
RtlMicrodomUpdateCreateTextual
RtlMicrodomUpdateGetCookieForExistingAttribute
RtlMicrodomUpdateGetCookieForExistingElement
RtlMicrodomUpdateGetCookieForExistingNode
RtlMicrodomUpdateInsertChild
RtlMicrodomUpdateInsertMicrodomNode
RtlMicrodomUpdateRemoveChild
RtlMicrodomUpdateRemoveElement
RtlMicrodomUpdateSetNodeName
RtlMicrodomUpdateSetNodeTextContent
RtlMurmurHashLBlob
RtlNsDestroy
RtlNsInitialize
RtlParseDottedVersion
RtlParseManifestMicrodomIntoCdf
RtlPreInitializeSmartLBlobUcsWritingContext
RtlReallocateLBlob
RtlReallocateLUnicodeString
RtlReallocateLUtf8String
RtlReallocateUnicodeString
RtlRegisterErrorOriginationCallback
RtlReplaceSystemPathMappings
RtlReportErrorOrigination
RtlReportErrorPropagation
RtlSmartMultiUcsEncoder_Utf16LE
RtlSmartMultiUcsEncoder_Utf8
RtlSmartUcsEncoder_Utf16LE
RtlSmartUcsEncoder_Utf8
RtlSplitEncodedLBlob
RtlSplitLUnicodeString
RtlSplitLUtf8String
RtlSplitNtPath
RtlSplitWin32RegistryPathIntoRootAndLeaves
RtlTranscodeLBlobs
RtlUpcaseUCSCharacter
RtlWcpDllDebugEntrypoint
RtlWriteDecodedUcsDataIntoSmartLBlobUcsWritingContext
RtlWriteMicrodomXml
RtlWriteUcsDataIntoSmartLBlobUcsWritingContext
RtlXmlCloneRawTokenizationState
RtlXmlCopyStringOut
RtlXmlDefaultCompareStrings
RtlXmlDestroyNextLogicalThing
RtlXmlDetermineStreamEncoding
RtlXmlExtentToString
RtlXmlExtentToUtf8String
RtlXmlInitializeNextLogicalThing
RtlXmlInitializeTokenization
RtlXmlNextLogicalThing
RtlXmlNextToken
SetIsolationIMalloc
SilCreateBufferedSil
SilCreateRerootedSil
WcpInitialize
WcpReportExternalErrorOrigination

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 873KB - Virtual size: 873KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43251209d7432f5b4f4ccc5292624d37

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5fCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

d9:5f:4c:db:b2:8b:d1:8b:6f:82:a9:a6:62:0d:0e:81:33:e6:d9:d4:1f:af:7b:51:7f:39:9b:cc:1e:7b:c4:92Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

advapi32

wintrust

crypt32

Exports

Exports

Sections

.text Size: 202KB - Virtual size: 201KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 476B

e19f7d42b6ac1177ba275ae4681c9653

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

e3:74:93:6d:ac:3d:59:ae:ff:77:7a:66:e6:5e:1e:5a:c6:3f:42:7c:86:30:97:b9:e5:28:b9:cb:00:82:e4:9eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

ntdll

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

rpcrt4

api-ms-win-core-file-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-file-l2-1-1

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-kernel32-legacy-l1-1-0

Exports

Exports

Sections

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

d9:5f:4c:db:b2:8b:d1:8b:6f:82:a9:a6:62:0d:0e:81:33:e6:d9:d4:1f:af:7b:51:7f:39:9b:cc:1e:7b:c4:92
Signer

.text
Size: 202KB - Virtual size: 201KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 476B

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

e3:74:93:6d:ac:3d:59:ae:ff:77:7a:66:e6:5e:1e:5a:c6:3f:42:7c:86:30:97:b9:e5:28:b9:cb:00:82:e4:9e
Signer

.text
Size: 173KB - Virtual size: 173KB

.rdata
Size: 82KB - Virtual size: 81KB

.data
Size: 512B - Virtual size: 11KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 464B

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

8e:5c:3e:3b:a9:2b:1a:61:31:00:b9:45:92:87:11:66:b6:1f:56:6b:5a:1f:14:d5:97:9b:48:30:5a:45:f1:80
Signer

.text
Size: 571KB - Virtual size: 571KB

.rdata
Size: 189KB - Virtual size: 189KB

.data
Size: 11KB - Virtual size: 23KB

.pdata
Size: 18KB - Virtual size: 17KB

.didat
Size: 512B - Virtual size: 24B

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 1KB - Virtual size: 1KB