XblGameSave.pdb
Static task
static1
Behavioral task
behavioral1
Sample
x64_x32_installer__v4.0.7.zip
Resource
win11-20240802-en
General
-
Target
x64_x32_installer__v4.0.7.zip
-
Size
36.1MB
-
MD5
9feb6643beab7e297d3ed87b2a419c18
-
SHA1
b3a06338644232a3c8a95d9bff9bc193d4ef78d8
-
SHA256
f18759a9594173bce6f3e9f68a3efd59ac811544bf2767081f592466e9cd24e7
-
SHA512
796864f20e0b8523ce98c3bc586930c7d7cfd18b1d31f4f190fbefddb0ba2628d3f15838eeb39c545409623bb56feba6ee0f97c7f990f9ff95575120aa99064c
-
SSDEEP
786432:TL9kkAzbG0wmlFfV/l9Qmf5xupM1iZ2wyBLOynJN9Vrf50WV8SdEpun:QphxN+2ZOKP9V1LJs8
Malware Config
Signatures
-
Unsigned PE 10 IoCs
Checks for missing Authenticode signature.
resource unpack001/dps/XblGameSave.dll unpack001/dps/dpapisrv.dll unpack001/dps/wwanmm.dll unpack001/enterprisecsps/energy.dll unpack001/enterprisecsps/enterprisecsps.dll unpack001/enterprisecsps/filemgmt.dll unpack001/kdnet/ngccredprov.dll unpack001/ucrtbase/SessEnv.dll unpack001/ucrtbase/twinui.appcore.dll unpack001/vbsapi/Windows.Media.Streaming.dll
Files
-
x64_x32_installer__v4.0.7.zip.zip
Password: as
-
dps/XblGameSave.dll.dll windows:10 windows x64 arch:x64
Password: as
7e80c7b4f275c9ea605678d912adb2c4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
msvcrt
__C_specific_handler
??0exception@@QEAA@AEBQEBDH@Z
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
malloc
_initterm
??_V@YAXPEAX@Z
_vsnprintf
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBV0@@Z
?what@exception@@UEBAPEBDXZ
_onexit
memmove
__CxxFrameHandler3
free
??3@YAXPEAX@Z
_amsg_exit
_XcptFilter
_callnewh
_purecall
_CxxThrowException
??0bad_cast@@QEAA@AEBV0@@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
strchr
realloc
towupper
wcscat_s
??8type_info@@QEBAHAEBV0@@Z
_ultow_s
memmove_s
_wcstoui64
_wcsicmp
wcsstr
wcsncpy_s
wcscpy_s
_wtoi64
wcschr
wcsncmp
swscanf_s
_wtoi
tolower
setlocale
memcpy
___mb_cur_max_func
_errno
___lc_handle_func
___lc_codepage_func
__pctype_func
calloc
__crtLCMapStringW
___lc_collate_cp_func
memcmp
__crtCompareStringW
abort
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
_vsnprintf_s
memcpy_s
_vsnwprintf
?terminate@@YAXXZ
memset
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-processthreads-l1-1-0
TerminateProcess
GetCurrentProcess
OpenThreadToken
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
api-ms-win-core-heap-l1-1-0
HeapAlloc
GetProcessHeap
HeapFree
api-ms-win-core-libraryloader-l1-2-0
GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW
api-ms-win-core-debug-l1-1-0
DebugBreak
OutputDebugStringW
IsDebuggerPresent
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
GetLastError
SetLastError
RaiseException
SetUnhandledExceptionFilter
api-ms-win-core-synch-l1-1-0
SetEvent
ResetEvent
CreateSemaphoreExW
InitializeCriticalSectionEx
InitializeCriticalSection
ReleaseSemaphore
CreateMutexExW
ReleaseMutex
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
WaitForSingleObject
CreateEventW
DeleteCriticalSection
InitializeSRWLock
EnterCriticalSection
ReleaseSRWLockShared
OpenSemaphoreW
LeaveCriticalSection
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-com-l1-1-0
CoReleaseServerProcess
CoFreeUnusedLibraries
CoCreateInstance
CoInitializeEx
CoAddRefServerProcess
CoUninitialize
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoSetProxyBlanket
CoSwitchCallContext
StringFromGUID2
CoCreateGuid
CoRevertToSelf
CoImpersonateClient
CoRevokeClassObject
CoEnableCallCancellation
CoDecrementMTAUsage
CoCancelCall
CoDisableCallCancellation
CoInitializeSecurity
CoRegisterClassObject
CoResumeClassObjects
CoDisconnectContext
api-ms-win-core-winrt-l1-1-0
RoActivateInstance
RoUninitialize
RoInitialize
RoRegisterActivationFactories
RoGetActivationFactory
RoRevokeActivationFactories
api-ms-win-core-winrt-string-l1-1-0
WindowsCreateString
WindowsCreateStringReference
WindowsCompareStringOrdinal
WindowsGetStringLen
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsDeleteString
WindowsDuplicateString
WindowsGetStringRawBuffer
api-ms-win-eventing-provider-l1-1-0
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer
api-ms-win-core-winrt-error-l1-1-0
RoOriginateErrorW
RoOriginateError
RoTransformError
api-ms-win-core-util-l1-1-0
DecodePointer
EncodePointer
api-ms-win-service-core-l1-1-0
SetServiceStatus
RegisterServiceCtrlHandlerExW
api-ms-win-core-synch-l1-2-0
SleepConditionVariableSRW
WakeAllConditionVariable
Sleep
InitOnceExecuteOnce
api-ms-win-security-sddl-l1-1-0
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSidToSidW
api-ms-win-security-base-l1-1-0
MakeAbsoluteSD
RevertToSelf
ImpersonateLoggedOnUser
api-ms-win-core-rtlsupport-l1-1-0
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetTickCount
GetTickCount64
GetSystemTime
api-ms-win-core-registry-l1-1-0
RegEnumKeyExW
RegDeleteKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteValueW
RegCreateKeyExW
RegDeleteTreeW
RegGetValueW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
api-ms-win-core-threadpool-l1-2-0
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer
SetThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait
CloseThreadpoolWork
CloseThreadpoolWait
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
api-ms-win-power-setting-l1-1-0
PowerSettingRegisterNotification
PowerSettingUnregisterNotification
api-ms-win-service-management-l1-1-0
OpenSCManagerW
CloseServiceHandle
OpenServiceW
api-ms-win-service-management-l2-1-0
ChangeServiceConfigW
oleaut32
VariantInit
api-ms-win-security-lsalookup-l2-1-0
LookupAccountSidW
api-ms-win-core-heap-l2-1-0
LocalFree
api-ms-win-core-file-l1-1-0
FindClose
GetFileInformationByHandle
CreateDirectoryW
CreateFileW
SetFilePointerEx
SetEndOfFile
FindNextFileW
FindFirstFileW
ReadFile
WriteFile
CompareFileTime
GetFileSizeEx
GetFileAttributesW
api-ms-win-core-timezone-l1-1-0
FileTimeToSystemTime
SystemTimeToFileTime
rpcrt4
NdrServerCallAll
NdrServerCall2
RpcRevertToSelfEx
RpcImpersonateClient
RpcServerUnregisterIf
RpcBindingVectorFree
RpcServerUseProtseqW
RpcServerInqBindings
RpcServerRegisterIf3
RpcEpRegisterW
RpcEpUnregister
UuidFromStringW
api-ms-win-core-string-l1-1-0
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
api-ms-win-core-threadpool-legacy-l1-1-0
DeleteTimerQueueTimer
CreateTimerQueueTimer
ntdll
NtFlushBuffersFileEx
NtSetInformationFile
RtlDosPathNameToNtPathName_U
NtQueryInformationToken
DbgPrintEx
NtQueryWnfStateData
RtlUnsubscribeWnfStateChangeNotification
RtlCapabilityCheck
RtlInitUnicodeString
RtlIsMultiSessionSku
RtlSubscribeWnfStateChangeNotification
combase
ord67
ord69
ord68
ord66
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
ServiceMain
Sections
.text Size: 841KB - Virtual size: 840KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
RT_CODE Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 347KB - Virtual size: 346KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 14KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 40KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 104B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
dps/dpapisrv.dll.dll windows:10 windows x64 arch:x64
Password: as
ee8dd9c021c5e38224032b7f773aec78
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
dpapisrv.pdb
Imports
msvcp_win
?_Xlength_error@std@@YAXPEBD@Z
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_initterm
api-ms-win-crt-private-l1-1-0
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o_wcscat_s
_o_wcscpy_s
_o_wcsncat_s
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_CxxThrowException
memcmp
memcpy
api-ms-win-crt-string-l1-1-0
memset
rpcrt4
RpcServerInqDefaultPrincNameW
RpcServerRegisterIfEx
RpcServerInqCallAttributesW
RpcRevertToSelf
RpcServerRegisterAuthInfoW
UuidCreate
RpcStringBindingParseW
UuidFromStringW
RpcServerUnregisterIf
RpcBindingToStringBindingW
RpcServerUseProtseqEpW
RpcBindingFree
RpcEpResolveBinding
RpcStringFreeW
RpcNetworkIsProtseqValidW
RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
UuidCompare
RpcServerUnregisterIfEx
RpcServerRegisterIf3
RpcImpersonateClient
RpcRevertToSelfEx
NdrClientCall3
NdrServerCall2
NdrServerCallAll
UuidToStringW
api-ms-win-security-base-l1-1-0
AdjustTokenPrivileges
AllocateAndInitializeSid
ImpersonateSelf
GetLengthSid
DuplicateTokenEx
GetTokenInformation
GetSidSubAuthorityCount
FreeSid
EqualSid
CreateWellKnownSid
SetTokenInformation
CopySid
RevertToSelf
ImpersonateLoggedOnUser
IsValidSid
CheckTokenMembership
AllocateLocallyUniqueId
DuplicateToken
api-ms-win-core-libraryloader-l1-2-0
GetModuleHandleW
GetProcAddress
GetModuleFileNameA
GetModuleFileNameW
DisableThreadLibraryCalls
GetModuleHandleExW
api-ms-win-core-registry-l1-1-0
RegSetValueExW
RegOpenKeyExW
RegUnLoadKeyW
RegLoadKeyW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
api-ms-win-core-synch-l1-1-0
WaitForSingleObject
CreateMutexW
InitializeCriticalSectionEx
OpenMutexW
LeaveCriticalSection
DeleteCriticalSection
AcquireSRWLockShared
ReleaseMutex
CreateMutexExW
ReleaseSemaphore
OpenEventW
CreateEventW
EnterCriticalSection
SetEvent
ReleaseSRWLockShared
CreateSemaphoreExW
InitializeSRWLock
OpenSemaphoreW
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitializeCriticalSection
api-ms-win-core-heap-l1-1-0
GetProcessHeap
HeapAlloc
HeapFree
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError
api-ms-win-core-processthreads-l1-1-0
SetThreadToken
GetCurrentThread
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
OpenProcessToken
OpenThreadToken
TerminateProcess
api-ms-win-core-string-l1-1-0
CompareStringW
CompareStringOrdinal
api-ms-win-core-threadpool-l1-2-0
SetThreadpoolTimer
CloseThreadpoolTimer
CloseThreadpoolWork
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
CreateThreadpoolTimer
SubmitThreadpoolWork
api-ms-win-core-heap-l2-1-0
LocalAlloc
LocalFree
LocalReAlloc
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetSystemTime
GetComputerNameExW
GetSystemDirectoryW
GetTickCount
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
DebugBreak
IsDebuggerPresent
api-ms-win-core-handle-l1-1-0
DuplicateHandle
CloseHandle
bcrypt
BCryptGenerateSymmetricKey
BCryptGenRandom
BCryptGetProperty
BCryptDestroyKey
BCryptEncrypt
BCryptFinishHash
BCryptDestroyHash
BCryptHashData
BCryptCloseAlgorithmProvider
BCryptDecrypt
BCryptCreateHash
BCryptKeyDerivation
BCryptDeriveKeyCapi
BCryptImportKeyPair
BCryptFinalizeKeyPair
BCryptGenerateKeyPair
BCryptExportKey
BCryptOpenAlgorithmProvider
api-ms-win-core-memory-l1-1-0
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
VirtualQuery
api-ms-win-core-file-l1-1-0
FindFirstFileW
GetFileSize
SetEndOfFile
WriteFile
FindNextFileW
FindClose
CreateFileW
ReadFile
DeleteFileW
CompareFileTime
FlushFileBuffers
SetFilePointer
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
OpenProcess
cryptbase
SystemFunction041
SystemFunction040
api-ms-win-core-synch-l1-2-0
Sleep
InitOnceExecuteOnce
api-ms-win-core-timezone-l1-1-0
SystemTimeToFileTime
ncrypt
NCryptOpenStorageProvider
NCryptFinalizeKey
NCryptCreatePersistedKey
NCryptSetProperty
NCryptFreeObject
api-ms-win-core-rtlsupport-l1-1-0
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
api-ms-win-core-threadpool-legacy-l1-1-0
QueueUserWorkItem
api-ms-win-core-string-obsolete-l1-1-0
lstrlenW
api-ms-win-core-heap-obsolete-l1-1-0
LocalSize
lsasrv
LsaILookupUserAccountType
LsaIDeriveCredentialKey
ntasn1
ord4
ord5
lsass.exe
LsaGetInterface
ntdll
RtlLeaveCriticalSection
NtOpenEvent
NtCreateEvent
RtlDosPathNameToRelativeNtPathName_U
RtlReleaseRelativeName
RtlFreeHeap
NtCreateFile
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
EtwEventUnregister
RtlEnterCriticalSection
RtlImageNtHeader
RtlDeleteCriticalSection
RtlGetCurrentServiceSessionId
NtQueryInformationProcess
EtwEventWriteTransfer
EtwEventActivityIdControl
RtlEqualDomainName
RtlNtStatusToDosError
RtlFreeUnicodeString
RtlUpcaseUnicodeString
RtlInitUnicodeString
RtlIsStateSeparationEnabled
EtwTraceMessage
RtlInitializeCriticalSection
NtPrivilegeCheck
NtOpenThreadToken
NtClose
EtwEventRegister
NtQueryInformationToken
RtlEqualSid
api-ms-win-eventing-provider-l1-1-0
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
InitializeLsaExtension
QueryLsaInterface
Sections
.text Size: 198KB - Virtual size: 197KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 46KB - Virtual size: 45KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 392B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 836B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
dps/wwanmm.dll.dll windows:10 windows x64 arch:x64
Password: as
085d30f77f85e03dcd40724f5435c85f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
WWanMM.pdb
Imports
msvcrt
memcmp
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
realloc
_errno
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
_callnewh
_vsnprintf_s
_wtoi
vswprintf_s
swprintf_s
memmove_s
_wtoi64
??3@YAXPEAX@Z
iswdigit
_get_errno
_set_errno
memcpy_s
_vsnwprintf
malloc
free
_purecall
calloc
??_V@YAXPEAX@Z
_resetstkoflw
__C_specific_handler
__CxxFrameHandler3
memset
api-ms-win-core-registry-l1-1-0
RegGetValueW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
RaiseException
SetLastError
api-ms-win-core-synch-l1-1-0
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
CreateEventW
WaitForSingleObject
ResetEvent
AcquireSRWLockExclusive
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
ReleaseSRWLockExclusive
SetEvent
api-ms-win-core-libraryloader-l1-2-0
GetModuleFileNameW
GetProcAddress
FreeLibrary
LockResource
LoadStringW
FindResourceExW
LoadResource
GetModuleHandleExW
api-ms-win-core-debug-l1-1-0
OutputDebugStringA
api-ms-win-core-com-l1-1-0
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
StringFromIID
CoTaskMemRealloc
CoUninitialize
IIDFromString
CoCreateGuid
api-ms-win-eventing-provider-l1-1-0
EventWriteTransfer
EventUnregister
EventRegister
api-ms-win-eventing-classicprovider-l1-1-0
TraceMessage
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
oleaut32
SafeArrayGetElement
SafeArrayLock
SysAllocString
VariantClear
SafeArrayDestroy
VariantInit
VariantChangeType
SafeArrayUnlock
SafeArrayAccessData
SysStringLen
SafeArrayRedim
SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayCreate
SysFreeString
SafeArrayGetUBound
iphlpapi
ConvertInterfaceLuidToAlias
ConvertInterfaceGuidToLuid
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemTimeAsFileTime
GetTickCount64
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-winrt-error-l1-1-0
SetRestrictedErrorInfo
api-ms-win-core-winrt-string-l1-1-0
WindowsCreateStringReference
api-ms-win-core-winrt-l1-1-0
RoActivateInstance
RoGetActivationFactory
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-winrt-error-l1-1-1
RoGetMatchingRestrictedErrorInfo
api-ms-win-core-string-l2-1-0
CharNextW
api-ms-win-core-synch-l1-2-0
SleepConditionVariableSRW
WakeAllConditionVariable
Sleep
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-processthreads-l1-1-0
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
api-ms-win-core-rtlsupport-l1-1-0
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
api-ms-win-core-sidebyside-l1-1-0
FindActCtxSectionStringW
CreateActCtxW
DeactivateActCtx
ActivateActCtx
QueryActCtxW
kernel32
lstrlenW
lstrcmpW
LocalFree
InitializeCriticalSectionEx
OutputDebugStringW
LoadLibraryExW
CreateFileW
lstrlenA
ExpandEnvironmentStringsW
DebugBreak
GetModuleHandleW
GetProcessHeap
CreateMutexExW
HeapAlloc
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
CompareStringOrdinal
IsDebuggerPresent
user32
UnregisterClassA
ntdll
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlNtStatusToDosError
RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
WinSqmAddToStream
WinSqmSetDWORD
WinSqmAddToStreamEx
shell32
ShellExecuteExW
CommandLineToArgvW
wwapi
WwanFreeMemory
WwanAllocateMemory
mobilenetworking
GetPersistentRegPath
wcmapi
WcmQueryProperty
WcmFreeMemory
datusage
CreateDataUsageHelper
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
crypt32
CryptUnprotectData
CryptProtectData
Exports
Exports
DllCanUnloadNow
DllGetClassObject
StartDiagnosticsW
Sections
.text Size: 186KB - Virtual size: 186KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 64KB - Virtual size: 64KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 275KB - Virtual size: 274KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
enterprisecsps/energy.dll.dll windows:10 windows x64 arch:x64
Password: as
5a6c1bb2d4cdfc861b6d3485be83e4ca
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
energy.pdb
Imports
msvcrt
__dllonexit
_unlock
_lock
__C_specific_handler
_errno
_initterm
_amsg_exit
wcsnlen
floor
??1type_info@@UEAA@XZ
setlocale
__crtLCMapStringW
memmove
_XcptFilter
__uncaught_exception
__pctype_func
memcmp
_CxxThrowException
__CxxFrameHandler3
wcstoul
_wcsicmp
___lc_handle_func
___lc_codepage_func
swprintf_s
iswprint
malloc
??0exception@@QEAA@AEBQEBDH@Z
_wcsnicmp
_vsnwprintf
calloc
memcpy
_onexit
___mb_cur_max_func
_wcsdup
_ismbblead
memset
abort
sprintf_s
free
?terminate@@YAXXZ
localeconv
__doserrno
_wfopen_s
fclose
fwprintf_s
toupper
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_purecall
strcspn
??0bad_cast@@QEAA@AEBV0@@Z
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
_wsetlocale
wcscmp
api-ms-win-core-processtopology-obsolete-l1-1-0
GetActiveProcessorCount
api-ms-win-ole32-ie-l1-1-0
CoInitialize
api-ms-win-core-kernel32-legacy-l1-1-0
GetSystemPowerStatus
ntdll
RtlLookupFunctionEntry
RtlCaptureContext
RtlCopySid
RtlVirtualUnwind
NtQueryWnfStateData
NtPowerInformation
RtlAdjustPrivilege
RtlNtStatusToDosError
RtlGetPersistedStateLocation
RtlLengthSid
api-ms-win-eventing-provider-l1-1-0
EventRegister
EventProviderEnabled
EventWriteTransfer
EventSetInformation
EventWrite
EventUnregister
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-core-synch-l1-1-0
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEvent
CreateEventW
WaitForSingleObject
DeleteCriticalSection
api-ms-win-core-file-l1-1-0
FileTimeToLocalFileTime
FindClose
FindNextFileW
CompareFileTime
FindFirstFileW
CreateFileW
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-com-l1-1-0
CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree
api-ms-win-core-registry-l1-1-0
RegCreateKeyExW
RegGetValueW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
api-ms-win-core-timezone-l1-1-0
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
api-ms-win-core-sysinfo-l1-1-0
GetSystemTime
GetTickCount
GetVersionExW
GetComputerNameExW
GetSystemTimeAsFileTime
rpcrt4
UuidCreate
api-ms-win-core-heap-l2-1-0
LocalAlloc
LocalFree
api-ms-win-core-libraryloader-l1-2-0
GetModuleFileNameA
GetProcAddress
LoadStringW
DisableThreadLibraryCalls
LoadLibraryExW
FreeLibrary
api-ms-win-core-heap-l1-1-0
HeapAlloc
HeapCreate
HeapFree
HeapDestroy
GetProcessHeap
api-ms-win-eventing-consumer-l1-1-0
ProcessTrace
CloseTrace
OpenTraceW
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
api-ms-win-core-path-l1-1-0
PathCchRemoveBackslash
PathCchAppend
api-ms-win-power-setting-l1-1-0
PowerGetActiveScheme
api-ms-win-security-lsalookup-l2-1-0
LookupAccountSidW
api-ms-win-security-sddl-l1-1-0
ConvertSidToStringSidW
api-ms-win-eventing-controller-l1-1-0
ControlTraceW
EnableTraceEx2
TraceSetInformation
StartTraceW
api-ms-win-core-synch-l1-2-0
SleepConditionVariableSRW
Sleep
WakeAllConditionVariable
api-ms-win-core-util-l1-1-0
EncodePointer
DecodePointer
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
api-ms-win-eventing-tdh-l1-1-0
TdhUnloadManifest
TdhGetProperty
TdhGetEventInformation
TdhGetPropertySize
powrprof
PowerReadACValueIndex
PowerReadDCValueIndex
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
oleaut32
SysAllocString
VariantClear
GetErrorInfo
SysFreeString
Exports
Exports
EnergyWizard_Analyze
EnergyWizard_CancelTrace
EnergyWizard_CollectTrace
EnergyWizard_CreateEnergyWizard
EnergyWizard_DefaultTraceDuration
EnergyWizard_DestroyEnergyWizard
EnergyWizard_GetLogEntryCounts
EnergyWizard_SaveReport
EnergyWizard_SqmAnalysis
EnergyWizard_TransformReport
SaveBatteryReport
SaveSleepStudyReport
SaveSystemSleepDiagnosticsReport
SendScreenOnTelemetry
TransformBatteryReport
TransformSleepStudyReport
TransformSystemSleepDiagnosticsReport
Sections
.text Size: 449KB - Virtual size: 449KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 172KB - Virtual size: 171KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 112B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
enterprisecsps/enterprisecsps.dll.dll windows:10 windows x64 arch:x64
Password: as
ffba186bc5ad0ddf6c81eb2959a5a51b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
enterprisecsps.pdb
Imports
dmenterprisediagnostics
RecordDiagnosticsError
msvcp110_win
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Orphan_all@_Container_base0@std@@QEAAXXZ
?_Xbad_function_call@std@@YAXXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDH@std@@QEBAHAEAHPEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?swap@?$basic_ostream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
?swap@?$basic_istream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
?_Getcat@?$codecvt@DDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?endl@std@@YAAEAV?$basic_ostream@GU?$char_traits@G@std@@@1@AEAV21@@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?_Add_vtordisp1@?$basic_ios@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?uncaught_exception@std@@YA_NXZ
??_7facet@locale@std@@6B@
_Wcsxfrm
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??1?$codecvt@GDH@std@@MEAA@XZ
??_7codecvt_base@std@@6B@
??_7?$codecvt@GDH@std@@6B@
?in@?$codecvt@GDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAG3AEAPEAG@Z
??0?$codecvt@GDH@std@@QEAA@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?id@?$codecvt@GDH@std@@2V0locale@2@A
?_Getcat@?$codecvt@GDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??_7_Facet_base@std@@6B@
_Wcscoll
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$collate@G@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@G@std@@2V0locale@2@A
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Add_vtordisp1@?$basic_istream@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Add_vtordisp2@?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
??Bid@locale@std@@QEAA_KXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_BADOFF@std@@3_JB
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Add_vtordisp2@?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Add_vtordisp1@?$basic_istream@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Add_vtordisp2@?$basic_ios@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Add_vtordisp1@?$basic_ios@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?out@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
msvcrt
fputc
fflush
fclose
_wtoi
fwrite
fgetpos
setvbuf
ungetc
fgetc
??3@YAXPEAX@Z
__CxxFrameHandler3
??_V@YAXPEAX@Z
_vsnwprintf
memcpy_s
_purecall
fsetpos
_fseeki64
ldiv
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
__C_specific_handler
wcsncpy_s
malloc
free
_wcsicmp
swscanf
wcschr
memmove_s
wcstoul
_wcsnicmp
wcsstr
__ExceptionPtrCreate
__ExceptionPtrCopy
wcstok_s
__ExceptionPtrDestroy
?what@exception@@UEBAPEBDXZ
?terminate@@YAXXZ
__ExceptionPtrCurrentException
__ExceptionPtrRethrow
??8type_info@@QEBAHAEBV0@@Z
wcsrchr
toupper
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
??0bad_cast@@QEAA@AEBV0@@Z
realloc
strchr
swprintf_s
srand
rand
??0exception@@QEAA@AEBQEBD@Z
sprintf_s
strncpy_s
_set_errno
_errno
strtol
strrchr
wcsncmp
_wcslwr
towlower
wcstol
_fpclass
wcscpy_s
_callnewh
_XcptFilter
_amsg_exit
_initterm
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_CxxThrowException
__RTDynamicCast
memcmp
memcpy
memmove
memset
wcscmp
ntdll
RtlNtStatusToDosErrorNoTeb
RtlVirtualUnwind
NtDeleteWnfStateName
RtlCaptureContext
RtlIsMultiUsersInSessionSku
RtlNtStatusToDosError
RtlGetDeviceFamilyInfoEnum
WinSqmSetDWORD
WinSqmStartSession
WinSqmEndSession
RtlIsStateSeparationEnabled
NtCreateWnfStateName
RtlLookupFunctionEntry
RtlPublishWnfStateData
api-ms-win-core-libraryloader-l1-2-0
LoadResource
SizeofResource
LoadLibraryExW
FreeLibrary
GetModuleFileNameA
GetModuleFileNameW
FindStringOrdinal
GetModuleHandleW
LoadLibraryExA
GetModuleHandleExW
GetProcAddress
FindResourceExW
LoadStringW
DisableThreadLibraryCalls
api-ms-win-core-synch-l1-1-0
WaitForSingleObjectEx
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockShared
ReleaseSRWLockExclusive
ReleaseSRWLockShared
CreateSemaphoreExW
CreateEventW
InitializeCriticalSection
ResetEvent
ReleaseSemaphore
CreateMutexExW
OpenEventW
WaitForSingleObject
ReleaseMutex
AcquireSRWLockExclusive
CreateEventExW
SetEvent
OpenSemaphoreW
EnterCriticalSection
api-ms-win-core-heap-l1-1-0
HeapFree
HeapAlloc
GetProcessHeap
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError
RaiseException
api-ms-win-core-processthreads-l1-1-0
TerminateThread
GetCurrentThread
GetCurrentThreadId
GetCurrentProcessId
CreateProcessAsUserW
GetCurrentProcess
OpenProcessToken
CreateThread
TerminateProcess
OpenThreadToken
CreateProcessW
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-debug-l1-1-0
DebugBreak
IsDebuggerPresent
OutputDebugStringW
OutputDebugStringA
api-ms-win-core-handle-l1-1-0
DuplicateHandle
CloseHandle
oleaut32
VariantInit
SysFreeString
VariantClear
SysAllocStringLen
VariantChangeType
SystemTimeToVariantTime
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SysStringLen
VariantTimeToSystemTime
VariantCopy
VariantChangeTypeEx
SafeArrayUnaccessData
SafeArrayCreate
SysAllocString
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
SafeArrayGetDim
SafeArrayGetElement
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
api-ms-win-eventing-provider-l1-1-0
EventRegister
EventProviderEnabled
EventSetInformation
EventActivityIdControl
EventUnregister
EventWriteTransfer
api-ms-win-core-string-l2-1-0
CharNextW
CharLowerBuffW
api-ms-win-core-registry-l1-1-0
RegDeleteKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegGetValueW
RegEnumValueW
RegCreateKeyExW
RegDeleteTreeW
RegDeleteValueW
RegQueryValueExW
RegEnumKeyExW
RegOpenCurrentUser
RegSetValueExW
api-ms-win-core-string-l1-1-0
CompareStringW
MultiByteToWideChar
api-ms-win-core-heap-l2-1-0
LocalFree
GlobalFree
LocalAlloc
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
crypt32
CryptExportPublicKeyInfo
CertCloseStore
CertOpenStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertCreateCertificateContext
CertFindExtension
CryptDecodeObjectEx
CertRDNValueToStrW
CertGetNameStringW
CryptHashCertificate2
CertAddEncodedCertificateToStore
CertDeleteCertificateFromStore
CertAddCertificateContextToStore
CertVerifyCertificateChainPolicy
CertGetCertificateContextProperty
CryptBinaryToStringW
CryptSetKeyIdentifierProperty
CryptProtectData
CryptUnprotectData
CryptDecryptMessage
CryptAcquireCertificatePrivateKey
CertGetCertificateChain
CertFreeCertificateChain
api-ms-win-core-sysinfo-l1-1-0
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetTickCount64
GetSystemWindowsDirectoryW
GetLocalTime
GetSystemInfo
GetComputerNameExW
GetWindowsDirectoryW
rpcrt4
UuidCreate
UuidFromStringW
RpcBindingCreateW
UuidToStringW
RpcStringFreeW
RpcBindingFree
RpcBindingBind
I_RpcExceptionFilter
NdrClientCall3
api-ms-win-core-synch-l1-2-0
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
Sleep
api-ms-win-core-threadpool-l1-2-0
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
api-ms-win-core-registry-l1-1-1
RegDeleteKeyValueW
RegSetKeyValueW
api-ms-win-core-winrt-string-l1-1-0
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference
api-ms-win-core-winrt-l1-1-0
RoGetActivationFactory
RoUninitialize
RoActivateInstance
RoInitialize
api-ms-win-security-sddl-l1-1-0
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
api-ms-win-core-realtime-l1-1-1
QueryUnbiasedInterruptTimePrecise
api-ms-win-core-shutdown-l1-1-0
InitiateSystemShutdownExW
api-ms-win-security-base-l1-1-0
GetTokenInformation
AdjustTokenPrivileges
api-ms-win-security-lsalookup-l2-1-0
LookupPrivilegeValueW
api-ms-win-core-winrt-error-l1-1-0
RoOriginateError
SetRestrictedErrorInfo
ncrypt
NCryptGetProperty
NCryptDeleteKey
NCryptOpenStorageProvider
NCryptCreatePersistedKey
NCryptSetProperty
NCryptFreeObject
NCryptOpenKey
iphlpapi
GetAdaptersAddresses
GetIfEntry2
ws2_32
InetNtopW
api-ms-win-core-winrt-error-l1-1-1
RoGetMatchingRestrictedErrorInfo
api-ms-win-core-timezone-l1-1-0
SystemTimeToFileTime
FileTimeToSystemTime
api-ms-win-core-file-l1-1-0
FindFirstFileW
RemoveDirectoryW
FindClose
CreateFileW
WriteFile
FindNextFileW
GetFullPathNameW
FileTimeToLocalFileTime
DeleteFileW
GetFileAttributesW
CreateDirectoryW
ReadFile
api-ms-win-core-path-l1-1-0
PathCchRemoveFileSpec
PathCchAppend
PathCchSkipRoot
PathAllocCombine
PathCchCombine
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
cryptsp
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
api-ms-win-core-registry-l2-1-0
RegDeleteKeyW
RegEnumKeyW
api-ms-win-core-kernel32-legacy-l1-1-0
GetSystemPowerStatus
GetNamedPipeClientProcessId
api-ms-win-core-string-obsolete-l1-1-0
lstrlenA
lstrcmpiW
api-ms-win-core-heap-obsolete-l1-1-0
GlobalUnlock
GlobalLock
omadmapi
ord34
ord44
ord47
ord23
ord52
ord22
ord53
ord56
ord27
ord54
ord166
ord78
ord24
dmcmnutils
OmDmRegistryAllocAndGetString
SafeWideCharToMultiByte
DmRaiseToastNotification
DmDisableTask
OmaDmRegistryGetString
OmaDmRegistryGetDWORD
OmaDmRegistryDeleteValue
OmaDmRegistrySetDWORD
OmaDmRegistrySetString
HexStringToBinary
DecodeBase64W
OmaDmRegistryGetBinary
BinaryToHexString
BigStrcat
DmDeleteTask
IsPhoneOS
OmaDmRegistryGetAllSubKeys
DMGetClientHardwareUID
CopyString
DmRevertToSelf
InvStrCmpIW
DmGetActiveUserSid
DmImpersonate
DmGetCurrentUserSid
OmaDmRegistrySetBinary
OmaDmRegistryGetAllValues
DmEnableTask
MBToUnicode
UnicodeToMB
EncodeBase64W
CreateBstrArray
dmiso8601utils
FileTimeToISO8601String
SystemTimeToISO8601String
dmcfgutils
SyncGetDeviceUniqueID
policymanager
EnterprisePolicyManagerStore_EvaluatePoliciesUpdateCurrent
EnterprisePolicyManagerStore_GetEnrollmentTypeFromEnrollment
EnterprisePolicyManagerStore_CSPResultAreaGetChildNodeNames
EnterprisePolicyManagerStore_DoesProviderExist
EnterprisePolicyManagerStore_CreateProviderHive
EnterprisePolicyManagerStore_GetAllProviderContextSidAreas
EnterprisePolicyManagerStore_CSPConfigSourceDeleteChild
EnterprisePolicyManagerStore_CSPConfigSourceAreaCreateNodeInstance
EnterprisePolicyManagerStore_EnsureProviderContextSidAreaExist
EnterprisePolicyManagerStore_CSPConfigSourceAreaGetChildNodeNames
EnterprisePolicyManagerStore_IsValidArea
EnterprisePolicyManagerStore_CSPConfigSourceAreaDeleteChild
EnterprisePolicyManagerStore_CSPConfigSourceAreaPolicyCreateNodeInstance
EnterprisePolicyManagerStore_CSPConfigSourceAreaPolicyGetValue
EnterprisePolicyManagerStore_CSPConfigSourceAreaPolicySetValue
EnterprisePolicyManagerStore_IsValidPolicy
EnterprisePolicyManagerStore_CSPResultAreaPolicyGetValue
EnterprisePolicyManagerStore_IsPolicyAreaForIngestedAdmx
EnterprisePolicyManagerStore_DeleteEnrollmentAdmxMetadata
EnterprisePolicyManagerStore_GetPolicyTypeFromMetadata
EnterprisePolicyManagerStore_CSPResultGetAreaChildNodeNames
EnterprisePolicyManagerStore_IsADMXIngestionAllowed
EnterprisePolicyManagerStore_DeleteEnrollmentAppAdmxMetadata
EnterprisePolicyManagerStore_DeleteEnrollmentAppSettingTypeAdmxMetadata
EnterprisePolicyManagerStore_GetAdmxFileData
EnterprisePolicyManagerStore_VerifyAdmxPoliciesAreNotSet
EnterprisePolicyManagerStore_IngestAdmxTextBlob
EnterprisePolicyManagerStore_DoesProviderContextSidAreaPolicyValueExist
EnterprisePolicyManagerStore_SetProviderContextSidAreaPolicyValue
EnterprisePolicyManagerStore_DeleteProvider
EnterprisePolicyManagerStore_GetCurrentPolicyValue
EnterprisePolicyManagerStore_GetAllCurrentSidAreaPolicies
EnterprisePolicyManagerStore_GetAllProviderContextSidAreaPolicies
EnterprisePolicyManagerStore_DeleteProviderContextSidAreaPolicy
EnterprisePolicyManagerStore_GetProviderContextSidAreaPolicyValue
EnterprisePolicyManagerStore_PublishAnyDelayedWnfs
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
xmllite
CreateXmlReader
CreateXmlWriter
CreateXmlWriterOutputWithEncodingName
CreateXmlReaderInputWithEncodingName
api-ms-win-shcore-stream-l1-1-0
SHCreateMemStream
SHCreateStreamOnFileW
combase
ord154
api-ms-win-shcore-registry-l1-1-0
SHCopyKeyW
sspicli
GetUserNameExW
api-ms-win-core-processthreads-l1-1-1
GetProcessMitigationPolicy
api-ms-win-core-file-l2-1-0
GetFileInformationByHandleEx
api-ms-win-service-management-l2-1-0
QueryServiceStatusEx
api-ms-win-service-management-l1-1-0
CloseServiceHandle
OpenSCManagerW
StartServiceW
OpenServiceW
api-ms-win-core-namedpipe-l1-1-0
CreateNamedPipeW
ConnectNamedPipe
api-ms-win-core-memory-l1-1-0
VirtualProtect
VirtualQuery
certenroll
ord45
Exports
Exports
DllCanUnloadNow
DllGetClassObject
Sections
.text Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 518KB - Virtual size: 517KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 27KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 53KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 512B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
enterprisecsps/filemgmt.dll.dll regsvr32 windows:10 windows x64 arch:x64
Password: as
89122c235f124c1d01afc6dc2575d168
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
filemgmt.pdb
Imports
mfc42u
ord2586
ord4741
ord3743
ord822
ord3774
ord867
ord3892
ord1033
ord2329
ord6614
ord6418
ord2661
ord4131
ord1498
ord6351
ord2781
ord2393
ord4860
ord2593
ord4747
ord3501
ord3806
ord912
ord4795
ord4894
ord4846
ord852
ord1035
ord4257
ord4262
ord6395
ord6385
ord2906
ord3396
ord3894
ord337
ord2326
ord4557
ord5245
ord1286
ord3761
ord5702
ord665
ord4612
ord1043
ord3754
ord629
ord599
ord6734
ord3182
ord2801
ord1264
ord5694
ord2666
ord1787
ord3177
ord2377
ord6632
ord2324
ord4344
ord1781
ord2665
ord2379
ord2316
ord4521
ord4127
ord4601
ord3003
ord1657
ord2474
ord1082
ord288
ord812
ord1544
ord1586
ord1555
ord1583
ord1585
ord355
ord1477
ord1553
ord1416
ord1491
ord1577
ord1067
ord3751
ord3535
ord5229
ord5712
ord4743
ord1778
ord6440
ord2589
ord4542
ord1566
ord832
ord2023
ord2422
ord1906
ord1499
ord1442
ord2975
ord625
ord6216
ord5585
ord5583
ord5304
ord5114
ord5352
ord4699
ord5687
ord4722
ord5246
ord5406
ord2517
ord6437
ord4365
ord1777
ord4752
ord5663
ord2399
ord5586
ord6812
ord4694
ord5709
ord4017
ord5227
ord4789
ord2670
ord2060
ord6814
ord3933
ord5484
ord1736
ord5683
ord2457
ord2140
ord5699
ord4988
ord4771
ord3868
ord4548
ord6328
ord6147
ord5584
ord6767
ord5077
ord2764
ord2328
ord2311
ord2384
ord5382
ord999
ord549
ord4582
ord2629
ord6708
ord6705
ord2371
ord6813
ord4836
ord2559
ord2515
ord6071
ord4191
ord1388
ord5615
ord2412
ord3468
ord5722
ord5724
ord4368
ord5065
ord5730
ord5711
ord6053
ord3049
ord3243
ord3362
ord4815
ord3231
ord3366
ord3052
ord3166
ord3046
ord3534
ord4082
ord4083
ord4077
ord3164
ord4371
ord4983
ord4770
ord3916
ord1426
ord2752
ord4214
ord1063
ord659
ord1562
ord1647
ord1441
ord2856
ord6050
ord621
ord4436
ord4523
ord2676
ord1677
ord1463
ord3790
ord3830
ord286
ord1574
ord2427
ord3740
ord1284
ord5887
ord2979
ord1287
ord2846
ord4473
ord5719
ord2408
ord287
ord620
ord1122
ord3873
ord568
ord1355
ord5950
ord1483
ord6880
ord626
ord5935
ord6886
ord1126
ord1040
ord624
ord1006
ord4721
ord6887
msvcrt
__RTDynamicCast
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_vsnwprintf
_wtoi64
_wcsnicmp
wcschr
calloc
iswspace
wcsstr
wcsncmp
_wcsicmp
??_V@YAXPEAX@Z
malloc
free
__C_specific_handler
__CxxFrameHandler3
_purecall
memset
atl
ord32
ord16
ord21
ord15
ord18
ord22
ntdll
RtlCaptureContext
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlLookupFunctionEntry
RtlVirtualUnwind
advapi32
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
GetLengthSid
CopySid
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeAcl
AddAccessAllowedAce
EnumServicesStatusW
RegDeleteValueW
GetUserNameW
RegConnectRegistryW
IsWellKnownSid
RevertToSelf
MapGenericMask
AllocateAndInitializeSid
MakeSelfRelativeSD
FreeSid
GetSecurityDescriptorLength
GetSecurityDescriptorControl
LsaOpenPolicy
LsaFreeMemory
LsaClose
LsaSetSystemAccessAccount
LsaGetSystemAccessAccount
LsaCreateAccount
LsaOpenAccount
GetSidSubAuthority
GetSidSubAuthorityCount
LsaLookupNames
user32
SetWindowsHookExW
GetWindowThreadProcessId
FindWindowExW
GetDlgCtrlID
GetSystemMetrics
GetWindowRect
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
EnumThreadWindows
IsWindowVisible
GetDesktopWindow
GetFocus
GetWindowLongW
SetActiveWindow
SetWindowTextW
GetClientRect
ShowWindow
MessageBoxW
PostMessageW
GetParent
LoadImageW
UnhookWindowsHookEx
GetActiveWindow
LoadBitmapW
WinHelpW
EnableWindow
SetDlgItemTextW
EndDialog
GetWindowLongPtrW
GetDlgItemTextW
IsDlgButtonChecked
SetFocus
SetWindowLongPtrW
GetDlgItem
SendMessageW
RegisterClipboardFormatW
LoadStringW
DialogBoxParamW
LoadIconW
CallNextHookEx
version
GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW
gdi32
DeleteObject
cfgmgr32
CM_Set_HW_Prof_Flags_ExW
CM_Disconnect_Machine
CM_Connect_MachineW
CM_Get_HW_Prof_Flags_ExW
kernel32
GetLastError
GetModuleFileNameW
GetCurrentThreadId
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
lstrcmpiW
GetProcAddress
SetLastError
DeactivateActCtx
LoadLibraryW
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
GetModuleHandleExW
QueryActCtxW
GetModuleHandleW
OutputDebugStringA
CreateThread
WaitForSingleObject
DuplicateHandle
GlobalLock
GlobalUnlock
GlobalFree
ResolveDelayLoadedAPI
DelayLoadFailureHook
GetCurrentProcess
CloseHandle
GetCurrentThread
InitializeCriticalSection
DeleteCriticalSection
FormatMessageW
LocalFree
GetSystemWindowsDirectoryW
ResumeThread
LocalAlloc
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
ReleaseActCtx
lstrlenW
CreateProcessW
GetExitCodeProcess
GetComputerNameExW
CreateEventW
Sleep
GlobalAlloc
LoadLibraryExW
GetCommandLineW
FreeLibrary
CompareStringW
GetComputerNameW
WideCharToMultiByte
SetEvent
lstrcmpW
Exports
Exports
CacheSettingsDlg
CacheSettingsDlg2
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 228KB - Virtual size: 227KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 136KB - Virtual size: 136KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1024B - Virtual size: 560B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
kdnet/kernel32.dll.dll windows:10 windows x64 arch:x64
Password: as
504648a47926611a0869d2a6c53023c8
Code Sign
33:00:00:03:80:e4:bb:91:f3:18:fd:8e:9a:00:00:00:00:03:80Certificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before10-03-2022 19:24Not After08-03-2023 19:24SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19-10-2011 18:41Not After19-10-2026 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
13:92:9c:6c:e6:95:de:66:14:52:fb:77:d9:b1:fd:e7:8a:30:78:5c:15:bc:e9:07:81:0d:2d:b5:15:51:bd:60Signer
Actual PE Digest13:92:9c:6c:e6:95:de:66:14:52:fb:77:d9:b1:fd:e7:8a:30:78:5c:15:bc:e9:07:81:0d:2d:b5:15:51:bd:60Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
kernel32.pdb
Imports
api-ms-win-core-rtlsupport-l1-1-0
RtlUnwindEx
RtlVirtualUnwind
RtlRaiseException
RtlRestoreContext
RtlLookupFunctionEntry
RtlInstallFunctionTableCallback
RtlCompareMemory
RtlDeleteFunctionTable
RtlAddFunctionTable
RtlPcToFileHeader
RtlUnwind
RtlCaptureStackBackTrace
RtlCaptureContext
ntdll
_wcslwr
RtlGetUILanguageInfo
EtwEventEnabled
RtlpConvertLCIDsToCultureNames
NtEnumerateKey
RtlIntegerToUnicodeString
RtlTimeToTimeFields
RtlTimeFieldsToTime
RtlUnhandledExceptionFilter
NtTerminateProcess
wcsncmp
wcsncpy
LdrFindResourceEx_U
RtlReadThreadProfilingData
RtlQueryThreadProfiling
RtlDisableThreadProfiling
RtlNtStatusToDosErrorNoTeb
RtlEnableThreadProfiling
NtMapUserPhysicalPagesScatter
RtlDecodeSystemPointer
bsearch
RtlComputeImportTableHash
RtlFindActivationContextSectionGuid
RtlQueryActivationContextApplicationSettings
RtlSubAuthorityCountSid
LdrResFindResourceDirectory
RtlQueryInformationActivationContext
TpSetPoolStackInformation
TpAllocWait
NtDeleteValueKey
NtSetValueKey
towlower
RtlUnicodeStringToInteger
RtlLCIDToCultureName
RtlSizeHeap
RtlpConvertCultureNamesToLCIDs
NtQueryInstallUILanguage
EtwEventUnregister
EtwEventWrite
EtwEventRegister
RtlExpandEnvironmentStrings_U
RtlPublishWnfStateData
NtQueryLicenseValue
_wtol
memmove_s
RtlGUIDFromString
sin
TpAllocTimer
TpAllocIoCompletion
RtlSetThreadPreferredUILanguages
RtlMultiAppendUnicodeStringBuffer
swprintf_s
RtlImageNtHeaderEx
NtMapViewOfSection
NtCreateSection
RtlDosPathNameToNtPathName_U_WithStatus
RtlGetActiveActivationContext
RtlDeactivateActivationContext
RtlActivateActivationContext
RtlZombifyActivationContext
RtlReleaseActivationContext
RtlAddRefActivationContext
RtlCreateActivationContext
RtlGetLengthWithoutLastFullDosOrNtPathElement
RtlpApplyLengthFunction
RtlGetFullPathName_U
RtlDoesFileExists_U
RtlDetermineDosPathNameType_U
RtlpEnsureBufferSize
DbgPrintEx
NtUnmapViewOfSection
RtlQueryPackageClaims
tolower
atol
toupper
isdigit
NtQueryInformationThread
RtlEnterUmsSchedulingMode
RtlCreateUmsThreadContext
TpAllocWork
RtlSetUmsThreadInformation
RtlQueryUmsThreadInformation
RtlGetNextUmsListItem
RtlGetCurrentUmsThread
RtlDeleteUmsCompletionList
RtlUmsThreadYield
RtlExecuteUmsThread
RtlGetUmsCompletionListEvent
RtlDequeueUmsCompletionListItems
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlCreateUmsCompletionList
RtlDestroyEnvironment
RtlCreateEnvironmentEx
RtlCreateEnvironment
NtQueryEvent
RtlCreateUnicodeString
NtRaiseHardError
RtlFreeAnsiString
RtlFreeOemString
RtlGetCurrentDirectory_U
wcsrchr
_wcsnicmp
RtlUnicodeStringToOemString
NtQueryVolumeInformationFile
CsrFreeCaptureBuffer
CsrAllocateMessagePointer
CsrAllocateCaptureBuffer
RtlEqualUnicodeString
RtlUnicodeStringToAnsiString
RtlExitUserThread
RtlAddIntegrityLabelToBoundaryDescriptor
RtlQueryProtectedPolicy
NtReplacePartitionUnit
RtlCompareUnicodeString
RtlExitUserProcess
RtlInitUnicodeStringEx
RtlQueryPackageIdentity
EtwEventWriteNoRegistration
RtlWow64LogMessageInEventLogger
LdrUnloadDll
LdrGetProcedureAddress
LdrLoadDll
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlFormatCurrentUserKeyPath
NtQueryValueKey
RtlEqualSid
RtlSubAuthoritySid
RtlInitializeSid
NtQueryInformationToken
NtOpenProcessToken
NtSetInformationThread
NtOpenThreadToken
RtlReleaseSRWLockExclusive
RtlQueryRegistryValuesEx
NtOpenKey
RtlAcquireSRWLockExclusive
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
RtlInitAnsiStringEx
NtIsSystemResumeAutomatic
NtInitiatePowerAction
RtlIsNameLegalDOS8Dot3
RtlGetCurrentProcessorNumberEx
NtWaitForSingleObject
NtCreateEvent
RtlSetSearchPathMode
LdrGetDllDirectory
RtlUnlockHeap
RtlGetUserInfoHeap
RtlLockHeap
RtlDeregisterSecureMemoryCacheCallback
RtlRegisterSecureMemoryCacheCallback
RtlCompactHeap
NtFsControlFile
NtOpenFile
NtClose
LdrAddRefDll
NtQueryInformationFile
NtSetInformationFile
wcscpy_s
RtlGetActiveConsoleId
RtlDeactivateActivationContextUnsafeFast
RtlActivateActivationContextUnsafeFast
RtlNtStatusToDosError
RtlFreeUnicodeString
RtlWow64GetThreadSelectorEntry
NtSetInformationDebugObject
DbgUiGetThreadDebugObject
DbgUiIssueRemoteBreakin
NtSetSystemInformation
NtQueryInformationProcess
RtlSetCurrentTransaction
RtlGetCurrentTransaction
RtlSetLastWin32Error
CsrClientCallServer
LdrDisableThreadCalloutsForDll
TpCallbackMayRunLong
TpAllocCleanupGroup
TpSimpleTryPost
TpAllocPool
TpQueryPoolStackInformation
RtlDeleteUmsThreadContext
TpSetPoolMinThreads
CsrVerifyRegion
RtlCharToInteger
RtlInitAnsiString
RtlUpcaseUnicodeChar
RtlUnicodeToMultiByteSize
RtlDestroyAtomTable
NtFindAtom
NtQueryInformationAtom
RtlAddAtomToAtomTable
NtAddAtomEx
NtDeleteAtom
RtlCreateAtomTable
RtlDeleteAtomFromAtomTable
RtlLookupAtomInAtomTable
RtlQueryAtomInAtomTable
RtlDnsHostNameToComputerName
RtlPrefixString
NtFlushKey
_memicmp
RtlxUnicodeStringToAnsiSize
RtlEnterCriticalSection
wcschr
wcsstr
RtlLeaveCriticalSection
NtCreateKey
NtCreateFile
RtlCreateUnicodeStringFromAsciiz
wcsncpy_s
wcscspn
NtCreateJobSet
RtlReleasePrivilege
NtSetInformationJobObject
NtQueryInformationJobObject
NtCreateJobObject
RtlAcquirePrivilege
NtAssignProcessToJobObject
NtTerminateJobObject
NtOpenJobObject
RtlLengthSecurityDescriptor
NtSetEaFile
NtSetSecurityObject
NtQueryEaFile
NtQuerySecurityObject
LdrQueryImageFileKeyOption
LdrOpenImageFileOptionsKey
RtlQueryElevationFlags
NtSetInformationProcess
RtlRaiseStatus
NtQuerySection
NtFreeVirtualMemory
NtWriteFile
NtEnumerateValueKey
RtlEqualString
RtlUnicodeToMultiByteN
strncpy_s
NtUnlockFile
RtlDosPathNameToNtPathName_U
NtReadFile
NtLockFile
RtlCopyUnicodeString
CsrCaptureMessageString
RtlIsTextUnicode
NtAllocateVirtualMemory
RtlGetLongestNtPathLength
RtlPrefixUnicodeString
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
RtlDosPathNameToRelativeNtPathName_U
RtlReleaseRelativeName
RtlSetIoCompletionCallback
RtlDeregisterWait
RtlRegisterWait
RtlImageDirectoryEntryToData
NtQueryVirtualMemory
RtlCreateBoundaryDescriptor
NtProtectVirtualMemory
RtlGetThreadErrorMode
NtCreateMailslotFile
RtlDestroyQueryDebugBuffer
RtlQueryProcessDebugInformation
RtlCreateQueryDebugBuffer
NtQueryDirectoryFile
strcpy_s
RtlFindActivationContextSectionString
LdrSetDllDirectory
LdrFindResource_U
RtlSwitchedVVI
NtQueryWnfStateData
NtPowerInformation
NtGetDevicePowerState
NtSetThreadExecutionState
NtSetSystemEnvironmentValueEx
NtQuerySystemEnvironmentValueEx
RtlInitString
NtSetVolumeInformationFile
NtDeviceIoControlFile
RtlIsValidHandle
RtlAllocateHandle
RtlReAllocateHeap
RtlFreeHandle
RtlSetUserValueHeap
RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
strchr
RtlSetEnvironmentStrings
RtlOemStringToUnicodeString
wcscat_s
RtlAllocateAndInitializeSid
RtlQueryEnvironmentVariable_U
NtQueryAttributesFile
RtlFreeSid
strrchr
NtQueryFullAttributesFile
TpCaptureCaller
RtlWow64EnableFsRedirection
_stricmp
NtSetTimerResolution
NtQueryTimerResolution
RtlGetAppContainerSidType
RtlConvertSidToUnicodeString
RtlSetEnvironmentVariable
RtlGetAppContainerParent
RtlQueryEnvironmentVariable
CsrCaptureMessageMultiUnicodeStringsInPlace
wcsnlen
strcat_s
strnlen
NlsMbCodePageTag
RtlRunOnceExecuteOnce
RtlInitializeCriticalSection
RtlGetThreadPreferredUILanguages
NtReadVirtualMemory
LdrResSearchResource
_strnicmp
strncmp
RtlTryAcquirePebLock
RtlReleasePebLock
RtlEncodeSystemPointer
RtlGetNtSystemRoot
NtWaitForMultipleObjects
NtClearEvent
RtlWerpReportException
DbgPrint
RtlGetDeviceFamilyInfoEnum
RtlHashUnicodeString
NtApphelpCacheControl
RtlGetFullPathName_UEx
ZwClose
ZwOpenFile
ZwOpenKey
ZwEnumerateKey
ZwQueryValueKey
ZwCreateFile
ZwQueryInformationFile
ZwCreateSection
ZwQueryDirectoryFile
RtlNtPathNameToDosPathName
RtlGetNativeSystemInformation
ZwQuerySystemInformation
ZwUnmapViewOfSection
ZwMapViewOfSection
VerSetConditionMask
RtlVerifyVersionInfo
RtlGetVersion
RtlGetCurrentServiceSessionId
RtlGetSuiteMask
LdrQueryImageFileExecutionOptions
RtlInitUnicodeString
_vsnwprintf
RtlSetProtectedPolicy
LdrSetDllManifestProber
RtlSetThreadPoolStartFunc
RtlImageNtHeader
NtQuerySystemInformation
RtlFreeHeap
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlAllocateHeap
_wcsicmp
__C_specific_handler
memmove
RtlGetPersistedStateLocation
_local_unwind
cos
floor
memcmp
memcpy
memset
wcscmp
kernelbase
NotifyMountMgr
BaseFormatObjectAttributes
GetVolumeNameForVolumeMountPointW
lstrcmpW
lstrcmpiW
GetRegistryExtensionFlags
KernelBaseGetGlobalData
GlobalFree
LoadStringBaseExW
GetUnicodeStringToEightBitStringRoutine
GetUnicodeStringToEightBitSizeRoutine
CompareStringA
GetNamedPipeAttribute
AppXPreCreationExtension
AppXPostSuccessExtension
AppXReleaseAppXContext
AreFileApisANSI
CreateProcessInternalA
AppContainerLookupMoniker
AppContainerFreeMemory
CreateProcessInternalW
CreateProcessAsUserW
BasepNotifyTrackingService
CreateProcessAsUserA
EnumLanguageGroupLocalesW
PackageIdFromFullName
GetPackageFullName
GetCurrentPackageFullName
CheckIsMSIXPackage
ClosePackageInfo
AppXGetOSMaxVersionTested
GetPackageTargetPlatformProperty
GetTargetPlatformContext
OpenPackageInfoByFullNameForUser
EnumSystemLanguageGroupsW
EnumSystemLocalesEx
MoveFileWithProgressTransactedW
BasepAdjustObjectAttributesForPrivateNamespace
GetEightBitStringToUnicodeStringRoutine
GetStringTableEntry
CheckGroupPolicyEnabled
OpenRegKey
InternalLcidToName
NlsIsUserDefaultLocale
GetPtrCalDataArray
GetUserOverrideString
GetPtrCalData
Internal_EnumCalendarInfo
Internal_EnumLanguageGroupLocales
Internal_EnumSystemCodePages
Internal_EnumDateFormats
Internal_EnumUILanguages
Internal_EnumSystemLanguageGroups
NlsValidateLocale
Internal_EnumTimeFormats
GetNamedLocaleHashNode
GetUserOverrideWord
GetLocaleInfoHelper
GetCalendar
BaseDllFreeResourceId
BaseDllMapResourceIdW
CheckAllowDecryptedRemoteDestinationPolicy
PrivCopyFileExW
EnumUILanguagesW
LCIDToLocaleName
GetUserDefaultLocaleName
GetSystemDefaultLocaleName
GetEraNameCountedString
FatalAppExitW
FatalAppExitA
lstrlenW
lstrlenA
lstrcpynW
lstrcpynA
Sleep
SetFileApisToOEM
SetFileApisToANSI
PulseEvent
MapViewOfFileExNuma
LocalUnlock
LocalReAlloc
LocalLock
LocalAlloc
HeapSummary
GlobalAlloc
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetStringTypeA
GetProcAddressForCaller
BaseGetNamedObjectDirectory
api-ms-win-core-processthreads-l1-1-0
SetThreadStackGuarantee
SetProcessShutdownParameters
SetThreadPriority
SetThreadPriorityBoost
ResumeThread
QueueUserAPC
ProcessIdToSessionId
GetCurrentProcess
GetCurrentProcessId
OpenThread
GetThreadPriorityBoost
GetThreadPriority
SuspendThread
SwitchToThread
OpenProcessToken
GetExitCodeProcess
TerminateProcess
CreateProcessA
CreateProcessW
CreateRemoteThreadEx
TerminateThread
TlsAlloc
TlsFree
TlsSetValue
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
CreateRemoteThread
SetProcessAffinityUpdateMode
QueryProcessAffinityUpdateMode
GetProcessVersion
GetThreadId
GetStartupInfoW
GetProcessTimes
GetProcessId
GetExitCodeThread
GetPriorityClass
GetProcessIdOfThread
SetPriorityClass
api-ms-win-core-processthreads-l1-1-3
SetThreadIdealProcessor
SetProcessInformation
GetProcessInformation
GetProcessShutdownParameters
api-ms-win-core-processthreads-l1-1-2
SetProcessPriorityBoost
GetProcessPriorityBoost
SetThreadInformation
GetThreadInformation
GetSystemTimes
GetThreadIOPendingFlag
api-ms-win-core-processthreads-l1-1-1
SetThreadContext
OpenProcess
IsProcessorFeaturePresent
SetThreadIdealProcessorEx
FlushInstructionCache
GetThreadTimes
GetThreadIdealProcessorEx
GetProcessHandleCount
GetThreadContext
GetProcessMitigationPolicy
SetProcessMitigationPolicy
api-ms-win-core-registry-l1-1-0
RegSetValueExA
RegSetKeySecurity
RegSaveKeyExW
RegSaveKeyExA
RegRestoreKeyW
RegRestoreKeyA
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenUserClassesRoot
RegOpenKeyExA
RegOpenCurrentUser
RegNotifyChangeKeyValue
RegLoadMUIStringW
RegUnLoadKeyA
RegLoadKeyW
RegOpenKeyExW
RegGetValueW
RegCloseKey
RegCopyTreeW
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyExA
RegLoadKeyA
RegDeleteTreeA
RegDeleteTreeW
RegDeleteValueA
RegDeleteValueW
RegDisablePredefinedCacheEx
RegEnumKeyExA
RegEnumKeyExW
RegEnumValueA
RegSetValueExW
RegUnLoadKeyW
RegLoadAppKeyW
RegGetValueA
RegLoadMUIStringA
RegDeleteKeyExW
RegEnumValueW
RegFlushKey
RegGetKeySecurity
api-ms-win-core-heap-l1-1-0
HeapWalk
HeapValidate
HeapSetInformation
HeapQueryInformation
HeapLock
HeapDestroy
HeapCreate
HeapCompact
HeapReAlloc
GetProcessHeaps
HeapAlloc
GetProcessHeap
HeapFree
HeapUnlock
api-ms-win-core-heap-l2-1-0
LocalFree
api-ms-win-core-memory-l1-1-1
SetSystemFileCacheSize
ResetWriteWatch
GetWriteWatch
VirtualUnlock
VirtualLock
GetProcessWorkingSetSizeEx
SetProcessWorkingSetSizeEx
QueryMemoryResourceNotification
CreateFileMappingNumaW
CreateMemoryResourceNotification
GetLargePageMinimum
GetSystemFileCacheSize
api-ms-win-core-memory-l1-1-0
VirtualProtectEx
VirtualProtect
WriteProcessMemory
VirtualFreeEx
VirtualQuery
VirtualAllocEx
VirtualAlloc
UnmapViewOfFile
ReadProcessMemory
OpenFileMappingW
MapViewOfFileEx
MapViewOfFile
FlushViewOfFile
CreateFileMappingW
VirtualFree
VirtualQueryEx
api-ms-win-core-memory-l1-1-2
AllocateUserPhysicalPagesNuma
GetMemoryErrorHandlingCapabilities
UnregisterBadMemoryNotification
VirtualAllocExNuma
RegisterBadMemoryNotification
MapUserPhysicalPages
FreeUserPhysicalPages
AllocateUserPhysicalPages
api-ms-win-core-handle-l1-1-0
CloseHandle
SetHandleInformation
GetHandleInformation
DuplicateHandle
api-ms-win-core-synch-l1-1-0
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
WaitForMultipleObjectsEx
SleepEx
CreateMutexExA
CreateMutexA
CreateEventW
CreateEventExW
CreateEventExA
EnterCriticalSection
WaitForSingleObjectEx
LeaveCriticalSection
CreateEventA
SetWaitableTimer
SetEvent
ResetEvent
ReleaseSemaphore
ReleaseMutex
OpenWaitableTimerW
OpenSemaphoreW
OpenMutexW
OpenEventW
OpenEventA
InitializeCriticalSectionEx
CancelWaitableTimer
InitializeCriticalSectionAndSpinCount
CreateWaitableTimerExW
CreateSemaphoreExW
CreateMutexW
CreateMutexExW
api-ms-win-core-synch-l1-2-1
CreateSemaphoreW
WaitForMultipleObjects
api-ms-win-core-synch-l1-2-0
DeleteSynchronizationBarrier
InitializeSynchronizationBarrier
EnterSynchronizationBarrier
SignalObjectAndWait
InitOnceExecuteOnce
api-ms-win-core-file-l1-1-0
GetFileAttributesExA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileAttributesA
GetFileSizeEx
GetDriveTypeW
GetDriveTypeA
GetFileTime
GetDiskFreeSpaceW
FindFirstFileW
FindFirstVolumeW
FindNextChangeNotification
GetDiskFreeSpaceExW
GetDiskFreeSpaceExA
FileTimeToLocalFileTime
DeleteVolumeMountPointW
DeleteFileW
DeleteFileA
DefineDosDeviceW
CreateFileW
CreateFileA
GetFileType
FindNextFileA
FindNextFileW
FindNextVolumeW
GetFinalPathNameByHandleA
GetFinalPathNameByHandleW
GetFullPathNameA
GetFullPathNameW
GetLogicalDriveStringsW
GetTempFileNameW
GetVolumeInformationByHandleW
GetVolumeInformationW
GetVolumePathNameW
LocalFileTimeToFileTime
LockFile
LockFileEx
QueryDosDeviceW
ReadFile
ReadFileEx
ReadFileScatter
RemoveDirectoryA
RemoveDirectoryW
SetEndOfFile
SetFileAttributesA
SetFileAttributesW
SetFileInformationByHandle
SetFilePointer
SetFilePointerEx
SetFileTime
SetFileValidData
UnlockFile
UnlockFileEx
WriteFile
GetDiskFreeSpaceA
WriteFileEx
WriteFileGather
FindVolumeClose
FlushFileBuffers
CreateDirectoryW
CreateDirectoryA
CompareFileTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExA
FindFirstFileExW
api-ms-win-core-file-l1-2-0
GetVolumePathNamesForVolumeNameW
CreateFile2
GetTempPathW
api-ms-win-core-file-l1-2-2
GetTempPathA
GetTempFileNameA
FindFirstStreamW
FindFirstFileNameW
FindNextFileNameW
GetVolumeInformationA
api-ms-win-core-file-l1-2-1
GetCompressedFileSizeW
SetFileIoOverlappedRange
GetCompressedFileSizeA
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-io-l1-1-0
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatusEx
GetQueuedCompletionStatus
CancelIoEx
GetOverlappedResult
DeviceIoControl
api-ms-win-core-io-l1-1-1
CancelSynchronousIo
CancelIo
api-ms-win-core-job-l1-1-0
IsProcessInJob
api-ms-win-core-threadpool-legacy-l1-1-0
ChangeTimerQueueTimer
CreateTimerQueue
UnregisterWaitEx
CreateTimerQueueTimer
QueueUserWorkItem
DeleteTimerQueueTimer
DeleteTimerQueueEx
api-ms-win-core-threadpool-private-l1-1-0
RegisterWaitForSingleObjectEx
api-ms-win-core-largeinteger-l1-1-0
MulDiv
api-ms-win-core-libraryloader-l1-2-2
EnumResourceNamesW
api-ms-win-core-libraryloader-l1-2-0
FindStringOrdinal
LoadLibraryExW
GetModuleHandleW
GetProcAddress
FreeLibraryAndExitThread
FreeResource
GetModuleFileNameA
GetModuleFileNameW
FreeLibrary
GetModuleHandleA
EnumResourceTypesExW
GetModuleHandleExA
GetModuleHandleExW
EnumResourceTypesExA
EnumResourceNamesExA
EnumResourceLanguagesExW
EnumResourceLanguagesExA
SizeofResource
DisableThreadLibraryCalls
LoadResource
LoadLibraryExA
EnumResourceNamesExW
FindResourceExW
LockResource
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
LoadLibraryA
FindResourceW
api-ms-win-core-libraryloader-l2-1-0
LoadPackagedLibrary
api-ms-win-core-namedpipe-l1-2-2
CallNamedPipeW
api-ms-win-core-namedpipe-l1-1-0
CreateNamedPipeW
CreatePipe
DisconnectNamedPipe
GetNamedPipeClientComputerNameW
TransactNamedPipe
WaitNamedPipeW
SetNamedPipeHandleState
ConnectNamedPipe
PeekNamedPipe
api-ms-win-core-namedpipe-l1-2-1
GetNamedPipeHandleStateW
api-ms-win-core-datetime-l1-1-0
GetDateFormatA
GetTimeFormatA
GetTimeFormatW
GetDateFormatW
api-ms-win-core-datetime-l1-1-1
GetTimeFormatEx
GetDateFormatEx
api-ms-win-core-datetime-l1-1-2
GetDurationFormatEx
api-ms-win-core-sysinfo-l1-2-0
SetComputerNameExW
EnumSystemFirmwareTables
GetSystemTimePreciseAsFileTime
SetSystemTime
GetProductInfo
GetSystemFirmwareTable
GetNativeSystemInfo
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetComputerNameExA
GetLocalTime
GetLogicalProcessorInformationEx
GetLogicalProcessorInformation
GetSystemInfo
GetSystemTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetVersion
GetVersionExA
GetVersionExW
GetWindowsDirectoryA
GetWindowsDirectoryW
GlobalMemoryStatusEx
GetComputerNameExW
SetLocalTime
api-ms-win-core-sysinfo-l1-2-3
SetComputerNameExA
SetComputerNameW
SetComputerNameA
api-ms-win-core-sysinfo-l1-2-1
DnsHostnameToComputerNameExW
GetPhysicallyInstalledSystemMemory
SetComputerNameEx2W
api-ms-win-core-timezone-l1-1-0
SystemTimeToTzSpecificLocalTime
SetDynamicTimeZoneInformation
GetTimeZoneInformationForYear
GetDynamicTimeZoneInformation
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
SetTimeZoneInformation
SystemTimeToFileTime
GetTimeZoneInformation
api-ms-win-core-localization-l1-2-0
GetLocaleInfoEx
GetUILanguageInfo
GetCalendarInfoEx
GetThreadPreferredUILanguages
GetACP
GetCPInfo
GetNLSVersion
IsValidNLSVersion
SetThreadPreferredUILanguages
SetThreadUILanguage
GetLocaleInfoA
GetLocaleInfoW
GetOEMCP
GetUserPreferredUILanguages
GetNLSVersionEx
IdnToUnicode
FormatMessageW
IsValidLocaleName
GetProcessPreferredUILanguages
GetSystemDefaultLangID
GetSystemDefaultLCID
GetThreadLocale
SetProcessPreferredUILanguages
GetUserDefaultLCID
IsDBCSLeadByte
IsDBCSLeadByteEx
IsNLSDefinedString
IsValidCodePage
IsValidLanguageGroup
IsValidLocale
LCMapStringA
IdnToAscii
LCMapStringW
SetCalendarInfoW
SetLocaleInfoW
GetSystemPreferredUILanguages
FindNLSString
EnumSystemLocalesW
VerLanguageNameA
EnumSystemLocalesA
VerLanguageNameW
ConvertDefaultLocale
SetThreadLocale
FindNLSStringEx
GetFileMUIInfo
LCMapStringEx
FormatMessageA
LocaleNameToLCID
ResolveLocaleName
GetUserDefaultLangID
GetThreadUILanguage
GetFileMUIPath
GetCalendarInfoW
GetCPInfoExW
api-ms-win-core-processsnapshot-l1-1-0
PssWalkSnapshot
PssQuerySnapshot
PssFreeSnapshot
PssCaptureSnapshot
PssDuplicateSnapshot
PssWalkMarkerCreate
PssWalkMarkerFree
PssWalkMarkerGetPosition
PssWalkMarkerSetPosition
PssWalkMarkerSeekToBeginning
api-ms-win-core-processenvironment-l1-1-0
SearchPathW
GetEnvironmentVariableA
SetEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentDirectoryA
GetCommandLineW
GetCommandLineA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
GetEnvironmentVariableW
GetEnvironmentStrings
GetStdHandle
SetCurrentDirectoryA
SetCurrentDirectoryW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
SetStdHandleEx
GetCurrentDirectoryW
api-ms-win-core-processenvironment-l1-2-0
SearchPathA
NeedCurrentDirectoryForExePathW
NeedCurrentDirectoryForExePathA
api-ms-win-core-string-l1-1-0
CompareStringEx
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
GetStringTypeExW
FoldStringW
CompareStringW
CompareStringOrdinal
api-ms-win-core-debug-l1-1-1
CheckRemoteDebuggerPresent
WaitForDebugEvent
ContinueDebugEvent
DebugActiveProcessStop
DebugActiveProcess
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
OutputDebugStringA
DebugBreak
IsDebuggerPresent
api-ms-win-core-errorhandling-l1-1-0
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
GetErrorMode
SetErrorMode
RaiseException
api-ms-win-core-errorhandling-l1-1-3
SetThreadErrorMode
GetThreadErrorMode
api-ms-win-core-fibers-l1-1-0
FlsAlloc
FlsSetValue
FlsGetValue
FlsFree
api-ms-win-core-util-l1-1-0
Beep
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
QueryPerformanceFrequency
api-ms-win-security-base-l1-1-0
DuplicateToken
CreateWellKnownSid
FreeSid
EqualSid
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
InitializeSid
AllocateAndInitializeSid
AccessCheck
api-ms-win-security-base-l1-2-0
GetAppContainerAce
CheckTokenMembershipEx
CheckTokenCapability
SetCachedSigningLevel
AddResourceAttributeAce
AddScopedPolicyIDAce
GetCachedSigningLevel
api-ms-win-security-appcontainer-l1-1-0
GetAppContainerNamedObjectPath
api-ms-win-core-comm-l1-1-0
SetCommBreak
SetCommConfig
GetCommTimeouts
GetCommState
SetCommMask
GetCommModemStatus
GetCommMask
GetCommConfig
ClearCommBreak
ClearCommError
GetCommProperties
SetCommState
SetCommTimeouts
SetupComm
TransmitCommChar
WaitCommEvent
PurgeComm
EscapeCommFunction
api-ms-win-core-realtime-l1-1-0
QueryThreadCycleTime
QueryIdleProcessorCycleTime
QueryIdleProcessorCycleTimeEx
QueryUnbiasedInterruptTime
QueryProcessCycleTime
api-ms-win-core-wow64-l1-1-1
IsWow64Process2
GetSystemWow64DirectoryA
GetSystemWow64Directory2W
GetSystemWow64DirectoryW
api-ms-win-core-wow64-l1-1-0
IsWow64Process
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
api-ms-win-core-wow64-l1-1-3
Wow64SetThreadContext
Wow64GetThreadContext
Wow64SuspendThread
api-ms-win-core-systemtopology-l1-1-1
GetNumaProximityNodeEx
api-ms-win-core-systemtopology-l1-1-0
GetNumaNodeProcessorMaskEx
GetNumaHighestNodeNumber
api-ms-win-core-processtopology-l1-1-0
GetThreadGroupAffinity
SetThreadGroupAffinity
GetProcessGroupAffinity
api-ms-win-core-namespace-l1-1-0
CreateBoundaryDescriptorW
CreatePrivateNamespaceW
ClosePrivateNamespace
DeleteBoundaryDescriptor
OpenPrivateNamespaceW
AddSIDToBoundaryDescriptor
api-ms-win-core-file-l2-1-2
CopyFileW
CreateHardLinkA
api-ms-win-core-file-l2-1-0
ReplaceFileW
CopyFile2
CopyFileExW
ReadDirectoryChangesW
ReOpenFile
CreateSymbolicLinkW
CreateHardLinkW
GetFileInformationByHandleEx
CreateDirectoryExW
MoveFileWithProgressW
MoveFileExW
api-ms-win-core-file-l2-1-3
ReadDirectoryChangesExW
api-ms-win-core-file-l2-1-1
OpenFileById
api-ms-win-core-xstate-l2-1-0
CopyContext
InitializeContext
SetXStateFeaturesMask
GetXStateFeaturesMask
LocateXStateFeature
GetEnabledXStateFeatures
api-ms-win-core-xstate-l2-1-1
InitializeContext2
api-ms-win-core-localization-l2-1-0
EnumSystemCodePagesW
EnumTimeFormatsW
EnumCalendarInfoExEx
EnumDateFormatsW
EnumTimeFormatsEx
GetCurrencyFormatEx
GetNumberFormatEx
EnumCalendarInfoW
EnumDateFormatsExEx
EnumCalendarInfoExW
EnumDateFormatsExW
api-ms-win-core-normalization-l1-1-0
NormalizeString
VerifyScripts
IsNormalizedString
GetStringScripts
IdnToNameprepUnicode
api-ms-win-core-fibers-l2-1-0
CreateFiber
DeleteFiber
ConvertThreadToFiber
SwitchToFiber
ConvertFiberToThread
api-ms-win-core-fibers-l2-1-1
ConvertThreadToFiberEx
CreateFiberEx
api-ms-win-core-localization-private-l1-1-0
NlsCheckPolicy
NlsUpdateSystemLocale
NlsUpdateLocale
NlsGetCacheUpdateCount
api-ms-win-core-sidebyside-l1-1-0
GetCurrentActCtx
FindActCtxSectionStringW
FindActCtxSectionGuid
DeactivateActCtx
CreateActCtxW
ZombifyActCtx
AddRefActCtx
ActivateActCtx
ReleaseActCtx
QueryActCtxW
QueryActCtxSettingsW
api-ms-win-core-appcompat-l1-1-0
BaseDumpAppcompatCache
BaseInitAppcompatCacheSupport
BaseCleanupAppcompatCacheSupport
BaseFlushAppcompatCache
BaseUpdateAppcompatCache
BaseCheckAppcompatCacheEx
BaseCheckAppcompatCache
api-ms-win-core-windowserrorreporting-l1-1-0
WerUnregisterRuntimeExceptionModule
WerRegisterFile
WerUnregisterMemoryBlock
GetApplicationRecoveryCallback
WerRegisterMemoryBlock
WerRegisterRuntimeExceptionModule
WerUnregisterFile
GetApplicationRestartSettings
api-ms-win-core-windowserrorreporting-l1-1-3
RegisterApplicationRestart
UnregisterApplicationRestart
api-ms-win-core-windowserrorreporting-l1-1-1
WerRegisterExcludedMemoryBlock
WerUnregisterAdditionalProcess
WerRegisterAdditionalProcess
WerUnregisterExcludedMemoryBlock
WerRegisterCustomMetadata
WerUnregisterCustomMetadata
api-ms-win-core-windowserrorreporting-l1-1-2
WerRegisterAppLocalDump
WerUnregisterAppLocalDump
api-ms-win-core-console-l1-1-0
GetConsoleMode
GetConsoleOutputCP
GetConsoleCP
WriteConsoleW
GetNumberOfConsoleInputEvents
ReadConsoleA
ReadConsoleInputA
ReadConsoleInputW
ReadConsoleW
SetConsoleCtrlHandler
SetConsoleMode
WriteConsoleA
AllocConsole
api-ms-win-core-console-l1-2-0
PeekConsoleInputA
AttachConsole
FreeConsole
PeekConsoleInputW
api-ms-win-core-console-l1-2-1
CreatePseudoConsole
ClosePseudoConsole
ResizePseudoConsole
api-ms-win-core-console-l2-1-0
WriteConsoleOutputCharacterW
GenerateConsoleCtrlEvent
GetConsoleCursorInfo
GetConsoleScreenBufferInfo
FlushConsoleInputBuffer
ReadConsoleOutputCharacterA
CreateConsoleScreenBuffer
SetConsoleScreenBufferInfoEx
GetLargestConsoleWindowSize
ReadConsoleOutputA
ReadConsoleOutputAttribute
FillConsoleOutputAttribute
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfoEx
WriteConsoleOutputW
FillConsoleOutputCharacterA
ReadConsoleOutputCharacterW
ReadConsoleOutputW
ScrollConsoleScreenBufferA
ScrollConsoleScreenBufferW
SetConsoleActiveScreenBuffer
SetConsoleCP
SetConsoleCursorInfo
SetConsoleCursorPosition
WriteConsoleOutputCharacterA
WriteConsoleOutputAttribute
WriteConsoleOutputA
WriteConsoleInputW
WriteConsoleInputA
SetConsoleWindowInfo
SetConsoleTextAttribute
SetConsoleScreenBufferSize
SetConsoleOutputCP
api-ms-win-core-console-l2-2-0
GetConsoleOriginalTitleA
GetConsoleOriginalTitleW
GetConsoleTitleA
SetConsoleTitleA
SetConsoleTitleW
GetConsoleTitleW
api-ms-win-core-console-l3-2-0
ExpungeConsoleCommandHistoryA
ExpungeConsoleCommandHistoryW
AddConsoleAliasW
AddConsoleAliasA
GetConsoleAliasA
SetCurrentConsoleFontEx
SetConsoleNumberOfCommandsW
SetConsoleNumberOfCommandsA
SetConsoleHistoryInfo
GetConsoleAliasExesA
GetNumberOfConsoleMouseButtons
GetCurrentConsoleFontEx
GetCurrentConsoleFont
GetConsoleWindow
GetConsoleSelectionInfo
GetConsoleProcessList
GetConsoleHistoryInfo
GetConsoleFontSize
GetConsoleDisplayMode
GetConsoleCommandHistoryW
GetConsoleCommandHistoryLengthW
GetConsoleCommandHistoryLengthA
GetConsoleCommandHistoryA
GetConsoleAliasesW
GetConsoleAliasesLengthW
GetConsoleAliasesLengthA
GetConsoleAliasesA
GetConsoleAliasW
GetConsoleAliasExesW
GetConsoleAliasExesLengthW
GetConsoleAliasExesLengthA
SetConsoleDisplayMode
api-ms-win-core-psapi-l1-1-0
K32GetPerformanceInfo
K32GetProcessMemoryInfo
K32GetProcessImageFileNameW
QueryFullProcessImageNameW
K32GetDeviceDriverFileNameW
K32GetDeviceDriverBaseNameW
K32EnumDeviceDrivers
K32GetMappedFileNameW
K32GetWsChangesEx
K32GetWsChanges
K32InitializeProcessForWsWatch
K32EnumProcesses
K32QueryWorkingSetEx
K32EnumProcessModulesEx
K32GetModuleBaseNameW
K32GetModuleFileNameExW
K32GetModuleInformation
K32EmptyWorkingSet
K32EnumPageFilesW
K32QueryWorkingSet
K32EnumProcessModules
api-ms-win-core-psapi-ansi-l1-1-0
K32GetProcessImageFileNameA
K32GetMappedFileNameA
K32GetDeviceDriverFileNameA
K32GetModuleFileNameExA
K32GetModuleBaseNameA
K32EnumPageFilesA
QueryFullProcessImageNameA
K32GetDeviceDriverBaseNameA
api-ms-win-eventing-provider-l1-1-0
EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-appcompat-l1-1-1
BaseReadAppCompatDataForProcess
BaseFreeAppCompatDataForProcess
Exports
Exports
AcquireSRWLockExclusive
AcquireSRWLockShared
ActivateActCtx
ActivateActCtxWorker
AddAtomA
AddAtomW
AddConsoleAliasA
AddConsoleAliasW
AddDllDirectory
AddIntegrityLabelToBoundaryDescriptor
AddLocalAlternateComputerNameA
AddLocalAlternateComputerNameW
AddRefActCtx
AddRefActCtxWorker
AddResourceAttributeAce
AddSIDToBoundaryDescriptor
AddScopedPolicyIDAce
AddSecureMemoryCacheCallback
AddVectoredContinueHandler
AddVectoredExceptionHandler
AdjustCalendarDate
AllocConsole
AllocateUserPhysicalPages
AllocateUserPhysicalPagesNuma
AppPolicyGetClrCompat
AppPolicyGetCreateFileAccess
AppPolicyGetLifecycleManagement
AppPolicyGetMediaFoundationCodecLoading
AppPolicyGetProcessTerminationMethod
AppPolicyGetShowDeveloperDiagnostic
AppPolicyGetThreadInitializationType
AppPolicyGetWindowingModel
AppXGetOSMaxVersionTested
ApplicationRecoveryFinished
ApplicationRecoveryInProgress
AreFileApisANSI
AssignProcessToJobObject
AttachConsole
BackupRead
BackupSeek
BackupWrite
BaseCheckAppcompatCache
BaseCheckAppcompatCacheEx
BaseCheckAppcompatCacheExWorker
BaseCheckAppcompatCacheWorker
BaseCheckElevation
BaseCleanupAppcompatCacheSupport
BaseCleanupAppcompatCacheSupportWorker
BaseDestroyVDMEnvironment
BaseDllReadWriteIniFile
BaseDumpAppcompatCache
BaseDumpAppcompatCacheWorker
BaseElevationPostProcessing
BaseFlushAppcompatCache
BaseFlushAppcompatCacheWorker
BaseFormatObjectAttributes
BaseFormatTimeOut
BaseFreeAppCompatDataForProcessWorker
BaseGenerateAppCompatData
BaseGetNamedObjectDirectory
BaseInitAppcompatCacheSupport
BaseInitAppcompatCacheSupportWorker
BaseIsAppcompatInfrastructureDisabled
BaseIsAppcompatInfrastructureDisabledWorker
BaseIsDosApplication
BaseQueryModuleData
BaseReadAppCompatDataForProcessWorker
BaseSetLastNTError
BaseThreadInitThunk
BaseUpdateAppcompatCache
BaseUpdateAppcompatCacheWorker
BaseUpdateVDMEntry
BaseVerifyUnicodeString
BaseWriteErrorElevationRequiredEvent
Basep8BitStringToDynamicUnicodeString
BasepAllocateActivationContextActivationBlock
BasepAnsiStringToDynamicUnicodeString
BasepAppContainerEnvironmentExtension
BasepAppXExtension
BasepCheckAppCompat
BasepCheckWebBladeHashes
BasepCheckWinSaferRestrictions
BasepConstructSxsCreateProcessMessage
BasepCopyEncryption
BasepFinishPackageActivationForSxS
BasepFreeActivationContextActivationBlock
BasepFreeAppCompatData
BasepGetAppCompatData
BasepGetComputerNameFromNtPath
BasepGetExeArchType
BasepGetPackageActivationTokenForSxS
BasepInitAppCompatData
BasepIsProcessAllowed
BasepMapModuleHandle
BasepNotifyLoadStringResource
BasepPostSuccessAppXExtension
BasepProcessInvalidImage
BasepQueryAppCompat
BasepQueryModuleChpeSettings
BasepReleaseAppXContext
BasepReleaseSxsCreateProcessUtilityStruct
BasepReportFault
BasepSetFileEncryptionCompression
Beep
BeginUpdateResourceA
BeginUpdateResourceW
BindIoCompletionCallback
BuildCommDCBA
BuildCommDCBAndTimeoutsA
BuildCommDCBAndTimeoutsW
BuildCommDCBW
CallNamedPipeA
CallNamedPipeW
CallbackMayRunLong
CancelDeviceWakeupRequest
CancelIo
CancelIoEx
CancelSynchronousIo
CancelThreadpoolIo
CancelTimerQueueTimer
CancelWaitableTimer
CeipIsOptedIn
ChangeTimerQueueTimer
CheckAllowDecryptedRemoteDestinationPolicy
CheckElevation
CheckElevationEnabled
CheckForReadOnlyResource
CheckForReadOnlyResourceFilter
CheckIsMSIXPackage
CheckNameLegalDOS8Dot3A
CheckNameLegalDOS8Dot3W
CheckRemoteDebuggerPresent
CheckTokenCapability
CheckTokenMembershipEx
ClearCommBreak
ClearCommError
CloseConsoleHandle
CloseHandle
ClosePackageInfo
ClosePrivateNamespace
CloseProfileUserMapping
ClosePseudoConsole
CloseState
CloseThreadpool
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolIo
CloseThreadpoolTimer
CloseThreadpoolWait
CloseThreadpoolWork
CmdBatNotification
CommConfigDialogA
CommConfigDialogW
CompareCalendarDates
CompareFileTime
CompareStringA
CompareStringEx
CompareStringOrdinal
CompareStringW
ConnectNamedPipe
ConsoleMenuControl
ContinueDebugEvent
ConvertCalDateTimeToSystemTime
ConvertDefaultLocale
ConvertFiberToThread
ConvertNLSDayOfWeekToWin32DayOfWeek
ConvertSystemTimeToCalDateTime
ConvertThreadToFiber
ConvertThreadToFiberEx
CopyContext
CopyFile2
CopyFileA
CopyFileExA
CopyFileExW
CopyFileTransactedA
CopyFileTransactedW
CopyFileW
CopyLZFile
CreateActCtxA
CreateActCtxW
CreateActCtxWWorker
CreateBoundaryDescriptorA
CreateBoundaryDescriptorW
CreateConsoleScreenBuffer
CreateDirectoryA
CreateDirectoryExA
CreateDirectoryExW
CreateDirectoryTransactedA
CreateDirectoryTransactedW
CreateDirectoryW
CreateEnclave
CreateEventA
CreateEventExA
CreateEventExW
CreateEventW
CreateFiber
CreateFiberEx
CreateFile2
CreateFileA
CreateFileMappingA
CreateFileMappingFromApp
CreateFileMappingNumaA
CreateFileMappingNumaW
CreateFileMappingW
CreateFileTransactedA
CreateFileTransactedW
CreateFileW
CreateHardLinkA
CreateHardLinkTransactedA
CreateHardLinkTransactedW
CreateHardLinkW
CreateIoCompletionPort
CreateJobObjectA
CreateJobObjectW
CreateJobSet
CreateMailslotA
CreateMailslotW
CreateMemoryResourceNotification
CreateMutexA
CreateMutexExA
CreateMutexExW
CreateMutexW
CreateNamedPipeA
CreateNamedPipeW
CreatePipe
CreatePrivateNamespaceA
CreatePrivateNamespaceW
CreateProcessA
CreateProcessAsUserA
CreateProcessAsUserW
CreateProcessInternalA
CreateProcessInternalW
CreateProcessW
CreatePseudoConsole
CreateRemoteThread
CreateRemoteThreadEx
CreateSemaphoreA
CreateSemaphoreExA
CreateSemaphoreExW
CreateSemaphoreW
CreateSymbolicLinkA
CreateSymbolicLinkTransactedA
CreateSymbolicLinkTransactedW
CreateSymbolicLinkW
CreateTapePartition
CreateThread
CreateThreadpool
CreateThreadpoolCleanupGroup
CreateThreadpoolIo
CreateThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolWork
CreateTimerQueue
CreateTimerQueueTimer
CreateToolhelp32Snapshot
CreateUmsCompletionList
CreateUmsThreadContext
CreateWaitableTimerA
CreateWaitableTimerExA
CreateWaitableTimerExW
CreateWaitableTimerW
CtrlRoutine
DeactivateActCtx
DeactivateActCtxWorker
DebugActiveProcess
DebugActiveProcessStop
DebugBreak
DebugBreakProcess
DebugSetProcessKillOnExit
DecodePointer
DecodeSystemPointer
DefineDosDeviceA
DefineDosDeviceW
DelayLoadFailureHook
DeleteAtom
DeleteBoundaryDescriptor
DeleteCriticalSection
DeleteFiber
DeleteFileA
DeleteFileTransactedA
DeleteFileTransactedW
DeleteFileW
DeleteProcThreadAttributeList
DeleteSynchronizationBarrier
DeleteTimerQueue
DeleteTimerQueueEx
DeleteTimerQueueTimer
DeleteUmsCompletionList
DeleteUmsThreadContext
DeleteVolumeMountPointA
DeleteVolumeMountPointW
DequeueUmsCompletionListItems
DeviceIoControl
DisableThreadLibraryCalls
DisableThreadProfiling
DisassociateCurrentThreadFromCallback
DiscardVirtualMemory
DisconnectNamedPipe
DnsHostnameToComputerNameA
DnsHostnameToComputerNameExW
DnsHostnameToComputerNameW
DosDateTimeToFileTime
DosPathToSessionPathA
DosPathToSessionPathW
DuplicateConsoleHandle
DuplicateEncryptionInfoFileExt
DuplicateHandle
EnableThreadProfiling
EncodePointer
EncodeSystemPointer
EndUpdateResourceA
EndUpdateResourceW
EnterCriticalSection
EnterSynchronizationBarrier
EnterUmsSchedulingMode
EnumCalendarInfoA
EnumCalendarInfoExA
EnumCalendarInfoExEx
EnumCalendarInfoExW
EnumCalendarInfoW
EnumDateFormatsA
EnumDateFormatsExA
EnumDateFormatsExEx
EnumDateFormatsExW
EnumDateFormatsW
EnumLanguageGroupLocalesA
EnumLanguageGroupLocalesW
EnumResourceLanguagesA
EnumResourceLanguagesExA
EnumResourceLanguagesExW
EnumResourceLanguagesW
EnumResourceNamesA
EnumResourceNamesExA
EnumResourceNamesExW
EnumResourceNamesW
EnumResourceTypesA
EnumResourceTypesExA
EnumResourceTypesExW
EnumResourceTypesW
EnumSystemCodePagesA
EnumSystemCodePagesW
EnumSystemFirmwareTables
EnumSystemGeoID
EnumSystemGeoNames
EnumSystemLanguageGroupsA
EnumSystemLanguageGroupsW
EnumSystemLocalesA
EnumSystemLocalesEx
EnumSystemLocalesW
EnumTimeFormatsA
EnumTimeFormatsEx
EnumTimeFormatsW
EnumUILanguagesA
EnumUILanguagesW
EnumerateLocalComputerNamesA
EnumerateLocalComputerNamesW
EraseTape
EscapeCommFunction
ExecuteUmsThread
ExitProcess
ExitThread
ExitVDM
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
ExpungeConsoleCommandHistoryA
ExpungeConsoleCommandHistoryW
FatalAppExitA
FatalAppExitW
FatalExit
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FillConsoleOutputCharacterW
FindActCtxSectionGuid
FindActCtxSectionGuidWorker
FindActCtxSectionStringA
FindActCtxSectionStringW
FindActCtxSectionStringWWorker
FindAtomA
FindAtomW
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExA
FindFirstFileExW
FindFirstFileNameTransactedW
FindFirstFileNameW
FindFirstFileTransactedA
FindFirstFileTransactedW
FindFirstFileW
FindFirstStreamTransactedW
FindFirstStreamW
FindFirstVolumeA
FindFirstVolumeMountPointA
FindFirstVolumeMountPointW
FindFirstVolumeW
FindNLSString
FindNLSStringEx
FindNextChangeNotification
FindNextFileA
FindNextFileNameW
FindNextFileW
FindNextStreamW
FindNextVolumeA
FindNextVolumeMountPointA
FindNextVolumeMountPointW
FindNextVolumeW
FindPackagesByPackageFamily
FindResourceA
FindResourceExA
FindResourceExW
FindResourceW
FindStringOrdinal
FindVolumeClose
FindVolumeMountPointClose
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushConsoleInputBuffer
FlushFileBuffers
FlushInstructionCache
FlushProcessWriteBuffers
FlushViewOfFile
FoldStringA
FoldStringW
FormatApplicationUserModelId
FormatMessageA
FormatMessageW
FreeConsole
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
FreeLibraryWhenCallbackReturns
FreeMemoryJobObject
FreeResource
FreeUserPhysicalPages
GenerateConsoleCtrlEvent
GetACP
GetActiveProcessorCount
GetActiveProcessorGroupCount
GetAppContainerAce
GetAppContainerNamedObjectPath
GetApplicationRecoveryCallback
GetApplicationRecoveryCallbackWorker
GetApplicationRestartSettings
GetApplicationRestartSettingsWorker
GetApplicationUserModelId
GetAtomNameA
GetAtomNameW
GetBinaryType
GetBinaryTypeA
GetBinaryTypeW
GetCPInfo
GetCPInfoExA
GetCPInfoExW
GetCachedSigningLevel
GetCalendarDateFormat
GetCalendarDateFormatEx
GetCalendarDaysInMonth
GetCalendarDifferenceInDays
GetCalendarInfoA
GetCalendarInfoEx
GetCalendarInfoW
GetCalendarMonthsInYear
GetCalendarSupportedDateRange
GetCalendarWeekNumber
GetComPlusPackageInstallStatus
GetCommConfig
GetCommMask
GetCommModemStatus
GetCommProperties
GetCommState
GetCommTimeouts
GetCommandLineA
GetCommandLineW
GetCompressedFileSizeA
GetCompressedFileSizeTransactedA
GetCompressedFileSizeTransactedW
GetCompressedFileSizeW
GetComputerNameA
GetComputerNameExA
GetComputerNameExW
GetComputerNameW
GetConsoleAliasA
GetConsoleAliasExesA
GetConsoleAliasExesLengthA
GetConsoleAliasExesLengthW
GetConsoleAliasExesW
GetConsoleAliasW
GetConsoleAliasesA
GetConsoleAliasesLengthA
GetConsoleAliasesLengthW
GetConsoleAliasesW
GetConsoleCP
Sections
.text Size: 507KB - Virtual size: 506KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 204KB - Virtual size: 204KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 22KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 104B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 788B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
kdnet/ngccredprov.dll.dll windows:10 windows x64 arch:x64
Password: as
991296ebc87d927e456b677ae4022ab5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
ngccredprov.pdb
Imports
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_initterm
api-ms-win-crt-private-l1-1-0
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__configure_narrow_argv
_o__wcsicmp
memmove
_o_free
_o_iswascii
_o_iswcntrl
_o_iswdigit
_o_iswlower
_o_iswprint
_o_iswpunct
_o_iswspace
_o_iswupper
_o_malloc
_o_terminate
_o_wcsncpy_s
_o_wmemcpy_s
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__cexit
_o__callnewh
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
wcschr
wcsstr
__std_terminate
__CxxFrameHandler4
memcmp
_o__wcserror
memcpy
api-ms-win-crt-string-l1-1-0
strcmp
memset
wcsnlen
api-ms-win-core-libraryloader-l1-2-0
SizeofResource
LockResource
LoadResource
FindResourceExW
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
LoadStringW
GetModuleFileNameA
FreeLibrary
api-ms-win-core-synch-l1-1-0
WaitForSingleObjectEx
ReleaseMutex
InitializeSRWLock
TryAcquireSRWLockExclusive
CreateMutexExW
WaitForSingleObject
CreateEventW
ResetEvent
ReleaseSRWLockExclusive
SetEvent
DeleteCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
OpenSemaphoreW
CreateSemaphoreExW
api-ms-win-core-heap-l1-1-0
HeapFree
HeapAlloc
GetProcessHeap
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-debug-l1-1-0
IsDebuggerPresent
DebugBreak
OutputDebugStringW
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-eventing-provider-l1-1-0
EventActivityIdControl
EventRegister
EventUnregister
EventSetInformation
EventWriteTransfer
api-ms-win-core-synch-l1-2-0
Sleep
InitOnceBeginInitialize
InitOnceExecuteOnce
InitOnceComplete
api-ms-win-core-winrt-error-l1-1-0
RoOriginateError
SetRestrictedErrorInfo
GetRestrictedErrorInfo
api-ms-win-core-util-l1-1-0
DecodePointer
EncodePointer
api-ms-win-core-rtlsupport-l1-1-0
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetComputerNameExW
GetTickCount64
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
api-ms-win-core-threadpool-l1-2-0
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer
api-ms-win-core-com-l1-1-0
CoGetMalloc
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
api-ms-win-security-sddl-l1-1-0
ConvertStringSidToSidW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
api-ms-win-security-base-l1-1-0
CopySid
GetLengthSid
IsValidSid
EqualSid
GetTokenInformation
api-ms-win-core-heap-l2-1-0
LocalFree
LocalAlloc
api-ms-win-core-registry-l1-1-1
RegSetKeyValueW
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
api-ms-win-core-libraryloader-l2-1-0
QueryOptionalDelayLoadedAPI
api-ms-win-core-registry-l1-1-0
RegOpenKeyExW
RegGetValueW
RegSetValueExW
RegQueryValueExW
RegLoadKeyW
RegDeleteValueW
RegEnumKeyExW
RegFlushKey
RegCreateKeyExW
RegCloseKey
RegQueryInfoKeyW
RegOpenCurrentUser
RegUnLoadKeyW
RegDeleteTreeW
rpcrt4
UuidIsNil
UuidFromStringW
UuidCreate
RpcStringFreeW
UuidToStringW
RpcBindingFree
RpcBindingBind
RpcBindingCreateW
NdrClientCall3
RpcExceptionFilter
api-ms-win-security-lsapolicy-l1-1-0
LsaClose
LsaLookupSids2
LsaFreeMemory
LsaQueryInformationPolicy
LsaOpenPolicy
ntdll
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
RtlInitString
RtlIsMultiUsersInSessionSku
RtlInitUnicodeString
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlPublishWnfStateData
RtlNtStatusToDosErrorNoTeb
RtlIsMultiSessionSku
RtlNtStatusToDosError
RtlGetPersistedStateLocation
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
msvcp_win
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?do_length@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBD1_K@Z
?do_unshift@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?do_out@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?do_encoding@?$codecvt@GDU_Mbstatet@@@std@@MEBAHXZ
?do_max_length@?$codecvt@GDU_Mbstatet@@@std@@MEBAHXZ
?do_always_noconv@?$codecvt@GDU_Mbstatet@@@std@@MEBA_NXZ
?_Incref@facet@locale@std@@UEAAXXZ
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
??Bid@locale@std@@QEAA_KXZ
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?do_in@?$codecvt@GDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
api-ms-win-core-string-l1-1-0
CompareStringEx
api-ms-win-core-file-l1-1-0
CompareFileTime
api-ms-win-core-timezone-l1-1-0
FileTimeToSystemTime
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
api-ms-win-security-credentials-l1-1-0
CredIsMarshaledCredentialW
CredFree
CredUnmarshalCredentialW
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
api-ms-win-security-lsalookup-l1-1-2
LsaLookupUserAccountType
api-ms-win-security-lsalookup-l1-1-0
LookupAccountSidLocalW
LookupAccountNameLocalW
api-ms-win-stateseparation-helpers-l1-1-0
GetPersistedRegistryLocationW
api-ms-win-core-winrt-string-l1-1-0
WindowsCreateString
WindowsGetStringRawBuffer
WindowsDeleteString
api-ms-win-core-winrt-error-l1-1-1
RoOriginateLanguageException
Exports
Exports
DllCanUnloadNow
DllGetClassObject
Sections
.text Size: 414KB - Virtual size: 413KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 155KB - Virtual size: 155KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1024B - Virtual size: 896B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 64KB - Virtual size: 64KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ucrtbase/SessEnv.dll.dll windows:10 windows x64 arch:x64
c252150e2ab272715077e6f59b74980d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
SessEnv.pdb
Imports
msvcrt
memset
_CxxThrowException
?what@exception@@UEBAPEBDXZ
strcmp
_onexit
memcpy
memmove
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
wcscat_s
??1exception@@UEAA@XZ
wcschr
??_V@YAXPEAX@Z
memmove_s
_wtol
??0exception@@QEAA@AEBV0@@Z
_wcsicmp
swprintf_s
memcpy_s
_vsnprintf
_vsnwprintf
memcmp
toupper
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
__dllonexit
_unlock
_wcsnicmp
wcsrchr
wcsncmp
iswalpha
_lock
__CxxFrameHandler3
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_purecall
??3@YAXPEAX@Z
wcscpy_s
wcscmp
ntdll
NtQueryInformationProcess
NtDuplicateToken
RtlFreeHeap
RtlAllocateHeap
RtlNtStatusToDosError
RtlCaptureContext
WinSqmSetDWORD
WinSqmStartSession
WinSqmAddToStream
WinSqmEndSession
WinSqmIsOptedIn
RtlGetActiveConsoleId
EtwEventWriteFull
EtwEventRegister
EtwEventUnregister
RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlInsertElementGenericTable
RtlLookupElementGenericTable
RtlQueryEnvironmentVariable_U
RtlInitUnicodeStringEx
RtlInitializeGenericTable
RtlDeleteElementGenericTable
RtlEnumerateGenericTable
RtlAllocateAndInitializeSid
RtlAcquireResourceExclusive
RtlReleaseResource
RtlAcquireResourceShared
DbgPrint
RtlEqualSid
VerSetConditionMask
RtlFreeSid
RtlLookupFunctionEntry
RtlInitializeResource
RtlVerifyVersionInfo
RtlCaptureStackBackTrace
RtlDeleteResource
NtQuerySystemInformation
RtlVirtualUnwind
RtlLengthSid
api-ms-win-core-libraryloader-l1-2-0
FreeLibrary
LoadStringW
GetModuleHandleExW
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
GetModuleFileNameA
api-ms-win-core-errorhandling-l1-1-0
SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
api-ms-win-core-handle-l1-1-0
CloseHandle
DuplicateHandle
api-ms-win-service-core-l1-1-0
SetServiceStatus
RegisterServiceCtrlHandlerExW
api-ms-win-core-synch-l1-1-0
DeleteCriticalSection
InitializeCriticalSection
ReleaseSRWLockExclusive
LeaveCriticalSection
AcquireSRWLockExclusive
ReleaseSemaphore
EnterCriticalSection
CreateEventW
SetEvent
CreateSemaphoreExW
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
WaitForSingleObject
OpenSemaphoreW
CreateMutexExW
WaitForMultipleObjectsEx
WaitForSingleObjectEx
ResetEvent
ReleaseMutex
api-ms-win-core-registry-l1-1-0
RegGetValueW
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegNotifyChangeKeyValue
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
RegUnLoadKeyW
RegCreateKeyExW
RegLoadKeyW
RegDeleteTreeW
RegQueryValueExW
RegOpenKeyExW
RegOpenCurrentUser
api-ms-win-eventing-provider-l1-1-0
EventWriteTransfer
EventRegister
EventActivityIdControl
EventSetInformation
EventUnregister
EventProviderEnabled
api-ms-win-core-synch-l1-2-0
InitOnceExecuteOnce
Sleep
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
QueryPerformanceFrequency
api-ms-win-core-processthreads-l1-1-0
CreateProcessAsUserW
GetThreadId
TerminateThread
ProcessIdToSessionId
GetCurrentThreadId
CreateThread
GetCurrentThread
OpenProcessToken
OpenThreadToken
GetCurrentProcess
TerminateProcess
CreateProcessW
GetCurrentProcessId
api-ms-win-core-sysinfo-l1-1-0
GetSystemDirectoryW
GetTickCount
GetComputerNameExW
GetVersionExW
GetSystemTime
GetSystemTimeAsFileTime
GetLocalTime
api-ms-win-core-threadpool-legacy-l1-1-0
CreateTimerQueue
DeleteTimerQueueEx
CreateTimerQueueTimer
UnregisterWaitEx
DeleteTimerQueueTimer
sysntfy
SysNotifyStartServer
SysNotifyStopServer
dismapi
DismDisableFeature
DismOpenSession
DismEnableFeature
DismShutdown
DismInitialize
api-ms-win-eventing-controller-l1-1-0
ControlTraceW
EnableTraceEx2
StartTraceW
api-ms-win-core-com-l1-1-0
CoUninitialize
CoCreateInstanceEx
CoTaskMemAlloc
StringFromCLSID
CoCreateInstance
CoCreateGuid
CoInitializeEx
CoWaitForMultipleHandles
CoSetProxyBlanket
CoTaskMemFree
api-ms-win-core-debug-l1-1-0
DebugBreak
OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA
api-ms-win-security-base-l1-1-0
GetFileSecurityW
CopySid
GetAce
EqualSid
CheckTokenMembership
GetAclInformation
FreeSid
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
DuplicateToken
GetSecurityDescriptorLength
SetSecurityDescriptorControl
InitializeSecurityDescriptor
IsValidSid
DeleteAce
GetSecurityDescriptorControl
CreateWellKnownSid
AllocateAndInitializeSid
GetLengthSid
RevertToSelf
GetTokenInformation
ImpersonateLoggedOnUser
SetTokenInformation
SetFileSecurityW
AdjustTokenPrivileges
DuplicateTokenEx
MakeAbsoluteSD
api-ms-win-core-heap-l1-1-0
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
api-ms-win-core-threadpool-l1-2-0
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
api-ms-win-core-heap-l2-1-0
LocalAlloc
LocalFree
api-ms-win-security-sddl-l1-1-0
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
api-ms-win-core-localization-l1-2-0
FormatMessageW
rpcrt4
RpcBindingCopy
RpcBindingUnbind
Ndr64AsyncClientCall
UuidCreate
I_RpcBindingInqLocalClientPID
I_RpcExceptionFilter
UuidToStringW
RpcStringFreeW
NdrServerCall2
NdrServerCallAll
RpcServerInqDefaultPrincNameW
RpcServerRegisterAuthInfoW
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcAsyncCompleteCall
RpcBindingBind
RpcBindingCreateW
UuidFromStringW
RpcAsyncInitializeHandle
RpcBindingVectorFree
RpcEpRegisterW
RpcServerInqBindings
RpcServerUseProtseqExW
RpcBindingFree
RpcBindingInqAuthClientW
RpcBindingServerFromClient
RpcServerUnregisterIfEx
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcServerInqCallAttributesW
RpcGetAuthorizationContextForClient
RpcFreeAuthorizationContext
RpcImpersonateClient
RpcRevertToSelf
api-ms-win-core-file-l1-1-0
GetFileAttributesW
GetFileSizeEx
ReadFile
SetFileAttributesW
DeleteVolumeMountPointW
CreateFileW
FindNextVolumeW
GetFileTime
WriteFile
FindClose
FindFirstVolumeW
RemoveDirectoryW
DeleteFileW
FindFirstFileW
FindNextFileW
FileTimeToLocalFileTime
SetFilePointer
CompareFileTime
CreateDirectoryW
FindVolumeClose
api-ms-win-core-string-l1-1-0
WideCharToMultiByte
MultiByteToWideChar
api-ms-win-core-synch-l1-2-1
WaitForMultipleObjects
api-ms-win-core-shutdown-l1-1-0
InitiateSystemShutdownExW
api-ms-win-core-timezone-l1-1-0
SystemTimeToFileTime
FileTimeToSystemTime
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-core-file-l2-1-0
MoveFileWithProgressW
GetFileInformationByHandleEx
CopyFileExW
CreateSymbolicLinkW
api-ms-win-core-path-l1-1-0
PathCchCombine
api-ms-win-core-processthreads-l1-1-1
GetProcessMitigationPolicy
OpenProcess
api-ms-win-core-psapi-l1-1-0
QueryFullProcessImageNameW
samcli
NetLocalGroupDelMembers
NetLocalGroupAddMembers
NetUserGetInfo
api-ms-win-core-file-l1-2-0
GetTempPathW
GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW
api-ms-win-eventing-classicprovider-l1-1-0
TraceMessage
api-ms-win-security-credentials-l1-1-0
CredUnprotectW
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-heap-obsolete-l1-1-0
LocalSize
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
api-ms-win-core-shlwapi-obsolete-l1-1-0
StrToIntExW
api-ms-win-security-lsalookup-l1-1-0
LookupAccountSidLocalW
api-ms-win-core-kernel32-legacy-l1-1-0
WTSGetActiveConsoleSessionId
MoveFileW
GetComputerNameW
api-ms-win-core-kernel32-legacy-l1-1-1
VerifyVersionInfoW
SetVolumeMountPointW
api-ms-win-core-registry-l2-1-0
RegDeleteKeyW
RegEnumKeyW
api-ms-win-security-provider-l1-1-0
SetEntriesInAclW
scecli
SceSetupSystemByInfName
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
api-ms-win-security-lsapolicy-l1-1-0
LsaFreeMemory
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
api-ms-win-eventlog-legacy-l1-1-0
DeregisterEventSource
ReportEventW
RegisterEventSourceW
Exports
Exports
ServiceMain
SvchostPushServiceGlobals
Sections
.text Size: 362KB - Virtual size: 361KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 144KB - Virtual size: 144KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ucrtbase/twinui.appcore.dll.dll windows:10 windows x64 arch:x64
b1df93fdba8772075c2fa0f0b3a4490e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
twinui.appcore.pdb
Imports
msvcrt
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
toupper
wcschr
wcsrchr
wcscspn
_get_errno
memmove
_set_errno
memcmp
??1type_info@@UEAA@XZ
memcpy
_onexit
__dllonexit
_unlock
_CxxThrowException
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
?terminate@@YAXXZ
__CxxFrameHandler3
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
realloc
memset
api-ms-win-core-libraryloader-l1-2-0
GetModuleHandleExW
LockResource
LoadStringW
DisableThreadLibraryCalls
LoadResource
GetProcAddress
GetModuleFileNameW
GetModuleHandleW
GetModuleFileNameA
FindResourceExW
api-ms-win-core-synch-l1-2-0
InitOnceExecuteOnce
InitOnceBeginInitialize
Sleep
InitOnceComplete
api-ms-win-core-synch-l1-1-0
ReleaseMutex
InitializeCriticalSection
SetEvent
ReleaseSemaphore
InitializeCriticalSectionEx
CreateMutexW
CreateEventW
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjectsEx
AcquireSRWLockShared
CreateMutexExW
DeleteCriticalSection
CreateSemaphoreExW
CreateEventExW
WaitForSingleObject
InitializeSRWLock
ReleaseSRWLockShared
OpenSemaphoreW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
api-ms-win-core-heap-l1-1-0
HeapAlloc
HeapFree
GetProcessHeap
HeapReAlloc
api-ms-win-core-errorhandling-l1-1-0
SetLastError
RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
api-ms-win-core-winrt-string-l1-1-0
WindowsStringHasEmbeddedNull
WindowsGetStringLen
WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsCreateString
WindowsIsStringEmpty
WindowsCompareStringOrdinal
WindowsSubstringWithSpecifiedLength
api-ms-win-core-string-obsolete-l1-1-0
lstrlenW
api-ms-win-eventing-provider-l1-1-0
EventRegister
EventActivityIdControl
EventWriteTransfer
EventSetInformation
EventProviderEnabled
EventUnregister
api-ms-win-core-util-l1-1-0
EncodePointer
DecodePointer
api-ms-win-eventing-classicprovider-l1-1-0
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
api-ms-win-core-heap-l2-1-0
LocalFree
LocalAlloc
LocalReAlloc
api-ms-win-core-processthreads-l1-1-0
GetProcessId
TerminateProcess
GetCurrentThread
OpenThreadToken
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
OpenProcessToken
api-ms-win-core-string-l1-1-0
CompareStringW
CompareStringOrdinal
api-ms-win-core-localization-l1-2-0
GetSystemDefaultLCID
LocaleNameToLCID
ResolveLocaleName
GetSystemPreferredUILanguages
FindNLSString
FormatMessageW
LCMapStringW
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
DebugBreak
IsDebuggerPresent
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-rtlsupport-l1-1-0
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-core-registry-l1-1-0
RegEnumKeyExW
RegOpenKeyExW
RegGetValueW
RegOpenCurrentUser
RegCloseKey
RegQueryInfoKeyW
RegCreateKeyExW
RegQueryValueExW
api-ms-win-core-registry-l2-1-0
RegOpenKeyW
api-ms-win-core-processthreads-l1-1-1
OpenProcess
api-ms-win-security-base-l1-1-0
GetTokenInformation
ImpersonateLoggedOnUser
RevertToSelf
rpcrt4
UuidCreate
api-ms-win-core-threadpool-l1-2-0
WaitForThreadpoolWaitCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
SetThreadpoolTimer
api-ms-win-core-sysinfo-l1-2-0
GetProductInfo
api-ms-win-core-threadpool-legacy-l1-1-0
DeleteTimerQueueTimer
CreateTimerQueueTimer
api-ms-win-core-psapi-l1-1-0
QueryFullProcessImageNameW
api-ms-win-core-shlwapi-obsolete-l1-1-0
QISearch
StrStrIW
StrCmpLogicalW
StrChrW
StrTrimW
StrCmpICW
StrCmpCW
StrCmpNICW
api-ms-win-shcore-taskpool-l1-1-0
SHTaskPoolAllowThreadReuse
SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask
ntdll
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
NtQueryInformationToken
_vsnprintf
RtlInitUnicodeString
strncpy_s
strchr
sprintf_s
_errno
strtol
memmove_s
_wcsicmp
RtlQueryResourcePolicy
RtlNtStatusToDosError
ZwQueryWnfStateData
EtwTraceMessage
RtlFreeHeap
combase
ord140
ord157
ord90
ord147
shcore
IStream_Write
ord142
windows.storage
ord942
api-ms-win-core-errorhandling-l1-1-2
RaiseFailFastException
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
api-ms-win-core-registry-l1-1-1
RegSetKeyValueW
api-ms-win-core-file-l1-1-0
CompareFileTime
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
api-ms-win-core-shlwapi-legacy-l1-1-0
PathMatchSpecExW
Exports
Exports
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
Sections
.text Size: 427KB - Virtual size: 427KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 172KB - Virtual size: 171KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ucrtbase/ucrtbase.dll.dll windows:10 windows x64 arch:x64
405cde0fc80c30dcc3d783173dbd4143
Code Sign
33:00:00:02:b0:2e:6a:e9:62:cc:9e:88:c2:00:00:00:00:02:b0Certificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24-09-2020 19:16Not After23-09-2021 19:16SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19-10-2011 18:41Not After19-10-2026 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
3f:25:37:d0:1e:eb:42:bb:b0:f3:57:f4:e9:d3:6e:e2:d7:eb:31:2d:99:eb:ba:3e:5d:3f:46:81:be:4e:91:e1Signer
Actual PE Digest3f:25:37:d0:1e:eb:42:bb:b0:f3:57:f4:e9:d3:6e:e2:d7:eb:31:2d:99:eb:ba:3e:5d:3f:46:81:be:4e:91:e1Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
ucrtbase.pdb
Imports
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
SetLastError
SetErrorMode
GetLastError
api-ms-win-core-heap-l1-1-0
HeapWalk
HeapValidate
HeapFree
HeapCompact
HeapReAlloc
HeapQueryInformation
GetProcessHeap
HeapAlloc
HeapSize
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcessId
GetStartupInfoW
GetCurrentProcess
TlsAlloc
GetCurrentThread
TlsGetValue
GetCurrentThreadId
CreateProcessW
TlsSetValue
ExitProcess
ExitThread
CreateThread
TlsFree
GetExitCodeProcess
ResumeThread
TerminateProcess
api-ms-win-core-libraryloader-l1-1-0
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
FreeLibraryAndExitThread
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
api-ms-win-core-synch-l1-1-0
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
IsDebuggerPresent
api-ms-win-core-processenvironment-l1-1-0
GetCommandLineW
SetStdHandle
GetCommandLineA
GetCurrentDirectoryW
GetStdHandle
SetEnvironmentVariableW
GetEnvironmentStringsW
SetCurrentDirectoryW
FreeEnvironmentStringsW
api-ms-win-core-file-l1-1-0
ReadFile
GetFileSizeEx
GetFileType
SetFilePointerEx
CreateFileW
FindClose
FindNextFileW
FindFirstFileExW
GetFileInformationByHandle
GetFullPathNameW
GetDriveTypeW
GetFileAttributesExW
GetDiskFreeSpaceW
GetLogicalDrives
SetFileAttributesW
SetFileTime
CreateDirectoryW
LockFileEx
UnlockFileEx
FlushFileBuffers
SetEndOfFile
DeleteFileW
WriteFile
RemoveDirectoryW
api-ms-win-core-string-l1-1-0
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
api-ms-win-core-localization-l1-2-0
GetOEMCP
EnumSystemLocalesW
IsValidCodePage
GetACP
GetCPInfo
IsValidLocale
GetUserDefaultLCID
GetLocaleInfoW
LCMapStringW
api-ms-win-core-datetime-l1-1-0
GetTimeFormatW
GetDateFormatW
api-ms-win-core-sysinfo-l1-1-0
SetLocalTime
GetSystemTimeAsFileTime
GetLocalTime
GetSystemInfo
api-ms-win-core-rtlsupport-l1-1-0
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
RtlUnwind
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
api-ms-win-core-console-l1-1-0
PeekConsoleInputA
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
WriteConsoleW
GetConsoleOutputCP
GetNumberOfConsoleInputEvents
ReadConsoleW
ReadConsoleInputW
SetConsoleMode
api-ms-win-core-handle-l1-1-0
CloseHandle
DuplicateHandle
api-ms-win-core-file-l1-2-0
GetTempPathW
api-ms-win-core-namedpipe-l1-1-0
PeekNamedPipe
CreatePipe
api-ms-win-core-timezone-l1-1-0
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
api-ms-win-core-file-l2-1-0
MoveFileExW
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
QueryPerformanceFrequency
api-ms-win-core-memory-l1-1-0
VirtualQuery
VirtualAlloc
VirtualProtect
api-ms-win-core-util-l1-1-0
Beep
EncodePointer
api-ms-win-core-interlocked-l1-1-0
InterlockedFlushSList
InterlockedPushEntrySList
Exports
Exports
_Cbuild
_Cmulcc
_Cmulcr
_CreateFrameInfo
_CxxThrowException
_Exit
_FCbuild
_FCmulcc
_FCmulcr
_FindAndUnlinkFrame
_GetImageBase
_GetThrowImageBase
_Getdays
_Getmonths
_Gettnames
_IsExceptionObjectToBeDestroyed
_LCbuild
_LCmulcc
_LCmulcr
_SetImageBase
_SetThrowImageBase
_SetWinRTOutOfMemoryExceptionCallback
_Strftime
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__C_specific_handler
__C_specific_handler_noexcept
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxFrameHandler4
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__NLG_Dispatch2
__NLG_Return2
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
___lc_codepage_func
___lc_collate_cp_func
___lc_locale_name_func
___mb_cur_max_func
___mb_cur_max_l_func
__acrt_iob_func
__conio_common_vcprintf
__conio_common_vcprintf_p
__conio_common_vcprintf_s
__conio_common_vcscanf
__conio_common_vcwprintf
__conio_common_vcwprintf_p
__conio_common_vcwprintf_s
__conio_common_vcwscanf
__current_exception
__current_exception_context
__daylight
__dcrt_get_wide_environment_from_os
__dcrt_initial_narrow_environment
__doserrno
__dstbias
__fpe_flt_rounds
__fpecode
__initialize_lconv_for_unsigned_char
__intrinsic_setjmp
__intrinsic_setjmpex
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__p___argc
__p___argv
__p___wargv
__p__acmdln
__p__commode
__p__environ
__p__fmode
__p__mbcasemap
__p__mbctype
__p__pgmptr
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__processing_throw
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__setusermatherr
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__stdio_common_vfprintf
__stdio_common_vfprintf_p
__stdio_common_vfprintf_s
__stdio_common_vfscanf
__stdio_common_vfwprintf
__stdio_common_vfwprintf_p
__stdio_common_vfwprintf_s
__stdio_common_vfwscanf
__stdio_common_vsnprintf_s
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf
__stdio_common_vsprintf_p
__stdio_common_vsprintf_s
__stdio_common_vsscanf
__stdio_common_vswprintf
__stdio_common_vswprintf_p
__stdio_common_vswprintf_s
__stdio_common_vswscanf
__strncnt
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__wcserror
__wcserror_s
__wcsncnt
_abs64
_access
_access_s
_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_atoll_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_base
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chgsignf
_chmod
_chsize
_chsize_s
_clearfp
_close
_commit
_configthreadlocale
_configure_narrow_argv
_configure_wide_argv
_control87
_controlfp
_controlfp_s
_copysign
_copysignf
_cputs
_cputws
_creat
_create_locale
_crt_at_quick_exit
_crt_atexit
_ctime32
_ctime32_s
_ctime64
_ctime64_s
_cwait
_d_int
_dclass
_dexp
_difftime32
_difftime64
_dlog
_dnorm
_dpcomp
_dpoly
_dscale
_dsign
_dsin
_dtest
_dunscale
_dup
_dup2
_dupenv_s
_ecvt
_ecvt_s
_endthread
_endthreadex
_eof
_errno
_except1
_execl
_execle
_execlp
_execlpe
_execute_onexit_table
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fclose_nolock
_fcloseall
_fcvt
_fcvt_s
_fd_int
_fdclass
_fdexp
_fdlog
_fdnorm
_fdopen
_fdpcomp
_fdpoly
_fdscale
_fdsign
_fdsin
_fdtest
_fdunscale
_fflush_nolock
_fgetc_nolock
_fgetchar
_fgetwc_nolock
_fgetwchar
_filelength
_filelengthi64
_fileno
_findclose
_findfirst32
_findfirst32i64
_findfirst64
_findfirst64i32
_findnext32
_findnext32i64
_findnext64
_findnext64i32
_finite
_finitef
_flushall
_fpclass
_fpclassf
_fpieee_flt
_fpreset
_fputc_nolock
_fputchar
_fputwc_nolock
_fputwchar
_fread_nolock
_fread_nolock_s
_free_base
_free_locale
_fseek_nolock
_fseeki64
_fseeki64_nolock
_fsopen
_fstat32
_fstat32i64
_fstat64
_fstat64i32
_ftell_nolock
_ftelli64
_ftelli64_nolock
_ftime32
_ftime32_s
_ftime64
_ftime64_s
_fullpath
_futime32
_futime64
_fwrite_nolock
_gcvt
_gcvt_s
_get_FMA3_enable
_get_current_locale
_get_daylight
_get_doserrno
_get_dstbias
_get_errno
_get_fmode
_get_heap_handle
_get_initial_narrow_environment
_get_initial_wide_environment
_get_invalid_parameter_handler
_get_narrow_winmain_command_line
_get_osfhandle
_get_pgmptr
_get_printf_count_output
_get_purecall_handler
_get_stream_buffer_pointers
_get_terminate
_get_thread_local_invalid_parameter_handler
_get_timezone
_get_tzname
_get_unexpected
_get_wide_winmain_command_line
_get_wpgmptr
_getc_nolock
_getch
_getch_nolock
_getche
_getche_nolock
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getwc_nolock
_getwch
_getwch_nolock
_getwche
_getwche_nolock
_getws
_getws_s
_gmtime32
_gmtime32_s
_gmtime64
_gmtime64_s
_heapchk
_heapmin
_heapwalk
_hypot
_hypotf
_i64toa
_i64toa_s
_i64tow
_i64tow_s
_initialize_narrow_environment
_initialize_onexit_table
_initialize_wide_environment
_initterm
_initterm_e
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_invoke_watson
_is_exception_typeof
_isalnum_l
_isalpha_l
_isatty
_isblank_l
_iscntrl_l
_isctype
_isctype_l
_isdigit_l
_isgraph_l
_isleadbyte_l
_islower_l
_ismbbalnum
_ismbbalnum_l
_ismbbalpha
_ismbbalpha_l
_ismbbblank
_ismbbblank_l
_ismbbgraph
_ismbbgraph_l
_ismbbkalnum
_ismbbkalnum_l
_ismbbkana
_ismbbkana_l
_ismbbkprint
_ismbbkprint_l
_ismbbkpunct
_ismbbkpunct_l
_ismbblead
_ismbblead_l
_ismbbprint
_ismbbprint_l
_ismbbpunct
_ismbbpunct_l
_ismbbtrail
_ismbbtrail_l
_ismbcalnum
_ismbcalnum_l
_ismbcalpha
_ismbcalpha_l
_ismbcblank
_ismbcblank_l
_ismbcdigit
_ismbcdigit_l
_ismbcgraph
_ismbcgraph_l
_ismbchira
_ismbchira_l
_ismbckata
_ismbckata_l
_ismbcl0
_ismbcl0_l
_ismbcl1
_ismbcl1_l
_ismbcl2
_ismbcl2_l
_ismbclegal
_ismbclegal_l
_ismbclower
_ismbclower_l
_ismbcprint
_ismbcprint_l
_ismbcpunct
_ismbcpunct_l
_ismbcspace
_ismbcspace_l
_ismbcsymbol
_ismbcsymbol_l
_ismbcupper
_ismbcupper_l
_ismbslead
_ismbslead_l
_ismbstrail
_ismbstrail_l
_isnan
_isnanf
_isprint_l
_ispunct_l
_isspace_l
_isupper_l
_iswalnum_l
_iswalpha_l
_iswblank_l
_iswcntrl_l
_iswcsym_l
_iswcsymf_l
_iswctype_l
_iswdigit_l
_iswgraph_l
_iswlower_l
_iswprint_l
_iswpunct_l
_iswspace_l
_iswupper_l
_iswxdigit_l
_isxdigit_l
_itoa
_itoa_s
_itow
_itow_s
_j0
_j1
_jn
_kbhit
_ld_int
_ldclass
_ldexp
_ldlog
_ldpcomp
_ldpoly
_ldscale
_ldsign
_ldsin
_ldtest
_ldunscale
_lfind
_lfind_s
_loaddll
_local_unwind
Sections
.text Size: 718KB - Virtual size: 718KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 228KB - Virtual size: 228KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 46KB - Virtual size: 45KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
vbsapi/Windows.Media.Streaming.dll.dll windows:10 windows x64 arch:x64
aa6331e18dc86e4a12d7f6a1740bea26
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Windows.Media.Streaming.pdb
Imports
msvcrt
_ui64tow_s
_ltow_s
swprintf_s
_wcsnicmp
_ultow_s
_wcstoui64
wcstoul
wcsncmp
_wsplitpath_s
_vsnwprintf
_snwscanf_s
realloc
towupper
iswalpha
iswdigit
memmove_s
wcschr
wcspbrk
wcsstr
memcpy_s
_wtol
_strcmpi
qsort
strncpy_s
strnlen
_callnewh
?terminate@@YAXXZ
memset
_onexit
__dllonexit
_unlock
_lock
_wcsicmp
__CxxFrameHandler3
__C_specific_handler
_initterm
malloc
_amsg_exit
_XcptFilter
free
_purecall
floor
memcmp
memcpy
wcscmp
api-ms-win-core-synch-l1-2-0
Sleep
InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete
api-ms-win-eventing-provider-l1-1-0
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
api-ms-win-core-util-l1-1-0
DecodePointer
EncodePointer
api-ms-win-eventing-classicprovider-l1-1-0
UnregisterTraceGuids
TraceMessage
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceLoggerHandle
GetTraceEnableFlags
api-ms-win-core-synch-l1-1-0
AcquireSRWLockExclusive
InitializeSRWLock
InitializeCriticalSectionEx
ResetEvent
DeleteCriticalSection
ReleaseMutex
WaitForSingleObject
CreateEventW
CreateMutexExW
EnterCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockShared
SetEvent
LeaveCriticalSection
WaitForSingleObjectEx
ReleaseSemaphore
CreateEventExW
InitializeCriticalSection
ReleaseSRWLockShared
OpenSemaphoreW
CreateSemaphoreExW
api-ms-win-core-libraryloader-l1-2-0
GetModuleHandleExW
LoadStringW
GetModuleHandleW
GetProcAddress
FreeLibrary
FreeLibraryAndExitThread
FindStringOrdinal
DisableThreadLibraryCalls
GetModuleFileNameA
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-processthreads-l1-1-0
SetThreadPriority
GetThreadPriority
TerminateProcess
GetCurrentProcess
CreateThread
OpenProcessToken
TlsGetValue
OpenThreadToken
GetCurrentThread
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetCurrentProcessId
ResumeThread
api-ms-win-core-sysinfo-l1-1-0
GetTickCount64
GetTickCount
GetSystemTimeAsFileTime
GetComputerNameExW
api-ms-win-core-rtlsupport-l1-1-0
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
GetLastError
RaiseException
SetLastError
UnhandledExceptionFilter
api-ms-win-core-string-l1-1-0
CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar
api-ms-win-core-heap-l1-1-0
HeapFree
HeapAlloc
GetProcessHeap
api-ms-win-core-threadpool-l1-2-0
IsThreadpoolTimerSet
FreeLibraryWhenCallbackReturns
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
TrySubmitThreadpoolCallback
CallbackMayRunLong
CloseThreadpoolTimer
SetThreadpoolTimer
api-ms-win-core-kernel32-legacy-l1-1-1
PowerCreateRequest
PowerSetRequest
PowerClearRequest
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-file-l1-1-0
CreateFileW
GetFullPathNameW
SetFilePointerEx
SetEndOfFile
GetFileInformationByHandle
DeleteFileW
WriteFile
GetFinalPathNameByHandleW
api-ms-win-core-processthreads-l1-1-1
OpenProcess
api-ms-win-core-heap-l2-1-0
LocalFree
api-ms-win-core-kernel32-legacy-l1-1-0
GetComputerNameW
api-ms-win-core-registry-l1-1-0
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegGetValueW
api-ms-win-core-timezone-l1-1-0
SystemTimeToFileTime
api-ms-win-shcore-thread-l1-1-0
SHGetThreadRef
GetProcessReference
SHSetThreadRef
SetProcessReference
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
DebugBreak
IsDebuggerPresent
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-featurestaging-l1-1-0
RecordFeatureUsage
SubscribeFeatureStateChangeNotification
UnsubscribeFeatureStateChangeNotification
api-ms-win-core-localization-l1-2-0
FormatMessageW
Exports
Exports
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
Sections
.text Size: 839KB - Virtual size: 839KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 185KB - Virtual size: 185KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x64_x32_installer__v4.0.7.msi.msi