CWindowsSysWOW64-2[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

CWindowsSysWOW64-2.zip
Size

2.6MB
MD5

5ab82ba5c1892d570f1a3b6f02b9d0fd
SHA1

bb70f15c02827b76cf1a71437df3249d2ea93b05
SHA256

e6178e179fd47b8099c848baf57dd4f56b9860f52faa9843fdb994d18ef9a7cb
SHA512

9d9c0f4f8c8f42e9dc5b65644f808d0057ed4d1d05de09cddc7f05c3d4cbb0b903ef1b4c6a712b3d372d1e73b49dea701f07dc4ebf190cb5f6ba51be3d9ac181
SSDEEP

49152:Qkf7ku446sVm/97KO9z5py2AfCKtV7nHBCsO3IG2bwMqjZtf9CA/Rt:QOkQ6sVgh9z/y2AfrY71MqXf9t/z

Score

3^/10

Malware Config

Signatures

Unsigned PE 28 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SystemPropertiesRemote.exe
unpack001/SystemUWPLauncher.exe
unpack001/TCPSVCS.EXE
unpack001/TRACERT.EXE
unpack001/TSTheme.exe
unpack001/TapiUnattend.exe
unpack001/ThumbnailExtractionHost.exe
unpack001/TokenBrokerCookies.exe
unpack001/TpmInit.exe
unpack001/TpmTool.exe
unpack001/UserAccountControlSettings.exe
unpack001/Utilman.exe
unpack001/systray.exe
unpack001/takeown.exe
unpack001/tar.exe
unpack001/taskkill.exe
unpack001/tasklist.exe
unpack001/tcmsetup.exe
unpack001/timeout.exe
unpack001/tracerpt.exe
unpack001/typeperf.exe
unpack001/tzutil.exe
unpack001/unlodctr.exe
unpack001/unregmp2.exe
unpack001/upnpcont.exe
unpack001/user.exe
unpack001/userinit.exe
unpack001/verclsid.exe

Files

CWindowsSysWOW64-2.zip
.zip
SystemPropertiesRemote.exe
.exe windows:10 windows x86 arch:x86

b788892ae84ba86201a726810f01cb07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

SystemPropertiesRemote.pdb

Imports

msvcrt

__setusermatherr
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_wcmdln
_initterm
_XcptFilter
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode

sysdm.cpl

DisplaySYSDMCPL

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SystemUWPLauncher.exe
.exe windows:10 windows x86 arch:x86

b7c2abb26b91fb0be005e4be785169ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

SystemUWPLauncher.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__controlfp_s
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_fmode
_o__set_new_mode
memcpy
_o__wcsicmp
_o_exit
_o_free
_o_malloc
_o_terminate
__current_exception
__current_exception_context
_except_handler4_common
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
__std_terminate
wcsstr
wcschr
__CxxFrameHandler3
_o__set_app_type

api-ms-win-crt-string-l1-1-0

memset
wcscspn

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
GetModuleHandleW
GetModuleHandleExW
GetModuleHandleExA

api-ms-win-security-base-l1-1-0

GetTokenInformation
IsWellKnownSid
MakeAbsoluteSD

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
SetEvent
WaitForSingleObject
ReleaseSemaphore
ReleaseSRWLockShared
CreateSemaphoreExW
CreateEventW
OpenSemaphoreW
CreateMutexExW
WaitForSingleObjectEx
AcquireSRWLockShared
ReleaseSRWLockExclusive
ReleaseMutex
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
GetLastError

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
GetCommandLineW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoCreateFreeThreadedMarshaler
CoUninitialize
CoTaskMemAlloc
CoInitializeSecurity

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsCreateString
WindowsDeleteString
WindowsCreateStringReference
WindowsSubstringWithSpecifiedLength

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetExitCodeProcess
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
SetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
RoReportFailedDelegate

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-com-l1-1-1

RoGetAgileReference

ntdll

NtOpenProcessTokenEx

api-ms-win-core-shlwapi-legacy-l1-1-0

PathGetArgsW

api-ms-win-shcore-thread-l1-1-0

SHGetThreadRef

api-ms-win-appmodel-runtime-l1-1-1

ParseApplicationUserModelId

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TCPSVCS.EXE
.exe windows:10 windows x86 arch:x86

7ec53fbe050a90703b67a98fcb8bcfcc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

tcpsvcs.pdb

Imports

msvcrt

__getmainargs
__p__fmode
_cexit
exit
_amsg_exit
_except_handler4_common
_exit
__p__commode
wcscat_s
__set_app_type
_XcptFilter
_controlfp
?terminate@@YAXXZ
_initterm
__setusermatherr

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
SetServiceStatus

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetErrorMode
UnhandledExceptionFilter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW

rpcrt4

RpcMgmtWaitServerListen
RpcServerListen
RpcMgmtStopServerListening

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleW
GetProcAddress

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
ExitProcess

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

DbgPrint

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TRACERT.EXE
.exe windows:10 windows x86 arch:x86

0727b2e083dceae4bc2d3b322a5a2171

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

tracert.pdb

Imports

msvcrt

_exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_except_handler4_common
__p__fmode
__setusermatherr
_initterm
fgetpos
?terminate@@YAXXZ
wcschr
_fileno
memcpy
_write
_controlfp
_setmode
wcstoul
_cexit
fflush
__iob_func
_wcsicmp
_get_osfhandle
exit
fwprintf
memset

ws2_32

WSAGetLastError
WSAStartup
socket
GetAddrInfoW
closesocket
WSACleanup
FreeAddrInfoW
GetNameInfoW
WSAIoctl

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageW

iphlpapi

Icmp6SendEcho2
IcmpCloseHandle
Icmp6CreateFile
IcmpCreateFile
IcmpSendEcho2

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-console-l1-1-0

GetConsoleMode

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

ntdll

RtlIpv4StringToAddressW

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-file-l1-1-0

GetFileType

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 532B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TSTheme.exe
.exe windows:10 windows x86 arch:x86

9ace85baf61f72e5611a8bf2d6705896

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

TSTheme.pdb

Imports

advapi32

RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
EventWriteTransfer
OpenProcessToken
EventUnregister
EventSetInformation
EventRegister
RegDeleteKeyW
RegOpenCurrentUser
RegQueryValueExW

kernel32

CreateEventW
CreateThread
DeleteCriticalSection
InitializeCriticalSection
GetCommandLineW
GetCurrentThreadId
Sleep
LocalFree
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
SetLastError
GetCurrentProcess
CloseHandle
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
DelayLoadFailureHook
ResolveDelayLoadedAPI
LoadLibraryW
ProcessIdToSessionId
GetExitCodeThread
LocalAlloc
SetEvent
GetModuleFileNameW
FindResourceExW
LoadResource
SizeofResource
MultiByteToWideChar
RaiseException
InitializeCriticalSectionAndSpinCount

user32

DispatchMessageW
GetMessageW
CharNextW
PostThreadMessageW
UnregisterClassA
UpdatePerUserSystemParameters

msvcrt

memset
_lock
_errno
_initterm
__setusermatherr
_controlfp
_exit
?terminate@@YAXXZ
_unlock
__dllonexit
??1type_info@@UAE@XZ
_except_handler4_common
_cexit
_wcmdln
__p__fmode
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
_purecall
wcscat_s
wcscpy_s
memcpy_s
free
malloc
wcsncpy_s
??_V@YAXPAX@Z
__CxxFrameHandler3
??3@YAXPAX@Z
realloc
_vsnwprintf
exit
memcmp
_onexit

oleaut32

UnRegisterTypeLi
SysFreeString
VarUI4FromStr
SysAllocString
LoadTypeLi
RegisterTypeLi
SysStringLen
LoadRegTypeLi

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
StringFromGUID2
CoInitializeSecurity
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetStartupInfoW
TerminateProcess

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TapiUnattend.exe
.exe windows:10 windows x86 arch:x86

38d2f52a7bb6275bb518dee25030d230

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

TapiUnattend.pdb

Imports

advapi32

RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW

kernel32

GetLastError
HeapSetInformation
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
TerminateProcess

msvcrt

_controlfp
_except_handler4_common
_exit
_initterm
__setusermatherr
_cexit
__p__fmode
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
free
_callnewh
malloc
?terminate@@YAXXZ

wdscore

WdsSetupLogMessageW
CurrentIP
ConstructPartialMsgVW

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Taskmgr.exe
.exe windows:10 windows x86 arch:x86

9d6489829971c2f00e11012930dbda53

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:01:db:2a:36:40:97:78:64:bc:13:f7:7b:f1:54:9d:48:d9:d2:b3:aa:3a:ed:6f:dd:2e:3e:5c:5d:28:1e:fd
Signer

Actual PE Digest

20:01:db:2a:36:40:97:78:64:bc:13:f7:7b:f1:54:9d:48:d9:d2:b3:aa:3a:ed:6f:dd:2e:3e:5c:5d:28:1e:fd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Taskmgr.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o_realloc
_o_round
_o_terminate
_o_tolower
_o_towupper
_o_wcstod
_o_wcstok_s
_o_wcstol
_o_wcstoul
__current_exception
__current_exception_context
_except_handler4_common
_o_iswspace
_o_iswdigit
_o_iswalpha
_o_isdigit
memmove
_o_free
_o_floor
_o_malloc
_o_exit
_o_ceil
_o_bsearch
_o_abort
_o__wtol
_o__wtoi
_o_memcpy_s
_o__wcsnicmp
_o__wcsicmp
_o__ui64tow_s
_CxxThrowException
strchr
wcsrchr
wcschr
wcsstr
__std_type_info_compare
__std_terminate
__CxxFrameHandler3
_o__strnicmp
_o__stricmp
_o__set_new_mode
_o__set_fmode
_o__set_errno
_o__set_app_type
_o__seh_filter_exe
_o__register_onexit_function
_o__purecall
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o__i64tow_s
_o__get_wide_winmain_command_line
_o__get_errno
_o__exit
_o__errno
_o__crt_atexit
_o__controlfp_s
_o__configure_wide_argv
_o__configthreadlocale
_o__CIsqrt
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___acrt_iob_func
_o____lc_codepage_func
__RTDynamicCast
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

ProcessIdToSessionId
GetProcessTimes
CreateProcessW
GetExitCodeThread
OpenProcessToken
GetCurrentThreadId
GetPriorityClass
GetCurrentProcess
GetStartupInfoW
GetThreadPriority
CreateThread
SetThreadPriority
GetCurrentThread
SetProcessShutdownParameters
GetCurrentProcessId
SetPriorityClass
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetLocalTime
GetSystemTimeAsFileTime
GetTickCount64
GetVersionExW
GetLogicalProcessorInformationEx
GetComputerNameExW
GetSystemDirectoryW
GetSystemInfo
GlobalMemoryStatusEx

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
DebugBreak
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetErrorMode
SetErrorMode
SetLastError
GetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleExW
FreeLibrary
GetProcAddress
GetModuleFileNameA
GetModuleHandleW
LoadLibraryExW
LoadStringW
GetModuleHandleA

api-ms-win-core-synch-l1-1-0

CreateMutexW
OpenSemaphoreW
ReleaseMutex
DeleteCriticalSection
InitializeCriticalSectionEx
SetEvent
WaitForSingleObjectEx
ReleaseSemaphore
CreateEventW
ResetEvent
OpenEventW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
TryEnterCriticalSection
WaitForSingleObject
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
ReleaseSRWLockShared
CreateMutexExW
InitializeCriticalSectionAndSpinCount
AcquireSRWLockShared
CreateEventExW
CreateSemaphoreExW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
TrySubmitThreadpoolCallback

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
HeapSetInformation
HeapSize

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-localization-l1-2-0

FormatMessageA
GetLocaleInfoW
GetThreadPreferredUILanguages
FormatMessageW
GetThreadUILanguage
GetLocaleInfoEx

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegNotifyChangeKeyValue
RegCloseKey
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegEnumValueW
RegGetValueW

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
InitOnceBeginInitialize
WakeConditionVariable
SleepConditionVariableCS
InitOnceComplete

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
LoadLibraryA

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

SetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetLengthSid
GetTokenInformation
CopySid
CheckTokenMembership
IsWellKnownSid
AdjustTokenPrivileges
CreateWellKnownSid

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo
GetSystemFirmwareTable

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-io-l1-1-1

CancelSynchronousIo

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

oleaut32

SetErrorInfo
GetErrorInfo
SysAllocString
SysFreeString
SysStringLen
VariantClear
SafeArrayPutElement
SafeArrayDestroy
SafeArrayCreateVector
VariantInit

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-core-file-l1-1-0

GetLongPathNameW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
QueryDosDeviceW
GetLogicalDriveStringsW
GetFileSizeEx
CreateDirectoryW
GetDriveTypeW
FindFirstChangeNotificationW
FindNextChangeNotification
FindClose
FindFirstFileW
FindNextFileW
FindCloseChangeNotification
GetFileType
GetFileAttributesExW
CompareFileTime
CreateFileW
ReadFile
WriteFile
FlushFileBuffers

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
GetCurrentDirectoryW

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-memory-l1-1-1

SetProcessWorkingSetSize
VirtualUnlock

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringEx
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-path-l1-1-0

PathCchCanonicalize
PathCchCombine
PathCchAppend

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-string-l2-1-0

CharLowerW
CharUpperBuffW

api-ms-win-core-memory-l1-1-0

ReadProcessMemory

api-ms-win-core-datetime-l1-1-2

GetDurationFormatEx

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

rpcrt4

UuidCreate

api-ms-win-core-sysinfo-l1-2-2

GetProcessorSystemCycleTime

api-ms-win-core-processtopology-l1-1-0

GetProcessGroupAffinity

api-ms-win-core-sysinfo-l1-2-1

GetPhysicallyInstalledSystemMemory

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation
GetProcessInformation

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv
GetComputerNameW

api-ms-win-security-provider-l1-1-0

SetSecurityInfo
SetEntriesInAclW

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer
QueueUserWorkItem

api-ms-win-core-shlwapi-legacy-l1-1-0

PathRemoveExtensionW
PathFileExistsW
PathStripPathW
PathRemoveBlanksW
SHExpandEnvironmentStringsW
PathGetArgsW
PathRemoveBackslashW
PathIsRelativeW
PathIsPrefixW

api-ms-win-perf-legacy-l1-1-0

PerfAddCounters
PerfCloseQueryHandle
PerfOpenQueryHandle
PerfQueryCounterData

api-ms-win-core-windowserrorreporting-l1-1-3

RegisterApplicationRestart

api-ms-win-core-pcw-l1-1-0

PcwAddQueryItem
PcwCollectData
PcwCreateQuery

nsi

NsiGetParameter
NsiGetAllParameters

api-ms-win-core-atoms-l1-1-0

DeleteAtom
AddAtomW

comctl32

ImageList_CoCreateInstance

ntdll

NtQuerySystemInformation
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
EtwCheckCoverage
NtPowerInformation
RtlTimeToElapsedTimeFields
RtlAllocateHeap
RtlFreeHeap
RtlNumberOfSetBitsUlongPtr
RtlImageNtHeader
LdrQueryProcessModuleInformation
NtQueryInformationProcess
NtSystemDebugControl
NtSetInformationFile
RtlSecondsSince1970ToTime
ZwQueryWnfStateData
RtlNtStatusToDosError
NtQueryInformationThread
RtlInitUnicodeString
NtQueryTimerResolution
NtQueryObject
NtQueryInformationFile
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
NtQueryInformationToken
NtOpenFile
RtlCheckPortableOperatingSystem
RtlIpv4AddressToStringExW
RtlIpv6AddressToStringExW
NtSetInformationProcess

shlwapi

StrToIntExW
ord548
ord199
ord219
StrRChrIW
PathRemoveArgsW
SHCreateStreamOnFileEx
ord278
StrRetToBufW
StrTrimW
ord176
ord16
AssocQueryStringW
SHCreateStreamOnFileW
PathIsNetworkPathW
ord437
StrStrW
ord618
StrStrIW

shell32

ShellExecuteW
Shell_NotifyIconW
SHGetPropertyStoreForWindow
SHGetFileInfoW
SHGetIDListFromObject
ord4
ord2
SHGetKnownFolderIDList
ord727
Shell_GetCachedImageIndexW
SHGetKnownFolderItem
ord155
SHBindToParent
ord61
SHOpenFolderAndSelectItems
CommandLineToArgvW
DuplicateIcon
SHGetKnownFolderPath
SHEvaluateSystemCommandTemplate
SHGetStockIconInfo
ShellExecuteExW
ord75
SHParseDisplayName

credui

CredUIPromptForCredentialsW

gdi32

CreateDIBSection
D3DKMTQueryAdapterInfo
D3DKMTOpenAdapterFromLuid
D3DKMTCloseAdapter
Rectangle
LineTo
MoveToEx
CreatePen
SetTextColor
SetBkColor
SetBkMode
CreateSolidBrush
CreateRectRgn
DeleteDC
DeleteObject
StretchBlt
SetBrushOrgEx
SetStretchBltMode
CreateBitmap
SelectObject
CreateCompatibleDC
GetObjectW
GetTextExtentPointW
GetStockObject
CreateFontIndirectW
ExcludeClipRect
GdiAlphaBlend
BitBlt
GetDeviceCaps
GetCurrentObject

user32

GetScrollPos
PtInRect
DialogBoxParamW
GetParent
GetForegroundWindow
InsertMenuW
CreatePopupMenu
TrackPopupMenuEx
RedrawWindow
SetWindowLongW
GetCursorPos
CloseGestureInfoHandle
GetGestureInfo
SetGestureConfig
TrackMouseEvent
GetSysColor
SystemParametersInfoW
CopyRect
EqualRect
IsZoomed
ReleaseDC
GetIconInfo
CreateIconIndirect
DestroyMenu
RemoveMenu
LoadMenuW
MapWindowPoints
DestroyIcon
LoadImageW
GetWindowLongW
GetKeyState
GetSystemMetrics
KillTimer
PostQuitMessage
DestroyWindow
IsWindowEnabled
OpenIcon
SetFocus
AreDpiAwarenessContextsEqual
GetFocus
IsIconic
ScreenToClient
SetTimer
LoadIconW
DefWindowProcW
SendMessageW
PostMessageW
GetClientRect
UpdateWindow
GetDC
ShowWindow
GetMessagePos
SetMenu
ChangeWindowMessageFilterEx
SetForegroundWindow
CreateWindowInBand
SetLayeredWindowAttributes
CreateWindowExW
RegisterClassExW
CheckMenuRadioItem
GetSubMenu
GetMenuItemID
GetMenuItemCount
CheckMenuItem
EnableMenuItem
DeleteMenu
SetWindowPos
GetMonitorInfoW
MonitorFromPoint
GetWindowRect
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
MessageBoxW
SendMessageTimeoutW
AllowSetForegroundWindow
GetWindowThreadProcessId
FindWindowW
GetGuiResources
GetUserObjectInformationW
GetPropW
InternalGetWindowText
GetWindowBand
ord2574
GetWindowCompositionAttribute
ord2573
ord2569
RegisterWindowMessageW
SetPropW
RemovePropW
MonitorFromWindow
OpenClipboard
SendInput
GetWindowPlacement
ReleaseCapture
SetWindowRgn
GetAncestor
SetClassLongW
SetCapture
GetKeyboardState
GetNextDlgTabItem
EmptyClipboard
SetClipboardData
CloseClipboard
InvalidateRect
TrackPopupMenu
GetCurrentInputMessageSource
GetDoubleClickTime
SetDlgItemTextW
EndDialog
ShowWindowAsync
GetLastActivePopup
MessageBeep
SwitchToThisWindow
GetDlgItem
GetDlgItemTextW
GetWindowTextW
EnableWindow
GetWindowTextLengthW
CreateDialogParamW
SetWindowTextW
ord2521
AppendMenuW
GetMenuItemInfoW
GetMenuState
SetMenuDefaultItem
MsgWaitForMultipleObjectsEx
PeekMessageW
SetMenuInfo
CopyIcon
UnregisterClassW
RegisterDeviceNotificationW
UnregisterDeviceNotification
GetClassLongW
GetClassNameW
GetWindow
IsWindowVisible
GhostWindowFromHungWindow
IsHungAppWindow
HungWindowFromGhostWindow
OpenDesktopW
GetThreadDesktop
SetThreadDesktop
EnumDesktopWindows
CloseDesktop
EnumDesktopsW
GetProcessWindowStation
GetMenu
GetDpiAwarenessContextForProcess
DrawTextExW
IsWindow
GetDpiForWindow
DrawIconEx
DrawTextW
EnumWindows
WindowFromDC
WindowFromPoint
GetMenuInfo
SetMenuItemInfoW
SetMessageExtraInfo
GetMessageExtraInfo
GetDpiForSystem
GetWindowDpiAwarenessContext

duser

GetGadgetRect
ForwardGadgetMessage
SetGadgetStyle

dui70

InitThread
UnInitThread
UnInitProcessPriv
?GetKeyFocusedElement@HWNDElement@DirectUI@@SGPAVElement@2@XZ
?CreateGraphic@Value@DirectUI@@SGPAV12@PAUHICON__@@_N11@Z
?SetValue@Element@DirectUI@@QAEJP6GPBUPropertyInfo@2@XZHPAVValue@2@@Z
?ContentProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?Release@Value@DirectUI@@QAEXXZ
?GetRootRelativeBounds@Element@DirectUI@@QAEJPAUtagRECT@@@Z
?GetRoot@Element@DirectUI@@QAEPAV12@XZ
?IsRTL@Element@DirectUI@@QAE_NXZ
?GetExtent@Element@DirectUI@@QAEPBUtagSIZE@@PAPAVValue@2@@Z
?GetDisplayNode@Element@DirectUI@@QAEPAUHGADGET__@@XZ
InitProcessPriv
?GetBorderThickness@Element@DirectUI@@QAEPBUtagRECT@@PAPAVValue@2@@Z
?GetPadding@Element@DirectUI@@QAEPBUtagRECT@@PAPAVValue@2@@Z
?SetX@Element@DirectUI@@QAEJH@Z
?GetParent@Element@DirectUI@@QAEPAV12@XZ
?GetLocation@Element@DirectUI@@QAEPBUtagPOINT@@PAPAVValue@2@@Z
?SetBorderColor@Element@DirectUI@@QAEJK@Z
?SetBorderStyle@Element@DirectUI@@QAEJH@Z
?SetBorderThickness@Element@DirectUI@@QAEJHHHH@Z
?GetClassInfoPtr@HWNDElement@DirectUI@@SGPAUIClassInfo@2@XZ
?FindDescendent@Element@DirectUI@@QAEPAV12@G@Z
StrToID
?SetForegroundColor@Element@DirectUI@@QAEJK@Z
?ForegroundProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?SetBackgroundColor@Element@DirectUI@@QAEJK@Z
?BackgroundProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?SetContentAlign@Element@DirectUI@@QAEJH@Z
?Insert@Element@DirectUI@@UAEJPAPAV12@II@Z
?RemoveLocalValue@Element@DirectUI@@QAEJP6GPBUPropertyInfo@2@XZ@Z
?GetSelected@Element@DirectUI@@QAE_NXZ
?Initialize@NativeHWNDHost@DirectUI@@QAEJPBGPAUHWND__@@PAUHICON__@@HHHHHHI@Z
??0NativeHWNDHost@DirectUI@@QAE@XZ
??1NativeHWNDHost@DirectUI@@UAE@XZ
?CreateHostWindow@NativeHWNDHost@DirectUI@@UAEPAUHWND__@@KPBG0KHHHHPAU3@PAUHMENU__@@PAUHINSTANCE__@@PAX@Z
?KeyWithinProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?Destroy@Layout@DirectUI@@QAEXXZ
?SetLayout@Element@DirectUI@@QAEJPAVLayout@2@@Z
?Create@GridLayout@DirectUI@@SGJHHPAPAVLayout@2@@Z
??0IProvider@DirectUI@@QAE@XZ
?GetFocus@HWNDElementProvider@DirectUI@@UAGJPAPAUIRawElementProviderFragment@@@Z
?ElementProviderFromPoint@HWNDElementProvider@DirectUI@@UAGJNNPAPAUIRawElementProviderFragment@@@Z
?GetPatternProvider@ElementProvider@DirectUI@@UAGJHPAPAUIUnknown@@@Z
?Release@HWNDElementProvider@DirectUI@@UAGKXZ
?AddRef@HWNDElementProvider@DirectUI@@UAGKXZ
?QueryInterface@HWNDElementProvider@DirectUI@@UAGJABU_GUID@@PAPAX@Z
?GetProxyCreator@HWNDElementProvider@DirectUI@@UAEP6GPAVProviderProxy@2@PAVElement@2@@ZXZ
?AdviseEventRemoved@ElementProvider@DirectUI@@UAGJHPAUtagSAFEARRAY@@@Z
?AdviseEventAdded@ElementProvider@DirectUI@@UAGJHPAUtagSAFEARRAY@@@Z
?get_FragmentRoot@ElementProvider@DirectUI@@UAGJPAPAUIRawElementProviderFragmentRoot@@@Z
?SetFocus@ElementProvider@DirectUI@@UAGJXZ
?GetEmbeddedFragmentRoots@ElementProvider@DirectUI@@UAGJPAPAUtagSAFEARRAY@@@Z
?get_BoundingRectangle@ElementProvider@DirectUI@@UAGJPAUUiaRect@@@Z
?GetRuntimeId@ElementProvider@DirectUI@@UAGJPAPAUtagSAFEARRAY@@@Z
?Navigate@ElementProvider@DirectUI@@UAGJW4NavigateDirection@@PAPAUIRawElementProviderFragment@@@Z
?ShowContextMenu@ElementProvider@DirectUI@@UAGJXZ
?get_HostRawElementProvider@ElementProvider@DirectUI@@UAGJPAPAUIRawElementProviderSimple@@@Z
?get_ProviderOptions@ElementProvider@DirectUI@@UAGJPAW4ProviderOptions@@@Z
?TossElement@ElementProvider@DirectUI@@UAEXXZ
?QueryInterface@ElementProvider@DirectUI@@UAGJABU_GUID@@PAPAX@Z
?Create@ElementProvider@DirectUI@@SGJPAVElement@2@PAVInvokeHelper@2@PAPAV12@@Z
?Create@HWNDElementProvider@DirectUI@@SGJPAVHWNDElement@2@PAVInvokeHelper@2@PAPAV12@@Z
?Find@ElementProviderManager@DirectUI@@SGPAVElementProvider@2@PAVElement@2@@Z
??0ProviderProxy@DirectUI@@IAE@XZ
??0ElementProxy@DirectUI@@IAE@XZ
??0RefcountBase@DirectUI@@QAE@XZ
??0ElementProvider@DirectUI@@QAE@XZ
??1ElementProvider@DirectUI@@UAE@XZ
??0HWNDElementProvider@DirectUI@@QAE@XZ
?GetInvokeHelper@InvokeManager@DirectUI@@SGJPAPAVInvokeHelper@2@@Z
?Init@ProviderProxy@DirectUI@@MAEXPAVElement@2@@Z
?CreatePatternProvider@Schema@DirectUI@@SGJW4Pattern@12@PAVElementProvider@2@PAPAUIUnknown@@@Z
?IsPatternSupported@ElementProxy@DirectUI@@IAEJW4Pattern@Schema@2@PA_N@Z
?AddRef@ElementProvider@DirectUI@@UAGKXZ
?TossPatternProvider@ElementProvider@DirectUI@@QAEXW4Pattern@Schema@2@@Z
??1RefcountBase@DirectUI@@UAE@XZ
?DoInvokeArgs@ElementProvider@DirectUI@@QAEJHP6GPAVProviderProxy@2@PAVElement@2@@ZPAD@Z
?GetElement@ElementProvider@DirectUI@@UAEPDVElement@2@XZ
?AddRef@RefcountBase@DirectUI@@QAEJXZ
?Release@RefcountBase@DirectUI@@QAEJXZ
?Init@ElementProxy@DirectUI@@MAEXPAVElement@2@@Z
?DoMethod@ElementProxy@DirectUI@@UAEJHPAD@Z
?GetProperty@ElementProxy@DirectUI@@IAEJPAUtagVARIANT@@H@Z
?Release@ElementProvider@DirectUI@@UAGKXZ
?Init@ElementProvider@DirectUI@@MAEJPAVElement@2@PAVInvokeHelper@2@@Z
??1AutoLock@DirectUI@@QAE@XZ
??0AutoLock@DirectUI@@QAE@PAU_RTL_CRITICAL_SECTION@@@Z
?DoInvoke@ElementProvider@DirectUI@@IAAJHZZ
?PatternFromPatternId@Schema@DirectUI@@SG?AW4Pattern@12@H@Z
?Init@HWNDElementProvider@DirectUI@@MAEJPAVHWNDElement@2@PAVInvokeHelper@2@@Z
?NameProperty@Schema@DirectUI@@2HA
?DataGridControlType@Schema@DirectUI@@2HA
?SelectionPattern@Schema@DirectUI@@2HA
?TablePattern@Schema@DirectUI@@2HA
HrSysAllocString
?GetPropertyValue@ElementProvider@DirectUI@@UAGJHPAUtagVARIANT@@@Z
?InvokePattern@Schema@DirectUI@@2HA
?TableItemPattern@Schema@DirectUI@@2HA
?IsControlElementProperty@Schema@DirectUI@@2HA
?IsContentElementProperty@Schema@DirectUI@@2HA
?TreeItemControlType@Schema@DirectUI@@2HA
?ListItemControlType@Schema@DirectUI@@2HA
?ControlTypeProperty@Schema@DirectUI@@2HA
?GridPattern@Schema@DirectUI@@2HA
?SelectionItemPattern@Schema@DirectUI@@2HA
?ExpandCollapsePattern@Schema@DirectUI@@2HA
?GridItemPattern@Schema@DirectUI@@2HA
?UiaRaiseAutomationPropertyChangedEvent@Schema@DirectUI@@2P6GJPAUIRawElementProviderSimple@@HUtagVARIANT@@1@ZA
?GetAccessible@Element@DirectUI@@QAE_NXZ
?WantPropertyEvent@EventManager@DirectUI@@SG_NH@Z
?FWantAnyEvent@EventManager@DirectUI@@SG_NPAVElement@2@@Z
GetScaleFactor
??0ScrollViewer@DirectUI@@QAE@XZ
??1ScrollViewer@DirectUI@@UAE@XZ
?OnPropertyChanging@BaseScrollViewer@DirectUI@@UAE_NPBUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanged@ScrollViewer@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?OnEvent@BaseScrollViewer@DirectUI@@UAEXPAUEvent@2@@Z
?Add@BaseScrollViewer@DirectUI@@UAEJPAPAVElement@2@I@Z
?CreateScrollBars@ScrollViewer@DirectUI@@MAEJXZ
?AddChildren@ScrollViewer@DirectUI@@MAEJXZ
?OnListenerAttach@BaseScrollViewer@DirectUI@@UAEXPAVElement@2@@Z
?OnListenerDetach@BaseScrollViewer@DirectUI@@UAEXPAVElement@2@@Z
?OnListenedPropertyChanging@BaseScrollViewer@DirectUI@@UAE_NPAVElement@2@PBUPropertyInfo@2@HPAVValue@2@2@Z
?OnListenedPropertyChanged@ScrollViewer@DirectUI@@UAEXPAVElement@2@PBUPropertyInfo@2@HPAVValue@2@2@Z
?OnListenedInput@BaseScrollViewer@DirectUI@@UAEXPAVElement@2@PAUInputEvent@2@@Z
?OnListenedEvent@BaseScrollViewer@DirectUI@@UAEXPAVElement@2@PAUEvent@2@@Z
?GetClassInfoPtr@ScrollViewer@DirectUI@@SGPAUIClassInfo@2@XZ
?Initialize@BaseScrollViewer@DirectUI@@QAEJPAVElement@2@PAK@Z
?Register@ScrollViewer@DirectUI@@SGJXZ
?OnInput@BaseScrollViewer@DirectUI@@UAEXPAUInputEvent@2@@Z
?GetXScrollable@BaseScrollViewer@DirectUI@@QAE_NXZ
?GetHScroll@ScrollViewer@DirectUI@@MAEPAVBaseScrollBar@2@XZ
?GetVScroll@ScrollViewer@DirectUI@@MAEPAVBaseScrollBar@2@XZ
?OnReceivedDialogFocus@Button@DirectUI@@UAE_NPAUIDialogElement@2@@Z
?OnLostDialogFocus@Button@DirectUI@@UAE_NPAUIDialogElement@2@@Z
?DefaultAction@Button@DirectUI@@UAEJXZ
?OnInput@Button@DirectUI@@UAEXPAUInputEvent@2@@Z
?GetClassInfoPtr@Button@DirectUI@@SGPAUIClassInfo@2@XZ
??1Button@DirectUI@@UAE@XZ
??0Button@DirectUI@@QAE@XZ
?Register@Button@DirectUI@@SGJXZ
?KeyFocusedProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?OnPropertyChanged@Button@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?MouseWithinProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?GetBackgroundColor@Element@DirectUI@@QAEPBUFill@2@PAPAVValue@2@@Z
?Initialize@Button@DirectUI@@QAEJIPAVElement@2@PAK@Z
?SetFontStyle@Element@DirectUI@@QAEJH@Z
?SetFontWeight@Element@DirectUI@@QAEJH@Z
?GetFontWeight@Element@DirectUI@@QAEHXZ
?GetMouseWithin@Element@DirectUI@@QAE_NXZ
?SetActive@Element@DirectUI@@QAEJH@Z
?SetID@Element@DirectUI@@QAEJPBG@Z
?SetPressed@Button@DirectUI@@QAEJ_N@Z
?GetBoolFalse@Value@DirectUI@@SGPAV12@XZ
?GetContentString@Element@DirectUI@@QAEPBGPAPAVValue@2@@Z
?SetAnimation@Element@DirectUI@@QAEJH@Z
?HeightProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?LayoutPosProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?HasPadding@Element@DirectUI@@QAE_NXZ
?HasBorder@Element@DirectUI@@QAE_NXZ
?GetType@Value@DirectUI@@QBEHXZ
?CustomProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?GetValue@Element@DirectUI@@QAEPAVValue@2@P6GPBUPropertyInfo@2@XZHPAUUpdateCache@2@@Z
?SetClass@Element@DirectUI@@QAEJPBG@Z
?CreateInt@Value@DirectUI@@SGPAV12@HW4DynamicScaleValue@@@Z
?OnNotify@HWNDHost@DirectUI@@UAE_NIIJPAJ@Z
?OnPropertyChanged@HWNDHost@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?GetClassInfoPtr@HWNDHost@DirectUI@@SGPAUIClassInfo@2@XZ
?Register@HWNDHost@DirectUI@@SGJXZ
?OnInput@HWNDHost@DirectUI@@UAEXPAUInputEvent@2@@Z
?Release@Element@DirectUI@@QAGKXZ
?Initialize@HWNDHost@DirectUI@@QAEJIIPAVElement@2@PAK@Z
??1HWNDHost@DirectUI@@UAE@XZ
??0HWNDHost@DirectUI@@QAE@XZ
?GetEnabled@Element@DirectUI@@QAE_NXZ
?SetAccName@Element@DirectUI@@QAEJPBG@Z
?GetDPI@Element@DirectUI@@QAEHXZ
?SetEnabled@Element@DirectUI@@QAEJ_N@Z
?UpdateSheets@DUIXmlParser@DirectUI@@QAEJPAVElement@2@@Z
?SetRootWindowForTheming@DUIXmlParser@DirectUI@@QAEXPAUHWND__@@@Z
?SetMinSize@Element@DirectUI@@QAEJHH@Z
?IsDescendent@Element@DirectUI@@QAE_NPAV12@@Z
?Add@Element@DirectUI@@QAEJPAV12@@Z
?SetAccDesc@Element@DirectUI@@QAEJPBG@Z
?SetTooltip@Element@DirectUI@@QAEJ_N@Z
?GetClassInfoPtr@Expando@DirectUI@@SGPAUIClassInfo@2@XZ
??0Element@DirectUI@@QAE@XZ
?_PostEvent@Element@DirectUI@@AAEXPAUEvent@2@H@Z
?Register@Element@DirectUI@@SGJXZ
?SetXScrollable@BaseScrollViewer@DirectUI@@QAEJ_N@Z
?SetPadding@Element@DirectUI@@QAEJHHHH@Z
?SetXOffset@BaseScrollViewer@DirectUI@@QAEJH@Z
?XOffsetProp@BaseScrollViewer@DirectUI@@SGPBUPropertyInfo@2@XZ
?ShiftChild@Element@DirectUI@@QAEJII@Z
?GetForegroundColor@Element@DirectUI@@QAEPBUFill@2@PAPAVValue@2@@Z
?Initialize@Element@DirectUI@@QAEJIPAV12@PAK@Z
?Insert@Element@DirectUI@@QAEJPAV12@I@Z
?Remove@Element@DirectUI@@QAEJPAV12@@Z
?GetSize@Value@DirectUI@@QAEPBUtagSIZE@@XZ
?ExtentProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?OnInput@Element@DirectUI@@UAEXPAUInputEvent@2@@Z
?IsDestroyed@Element@DirectUI@@QAE_NXZ
?GetDesiredSize@Element@DirectUI@@QAEPBUtagSIZE@@XZ
??1DCSurface@DirectUI@@UAE@XZ
??0DCSurface@DirectUI@@QAE@PAUHDC__@@@Z
?SetValue@Element@DirectUI@@QAEJPBUPropertyInfo@2@HPAVValue@2@@Z
?SetAccValue@Element@DirectUI@@QAEJPBG@Z
?RemoveListener@Element@DirectUI@@QAEXPAUIElementListener@2@@Z
?SetContentString@Element@DirectUI@@QAEJPBG@Z
?Init@NavReference@DirectUI@@QAEXPAVElement@2@PAUtagRECT@@@Z
?GetKeyWithin@Element@DirectUI@@QAE_NXZ
?GetInt@Value@DirectUI@@QAEHXZ
?GetWidth@Element@DirectUI@@QAEHXZ
?SetWidth@Element@DirectUI@@QAEJH@Z
?OnEvent@Element@DirectUI@@UAEXPAUEvent@2@@Z
?AddListener@Element@DirectUI@@QAEJPAUIElementListener@2@@Z
??1Element@DirectUI@@UAE@XZ
?OnPropertyChanged@Element@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?OnDestroy@Element@DirectUI@@UAEXXZ
?IsHosted@Element@DirectUI@@QAE_NXZ
?GetAccessibleImpl@Element@DirectUI@@UAEJPAPAUIAccessible@@@Z
?ExpandCollapse_ExpandCollapseState_Property@Schema@DirectUI@@2HA
?SetSelected@Element@DirectUI@@QAEJ_N@Z
?CreateBool@Value@DirectUI@@SGPAV12@_N@Z
?SetExpanded@Expandable@DirectUI@@QAEJ_N@Z
?GetExpanded@Expandable@DirectUI@@QAE_NXZ
?SortChildren@Element@DirectUI@@QAEJP6AHPBX0@Z@Z
?GetBool@Value@DirectUI@@QAE_NXZ
?GetValue@Element@DirectUI@@QAEPAVValue@2@PBUPropertyInfo@2@HPAUUpdateCache@2@@Z
?GetVisible@Element@DirectUI@@QAE_NXZ
?HasChildren@Element@DirectUI@@QAE_NXZ
?GetChildren@Element@DirectUI@@QAEPAV?$DynamicArray@PAVElement@DirectUI@@$0A@@2@PAPAVValue@2@@Z
?GetClassInfoPtr@Element@DirectUI@@SGPAUIClassInfo@2@XZ
?GetClass@Element@DirectUI@@QAEPBGPAPAVValue@2@@Z
?GetIndex@Element@DirectUI@@QAEHXZ
??1CCListView@DirectUI@@UAE@XZ
?PostCreate@CCBase@DirectUI@@MAEXPAUHWND__@@@Z
?OnReceivedDialogFocus@CCBase@DirectUI@@UAE_NPAUIDialogElement@2@@Z
?OnLostDialogFocus@CCBase@DirectUI@@UAE_NPAUIDialogElement@2@@Z
?OnCustomDraw@CCBase@DirectUI@@UAE_NPAUtagNMCUSTOMDRAWINFO@@PAJ@Z
?EraseBkgnd@HWNDHost@DirectUI@@MAE_NPAUHDC__@@PAJ@Z
?SetWindowDirection@HWNDHost@DirectUI@@UAEXPAUHWND__@@@Z
?OnWindowStyleChanged@HWNDHost@DirectUI@@UAEXIPBUtagSTYLESTRUCT@@@Z
?OnCtrlThemeChanged@HWNDHost@DirectUI@@UAE_NIIJPAJ@Z
?OnSinkThemeChanged@HWNDHost@DirectUI@@UAE_NIIJPAJ@Z
?OnSysChar@HWNDHost@DirectUI@@UAE_NG@Z
?DefaultAction@CCBase@DirectUI@@UAEJXZ
?GetAccessibleImpl@HWNDHost@DirectUI@@UAEJPAPAUIAccessible@@@Z
?GetKeyFocused@HWNDHost@DirectUI@@UAE_NXZ
?RemoveTooltip@Element@DirectUI@@MAEXPAV12@@Z
?ActivateTooltip@Element@DirectUI@@MAEXPAV12@K@Z
?UpdateTooltip@Element@DirectUI@@MAEXPAV12@@Z
?OnUnHosted@HWNDHost@DirectUI@@MAEXPAVElement@2@@Z
?OnHosted@HWNDHost@DirectUI@@MAEXPAVElement@2@@Z
?MessageCallback@HWNDHost@DirectUI@@UAEIPAUtagGMSG@@@Z
?GetContentSize@CCListView@DirectUI@@UAE?AUtagSIZE@@HHPAVSurface@2@@Z
?Paint@HWNDHost@DirectUI@@UAEXPAUHDC__@@PBUtagRECT@@1PAU4@2@Z
?OnEvent@HWNDHost@DirectUI@@UAEXPAUEvent@2@@Z
?OnDestroy@HWNDHost@DirectUI@@UAEXXZ
?OnGroupChanged@Element@DirectUI@@UAEXH_N@Z
?OnPropertyChanged@CCBase@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?GetClassInfoPtr@CCListView@DirectUI@@SGPAUIClassInfo@2@XZ
?Register@CCListView@DirectUI@@SGJXZ
?OnInput@CCBase@DirectUI@@UAEXPAUInputEvent@2@@Z
?SetKeyFocus@HWNDHost@DirectUI@@UAEXXZ
?OnNotify@CCBase@DirectUI@@UAE_NIIJPAJ@Z
?OnMessage@HWNDHost@DirectUI@@UAE_NIIJPAJ@Z
?OnAdjustWindowSize@HWNDHost@DirectUI@@UAEHHHI@Z
?GetHWND@HWNDHost@DirectUI@@UAEPAUHWND__@@XZ
?SetWinStyle@CCBase@DirectUI@@QAEJH@Z
?Initialize@CCListView@DirectUI@@QAEJIPAVElement@2@PAK@Z
?CreateHWND@CCBase@DirectUI@@UAEPAUHWND__@@PAU3@@Z
??0CCListView@DirectUI@@QAE@XZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UBEXXZ
?GetChildren@ClassInfoBase@DirectUI@@UBEHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UAEXXZ
?AddChild@ClassInfoBase@DirectUI@@UAEXXZ
?IsGlobal@ClassInfoBase@DirectUI@@UBE_NXZ
?GetModule@ClassInfoBase@DirectUI@@UBEPAUHINSTANCE__@@XZ
?IsSubclassOf@ClassInfoBase@DirectUI@@UBE_NPAUIClassInfo@2@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UBE_NPBUPropertyInfo@2@@Z
?GetName@ClassInfoBase@DirectUI@@UBEPBGXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UBEIXZ
?GetPICount@ClassInfoBase@DirectUI@@UBEIXZ
?GetByClassIndex@ClassInfoBase@DirectUI@@UAEPBUPropertyInfo@2@I@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UAEPBUPropertyInfo@2@I@Z
?Release@ClassInfoBase@DirectUI@@UAEHXZ
?AddRef@ClassInfoBase@DirectUI@@UAEXXZ
?_OnUIStateChanged@HWNDElement@DirectUI@@MAEXGG@Z
?GetWindowClassNameAndStyle@HWNDElement@DirectUI@@UAEXPAPBGPAI@Z
?CanSetFocus@HWNDElement@DirectUI@@UAE_NXZ
?OnCompositionChanged@HWNDElement@DirectUI@@UAEXXZ
?OnWmSettingChanged@HWNDElement@DirectUI@@UAEXIJ@Z
?OnWmThemeChanged@HWNDElement@DirectUI@@UAEXIJ@Z
?OnGetDlgCode@HWNDElement@DirectUI@@UAEXPAUtagMSG@@PAJ@Z
?OnNoChildWithShortcutFound@HWNDElement@DirectUI@@UAEXPAUKeyboardEvent@2@@Z
?OnImmersiveColorSchemeChanged@HWNDElement@DirectUI@@UAEXXZ
?GetUiaFocusDelegate@Element@DirectUI@@UAEPAV12@XZ
?HandleUiaEventListener@Element@DirectUI@@UAEXPAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UAEXXZ
?GetElementProviderImpl@Element@DirectUI@@UAEJPAVInvokeHelper@2@PAPAVElementProvider@2@@Z
?GetUIAElementProvider@Element@DirectUI@@UAEJABU_GUID@@PAPAX@Z
?DefaultAction@Element@DirectUI@@UAEJXZ
?GetAccessibleImpl@HWNDElement@DirectUI@@UAEJPAPAUIAccessible@@@Z
?RemoveTooltip@HWNDElement@DirectUI@@UAEXPAVElement@2@@Z
?UpdateTooltip@HWNDElement@DirectUI@@UAEXPAVElement@2@@Z
?OnUnHosted@Element@DirectUI@@MAEXPAV12@@Z
?OnHosted@Element@DirectUI@@MAEXPAV12@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MAE?AUtagSIZE@@HHPAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MAEXHH@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UAEXPAUtagRECT@@@Z
?QueryInterface@Element@DirectUI@@UAGJABU_GUID@@PAPAX@Z
?MessageCallback@Element@DirectUI@@UAEIPAUtagGMSG@@@Z
?RemoveBehavior@Element@DirectUI@@UAEJPAUIDuiBehavior@@@Z
?AddBehavior@Element@DirectUI@@UAEJPAUIDuiBehavior@@@Z
?SetKeyFocus@Element@DirectUI@@UAEXXZ
?EnsureVisible@Element@DirectUI@@UAE_NHHHH@Z
?GetAdjacent@Element@DirectUI@@UAEPAV12@PAV12@HPBUNavReference@2@K@Z
?Remove@Element@DirectUI@@UAEJPAPAV12@I@Z
??0HWNDElement@DirectUI@@QAE@XZ
?Add@Element@DirectUI@@UAEJPAPAV12@I@Z
?GetContentSize@Element@DirectUI@@UAE?AUtagSIZE@@HHPAVSurface@2@@Z
?Paint@Element@DirectUI@@UAEXPAUHDC__@@PBUtagRECT@@1PAU4@2@Z
?OnMouseFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnKeyFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnGroupChanged@HWNDElement@DirectUI@@UAEXH_N@Z
?OnPropertyChanged@Element@DirectUI@@UAEXPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanged@HWNDElement@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPBUPropertyInfo@2@HPAVValue@2@1@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UAEPBGPAPAVValue@2@@Z
?IsContentProtected@Element@DirectUI@@UAE_NXZ
?IsRTLReading@Element@DirectUI@@UAE_NXZ
??1ClassInfoBase@DirectUI@@UAE@XZ
??0ClassInfoBase@DirectUI@@QAE@XZ
?Initialize@ClassInfoBase@DirectUI@@QAEJPAUHINSTANCE__@@PBG_NPBQBUPropertyInfo@2@I@Z
?Register@ClassInfoBase@DirectUI@@QAEJXZ
?ClassExist@ClassInfoBase@DirectUI@@SG_NPAPAUIClassInfo@2@PBQBUPropertyInfo@2@IPAU32@PAUHINSTANCE__@@PBG_N@Z
??1CritSecLock@DirectUI@@QAE@XZ
?GetFactoryLock@Element@DirectUI@@SGPAU_RTL_CRITICAL_SECTION@@XZ
??0CritSecLock@DirectUI@@QAE@PAU_RTL_CRITICAL_SECTION@@@Z
?Register@HWNDElement@DirectUI@@SGJXZ
?OnThemeChanged@HWNDElement@DirectUI@@UAEXPAUThemeChangedEvent@2@@Z
?SetHeight@Element@DirectUI@@QAEJH@Z
?GetLayoutPos@Element@DirectUI@@QAEHXZ
?ActivateTooltip@HWNDElement@DirectUI@@UAEXPAVElement@2@K@Z
EnableAnimations
?StartNavigate@Browser@DirectUI@@SG?AVUID@@XZ
DisableAnimations
?Destroy@DUIXmlParser@DirectUI@@QAEXXZ
?SetXMLFromResource@DUIXmlParser@DirectUI@@QAEJIPAUHINSTANCE__@@0@Z
?Create@DUIXmlParser@DirectUI@@SGJPAPAV12@P6GPAVValue@2@PBGPAX@Z2P6GX11H2@Z2@Z
?CreateElement@DUIXmlParser@DirectUI@@QAEJPBGPAVElement@2@1PAKPAPAV32@@Z
?ShowWindow@NativeHWNDHost@DirectUI@@QAEXH@Z
?Host@NativeHWNDHost@DirectUI@@QAEXPAVElement@2@@Z
?SetVisible@Element@DirectUI@@QAEJ_N@Z
?SetAccRole@Element@DirectUI@@QAEJH@Z
?SetAccessible@Element@DirectUI@@QAEJ_N@Z
?Initialize@HWNDElement@DirectUI@@QAEJPAUHWND__@@_NIPAVElement@2@PAK@Z
?GetHWND@NativeHWNDHost@DirectUI@@QAEPAUHWND__@@XZ
?Create@NativeHWNDHost@DirectUI@@SGJPBGPAUHWND__@@PAUHICON__@@HHHHHHIPAPAV12@@Z
?Destroy@Element@DirectUI@@QAEJ_N@Z
?OnDestroy@HWNDElement@DirectUI@@UAEXXZ
?OnEvent@HWNDElement@DirectUI@@UAEXPAUEvent@2@@Z
?KeyboardNavigate@Element@DirectUI@@SG?AVUID@@XZ
?GetID@Element@DirectUI@@QAEGXZ
?SetFocus@HWNDElement@DirectUI@@QAEX_N@Z
?SetLayoutPos@Element@DirectUI@@QAEJH@Z
?OnInput@HWNDElement@DirectUI@@UAEXPAUInputEvent@2@@Z
?FireEvent@Element@DirectUI@@QAEXPAUEvent@2@_N1@Z
?Click@Button@DirectUI@@SG?AVUID@@XZ
?GetKeyFocused@Element@DirectUI@@UAE_NXZ
?EndDefer@Element@DirectUI@@QAEXK@Z
?StartDefer@Element@DirectUI@@QAEXPAK@Z
?GetHWND@HWNDElement@DirectUI@@UAEPAUHWND__@@XZ
?WndProc@HWNDElement@DirectUI@@UAEJPAUHWND__@@IIJ@Z
?Destroy@NativeHWNDHost@DirectUI@@QAEXXZ
??1HWNDElement@DirectUI@@UAE@XZ

uxtheme

ord141
GetThemeColor
CloseThemeData
EndPanningFeedback
ord142
SetWindowTheme
OpenThemeData
ord132
ord135
GetThemeInt
BeginPanningFeedback
UpdatePanningFeedback

vdmdbg

VDMEnumTaskWOWEx
VDMEnumProcessWOW
VDMTerminateTaskWOW

dwmapi

DwmSetWindowAttribute

api-ms-win-core-appcompat-l1-1-1

BaseReadAppCompatDataForProcess
BaseFreeAppCompatDataForProcess

pdh

PdhCloseQuery
PdhOpenQueryW
PdhGetRawCounterArrayW
PdhGetFormattedCounterArrayW
PdhCollectQueryData
PdhAddCounterW

dxcore

DXCoreCreateAdapterFactory

dxgi

DXGIDeclareAdapterRemovalSupport
CreateDXGIFactory2

setupapi

SetupDiGetDevicePropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW

d3d11

D3D11CreateDevice

d3d12

ord101

shcore

ord244
GetDpiForMonitor

kernel32

GetModuleHandleExA
GetNumberFormatW
GetActiveProcessorGroupCount
GetProcessAffinityMask
SetProcessAffinityMask
GlobalGetAtomNameW

msvcp_win

??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?id@?$ctype@G@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bid@locale@std@@QAEIXZ
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?tolower@?$ctype@G@std@@QBEGG@Z
_Thrd_yield
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
_Wcsxfrm
_Wcscoll
?_Incref@facet@locale@std@@UAEXXZ
?is@?$ctype@G@std@@QBE_NFG@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
??1_Locinfo@std@@QAE@XZ
?c_str@?$_Yarn@D@std@@QBEPBDXZ
??0_Locinfo@std@@QAE@PBD@Z
?id@?$collate@G@std@@2V0locale@2@A
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@G@std@@QBEPBGPAGPBG@Z
?_Xlength_error@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
_Xtime_get_ticks
_Query_perf_counter
?_Random_device@std@@YAIXZ
_Thrd_sleep
_Query_perf_frequency
?_Xinvalid_argument@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-util-l1-1-0

EncodePointer

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 983KB - Virtual size: 1008KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 271KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ThumbnailExtractionHost.exe
.exe windows:10 windows x86 arch:x86

5f8e2eb746b52688c864a664a7814623

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ThumbnailExtractionHost.pdb

Imports

advapi32

EventActivityIdControl
EventUnregister
RegGetValueW
RegOpenKeyExW
EventSetInformation
EventRegister
EventWriteTransfer
RegQueryInfoKeyW
RegCloseKey

kernel32

GetModuleFileNameA
InitOnceBeginInitialize
CreateSemaphoreExW
HeapFree
SetLastError
GetCommandLineW
GetCurrentProcess
ReleaseSemaphore
GetModuleHandleExW
GetModuleFileNameW
InitializeCriticalSection
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
CreateEventW
Sleep
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
SetEvent
InitOnceComplete
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
RaiseException
CreateThread
HeapAlloc
GetProcAddress
CreateMutexExW
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
LoadLibraryExW
IsDebuggerPresent
WaitForThreadpoolTimerCallbacks
DuplicateHandle
CloseThreadpoolTimer
GetCurrentThread
SetThreadpoolTimer
CreateThreadpoolTimer
ResolveDelayLoadedAPI
DelayLoadFailureHook

user32

CharNextW
DispatchMessageW
CharUpperW
GetMessageW
PostThreadMessageW
TranslateMessage
UnregisterClassA

msvcrt

_controlfp
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
__CxxFrameHandler3
_except_handler4_common
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_callnewh
malloc
wcsncpy_s
free
_purecall
wcscat_s
wcscpy_s
memcpy_s
_vsnwprintf
_exit
memset

oleaut32

UnRegisterTypeLi
SysStringLen
SysAllocString
RegisterTypeLi
SysFreeString
LoadTypeLi

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TokenBrokerCookies.exe
.exe windows:10 windows x86 arch:x86

a8d3571a1e85cbe58ef0e69ece31ba95

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

TokenBrokerCookies.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__controlfp_s
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__register_onexit_function
memcpy
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wtoi
_o_abort
_o_exit
_o_free
_o_iswspace
_o_terminate
__current_exception
__current_exception_context
_except_handler4_common
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
__std_terminate
__CxxFrameHandler3
_CxxThrowException

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
OpenSemaphoreW
WaitForSingleObjectEx
CreateSemaphoreExW
TryAcquireSRWLockExclusive
ReleaseMutex
CreateMutexExW
ReleaseSRWLockExclusive
WaitForSingleObject
InitializeSRWLock
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

wininet

InternetSetCookieEx2

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

oleaut32

SysStringLen
SysFreeString
SetErrorInfo

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TpmInit.exe
.exe windows:10 windows x86 arch:x86

5bf7394f35e02422597ade969d5868e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

TpmInit.pdb

Imports

advapi32

RegDeleteValueW
RegOpenKeyExW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

FormatMessageW
GetLastError
CloseHandle
CreateThread
HeapSetInformation
HeapAlloc
LocalFree
GetProcessHeap
CreateProcessW
GetModuleHandleW
lstrcmpW
ExitThread
GetProcAddress
ExpandEnvironmentStringsA
LoadLibraryExA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
CreateMutexW
GetCommandLineW
HeapSize
HeapFree
RegisterApplicationRestart
GetModuleHandleExA

user32

SetWindowLongW
LoadIconW
SendNotifyMessageW
EnumWindows
LoadStringW
GetDlgItem
SendMessageW
DestroyWindow
PostMessageW
GetParent
GetWindowLongW
GetWindowTextW
SetForegroundWindow
SetWindowTextW

msvcrt

_initterm
_XcptFilter
__getmainargs
__p__commode
__setusermatherr
__set_app_type
exit
_exit
_cexit
__p__fmode
_ismbblead
wcsncat_s
_wcsicmp
_vsnwprintf
_amsg_exit
wcstoul
_wsystem
free
memcpy
_controlfp
?terminate@@YAXXZ
wcstok
_except_handler4_common
malloc
_callnewh
_acmdln
memset

comctl32

PropertySheetW
ord345

oleaut32

SafeArrayPutElement
VariantCopy
SafeArrayCreate
VariantInit
SysFreeString
SysStringByteLen
SysAllocString
SysStringLen
SafeArrayUnaccessData
SafeArrayAccessData
VariantClear

shell32

ShellExecuteExW
CommandLineToArgvW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoSetProxyBlanket

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TpmTool.exe
.exe windows:10 windows x86 arch:x86

c72fd56e39edabc400d4a0fdfa641f14

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

TpmTool.pdb

Imports

msvcp_win

?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBGHH@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
??1_Lockit@std@@QAE@XZ
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?_Xout_of_range@std@@YAXPBD@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UAE@XZ
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBG1AAPBGPAD3AAPAD@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAG3AAPAG@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Xlength_error@std@@YAXPBD@Z

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__controlfp_s
_o__crt_atexit
_o__errno
_o__exit
_o__fseeki64
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__localtime32
_o__lock_file
_o__memicmp
_o__mktime32
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o___stdio_common_vsnprintf_s
memmove
_o__unlock_file
_o__wcsicmp
_o__wsystem
_o_exit
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fgetwc
_o_fputwc
_o_free
_o_fsetpos
_o_fwrite
_o_malloc
_o_setvbuf
_o_terminate
_o_ungetc
_o_ungetwc
_o_wcsftime
__current_exception
__current_exception_context
_except_handler4_common
_CxxThrowException
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler3
_o___stdio_common_vfwprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___stdio_common_vfwprintf
_o___p___wargv
_o___p___argc
memcpy

api-ms-win-crt-string-l1-1-0

memset

kernel32

SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetCurrentDirectoryW
HeapSize
Sleep
HeapValidate
lstrlenW
GetStdHandle
SetThreadUILanguage
InitializeSListHead
GetSystemTimeAsFileTime
HeapReAlloc
FormatMessageA
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
LocalFree
CreateMutexExW
GetProcAddress
HeapAlloc
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter

ole32

CoTaskMemFree
CoUninitialize
CoInitializeEx
StringFromGUID2
CoGetObject

user32

LoadStringW
GetForegroundWindow

shell32

SHGetKnownFolderPath

advapi32

EventUnregister
EventRegister
EventWriteTransfer
EventSetInformation

tpmcoreprovisioning

TpmGatherLogs
TpmGetDeviceInformation

servicinguapi

IsFeatureInstalled
GetServicingStatus

bcrypt

BCryptDestroyKey
BCryptDestroyHash
BCryptDecrypt
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptEncrypt

tbs

Tbsip_Submit_Command
Tbsip_Context_Close
Tbsi_Context_Create
Tbsi_GetDeviceInfo

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UserAccountBroker.exe
.exe windows:10 windows x86 arch:x86

47e33a59d99b513b43234de272f7d64b

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b2:32:1b:ef:9e:90:fd:a4:d5:2c:6e:93:01:1d:15:ec:de:78:5d:15:17:7f:3d:8a:bc:77:7a:bc:81:6c:5e:82
Signer

Actual PE Digest

b2:32:1b:ef:9e:90:fd:a4:d5:2c:6e:93:01:1d:15:ec:de:78:5d:15:17:7f:3d:8a:bc:77:7a:bc:81:6c:5e:82

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

UserAccountBroker.pdb

Imports

kernel32

InitOnceExecuteOnce
RegisterWaitForSingleObject
UnregisterWait
GetProcessId
EncodePointer
GetCurrentThreadId
OpenEventW
OpenProcess
CreateEventW
GetLastError
ReleaseSRWLockExclusive
SetEvent
AcquireSRWLockExclusive
CloseHandle
ReleaseSRWLockShared
DecodePointer
AcquireSRWLockShared
GetCurrentProcessId

user32

PostThreadMessageW
GetWindowThreadProcessId
GetMessageW
DispatchMessageW
TranslateMessage

msvcrt

?terminate@@YAXXZ
_onexit
__dllonexit
_controlfp
_lock
__CxxFrameHandler3
_wcmdln
_except_handler4_common
_callnewh
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
_unlock
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
free
_get_errno
_set_errno
malloc
memcpy_s
_vsnwprintf
_purecall
memset

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoWaitForMultipleHandles
CoUninitialize
CoReleaseServerProcess
CoAddRefServerProcess
CoCreateInstance
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoResumeClassObjects
CoInitializeEx
CoGetCallContext
CoTaskMemRealloc

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize
RoRevokeActivationFactories
RoRegisterActivationFactories

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
ReleaseMutex
OpenSemaphoreW
WaitForSingleObjectEx
WaitForSingleObject
ReleaseSemaphore
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

shlwapi

ord615

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UserAccountControlSettings.exe
.exe windows:10 windows x86 arch:x86

3d3da7592ca6678da141b25d2786f1ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

UserAccountControlSettings.pdb

Imports

advapi32

GetTokenInformation
DuplicateToken
CheckTokenMembership
OpenProcessToken
CreateWellKnownSid

kernel32

CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
GetCommandLineW
GetCurrentProcess
ReleaseSemaphore
GetModuleHandleExW
CompareStringOrdinal
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
GetModuleFileNameA
OutputDebugStringW
CloseThreadpoolTimer
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
LoadLibraryW
HeapAlloc
GetProcAddress
CreateMutexExW
LocalFree
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
FreeLibrary
DebugBreak
IsDebuggerPresent
DelayLoadFailureHook
ReleaseSRWLockExclusive
ResolveDelayLoadedAPI

user32

LoadStringW
SetWindowPos
GetCursorPos
GetMonitorInfoW
SetForegroundWindow
DestroyWindow
MonitorFromPoint

msvcrt

_XcptFilter
_cexit
__p__commode
exit
_amsg_exit
memcmp
__p__fmode
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_wcmdln
_initterm
__setusermatherr
_exit
memmove_s
_purecall
??3@YAXPAX@Z
memcpy_s
_vsnwprintf
__set_app_type
__wgetmainargs
memset

shlwapi

ord278
ord240

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
StringFromGUID2

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

ntdll

NtQueryInformationToken

ole32

CoGetObject
CoAllowSetForegroundWindow

shell32

CommandLineToArgvW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Utilman.exe
.exe windows:10 windows x86 arch:x86

9ee1391910598a8fcab5016fc8ea32cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Utilman.pdb

Imports

advapi32

GetTokenInformation
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister
ConvertSidToStringSidW
ConvertStringSidToSidW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegDeleteValueW
RegEnumValueW
RegEnumKeyExW
RegCreateKeyExW
RegGetValueW
TraceMessage
OpenProcessToken
RegLoadMUIStringW
RegDeleteTreeW

kernel32

GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
ReleaseSemaphore
GetModuleHandleExW
MulDiv
VirtualProtect
LoadLibraryExA
GetSystemInfo
VirtualQuery
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
HeapSize
HeapReAlloc
HeapDestroy
LoadLibraryW
InterlockedPushEntrySList
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
OpenProcess
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
CreateProcessW
DeleteProcThreadAttributeList
GetFileAttributesW
K32EnumProcessModules
SizeofResource
LockResource
LoadResource
InitializeCriticalSection
InitOnceComplete
InitOnceBeginInitialize
SetThreadUILanguage
HeapSetInformation
Sleep
ExpandEnvironmentStringsW
ProcessIdToSessionId
CreateEventW
OpenEventW
GetProductInfo
LocalFree
OpenMutexW
WideCharToMultiByte
MultiByteToWideChar
RaiseException
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
GetProcAddress
HeapAlloc
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CloseThreadpoolTimer
OutputDebugStringW
ReleaseSRWLockExclusive
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
K32EnumProcesses
DeleteFileW
InitializeCriticalSectionEx
LeaveCriticalSection
K32GetModuleBaseNameW
CompareStringOrdinal
FreeLibrary
OpenJobObjectW
IsProcessInJob
OOBEComplete
GetLocaleInfoEx
GetThreadPreferredUILanguages
FindResourceExW

user32

SetFocus
GetFocus
GetWindowRect
AdjustWindowRectExForDpi
ShowWindow
DispatchMessageW
TranslateMessage
GetMessageW
PostQuitMessage
DestroyWindow
DefWindowProcW
GetWindowLongW
SetWindowLongW
MoveWindow
IsWindow
CreateWindowExW
PostMessageW
MonitorFromWindow
GetDpiForWindow
SetForegroundWindow
SetWindowPos
SetTimer
KillTimer
LoadStringW
SetDesktopColorTransform
SendNotifyMessageW
GetWindowThreadProcessId
GetShellWindow
GetTaskmanWindow
UnregisterClassA
GetMonitorInfoW
SystemParametersInfoW
GetKeyState
SendInput
GetUserObjectInformationW
RegisterClassExW
GetThreadDesktop

msvcp_win

?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Xbad_alloc@std@@YAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ

api-ms-win-crt-string-l1-1-0

wcscspn
memmove_s
strncmp
wcsspn
memset

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__ltow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcslwr_s
_o__wtoi
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_memcpy_s
_o_realloc
_o_terminate
__current_exception
__current_exception_context
_o__configthreadlocale
_except_handler4_common
_CxxThrowException
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o__exit
_o__errno
__std_terminate
__CxxFrameHandler3
wcsrchr
wcschr
wcsstr
_o__crt_atexit
memcmp
memcpy
_o__controlfp_s
_o__configure_wide_argv
memmove

ntdll

NtQueryWnfStateData
WinSqmIsOptedIn
WinSqmAddToStream

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoCreateInstance
CoCreateFreeThreadedMarshaler

oleaut32

SysFreeString
SetErrorInfo
SysAllocString
GetErrorInfo
SysStringLen

shell32

ShellExecuteW

dwmapi

DwmSetWindowAttribute

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
systray.exe
.exe windows:10 windows x86 arch:x86

bdee2028e64a4c6e54156264705e7d10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

systray.pdb

Imports

kernel32

HeapSetInformation
GetCommandLineW

user32

PostMessageW
FindWindowW

msvcrt

_XcptFilter
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
takeown.exe
.exe windows:10 windows x86 arch:x86

64efc3f1223e2f39fed79fe437dd2a4a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

takeown.pdb

Imports

msvcrt

toupper
fflush
memcpy
fprintf
__setusermatherr
_exit
_get_osfhandle
exit
_fileno
wcstoul
wcstol
_errno
_memicmp
wcsrchr
wcstok
_initterm
wcspbrk
_wcsicmp
_vsnwprintf
__p__fmode
?terminate@@YAXXZ
__iob_func
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
wcstod
_cexit
_controlfp
__p__commode
_except_handler4_common
memset

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
FindStringOrdinal
GetModuleFileNameW
GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

ExitProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess
OpenProcessToken

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetComputerNameExW

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorDacl
CheckTokenMembership
AdjustTokenPrivileges
GetLengthSid
InitializeAcl
InitializeSecurityDescriptor
GetFileSecurityW
FreeSid
GetSecurityDescriptorDacl
GetTokenInformation
AddAce
SetFileSecurityW
AllocateAndInitializeSid
GetAclInformation
SetSecurityDescriptorOwner

api-ms-win-core-file-l1-1-0

GetVolumePathNameW
FindClose
GetFileAttributesW
CreateFileW
FindNextFileW
GetFullPathNameW
GetVolumeInformationW
GetFileType
FindFirstFileW
ReadFile

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW
LookupAccountNameW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetCurrentDirectoryW

api-ms-win-core-console-l1-1-0

SetConsoleMode
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
WriteConsoleW

api-ms-win-core-localization-l1-2-0

GetThreadLocale
SetThreadUILanguage
FormatMessageW

sspicli

GetUserNameExW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree
HeapSize
HeapValidate
HeapReAlloc
HeapSetInformation

api-ms-win-core-console-l2-1-0

FlushConsoleInputBuffer

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

ntdll

VerSetConditionMask
RtlVerifyVersionInfo

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrlenA

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-string-l2-1-0

CharUpperW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrChrW

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tar.exe
.exe windows:10 windows x86 arch:x86

3b8e1f37ec2574e3b9caf88b47efa772

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

tar.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
strcspn
strncmp
wcsncpy

api-ms-win-crt-time-l1-1-0

_time32

api-ms-win-crt-stdio-l1-1-0

_open

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o___p___argc
_o___p___argv
_o___p__commode
_o___stdio_common_vfprintf
_o___stdio_common_vsprintf
_o__access
_o__cexit
_o__close
_o__configthreadlocale
_o__configure_narrow_argv
_o__controlfp_s
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_narrow_environment
_o__get_osfhandle
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__localtime32_s
strchr
_o__read
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__setmode
memmove
_o__strdup
_o_calloc
_o_exit
_o_fclose
_o_feof
_o_ferror
_o_fflush
_o_fopen
_o_fputs
_o_fread
_o_free
_o_getenv
_o_isprint
_o_isspace
_o_iswctype
_o_malloc
_o_mbtowc
_o_putchar
_o_realloc
_o_setlocale
_o_strerror
_o_strftime
_o_strtol
_o_terminate
__current_exception
__current_exception_context
_except_handler4_common
memcpy
_o___acrt_iob_func
strrchr
_o__stat32

api-ms-win-core-file-l1-1-0

ReadFile
WriteFile
SetFilePointerEx
GetFullPathNameW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
SetCurrentDirectoryW
SetCurrentDirectoryA

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-console-l1-1-0

SetConsoleMode
GetConsoleMode

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

archiveint

_archive_error_string@4
_archive_match_include_pattern@8
_archive_match_new@0
_archive_match_free@4
_archive_match_exclude_pattern_from_file@12
_archive_match_include_file_time@12
_archive_version_details@0
_archive_match_include_date@12
_archive_read_support_filter_program@8
_archive_write_add_filter_by_name@8
_archive_write_add_filter_program@8
_archive_read_data_into_fd@8
_archive_read_set_options@8
_archive_match_path_unmatched_inclusions_next@8
_archive_read_extract2@12
_archive_entry_set_uname@8
_archive_entry_set_gid@12
_archive_read_extract_set_progress_callback@12
_archive_read_add_passphrase@8
_archive_read_support_format_all@4
_archive_read_new@0
_archive_entry_set_uid@12
_archive_read_support_filter_all@4
_archive_write_disk_set_standard_lookup@4
_archive_entry_size@4
_archive_read_free@4
_archive_match_include_pattern_from_file@12
_archive_filter_bytes@8
_archive_read_data_skip@4
_archive_entry_set_gname@8
_archive_write_disk_new@0
_archive_write_free@4
_archive_entry_pathname@4
_archive_clear_error@4
_archive_read_next_header@8
_archive_write_disk_set_options@8
_archive_filter_name@8
_archive_read_open_filename@12
_archive_match_excluded@8
_archive_read_close@4
_archive_format_name@4
_archive_match_path_unmatched_inclusions@4
_archive_read_set_passphrase_callback@12
_archive_entry_rdevmajor@4
_archive_match_exclude_pattern@8
_archive_entry_copy_hardlink@8
_archive_entry_strmode@4
_archive_entry_copy_pathname@8
_archive_entry_mtime@4
_archive_entry_symlink@4
_archive_match_set_inclusion_recursion@8
_archive_entry_nlink@4
_archive_entry_gid@4
_archive_entry_uname@4
_archive_entry_rdevminor@4
_archive_entry_uid@4
_archive_entry_gname@4
_archive_entry_linkresolver_set_strategy@8
_archive_write_header@8
_archive_write_open_fd@8
_archive_read_disk_gname@12
_archive_write_set_passphrase_callback@12
_archive_read_support_format_tar@4
_archive_read_disk_set_matching@16
_archive_errno@4
_archive_entry_free@4
_archive_write_set_format_by_name@8
_archive_write_set_options@8
_archive_write_data@12
_archive_read_disk_new@0
_archive_read_support_format_gnutar@4
_archive_entry_linkresolver_free@4
_archive_entry_linkify@12
_archive_write_set_format@8
_archive_write_set_bytes_in_last_block@8
_archive_write_new@0
_archive_read_next_header2@8
_archive_read_data_block@16
_archive_filter_code@8
_archive_entry_set_size@12
_archive_read_disk_set_symlink_hybrid@4
_archive_read_open_fd@12
_archive_format@4
_archive_read_disk_open@8
_archive_read_disk_descend@4
_archive_entry_linkresolver_new@0
_archive_match_exclude_entry@12
_archive_write_set_passphrase@8
_archive_write_set_bytes_per_block@8
_archive_entry_sourcepath@4
_archive_write_set_format_pax_restricted@4
_archive_entry_new@0
_archive_read_disk_can_descend@4
_archive_read_support_format_empty@4
_archive_read_disk_set_behavior@8
_archive_read_disk_set_symlink_physical@4
_archive_read_disk_set_symlink_logical@4
_archive_read_disk_set_metadata_filter_callback@12
_archive_read_header_position@4
_archive_read_disk_set_standard_lookup@4
_archive_write_close@4
_archive_read_disk_uname@12
_archive_write_open_filename@8
_archive_entry_filetype@4
_archive_entry_hardlink@4

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
taskkill.exe
.exe windows:10 windows x86 arch:x86

1b280dbbc4551f2ac95e5f1d993c6f46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

taskkill.pdb

Imports

advapi32

RegConnectRegistryW
RegCloseKey
LookupAccountSidW
OpenSCManagerW
EnumServicesStatusExW
CloseServiceHandle
RegQueryValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

kernel32

OpenProcess
CloseHandle
GetExitCodeProcess
TerminateProcess
WriteConsoleW
GetStdHandle
LocalAlloc
FormatMessageW
FreeLibrary
GetCurrentProcessId
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
GetCurrentProcess
SetLastError
GetModuleFileNameW
GetComputerNameExW
GetLastError
HeapReAlloc
HeapAlloc
HeapValidate
HeapFree
GetProcessHeap
ReadConsoleW
ReadFile
SetConsoleMode
MultiByteToWideChar
GetConsoleOutputCP
ExitProcess
CompareStringA
GetThreadLocale
CompareStringW
lstrlenW
lstrlenA
GetConsoleMode
GetFileType
WideCharToMultiByte
FindStringOrdinal
VerSetConditionMask
SetThreadUILanguage
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
LocalFree
GetCurrentThreadId
HeapSize

msvcrt

memcpy
_CxxThrowException
wcstok
wcsstr
fflush
fprintf
_get_osfhandle
_except_handler4_common
_controlfp
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_callnewh
malloc
_errno
wcstoul
wcschr
_wtoi64
_wcsicmp
wcsrchr
_wcsdup
free
__CxxFrameHandler3
__iob_func
_memicmp
_vsnwprintf
wcstod
wcstol
_fileno
memset

ntdll

RtlTimeToElapsedTimeFields
RtlVerifyVersionInfo
RtlLargeIntegerToChar

version

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

user32

CharUpperW
IsHungAppWindow
GetWindow
GetWindowLongW
GetWindowThreadProcessId
FindWindowExW
EnumWindows
LoadStringW
SetThreadDesktop
OpenDesktopW
GetThreadDesktop
EnumDesktopsW
CloseWindowStation
SetProcessWindowStation
OpenWindowStationW
GetProcessWindowStation
wsprintfW
GetWindowTextW
PostMessageW
CloseDesktop
EnumWindowStationsW

mpr

WNetAddConnection2W
WNetCancelConnection2W
WNetGetLastErrorW

oleaut32

VariantCopy
SysStringLen
SysAllocStringByteLen
VariantInit
SysFreeString
SysAllocString
VariantChangeType
VariantClear

ws2_32

FreeAddrInfoW
GetNameInfoW
GetAddrInfoW
WSAGetLastError
WSAStartup
WSACleanup

framedynos

?Find@CHString@@QBEHPBG@Z
??YCHString@@QAEABV0@PBG@Z
?GetData@CHString@@IBEPAUCHStringData@@XZ
?Mid@CHString@@QBE?AV1@HH@Z
?Empty@CHString@@QAEXXZ
?Left@CHString@@QBE?AV1@H@Z
?Compare@CHString@@QBEHPBG@Z
?Mid@CHString@@QBE?AV1@H@Z
?Find@CHString@@QBEHG@Z
?FindOneOf@CHString@@QBEHPBG@Z
??4CHString@@QAEABV0@PBD@Z
??YCHString@@QAEABV0@ABV0@@Z
??1CHString@@QAE@XZ
??0CHString@@QAE@XZ
?ReleaseBuffer@CHString@@QAEXH@Z
?GetBufferSetLength@CHString@@QAEPAGH@Z
??4CHString@@QAEABV0@ABV0@@Z
?Format@CHString@@QAAXPBGZZ
?GetBuffer@CHString@@QAEPAGH@Z
??4CHString@@QAEABV0@PBG@Z

dbghelp

EnumerateLoadedModulesW64

shlwapi

StrChrW

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoTaskMemFree
CoUninitialize

sspicli

GetUserNameExW

srvcli

NetServerGetInfo

netutils

NetApiBufferFree

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tasklist.exe
.exe windows:10 windows x86 arch:x86

abb2f0f9c3e7fd0fa45df23edfcad54c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

tasklist.pdb

Imports

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegConnectRegistryW
RegCloseKey
LookupAccountSidW
OpenSCManagerW
EnumServicesStatusExW
CloseServiceHandle
RegQueryValueExW

kernel32

GetSystemDirectoryW
LoadLibraryW
GetProcAddress
GetCurrentProcess
CloseHandle
GetNumberFormatW
OpenProcess
GetLastError
HeapSetInformation
GetCurrentThreadId
WriteConsoleW
GetStdHandle
LocalAlloc
FormatMessageW
SetLastError
GetTimeFormatW
FreeLibrary
GetComputerNameExW
HeapSize
HeapReAlloc
HeapAlloc
HeapValidate
HeapFree
GetProcessHeap
ReadConsoleW
ReadFile
SetConsoleMode
MultiByteToWideChar
GetConsoleOutputCP
ExitProcess
CompareStringA
GetThreadLocale
CompareStringW
lstrlenA
GetConsoleMode
GetFileType
WideCharToMultiByte
FindStringOrdinal
VerSetConditionMask
SetThreadUILanguage
FileTimeToSystemTime
lstrlenW
GetLocaleInfoW
GetModuleFileNameW

msvcrt

_CxxThrowException
memcpy
_except_handler4_common
_controlfp
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_callnewh
malloc
_wtoi64
_wcsicmp
_wcsdup
wcscpy_s
free
wcsrchr
wcschr
__CxxFrameHandler3
__iob_func
_vsnwprintf
_memicmp
_errno
wcstod
wcstol
wcstoul
_fileno
_get_osfhandle
fprintf
fflush
wcsstr
wcstok
memset

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoInitializeSecurity
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitializeEx

oleaut32

SysFreeString
SysAllocString
VariantChangeType
SysAllocStringByteLen
SysStringLen
VariantCopy
VariantClear
VariantInit

ntdll

RtlTimeToElapsedTimeFields
RtlVerifyVersionInfo
NtQueryInformationProcess
RtlLargeIntegerToChar
RtlQueryPackageIdentity
RtlNtStatusToDosError

imagehlp

EnumerateLoadedModulesW64

sspicli

GetUserNameExW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadStringW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

user32

GetWindow
IsHungAppWindow
GetWindowTextW
wsprintfW
FindWindowExW
EnumWindows
GetWindowLongW
SetThreadDesktop
OpenDesktopW
GetThreadDesktop
EnumDesktopsW
CloseWindowStation
SetProcessWindowStation
OpenWindowStationW
GetProcessWindowStation
CloseDesktop
EnumWindowStationsW
GetWindowThreadProcessId

mpr

WNetAddConnection2W
WNetCancelConnection2W
WNetGetLastErrorW

ws2_32

WSACleanup
WSAStartup
WSAGetLastError
FreeAddrInfoW
GetNameInfoW
GetAddrInfoW

framedynos

?GetData@CHString@@IBEPAUCHStringData@@XZ
??1CHString@@QAE@XZ
?ReleaseBuffer@CHString@@QAEXH@Z
??4CHString@@QAEABV0@PBG@Z
?Find@CHString@@QBEHPBG@Z
?Mid@CHString@@QBE?AV1@H@Z
?Compare@CHString@@QBEHPBG@Z
?Format@CHString@@QAAXPBGZZ
?Empty@CHString@@QAEXXZ
??YCHString@@QAEABV0@ABV0@@Z
??YCHString@@QAEABV0@PBG@Z
??4CHString@@QAEABV0@ABV0@@Z
?Left@CHString@@QBE?AV1@H@Z
??4CHString@@QAEABV0@PBD@Z
?GetBuffer@CHString@@QAEPAGH@Z
?FindOneOf@CHString@@QBEHPBG@Z
?Find@CHString@@QBEHG@Z
??0CHString@@QAE@XZ
?GetBufferSetLength@CHString@@QAEPAGH@Z
?Mid@CHString@@QBE?AV1@HH@Z

srvcli

NetServerGetInfo

netutils

NetApiBufferFree

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrChrW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

api-ms-win-core-string-l2-1-0

CharUpperW

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tcmsetup.exe
.exe windows:10 windows x86 arch:x86

eefb875014ecdd920c8da3d31e4c2fcb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

tcmsetup.pdb

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
CheckTokenMembership
FreeSid
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
AllocateAndInitializeSid
RegDeleteKeyW
RegCloseKey

kernel32

CompareStringW
GetCommandLineW
lstrlenW
CreateMutexW
WaitForSingleObject
ReleaseMutex
GlobalAlloc
GlobalFree
CloseHandle
HeapSetInformation
GetModuleHandleW
lstrcmpiW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep

user32

LoadStringW
MessageBoxW

msvcrt

_cexit
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
_vsnwprintf
_ismbblead
__p__fmode
_exit

tapi32

lineRemoveProvider
lineAddProviderW

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
timeout.exe
.exe windows:10 windows x86 arch:x86

cc8350d8e3ec07f59c50bd0d7e531f02

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

timeout.pdb

Imports

ntdll

RtlVerifyVersionInfo
VerSetConditionMask

user32

LoadStringW
CharUpperW

ws2_32

WSACleanup

shlwapi

StrChrW

version

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

kernel32

HeapValidate
GetTickCount
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetCurrentProcess
GetModuleFileNameW
HeapSize
HeapReAlloc
HeapAlloc
SetConsoleCtrlHandler
GetConsoleScreenBufferInfo
SetLastError
GetStdHandle
SetConsoleMode
SetThreadUILanguage
WaitForSingleObject
Sleep
GetConsoleMode
ReadConsoleInputW
HeapSetInformation
FlushConsoleInputBuffer
PeekConsoleInputW
ExitProcess
GetNumberOfConsoleInputEvents
GetFileType
SetConsoleCursorPosition
GetLastError
FormatMessageW
LocalFree
FindStringOrdinal
WideCharToMultiByte
lstrlenW
CompareStringW
GetThreadLocale
CompareStringA
WriteConsoleW
GetConsoleOutputCP
GetProcessHeap
HeapFree
UnhandledExceptionFilter

msvcrt

_fileno
_get_osfhandle
fprintf
fflush
_XcptFilter
__p__commode
_memicmp
__wgetmainargs
__set_app_type
time
wcstoul
_cexit
__p__fmode
__setusermatherr
_initterm
_except_handler4_common
?terminate@@YAXXZ
_controlfp
_exit
wcstod
_errno
wcstol
exit
_vsnwprintf
_amsg_exit
__iob_func
memset

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tracerpt.exe
.exe windows:10 windows x86 arch:x86

9246d8b1e4f80358c529765ee31bdd69

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

tracerpt.pdb

Imports

msvcrt

rewind
_ftol2_sse
strtok_s
atol
_except_handler4_common
_atoi64
memcpy
memcmp
__CxxFrameHandler3
_initterm
wcsncmp
__iob_func
?terminate@@YAXXZ
free
_XcptFilter
__p__commode
_stricmp
__setusermatherr
__set_app_type
fwprintf
_wcslwr
wcschr
wcsstr
wcstoul
_wsplitpath_s
fprintf
vsprintf_s
vfprintf
strncpy_s
_vsnwprintf_s
_vscprintf
strcpy_s
strncmp
_vscwprintf
swprintf_s
fputs
strstr
strchr
strrchr
sprintf_s
malloc
_wmakepath_s
_getmbcp
fgetws
ferror
_errno
_callnewh
wcstok
_controlfp
__p__fmode
ceil
isprint
iswspace
_strnicmp
memmove
_onexit
_cexit
_ftol2
__dllonexit
fgets
_unlock
fclose
_wfsopen
_wfopen
wcstok_s
_exit
exit
_amsg_exit
wprintf
_vsnprintf
__wgetmainargs
wcstombs_s
_purecall
_lock
qsort
wcsrchr
_vsnwprintf
_wcsicmp
_wcsnicmp
memset

api-ms-win-core-heap-l1-1-0

HeapFree
HeapSetInformation
HeapReAlloc
GetProcessHeap
HeapAlloc

api-ms-win-core-com-l1-1-0

CoUninitialize
CreateStreamOnHGlobal
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx

oleaut32

VarDateFromStr
VariantClear
SysAllocString
VariantTimeToSystemTime
VariantInit
VariantChangeType
SysStringLen
VarBstrFromDate
SystemTimeToVariantTime
SysFreeString

api-ms-win-eventing-tdh-l1-1-0

TdhLoadManifest
TdhGetPropertySize
TdhGetProperty
TdhQueryProviderFieldInformation
TdhEnumerateProviderFieldInformation
TdhGetEventInformation
TdhFormatProperty
TdhUnloadManifest
TdhGetEventMapInformation

ntdll

RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlAnsiCharToUnicodeChar
RtlEqualUnicodeString
RtlCompareString
RtlDeleteCriticalSection
RtlInitializeCriticalSection

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime

api-ms-win-core-localization-l1-2-0

GetUserDefaultLocaleName
GetLocaleInfoEx
FormatMessageW
GetFileMUIPath
SetThreadPreferredUILanguages
GetLocaleInfoW

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalFree
GlobalAlloc

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

ws2_32

WSACleanup
WSAStartup
WSAGetLastError
WSAAddressToStringW

api-ms-win-core-rtlsupport-l1-2-0

RtlRaiseException
RtlCompareMemory

api-ms-win-core-file-l1-1-0

SetFilePointer
FindClose
GetFileSize
DeleteFileW
CreateFileW
WriteFile
GetFileType
SetEndOfFile
ReadFile
GetFileAttributesW
FindFirstFileW
GetTempFileNameW
CreateDirectoryW
GetFileTime
FindNextFileW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-eventing-consumer-l1-1-0

ProcessTrace
CloseTrace
OpenTraceW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW
GetTickCount

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
SizeofResource
LoadResource
LoadLibraryExW
FreeResource
FreeLibrary
LoadStringW
LockResource
FindResourceExW
GetModuleFileNameW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
CreateThread
GetCurrentProcessId
TerminateProcess

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
SetEvent

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
GetCurrentDirectoryW
GetStdHandle

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileEx

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetConsoleMode
WriteConsoleW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFile
UnmapViewOfFile

xmllite

CreateXmlReader

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

wevtapi

EvtIntCreateLocalLogfile
EvtClose
EvtIntWriteXmlEventToLocalLogfile
EvtIntRenderResourceEventTemplate

pdh

PdhBindInputDataSourceW
PdhComputeCounterStatistics
PdhOpenQueryH
PdhCollectQueryData
PdhAddCounterW
PdhTranslate009CounterW
PdhExpandWildCardPathHW
PdhParseCounterPathW
PdhGetLogFileTypeW
PdhGetDataSourceTimeRangeH
PdhSetQueryTimeRange
PdhCloseLog
PdhCloseQuery
PdhGetRawCounterValue

tdh

TdhLoadManifestFromBinary
TdhGetAllEventsInformation
TdhGetPropertyOffsetAndSize

imagehlp

SymUnloadModule64
SymGetLineFromAddr64
SymGetTypeInfo
SymGetOptions
SymEnumTypesByName
SymRegisterCallback64
SymCleanup
SymSetOptions
SymGetSymbolFileW
SymFromAddr

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo

dbghelp

SymInitializeW
SymSearch
SymLoadModuleExW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage
GetSystemDefaultUILanguage

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

Sections

.text
Size: 323KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ttdinject.exe
.exe windows:10 windows x86 arch:x86

e18d7e87c48a288dbc5b51bf17bed805

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:d8:59:37:4a:07:5b:28:55:80:b1:81:59:e2:29:23:89:ad:69:f4:d1:5b:27:72:cf:09:77:d1:1c:28:80:17
Signer

Actual PE Digest

1a:d8:59:37:4a:07:5b:28:55:80:b1:81:59:e2:29:23:89:ad:69:f4:d1:5b:27:72:cf:09:77:d1:1c:28:80:17

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

TTDInject.pdb

Imports

ntdll

NtResumeThread
NtQueryInformationThread
NtQueryInformationProcess
NtSuspendThread
RtlUnwind
RtlGetVersion
NtSetInformationProcess

kernel32

GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
LoadLibraryW
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
FreeLibrary
DebugBreak
IsDebuggerPresent
WriteConsoleW
GetCurrentProcess
SetEndOfFile
HeapReAlloc
K32GetModuleFileNameExW
GetCurrentThreadId
WaitForSingleObject
HeapSize
GetModuleFileNameW
GetModuleHandleExW
MultiByteToWideChar
GetSystemInfo
ReleaseSemaphore
CreateFileW
SetLastError
HeapFree
LoadLibraryExW
FormatMessageW
ResumeThread
Sleep
ReadProcessMemory
CreateRemoteThread
GetExitCodeProcess
WriteProcessMemory
CreateSemaphoreExW
VirtualProtect
VirtualFree
GetModuleFileNameA
VirtualAlloc
GetProcessId
DecodePointer
Thread32Next
Thread32First
OpenProcess
CreateToolhelp32Snapshot
K32GetModuleInformation
VirtualProtectEx
VirtualAllocEx
CreateProcessW
LCMapStringEx
VirtualFreeEx
VirtualQuery
OpenThread
VirtualQueryEx
CompareStringOrdinal
WideCharToMultiByte
TerminateProcess
ReleaseMutex
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
EncodePointer
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
ExitProcess
ReadFile
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
SetFilePointerEx
GetConsoleMode
ReadConsoleW
FlushFileBuffers
GetConsoleOutputCP
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetFileSizeEx

ole32

CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx

advapi32

EventRegister
RegCloseKey
RegDeleteKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
OpenProcessToken
FreeSid
CheckTokenMembership
RegGetValueW
EventWriteTransfer

Sections

.text
Size: 268KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tttracer.exe
.exe windows:10 windows x86 arch:x86

77946aa710659c131067563fab7e31ec

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6e:76:4d:8f:65:9d:ef:b6:4d:22:ca:eb:b5:c3:9d:bf:a5:26:93:94:09:88:f9:c7:19:f5:f8:14:c5:45:58:b0
Signer

Actual PE Digest

6e:76:4d:8f:65:9d:ef:b6:4d:22:ca:eb:b5:c3:9d:bf:a5:26:93:94:09:88:f9:c7:19:f5:f8:14:c5:45:58:b0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

TTTracer.pdb

Imports

ttdrecord

ExecuteTTTracerCommandLine

ntdll

RtlUnwind

kernel32

ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetCommandLineW
HeapSize
DebugBreak
IsDebuggerPresent
SizeofResource
SetLastError
ReadConsoleW
WriteFile
GetModuleFileNameW
K32GetModuleFileNameExW
HeapFree
ReadFile
CreateFileW
GetFileAttributesW
CreateSemaphoreExW
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetModuleFileNameA
LockResource
GetNativeSystemInfo
LoadResource
FindResourceW
HeapReAlloc
WriteConsoleW
DecodePointer
GetModuleHandleW
FreeLibrary
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
EncodePointer
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
ExitProcess
GetStdHandle
GetCommandLineA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CompareStringW
LCMapStringW
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetFileSizeEx
SetFilePointerEx

ole32

CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree

advapi32

RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW

Sections

.text
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
typeperf.exe
.exe windows:10 windows x86 arch:x86

33fa1e3f97809e906830dba26e3d87e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

typeperf.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm_e
_initterm
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__controlfp_s
_o__crt_atexit
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o__wcsicmp
_o__wcsnicmp
_o__wfopen
_o__wfsopen
_o__wmakepath_s
_o__wsplitpath_s
_o_exit
_o_fclose
_o_fgetws
_o_free
_o_malloc
_o_terminate
_o_wcstod
_o_wcstok
_o_wcstok_s
_o_wcstol
_except_handler4_common
__current_exception
__current_exception_context
_CxxThrowException
_o___stdio_common_vfwprintf
_o___stdio_common_vswprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
_o___acrt_iob_func
wcschr
wcsstr

api-ms-win-core-synch-l1-1-0

SetEvent
EnterCriticalSection
LeaveCriticalSection
CreateMutexW
DeleteCriticalSection
WaitForSingleObject
CreateEventW
InitializeCriticalSection
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapValidate
HeapSetInformation
HeapAlloc

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-processthreads-l1-1-0

CreateThread
TerminateThread
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
ReadConsoleW
WriteConsoleW
SetConsoleCtrlHandler
SetConsoleMode
GetConsoleMode

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo
SetConsoleTextAttribute

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
SetThreadUILanguage
FormatMessageW

api-ms-win-core-file-l1-1-0

CreateFileW
FindFirstFileW
FindNextFileW
FindClose
WriteFile
GetFileType
ReadFile

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleW
LoadStringW
FreeLibrary

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetLocalTime
GetVersionExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-security-base-l1-1-0

CheckTokenMembership
AllocateAndInitializeSid
FreeSid

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

pdh

PdhCloseQuery
PdhAddCounterW
PdhOpenLogW
PdhUpdateLogW
PdhCloseLog
PdhCollectQueryData
PdhGetFormattedCounterArrayW
PdhExpandWildCardPathW
PdhEnumObjectsW
PdhEnumObjectItemsW
PdhOpenQueryW

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tzutil.exe
.exe windows:10 windows x86 arch:x86

0a4b6ed4871b1ad7f8328d32493e9dfc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

tzutil.pdb

Imports

msvcrt

_controlfp
_initterm
memcpy
_except_handler4_common
_wtoi
_itow_s
wcschr
__setusermatherr
__p__fmode
_cexit
_exit
exit
wprintf
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_callnewh
malloc
_wsetlocale
_wcsicmp
_vsnwprintf
?terminate@@YAXXZ
memcmp
memset

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
CompareStringOrdinal

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
OpenProcessToken
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-console-l1-1-0

GetConsoleMode
WriteConsoleW
GetConsoleOutputCP

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
GetStdHandle

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
FindResourceExW
LoadLibraryExW
FreeLibrary
LoadStringW
LockResource
LoadResource

api-ms-win-core-file-l1-1-0

GetFileType
CreateFileW

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
FormatMessageW
SetThreadPreferredUILanguages

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWrite

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTime
GetLocalTime
GetTickCount
GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection

api-ms-win-core-timezone-l1-1-0

GetDynamicTimeZoneInformation
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToFileTime
SetDynamicTimeZoneInformation

api-ms-win-core-timezone-private-l1-1-0

IsTimeZoneRedirectionEnabled

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
unlodctr.exe
.exe windows:10 windows x86 arch:x86

e5d62633987b08c59bad977ed08d449c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

unlodctr.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vswprintf
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__controlfp_s
_o__crt_atexit
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
memcpy
_o__seh_filter_exe
_o__set_fmode
_o__set_new_mode
_o__wcsnicmp
_o__wtof
_o_exit
_o_floor
_o_setlocale
_o_terminate
_o_wcstoul
__current_exception
__current_exception_context
_except_handler4_common
_o___p__commode
_o___p___wargv
_o___p___argc
_o__set_app_type

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegCloseKey

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetCommandLineW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageW
SetThreadPreferredUILanguages

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-heap-l1-1-0

HeapFree
HeapReAlloc
HeapSetInformation
GetProcessHeap
HeapAlloc

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleHandleW

loadperf

LpAcquireInstallationMutex
UnloadPerfCounterTextStringsW
LpReleaseInstallationMutex

api-ms-win-core-file-l1-1-0

WriteFile
CreateFileW
ReadFile
GetFileType
GetFileSize

api-ms-win-core-console-l1-1-0

WriteConsoleW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegEnumKeyW

api-ms-win-base-util-l1-1-0

IsTextUnicode

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
unregmp2.exe
.exe windows:10 windows x86 arch:x86

08cf6be2bde79032587ad5ba07627d94

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

unregmp2.pdb

Imports

advapi32

RegQueryValueExW
RegEnumValueW
OpenServiceW
RegDeleteValueW
ChangeServiceConfigW
QueryServiceConfigW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
ControlService
RegCreateKeyExW
RegDeleteKeyW
OpenSCManagerW
CloseServiceHandle
QueryServiceStatus
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegQueryInfoKeyW

kernel32

CloseHandle
RaiseException
HeapSetInformation
LoadResource
FindResourceW
GetSystemWindowsDirectoryW
GetTickCount
DeleteFileW
FindFirstFileExW
FindNextFileW
GetShortPathNameW
RemoveDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
lstrcmpW
ExpandEnvironmentStringsW
GetUserDefaultLCID
RegisterApplicationRestart
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetFileAttributesW
GetFileSize
GetLocalTime
GetWindowsDirectoryA
CreateFileA
GetTempPath2A
SetFilePointer
GetProfileStringW
GetPrivateProfileStringW
WritePrivateProfileStringW
WriteProfileStringW
GetFileTime
FreeLibrary
GetProcAddress
GetWindowsDirectoryW
LoadLibraryW
FileTimeToSystemTime
GetTimeZoneInformation
GetSystemDefaultLangID
GetVersionExW
GetModuleFileNameW
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCIDToLocaleName
GetSystemDirectoryW
GetFileAttributesW
CreateFileW
FindClose
CreateHardLinkW
WriteFile
SetLastError
FindFirstFileW
SizeofResource
CreateDirectoryW
GetLastError

user32

LoadStringW

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_narrow_argv
_o__controlfp_s
_o__crt_atexit
_o__exit
_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__itow
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
_o__wtoi
_o__wtol
_o_exit
_o_free
_o_iswalnum
_o_iswalpha
_o_malloc
_o_mbstowcs
_o_terminate
__current_exception
__current_exception_context
_o__callnewh
_except_handler4_common
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___p__commode
wcsrchr
wcsstr
wcschr
_o__cexit
memcpy

api-ms-win-crt-string-l1-1-0

memset

ole32

StringFromGUID2
CoInitialize
CoCreateGuid
CoUninitialize
CoCreateInstance
PropVariantClear

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
VariantClear
SysAllocString

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shell32

SHChangeNotify
SHGetMalloc
SHGetSpecialFolderPathW
SHCreateItemFromParsingName
SHSetLocalizedName
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFolderPathW
ShellExecuteW

shlwapi

PathAddBackslashW
PathUnExpandEnvStringsW
PathRemoveBlanksW
PathRemoveFileSpecW
PathAppendW
PathIsDirectoryW
PathAddBackslashA

Sections

.text
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
upnpcont.exe
.exe windows:10 windows x86 arch:x86

7b6ae0b2821019ce4c865988d4d48c14

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

upnpcont.pdb

Imports

msvcrt

__wgetmainargs
free
_exit
__p__fmode
__setusermatherr
__p__commode
_wcsicmp
exit
_initterm
malloc
_wcmdln
_callnewh
_except_handler4_common
__set_app_type
_amsg_exit
_XcptFilter
_cexit
?terminate@@YAXXZ
memcpy
wcscat_s
wcscpy_s
realloc
_beginthreadex
_controlfp
memset

ntdll

EtwTraceMessage

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
SizeofResource
LoadLibraryExW
LoadResource
FindResourceExW
GetModuleHandleW
GetModuleFileNameW
GetProcAddress

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualQuery
VirtualProtect

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCreateKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegOpenKeyExW

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
EnterCriticalSection
CreateEventW
SetEvent

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoRegisterClassObject
CoResumeClassObjects
CoInitializeSecurity
CoSuspendClassObjects
CoRevokeClassObject
CoInitializeEx
CoTaskMemRealloc

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-file-l1-1-0

GetFullPathNameW

api-ms-win-core-processthreads-l1-1-0

ExitProcess
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
CreateThread
GetCurrentProcessId
GetStartupInfoW

api-ms-win-core-string-l2-1-0

CharPrevW
CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapSetInformation

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcpynW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-kernel32-legacy-l1-1-0

UnregisterWait
RegisterWaitForSingleObject

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
user.exe
.exe windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

user.pdb

Sections

.text
Size: 1024B - Virtual size: 675B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
userinit.exe
.exe windows:10 windows x86 arch:x86

95da0916f3f26c42bdbb0c5cdc7e8b39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

userinit.pdb

Imports

ntdll

NtQueryInformationProcess
RtlGetActiveConsoleId

api-ms-win-core-file-l1-1-0

CompareFileTime
GetFileAttributesExW

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentVariableW
ExpandEnvironmentStringsW
SearchPathW
GetEnvironmentVariableW

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegOpenKeyExW
RegGetValueW
RegQueryValueExW
RegCloseKey
RegEnumValueW
RegCreateKeyExW
RegOpenCurrentUser

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
CreateThread
CreateProcessW
ProcessIdToSessionId
GetStartupInfoW
SetThreadPriority
GetCurrentProcessId

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
GetTraceEnableLevel

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CreateMutexExW
AcquireSRWLockShared
ReleaseMutex
InitializeCriticalSectionEx
ReleaseSemaphore
EnterCriticalSection
CreateEventExW
ReleaseSRWLockShared
ReleaseSRWLockExclusive
CreateSemaphoreExW
CreateEventW
OpenEventW
DeleteCriticalSection
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
ResetEvent
SetEvent
LeaveCriticalSection

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW

logoncli

DsGetDcNameW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSetInformation
HeapFree
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
LoadLibraryExW
LoadStringW
FindStringOrdinal
GetModuleHandleExW
GetModuleFileNameW
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

user32

GetShellWindow
GetWindowThreadProcessId

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_initterm
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

__CxxFrameHandler3
__std_terminate
wcsrchr
_o___p__commode
_o___std_exception_copy
_o___std_exception_destroy
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__cexit
_o__configthreadlocale
_o__configure_narrow_argv
_o__controlfp_s
_o__crt_atexit
_o__errno
_o__exit
_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_CxxThrowException
memmove
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wtoi
_o_exit
_o_free
_o_terminate
__current_exception
__current_exception_context
memcmp
_except_handler4_common
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
verclsid.exe
.exe windows:10 windows x86 arch:x86

bdc7940f5de0db2f5978f34e0bd82ff0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

verclsid.pdb

Imports

kernel32

GetCommandLineW
GetCurrentProcess
TerminateProcess
SetErrorMode
HeapSetInformation
ExitProcess
GetProcAddress
DelayLoadFailureHook
LoadLibraryExA
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
FreeLibrary

msvcrt

_controlfp
_wcmdln
?terminate@@YAXXZ
_except_handler4_common
_snwscanf_s
_XcptFilter
__p__commode
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type

ole32

CoCreateInstance
CoUninitialize
IIDFromString
CoInitializeEx

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b788892ae84ba86201a726810f01cb07

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

sysdm.cpl

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

Sections

.text Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 960B

.idata Size: 1KB - Virtual size: 1KB

.rsrc Size: 74KB - Virtual size: 73KB

.reloc Size: 512B - Virtual size: 304B

b7c2abb26b91fb0be005e4be785169ca

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-com-l1-1-1

ntdll

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-shcore-thread-l1-1-0

api-ms-win-appmodel-runtime-l1-1-1

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-apiquery-l1-1-0

Sections

.text Size: 59KB - Virtual size: 59KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 6KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 20B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

7ec53fbe050a90703b67a98fcb8bcfcc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-synch-l1-1-0

.text
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 960B

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 74KB - Virtual size: 73KB

.reloc
Size: 512B - Virtual size: 304B

.text
Size: 59KB - Virtual size: 59KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 6KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 20B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1024B

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 444B

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 532B

.text
Size: 42KB - Virtual size: 42KB

.data
Size: 1024B - Virtual size: 11KB

.idata
Size: 4KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 8B

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 2KB