1f8ec7a76f4486fdff94743275b2d65e1e4c871f7f933ed5c65c1dfca22909be[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

1f8ec7a76f4486fdff94743275b2d65e1e4c871f7f933ed5c65c1dfca22909be.zip
Size

36.3MB
MD5

bcdda8d6998c1ba5130da31e35e5742e
SHA1

503c7cd597310f98ad95e307c72f7be861ce0c0b
SHA256

1f8ec7a76f4486fdff94743275b2d65e1e4c871f7f933ed5c65c1dfca22909be
SHA512

6bf475919fae4f212a5cf15f230a03cdcbd48abc8e251aa0551412f152e9f17f41f337e063beeab1aa3dce074adc0fd5d3f119e191c4e45dcb292eb1f53dd626
SSDEEP

786432:uuyvBzl1nlmWXvt6EnUH4uQkM29pPjBIcfSIMa1KZW8QoI9yo8j:W5tHrkhNSIIiyo8j

Score

3^/10

Malware Config

Signatures

Unsigned PE 17 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Repository/cimwin32.dll
unpack001/Repository/dnsclientcim.dll
unpack001/Repository/dnsclientpsprovider.dll
unpack001/Repository/dsprov.dll
unpack001/SR/spsreng.dll
unpack001/SR/spsrx.dll
unpack001/SR/srloc.dll
unpack001/SpeechUX/SpeechUX.dll
unpack001/SpeechUX/SpeechUXPS.DLL
unpack001/SpeechUX/sapi.cpl
unpack001/SpeechUX/speechuxcpl.dll
unpack001/TTS/MSTTSLoc.dll
unpack001/UMDF/EhStorPwdDrv.dll
unpack001/UMDF/HidTelephony.dll
unpack001/UMDF/IddCx.dll
unpack001/UMDF/Microsoft.Bluetooth.Profiles.HidOverGatt.dll
unpack001/UMDF/NfcCx.dll

Files

1f8ec7a76f4486fdff94743275b2d65e1e4c871f7f933ed5c65c1dfca22909be.zip
.zip
Repository/cimwin32.dll
.dll regsvr32 windows:10 windows x64 arch:x64

3e0fc5fc148d8a2f4281bca9fa8a8166

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

cimwin32.pdb

Imports

msvcrt

_itow
mbstowcs
iswdigit
_wsplitpath_s
_wcslwr
toupper
_purecall
wcstok
_wcsupr
time
div
isspace
isdigit
memcpy_s
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
memmove_s
wcsspn
iswalpha
__C_specific_handler
_vsnprintf
wcstol
swscanf_s
_beginthreadex
malloc
_wmakepath_s
_wcsdup
_ltow
_wcsnicmp
wcstok_s
_vsnprintf_s
sscanf_s
wcsrchr
_waccess
_wtoi
_errno
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
_lock
wcsncmp
_unlock
_XcptFilter
_amsg_exit
_i64tow_s
_initterm
_wtoi64
__dllonexit
_onexit
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
strcmp
memset
wcsstr
wcspbrk
free
_wtol
wcschr
wcstoul
_wcsicmp
_ultow
memcmp
_vsnwprintf
_ui64tow_s
__RTDynamicCast
_ultow_s
swscanf
__CxxFrameHandler3
wcscmp

ntdll

NtQueryValueKey
NtEnumerateValueKey
RtlFreeHeap
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlAllocateHeap
RtlCreateUnicodeString
NtOpenKey
RtlFormatCurrentUserKeyPath
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
RtlUnicodeToMultiByteN
RtlEqualString
RtlEqualUnicodeString
NtFreeVirtualMemory
NtEnumerateKey
NtWriteFile
RtlIsTextUnicode
NtReadFile
NtAllocateVirtualMemory
NtUnlockFile
NtLockFile
NtCreateFile
RtlInitAnsiString
RtlFreeAnsiString
RtlCharToInteger
RtlUnicodeStringToAnsiString
NtQueryVolumeInformationFile
RtlInitUnicodeString
NtQueryInformationProcess
RtlNtStatusToDosError
NtCreatePagingFile
NtSetInformationFile
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlValidRelativeSecurityDescriptor
RtlNumberOfSetBitsUlongPtr
NtPowerInformation
NtQuerySystemInformation
RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
NtClose
NtFsControlFile
NtOpenFile
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
NtQueryInformationFile
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlWriteRegistryValue
RtlQueryRegistryValuesEx
RtlCheckPortableOperatingSystem

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetTickCount64
GetLocalTime
GetVersionExW
GetSystemTime
GetLogicalProcessorInformationEx
GetSystemTimeAsFileTime
GetTickCount
GetSystemInfo
GlobalMemoryStatusEx
GetWindowsDirectoryW
GetSystemDirectoryW

api-ms-win-core-registry-l1-1-0

RegDeleteKeyExW
RegQueryValueExW
RegOpenKeyExW
RegGetKeySecurity
RegCloseKey
RegQueryInfoKeyW
RegSetKeySecurity
RegEnumKeyExW
RegSetValueExW
RegUnLoadKeyW
RegLoadKeyW
RegCreateKeyExW
RegDisablePredefinedCacheEx
RegEnumValueW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
RaiseException
UnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
SetThreadPriority
GetExitCodeProcess
GetCurrentThreadId
GetExitCodeThread
OpenThreadToken
GetCurrentThread
OpenProcessToken
GetCurrentProcess
GetThreadPriority
GetCurrentProcessId
SetThreadToken
CreateThread
CreateProcessAsUserW
SetPriorityClass

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
GetKernelObjectSecurity
ImpersonateLoggedOnUser
RevertToSelf
DuplicateTokenEx
MakeSelfRelativeSD
CreateWellKnownSid
GetSidSubAuthority
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
IsValidSid
GetSidSubAuthorityCount
CopySid
CheckTokenMembership
PrivilegeCheck
FreeSid
GetSidIdentifierAuthority
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
EqualSid
GetTokenInformation
GetSecurityDescriptorControl
AddAccessAllowedObjectAce
GetSecurityDescriptorLength
AddAccessDeniedObjectAce
AllocateAndInitializeSid
SetFileSecurityW
GetLengthSid
AddAuditAccessObjectAce
AddAce
GetAce
SetSecurityDescriptorControl
GetFileSecurityW
SetKernelObjectSecurity
InitializeAcl
SetSecurityDescriptorGroup
IsValidSecurityDescriptor
InitializeSecurityDescriptor
SetSecurityDescriptorOwner

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
LoadStringW
GetModuleFileNameW
LoadLibraryExW
GetModuleHandleExW
GetProcAddress
FreeLibrary
FindStringOrdinal
LoadLibraryExA
GetModuleHandleW
DisableThreadLibraryCalls

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect
VirtualQueryEx
ReadProcessMemory

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
MultiByteToWideChar

api-ms-win-core-file-l1-1-0

GetFileAttributesW
GetDiskFreeSpaceExW
GetVolumeInformationW
GetDiskFreeSpaceW
FindFirstFileW
QueryDosDeviceW
CreateFileW
RemoveDirectoryW
ReadFile
GetVolumePathNameW
DeleteFileW
FindClose
SetFileAttributesW
GetDriveTypeW
FindNextFileW
GetFileSize
GetLogicalDriveStringsW
DefineDosDeviceW
GetFileType
GetFileAttributesExW
GetLogicalDrives

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrlenA
lstrlenW
lstrcmpiW

api-ms-win-core-file-l2-1-0

CopyFileExW
CreateDirectoryExW
MoveFileExW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-kernel32-legacy-l1-1-0

GetMaximumProcessorGroupCount
GetTapeParameters
SetVolumeLabelW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

api-ms-win-core-processtopology-obsolete-l1-1-0

GetActiveProcessorCount

api-ms-win-power-base-l1-1-0

PowerDeterminePlatformRoleEx

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
GetTimeZoneInformation
SetDynamicTimeZoneInformation
GetDynamicTimeZoneInformation

api-ms-win-core-sysinfo-l1-2-0

SetSystemTime
GetProductInfo
SetComputerNameExW

api-ms-win-core-processtopology-l1-1-0

SetThreadGroupAffinity

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
OpenSemaphoreW
ReleaseMutex
ReleaseSemaphore
WaitForMultipleObjectsEx
CreateMutexExW
ResetEvent
LeaveCriticalSection
WaitForSingleObject
InitializeCriticalSection
CreateEventW
SetEvent
CreateSemaphoreExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
IsDBCSLeadByte
GetUserDefaultLCID
FormatMessageW

api-ms-win-core-com-l1-1-0

StringFromGUID2
CLSIDFromString
CoGetCallContext
CoTaskMemFree
CoCreateInstance
StringFromCLSID
CoUninitialize
CoInitializeEx
CoTaskMemAlloc

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-psapi-l1-1-0

K32GetPerformanceInfo

api-ms-win-core-localization-obsolete-l1-2-0

EnumUILanguagesW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-comm-l1-1-0

GetCommState
GetCommProperties

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

framedynos

?NormalizePath@@YAKPEBG00KAEAVCHString@@@Z
?GetAllDerivedInstances@CWbemProviderGlue@@SAJPEBGPEAV?$TRefPointerCollection@VCInstance@@@@PEAVMethodContext@@0@Z
?GetBufferSetLength@CHString@@QEAAPEAGH@Z
?AddRef@CThreadBase@@QEAAJXZ
?Release@CThreadBase@@QEAAJXZ
??0WBEMTime@@QEAA@AEBUtm@@@Z
?FindOneOf@CHString@@QEBAHPEBG@Z
?RemoveAt@CHStringArray@@QEAAXHH@Z
??4WBEMTime@@QEAAAEBV0@QEAG@Z
?AllocSysString@CHString@@QEBAPEAGXZ
?GetEmptyInstance@CWbemProviderGlue@@SAJPEAVMethodContext@@PEBGPEAPEAVCInstance@@1@Z
?SetDMTF@WBEMTime@@QEAAHQEAG@Z
?GetCurrentBinaryKeyValue@CRegistry@@QEAAKPEBGAEAVCHString@@@Z
?GetDMTF@WBEMTime@@QEBAPEAGH@Z
??4WBEMTime@@QEAAAEBV0@AEBU_SYSTEMTIME@@@Z
?GetAllDerivedInstancesAsynch@CWbemProviderGlue@@SAJPEBGPEAVProvider@@P6AJ1PEAVCInstance@@PEAVMethodContext@@PEAX@Z034@Z
??0CFrameworkQuery@@QEAA@XZ
?GetLongestValueData@CRegistry@@QEAAKXZ
?TrimRight@CHString@@QEAAXXZ
?FormatV@CHString@@QEAAXPEBGPEAD@Z
?TrimLeft@CHString@@QEAAXXZ
?IsDerivedFrom@CWbemProviderGlue@@SA_NPEBG0PEAVMethodContext@@0@Z
?SetStatusObject@MethodContext@@QEAA_NPEAUIWbemClassObject@@@Z
?initFailed@Provider@@SAHXZ
?SetEmbeddedObject@CInstance@@QEAA_NPEBGAEAV1@@Z
?FrameworkLoginDLL@CWbemProviderGlue@@SAHPEBGPEAJ@Z
?FrameworkLogoffDLL@CWbemProviderGlue@@SAHPEBGPEAJ@Z
?Destroy@CWbemGlueFactory@@QEAAXXZ
?UnRegisterMessage@CWinMsgEvent@@IEAA_NIH@Z
?RegisterForMessage@CWinMsgEvent@@IEAAXIH@Z
??1CWinMsgEvent@@QEAA@XZ
?Create@CWbemGlueFactory@@SAPEAV1@PEAJ@Z
??0CWinMsgEvent@@QEAA@XZ
?SetAt@CHString@@QEAAXHG@Z
?GetSYSTEMTIME@WBEMTime@@QEBAHPEAU_SYSTEMTIME@@@Z
?IsOk@WBEMTime@@QEBA_NXZ
?GetDateTime@CInstance@@QEBA_NPEBGAEAVWBEMTime@@@Z
??1CFrameworkQuery@@QEAA@XZ
??0WBEMTime@@QEAA@XZ
?GetLocalOffsetForDate@WBEMTime@@SAJPEBU_SYSTEMTIME@@@Z
?SetDOUBLE@CInstance@@QEAA_NPEBGN@Z
??0WBEMTime@@QEAA@AEBU_SYSTEMTIME@@@Z
?SetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAVCHStringArray@@@Z
?GetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAVCHStringArray@@@Z
?LocalLogMessage@ProviderLog@@QEAAXPEBGHW4LogLevel@1@0ZZ
?captainsLog@@3VProviderLog@@A
?LocalLogMessage@ProviderLog@@QEAAXPEBG0HW4LogLevel@1@@Z
??0Provider@@QEAA@PEBG0@Z
??1Provider@@UEAA@XZ
??0CHString@@QEAA@XZ
?GetAt@CHString@@QEBAGH@Z
?GetCHString@CInstance@@QEBA_NPEBGAEAVCHString@@@Z
?CompareNoCase@CHString@@QEBAHPEBG@Z
??BCHString@@QEBAPEBGXZ
?SetDWORD@CInstance@@QEAA_NPEBGK@Z
?SetCHString@CInstance@@QEAA_NPEBGAEBVCHString@@@Z
?Setbool@CInstance@@QEAA_NPEBG_N@Z
?CreateNewInstance@Provider@@IEAAPEAVCInstance@@PEAVMethodContext@@@Z
?Commit@CInstance@@QEAAJXZ
?GetBuffer@CHString@@QEAAPEAGH@Z
?ReleaseBuffer@CHString@@QEAAXH@Z
?Find@CHString@@QEBAHPEBG@Z
??4CHString@@QEAAAEBV0@AEBV0@@Z
?Mid@CHString@@QEBA?AV1@H@Z
?GetLength@CHString@@QEBAHXZ
?GetMethodContext@CInstance@@QEBAPEAVMethodContext@@XZ
?Format@CHString@@QEAAXPEBGZZ
?GetInstancesByQuery@CWbemProviderGlue@@SAJPEBGPEAV?$TRefPointerCollection@VCInstance@@@@PEAVMethodContext@@0@Z
?GetNamespace@Provider@@IEAAAEBVCHString@@XZ
??0CRegistry@@QEAA@XZ
??1CRegistry@@QEAA@XZ
?Open@CRegistry@@QEAAJPEAUHKEY__@@PEBGK@Z
?GetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAK@Z
?IsPropertyRequired@CFrameworkQuery@@QEAA_NPEBG@Z
?Left@CHString@@QEBA?AV1@H@Z
?ReverseFind@CHString@@QEBAHG@Z
??0CHString@@QEAA@AEBV0@@Z
??YCHString@@QEAAAEBV0@PEBG@Z
?Release@CInstance@@QEAAJXZ
??0CThreadBase@@QEAA@W4THREAD_SAFETY_MECHANISM@0@@Z
??1CThreadBase@@UEAA@XZ
??0CHPtrArray@@QEAA@XZ
??1CHPtrArray@@QEAA@XZ
?BeginRead@CThreadBase@@QEAAHK@Z
?GetSize@CHPtrArray@@QEBAHXZ
?GetAt@CHPtrArray@@QEBAPEAXH@Z
?AddRef@CInstance@@QEAAJXZ
?EndRead@CThreadBase@@QEAAXXZ
?BeginWrite@CThreadBase@@QEAAHK@Z
??ACHPtrArray@@QEAAAEAPEAXH@Z
?RemoveAll@CHPtrArray@@QEAAXXZ
?EndWrite@CThreadBase@@QEAAXXZ
?OnFinalRelease@CThreadBase@@MEAAXXZ
?PutInstance@Provider@@MEAAJAEBVCInstance@@J@Z
?DeleteInstance@Provider@@MEAAJAEBVCInstance@@J@Z
?ExecMethod@Provider@@MEAAJAEBVCInstance@@QEAGPEAV2@2J@Z
?GetObject@Provider@@MEAAJPEAVCInstance@@J@Z
?Flush@Provider@@MEAAXXZ
?ValidateEnumerationFlags@Provider@@MEAAJJ@Z
?ValidateGetObjFlags@Provider@@MEAAJJ@Z
?ValidateMethodFlags@Provider@@MEAAJJ@Z
?ValidateQueryFlags@Provider@@MEAAJJ@Z
?ValidateDeletionFlags@Provider@@MEAAJJ@Z
?ValidatePutInstanceFlags@Provider@@MEAAJJ@Z
?SetCharSplat@CInstance@@QEAA_NPEBG0@Z
??0WBEMTime@@QEAA@AEB_J@Z
?SetDateTime@CInstance@@QEAA_NPEBGAEBVWBEMTime@@@Z
?IsNull@CInstance@@QEBA_NPEBG@Z
?GetDWORD@CInstance@@QEBA_NPEBGAEAK@Z
?GethKey@CRegistry@@QEAAPEAUHKEY__@@XZ
?GetObject@Provider@@MEAAJPEAVCInstance@@JAEAVCFrameworkQuery@@@Z
?ExecQuery@Provider@@MEAAJPEAVMethodContext@@AEAVCFrameworkQuery@@J@Z
?KeysOnly@CFrameworkQuery@@QEAA_NXZ
?SetWCHARSplat@CInstance@@QEAA_NPEBG0@Z
?SetCreationClassName@Provider@@IEAA_NPEAVCInstance@@@Z
?GetLocalComputerName@Provider@@IEAAAEBVCHString@@XZ
?SetWBEMINT64@CInstance@@QEAA_NPEBG_K@Z
??0WBEMTime@@QEAA@AEBU_FILETIME@@@Z
??0CHString@@QEAA@PEBG@Z
?IsEmpty@CHString@@QEBAHXZ
?Compare@CHString@@QEBAHPEBG@Z
??H@YA?AVCHString@@AEBV0@0@Z
?Close@CRegistry@@QEAAXXZ
?GetStatus@CInstance@@QEBA_NPEBGAEA_NAEAG@Z
?GetEmbeddedObject@CInstance@@QEBA_NPEBGPEAPEAV1@PEAVMethodContext@@@Z
?GetStringArray@CInstance@@QEBA_NPEBGAEAPEAUtagSAFEARRAY@@@Z
??H@YA?AVCHString@@AEBV0@PEBG@Z
??H@YA?AVCHString@@PEBGAEBV0@@Z
?GetInstanceByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@@Z
??4CHString@@QEAAAEBV0@PEBD@Z
??0CHStringArray@@QEAA@XZ
??1CHStringArray@@QEAA@XZ
?Add@CHStringArray@@QEAAHPEBG@Z
?GetSize@CHStringArray@@QEBAHXZ
?GetAt@CHStringArray@@QEBA?AVCHString@@H@Z
?GetValueCount@CRegistry@@QEAAKXZ
?EnumerateAndGetValues@CRegistry@@QEAAJAEAKAEAPEAGAEAPEAE@Z
??ACHStringArray@@QEAAAEAVCHString@@H@Z
??4CHString@@QEAAAEBV0@PEBG@Z
?SetStatusObject@CWbemProviderGlue@@SA_NPEAVMethodContext@@PEBG1JPEBUtagSAFEARRAY@@2@Z
?MakeUpper@CHString@@QEAAXXZ
?SetWBEMINT64@CInstance@@QEAA_NPEBG_J@Z
?SetCHString@CInstance@@QEAA_NPEBG0@Z
?MakeLower@CHString@@QEAAXXZ
?Getbool@CInstance@@QEBA_NPEBGAEA_N@Z
?GetWCHAR@CInstance@@QEBA_NPEBGPEAPEAG@Z
?SetSize@CHPtrArray@@QEAAXHH@Z
?GetPropertyBitMask@CFrameworkQueryEx@@QEAAXAEBVCHPtrArray@@PEAX@Z
?GetValuesForProp@CFrameworkQuery@@QEAAJPEBGAEAV?$vector@V_bstr_t@@V?$allocator@V_bstr_t@@@std@@@std@@@Z
?GetInstanceKeysByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@@Z
?GetValuesForProp@CFrameworkQuery@@QEAAJPEBGAEAVCHStringArray@@@Z
?SpanExcluding@CHString@@QEBA?AV1@PEBG@Z
?SetWBEMINT16@CInstance@@QEAA_NPEBGAEBF@Z
?SetVariant@CInstance@@QEAA_NPEBGAEBUtagVARIANT@@@Z
?GetLocalInstancePath@Provider@@IEAA_NPEBVCInstance@@AEAVCHString@@@Z
?Find@CHString@@QEBAHG@Z
?Mid@CHString@@QEBA?AV1@HH@Z
?GetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAVCHString@@@Z
?SetStringArray@CInstance@@QEAA_NPEBGAEBUtagSAFEARRAY@@@Z
?Empty@CHString@@QEAAXXZ
?SetByte@CInstance@@QEAA_NPEBGE@Z
?GetWBEMINT64@CInstance@@QEBA_NPEBGAEA_K@Z
?OpenCurrentUser@CRegistry@@QEAAKPEBGK@Z
?GetByte@CInstance@@QEBA_NPEBGAEAE@Z
?Right@CHString@@QEBA?AV1@H@Z
?Add@CHPtrArray@@QEAAHPEAX@Z
??0CHString@@QEAA@PEBD@Z
?SetWBEMINT64@CInstance@@QEAA_NPEBGAEBVCHString@@@Z
?OpenAndEnumerateSubKeys@CRegistry@@QEAAJPEAUHKEY__@@PEBGK@Z
?GetCurrentSubKeyName@CRegistry@@QEAAKAEAVCHString@@@Z
?NextSubKey@CRegistry@@QEAAKXZ
??YCHString@@QEAAAEBV0@AEBV0@@Z
??YCHString@@QEAAAEBV0@G@Z
??0CObjectPathParser@@QEAA@W4ObjectParserFlags@@@Z
??1CObjectPathParser@@QEAA@XZ
?Parse@CObjectPathParser@@QEAAHPEBGPEAPEAUParsedObjectPath@@@Z
?IsInstance@ParsedObjectPath@@QEAAHXZ
?Free@CObjectPathParser@@QEAAXPEAUParsedObjectPath@@@Z
??0CHString@@QEAA@GH@Z
?CreateOpen@CRegistry@@QEAAJPEAUHKEY__@@PEBGPEAGKKPEAU_SECURITY_ATTRIBUTES@@PEAK@Z
?SetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAK@Z
?OpenLocalMachineKeyAndReadValue@CRegistry@@QEAAJPEBG0AEAVCHString@@@Z
?GetWBEMINT16@CInstance@@QEBA_NPEBGAEAF@Z
?DeleteValue@CRegistry@@QEAAJPEBG@Z
?GetVariant@CInstance@@QEBA_NPEBGAEAUtagVARIANT@@@Z
?Is3TokenOR@CFrameworkQueryEx@@QEAAHPEBG0AEAUtagVARIANT@@1@Z
??ACHStringArray@@QEBA?AVCHString@@H@Z
?SetSize@CHStringArray@@QEAAXHH@Z
?GetCurrentSubKeyCount@CRegistry@@QEAAKXZ
?SetAt@CHStringArray@@QEAAXHPEBG@Z
?RemoveAll@CHStringArray@@QEAAXXZ
?GetCurrentBinaryKeyValue@CRegistry@@QEAAKPEBGPEAEPEAK@Z
?GetWBEMINT64@CInstance@@QEBA_NPEBGAEA_J@Z
?GetInstancePropertiesByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@AEAVCHStringArray@@@Z
??ACHString@@QEBAGH@Z
?SetCHString@CInstance@@QEAA_NPEBGPEBD@Z
?IsLoggingOn@ProviderLog@@QEAA?AW4LogLevel@1@PEAVCHString@@@Z
??0ParsedObjectPath@@QEAA@XZ
??1ParsedObjectPath@@QEAA@XZ
?SetClassName@ParsedObjectPath@@QEAAHPEBG@Z
?AddKeyRef@ParsedObjectPath@@QEAAHPEBGPEBUtagVARIANT@@@Z
?Unparse@CObjectPathParser@@SAHPEAUParsedObjectPath@@PEAPEAG@Z
??H@YA?AVCHString@@AEBV0@G@Z
?SetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAVCHString@@@Z
?DeleteCurrentKeyValue@CRegistry@@QEAAKPEBG@Z
?EnumerateInstances@Provider@@MEAAJPEAVMethodContext@@J@Z
?GetValuesForProp@CFrameworkQueryEx@@QEAAJPEBGAEAV?$vector@V_variant_t@@V?$allocator@V_variant_t@@@std@@@std@@@Z
?MakeLocalPath@Provider@@IEAA?AVCHString@@AEBV2@@Z
?GetInstancesByQueryAsynch@CWbemProviderGlue@@SAJPEBGPEAVProvider@@P6AJ1PEAVCInstance@@PEAVMethodContext@@PEAX@Z034@Z
?IsNTokenAnd@CFrameworkQueryEx@@QEAAHAEAVCHStringArray@@AEAVCHPtrArray@@@Z
?GetDMTFNonNtfs@WBEMTime@@QEBAPEAGXZ
?GetProviderName@Provider@@IEAAAEBVCHString@@XZ
??YCHString@@QEAAAEBV0@D@Z
?SetAtGrow@CHStringArray@@QEAAXHPEBG@Z
?GetCurrentSubKeyPath@CRegistry@@QEAAKAEAVCHString@@@Z
?GetValuesForProp@CFrameworkQueryEx@@QEAAJPEBGAEAV?$vector@HV?$allocator@H@std@@@std@@@Z
?SetWORD@CInstance@@QEAA_NPEBGG@Z
?GetAllInstances@CWbemProviderGlue@@SAJPEBGPEAV?$TRefPointerCollection@VCInstance@@@@0PEAVMethodContext@@@Z
?GetClassObjectInterface@CInstance@@QEAAPEAUIWbemClassObject@@XZ
??0CInstance@@QEAA@PEAUIWbemClassObject@@PEAVMethodContext@@@Z
??1CInstance@@UEAA@XZ
?SetTimeSpan@CInstance@@QEAA_NPEBGAEBVWBEMTimeSpan@@@Z
??0WBEMTimeSpan@@QEAA@HHHHHHH@Z
?GetCurrentSubKeyValue@CRegistry@@QEAAKPEBGAEAVCHString@@@Z
?GetWORD@CInstance@@QEBA_NPEBGAEAG@Z
??1CHString@@QEAA@XZ

api-ms-win-security-lsapolicy-l1-1-0

LsaClose
LsaFreeMemory
LsaQueryInformationPolicy
LsaOpenPolicy

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

Exports

Exports

??0CTcpMib@@QEAA@AEBV0@@Z
??0CTcpMib@@QEAA@XZ
??1CTcpMib@@UEAA@XZ
??4CTcpMib@@QEAAAEAV0@AEBV0@@Z
??_7CTcpMib@@6B@
?MySecurityDescriptor@@3VWin32SecurityDescriptor@@A
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetSDFromWin32SecurityDescriptor
SetWin32SecurityDescriptorFromSD

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 704KB - Virtual size: 703KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Repository/dnsclientcim.dll
.dll regsvr32 windows:10 windows x64 arch:x64

cfca51f8bf1bf8f90661aaeef676fdc5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dnsclientcim.pdb

Imports

msvcrt

memcpy
_XcptFilter
_amsg_exit
_vsnwprintf
__C_specific_handler
_ui64tow_s
malloc
_wcsicmp
free
swprintf_s
_initterm
memset

ntdll

EtwTraceMessageVa
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
RtlLoadString

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
TraceMessage
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableFlags
UnregisterTraceGuids

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
DisableThreadLibraryCalls
LoadLibraryExW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegGetValueW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection

api-ms-win-core-heap-l2-1-0

LocalFree

dnsapi

DnsValidateServerStatus
DnsQuery_W
DnsFree
DnsQueryConfig
DnsResolverOp
DnsGetCacheDataTable
DnsFlushResolverCache
DnsNotifyResolver

ws2_32

WSACleanup
WSAGetLastError
GetAddrInfoW
WSAStartup
GetHostNameW
FreeAddrInfoW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

iphlpapi

GetAdaptersAddresses

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
WideCharToMultiByte

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wpp_sf
Size: 1024B - Virtual size: 959B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Repository/dnsclientpsprovider.dll
.dll regsvr32 windows:10 windows x64 arch:x64

47a7811f3d8736ad100cd1666b45c8f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

DnsClientPsProvider.pdb

Imports

msvcrt

?terminate@@YAXXZ
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
iswdigit
_purecall
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
memmove
_onexit
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
__dllonexit
_unlock
_lock
__C_specific_handler
_vsnwprintf
??_V@YAXPEAX@Z
__CxxFrameHandler3
??3@YAXPEAX@Z
_initterm
_amsg_exit
_XcptFilter
malloc
free
??1type_info@@UEAA@XZ
memcpy
swprintf_s
memset

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
EnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LeaveCriticalSection
InitializeCriticalSectionEx

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetComputerNameExW
GetSystemDirectoryW

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
LoadLibraryExW
FreeLibrary
GetProcAddress
LoadStringW

api-ms-win-core-synch-l1-2-0

Sleep
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

EtwTraceMessageVa
RtlIpv6StringToAddressW
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlIpv4StringToAddressW

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegGetValueW
RegCreateKeyExW
RegEnumKeyExW

api-ms-win-core-localization-l1-2-0

LocaleNameToLCID
SetThreadPreferredUILanguages
GetThreadPreferredUILanguages
FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

mi

mi_clientFT_V1

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wpp_sf
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Repository/dsprov.dll
.dll regsvr32 windows:10 windows x64 arch:x64

f512e8a06eebaee00a6ec0e81b77e259

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dsprov.pdb

Imports

msvcrt

_unlock
memset
??1type_info@@UEAA@XZ
__C_specific_handler
_initterm
_onexit
_lock
__dllonexit
_amsg_exit
__CxxFrameHandler3
malloc
free
swscanf
towlower
??1exception@@UEAA@XZ
memcpy_s
_vsnprintf_s
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
memmove_s
iswspace
_vsnprintf
atol
sscanf_s
_wtol
?terminate@@YAXXZ
_purecall
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_vsnwprintf
_wcsnicmp
_wcsicmp
_XcptFilter
_CxxThrowException
memcmp
memcpy
wcscmp

provthrd

?s_aLogs@ProvDebugLog@@2PAV1@A
?WriteW@ProvDebugLog@@QEAAXPEBGZZ

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
OpenSemaphoreW
InitializeCriticalSectionEx
EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
AcquireSRWLockExclusive
ReleaseSemaphore
ReleaseSRWLockExclusive
CreateMutexExW
CreateSemaphoreExW
ReleaseSRWLockShared
AcquireSRWLockShared
WaitForSingleObjectEx
ReleaseMutex

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleHandleW
GetProcAddress
GetModuleFileNameW

api-ms-win-core-registry-l1-1-0

RegDeleteKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW

api-ms-win-core-com-l1-1-0

CoCreateInstance
StringFromGUID2
CoGetCallContext

oleaut32

VariantCopy
SafeArrayCreate
SysAllocStringLen
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocString
VariantClear
VariantInit
SafeArrayGetElement
SafeArrayPutElement
SafeArrayUnaccessData
SysFreeString
SafeArrayAccessData
SafeArrayDestroy
VariantChangeTypeEx

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentThread
OpenThreadToken
GetCurrentProcessId

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-localization-l1-2-0

LCMapStringW
FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap
HeapReAlloc

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime
GetTimeZoneInformation

api-ms-win-core-file-l1-1-0

CompareFileTime

activeds

ord9
ord4
ord6
ord5
ord15

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SR/spsreng.dll
.dll regsvr32 windows:10 windows x64 arch:x64

85ca5e894a94fccd6b54c5abed4ff89f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

spsreng.pdb

Imports

kernel32

InitializeCriticalSection
CreateMutexW
OpenMutexW
LocalFree
GetCurrentProcess
DeleteCriticalSection
HeapDestroy
HeapWalk
GetCPInfo
HeapSetInformation
HeapCreate
FreeLibrary
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetVersionExW
MulDiv
WaitForSingleObject
SetEvent
GetTickCount
ReleaseMutex
LoadLibraryExW
lstrcmpiW
RaiseException
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
DisableThreadLibraryCalls
WideCharToMultiByte
GetCommandLineA
FlsSetValue
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
RtlUnwindEx
SetThreadStackGuarantee
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
EncodePointer
DecodePointer
FlsAlloc
FlsGetValue
FlsFree
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
GetStdHandle
GetFileType
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
DeleteFileW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringA
IsValidCodePage
GetACP
GetOEMCP
RtlUnwind
WriteFile
HeapReAlloc
HeapSize
Sleep
GetConsoleCP
GetConsoleMode
SetFilePointer
GetLocaleInfoA
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesA
GetStringTypeW
LCMapStringW
SetStdHandle
FlushFileBuffers
WriteConsoleW
GetLocaleInfoW
SetEndOfFile
GetProcessHeap
ReadConsoleW
GetFullPathNameW
VirtualFree
WaitForMultipleObjects
GetFileSize
MoveFileW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateEventW
ResetEvent
SetThreadPriority
ResumeThread
FlushViewOfFile
GetVersion
ReadFileEx
RemoveDirectoryW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
SleepEx
RtlPcToFileHeader
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ExitThread
CreateThread
LeaveCriticalSection
EnterCriticalSection
GetFileAttributesW
SetFileAttributesW
CopyFileW
SetLastError
CloseHandle
ReadFile
GetLastError
CreateFileW
HeapAlloc
GetModuleFileNameA
HeapFree

user32

CharLowerBuffW
PostMessageW
CharUpperW
CharNextW
UnregisterClassA
CharUpperBuffW
IsCharLowerW
IsCharUpperW

advapi32

RegQueryInfoKeyW
RegCloseKey
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW

ole32

CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString
StringFromGUID2
StringFromCLSID
CoCreateInstance
CoTaskMemRealloc
CoCreateGuid

oleaut32

VariantChangeType
VariantCopy
VariantClear
VariantInit
SysAllocStringLen
SysAllocString
SysStringLen
VarUI4FromStr
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 787KB - Virtual size: 787KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 122KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SR/spsrx.dll
.dll regsvr32 windows:10 windows x64 arch:x64

623052070b7eb1d9cebfa38f9eb93fca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

spsrx.pdb

Imports

kernel32

LoadLibraryExW
GetModuleHandleW
lstrcmpiW
RaiseException
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
InitializeCriticalSection
DisableThreadLibraryCalls
SetLastError
WideCharToMultiByte
GetCommandLineA
FlsSetValue
GetVersionExW
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetThreadStackGuarantee
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
EncodePointer
DecodePointer
FlsAlloc
FlsGetValue
FlsFree
FreeLibrary
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
HeapCreate
HeapDestroy
HeapSetInformation
GetStdHandle
GetFileType
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringA
WriteFile
HeapReAlloc
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
Sleep
GetStringTypeW
LCMapStringW
GetVersion
HeapWalk
GetProcAddress
GetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
HeapAlloc
HeapFree

user32

UnregisterClassA
CharNextW

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryInfoKeyW

ole32

StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance

oleaut32

SysAllocString
VarUI4FromStr
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SR/srloc.dll
.dll regsvr32 windows:10 windows x64 arch:x64

d83c436f2c45db50cdd9841f0ed5cf06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

srloc.pdb

Imports

kernel32

RaiseException
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
InitializeCriticalSection
WideCharToMultiByte
GetCommandLineA
FlsSetValue
GetVersionExW
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetThreadStackGuarantee
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
EncodePointer
DecodePointer
SetLastError
FlsAlloc
FlsGetValue
FlsFree
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
HeapCreate
HeapDestroy
GetModuleHandleW
GetStdHandle
GetFileType
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringA
WriteFile
HeapReAlloc
HeapSize
Sleep
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetLocaleInfoA
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesA
GetStringTypeW
LCMapStringW
GetLocaleInfoW
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReadFileEx
VirtualFree
MapViewOfFile
LoadLibraryExW
GetProcAddress
FreeLibrary
GetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
HeapAlloc
CreateFileMappingW
UnmapViewOfFile
lstrcmpiW
HeapSetInformation
HeapFree
GetProcessHeap
SetEndOfFile
WriteConsoleW
RtlPcToFileHeader
SetFilePointer
FlushFileBuffers
RtlUnwind
ReadConsoleW
GetConsoleMode
GetConsoleCP
SetStdHandle
GetVersion
HeapWalk
CreateFileW
CloseHandle
GetFileSize
ReadFile
ExpandEnvironmentStringsW
LoadLibraryW

user32

UnregisterClassA
CharNextW
CharLowerBuffW
IsCharLowerW
CharUpperBuffW
IsCharUpperW
GetKeyboardLayoutList
CharLowerW

advapi32

RegQueryValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

oleaut32

SysStringLen
VarUI4FromStr
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocString
SysFreeString

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
StringFromGUID2
CLSIDFromProgID
StringFromCLSID

imm32

ImmEnumRegisterWordW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 309KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SpeechUX/SpeechUX.dll
.dll regsvr32 windows:10 windows x64 arch:x64

c4f080c7031350ab35d18be177a02112

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SpeechUX.pdb

Imports

msvcrt

memcpy
iswalpha
iswpunct
wcsspn
wcscspn
wcspbrk
memmove
memset
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
??1type_info@@UEAA@XZ
log10
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
calloc
vswprintf_s
_vscwprintf
memmove_s
_purecall
_vsnwprintf
iswspace
_initterm
wcscat_s
wcscpy_s
wcschr
tolower
_ultow_s
iswdigit
towlower
qsort
_itow
memcpy_s
free
__CxxFrameHandler3
malloc
wcsncpy_s
__C_specific_handler
?terminate@@YAXXZ
_wcsicmp
_beginthreadex
iswupper
iswlower
wcsncmp
_wcslwr_s
wcsstr
_itow_s
_wcsicoll
_wcsnicmp
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
_wtoi
wcscmp

sqmapi

SqmStartSession
SqmSet
SqmSetAppId
SqmSetBits
SqmSetUserId
SqmWriteSharedUserId
SqmReadSharedUserId
SqmSetMachineId
SqmWriteSharedMachineId
SqmCreateNewId
SqmReadSharedMachineId
SqmEndSession
SqmAddToStream
SqmIsWindowsOptedIn
SqmGetSession

gdi32

SetTextAlign
BitBlt
CreateFontW
CreatePen
Polygon
SetBkColor
DeleteDC
CreateCompatibleDC
SetBkMode
SetTextColor
GetStockObject
GetObjectW
GetTextMetricsW
SelectObject
CreateFontIndirectW
CreateEllipticRgn
CombineRgn
CreateRectRgn
DeleteObject
GetDeviceCaps
CreateSolidBrush

user32

GetAncestor
GetWindowLongPtrW
IsChild
MonitorFromPoint
GetMonitorInfoW
GetSystemMetrics
MonitorFromWindow
SystemParametersInfoW
OpenInputDesktop
CloseDesktop
GetDC
ReleaseDC
RegisterWindowMessageW
ChangeWindowMessageFilterEx
LogicalToPhysicalPoint
SendNotifyMessageW
SetWinEventHook
UnhookWinEvent
MsgWaitForMultipleObjects
SetWindowTextW
FindWindowW
GetClassNameW
EnumWindows
UnregisterClassW
SetWindowLongPtrW
DefWindowProcW
DestroyWindow
RegisterClassExW
CreateWindowExW
GetMessageW
PostQuitMessage
SendMessageW
CharLowerBuffW
VkKeyScanW
GetCursorPos
IsRectEmpty
SetCursorPos
GetKeyState
EndDialog
CreateDialogParamW
GetDlgItem
LoadMenuW
GetSubMenu
GetWindowBand
GetMenuItemCount
EnableMenuItem
CheckMenuItem
IntersectRect
LoadIconW
IsDialogMessageW
RegisterHotKey
SetWindowLongW
GetWindowTextW
SetWindowPos
GetMenuDefaultItem
GetDoubleClickTime
MessageBeep
FindWindowExW
TrackPopupMenuEx
GetMenuItemInfoW
SetMenuItemInfoW
CreatePopupMenu
InsertMenuItemW
UnregisterHotKey
EnableWindow
ScreenToClient
DrawTextW
OpenClipboard
EmptyClipboard
SetClipboardData
SendMessageTimeoutW
InflateRect
GetPropW
RemovePropW
SetPropW
CreateWindowInBand
GetWindowTextLengthW
WindowFromPhysicalPoint
GetMenuBarInfo
PhysicalToLogicalPoint
EnumThreadWindows
DrawTextExW
EnumDisplayMonitors
RegisterClassW
SetScrollInfo
SetDlgItemTextW
InvalidateRect
GetSysColor
FrameRect
FillRect
CharUpperBuffW
GetActiveWindow
EqualRect
MonitorFromRect
SetWindowPlacement
SetFocus
DestroyIcon
UpdateLayeredWindow
ReleaseCapture
SetCapture
ClientToScreen
UpdateWindow
GetWindowThreadProcessId
PtInRect
IsWindowEnabled
GetParent
GetWindow
CloseClipboard
ShowWindow
IsIconic
SendInput
SetMenuDefaultItem
RealGetWindowClassW
GetGUIThreadInfo
SetForegroundWindow
GetWindowRect
SetCursor
LoadCursorW
LoadStringW
IsWindowVisible
GetDesktopWindow
PostMessageW
IsWindow
PostThreadMessageW
KillTimer
SetTimer
CharUpperW
ClipCursor
ShowCursor
UnregisterClassA
MessageBoxW
MsgWaitForMultipleObjectsEx
PeekMessageW
TranslateMessage
DispatchMessageW
CharNextW
GetForegroundWindow
DestroyMenu
GetWindowLongW
EndPaint
BeginPaint
NotifyWinEvent
GetDlgCtrlID
MapWindowPoints
GetClientRect
SendDlgItemMessageW

dui70

?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?SetAccessible@Element@DirectUI@@QEAAJ_N@Z
?SetLayout@Element@DirectUI@@QEAAJPEAVLayout@2@@Z
?CanSetFocus@HWNDElement@DirectUI@@UEAA_NXZ
?IsMSAAEnabled@HWNDElement@DirectUI@@UEAA_NXZ
?GetHWND@HWNDElement@DirectUI@@UEAAPEAUHWND__@@XZ
?GetClassInfoW@HWNDElement@DirectUI@@UEAAPEAUIClassInfo@2@XZ
?_OnUIStateChanged@HWNDElement@DirectUI@@MEAAXGG@Z
?GetWindowClassNameAndStyle@HWNDElement@DirectUI@@UEAAXPEAPEBGPEAI@Z
?WndProc@HWNDElement@DirectUI@@UEAA_JPEAUHWND__@@I_K_J@Z
?OnCompositionChanged@HWNDElement@DirectUI@@UEAAXXZ
?OnWmSettingChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnWmThemeChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnGetDlgCode@HWNDElement@DirectUI@@UEAAXPEAUtagMSG@@PEA_J@Z
?OnNoChildWithShortcutFound@HWNDElement@DirectUI@@UEAAXPEAUKeyboardEvent@2@@Z
?OnImmersiveColorSchemeChanged@HWNDElement@DirectUI@@UEAAXXZ
?OnThemeChanged@HWNDElement@DirectUI@@UEAAXPEAUThemeChangedEvent@2@@Z
?GetAccessibleImpl@HWNDElement@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?RemoveTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?ActivateTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@K@Z
?UpdateTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?OnInput@HWNDElement@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnGroupChanged@HWNDElement@DirectUI@@UEAAXH_N@Z
?OnPropertyChanged@HWNDElement@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
?Destroy@Layout@DirectUI@@QEAAXXZ
?DoubleBuffered@Element@DirectUI@@QEAAX_N@Z
?Host@NativeHWNDHost@DirectUI@@QEAAXPEAVElement@2@@Z
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?Create@FillLayout@DirectUI@@SAJPEAPEAVLayout@2@@Z
?Initialize@HWNDElement@DirectUI@@QEAAJPEAUHWND__@@_NIPEAVElement@2@PEAK@Z
?Register@HWNDElement@DirectUI@@SAJXZ
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
??1HWNDElement@DirectUI@@UEAA@XZ
??0HWNDElement@DirectUI@@QEAA@XZ
StrToID
?StartDefer@Element@DirectUI@@QEAAXPEAK@Z
?CreateHostWindow@NativeHWNDHost@DirectUI@@UEAAPEAUHWND__@@KPEBG0KHHHHPEAU3@PEAUHMENU__@@PEAUHINSTANCE__@@PEAX@Z
??1NativeHWNDHost@DirectUI@@UEAA@XZ
??0NativeHWNDHost@DirectUI@@QEAA@XZ
?Click@Button@DirectUI@@SA?AVUID@@XZ
?Destroy@NativeHWNDHost@DirectUI@@QEAAXXZ
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?Initialize@NativeHWNDHost@DirectUI@@QEAAJPEBG0PEAUHWND__@@PEAUHICON__@@HHHHHHPEAUHINSTANCE__@@I@Z
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?UpdateTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?ActivateTooltip@Element@DirectUI@@MEAAXPEAV12@K@Z
?RemoveTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?SetDirection@Element@DirectUI@@QEAAJH@Z
?GetHWND@HWNDHost@DirectUI@@UEAAPEAUHWND__@@XZ
??0CCBase@DirectUI@@QEAA@KPEBG@Z
?DefaultAction@CCBase@DirectUI@@UEAAJXZ
?OnReceivedDialogFocus@CCBase@DirectUI@@UEAA_NPEAUIDialogElement@2@@Z
?OnLostDialogFocus@CCBase@DirectUI@@UEAA_NPEAUIDialogElement@2@@Z
?OnCustomDraw@CCBase@DirectUI@@UEAA_NPEAUtagNMCUSTOMDRAWINFO@@PEA_J@Z
?EraseBkgnd@HWNDHost@DirectUI@@MEAA_NPEAUHDC__@@PEA_J@Z
?CreateHWND@CCBase@DirectUI@@UEAAPEAUHWND__@@PEAU3@@Z
?SetWindowDirection@HWNDHost@DirectUI@@UEAAXPEAUHWND__@@@Z
?OnAdjustWindowSize@HWNDHost@DirectUI@@UEAAHHHI@Z
?OnWindowStyleChanged@HWNDHost@DirectUI@@UEAAX_KPEBUtagSTYLESTRUCT@@@Z
?OnCtrlThemeChanged@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnSinkThemeChanged@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnSysChar@HWNDHost@DirectUI@@UEAA_NG@Z
?OnMessage@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnNotify@CCBase@DirectUI@@UEAA_NI_K_JPEA_J@Z
?GetAccessibleImpl@HWNDHost@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?GetKeyFocused@HWNDHost@DirectUI@@UEAA_NXZ
?OnUnHosted@HWNDHost@DirectUI@@MEAAXPEAVElement@2@@Z
?OnHosted@HWNDHost@DirectUI@@MEAAXPEAVElement@2@@Z
?MessageCallback@HWNDHost@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?SetKeyFocus@HWNDHost@DirectUI@@UEAAXXZ
?GetContentSize@CCBase@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@HWNDHost@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnEvent@HWNDHost@DirectUI@@UEAAXPEAUEvent@2@@Z
?OnDestroy@HWNDHost@DirectUI@@UEAAXXZ
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnGroupChanged@Element@DirectUI@@UEAAXH_N@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?OnInput@CCBase@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnInput@Element@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?FireEvent@Element@DirectUI@@QEAAXPEAUEvent@2@_N1@Z
?OnPropertyChanged@CCBase@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
??1CCBase@DirectUI@@UEAA@XZ
?DirectionProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
??1CritSecLock@DirectUI@@QEAA@XZ
?Initialize@CCBase@DirectUI@@QEAAJIPEAVElement@2@PEAK@Z
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UEBAXXZ
?GetChildren@ClassInfoBase@DirectUI@@UEBAHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UEAAXXZ
?AddChild@ClassInfoBase@DirectUI@@UEAAXXZ
?IsGlobal@ClassInfoBase@DirectUI@@UEBA_NXZ
?GetModule@ClassInfoBase@DirectUI@@UEBAPEAUHINSTANCE__@@XZ
?IsSubclassOf@ClassInfoBase@DirectUI@@UEBA_NPEAUIClassInfo@2@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UEBA_NPEBUPropertyInfo@2@@Z
?GetName@ClassInfoBase@DirectUI@@UEBAPEBGXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UEBAIXZ
?GetPICount@ClassInfoBase@DirectUI@@UEBAIXZ
?GetByClassIndex@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?Release@ClassInfoBase@DirectUI@@UEAAHXZ
?AddRef@ClassInfoBase@DirectUI@@UEAAXXZ
??1ClassInfoBase@DirectUI@@UEAA@XZ
??0ClassInfoBase@DirectUI@@QEAA@XZ
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?Initialize@ClassInfoBase@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG_NPEBQEBUPropertyInfo@2@I@Z
?Register@ClassInfoBase@DirectUI@@QEAAJXZ
?ClassExist@ClassInfoBase@DirectUI@@SA_NPEAPEAUIClassInfo@2@PEBQEBUPropertyInfo@2@IPEAU32@PEAUHINSTANCE__@@PEBG_N@Z
?GetFactoryLock@Element@DirectUI@@SAPEAU_RTL_CRITICAL_SECTION@@XZ
?Register@CCBase@DirectUI@@SAJXZ
UnInitThread
InitThread
?GetClassInfoPtr@CCBase@DirectUI@@SAPEAUIClassInfo@2@XZ
UnInitProcessPriv
InitProcessPriv
?EndDefer@Element@DirectUI@@QEAAXK@Z
?OnDestroy@HWNDElement@DirectUI@@UEAAXXZ

kernel32

CreateWaitableTimerW
ResetEvent
TryEnterCriticalSection
GlobalMemoryStatusEx
GetSystemInfo
GetUserGeoID
GetUserDefaultLCID
ExpandEnvironmentStringsW
SetThreadPriority
ResumeThread
GetApplicationUserModelId
GetCurrentThread
GetVersionExW
QueryFullProcessImageNameW
SetThreadExecutionState
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
VirtualAllocEx
OpenProcess
LCIDToLocaleName
GetSystemTime
FormatMessageW
LocalAlloc
LoadLibraryW
GetLocaleInfoW
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
K32GetProcessMemoryInfo
OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
SetWaitableTimer
HeapDestroy
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
ReleaseMutex
LocalFree
OpenMutexW
SetLastError
CreateMutexW
GetTempFileNameW
GetTempPathW
CompareStringW
WideCharToMultiByte
WriteFile
CreateFileW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LockResource
SetThreadLocale
GetThreadLocale
GetUserDefaultLangID
GetUserDefaultUILanguage
DisableThreadLibraryCalls
GetModuleFileNameW
FindResourceExW
LoadResource
SizeofResource
MultiByteToWideChar
RaiseException
lstrcmpiW
GetModuleHandleW
LoadLibraryExW
GetProcAddress
FreeLibrary
GetLastError
GetCurrentProcess
TerminateProcess
WaitForSingleObject
SetEvent
CreateEventW
CreateThread
CloseHandle
WaitForMultipleObjectsEx
FreeResource
FindResourceW
GlobalAddAtomW
GlobalDeleteAtom
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CreateActCtxW
ActivateActCtx
DeactivateActCtx
ReleaseActCtx
GetSystemDirectoryW
GetStringTypeW
CancelWaitableTimer
CompareStringOrdinal
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DelayLoadFailureHook
ResolveDelayLoadedAPI

advapi32

ConvertSidToStringSidW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
RegEnumValueW
RegQueryValueExW
RevertToSelf
ImpersonateSelf
SetThreadToken
DuplicateTokenEx
GetLengthSid
SetTokenInformation
ConvertStringSidToSidW
EventWriteTransfer
OpenProcessToken
GetTokenInformation
TraceMessage
ConvertStringSecurityDescriptorToSecurityDescriptorW
EventUnregister
EventRegister
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
UnregisterTraceGuids

shell32

SHCreateItemWithParent
ord4
ord2
ShellExecuteExW
SHBindToObject
SHGetFolderPathW
ShellExecuteW
SHGetKnownFolderIDList
ord155
SHCreateItemInKnownFolder
ShellAboutW
Shell_NotifyIconW
SHGetIDListFromObject

ole32

GetRunningObjectTable
CLSIDFromProgID
CoInitialize
CoCreateFreeThreadedMarshaler
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoInitializeEx
CreateItemMoniker
CreateStreamOnHGlobal

oleaut32

SafeArrayLock
SafeArrayRedim
SysFreeString
VarUI4FromStr
UnRegisterTypeLi
SysAllocString
LoadTypeLi
RegisterTypeLi
SysStringLen
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VarBstrCmp
SysStringByteLen
SysAllocStringByteLen
VariantClear
VarBstrCat
VariantInit
VariantChangeType
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SafeArrayUnlock
SafeArrayCreate

oleacc

AccessibleChildren
AccessibleObjectFromEvent
LresultFromObject
WindowFromAccessibleObject
AccessibleObjectFromWindow

ntdll

ShipAssertMsgW
WinSqmAddToStream
WinSqmIncrementDWORD
ShipAssert

shlwapi

PathRemoveFileSpecW
PathAppendW
ord571
ord176
StrCmpW
PathStripPathW
PathCreateFromUrlW
ord618
PathFindFileNameW

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

gdiplus

GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipSetCompositingMode
GdipSetStringFormatFlags
GdipSetLineBlend
GdipCreateLineBrushFromRectI
GdipFillRectangleI
GdipFlush
GdipDrawImagePointRectI
GdipDeleteFont
GdipMeasureString
GdipSaveGraphics
GdipDrawString
GdipGetDpiY
GdipDrawImageRectI
GdipResetWorldTransform
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipDrawImageRectRect
GdipEndContainer
GdipGetImagePixelFormat
GdipLoadImageFromStream
GdipGetImageGraphicsContext
GdipDeleteFontFamily
GdipCreateFont
GdipGetFamily
GdipGetFontStyle
GdipGetFontSize
GdipGetFontUnit
GdipRestoreGraphics
GdipFree
GdipAlloc
GdipCreateFontFromLogfontW
GdipGetFontHeightGivenDPI
GdipBeginContainer2
GdipGetImageHeight
GdiplusStartup
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipScaleWorldTransform
GdipGraphicsClear
GdipCloneImage
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipDrawImageI
GdipSetClipRectI
GdipGetImageWidth

uxtheme

GetCurrentThemeName
OpenThemeData
GetThemeColor
GetThemeSysFont
CloseThemeData
DrawThemeBackground
GetThemeFont

dwmapi

DwmIsCompositionEnabled
DwmEnableBlurBehindWindow

comctl32

ord380
ord345

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RunWizardW

Sections

.text
Size: 550KB - Virtual size: 550KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 658KB - Virtual size: 658KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SpeechUX/SpeechUXPS.DLL
.dll regsvr32 windows:10 windows x64 arch:x64

8829fd2a260d90741120b084abeb8d0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SpeechUXPS.pdb

Imports

msvcrt

_amsg_exit
malloc
_XcptFilter
_initterm
__C_specific_handler
free
memcmp

kernel32

GetTickCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
DisableThreadLibraryCalls
Sleep
GetCurrentProcess

oleaut32

BSTR_UserFree
BSTR_UserUnmarshal64
BSTR_UserMarshal64
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserFree64
BSTR_UserSize64
BSTR_UserUnmarshal

rpcrt4

CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
NdrStubCall3
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
NdrCStdStubBuffer2_Release
NdrDllUnregisterProxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
CStdStubBuffer_Invoke
NdrStubForwardingFunction
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_DebugServerRelease

api-ms-win-core-marshal-l1-1-0

HWND_UserUnmarshal64
HWND_UserMarshal64
HWND_UserMarshal
HWND_UserSize
HWND_UserSize64
HWND_UserFree64
HWND_UserFree
HWND_UserUnmarshal

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient4
ObjectStublessClient24
CStdStubBuffer2_Connect
NdrProxyForwardingFunction3
ObjectStublessClient21
ObjectStublessClient16
ObjectStublessClient10
ObjectStublessClient17
ObjectStublessClient26
ObjectStublessClient9
ObjectStublessClient27
ObjectStublessClient8
CStdAsyncStubBuffer_QueryInterface
ObjectStublessClient6
ObjectStublessClient19
CStdAsyncStubBuffer_Invoke
CStdAsyncStubBuffer_AddRef
CStdStubBuffer2_QueryInterface
ObjectStublessClient5
CStdAsyncStubBuffer_Connect
CStdAsyncStubBuffer_Release
CStdAsyncStubBuffer_Disconnect
ObjectStublessClient12
ObjectStublessClient14
ObjectStublessClient11
CStdStubBuffer2_CountRefs
ObjectStublessClient22
ObjectStublessClient3
ObjectStublessClient25
ObjectStublessClient18
ObjectStublessClient28
ObjectStublessClient20
ObjectStublessClient15
ObjectStublessClient23
CStdStubBuffer2_Disconnect
ObjectStublessClient7
ObjectStublessClient13

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SpeechUX/sapi.cpl
.dll regsvr32 windows:10 windows x64 arch:x64

02aeb6e42acafca4d9e23e7cc11e41ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sapi.pdb

Imports

msvcrt

free
malloc
__C_specific_handler
_itow
wcsncpy_s
memcpy_s
wcscpy_s
wcscat_s
_vsnwprintf
wcschr
wcsncmp
_ultow_s
_wcsicmp
_wcslwr
iswspace
memmove_s
tolower
wcsrchr
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_callnewh
_CxxThrowException
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_errno
realloc
_lock
_unlock
__dllonexit
_onexit
memcpy
__CxxFrameHandler3
??0exception@@QEAA@AEBQEBDH@Z
memset

gdi32

SetTextColor
SetBkColor
ExtTextOutW
GetTextExtentPoint32W

user32

GetFocus
FindWindowW
DestroyWindow
GetParent
ShowWindow
LoadIconW
GetSystemMetrics
CharNextW
MessageBoxW
DrawFocusRect
IsWindow
SendDlgItemMessageW
SendMessageW
GetDlgItem
EnableWindow
LoadStringW
EndDialog
SetWindowLongPtrW
GetWindowLongPtrW
SystemParametersInfoW
LoadImageW
SetForegroundWindow
MessageBeep
SetFocus
SetCursor
PrivateExtractIconsW
CallWindowProcW
SetWindowTextW
UnregisterClassA
GetSysColor
LoadCursorW
DialogBoxParamW

kernel32

DeactivateActCtx
OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
ActivateActCtx
ReleaseActCtx
CreateActCtxW
GetUserDefaultLangID
GetCommandLineW
HeapDestroy
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
LockResource
ExpandEnvironmentStringsW
GetCurrentProcess
LocalFree
OpenMutexW
ReleaseMutex
CreateMutexW
CloseHandle
WaitForSingleObject
CreateProcessW
GetWindowsDirectoryW
SearchPathW
LeaveCriticalSection
EnterCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
FindResourceExW
LoadResource
SizeofResource
MultiByteToWideChar
RaiseException
lstrcmpiW
GetModuleHandleW
SetLastError
GetUserDefaultUILanguage
FreeLibrary
GetProcAddress
LoadLibraryW
GetVersionExW
GetSystemDirectoryW
GetModuleFileNameW
GetLastError
LoadLibraryExW

advapi32

GetTokenInformation
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
OpenProcessToken
RegOpenKeyExW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetUserNameW
RegQueryValueExW

shell32

CommandLineToArgvW
ShellExecuteW

ole32

PropVariantClear
StringFromCLSID
StringFromGUID2
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid

oleaut32

SysFreeString
VarUI4FromStr
RegisterTypeLi
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi

ntdll

WinSqmAddToStream

shlwapi

PathFindExtensionW
PathParseIconLocationW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

CPlApplet
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SpeechUX/speechuxcpl.dll
.dll regsvr32 windows:10 windows x64 arch:x64

9602aa96e1595eb184b0fde3b2bd3ceb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

speechuxcpl.pdb

Imports

msvcrt

_vsnprintf_s
memcmp
memmove_s
__CxxFrameHandler3
_beginthreadex
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
malloc
free
__C_specific_handler
vswprintf_s
_vscwprintf
memcpy_s
wcschr
tolower
_ultow_s
_vsnwprintf
memset

user32

DestroyIcon
GetFocus
LoadStringW
FindWindowW
SetForegroundWindow
SendMessageW
IsWindow
GetForegroundWindow
GetWindowLongW
MessageBoxW

dui70

?CreateXBaby@XProvider@DirectUI@@UEAAJPEAVIXElementCP@2@PEAUHWND__@@PEAVElement@2@PEAKPEAPEAUIXBaby@2@@Z
?SetButtonClassAcceptsEnterKey@XProvider@DirectUI@@UEAAJ_N@Z
?SetRegisteredDefaultButton@XProvider@DirectUI@@UEAAJPEAVElement@2@@Z
?ClickDefaultButton@XProvider@DirectUI@@UEAAHXZ
?ForceThemeChange@XProvider@DirectUI@@UEAAJ_K_J@Z
?GetHostedElementID@XProvider@DirectUI@@UEAAJPEAG@Z
?FindElementWithShortcutAndDoDefaultAction@XProvider@DirectUI@@UEAAHGH@Z
?CanSetFocus@XProvider@DirectUI@@UEAAJPEA_N@Z
?Navigate@XProvider@DirectUI@@UEAAJHPEA_N@Z
?SetFocus@XProvider@DirectUI@@UEAAJPEAVElement@2@@Z
?IsDescendent@XProvider@DirectUI@@UEAAJPEAVElement@2@PEA_N@Z
?GetDesiredSize@XProvider@DirectUI@@UEAAJHHPEAUtagSIZE@@@Z
?GetClassInfoPtr@Element@DirectUI@@SAPEAUIClassInfo@2@XZ
?AddRef@XProvider@DirectUI@@UEAAKXZ
?GetClassInfoPtr@HWNDElement@DirectUI@@SAPEAUIClassInfo@2@XZ
?SetDefaultButtonTracking@XProvider@DirectUI@@UEAAJ_N@Z
?SetHandleEnterKey@XProvider@DirectUI@@IEAAX_N@Z
?CreateDUI@XProvider@DirectUI@@UEAAJPEAVIXElementCP@2@PEAPEAUHWND__@@@Z
?GetRoot@XProvider@DirectUI@@IEAAPEAVElement@2@XZ
?Initialize@XProvider@DirectUI@@QEAAJPEAVElement@2@PEAVIXProviderCP@2@@Z
?Create@XResourceProvider@DirectUI@@SAJPEAUHINSTANCE__@@PEBG11PEAPEAV12@@Z
?QueryInterface@XProvider@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
??1XProvider@DirectUI@@UEAA@XZ
??0XProvider@DirectUI@@QEAA@XZ
?Release@Value@DirectUI@@QEAAXXZ
?GetChildren@Element@DirectUI@@QEAAPEAV?$DynamicArray@PEAVElement@DirectUI@@$0A@@2@PEAPEAVValue@2@@Z
?GetAtomZero@Value@DirectUI@@SAPEAV12@XZ
?SetParameter@XProvider@DirectUI@@UEAAJAEBU_GUID@@PEAX@Z
StrToID
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?Click@Button@DirectUI@@SA?AVUID@@XZ
??1Element@DirectUI@@UEAA@XZ
??0Element@DirectUI@@QEAA@XZ
?OnEvent@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
??0CritSecLock@DirectUI@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
?GetFactoryLock@Element@DirectUI@@SAPEAU_RTL_CRITICAL_SECTION@@XZ
??1CritSecLock@DirectUI@@QEAA@XZ
?ClassExist@ClassInfoBase@DirectUI@@SA_NPEAPEAUIClassInfo@2@PEBQEBUPropertyInfo@2@IPEAU32@PEAUHINSTANCE__@@PEBG_N@Z
?Register@ClassInfoBase@DirectUI@@QEAAJXZ
?Initialize@ClassInfoBase@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG_NPEBQEBUPropertyInfo@2@I@Z
?Initialize@Element@DirectUI@@QEAAJIPEAV12@PEAK@Z
?Destroy@Element@DirectUI@@QEAAJ_N@Z
??0ClassInfoBase@DirectUI@@QEAA@XZ
??1ClassInfoBase@DirectUI@@UEAA@XZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@PEBUPropertyInfo@2@HPEAUUpdateCache@2@@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnGroupChanged@Element@DirectUI@@UEAAXH_N@Z
?OnInput@Element@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnDestroy@Element@DirectUI@@UEAAXXZ
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?UpdateTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?ActivateTooltip@Element@DirectUI@@MEAAXPEAV12@K@Z
?RemoveTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?GetAccessibleImpl@Element@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?AddRef@ClassInfoBase@DirectUI@@UEAAXXZ
?Release@ClassInfoBase@DirectUI@@UEAAHXZ
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?GetByClassIndex@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?GetPICount@ClassInfoBase@DirectUI@@UEBAIXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UEBAIXZ
?GetName@ClassInfoBase@DirectUI@@UEBAPEBGXZ
?IsValidProperty@ClassInfoBase@DirectUI@@UEBA_NPEBUPropertyInfo@2@@Z
?IsSubclassOf@ClassInfoBase@DirectUI@@UEBA_NPEAUIClassInfo@2@@Z
?GetModule@ClassInfoBase@DirectUI@@UEBAPEAUHINSTANCE__@@XZ
?IsGlobal@ClassInfoBase@DirectUI@@UEBA_NXZ
?AddChild@ClassInfoBase@DirectUI@@UEAAXXZ
?RemoveChild@ClassInfoBase@DirectUI@@UEAAXXZ
?GetChildren@ClassInfoBase@DirectUI@@UEBAHXZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UEBAXXZ
?GetUnset@Value@DirectUI@@SAPEAV12@XZ
?SetActive@Element@DirectUI@@QEAAJH@Z
?Register@Element@DirectUI@@SAJXZ
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
InitProcessPriv
?GetStringNull@Value@DirectUI@@SAPEAV12@XZ
?Init@NavReference@DirectUI@@QEAAXPEAVElement@2@PEAUtagRECT@@@Z
UnInitThread
UnInitProcessPriv
InitThread
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z

kernel32

LoadResource
FindResourceExW
HeapSize
HeapReAlloc
HeapDestroy
GetLastError
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
GetModuleFileNameW
FormatMessageW
GetModuleHandleExW
GetModuleFileNameA
ActivateActCtx
GetModuleHandleW
GetProcAddress
LockResource
OutputDebugStringW
SetLastError
ReleaseSemaphore
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForSingleObjectEx
AcquireSRWLockExclusive
AcquireSRWLockShared
EnterCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
OpenSemaphoreW
CreateThreadpoolTimer
ReleaseSRWLockExclusive
ReleaseSRWLockShared
CompareStringOrdinal
InitOnceBeginInitialize
InitOnceComplete
CreateMutexExW
LeaveCriticalSection
CreateSemaphoreExW
ReleaseActCtx
CreateActCtxW
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetUserDefaultLangID
GetUserDefaultUILanguage
GetExitCodeThread
RaiseException
CloseHandle
DisableThreadLibraryCalls
HeapFree
GetProcessHeap
HeapAlloc
IsDebuggerPresent
DeactivateActCtx
LoadLibraryExW
SizeofResource
ResolveDelayLoadedAPI
DelayLoadFailureHook
DebugBreak

advapi32

EventRegister
EventWriteTransfer
EventUnregister

shell32

ord155
SHParseDisplayName
SHGetFolderPathW
ord25
ord18
ShellExecuteExW
ShellExecuteW
SHBindToObject

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitializeEx

oleaut32

VariantClear

advpack

RegInstallW

ntdll

EtwEventSetInformation
EtwEventRegister
EtwLogTraceEvent
WinSqmAddToStream
EtwEventUnregister
EtwEventWriteTransfer

shlwapi

ord174
ord514
ord24
ord618
ord219
ord176
ord256
ord172
ord199
ord158
ord204
SHStrDupW
ord156

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 337KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TTS/MSTTSEngine.dll
.dll regsvr32 windows:10 windows x64 arch:x64

59c93fe60a75ce27609b1934013528d8

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:dc:76:71:d8:54:69:f0:06:86:93:55:4a:8c:c1:73:ca:e6:28:c7:82:19:0e:04:5d:4c:00:65:79:4c:57:fe
Signer

Actual PE Digest

5e:dc:76:71:d8:54:69:f0:06:86:93:55:4a:8c:c1:73:ca:e6:28:c7:82:19:0e:04:5d:4c:00:65:79:4c:57:fe

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MSTTSEngine.pdb

Imports

msvcrt

realloc
_errno
??1type_info@@UEAA@XZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_lock
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
calloc
_unlock
__dllonexit
_onexit
sinf
strcmp
sqrt
__C_specific_handler
sin
sqrtf
memset
powf
_callnewh
pow
wcsncmp
iswupper
iswlower
towupper
towlower
iswdigit
isspace
_wcsnicmp
_vsnwprintf
wcsrchr
_wsplitpath_s
iswspace
_free_locale
_swscanf_s_l
_create_locale
bsearch
_wcslwr
strncmp
_aligned_malloc
_aligned_free
qsort_s
bsearch_s
srand
rand
??8type_info@@QEBAHAEBV0@@Z
_wtoi
swprintf_s
qsort
wcsstr
iswcntrl
tolower
_strnicmp
printf
_wcsdup
iswalpha
_wtol
exit
?terminate@@YAXXZ
memcpy
memmove_s
wcscat_s
wcscpy_s
memcpy_s
free
malloc
wcsncpy_s
_purecall
__CxxFrameHandler3
wcschr
_wcsicmp
swscanf_s
memmove
memcmp
logf
fwprintf
wcstombs_s
toupper
__RTDynamicCast
atan2f
cos
cosf
exp
expf
floorf
log
wcscmp

oleaut32

LoadRegTypeLi
SysAllocStringByteLen
VariantInit
VariantClear
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
VariantChangeType
SafeArrayCopy
SysStringLen
RegisterTypeLi
LoadTypeLi
SysAllocString
UnRegisterTypeLi
VarUI4FromStr
SysFreeString
SysStringByteLen

ole32

StringFromCLSID
CLSIDFromString
CreateStreamOnHGlobal
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

user32

CharUpperW
CharNextW
UnregisterClassA
CharLowerW

kernel32

GetPrivateProfileStringW
GetCurrentPackageFullName
K32GetModuleBaseNameW
HeapDestroy
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
WriteFile
CreateFileMappingW
MapViewOfFileEx
GetFileSize
lstrcmpW
GetFileType
CreateFileW
SetFilePointer
ReadFile
UnmapViewOfFile
CloseHandle
LockResource
LoadLibraryW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetPrivateProfileSectionW
SetLastError
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
WideCharToMultiByte
GetTickCount
OutputDebugStringA
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
RaiseException
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSectionAndSpinCount
GetThreadLocale
SetThreadLocale
CompareStringW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegDeleteValueW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegCreateKeyExW

shell32

SHGetFileInfoW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
TraceMessage
GetTraceEnableFlags
GetTraceLoggerHandle

ntdll

WinSqmAddToStreamEx

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 742KB - Virtual size: 741KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TTS/MSTTSLoc.dll
.dll windows:10 windows x64 arch:x64

936851e62dbbc290e5656d1905192998

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MSTTSLoc.pdb

Imports

msvcrt

swprintf_s
_errno
pow
memset
memmove
qsort_s
wcstombs_s
_wsplitpath_s
swscanf_s
wcsncpy_s
_wcsdup
realloc
_strnicmp
_vsnwprintf
iswupper
wcstok
_wcsnicmp
iswdigit
wcsncmp
wcsrchr
wcsstr
bsearch
memmove_s
_wtoi
_wcsicmp
wcschr
towlower
_purecall
qsort
wcscpy_s
memcpy_s
__C_specific_handler
sqrt
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
malloc
iswlower
__CxxFrameHandler3
calloc
fwprintf
free
iswalpha
memcpy
memcmp
printf
exit
__RTDynamicCast
exp
expf
log
wcscmp

oleaut32

SysFreeString
SysStringLen
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr

ole32

CoTaskMemRealloc
StringFromCLSID
CoTaskMemFree
CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemAlloc

kernel32

WideCharToMultiByte
GetFileType
OutputDebugStringA
CompareStringW
HeapDestroy
GetProcessHeap
MapViewOfFileEx
CreateFileMappingW
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
DeleteCriticalSection
RaiseException
DisableThreadLibraryCalls
InitializeCriticalSection
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetVersion
EnterCriticalSection
LeaveCriticalSection
GetLastError
CloseHandle
UnmapViewOfFile
InitializeCriticalSectionAndSpinCount
GetFileSize
GetSystemDirectoryW
LoadLibraryExW
FindResourceExW
lstrcmpiW
GetModuleFileNameW
GetModuleHandleW
SetLastError
SizeofResource
LockResource
LoadResource
FreeLibrary
GetProcAddress
LoadLibraryW
CreateFileW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW

user32

UnregisterClassA
CharLowerBuffW
CharLowerW
CharNextW

shell32

SHGetFileInfoW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW

Exports

Exports

GetLocaleHandler

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UMDF/EhStorPwdDrv.dll
.dll windows:10 windows x64 arch:x64

534a0927defe4d5bb14c2ca60ad1d5ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

EhStorPwdDrv.pdb

Imports

msvcrt

memcmp
__CxxFrameHandler3
memcpy
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_CxxThrowException
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memcpy_s
_callnewh
malloc
free
_purecall
__C_specific_handler
_unlock
memset

kernel32

HeapSize
InitializeCriticalSection
GetVersionExW
GetProcAddress
DeleteCriticalSection
GetModuleHandleW
DisableThreadLibraryCalls
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
HeapReAlloc
MultiByteToWideChar
Sleep
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapAlloc
GetProcessHeap
HeapDestroy
GetLastError
RtlVirtualUnwind

ole32

CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
PropVariantClear

oleaut32

SysFreeString
SysAllocString

advapi32

RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
CryptGenRandom
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
TraceEvent
UnregisterTraceGuids

Exports

Exports

DllGetClassObject
Microsoft_WDF_UMDF_Version

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UMDF/HidTelephony.dll
.dll windows:10 windows x64 arch:x64

7143fc73024f2f4e0fdd7e4df5c226e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

HidTelephony.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__seh_filter_dll
memmove
_o_free
_o_malloc
__C_specific_handler
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__cexit
_o___stdio_common_vfprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__callnewh
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlVirtualUnwind
DbgPrintEx
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
DisableThreadLibraryCalls

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
CreateThread
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
UnregisterTraceGuids
RegisterTraceGuidsW
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel

api-ms-win-core-synch-l1-1-0

OpenEventW
ResetEvent
CreateEventW
WaitForSingleObject
SetEvent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObjectEx

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

PropVariantClear
CoCreateInstance

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

hid

HidP_GetUsages
HidP_UsageListDifference
HidP_MaxUsageListLength
HidP_GetButtonCaps
HidP_GetSpecificButtonCaps
HidP_GetCaps
HidP_SetUsages
HidP_UnsetUsages
HidP_GetLinkCollectionNodes

wpprecorderum

WppAutoLogStart
WppAutoLogStop
WppAutoLogTrace

callhistoryclient

UdmCreateDataSession
UdmCreateSyncCallbackHandler

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

phoneom

PhoneGetProviderLineInfo
PhoneFreeCallInfo
PhoneIsActionAvailable
PhoneDial
PhoneSwap
PhoneSendDTMF
PhoneRejectIncoming
PhoneDropAccept
PhoneAcceptIncomingEx
PhoneGetState
PhoneConference
PhoneGetProviderLineServiceInfo
PhonePrivate
PhoneGetDefaultOutgoingLine
PhoneAPIInitialize
PhoneGetLines
PhoneRemoveListener
PhoneAddListener
PhoneSetHold
PhoneEnd

Exports

Exports

FxDriverEntryUm

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UMDF/IddCx.dll
.dll windows:10 windows x64 arch:x64

0bd8e168fad73542a802ed0ffedd1cce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

IddCx.pdb

Imports

msvcrt

_purecall
??1type_info@@UEAA@XZ
_onexit
??3@YAXPEAX@Z
__dllonexit
?terminate@@YAXXZ
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
memcmp
_wsetlocale
__crtLCMapStringW
memcpy_s
_wcsdup
memset
_vsnwprintf
__CxxFrameHandler3
calloc
__pctype_func
_ismbblead
___lc_codepage_func
___lc_handle_func
___mb_cur_max_func
_errno
_unlock
_lock
setlocale
__uncaught_exception
memmove
memcpy
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
??1exception@@UEAA@XZ
_callnewh
malloc
strcspn
localeconv
free
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
sprintf_s
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
??_V@YAXPEAX@Z
_vscprintf
memmove_s
wcscpy_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
abort

ntdll

NtQuerySystemInformation
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
DbgPrintEx

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
CreateEventW
CreateEventExW
WaitForSingleObjectEx
ResetEvent
InitializeSRWLock
TryAcquireSRWLockExclusive
SetEvent
ReleaseSemaphore
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
OpenSemaphoreW
WaitForSingleObject
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseMutex
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
CreateThread
TerminateProcess
GetCurrentThreadId
ExitProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
GetTraceEnableFlags
UnregisterTraceGuids

wpprecorderum

WppAutoLogTrace
WppAutoLogStop
WppAutoLogStart

api-ms-win-dx-d3dkmt-l1-1-0

D3DKMTEscape
D3DKMTCloseAdapter

api-ms-win-security-base-l1-1-0

AllocateLocallyUniqueId

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW
GetTickCount

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-dx-d3dkmt-l1-1-1

D3DKMTOpenAdapterFromLuid

api-ms-win-dx-d3dkmt-l1-1-2

D3DKMTAbandonSwapChain

d2d1

ord1

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

dwrite

DWriteCreateFactory

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

Exports

Exports

FxDriverEntryUm

Sections

.text
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UMDF/Microsoft.Bluetooth.Profiles.HidOverGatt.dll
.dll windows:10 windows x64 arch:x64

abbac69270f8a5d2e4dfeb1d2908df5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.Bluetooth.Profiles.HidOverGatt.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itoa_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_free
_o_malloc
_o_qsort
_o_realloc
_o_strcat_s
_o_wcstoull
__C_specific_handler
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__CxxFrameHandler3
_CxxThrowException
__std_terminate
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset
strnlen

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlInitUnicodeString
RtlVirtualUnwind
DbgPrintEx
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
NtQuerySystemInformation

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

msvcp_win

?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
ReleaseSRWLockExclusive
SetEvent
CreateEventExW
AcquireSRWLockExclusive
CreateEventW
ReleaseMutex
ReleaseSemaphore
ReleaseSRWLockShared
AcquireSRWLockShared
WaitForSingleObject
OpenSemaphoreW
CreateSemaphoreExW
CreateMutexExW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
TraceMessage
RegisterTraceGuidsW
GetTraceEnableFlags
UnregisterTraceGuids
GetTraceEnableLevel

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize
RoActivateInstance
RoGetActivationFactory

api-ms-win-core-com-l1-1-0

CoIncrementMTAUsage
CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles
CoDecrementMTAUsage

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-com-l1-1-1

RoGetAgileReference

wpprecorderum

WppAutoLogStart
WppAutoLogStop
WppAutoLogTrace

api-ms-win-core-io-l1-1-0

DeviceIoControl

bcrypt

BCryptCreateHash
BCryptGetProperty
BCryptHashData
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptOpenAlgorithmProvider

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

devobj

DevObjGetClassDevs
DevObjGetDeviceInterfaceDetail
DevObjEnumDeviceInterfaces
DevObjCreateDeviceInfoList
DevObjDestroyDeviceInfoList

Exports

Exports

FxDriverEntryUm

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UMDF/NfcCx.dll
.dll windows:10 windows x64 arch:x64

ff52f8de87fa8680782f83a0278acd52

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

NfcCx.pdb

Imports

msvcrt

__C_specific_handler
strtok_s
_vsnwprintf
sprintf_s
toupper
_amsg_exit
_XcptFilter
_callnewh
wcstombs_s
_initterm
swscanf_s
wcschr
free
memmove
memcpy
memcmp
malloc
memcpy_s
memset

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
DbgPrintEx

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
UnregisterTraceGuids

api-ms-win-eventing-provider-l1-1-0

EventProviderEnabled
EventSetInformation
EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
GetCurrentProcessId
OpenProcessToken
ResumeThread
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
CreateThread

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-com-l1-1-0

StringFromGUID2

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
SetEvent
CreateEventW
WaitForSingleObject
DeleteCriticalSection
ResetEvent
CreateEventA
InitializeCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
InitializeSRWLock
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
WaitForThreadpoolTimerCallbacks
CallbackMayRunLong
CloseThreadpoolTimer
CloseThreadpoolWork
SetThreadpoolTimer
CreateThreadpoolTimer
CreateThreadpoolWork
WaitForThreadpoolWorkCallbacks

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetTickCount

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA

api-ms-win-core-heap-l2-1-0

LocalAlloc

Exports

Exports

FxDriverEntryUm

Sections

.text
Size: 675KB - Virtual size: 675KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
downlevel/API-MS-Win-Eventing-ClassicProvider-L1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:24

Not After

02/05/2020, 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c5:6d:ba:d6:46:49:30:1e:c8:a2:53:4a:3f:e6:99:e7:0e:b7:57:ea:c8:27:e3:c1:3a:fc:be:da:b3:15:0a:88
Signer

Actual PE Digest

c5:6d:ba:d6:46:49:30:1e:c8:a2:53:4a:3f:e6:99:e7:0e:b7:57:ea:c8:27:e3:c1:3a:fc:be:da:b3:15:0a:88

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

API-MS-Win-Eventing-ClassicProvider-L1-1-0.pdb

Exports

Exports

GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
TraceEvent
TraceMessage
TraceMessageVa
UnregisterTraceGuids

Sections

.rdata
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
downlevel/API-MS-Win-Eventing-Controller-L1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:24

Not After

02/05/2020, 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:a8:57:fb:65:13:a6:42:2b:ad:06:93:65:73:fc:78:65:81:56:81:d0:dc:98:a0:e0:f2:4c:ca:b6:39:1f:45
Signer

Actual PE Digest

18:a8:57:fb:65:13:a6:42:2b:ad:06:93:65:73:fc:78:65:81:56:81:d0:dc:98:a0:e0:f2:4c:ca:b6:39:1f:45

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

API-MS-Win-Eventing-Controller-L1-1-0.pdb

Exports

Exports

ControlTraceW
EnableTraceEx2
EnumerateTraceGuidsEx
EventAccessControl
EventAccessQuery
EventAccessRemove
QueryAllTracesW
StartTraceW
StopTraceW
TraceQueryInformation
TraceSetInformation

Sections

.rdata
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
downlevel/API-MS-Win-devices-config-L1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:24

Not After

02/05/2020, 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

82:a9:3d:0e:2b:98:49:99:20:bd:e7:5d:10:89:9a:50:5a:82:14:66:e2:31:a1:07:3a:be:c7:da:1e:76:85:c9
Signer

Actual PE Digest

82:a9:3d:0e:2b:98:49:99:20:bd:e7:5d:10:89:9a:50:5a:82:14:66:e2:31:a1:07:3a:be:c7:da:1e:76:85:c9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

API-MS-Win-devices-config-L1-1-0.pdb

Exports

Exports

CM_Delete_Class_Key
CM_Delete_DevNode_Key
CM_Delete_Device_Interface_KeyW
CM_Disable_DevNode
CM_Enable_DevNode
CM_Get_Child
CM_Get_Class_PropertyW
CM_Get_Class_Property_Keys
CM_Get_Class_Registry_PropertyW
CM_Get_Depth
CM_Get_DevNode_PropertyW
CM_Get_DevNode_Property_Keys
CM_Get_DevNode_Registry_PropertyW
CM_Get_DevNode_Status
CM_Get_Device_IDW
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
CM_Get_Device_ID_Size
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_PropertyW
CM_Get_Device_Interface_Property_KeysW
CM_Get_Parent
CM_Get_Sibling
CM_Locate_DevNodeW
CM_Open_Class_KeyW
CM_Open_DevNode_Key
CM_Open_Device_Interface_KeyW
CM_Query_And_Remove_SubTreeW
CM_Register_Notification
CM_Set_Class_PropertyW
CM_Set_Class_Registry_PropertyW
CM_Set_DevNode_PropertyW
CM_Set_DevNode_Registry_PropertyW
CM_Set_Device_Interface_PropertyW
CM_Setup_DevNode
CM_Uninstall_DevNode
CM_Unregister_Notification

Sections

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
downlevel/API-MS-Win-devices-config-L1-1-1.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:24

Not After

02/05/2020, 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

84:1a:cb:7f:12:34:11:5d:e9:0f:ed:af:55:e7:30:21:5e:7b:1d:2a:fd:e0:84:82:77:2a:a4:2a:4a:1d:a1:a6
Signer

Actual PE Digest

84:1a:cb:7f:12:34:11:5d:e9:0f:ed:af:55:e7:30:21:5e:7b:1d:2a:fd:e0:84:82:77:2a:a4:2a:4a:1d:a1:a6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

API-MS-Win-devices-config-L1-1-1.pdb

Exports

Exports

CM_Delete_Class_Key
CM_Delete_DevNode_Key
CM_Delete_Device_Interface_KeyW
CM_Disable_DevNode
CM_Enable_DevNode
CM_Get_Child
CM_Get_Class_PropertyW
CM_Get_Class_Property_Keys
CM_Get_Class_Registry_PropertyW
CM_Get_Depth
CM_Get_DevNode_PropertyW
CM_Get_DevNode_Property_Keys
CM_Get_DevNode_Registry_PropertyW
CM_Get_DevNode_Status
CM_Get_Device_IDW
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
CM_Get_Device_ID_Size
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_PropertyW
CM_Get_Device_Interface_Property_KeysW
CM_Get_Parent
CM_Get_Sibling
CM_Locate_DevNodeW
CM_MapCrToWin32Err
CM_Open_Class_KeyW
CM_Open_DevNode_Key
CM_Open_Device_Interface_KeyW
CM_Query_And_Remove_SubTreeW
CM_Register_Notification
CM_Set_Class_PropertyW
CM_Set_Class_Registry_PropertyW
CM_Set_DevNode_PropertyW
CM_Set_DevNode_Registry_PropertyW
CM_Set_Device_Interface_PropertyW
CM_Setup_DevNode
CM_Uninstall_DevNode
CM_Unregister_Notification

Sections

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
downlevel/api-ms-win-crt-utility-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:24

Not After

02/05/2020, 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:aa:19:92:5b:c6:81:2a:56:7b:79:60:85:9d:9f:f2:4f:06:22:74:33:52:53:41:f1:c1:2d:c5:11:31:2a:24
Signer

Actual PE Digest

57:aa:19:92:5b:c6:81:2a:56:7b:79:60:85:9d:9f:f2:4f:06:22:74:33:52:53:41:f1:c1:2d:c5:11:31:2a:24

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-utility-l1-1-0.pdb

Exports

Exports

_abs64
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_lfind
_lfind_s
_lrotl
_lrotr
_lsearch
_lsearch_s
_rotl
_rotl64
_rotr
_rotr64
_swab
abs
bsearch
bsearch_s
div
imaxabs
imaxdiv
labs
ldiv
llabs
lldiv
qsort
qsort_s
rand
rand_s
srand

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
downlevel/api-ms-win-eventing-consumer-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:24

Not After

02/05/2020, 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f4:32:1e:d0:3e:11:e4:35:13:47:00:5a:4e:e5:a4:68:b8:c5:94:e4:f8:c5:1d:a8:9d:a3:fd:dc:d2:5b:a4:71
Signer

Actual PE Digest

f4:32:1e:d0:3e:11:e4:35:13:47:00:5a:4e:e5:a4:68:b8:c5:94:e4:f8:c5:1d:a8:9d:a3:fd:dc:d2:5b:a4:71

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

API-MS-Win-Eventing-Consumer-L1-1-0.pdb

Exports

Exports

CloseTrace
OpenTraceW
ProcessTrace

Sections

.rdata
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
launch-v3.17.msi
.msi

Sharing

General

Malware Config

Signatures

Files

3e0fc5fc148d8a2f4281bca9fa8a8166

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-processtopology-obsolete-l1-1-0

api-ms-win-power-base-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-processtopology-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-largeinteger-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-comm-l1-1-0

api-ms-win-core-apiquery-l1-1-0

framedynos

api-ms-win-security-lsapolicy-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 704KB - Virtual size: 703KB

.data Size: 14KB - Virtual size: 38KB

.pdata Size: 49KB - Virtual size: 49KB

.didat Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 10KB

cfca51f8bf1bf8f90661aaeef676fdc5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l2-1-0

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 704KB - Virtual size: 703KB

.data
Size: 14KB - Virtual size: 38KB

.pdata
Size: 49KB - Virtual size: 49KB

.didat
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB

.text
Size: 28KB - Virtual size: 28KB

.wpp_sf
Size: 1024B - Virtual size: 959B

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 18KB - Virtual size: 19KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB

.text
Size: 108KB - Virtual size: 107KB

.wpp_sf
Size: 1KB - Virtual size: 1KB

.rdata
Size: 58KB - Virtual size: 58KB

.data
Size: 6KB - Virtual size: 8KB

.pdata
Size: 5KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 144B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB