L4uncchh4er (1551)[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

L4uncchh4er (1551).rar
Size

26.0MB
MD5

776782f4067ca99259f948d1b8f681ec
SHA1

0b52c4f79cd00fcc0a7e744a24cd514b094ee29d
SHA256

43cc75fa6a610333d6eac09e1ca7ba589d2b90ded5306c3dd233942a92838f82
SHA512

7d0ea37ee9bb33ca58e79d1a54e644c82911d7a20386828285f0b37e12c7123cfac8bd82e78dcdc5b792372dc0dae3585534660ec72e1004ca8d259819f15350
SSDEEP

786432:KNd6p4gMmsM6lozOeShkh2jeGcJ3oYjdmYae:2GsblozhShQ2jzjMdj5

Score

3^/10

Malware Config

Signatures

Unsigned PE 29 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Bin/AspNetMMCExt.dll
unpack002/Bin/AspNetMMCExt.ni.dll
unpack002/Bin/AudioEndpointBuilder.dll
unpack002/Bin/AuthFWSnapIn.Resources.dll
unpack002/Bin/AuthFWSnapin.dll
unpack002/Bin/AzureSettingSyncProvider.dll
unpack002/Bin/BFE.DLL
unpack002/Bin/BatteryFlyoutExperience.dll
unpack002/Bin/BingLocalSearchService.dll
unpack002/Bin/BingMaps.dll
unpack002/Bin/BingOnlineServices.dll
unpack002/Bin/BioEnrollmentUI.dll
unpack002/Bin/System.Web.Extensions.Resources.dll
unpack002/Bin/System.Web.Extensions.ni.dll
unpack002/Bin/System.Web.Mobile.dll
unpack002/Bin/System.Web.Mobile.ni.dll
unpack002/Bin/System.Web.ni.dll
unpack002/Bin/aqueue.dll
unpack002/Bin/archiveint.dll
unpack002/Bin/audiosrv.dll
unpack002/Bin/authfwcfg.dll
unpack002/Bin/authui.dll
unpack002/Bin/azroles.dll
unpack002/Bin/batmeter.dll
unpack002/Bin/bisrv.dll
unpack002/Bin/blbmmc.dll
unpack002/Bin/blbmmc.ni.dll
unpack002/Bin/blbmmc.resources.dll
unpack002/L4uncchher.exe

Files

L4uncchh4er (1551).rar
.rar

Password: 1551
!...Pa$$w0rd - 1885.txt
L4uncchher.rar
.rar

Password: 1551
Bin/AppxPackaging.dll
.dll windows:10 windows x64 arch:x64

Password: 1551

02f753c6fd075ea1b96f042a5a4196a8

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:29

Not After

02/12/2021, 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:30:0a:c2:85:59:32:df:7c:c3:ea:ee:60:15:dc:e0:08:91:74:fd:1d:a6:64:f6:7c:9e:46:f2:d3:50:cf:c8
Signer

Actual PE Digest

2a:30:0a:c2:85:59:32:df:7c:c3:ea:ee:60:15:dc:e0:08:91:74:fd:1d:a6:64:f6:7c:9e:46:f2:d3:50:cf:c8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppxPackaging.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-string-l1-1-0

wcscmp
memset
wcsncmp

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__strnicmp
memmove
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
_o_free
_o_malloc
_o_qsort
_o_towlower
_o_wcscpy_s
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
wcschr
wcsrchr
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o__execute_onexit_table
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__errno
memcmp
wcsstr
memcpy

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetExitCodeProcess
CreateProcessW
OpenThreadToken
GetCurrentThread
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-1-0

SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
WaitForSingleObjectEx
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
AcquireSRWLockShared
WaitForSingleObject
CreateEventW
ResetEvent
EnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockShared

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleW
LoadResource
LoadLibraryExA
DisableThreadLibraryCalls
FindStringOrdinal
GetProcAddress
LoadLibraryExW
SizeofResource
LockResource
GetModuleFileNameA
GetModuleHandleExW
FreeLibrary

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetLastError
SetLastError

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTime
GetSystemTimeAsFileTime
GetLocalTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlConvertSidToUnicodeString
RtlReportException
NtQuerySystemInformation
RtlFreeSid
RtlDowncaseUnicodeString
RtlAllocateAndInitializeSid
RtlFreeUnicodeString
RtlLookupElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlInitUnicodeString
RtlCompareUnicodeString
RtlEnumerateGenericTableWithoutSplayingAvl
RtlDeleteElementGenericTableAvl
RtlSetLastWin32Error
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlInitializeBitMap
RtlClearAllBits
RtlSetBits
RtlNtStatusToDosError
RtlNumberGenericTableElementsAvl
RtlIsGenericTableEmptyAvl

opcservices

ord9
ord16
ord11
ord10
ord4
ord7
ord8
ord12
ord15

urlmon

CreateUri

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-com-l1-1-0

CoCreateInstance
StringFromGUID2
CLSIDFromString
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
CoInitializeEx
CoUninitialize

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

api-ms-win-security-base-l1-1-0

GetLengthSid
GetSidSubAuthorityCount
RevertToSelf
ImpersonateLoggedOnUser
GetSidSubAuthority

api-ms-win-core-file-l1-1-0

DeleteFileW
GetFileAttributesW
CreateDirectoryW
CreateFileW
DeleteFileA
GetFullPathNameW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
CompareStringW
CompareStringEx

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-kernel32-legacy-l1-1-0

DosDateTimeToFileTime
FileTimeToDosDateTime
FindResourceW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroup

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

SysAllocStringLen
SysAllocString
GetErrorInfo
CreateErrorInfo
SetErrorInfo
SysFreeString
VariantInit
SysStringLen

xmllite

CreateXmlReader

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 721KB - Virtual size: 721KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 273KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 575KB - Virtual size: 574KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/AppxProvider.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Password: 1551

4e4208ee5e89a0aa5d859057001f9852

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b1:5a:55:09:bd:44:61:48:32:44:97:2d:d7:e0:2c:11:17:13:64:4d:65:6b:b3:de:02:e8:f2:12:08:2b:2b:be
Signer

Actual PE Digest

b1:5a:55:09:bd:44:61:48:32:44:97:2d:d7:e0:2c:11:17:13:64:4d:65:6b:b3:de:02:e8:f2:12:08:2b:2b:be

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

AppxProvider.pdb

Imports

msvcrt

memcmp
memset
_onexit
wcschr
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_wcsnicmp
_initterm
_amsg_exit
__CxxFrameHandler3
_XcptFilter
_CxxThrowException
malloc
wcsrchr
memmove_s
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
_purecall
vswprintf_s
_vscwprintf
wcstok_s
_wcsicmp
wcsncpy_s
wcscat_s
free
wcscpy_s
__C_specific_handler
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
__RTDynamicCast
wcscmp

ntdll

RtlNtStatusToDosError
NtSetInformationFile
RtlInitializeGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlAllocateAndInitializeSid
RtlEqualSid
RtlFindAceByType
RtlFreeHeap
RtlAllocateHeap
RtlLookupElementGenericTableAvl
RtlFreeSid
RtlInsertElementGenericTableAvl
RtlNumberGenericTableElementsAvl
RtlInitUnicodeString
RtlCompareUnicodeString
RtlEnumerateGenericTableWithoutSplayingAvl

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
GetProcessHeap

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

SetThreadLocale
SetThreadUILanguage
GetThreadLocale
FormatMessageW

api-ms-win-core-libraryloader-l1-1-0

LoadLibraryExA
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW
FindResourceExW
LoadResource
LockResource
GetProcAddress
FreeLibrary
SizeofResource
DisableThreadLibraryCalls
LoadStringW
LoadLibraryExW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
CreateEventW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObject

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-string-l2-1-0

CharNextW
CharLowerBuffW
CharUpperBuffW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey

api-ms-win-core-com-l1-1-0

CoInitializeEx
CLSIDFromString
CoTaskMemFree
ProgIDFromCLSID
CoCreateGuid
CoCreateInstance
CoTaskMemAlloc
StringFromGUID2
CoUninitialize
CoSetProxyBlanket

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-kernel32-legacy-l1-1-0

CopyFileW

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
GetEnvironmentVariableW
SearchPathW

api-ms-win-core-file-l1-1-0

GetFileInformationByHandle
GetLongPathNameW
GetFinalPathNameByHandleW
FindClose
DeleteFileW
CreateFileW
GetFileAttributesW
SetFileAttributesW
GetFullPathNameW
FindFirstFileW
ReadFile
SetFilePointer
FindNextFileW
CreateDirectoryW

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

api-ms-win-core-file-l2-1-0

CreateHardLinkW
CopyFileExW

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
Sleep
WakeAllConditionVariable

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-security-provider-l1-1-0

GetSecurityInfo

api-ms-win-core-memory-l1-1-0

MapViewOfFile
VirtualProtect
UnmapViewOfFile
VirtualQuery
CreateFileMappingW

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

user32

UnregisterClassA

oleaut32

CreateErrorInfo
SysAllocStringLen
SysStringLen
RegisterTypeLi
SysAllocStringByteLen
LoadTypeLi
SysAllocString
GetErrorInfo
LoadRegTypeLi
UnRegisterTypeLi
SysFreeString
VariantClear
SetErrorInfo
SysStringByteLen

urlmon

CreateUri

winsta

WinStationGetTermSrvCountersValue

api-ms-win-core-path-l1-1-0

PathAllocCanonicalize

bcrypt

BCryptFinishHash
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptCreateHash
BCryptHashData

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-io-l1-1-0

DeviceIoControl

Exports

Exports

AddProvisionedAppxPackageForCSP
DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RemoveProvisionedAppxPackageForAllUsersForCSP
RemoveProvisionedAppxPackageForCSP

Sections

.text
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/AspNetMMCExt.dll
.dll windows:4 windows x86 arch:x86

Password: 1551

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AspNetMMCExt.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 484KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/AspNetMMCExt.ni.dll
.dll windows:5 windows x64 arch:x64

Password: 1551

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AspNetMMCExt.pdb

Sections

.data
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 826KB - Virtual size: 826KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.extjmp
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.extrel
Size: 512B - Virtual size: 106B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/AudioEndpointBuilder.dll
.dll windows:10 windows x64 arch:x64

Password: 1551

321a01d0256a771698d60a2f7ed40ad3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AudioEndpointBuilder.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-string-l1-1-0

wcsncmp
memset
wcscmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__wcsicmp
memmove
_o_calloc
_o_free
_o_malloc
_o_memcpy_s
_o_realloc
_o_terminate
_o_towlower
_o_wcsncpy_s
_o_wcstol
_o_wmemcpy_s
_o__crt_atexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__errno
_o__cexit
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__C_specific_handler
__std_terminate
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
SizeofResource
LockResource
LoadResource
GetModuleHandleExW
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
FindResourceExW
DisableThreadLibraryCalls
LoadStringW
GetProcAddress
FreeLibrary

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
AcquireSRWLockExclusive
AcquireSRWLockShared
InitializeCriticalSection
ResetEvent
ReleaseSemaphore
ReleaseSRWLockShared
CreateSemaphoreExW
SetEvent
CreateEventW
InitializeSRWLock
WaitForMultipleObjectsEx
CreateEventExW

api-ms-win-core-heap-l1-1-0

HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetExitCodeProcess
TerminateProcess
CreateProcessW
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

oleaut32

SysAllocString
SysStringByteLen
SysStringLen
VarBstrCmp
SysAllocStringByteLen
SysFreeString

ntdll

RtlHashUnicodeString
RtlNtStatusToDosError
WinSqmAddToStreamEx
RtlPublishWnfStateData
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
RtlReportException
RtlDllShutdownInProgress
RtlAllocateMemoryBlockLookaside
NtQueryInformationProcess
EtwTraceMessage
EtwEventRegister
EtwEventSetInformation
EtwEventUnregister
EtwEventWriteTransfer
RtlCreateMemoryBlockLookaside
RtlGetCurrentServiceSessionId
RtlGetActiveConsoleId
RtlFreeMemoryBlockLookaside
RtlInitUnicodeString
RtlExtendMemoryBlockLookaside

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
WaitForThreadpoolWorkCallbacks
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWork
SetThreadpoolTimerEx
IsThreadpoolTimerSet
CreateThreadpoolWork
SetThreadpoolTimer
CloseThreadpool
SubmitThreadpoolWork
SetThreadpoolWait
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegQueryInfoKeyW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegGetValueW
RegEnumKeyExW

api-ms-win-devices-config-l1-1-1

CM_Get_Device_IDW
CM_Unregister_Notification
CM_Get_DevNode_PropertyW
CM_Get_Device_ID_Size
CM_Get_Sibling
CM_Get_Child
CM_Register_Notification
CM_Locate_DevNodeW
CM_Open_DevNode_Key
CM_MapCrToWin32Err

api-ms-win-devices-query-l1-1-0

DevFindProperty
DevGetObjectProperties
DevFreeObjectProperties
DevGetObjects
DevSetObjectProperties
DevFreeObjects
DevCreateObjectQuery
DevCloseObjectQuery

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsCreateStringReference
WindowsCreateString
WindowsDeleteString
WindowsGetStringLen
WindowsGetStringRawBuffer

api-ms-win-core-winrt-registration-l1-1-0

RoGetActivatableClassRegistration

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
CompareStringOrdinal

api-ms-win-devices-swdevice-l1-1-0

SwDevicePropertySet
SwDeviceInterfacePropertySet
SwDeviceCreate
SwDeviceInterfaceRegister
SwDeviceClose
SwDeviceInterfaceSetState

mmdevapi

ord2
ord21
ord29
ord7
ord9
ord27
ord15

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-io-l1-1-0

PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl

api-ms-win-security-base-l1-1-0

MakeSelfRelativeSD
MakeAbsoluteSD
AddAce
GetSecurityDescriptorLength
GetLengthSid
IsValidSid
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetSecurityDescriptorOwner
InitializeSid
CopySid
GetSecurityDescriptorControl
GetAclInformation
InitializeSecurityDescriptor
GetSidLengthRequired
GetSidSubAuthority
GetSecurityDescriptorGroup
InitializeAcl

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetSystemDirectoryW
GetTickCount

api-ms-win-core-memory-l1-1-1

GetProcessWorkingSetSizeEx
SetProcessWorkingSetSizeEx

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
TraceEvent

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathParseIconLocationW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-featurestaging-l1-1-0

GetFeatureEnabledState
SubscribeFeatureStateChangeNotification
UnsubscribeFeatureStateChangeNotification
RecordFeatureUsage

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo
RoTransformError

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-crt-math-l1-1-0

sinf

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 540KB - Virtual size: 539KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 512B - Virtual size: 183B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 32B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/AudioEng.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Password: 1551

34e7cb1f513e96f7c2540bdc53e88ee5

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:29

Not After

02/12/2021, 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:b7:ca:62:16:c8:eb:54:1f:6c:1a:f7:5f:03:76:88:b2:bc:6e:03:b2:b2:73:93:e8:35:aa:f2:04:8d:cb:ab
Signer

Actual PE Digest

a0:b7:ca:62:16:c8:eb:54:1f:6c:1a:f7:5f:03:76:88:b2:bc:6e:03:b2:b2:73:93:e8:35:aa:f2:04:8d:cb:ab

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AUDIOENG.pdb

Imports

oleaut32

VarUI4FromStr

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventActivityIdControl
EventSetInformation

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapReAlloc
HeapSize
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-com-l1-1-0

PropVariantClear
StringFromCLSID
CoCreateFreeThreadedMarshaler
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
IIDFromString
CoTaskMemAlloc
CoCreateGuid
CoDisconnectObject
StringFromIID

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

SetThreadLocale
FormatMessageW
GetThreadLocale

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError

api-ms-win-core-synch-l1-1-0

ReleaseMutex
ReleaseSemaphore
ReleaseSRWLockExclusive
DeleteCriticalSection
EnterCriticalSection
WaitForSingleObjectEx
InitializeSRWLock
CreateEventW
AcquireSRWLockExclusive
CreateEventA
WaitForSingleObject
OpenSemaphoreW
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
ResetEvent
InitializeCriticalSectionEx
ReleaseSRWLockShared
AcquireSRWLockShared
SetWaitableTimer
SetEvent
LeaveCriticalSection
CreateMutexExW
CreateSemaphoreExW
WaitForMultipleObjectsEx
CancelWaitableTimer
CreateWaitableTimerExW

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
GetProcAddress
FreeLibrary
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleExW
FindResourceExW
LockResource
GetModuleHandleW
GetModuleFileNameW
DisableThreadLibraryCalls
LoadResource

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
SetThreadPriority
GetCurrentThread
CreateThread
TlsSetValue
TlsGetValue
GetCurrentThreadId

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExA
RegQueryValueExA
RegNotifyChangeKeyValue
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegQueryValueExW
RegGetValueW
RegDeleteKeyExW
RegSetValueExW

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
TraceMessage
UnregisterTraceGuids
GetTraceEnableFlags
GetTraceLoggerHandle
GetTraceEnableLevel
TraceEvent

ntdll

NtClose
RtlLockCurrentThread
RtlPublishWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
EtwLogTraceEvent
RtlAllocateMemoryBlockLookaside
RtlDestroyMemoryBlockLookaside
RtlExtendMemoryBlockLookaside
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
RtlReportException
NtQueryInformationProcess
RtlUnlockMemoryBlockLookaside
RtlCreateMemoryBlockLookaside
RtlLockModuleSection
RtlUnlockModuleSection
NtSetTimerResolution
RtlLockMemoryBlockLookaside
RtlUnlockCurrentThread
RtlNtStatusToDosError
RtlFreeMemoryBlockLookaside

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

rpcrt4

NdrClientCall3
I_RpcExceptionFilter
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcStringFreeW
RpcBindingFree

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceInitialize
InitOnceComplete
InitOnceExecuteOnce

propsys

PropVariantToBuffer
PropVariantGetElementCount
PropVariantToString

api-ms-win-crt-math-l1-1-0

tanf
sinf
logf
log10f
floorf
expf
cosf
ceilf
atan2f
asinf
_isnan
_finite
sqrtf

api-ms-win-crt-string-l1-1-0

memmove_s
memset
strnlen
strncmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o___stdio_common_vswprintf_s
_o__wcsicmp
_o__wfopen_s
_o__wmkdir
_o__wstat32
_o__wtof
_o_acos
_o_atan2
_o_atoi
_o_calloc
_o_ceil
_o_cos
_o_exp
_o_fclose
_o_fgets
_o_floor
_o_fmod
_o_fopen
_o_fread
_o_free
_o_fseek
_o_fwrite
_o_log
_o_malloc
_o_memcpy_s
_o_pow
_o_powf
_o_qsort
_o_realloc
_o_sin
_o_sqrt
_o_strcat_s
_o_strcpy_s
_o_strncpy_s
_o_strtod
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstombs_s
strchr
strstr
_o___stdio_common_vfprintf_s
_o___stdio_common_vfprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsscanf
_o___stdio_common_vsprintf_s
_o__crt_atexit
_o___acrt_iob_func
_o__configure_narrow_argv
__C_specific_handler
__std_terminate
__CxxFrameHandler3
_o__cexit
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o__aligned_malloc
_o__aligned_free
_CxxThrowException
_o___stdio_common_vswscanf
_o___stdio_common_vfwprintf
memcmp
memcpy
memmove

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolCleanupGroup
SetThreadpoolThreadMinimum
CreateThreadpool
CloseThreadpool
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
SetThreadpoolThreadMaximum
CreateThreadpoolTimer
CreateThreadpoolWork
CloseThreadpoolWork
CloseThreadpoolWait
SetThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolWait
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
SubmitThreadpoolWork

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsCompareStringOrdinal
WindowsConcatString
WindowsCreateStringReference
WindowsDeleteString
WindowsCreateString

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathFindFileNameW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-path-l1-1-0

PathCchRenameExtension

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueEx
CreateTimerQueueTimer
CreateTimerQueue

api-ms-win-core-file-l1-1-0

GetFileSize
ReadFile
CreateFileA
WriteFile

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-memory-l1-1-1

GetProcessWorkingSetSizeEx
SetProcessWorkingSetSizeEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

avrt

AvThreadOpenTaskIndex
AvTaskIndexYieldCancel
AvTaskIndexYield
AvSetMultimediaMode
AvSetMmThreadCharacteristicsA
AvQuerySystemResponsiveness
AvRevertMmThreadCharacteristics
AvSetMmThreadPriority

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AERT_Allocate
AERT_Free
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1013KB - Virtual size: 1013KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 878KB - Virtual size: 878KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/AudioSes.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Password: 1551

1fcf296bc1cd4eeaafc61530b402aa13

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:29

Not After

02/12/2021, 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:b8:e8:94:8e:d6:ad:d6:93:04:5c:ef:8f:de:b4:d7:b6:f7:24:1b:62:09:db:ee:85:d5:b3:5c:b2:88:1d:fb
Signer

Actual PE Digest

41:b8:e8:94:8e:d6:ad:d6:93:04:5c:ef:8f:de:b4:d7:b6:f7:24:1b:62:09:db:ee:85:d5:b3:5c:b2:88:1d:fb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

audioses.pdb

Imports

msvcp_win

_Mtx_init_in_situ
_Mtx_destroy_in_situ
?_Xbad_function_call@std@@YAXXZ
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-string-l1-1-0

memset
wcscmp
memmove_s

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__localtime64_s
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
memmove
_o__wsplitpath_s
_o__wtof
_o__wtoi
_o_calloc
_o_ceil
_o_floor
_o_free
_o_log2
_o_malloc
_o_pow
_o_powf
_o_realloc
_o_sqrt
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wmemcpy_s
wcschr
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy

rpcrt4

CStdStubBuffer_AddRef
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
I_RpcMapWin32Status
CStdStubBuffer_Invoke
CStdStubBuffer_CountRefs
NdrCStdStubBuffer_Release
CStdStubBuffer_DebugServerQueryInterface
RpcSmDestroyClientContext
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingFree
NdrDllCanUnloadNow
I_RpcExceptionFilter
CStdStubBuffer_Disconnect
NdrDllGetClassObject
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrOleFree
NdrClientCall3
RpcStringFreeW

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient8
ObjectStublessClient13
ObjectStublessClient9
ObjectStublessClient17
ObjectStublessClient7
ObjectStublessClient6
ObjectStublessClient15
ObjectStublessClient20
ObjectStublessClient18
ObjectStublessClient3
ObjectStublessClient22
ObjectStublessClient4
ObjectStublessClient19
ObjectStublessClient10
ObjectStublessClient16
ObjectStublessClient12
ObjectStublessClient21
ObjectStublessClient5
ObjectStublessClient11
ObjectStublessClient14

oleaut32

BSTR_UserUnmarshal
BSTR_UserMarshal
LPSAFEARRAY_UserUnmarshal64
LPSAFEARRAY_UserMarshal64
BSTR_UserUnmarshal64
LPSAFEARRAY_UserFree
BSTR_UserFree64
LPSAFEARRAY_UserUnmarshal
BSTR_UserSize64
SystemTimeToVariantTime
LPSAFEARRAY_UserSize64
BSTR_UserMarshal64
LPSAFEARRAY_UserFree64
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
BSTR_UserSize
VariantTimeToSystemTime
VarUI4FromStr
BSTR_UserFree

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
SizeofResource
GetModuleFileNameW
LoadResource
GetProcAddress
LoadLibraryExW
GetModuleFileNameA
DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleExW
LockResource
GetModuleHandleW

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadLocale
GetThreadLocale

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceInitialize
InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
LeaveCriticalSection
WaitForSingleObjectEx
AcquireSRWLockShared
AcquireSRWLockExclusive
WaitForSingleObject
WaitForMultipleObjectsEx
CancelWaitableTimer
InitializeCriticalSectionAndSpinCount
InitializeSRWLock
DeleteCriticalSection
OpenEventW
InitializeCriticalSectionEx
SetWaitableTimer
ReleaseSemaphore
ReleaseMutex
EnterCriticalSection
CreateEventW
ResetEvent
ReleaseSRWLockExclusive
CreateSemaphoreExW
CreateMutexExW
CreateEventExW
TryEnterCriticalSection
SetEvent
CreateWaitableTimerExW
OpenSemaphoreW
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSize
GetProcessHeap
HeapDestroy
HeapReAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsDeleteString
WindowsDuplicateString
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsGetStringLen

api-ms-win-core-com-l1-1-0

CoGetApartmentType
CoInitializeEx
PropVariantClear
CoTaskMemRealloc
CoTaskMemFree
CoWaitForMultipleHandles
PropVariantCopy
CoCreateFreeThreadedMarshaler
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoCreateGuid
CoUninitialize

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegEnumKeyExW
RegGetValueW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventActivityIdControl
EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
TraceEvent
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsW
TraceMessage

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
CreateThread

api-ms-win-core-string-l2-1-0

IsCharAlphaW
CharNextW

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
SetRestrictedErrorInfo
RoOriginateError
RoOriginateErrorW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
CloseThreadpool
CreateThreadpoolWork
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SubmitThreadpoolWork
CreateThreadpool
SetThreadpoolThreadMaximum
CreateThreadpoolTimer
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
SetThreadpoolThreadMinimum
TrySubmitThreadpoolCallback
SetThreadpoolTimer
CreateThreadpoolCleanupGroup

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW

ntdll

RtlQueryPackageClaims
RtlCreateMemoryBlockLookaside
RtlDestroyMemoryZone
RtlLockMemoryZone
RtlFreeMemoryBlockLookaside
RtlCreateMemoryZone
RtlDestroyMemoryBlockLookaside
RtlExtendMemoryBlockLookaside
NtQueryInformationProcess
RtlInitUnicodeStringEx
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
AlpcInitializeMessageAttribute
AlpcGetMessageAttribute
NtAlpcSendWaitReceivePort
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
RtlEqualWnfChangeStamps
RtlNtStatusToDosError
RtlAllocateMemoryBlockLookaside
RtlAllocateMemoryZone
ShipAssert
NtSetInformationThread
NtQueryInformationThread
NtAlpcConnectPort
RtlUnlockMemoryZone

api-ms-win-power-base-l1-1-0

PowerRegisterSuspendResumeNotification
PowerUnregisterSuspendResumeNotification

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
MapViewOfFile

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSize

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-memory-l1-1-1

VirtualUnlock
SetProcessWorkingSetSizeEx
PrefetchVirtualMemory
VirtualLock
GetProcessWorkingSetSizeEx

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-service-private-l1-1-0

UnsubscribeServiceChangeNotifications
SubscribeServiceChangeNotifications

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterMemoryBlock

api-ms-win-mm-time-l1-1-0

timeBeginPeriod

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-featurestaging-l1-1-0

UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification
RecordFeatureUsage
GetFeatureEnabledState

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-rtcore-ntuser-private-l1-1-4

ord2597

mmdevapi

ord30
ord5
ord10
ord29
ord11

avrt

AvRevertMmThreadCharacteristics
AvSetMmThreadCharacteristicsA
AvQuerySystemResponsiveness
AvSetMmThreadPriority
AvSetMmThreadCharacteristicsW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-crt-math-l1-1-0

log10f
sinf
sqrtf

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 806KB - Virtual size: 805KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/AuthFWSnapIn.Resources.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/AuthFWSnapin.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AuthFWSnapin.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/AzureSettingSyncProvider.dll
.dll windows:10 windows x64 arch:x64

ebea5bd7ed5127001d13fde372b0ee86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AzureSettingSyncProvider.pdb

Imports

msvcrt

__iob_func
_CxxThrowException
wcscmp
?what@exception@@UEBAPEBDXZ
_XcptFilter
memcpy
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
_lock
malloc
_set_errno
_get_errno
??_V@YAXPEAX@Z
towlower
_itoa_s
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
??0bad_cast@@QEAA@AEBV0@@Z
_wcsicmp
__mb_cur_max
sprintf
localeconv
wcschr
towupper
sprintf_s
vfprintf
iswspace
strncmp
_unlock
_amsg_exit
memchr
_wcsnicmp
wcsstr
ldexp
_wcstoi64
_errno
wcstoul
_wcstoui64
_ultow_s
toupper
tolower
swscanf_s
iswalnum
wcsncpy_s
realloc
strcspn
setlocale
memset
___mb_cur_max_func
___lc_handle_func
___lc_codepage_func
_ismbblead
_wcsdup
??8type_info@@QEBAHAEBV0@@Z
__crtCompareStringW
__crtCompareStringA
__crtLCMapStringW
__crtLCMapStringA
_get_current_locale
_free_locale
__uncaught_exception
__pctype_func
isupper
calloc
islower
isspace
_Getdays
_Getmonths
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
_Gettnames
_Strftime
abort
isalnum
isdigit
___lc_collate_cp_func
memcmp
?terminate@@YAXXZ
free
__C_specific_handler
_ui64tow_s
__dllonexit
ceil
??1type_info@@UEAA@XZ
_onexit
time
_initterm
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
swprintf_s
memmove
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
__CxxFrameHandler3
??3@YAXPEAX@Z

dsreg

DsrFreeJoinInfo
DsrGetJoinInfo

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleExW
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

CreateMutexExW
InitializeCriticalSectionEx
OpenSemaphoreW
WaitForSingleObjectEx
CreateEventW
EnterCriticalSection
CreateMutexW
ReleaseMutex
CreateSemaphoreExW
SetEvent
DeleteCriticalSection
ResetEvent
InitializeCriticalSection
AcquireSRWLockExclusive
InitializeSRWLock
WaitForSingleObject
LeaveCriticalSection
ReleaseSemaphore
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
CreateEventExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
LCMapStringEx
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

oleaut32

SysFreeString
VarBstrCmp
SysAllocStringLen
SysAllocStringByteLen
SysAllocString
SysStringByteLen
SysStringLen

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
RegisterTraceGuidsW
GetTraceEnableLevel
UnregisterTraceGuids
TraceMessage
GetTraceLoggerHandle

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventSetInformation
EventWriteTransfer
EventRegister
EventProviderEnabled

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceComplete
Sleep

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetVersionExW
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegDeleteTreeW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW

api-ms-win-core-com-l1-1-0

CLSIDFromString
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
GetHGlobalFromStream
PropVariantClear
CreateStreamOnHGlobal
CoWaitForMultipleHandles
CoCreateGuid
CoSetProxyBlanket
CoTaskMemRealloc
StringFromCLSID
CoGetMalloc
CoCreateFreeThreadedMarshaler
StringFromGUID2

api-ms-win-core-path-l1-1-0

PathAllocCombine

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalAlloc
LocalFree

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsCompareStringOrdinal

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-string-l1-1-0

GetStringTypeW
CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

propsys

PropVariantChangeType
ord436
ord435
PSPropertyBag_WriteStr
PSCreateMemoryPropertyStore
PSPropertyBag_WriteUnknown

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-core-file-l1-1-0

WriteFile
ReadFile
SetFileInformationByHandle
DeleteFileW
GetFileSizeEx
GetFullPathNameW
CompareFileTime
CreateFileW
FindNextFileW
FindClose
FindFirstFileExW
FlushFileBuffers
GetDiskFreeSpaceExW
RemoveDirectoryW

rpcrt4

UuidToStringW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

ntdll

NtPowerInformation
RtlAllocateHeap
ZwClose
AlpcGetMessageAttribute
AlpcInitializeMessageAttribute
TpWaitForAlpcCompletion
ZwAlpcConnectPort
RtlWaitOnAddress
ZwAlpcQueryInformation
TpReleaseAlpcCompletion
ZwAlpcSendWaitReceivePort
ZwAlpcDisconnectPort
TpAllocAlpcCompletion
RtlWakeAddressAll
ZwAlpcCancelMessage
vDbgPrintEx
EtwEventActivityIdControl
NtQueryInformationFile
RtlInitUnicodeString
NtOpenFile
RtlInitUnicodeStringEx
RtlIsDosDeviceName_U
NtClose
NtCreateFile
RtlReleaseRelativeName
RtlFreeHeap
RtlDosPathNameToRelativeNtPathName_U
RtlNtStatusToDosError
RtlGetSuiteMask
NtFsControlFile

api-ms-win-power-base-l1-1-0

PowerDeterminePlatformRoleEx

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-shlwapi-legacy-l1-1-0

PathStripPathW
PathGetCharTypeW

winhttp

WinHttpCloseHandle
WinHttpSendRequest
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpSetOption
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpConnect
WinHttpSetStatusCallback
WinHttpReadData
WinHttpCrackUrl
WinHttpQueryDataAvailable

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

bcrypt

BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCloseAlgorithmProvider

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpool
CloseThreadpoolWait
CloseThreadpoolTimer
CreateThreadpool
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
SetThreadpoolTimer

crypt32

CryptBinaryToStringW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 514KB - Virtual size: 514KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/BFE.DLL
.dll windows:10 windows x64 arch:x64

6c628ddb98233655e5dc9c6bac0a3097

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bfe.pdb

Imports

msvcrt

_initterm
__C_specific_handler
wcscspn
_wcslwr
bsearch
_ultoa_s
strpbrk
strstr
sprintf_s
_ui64toa_s
isprint
_ltoa_s
_i64toa_s
wprintf
memmove
memcpy
malloc
memcmp
log
wcstoul
_vsnprintf
_vsnwprintf
_wcsicmp
free
wcstol
qsort
_amsg_exit
iswctype
_XcptFilter
wcschr
_wcsnicmp
_ultow
tolower
wcsnlen
memset

ntdll

NtQueryObject
RtlGetSaclSecurityDescriptor
RtlValidRelativeSecurityDescriptor
RtlNumberOfSetBits
RtlInitializeBitMap
WinSqmIsOptedIn
WinSqmSetDWORD
WinSqmAddToStream
RtlValidSid
RtlLengthSid
NtDeviceIoControlFile
RtlAllocateHeap
RtlInitializeSRWLock
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlGetCurrentServiceSessionId
RtlCreateHashTable
RtlDeleteHashTable
RtlInsertEntryHashTable
RtlRemoveEntryHashTable
RtlLookupEntryHashTable
RtlGetNextEntryHashTable
RtlInitEnumerationHashTable
RtlEnumerateEntryHashTable
RtlEndEnumerationHashTable
RtlContractHashTable
RtlGetOwnerSecurityDescriptor
RtlAdjustPrivilege
RtlAbsoluteToSelfRelativeSD
RtlSetOwnerSecurityDescriptor
RtlSelfRelativeToAbsoluteSD2
RtlCreateServiceSid
RtlIntegerToUnicodeString
RtlInitUnicodeString
RtlSubAuthorityCountSid
TpReleaseTimer
TpWaitForTimer
RtlFreeHeap
RtlIpv4AddressToStringA
RtlIpv6AddressToStringA
RtlEthernetAddressToStringA
TpSetTimer
TpIsTimerSet
TpAllocTimer
RtlEqualSid
RtlLengthSecurityDescriptor
RtlApplicationVerifierStop
EtwEventEnabled
EtwEventWriteTransfer
EtwEventWrite
EtwEventActivityIdControl
EtwEventUnregister
EtwEventRegister
RtlNtStatusToDosError
EtwTraceMessage
RtlExpandHashTable
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlSetThreadPreferredUILanguages

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadStringW
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
CreateThread
TlsGetValue
GetCurrentThread
OpenThreadToken
TlsSetValue
GetCurrentProcess
TerminateProcess
TlsFree
TlsAlloc
GetProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime
GetTickCount64
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-1-0

CreateEventW
CreateSemaphoreExW
ReleaseSRWLockShared
EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
ReleaseSemaphore
AcquireSRWLockShared
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
SetEvent
InitializeSRWLock
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
ReleaseSRWLockExclusive

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueue
DeleteTimerQueueTimer
UnregisterWaitEx

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-security-base-l1-1-0

DestroyPrivateObjectSecurity
GetPrivateObjectSecurity
GetSecurityDescriptorControl
CreatePrivateObjectSecurityEx
GetSecurityDescriptorLength
SetSecurityDescriptorControl
SetPrivateObjectSecurityEx
MapGenericMask
PrivilegeCheck
EqualSid
CopySid
InitializeSecurityDescriptor
AllocateAndInitializeSid
CreateWellKnownSid
FreeSid
InitializeAcl
GetLengthSid
AddAccessAllowedAce
SetSecurityDescriptorDacl

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapDestroy
HeapFree
GetProcessHeap
HeapSize
HeapCreate
HeapReAlloc

rpcrt4

RpcRaiseException
RpcImpersonateClient
RpcServerInqCallAttributesW
UuidCreate
RpcGetAuthorizationContextForClient
RpcBindingVectorFree
RpcServerUnregisterIfEx
RpcFreeAuthorizationContext
RpcEpUnregister
NdrServerCallAll
NdrServerCall2
RpcServerUseProtseqW
RpcServerRegisterIf3
I_RpcExceptionFilter
MesHandleFree
RpcServerInqBindings
MesEncodeDynBufferHandleCreate
MesDecodeBufferHandleCreate
UuidFromStringW
RpcRevertToSelf
NdrMesTypeEncode3
NdrMesTypeDecode3
I_RpcBindingInqLocalClientPID
RpcEpRegisterW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

authz

AuthzGetInformationFromContext
AuthzAccessCheck
AuthziFreeAuditEventType
AuthzInitializeResourceManager
AuthzFreeResourceManager
AuthzFreeContext
AuthzInitializeContextFromSid
AuthzFreeAuditEvent
AuthziLogAuditEvent
AuthziInitializeAuditEventType
AuthziInitializeAuditParamsFromArray
AuthziInitializeAuditEvent

ws2_32

htonl

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

iphlpapi

GetCurrentThreadCompartmentId

api-ms-win-core-file-l1-1-0

WriteFile
CreateFileW
DeleteFileW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-perfcounters-l1-1-0

PerfCreateInstance
PerfStartProvider
PerfSetULongLongCounterValue
PerfSetULongCounterValue
PerfStopProvider
PerfSetCounterSetInfo

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegQueryInfoKeyW
RegCloseKey
RegSetValueExW
RegEnumValueW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
SubmitThreadpoolWork
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-eventing-controller-l1-1-0

StartTraceW
EnableTraceEx2
ControlTraceW

api-ms-win-eventing-consumer-l1-1-0

ProcessTrace
OpenTraceW
CloseTrace

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

BfeGetDirectDispatchTable
BfeOnServiceStartTypeChange
BfeServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 447KB - Virtual size: 446KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 355KB - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/BatteryFlyoutExperience.dll
.dll windows:6 windows x64 arch:x64

8034ef537c1b18adfe8520e7e361f873

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

BatteryFlyoutExperience.pdb

Imports

advapi32

RegGetValueW
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
RegCloseKey
RegQueryValueExW
RegOpenKeyW
EventProviderEnabled

quickactionsdatamodel

GetQuickActionsProvider

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiGetDevicePropertyW
SetupDiEnumDeviceInfo

kernel32

GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
EncodePointer
GetCurrentThreadId
OutputDebugStringW
FormatMessageW
IsDebuggerPresent
HeapFree
GetProcessHeap
HeapAlloc
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateThreadpoolTimer
SetThreadpoolTimer
GetProcAddress
GetModuleHandleW
AcquireSRWLockShared
ReleaseSRWLockShared
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
CloseHandle
WakeAllConditionVariable
SetLastError
CreateSemaphoreExW
WaitForSingleObject
ReleaseSemaphore
OpenSemaphoreW
ReleaseMutex
WaitForSingleObjectEx
CreateMutexExW
GetCurrentProcessId
InitOnceBeginInitialize
InitOnceComplete
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
GetModuleFileNameA
CreateEventExW
GetModuleHandleExW
SetEvent
ResetEvent
DebugBreak
InitializeCriticalSection
LocalAlloc
CompareStringOrdinal
LocalFree
MulDiv
GetTickCount
Sleep
GetStringTypeW
WideCharToMultiByte
MultiByteToWideChar
SleepConditionVariableSRW
QueryPerformanceCounter
TerminateProcess
GetLastError
DecodePointer
GetSystemTimeAsFileTime

msvcrt

_unlock
___mb_cur_max_func
___lc_handle_func
___lc_codepage_func
_ismbblead
__pctype_func
calloc
___lc_collate_cp_func
memcmp
abort
_wcsdup
__crtCompareStringW
__crtLCMapStringW
_get_current_locale
_free_locale
setlocale
__dllonexit
__C_specific_handler
_onexit
??1type_info@@UEAA@XZ
_XcptFilter
_amsg_exit
_initterm
__ExceptionPtrRethrow
??0exception@@QEAA@XZ
?terminate@@YAXXZ
__ExceptionPtrCreate
__ExceptionPtrCurrentException
__ExceptionPtrCopy
__ExceptionPtrDestroy
free
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
_purecall
_vsnwprintf
_lock
__uncaught_exception
memmove
memcpy
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
malloc
memcpy_s
wcslen
memset
toupper
qsort
_wtoi
realloc
strchr
wcstol
_errno
wcsrchr
wcsstr
_vsnprintf_s
memmove_s
??3@YAXPEAX@Z
__CxxFrameHandler3
_CxxThrowException

wincorlib

?UninitializeData@Details@Platform@@YAXH@Z
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
?InitializeData@Details@Platform@@YAJH@Z
?__abi_FailFast@@YAXXZ
?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z
?GetActivationFactory@Details@Platform@@YAJPEAVModuleBase@1WRL@Microsoft@@PEAUHSTRING__@@PEAPEAUIActivationFactory@@@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
??0ChangedStateException@Platform@@QE$AAA@XZ
??0OutOfBoundsException@Platform@@QE$AAA@XZ
??0FailureException@Platform@@QE$AAA@XZ
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z
??0OutOfMemoryException@Platform@@QE$AAA@XZ
?GetWeakReference@Details@Platform@@YAPEAU__abi_IUnknown@@QE$ADVObject@2@@Z
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
?ReCreateException@Exception@Platform@@SAPE$AAV12@H@Z
?get@FullName@Type@Platform@@QE$AAAPE$AAVString@3@XZ
?__abi_ObjectToString@__abi_details@@YAPE$AAVString@Platform@@PE$AAVObject@3@_N@Z
?GetTypeCode@Type@Platform@@SA?AW4TypeCode@2@PE$AAV12@@Z
?GetIBoxVtable@Details@Platform@@YAPEAXPEAX@Z
?CreateValue@Details@Platform@@YAPE$AAVObject@2@W4TypeCode@2@PEBX@Z
??0Exception@Platform@@QE$AAA@H@Z
??0FailureException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0DisconnectedException@Platform@@QE$AAA@XZ
?CreateException@Exception@Platform@@SAPE$AAV12@H@Z
?__abi_make_type_id@@YAPE$AAVType@Platform@@AEBU__abi_type_descriptor@@@Z
??BType@Platform@@SA?AVTypeName@Interop@Xaml@UI@Windows@@PE$AAV01@@Z
??0Delegate@Platform@@QE$AAA@XZ
?Allocate@Heap@Details@Platform@@SAPEAX_K@Z
?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
??0NullReferenceException@Platform@@QE$AAA@XZ
??0NotImplementedException@Platform@@QE$AAA@XZ
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?Free@Heap@Details@Platform@@SAXPEAX@Z
??0Object@Platform@@QE$AAA@XZ
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z
??0InvalidArgumentException@Platform@@QE$AAA@PE$AAVString@1@@Z
?Equals@Object@Platform@@QE$AAA_NPE$AAV12@@Z
?__abi_cast_Object_to_String@__abi_details@@YAPE$AAVString@Platform@@_NPE$AAVObject@3@@Z
?ResolveWeakReference@Details@Platform@@YAPE$AAVObject@2@AEBU_GUID@@PEAPEAU__abi_IUnknown@@@Z
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseFailureException@@YAXXZ
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
??0InvalidArgumentException@Platform@@QE$AAA@XZ
?TerminateModule@Details@Platform@@YA_NPEAVModuleBase@1WRL@Microsoft@@@Z

ole32

CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoGetApartmentType
CoGetObjectContext
CoTaskMemFree

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString
WindowsDuplicateString
WindowsGetStringLen
WindowsGetStringRawBuffer
WindowsCreateString
WindowsConcatString
WindowsIsStringEmpty
WindowsCompareStringOrdinal

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlVirtualUnwind

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory

Sections

.text
Size: 430KB - Virtual size: 429KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/BingLocalSearchService.dll
.dll windows:6 windows x64 arch:x64

1c6f77e7eab8a36ad57a514d5daa3083

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

BingLocalSearchService.pdb

Imports

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
_o_acos
_o_atan
_o_atan2
_o_cos
_o_free
_o_malloc
_o_sin
_o_sqrt
_o_tan
_o_wcstol
__CxxFrameHandler3
__std_terminate
memcpy
_CxxThrowException
__C_specific_handler
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
memmove

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-string-l1-1-0

wcslen
memset

msvcp_win

?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@N@Z
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_unlock
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_XGetLastError@std@@YAXXZ
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?GetNextAsyncId@platform@details@Concurrency@@YAIXZ
_Cnd_broadcast
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
_Cnd_wait
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_IsNonBlockingThread@_Task_impl_base@details@Concurrency@@SA_NXZ
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_Xbad_function_call@std@@YAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
_Cnd_destroy_in_situ
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
_Cnd_init_in_situ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?_BADOFF@std@@3_JB

wincorlib

?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z
?__abi_FailFast@@YAXXZ
?UninitializeData@Details@Platform@@YAXH@Z
?InitializeData@Details@Platform@@YAJH@Z
?GetProxyImpl@Details@Platform@@YAJPEAUIUnknown@@AEBU_GUID@@0PEAPEAU3@@Z
?GetObjectContext@Details@Platform@@YAPEAUIUnknown@@XZ
?ReleaseInContextImpl@Details@Platform@@YAJPEAUIUnknown@@0@Z
?ToString@Enum@Platform@@QE$AAAPE$AAVString@2@XZ
?__abi_ObjectToString@__abi_details@@YAPE$AAVString@Platform@@PE$AAVObject@3@_N@Z
??0InvalidArgumentException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0NullReferenceException@Platform@@QE$AAA@XZ
??0FailureException@Platform@@QE$AAA@PE$AAVString@1@@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
??0ChangedStateException@Platform@@QE$AAA@XZ
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
??0OutOfBoundsException@Platform@@QE$AAA@XZ
??0FailureException@Platform@@QE$AAA@XZ
??0OutOfMemoryException@Platform@@QE$AAA@XZ
?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z
?__abi_cast_Object_to_String@__abi_details@@YAPE$AAVString@Platform@@_NPE$AAVObject@3@@Z
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
??0Delegate@Platform@@QE$AAA@XZ
?ReCreateException@Exception@Platform@@SAPE$AAV12@H@Z
?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z
?__abi_make_type_id@@YAPE$AAVType@Platform@@AEBU__abi_type_descriptor@@@Z
?GetTypeCode@Type@Platform@@SA?AW4TypeCode@2@PE$AAV12@@Z
?GetIBoxVtable@Details@Platform@@YAPEAXPEAX@Z
?CreateValue@Details@Platform@@YAPE$AAVObject@2@W4TypeCode@2@PEBX@Z
?CreateException@Exception@Platform@@SAPE$AAV12@H@Z
??0NotImplementedException@Platform@@QE$AAA@XZ
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
?GetHashCode@Enum@Platform@@QE$AAAHXZ
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?Free@Heap@Details@Platform@@SAXPEAX@Z
??0Object@Platform@@QE$AAA@XZ
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseFailureException@@YAXXZ
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
?GetActivationFactory@Details@Platform@@YAJPEAVModuleBase@1WRL@Microsoft@@PEAUHSTRING__@@PEAPEAUIActivationFactory@@@Z
?TerminateModule@Details@Platform@@YA_NPEAVModuleBase@1WRL@Microsoft@@@Z
?get@FullName@Type@Platform@@QE$AAAPE$AAVString@3@XZ

api-ms-win-core-com-l1-1-0

CoGetContextToken
CoTaskMemFree
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
CreateEventW
ReleaseSRWLockShared
ResetEvent
SetEvent
ReleaseSRWLockExclusive
WaitForSingleObjectEx
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
AcquireSRWLockShared
EnterCriticalSection
LeaveCriticalSection

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleW
GetProcAddress

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString
WindowsDuplicateString
WindowsGetStringLen
WindowsGetStringRawBuffer
WindowsCreateString
WindowsConcatString
WindowsIsStringEmpty
WindowsCompareStringOrdinal

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory

Sections

.text
Size: 463KB - Virtual size: 463KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/BingMaps.dll
.dll windows:10 windows x64 arch:x64

3357a15a9a9fa0a98e27317158f01452

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

BingMaps.pdb

Imports

msvcp_win

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAM@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1_Lockit@std@@QEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$ctype@G@std@@2V0locale@2@A
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAN@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Random_device@std@@YAIXZ
?put@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@G@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGD@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEBX@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
?_Xout_of_range@std@@YAXPEBD@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Xruntime_error@std@@YAXPEBD@Z
?_Makeloc@_Locimp@locale@std@@CAPEAV123@AEBV_Locinfo@3@HPEAV123@PEBV23@@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@_N@Z
?toupper@?$ctype@G@std@@QEBAGG@Z
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@HPEBD@Z
?uncaught_exception@std@@YA_NXZ
?widen@?$ctype@G@std@@QEBAGD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_BADOFF@std@@3_JB
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-string-l1-1-0

strncmp
strcmp
strncpy
memset

api-ms-win-crt-private-l1-1-0

_o__free_locale
_o__gmtime64_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__msize
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
__intrinsic_setjmp
_o__wstat64i32
_o__wtoi_l
_o_acos
_o_asin
_o_atan
_o_atan2
_o_atof
_o_atoi
_o_atol
_o_ceil
_o_cos
_o_exp
_o_exp2f
_o_fclose
_o_floor
_o_fmod
_o_fopen
_o_fread
_o_free
_o_fseek
_o_ftell
_o_isdigit
_o_islower
_o_isspace
_o_isupper
_o_log
_o_log2
_o_lroundf
_o_malloc
_o_modf
_o_pow
_o_powf
_o_qsort
_o_rand_s
_o_realloc
_o_round
_o_roundf
_o_sin
_o_sinh
_o_sqrt
_o_strcpy_s
_o_tan
_o_terminate
_o_tolower
_o_toupper
_o_towlower
_o_towupper
_o_wcstod
_o_wcstol
_o_wcstoll
_o_wcstoul
__C_specific_handler
_CxxThrowException
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswscanf
_o__expand
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsscanf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o__execute_onexit_table
_o__errno
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o__dtest
_o___std_exception_copy
__std_type_info_compare
__std_terminate
_o__crt_atexit
_o__create_locale
__CxxFrameHandler3
_o__configure_narrow_argv
_o__cexit
_o__callnewh
strchr
longjmp
strrchr
memchr
strstr
__RTtypeid
__RTDynamicCast
memcmp
memcpy
memmove

mapconfiguration

ConfigurationManager_Create
ConfigurationManager_GetLocaleMapConfiguration

api-ms-win-core-psm-app-l1-1-0

PsmRegisterAppStateChangeNotification
PsmUnregisterAppStateChangeNotification

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
LoadLibraryExW
DisableThreadLibraryCalls
SizeofResource
GetModuleHandleW
LoadResource
LockResource
GetModuleHandleExW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsCreateStringReference
WindowsCreateString
WindowsConcatString

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError
GetRestrictedErrorInfo
RoOriginateErrorW
SetRestrictedErrorInfo
RoFailFastWithErrorContext

api-ms-win-core-com-l1-1-0

CoReleaseMarshalData
CoTaskMemFree
CoTaskMemAlloc
CoMarshalInterface
CoCreateFreeThreadedMarshaler
CreateStreamOnHGlobal
CoCreateInstance
CoGetApartmentType

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
OpenSemaphoreW
AcquireSRWLockShared
WaitForMultipleObjectsEx
WaitForSingleObject
ReleaseSRWLockExclusive
CreateMutexExW
InitializeCriticalSectionAndSpinCount
CreateEventW
WaitForSingleObjectEx
CreateSemaphoreExW
SetEvent
InitializeSRWLock
ReleaseSemaphore
ReleaseMutex
ResetEvent
AcquireSRWLockExclusive
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
TryEnterCriticalSection
EnterCriticalSection
CreateEventExW

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
InitOnceExecuteOnce
WaitOnAddress

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-path-l1-1-0

PathCchCanonicalize

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlCaptureStackBackTrace
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-file-l1-1-0

CreateDirectoryW
FindFirstFileW
DeleteFileW
WriteFile
ReadFile
GetFileSizeEx
GetFileAttributesExW
SetFileAttributesW
FindNextFileW
FindClose
RemoveDirectoryW

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWrite
EventUnregister

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegGetValueW
RegCloseKey

api-ms-win-core-file-l1-2-0

CreateFile2

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-io-l1-1-0

CancelIoEx

api-ms-win-core-psapi-l1-1-0

K32GetPerformanceInfo

api-ms-win-core-kernel32-legacy-l1-1-0

BindIoCompletionCallback

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-downlevel-shlwapi-l2-1-1

SHCreateMemStream

api-ms-win-appmodel-runtime-l1-1-2

AppPolicyGetWindowingModel

d2d1

ord1

d3d11

D3D11CreateDevice

dwrite

DWriteCreateFactory

dxgi

CreateDXGIFactory1
DXGIGetDebugInterface1
CreateDXGIFactory2

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOverStream

ztrace_maps

ZTraceClose
ZTraceInit
ZTraceReportOriginationNoThis
ZTraceReportPropagationNoThis
ZTraceReportOrigination
ZTraceReportPropagation
ZTraceReportIgnore
ZTraceHelper
ZTraceReportIgnoreNoThis

api-ms-win-crt-math-l1-1-0

modff
truncf
ceilf
cosf
floorf
fmodf
sqrtf
sinf

api-ms-win-crt-time-l1-1-0

_time64

moshostclient

MosGetDataAsyncOperation
MosDeleteDataAsyncOperation
MosHostClose
MosHostOpen

Exports

Exports

GetBingMapsFactory

Sections

.text
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 519KB - Virtual size: 538KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/BingOnlineServices.dll
.dll windows:10 windows x64 arch:x64

df713a9e146751744058cfc1f0c0fe3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

BingOnlineServices.pdb

Imports

msvcp_win

?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?setf@ios_base@std@@QEAAHHH@Z
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
?__ExceptionPtrCompare@@YA_NPEBX0@Z
?_Winerror_map@std@@YAHH@Z
?_Winerror_message@std@@YAKKPEADK@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?fail@ios_base@std@@QEBA_NXZ
?eof@ios_base@std@@QEBA_NXZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_K@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?get@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAGXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_J@Z
??Bios_base@std@@QEBA_NXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAH@Z
?bad@ios_base@std@@QEBA_NXZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?widen@?$ctype@G@std@@QEBAGD@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z
?classic@locale@std@@SAAEBV12@XZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?_Xbad_function_call@std@@YAXXZ
?_BADOFF@std@@3_JB
?uncaught_exception@std@@YA_NXZ
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
_Wcsxfrm
?_Xlength_error@std@@YAXPEBD@Z
?imbue@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
?id@?$ctype@G@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?id@?$collate@G@std@@2V0locale@2@A
?_Xbad_alloc@std@@YAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
_Wcscoll

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-string-l1-1-0

strnlen
memset
wcsnlen

api-ms-win-crt-private-l1-1-0

memcpy
__std_type_info_compare
__CxxFrameHandler3
__std_terminate
strchr
_o___pctype_func
_o___std_exception_copy
_o___std_exception_destroy
_o___std_type_info_destroy_list
_o___stdio_common_vsnprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswscanf
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__create_locale
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__free_locale
_o__i64toa_s
_o__i64tow_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__isctype_l
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__stricmp
_o__strtod_l
_o__ui64toa_s
_o__ui64tow_s
_o__wcsicmp
_o__wcstod_l
_o__wtoi
_o_free
_o_isalpha
_o_isdigit
_o_isspace
_o_iswspace
_o_malloc
_o_realloc
_o_setlocale
_o_terminate
_o_tolower
_o_wcstok_s
_o_wcstol
__C_specific_handler
_CxxThrowException

ztrace_maps

ZTraceHelper
ZTraceReportOriginationNoThis
ZTraceReportPropagationNoThis
ZTraceInit
ZTraceClose
ZTraceHelperNoThis

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleA
GetProcAddress
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoEx

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError
RaiseException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
LeaveCriticalSection
InitializeSRWLock
AcquireSRWLockExclusive
SetEvent
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ResetEvent
WaitForSingleObjectEx
CreateEventW
CreateMutexExW
EnterCriticalSection
DeleteCriticalSection
AcquireSRWLockShared
OpenSemaphoreW
CreateSemaphoreExW
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
InitializeCriticalSectionAndSpinCount

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureStackBackTrace
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

mapconfiguration

ConfigurationManager_Create

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork

winhttp

WinHttpQueryOption
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSetStatusCallback
WinHttpOpen
WinHttpSetTimeouts
WinHttpSetOption
WinHttpConnect
WinHttpGetProxyForUrl
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpWriteData
WinHttpQueryAuthSchemes
WinHttpSetCredentials

crypt32

CertGetCertificateChain
CertFreeCertificateChain
CryptProtectMemory
CryptUnprotectMemory
CertVerifyCertificateChainPolicy
CertFreeCertificateContext

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

bcrypt

BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-registry-l1-1-0

RegGetValueW

Exports

Exports

?$TSS0@?1??getMaxAgeInSeconds@OnlineServiceData@BingOnlineServices@@QEBA?BIXZ@4HA
??0AddressItem@BingOnlineServices@@QEAA@$$QEAU01@@Z
??0AddressItem@BingOnlineServices@@QEAA@AEBU01@@Z
??0AddressItem@BingOnlineServices@@QEAA@XZ
??0AttributionItem@BingOnlineServices@@QEAA@$$QEAU01@@Z
??0AttributionItem@BingOnlineServices@@QEAA@AEBU01@@Z
??0AttributionItem@BingOnlineServices@@QEAA@XZ
??0BoundingBox@BingOnlineServices@@QEAA@NNNN@Z
??0CopyrightData@BingOnlineServices@@QEAA@$$QEAV01@@Z
??0CopyrightData@BingOnlineServices@@QEAA@AEBV01@@Z
??0CopyrightData@BingOnlineServices@@QEAA@XZ
??0CopyrightDataImpl@BingOnlineServices@@QEAA@$$QEAV01@@Z
??0CopyrightDataImpl@BingOnlineServices@@QEAA@AEBV01@@Z
??0CopyrightDataImpl@BingOnlineServices@@QEAA@XZ
??0CopyrightRequest@BingOnlineServices@@QEAA@$$QEAV01@@Z
??0CopyrightRequest@BingOnlineServices@@QEAA@AEBV01@@Z
??0CopyrightRequest@BingOnlineServices@@QEAA@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0_N@Z
??0DateTime@BingOnlineServices@@QEAA@XZ
??0Floor@BingOnlineServices@@QEAA@$$QEAV01@@Z
??0Floor@BingOnlineServices@@QEAA@AEBV01@@Z
??0Floor@BingOnlineServices@@QEAA@XZ
??0Floors@BingOnlineServices@@QEAA@$$QEAV01@@Z
??0Floors@BingOnlineServices@@QEAA@AEBV01@@Z
??0Floors@BingOnlineServices@@QEAA@XZ
??0Footprint@BingOnlineServices@@QEAA@$$QEAV01@@Z
??0Footprint@BingOnlineServices@@QEAA@AEBV01@@Z
??0Footprint@BingOnlineServices@@QEAA@XZ
??0GeocodeData@BingOnlineServices@@QEAA@$$QEAV01@@Z
??0GeocodeData@BingOnlineServices@@QEAA@AEBV01@@Z
??0GeocodeData@BingOnlineServices@@QEAA@XZ
??0GeocodeDataImpl@BingOnlineServices@@QEAA@$$QEAV01@@Z
??0GeocodeDataImpl@BingOnlineServices@@QEAA@AEBV01@@Z
??0GeocodeDataImpl@BingOnlineServices@@QEAA@XZ
??0GeocodeRequest@BingOnlineServices@@QEAA@$$QEAV01@@Z
??0GeocodeRequest@BingOnlineServices@@QEAA@AEBV01@@Z
??0GeocodeRequest@BingOnlineServices@@QEAA@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z
??0Geopoint@BingOnlineServices@@QEAA@NNN@Z
??0Geoposition@BingOnlineServices@@QEAA@NNN@Z
??0HoursOfOperationItem@BingOnlineServices@@QEAA@$$QEAU01@@Z
??0HoursOfOperationItem@BingOnlineServices@@QEAA@AEBU01@@Z
??0HoursOfOperationItem@BingOnlineServices@@QEAA@XZ
??0ImageItem@BingOnlineServices@@QEAA@$$QEAU01@@Z
??0ImageItem@BingOnlineServices@@QEAA@AEBU01@@Z
??0ImageItem@BingOnlineServices@@QEAA@XZ
??0OnlineServiceData@BingOnlineServices@@QEAA@AEBV01@@Z
??0OnlineServiceData@BingOnlineServices@@QEAA@XZ
??0OnlineServiceResponse@BingOnlineServices@@QEAA@$$QEAU01@@Z
??0OnlineServiceResponse@BingOnlineServices@@QEAA@AEBU01@@Z
??0OnlineServiceResponse@BingOnlineServices@@QEAA@XZ
??0ReviewItem@BingOnlineServices@@QEAA@$$QEAU01@@Z
??0ReviewItem@BingOnlineServices@@QEAA@AEBU01@@Z
??0ReviewItem@BingOnlineServices@@QEAA@XZ
??0SearchResultItem@BingOnlineServices@@QEAA@AEBU01@@Z
??0SearchResultItem@BingOnlineServices@@QEAA@XZ
??0SocialMediaProfileItem@BingOnlineServices@@QEAA@$$QEAU01@@Z
??0SocialMediaProfileItem@BingOnlineServices@@QEAA@AEBU01@@Z
??0SocialMediaProfileItem@BingOnlineServices@@QEAA@XZ
??0StreetsideCaptureItem@BingOnlineServices@@QEAA@$$QEAU01@@Z
??0StreetsideCaptureItem@BingOnlineServices@@QEAA@AEBU01@@Z
??0StreetsideCaptureItem@BingOnlineServices@@QEAA@XZ
??0TerrestrialCoordsItem@BingOnlineServices@@QEAA@XZ
??0TransitRoute@BingOnlineServices@@QEAA@$$QEAU01@@Z
??0TransitRoute@BingOnlineServices@@QEAA@AEBU01@@Z
??0TransitRoute@BingOnlineServices@@QEAA@XZ
??0TransitStopData@BingOnlineServices@@QEAA@$$QEAU01@@Z
??0TransitStopData@BingOnlineServices@@QEAA@AEBU01@@Z
??0TransitStopData@BingOnlineServices@@QEAA@XZ
??0TransitStopDataImpl@BingOnlineServices@@QEAA@$$QEAV01@@Z
??0TransitStopDataImpl@BingOnlineServices@@QEAA@AEBV01@@Z
??0TransitStopDataImpl@BingOnlineServices@@QEAA@XZ
??0VenueBusiness@BingOnlineServices@@QEAA@$$QEAV01@@Z
??0VenueBusiness@BingOnlineServices@@QEAA@AEBV01@@Z
??0VenueBusiness@BingOnlineServices@@QEAA@XZ
??0VenueData@BingOnlineServices@@QEAA@$$QEAV01@@Z
??0VenueData@BingOnlineServices@@QEAA@AEBV01@@Z
??0VenueData@BingOnlineServices@@QEAA@XZ
??0VenueDataImpl@BingOnlineServices@@QEAA@$$QEAV01@@Z
??0VenueDataImpl@BingOnlineServices@@QEAA@AEBV01@@Z
??0VenueDataImpl@BingOnlineServices@@QEAA@XZ
??0VenueDetailsRequest@BingOnlineServices@@QEAA@$$QEAV01@@Z
??0VenueDetailsRequest@BingOnlineServices@@QEAA@AEBV01@@Z
??0VenueDetailsRequest@BingOnlineServices@@QEAA@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z
??0VenueMapData@BingOnlineServices@@QEAA@$$QEAV01@@Z
??0VenueMapData@BingOnlineServices@@QEAA@AEBV01@@Z
??0VenueMapData@BingOnlineServices@@QEAA@XZ
??0WeatherItem@BingOnlineServices@@QEAA@$$QEAU01@@Z
??0WeatherItem@BingOnlineServices@@QEAA@AEBU01@@Z
??0WeatherItem@BingOnlineServices@@QEAA@XZ
??0_file_info@details@streams@Concurrency@@QEAA@H_K@Z
??0_http_request@details@http@web@@QEAA@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
??0_http_request@details@http@web@@QEAA@V?$unique_ptr@V_http_server_context@details@http@web@@U?$default_delete@V_http_server_context@details@http@web@@@std@@@std@@@Z
??0critical_section_impl@details@pplx@@QEAA@XZ
??0event_impl@details@pplx@@QEAA@XZ
??0http_client@client@http@web@@QEAA@AEBVuri@3@@Z
??0http_client@client@http@web@@QEAA@AEBVuri@3@AEBVhttp_client_config@123@@Z
??0http_msg_base@details@http@web@@QEAA@XZ
??0reader_writer_lock_impl@details@pplx@@QEAA@XZ
??0scoped_c_thread_locale@details@utility@@QEAA@XZ
??0uri@web@@QEAA@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
??0uri@web@@QEAA@PEBG@Z
??0value@json@web@@QEAA@$$QEAV012@@Z
??0value@json@web@@QEAA@AEBV012@@Z
??0value@json@web@@QEAA@H@Z
??0value@json@web@@QEAA@I@Z
??0value@json@web@@QEAA@N@Z
??0value@json@web@@QEAA@PEBG@Z
??0value@json@web@@QEAA@PEBG_N@Z
??0value@json@web@@QEAA@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
??0value@json@web@@QEAA@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_N@Z
??0value@json@web@@QEAA@XZ
??0value@json@web@@QEAA@_J@Z
??0value@json@web@@QEAA@_K@Z
??0value@json@web@@QEAA@_N@Z
??0win32_encryption@details@web@@QEAA@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
??1AddressItem@BingOnlineServices@@QEAA@XZ
??1AttributionItem@BingOnlineServices@@QEAA@XZ
??1CopyrightData@BingOnlineServices@@UEAA@XZ
??1CopyrightDataImpl@BingOnlineServices@@UEAA@XZ
??1CopyrightRequest@BingOnlineServices@@QEAA@XZ
??1Floor@BingOnlineServices@@QEAA@XZ
??1Floors@BingOnlineServices@@QEAA@XZ
??1Footprint@BingOnlineServices@@QEAA@XZ
??1GeocodeData@BingOnlineServices@@UEAA@XZ
??1GeocodeDataImpl@BingOnlineServices@@UEAA@XZ
??1GeocodeRequest@BingOnlineServices@@QEAA@XZ
??1HoursOfOperationItem@BingOnlineServices@@QEAA@XZ
??1ImageItem@BingOnlineServices@@QEAA@XZ
??1OnlineServiceData@BingOnlineServices@@UEAA@XZ
??1OnlineServiceResponse@BingOnlineServices@@QEAA@XZ
??1ReviewItem@BingOnlineServices@@QEAA@XZ
??1SearchResultItem@BingOnlineServices@@UEAA@XZ
??1SocialMediaProfileItem@BingOnlineServices@@QEAA@XZ
??1StreetsideCaptureItem@BingOnlineServices@@QEAA@XZ
??1TransitRoute@BingOnlineServices@@QEAA@XZ
??1TransitStopData@BingOnlineServices@@QEAA@XZ
??1TransitStopDataImpl@BingOnlineServices@@QEAA@XZ
??1VenueBusiness@BingOnlineServices@@QEAA@XZ
??1VenueData@BingOnlineServices@@UEAA@XZ
??1VenueDataImpl@BingOnlineServices@@UEAA@XZ
??1VenueDetailsRequest@BingOnlineServices@@QEAA@XZ
??1VenueMapData@BingOnlineServices@@QEAA@XZ
??1WeatherItem@BingOnlineServices@@QEAA@XZ
??1critical_section_impl@details@pplx@@QEAA@XZ
??1event_impl@details@pplx@@QEAA@XZ
??1scoped_c_thread_locale@details@utility@@QEAA@XZ
??1win32_encryption@details@web@@QEAA@XZ
??4AddressItem@BingOnlineServices@@QEAAAEAU01@$$QEAU01@@Z
??4AddressItem@BingOnlineServices@@QEAAAEAU01@AEBU01@@Z
??4AttributionItem@BingOnlineServices@@QEAAAEAU01@$$QEAU01@@Z
??4AttributionItem@BingOnlineServices@@QEAAAEAU01@AEBU01@@Z
??4BoundingBox@BingOnlineServices@@QEAAAEAU01@$$QEAU01@@Z
??4BoundingBox@BingOnlineServices@@QEAAAEAU01@AEBU01@@Z
??4CopyrightData@BingOnlineServices@@QEAAAEAV01@$$QEAV01@@Z
??4CopyrightData@BingOnlineServices@@QEAAAEAV01@AEBV01@@Z
??4CopyrightDataImpl@BingOnlineServices@@QEAAAEAV01@$$QEAV01@@Z
??4CopyrightDataImpl@BingOnlineServices@@QEAAAEAV01@AEBV01@@Z
??4CopyrightRequest@BingOnlineServices@@QEAAAEAV01@$$QEAV01@@Z
??4CopyrightRequest@BingOnlineServices@@QEAAAEAV01@AEBV01@@Z
??4DateTime@BingOnlineServices@@QEAAAEAU01@$$QEAU01@@Z
??4DateTime@BingOnlineServices@@QEAAAEAU01@AEBU01@@Z
??4Floor@BingOnlineServices@@QEAAAEAV01@$$QEAV01@@Z
??4Floor@BingOnlineServices@@QEAAAEAV01@AEBV01@@Z
??4Floors@BingOnlineServices@@QEAAAEAV01@$$QEAV01@@Z
??4Floors@BingOnlineServices@@QEAAAEAV01@AEBV01@@Z
??4Footprint@BingOnlineServices@@QEAAAEAV01@$$QEAV01@@Z
??4Footprint@BingOnlineServices@@QEAAAEAV01@AEBV01@@Z
??4GeocodeData@BingOnlineServices@@QEAAAEAV01@$$QEAV01@@Z
??4GeocodeData@BingOnlineServices@@QEAAAEAV01@AEBV01@@Z
??4GeocodeDataImpl@BingOnlineServices@@QEAAAEAV01@$$QEAV01@@Z
??4GeocodeDataImpl@BingOnlineServices@@QEAAAEAV01@AEBV01@@Z
??4GeocodeRequest@BingOnlineServices@@QEAAAEAV01@$$QEAV01@@Z
??4GeocodeRequest@BingOnlineServices@@QEAAAEAV01@AEBV01@@Z
??4Geopoint@BingOnlineServices@@QEAAAEAU01@$$QEAU01@@Z
??4Geopoint@BingOnlineServices@@QEAAAEAU01@AEBU01@@Z
??4Geoposition@BingOnlineServices@@QEAAAEAU01@$$QEAU01@@Z
??4Geoposition@BingOnlineServices@@QEAAAEAU01@AEBU01@@Z
??4HoursOfOperationItem@BingOnlineServices@@QEAAAEAU01@$$QEAU01@@Z
??4HoursOfOperationItem@BingOnlineServices@@QEAAAEAU01@AEBU01@@Z
??4ImageItem@BingOnlineServices@@QEAAAEAU01@$$QEAU01@@Z
??4ImageItem@BingOnlineServices@@QEAAAEAU01@AEBU01@@Z
??4OnlineServiceData@BingOnlineServices@@QEAAAEAV01@AEBV01@@Z
??4OnlineServiceResponse@BingOnlineServices@@QEAAAEAU01@$$QEAU01@@Z
??4OnlineServiceResponse@BingOnlineServices@@QEAAAEAU01@AEBU01@@Z
??4ReviewItem@BingOnlineServices@@QEAAAEAU01@$$QEAU01@@Z
??4ReviewItem@BingOnlineServices@@QEAAAEAU01@AEBU01@@Z
??4SearchResultItem@BingOnlineServices@@QEAAAEAU01@AEBU01@@Z
??4ServiceDataHelper@BingOnlineServices@@QEAAAEAV01@$$QEAV01@@Z
??4ServiceDataHelper@BingOnlineServices@@QEAAAEAV01@AEBV01@@Z
??4ServiceRequestHelper@BingOnlineServices@@QEAAAEAV01@$$QEAV01@@Z
??4ServiceRequestHelper@BingOnlineServices@@QEAAAEAV01@AEBV01@@Z
??4SocialMediaProfileItem@BingOnlineServices@@QEAAAEAU01@$$QEAU01@@Z
??4SocialMediaProfileItem@BingOnlineServices@@QEAAAEAU01@AEBU01@@Z
??4StreetsideCaptureItem@BingOnlineServices@@QEAAAEAU01@$$QEAU01@@Z
??4StreetsideCaptureItem@BingOnlineServices@@QEAAAEAU01@AEBU01@@Z
??4TerrestrialCoordsItem@BingOnlineServices@@QEAAAEAU01@$$QEAU01@@Z
??4TerrestrialCoordsItem@BingOnlineServices@@QEAAAEAU01@AEBU01@@Z
??4TransitRoute@BingOnlineServices@@QEAAAEAU01@$$QEAU01@@Z
??4TransitRoute@BingOnlineServices@@QEAAAEAU01@AEBU01@@Z
??4TransitStopData@BingOnlineServices@@QEAAAEAU01@$$QEAU01@@Z
??4TransitStopData@BingOnlineServices@@QEAAAEAU01@AEBU01@@Z
??4TransitStopDataImpl@BingOnlineServices@@QEAAAEAV01@$$QEAV01@@Z
??4TransitStopDataImpl@BingOnlineServices@@QEAAAEAV01@AEBV01@@Z
??4VenueBusiness@BingOnlineServices@@QEAAAEAV01@$$QEAV01@@Z
??4VenueBusiness@BingOnlineServices@@QEAAAEAV01@AEBV01@@Z
??4VenueData@BingOnlineServices@@QEAAAEAV01@$$QEAV01@@Z
??4VenueData@BingOnlineServices@@QEAAAEAV01@AEBV01@@Z
??4VenueDataImpl@BingOnlineServices@@QEAAAEAV01@$$QEAV01@@Z
??4VenueDataImpl@BingOnlineServices@@QEAAAEAV01@AEBV01@@Z
??4VenueDetailsRequest@BingOnlineServices@@QEAAAEAV01@$$QEAV01@@Z
??4VenueDetailsRequest@BingOnlineServices@@QEAAAEAV01@AEBV01@@Z
??4VenueMapData@BingOnlineServices@@QEAAAEAV01@$$QEAV01@@Z
??4VenueMapData@BingOnlineServices@@QEAAAEAV01@AEBV01@@Z
??4WeatherItem@BingOnlineServices@@QEAAAEAU01@$$QEAU01@@Z
??4WeatherItem@BingOnlineServices@@QEAAAEAU01@AEBU01@@Z
??4value@json@web@@QEAAAEAV012@$$QEAV012@@Z
??4value@json@web@@QEAAAEAV012@AEBV012@@Z
??5json@web@@YAAEAV?$basic_istream@GU?$char_traits@G@std@@@std@@AEAV23@AEAVvalue@01@@Z
??6json@web@@YAAEAV?$basic_ostream@GU?$char_traits@G@std@@@std@@AEAV23@AEBVvalue@01@@Z
??8uri@web@@QEBA_NAEBV01@@Z
??8value@json@web@@QEBA_NAEBV012@@Z
??Avalue@json@web@@AEAAAEAV012@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??Avalue@json@web@@QEAAAEAV012@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
??Avalue@json@web@@QEAAAEAV012@_K@Z
??Rzero_memory_deleter@details@web@@QEBAXPEAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
??_7CopyrightData@BingOnlineServices@@6B@
??_7CopyrightDataImpl@BingOnlineServices@@6B@
??_7GeocodeData@BingOnlineServices@@6B@
??_7GeocodeDataImpl@BingOnlineServices@@6B@
??_7OnlineServiceData@BingOnlineServices@@6B@
??_7SearchResultItem@BingOnlineServices@@6B@
??_7VenueData@BingOnlineServices@@6B@
??_7VenueDataImpl@BingOnlineServices@@6B@
??_FBoundingBox@BingOnlineServices@@QEAAXXZ
??_FGeopoint@BingOnlineServices@@QEAAXXZ
??_FGeoposition@BingOnlineServices@@QEAAXXZ
?CONNECT@methods@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?CaptureCallstack@platform@details@pplx@@YA_KPEAPEAX_K1@Z
?CheckHResultThrowAtFailed@CopyrightRequest@BingOnlineServices@@AEAAXJPEBD@Z
?CompareValueCaseInsensitive@ServiceDataHelper@BingOnlineServices@@SA?B_NAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z
?CompareValueCaseInsensitive@ServiceDataHelper@BingOnlineServices@@SA?B_NAEBVvalue@json@web@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?DEFAULT_BOOL@ServiceDataHelper@BingOnlineServices@@2_NA
?DEFAULT_DOUBLE@ServiceDataHelper@BingOnlineServices@@2NA
?DEFAULT_INT@ServiceDataHelper@BingOnlineServices@@2HA
?DEFAULT_STRING@ServiceDataHelper@BingOnlineServices@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@A
?DEL@methods@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?ExecuteAsync@CopyrightRequest@BingOnlineServices@@QEAA?AV?$task@VCopyrightData@BingOnlineServices@@@pplx@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBUBoundingBox@2@I@Z
?ExecuteAsync@CopyrightRequest@BingOnlineServices@@QEAA?AV?$task@VCopyrightData@BingOnlineServices@@@pplx@@AEBV?$vector@HV?$allocator@H@std@@@std@@@Z
?ExecuteAsync@GeocodeRequest@BingOnlineServices@@QEAA?AV?$task@VGeocodeData@BingOnlineServices@@@pplx@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBUGeopoint@2@I@Z
?ExecuteAsync@VenueDetailsRequest@BingOnlineServices@@QEAA?AV?$task@VVenueData@BingOnlineServices@@@pplx@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?ExecuteReverseAsync@GeocodeRequest@BingOnlineServices@@QEAA?AV?$task@VGeocodeData@BingOnlineServices@@@pplx@@AEBUGeopoint@2@I@Z
?ExtractCookies@ServiceRequestHelper@BingOnlineServices@@SA?BV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBV34@@Z
?GET@methods@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?GetCurrentThreadId@platform@details@pplx@@YAJXZ
?GetJsonBoolValueForPath@ServiceDataHelper@BingOnlineServices@@SA?B_NAEBVvalue@json@web@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_N@Z
?GetJsonDoubleValueForPath@ServiceDataHelper@BingOnlineServices@@SA?BNAEBVvalue@json@web@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@N@Z
?GetJsonIntValueForPath@ServiceDataHelper@BingOnlineServices@@SA?BHAEBVvalue@json@web@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@H@Z
?GetJsonStringValueForPath@ServiceDataHelper@BingOnlineServices@@SA?BV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBVvalue@json@web@@AEBV34@V34@@Z
?GetSystemLocaleInfo@CopyrightRequest@BingOnlineServices@@AEAAXPEAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z
?GetValueFromConfig@CopyrightRequest@BingOnlineServices@@AEAA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@W4ConfigurationManagerKeys@@@Z
?HEAD@methods@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?IsValid@BoundingBox@BingOnlineServices@@SA_NU12@@Z
?IsValid@Geopoint@BingOnlineServices@@SA_NU12@@Z
?IsValid@Geoposition@BingOnlineServices@@SA_NU12@@Z
?MERGE@methods@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?MakeJsonRequestAsync@ServiceRequestHelper@BingOnlineServices@@SA?AV?$task@UOnlineServiceResponse@BingOnlineServices@@@pplx@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0AEBV?$map@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V12@U?$less@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V12@@std@@@2@@6@1@Z
?MakeJsonRequestAsync@ServiceRequestHelper@BingOnlineServices@@SA?AV?$task@UOnlineServiceResponse@BingOnlineServices@@@pplx@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?OPTIONS@methods@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?PATCH@methods@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?POST@methods@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?PUT@methods@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?ParseCopyrightResponse@CopyrightDataImpl@BingOnlineServices@@QEAAXAEBVvalue@json@web@@@Z
?ParseGeocodeResponse@GeocodeDataImpl@BingOnlineServices@@QEAAXAEBVvalue@json@web@@@Z
?ParseTransitStopsResponse@TransitStopDataImpl@BingOnlineServices@@QEAAXAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?ParseVenueDetailResponse@VenueDataImpl@BingOnlineServices@@QEAAXAEBVvalue@json@web@@@Z
?ProcessResponse@ServiceRequestHelper@BingOnlineServices@@SA?AV?$task@UOnlineServiceResponse@BingOnlineServices@@@pplx@@AEBVhttp_response@http@web@@@Z
?ReplaceFragmentUri@ServiceRequestHelper@BingOnlineServices@@SA?BV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBV34@000@Z
?ReplaceFragmentUri@ServiceRequestHelper@BingOnlineServices@@SA?BV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBV34@000AEBUBoundingBox@2@I@Z
?SetHttpResponseData@OnlineServiceData@BingOnlineServices@@QEAAXH_JV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@11@Z
?SetRunningInService@ServiceRequestHelper@BingOnlineServices@@SAXXZ
?TRCE@methods@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?Teardown@ServiceRequestHelper@BingOnlineServices@@SAXXZ
?TryGetJsonArrayForPath@ServiceDataHelper@BingOnlineServices@@SA_NAEBVvalue@json@web@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEAV345@@Z
?TryGetJsonNodeForPath@ServiceDataHelper@BingOnlineServices@@SA_NAEBVvalue@json@web@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEAV345@@Z
?YieldExecution@platform@details@pplx@@YAXXZ
?_authenticate_request@oauth1_config@experimental@oauth1@http@web@@AEAAXAEAVhttp_request@45@Voauth1_state@details@345@@Z
?_build_signature_base_string@oauth1_config@experimental@oauth1@http@web@@QEBA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@Vhttp_request@45@Voauth1_state@details@345@@Z
?_complete@http_msg_base@details@http@web@@UEAAX_KAEBVexception_ptr@std@@@Z
?_extract_json@http_msg_base@details@http@web@@QEAA?AVvalue@json@4@_N@Z
?_extract_vector@http_msg_base@details@http@web@@QEAA?AV?$vector@EV?$allocator@E@std@@@std@@XZ
?_get_content_length@http_msg_base@details@http@web@@QEAA_KXZ
?_hmac_sha1@oauth1_config@experimental@oauth1@http@web@@CA?AV?$vector@EV?$allocator@E@std@@@std@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@7@0@Z
?_prepare_to_receive_data@http_msg_base@details@http@web@@QEAAXXZ
?_request_token@oauth1_config@experimental@oauth1@http@web@@AEAA?AV?$task@X@pplx@@Voauth1_state@details@345@_N@Z
?absolute_uri@_http_request@details@http@web@@QEBA?AVuri@4@XZ
?accept@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?accept_charset@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?accept_encoding@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?accept_language@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?accept_ranges@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?add_chunked_delimiters@chunked_encoding@details@http@web@@YA_KPEAE_K1@Z
?age@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?allow@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?append@uri_builder@web@@QEAAAEAV12@AEBVuri@2@@Z
?append_path@uri_builder@web@@QEAAAEAV12@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_N@Z
?append_query@uri_builder@web@@QEAAAEAV12@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_N@Z
?application_atom_xml@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?application_http@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?application_javascript@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?application_json@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?application_octetstream@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?application_x_www_form_urlencoded@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?application_xjavascript@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?application_xjson@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?application_xml@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?array@value@json@web@@SA?AV123@V?$vector@Vvalue@json@web@@V?$allocator@Vvalue@json@web@@@std@@@std@@@Z
?array@value@json@web@@SA?AV123@XZ
?array@value@json@web@@SA?AV123@_K@Z
?as_array@value@json@web@@QEAAAEAVarray@23@XZ
?as_array@value@json@web@@QEBAAEBVarray@23@XZ
?as_bool@value@json@web@@QEBA_NXZ
?as_double@value@json@web@@QEBANXZ
?as_integer@value@json@web@@QEBAHXZ
?as_number@value@json@web@@QEBAAEBVnumber@23@XZ
?as_object@value@json@web@@QEAAAEAVobject@23@XZ
?as_object@value@json@web@@QEBAAEBVobject@23@XZ
?as_string@value@json@web@@QEBAAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?ascii@charset_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?at@value@json@web@@QEAAAEAV123@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?at@value@json@web@@QEAAAEAV123@_K@Z
?at@value@json@web@@QEBAAEBV123@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?at@value@json@web@@QEBAAEBV123@_K@Z
?authority@uri@web@@QEBA?AV12@XZ
?authorization@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?base_uri@http_client@client@http@web@@QEBAAEBVuri@4@XZ
?boolean@value@json@web@@SA?AV123@_N@Z
?boundary@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?build_authorization_uri@oauth1_config@experimental@oauth1@http@web@@QEAA?AV?$task@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@pplx@@XZ
?c_locale@scoped_c_thread_locale@details@utility@@SAPEAU__crt_locale_pointers@@XZ
?cache_control@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?cache_control@http_headers@http@web@@QEBA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?callback@oauth1_strings@details@oauth1@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?callback_confirmed@oauth1_strings@details@oauth1@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?client_config@http_client@client@http@web@@QEBAAEBVhttp_client_config@234@XZ
?connection@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?consumer_key@oauth1_strings@details@oauth1@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?content_disposition@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?content_encoding@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?content_language@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?content_length@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?content_length@http_headers@http@web@@QEBA_KXZ
?content_location@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?content_md5@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?content_range@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?content_type@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?content_type@http_headers@http@web@@QEBA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?date@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?date@http_headers@http@web@@QEBA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?decode@uri@web@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBV34@@Z
?decrypt@win32_encryption@details@web@@QEBA?AV?$unique_ptr@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@Vzero_memory_deleter@details@web@@@std@@XZ
?default_error_condition@windows_category_impl@details@utility@@UEBA?AVerror_condition@std@@H@Z
?encode_data_string@uri@web@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBV34@@Z
?encode_impl@uri@web@@CA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBV34@AEBV?$function@$$A6A_NH@Z@4@@Z
?encode_uri@uri@web@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBV34@W4component@components@12@@Z
?erase@value@json@web@@QEAAXAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?erase@value@json@web@@QEAAX_K@Z
?etag@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?expect@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?expires@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?extract_string@http_msg_base@details@http@web@@QEAA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_N@Z
?extract_utf16string@http_msg_base@details@http@web@@QEAA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_N@Z
?extract_utf8string@http_msg_base@details@http@web@@QEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
?form_data@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?format@value@json@web@@AEBAXAEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?format@value@json@web@@AEBAXAEAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?from@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?from_base64@conversions@utility@@YA?AV?$vector@EV?$allocator@E@std@@@std@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@4@@Z
?from_string@datetime@utility@@SA?AV12@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@W4date_format@12@@Z
?generate@nonce_generator@utility@@QEAA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?getCacheControl@OnlineServiceData@BingOnlineServices@@QEBAAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?getContentLength@OnlineServiceData@BingOnlineServices@@QEBA?B_JXZ
?getContentType@OnlineServiceData@BingOnlineServices@@QEBAAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?getCookies@OnlineServiceData@BingOnlineServices@@QEBAAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?getHttpStatus@OnlineServiceData@BingOnlineServices@@QEBA?BHXZ
?getImageryProviders@CopyrightData@BingOnlineServices@@QEBAAEBV?$vector@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$allocator@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@@std@@XZ
?getMaxAgeInSeconds@OnlineServiceData@BingOnlineServices@@QEBA?BIXZ
?getResults@GeocodeData@BingOnlineServices@@QEAAAEBV?$vector@V?$shared_ptr@USearchResultItem@BingOnlineServices@@@std@@V?$allocator@V?$shared_ptr@USearchResultItem@BingOnlineServices@@@std@@@2@@std@@XZ
?getResults@TransitStopDataImpl@BingOnlineServices@@QEAAAEBV?$vector@V?$shared_ptr@UTransitStopData@BingOnlineServices@@@std@@V?$allocator@V?$shared_ptr@UTransitStopData@BingOnlineServices@@@std@@@2@@std@@XZ
?getVenueData@VenueData@BingOnlineServices@@QEAA?BVVenueMapData@2@XZ
?get_ambient_scheduler@pplx@@YA?AV?$shared_ptr@Uscheduler_interface@pplx@@@std@@XZ
?hmac_sha1@oauth1_methods@experimental@oauth1@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?host@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?if_match@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?if_modified_since@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?if_none_match@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?if_range@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?if_unmodified_since@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?is_double@value@json@web@@QEBA_NXZ
?is_int32@number@json@web@@QEBA_NXZ
?is_int64@number@json@web@@QEBA_NXZ
?is_integer@value@json@web@@QEBA_NXZ
?is_uint32@number@json@web@@QEBA_NXZ
?is_valid@uri_builder@web@@QEAA_NXZ
?join@uri_components@details@web@@QEAA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?keep_object_element_order@json@web@@YAX_N@Z
?last_modified@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?latin1@charset_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?latin1_to_utf16@conversions@utility@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z
?latin1_to_utf8@conversions@utility@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV34@@Z
?location@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?lock@critical_section_impl@details@pplx@@QEAAXXZ
?lock@reader_writer_lock_impl@details@pplx@@QEAAXXZ
?lock_read@reader_writer_lock_impl@details@pplx@@QEAAXXZ
?ltrim_whitespace@details@http@web@@YAXAEAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?makeRequestAsync@GeocodeRequest@BingOnlineServices@@IEAA?AV?$task@VGeocodeData@BingOnlineServices@@@pplx@@IAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEAV?$map@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V12@U?$less@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V12@@std@@@2@@6@@Z
?max_forwards@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?message@windows_category_impl@details@utility@@UEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?message_http@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?multipart_form_data@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?nonce@oauth1_strings@details@oauth1@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?null@value@json@web@@SA?AV123@XZ
?number@value@json@web@@SA?AV123@H@Z
?number@value@json@web@@SA?AV123@I@Z
?number@value@json@web@@SA?AV123@N@Z
?number@value@json@web@@SA?AV123@_J@Z
?number@value@json@web@@SA?AV123@_K@Z
?object@value@json@web@@SA?AV123@V?$vector@U?$pair@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@Vvalue@json@web@@@std@@V?$allocator@U?$pair@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@Vvalue@json@web@@@std@@@2@@std@@_N@Z
?object@value@json@web@@SA?AV123@_N@Z
?parse@value@json@web@@SA?AV123@AEAV?$basic_istream@DU?$char_traits@D@std@@@std@@@Z
?parse@value@json@web@@SA?AV123@AEAV?$basic_istream@DU?$char_traits@D@std@@@std@@AEAVerror_code@5@@Z
?parse@value@json@web@@SA?AV123@AEAV?$basic_istream@GU?$char_traits@G@std@@@std@@@Z
?parse@value@json@web@@SA?AV123@AEAV?$basic_istream@GU?$char_traits@G@std@@@std@@AEAVerror_code@5@@Z
?parse@value@json@web@@SA?AV123@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?parse@value@json@web@@SA?AV123@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEAVerror_code@5@@Z
?plaintext@oauth1_methods@experimental@oauth1@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?platform_category@details@utility@@YAAEBVerror_category@std@@XZ
?pragma@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?proxy_authenticate@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?proxy_authorization@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?range@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?realm@oauth1_strings@details@oauth1@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?referer@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?relative_uri@_http_request@details@http@web@@QEBA?AVuri@4@XZ
?request@http_client@client@http@web@@QEAA?AV?$task@Vhttp_response@http@web@@@pplx@@Vhttp_request@34@AEBVcancellation_token@6@@Z
?reset@event_impl@details@pplx@@QEAAXXZ
?resource@uri@web@@QEBA?AV12@XZ
?retry_after@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?rtrim_whitespace@details@http@web@@YAXAEAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?s_cancellationToken@ServiceRequestHelper@BingOnlineServices@@0Vcancellation_token_source@pplx@@A
?s_runningInService@ServiceRequestHelper@BingOnlineServices@@0_NA
?sc_maxAgeRegex@?1??getMaxAgeInSeconds@OnlineServiceData@BingOnlineServices@@QEBA?BIXZ@4V?$basic_regex@GV?$regex_traits@G@std@@@std@@B
?schedule@windows_scheduler@details@pplx@@UEAAXP6AXPEAX@Z0@Z
?seconds_to_xml_duration@timespan@utility@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$duration@_JU?$ratio@$00$00@std@@@chrono@4@@Z
?serialize@value@json@web@@QEBA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?serialize@value@json@web@@QEBAXAEAV?$basic_ostream@DU?$char_traits@D@std@@@std@@@Z
?serialize@value@json@web@@QEBAXAEAV?$basic_ostream@GU?$char_traits@G@std@@@std@@@Z
?server@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?set@event_impl@details@pplx@@QEAAXXZ
?set_ambient_scheduler@pplx@@YAXV?$shared_ptr@Uscheduler_interface@pplx@@@std@@@Z
?set_body@http_msg_base@details@http@web@@QEAAXAEBV?$basic_istream@E@streams@Concurrency@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_body@http_msg_base@details@http@web@@QEAAXAEBV?$basic_istream@E@streams@Concurrency@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?set_body@http_msg_base@details@http@web@@QEAAXAEBV?$basic_istream@E@streams@Concurrency@@_KAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_body@http_msg_base@details@http@web@@QEAAXAEBV?$basic_istream@E@streams@Concurrency@@_KAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?set_cache_control@http_headers@http@web@@QEAAXV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?set_content_length@http_headers@http@web@@QEAAX_K@Z
?set_content_type@http_headers@http@web@@QEAAXV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?set_date@http_headers@http@web@@QEAAXAEBVdatetime@utility@@@Z
?set_request_uri@_http_request@details@http@web@@QEAAXAEBVuri@4@@Z
?signature@oauth1_strings@details@oauth1@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?signature_method@oauth1_strings@details@oauth1@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?split_path@uri@web@@SA?AV?$vector@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$allocator@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@@std@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@4@@Z
?split_query@uri@web@@SA?AV?$map@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V12@U?$less@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V12@@std@@@2@@std@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@4@@Z
?string@value@json@web@@CA?AV123@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?string@value@json@web@@SA?AV123@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?string@value@json@web@@SA?AV123@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_N@Z
?system_type_to_datetime@datetime@utility@@CA_NPEAX_KPEAV12@@Z
?te@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?text@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?text_javascript@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?text_json@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?text_plain@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?text_plain_utf16@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?text_plain_utf16le@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?text_plain_utf8@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?text_xjavascript@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?text_xjson@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?timestamp@oauth1_strings@details@oauth1@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?to_base64@conversions@utility@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBV?$vector@EV?$allocator@E@std@@@4@@Z
?to_base64@conversions@utility@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_K@Z
?to_string@_http_request@details@http@web@@UEBA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?to_string@_http_response@details@http@web@@UEBA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?to_string@datetime@utility@@QEBA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@W4date_format@12@@Z
?to_string@http_msg_base@details@http@web@@UEBA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?to_string@uri_builder@web@@QEAA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?to_string@value@json@web@@QEBA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?to_string_t@conversions@utility@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@$$QEAV34@@Z
?to_string_t@conversions@utility@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@$$QEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z
?to_string_t@conversions@utility@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBV34@@Z
?to_string_t@conversions@utility@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z
?to_uri@uri_builder@web@@QEAA?AVuri@2@XZ
?to_utf16string@conversions@utility@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z

Sections

.text
Size: 469KB - Virtual size: 468KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 307KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/BioEnrollmentUI.dll
.dll windows:6 windows x64 arch:x64

600b71ebc1f10034f5045cee1982188e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

BioEnrollmentUI.pdb

Imports

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventActivityIdControl
EventWriteTransfer

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoTaskMemFree
CoGetContextToken
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoGetApartmentType
CoGetObjectContext

wincorlib

?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?Free@Heap@Details@Platform@@SAXPEAX@Z
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseFailureException@@YAXXZ
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
?UninitializeData@Details@Platform@@YAXH@Z
?InitializeData@Details@Platform@@YAJH@Z
?__abi_FailFast@@YAXXZ
??0NullReferenceException@Platform@@QE$AAA@XZ
?CreateValue@Details@Platform@@YAPE$AAVObject@2@W4TypeCode@2@PEBX@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
??0Object@Platform@@QE$AAA@XZ
?GetIBoxVtable@Details@Platform@@YAPEAXPEAX@Z
?GetTypeCode@Type@Platform@@SA?AW4TypeCode@2@PE$AAV12@@Z
?__abi_make_type_id@@YAPE$AAVType@Platform@@AEBU__abi_type_descriptor@@@Z
?get@FullName@Type@Platform@@QE$AAAPE$AAVString@3@XZ
?__abi_ObjectToString@__abi_details@@YAPE$AAVString@Platform@@PE$AAVObject@3@_N@Z
??0NotImplementedException@Platform@@QE$AAA@XZ
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
??BType@Platform@@SA?AVTypeName@Interop@Xaml@UI@Windows@@PE$AAV01@@Z
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
??0GridLength@Xaml@UI@Windows@@QEAA@NW4GridUnitType@123@@Z
?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z
??0Exception@Platform@@QE$AAA@HPE$AAVString@1@@Z
?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ
?CreateException@Exception@Platform@@SAPE$AAV12@H@Z
??0OutOfMemoryException@Platform@@QE$AAA@XZ
??0FailureException@Platform@@QE$AAA@XZ
??0OutOfBoundsException@Platform@@QE$AAA@XZ
??0ChangedStateException@Platform@@QE$AAA@XZ
??0DisconnectedException@Platform@@QE$AAA@XZ
??0Delegate@Platform@@QE$AAA@XZ
?ReCreateException@Exception@Platform@@SAPE$AAV12@H@Z
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
?ToString@uint32@default@@QEAAPE$AAVString@Platform@@XZ
?ToString@int32@default@@QEAAPE$AAVString@Platform@@XZ
?Equals@float32@default@@QEAA_NPE$AAVObject@Platform@@@Z
?GetWeakReference@Details@Platform@@YAPEAU__abi_IUnknown@@QE$ADVObject@2@@Z
?ResolveWeakReference@Details@Platform@@YAPE$AAVObject@2@AEBU_GUID@@PEAPEAU__abi_IUnknown@@@Z
?GetObjectContext@Details@Platform@@YAPEAUIUnknown@@XZ
?ReleaseInContextImpl@Details@Platform@@YAJPEAUIUnknown@@0@Z
?GetProxyImpl@Details@Platform@@YAJPEAUIUnknown@@AEBU_GUID@@0PEAPEAU3@@Z
??0InvalidArgumentException@Platform@@QE$AAA@XZ
?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z
?GetActivationFactory@Details@Platform@@YAJPEAVModuleBase@1WRL@Microsoft@@PEAUHSTRING__@@PEAPEAUIActivationFactory@@@Z
?TerminateModule@Details@Platform@@YA_NPEAVModuleBase@1WRL@Microsoft@@@Z
??0Exception@Platform@@QE$AAA@H@Z

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
SetEvent
ReleaseMutex
CreateMutexExW
AcquireSRWLockShared
AcquireSRWLockExclusive
EnterCriticalSection
DeleteCriticalSection
OpenSemaphoreW
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
CreateEventExW
LeaveCriticalSection
WaitForSingleObjectEx
TryAcquireSRWLockExclusive
WaitForSingleObject
ResetEvent
InitializeSRWLock
TryEnterCriticalSection
InitializeCriticalSection

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
WakeAllConditionVariable
SleepConditionVariableSRW
Sleep

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoEx

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsGetStringLen
WindowsDuplicateString
WindowsDeleteString
WindowsCreateStringReference
WindowsCreateString
WindowsConcatString
WindowsCompareStringOrdinal
WindowsGetStringRawBuffer

msvcrt

sin
cos
_free_locale
_get_current_locale
__crtLCMapStringW
__crtCompareStringW
_wcsdup
abort
memcmp
___lc_collate_cp_func
calloc
__pctype_func
_ismbblead
___lc_codepage_func
___lc_handle_func
___mb_cur_max_func
setlocale
memmove
memcpy
__CxxFrameHandler3
??3@YAXPEAX@Z
memcpy_s
_purecall
_fpclass
__ExceptionPtrDestroy
__ExceptionPtrCopy
__ExceptionPtrRethrow
__ExceptionPtrCurrentException
__ExceptionPtrCreate
?terminate@@YAXXZ
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
wcsncmp
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBD@Z
_vsnwprintf
_vsnprintf_s
wcsstr
memmove_s
_wcsicmp
_errno
wcstol
wcsrchr
??0bad_cast@@QEAA@AEBV0@@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
free
strchr
realloc
memset
wcslen
_CxxThrowException
??1type_info@@UEAA@XZ
_lock
_unlock
sqrtf
__C_specific_handler
_onexit
_XcptFilter
_amsg_exit
malloc
_initterm
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
__dllonexit

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 559KB - Virtual size: 558KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 113KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/System.Web.Extensions.Resources.dll
.dll .js windows:4 windows x86 arch:x86 polyglot

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 636KB - Virtual size: 633KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/System.Web.Extensions.ni.dll
.dll windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

System.Web.Extensions.ni.pdb
System.Web.Extensions.pdb

Sections

.data
Size: 522KB - Virtual size: 521KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/System.Web.Mobile.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Web.Mobile.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 800KB - Virtual size: 797KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/System.Web.Mobile.ni.dll
.dll windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

System.Web.Mobile.pdb

Sections

.data
Size: 577KB - Virtual size: 577KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.extjmp
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.extrel
Size: 512B - Virtual size: 391B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/System.Web.ni.dll
.dll windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

System.Web.ni.pdb
System.Web.pdb

Sections

.data
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 13.1MB - Virtual size: 13.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/System.Web.resources.dll
.dll .js windows:4 windows x86 arch:x86 polyglot

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:e2:9a:b8:8c:86:e2:c2:84:42:00:00:00:00:00:e2
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

31/01/2018, 19:03

Not After

07/09/2018, 19:03

Subject

CN=Microsoft Time-Stamp service,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:179E-4BB0-8246,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:11

Not After

26/07/2019, 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

79:ad:16:a1:4a:a0:a5:ad:4c:73:58:f4:07:13:2e:65
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

09/05/2001, 23:19

Not After

09/05/2021, 23:28

Subject

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:08

Not After

26/07/2019, 20:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:73:7a:10:27:70:1e:4c:a6:29:c8:c2:9b:18:77:2f:de:3e:ca:6b:6a:91:c7:e2:5a:a9:76:50:46:50:42:39
Signer

Actual PE Digest

25:73:7a:10:27:70:1e:4c:a6:29:c8:c2:9b:18:77:2f:de:3e:ca:6b:6a:91:c7:e2:5a:a9:76:50:46:50:42:39

Digest Algorithm

sha256

PE Digest Matches

true

40:66:b9:57:b7:2f:7a:46:4f:96:0b:97:5e:83:15:8a:9a:29:23:48
Signer

Actual PE Digest

40:66:b9:57:b7:2f:7a:46:4f:96:0b:97:5e:83:15:8a:9a:29:23:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 924KB - Virtual size: 923KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/aqueue.dll
.dll regsvr32 windows:10 windows x64 arch:x64

ce51aee28df67761d331696d76a9d969

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

aqueue.pdb

Imports

msvcrt

srand
_strnicmp
strncat_s
isalnum
strcat_s
_wcsicmp
strstr
tolower
strchr
_snprintf_s
isdigit
wcstombs
_vsnprintf
vsprintf_s
time
atol
_snwprintf_s
bsearch
memset
memcmp
memcpy
memmove
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
_wtoi
wctomb
isspace
_wcsnicmp
rename
wcscat_s
iswspace
wcscpy_s
swprintf_s
sprintf_s
rand
_itoa_s
strncpy_s
strcpy_s
_purecall
realloc
malloc
free
__C_specific_handler

atl

ord16
ord31
ord21
ord30
ord32

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

kernel32

GetCurrentThread
SetEvent
GetTickCount
CreateEventA
Sleep
WaitForMultipleObjects
lstrlenA
CompareFileTime
LocalFree
CreateFileA
FormatMessageW
WriteFile
MoveFileExA
GetSystemTimeAsFileTime
FileTimeToSystemTime
WaitForSingleObject
lstrcmpA
SystemTimeToFileTime
LocalAlloc
LocalReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetCurrentProcessId
CloseHandle
GetModuleHandleA
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
VirtualProtect
VirtualAlloc
VirtualQuery
GetSystemInfo
GetLastError
GlobalMemoryStatusEx
CreateThread
SetLastError
FindResourceExA
GetCurrentProcess
GetTimeZoneInformation
FileTimeToLocalFileTime
GetOverlappedResult
LoadResource
LockResource
ReleaseSemaphore
CreateSemaphoreA
GetComputerNameExA
InitializeCriticalSectionAndSpinCount
VirtualFree
lstrcmpiA
GetModuleFileNameA
WideCharToMultiByte
DisableThreadLibraryCalls
GetModuleFileNameW
lstrlenW

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyA
LogonUserA
ImpersonateLoggedOnUser
RevertToSelf
RegOpenKeyExA
AccessCheck
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
IsValidSecurityDescriptor
OpenThreadToken
RegCloseKey

user32

CharLowerBuffA

isatq

AtqSetInfo
AtqGetInfo
AtqFreeContext
AtqAddAsyncHandle
AtqPostCompletionStatus

rpcrt4

RpcServerUnregisterIf
RpcBindingVectorFree
RpcEpUnregister
RpcEpRegisterA
RpcServerRegisterIfEx
RpcServerUseProtseqW
RpcServerInqBindings
RpcServerUseProtseqEpW
NdrServerCall2
NdrServerCallAll
RpcImpersonateClient

ole32

StringFromGUID2
StringFromCLSID
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateFreeThreadedMarshaler
CoFreeUnusedLibraries

oleaut32

VariantChangeType
SysAllocString
VariantInit
VariantClear

wsock32

WSAGetLastError
socket

exstrace

SetAsyncTraceParamsEx
AsyncStringTrace
InitAsyncTrace
TermAsyncTrace
__dwEnabledTraces

rwnh

??1CShareLockNH@@QEAA@XZ
??0CShareLockNH@@QEAA@XZ
?TryExclusiveLock@CShareLockNH@@QEAAHXZ
?TryShareLock@CShareLockNH@@QEAAHXZ
?Leave@CCritSection@@QEAAXXZ
?Enter@CCritSection@@QEAAXXZ
??1CCritSection@@QEAA@XZ
?ShareUnlock@CShareLockNH@@QEAAXXZ
?ShareLock@CShareLockNH@@QEAAXXZ
??0CCritSection@@QEAA@XZ
?ExclusiveUnlock@CShareLockNH@@QEAAXXZ
?ExclusiveLock@CShareLockNH@@QEAAXXZ

fcachdll

ReleaseContext
AssociateFile

staxmem

ExchMHeapAlloc
ExchMHeapReAllocDebug
ExchMHeapDestroy
ExchMHeapCreate
ExchMHeapAllocDebug
ExchMHeapFree

netapi32

DsGetDcNameA
NetApiBufferFree

ntdsapi

DsGetDomainControllerInfoA
DsUnBindA
DsFreeDomainControllerInfoA
DsBindA

wldap32

ord10
ord191
ord45
ord60
ord41
ord194
ord33
ord35
ord79
ord37
ord77
ord38
ord40
ord21
ord27
ord224
ord97
ord140
ord26
ord208
ord211
ord48
ord36
ord13
ord143
ord88
ord32
ord50
ord206
ord16
ord134
ord34
ord138

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
HrAdvQueueDeinitialize
HrAdvQueueDeinitializeEx
HrAdvQueueInitialize
HrAdvQueueInitializeEx

Sections

.text
Size: 561KB - Virtual size: 560KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/archiveint.dll
.dll windows:10 windows x64 arch:x64

dee67e63df367d130f1ff1c89050994d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

archiveint.pdb

Imports

api-ms-win-crt-string-l1-1-0

strcspn
wcsncmp
strspn
memset
strncpy
strcmp
wcsncpy
strncmp

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__close
_o__configure_narrow_argv
_o__ctime64_s
_o__errno
_o__execute_onexit_table
_o__fileno
_o__fseeki64
_o__get_osfhandle
_o__get_timezone
_o__gmtime64
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__localtime64
_o__localtime64_s
_o__lseeki64
_o__mkgmtime64
_o__mktime64
_o__open_osfhandle
_o__seh_filter_dll
_o__sopen_s
memmove
_o__strdup
_o__umask
_o__wcsdup
_o__wrmdir
_o__wsopen_s
_o__wunlink
_o_abort
_o_bsearch
_o_calloc
_o_exit
_o_ferror
_o_fread
_o_free
_o_fwrite
_o_getenv
_o_isalnum
_o_isdigit
_o_isspace
_o_isupper
_o_malloc
_o_mbstowcs
_o_qsort
_o_realloc
_o_setlocale
_o_strftime
_o_strtol
_o_tolower
_o_toupper
_o_wcrtomb
__C_specific_handler
_o___stdio_common_vsprintf
_o___stdio_common_vfprintf
_o___std_type_info_destroy_list
_o___acrt_iob_func
_o____mb_cur_max_func
wcsrchr
strstr
memchr
wcschr
strchr
strrchr
memcmp
memcpy
_o__setmode

bcrypt

BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGenerateSymmetricKey
BCryptDestroyKey
BCryptDeriveKeyPBKDF2
BCryptCreateHash
BCryptFinishHash
BCryptHashData
BCryptEncrypt

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-security-cryptoapi-l1-1-0

CryptDestroyHash
CryptGenRandom
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-file-l1-1-0

CreateFileW
FindFirstFileW
GetFileAttributesW
FindClose
FindNextFileW
GetDiskFreeSpaceW
SetFileTime
GetVolumePathNameW
GetFileInformationByHandle
GetDriveTypeW
GetFullPathNameW
ReadFile
WriteFile
GetFileAttributesA
CreateFileA
FindFirstFileA
GetFileType
SetFileAttributesW
SetEndOfFile
SetFilePointer
CreateDirectoryW

api-ms-win-core-namedpipe-l1-1-0

PeekNamedPipe
CreatePipe

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-handle-l1-1-0

DuplicateHandle
SetHandleInformation
CloseHandle

api-ms-win-core-localization-l1-2-0

IsValidCodePage
GetACP
GetOEMCP

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-synch-l1-1-0

CreateEventW
ResetEvent

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetExitCodeProcess
CreateProcessA
TerminateProcess
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
GetStdHandle

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-processenvironment-l1-2-0

SearchPathA

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

Exports

Exports

archive_bzlib_version
archive_clear_error
archive_compression
archive_compression_name
archive_copy_error
archive_entry_acl
archive_entry_acl_add_entry
archive_entry_acl_add_entry_w
archive_entry_acl_clear
archive_entry_acl_count
archive_entry_acl_from_text
archive_entry_acl_from_text_w
archive_entry_acl_next
archive_entry_acl_reset
archive_entry_acl_text
archive_entry_acl_text_w
archive_entry_acl_to_text
archive_entry_acl_to_text_w
archive_entry_acl_types
archive_entry_atime
archive_entry_atime_is_set
archive_entry_atime_nsec
archive_entry_birthtime
archive_entry_birthtime_is_set
archive_entry_birthtime_nsec
archive_entry_clear
archive_entry_clone
archive_entry_copy_bhfi
archive_entry_copy_fflags_text
archive_entry_copy_fflags_text_w
archive_entry_copy_gname
archive_entry_copy_gname_w
archive_entry_copy_hardlink
archive_entry_copy_hardlink_w
archive_entry_copy_link
archive_entry_copy_link_w
archive_entry_copy_mac_metadata
archive_entry_copy_pathname
archive_entry_copy_pathname_w
archive_entry_copy_sourcepath
archive_entry_copy_sourcepath_w
archive_entry_copy_stat
archive_entry_copy_symlink
archive_entry_copy_symlink_w
archive_entry_copy_uname
archive_entry_copy_uname_w
archive_entry_ctime
archive_entry_ctime_is_set
archive_entry_ctime_nsec
archive_entry_dev
archive_entry_dev_is_set
archive_entry_devmajor
archive_entry_devminor
archive_entry_fflags
archive_entry_fflags_text
archive_entry_filetype
archive_entry_free
archive_entry_gid
archive_entry_gname
archive_entry_gname_utf8
archive_entry_gname_w
archive_entry_hardlink
archive_entry_hardlink_utf8
archive_entry_hardlink_w
archive_entry_ino
archive_entry_ino64
archive_entry_ino_is_set
archive_entry_is_data_encrypted
archive_entry_is_encrypted
archive_entry_is_metadata_encrypted
archive_entry_linkify
archive_entry_linkresolver_free
archive_entry_linkresolver_new
archive_entry_linkresolver_set_strategy
archive_entry_mac_metadata
archive_entry_mode
archive_entry_mtime
archive_entry_mtime_is_set
archive_entry_mtime_nsec
archive_entry_new
archive_entry_new2
archive_entry_nlink
archive_entry_partial_links
archive_entry_pathname
archive_entry_pathname_utf8
archive_entry_pathname_w
archive_entry_perm
archive_entry_rdev
archive_entry_rdevmajor
archive_entry_rdevminor
archive_entry_set_atime
archive_entry_set_birthtime
archive_entry_set_ctime
archive_entry_set_dev
archive_entry_set_devmajor
archive_entry_set_devminor
archive_entry_set_fflags
archive_entry_set_filetype
archive_entry_set_gid
archive_entry_set_gname
archive_entry_set_gname_utf8
archive_entry_set_hardlink
archive_entry_set_hardlink_utf8
archive_entry_set_ino
archive_entry_set_ino64
archive_entry_set_is_data_encrypted
archive_entry_set_is_metadata_encrypted
archive_entry_set_link
archive_entry_set_link_utf8
archive_entry_set_mode
archive_entry_set_mtime
archive_entry_set_nlink
archive_entry_set_pathname
archive_entry_set_pathname_utf8
archive_entry_set_perm
archive_entry_set_rdev
archive_entry_set_rdevmajor
archive_entry_set_rdevminor
archive_entry_set_size
archive_entry_set_symlink
archive_entry_set_symlink_utf8
archive_entry_set_uid
archive_entry_set_uname
archive_entry_set_uname_utf8
archive_entry_size
archive_entry_size_is_set
archive_entry_sourcepath
archive_entry_sourcepath_w
archive_entry_sparse_add_entry
archive_entry_sparse_clear
archive_entry_sparse_count
archive_entry_sparse_next
archive_entry_sparse_reset
archive_entry_stat
archive_entry_strmode
archive_entry_symlink
archive_entry_symlink_utf8
archive_entry_symlink_w
archive_entry_uid
archive_entry_uname
archive_entry_uname_utf8
archive_entry_uname_w
archive_entry_unset_atime
archive_entry_unset_birthtime
archive_entry_unset_ctime
archive_entry_unset_mtime
archive_entry_unset_size
archive_entry_update_gname_utf8
archive_entry_update_hardlink_utf8
archive_entry_update_link_utf8
archive_entry_update_pathname_utf8
archive_entry_update_symlink_utf8
archive_entry_update_uname_utf8
archive_entry_xattr_add_entry
archive_entry_xattr_clear
archive_entry_xattr_count
archive_entry_xattr_next
archive_entry_xattr_reset
archive_errno
archive_error_string
archive_file_count
archive_filter_bytes
archive_filter_code
archive_filter_count
archive_filter_name
archive_format
archive_format_name
archive_free
archive_liblz4_version
archive_liblzma_version
archive_match_exclude_entry
archive_match_exclude_pattern
archive_match_exclude_pattern_from_file
archive_match_exclude_pattern_from_file_w
archive_match_exclude_pattern_w
archive_match_excluded
archive_match_free
archive_match_include_date
archive_match_include_date_w
archive_match_include_file_time
archive_match_include_file_time_w
archive_match_include_gid
archive_match_include_gname
archive_match_include_gname_w
archive_match_include_pattern
archive_match_include_pattern_from_file
archive_match_include_pattern_from_file_w
archive_match_include_pattern_w
archive_match_include_time
archive_match_include_uid
archive_match_include_uname
archive_match_include_uname_w
archive_match_new
archive_match_owner_excluded
archive_match_path_excluded
archive_match_path_unmatched_inclusions
archive_match_path_unmatched_inclusions_next
archive_match_path_unmatched_inclusions_next_w
archive_match_time_excluded
archive_position_compressed
archive_position_uncompressed
archive_read_add_callback_data
archive_read_add_passphrase
archive_read_append_callback_data
archive_read_append_filter
archive_read_append_filter_program
archive_read_append_filter_program_signature
archive_read_close
archive_read_data
archive_read_data_block
archive_read_data_into_fd
archive_read_data_skip
archive_read_disk_can_descend
archive_read_disk_current_filesystem
archive_read_disk_current_filesystem_is_remote
archive_read_disk_current_filesystem_is_synthetic
archive_read_disk_descend
archive_read_disk_entry_from_file
archive_read_disk_gname
archive_read_disk_new
archive_read_disk_open
archive_read_disk_open_w
archive_read_disk_set_atime_restored
archive_read_disk_set_behavior
archive_read_disk_set_gname_lookup
archive_read_disk_set_matching
archive_read_disk_set_metadata_filter_callback
archive_read_disk_set_standard_lookup
archive_read_disk_set_symlink_hybrid
archive_read_disk_set_symlink_logical
archive_read_disk_set_symlink_physical
archive_read_disk_set_uname_lookup
archive_read_disk_uname
archive_read_extract
archive_read_extract2
archive_read_extract_set_progress_callback
archive_read_extract_set_skip_file
archive_read_finish
archive_read_format_capabilities
archive_read_free
archive_read_has_encrypted_entries
archive_read_header_position
archive_read_new
archive_read_next_header
archive_read_next_header2
archive_read_open
archive_read_open1
archive_read_open2
archive_read_open_FILE
archive_read_open_fd
archive_read_open_file
archive_read_open_filename
archive_read_open_filename_w
archive_read_open_filenames
archive_read_open_memory
archive_read_open_memory2
archive_read_prepend_callback_data
archive_read_set_callback_data
archive_read_set_callback_data2
archive_read_set_close_callback
archive_read_set_filter_option
archive_read_set_format
archive_read_set_format_option
archive_read_set_open_callback
archive_read_set_option
archive_read_set_options
archive_read_set_passphrase_callback
archive_read_set_read_callback
archive_read_set_seek_callback
archive_read_set_skip_callback
archive_read_set_switch_callback
archive_read_support_compression_all
archive_read_support_compression_bzip2
archive_read_support_compression_compress
archive_read_support_compression_gzip
archive_read_support_compression_lzip
archive_read_support_compression_lzma
archive_read_support_compression_none
archive_read_support_compression_program
archive_read_support_compression_program_signature
archive_read_support_compression_rpm
archive_read_support_compression_uu
archive_read_support_compression_xz
archive_read_support_filter_all
archive_read_support_filter_bzip2
archive_read_support_filter_compress
archive_read_support_filter_grzip
archive_read_support_filter_gzip
archive_read_support_filter_lrzip
archive_read_support_filter_lz4
archive_read_support_filter_lzip
archive_read_support_filter_lzma
archive_read_support_filter_lzop
archive_read_support_filter_none
archive_read_support_filter_program
archive_read_support_filter_program_signature
archive_read_support_filter_rpm
archive_read_support_filter_uu
archive_read_support_filter_xz
archive_read_support_format_7zip
archive_read_support_format_all
archive_read_support_format_ar
archive_read_support_format_by_code
archive_read_support_format_cab
archive_read_support_format_cpio
archive_read_support_format_empty
archive_read_support_format_gnutar
archive_read_support_format_iso9660
archive_read_support_format_lha
archive_read_support_format_mtree
archive_read_support_format_rar
archive_read_support_format_raw
archive_read_support_format_tar
archive_read_support_format_warc
archive_read_support_format_xar
archive_read_support_format_zip
archive_read_support_format_zip_seekable
archive_read_support_format_zip_streamable
archive_seek_data
archive_set_error
archive_utility_string_sort
archive_version_details
archive_version_number
archive_version_string
archive_write_add_filter
archive_write_add_filter_b64encode
archive_write_add_filter_by_name
archive_write_add_filter_bzip2
archive_write_add_filter_compress
archive_write_add_filter_grzip
archive_write_add_filter_gzip
archive_write_add_filter_lrzip
archive_write_add_filter_lz4
archive_write_add_filter_lzip
archive_write_add_filter_lzma
archive_write_add_filter_lzop
archive_write_add_filter_none
archive_write_add_filter_program
archive_write_add_filter_uuencode
archive_write_add_filter_xz
archive_write_close
archive_write_data
archive_write_data_block
archive_write_disk_gid
archive_write_disk_new
archive_write_disk_set_group_lookup
archive_write_disk_set_options
archive_write_disk_set_skip_file
archive_write_disk_set_standard_lookup
archive_write_disk_set_user_lookup
archive_write_disk_uid
archive_write_fail
archive_write_finish
archive_write_finish_entry
archive_write_free
archive_write_get_bytes_in_last_block
archive_write_get_bytes_per_block
archive_write_header
archive_write_new
archive_write_open
archive_write_open_FILE
archive_write_open_fd
archive_write_open_file
archive_write_open_filename
archive_write_open_filename_w
archive_write_open_memory
archive_write_set_bytes_in_last_block
archive_write_set_bytes_per_block
archive_write_set_compression_bzip2
archive_write_set_compression_compress
archive_write_set_compression_gzip
archive_write_set_compression_lzip
archive_write_set_compression_lzma
archive_write_set_compression_none
archive_write_set_compression_program
archive_write_set_compression_xz
archive_write_set_filter_option
archive_write_set_format
archive_write_set_format_7zip
archive_write_set_format_ar_bsd
archive_write_set_format_ar_svr4
archive_write_set_format_by_name
archive_write_set_format_cpio
archive_write_set_format_cpio_newc
archive_write_set_format_filter_by_ext
archive_write_set_format_filter_by_ext_def
archive_write_set_format_gnutar
archive_write_set_format_iso9660
archive_write_set_format_mtree
archive_write_set_format_mtree_classic
archive_write_set_format_option
archive_write_set_format_pax
archive_write_set_format_pax_restricted
archive_write_set_format_raw
archive_write_set_format_shar
archive_write_set_format_shar_dump
archive_write_set_format_ustar
archive_write_set_format_v7tar
archive_write_set_format_warc
archive_write_set_format_xar
archive_write_set_format_zip
archive_write_set_option
archive_write_set_options
archive_write_set_passphrase
archive_write_set_passphrase_callback
archive_write_set_skip_file
archive_write_zip_set_compression_deflate
archive_write_zip_set_compression_store
archive_zlib_version

Sections

.text
Size: 454KB - Virtual size: 453KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/audiosrv.dll
.dll windows:10 windows x64 arch:x64

187d568e5c32ae7693c1d967c32d4dc1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AudioSrv.pdb

Imports

audiosrvpolicymanager

ActivatePolicyManager
TS_SessionChanged
TS_SessionGetAudioProtocol
TS_RegisterAudioProtocolNotification
TS_UnregisterAudioProtocolNotification
TS_AudioProtocolNotifyRundown
PbmReportAppInteractivityChange
PbmReportAppClosing
PbmAllowMediaPlaybackForApp
PbmRegisterPlaybackManagerNotifications
PbmUnregisterPlaybackManagerNotifications
PbmSetSmtcSubscriptionState
PbmGetSoundLevel
PbmIsPlaying
PbmRegisterAppManagerNotification
PbmUnregisterAppManagerNotification
PbmRegisterAppClosureNotification
PbmUnregisterAppClosureNotification
PbmPlayToStreamStateChanged
PbmCastingAppStateChanged
HHOSTEDAPPMANAGERCONTEXTRundown
PbmSetScreenReaderState
PbmReportHostedAppStateChange
PbmSwitchSoftNonInteractiveAppsToHardNonInteractive
PbmReportApplicationState
PbmLaunchBackgroundTask

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_init_in_situ

api-ms-win-crt-string-l1-1-0

wcsnlen
wcsncmp
wcscspn
wcsspn
memset
wcscmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__wcsicmp
_o__wcsicoll
_o__wcsnicmp
_o__wcsupr_s
_o__wtof
_o__wtoi
_o_calloc
_o_free
_o_log10
_o_malloc
_o_memcpy_s
_o_pow
_o_realloc
_o_terminate
_o_towlower
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstoul
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcschr
wcsstr
wcsrchr
__C_specific_handler
__std_terminate
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy
memmove

ntdll

EtwUnregisterTraceGuids
RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
ShipAssert
EtwLogTraceEvent
RtlAcquireResourceShared
RtlReleaseResource
RtlAcquireResourceExclusive
RtlDeleteResource
ZwAlpcCancelMessage
RtlWakeAddressAll
TpAllocAlpcCompletion
ZwAlpcDisconnectPort
ZwAlpcSendWaitReceivePort
TpReleaseAlpcCompletion
ZwAlpcQueryInformation
RtlInitUnicodeString
RtlFreeMemoryBlockLookaside
ZwAlpcConnectPort
TpWaitForAlpcCompletion
AlpcInitializeMessageAttribute
AlpcGetMessageAttribute
ZwClose
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlInitializeResource
RtlFreeHeap
NtPowerInformation
RtlGetPersistedStateLocation
vDbgPrintEx
RtlNtStatusToDosError
NtCreateWnfStateName
EtwEventActivityIdControl
RtlGetCurrentServiceSessionId
RtlGetActiveConsoleId
NtDeleteWnfStateName
RtlPublishWnfStateData
RtlFreeSid
EtwTraceMessage
EtwEventRegister
EtwEventSetInformation
EtwEventWriteTransfer
EtwEventUnregister
RtlReportException
RtlDestroyMemoryBlockLookaside
RtlExtendMemoryBlockLookaside
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlAllocateMemoryBlockLookaside
NtQueryInformationProcess
RtlCreateMemoryBlockLookaside
RtlDllShutdownInProgress
RtlAllocateHeap
RtlWaitOnAddress

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FindResourceExW
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleHandleExW
LoadResource
LockResource
GetModuleFileNameA
SizeofResource
GetModuleFileNameW
LoadLibraryExW
FreeLibrary
LoadStringW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
CreateEventExW
AcquireSRWLockShared
ReleaseSRWLockExclusive
SetEvent
AcquireSRWLockExclusive
InitializeSRWLock
CreateEventW
CreateSemaphoreExW
InitializeCriticalSection
WaitForMultipleObjectsEx
ReleaseSemaphore
CreateMutexW
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
ResetEvent
LeaveCriticalSection
EnterCriticalSection
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapDestroy
HeapReAlloc
HeapSize
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetProcessTimes
GetExitCodeProcess
GetCurrentThread
GetCurrentProcessId
ProcessIdToSessionId
SetThreadPriority
CreateThread
OpenThreadToken
CreateProcessW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

rpcrt4

RpcServerRegisterIf3
RpcServerUseProtseqEpW
RpcBindingVectorFree
RpcStringFreeW
RpcServerUnregisterIfEx
NdrServerCallAll
RpcBindingFromStringBindingW
RpcStringBindingParseW
RpcBindingToStringBindingW
UuidEqual
RpcServerInqBindings
I_RpcBindingInqLocalClientPID
I_RpcBindingInqTransportType
UuidCreate
NdrServerCall2
RpcRevertToSelf
RpcImpersonateClient
RpcBindingFree
I_RpcExceptionFilter
RpcStringBindingComposeW
NdrClientCall3

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount64
GetTickCount

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpool
CreateThreadpoolTimer
CloseThreadpoolWait
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
IsThreadpoolTimerSet
CloseThreadpoolCleanupGroup
TrySubmitThreadpoolCallback
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolWork
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
CreateThreadpool
SetEventWhenCallbackReturns
SetThreadpoolTimer
WaitForThreadpoolWorkCallbacks
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
SetThreadpoolTimerEx

api-ms-win-core-registry-l1-1-0

RegNotifyChangeKeyValue
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegOpenCurrentUser
RegQueryInfoKeyW
RegEnumValueW
RegSetKeySecurity
RegGetValueW
RegCreateKeyExW
RegQueryValueExW
RegGetKeySecurity
RegEnumKeyExW
RegOpenKeyExW

mmdevapi

ord25
ord24
ord9
ord12
ord16
ord29
ord21
ord23
ord7
ord2
ord15
ord27

api-ms-win-core-file-l1-1-0

CreateFileW
FileTimeToLocalFileTime
CompareFileTime

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-appmodel-identity-l1-2-0

AppContainerDeriveSidFromMoniker

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
GetSystemPowerStatus

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
UnregisterWaitEx
DeleteTimerQueueTimer

api-ms-win-core-io-l1-1-0

GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
TraceEvent

api-ms-win-core-memory-l1-1-1

GetProcessWorkingSetSizeEx
SetProcessWorkingSetSizeEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-featurestaging-l1-1-0

GetFeatureEnabledState
RecordFeatureError
SubscribeFeatureStateChangeNotification
UnsubscribeFeatureStateChangeNotification
RecordFeatureUsage

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

api-ms-win-core-featurestaging-l1-1-1

GetFeatureVariant

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

xmllite

CreateXmlReader

api-ms-win-appmodel-runtime-l1-1-1

GetStagedPackageOrigin

api-ms-win-appmodel-runtime-l1-1-0

PackageFamilyNameFromFullName

api-ms-win-crt-math-l1-1-0

sinf
floorf

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 1024B - Virtual size: 533B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 410KB - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/authfwcfg.dll
.dll windows:10 windows x64 arch:x64

281feea4ff3b38770dee2e967abaaef2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

authfwcfg.pdb

Imports

msvcrt

memcpy
_onexit
memcmp
__CxxFrameHandler3
_unlock
_lock
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
isdigit
isalnum
abort
tolower
isspace
__crtGetStringTypeW
__crtLCMapStringW
__mb_cur_max
__pctype_func
___lc_codepage_func
___lc_handle_func
_errno
___mb_cur_max_func
setlocale
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
memchr
localeconv
_strtoi64
_strtoui64
_wcsnicmp
_itow_s
iswdigit
free
malloc
_vsnprintf
_vsnwprintf
wcstok_s
wcscpy_s
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
memcpy_s
_wcsicmp
?what@exception@@UEBAPEBDXZ
__dllonexit
memset

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
UnregisterTraceGuids
GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
LoadStringW

bcrypt

BCryptGetFipsAlgorithmMode

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoUninitialize
CoCreateInstance
CoInitializeEx
CoCreateGuid

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetComputerNameExW
GetVersionExW

api-ms-win-security-base-l1-1-0

CheckTokenMembership
AllocateAndInitializeSid
FreeSid

ntdll

RtlIpv4StringToAddressW
RtlIpv6StringToAddressW
WinSqmAddToStream
RtlIpv4AddressToStringW
RtlIpv6AddressToStringW

ws2_32

htonl

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSection

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

netsh.exe

MatchToken
PrintError
MatchTagsInCmdLine
PrintMessageFromModule
RegisterContext
PrintMessage
RegisterHelper

fwpolicyiomgr

FwCopyPortsContents

firewallapi

FwStringToAddresses
FwBstrToPorts
FWFreeFirewallRule
FWFreeConnectionSecurityRule
FWEnumPhase2SAs
FWEnumPhase1SAs
FWFreeAuthenticationSets
FWCopyAuthenticationSet
FWEnumAuthenticationSets
FWFreeCryptoSets
FWCopyCryptoSet
FWFreeConnectionSecurityRules
FWCopyConnectionSecurityRule
FWEnumConnectionSecurityRules
FWFreeFirewallRules
FWCopyFirewallRule
FWEnumFirewallRules
FWGetGlobalConfig
FWOpenPolicyStore
FWStatusMessageFromStatusCode
FWDeletePhase2SAs
FWDeletePhase1SAs
FWFreePhase2SAs
FWFreePhase1SAs
FWDeleteFirewallRule
FWAddFirewallRule
FWVerifyFirewallRule
FWEnumMainModeRules
FWSetMainModeRule
FWDeleteMainModeRule
FWFreeMainModeRules
FWAddMainModeRule
FWVerifyMainModeRule
FwGetAddressesAsString
FWSetCryptoSet
FwCopyWFAddressesContents
FWSetConnectionSecurityRule
FWEnumCryptoSets
FWDeleteCryptoSet
FWDeleteAuthenticationSet
FWDeleteConnectionSecurityRule
FWAddConnectionSecurityRule
FWAddAuthenticationSet
FWAddCryptoSet
FWFreeAuthenticationSet
FwFreeAddresses
FWVerifyConnectionSecurityRule
FWVerifyAuthenticationSet
FWRestoreGPODefaults
FWFreeProducts
FWEnumProducts
FwIsRemoteManagementEnabled
FWGetConfig
FWFreeCryptoSet
FWVerifyCryptoSet
FWSetGlobalConfig
FWSetFirewallRule
FWSetConfig
FWClosePolicyStore
FWImportPolicy
FWExportPolicy
FWRestoreDefaults

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

GetResourceString
InitHelperDll

Sections

.text
Size: 429KB - Virtual size: 429KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 748B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/authui.dll
.dll windows:10 windows x64 arch:x64

f17665909557a24aaf891b77128ddca8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

authui.pdb

Imports

msvcrt

memset
memmove
memcpy
floorf
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_get_errno
_set_errno
_lock
__C_specific_handler
_initterm
malloc
free
wcscmp
_amsg_exit
_XcptFilter

shcore

ord141
ord123
SHCreateThread
IsOS
ord109
IUnknown_Set
ord188

shlwapi

ord219
PathFileExistsW
ord172

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc

ntdll

RtlSleepConditionVariableSRW
RtlWakeAllConditionVariable
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
_wcsnicmp
memcpy_s
_vsnwprintf
RtlCopySid
RtlLengthSid
RtlSubAuthorityCountSid
RtlSubAuthoritySid
_wcsicmp
NtQueryWnfStateData
RtlPublishWnfStateData
WinSqmSetDWORD
WinSqmIsOptedIn
NtPowerInformation
WinSqmAddToStream
EtwEventWriteTransfer
RtlEqualUnicodeString
RtlNtStatusToDosError
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwEventRegister
EtwEventUnregister
EtwEventSetInformation
EtwTraceMessage

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
Sleep
InitOnceComplete

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetProcessId
GetCurrentThread
OpenThreadToken
TlsFree
TlsSetValue
GetCurrentProcessId
GetExitCodeProcess
SetProcessShutdownParameters
TlsAlloc
TlsGetValue
OpenProcessToken
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetComputerNameExW
GetSystemDirectoryW
GetVersionExW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
ReleaseSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
AcquireSRWLockExclusive
ResetEvent
WaitForMultipleObjectsEx
AcquireSRWLockShared
DeleteCriticalSection
CreateEventW
OpenEventW
CreateEventExW
CreateSemaphoreExW
ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
SetEvent
InitializeCriticalSection

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsIsStringEmpty

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
LockResource
LoadResource
FreeLibrary
FindResourceExW
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-localization-l1-2-0

GetThreadUILanguage
SetThreadUILanguage
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-security-base-l1-1-0

GetLengthSid
GetTokenInformation
AdjustTokenPrivileges
CopySid

api-ms-win-core-com-l1-1-0

PropVariantClear
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoGetApartmentType
CoCreateInstance

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics
SystemParametersInfoW

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
OpenServiceW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-mm-playsound-l1-1-0

PlaySoundW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-rtcore-ntuser-window-l1-1-0

SetTimer
SetWindowLongPtrW
SetWindowPos
GetWindowLongPtrW
DefWindowProcW
DestroyWindow
SendMessageW
KillTimer
PostMessageW
EnumWindows
GetWindowRect
GetWindowThreadProcessId

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-shutdown-l1-1-1

InitiateShutdownW

powrprof

SetSuspendState

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-rtcore-ntuser-powermanagement-l1-1-0

RegisterPowerSettingNotification
UnregisterPowerSettingNotification

api-ms-win-rtcore-ntuser-draw-l1-1-0

RedrawWindow

api-ms-win-rtcore-ntuser-winevent-l1-1-0

SetWinEventHook
UnhookWinEvent

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-rtcore-ntuser-private-l1-1-0

CreateWindowInBand

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl

api-ms-win-ntuser-rectangle-l1-1-0

PtInRect

gdi32

GetObjectW
CreateDIBSection
DeleteObject

dwmapi

DwmIsCompositionEnabled

user32

GetUserObjectInformationW
BuildReasonArray
GetKeyState
GetLastInputInfo
IsSETEnabled
RecordShutdownReason
IsWindowUnicode
GetThreadDesktop
RemovePropW
DefWindowProcA
NotifyWinEvent
MonitorFromPoint
DestroyReasons
SetPropW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

oleaut32

SysAllocString
VariantClear
SysFreeString

api-ms-win-core-com-private-l1-1-0

CoRegisterInitializeSpy
CoRevokeInitializeSpy

api-ms-win-core-path-l1-1-0

PathCchAppend

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 245KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/azroles.dll
.dll regsvr32 windows:10 windows x64 arch:x64

9c088eed8df888d383e278d84911451e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

azroles.pdb

Imports

msvcrt

_unlock
_lock
realloc
_errno
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
_wtoi64
wcstol
iswxdigit
towlower
wcsstr
_wcsupr
bsearch
qsort
_wcsnicmp
_wtol
wcsncmp
iswspace
wcspbrk
wcschr
ldiv
strrchr
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf
_purecall
wcscat_s
wcscpy_s
memcpy_s
free
malloc
wcsncpy_s
__C_specific_handler
_wcsicmp
wcsrchr
_vsnwprintf
__dllonexit
_onexit
memmove
memcpy
memcmp
wcscmp
memset
swscanf
srand
__CxxFrameHandler3

ntdll

RtlCopySid
RtlLengthSid
RtlNtStatusToDosError
NtAllocateLocallyUniqueId
RtlDeleteResource
RtlInitializeResource
RtlAcquireResourceExclusive
RtlReleaseResource
RtlAcquireResourceShared
RtlIdentifierAuthoritySid
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlValidSecurityDescriptor
RtlValidSid
RtlNumberGenericTableElementsAvl
RtlEnumerateGenericTableAvl
NtClose
RtlFreeHeap
NtCreateFile
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
RtlLookupElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlEqualSid
RtlInitString
RtlImageNtHeader
RtlDeleteCriticalSection
RtlEnterCriticalSection
RtlConvertExclusiveToShared
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlConvertSharedToExclusive
RtlInitializeGenericTableAvl

user32

UnregisterClassA
CharUpperW
CharNextW

kernel32

ResolveDelayLoadedAPI
SetThreadStackGuarantee
LoadLibraryW
GetSystemInfo
DelayLoadFailureHook
VirtualQuery
VirtualProtect
WakeAllConditionVariable
VirtualAlloc
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
OutputDebugStringA
GetTickCount
GetCurrentThreadId
QueryPerformanceCounter
CreateFileW
GetLastError
CloseHandle
MultiByteToWideChar
FindResourceW
SizeofResource
LoadResource
LockResource
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
LeaveCriticalSection
RaiseException
EnterCriticalSection
FindResourceExW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
WideCharToMultiByte
LocalAlloc
LocalFree
GetEnvironmentVariableW
CreateDirectoryW
GetCurrentProcessId
WriteFile
GetLocalTime
GetVersionExW
CreateTimerQueue
DeleteTimerQueueEx
CreateTimerQueueTimer
DeleteTimerQueueTimer
GetCurrentThread
GetCurrentProcess
GetComputerNameW
GetSystemTimeAsFileTime
GetFileAttributesW
GetVolumeInformationW
GetFileAttributesExW
CompareFileTime
DeleteFileW
GetFullPathNameW
TerminateProcess
SetLastError
CompareStringW
FormatMessageW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SleepConditionVariableSRW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CLSIDFromString
CoInitializeEx
CoUninitialize
CLSIDFromProgID
StringFromCLSID
CoCreateInstance

oleaut32

LoadRegTypeLi
SysAllocString
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
VariantInit
SafeArrayCreate
VariantClear
SafeArrayPutElement
SysStringLen
VariantCopy
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
VarCmp
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocStringLen
SafeArrayGetDim
RegisterTypeLi
VarUI4FromStr
SysFreeString
LoadTypeLi
SafeArrayGetVartype
VariantChangeType

advapi32

CreateWellKnownSid
LsaNtStatusToWinError
LsaQueryInformationPolicy
LsaFreeMemory
LsaClose
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
PerfCreateInstance
PerfSetCounterRefValue
PerfSetCounterSetInfo
PerfStartProvider
PerfStopProvider
RegDeleteValueW
LookupAccountNameW
LookupAccountSidW
ConvertSidToStringSidW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptReleaseContext
MakeSelfRelativeSD
AdjustTokenPrivileges
SetSecurityDescriptorSacl
AddAuditAccessAceEx
AddAccessAllowedObjectAce
AddAccessAllowedAceEx
IsValidSid
GetAce
GetAclInformation
GetSecurityDescriptorLength
SetNamedSecurityInfoW
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetNamedSecurityInfoW
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
CopySid
DuplicateTokenEx
OpenProcessToken
EqualDomainSid
SetThreadToken
OpenThreadToken
GetTokenInformation
GetLengthSid
RegQueryValueExW
ConvertStringSidToSidW
LsaOpenPolicy

authz

AuthziInitializeAuditEventType
AuthziAllocateAuditParams
AuthziInitializeAuditParamsWithRM
AuthziInitializeAuditEvent
AuthziLogAuditEvent
AuthzFreeAuditEvent
AuthziFreeAuditParams
AuthzAccessCheck
AuthzInitializeContextFromSid
AuthzInitializeContextFromToken
AuthzAddSidsToContext
AuthzGetInformationFromContext
AuthzFreeContext
AuthziFreeAuditEventType
AuthzFreeResourceManager
AuthzInitializeResourceManager

rpcrt4

RpcStringFreeA
UuidCreate
RpcStringFreeW
UuidToStringW
UuidToStringA
UuidFromStringW

dsparse

DsQuoteRdnValueW

ntdsapi

DsBindW
DsCrackNamesW
DsUnBindW
DsFreeNameResultW

odbc32

ord111
ord13
ord26
ord132
ord9
ord141
ord139
ord107
ord31
ord77
ord43
ord29
ord145
ord136
ord72
ord4
ord176

Exports

Exports

AzAddPropertyItem
AzApplicationClose
AzApplicationCreate
AzApplicationDelete
AzApplicationEnum
AzApplicationOpen
AzAuthorizationStoreDelete
AzCloseHandle
AzContextAccessCheck
AzContextGetAssignedScopesPage
AzContextGetRoles
AzFreeMemory
AzGetProperty
AzGroupCreate
AzGroupDelete
AzGroupEnum
AzGroupOpen
AzInitialize
AzInitializeContextFromName
AzInitializeContextFromToken
AzOperationCreate
AzOperationDelete
AzOperationEnum
AzOperationOpen
AzRemovePropertyItem
AzRoleCreate
AzRoleDelete
AzRoleEnum
AzRoleOpen
AzScopeCreate
AzScopeDelete
AzScopeEnum
AzScopeOpen
AzSetProperty
AzSubmit
AzTaskCreate
AzTaskDelete
AzTaskEnum
AzTaskOpen
AzUpdateCache
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 374KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/basebrd.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b5:08:6d:6b:b1:0c:bd:54:84:fa:a1:d9:27:a3:c9:65:6e:d5:69:90:f1:ef:07:23:29:ad:db:66:b4:17:e4:13
Signer

Actual PE Digest

b5:08:6d:6b:b1:0c:bd:54:84:fa:a1:d9:27:a3:c9:65:6e:d5:69:90:f1:ef:07:23:29:ad:db:66:b4:17:e4:13

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/batmeter.dll
.dll windows:10 windows x64 arch:x64

db8c58386b2add293631cc7fa2b15303

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

batmeter.pdb

Imports

msvcrt

_onexit
qsort
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
__dllonexit
memset

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
LoadStringW
GetModuleFileNameW
DisableThreadLibraryCalls
GetModuleHandleW

api-ms-win-power-base-l1-1-0

GetPwrCapabilities

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-synch-l1-1-0

CreateEventW
InitializeCriticalSection
DeleteCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
EnterCriticalSection
ResetEvent
WaitForSingleObject
SetEvent
LeaveCriticalSection

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus

api-ms-win-core-sidebyside-l1-1-0

ReleaseActCtx
ActivateActCtx
DeactivateActCtx
CreateActCtxW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

ntdll

RtlPublishWnfStateData
NtQueryWnfStateData
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwRegisterTraceGuidsW

gdi32

DeleteDC
SetStretchBltMode
CreateCompatibleDC
StretchBlt
GetDIBits
CreateDIBSection
DeleteObject
SelectObject

user32

RegisterDeviceNotificationW
GetSystemMetrics
UnregisterDeviceNotification
LoadImageW
GetDC
SystemParametersInfoW
DestroyIcon
GetSystemMetricsForDpi
PostMessageW
ReleaseDC

advapi32

RegOpenKeyW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

BatMeterIconAnimationReset
BatMeterIconThemeReset
BatMeterOnDeviceChange
CleanupBatteryData
CreateBatteryData
GetBatMeterIconAnimationState
GetBatMeterIconAnimationTimeDelay
GetBatMeterIconAnimationUpdate
GetBatteryCapacityInfo
GetBatteryDetails
GetBatteryImmersiveIcon
GetBatteryInfo
GetBatteryStatusText
GetBatteryWorkingState
IsBatteryBad
IsBatteryHealthWarningEnabled
IsBatteryLevelCritical
IsBatteryLevelLow
IsBatteryLevelReserve
PowerCapabilities
QueryBatteryData
SetBatteryHealthWarningState
SetBatteryLevel
SetBatteryWorkingState
SubscribeBatteryUpdateNotification
UnsubscribeBatteryUpdateNotification
UpdateBatteryData
UpdateBatteryDataAsync

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/bcryptprimitives.dll
.dll windows:10 windows x64 arch:x64

496e42068c9391511cf6ee7c54f73a9b

Code Sign

33:00:00:02:b1:72:b7:68:2d:ea:e6:58:18:00:00:00:00:02:b1
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2020, 19:16

Not After

23/09/2021, 19:16

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

53:c7:51:e4:6b:23:02:d0:71:b6:54:fe:16:e0:fa:7e:6c:43:00:b2:ab:bb:54:84:09:2d:4c:40:f4:8a:5f:88
Signer

Actual PE Digest

53:c7:51:e4:6b:23:02:d0:71:b6:54:fe:16:e0:fa:7e:6c:43:00:b2:ab:bb:54:84:09:2d:4c:40:f4:8a:5f:88

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bcryptprimitives.pdb

Imports

ntdll

NtTerminateProcess
RtlGetCurrentProcessorNumberEx
RtlAllocateHeap
RtlFreeHeap
NtOpenKey
RtlCaptureContext
NtClose
NtQueryValueKey
NtQueryInformationProcess
__C_specific_handler
wcscpy_s
_wcsicmp
RtlImageNtHeader
qsort
NtOpenFile
RtlLookupFunctionEntry
RtlInitUnicodeString
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwTraceMessage
RtlVirtualUnwind
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
RtlUnhandledExceptionFilter
memset
_vsnwprintf
__chkstk
_local_unwind
memcmp
memcpy
memmove
wcscmp

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetProcAddress
DisableThreadLibraryCalls
GetModuleFileNameW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-processthreads-l1-1-0

SetThreadStackGuarantee
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualAlloc
VirtualQuery

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo

api-ms-win-core-xstate-l2-1-0

GetEnabledXStateFeatures

Exports

Exports

GetAsymmetricEncryptionInterface
GetCipherInterface
GetHashInterface
GetKeyDerivationInterface
GetRngInterface
GetSecretAgreementInterface
GetSignatureInterface
MSCryptConvertRsaPrivateBlobToFullRsaBlob
ProcessPrng
ProcessPrngGuid

Sections

.text
Size: 401KB - Virtual size: 401KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/bisrv.dll
.dll windows:10 windows x64 arch:x64

692e803e76f6cd18eb9d7496fc1aba24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bisrv.pdb

Imports

msvcrt

memset
wcstok_s
toupper
__CxxFrameHandler3
_callnewh
wcscpy_s
memmove_s
_get_errno
_errno
wcstoul
_set_errno
_wcsdup
memcpy_s
strtoul
_purecall
swscanf_s
_wcsicmp
qsort
wcsnlen
memcmp
memcpy
memmove
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_vsnwprintf

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification
PowerSettingUnregisterNotification

ntdll

TpSetPoolMaxThreads
NtQuerySystemInformation
RtlRunOnceBeginInitialize
RtlRunOnceComplete
NtQueryAttributesFile
RtlNtStatusToDosError
RtlQueryWnfStateData
NtSetValueKey
RtlCreateUnicodeString
RtlQueryPackageClaims
NtCreateFile
NtSaveKeyEx
NtOpenProcess
NtCreateKey
NtLoadKeyEx
RtlStringFromGUID
NtDeleteValueKey
RtlAcquirePrivilege
NtDeleteFile
TpReleaseWait
NtOpenKey
RtlReleasePrivilege
RtlAppendUnicodeToString
NtEnumerateKey
RtlAppendUnicodeStringToString
NtDeleteKey
RtlCompareUnicodeString
TpReleasePool
TpAllocPool
RtlUnsubscribeWnfNotificationWaitForCompletion
TpWaitForWait
RtlRbInsertNodeEx
TpSetWait
NtClearEvent
NtWriteVirtualMemory
NtSetEvent
RtlRegisterForWnfMetaNotification
NtReadVirtualMemory
RtlAcquireSRWLockExclusive
RtlCopyUnicodeString
RtlReleaseSRWLockExclusive
RtlInitializeSRWLock
RtlUnsubscribeWnfStateChangeNotification
RtlNtStatusToDosErrorNoTeb
RtlFreeUnicodeString
RtlQueryUnbiasedInterruptTime
RtlWaitForWnfMetaNotification
RtlPublishWnfStateData
NtQueryInformationProcess
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlGetNextEntryHashTable
RtlLookupEntryHashTable
RtlCreateHashTable
NtDuplicateObject
RtlInsertEntryHashTable
NtCreateEvent
RtlLengthSid
RtlCompareUnicodeStrings
NtQueryValueKey
RtlDeleteHashTable
RtlDuplicateUnicodeString
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlIsMultiSessionSku
RtlFreeSid
RtlInitEnumerationHashTable
RtlRemoveEntryHashTable
RtlQueryWnfMetaNotification
RtlReAllocateHeap
RtlAddAccessAllowedAceEx
RtlGetDeviceFamilyInfoEnum
RtlUpcaseUnicodeChar
RtlSetDaclSecurityDescriptor
RtlEndEnumerationHashTable
NtCreateWnfStateName
NtDeleteWnfStateName
RtlGUIDFromString
RtlEnumerateEntryHashTable
RtlSetOwnerSecurityDescriptor
RtlEqualSid
RtlQueryPackageIdentityEx
NtOpenThreadToken
TpSetTimerEx
RtlCopySid
NtQueryInformationToken
TpReleaseTimer
NtOpenProcessToken
RtlValidSid
RtlTestBit
RtlInitializeBitMap
TpReleaseWork
TpWaitForWork
TpPostWork
RtlClearBit
RtlRunOnceExecuteOnce
NtQueryWnfStateData
RtlSetBit
TpAllocWork
TpWaitForTimer
TpAllocTimer
RtlSubscribeWnfStateChangeNotification
TpSetTimer
vDbgPrintEx
NtPowerInformation
EtwEventRegister
EtwEventUnregister
EtwEventWriteTransfer
RtlRbRemoveNode
EtwEventSetInformation
ZwUpdateWnfStateData
RtlFreeHeap
RtlAllocateHeap
RtlConvertSidToUnicodeString
ZwClose
AlpcGetMessageAttribute
AlpcInitializeMessageAttribute
TpWaitForAlpcCompletion
ZwAlpcConnectPort
RtlWaitOnAddress
RtlInitUnicodeString
ZwAlpcQueryInformation
TpReleaseAlpcCompletion
ZwAlpcSendWaitReceivePort
ZwAlpcDisconnectPort
TpAllocAlpcCompletion
RtlWakeAddressAll
ZwAlpcCancelMessage
TpSetWaitEx
NtCreateIRTimer
NtClose
NtSetIRTimer
TpAllocWait

api-ms-win-core-psm-rtimer-l1-1-1

PsmTimerRemainingResourceTimeGet
PsmTimerCleanup
PsmTimerInitialize
PsmTimerStart

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
TraceMessage
GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableFlags

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventRegister
EventUnregister
EventProviderEnabled
EventSetInformation
EventWriteTransfer

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-processthreads-l1-1-0

GetProcessId
TerminateProcess
OpenThreadToken
GetCurrentProcessId
OpenProcessToken
GetCurrentThread
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCompareMemory
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
SetLastError
GetLastError

resourcepolicyclient

InterruptiveUIStateChanged_Unsubscribe
CreateResourcePolicyStoreClient
InterruptiveUIStateChanged_Subscribe
CreateResourcePolicyEngineClient
QueryApplicationInterruptiveUIStateByPsmKey

rmclient

HamSetExternalResourcePriority
HamTerminateActivityHost
HamCloseActivity
CrmActivityFree
HamStartActivityAsync
HamCreateActivityEx
HamResetExternalResourcePriority
HamPopulateActivityProperties
HamConnectToServer
CrmActivityAllocate
CrmActivityRequest
CrmUnregister
HamDisconnectFromServer
CrmActivityStop
CrmRegister
CrmActivityStart

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWait
CreateThreadpool
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
CreateThreadpoolCleanupGroup
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CloseThreadpoolWork
IsThreadpoolTimerSet
CloseThreadpool
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
CreateMutexW
TryAcquireSRWLockExclusive
EnterCriticalSection
ReleaseMutex
LeaveCriticalSection
ReleaseSRWLockShared
InitializeSRWLock
InitializeCriticalSection
OpenSemaphoreW
OpenEventW
WaitForSingleObject
ReleaseSRWLockExclusive
ReleaseSemaphore
AcquireSRWLockExclusive
WaitForSingleObjectEx
DeleteCriticalSection
CreateSemaphoreExW
CreateMutexExW
AcquireSRWLockShared

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
GetModuleFileNameW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-psm-key-l1-1-0

PsmIsValidKey
PsmGetPackageFullNameFromKey
PsmCreateKey
PsmIsDynamicKey
PsmGetApplicationNameFromKey

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegGetValueW
RegDeleteValueA
RegQueryValueExW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
RegEnumValueW
RegEnumValueA
RegOpenKeyExW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW

api-ms-win-core-quirks-l1-1-1

QuirkIsEnabledForPackage3

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW
LsaLookupFreeMemory
LsaLookupGetDomainInfo
LsaLookupClose
LsaLookupOpenLocalPolicy

api-ms-win-security-base-l1-1-0

GetLengthSid
SetSecurityDescriptorGroup
GetTokenInformation
SetSecurityDescriptorOwner
CreateWellKnownSid
AddAccessAllowedAce
SetSecurityDescriptorDacl
InitializeAcl
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
CopySid
IsValidSid

oleaut32

SysAllocStringLen
SysFreeString
SysAllocString
SysStringLen

rpcrt4

Ndr64AsyncServerCallAll
NdrAsyncServerCall
RpcBindingFree
NdrServerCallAll
RpcAsyncCompleteCall
RpcBindingCreateW
UuidCreate
I_RpcMapWin32Status
RpcBindingBind
RpcEpUnregister
RpcBindingVectorFree
RpcImpersonateClient
RpcRevertToSelf
RpcRaiseException
NdrClientCall3
RpcServerInqCallAttributesW
RpcServerUseProtseqW
RpcServerRegisterIf3
RpcServerInqBindings
RpcServerUnregisterIf
NdrServerCall2
RpcEpRegisterW
I_RpcExceptionFilter

api-ms-win-appmodel-runtime-internal-l1-1-4

GetPackageStatusForUserSid

api-ms-win-core-registry-l2-1-0

RegEnumKeyW
RegOpenKeyW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

devobj

DevObjGetDeviceInterfaceDetail
DevObjEnumDeviceInterfaces
DevObjGetClassDevs
DevObjCreateDeviceInfoList
DevObjDestroyDeviceInfoList

api-ms-win-core-com-l1-1-0

CoUnmarshalInterface
CoMarshalInterface
CoDisconnectObject
CoInitializeSecurity
CoTaskMemFree
CoGetClassObject
CoUninitialize
CoTaskMemAlloc
CoInitializeEx
CoReleaseMarshalData
CoCreateInstance
CoRegisterClassObject
CLSIDFromString
CoDecrementMTAUsage
CreateStreamOnHGlobal
CoIncrementMTAUsage
CoGetCallContext

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalAlloc
LocalReAlloc
GlobalFree
LocalAlloc

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsCreateStringReference
WindowsDeleteString
WindowsCreateString

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-security-provider-l1-1-0

SetNamedSecurityInfoW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
CreateTimerQueue
DeleteTimerQueueEx

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabledForPackage

eventaggregation

BriUnregisterFromBrokerAvailability
BriGetBrokerAvailabilityChangeStamp
EaCreateAggregation
BriCreateBrokeredEventEx
BriDeleteBrokeredEvent
BriIsBrokerRegistered
BriRegisterToBrokerAvailability
EaSignalAggregatedEvent
EaDeleteAggregation

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

PsmBiExtInitialize
PsmBiExtNotifyAppState
PsmBiExtNotifySessionStateChange
PsmBiExtNotifySessionUserStateChange
PsmBiExtNotifyWerReportProgress
PsmBiExtPrepareToSuspendPackage
PsmBiExtResumePackage

Sections

.text
Size: 563KB - Virtual size: 563KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/blbmmc.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

blbmmc.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/blbmmc.ni.dll
.dll windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

blbmmc.ni.pdb
blbmmc.pdb

Sections

.data
Size: 275KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/blbmmc.resources.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
L4uncchher.exe
.exe windows:6 windows x86 arch:x86

ea509d361799935a94335b88f534a970

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
WriteConsoleW
WerSetFlags
WerGetFlags
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetThreadPriority
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
RaiseFailFastException
PostQueuedCompletionStatus
LoadLibraryW
LoadLibraryExW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetErrorMode
GetEnvironmentStringsW
GetCurrentThreadId
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateWaitableTimerA
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 8.6MB - Virtual size: 8.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12.7MB - Virtual size: 12.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 518KB - Virtual size: 517KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 1551

Password: 1551

Password: 1551

02f753c6fd075ea1b96f042a5a4196a8

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:edCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

2a:30:0a:c2:85:59:32:df:7c:c3:ea:ee:60:15:dc:e0:08:91:74:fd:1d:a6:64:f6:7c:9e:46:f2:d3:50:cf:c8Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

ntdll

opcservices

urlmon

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

xmllite

api-ms-win-core-shlwapi-legacy-l1-1-0

Exports

Exports

Sections

.text Size: 721KB - Virtual size: 721KB

.rdata Size: 273KB - Virtual size: 272KB

.data Size: 1KB - Virtual size: 4KB

.pdata Size: 34KB - Virtual size: 34KB

.didat Size: 512B - Virtual size: 368B

.rsrc Size: 575KB - Virtual size: 574KB

.reloc Size: 7KB - Virtual size: 7KB

Password: 1551

4e4208ee5e89a0aa5d859057001f9852

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

b1:5a:55:09:bd:44:61:48:32:44:97:2d:d7:e0:2c:11:17:13:64:4d:65:6b:b3:de:02:e8:f2:12:08:2b:2b:beSigner

Headers

DLL Characteristics

File Characteristics

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

2a:30:0a:c2:85:59:32:df:7c:c3:ea:ee:60:15:dc:e0:08:91:74:fd:1d:a6:64:f6:7c:9e:46:f2:d3:50:cf:c8
Signer

.text
Size: 721KB - Virtual size: 721KB

.rdata
Size: 273KB - Virtual size: 272KB

.data
Size: 1KB - Virtual size: 4KB

.pdata
Size: 34KB - Virtual size: 34KB

.didat
Size: 512B - Virtual size: 368B

.rsrc
Size: 575KB - Virtual size: 574KB

.reloc
Size: 7KB - Virtual size: 7KB

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

b1:5a:55:09:bd:44:61:48:32:44:97:2d:d7:e0:2c:11:17:13:64:4d:65:6b:b3:de:02:e8:f2:12:08:2b:2b:be
Signer

.text
Size: 294KB - Virtual size: 294KB

.rdata
Size: 194KB - Virtual size: 193KB

.data
Size: 14KB - Virtual size: 16KB

.pdata
Size: 10KB - Virtual size: 10KB

.didat
Size: 512B - Virtual size: 288B

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 484KB - Virtual size: 480KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

.data
Size: 123KB - Virtual size: 122KB

.xdata
Size: 18KB - Virtual size: 18KB