System32Problems9[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

System32Problems9.zip
Size

23.4MB
MD5

de82464454ea84b16f3586fd5ce7f0a8
SHA1

14fa72d90197c01172f03fa98004d2de922b6b8b
SHA256

b4347bcbf6f36b66836194fefcce01fad1216c44b020b8f4ae19d579aa3e9d52
SHA512

f59744c69eea8189f25a0b26b0ca82115a452b3c656ad1b078c431ea4199fcd0f95cde9e65c5155d95e339771fb548cb57b4043a9f4fd98666ee7185e27e18f9
SSDEEP

393216:Lwp8uR6DeJFgEIR+wzS48qUPY+4QQ3sbE47bwBPwRf79RhtweznHSj:LwpxR6DeJ6EIR+wzP2PZ4QQL4/wSV/HA

Score

3^/10

Malware Config

Signatures

Unsigned PE 79 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AppMon.dll
unpack001/AppReadiness.dll
unpack001/AppXApplicabilityBlob.dll
unpack001/AppXDeploymentExtensions.desktop.dll
unpack001/AppXDeploymentExtensions.onecore.dll
unpack001/AppXDeploymentServer.dll
unpack001/AppointmentActivation.dll
unpack001/AppointmentApis.dll
unpack001/AppxSip.dll
unpack001/AppxStreamingDataSourcePS.dll
unpack001/AppxSysprep.dll
unpack001/Apx01000.dll
unpack001/AssignedAccessRuntime.dll
unpack001/AudioEndpointBuilder.dll
unpack001/AudioHandlers.dll
unpack001/AuthBroker.dll
unpack001/AuthBrokerUI.dll
unpack001/AuthExt.dll
unpack001/AuthFWGP.dll
unpack001/AuthFWSnapin.dll
unpack001/AuthFWWizFwk.dll
unpack001/AuthHostProxy.dll
unpack001/AutomaticAppSignInPolicy.dll
unpack001/AxInstSv.dll
unpack001/AzSqlExt.dll
unpack001/BFE.DLL
unpack001/BackgroundMediaPolicy.dll
unpack001/BamSettingsClient.dll
unpack001/BarcodeProvisioningPlugin.dll
unpack001/BcastDVRBroker.dll
unpack001/BcastDVRClient.dll
unpack001/BcastDVRCommon.dll
unpack001/BdeHdCfgLib.dll
unpack001/BingASDS.dll
unpack001/BingFilterDS.dll
unpack001/BingMaps.dll
unpack001/BingOnlineServices.dll
unpack001/BioCredProv.dll
unpack001/BitLockerCsp.dll
unpack001/BitsProxy.dll
unpack001/apprepapi.dll
unpack001/appsruprov.dll
unpack001/archiveint.dll
unpack001/asferror.dll
unpack001/asycfilt.dll
unpack001/atl.dll
unpack001/atlthunk.dll
unpack001/atmlib.dll
unpack001/audioresourceregistrar.dll
unpack001/audiosrv.dll
unpack001/auditcse.dll
unpack001/auditpolcore.dll
unpack001/authentication.dll
unpack001/authfwcfg.dll
unpack001/authui.dll
unpack001/authz.dll
unpack001/autopilot.dll
unpack001/autopilotdiag.dll
unpack001/autoplay.dll
unpack001/autotimesvc.dll
unpack001/avicap32.dll
unpack001/avifil32.dll
unpack001/azroles.dll
unpack001/azroleui.dll
unpack001/basesrv.dll
unpack001/batmeter.dll
unpack001/bcastdvr.proxy.dll
unpack001/bcastdvruserservice.dll
unpack001/bcdprov.dll
unpack001/bcdsrv.dll
unpack001/bderepair.dll
unpack001/bdesvc.dll
unpack001/bdeui.dll
unpack001/bi.dll
unpack001/bidispl.dll
unpack001/bindfltapi.dll
unpack001/bisrv.dll
unpack001/bitsigd.dll
unpack001/bitsperf.dll

Files

System32Problems9.zip
.zip
AUDIOKSE.dll
.dll regsvr32 windows:10 windows x64 arch:x64

0171c8b34a2862ac3a0bc42087150e58

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

28:06:9d:51:b3:57:ab:f7:b7:49:d7:a2:d5:50:c3:10:07:c1:39:cc:f8:50:79:7d:67:05:d4:dc:2b:78:ee:bc
Signer

Actual PE Digest

28:06:9d:51:b3:57:ab:f7:b7:49:d7:a2:d5:50:c3:10:07:c1:39:cc:f8:50:79:7d:67:05:d4:dc:2b:78:ee:bc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AUDIOKSE.pdb

Imports

api-ms-win-crt-string-l1-1-0

strcmp
wcscmp
memset
strnlen
strncmp
wcsnlen

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__strnicmp
_o__crt_atexit
memcpy
_o__wcslwr
_o__wfopen
_o__wtol
_o_fclose
_o_feof
_o_fread
_o_free
_o_fseek
_o_log10
_o_malloc
_o_pow
_o_tolower
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o__configure_narrow_argv
wcsrchr
_o__cexit
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcsstr
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_CxxThrowException
__C_specific_handler_noexcept
memcmp

ntdll

RtlFreeMemoryBlockLookaside
RtlNtStatusToDosError
RtlGetPersistedStateLocation
RtlLockMemoryBlockLookaside
RtlCreateMemoryBlockLookaside
RtlUnlockMemoryBlockLookaside
NtQueryInformationProcess
RtlAllocateMemoryBlockLookaside
RtlDestroyMemoryBlockLookaside
RtlExtendMemoryBlockLookaside
RtlDeleteFunctionTable
RtlAddFunctionTable
ShipAssert
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
NtCreateFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
LoadResource
SizeofResource
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
GetProcAddress
LoadLibraryExW
FreeLibrary
DisableThreadLibraryCalls
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

SetEvent
CreateEventW
CreateWaitableTimerExW
LeaveCriticalSection
EnterCriticalSection
ResetEvent
CreateEventA
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
InitializeCriticalSection
CreateEventExW
CancelWaitableTimer
DeleteCriticalSection
SetWaitableTimer
WaitForMultipleObjectsEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
GetCurrentThread
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
CreateThread

api-ms-win-core-localization-l1-2-0

GetThreadLocale
SetThreadLocale
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

oleaut32

SysStringLen
SysAllocString
VarUI4FromStr
SysFreeString

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventActivityIdControl
EventSetInformation

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
TraceEvent
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoGetMalloc
PropVariantClear
StringFromGUID2

api-ms-win-core-string-l2-1-0

CharNextW
CharLowerBuffW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegGetValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-synch-l1-2-0

InitOnceInitialize
WakeByAddressAll
WaitOnAddress
Sleep
InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
VirtualProtect
VirtualFree
VirtualAlloc
MapViewOfFile
CreateFileMappingW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW
GetLocalTime
GlobalMemoryStatusEx
GetTickCount
GetWindowsDirectoryW
GetTickCount64

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-memory-l1-1-1

SetProcessWorkingSetSizeEx
GetProcessWorkingSetSizeEx

api-ms-win-core-file-l1-1-0

GetDiskFreeSpaceW
CreateFileW
GetFileSize

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentStringsW
FreeEnvironmentStringsA
FreeEnvironmentStringsW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

mmdevapi

ord5

avrt

AvRevertMmThreadCharacteristics
AvQuerySystemResponsiveness
AvSetMmThreadPriority
AvSetMmThreadCharacteristicsA

api-ms-win-core-psapi-l1-1-0

K32GetDeviceDriverBaseNameW
K32GetDeviceDriverFileNameW
K32EnumDeviceDrivers

api-ms-win-devices-query-l1-1-0

DevCreateObjectQuery
DevCloseObjectQuery

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 312KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 4KB - Virtual size: 344B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppMon.dll
.dll windows:10 windows x64 arch:x64

89ce6363d54faf6dbefa67421de8ec1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

appmon.pdb

Imports

msvcrt

memset
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler4
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
__CxxFrameHandler3
wcscmp

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameA
GetProcAddress
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
WaitForSingleObjectEx
ReleaseSRWLockExclusive
OpenSemaphoreW
InitializeCriticalSectionEx
CreateSemaphoreExW
ReleaseMutex
WaitForSingleObject
CreateMutexExW
ReleaseSRWLockShared
LeaveCriticalSection
AcquireSRWLockShared
DeleteCriticalSection
EnterCriticalSection
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

ResumeThread
SetThreadToken
GetCurrentThreadId
TerminateProcess
CreateThread
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

spoolss

OpenPrinterW
ClosePrinter
ImpersonatePrinterClient
RevertToPrinterSelf
SetJobW

api-ms-win-core-com-l1-1-0

CoCreateInstance
StringFromGUID2
CoCreateGuid

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-registry-l1-1-0

RegCloseKey

api-ms-win-core-file-l1-1-0

WriteFile
CreateFileW
CreateDirectoryW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

InitializePrintMonitor2
SetRPCClientPid

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppReadiness.dll
.dll windows:10 windows x64 arch:x64

ee6b85a4af1ba535cb972418f9a9c8ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppReadiness.pdb

Imports

msvcp_win

_Lock_shared_ptr_spin_lock
?_Xlength_error@std@@YAXPEBD@Z
_Unlock_shared_ptr_spin_lock
?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__ui64tow_s
memmove
_o_free
_o_malloc
_o_mbstowcs
_o_realloc
_o_wcstok_s
_o_wcstoul
__CxxFrameHandler3
_CxxThrowException
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
wcsrchr
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__get_errno
__std_terminate
__C_specific_handler
__CxxFrameHandler4
__C_specific_handler_noexcept
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcscmp
memset
wcsncmp

api-ms-win-core-com-l1-1-0

CoCreateGuid
PropVariantClear
CoResumeClassObjects
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
CoFreeUnusedLibraries
CoInitializeSecurity
CoRevokeClassObject
CoDisconnectContext
CoTaskMemAlloc
CoGetCallContext
CoGetMalloc
CoCreateInstance
CoTaskMemFree
CoRegisterClassObject
StringFromGUID2
CoImpersonateClient
CoRevertToSelf
GetHGlobalFromStream
CreateStreamOnHGlobal
CoGetApartmentType
CoWaitForMultipleHandles

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
FindResourceExW
GetModuleFileNameA
GetModuleHandleExA
GetModuleHandleW
GetProcAddress
LoadLibraryExW
FreeLibrary
DisableThreadLibraryCalls
LockResource
LoadResource
GetModuleHandleExW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
Sleep
InitOnceComplete

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
CreateSemaphoreExW
ReleaseSRWLockShared
CreateEventExW
EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
CreateEventW
InitializeCriticalSectionEx
InitializeCriticalSection
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
ReleaseMutex
ResetEvent
ReleaseSRWLockExclusive
OpenSemaphoreW
AcquireSRWLockExclusive
WaitForSingleObjectEx
SetEvent

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsCreateStringReference
WindowsCreateString
WindowsDuplicateString
WindowsIsStringEmpty
WindowsDeleteString

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventWrite
EventUnregister
EventWriteTransfer

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
TraceMessage
GetTraceEnableFlags
GetTraceLoggerHandle
GetTraceEnableLevel
RegisterTraceGuidsW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
CreateThread
OpenThreadToken
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetProcessId
OpenProcessToken

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoRegisterActivationFactories
RoInitialize
RoUninitialize
RoGetActivationFactory
RoRevokeActivationFactories

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError
SetRestrictedErrorInfo
RoOriginateErrorW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemDirectoryW
GetWindowsDirectoryW
GetSystemTime
GetSystemTimeAsFileTime
GetLocalTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegOpenUserClassesRoot
RegFlushKey
RegGetValueW
RegQueryValueExW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteTreeW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-security-base-l1-1-0

GetSidSubAuthority
CreateWellKnownSid
DuplicateTokenEx
AllocateAndInitializeSid
IsValidSid
GetTokenInformation
RevertToSelf
CheckTokenMembership
FreeSid
ImpersonateLoggedOnUser

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
RegisterWaitForSingleObject
MoveFileW

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
UnregisterWaitEx
DeleteTimerQueueTimer

ntdll

RtlUnsubscribeWnfNotificationWaitForCompletion
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlInsertElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlLookupElementGenericTableAvl
NtQueryWnfStateData
RtlInitUnicodeString
RtlGetDeviceFamilyInfoEnum
NtQuerySystemInformation
RtlIsStateSeparationEnabled
NtQuerySystemTime
RtlNtStatusToDosError
RtlSubscribeWnfStateChangeNotification
RtlGetPersistedStateLocation
RtlGetSessionProperties
RtlCompareUnicodeString
RtlIsMultiUsersInSessionSku
RtlReportExceptionEx

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW
WaitForMultipleObjects

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

samcli

NetUserGetInfo

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-file-l1-1-0

SetFileInformationByHandle
FindClose
DeleteFileW
CreateDirectoryW
SetFileAttributesW
GetFullPathNameW
WriteFile
CompareFileTime
GetFileAttributesW
CreateFileW
GetFileSize
ReadFile
FindNextFileW
GetFileAttributesExW
FindFirstFileW
RemoveDirectoryW

api-ms-win-security-lsalookup-l1-1-0

LsaLookupGetDomainInfo
LsaLookupFreeMemory
LsaLookupClose
LsaLookupOpenLocalPolicy

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchRemoveFileSpec
PathAllocCombine
PathCchCombine
PathCchAddExtension

api-ms-win-eventing-controller-l1-1-0

StopTraceW
StartTraceW
EnableTraceEx2

api-ms-win-core-debug-l1-1-1

CheckRemoteDebuggerPresent

api-ms-win-shcore-sysinfo-l1-1-0

IsOS

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-appmodel-runtime-l1-1-1

FindPackagesByPackageFamily

propsys

PropVariantToUInt32
PropVariantToStringAlloc
PSCreateMemoryPropertyStore

api-ms-win-shcore-registry-l1-1-0

SHDeleteValueW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

rpcrt4

UuidCreate

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalSize
GlobalUnlock

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

appxdeploymentclient

ord59
ord66
ord2
ord67
ord12
ord28

combase

ord68
ord67
ord69
ord66

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ServiceMain

Sections

.text
Size: 584KB - Virtual size: 582KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppResolver.dll
.dll windows:10 windows x64 arch:x64

1d4d182c599d17d98ff44b6f0a898815

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

50:16:d7:e0:91:b0:fa:55:e7:ec:b0:d6:22:e4:9d:52:5f:12:34:76:ef:15:92:fc:96:33:f1:be:c3:37:89:c8
Signer

Actual PE Digest

50:16:d7:e0:91:b0:fa:55:e7:ec:b0:d6:22:e4:9d:52:5f:12:34:76:ef:15:92:fc:96:33:f1:be:c3:37:89:c8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppResolver.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__ui64tow_s
_o__wcstoui64
memmove
_o__wtoi
_o_abort
_o_ceilf
_o_free
_o_iswspace
_o_malloc
_o_terminate
_o_towupper
__C_specific_handler
__current_exception
__current_exception_context
_o__execute_onexit_table
_o__errno
_o__get_errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
wcschr
wcsrchr
__CxxFrameHandler3
_CxxThrowException
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcscmp
memset
wcsspn

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleFileNameW
GetModuleHandleExW
GetProcAddress
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
ResetEvent
OpenEventW
InitializeSRWLock
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
CreateEventExW
SetEvent
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
CreateEventW
InitializeCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapReAlloc
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError
RaiseException

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister
EventActivityIdControl

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentThread
OpenProcessToken
ProcessIdToSessionId
TerminateProcess
GetCurrentProcess
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
GetCurrentThreadId
GetProcessTimes
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

GetUserDefaultLCID
GetUserGeoID
GetThreadPreferredUILanguages
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

shcore

IStream_Read
ord190
ord188
SHQueryValueExW
SHTaskPoolGetUniqueContext
ord213
IUnknown_GetSite
ord130
ord145
SHAnsiToUnicode
ord170
ord123
SHGetValueW
SHSetValueW
ord122
ord109
ord141
GetScaleFactorForDevice
SHTaskPoolQueueTask
IUnknown_QueryService
ord193
IStream_Size
IUnknown_Set
ord192
SHStrDupW

windows.storage

ord946
ord942
SHOpenFolderAndSelectItems
SHGetDesktopFolder
SHGetKnownFolderPath

ntdll

NtQueryInformationProcess
RtlNtStatusToDosError
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlAllocateHeap
RtlFreeHeap
RtlPublishWnfStateData
RtlAcquireSRWLockExclusive
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
RtlInitUnicodeString
NtQueryInformationToken
RtlReleaseSRWLockExclusive
VerSetConditionMask

msvcp_win

?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
_Cnd_unregister_at_thread_exit
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Cnd_wait
_Cnd_broadcast
_Cnd_destroy_in_situ
_Cnd_init_in_situ
_Mtx_unlock
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
_Mtx_init_in_situ
?_Throw_C_error@std@@YAXH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?_Xbad_function_call@std@@YAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
_Mtx_destroy_in_situ
??0task_continuation_context@Concurrency@@AEAA@XZ
_Mtx_lock
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
_Cnd_register_at_thread_exit

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-path-l1-1-0

PathCchFindExtension
PathAllocCombine
PathCchAppend
PathCchCombine
PathCchRemoveBackslash
PathCchRemoveFileSpec
PathCchRemoveExtension

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegEnumValueW
RegGetValueW
RegDeleteValueW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-file-l1-1-0

CreateFileW
GetLongPathNameW
CreateDirectoryW
CompareFileTime
DeleteFileW
GetFileSizeEx

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalFree
LocalAlloc

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
ReadProcessMemory

api-ms-win-core-memory-l1-1-1

PrefetchVirtualMemory

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-security-base-l1-1-0

GetSidSubAuthority
DuplicateTokenEx
GetFileSecurityW
GetSecurityDescriptorSacl
GetAce
GetTokenInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-appmodel-unlock-l1-1-0

IsDeveloperModeEnabled

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 468KB - Virtual size: 465KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppXApplicabilityBlob.dll
.dll windows:10 windows x64 arch:x64

c415be19dba4fe4d36996e13146e882a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

appxapplicabilityblob.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
wcsnlen
strcspn

api-ms-win-crt-locale-l1-1-0

_unlock_locales
_lock_locales

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__calloc_base
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__free_base
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__malloc_base
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsdup
_o__wtoi64
_o_abort
_o_calloc
_o_free
_o_frexp
_o_localeconv
_o_malloc
_o_realloc
_o_setlocale
_o_terminate
__uncaught_exception
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___pctype_func
_o____mb_cur_max_func
_o____lc_locale_name_func
_o____lc_collate_cp_func
_o____lc_codepage_func
strchr
__CxxFrameHandler3
memcpy

api-ms-win-core-libraryloader-l1-1-0

GetProcAddress
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

CreateEventW
CreateSemaphoreExW
EnterCriticalSection
CreateMutexExW
LeaveCriticalSection
InitializeCriticalSectionEx
ResetEvent
OpenSemaphoreW
WaitForSingleObjectEx
DeleteCriticalSection
SetEvent
InitializeCriticalSectionAndSpinCount
ReleaseMutex
ReleaseSemaphore
WaitForSingleObject

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-core-localization-l1-2-0

LCMapStringEx
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-string-l1-1-0

CompareStringEx
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

Exports

Exports

CreateSerializedBundleManifestStatement
GetApplicabilityFactory
IsAppx
IsModernApp
IsPreThresholdDesktop
IsPreThresholdPhone
IsXAP

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppXDeploymentClient.dll
.dll windows:10 windows x64 arch:x64

ef857e4bfa9b02ee830b6b262156aab9

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8d:7f:a0:de:b5:fc:55:4d:27:de:6c:33:be:1d:10:26:3d:93:57:9f:e9:96:c5:15:85:23:42:04:65:56:53:e6
Signer

Actual PE Digest

8d:7f:a0:de:b5:fc:55:4d:27:de:6c:33:be:1d:10:26:3d:93:57:9f:e9:96:c5:15:85:23:42:04:65:56:53:e6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppXDeploymentClient.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-string-l1-1-0

memset
strcmp
memmove_s
wcscmp

ntdll

RtlNumberGenericTableElementsAvl
RtlIsMultiUsersInSessionSku
RtlAllocateHeap
NtSetInformationThread
NtQueryInformationProcess
NtQueryInformationFile
RtlInitializeCriticalSection
NtQuerySystemInformation
RtlReportException
RtlFreeUnicodeString
RtlAllocateAndInitializeSid
RtlIsGenericTableEmptyAvl
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlInitializeSRWLock
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlGetDeviceFamilyInfoEnum
NtUnmapViewOfSection
NtMapViewOfSection
RtlNtStatusToDosErrorNoTeb
NtSetInformationVirtualMemory
RtlConvertSidToUnicodeString
NtClose
NtCreateSection
EtwEventUnregister
EtwEventWrite
RtlFreeHeap
EtwEventRegister
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlFreeSid
RtlAllocateWnfSerializationGroup
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlUnsubscribeWnfStateChangeNotification
RtlNtStatusToDosError
NtQueryInformationThread
RtlDeleteElementGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlLookupElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlInitUnicodeString
RtlDowncaseUnicodeString
RtlCompareUnicodeString
RtlQueryPackageClaims
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlDeleteCriticalSection

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleFileNameA
LoadLibraryExW
LoadLibraryExA
GetModuleHandleW
GetModuleFileNameW
LoadStringW
GetModuleHandleExW
GetProcAddress
GetModuleHandleExA

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockExclusive
SetEvent
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseMutex
AcquireSRWLockShared
CreateEventW
WaitForSingleObjectEx
DeleteCriticalSection
CreateEventExW
WaitForSingleObject
ResetEvent
InitializeCriticalSectionEx
OpenSemaphoreW
SleepEx
LeaveCriticalSection
ReleaseSemaphore
CreateSemaphoreExW
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
WaitForThreadpoolWorkCallbacks

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
ProcessIdToSessionId
TlsAlloc
GetCurrentThread
OpenThreadToken
TlsGetValue
GetCurrentProcessId
GetCurrentThreadId
TlsSetValue
SetThreadToken
GetCurrentProcess
TerminateProcess
GetProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

rpcrt4

RpcBindingFromStringBindingW
RpcServerInqCallAttributesW
NdrOleFree
Ndr64AsyncClientCall
UuidToStringW
UuidCreate
RpcBindingFree
RpcBindingUnbind
NdrDllGetClassObject
RpcStringFreeW
NdrClientCall3
RpcStringBindingComposeW
RpcBindingBind
NdrDllCanUnloadNow
NdrOleAllocate
I_RpcExceptionFilter
RpcBindingCreateW
RpcAsyncCompleteCall
RpcAsyncCancelCall
RpcAsyncInitializeHandle

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo
RoOriginateErrorW
SetRestrictedErrorInfo
RoTransformError
RoOriginateError
RoSetErrorReportingFlags

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoGetApartmentType
StringFromGUID2
CoCreateFreeThreadedMarshaler
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoMarshalInterface
CreateStreamOnHGlobal
CoTaskMemAlloc
CoGetCallContext
CoReleaseMarshalData
CoRevertToSelf
CoIncrementMTAUsage
CoDecrementMTAUsage
CLSIDFromString
CoImpersonateClient

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventWriteTransfer
EventActivityIdControl
EventRegister

api-ms-win-core-string-l1-1-0

CompareStringEx
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoActivateInstance
RoUninitialize

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemInfo
GetSystemDirectoryW
GetWindowsDirectoryW
GetLocalTime
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
Sleep
InitOnceBeginInitialize

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-security-sddl-l1-1-0

ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSidToSidW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-security-lsalookup-l1-1-0

LsaLookupClose
LsaLookupFreeMemory
LsaLookupGetDomainInfo
LsaLookupOpenLocalPolicy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-path-l1-1-0

PathCchCombine
PathAllocCanonicalize
PathCchRemoveBackslash
PathCchSkipRoot

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx
NotifyServiceStatusChangeW

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
StartServiceW
OpenSCManagerW

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
VirtualQuery
VirtualProtect
MapViewOfFile
CreateFileMappingW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AppInstallerUpdateAllTask
AppxAddPackageToAllUserStoreForPbr
AppxCleanupOrphanPackages
AppxCleanupSystemAppsMigratedToFOD
AppxCleanupWCIReparsePoints
AppxCreateSharedLocalFolder
AppxCreateSharedLocalFolderForFamilyName
AppxDeletePackageFiles
AppxDestagePackage
AppxDoesSharedLocalFolderExistForFamilyName
AppxGetPackageInstalledLocation
AppxGetStagedPackageFullNameFromFamilyName
AppxIsStagedPackageStoreSigned
AppxPackageRepositoryRecoverStagedPackages
AppxPackageRepositoryRecoverUserInstalls
AppxPreRegisterAllInboxPackages
AppxPreRegisterPackage
AppxPreStageCleanupRunTask
AppxRecoverUserInstallsForUpgrade
AppxRegisterPackage
AppxRemoveAllPackagesForUserSid
AppxRemovePackageForAllUsers
AppxRemovePackageForUserSid
AppxRequestRemovePackageForUser
AppxResetPackage
AppxStagePackage
AppxValidatePackages
AppxValidatePackagesWithOptions
CheckAppInstallerUpdateAvailability
CheckComCallerHasCapabilities
CheckForUpdatesAndWaitForInstallerIfNeeded
CleanupProfileForUser
ClientDeleteAllPackagesFromMainPackageArray
ClientGetAllPackagesToBeInstalledForUser
CreateCanonicalPriFile
DeleteApplicabilityInfoArray
DeleteAutoUpdateSettings
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
EnsurePackageFamilyIsRegisteredBeforeActivation
EnsurePackageIsRegisteredInContainer
FixJunctionsForAppsIfNecessary
GeneratePreInstalledPriFiles
GetApplicability
GetApplicability2
GetApplicability4
GetApplicability5
GetApplicabilityForPackage
GetBundleApplicablePackages
GetMetadataRootForPackage
GetNotificationPayload
GetNotificationPayloadForUser
GetPackageRegistrationStatusForUser
GetPackageRegistrationStatusForUserAndDefaultAccount
HasPackageFamilyBeenRegisteredForUser
IsPackageInstalled
IsPackageMetadataUnderSystemMetadata
IsSharedAppsEnabled
MSIXForceReRegisterPackage
MsixEnsurePackageIsRegistered
MsixPackageVolumeIsRepairNeeded
MsixPackageVolumeRepair
NotifyPackageStatusChanged
PauseAutoUpdateSettings
PopulateProtocolAndFTA
RDSRecoverRequests
ReArmAppxPreStageCleanupTask
RegisterNotification
RegisterNotificationForUser
RemovePackageFromContainer
RepairPackageFileAcls
RequestContentGroups
RequestContentGroupsForFullTrust
ScheduleAppInstallerBackgroundUpdate
SetPackageStatusInContainer
UnregisterNotification
UnregisterNotificationForUser
UpdateAgentCancelAllDownloads
UpdateAgentCancelDownload
UpdateAgentCreateDownload
UpdateAgentFreeDownloadRanges
UpdateAgentGetDownloadPackageReturnValue
UpdateAgentGetDownloadRanges
UpdateAgentGetDownloadingPackageCount
UpdateAppInstallerSettings
UpdateDataSourceAddRange
UpdateDataSourceCancelRun
UpdateDataSourceRegister
UpdateDataSourceRun
VerifyPackage

Sections

.text
Size: 840KB - Virtual size: 839KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 348KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppXDeploymentExtensions.desktop.dll
.dll windows:10 windows x64 arch:x64

1e9b4496f58bd2a40bd7a4fb463f5d3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppxDeploymentExtensions.Desktop.pdb

Imports

msvcp_win

?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
_Wcscoll
??1_Lockit@std@@QEAA@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Winerror_map@std@@YAHH@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Syserror_map@std@@YAPEBDH@Z
_Wcsxfrm
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?id@?$ctype@G@std@@2V0locale@2@A
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?_Xout_of_range@std@@YAXPEBD@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??Bios_base@std@@QEBA_NXZ
?_Xlength_error@std@@YAXPEBD@Z
?id@?$collate@G@std@@2V0locale@2@A
??0_Lockit@std@@QEAA@H@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Xbad_alloc@std@@YAXXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1_Locinfo@std@@QEAA@XZ

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__wcsicmp
_o__wcsnicmp
_o__wcstoui64
_o___std_exception_destroy
_o__wtoi
_o_calloc
_o_ceilf
_o_free
memmove
_o_malloc
_o_memcpy_s
_o_realloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncat_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstol
_o_wcstoll
_o_wcstoul
_o_wcstoull
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o___std_exception_copy
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__cexit
wcsrchr
wcschr
strchr
_o__callnewh
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o____lc_codepage_func
__std_terminate
__CxxFrameHandler4
_o__configure_narrow_argv
_local_unwind
memcmp
_o___std_type_info_destroy_list
memcpy

api-ms-win-crt-string-l1-1-0

wcscmp
wcsncmp
memmove_s
wcsnlen
memset
strcmp

appxdeploymentserver

PackageRepositoryAllocate
AppXApplyTrustLabelToFolder
PackageRepositoryFree
AppXSetTrustLabelOnPackage

staterepository.core

sqlite3_column_int64
sqlite3_column_text
sqlite3_column_bytes
sqlite3_column_text16
sqlite3_column_blob
sqlite3_column_type
sqlite3_stmt_busy
sqlite3_sql
sqlite3_db_handle
sqlite3_config
sqlite3_log
sqlite3_finalize
sqlite3_errmsg
sqlite3_reset
sqlite3_step
sqlite3_exec
sqlite3_errcode
sqlite3_bind_text16
sqlite3_bind_int64
sqlite3_get_autocommit
sqlite3_bind_int
sqlite3_bind_null
sqlite3_close
sqlite3_open_v2
sqlite3_extended_errcode
sqlite3_file_control
sqlite3_bind_blob
sqlite3_extended_result_codes
sqlite3_prepare_v2
sqlite3_db_config
sqlite3_value_text
sqlite3_result_text16
sqlite3_value_int64
sqlite3_free
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint_v2
sqlite3_changes
sqlite3_total_changes
sqlite3_result_blob
sqlite3_last_insert_rowid
sqlite3_db_filename
sqlite3_clear_bindings
sqlite3_busy_timeout
sqlite3_db_status
sqlite3_malloc
sqlite3_create_function_v2
sqlite3_column_int
sqlite3_user_data
sqlite3_result_error_nomem
sqlite3_status
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_int64
sqlite3_expanded_sql
sqlite3_profile
sqlite3_result_int
sqlite3_trace
sqlite3_value_type
sqlite3_snprintf
sqlite3_next_stmt
sqlite3_value_text16
sqlite3_value_bytes
sqlite3_value_blob
sqlite3_value_int

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
CreateEventW
ReleaseSemaphore
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
SetEvent
ReleaseMutex
ReleaseSRWLockShared
WaitForSingleObject
CreateMutexExW
CreateSemaphoreExW
AcquireSRWLockShared
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

GetExitCodeProcess
CreateProcessAsUserW
GetCurrentProcessId
SetThreadToken
GetCurrentThreadId
GetCurrentThread
OpenThreadToken
GetCurrentProcess
OpenProcessToken
CreateProcessW
TerminateProcess
ProcessIdToSessionId

api-ms-win-core-localization-l1-2-0

FormatMessageA
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
LoadLibraryExW
GetModuleHandleW
FreeLibrary
GetModuleHandleExW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventActivityIdControl
EventWriteTransfer
EventSetInformation

oleaut32

SysAllocStringLen
SysAllocString
SysFreeString
VariantClear
VariantInit

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsPreallocateStringBuffer
WindowsPromoteStringBuffer
WindowsDuplicateString
WindowsDeleteStringBuffer
WindowsGetStringRawBuffer
WindowsCompareStringOrdinal
WindowsGetStringLen
WindowsConcatString
WindowsCreateStringReference
WindowsDeleteString

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCreateKeyExW
RegCopyTreeW
RegOpenCurrentUser
RegDeleteValueW
RegDeleteKeyExW
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW
RegDeleteTreeW
RegGetValueW
RegQueryValueExW
RegSetValueExW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureStackBackTrace
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GlobalMemoryStatusEx
GetSystemTimeAsFileTime
GetTickCount64
GetSystemInfo
GetSystemDirectoryW
GetLocalTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-registry-l2-1-0

RegSaveKeyW
RegDeleteKeyW

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal
WideCharToMultiByte
CompareStringEx
MultiByteToWideChar

api-ms-win-security-base-l1-1-0

CreateWellKnownSid
FreeSid
GetAclInformation
GetLengthSid
IsValidSid
GetTokenInformation
AddAce
InitializeSecurityDescriptor
CopySid
GetSecurityDescriptorDacl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
SetSecurityDescriptorDacl
EqualSid

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCancelCall
CoCreateGuid
CoSetProxyBlanket
CoDisableCallCancellation
CoEnableCallCancellation
StringFromGUID2
IIDFromString
CoGetClassObject
CoTaskMemFree
CoCreateInstance

api-ms-win-core-file-l1-1-0

FindClose
FindFirstFileW
FindNextFileW
CreateDirectoryW
SetFileAttributesW
DeleteFileW
CreateFileW
GetFileSize
GetFileAttributesW
ReadFile
WriteFile
RemoveDirectoryW

ntdll

EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlEqualUnicodeString
RtlUpcaseUnicodeChar
NtQueryKey
NtQueryValueKey
NtEnumerateValueKey
NtSetValueKey
RtlWow64IsWowGuestMachineSupported
RtlDeriveCapabilitySidsFromName
RtlValidSid
RtlLengthSid
RtlFreeHeap
RtlIsMultiUsersInSessionSku
NtQueryInformationThread
NtQueryInformationFile
RtlNtStatusToDosErrorNoTeb
NtQueryInformationProcess
RtlAllocateHeap
RtlReleaseRelativeName
RtlIsMultiSessionSku
RtlNtStatusToDosError
RtlRunOnceComplete
RtlRunOnceBeginInitialize
RtlFindNextForwardRunClear
RtlNumberOfSetBits
RtlInitializeSRWLock
NtAdjustPrivilegesToken
RtlDosPathNameToNtPathName_U
NtDelayExecution
NtOpenThreadToken
NtQueryObject
RtlImpersonateSelf
NtDeviceIoControlFile
NtWaitForSingleObject
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
NtSetInformationThread
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
RtlPublishWnfStateData
NtSetInformationFile
NtOpenFile
NtSetInformationVirtualMemory
RtlConvertSidToUnicodeString
RtlFreeUnicodeString
NtQueryInformationToken
RtlGetDeviceFamilyInfoEnum
NtQuerySystemInformation
RtlCopySid
RtlDetermineDosPathNameType_U
RtlCompareUnicodeString
RtlEnumerateGenericTableWithoutSplayingAvl
RtlExpandEnvironmentStrings_U
RtlInitUnicodeString
RtlInsertElementGenericTableAvl
RtlFreeSid
RtlInitializeGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlDowncaseUnicodeString
RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlReportException
RtlAllocateAndInitializeSid
RtlInitUnicodeStringEx
RtlpEnsureBufferSize
RtlNtPathNameToDosPathName
RtlAddAce
NtClose
NtAccessCheck
NtQueryEaFile
NtCreateFile
RtlDosPathNameToNtPathName_U_WithStatus
NtFsControlFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-path-l1-1-0

PathCchSkipRoot
PathCchCombine
PathCchRemoveFileSpec
PathAllocCanonicalize
PathCchAppend
PathCchRemoveBackslash
PathAllocCombine

api-ms-win-shcore-thread-l1-1-0

SHCreateThreadWithHandle

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsPrefixW
PathFindExtensionW
PathFindFileNameW

api-ms-win-core-file-l1-2-2

FindFirstFileNameW
FindNextFileNameW

api-ms-win-core-file-l2-1-0

CopyFileExW
CreateHardLinkW
MoveFileExW
GetFileInformationByHandleEx

api-ms-win-security-cryptoapi-l1-1-0

CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW
CryptCreateHash

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-security-trustee-l1-1-0

BuildTrusteeWithSidW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

api-ms-win-service-winsvc-l1-1-0

ChangeServiceConfig2A
ControlService

api-ms-win-service-management-l1-1-0

CreateServiceW
OpenSCManagerW
CloseServiceHandle
DeleteService
OpenServiceW

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W
SetServiceObjectSecurity
NotifyServiceStatusChangeW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoTransformError
RoOriginateError

api-ms-win-core-wow64-l1-1-1

Wow64SetThreadDefaultGuestMachine
GetSystemWow64Directory2W

api-ms-win-core-com-private-l1-1-0

CoGetModuleArchitecture

rpcrt4

UuidCreate
UuidFromStringW
UuidToStringW
RpcStringFreeW

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-security-lsalookup-l1-1-0

LsaLookupOpenLocalPolicy
LsaLookupClose
LsaLookupFreeMemory
LsaLookupGetDomainInfo

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-windowserrorreporting-l1-1-1

WerRegisterCustomMetadata

combase

ord153

kernel32

GetWindowsDirectoryW
DeviceIoControl
GetFileAttributesExW
CreateSymbolicLinkW
SetFileInformationByHandle
GetTempFileNameW
FindFirstFileExW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
InitializeCriticalSectionAndSpinCount
FileTimeToSystemTime
GetModuleHandleExA
GetVersionExW
GlobalFree
GlobalAlloc
TlsAlloc
GetVolumeNameForVolumeMountPointW
TlsGetValue
TlsFree
TlsSetValue
GetFinalPathNameByHandleW
GetFileSizeEx
GetVolumePathNameW
CopyFileW
InitializeSRWLock

ole32

CreateStreamOnHGlobal
CoTaskMemRealloc
CoGetApartmentType
PropVariantClear

advapi32

RegGetKeySecurity
GetAce
GetSidSubAuthority
InitializeAcl
IsValidSecurityDescriptor
ImpersonateLoggedOnUser
RevertToSelf
IsWellKnownSid
GetSidSubAuthorityCount
DuplicateTokenEx
AddAccessAllowedAceEx
DeleteAce
AllocateAndInitializeSid
ImpersonateSelf
AdjustTokenPrivileges
TreeResetNamedSecurityInfoW
GetFileSecurityW
AccessCheck
GetSecurityInfo

shlwapi

ord12
PathFileExistsW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken

bindfltapi

BfRemoveMappingEx
BfSetupFilterEx

appxdeploymentclient

ord26

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

profapi

ord104

ntmarta

AccTreeResetNamedSecurityInfo

api-ms-win-eventing-tdh-l1-1-0

TdhGetEventMapInformation
TdhEnumerateProviderFieldInformation
TdhGetEventInformation

fltlib

FilterSendMessage
FilterConnectCommunicationPort

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

propsys

PSCreateMemoryPropertyStore
PropVariantToStringVectorAlloc

api-ms-win-shcore-registry-l1-1-0

SHSetValueW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-string-l2-1-0

CharLowerBuffW

Exports

Exports

CreateRegistryCompatibilityCollector
CreateRegistryCompatibilityCollectorForUserOrSystemRegister
CreateRegistryCompatibilityManager
LoadCategoryNameTable
LoadExtensionRegistrationTable
ShellRefresh

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGECMRC
Size: 4KB - Virtual size: 130B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 520KB - Virtual size: 516KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 276KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppXDeploymentExtensions.onecore.dll
.dll windows:10 windows x64 arch:x64

6b46dce4f42cc71b088646721d08cf11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppxDeploymentExtensions.OneCore.pdb

Imports

msvcp_win

?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
_Wcscoll
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$collate@G@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@G@std@@2V0locale@2@A
_Wcsxfrm
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?fail@ios_base@std@@QEBA_NXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?id@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@2V0locale@2@A
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?get@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEBA?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBG4@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?setf@ios_base@std@@QEAAHHH@Z
?_Xbad_alloc@std@@YAXXZ

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__ui64tow_s
_o__wcsicmp
_o__wcsnicmp
_o__wcstoui64
_o__wtoi
_o_ceilf
_o_free
memmove
_o_malloc
_o_memcpy_s
_o_realloc
_o_terminate
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcstok_s
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
wcsrchr
wcsstr
strchr
wcschr
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o____lc_codepage_func
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcscmp
memmove_s
strcmp
memset

shcore

ord131
SHSetValueW
IsOS

appxdeploymentserver

GetSessionIdsOwnedByUser
RequestPackageOperationImplementation
PackageRepositoryFree
PackageRepositoryAllocate

staterepository.core

sqlite3_result_error_nomem
sqlite3_user_data
sqlite3_bind_int64
sqlite3_create_function_v2
sqlite3_db_status
sqlite3_busy_timeout
sqlite3_result_error_code
sqlite3_result_int
sqlite3_value_type
sqlite3_value_text16
sqlite3_value_int
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_malloc
sqlite3_bind_blob
sqlite3_result_blob
sqlite3_free
sqlite3_column_int
sqlite3_db_filename
sqlite3_value_int64
sqlite3_errcode
sqlite3_result_text16
sqlite3_value_text
sqlite3_clear_bindings
sqlite3_prepare_v2
sqlite3_last_insert_rowid
sqlite3_total_changes
sqlite3_changes
sqlite3_wal_checkpoint_v2
sqlite3_wal_autocheckpoint
sqlite3_db_config
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_extended_errcode
sqlite3_column_int64
sqlite3_exec
sqlite3_column_text
sqlite3_open_v2
sqlite3_config
sqlite3_column_bytes
sqlite3_trace
sqlite3_bind_null
sqlite3_bind_int
sqlite3_close
sqlite3_profile
sqlite3_result_error16
sqlite3_column_text16
sqlite3_snprintf
sqlite3_column_blob
sqlite3_expanded_sql
sqlite3_column_type
sqlite3_stmt_busy
sqlite3_get_autocommit
sqlite3_next_stmt
sqlite3_result_int64
sqlite3_status
sqlite3_sql
sqlite3_step
sqlite3_bind_text16
sqlite3_reset
sqlite3_db_handle
sqlite3_log
sqlite3_finalize
sqlite3_errmsg

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseSRWLockExclusive
AcquireSRWLockShared
DeleteCriticalSection
WaitForSingleObject
InitializeCriticalSectionEx
ReleaseMutex
ReleaseSRWLockShared
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
CreateEventExW
CreateMutexExW
TryAcquireSRWLockExclusive
CreateSemaphoreExW
InitializeSRWLock

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThread
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
ProcessIdToSessionId
SetThreadToken
OpenThreadToken
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageW
LCMapStringEx
FormatMessageA

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExA

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation
EventWriteTransfer
EventActivityIdControl

oleaut32

SysAllocStringLen
VariantClear
SysAllocString
VariantInit
SysFreeString

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsCompareStringOrdinal
WindowsGetStringRawBuffer
WindowsCreateString
WindowsPromoteStringBuffer
WindowsCreateStringReference
WindowsDeleteStringBuffer
WindowsDeleteString
WindowsDuplicateString
WindowsGetStringLen
WindowsConcatString
WindowsPreallocateStringBuffer
WindowsStringHasEmbeddedNull

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegGetValueW
RegOpenKeyExW
RegCloseKey
RegDeleteTreeW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyExW
RegGetKeySecurity
RegSetKeySecurity
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegLoadAppKeyW
RegOpenCurrentUser
RegNotifyChangeKeyValue
RegEnumValueW

ntdll

RtlCopySid
RtlPublishWnfStateData
RtlConvertSidToUnicodeString
RtlGetDeviceFamilyInfoEnum
RtlGetDaclSecurityDescriptor
RtlExpandEnvironmentStrings_U
NtQuerySystemInformation
RtlIsStateSeparationEnabled
NtSetInformationThread
RtlFreeUnicodeString
RtlGetAce
RtlValidSid
RtlIsMultiUsersInSessionSku
NtQueryInformationThread
NtQueryInformationProcess
RtlAllocateAndInitializeSid
RtlCreateAcl
RtlAddProcessTrustLabelAce
RtlReleaseSRWLockShared
RtlCreateSecurityDescriptor
RtlSetSaclSecurityDescriptor
NtSetSecurityObject
RtlAcquireSRWLockShared
RtlIsMultiSessionSku
NtDeleteWnfStateName
NtMapViewOfSection
ZwClose
EtwEventRegister
EtwEventWrite
EtwEventUnregister
NtUnmapViewOfSection
ZwOpenFile
RtlFreeHeap
RtlReleaseSRWLockExclusive
NtQueryInformationFile
RtlDeriveCapabilitySidsFromName
RtlFreeSid
NtClose
RtlEqualUnicodeString
RtlUpcaseUnicodeChar
RtlLengthSid
ZwSetEaFile
NtCreateSection
RtlAllocateHeap
RtlWow64IsWowGuestMachineSupported
RtlNtStatusToDosErrorNoTeb
ZwFlushBuffersFileEx
RtlInitializeGenericTableAvl
RtlInitUnicodeString
RtlCompareUnicodeString
RtlLookupElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlExpandEnvironmentStrings
RtlAddAce
RtlDeleteElementGenericTableAvl
NtSetInformationVirtualMemory
NtAccessCheck
NtFsControlFile
NtCreateFile
RtlDosPathNameToNtPathName_U_WithStatus
RtlReportException
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlDowncaseUnicodeString
RtlDetermineDosPathNameType_U
NtCreateLowBoxToken
RtlAcquireSRWLockExclusive
NtQueryInformationToken

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW
GlobalMemoryStatusEx
GetSystemDirectoryW
GetWindowsDirectoryW
GetLocalTime
GetTickCount64
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList

api-ms-win-security-base-l1-1-0

CreatePrivateObjectSecurityEx
DestroyPrivateObjectSecurity
AddAce
InitializeAcl
GetSecurityDescriptorDacl
AddAccessAllowedAceEx
GetTokenInformation
SetSecurityDescriptorControl
ImpersonateLoggedOnUser
CopySid
CreateWellKnownSid
AdjustTokenPrivileges
GetSecurityDescriptorGroup
GetAce
ImpersonateSelf
GetAclInformation
IsWellKnownSid
GetSidSubAuthority
GetSidSubAuthorityCount
GetSecurityDescriptorOwner
FreeSid
GetLengthSid
EqualSid
AccessCheck
GetFileSecurityW
IsValidSid
RevertToSelf
AllocateAndInitializeSid
SetSecurityAccessMask
MakeSelfRelativeSD
SetSecurityDescriptorGroup
DeleteAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW
LookupPrivilegeValueW

api-ms-win-core-file-l1-1-0

CreateDirectoryW
CreateFileW
SetFileAttributesW
FindFirstFileExW
FindNextFileW
GetFileInformationByHandle
ReadFile
GetFileAttributesW
FindClose
GetFinalPathNameByHandleW
GetFileAttributesExW
GetFileSizeEx
SetFileInformationByHandle
DeleteFileW
FindFirstFileW
RemoveDirectoryW
WriteFile

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte
CompareStringW
CompareStringEx

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoTaskMemFree
CoSetProxyBlanket
CoTaskMemAlloc
IIDFromString
CoCreateInstance
CLSIDFromString
CoGetApartmentType
CoCreateGuid
CoWaitForMultipleHandles
StringFromGUID2
CoCreateFreeThreadedMarshaler
StringFromCLSID

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW
K32EnumProcesses

userenv

GetProfileType
ord212
ord213
ord218
ord210

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegEnumKeyW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-file-l2-1-0

MoveFileExW
CreateSymbolicLinkW
CopyFileExW
GetFileInformationByHandleEx
CreateHardLinkW

api-ms-win-core-sysinfo-l2-1-0

GetUserNameW

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateErrorW
RoOriginateError

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW

rpcrt4

RpcStringFreeW
NdrClientCall2
UuidFromStringW
I_RpcExceptionFilter
RpcBindingCreateW
UuidToStringW
RpcBindingBind
UuidCreate
RpcExceptionFilter
RpcBindingFree

profapi

ord103
ord107
ord114
ord104

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW
GetSecurityInfo
SetSecurityInfo
SetNamedSecurityInfoW
SetEntriesInAclW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabledForPackage2

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchRemoveFileSpec
PathCchAppend
PathAllocCombine
PathCchSkipRoot
PathCchRemoveBackslash
PathAllocCanonicalize

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW
PathIsFileSpecW
PathFindFileNameW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-com-private-l1-1-0

CoGetModuleArchitecture

api-ms-win-security-cryptoapi-l1-1-0

CryptAcquireContextW
CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptCreateHash

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-security-lsalookup-l1-1-0

LsaLookupGetDomainInfo
LsaLookupFreeMemory
LsaLookupClose
LsaLookupOpenLocalPolicy

api-ms-win-core-file-l1-2-0

GetTempPathW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-windowserrorreporting-l1-1-1

WerRegisterCustomMetadata

api-ms-win-core-processthreads-l1-1-3

GetProcessInformation

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

combase

ord153
ord154

mrmcorer

ResourceManagerQueueGetCurrentDepth
GetInternalReferenceBlobForManifestValue
ResourceManagerQueueGetMrtCachePathForPackage
ResourceManagerQueueReset

api-ms-win-net-isolation-l1-1-0

NetworkIsolationSetupAppContainerBinaries

api-ms-win-core-wow64-l1-1-1

GetSystemWow64Directory2W

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-eventing-tdh-l1-1-0

TdhGetEventInformation
TdhEnumerateProviderFieldInformation
TdhGetEventMapInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntmarta

AccTreeResetNamedSecurityInfo

api-ms-win-core-string-l2-1-0

CharLowerBuffW

Exports

Exports

LoadCategoryNameTable
LoadExtensionRegistrationTable
PackageRequiresCustomCapability
ShellRefresh

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 680KB - Virtual size: 676KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 276KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppXDeploymentServer.dll
.dll windows:10 windows x64 arch:x64

abf1ccba0aac142318228722540e10f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppxDeploymentServer.pdb

Imports

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

wcscmp
memset
wcsncmp
strcmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__stricmp
_o__ui64tow_s
_o__ultow_s
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
_o__wcstoui64
_o__wtoi
_o_abort
_o_calloc
_o_ceilf
memmove
_o_free
_o_iswspace
_o_malloc
_o_qsort
_o_realloc
_o_strncpy_s
_o_strtol
_o_terminate
_o_wcscpy_s
_o_wcsncat_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
wcsstr
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__get_errno
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
strchr
wcsrchr
wcschr
__std_terminate
__CxxFrameHandler4
_local_unwind
memcmp
memcpy

ntdll

RtlAddFunctionTable
NtCreateWnfStateName
RtlWaitForWnfMetaNotification
RtlDeleteCriticalSection
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlGetDeviceFamilyInfoEnum
NtQueryInformationThread
RtlIsMultiSessionSku
RtlReportExceptionEx
RtlCaptureContext
RtlDeleteSecurityObject
NtAccessCheck
RtlCreateAndSetSD
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlAllocateAndInitializeSid
RtlIsStateSeparationEnabled
RtlQueryPackageClaims
ZwFlushBuffersFileEx
RtlAllocateHeap
NtUnmapViewOfSection
NtMapViewOfSection
RtlDeleteFunctionTable
RtlValidSid
RtlFreeUnicodeString
RtlDowncaseUnicodeString
RtlDetermineDosPathNameType_U
RtlConvertSidToUnicodeString
RtlLengthSid
RtlNtStatusToDosErrorNoTeb
RtlNtStatusToDosError
RtlDosPathNameToNtPathName_U
NtDelayExecution
NtOpenThreadToken
NtQueryObject
RtlImpersonateSelf
NtAdjustPrivilegesToken
NtDeviceIoControlFile
NtWaitForSingleObject
NtQueryInformationToken
NtCreateSection
EtwEventUnregister
EtwEventWrite
EtwEventRegister
NtClose
RtlIsGenericTableEmptyAvl
NtDeleteWnfStateName
RtlIsMultiUsersInSessionSku
RtlFreeSid
RtlNumberGenericTableElementsAvl
RtlPublishWnfStateData
RtlFreeHeap
RtlLookupElementGenericTableAvl
NtSetInformationThread
RtlEnterCriticalSection
RtlQueryWnfStateData
RtlExpandEnvironmentStrings_U
RtlLeaveCriticalSection
RtlInitUnicodeString
RtlCompareUnicodeString
RtlEqualUnicodeString
RtlUpcaseUnicodeChar
RtlInitializeGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlDeleteElementGenericTableAvl
RtlEnumerateGenericTableAvl
RtlInsertElementGenericTableAvl
RtlWow64IsWowGuestMachineSupported
RtlCopySid
RtlReportException
NtQuerySystemInformation
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlInitializeCriticalSection
RtlExpandEnvironmentStrings
NtQuerySecurityObject
RtlGetAppContainerNamedObjectPath
NtOpenDirectoryObject
RtlDeriveCapabilitySidsFromName
NtGetCachedSigningLevel
NtCompareSigningLevels
RtlFindAceByType
RtlCreateSecurityDescriptor
RtlCreateAcl
NtQueryLicenseValue
NtSetSecurityObject
RtlAddProcessTrustLabelAce
RtlSetSaclSecurityDescriptor
RtlGetPersistedStateLocation
NtQueryInformationFile
ZwQuerySecurityAttributesToken
ZwQueryEaFile
NtSetCachedSigningLevel2
NtQueryInformationProcess
NtFsControlFile
NtSetInformationFile
RtlReleaseRelativeName
NtOpenFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
RtlNtPathNameToDosPathName
RtlpEnsureBufferSize
RtlAddAce
NtSetInformationVirtualMemory
RtlDosPathNameToNtPathName_U_WithStatus
NtCreateFile
RtlInitUnicodeStringEx
RtlEqualSid

combase

ord153
GetErrorInfo
SetErrorInfo
ord148

staterepository.core

sqlite3_vfs_find
sqlite3_status
sqlite3_expanded_sql
sqlite3_snprintf
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_profile
sqlite3_trace
sqlite3_config
sqlite3_enable_shared_cache
sqlite3_shutdown
sqlite3_initialize
sqlite3_step
sqlite3_reset
sqlite3_finalize
sqlite3_db_handle
sqlite3_sql
sqlite3_column_type
sqlite3_close
sqlite3_errmsg
sqlite3_column_blob
sqlite3_log
sqlite3_column_text16
sqlite3_column_bytes
sqlite3_open_v2
sqlite3_extended_errcode
sqlite3_file_control
sqlite3_column_text
sqlite3_extended_result_codes
sqlite3_column_int64
sqlite3_column_int
sqlite3_bind_blob
sqlite3_get_autocommit
sqlite3_db_config
sqlite3_bind_text16
sqlite3_wal_autocheckpoint
sqlite3_bind_int64
sqlite3_bind_int
sqlite3_bind_null
sqlite3_clear_bindings
sqlite3_exec
sqlite3_wal_checkpoint_v2
sqlite3_changes
sqlite3_stmt_busy
sqlite3_total_changes
sqlite3_last_insert_rowid
sqlite3_prepare_v2
sqlite3_value_text
sqlite3_result_text16
sqlite3_value_int64
sqlite3_free
sqlite3_db_filename
sqlite3_result_blob
sqlite3_malloc
sqlite3_busy_timeout
sqlite3_db_status
sqlite3_next_stmt
sqlite3_errcode
sqlite3_create_function_v2
sqlite3_user_data
sqlite3_result_error_nomem
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_int64
sqlite3_result_int
sqlite3_value_type
sqlite3_value_text16
sqlite3_value_bytes
sqlite3_value_blob
sqlite3_value_int

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleExA
FreeLibrary
GetModuleHandleExW
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
ReleaseSemaphore
OpenEventW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
SetWaitableTimer
ReleaseMutex
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CreateEventExW
CreateWaitableTimerExW
ReleaseSRWLockShared
SetEvent
CancelWaitableTimer
CreateMutexExW
ResetEvent
CreateSemaphoreExW
AcquireSRWLockShared
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
InitializeSRWLock

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
RaiseException
SetLastError

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolCleanupGroupMembers
SubmitThreadpoolWork
CloseThreadpool
CloseThreadpoolCleanupGroup
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
CreateThreadpool
CreateThreadpoolWork
SetThreadpoolThreadMaximum
CreateThreadpoolCleanupGroup
CloseThreadpoolWork
SetThreadpoolThreadMinimum
TrySubmitThreadpoolCallback

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
GetProcessTimes
SetThreadToken
OpenProcessToken
ResumeThread
TerminateProcess
ProcessIdToSessionId
OpenThreadToken
ExitProcess
GetCurrentProcessId
OpenThread
GetCurrentThreadId
GetExitCodeProcess
GetCurrentThread
UpdateProcThreadAttribute
GetCurrentProcess
CreateThread
InitializeProcThreadAttributeList
CreateProcessAsUserW
SetThreadPriority

api-ms-win-core-localization-l1-2-0

GetSystemPreferredUILanguages
LCMapStringEx
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemDirectoryW
GetVersionExW
GlobalMemoryStatusEx
GetWindowsDirectoryW
GetTickCount64
GetSystemInfo
GetSystemTimeAsFileTime

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar
CompareStringW

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep
WaitOnAddress
WakeByAddressAll

api-ms-win-core-file-l1-1-0

GetTempFileNameW
GetVolumeInformationW
SetFilePointerEx
FindFirstFileW
GetDriveTypeW
CreateFileW
GetVolumeInformationByHandleW
DeleteFileW
WriteFile
SetFileAttributesW
FindClose
GetFileAttributesW
CompareFileTime
RemoveDirectoryW
SetEndOfFile
CreateDirectoryW
GetFinalPathNameByHandleW
ReadFile
GetFileSizeEx
SetFilePointer
GetFileInformationByHandle
GetFileAttributesExW
FindFirstFileExW
FlushFileBuffers
GetVolumePathNameW
FindNextFileW
GetFileType
SetFileInformationByHandle
GetFileTime

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus
MoveFileW

api-ms-win-core-registry-l1-1-0

RegFlushKey
RegOpenUserClassesRoot
RegGetKeySecurity
RegEnumValueW
RegCloseKey
RegOpenCurrentUser
RegDeleteTreeW
RegEnumKeyExW
RegGetValueW
RegLoadAppKeyW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegSetKeySecurity
RegQueryValueExW
RegDeleteKeyExW

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
AddAccessAllowedAce
GetFileSecurityW
DuplicateTokenEx
ImpersonateLoggedOnUser
AccessCheck
EqualSid
DeleteAce
IsValidSid
ImpersonateSelf
CheckTokenMembership
DuplicateToken
CopySid
GetLengthSid
CreateWellKnownSid
GetTokenInformation
InitializeSecurityDescriptor
CreatePrivateObjectSecurityEx
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
FreeSid
GetSecurityDescriptorDacl
SetSecurityAccessMask
GetAce
GetSecurityDescriptorSacl
RevertToSelf
GetSidSubAuthority
GetSidSubAuthorityCount
IsWellKnownSid
AdjustTokenPrivileges
DestroyPrivateObjectSecurity
GetSecurityDescriptorOwner
SetSecurityDescriptorGroup
InitializeAcl
AddAccessAllowedAceEx
CreateRestrictedToken
SetSecurityDescriptorControl
MakeSelfRelativeSD
SetTokenInformation

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW
PathGetDriveNumberW
PathFileExistsW
PathStripPathW
PathFindNextComponentW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-io-l1-1-1

CancelSynchronousIo

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW
WaitForMultipleObjects

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-url-l1-1-0

UrlCreateFromPathW
PathCreateFromUrlW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabledForPackage

api-ms-win-core-path-l1-1-0

PathCchCombine
PathAllocCanonicalize
PathCchRemoveFileSpec
PathCchAppend
PathCchRemoveBackslash
PathCchSkipRoot
PathAllocCombine

api-ms-win-core-file-l2-1-0

MoveFileExW
CreateHardLinkW
CopyFileExW
CreateSymbolicLinkW
GetFileInformationByHandleEx

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree
VirtualProtect
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPopEntrySList
InterlockedFlushSList
InterlockedPushEntrySList

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask
GetNativeSystemInfo

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW
K32EnumProcesses

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW
GetTempPathW

api-ms-win-core-io-l1-1-0

CancelIoEx
GetOverlappedResult
DeviceIoControl

userenv

DeleteAppContainerProfile
DeriveAppContainerSidFromAppContainerName
ord218
ord210
CreateAppContainerProfile
ord213
GetProfileType
ord212

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-file-l1-2-2

FindNextFileNameW
FindFirstFileNameW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-wow64-l1-1-1

GetSystemWow64Directory2W
GetSystemWow64DirectoryW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

api-ms-win-core-windowserrorreporting-l1-1-1

WerRegisterCustomMetadata

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

mrmdeploy

GetOrCreatePriFileForAvailablePackages

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

AddToPurgeList
AppXApplyTrustLabelToFolder
AppXSetTrustLabelOnPackage
CancelDeploymentImplementation
CreateCanonicalPriFileImplementation
CreateWnfStateNameImplementation
DllCanUnloadNow
DllGetActivationFactory
EnumPackagesByUserSidInternal
EnumPackagesByUserSidNamePublisherInternal
EnumPackagesByUserSidPackageFamilyNameInternal
EnumProvisionedPackagesInternal
EnumVisibilityByPackageFullNameInternal
FindPackageByUserSidPackageFullNameInternal
GenerateBytecodeForPackageImplementation
GenerateBytecodeForPackagesImplementation
GetApplicability5Implementation
GetApplicabilityForPackageImplementation
GetApplicabilityImplementation
GetDeploymentError
GetPackageFilesDiskUsageImplementation
GetPackageFilesDiskUsagePerVolumeImplementation
GetSessionIdsOwnedByUser
IsPackageInstalledInternal
MergeSystemResourceFilesImplementation
PackageRepositoryAllocate
PackageRepositoryFree
PackageStatusOperationImplementation
PackageVolumeStatusImplementation
RDSRecoverRequestsImplementation
RepairResourcesPriAclsImplementation
RequestPackageOperationImplementation
ServerSideRequestContentGroupsImplementation
ServiceMain
SetDeploymentError
SetPackageStatusBlockingForUserImplementation
SetPackageStatusBlockingImplementation
StartDeploymentImplementation
SvchostPushServiceGlobals

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 276KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppointmentActivation.dll
.dll windows:10 windows x64 arch:x64

4f57dfeddd35a1e9a150167123a9c33e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppointmentActivation.pdb

Imports

msvcrt

_initterm
_amsg_exit
free
_wcsicmp
wcscspn
memcpy_s
wcsrchr
_XcptFilter
__C_specific_handler
malloc
_wcstoi64
_unlock
__dllonexit
_onexit
__CxxFrameHandler3
wcstoul
memmove
_wcstoui64
_vsnwprintf
wcsstr
wcsncmp
_purecall
_vsnwprintf_s
_callnewh
_vscwprintf
_lock
memcpy
memset

api-ms-win-appmodel-runtime-l1-1-1

ParseApplicationUserModelId

rpcrt4

NdrOleFree
NdrOleAllocate
NdrDllCanUnloadNow
NdrDllGetClassObject

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserSize
HSTRING_UserUnmarshal
HSTRING_UserFree64
HSTRING_UserMarshal64
WindowsStringHasEmbeddedNull
HSTRING_UserUnmarshal64
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsSubstringWithSpecifiedLength
HSTRING_UserMarshal
WindowsDuplicateString
HSTRING_UserFree
WindowsIsStringEmpty
WindowsCreateString
WindowsCreateStringReference
HSTRING_UserSize64

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseSRWLockShared
CreateEventExW
EnterCriticalSection
LeaveCriticalSection
ReleaseMutex
InitializeCriticalSectionEx
DeleteCriticalSection
AcquireSRWLockShared
CreateSemaphoreExW
WaitForSingleObject
ReleaseSemaphore
CreateMutexExW
InitializeSRWLock
SetEvent
TryAcquireSRWLockExclusive
OpenSemaphoreW
WaitForSingleObjectEx

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExA
FreeLibrary
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
LoadLibraryExW
DisableThreadLibraryCalls
GetModuleHandleExW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoWaitForMultipleObjects
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitializeEx

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-shcore-thread-l1-1-0

SHGetThreadRef

api-ms-win-core-url-l1-1-0

UrlUnescapeW
UrlEscapeW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AwaitAppointmentActivation
DeserializeActivationArgs
DeserializeAppointment
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
GetAddAppointmentArgument
GetCalendarChooserArgument
GetLegacyAppointmentDetailsArgumentString
GetProxyDllInfo
GetRemoveAppointmentArgument
GetReplaceAppointmentArgument
GetWindowIdOfHost
ReleaseActivationArgs
SerializeAppointmentIdsResult
SerializeCalendarIdResult
ShowAddAppointment
ShowAddAppointmentAsync
ShowAppointmentDetails
ShowCalendarChooser
ShowCalendarChooserAsync
ShowRemoveAppointment
ShowRemoveAppointmentAsync
ShowReplaceAppointment
ShowReplaceAppointmentAsync
ShowTimeFrame

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppointmentApis.dll
.dll windows:10 windows x64 arch:x64

d8f3e49e3723a9815091a15951718c71

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppointmentApis.pdb

Imports

msvcrt

memcmp
__C_specific_handler
memmove
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
_errno
_initterm
_amsg_exit
_XcptFilter
_callnewh
wcstoul
_wcsicmp
_vscwprintf
_vsnwprintf_s
memmove_s
realloc
_purecall
wcsncpy_s
malloc
free
memcpy_s
_vsnwprintf
memcpy
memset

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
FindResourceExW
GetModuleFileNameW
GetModuleHandleExW
LoadLibraryExW
GetProcAddress
DisableThreadLibraryCalls
LoadResource
SizeofResource
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
ReleaseSemaphore
EnterCriticalSection
ReleaseMutex
CreateEventW
CreateSemaphoreExW
LeaveCriticalSection
InitializeSRWLock
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitializeCriticalSection
CreateEventExW
SetEvent
WaitForSingleObject
DeleteCriticalSection
AcquireSRWLockShared
ReleaseSRWLockExclusive
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventActivityIdControl
EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
OpenThreadToken
GetCurrentProcess
TerminateProcess
GetCurrentThread
GetCurrentThreadId
SetThreadToken
OpenProcessToken

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-threadpool-l1-2-0

FreeLibraryWhenCallbackReturns
CreateThreadpoolWait
SubmitThreadpoolWork
CloseThreadpoolWork
CloseThreadpoolWait
CreateThreadpoolWork
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetTickCount64
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

ntdll

RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
OpenSCManagerW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

userdataplatformhelperutil

StartAndWaitForServiceForUser
GetUserTokenFromContext
GetUserContextFromHandle
RunServicesInProc
GenerateUserModeServiceName
IsCommsSystemService

appointmentactivation

ShowAddAppointment
AwaitAppointmentActivation
ShowAddAppointmentAsync
GetWindowIdOfHost
ShowReplaceAppointment
ShowReplaceAppointmentAsync
ShowRemoveAppointment
ShowRemoveAppointmentAsync
ShowCalendarChooserAsync
ShowCalendarChooser
ShowTimeFrame
ShowAppointmentDetails

systemeventsbrokerclient

SebDeleteEvent
SebCreateCalendarNotificationEvent

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CreatePropertiesFromRecurrencePattern
CreateRecurrencePatternFromProperties
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 604KB - Virtual size: 601KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppxAllUserStore.dll
.dll windows:10 windows x64 arch:x64

a1348c8ef0d55c8673b578a6c2e76d12

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:9f:69:48:15:9f:64:70:cc:dc:ec:cb:02:82:fb:09:fc:3d:dd:48:d2:eb:81:7e:13:fa:f4:94:74:52:0e:93
Signer

Actual PE Digest

13:9f:69:48:15:9f:64:70:cc:dc:ec:cb:02:82:fb:09:fc:3d:dd:48:d2:eb:81:7e:13:fa:f4:94:74:52:0e:93

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppxAllUserStore.pdb

Imports

msvcrt

_CxxThrowException
memcpy
memmove
??1type_info@@UEAA@XZ
_vsnprintf_s
memset
_onexit
__dllonexit
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
_unlock
_lock
__C_specific_handler
??1exception@@UEAA@XZ
__CxxFrameHandler3
_initterm
malloc
free
_wcsnicmp
_amsg_exit
_XcptFilter
memcpy_s
wcschr
memcmp
wcstok_s
wcsstr
_wcslwr
_wcsicmp
memmove_s
_vsnwprintf_s
?terminate@@YAXXZ
wcscmp

ntdll

RtlAddAce
RtlAllocateAndInitializeSid
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlNtStatusToDosErrorNoTeb
RtlDowncaseUnicodeString
RtlValidSid
RtlFreeUnicodeString
RtlConvertSidToUnicodeString
RtlAcquireSRWLockExclusive
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
NtQuerySystemInformation
RtlReportException
RtlFreeHeap
RtlReAllocateHeap
RtlAllocateHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlLookupElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlIsGenericTableEmptyAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlInitUnicodeString
RtlCompareUnicodeString
RtlSystemTimeToLocalTime
NtQuerySystemTime
RtlFreeSid
RtlReleaseSRWLockExclusive

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleExA
GetModuleHandleW
GetProcAddress
GetModuleFileNameA
FreeLibrary
GetModuleHandleExW
LoadLibraryExA
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
AcquireSRWLockShared
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
AcquireSRWLockExclusive
CreateMutexExW
OpenSemaphoreW
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
ReleaseSRWLockShared
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
RaiseException
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventActivityIdControl
EventWriteTransfer
EventUnregister

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetWindowsDirectoryW
GetTickCount64
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegFlushKey
RegDeleteTreeW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegGetValueW
RegCopyTreeW
RegDeleteValueW
RegDeleteKeyExW
RegCreateKeyExW
RegUnLoadKeyW
RegLoadAppKeyW

api-ms-win-core-file-l1-1-0

DeleteFileW
CreateDirectoryW
GetFileAttributesW
SetFileAttributesW
FindClose
WriteFile
FindFirstFileW
CreateFileW
RemoveDirectoryW
FindNextFileW

api-ms-win-security-base-l1-1-0

CheckTokenMembership
AdjustTokenPrivileges
ImpersonateSelf
GetSidSubAuthorityCount
GetSidSubAuthority
RevertToSelf
ImpersonateLoggedOnUser
GetLengthSid
CopySid
GetTokenInformation
GetAce
CreateWellKnownSid

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-core-file-l2-1-0

CreateHardLinkW
MoveFileExW

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW
CopyFileW

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoActivateInstance

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AddDeprovisionedPackageMarking
AddDeprovisionedSharedPackageContainerMarking
AddDownlevelInstalledPackageToRegistryStore
AddEndOfLifePackageMarking
AddEndOfLifePackageMarkingForAllUsers
AddPackageToPreinstalledAppsVolume
AddPackageToRegistryStore
AddSharedPackageContainerToRegistryStore
AddStagedPackageToPreinstalledAppsVolume
AddStagedPackageToRegistryStore
AddUpgradePackageAndStubPreferenceToPreinstalledVolume
AddUpgradePackageToPreinstalledVolume
AddUpgradePackageToRegistryStore
ApplyFrameworkPackageRootFolderACLs
ApplyPackageRootFolderACLs
ApplySharedFileACLs
CheckPackagePreinstallPolicy
CleanupPreinstalledPackageForRemoval
CommitTakeOwnershipSession
DeleteAllContainersFromContainerArray
DeleteAllPackagesFromMainPackageArray
DeleteAllPackagesFromPackageArray
DeletePackageInfo
DeleteUpdatedPackageKey
DeleteUserRegistryKeyFromAllUserStore
DidAppSurviveOSUpgradeForUser
DoesPerUserStoreExist
FamilyMonikerStringToSid
FindExistingVersionInRegistryStore
FindFullNameForFamilyNameInAppxAllUserStore
FixPreInstalledAppxAllUserStoreIntegrity
GetAllInboxPackages
GetAllNonInboxPackagesFromRegistryStore
GetAllPackagesToBeInstalledForSetupPhase
GetAllPackagesToBeInstalledForUser
GetAllStagedPackagesForMainPackageFromRegistryStore
GetAllUpdatedPackages
GetAppxProvisionFactory
GetFoldersToKeepForPBR
GetOptionalPackageInfoForPackage
GetPackageOverrideSetupPhase
GetPackageSetupPhase
GetPackagesThatMayNeedPreinstallPackageStatusMarked
GetProvisionedSharedPackageContainersFromRegistryStore
GetRegionExcludedPreinstalledPackages
GetStatusOfPackageFamilyForUser
GetUpgradePackageVolumeKey
HasCentennial
HasStagedPackages
IsCleanupTaskComplete
IsEnterprisePolicyEnabled
IsInboxPackage
IsInboxPackageAndPath
IsNonInboxAllUserPackage
IsNonInboxAllUserPackageSpecificPackage
IsPackageEndOfLife
IsPackageFamilyInUninstallBlocklist
IsPackageFamilyInUninstallBlocklistByPackageFullName
IsPackageFamilyOnPreInstalledDeletedKey
IsPackageInDownlevelInstalledKey
IsPackageInEndOfLifeKey
IsPackageInStagedKey
IsPackageInUpgradeKey
IsPackageInUsersUpgradeKey
IsPackageOnPreinstalledVolume
IsSystemInAuditBoot
MarkPackageAsRequiringAllUserStoreRefresh
MarkStatusOfMainPackageForUser
MoveEndOfLifePackageToDeletedStoreExternal
PackageFamilyNameFromId
PackageIdBasicFromFullName
PackageSidToPackageCapabilitySid
RemoveDeprovisionedPackageMarking
RemoveDeprovisionedSharedPackageContainerMarking
RemoveDownlevelInstalledPackagesFromRegistryStore
RemoveEndOfLifePackageMarkingForAllUsers
RemoveInboxInstalledStatusOfPackageForUser
RemovePackageFromRegistryStore
RemovePackageFromRegistryStoreConfigIfExists
RemoveSharedPackageContainerFromRegistryStore
RemoveStagedPackageFromRegistryStore
RemoveStatusOfMainPackageForAllUsers
RemoveUpgradePackagesFromRegistryStore
RestoreDownlevelAllUserStore
RollbackTakeOwnershipSession
SetAllUserStorePathForTest
SetPackageOverrideSetupPhase
SetPreinstalledRegionPolicyChecked
SetTargetOsVersionOnPreinstalledVolume
TakeOwnershipOnFolder
TryGetDownlevelInstalledPackageFullName
TryGetEndOfLifePackageFullName
UpdateFrameworkPackageInRegistryStore
UpdatePackageInRegistryStore
UpdatePackageSetupPhase
UpdateUpgradePackageInRegistryStore

Sections

.text
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppxApplicabilityEngine.dll
.dll windows:10 windows x64 arch:x64

f01860ecd0611fab95a06844f3602c75

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9e:e3:08:f2:8a:ff:7b:de:f9:fa:87:d4:06:23:c1:a9:88:d4:5f:d2:0d:df:ae:33:e0:09:dd:9e:2e:49:60:87
Signer

Actual PE Digest

9e:e3:08:f2:8a:ff:7b:de:f9:fa:87:d4:06:23:c1:a9:88:d4:5f:d2:0d:df:ae:33:e0:09:dd:9e:2e:49:60:87

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppxApplicabilityEngine.pdb

Imports

msvcrt

___mb_cur_max_func
isspace
_errno
__crtLCMapStringW
tolower
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
memchr
___lc_codepage_func
malloc
_CxxThrowException
setlocale
__crtCompareStringW
___lc_collate_cp_func
__pctype_func
memcpy
calloc
realloc
??0bad_cast@@QEAA@PEBD@Z
_wtoi
__CxxFrameHandler3
??_V@YAXPEAX@Z
towlower
swscanf_s
??8type_info@@QEBAHAEBV0@@Z
bsearch
___lc_handle_func
_purecall
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
free
abort
_XcptFilter
_amsg_exit
_initterm
__C_specific_handler
_lock
_unlock
strchr
wctob
_swprintf_c_l
??0exception@@QEAA@AEBQEBD@Z
__dllonexit
memmove
??1type_info@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_vsnprintf_s
?terminate@@YAXXZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
wcscpy_s
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
_onexit
memset

api-ms-win-core-libraryloader-l1-1-0

LoadLibraryExW
GetModuleHandleExW
GetModuleHandleW
LoadLibraryExA
GetModuleFileNameA
GetProcAddress
FreeLibrary

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
InitializeCriticalSection
CreateMutexExW
OpenSemaphoreW
ReleaseSRWLockExclusive
DeleteCriticalSection
LeaveCriticalSection
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
OpenProcessToken
GetCurrentThreadId
OpenThreadToken
GetCurrentThread

api-ms-win-core-localization-l1-2-0

GetUserPreferredUILanguages
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
RegEnumValueW
RegSetValueExW
RegQueryInfoKeyW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegGetValueW

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc

api-ms-win-security-base-l1-1-0

CopySid
GetTokenInformation
EqualSid
IsWellKnownSid
GetLengthSid
IsValidSid

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemInfo
GetSystemTimeAsFileTime

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal
GetStringTypeW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-localization-obsolete-l1-2-0

EnumUILanguagesW

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

Exports

Exports

AddDirectXFeatureLevelToContext
AddUserLanguagesToContext
CreateApplicabilityContext
CreateApplicabilityContextFromString
FreeApplicabilityContext
FreeApplicablePackages
GetApplicabilityContext
GetApplicablePackages
GetApplicablePackagesForUser
GetApplicablePackagesForUserWithAppChosenResources
GetApplicablePackagesWithAppChosenResources

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppxPackaging.dll
.dll windows:10 windows x64 arch:x64

4360d732d900100006eed74214588fdc

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:1d:1f:ec:24:8d:22:bb:9a:ad:60:4d:e6:46:c1:2f:a4:0f:b5:38:a5:13:66:0e:a4:22:44:89:24:ad:e6:37
Signer

Actual PE Digest

2f:1d:1f:ec:24:8d:22:bb:9a:ad:60:4d:e6:46:c1:2f:a4:0f:b5:38:a5:13:66:0e:a4:22:44:89:24:ad:e6:37

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppxPackaging.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__strnicmp
memmove
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
_o_free
_o_malloc
_o_qsort
_o_towlower
_o_wcscpy_s
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
__std_terminate
wcschr
wcsrchr
_o__callnewh
wcsstr
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcscmp
strcmp
memset
wcsncmp

api-ms-win-core-libraryloader-l1-1-0

GetProcAddress
LoadResource
DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleHandleW
FindStringOrdinal
LoadLibraryExA
LockResource
SizeofResource
GetModuleFileNameA
LoadLibraryExW
FreeLibrary

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister
EventActivityIdControl

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThread
OpenThreadToken
TlsGetValue
TlsAlloc
GetCurrentThreadId
GetCurrentProcessId
CreateProcessW
TlsSetValue
GetExitCodeProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseSRWLockShared
InitializeCriticalSectionEx
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
RaiseException
GetLastError

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetVersionExW
GetSystemTimeAsFileTime
GetLocalTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlConvertSidToUnicodeString
RtlNtStatusToDosError
RtlSetBits
RtlClearAllBits
RtlInitializeBitMap
NtQuerySystemInformation
RtlReportException
RtlDowncaseUnicodeString
RtlAllocateAndInitializeSid
RtlFreeUnicodeString
RtlNumberGenericTableElementsAvl
RtlSetLastWin32Error
RtlLookupElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlCompareUnicodeString
RtlInitUnicodeString
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlFreeSid
RtlIsGenericTableEmptyAvl

opcservices

ord4
ord7
ord8
ord11
ord10
ord12
ord15
ord16
ord9

urlmon

CreateUri

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW
CompareStringEx
WideCharToMultiByte

api-ms-win-security-base-l1-1-0

RevertToSelf
ImpersonateLoggedOnUser
GetSidSubAuthority
GetSidSubAuthorityCount

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateInstance
CLSIDFromString
StringFromGUID2
CoCreateGuid
CreateStreamOnHGlobal
CoTaskMemFree
CoInitializeEx
CoUninitialize

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

api-ms-win-core-file-l1-1-0

GetFullPathNameW
CreateDirectoryW
GetFileAttributesW
CreateFileW
DeleteFileA
DeleteFileW

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-kernel32-legacy-l1-1-0

FileTimeToDosDateTime
FindResourceW
DosDateTimeToFileTime

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolCleanupGroup
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

oleaut32

CreateErrorInfo
SetErrorInfo
SysAllocStringLen
VariantInit
SysStringLen
GetErrorInfo
SysAllocString
SysFreeString

xmllite

CreateXmlReader

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-core-string-l2-1-0

CharUpperBuffW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 904KB - Virtual size: 900KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 796KB - Virtual size: 795KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppxSip.dll
.dll regsvr32 windows:10 windows x64 arch:x64

e3adbc205af4b67c388dbdfd2f9be43f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppxSip.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_dll
_o__strnicmp
memmove
_o__wcsicmp
_o_free
_o_malloc
_o_qsort
_o_wcscpy_s
__C_specific_handler
__CxxFrameHandler3
_o__configure_narrow_argv
_CxxThrowException
wcschr
_o___stdio_common_vswprintf
wcsstr
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o__cexit
_o__callnewh
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o__crt_atexit
_o___std_exception_copy
__CxxFrameHandler4
__std_terminate
wcsrchr
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
strcmp
wcscmp
wcsncmp

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionEx

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-libraryloader-l1-1-0

LoadResource
FindStringOrdinal
GetModuleHandleExW
GetModuleHandleW
LockResource
SizeofResource
LoadLibraryExA
GetProcAddress
FreeLibrary
GetModuleFileNameA
LoadLibraryExW

ntdll

RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlEnumerateGenericTableWithoutSplayingAvl
RtlLookupElementGenericTableAvl
RtlInitUnicodeString
RtlNumberGenericTableElementsAvl
RtlReportException
NtQuerySystemInformation
RtlInitializeGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlCompareUnicodeString
RtlSetLastWin32Error
RtlNtStatusToDosError
RtlReleaseSRWLockExclusive
RtlInsertElementGenericTableAvl
RtlAcquireSRWLockExclusive
RtlEnterCriticalSection

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
CompareStringOrdinal
CompareStringEx

api-ms-win-security-base-l1-1-0

RevertToSelf
ImpersonateLoggedOnUser

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateFileW
DeleteFileW
DeleteFileA
GetFullPathNameW

api-ms-win-core-url-l1-1-0

PathIsURLW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-kernel32-legacy-l1-1-0

DosDateTimeToFileTime
FileTimeToDosDateTime
FindResourceW
CopyFileW

api-ms-win-core-file-l2-1-0

ReplaceFileW
MoveFileExW

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

Exports

Exports

AppxBundleSipCreateIndirectData
AppxBundleSipGetSignedDataMsg
AppxBundleSipIsFileSupportedName
AppxBundleSipPutSignedDataMsg
AppxBundleSipRemoveSignedDataMsg
AppxBundleSipVerifyIndirectData
AppxSipCreateIndirectData
AppxSipGetSignedDataMsg
AppxSipIsFileSupportedName
AppxSipPutSignedDataMsg
AppxSipRemoveSignedDataMsg
AppxSipVerifyIndirectData
DllCanUnloadNow
DllRegisterServer
DllUnregisterServer
EappxBundleSipCreateIndirectData
EappxBundleSipGetSignedDataMsg
EappxBundleSipIsFileSupportedName
EappxBundleSipPutSignedDataMsg
EappxBundleSipRemoveSignedDataMsg
EappxBundleSipVerifyIndirectData
EappxSipCreateIndirectData
EappxSipGetSignedDataMsg
EappxSipIsFileSupportedName
EappxSipPutSignedDataMsg
EappxSipRemoveSignedDataMsg
EappxSipVerifyIndirectData
P7xSipCreateIndirectData
P7xSipGetSignedDataMsg
P7xSipIsFileSupportedName
P7xSipPutSignedDataMsg
P7xSipRemoveSignedDataMsg
P7xSipVerifyIndirectData

Sections

.text
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppxStreamingDataSourcePS.dll
.dll windows:10 windows x64 arch:x64

c10ddfdb5d535fb183a8bc910be3b7a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppxStreamingDataSourcePS.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___std_type_info_destroy_list
_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
__C_specific_handler

api-ms-win-crt-string-l1-1-0

memset

rpcrt4

NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleFree
NdrOleAllocate

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppxSysprep.dll
.dll windows:10 windows x64 arch:x64

b6e274bd2afd675df92bb11f92cb3261

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppxSysprep.pdb

Imports

msvcrt

??1type_info@@UEAA@XZ
_CxxThrowException
memcmp
_unlock
__dllonexit
_onexit
wcsstr
_lock
memcpy
_vsnprintf_s
_wcsnicmp
__C_specific_handler
__CxxFrameHandler3
_initterm
_vsnwprintf_s
?terminate@@YAXXZ
malloc
??0exception@@QEAA@XZ
free
_amsg_exit
_XcptFilter
memmove_s
memcpy_s
wcsncmp
??0exception@@QEAA@AEBV0@@Z
memmove
??1exception@@UEAA@XZ
memset

ntdll

RtlDeleteCriticalSection
RtlLookupElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlInsertElementGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlReleaseSRWLockShared
RtlCompareUnicodeString
RtlInitUnicodeString
RtlNtStatusToDosErrorNoTeb
NtQuerySystemInformation
RtlReportException
RtlFreeHeap
RtlReAllocateHeap
RtlAllocateHeap
RtlAcquireSRWLockShared
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

wdscore

CurrentIP
WdsSetupLogMessageW
ConstructPartialMsgVW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegEnumValueW
RegDeleteTreeW
RegCopyTreeW
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey

api-ms-win-core-file-l1-1-0

FindFirstFileW
RemoveDirectoryW
CreateDirectoryW
FindNextFileW
FindClose
DeleteFileW
CreateFileW
GetFileAttributesW
SetFileAttributesW
GetVolumePathNameW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetExitCodeThread
CreateThread
OpenThreadToken
GetCurrentThread
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-1-0

CreateMutexExW
CreateSemaphoreExW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
AcquireSRWLockShared
CreateEventExW
WaitForSingleObject
AcquireSRWLockExclusive
WaitForSingleObjectEx
ReleaseSRWLockExclusive
SleepEx
OpenSemaphoreW
ReleaseSRWLockShared
SetEvent
ReleaseMutex
ReleaseSemaphore

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoActivateInstance
RoUninitialize

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateString
WindowsCreateStringReference
WindowsDeleteString

api-ms-win-core-com-l1-1-0

CoTaskMemFree

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
GetModuleHandleW
LoadLibraryExW

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
GetTokenInformation
CopySid
ImpersonateSelf
GetLengthSid
RevertToSelf
IsWellKnownSid
ImpersonateLoggedOnUser

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemWindowsDirectoryW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW
QueryServiceStatusEx

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
OpenServiceW

api-ms-win-service-winsvc-l1-1-0

ControlService

Exports

Exports

AppxSysprepSpecializeOffline
AppxSysprepSpecializeOnline
SysprepGeneralize
SysprepGeneralizeValidate

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Apx01000.dll
.dll windows:10 windows x64 arch:x64

a46846f1f99080b2b6539e1352892899

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Apx01000.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsnicmp
_o_free
_o_malloc
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleHandleExW
GetProcAddress

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ResetEvent
ReleaseSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CreateEventW
ReleaseSRWLockShared
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
SetEvent
ReleaseSemaphore
EnterCriticalSection
CreateEventExW
AcquireSRWLockShared
CreateSemaphoreExW
ReleaseMutex
CreateMutexExW
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
CreateThread
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage

api-ms-win-devices-config-l1-1-1

CM_Register_Notification
CM_Locate_DevNodeW
CM_Unregister_Notification
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW

rpcrt4

UuidCreate

api-ms-win-core-io-l1-1-0

CancelIoEx
DeviceIoControl
GetOverlappedResult

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-devices-swdevice-l1-1-0

SwDeviceClose
SwDeviceCreate

api-ms-win-devices-swdevice-l1-1-1

SwDeviceSetLifetime

api-ms-win-core-com-l1-1-0

StringFromGUID2

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCompareMemory

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-file-l1-1-0

CreateFileW

Exports

Exports

imp_ApxBindClient
imp_ApxCircuitAddElements
imp_ApxCircuitAddPins
imp_ApxCircuitCreate
imp_ApxCircuitFactoryAddCircuit
imp_ApxCircuitFactoryCreate
imp_ApxCircuitFactoryRemoveCircuit
imp_ApxCircuitInitAllocate
imp_ApxCircuitInitAssignCategories
imp_ApxCircuitInitAssignFriendlyName
imp_ApxCircuitInitAssignName
imp_ApxCircuitInitAssignProperties
imp_ApxCircuitInitFree
imp_ApxCircuitInitSetCallbacks
imp_ApxCircuitInitSetCircuitType
imp_ApxCircuitInitSetComponentId
imp_ApxDataFormatCreate
imp_ApxDataFormatGetAverageBytesPerSec
imp_ApxDataFormatGetBitsPerSample
imp_ApxDataFormatGetBlockAlign
imp_ApxDataFormatGetChannelMask
imp_ApxDataFormatGetChannelsCount
imp_ApxDataFormatGetEncodedAverageBytesPerSec
imp_ApxDataFormatGetEncodedChannelCount
imp_ApxDataFormatGetEncodedSamplesPerSec
imp_ApxDataFormatGetKsDataFormat
imp_ApxDataFormatGetMajorFormat
imp_ApxDataFormatGetSampleRate
imp_ApxDataFormatGetSampleSize
imp_ApxDataFormatGetSamplesPerBlock
imp_ApxDataFormatGetSpecifier
imp_ApxDataFormatGetSubFormat
imp_ApxDataFormatGetValidBitsPerSample
imp_ApxDataFormatGetWaveFormatEx
imp_ApxDataFormatGetWaveFormatExtensible
imp_ApxDataFormatGetWaveFormatExtensibleIec61937
imp_ApxDataFormatIsEqual
imp_ApxDataFormatListAddDataFormat
imp_ApxDataFormatListAssignDefaultDataFormat
imp_ApxDataFormatListBeginIteration
imp_ApxDataFormatListCreate
imp_ApxDataFormatListEndIteration
imp_ApxDataFormatListRemoveDataFormat
imp_ApxDataFormatListRetrieveDefaultDataFormat
imp_ApxDataFormatListRetrieveNextFormat
imp_ApxDeviceCreate
imp_ApxDeviceInitAllocate
imp_ApxDeviceInitAssignFriendlyName
imp_ApxDeviceInitAssignInstanceId
imp_ApxDeviceInitAssignParentInstance
imp_ApxDeviceInitFree
imp_ApxDeviceInitSetContainerId
imp_ApxDeviceInitSetControlInterfaceId
imp_ApxDeviceInitSetPresenceNotForDevice
imp_ApxDeviceInitSetProductId
imp_ApxDeviceInitSetProductType
imp_ApxJackChangeStateNotification
imp_ApxJackCreate
imp_ApxMuteChangeStateNotification
imp_ApxMuteCreate
imp_ApxObjectBagAddBlob
imp_ApxObjectBagAddGuid
imp_ApxObjectBagAddI1
imp_ApxObjectBagAddI2
imp_ApxObjectBagAddI4
imp_ApxObjectBagAddI8
imp_ApxObjectBagAddMultiString
imp_ApxObjectBagAddSizeT
imp_ApxObjectBagAddString
imp_ApxObjectBagAddUI1
imp_ApxObjectBagAddUI2
imp_ApxObjectBagAddUI4
imp_ApxObjectBagAddUI8
imp_ApxObjectBagRetrieveBlob
imp_ApxObjectBagRetrieveGuid
imp_ApxObjectBagRetrieveI1
imp_ApxObjectBagRetrieveI2
imp_ApxObjectBagRetrieveI4
imp_ApxObjectBagRetrieveI8
imp_ApxObjectBagRetrieveMultiString
imp_ApxObjectBagRetrieveSizeT
imp_ApxObjectBagRetrieveString
imp_ApxObjectBagRetrieveUI1
imp_ApxObjectBagRetrieveUI2
imp_ApxObjectBagRetrieveUI4
imp_ApxObjectBagRetrieveUI8
imp_ApxObjectDelete
imp_ApxObjectDereferenceActual
imp_ApxObjectReferenceActual
imp_ApxPinAddJacks
imp_ApxPinAssignModeDataFormatList
imp_ApxPinCreate
imp_ApxPinNotifyDataFormatChange
imp_ApxPinRetrieveModeDataFormatList
imp_ApxStreamCreate
imp_ApxStreamInitSetCallbacks
imp_ApxUnbindClient
imp_ApxVolumeChangeLevelNotification
imp_ApxVolumeCreate

Sections

.text
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AssignedAccessRuntime.dll
.dll windows:10 windows x64 arch:x64

992f42a5bd0c8bd94efb8a5c29e3a575

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AssignedAccessRuntime.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__callnewh
_o__ui64tow_s
_o_free
_o_malloc
__C_specific_handler
_o__crt_atexit
_o__configure_narrow_argv
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__cexit
__CxxFrameHandler3
_CxxThrowException
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
memmove
__std_terminate
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleHandleExW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
CreateSemaphoreExW
ReleaseSemaphore
WaitForSingleObject
WaitForSingleObjectEx
ReleaseMutex
ReleaseSRWLockExclusive
AcquireSRWLockShared
CreateMutexExW
AcquireSRWLockExclusive
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateStringReference

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoGetCallContext

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegGetValueW
RegOpenKeyExW

rpcrt4

I_RpcBindingInqLocalClientPID

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-appmodel-runtime-l1-1-1

GetPackageFullNameFromToken

api-ms-win-appmodel-runtime-internal-l1-1-3

CouldMultiUserAppsBehaviorBePossibleForPackage

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFullName

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AudioEndpointBuilder.dll
.dll windows:10 windows x64 arch:x64

84e0b0e51f9d86edce3b85ffb206d399

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AudioEndpointBuilder.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ

api-ms-win-crt-string-l1-1-0

memmove_s
wcsncmp
wcsnlen
memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wtoi
_o_calloc
_o_free
_o_malloc
_o_terminate
_o_towlower
_o_wcsncpy_s
_o_wcstoul
_o_wmemcpy_s
__current_exception
__current_exception_context
__CxxFrameHandler3
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
__C_specific_handler
__std_terminate
_o__errno
__CxxFrameHandler4
_CxxThrowException
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
DisableThreadLibraryCalls
SizeofResource
LockResource
LoadStringW
GetModuleHandleExW
FindResourceExW
GetProcAddress
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
LoadResource
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

CreateEventW
CreateSemaphoreExW
CreateMutexExW
SetEvent
InitializeCriticalSectionEx
LeaveCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DeleteCriticalSection
EnterCriticalSection
ReleaseMutex
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
ResetEvent
ReleaseSemaphore
InitializeCriticalSection

api-ms-win-core-heap-l1-1-0

HeapSize
GetProcessHeap
HeapReAlloc
HeapFree
HeapDestroy
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
SubmitThreadpoolWork
WaitForThreadpoolWaitCallbacks
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
CreateThreadpoolWork
SetThreadpoolTimer
CreateThreadpoolCleanupGroup
WaitForThreadpoolTimerCallbacks
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
CloseThreadpool
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

CreateThread
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

ntdll

EtwTraceMessage
RtlInitUnicodeString
EtwEventSetInformation
EtwEventUnregister
RtlHashUnicodeString
EtwEventWriteTransfer
RtlNtStatusToDosError
WinSqmAddToStreamEx
RtlQueryWnfStateData
RtlGetCurrentServiceSessionId
RtlGetActiveConsoleId
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlPublishWnfStateData
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
RtlIsStateSeparationEnabled
RtlDllShutdownInProgress
EtwEventRegister

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteValueW
RegCloseKey
RegDeleteTreeW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathParseIconLocationW
PathFileExistsW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-io-l1-1-0

PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatus

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-localization-private-l1-1-0

LoadStringByReference

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 412KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 32B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AudioEng.dll
.dll regsvr32 windows:10 windows x64 arch:x64

71d9cf8be5fc6d6b97364f9766912856

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

83:38:7c:30:ea:77:aa:b4:3c:2c:24:08:0d:4c:03:7b:86:ae:0e:73:1a:1f:2b:69:59:cb:42:ae:16:eb:17:86
Signer

Actual PE Digest

83:38:7c:30:ea:77:aa:b4:3c:2c:24:08:0d:4c:03:7b:86:ae:0e:73:1a:1f:2b:69:59:cb:42:ae:16:eb:17:86

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AUDIOENG.pdb

Imports

oleaut32

VarUI4FromStr

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap

api-ms-win-core-com-l1-1-0

StringFromCLSID
CoTaskMemFree
CoTaskMemAlloc
StringFromIID
IIDFromString
PropVariantClear
StringFromGUID2
CoTaskMemRealloc
CoCreateGuid
CoCreateFreeThreadedMarshaler
CoCreateInstance

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

SetThreadLocale
FormatMessageW
GetThreadLocale

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TlsGetValue
CreateThread
GetCurrentProcessId
TlsSetValue
GetCurrentProcess
TerminateProcess

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
LoadLibraryExW
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleW
LockResource
SizeofResource
GetModuleFileNameW
GetModuleHandleExW
GetModuleFileNameA
LoadResource
FreeLibrary

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
AcquireSRWLockExclusive
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
OpenSemaphoreW
LeaveCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
ResetEvent
CreateMutexExW
CreateSemaphoreExW
CreateEventA
InitializeCriticalSectionEx
CreateEventW
ReleaseSemaphore
SetEvent
ReleaseMutex

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegQueryValueExA
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegGetValueW
RegQueryInfoKeyW
RegDeleteKeyExW
RegNotifyChangeKeyValue
RegCreateKeyExA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceEvent
UnregisterTraceGuids
TraceMessage

rpcrt4

I_RpcExceptionFilter
RpcStringBindingComposeW
NdrClientCall3
RpcStringFreeW
RpcBindingFree
RpcBindingFromStringBindingW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce
InitOnceInitialize
Sleep

propsys

PropVariantToBuffer
PropVariantGetElementCount
PropVariantToString

api-ms-win-crt-math-l1-1-0

_finite
_isnan

api-ms-win-crt-string-l1-1-0

strncmp
memmove_s
strnlen
memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
_o__aligned_malloc
_o__wcsicmp
_o__wfopen_s
_o__wmkdir
_o__wstat32
_o__wtof
_o_acos
_o_asinf
_o_atan2
_o_atan2f
_o_atoi
_o_calloc
_o_ceil
_o_ceilf
_o_cos
_o_cosf
_o_exp
_o_expf
_o_fclose
_o_fgets
_o_floor
_o_floorf
_o_fmod
_o_fopen
_o_fread
_o_free
_o_fseek
_o_fwrite
_o_log
_o_log10f
_o_logf
_o_malloc
_o_pow
_o_powf
_o_qsort
_o_realloc
_o_sin
_o_sinf
_o_sqrt
_o_sqrtf
_o_strcat_s
_o_strcpy_s
_o_strncpy_s
_o_strtod
_o_tanf
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstombs_s
_o_wmemcpy_s
strchr
strstr
__current_exception
__current_exception_context
__CxxFrameHandler3
_o__aligned_free
_o___stdio_common_vswscanf
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsscanf
_o___stdio_common_vsprintf_s
memcmp
_o___stdio_common_vsprintf
_o__crt_atexit
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___stdio_common_vfprintf_s
_o___stdio_common_vfprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_narrow_argv
memcpy
_o___acrt_iob_func
_CxxThrowException
__C_specific_handler_noexcept
_o__cexit
__C_specific_handler
__std_terminate
__CxxFrameHandler4
memmove

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolCleanupGroupMembers
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
CreateThreadpool
CloseThreadpool
SubmitThreadpoolWork
CreateThreadpoolCleanupGroup
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
CloseThreadpoolWork
CloseThreadpoolCleanupGroup
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolWait
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime

ntdll

EtwLogTraceEvent
RtlAllocateMemoryBlockLookaside
RtlPublishWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
NtQueryInformationProcess
RtlUnlockMemoryBlockLookaside
RtlCreateMemoryBlockLookaside
EtwGetTraceEnableFlags
RtlLockMemoryBlockLookaside
RtlFreeMemoryBlockLookaside
RtlNtStatusToDosError
RtlDestroyMemoryBlockLookaside
RtlExtendMemoryBlockLookaside
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwUnregisterTraceGuids

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsConcatString
WindowsCompareStringOrdinal
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathFindFileNameW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-path-l1-1-0

PathCchRenameExtension

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueue
CreateTimerQueueTimer
DeleteTimerQueueEx

api-ms-win-core-file-l1-1-0

CreateFileA
WriteFile
GetFileSize
ReadFile

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA

api-ms-win-core-memory-l1-1-1

GetProcessWorkingSetSizeEx
SetProcessWorkingSetSizeEx

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureUsage
GetFeatureEnabledState
UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AERT_Allocate
AERT_Free
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1000KB - Virtual size: 996KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 844KB - Virtual size: 840KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AudioHandlers.dll
.dll windows:10 windows x64 arch:x64

6b6045a94063a5cd99e452dbd923bbcd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AudioHandlers.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o_abort
_o_bsearch_s
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_roundf
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__beginthreadex
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_CxxThrowException
_o___stdio_common_vsnprintf_s
__CxxFrameHandler3
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
strncmp

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
GetModuleFileNameA
LoadStringW
GetModuleHandleExW
LoadResource
FindResourceExW
FreeResource
GetProcAddress
DisableThreadLibraryCalls
SizeofResource
LockResource
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
TryAcquireSRWLockExclusive
CreateMutexExW
WaitForSingleObject
ReleaseSRWLockExclusive
ReleaseSemaphore
SetEvent
ResetEvent
CreateEventW
AcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
CreateSemaphoreExW
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeCriticalSection
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
RaiseException
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
SetThreadPriority
GetCurrentProcess
TerminateProcess
CreateThread
GetCurrentProcessId
OpenProcessToken

api-ms-win-core-localization-l1-2-0

GetUserDefaultLocaleName
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventActivityIdControl
EventWriteTransfer

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsDuplicateString
WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCompareStringOrdinal

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoIncrementMTAUsage
CoCreateInstance
CoDecrementMTAUsage
CoGetApartmentType
StringFromCLSID
CoCreateGuid
PropVariantClear
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoTaskMemFree
CoUninitialize
CoTaskMemAlloc
CoGetMalloc
CoWaitForMultipleHandles

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory
RoInitialize
RoUninitialize

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError
RoTransformError

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-security-base-l1-1-0

GetTokenInformation
CopySid
GetLengthSid

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-shcore-sysinfo-l1-1-0

IsOS

api-ms-win-core-shlwapi-legacy-l1-1-0

PathParseIconLocationW

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask

api-ms-win-shcore-registry-l1-1-0

SHSetValueW
SHGetValueW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime

api-ms-win-core-datetime-l1-1-1

GetTimeFormatEx
GetDateFormatEx

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpIW

oleaut32

GetErrorInfo
SetErrorInfo
SysAllocString
SysFreeString
SysStringLen

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOnFile
CreateRandomAccessStreamOverStream

ntdll

RtlQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-rtcore-ntuser-window-l1-1-0

GetWindowLongW
IsWindow
GetWindow
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
AllowSetForegroundWindow
FindWindowW
SendMessageW

mmdevapi

ord25
ord28
ord21

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFamilyName

api-ms-win-shlwapi-winrt-storage-l1-1-1

ord348

api-ms-win-mm-misc-l1-1-0

mmioRead
mmioClose
mmioOpenW
mmioDescend

msvcp_win

?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_id
_Thrd_join
_Cnd_do_broadcast_at_thread_exit
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
_Xtime_get_ticks
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
_Query_perf_frequency
_Query_perf_counter
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
GetSetting

Sections

.text
Size: 492KB - Virtual size: 491KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AudioSes.dll
.dll regsvr32 windows:10 windows x64 arch:x64

0d98949807bf291a8b0fc00e5cbbb168

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

89:81:59:04:89:4c:bc:ac:34:0e:18:fc:be:aa:63:05:56:25:3f:5c:58:bc:27:ae:90:7b:7a:10:e3:c1:3f:df
Signer

Actual PE Digest

89:81:59:04:89:4c:bc:ac:34:0e:18:fc:be:aa:63:05:56:25:3f:5c:58:bc:27:ae:90:7b:7a:10:e3:c1:3f:df

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

audioses.pdb

Imports

msvcp_win

?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-string-l1-1-0

wcscmp
memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__localtime64_s
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
memmove
_o__wsplitpath_s
_o__wtof
_o__wtoi
_o_calloc
_o_ceil
_o_ceilf
_o_floor
_o_free
_o_log10f
_o_log2
_o_malloc
_o_pow
_o_powf
_o_realloc
_o_sinf
_o_sqrt
_o_sqrtf
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
__std_type_info_compare
wcschr
__CxxFrameHandler3
__current_exception
__current_exception_context
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__C_specific_handler
__CxxFrameHandler4
memcmp
memcpy
_CxxThrowException
__C_specific_handler_noexcept

rpcrt4

RpcStringFreeW
NdrDllUnregisterProxy
NdrDllRegisterProxy
RpcBindingFree
RpcBindingFromStringBindingW
NdrDllGetClassObject
RpcStringBindingComposeW
NdrDllCanUnloadNow
NdrOleFree
NdrOleAllocate
NdrClientCall3
RpcSmDestroyClientContext
I_RpcExceptionFilter

api-ms-win-core-marshal-l1-1-0

HWND_UserMarshal64
HWND_UserMarshal
HWND_UserFree64
HWND_UserFree
HWND_UserUnmarshal64
HWND_UserSize64
HWND_UserUnmarshal
HWND_UserSize

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
SizeofResource
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA
LockResource
FreeLibrary
LoadResource
FindResourceExW
FreeLibraryAndExitThread
LoadLibraryExW
DisableThreadLibraryCalls
GetModuleHandleW

api-ms-win-core-localization-l1-2-0

GetThreadLocale
SetThreadLocale
FormatMessageW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceInitialize

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
CreateWaitableTimerExW
SetWaitableTimer
ReleaseSRWLockShared
CancelWaitableTimer
WaitForMultipleObjectsEx
EnterCriticalSection
CreateMutexExW
OpenEventW
AcquireSRWLockShared
DeleteCriticalSection
ReleaseMutex
AcquireSRWLockExclusive
WaitForSingleObjectEx
InitializeCriticalSectionEx
CreateEventW
WaitForSingleObject
ReleaseSemaphore
InitializeCriticalSection
CreateSemaphoreExW
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventExW
OpenSemaphoreW
TryEnterCriticalSection
InitializeSRWLock

api-ms-win-core-heap-l1-1-0

HeapFree
HeapDestroy
HeapReAlloc
HeapSize
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
RaiseException
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenCurrentUser
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW
RegDeleteValueW

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceEnableFlags
TraceEvent
TraceMessage

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentThread
OpenProcessToken
CreateThread
GetCurrentProcess
TerminateProcess
GetProcessTimes
GetCurrentProcessId

api-ms-win-core-string-l2-1-0

CharNextW
IsCharAlphaW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpool
CloseThreadpoolCleanupGroup
CreateThreadpoolCleanupGroup
SetThreadpoolThreadMaximum
CreateThreadpool
SetThreadpoolThreadMinimum
SubmitThreadpoolWork
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
TrySubmitThreadpoolCallback
CloseThreadpoolCleanupGroupMembers

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
CompareStringOrdinal

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW

api-ms-win-core-featurestaging-l1-1-0

UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification
RecordFeatureUsage
GetFeatureEnabledState

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
MapViewOfFileEx
CreateFileMappingW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-processtopology-obsolete-l1-1-0

SetThreadAffinityMask

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSize

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetTickCount

api-ms-win-core-memory-l1-1-1

VirtualLock
SetProcessWorkingSetSizeEx
PrefetchVirtualMemory
GetProcessWorkingSetSizeEx
VirtualUnlock

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterMemoryBlock

api-ms-win-mm-time-l1-1-0

timeEndPeriod
timeBeginPeriod

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

ntdll

RtlQueryTokenHostIdAsUlong64
RtlGetDeviceFamilyInfoEnum
RtlUnlockMemoryZone
RtlAllocateMemoryZone
RtlAllocateMemoryBlockLookaside
RtlDestroyMemoryZone
NtSetInformationThread
RtlCreateMemoryBlockLookaside
RtlLockMemoryZone
RtlFreeMemoryBlockLookaside
RtlCreateMemoryZone
RtlDestroyMemoryBlockLookaside
RtlExtendMemoryBlockLookaside
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
RtlQueryWnfStateData
RtlEqualWnfChangeStamps
ShipAssert
RtlQueryPackageClaims
RtlConvertHostPerfCounterToPerfCounter
NtQueryInformationThread
NtQueryInformationProcess
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
NtAlpcConnectPort
RtlInitUnicodeStringEx
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
AlpcInitializeMessageAttribute
AlpcGetMessageAttribute
NtAlpcSendWaitReceivePort
NtDeleteWnfStateName
NtQueryWnfStateData
RtlNtStatusToDosError

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 4KB - Virtual size: 154B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 396KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AudioSrvPolicyManager.dll
.dll windows:10 windows x64 arch:x64

91eb303356231525f018ac3a966c8170

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

17:53:ca:e3:0d:1b:19:0c:1f:d3:a8:e3:f7:cf:b9:05:1e:5b:a4:b0:f5:9f:2f:46:22:f7:ee:7f:0d:7e:03:ff
Signer

Actual PE Digest

17:53:ca:e3:0d:1b:19:0c:1f:d3:a8:e3:f7:cf:b9:05:1e:5b:a4:b0:f5:9f:2f:46:22:f7:ee:7f:0d:7e:03:ff

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AudioSrvPolicyManager.pdb

Imports

msvcp_win

_Mtx_unlock
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
_Mtx_destroy_in_situ
?_Xlength_error@std@@YAXPEBD@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Mtx_init_in_situ

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__set_errno
memmove
_o__wcsicmp
_o__wcsicoll
_o__wtoi
_o_calloc
_o_ceilf
_o_free
_o_log10
_o_malloc
_o_pow
_o_terminate
_o_wcsncpy_s
_o_wmemcpy_s
wcsstr
wcschr
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_o__cexit
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__execute_onexit_table
_o__crt_atexit
_o__errno
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_narrow_argv
__std_type_info_compare
__std_terminate
__CxxFrameHandler4
_CxxThrowException
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
LoadResource
LockResource
GetProcAddress
GetModuleHandleW
LoadLibraryExW
FreeLibrary
FindResourceExW
DisableThreadLibraryCalls
SizeofResource

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
InitializeSRWLock
InitializeCriticalSection
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
DeleteCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseSemaphore
CreateSemaphoreExW
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeCriticalSectionEx

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
HeapDestroy
HeapReAlloc
GetProcessHeap
HeapSize

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThread
GetCurrentProcessId
CreateThread
GetCurrentThreadId
GetCurrentProcess
OpenProcessToken
OpenThreadToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
TraceMessage
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
GetTraceEnableFlags

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
CoCreateInstance
CLSIDFromString
CoInitializeEx
CoUninitialize
CoTaskMemRealloc
StringFromCLSID
CoTaskMemAlloc
PropVariantCopy
CoTaskMemFree
PropVariantClear

api-ms-win-core-io-l1-1-0

GetQueuedCompletionStatus
CreateIoCompletionPort
PostQueuedCompletionStatus

api-ms-win-core-registry-l1-1-0

RegOpenCurrentUser
RegEnumKeyExW
RegQueryInfoKeyW
RegGetValueW
RegSetKeySecurity
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegEnumValueW
RegGetKeySecurity
RegDeleteTreeW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
Sleep
InitOnceComplete

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolCleanupGroup
SetThreadpoolThreadMaximum
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpool
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
CloseThreadpool
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolWorkCallbacks
WaitForThreadpoolTimerCallbacks
WaitForThreadpoolWaitCallbacks
SetThreadpoolThreadMinimum
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64

ntdll

NtQueryInformationToken
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
RtlQueryTokenHostIdAsUlong64
RtlQueryPackageClaims
RtlEqualWnfChangeStamps
RtlDllShutdownInProgress
NtOpenThreadToken
RtlFreeHeap
RtlInitUnicodeString
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlGetActiveConsoleId
RtlGetCurrentServiceSessionId
NtQueryInformationProcess
NtAcquireProcessActivityReference
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlGetAppContainerSidType
RtlGetAppContainerParent
RtlFreeSid
RtlPublishWnfStateData

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorDacl
GetSecurityDescriptorOwner
GetAce
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetAclInformation
AddAce
InitializeAcl
CopySid
InitializeSid
GetSidLengthRequired
SetSecurityDescriptorSacl
MakeSelfRelativeSD
GetSecurityDescriptorLength
GetLengthSid
EqualSid
IsValidSid
GetSecurityDescriptorControl
MakeAbsoluteSD
GetSecurityDescriptorGroup
InitializeSecurityDescriptor
AddAccessAllowedAceEx
GetSidSubAuthority
GetSidSubAuthorityCount
AllocateAndInitializeSid
SetKernelObjectSecurity
FreeSid
GetTokenInformation

api-ms-win-security-base-l1-2-0

CheckTokenCapability

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-string-l2-1-0

IsCharAlphaW
IsCharAlphaNumericW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ActivatePolicyManager
HHOSTEDAPPMANAGERCONTEXTRundown
PbmAllowMediaPlaybackForApp
PbmCastingAppStateChanged
PbmGetSoundLevel
PbmIsPlaying
PbmLaunchBackgroundTask
PbmPlayToStreamStateChanged
PbmRegisterAppClosureNotification
PbmRegisterAppManagerNotification
PbmRegisterPlaybackManagerNotifications
PbmReportAppClosing
PbmReportAppInteractivityChange
PbmReportApplicationState
PbmReportHostedAppStateChange
PbmReportHostedAppStateChange_2
PbmSetScreenReaderState
PbmSetSmtcSubscriptionState
PbmSwitchSoftNonInteractiveAppsToHardNonInteractive
PbmUnregisterAppClosureNotification
PbmUnregisterAppManagerNotification
PbmUnregisterPlaybackManagerNotifications
TS_AudioProtocolNotifyRundown
TS_RegisterAudioProtocolNotification
TS_SessionChanged
TS_SessionGetAudioProtocol
TS_UnregisterAudioProtocolNotification

Sections

.text
Size: 296KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AuthBroker.dll
.dll regsvr32 windows:10 windows x64 arch:x64

8bdf7b01b279fd473ac7dae4a5bbe4a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AuthBroker.pdb

Imports

msvcrt

memmove_s
malloc
_initterm
free
_amsg_exit
_vsnwprintf
memcpy
memcmp
__C_specific_handler
__dllonexit
_unlock
_XcptFilter
_onexit
_lock
_purecall
memcpy_s
__CxxFrameHandler3
_callnewh
memset

rpcrt4

NdrOleAllocate
NdrOleFree
I_RpcBindingInqLocalClientPID
NdrDllGetClassObject
NdrDllCanUnloadNow

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadStringW
GetModuleFileNameA
GetModuleHandleW
GetProcAddress

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
ReleaseSemaphore
CreateSemaphoreExW
CreateMutexW
AcquireSRWLockExclusive
ReleaseMutex
WaitForSingleObjectEx
WaitForMultipleObjectsEx
WaitForSingleObject
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
ReleaseSRWLockShared
SetEvent
CreateEventExW
CreateEventW
CreateMutexExW
EnterCriticalSection
AcquireSRWLockShared
DeleteCriticalSection
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
RaiseException
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserSize
HSTRING_UserMarshal
HSTRING_UserFree64
WindowsDeleteString
WindowsCreateString
HSTRING_UserSize64
HSTRING_UserFree
HSTRING_UserMarshal64
WindowsStringHasEmbeddedNull
WindowsCreateStringReference
HSTRING_UserUnmarshal
HSTRING_UserUnmarshal64
WindowsCompareStringOrdinal
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsGetStringLen
WindowsIsStringEmpty

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventActivityIdControl
EventUnregister
EventRegister
EventSetInformation

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
TraceMessage
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CloseThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TlsFree
TlsSetValue
OpenProcessToken
SetThreadToken
CreateProcessW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
GetExitCodeProcess
CreateThread
ResumeThread
DeleteProcThreadAttributeList
TlsGetValue
GetCurrentThread
OpenThreadToken
GetProcessId
GetProcessIdOfThread
OpenThread
TerminateProcess
GetCurrentThreadId
TlsAlloc
GetCurrentProcess

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo
RoOriginateError
SetRestrictedErrorInfo
RoOriginateErrorW
RoTransformError

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegGetValueW
RegSetValueExW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW

api-ms-win-security-base-l1-1-0

CopySid
GetSidSubAuthorityCount
AllocateAndInitializeSid
GetLengthSid
GetTokenInformation
ImpersonateLoggedOnUser
FreeSid

api-ms-win-security-base-l1-2-0

CheckTokenCapability

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalAlloc
LocalFree

api-ms-win-core-file-l1-1-0

CreateFileW

authz

AuthzFreeContext
AuthzInitializeResourceManager
AuthzInitializeContextFromSid
AuthzAccessCheck
AuthzFreeResourceManager

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-appcontainer-l1-1-0

GetAppContainerNamedObjectPath

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-wow64-l1-1-0

Wow64RevertWow64FsRedirection
IsWow64Process
Wow64DisableWow64FsRedirection

wkscli

NetGetJoinInformation

netutils

NetApiBufferFree

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoActivateInstance
RoUninitialize
RoGetActivationFactory

winhttp

WinHttpCrackUrl
WinHttpCreateUrl

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-url-l1-1-0

ParseURLW

api-ms-win-security-provider-l1-1-0

GetSecurityInfo

api-ms-win-core-marshal-l1-1-0

HWND_UserMarshal
HWND_UserMarshal64
HWND_UserUnmarshal64
HWND_UserFree
HWND_UserSize
HWND_UserFree64
HWND_UserUnmarshal
HWND_UserSize64

combase

ord140

ntdll

RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlEnterCriticalSection
RtlLeaveCriticalSection
WinSqmAddToStream
wcstoul
RtlIsStateSeparationEnabled
_wcsicmp
RtlAllocateAndInitializeSidEx
RtlDeriveCapabilitySidsFromName
RtlInitUnicodeString
RtlEqualSid
_wcsnicmp

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AuthBrokerClearThreadClientContext
AuthBrokerCreateClientContext
AuthBrokerFreeClientContext
AuthBrokerSetThreadClientContext
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllInstall
DllRegisterServer
FindCallingThreadImmersiveWindow
PurgeAuthHostSsoCache

Sections

.text
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AuthBrokerUI.dll
.dll windows:10 windows x64 arch:x64

84ec67ed6c9e2ff61a32cad6ab9df90a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AuthBrokerUI.pdb

Imports

msvcrt

memset
memcpy_s
_vsnwprintf
_callnewh
wcscmp
_onexit
__dllonexit
_unlock
_lock
__CxxFrameHandler3
__C_specific_handler
_initterm
malloc
_amsg_exit
_XcptFilter
free
_purecall

ntdll

RtlDeleteElementGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlDeleteCriticalSection
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsDeleteString

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceLoggerHandle
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW

api-ms-win-core-synch-l1-1-0

ResetEvent
CreateEventW
SetEvent
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
WaitForMultipleObjectsEx
WaitForSingleObject
CreateMutexExW
CreateSemaphoreExW

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
GetModuleHandleW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

shcore

ord244

authbroker

FindCallingThreadImmersiveWindow

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-localization-l1-2-0

SetThreadPreferredUILanguages
FormatMessageW

oleaut32

SysStringLen
SysFreeString

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CreateWndMgmt
DirectUIInitProc
DirectUIInitThread
DirectUIUnInitProc
DirectUIUnInitThread
FreeWndMgmt
WabCreateWebRuntimeCoreControl
WabCreateWebRuntimeCoreVisualViewport
WabImmDisableLegacyIME

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AuthExt.dll
.dll windows:10 windows x64 arch:x64

ecf8c685ebda224d90ea24ecc21906d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AuthExt.pdb

Imports

msvcrt

memcmp
memmove
__CxxFrameHandler3
_vsnwprintf
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
_amsg_exit
_XcptFilter
free
_purecall
_callnewh
memmove_s
memcpy_s
_onexit
memset

shell32

DuplicateIcon

shlwapi

ord278
ord219

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleW
GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
LoadStringW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
CreateMutexExW
WaitForSingleObjectEx
WaitForSingleObject
DeleteCriticalSection
ReleaseMutex
AcquireSRWLockExclusive
CreateSemaphoreExW
OpenSemaphoreW
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeCriticalSectionEx
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
Sleep
InitOnceBeginInitialize

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoGetMalloc
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

ntdll

RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification

propsys

PSCreateMemoryPropertyStore

user32

RegisterDeviceNotificationW
DestroyWindow
SystemParametersInfoW
RegisterPowerSettingNotification
DestroyIcon
DefWindowProcA
DefWindowProcW
IsWindowUnicode
GetWindowLongPtrW
UnregisterDeviceNotification
UnregisterPowerSettingNotification
SetWindowLongPtrW
GetSysColor

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AuthFWGP.dll
.dll regsvr32 windows:10 windows x64 arch:x64

ac903dd308939b1de6e2edc954fb7082

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AuthFWgp.pdb

Imports

msvcrt

free
_XcptFilter
_amsg_exit
_initterm
__C_specific_handler
_callnewh
malloc
_purecall
memset

advapi32

RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey

kernel32

GetCurrentProcess
SetUnhandledExceptionFilter
TerminateProcess
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetModuleFileNameW
FreeResource
HeapFree
GlobalAlloc
GlobalFree
HeapAlloc
GetProcessHeap
GetLastError
Sleep

user32

LoadImageW
LoadIconW
LoadStringW
LoadBitmapW
RegisterClipboardFormatW

api-ms-win-core-com-l1-1-0

StringFromCLSID
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AuthFWSnapin.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AuthFWSnapin.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AuthFWWizFwk.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AuthFWWizFwk.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AuthHostProxy.dll
.dll regsvr32 windows:10 windows x64 arch:x64

3dcf97cf9146b02db0f632fac0a41c15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AuthHostProxy.pdb

Imports

msvcrt

_amsg_exit
__C_specific_handler
_initterm
malloc
free
_XcptFilter

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

rpcrt4

NdrDllCanUnloadNow
NdrDllGetClassObject
NdrDllRegisterProxy
NdrOleAllocate
NdrDllUnregisterProxy
NdrOleFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

oleaut32

BSTR_UserFree
BSTR_UserMarshal64
BSTR_UserSize64
BSTR_UserFree64
VARIANT_UserUnmarshal64
VARIANT_UserFree64
BSTR_UserUnmarshal64
BSTR_UserMarshal
VARIANT_UserMarshal
BSTR_UserUnmarshal
VARIANT_UserSize
BSTR_UserSize
VARIANT_UserSize64
VARIANT_UserFree
VARIANT_UserMarshal64
VARIANT_UserUnmarshal

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AutomaticAppSignInPolicy.dll
.dll windows:10 windows x64 arch:x64

c23dba0ae84d9e4fe46d3cfbac9d930f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AutomaticAppSignInPolicy.pdb

Imports

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_dll
_o_abort
_o_free
_o_iswspace
_o_malloc
__CxxFrameHandler4
memcpy
__std_terminate
memcmp
memmove
__C_specific_handler
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_CxxThrowException
__CxxFrameHandler3

api-ms-win-crt-string-l1-1-0

memset
strlen
wcslen

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
InitializeSRWLock
ReleaseMutex
ReleaseSRWLockExclusive
WaitForSingleObject
AcquireSRWLockExclusive
ReleaseSemaphore
CreateSemaphoreExW
ReleaseSRWLockShared
AcquireSRWLockShared
TryAcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedFlushSList

oleaut32

GetErrorInfo
SysStringLen
SysFreeString
SysAllocString
SetErrorInfo

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateFreeThreadedMarshaler

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AxInstSv.dll
.dll windows:10 windows x64 arch:x64

b3ef2d5baae15edadafe1fbd5b28d285

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AxInstSv.pdb

Imports

msvcrt

_errno
_onexit
__dllonexit
memcmp
_lock
??1type_info@@UEAA@XZ
memcpy
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
__CxxFrameHandler4
realloc
?terminate@@YAXXZ
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
iswspace
_purecall
_beginthreadex
_endthreadex
wcsncpy_s
malloc
free
_vsnprintf_s
wcsrchr
_vsnwprintf
_wcsicmp
swscanf_s
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
memcpy_s
??0exception@@QEAA@AEBV0@@Z
__C_specific_handler
_unlock
memset

oleaut32

SysAllocString
SysAllocStringByteLen
SysStringByteLen
VarBstrCat
VarUI4FromStr
SysFreeString
SysStringLen

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegEnumKeyExW
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegQueryInfoKeyW

api-ms-win-core-com-l1-1-0

CoInitializeSecurity
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoRevertToSelf
CoUninitialize
CoRegisterClassObject
CoDisconnectContext
CoRevokeClassObject
CoImpersonateClient
CoResumeClassObjects
CoInitializeEx
CoSuspendClassObjects
CoSetProxyBlanket

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
GlobalFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetLastError
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-file-l1-1-0

SetFileAttributesW
DeleteFileW
RemoveDirectoryW
GetFileAttributesW
WriteFile
CreateFileW
FindNextFileW
CreateDirectoryW
FindClose
FindFirstFileW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorDacl
ImpersonateLoggedOnUser
FreeSid
AddAccessAllowedAce
GetAclInformation
RevertToSelf
GetSidLengthRequired
SetTokenInformation
GetSidSubAuthority
GetTokenInformation
AddAce
DuplicateTokenEx
InitializeAcl
GetSecurityDescriptorDacl
AllocateAndInitializeSid
GetLengthSid
IsValidSid
SetSecurityDescriptorOwner
CopySid
SetSecurityDescriptorGroup
InitializeSecurityDescriptor
CreateWellKnownSid
GetAce

api-ms-win-core-synch-l1-1-0

CreateEventW
ReleaseSRWLockShared
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
EnterCriticalSection
CreateMutexExW
WaitForSingleObject
AcquireSRWLockShared
WaitForSingleObjectEx
SetEvent
OpenSemaphoreW
ReleaseSemaphore
LeaveCriticalSection
DeleteCriticalSection
CreateSemaphoreExW
AcquireSRWLockExclusive
InitializeCriticalSection
ReleaseMutex

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-processthreads-l1-1-1

OpenProcess
SetProcessMitigationPolicy
GetProcessMitigationPolicy

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-processthreads-l1-1-0

SetThreadToken
GetExitCodeProcess
GetCurrentProcessId
CreateProcessAsUserW
GetCurrentThread
OpenThreadToken
TerminateProcess
GetCurrentProcess
OpenProcessToken
ResumeThread
GetCurrentThreadId

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWrite

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExW
SizeofResource
LoadLibraryExW
LoadResource
GetProcAddress
FreeLibrary
GetModuleFileNameW
DisableThreadLibraryCalls
FindResourceExW
GetModuleFileNameA

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak
OutputDebugStringA

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetWindowsDirectoryW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

NtOpenProcessToken
NtQueryInformationToken
NtClose
RtlNtStatusToDosError
RtlAcquireResourceShared
RtlInitializeResource
RtlDeleteResource
RtlReleaseResource
RtlAcquireResourceExclusive
NtOpenThreadToken

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-security-provider-l1-1-0

SetNamedSecurityInfoW

api-ms-win-core-kernel32-legacy-l1-1-0

UnregisterWait

advapi32

QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
StartServiceW

rpcrt4

RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
RpcAsyncInitializeHandle
I_RpcExceptionFilter
RpcAsyncCompleteCall
RpcStringFreeW
RpcAsyncCancelCall
RpcBindingFree
Ndr64AsyncClientCall
RpcBindingFromStringBindingW

user32

UnregisterClassA

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AzSqlExt.dll
.dll windows:10 windows x64 arch:x64

d51dc3c7fc3c0d48f3e79eca4bd3d952

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AzSqlExt.pdb

Imports

msvcrt

??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
free
_purecall
_stricmp
_wcsicmp
_vsnwprintf
_callnewh
_CxxThrowException
__CxxFrameHandler3
_XcptFilter
_amsg_exit
_initterm
__C_specific_handler
??1type_info@@UEAA@XZ
??1exception@@UEAA@XZ
malloc

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

GetCurrentThread
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
GetCurrentProcess
LocalFree
GetLastError
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
LocalAlloc
EnterCriticalSection
LoadLibraryA
GetProcAddress
LeaveCriticalSection

advapi32

OpenThreadToken
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation

authz

AuthzReportSecurityEvent
AuthzEnumerateSecurityEventSources
AuthzInstallSecurityEventSource
AuthzRegisterSecurityEventSource

ole32

CoTaskMemFree
StringFromCLSID

odbc32

ord72
ord111
ord136
ord176
ord9
ord141
ord139
ord31
ord77
ord26
ord4

Exports

Exports

AzGenerateAudit
__GetXpVersion
xp_AzManAddRole
xp_AzManAddUserToRole
xp_AzManDeleteRole
xp_AzManRemoveUserFromRole

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BCP47Langs.dll
.dll windows:10 windows x64 arch:x64

d289274037b3b3ff7d9155fb23eda361

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:eb:91:db:ec:1d:d6:e8:2f:f1:05:c4:ed:4a:02:83:01:00:68:15:37:8a:bc:60:c8:75:03:63:74:6e:e1:2a
Signer

Actual PE Digest

60:eb:91:db:ec:1d:d6:e8:2f:f1:05:c4:ed:4a:02:83:01:00:68:15:37:8a:bc:60:c8:75:03:63:74:6e:e1:2a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Bcp47Langs.pdb

Imports

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
__std_type_info_compare
_o___std_exception_copy
memmove
_o__wtoi
_o_bsearch
_o_ceilf
_o_free
_o_log10f
_o_malloc
_o_toupper
_o_towlower
_o_wcscpy_s
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__crt_atexit
wcschr
__std_terminate
__CxxFrameHandler4
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
memcmp
_o___std_type_info_destroy_list
_o___std_exception_destroy
memcpy

api-ms-win-crt-string-l1-1-0

memset

kernelbase

GetCurrentPackageFullName
EnumUILanguagesW
GetCurrentPackageFamilyName
FindPackagesByPackageFamily
GetStagedPackagePathByFullName
GetCurrentPackageId
GetSystemDefaultUILanguage
LCIDToLocaleName
EnumSystemLocalesEx
GetUserDefaultLocaleName
LocalAlloc
OpenGlobalizationUserSettingsKey

api-ms-win-core-libraryloader-l1-2-0

FindStringOrdinal
GetModuleFileNameA
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
DisableThreadLibraryCalls
GetModuleHandleW
GetProcAddress

api-ms-win-core-synch-l1-1-0

CreateMutexExW
AcquireSRWLockShared
EnterCriticalSection
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
DeleteCriticalSection
ReleaseSemaphore
ReleaseMutex
CreateSemaphoreExW
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentProcess
OpenProcessToken
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentThread

api-ms-win-core-localization-l1-2-0

IsValidLocaleName
GetUserPreferredUILanguages
GetLocaleInfoEx
GetUILanguageInfo
FormatMessageW
ResolveLocaleName

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventRegister
EventUnregister

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceExecuteOnce
InitOnceComplete

api-ms-win-security-base-l1-1-0

GetTokenInformation
EqualSid
IsValidSid
GetLengthSid
IsWellKnownSid
CopySid

api-ms-win-core-heap-l2-1-0

LocalFree

ntdll

RtlGetDeviceFamilyInfoEnum
RtlPublishWnfStateData
RtlIsMultiSessionSku
NtClose

api-ms-win-core-localization-private-l1-1-0

LoadStringByReference
NlsUpdateLocale

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoTaskMemAlloc

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegDeleteKeyExW
RegCloseKey
RegGetValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AppendUserLanguageInputMethods
AppendUserLanguageInternal
AppendUserLanguages
Bcp47BufferFromLcid
Bcp47FindClosestLanguage
Bcp47FromCompactTagInternal
Bcp47FromHkl
Bcp47FromLcid
Bcp47GetAbbreviation
Bcp47GetDirectionality
Bcp47GetDistance
Bcp47GetExtensionSingletons
Bcp47GetExtensionSubstring
Bcp47GetIsoLanguageCode
Bcp47GetIsoScriptCode
Bcp47GetLanguageName
Bcp47GetMuiForm
Bcp47GetNeutralForm
Bcp47GetNlsForm
Bcp47GetSubtagMapInternal
Bcp47GetUnIsoRegionCode
Bcp47IsWellFormed
Bcp47Normalize
ClearApplicationLanguageOverride
ClearApplicationManifestLanguages
ClearHttpAcceptLanguageOptOut
ClearUserDisplayLanguageOverride
ClearUserLocaleFromLanguageProfileOptOut
CompactTagFromBcp47Internal
DllGetActivationFactory
DllGetClassObject
GetApplicationLanguageOverride
GetApplicationLanguages
GetApplicationManifestLanguages
GetAppropriateUserLocaleForUserLanguages
GetAppropriateUserPreferredAndDisplayLanguagesForUser
GetClosestMatchingUserLanguage
GetDisplayLanguagesForAllUsers
GetFontFallbackLanguageList
GetHttpAcceptLanguageOptOut
GetInputMethodOverrideForUser
GetPendingUserDisplayLanguage
GetRelevantLocalesFromLanguageTags
GetSerializedUserLanguageProfile
GetSerializedUserLanguagesForUser
GetStartingUserDisplayLanguage
GetUnIsoRegionCode
GetUserDisplayLanguageOverride
GetUserLanguageInputMethods
GetUserLanguageInputMethodsForUser
GetUserLanguages
GetUserLanguagesForAllUsers
GetUserLanguagesForUser
GetUserLocaleFromLanguageProfileOptOut
IsTransientLcid
LanguageListAsMuiForm
LcidFromBcp47
RemoveInputsForAllLanguagesInternal
RemoveUserLanguageInputMethods
ResolveLanguages
SetApplicationLanguageOverride
SetApplicationManifestLanguages
SetHttpAcceptLanguageOptOut
SetInputMethodOverride
SetPreviousUserDisplayLanguages
SetStartingUserDisplayLanguage
SetUserDisplayLanguageOverride
SetUserLanguageInputMethods
SetUserLanguagesInternal
SetUserLanguagesInternalCore
SetUserLocaleFromLanguageProfileOptOut

Sections

.text
Size: 228KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BCP47mrm.dll
.dll windows:10 windows x64 arch:x64

96c1469120d23879739c5c108ed3b812

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8b:e1:ef:72:95:7c:08:b0:5f:5c:5f:08:a5:c7:94:85:65:a9:51:34:73:e4:6c:ef:97:6c:26:2f:50:ef:a1:da
Signer

Actual PE Digest

8b:e1:ef:72:95:7c:08:b0:5f:5c:5f:08:a5:c7:94:85:65:a9:51:34:73:e4:6c:ef:97:6c:26:2f:50:ef:a1:da

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Bcp47mrm.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wtoi
_o_bsearch
_o_free
_o_malloc
_o_terminate
_o_towlower
_o_wcscpy_s
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o___stdio_common_vsnprintf_s
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcschr
__std_type_info_compare
__std_terminate
__CxxFrameHandler4
_o___stdio_common_vswprintf
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FindStringOrdinal
GetModuleHandleW
GetProcAddress
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
EnterCriticalSection
ReleaseSemaphore
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
CreateSemaphoreExW
ReleaseSRWLockExclusive
ReleaseMutex
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-localization-l1-2-0

GetUserPreferredUILanguages
FormatMessageW
GetSystemPreferredUILanguages
GetThreadPreferredUILanguages

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

kernelbase

GetCurrentPackageId
GetCurrentPackageFamilyName
PackageFamilyNameFromFullName
EnumUILanguagesW
GetStagedPackagePathByFullName
OpenGlobalizationUserSettingsKey
FindPackagesByPackageFamily
GetCurrentPackageFullName

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegGetValueW
RegCreateKeyExW
RegDeleteValueW
RegDeleteTreeW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

ntdll

NtClose
RtlGetDeviceFamilyInfoEnum

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

Bcp47GetDistanceCString
Bcp47GetNeutralFormCString
Bcp47IsValid
CompareBcp47Tags
FormatLanguageList
FormatLanguageTag
GetApplicationLanguagesWithUserLanguagesFallback
GetApplicationLayoutDirection
GetClosenessOfUnIsoRegionTags
GetCompositeRegionCode
GetDistanceOfClosestLanguageInList
GetLanguageDirectionality
GetMrtDisplayLanguageList
GetParentCompositeRegionCode
IsValidTag
IsValidUnIsoRegionTag
IsWellFormedTag

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BFE.DLL
.dll windows:10 windows x64 arch:x64

2ca88a31f7ab1adc709b35aa8d49370a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bfe.pdb

Imports

msvcrt

wcscspn
_wcslwr
bsearch
_ultoa_s
strpbrk
memcmp
sprintf_s
isprint
_ltoa_s
_i64toa_s
_ui64toa_s
wprintf
log
strstr
_vsnprintf
_vsnwprintf
_wcsicmp
wcstol
qsort
wcschr
tolower
wcsnlen
_ultow
_wcsnicmp
iswctype
wcstoul
memmove
_XcptFilter
__C_specific_handler
_initterm
malloc
free
_amsg_exit
memcpy
memset

ntdll

NtQueryObject
RtlGetSaclSecurityDescriptor
RtlValidRelativeSecurityDescriptor
EtwEventSetInformation
RtlNumberOfSetBits
RtlInitializeBitMap
RtlValidSid
RtlLengthSid
NtDeviceIoControlFile
RtlAllocateHeap
RtlInitializeSRWLock
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
NtQueryLicenseValue
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlGetCurrentServiceSessionId
RtlCreateHashTable
RtlDeleteHashTable
RtlInsertEntryHashTable
RtlRemoveEntryHashTable
RtlLookupEntryHashTable
RtlGetNextEntryHashTable
RtlInitEnumerationHashTable
RtlEnumerateEntryHashTable
RtlEndEnumerationHashTable
RtlExpandHashTable
RtlGetOwnerSecurityDescriptor
RtlAdjustPrivilege
RtlAbsoluteToSelfRelativeSD
RtlSetOwnerSecurityDescriptor
RtlSelfRelativeToAbsoluteSD2
RtlGetVersion
RtlIntegerToUnicodeString
RtlCreateServiceSid
RtlSubAuthorityCountSid
RtlInitUnicodeString
TpReleaseTimer
RtlIpv4AddressToStringA
RtlIpv6AddressToStringA
RtlEthernetAddressToStringA
TpWaitForTimer
TpSetTimer
TpIsTimerSet
TpAllocTimer
RtlEqualSid
RtlLengthSecurityDescriptor
RtlApplicationVerifierStop
EtwEventEnabled
EtwEventWriteTransfer
EtwEventWrite
EtwEventActivityIdControl
EtwEventUnregister
EtwEventRegister
RtlNtStatusToDosError
EtwTraceMessage
RtlContractHashTable
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlSetThreadPreferredUILanguages

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleHandleW
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TlsGetValue
GetCurrentThread
TlsSetValue
OpenThreadToken
TlsFree
TlsAlloc
GetProcessId
GetCurrentProcessId
CreateThread
GetCurrentProcess
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemTime
GetTickCount64

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

TryAcquireSRWLockExclusive
InitializeSRWLock
AcquireSRWLockShared
ReleaseSemaphore
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
WaitForSingleObject
CreateEventW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
CreateSemaphoreExW

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueue
DeleteTimerQueueTimer
CreateTimerQueueTimer
UnregisterWaitEx
DeleteTimerQueueEx

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
MultiByteToWideChar

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapAlloc
HeapSize
HeapFree
HeapCreate
GetProcessHeap
HeapDestroy

rpcrt4

RpcRevertToSelf
RpcImpersonateClient
RpcRaiseException
RpcFreeAuthorizationContext
RpcBindingVectorFree
RpcEpUnregister
RpcGetAuthorizationContextForClient
NdrServerCall2
RpcServerUnregisterIfEx
RpcEpRegisterW
NdrServerCallAll
UuidFromStringW
RpcServerInqBindings
RpcServerRegisterIf3
RpcServerUseProtseqW
MesDecodeBufferHandleCreate
NdrMesTypeEncode3
I_RpcExceptionFilter
MesHandleFree
UuidCreate
RpcServerInqCallAttributesW
MesEncodeDynBufferHandleCreate
I_RpcBindingInqLocalClientPID
NdrMesTypeDecode3

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-windowserrorreporting-l1-1-0

WerSetFlags

authz

AuthzFreeResourceManager
AuthzFreeAuditEvent
AuthzInitializeResourceManager
AuthzAccessCheck
AuthzGetInformationFromContext
AuthzInitializeContextFromSid
AuthzFreeContext
AuthziLogAuditEvent
AuthziInitializeAuditEventType
AuthziFreeAuditEventType
AuthziInitializeAuditParamsFromArray
AuthziInitializeAuditEvent

api-ms-win-security-base-l1-1-0

DestroyPrivateObjectSecurity
AllocateAndInitializeSid
SetSecurityDescriptorControl
EqualSid
PrivilegeCheck
GetSecurityDescriptorControl
CreatePrivateObjectSecurityEx
FreeSid
GetPrivateObjectSecurity
InitializeAcl
CreateWellKnownSid
GetLengthSid
MapGenericMask
SetPrivateObjectSecurityEx
SetSecurityDescriptorDacl
CopySid
InitializeSecurityDescriptor
AddAccessAllowedAce
GetSecurityDescriptorLength

ws2_32

htonl

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

iphlpapi

GetCurrentThreadCompartmentId

api-ms-win-core-file-l1-1-0

DeleteFileW
WriteFile
CreateFileW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-perfcounters-l1-1-0

PerfCreateInstance
PerfSetULongCounterValue
PerfSetCounterSetInfo
PerfStartProvider
PerfStopProvider
PerfSetULongLongCounterValue

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
CloseThreadpoolWork
CloseThreadpoolTimer
CreateThreadpoolWork
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-eventing-controller-l1-1-0

StartTraceW
EnableTraceEx2
ControlTraceW

api-ms-win-eventing-consumer-l1-1-0

CloseTrace
ProcessTrace
OpenTraceW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

BfeGetDirectDispatchTable
BfeOnServiceStartTypeChange
BfeServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 476KB - Virtual size: 474KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 360KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BackgroundMediaPolicy.dll
.dll windows:10 windows x64 arch:x64

ddb1354ccdbbcbc159374b84d5400d68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

BackgroundMediaPolicy.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memcpy
_o__wcsicmp
_o_free
_o_malloc
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__callnewh
__C_specific_handler

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlUnsubscribeWnfNotificationWaitForCompletion
RtlCopySid
RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlGetDeviceFamilyInfoEnum
RtlIsMultiSessionSku
RtlEqualWnfChangeStamps
RtlEqualSid
RtlLengthSid
RtlValidSid
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnsubscribeWnfStateChangeNotification

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameA
GetProcAddress
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
AcquireSRWLockExclusive
ReleaseSemaphore
WaitForSingleObject
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseMutex
CreateMutexExW
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObjectEx
OpenSemaphoreW
LeaveCriticalSection
EnterCriticalSection
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
RaiseException
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceExecuteOnce
InitOnceComplete

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsGetStringRawBuffer
WindowsCompareStringOrdinal
WindowsDeleteString

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoTaskMemAlloc

api-ms-win-core-psm-key-l1-1-0

PsmGetPackageFullNameFromKey

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

resourcepolicyclient

CreateResourcePolicyStoreClient

api-ms-win-appmodel-runtime-l1-1-0

PackageFamilyNameFromFullName

api-ms-win-core-quirks-l1-1-1

QuirkIsEnabledForPackage3

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BamSettingsClient.dll
.dll windows:10 windows x64 arch:x64

b792d9235d2982757c0ec6800247e922

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

BamSettingsClient.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___std_type_info_destroy_list
_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
__C_specific_handler

api-ms-win-crt-string-l1-1-0

wcscmp
memset

ntdll

NtPowerInformation
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtQuerySystemInformation
NtSetSystemInformation
NtQueryFullAttributesFile
RtlInitUnicodeString

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryInfoKeyW
RegGetValueW
RegEnumValueW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

Exports

Exports

BamCreateSettingsClientLib
BamDestroySettingsClientLib
BamFreeQueriedApplications
BamQueryKnownApplications
BamSetUserManagementState

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BarcodeProvisioningPlugin.dll
.dll windows:10 windows x64 arch:x64

9e994126c6b06e1b7cdf54652c422896

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

BarcodeProvisioningPlugin.pdb

Imports

msvcp110_win

?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z

msvcrt

memmove
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__CxxFrameHandler3
memcpy
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
_callnewh
malloc
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
memset
??1exception@@UEAA@XZ
_wcsicmp
_purecall
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
__CxxFrameHandler4
??3@YAXPEAX@Z
??0exception@@QEAA@XZ
_CxxThrowException

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
GetProcAddress

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

ReleaseMutex
CreateEventW
SetEvent
CreateEventExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
AcquireSRWLockShared
WaitForSingleObject
CreateMutexExW
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSemaphore
CreateSemaphoreExW
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsCreateStringReference

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoCreateGuid
CoTaskMemAlloc
CoWaitForMultipleHandles

api-ms-win-core-path-l1-1-0

PathCchCanonicalizeEx
PathCchAppendEx
PathCchCombine
PathCchCombineEx
PathCchFindExtension

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-file-l1-1-0

FindClose
FindFirstFileW
DeleteFileW
CreateFileW
GetFileAttributesW
SetEndOfFile
SetFilePointer
FindNextFileW
WriteFile

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

profapi

ord117

crypt32

CryptBinaryToStringW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BcastDVRBroker.dll
.dll windows:10 windows x64 arch:x64

de32a0627bd9fded5c28fb8cae8c0d40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

BcastDVRBroker.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_name
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

bcastdvrcommon

??0BcastDVR_OutputDebug@@QEAA@PEBD@Z
?Printf@BcastDVRLogProviderBase@@SAX_N0PEBD1HPEBGZZ
?PrintType@BcastDVR_OutputDebug@@QEAAXPEBDK@Z
?PrintType@BcastDVR_OutputDebug@@QEAAXPEBD0@Z
?LogErrorEx@BcastDVRLogProviderBase@@SAXJPEBD0H00_N@Z
?OutputString@BcastDVR_OutputDebug@@QEAAXXZ
?RegisterCallingPlugIn@PlugInUtility@Internal@Capture@Media@Windows@@YAJPEAUHKEY__@@PEAUHSTRING__@@1AEBU_GUID@@@Z
?LogError@BcastDVRLogProviderBase@@SAXJPEBD0H_N@Z

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
CreateMutexExW
CreateEventExW
SetEvent
LeaveCriticalSection
EnterCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateEventW
ReleaseMutex
ReleaseSRWLockShared
WaitForSingleObject
InitializeCriticalSectionEx
AcquireSRWLockShared
ReleaseSemaphore
CreateSemaphoreExW
InitializeSRWLock

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsCreateStringReference
WindowsCreateString

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
OpenProcessToken
TerminateProcess
GetProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo
RoOriginateErrorW
RoOriginateError
SetRestrictedErrorInfo
RoTransformError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-com-l1-1-0

CoMarshalInterface
CoGetCallContext
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CreateStreamOnHGlobal
CoReleaseMarshalData
CoCreateInstance

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize
RoGetActivationFactory

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenCurrentUser

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
CloseThreadpool
SubmitThreadpoolWork
CreateThreadpoolWork
CreateThreadpool

api-ms-win-security-base-l1-1-0

GetTokenInformation

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BcastDVRClient.dll
.dll windows:10 windows x64 arch:x64

c806f109377692d4efeb52644e633c74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

BcastDVRClient.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_free
_o_malloc
_o_realloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__crt_atexit
_o___std_type_info_name
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o__configure_narrow_argv
_o___std_exception_copy
_o__cexit
_o__callnewh
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
ReleaseSemaphore
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
AcquireSRWLockShared
OpenSemaphoreW
ReleaseSRWLockShared
CreateMutexExW
DeleteCriticalSection
InitializeSRWLock
CreateEventExW
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateEventW
SetEvent

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsGetStringLen
WindowsDeleteString
WindowsCreateString
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsCreateStringReference

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
OpenProcessToken
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError
GetRestrictedErrorInfo
SetRestrictedErrorInfo
RoOriginateErrorW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-com-l1-1-0

CreateStreamOnHGlobal
CoCreateFreeThreadedMarshaler
CoReleaseMarshalData
CoTaskMemAlloc
CoMarshalInterface
CoCreateInstance

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetTickCount64
GetSystemTime
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolWork
CloseThreadpool
CreateThreadpool

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize
RoGetActivationFactory
RoActivateInstance

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile

api-ms-win-core-file-l1-1-0

WriteFile

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

systemeventsbrokerclient

SebCreateBroadcastNotificationEvent
SebDeleteEvent

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 328KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BcastDVRCommon.dll
.dll windows:10 windows x64 arch:x64

9e0232d7ef7cd0d38b407b8cf23f0692

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

BcastDVRCommon.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wtoi
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o___std_type_info_name
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o__execute_onexit_table
_o__errno
_o___std_exception_copy
wcschr
_o__aligned_malloc
_o__aligned_free
wcsrchr
_o__crt_atexit
_o__configure_narrow_argv
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
__std_terminate
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o__cexit
__CxxFrameHandler4
_o__callnewh
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
FreeLibrary

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
CreateMutexExW
DeleteCriticalSection
WaitForSingleObjectEx
EnterCriticalSection
ReleaseMutex
CreateEventW
SetEvent
CreateMutexW
CreateEventExW
WaitForSingleObject
InitializeCriticalSectionEx
ReleaseSemaphore
LeaveCriticalSection
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-winrt-string-l1-1-0

WindowsConcatString
WindowsDuplicateString
WindowsGetStringLen
WindowsCreateString
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference
WindowsIsStringEmpty

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
WaitOnAddress
WakeByAddressAll
InitOnceBeginInitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetLocalTime

rpcrt4

UuidCreate

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-threadpool-l1-2-0

SubmitThreadpoolWork
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
CloseThreadpoolWork

api-ms-win-core-com-l1-1-0

CoDecrementMTAUsage
CoIncrementMTAUsage
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CLSIDFromString
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoGetCallContext

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegSetValueExA
RegDeleteKeyExW
RegOpenCurrentUser
RegEnumKeyExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegNotifyChangeKeyValue
RegGetValueW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateFileW
WriteFile

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
RevertToSelf

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

ntdll

RtlNtStatusToDosErrorNoTeb
NtQueryInformationToken
RtlFreeHeap
RtlInitUnicodeString
RtlAllocateHeap
RtlCompareUnicodeString

Exports

Exports

??0BcastDVR_OutputDebug@@QEAA@PEBD@Z
??0ImpersonateHelper@Internal@Capture@Media@Windows@@QEAA@XZ
??1ImpersonateHelper@Internal@Capture@Media@Windows@@QEAA@XZ
?AppendPath@EnvironmentManager@Internal@Capture@Media@Windows@@YAJAEBVString@25@0PEAV625@@Z
?CalcPreviewVideoBufferDataSize@GameDVRUtility@Internal@Capture@Media@Windows@@YAJKKPEAK@Z
?CalcPreviewVideoFrameDataSize@GameDVRUtility@Internal@Capture@Media@Windows@@YAJKKPEAK@Z
?CleanupObsoletePlugIns@PlugInUtility@Internal@Capture@Media@Windows@@YAJPEAUHKEY__@@@Z
?CloseDuplicatedHandle@GameDVRUtility@Internal@Capture@Media@Windows@@YAJKPEAX@Z
?CloseDuplicatedHandles@GameDVRUtility@Internal@Capture@Media@Windows@@YAJKKQEAPEAX@Z
?FreeBroadcastSebEventIds@PlugInUtility@Internal@Capture@Media@Windows@@YAXPEAPEAU_GUID@@@Z
?GetBroadcastPlugInRegistryPathFromSebEventId@EnvironmentManager@Internal@Capture@Media@Windows@@YAJAEBU_GUID@@PEAVString@25@@Z
?GetBroadcastPlugInRegistryPathFromSebEventIdString@EnvironmentManager@Internal@Capture@Media@Windows@@YAJPEBGPEAVString@25@@Z
?GetBroadcastSebEventIds@PlugInUtility@Internal@Capture@Media@Windows@@YAJPEAKPEAPEAU_GUID@@@Z
?GetCallersPlugInInfo@PlugInUtility@Internal@Capture@Media@Windows@@YAJPEAUHKEY__@@AEBU_GUID@@PEAVString@25@2@Z
?GetCallersSebEventId@PlugInUtility@Internal@Capture@Media@Windows@@YAJPEAU_GUID@@@Z
?GetDefaultPlugIn@PlugInUtility@Internal@Capture@Media@Windows@@YAJPEAUHKEY__@@PEAU_GUID@@@Z
?GetErrorHistoryCount@BcastDVRLogProviderBase@@SAKXZ
?GetFormattedErrorHistory@BcastDVRLogProviderBase@@SAKPEAVString@Internal@Windows@@@Z
?GetGuidFromGuidString@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEBGPEAU_GUID@@@Z
?GetGuidStringFromGuid@GameDVRUtility@Internal@Capture@Media@Windows@@YAJAEBU_GUID@@_NPEAVString@25@@Z
?GetHKeyCurrentUserForDefaultUser@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAPEAUHKEY__@@@Z
?GetHKeyCurrentUserForIUser@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAUIUser@System@5@PEAPEAUHKEY__@@@Z
?GetIUserSID@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAUIUser@System@5@PEAVString@25@@Z
?GetJsonArray@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAU?$IMap@PEAUHSTRING__@@PEAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PEAUHSTRING__@@PEAEPEAPEAU?$IVector@PEAUIJsonValue@Json@Data@Windows@@@785@@Z
?GetJsonBoolean@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAU?$IMap@PEAUHSTRING__@@PEAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PEAUHSTRING__@@PEAE2@Z
?GetJsonDateTime@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAU?$IMap@PEAUHSTRING__@@PEAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PEAUHSTRING__@@PEAEPEAUDateTime@85@@Z
?GetJsonDouble@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAU?$IMap@PEAUHSTRING__@@PEAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PEAUHSTRING__@@PEAEPEAN@Z
?GetJsonGuid@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAU?$IMap@PEAUHSTRING__@@PEAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PEAUHSTRING__@@PEAEPEAU_GUID@@@Z
?GetJsonNumber@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAU?$IMap@PEAUHSTRING__@@PEAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PEAUHSTRING__@@PEAEPEA_J@Z
?GetJsonString@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAU?$IMap@PEAUHSTRING__@@PEAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PEAUHSTRING__@@PEAEPEAVString@25@@Z
?GetKnownFolderSubFolder@EnvironmentManager@Internal@Capture@Media@Windows@@YAJAEBU_GUID@@PEBGPEAVString@25@@Z
?GetOSVersionString@GameDVRUtility@Internal@Capture@Media@Windows@@YAXPEAVString@25@@Z
?GetPlugInInfo@PlugInUtility@Internal@Capture@Media@Windows@@YAJPEAUHKEY__@@AEBU_GUID@@PEAVString@25@22@Z
?GetPlugInPackageFullName@PlugInUtility@Internal@Capture@Media@Windows@@YAJAEBU_GUID@@PEAVString@25@@Z
?GetUserGameDVRConfigFolderPath@EnvironmentManager@Internal@Capture@Media@Windows@@YAJPEAVString@25@PEBG@Z
?ImpersonateDefaultUser@ImpersonateHelper@Internal@Capture@Media@Windows@@QEAAJXZ
?ImpersonateUser@ImpersonateHelper@Internal@Capture@Media@Windows@@QEAAJPEAUIUser@System@5@@Z
?Initialize@BcastDVR_OutputDebug@@SAXPEBGW4BcastDVR_OutputDebug_TraceToFileType@@0@Z
?InsertJsonArray@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAU?$IMap@PEAUHSTRING__@@PEAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PEAUHSTRING__@@PEAPEAU?$IVector@PEAUIJsonValue@Json@Data@Windows@@@785@@Z
?InsertJsonBoolean@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAUIJsonValueStatics@Json@Data@5@PEAU?$IMap@PEAUHSTRING__@@PEAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PEAUHSTRING__@@E@Z
?InsertJsonDateTime@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAUIJsonValueStatics@Json@Data@5@PEAU?$IMap@PEAUHSTRING__@@PEAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PEAUHSTRING__@@UDateTime@Foundation@5@@Z
?InsertJsonDouble@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAUIJsonValueStatics@Json@Data@5@PEAU?$IMap@PEAUHSTRING__@@PEAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PEAUHSTRING__@@N@Z
?InsertJsonGuid@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAUIJsonValueStatics@Json@Data@5@PEAU?$IMap@PEAUHSTRING__@@PEAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PEAUHSTRING__@@U_GUID@@@Z
?InsertJsonNumber@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAUIJsonValueStatics@Json@Data@5@PEAU?$IMap@PEAUHSTRING__@@PEAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PEAUHSTRING__@@_J@Z
?InsertJsonObject@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAU?$IMap@PEAUHSTRING__@@PEAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PEAUHSTRING__@@PEAPEAUIJsonObject@Json@Data@5@@Z
?InsertJsonString@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAUIJsonValueStatics@Json@Data@5@PEAU?$IMap@PEAUHSTRING__@@PEAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PEAUHSTRING__@@2@Z
?InsertNamedJsonEnumBitfields@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAUIJsonValueStatics@Json@Data@5@PEAU?$IMap@PEAUHSTRING__@@PEAUIJsonValue@Json@Data@Windows@@@Collections@Foundation@5@PEAUHSTRING__@@_KPEBQEBGH@Z
?LogError@BcastDVRLogProviderBase@@SAXJPEBD0H_N@Z
?LogErrorEx@BcastDVRLogProviderBase@@SAXJPEBD0H00_N@Z
?MapConstantToString@GameDVRUtility@Internal@Capture@Media@Windows@@YAPEBGQEAPEBGKKKK@Z
?MostRecentErrorInHistory@BcastDVRLogProviderBase@@SAJXZ
?OutputString@BcastDVR_OutputDebug@@QEAAXXZ
?PrintGuid@GameDVRUtility@Internal@Capture@Media@Windows@@YAJU_GUID@@PEAVString@25@@Z
?PrintHRESULT@BcastDVR_OutputDebug@@QEAAXJ@Z
?PrintType@BcastDVR_OutputDebug@@QEAAXPEBD0@Z
?PrintType@BcastDVR_OutputDebug@@QEAAXPEBDE@Z
?PrintType@BcastDVR_OutputDebug@@QEAAXPEBDH@Z
?PrintType@BcastDVR_OutputDebug@@QEAAXPEBDI@Z
?PrintType@BcastDVR_OutputDebug@@QEAAXPEBDK@Z
?PrintType@BcastDVR_OutputDebug@@QEAAXPEBDN@Z
?PrintType@BcastDVR_OutputDebug@@QEAAXPEBDPEAX@Z
?PrintType@BcastDVR_OutputDebug@@QEAAXPEBDPEBG@Z
?PrintType@BcastDVR_OutputDebug@@QEAAXPEBD_K@Z
?Printf@BcastDVRLogProviderBase@@SAX_N0PEBD1HPEBGZZ
?RecreateStorageFile@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAUIStorageFile@Storage@5@PEAPEAU675@@Z
?RegGetDwordValue@GameDVRUtility@Internal@Capture@Media@Windows@@YAXPEAUHKEY__@@PEBG1KPEAK@Z
?RegGetQwordValue@GameDVRUtility@Internal@Capture@Media@Windows@@YAXPEAUHKEY__@@PEBG1_KPEA_K@Z
?RegGetStringValue@GameDVRUtility@Internal@Capture@Media@Windows@@YAXPEAUHKEY__@@PEBG1PEAVString@25@@Z
?RegSetBinaryValue@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAUHKEY__@@PEBG1PEBEK@Z
?RegSetDwordValue@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAUHKEY__@@PEBG1K@Z
?RegSetQwordValue@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAUHKEY__@@PEBG1_K@Z
?RegSetStringValue@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAUHKEY__@@PEBG1PEAVString@25@@Z
?RegSetStringValue@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAUHKEY__@@PEBGPEBD2@Z
?RegisterCallingPlugIn@PlugInUtility@Internal@Capture@Media@Windows@@YAJPEAUHKEY__@@PEAUHSTRING__@@1AEBU_GUID@@@Z
?SetDefaultPlugIn@PlugInUtility@Internal@Capture@Media@Windows@@YAJPEAUHKEY__@@AEBU_GUID@@@Z
?Uninitialize@BcastDVR_OutputDebug@@SAXXZ
ActiveMetadataManagerInstances
CreateCallerManagerInstance
CreateCallerManagerInstanceForAppId
CreateMetadataManagerInstance
CreateMetadataManagerInstanceForAppId
CreateMetadataManagerInstanceFromJson
FireCallerManagerEvent
FireCallerManagerEventForAppId
GetBroadcastSharedMemoryReader
GetBroadcastSharedMemoryWriter
GetPreviewSharedMemoryReader
GetPreviewSharedMemoryWriter

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BdeHdCfgLib.dll
.dll windows:10 windows x64 arch:x64

0561832dedf5ee8989087224c333bc2b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

BdeHdCfgLib.pdb

Imports

msvcrt

wcschr
_beginthread
_purecall
_beginthreadex
iswdigit
__C_specific_handler
wcsstr
_vsnwprintf
_wtoi
_wcsnicmp
iswalpha
wcsncmp
malloc
_callnewh
_XcptFilter
_amsg_exit
_initterm
memcpy
_wcsicmp
free
memset

ntdll

RtlNtStatusToDosError
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WinSqmAddToStreamEx
NtQueryVolumeInformationFile
NtClose
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlInitUnicodeString
RtlCheckPortableOperatingSystem

advapi32

AdjustTokenPrivileges
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegSetKeyValueW
EventUnregister
EventRegister
EventWrite
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
LookupPrivilegeValueW
OpenProcessToken
GetNamedSecurityInfoW
SetNamedSecurityInfoW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
InitiateShutdownW
RegGetValueW

kernel32

VirtualFree
GetVolumeInformationByHandleW
GetVersionExW
HeapAlloc
GetProcessHeap
WriteFile
SetFilePointer
HeapFree
FormatMessageW
GetModuleHandleW
CreateEventW
SetEvent
WaitForSingleObject
CreateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
K32GetModuleBaseNameW
Sleep
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetVolumeNameForVolumeMountPointW
GetLastError
CreateFileW
DeviceIoControl
CloseHandle
FindFirstVolumeW
GetDriveTypeW
FindNextVolumeW
FindVolumeClose
GetSystemPowerStatus
CompareStringW
FindFirstFileW
CreateDirectoryExW
FindNextFileW
FindClose
LocalFree
CopyFileW
GetCurrentProcess
GetVolumePathNamesForVolumeNameW
RemoveDirectoryW
SetFileAttributesW
DeleteFileW
VirtualAlloc
ReadFile

user32

GetSystemMetrics
LoadStringW

ole32

CoSetProxyBlanket
CoInitializeEx
CoCreateInstance
CreateClassMoniker
GetRunningObjectTable
CoUninitialize
CoTaskMemFree

oleaut32

SafeArrayAccessData
SafeArrayGetUBound
VariantClear
SysFreeString
SysAllocString
VariantInit
SysStringLen
SafeArrayGetLBound
SafeArrayUnaccessData

reagent

WinReGetConfig
WinRE_Generalize
WinReInstall
WinReGetWIMInfo

Exports

Exports

??0CBcdStore@@IEAA@XZ
??0CBcdStore@@QEAA@$$QEAV0@@Z
??0CBcdStore@@QEAA@AEBV0@@Z
??0CBcdWmiWrapper@@IEAA@XZ
??0CBcdWmiWrapper@@QEAA@AEBV0@@Z
??0CBdeCfgLibraryLoader@@QEAA@AEBV0@@Z
??0CBdeCfgLibraryLoader@@QEAA@XZ
??0CDriveConfiguration@@QEAA@AEBV0@@Z
??0CDriveConfiguration@@QEAA@XZ
??1CBcdStore@@UEAA@XZ
??1CBcdWmiWrapper@@MEAA@XZ
??1CBdeCfgLibraryLoader@@QEAA@XZ
??1CDriveConfiguration@@QEAA@XZ
??4CBcdStore@@QEAAAEAV0@$$QEAV0@@Z
??4CBcdStore@@QEAAAEAV0@AEBV0@@Z
??4CBcdWmiWrapper@@QEAAAEAV0@AEBV0@@Z
??4CBdeCfgLibraryLoader@@QEAAAEAV0@AEBV0@@Z
??4CDriveConfiguration@@QEAAAEAV0@AEBV0@@Z
??_7CBcdStore@@6B@
??_7CBcdWmiWrapper@@6B@
?ActionRequiresCreate@CDriveConfiguration@@QEAA_NXZ
?ActionRequiresMerge@CDriveConfiguration@@QEAA_NXZ
?ActionRequiresShrink@CDriveConfiguration@@QEAA_NXZ
?CancelConfiguration@CDriveConfiguration@@QEAAJXZ
?CancelConfigurationEntry@CDriveConfiguration@@CAXPEAX@Z
?CancelConfiguration_Thread@CDriveConfiguration@@AEAAJXZ
?Cleanup@CDriveConfiguration@@AEAAXXZ
?ConfigureDrive@CDriveConfiguration@@QEAAJXZ
?CreateClass@CBcdStore@@SAJPEAPEAV1@@Z
?CreateInParams@CBcdWmiWrapper@@IEAAJPEBGPEAPEAUIWbemClassObject@@@Z
?DetectTargetDrive@CDriveConfiguration@@AEAAJPEAUIVdsVolume@@@Z
?DriveConfigurationEntry@CDriveConfiguration@@CAXPEAX@Z
?ExecuteMethod@CBcdWmiWrapper@@IEAAJPEBGPEAUIWbemClassObject@@PEAPEAU2@@Z
?ExportSystemStore@CBcdStore@@QEAAJPEBG@Z
?GetActionType@CDriveConfiguration@@QEAA?AW4BDECFG_ACTION_TYPE@@XZ
?GetConfigurationResult@CDriveConfiguration@@QEAAJXZ
?GetInitializationResult@CDriveConfiguration@@QEAAJXZ
?GetNamespace@CBcdWmiWrapper@@IEAAPEAUIWbemServices@@XZ
?GetNewDriveLetter@CDriveConfiguration@@QEAAGXZ
?GetNumberOfSteps@CDriveConfiguration@@QEAAKXZ
?GetShrinkSize@CDriveConfiguration@@QEAA_KXZ
?GetStepExecutionOrder@CDriveConfiguration@@QEAAKW4_BDECFG_STEP_ID@@@Z
?GetTargetDiskNumber@CDriveConfiguration@@QEAAKXZ
?GetTargetDriveLetter@CDriveConfiguration@@QEAAGXZ
?GetTargetPartitionNumber@CDriveConfiguration@@QEAAKXZ
?GetTargetPartitionSize@CDriveConfiguration@@QEAA_KXZ
?ImportSystemStore@CBcdStore@@QEAAJPEBG@Z
?Initialize@CDriveConfiguration@@QEAAJPEBU_BDECFG_PARAMS@@QEAU_BDECFG_SIZE_REQUIREMENTS@@PEAVIConfigurationProgress@@@Z
?InitializeAndHoldLibrary@CBdeCfgLibraryLoader@@AEAAJXZ
?InitializeAndHoldLibraryEntry@CBdeCfgLibraryLoader@@CAXPEAX@Z
?InitializeAndHoldLibrary_Thread@CBdeCfgLibraryLoader@@AEAAJXZ
?InitializeClass@CBcdWmiWrapper@@IEAAJPEBG@Z
?InitializeEntry@CDriveConfiguration@@CAXPEAX@Z
?InitializeFromParams@CDriveConfiguration@@AEAAJPEAUIVdsVolume@@@Z
?InitializeInstance@CBcdWmiWrapper@@IEAAJPEAUIWbemServices@@PEAUIWbemClassObject@@@Z
?InitializeNamespace@CBcdWmiWrapper@@AEAAJXZ
?Initialized@CDriveConfiguration@@QEAA_NXZ
?IsMergeTargetWinRE@CDriveConfiguration@@QEAAJPEAH@Z
?LibraryLoaded@CBdeCfgLibraryLoader@@QEAA_NXZ
?Load@CBdeCfgLibraryLoader@@QEAAJXZ
?OpenStore@CBcdStore@@QEAAJPEBGPEAPEAV1@@Z
?QueryStepPercentComplete@CDriveConfiguration@@QEAAJPEAK@Z
?RemapObjectDevices@CBcdStore@@QEAAJPEBG0@Z
?SetConfigurationStep@CDriveConfiguration@@AEAAJW4_BDECFG_STEP_ID@@@Z
?Thread_ConfigureDrive@CDriveConfiguration@@AEAAJXZ
?Thread_Initialize@CDriveConfiguration@@AEAAJXZ
?Unload@CBdeCfgLibraryLoader@@QEAAXXZ
BdeCfgCalculateSizeRequirements
BdeCfgCanCreateActivePartOnDisk
BdeCfgCheckAndGetBootVolume
BdeCfgCheckGPTRecoveryPartition
BdeCfgCheckVolumeAsCandidate
BdeCfgCleanupOldBootFiles
BdeCfgCountGPTPartitions
BdeCfgCreateWinREPartitionGPT
BdeCfgDetectWinRESize
BdeCfgDetectWinREVolumeName
BdeCfgDisableWinRE
BdeCfgFindBasicVolumeExtent
BdeCfgFindCandidateVolumes
BdeCfgFindGPTRecoveryPartitionCandidate
BdeCfgFindLargestUnallocatedExtent
BdeCfgFindRecoveryPartitionGPT
BdeCfgFindVolumeWithName
BdeCfgFindVolumeWithProp
BdeCfgGetBootVolume
BdeCfgGetDeviceNameFromVolume
BdeCfgGetMaxShrinkSize
BdeCfgGetNtfsVolumeSize
BdeCfgGetVolumeDisk
BdeCfgGetVolumeDriveLetter
BdeCfgGetVolumeFromId
BdeCfgInitialize
BdeCfgIsDiskConfiguredForBitLocker
BdeCfgIsElevated
BdeCfgIsWinREOnOSVolume
BdeCfgLoadErrorString
BdeCfgLoadResourceString
BdeCfgLogCandidateDrive
BdeCfgLogClose
BdeCfgLogCommandLineParams
BdeCfgLogDetectedWinRE
BdeCfgLogEnumExtent
BdeCfgLogError
BdeCfgLogFailedTarget
BdeCfgLogFoundUnallocatedExtent
BdeCfgLogInit
BdeCfgLogWarning
BdeCfgMigrateBootHive
BdeCfgMoveWinRE
BdeCfgRestart
BdeCfgSecureFormatPartition
BdeCfgShrinkSimpleVolume
BdeCfgUninitialize

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BingASDS.dll
.dll windows:10 windows x64 arch:x64

67ac2f3a2a929b0d9d27d4d07679312e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

BingASDS.pdb

Imports

msvcrt

__crtCompareStringW
_wcsdup
abort
__crtCompareStringA
memset
localeconv
strcspn
sprintf_s
isdigit
ldexp
_W_Gettnames
_W_Getmonths
isalnum
realloc
calloc
isupper
_W_Getdays
_ismbblead
___lc_codepage_func
_Getmonths
___mb_cur_max_func
memcmp
setlocale
rand_s
wcsncmp
_wtol
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
__mb_cur_max
___lc_collate_cp_func
memchr
tolower
isspace
_Strftime
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_Getdays
islower
_callnewh
malloc
??_V@YAXPEAX@Z
memmove_s
_Gettnames
_errno
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
_wsetlocale
__crtLCMapStringA
_Wcsftime
___lc_handle_func
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
memcpy_s
__crtLCMapStringW
_vsnwprintf
__pctype_func
__CxxFrameHandler4

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleHandleExA

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
CreateEventW
DeleteCriticalSection
CreateEventExW
TryAcquireSRWLockExclusive
ResetEvent
AcquireSRWLockShared
InitializeCriticalSectionEx
SetEvent
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
CreateMutexExW
InitializeSRWLock

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

CreateThread
OpenThreadToken
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
ResumeThread
TerminateProcess
GetCurrentProcess
OpenProcessToken

api-ms-win-core-localization-l1-2-0

LCMapStringW
FormatMessageW
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister
EventActivityIdControl
EventSetInformation

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
CoGetApartmentType
CoCreateInstance
CreateStreamOnHGlobal
CoCreateFreeThreadedMarshaler

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

GetTokenInformation
CheckTokenMembership
CreateWellKnownSid

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer

oleaut32

SysAllocStringLen
SysFreeString

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegGetValueW
RegCloseKey

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

winhttp

WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpSetOption
WinHttpCloseHandle
WinHttpSendRequest
WinHttpSetStatusCallback
WinHttpQueryHeaders
WinHttpConnect
WinHttpCrackUrl
WinHttpReadData
WinHttpOpenRequest
WinHttpReceiveResponse

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-url-l1-1-0

UrlEscapeW

ntdll

RtlIsMultiUsersInSessionSku

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 292KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BingFilterDS.dll
.dll windows:10 windows x64 arch:x64

4e6fe2ab19e8816e4fc8ae7256af612a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

BingFilterDS.pdb

Imports

msvcrt

memcmp
__C_specific_handler
__CxxFrameHandler3
malloc
free
_amsg_exit
_XcptFilter
_vsnprintf_s
??1type_info@@UEAA@XZ
_onexit
wcsncmp
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
memcpy_s
?terminate@@YAXXZ
__dllonexit
__CxxFrameHandler4
_unlock
swprintf_s
_lock
_vsnwprintf
??_V@YAXPEAX@Z
_initterm
memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
InitOnceComplete
InitOnceBeginInitialize
SleepConditionVariableSRW
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseSemaphore
ReleaseSRWLockExclusive
CreateSemaphoreExW
CreateMutexExW
ReleaseMutex
InitializeSRWLock
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
TryAcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventRegister
EventUnregister

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-localization-l1-2-0

LCMapStringW
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-com-l1-1-0

CoCreateInstance

oleaut32

SysStringLen

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BingMaps.dll
.dll windows:10 windows x64 arch:x64

b70aa12ed9096e15f6c9eb9be95ea739

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

BingMaps.pdb

Imports

msvcp_win

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGD@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?fail@ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAM@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$ctype@G@std@@2V0locale@2@A
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@G@std@@QEBAGD@Z
??Bid@locale@std@@QEAA_KXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z
?precision@ios_base@std@@QEAA_J_J@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAI@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_K@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAN@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Random_device@std@@YAIXZ
?put@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@G@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEBX@Z
?flags@ios_base@std@@QEBAHXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
?good@ios_base@std@@QEBA_NXZ
?uncaught_exception@std@@YA_NXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setf@ios_base@std@@QEAAHHH@Z
?_Xbad_function_call@std@@YAXXZ
??7ios_base@std@@QEBA_NXZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?setf@ios_base@std@@QEAAHH@Z
?_Xruntime_error@std@@YAXPEBD@Z
?_Makeloc@_Locimp@locale@std@@CAPEAV123@AEBV_Locinfo@3@HPEAV123@PEBV23@@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@_N@Z
?toupper@?$ctype@G@std@@QEBAGG@Z
?_Getname@_Locinfo@std@@QEBAPEBDXZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@HPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__free_locale
_o__gmtime64_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__msize
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
__intrinsic_setjmp
_o__wstat64i32
_o__wtoi_l
_o_acos
_o_asin
_o_atan
_o_atan2
_o_atof
_o_atoi
_o_atol
_o_ceil
_o_ceilf
_o_cos
_o_cosf
_o_exp
_o_exp2f
_o_fclose
_o_floor
_o_floorf
_o_fmod
_o_fmodf
_o_fopen
_o_fread
_o_free
_o_fseek
_o_ftell
_o_isdigit
_o_islower
_o_isspace
_o_isupper
_o_log
_o_log2
_o_lroundf
_o_malloc
_o_modf
_o_modff
_o_pow
_o_powf
_o_qsort
_o_rand_s
_o_realloc
_o_round
_o_roundf
_o_sin
_o_sinf
_o_sinh
_o_sqrt
_o_sqrtf
_o_strcpy_s
_o_tan
_o_terminate
_o_tolower
_o_toupper
_o_towlower
_o_towupper
_o_wcstod
_o_wcstol
_o_wcstoll
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__expand
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o__execute_onexit_table
_o___stdio_common_vswprintf
_o___stdio_common_vsscanf
_o__errno
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_type_info_compare
__std_terminate
__CxxFrameHandler4
_o__dclass
_o__crt_atexit
_o__create_locale
_o__configure_narrow_argv
strchr
longjmp
strrchr
strstr
_o__cexit
__RTtypeid
_o__callnewh
__RTDynamicCast
memchr
memcmp
memcpy
memmove

api-ms-win-crt-string-l1-1-0

strncmp
memset
strncpy
strcmp

mapconfiguration

ConfigurationManager_GetLocaleMapConfiguration
ConfigurationManager_Create

api-ms-win-core-psm-app-l1-1-0

PsmRegisterAppStateChangeNotification
PsmUnregisterAppStateChangeNotification

api-ms-win-core-libraryloader-l1-2-0

LockResource
SizeofResource
GetModuleFileNameA
GetModuleHandleExW
LoadResource
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleW
LoadLibraryExW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsConcatString
WindowsDeleteString
WindowsDuplicateString
WindowsCreateStringReference
WindowsCreateString

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo
RoTransformError
RoFailFastWithErrorContext
RoOriginateError
SetRestrictedErrorInfo
RoOriginateErrorW

api-ms-win-core-com-l1-1-0

CoReleaseMarshalData
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoGetApartmentType
CreateStreamOnHGlobal
CoMarshalInterface
CoTaskMemAlloc

api-ms-win-core-synch-l1-1-0

WaitForMultipleObjectsEx
CreateEventW
AcquireSRWLockShared
WaitForSingleObject
CreateSemaphoreExW
ReleaseSemaphore
DeleteCriticalSection
ReleaseSRWLockExclusive
ReleaseMutex
ResetEvent
OpenSemaphoreW
CreateMutexExW
ReleaseSRWLockShared
InitializeCriticalSectionAndSpinCount
AcquireSRWLockExclusive
TryEnterCriticalSection
SetEvent
CreateEventExW
WaitForSingleObjectEx
EnterCriticalSection
InitializeSRWLock
LeaveCriticalSection
InitializeCriticalSectionEx

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
RoReportFailedDelegate

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressSingle
InitOnceExecuteOnce

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
OpenProcessToken
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-path-l1-1-0

PathCchCanonicalize

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureStackBackTrace
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-localization-l1-2-0

FormatMessageW
FormatMessageA
GetLocaleInfoEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-file-l1-1-0

DeleteFileW
CreateDirectoryW
ReadFile
FindFirstFileW
GetFileSizeEx
FindNextFileW
WriteFile
GetFileAttributesExW
RemoveDirectoryW
FindClose
SetFileAttributesW

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventRegister
EventUnregister

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-file-l1-2-0

CreateFile2

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-io-l1-1-0

CancelIoEx

api-ms-win-core-psapi-l1-1-0

K32GetPerformanceInfo

api-ms-win-core-kernel32-legacy-l1-1-0

BindIoCompletionCallback

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-downlevel-shlwapi-l2-1-0

SHCreateMemStream

d2d1

ord1

d3d11

D3D11CreateDevice

dwrite

DWriteCreateFactory

dxgi

DXGIGetDebugInterface1
CreateDXGIFactory2
CreateDXGIFactory1

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOverStream

ztrace_maps

ZTraceClose
ZTraceReportOriginationNoThis
ZTraceReportOrigination
ZTraceReportPropagation
ZTraceReportIgnore
ZTraceHelper
ZTraceReportPropagationNoThis
ZTraceInit
ZTraceReportIgnoreNoThis

api-ms-win-crt-math-l1-1-0

truncf

api-ms-win-crt-time-l1-1-0

_time64

moshostclient

MosHostClose
MosHostOpen
MosGetDataAsyncOperation
MosDeleteDataAsyncOperation

Exports

Exports

GetBingMapsFactory

Sections

.text
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 524KB - Virtual size: 548KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 260KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BingOnlineServices.dll
.dll windows:10 windows x64 arch:x64

0993f9c26a9781ca845d65a5ba42d011

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

BingOnlineServices.pdb

Imports

msvcp_win

?width@ios_base@std@@QEAA_J_J@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Syserror_map@std@@YAPEBDH@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
?__ExceptionPtrCompare@@YA_NPEBX0@Z
?_Winerror_map@std@@YAHH@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?fail@ios_base@std@@QEBA_NXZ
?eof@ios_base@std@@QEBA_NXZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEA_K@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?get@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAGXZ
??Bios_base@std@@QEBA_NXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?width@ios_base@std@@QEBA_JXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAH@Z
?imbue@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?bad@ios_base@std@@QEBA_NXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?setf@ios_base@std@@QEAAHHH@Z
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?widen@?$ctype@G@std@@QEBAGD@Z
?classic@locale@std@@SAAEBV12@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Xbad_function_call@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
_Wcsxfrm
?_Xlength_error@std@@YAXPEBD@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?id@?$ctype@G@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?id@?$collate@G@std@@2V0locale@2@A
_Wcscoll
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Xbad_alloc@std@@YAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o___pctype_func
_o___std_exception_copy
_o___std_exception_destroy
_o___std_type_info_destroy_list
_o___stdio_common_vsnprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswscanf
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__create_locale
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__free_locale
_o__i64toa_s
_o__i64tow_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
strchr
_o__isctype_l
__std_terminate
__std_type_info_compare
__CxxFrameHandler4
_o__purecall
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__stricmp
_o__strtod_l
_o__ui64toa_s
_o__ui64tow_s
_o__wcsicmp
_o__wcstod_l
_o__wtoi
_o_free
_o_isalpha
_o_isdigit
_o_isspace
_o_iswspace
_o_malloc
_o_realloc
_o_setlocale
_o_terminate
_o_tolower
_o_wcstok_s
_o_wcstol
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcsnlen
strnlen

ztrace_maps

ZTraceReportPropagationNoThis
ZTraceHelper
ZTraceClose
ZTraceInit
ZTraceHelperNoThis
ZTraceReportOriginationNoThis

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleA
DisableThreadLibraryCalls
GetModuleHandleW
GetProcAddress

api-ms-win-core-localization-l1-2-0

FormatMessageA
GetLocaleInfoEx
FormatMessageW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
WaitForSingleObjectEx
EnterCriticalSection
InitializeCriticalSection
InitializeSRWLock
ReleaseSemaphore
AcquireSRWLockShared
ReleaseSRWLockExclusive
ReleaseSRWLockShared
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateSemaphoreExW
ReleaseMutex
AcquireSRWLockExclusive
SetEvent
OpenSemaphoreW
ResetEvent
CreateMutexExW
CreateEventW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureStackBackTrace
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

mapconfiguration

ConfigurationManager_Create

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork

winhttp

WinHttpCloseHandle
WinHttpSetStatusCallback
WinHttpQueryHeaders
WinHttpQueryOption
WinHttpReceiveResponse
WinHttpOpen
WinHttpSetTimeouts
WinHttpSetOption
WinHttpConnect
WinHttpGetProxyForUrl
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpWriteData
WinHttpQueryAuthSchemes
WinHttpSetCredentials

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateContext
CryptProtectMemory
CertVerifyCertificateChainPolicy
CryptUnprotectMemory

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-datetime-l1-1-1

GetTimeFormatEx
GetDateFormatEx

bcrypt

BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-registry-l1-1-0

RegGetValueW

Exports

Exports

?$TSS0@?1??getMaxAgeInSeconds@OnlineServiceData@BingOnlineServices@@QEBA?BIXZ@4HA
??0BoundingBox@BingOnlineServices@@QEAA@NNNN@Z
??0CopyrightData@BingOnlineServices@@QEAA@$$QEAV01@@Z
??0CopyrightData@BingOnlineServices@@QEAA@AEBV01@@Z
??0CopyrightData@BingOnlineServices@@QEAA@XZ
??0CopyrightDataImpl@BingOnlineServices@@QEAA@$$QEAV01@@Z
??0CopyrightDataImpl@BingOnlineServices@@QEAA@AEBV01@@Z
??0CopyrightDataImpl@BingOnlineServices@@QEAA@XZ
??0CopyrightRequest@BingOnlineServices@@QEAA@$$QEAV01@@Z
??0CopyrightRequest@BingOnlineServices@@QEAA@AEBV01@@Z
??0CopyrightRequest@BingOnlineServices@@QEAA@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0_N@Z
??0Geopoint@BingOnlineServices@@QEAA@NNN@Z
??0Geoposition@BingOnlineServices@@QEAA@NNN@Z
??0OnlineServiceData@BingOnlineServices@@QEAA@AEBV01@@Z
??0OnlineServiceData@BingOnlineServices@@QEAA@XZ
??0OnlineServiceResponse@BingOnlineServices@@QEAA@$$QEAU01@@Z
??0OnlineServiceResponse@BingOnlineServices@@QEAA@AEBU01@@Z
??0OnlineServiceResponse@BingOnlineServices@@QEAA@XZ
??0_file_info@details@streams@Concurrency@@QEAA@H_K@Z
??0_http_request@details@http@web@@QEAA@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
??0_http_request@details@http@web@@QEAA@V?$unique_ptr@V_http_server_context@details@http@web@@U?$default_delete@V_http_server_context@details@http@web@@@std@@@std@@@Z
??0critical_section_impl@details@pplx@@QEAA@XZ
??0event_impl@details@pplx@@QEAA@XZ
??0http_client@client@http@web@@QEAA@AEBVuri@3@@Z
??0http_client@client@http@web@@QEAA@AEBVuri@3@AEBVhttp_client_config@123@@Z
??0http_msg_base@details@http@web@@QEAA@XZ
??0reader_writer_lock_impl@details@pplx@@QEAA@XZ
??0scoped_c_thread_locale@details@utility@@QEAA@XZ
??0uri@web@@QEAA@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
??0uri@web@@QEAA@PEBG@Z
??0value@json@web@@QEAA@$$QEAV012@@Z
??0value@json@web@@QEAA@AEBV012@@Z
??0value@json@web@@QEAA@H@Z
??0value@json@web@@QEAA@I@Z
??0value@json@web@@QEAA@N@Z
??0value@json@web@@QEAA@PEBG@Z
??0value@json@web@@QEAA@PEBG_N@Z
??0value@json@web@@QEAA@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
??0value@json@web@@QEAA@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_N@Z
??0value@json@web@@QEAA@XZ
??0value@json@web@@QEAA@_J@Z
??0value@json@web@@QEAA@_K@Z
??0value@json@web@@QEAA@_N@Z
??0win32_encryption@details@web@@QEAA@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
??1CopyrightData@BingOnlineServices@@UEAA@XZ
??1CopyrightDataImpl@BingOnlineServices@@UEAA@XZ
??1CopyrightRequest@BingOnlineServices@@QEAA@XZ
??1OnlineServiceData@BingOnlineServices@@UEAA@XZ
??1OnlineServiceResponse@BingOnlineServices@@QEAA@XZ
??1critical_section_impl@details@pplx@@QEAA@XZ
??1event_impl@details@pplx@@QEAA@XZ
??1scoped_c_thread_locale@details@utility@@QEAA@XZ
??1win32_encryption@details@web@@QEAA@XZ
??4BoundingBox@BingOnlineServices@@QEAAAEAU01@$$QEAU01@@Z
??4BoundingBox@BingOnlineServices@@QEAAAEAU01@AEBU01@@Z
??4CopyrightData@BingOnlineServices@@QEAAAEAV01@$$QEAV01@@Z
??4CopyrightData@BingOnlineServices@@QEAAAEAV01@AEBV01@@Z
??4CopyrightDataImpl@BingOnlineServices@@QEAAAEAV01@$$QEAV01@@Z
??4CopyrightDataImpl@BingOnlineServices@@QEAAAEAV01@AEBV01@@Z
??4CopyrightRequest@BingOnlineServices@@QEAAAEAV01@$$QEAV01@@Z
??4CopyrightRequest@BingOnlineServices@@QEAAAEAV01@AEBV01@@Z
??4Geopoint@BingOnlineServices@@QEAAAEAU01@$$QEAU01@@Z
??4Geopoint@BingOnlineServices@@QEAAAEAU01@AEBU01@@Z
??4Geoposition@BingOnlineServices@@QEAAAEAU01@$$QEAU01@@Z
??4Geoposition@BingOnlineServices@@QEAAAEAU01@AEBU01@@Z
??4OnlineServiceData@BingOnlineServices@@QEAAAEAV01@AEBV01@@Z
??4OnlineServiceResponse@BingOnlineServices@@QEAAAEAU01@$$QEAU01@@Z
??4OnlineServiceResponse@BingOnlineServices@@QEAAAEAU01@AEBU01@@Z
??4ServiceDataHelper@BingOnlineServices@@QEAAAEAV01@$$QEAV01@@Z
??4ServiceDataHelper@BingOnlineServices@@QEAAAEAV01@AEBV01@@Z
??4ServiceRequestHelper@BingOnlineServices@@QEAAAEAV01@$$QEAV01@@Z
??4ServiceRequestHelper@BingOnlineServices@@QEAAAEAV01@AEBV01@@Z
??4value@json@web@@QEAAAEAV012@$$QEAV012@@Z
??4value@json@web@@QEAAAEAV012@AEBV012@@Z
??5json@web@@YAAEAV?$basic_istream@GU?$char_traits@G@std@@@std@@AEAV23@AEAVvalue@01@@Z
??6json@web@@YAAEAV?$basic_ostream@GU?$char_traits@G@std@@@std@@AEAV23@AEBVvalue@01@@Z
??8uri@web@@QEBA_NAEBV01@@Z
??8value@json@web@@QEBA_NAEBV012@@Z
??Avalue@json@web@@AEAAAEAV012@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??Avalue@json@web@@QEAAAEAV012@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
??Avalue@json@web@@QEAAAEAV012@_K@Z
??Rzero_memory_deleter@details@web@@QEBAXPEAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
??_7CopyrightData@BingOnlineServices@@6B@
??_7CopyrightDataImpl@BingOnlineServices@@6B@
??_7OnlineServiceData@BingOnlineServices@@6B@
??_FBoundingBox@BingOnlineServices@@QEAAXXZ
??_FGeopoint@BingOnlineServices@@QEAAXXZ
??_FGeoposition@BingOnlineServices@@QEAAXXZ
?CONNECT@methods@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?CaptureCallstack@platform@details@pplx@@YA_KPEAPEAX_K1@Z
?CheckHResultThrowAtFailed@CopyrightRequest@BingOnlineServices@@AEAAXJPEBD@Z
?CompareValueCaseInsensitive@ServiceDataHelper@BingOnlineServices@@SA?B_NAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z
?CompareValueCaseInsensitive@ServiceDataHelper@BingOnlineServices@@SA?B_NAEBVvalue@json@web@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?DEFAULT_BOOL@ServiceDataHelper@BingOnlineServices@@2_NA
?DEFAULT_DOUBLE@ServiceDataHelper@BingOnlineServices@@2NA
?DEFAULT_INT@ServiceDataHelper@BingOnlineServices@@2HA
?DEFAULT_STRING@ServiceDataHelper@BingOnlineServices@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@A
?DEL@methods@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?ExecuteAsync@CopyrightRequest@BingOnlineServices@@QEAA?AV?$task@VCopyrightData@BingOnlineServices@@@pplx@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBUBoundingBox@2@I@Z
?ExecuteAsync@CopyrightRequest@BingOnlineServices@@QEAA?AV?$task@VCopyrightData@BingOnlineServices@@@pplx@@AEBV?$vector@HV?$allocator@H@std@@@std@@@Z
?ExtractCookies@ServiceRequestHelper@BingOnlineServices@@SA?BV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBV34@@Z
?GET@methods@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?GetCurrentThreadId@platform@details@pplx@@YAJXZ
?GetJsonBoolValueForPath@ServiceDataHelper@BingOnlineServices@@SA?B_NAEBVvalue@json@web@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_N@Z
?GetJsonDoubleValueForPath@ServiceDataHelper@BingOnlineServices@@SA?BNAEBVvalue@json@web@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@N@Z
?GetJsonIntValueForPath@ServiceDataHelper@BingOnlineServices@@SA?BHAEBVvalue@json@web@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@H@Z
?GetJsonStringValueForPath@ServiceDataHelper@BingOnlineServices@@SA?BV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBVvalue@json@web@@AEBV34@V34@@Z
?GetSystemLocaleInfo@CopyrightRequest@BingOnlineServices@@AEAAXPEAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0@Z
?GetValueFromConfig@CopyrightRequest@BingOnlineServices@@AEAA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@W4ConfigurationManagerKeys@@@Z
?HEAD@methods@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?IsValid@BoundingBox@BingOnlineServices@@SA_NU12@@Z
?IsValid@Geopoint@BingOnlineServices@@SA_NU12@@Z
?IsValid@Geoposition@BingOnlineServices@@SA_NU12@@Z
?MERGE@methods@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?MakeJsonRequestAsync@ServiceRequestHelper@BingOnlineServices@@SA?AV?$task@UOnlineServiceResponse@BingOnlineServices@@@pplx@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0AEBV?$map@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V12@U?$less@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V12@@std@@@2@@6@1@Z
?MakeJsonRequestAsync@ServiceRequestHelper@BingOnlineServices@@SA?AV?$task@UOnlineServiceResponse@BingOnlineServices@@@pplx@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?OPTIONS@methods@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?PATCH@methods@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?POST@methods@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?PUT@methods@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?ParseCopyrightResponse@CopyrightDataImpl@BingOnlineServices@@QEAAXAEBVvalue@json@web@@@Z
?ProcessResponse@ServiceRequestHelper@BingOnlineServices@@SA?AV?$task@UOnlineServiceResponse@BingOnlineServices@@@pplx@@AEBVhttp_response@http@web@@@Z
?ReplaceFragmentUri@ServiceRequestHelper@BingOnlineServices@@SA?BV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBV34@000@Z
?ReplaceFragmentUri@ServiceRequestHelper@BingOnlineServices@@SA?BV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBV34@000AEBUBoundingBox@2@I@Z
?SetHttpResponseData@OnlineServiceData@BingOnlineServices@@QEAAXH_JV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@11@Z
?SetRunningInService@ServiceRequestHelper@BingOnlineServices@@SAXXZ
?TRCE@methods@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?Teardown@ServiceRequestHelper@BingOnlineServices@@SAXXZ
?TryGetJsonArrayForPath@ServiceDataHelper@BingOnlineServices@@SA_NAEBVvalue@json@web@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEAV345@@Z
?TryGetJsonNodeForPath@ServiceDataHelper@BingOnlineServices@@SA_NAEBVvalue@json@web@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEAV345@@Z
?YieldExecution@platform@details@pplx@@YAXXZ
?_authenticate_request@oauth1_config@experimental@oauth1@http@web@@AEAAXAEAVhttp_request@45@Voauth1_state@details@345@@Z
?_build_signature_base_string@oauth1_config@experimental@oauth1@http@web@@QEBA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@Vhttp_request@45@Voauth1_state@details@345@@Z
?_complete@http_msg_base@details@http@web@@UEAAX_KAEBVexception_ptr@std@@@Z
?_extract_json@http_msg_base@details@http@web@@QEAA?AVvalue@json@4@_N@Z
?_extract_vector@http_msg_base@details@http@web@@QEAA?AV?$vector@EV?$allocator@E@std@@@std@@XZ
?_get_content_length@http_msg_base@details@http@web@@QEAA_KXZ
?_hmac_sha1@oauth1_config@experimental@oauth1@http@web@@CA?AV?$vector@EV?$allocator@E@std@@@std@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@7@0@Z
?_prepare_to_receive_data@http_msg_base@details@http@web@@QEAAXXZ
?_request_token@oauth1_config@experimental@oauth1@http@web@@AEAA?AV?$task@X@pplx@@Voauth1_state@details@345@_N@Z
?absolute_uri@_http_request@details@http@web@@QEBA?AVuri@4@XZ
?accept@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?accept_charset@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?accept_encoding@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?accept_language@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?accept_ranges@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?add_chunked_delimiters@chunked_encoding@details@http@web@@YA_KPEAE_K1@Z
?age@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?allow@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?append@uri_builder@web@@QEAAAEAV12@AEBVuri@2@@Z
?append_path@uri_builder@web@@QEAAAEAV12@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_N@Z
?append_query@uri_builder@web@@QEAAAEAV12@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_N@Z
?application_atom_xml@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?application_http@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?application_javascript@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?application_json@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?application_octetstream@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?application_x_www_form_urlencoded@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?application_xjavascript@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?application_xjson@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?application_xml@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?array@value@json@web@@SA?AV123@V?$vector@Vvalue@json@web@@V?$allocator@Vvalue@json@web@@@std@@@std@@@Z
?array@value@json@web@@SA?AV123@XZ
?array@value@json@web@@SA?AV123@_K@Z
?as_array@value@json@web@@QEAAAEAVarray@23@XZ
?as_array@value@json@web@@QEBAAEBVarray@23@XZ
?as_bool@value@json@web@@QEBA_NXZ
?as_double@value@json@web@@QEBANXZ
?as_integer@value@json@web@@QEBAHXZ
?as_number@value@json@web@@QEBAAEBVnumber@23@XZ
?as_object@value@json@web@@QEAAAEAVobject@23@XZ
?as_object@value@json@web@@QEBAAEBVobject@23@XZ
?as_string@value@json@web@@QEBAAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?ascii@charset_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?at@value@json@web@@QEAAAEAV123@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?at@value@json@web@@QEAAAEAV123@_K@Z
?at@value@json@web@@QEBAAEBV123@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?at@value@json@web@@QEBAAEBV123@_K@Z
?authority@uri@web@@QEBA?AV12@XZ
?authorization@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?base_uri@http_client@client@http@web@@QEBAAEBVuri@4@XZ
?boolean@value@json@web@@SA?AV123@_N@Z
?boundary@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?build_authorization_uri@oauth1_config@experimental@oauth1@http@web@@QEAA?AV?$task@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@pplx@@XZ
?c_locale@scoped_c_thread_locale@details@utility@@SAPEAU__crt_locale_pointers@@XZ
?cache_control@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?cache_control@http_headers@http@web@@QEBA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?callback@oauth1_strings@details@oauth1@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?callback_confirmed@oauth1_strings@details@oauth1@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?client_config@http_client@client@http@web@@QEBAAEBVhttp_client_config@234@XZ
?connection@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?consumer_key@oauth1_strings@details@oauth1@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?content_disposition@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?content_encoding@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?content_language@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?content_length@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?content_length@http_headers@http@web@@QEBA_KXZ
?content_location@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?content_md5@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?content_range@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?content_type@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?content_type@http_headers@http@web@@QEBA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?date@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?date@http_headers@http@web@@QEBA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?decode@uri@web@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBV34@@Z
?decrypt@win32_encryption@details@web@@QEBA?AV?$unique_ptr@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@Vzero_memory_deleter@details@web@@@std@@XZ
?default_error_condition@windows_category_impl@details@utility@@UEBA?AVerror_condition@std@@H@Z
?encode_data_string@uri@web@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBV34@@Z
?encode_impl@uri@web@@CA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBV34@AEBV?$function@$$A6A_NH@Z@4@@Z
?encode_uri@uri@web@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBV34@W4component@components@12@@Z
?erase@value@json@web@@QEAAXAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?erase@value@json@web@@QEAAX_K@Z
?etag@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?expect@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?expires@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?extract_string@http_msg_base@details@http@web@@QEAA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_N@Z
?extract_utf16string@http_msg_base@details@http@web@@QEAA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_N@Z
?extract_utf8string@http_msg_base@details@http@web@@QEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
?form_data@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?format@value@json@web@@AEBAXAEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?format@value@json@web@@AEBAXAEAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?from@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?from_base64@conversions@utility@@YA?AV?$vector@EV?$allocator@E@std@@@std@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@4@@Z
?from_string@datetime@utility@@SA?AV12@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@W4date_format@12@@Z
?generate@nonce_generator@utility@@QEAA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?getCacheControl@OnlineServiceData@BingOnlineServices@@QEBAAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?getContentLength@OnlineServiceData@BingOnlineServices@@QEBA?B_JXZ
?getContentType@OnlineServiceData@BingOnlineServices@@QEBAAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?getCookies@OnlineServiceData@BingOnlineServices@@QEBAAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?getHttpStatus@OnlineServiceData@BingOnlineServices@@QEBA?BHXZ
?getImageryProviders@CopyrightData@BingOnlineServices@@QEBAAEBV?$vector@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$allocator@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@@std@@XZ
?getMaxAgeInSeconds@OnlineServiceData@BingOnlineServices@@QEBA?BIXZ
?get_ambient_scheduler@pplx@@YA?AV?$shared_ptr@Uscheduler_interface@pplx@@@std@@XZ
?hmac_sha1@oauth1_methods@experimental@oauth1@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?host@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?if_match@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?if_modified_since@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?if_none_match@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?if_range@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?if_unmodified_since@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?is_double@value@json@web@@QEBA_NXZ
?is_int32@number@json@web@@QEBA_NXZ
?is_int64@number@json@web@@QEBA_NXZ
?is_integer@value@json@web@@QEBA_NXZ
?is_uint32@number@json@web@@QEBA_NXZ
?is_valid@uri_builder@web@@QEAA_NXZ
?join@uri_components@details@web@@QEAA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?keep_object_element_order@json@web@@YAX_N@Z
?last_modified@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?latin1@charset_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?latin1_to_utf16@conversions@utility@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z
?latin1_to_utf8@conversions@utility@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV34@@Z
?location@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?lock@critical_section_impl@details@pplx@@QEAAXXZ
?lock@reader_writer_lock_impl@details@pplx@@QEAAXXZ
?lock_read@reader_writer_lock_impl@details@pplx@@QEAAXXZ
?ltrim_whitespace@details@http@web@@YAXAEAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?max_forwards@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?message@windows_category_impl@details@utility@@UEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?message_http@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?multipart_form_data@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?nonce@oauth1_strings@details@oauth1@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?null@value@json@web@@SA?AV123@XZ
?number@value@json@web@@SA?AV123@H@Z
?number@value@json@web@@SA?AV123@I@Z
?number@value@json@web@@SA?AV123@N@Z
?number@value@json@web@@SA?AV123@_J@Z
?number@value@json@web@@SA?AV123@_K@Z
?object@value@json@web@@SA?AV123@V?$vector@U?$pair@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@Vvalue@json@web@@@std@@V?$allocator@U?$pair@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@Vvalue@json@web@@@std@@@2@@std@@_N@Z
?object@value@json@web@@SA?AV123@_N@Z
?parse@value@json@web@@SA?AV123@AEAV?$basic_istream@DU?$char_traits@D@std@@@std@@@Z
?parse@value@json@web@@SA?AV123@AEAV?$basic_istream@DU?$char_traits@D@std@@@std@@AEAVerror_code@5@@Z
?parse@value@json@web@@SA?AV123@AEAV?$basic_istream@GU?$char_traits@G@std@@@std@@@Z
?parse@value@json@web@@SA?AV123@AEAV?$basic_istream@GU?$char_traits@G@std@@@std@@AEAVerror_code@5@@Z
?parse@value@json@web@@SA?AV123@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?parse@value@json@web@@SA?AV123@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEAVerror_code@5@@Z
?plaintext@oauth1_methods@experimental@oauth1@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?platform_category@details@utility@@YAAEBVerror_category@std@@XZ
?pragma@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?proxy_authenticate@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?proxy_authorization@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?range@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?realm@oauth1_strings@details@oauth1@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?referer@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?relative_uri@_http_request@details@http@web@@QEBA?AVuri@4@XZ
?request@http_client@client@http@web@@QEAA?AV?$task@Vhttp_response@http@web@@@pplx@@Vhttp_request@34@AEBVcancellation_token@6@@Z
?reset@event_impl@details@pplx@@QEAAXXZ
?resource@uri@web@@QEBA?AV12@XZ
?retry_after@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?rtrim_whitespace@details@http@web@@YAXAEAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?s_cancellationToken@ServiceRequestHelper@BingOnlineServices@@0Vcancellation_token_source@pplx@@A
?s_runningInService@ServiceRequestHelper@BingOnlineServices@@0_NA
?sc_maxAgeRegex@?1??getMaxAgeInSeconds@OnlineServiceData@BingOnlineServices@@QEBA?BIXZ@4V?$basic_regex@GV?$regex_traits@G@std@@@std@@B
?schedule@windows_scheduler@details@pplx@@UEAAXP6AXPEAX@Z0@Z
?seconds_to_xml_duration@timespan@utility@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$duration@_JU?$ratio@$00$00@std@@@chrono@4@@Z
?serialize@value@json@web@@QEBA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?serialize@value@json@web@@QEBAXAEAV?$basic_ostream@DU?$char_traits@D@std@@@std@@@Z
?serialize@value@json@web@@QEBAXAEAV?$basic_ostream@GU?$char_traits@G@std@@@std@@@Z
?server@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?set@event_impl@details@pplx@@QEAAXXZ
?set_ambient_scheduler@pplx@@YAXV?$shared_ptr@Uscheduler_interface@pplx@@@std@@@Z
?set_body@http_msg_base@details@http@web@@QEAAXAEBV?$basic_istream@E@streams@Concurrency@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_body@http_msg_base@details@http@web@@QEAAXAEBV?$basic_istream@E@streams@Concurrency@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?set_body@http_msg_base@details@http@web@@QEAAXAEBV?$basic_istream@E@streams@Concurrency@@_KAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_body@http_msg_base@details@http@web@@QEAAXAEBV?$basic_istream@E@streams@Concurrency@@_KAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?set_cache_control@http_headers@http@web@@QEAAXV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?set_content_length@http_headers@http@web@@QEAAX_K@Z
?set_content_type@http_headers@http@web@@QEAAXV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?set_date@http_headers@http@web@@QEAAXAEBVdatetime@utility@@@Z
?set_request_uri@_http_request@details@http@web@@QEAAXAEBVuri@4@@Z
?signature@oauth1_strings@details@oauth1@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?signature_method@oauth1_strings@details@oauth1@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?split_path@uri@web@@SA?AV?$vector@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V?$allocator@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@@std@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@4@@Z
?split_query@uri@web@@SA?AV?$map@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V12@U?$less@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V12@@std@@@2@@std@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@4@@Z
?string@value@json@web@@CA?AV123@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?string@value@json@web@@SA?AV123@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?string@value@json@web@@SA?AV123@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_N@Z
?system_type_to_datetime@datetime@utility@@CA_NPEAX_KPEAV12@@Z
?te@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?text@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?text_javascript@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?text_json@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?text_plain@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?text_plain_utf16@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?text_plain_utf16le@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?text_plain_utf8@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?text_xjavascript@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?text_xjson@mime_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?timestamp@oauth1_strings@details@oauth1@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?to_base64@conversions@utility@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBV?$vector@EV?$allocator@E@std@@@4@@Z
?to_base64@conversions@utility@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_K@Z
?to_string@_http_request@details@http@web@@UEBA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?to_string@_http_response@details@http@web@@UEBA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?to_string@datetime@utility@@QEBA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@W4date_format@12@@Z
?to_string@http_msg_base@details@http@web@@UEBA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?to_string@uri_builder@web@@QEAA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?to_string@value@json@web@@QEBA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?to_string_t@conversions@utility@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@$$QEAV34@@Z
?to_string_t@conversions@utility@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@$$QEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z
?to_string_t@conversions@utility@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBV34@@Z
?to_string_t@conversions@utility@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z
?to_uri@uri_builder@web@@QEAA?AVuri@2@XZ
?to_utf16string@conversions@utility@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z
?to_utf16string@conversions@utility@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@V34@@Z
?to_utf8string@conversions@utility@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@4@@Z
?to_utf8string@conversions@utility@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V34@@Z
?token@oauth1_config@experimental@oauth1@http@web@@QEBAAEBVoauth1_token@2345@XZ
?token@oauth1_strings@details@oauth1@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?token_from_redirected_uri@oauth1_config@experimental@oauth1@http@web@@QEAA?AV?$task@X@pplx@@AEBVuri@5@@Z
?token_secret@oauth1_strings@details@oauth1@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?trailer@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?transfer_encoding@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?trim_whitespace@details@http@web@@YAXAEAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?type@value@json@web@@QEBA?AW4value_type@123@XZ
?unlock@critical_section_impl@details@pplx@@QEAAXXZ
?unlock@reader_writer_lock_impl@details@pplx@@QEAAXXZ
?upgrade@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?usascii@charset_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?usascii_to_utf16@conversions@utility@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z
?user_agent@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?utc_now@datetime@utility@@SA?AV12@XZ
?utf16@charset_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?utf16_to_utf8@conversions@utility@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@4@@Z
?utf16be@charset_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?utf16le@charset_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?utf8@charset_types@details@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?utf8_to_utf16@conversions@utility@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z
?validate@uri@web@@SA_NAEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?vary@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?verifier@oauth1_strings@details@oauth1@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?version@oauth1_strings@details@oauth1@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?via@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?wait@event_impl@details@pplx@@QEAAII@Z
?warning@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?windows_category@details@utility@@YAAEBVerror_category@std@@XZ
?www_authenticate@header_names@http@web@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@B
?xml_duration_to_seconds@timespan@utility@@YA?AV?$duration@_JU?$ratio@$00$00@std@@@chrono@std@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@5@@Z

Sections

.text
Size: 428KB - Virtual size: 426KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BioCredProv.dll
.dll windows:10 windows x64 arch:x64

9db98ae85828ccf72efa5d1986f2bbae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

BioCredProv.pdb

Imports

msvcp_win

?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
_Mtx_unlock
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Cnd_unregister_at_thread_exit
_Cnd_destroy_in_situ
_Mtx_destroy_in_situ
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
_Cnd_wait
?__ExceptionPtrCurrentException@@YAXPEAX@Z
_Query_perf_counter
_Query_perf_frequency
?_Syserror_map@std@@YAPEBDH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_current_owns
_Xtime_get_ticks
_Cnd_init_in_situ
_Mtx_init_in_situ
_Thrd_join
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
_Cnd_register_at_thread_exit
_Cnd_broadcast
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Cnd_timedwait
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o__wcsicmp
_o_ceilf
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o___stdio_common_vsnprintf_s
_o__execute_onexit_table
_o__errno
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
_o__configure_narrow_argv
_o___stdio_common_vswprintf
__std_terminate
_o__cexit
__CxxFrameHandler4
_o__callnewh
_o__beginthreadex
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

strcmp
memset

dsreg

DsrGetJoinInfo
DsrFreeJoinInfo

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
SizeofResource
LoadResource
GetProcAddress
FindResourceExW
GetModuleHandleW
DisableThreadLibraryCalls
LoadStringW
GetModuleHandleExA
LockResource
FreeLibrary
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

ResetEvent
CreateSemaphoreExW
EnterCriticalSection
SetEvent
ReleaseSemaphore
InitializeCriticalSectionAndSpinCount
InitializeSRWLock
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
CreateEventExW
ReleaseMutex
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateEventW
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
SetLastError
GetLastError

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
ProcessIdToSessionId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage
GetThreadUILanguage

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CLSIDFromString
CoUninitialize
CoGetMalloc
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoInitializeEx

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

EqualSid
GetLengthSid
CopySid
IsValidSid
GetTokenInformation
IsWellKnownSid

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegQueryInfoKeyW
RegGetValueW
RegQueryValueExW
RegCloseKey
RegDeleteTreeW
RegOpenKeyExW
RegEnumKeyExW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

ntdll

RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
RtlGetNtProductType
RtlIsMultiSessionSku
RtlFreeAnsiString

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 264KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BitLockerCsp.dll
.dll windows:10 windows x64 arch:x64

80d95f27224378159424888dd3e044a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

BitLockerCSP.pdb

Imports

msvcp110_win

?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z

msvcrt

_wcsnicmp
_wtoi
_wcsicmp
_CxxThrowException
memcmp
memcpy
memmove
wcstok
__CxxFrameHandler3
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
_callnewh
malloc
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
__CxxFrameHandler4
memset

ntdll

RtlNtStatusToDosError
NtGetCachedSigningLevel
NtQuerySystemInformation
NtQueryInformationToken
NtDuplicateToken
NtOpenProcessToken
RtlEqualSid
RtlSubAuthorityCountSid
RtlGetDeviceFamilyInfoEnum
NtClose
RtlCopySid
RtlLengthSid
RtlGetNtProductType
RtlInitUnicodeString
RtlSubAuthoritySid
RtlInitializeSid
RtlDeleteResource
RtlReleaseResource
RtlAcquireResourceExclusive
RtlInitializeResource
RtlCompareMemory
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlIsMultiSessionSku
NtOpenThreadToken

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetProcAddress
GetModuleHandleExA
GetModuleFileNameA
GetModuleHandleW
FreeLibrary

oleaut32

SysFreeString
SysAllocString
VariantClear
SysStringLen
VariantInit

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
AcquireSRWLockShared
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockShared
WaitForSingleObjectEx
CreateSemaphoreExW
AcquireSRWLockExclusive
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
OpenSemaphoreW
CreateMutexExW
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
RaiseException
UnhandledExceptionFilter
SetLastError

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
Sleep
WakeAllConditionVariable
InitOnceComplete
SleepConditionVariableSRW

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetComputerNameExW
GetSystemWindowsDirectoryW
GetVersionExW

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegGetValueW
RegOpenKeyExA
RegDeleteKeyExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExW
RegLoadKeyW
RegCreateKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegUnLoadKeyW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateFileW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
FreeSid
GetLengthSid
CopySid
GetSecurityDescriptorDacl
GetTokenInformation
EqualSid
CheckTokenMembership
PrivilegeCheck
CreateWellKnownSid

api-ms-win-service-management-l1-1-0

OpenServiceW
StartServiceW
OpenSCManagerW
CloseServiceHandle

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

bcd

BcdEnumerateAndUnpackElements
BcdOpenSystemStore
BcdCloseStore
BcdEnumerateObjects
BcdOpenObject
BcdCloseObject

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BitsProxy.dll
.dll regsvr32 windows:10 windows x64 arch:x64

8c7a4044b84faf8276495f83ca66b2f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

BitsProxy.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
_o___std_exception_destroy
__C_specific_handler
_o___std_exception_copy
_o___stdio_common_vsprintf_s
__CxxFrameHandler4
_CxxThrowException
memcmp
_o___std_type_info_destroy_list

api-ms-win-crt-string-l1-1-0

memset

combase

CStdStubBuffer_CountRefs
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_Invoke
CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerRelease
NdrCStdStubBuffer2_Release
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
NdrCStdStubBuffer_Release
CStdStubBuffer_AddRef

rpcrt4

NdrDllRegisterProxy
IUnknown_AddRef_Proxy
NdrOleFree
IUnknown_Release_Proxy
NdrOleAllocate
IUnknown_QueryInterface_Proxy
NdrStubForwardingFunction
NdrStubCall2
NdrDllUnregisterProxy
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrClientCall2

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
DisableThreadLibraryCalls

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap

api-ms-win-core-com-l1-1-0

CoCreateInstance
CLSIDFromString

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
appraiser.dll
.dll windows:10 windows x64 arch:x64

480647427bcdd88a5f25604acdeca963

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:ee:b0:f3:58:21:1c:cd:26:6e:31:38:09:26:9a:30:02:0d:29:7f:78:73:7f:7b:52:a8:9c:fb:31:a7:d3:c7
Signer

Actual PE Digest

2b:ee:b0:f3:58:21:1c:cd:26:6e:31:38:09:26:9a:30:02:0d:29:7f:78:73:7f:7b:52:a8:9c:fb:31:a7:d3:c7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Appraiser.pdb

Imports

msvcrt

_wtoi64
wcstoul
_wtof
sprintf
_snwscanf_s
_wcsupr
wcsnlen
_vsnwprintf_s
_ultow_s
qsort
wcsspn
iswalpha
wcspbrk
_lseek
_write
_close
_read
_wopen
_get_osfhandle
_wtoi
wcstok_s
rand_s
_wmkdir
strrchr
_set_errno
strtol
_errno
strncpy_s
memset
_wtol
wcsncmp
wcsstr
_wcslwr
wcscat_s
wcscpy_s
wcsrchr
_wcsicmp
wcschr
_wcsnicmp
strchr
fgetc
fputc
ungetc
swprintf_s
time
strftime
localtime
fflush
setvbuf
fsetpos
_fseeki64
abort
fgetpos
fwrite
??0bad_cast@@QEAA@AEBV0@@Z
_wfsopen
strcpy_s
fseek
islower
calloc
_vsnprintf
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
localeconv
isupper
__pctype_func
setlocale
_ismbblead
___lc_codepage_func
___mb_cur_max_func
fclose
strcspn
strtok_s
__uncaught_exception
___lc_handle_func
_wsetlocale
__crtLCMapStringA
__crtLCMapStringW
memcmp
??8type_info@@QEBAHAEBV0@@Z
_wcsdup
_wsplitpath_s
strnlen
_wcstoui64
strcmp
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
towlower
_wcslwr_s
_strnicmp
swscanf_s
free
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
strstr
sprintf_s
??_V@YAXPEAX@Z
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
strncmp
__CxxFrameHandler3
_stricmp
toupper
??3@YAXPEAX@Z
wcscmp

ntdll

NtSetInformationProcess
RtlGetVersion
RtlAllocateAndInitializeSid
RtlNtStatusToDosError
RtlFreeSid
NtQueryInformationProcess
RtlVerifyVersionInfo
LdrResSearchResource
RtlTimeToTimeFields
ZwMapViewOfSection
ZwUnmapViewOfSection
RtlImageDirectoryEntryToData
WinSqmIsOptedInEx
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlNtPathNameToDosPathName
RtlpEnsureBufferSize
ZwQueryDirectoryFile
RtlUpcaseUnicodeChar
RtlUpcaseUnicodeString
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
RtlGUIDFromString
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlSecondsSince1970ToTime
ZwSetInformationProcess
ZwQueryInformationProcess
ZwCreateSection
ZwQueryInformationFile
ZwCreateFile
ZwCreateKey
RtlFormatCurrentUserKeyPath
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQueryValueKey
ZwDeleteKey
RtlInitUnicodeStringEx
ZwEnumerateKey
ZwOpenKey
RtlFreeUnicodeString
ZwOpenFile
RtlDosPathNameToNtPathName_U_WithStatus
ZwClose
RtlRunOnceExecuteOnce
NtWriteFile
RtlDoesFileExists_U
NtOpenKey
ZwEnumerateValueKey
RtlCopyUnicodeString
ZwQueryKey
ZwSetValueKey
RtlExpandEnvironmentStrings
RtlStringFromGUID
ZwWaitForSingleObject
ZwReleaseMutant
ZwOpenMutant
ZwQueryAttributesFile
RtlLengthSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetDaclSecurityDescriptor
ZwLoadKey
RtlAddAccessAllowedAceEx
RtlLengthSid
ZwDeleteValueKey
RtlCreateAcl
ZwSetSecurityObject
ZwUnloadKey
RtlCreateSecurityDescriptor
ZwOpenProcess
NtQuerySystemInformation
ZwQuerySymbolicLinkObject
ZwDeviceIoControlFile
ZwQueryDirectoryObject
ZwOpenSymbolicLinkObject
ZwOpenDirectoryObject
ZwAllocateUuids
NtAdjustPrivilegesToken
NtOpenProcessTokenEx
NtSetInformationThread
NtOpenThreadTokenEx
RtlImpersonateSelf
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
NtDeviceIoControlFile
NtOpenFile
NtQueryValueKey
NtQueryBootEntryOrder
NtQueryBootOptions
NtTranslateFilePath
NtOpenDirectoryObject
NtQueryDirectoryObject
NtEnumerateBootEntries
RtlTimeToSecondsSince1970
NtQuerySystemTime
RtlLeaveCriticalSection
RtlFreeHeap
RtlInitializeCriticalSection
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlReAllocateHeap
RtlEqualString
RtlAllocateHeap
RtlDeleteCriticalSection
EtwTraceMessage
NtEnumerateValueKey
NtEnumerateKey
NtQueryKey
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlInitUnicodeString
LdrGetDllHandle
RtlInitString
LdrGetProcedureAddress
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtCreateFile
NtQueryInformationFile
NtClose
VerSetConditionMask

rpcrt4

UuidToStringW
UuidFromStringW
RpcStringFreeW
UuidCreate

wdscore

WdsSetupLogMessageW
CurrentIP
ConstructPartialMsgVW
ConstructPartialMsgVA
WdsSetupLogMessageA

kernel32

GetProcAddress
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
GetLastError
FormatMessageW
FreeLibrary
LoadLibraryW
LoadLibraryExW
VerifyVersionInfoW
ReleaseMutex
TerminateThread
QueryUnbiasedInterruptTime
HeapReAlloc
GetCurrentThreadId
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
CreateProcessW
WriteFile
ExpandEnvironmentStringsW
OutputDebugStringA
GetModuleFileNameW
CreateFileW
GetModuleHandleExA
InitializeSRWLock
TryAcquireSRWLockExclusive
CreateThreadpoolTimer
ReleaseSRWLockShared
GetSystemWindowsDirectoryW
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
SetThreadpoolTimer
LeaveCriticalSection
GetModuleHandleExW
GetVolumeInformationByHandleW
ReleaseActCtx
QueryActCtxW
ReleaseSemaphore
SetWaitableTimer
WaitForMultipleObjects
CreateActCtxW
EnterCriticalSection
LocalFree
CreateWaitableTimerW
OpenWaitableTimerW
CreateSemaphoreW
CreateEventW
SetLastError
HeapFree
CreateSemaphoreExW
SetEvent
CreateThreadpool
SetThreadpoolThreadMaximum
CloseThreadpool
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
FindFirstFileW
DeleteFileW
GetFileAttributesW
FindNextFileW
FindClose
GetDriveTypeW
CloseHandle
ReadFile
GetFullPathNameW
FreeEnvironmentStringsW
FindResourceW
LoadResource
SizeofResource
LockResource
GetModuleFileNameA
GetEnvironmentStringsW
SetFilePointer
ExitProcess
GlobalFree
OpenSemaphoreW
WaitForSingleObjectEx
IsWow64Process
LocalAlloc
GetSystemFirmwareTable
MoveFileExW
QueryFullProcessImageNameW
AcquireSRWLockExclusive
CloseThreadpoolTimer
WTSGetActiveConsoleSessionId
DosDateTimeToFileTime
SystemTimeToFileTime
RaiseException
CompareStringOrdinal
GetPrivateProfileStringW
GetPrivateProfileSectionW
InitOnceExecuteOnce
LocalFileTimeToFileTime
GetFileInformationByHandle
SetFileAttributesW
GetSystemDirectoryW
CreateEventExW
MultiByteToWideChar
CreateMutexW
SetFileTime
InitializeCriticalSection
CreateDirectoryW
GetQueuedCompletionStatus
CreateIoCompletionPort
K32EnumDeviceDrivers
K32GetDeviceDriverBaseNameW
CreateJobObjectW
ResetEvent
CopyFileW
GetComputerNameW
SetInformationJobObject
TryEnterCriticalSection
CreateThread
GetProductInfo
GetNativeSystemInfo
OpenProcess
SetPriorityClass
AssignProcessToJobObject
GetSystemPowerStatus
GetLongPathNameW
GetFileSizeEx
ResumeThread
WideCharToMultiByte
SleepConditionVariableSRW
PostQueuedCompletionStatus
IsProcessorFeaturePresent
UnmapViewOfFile
SignalObjectAndWait
DeviceIoControl
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
WakeAllConditionVariable
SetThreadAffinityMask
GetFileTime
GetCurrentThread
HeapAlloc
DecodePointer
EncodePointer
GetStringTypeW
DelayLoadFailureHook
RtlCompareMemory
LoadLibraryExA
GetTempPathW
OutputDebugStringW
GetFileSize
VirtualAlloc
ReleaseSRWLockExclusive
VirtualProtect
UnlockFileEx
LockFileEx
FlushFileBuffers
FlushInstructionCache
VirtualFree
GetActiveProcessorCount
GetDiskFreeSpaceExW
EnumUILanguagesW
GetSystemTime
FileTimeToSystemTime

advapi32

RegLoadAppKeyW
EventUnregister
RegGetValueW
EventWriteTransfer
RegOpenKeyExW
RegSetValueExW
RegDeleteTreeW
RegCreateKeyExW
RegOpenKeyW
SetNamedSecurityInfoW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
RegEnumKeyW
GetNamedSecurityInfoW
RegCreateKeyTransactedW
RegDeleteValueW
CopySid
LookupAccountNameW
ConvertSidToStringSidW
IsWellKnownSid
ConvertStringSidToSidW
RegEnumValueW
RegDeleteKeyW
StartServiceW
EventRegister
CloseServiceHandle
OpenServiceW
OpenSCManagerW
ProcessTrace
CloseTrace
EnableTrace
OpenTraceW
StartTraceW
ControlTraceW
CreateWellKnownSid
ControlService
RegQueryValueExW
CredFree
CredReadW
RevertToSelf
ImpersonateLoggedOnUser
RegEnumKeyExW
RegQueryInfoKeyW
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCloseKey

ole32

StringFromCLSID
StringFromGUID2
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoCreateInstance
CoCreateGuid
PropVariantClear
CoWaitForMultipleHandles

shlwapi

SHCreateStreamOnFileEx
ord219
PathFindFileNameW
UrlGetPartW
StrStrW
PathStripPathW
PathFindExtensionW
PathRemoveFileSpecW
PathAppendW
PathUnquoteSpacesW
PathFileExistsW
PathRemoveBlanksW

oleaut32

SysStringLen
VariantInit
SysAllocString
VariantClear
SysFreeString

user32

CharUpperBuffW
LoadStringW
MsgWaitForMultipleObjects
DestroyIcon
GetIconInfo
GetSystemMetrics
PeekMessageW
TranslateMessage
DispatchMessageW
CharLowerBuffW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

crypt32

CertVerifyCertificateChainPolicy

gdi32

DeleteDC
GetObjectW
CreateCompatibleDC
CreateDIBSection
GetDIBits
DeleteObject

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

ws2_32

WSACleanup
WSAStartup
WSAGetLastError
gethostname
freeaddrinfo
getaddrinfo

xmllite

CreateXmlReader
CreateXmlReaderInputWithEncodingName
CreateXmlWriterOutputWithEncodingName
CreateXmlWriter

shell32

ExtractIconExW
SHGetFileInfoW

tdh

TdhGetEventInformation

cabinet

ord20
ord23
ord22

iphlpapi

FreeMibTable
GetIfTable2

setupapi

SetupInstallServicesFromInfSectionW
SetupTermDefaultQueueCallback
SetupInstallFromInfSectionW
SetupInitDefaultQueueCallbackEx
SetupOpenInfFileW
SetupDefaultQueueCallbackW
SetupCloseInfFile

bcrypt

BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptOpenAlgorithmProvider

Exports

Exports

ContainerSetupFunction
ContainerSetupWrapper
DoProcessRestoreApps
DoScheduledTelemetryRun
DoScheduledTelemetryRunTC
GetCtacProvider
GetProvider
GetTargetVersionList
ProcessRestoreApps
RunTest
RunXml
Sgd
UpdateAvStatus
UpdateCacheCompatStatuses
UpdateExperienceIndicators

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 628KB - Virtual size: 625KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
apprepapi.dll
.dll windows:10 windows x64 arch:x64

440394cf511f44362e6ac5dadfc74676

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

apprepapi.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___std_type_info_destroy_list
_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
__C_specific_handler

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

Exports

Exports

AppRepComputeImageHash
AppRepComputeImageHashWithOffset
AppRepComputeSignatureInfo
AppRepFreeAttributeLib
AppRepInitializeAttributeLib
AppRepParameterCleanup
AppRepPartialTelemetryCleanup
RepGetFileInformation
RepInformUserAction
ReputationInfoCleanup

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
appsruprov.dll
.dll windows:10 windows x64 arch:x64

223960ee3139959740b111cb99a9c02b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

appsruprov.pdb

Imports

msvcp_win

?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?uncaught_exception@std@@YA_NXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ

api-ms-win-crt-string-l1-1-0

wcsnlen
memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o_free
_o_isalpha
_o_malloc
_o_terminate
_o_toupper
_o_wcstok_s
__C_specific_handler
_CxxThrowException
__std_terminate
__CxxFrameHandler4
wcsrchr
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
memcpy

ntdll

RtlAllocateHeap
RtlRbInsertNodeEx
RtlRbRemoveNode
RtlFreeHeap
RtlCompareUnicodeString
RtlNtStatusToDosError
NtQuerySystemInformation
NtQueryInformationProcess
RtlEqualSid
RtlLengthSid
RtlCopySid
RtlQueryWnfStateDataWithExplicitScope
NtOpenEvent
RtlInitUnicodeString
NtClose
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceEnableLevel
TraceMessage
RegisterTraceGuidsW
GetTraceLoggerHandle
UnregisterTraceGuids

api-ms-win-security-base-l1-1-0

GetLengthSid
IsValidSid
CreateWellKnownSid

api-ms-win-core-registry-l1-1-0

RegNotifyChangeKeyValue
RegQueryValueExW
RegGetValueW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-sysinfo-l1-1-0

GetLogicalProcessorInformationEx
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTickCount64

api-ms-win-core-processthreads-l1-1-0

CreateThread
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventActivityIdControl
EventSetInformation

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
CloseServiceHandle

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-service-management-l2-1-0

QueryServiceConfigW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-service-core-l1-1-1

EnumServicesStatusExW

api-ms-win-core-sysinfo-l1-2-2

GetProcessorSystemCycleTime

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
FreeLibrary
GetModuleHandleExW
GetModuleHandleExA
LoadLibraryExW
GetProcAddress

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification
PowerSettingUnregisterNotification

api-ms-win-core-synch-l1-1-0

CreateEventW
ReleaseMutex
WaitForSingleObjectEx
WaitForSingleObject
OpenSemaphoreW
CreateSemaphoreExW
CreateMutexExW
ReleaseSemaphore
SetEvent

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-psapi-l1-1-0

K32GetPerformanceInfo

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-file-l1-1-0

GetLogicalDriveStringsW
CreateFileW
QueryDosDeviceW

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

rpcrt4

RpcBindingCreateW
NdrClientCall3
RpcBindingFree
RpcBindingBind
RpcExceptionFilter
I_RpcMapWin32Status

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

ext-ms-win-kernel32-package-l1-1-0

PackageFamilyNameFromFullName

Exports

Exports

DllMain
LogMemoryPerfCounters
LogMemoryPerfCountersPeriodically
PsmQueryApplicationPerformanceInformation
PsmQueryApplicationPerformanceInformation2
PsmQueryQuotaInformation
SruInitializeProvider
SruUninitializeProvider

Sections

.text
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
archiveint.dll
.dll windows:10 windows x64 arch:x64

00b36de3cc5169cafd744a22204207e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

archiveint.pdb

Imports

api-ms-win-crt-string-l1-1-0

strspn
wcsncmp
strcspn
strncpy
strcmp
wcsncpy
strnlen
strncmp
memset

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-convert-l1-1-0

strtoimax

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__close
_o__configure_narrow_argv
_o__ctime64_s
_o__errno
_o__execute_onexit_table
_o__fileno
_o__fseeki64
_o__get_osfhandle
_o__get_timezone
_o__gmtime64_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__localtime64_s
_o__lseeki64
_o__mkgmtime64
_o__mktime64
_o__open_osfhandle
_o__seh_filter_dll
_o__setmode
_o__sopen_s
_o__strdup
memchr
_o__umask
_o__wcsdup
_o__wrename
_o__wrmdir
_o__wsopen_s
_o__wunlink
_o_abort
_o_bsearch
_o_calloc
_o_exit
_o_ferror
_o_fread
_o_free
_o_fwrite
_o_getenv
_o_isalnum
_o_isdigit
_o_isprint
_o_isspace
_o_isupper
_o_malloc
_o_mbstowcs
_o_qsort
_o_realloc
_o_setlocale
_o_strftime
_o_strtol
_o_strtoul
_o_tolower
_o_toupper
_o_wcrtomb
__C_specific_handler
_o__cexit
_o__beginthreadex
_o___stdio_common_vsprintf
_o___stdio_common_vfprintf
_o___std_type_info_destroy_list
_o___acrt_iob_func
_o____mb_cur_max_func
strstr
wcsrchr
wcschr
strchr
strrchr
memcpy
memmove
memcmp

bcrypt

BCryptDestroyKey
BCryptEncrypt
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGenerateSymmetricKey
BCryptFinishHash
BCryptDestroyHash
BCryptHashData
BCryptCreateHash
BCryptDeriveKeyPBKDF2
BCryptGenRandom

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-file-l1-1-0

GetVolumePathNameW
FindFirstFileA
GetFileInformationByHandle
FindFirstFileW
GetDriveTypeW
SetFileTime
GetDiskFreeSpaceW
FindNextFileW
GetFullPathNameW
WriteFile
CreateFileW
CreateFileA
GetFileType
CreateDirectoryW
SetFilePointer
ReadFile
SetEndOfFile
SetFileAttributesW
FindClose
GetFileAttributesW
GetFileAttributesA

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-file-l1-2-0

CreateFile2
GetTempPathW

api-ms-win-core-synch-l1-1-0

CreateEventW
ResetEvent
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection

api-ms-win-core-handle-l1-1-0

SetHandleInformation
DuplicateHandle
CloseHandle

api-ms-win-core-namedpipe-l1-1-0

PeekNamedPipe
CreatePipe

api-ms-win-core-synch-l1-2-0

SleepConditionVariableCS
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
Sleep

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls

api-ms-win-core-localization-l1-2-0

GetACP
IsValidCodePage
GetOEMCP

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetExitCodeProcess
GetCurrentThreadId
CreateProcessA

api-ms-win-core-file-l2-1-0

CreateHardLinkW
CreateSymbolicLinkW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetCurrentDirectoryW

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA

api-ms-win-core-processenvironment-l1-2-0

SearchPathA

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

Exports

Exports

archive_bzlib_version
archive_clear_error
archive_compression
archive_compression_name
archive_copy_error
archive_entry_acl
archive_entry_acl_add_entry
archive_entry_acl_add_entry_w
archive_entry_acl_clear
archive_entry_acl_count
archive_entry_acl_from_text
archive_entry_acl_from_text_w
archive_entry_acl_next
archive_entry_acl_reset
archive_entry_acl_text
archive_entry_acl_text_w
archive_entry_acl_to_text
archive_entry_acl_to_text_w
archive_entry_acl_types
archive_entry_atime
archive_entry_atime_is_set
archive_entry_atime_nsec
archive_entry_birthtime
archive_entry_birthtime_is_set
archive_entry_birthtime_nsec
archive_entry_clear
archive_entry_clone
archive_entry_copy_bhfi
archive_entry_copy_fflags_text
archive_entry_copy_fflags_text_w
archive_entry_copy_gname
archive_entry_copy_gname_w
archive_entry_copy_hardlink
archive_entry_copy_hardlink_w
archive_entry_copy_link
archive_entry_copy_link_w
archive_entry_copy_mac_metadata
archive_entry_copy_pathname
archive_entry_copy_pathname_w
archive_entry_copy_sourcepath
archive_entry_copy_sourcepath_w
archive_entry_copy_stat
archive_entry_copy_symlink
archive_entry_copy_symlink_w
archive_entry_copy_uname
archive_entry_copy_uname_w
archive_entry_ctime
archive_entry_ctime_is_set
archive_entry_ctime_nsec
archive_entry_dev
archive_entry_dev_is_set
archive_entry_devmajor
archive_entry_devminor
archive_entry_digest
archive_entry_fflags
archive_entry_fflags_text
archive_entry_filetype
archive_entry_free
archive_entry_gid
archive_entry_gname
archive_entry_gname_utf8
archive_entry_gname_w
archive_entry_hardlink
archive_entry_hardlink_utf8
archive_entry_hardlink_w
archive_entry_ino
archive_entry_ino64
archive_entry_ino_is_set
archive_entry_is_data_encrypted
archive_entry_is_encrypted
archive_entry_is_metadata_encrypted
archive_entry_linkify
archive_entry_linkresolver_free
archive_entry_linkresolver_new
archive_entry_linkresolver_set_strategy
archive_entry_mac_metadata
archive_entry_mode
archive_entry_mtime
archive_entry_mtime_is_set
archive_entry_mtime_nsec
archive_entry_new
archive_entry_new2
archive_entry_nlink
archive_entry_partial_links
archive_entry_pathname
archive_entry_pathname_utf8
archive_entry_pathname_w
archive_entry_perm
archive_entry_rdev
archive_entry_rdevmajor
archive_entry_rdevminor
archive_entry_set_atime
archive_entry_set_birthtime
archive_entry_set_ctime
archive_entry_set_dev
archive_entry_set_devmajor
archive_entry_set_devminor
archive_entry_set_fflags
archive_entry_set_filetype
archive_entry_set_gid
archive_entry_set_gname
archive_entry_set_gname_utf8
archive_entry_set_hardlink
archive_entry_set_hardlink_utf8
archive_entry_set_ino
archive_entry_set_ino64
archive_entry_set_is_data_encrypted
archive_entry_set_is_metadata_encrypted
archive_entry_set_link
archive_entry_set_link_utf8
archive_entry_set_mode
archive_entry_set_mtime
archive_entry_set_nlink
archive_entry_set_pathname
archive_entry_set_pathname_utf8
archive_entry_set_perm
archive_entry_set_rdev
archive_entry_set_rdevmajor
archive_entry_set_rdevminor
archive_entry_set_size
archive_entry_set_symlink
archive_entry_set_symlink_type
archive_entry_set_symlink_utf8
archive_entry_set_uid
archive_entry_set_uname
archive_entry_set_uname_utf8
archive_entry_size
archive_entry_size_is_set
archive_entry_sourcepath
archive_entry_sourcepath_w
archive_entry_sparse_add_entry
archive_entry_sparse_clear
archive_entry_sparse_count
archive_entry_sparse_next
archive_entry_sparse_reset
archive_entry_stat
archive_entry_strmode
archive_entry_symlink
archive_entry_symlink_type
archive_entry_symlink_utf8
archive_entry_symlink_w
archive_entry_uid
archive_entry_uname
archive_entry_uname_utf8
archive_entry_uname_w
archive_entry_unset_atime
archive_entry_unset_birthtime
archive_entry_unset_ctime
archive_entry_unset_mtime
archive_entry_unset_size
archive_entry_update_gname_utf8
archive_entry_update_hardlink_utf8
archive_entry_update_link_utf8
archive_entry_update_pathname_utf8
archive_entry_update_symlink_utf8
archive_entry_update_uname_utf8
archive_entry_xattr_add_entry
archive_entry_xattr_clear
archive_entry_xattr_count
archive_entry_xattr_next
archive_entry_xattr_reset
archive_errno
archive_error_string
archive_file_count
archive_filter_bytes
archive_filter_code
archive_filter_count
archive_filter_name
archive_format
archive_format_name
archive_free
archive_liblz4_version
archive_liblzma_version
archive_libzstd_version
archive_match_exclude_entry
archive_match_exclude_pattern
archive_match_exclude_pattern_from_file
archive_match_exclude_pattern_from_file_w
archive_match_exclude_pattern_w
archive_match_excluded
archive_match_free
archive_match_include_date
archive_match_include_date_w
archive_match_include_file_time
archive_match_include_file_time_w
archive_match_include_gid
archive_match_include_gname
archive_match_include_gname_w
archive_match_include_pattern
archive_match_include_pattern_from_file
archive_match_include_pattern_from_file_w
archive_match_include_pattern_w
archive_match_include_time
archive_match_include_uid
archive_match_include_uname
archive_match_include_uname_w
archive_match_new
archive_match_owner_excluded
archive_match_path_excluded
archive_match_path_unmatched_inclusions
archive_match_path_unmatched_inclusions_next
archive_match_path_unmatched_inclusions_next_w
archive_match_set_inclusion_recursion
archive_match_time_excluded
archive_position_compressed
archive_position_uncompressed
archive_read_add_callback_data
archive_read_add_passphrase
archive_read_append_callback_data
archive_read_append_filter
archive_read_append_filter_program
archive_read_append_filter_program_signature
archive_read_close
archive_read_data
archive_read_data_block
archive_read_data_into_fd
archive_read_data_skip
archive_read_disk_can_descend
archive_read_disk_current_filesystem
archive_read_disk_current_filesystem_is_remote
archive_read_disk_current_filesystem_is_synthetic
archive_read_disk_descend
archive_read_disk_entry_from_file
archive_read_disk_gname
archive_read_disk_new
archive_read_disk_open
archive_read_disk_open_w
archive_read_disk_set_atime_restored
archive_read_disk_set_behavior
archive_read_disk_set_gname_lookup
archive_read_disk_set_matching
archive_read_disk_set_metadata_filter_callback
archive_read_disk_set_standard_lookup
archive_read_disk_set_symlink_hybrid
archive_read_disk_set_symlink_logical
archive_read_disk_set_symlink_physical
archive_read_disk_set_uname_lookup
archive_read_disk_uname
archive_read_extract
archive_read_extract2
archive_read_extract_set_progress_callback
archive_read_extract_set_skip_file
archive_read_finish
archive_read_format_capabilities
archive_read_free
archive_read_has_encrypted_entries
archive_read_header_position
archive_read_new
archive_read_next_header
archive_read_next_header2
archive_read_open
archive_read_open1
archive_read_open2
archive_read_open_FILE
archive_read_open_fd
archive_read_open_file
archive_read_open_filename
archive_read_open_filename_w
archive_read_open_filenames
archive_read_open_memory
archive_read_open_memory2
archive_read_prepend_callback_data
archive_read_set_callback_data
archive_read_set_callback_data2
archive_read_set_close_callback
archive_read_set_filter_option
archive_read_set_format
archive_read_set_format_option
archive_read_set_open_callback
archive_read_set_option
archive_read_set_options
archive_read_set_passphrase_callback
archive_read_set_read_callback
archive_read_set_seek_callback
archive_read_set_skip_callback
archive_read_set_switch_callback
archive_read_support_compression_all
archive_read_support_compression_bzip2
archive_read_support_compression_compress
archive_read_support_compression_gzip
archive_read_support_compression_lzip
archive_read_support_compression_lzma
archive_read_support_compression_none
archive_read_support_compression_program
archive_read_support_compression_program_signature
archive_read_support_compression_rpm
archive_read_support_compression_uu
archive_read_support_compression_xz
archive_read_support_filter_all
archive_read_support_filter_by_code
archive_read_support_filter_bzip2
archive_read_support_filter_compress
archive_read_support_filter_grzip
archive_read_support_filter_gzip
archive_read_support_filter_lrzip
archive_read_support_filter_lz4
archive_read_support_filter_lzip
archive_read_support_filter_lzma
archive_read_support_filter_lzop
archive_read_support_filter_none
archive_read_support_filter_program
archive_read_support_filter_program_signature
archive_read_support_filter_rpm
archive_read_support_filter_uu
archive_read_support_filter_xz
archive_read_support_filter_zstd
archive_read_support_format_7zip
archive_read_support_format_all
archive_read_support_format_ar
archive_read_support_format_by_code
archive_read_support_format_cab
archive_read_support_format_cpio
archive_read_support_format_empty
archive_read_support_format_gnutar
archive_read_support_format_iso9660
archive_read_support_format_lha
archive_read_support_format_mtree
archive_read_support_format_rar
archive_read_support_format_rar5
archive_read_support_format_raw
archive_read_support_format_tar
archive_read_support_format_warc
archive_read_support_format_xar
archive_read_support_format_zip
archive_read_support_format_zip_seekable
archive_read_support_format_zip_streamable
archive_seek_data
archive_set_error
archive_utility_string_sort
archive_version_details
archive_version_number
archive_version_string
archive_write_add_filter
archive_write_add_filter_b64encode
archive_write_add_filter_by_name
archive_write_add_filter_bzip2
archive_write_add_filter_compress
archive_write_add_filter_grzip
archive_write_add_filter_gzip
archive_write_add_filter_lrzip
archive_write_add_filter_lz4
archive_write_add_filter_lzip
archive_write_add_filter_lzma
archive_write_add_filter_lzop
archive_write_add_filter_none
archive_write_add_filter_program
archive_write_add_filter_uuencode
archive_write_add_filter_xz
archive_write_add_filter_zstd
archive_write_close
archive_write_data
archive_write_data_block
archive_write_disk_gid
archive_write_disk_new
archive_write_disk_set_group_lookup
archive_write_disk_set_options
archive_write_disk_set_skip_file
archive_write_disk_set_standard_lookup
archive_write_disk_set_user_lookup
archive_write_disk_uid
archive_write_fail
archive_write_finish
archive_write_finish_entry
archive_write_free
archive_write_get_bytes_in_last_block
archive_write_get_bytes_per_block
archive_write_header
archive_write_new
archive_write_open
archive_write_open2
archive_write_open_FILE
archive_write_open_fd
archive_write_open_file
archive_write_open_filename
archive_write_open_filename_w
archive_write_open_memory
archive_write_set_bytes_in_last_block
archive_write_set_bytes_per_block
archive_write_set_compression_bzip2
archive_write_set_compression_compress
archive_write_set_compression_gzip
archive_write_set_compression_lzip
archive_write_set_compression_lzma
archive_write_set_compression_none
archive_write_set_compression_program
archive_write_set_compression_xz
archive_write_set_filter_option
archive_write_set_format
archive_write_set_format_7zip
archive_write_set_format_ar_bsd
archive_write_set_format_ar_svr4
archive_write_set_format_by_name
archive_write_set_format_cpio
archive_write_set_format_cpio_bin
archive_write_set_format_cpio_newc
archive_write_set_format_cpio_odc
archive_write_set_format_cpio_pwb
archive_write_set_format_filter_by_ext
archive_write_set_format_filter_by_ext_def
archive_write_set_format_gnutar
archive_write_set_format_iso9660
archive_write_set_format_mtree
archive_write_set_format_mtree_classic
archive_write_set_format_option
archive_write_set_format_pax
archive_write_set_format_pax_restricted
archive_write_set_format_raw
archive_write_set_format_shar
archive_write_set_format_shar_dump
archive_write_set_format_ustar
archive_write_set_format_v7tar
archive_write_set_format_warc
archive_write_set_format_xar
archive_write_set_format_zip
archive_write_set_option
archive_write_set_options
archive_write_set_passphrase
archive_write_set_passphrase_callback
archive_write_set_skip_file
archive_write_zip_set_compression_deflate
archive_write_zip_set_compression_store
archive_zlib_version

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
asferror.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
aspnet_counters.dll
.dll windows:6 windows x64 arch:x64

3971ed53a67523d643e364cb911938ad

Code Sign

33:00:00:02:51:14:76:cc:c5:85:83:6e:0b:00:00:00:00:02:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:32

Not After

01/09/2022, 18:32

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f4:fc:05:37:c8:55:f6:4e:fc:73:2b:73:8c:21:86:2e:80:56:f6:d9:3e:21:85:08:e7:b5:2a:a5:9b:d6:9e:eb
Signer

Actual PE Digest

f4:fc:05:37:c8:55:f6:4e:fc:73:2b:73:8c:21:86:2e:80:56:f6:d9:3e:21:85:08:e7:b5:2a:a5:9b:d6:9e:eb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

aspnet_counters.pdb

Imports

kernel32

GetCurrentProcessId
GetCurrentThreadId
FreeLibrary
HeapFree
HeapAlloc
LoadLibraryW
GetModuleFileNameW
DisableThreadLibraryCalls
GetProcessHeap
GetProcAddress
HeapCreate
TerminateProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetProcessAffinityMask
GetCurrentProcess
SwitchToThread
GetLastError
Sleep

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

vcruntime140_clr0400

__C_specific_handler
memset
__std_type_info_destroy_list

ucrtbase_clr0400

_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_initialize_narrow_environment
_initterm
_cexit

Exports

Exports

CloseGenericCounters
CloseStateCounters
CloseVersion4Counters
CollectGenericCounters
CollectStateCounters
CollectVersion4Counters
OpenGenericCounters
OpenStateCounters
OpenVersion4Counters

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
asycfilt.dll
.dll windows:10 windows x64 arch:x64

6c8e2634484a0c1a9896886fcbe355a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

asycfilt.pdb

Imports

msvcrt

_setjmp
memcmp
memcpy
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
free
malloc
sscanf_s
getenv
_snprintf_s
fprintf
__iob_func
__CxxFrameHandler4
realloc
longjmp
_purecall
_callnewh
memset

kernel32

GlobalDeleteAtom
GlobalAddAtomA
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSectionAndSpinCount
GetLastError
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection

ole32

ReleaseStgMedium

user32

UnionRect

gdi32

GetNearestColor
DeleteObject
CreateSolidBrush
GetObjectW
PatBlt
SetDIBits
GetNearestPaletteIndex
SetDIBColorTable
SetMapMode
SetDIBitsToDevice
StretchDIBits
SetStretchBltMode
SelectPalette
SelectObject
GetCurrentObject

Exports

Exports

DllCanUnloadNow
FilterCreateInstance

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
atl.dll
.dll regsvr32 windows:10 windows x64 arch:x64

75fe4d242cdb81c8fd19f8165a4d313d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

atl.pdb

Imports

msvcrt

_initterm
_amsg_exit
_callnewh
wcscat_s
realloc
free
_XcptFilter
wcscpy_s
malloc
__C_specific_handler
memcpy
memcmp
memset

kernel32

RtlLookupFunctionEntry
RtlCaptureContext
Sleep
InterlockedPopEntrySList
GetACP
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedPushEntrySList
FlushInstructionCache
GetProcessHeap
DecodePointer
HeapAlloc
WaitForSingleObject
EncodePointer
FormatMessageW
HeapDestroy
GetModuleFileNameW
GetLastError
LoadLibraryExW
GetProcAddress
FreeLibrary
lstrcpyW
RaiseException
GetCurrentThreadId
UnhandledExceptionFilter
GetCurrentProcess
VirtualFree
HeapFree
CreateFileW
GetFileSize
ReadFile
CloseHandle
SetUnhandledExceptionFilter
TerminateProcess
FindResourceExW
SizeofResource
WideCharToMultiByte
MultiByteToWideChar
GetSystemInfo
VirtualQuery
VirtualAlloc
VirtualProtect
lstrcpynW
lstrcmpiW
GetModuleHandleW
QueryPerformanceCounter
SetLastError
GetCurrentProcessId
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetTickCount
RtlVirtualUnwind
ResolveDelayLoadedAPI
DelayLoadFailureHook
FindResourceA
FreeResource
lstrcmpW
GlobalHandle
GlobalFree
LockResource
LoadResource
FindResourceW
LoadLibraryExA
GlobalUnlock
GlobalLock
GlobalAlloc

user32

InvalidateRect
InvalidateRgn
GetDlgItem
SendMessageW
SetCapture
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
ReleaseCapture
GetDesktopWindow
SetWindowLongPtrW
GetWindowLongPtrW
DefWindowProcW
SetWindowPos
SetWindowLongW
GetWindowLongW
DialogBoxIndirectParamW
GetClassNameW
GetParent
IsWindow
RedrawWindow
DialogBoxIndirectParamA
CreateDialogIndirectParamW
CreateDialogIndirectParamA
RegisterWindowMessageW
EndPaint
CallWindowProcW
DestroyWindow
FillRect
CreateWindowExW
GetClientRect
BeginPaint
GetWindow
SetFocus
GetFocus
IsChild
GetSysColor
CharPrevW
UnregisterClassW
ReleaseDC
GetDC
RegisterClassExW
wsprintfW
LoadCursorW
GetClassInfoExW
RegisterClassExA
wsprintfA
LoadCursorA
GetClassInfoExA
LoadStringW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
CharNextW
CreateAcceleratorTableW

gdi32

GetObjectW
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
CreateSolidBrush
GetDeviceCaps
CreateDCW
GetStockObject

Exports

Exports

AtlAdvise
AtlAxAttachControl
AtlAxCreateControl
AtlAxCreateControlEx
AtlAxCreateDialogA
AtlAxCreateDialogW
AtlAxDialogBoxA
AtlAxDialogBoxW
AtlAxGetControl
AtlAxGetHost
AtlAxWinInit
AtlComPtrAssign
AtlComQIPtrAssign
AtlCreateTargetDC
AtlDevModeW2A
AtlFreeMarshalStream
AtlGetObjectSourceInterface
AtlGetVersion
AtlHiMetricToPixel
AtlIPersistPropertyBag_Load
AtlIPersistPropertyBag_Save
AtlIPersistStreamInit_GetSizeMax
AtlIPersistStreamInit_Load
AtlIPersistStreamInit_Save
AtlInternalQueryInterface
AtlMarshalPtrInProc
AtlModuleAddCreateWndData
AtlModuleAddTermFunc
AtlModuleExtractCreateWndData
AtlModuleGetClassObject
AtlModuleInit
AtlModuleLoadTypeLib
AtlModuleRegisterClassObjects
AtlModuleRegisterServer
AtlModuleRegisterTypeLib
AtlModuleRegisterWndClassInfoA
AtlModuleRegisterWndClassInfoW
AtlModuleRevokeClassObjects
AtlModuleTerm
AtlModuleUnRegisterTypeLib
AtlModuleUnregisterServer
AtlModuleUnregisterServerEx
AtlModuleUpdateRegistryFromResourceD
AtlPixelToHiMetric
AtlRegisterClassCategoriesHelper
AtlSetErrorInfo
AtlSetErrorInfo2
AtlUnadvise
AtlUnmarshalPtr
AtlWaitWithMessageLoop
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
atlthunk.dll
.dll windows:10 windows x64 arch:x64

0c6d81f57245aca5d959363a751af7f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

atlthunk.pdb

Imports

ntdll

RtlAddGrowableFunctionTable
RtlImageDirectoryEntryToData
RtlVirtualUnwind
RtlLookupFunctionEntry
NtClose
NtAreMappedFilesTheSame
RtlAcquireSRWLockExclusive
RtlCaptureContext
RtlReleaseSRWLockExclusive
NtTerminateProcess
RtlFreeHeap
LdrDisableThreadCalloutsForDll
RtlAllocateHeap
RtlUnhandledExceptionFilter

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
VirtualProtect
MapViewOfFile

api-ms-win-core-errorhandling-l1-1-0

SetLastError

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameW

api-ms-win-core-file-l1-1-0

CreateFileW

Exports

Exports

AtlThunk_AllocateData
AtlThunk_DataToCode
AtlThunk_FreeData
AtlThunk_InitData

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
atmlib.dll
.dll windows:10 windows x64 arch:x64

cb433da08ef67945b1cb37ef100e033a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

atmlib.pdb

Imports

api-ms-win-crt-string-l1-1-0

wcsncmp
memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
wcsrchr
memmove
_o__stricmp
_o__wcsicmp
_o_atoi
_o_calloc
_o_free
_o_iswdigit
_o_malloc
_o_realloc
wcschr
__C_specific_handler
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___std_type_info_destroy_list

kernel32

IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
MapViewOfFile
CreateFileMappingW
GetFileInformationByHandle
UnmapViewOfFile
_lwrite
GetTempPath2W
WideCharToMultiByte
CreateSemaphoreW
GetFileSize
GetWindowsDirectoryW
ResetEvent
CloseHandle
DisableThreadLibraryCalls
SetEvent
GetLastError
MultiByteToWideChar
CreateEventW
GetSystemDefaultLangID
ReleaseMutex
CreateFileW
WaitForSingleObject
CreateMutexW
SetFilePointer
WaitForMultipleObjects
WriteFile
ReleaseSemaphore
ReadFile
InitOnceExecuteOnce

gdi32

GetGlyphOutlineW
AddFontResourceExW
NamedEscape
EnumFontFamiliesExW
GetFontData
GetFontResourceInfoW
RemoveFontResourceExW

user32

GetDC
ReleaseDC
PostMessageW

advapi32

RegOpenKeyExW
EventWriteTransfer
EventRegister
EventSetInformation
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegCloseKey
EventUnregister

Exports

Exports

ATMAddFont
ATMAddFontA
ATMAddFontEx
ATMAddFontExA
ATMAddFontExW
ATMAddFontW
ATMBBoxBaseXYShowText
ATMBBoxBaseXYShowTextA
ATMBBoxBaseXYShowTextW
ATMBeginFontChange
ATMClient
ATMEndFontChange
ATMEnumFonts
ATMEnumFontsA
ATMEnumFontsW
ATMEnumMMFonts
ATMEnumMMFontsA
ATMEnumMMFontsW
ATMFinish
ATMFontAvailable
ATMFontAvailableA
ATMFontAvailableW
ATMFontSelected
ATMFontStatus
ATMFontStatusA
ATMFontStatusW
ATMForceFontChange
ATMGetBuildStr
ATMGetBuildStrA
ATMGetBuildStrW
ATMGetFontBBox
ATMGetFontInfo
ATMGetFontInfoA
ATMGetFontInfoW
ATMGetFontPaths
ATMGetFontPathsA
ATMGetFontPathsW
ATMGetGlyphList
ATMGetGlyphListA
ATMGetGlyphListW
ATMGetMenuName
ATMGetMenuNameA
ATMGetMenuNameW
ATMGetNtmFields
ATMGetNtmFieldsA
ATMGetNtmFieldsW
ATMGetOutline
ATMGetOutlineA
ATMGetOutlineW
ATMGetPostScriptName
ATMGetPostScriptNameA
ATMGetPostScriptNameW
ATMGetVersion
ATMGetVersionEx
ATMGetVersionExA
ATMGetVersionExW
ATMInstallSubstFontA
ATMInstallSubstFontW
ATMMakePFM
ATMMakePFMA
ATMMakePFMW
ATMMakePSS
ATMMakePSSA
ATMMakePSSW
ATMProperlyLoaded
ATMRemoveFont
ATMRemoveFontA
ATMRemoveFontW
ATMRemoveSubstFontA
ATMRemoveSubstFontW
ATMSelectEncoding
ATMSelectObject
ATMSetFlags
ATMXYShowText
ATMXYShowTextA
ATMXYShowTextW

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
audioresourceregistrar.dll
.dll windows:10 windows x64 arch:x64

291cf19194ec4c7d8e669fedc450f923

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AudioResourceRegistrar.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o___std_type_info_destroy_list
memmove
_o__callnewh
_o__wcsicmp
_o__wcsnicmp
_o_calloc
_o_free
_o_malloc
_o_wcstoul
_o_wmemcpy_s
__C_specific_handler
_o___std_exception_destroy
_CxxThrowException
_o___std_exception_copy
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
__std_terminate
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp
wcsnlen

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegGetValueW
RegEnumValueW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
OpenMutexW
CreateMutexW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameA
GetProcAddress
GetModuleHandleW
GetModuleHandleExW
SizeofResource
LockResource
LoadResource
FindResourceExW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc
HeapDestroy
HeapSize

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

GetKeywordDetectorRequiredResources
Register

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
audiosrv.dll
.dll windows:10 windows x64 arch:x64

6b0c92d51f3d11af418b69b4e8350980

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AudioSrv.pdb

Imports

audiosrvpolicymanager

PbmReportHostedAppStateChange_2
HHOSTEDAPPMANAGERCONTEXTRundown
ActivatePolicyManager
PbmReportAppInteractivityChange
PbmReportAppClosing
PbmAllowMediaPlaybackForApp
PbmRegisterPlaybackManagerNotifications
PbmUnregisterPlaybackManagerNotifications
PbmSetSmtcSubscriptionState
PbmGetSoundLevel
PbmIsPlaying
PbmRegisterAppManagerNotification
PbmUnregisterAppManagerNotification
PbmRegisterAppClosureNotification
PbmUnregisterAppClosureNotification
PbmPlayToStreamStateChanged
PbmCastingAppStateChanged
PbmSetScreenReaderState
PbmReportHostedAppStateChange
PbmSwitchSoftNonInteractiveAppsToHardNonInteractive
PbmReportApplicationState
PbmLaunchBackgroundTask
TS_SessionChanged
TS_SessionGetAudioProtocol
TS_RegisterAudioProtocolNotification
TS_UnregisterAudioProtocolNotification
TS_AudioProtocolNotifyRundown

msvcp_win

?_Xbad_function_call@std@@YAXXZ
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_unlock
?_Xout_of_range@std@@YAXPEBD@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ

api-ms-win-crt-string-l1-1-0

wcscmp
wcsnlen
wcscspn
memset
wcsncmp
wcsspn

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
_o__wcsupr_s
_o__wtof
_o_calloc
_o_ceilf
_o_floorf
_o_free
_o_log10
_o_malloc
_o_pow
_o_roundf
_o_sinf
_o_terminate
_o_towlower
_o_wcscpy_s
_o_wcstoul
_o_wmemcpy_s
__current_exception
__current_exception_context
__CxxFrameHandler3
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcsstr
wcsrchr
__C_specific_handler
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
_CxxThrowException
__C_specific_handler_noexcept
memmove

ntdll

EtwEventWriteTransfer
EtwEventUnregister
EtwUnregisterTraceGuids
RtlDllShutdownInProgress
RtlGetCurrentServiceSessionId
RtlGetActiveConsoleId
RtlQueryWnfStateData
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
EtwEventRegister
RtlNtStatusToDosError
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwEventActivityIdControl
RtlAcquireResourceShared
RtlPublishWnfStateData
RtlGetDeviceFamilyInfoEnum
NtQueryInformationProcess
NtDeleteWnfStateName
NtCreateWnfStateName
EtwTraceMessage
RtlFreeSid
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlInitUnicodeString
RtlInitializeResource
RtlDeleteResource
RtlAcquireResourceExclusive
RtlReleaseResource
EtwGetTraceLoggerHandle
EtwEventSetInformation
EtwGetTraceEnableFlags

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExA
FreeLibrary
SizeofResource
GetModuleFileNameA
GetProcAddress
FindResourceExW
GetModuleHandleW
LoadResource
GetModuleHandleExW
LockResource
DisableThreadLibraryCalls
LoadStringW
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

TryEnterCriticalSection
AcquireSRWLockShared
CreateEventW
OpenEventW
CreateEventExW
CreateMutexExW
AcquireSRWLockExclusive
LeaveCriticalSection
OpenSemaphoreW
EnterCriticalSection
CreateMutexW
SetEvent
ResetEvent
CreateSemaphoreExW
ReleaseSRWLockShared
InitializeCriticalSectionEx
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
ReleaseSRWLockExclusive
ReleaseMutex
ReleaseSemaphore
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapSize
GetProcessHeap
HeapReAlloc
HeapAlloc
HeapDestroy
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
SetLastError
GetLastError

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolThreadMaximum
CloseThreadpool
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CloseThreadpoolWait
SetThreadpoolThreadMinimum
CreateThreadpoolTimer
CreateThreadpool
SubmitThreadpoolWork
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolCleanupGroup
SetEventWhenCallbackReturns
CreateThreadpoolWork
CreateThreadpoolWait
IsThreadpoolTimerSet

api-ms-win-core-processthreads-l1-1-0

GetProcessTimes
GetCurrentThreadId
GetCurrentProcess
ProcessIdToSessionId
GetProcessId
GetCurrentProcessId
GetCurrentThread
CreateThread
OpenThreadToken
GetExitCodeProcess
TerminateProcess
CreateProcessW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

rpcrt4

NdrServerCall2
NdrServerCallAll
NdrClientCall3
RpcStringFreeW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
I_RpcExceptionFilter
RpcBindingFree
RpcImpersonateClient
RpcRevertToSelf
I_RpcBindingInqLocalClientPID
UuidCreate
I_RpcBindingInqTransportType
RpcServerInqBindings
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcBindingVectorFree
RpcServerUseProtseqEpW
RpcServerRegisterIf3
RpcServerUnregisterIfEx
UuidEqual

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount64
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-synch-l1-2-0

InitOnceComplete
WaitOnAddress
WakeByAddressAll
Sleep
InitOnceExecuteOnce
InitOnceBeginInitialize

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegGetValueW
RegDeleteKeyExW
RegNotifyChangeKeyValue
RegDeleteTreeW
RegEnumValueW
RegCreateKeyExW
RegOpenCurrentUser
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
CompareStringW

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-file-l1-1-0

CompareFileTime
CreateFileW
FileTimeToLocalFileTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoUninitialize
RoRevokeActivationFactories
RoRegisterActivationFactories

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus
RegisterWaitForSingleObject

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer
UnregisterWaitEx

api-ms-win-core-io-l1-1-0

PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatus

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-marshal-l1-1-0

HWND_UserUnmarshal64
HWND_UserSize64
HWND_UserMarshal64
HWND_UserSize
HWND_UserUnmarshal
HWND_UserFree64
HWND_UserFree
HWND_UserMarshal

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

combase

ord67
ord69
ord168
ord68
ord66
ord167

api-ms-win-core-memory-l1-1-1

GetProcessWorkingSetSizeEx
VirtualLock
SetProcessWorkingSetSizeEx
VirtualUnlock

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 388KB - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
auditcse.dll
.dll windows:10 windows x64 arch:x64

531ee27a782976eaf0cbb4000eeef395

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

auditcse.pdb

Imports

msvcp110_win

?_Orphan_all@_Container_base0@std@@QEAAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z
?_Xbad_alloc@std@@YAXXZ

msvcrt

??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
_callnewh
malloc
tolower
memcpy
memcmp
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBDH@Z
memmove
fclose
_wfopen_s
feof
fgetws
_wtoi
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_purecall
__CxxFrameHandler4
??3@YAXPEAX@Z
_CxxThrowException
__RTDynamicCast

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
DisableThreadLibraryCalls
FreeLibraryAndExitThread
LoadLibraryExW

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
TraceMessage
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
CreateThread
GetCurrentThreadId
GetCurrentThread
TerminateProcess
OpenThreadToken
GetCurrentProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

userenv

ProcessGroupPolicyCompletedEx

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

GetLengthSid
CopySid
AdjustTokenPrivileges
PrivilegeCheck
RevertToSelf
ImpersonateSelf
GetSecurityDescriptorSacl

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenKeyExW
RegCloseKey

rpcrt4

UuidToStringW
RpcStringFreeW
UuidFromStringW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l2-1-2

CopyFileW

oleaut32

SafeArrayPutElement
SysAllocString
SafeArrayCreate
SysAllocStringByteLen
SysStringByteLen
VariantClear
VariantInit
SysFreeString
SafeArrayDestroy

api-ms-win-core-com-l1-1-0

CoCreateGuid

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventEnabled
EventWrite
EventRegister

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection

advapi32

AuditFree
AuditEnumerateSubCategories
LsaSetCAPs
AuditSetGlobalSaclW
AuditSetPerUserPolicy
AuditSetSystemPolicy
AuditLookupSubCategoryNameW

shell32

SHCreateDirectoryExW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

GenerateGroupPolicy
GenerateGroupPolicyCap
ProcessGroupPolicyEx
ProcessGroupPolicyExCap

Sections

.text
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
auditpolcore.dll
.dll windows:10 windows x64 arch:x64

23d36525032044eb4bf2d5db1cb1f782

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

auditpolcore.pdb

Imports

msvcrt

memset
_initterm
_onexit
__C_specific_handler
malloc
memcmp
__iob_func
_lock
free
_XcptFilter
__dllonexit
__CxxFrameHandler4
_vsnwprintf
ferror
_unlock
_wcsicmp
fclose
??3@YAXPEAX@Z
_purecall
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
wcschr
_wfopen
wscanf
fgetws
feof
_wcsnicmp
wprintf
??_V@YAXPEAX@Z
_vsnwprintf_s
vfwprintf
qsort
_wtoi
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_amsg_exit
memcpy_s
wcscmp

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
SetThreadStackGuarantee
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemInfo

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCompareMemory
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
ReleaseMutex
CreateSemaphoreExW
CreateMutexExW
WaitForSingleObject
WaitForSingleObjectEx
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-security-base-l1-1-0

InitializeSecurityDescriptor
AdjustTokenPrivileges
SetSecurityDescriptorSacl
EqualSid
IsValidSid
IsWellKnownSid
GetSecurityDescriptorSacl

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-file-l1-1-0

WriteFile
DeleteFileW
CreateFileW

api-ms-win-core-console-l1-1-0

WriteConsoleW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-security-audit-l1-1-0

AuditQuerySystemPolicy
AuditSetSystemPolicy
AuditFree

api-ms-win-security-audit-l1-1-1

AuditEnumerateCategories
AuditLookupSubCategoryNameW
AuditQueryGlobalSaclW
AuditSetGlobalSaclW
AuditEnumeratePerUserPolicy
AuditEnumerateSubCategories
AuditSetPerUserPolicy
AuditQueryPerUserPolicy
AuditLookupCategoryNameW

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW
GetExplicitEntriesFromAclW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

ntdll

RtlAllocateHeap
RtlNtStatusToDosError
RtlGUIDFromString
RtlImageNtHeader
RtlFreeHeap

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery
VirtualAlloc

Exports

Exports

AdtBackupPolicy
AdtBackupPolicyGeneralized
AdtClearPolicy
AdtConstructAllCategoryGuids
AdtConvertGuidStringToGuid
AdtConvertGuidToString
AdtDisableSinglePrivilege
AdtEnableSinglePrivilege
AdtGetOption
AdtGetPerUserPolicy
AdtGetSystemPolicy
AdtListCategories
AdtListSubCategories
AdtLoadStringEx
AdtParseAuditOptionName
AdtParseGuidOrNameArray
AdtRemoveAllUsers
AdtRemoveBasePolicy
AdtRestorePolicy
AdtRestorePolicyGeneralized
AdtSetOption
AdtSetPerUserPolicy
AdtSetSystemPolicy
AuditPolicyData_DeleteAuditDataInstance
DisplayMessage
DisplayMessageToSpecificConsoleHandle
GetDisplayPolicy
LoadFormatStringAndPrintToConsole
SetDisplayPolicy

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
authentication.dll
.dll windows:10 windows x64 arch:x64

bec8dfc563f7f1c7a54d3aba47ec4509

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Authentication.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
_Mtx_unlock
_Mtx_init_in_situ
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o_free
_o_malloc
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vsnprintf_s
__std_terminate
__CxxFrameHandler4
_o___stdio_common_vswprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
CreateSemaphoreExW
CreateEventExW
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
SetEvent

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
FreeSid
RevertToSelf
CheckTokenMembership
ImpersonateLoggedOnUser

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoGetActivationFactory
RoInitialize

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ext-ms-win-session-usermgr-l1-1-0

UMgrQueryUserToken

Exports

Exports

AuthzGetAccountType
AuthzRequestTicketWithWindow
AuthzRequestTicketWithoutWindow
GetAccountType
RequestTicketWithWindow
RequestTicketWithoutWindow

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
authfwcfg.dll
.dll windows:10 windows x64 arch:x64

c4ad0d16718d18b1befc3da5c8eca0c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

authfwcfg.pdb

Imports

msvcrt

wcscpy_s
??3@YAXPEAX@Z
_vsnwprintf
_purecall
wcstok_s
_wcsicmp
?what@exception@@UEBAPEBDXZ
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
memcmp
isdigit
isalnum
memset
abort
_wsetlocale
__crtLCMapStringW
_wcsdup
memchr
tolower
isspace
__uncaught_exception
_unlock
_lock
setlocale
calloc
__pctype_func
_ismbblead
___lc_codepage_func
___lc_handle_func
_errno
___mb_cur_max_func
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
localeconv
ldexp
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
_wcsnicmp
??_V@YAXPEAX@Z
_itow_s
iswdigit
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
free
malloc
_vsnprintf
__CxxFrameHandler4

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
LoadStringW

bcrypt

BCryptGetFipsAlgorithmMode

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeEx
CoCreateInstance
CoCreateGuid
StringFromGUID2

oleaut32

SysFreeString
VariantClear
SysAllocString
VariantInit

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
GetStringTypeW
CompareStringW
MultiByteToWideChar

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetComputerNameExW
GetVersionExW
GetTickCount

api-ms-win-security-base-l1-1-0

CheckTokenMembership
FreeSid
AllocateAndInitializeSid

ntdll

RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
RtlIpv4AddressToStringW
RtlIpv6AddressToStringW
WinSqmAddToStream

ws2_32

htonl

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

netsh.exe

RegisterContext
RegisterHelper
PrintMessageFromModule
PrintError
PrintMessage
MatchTagsInCmdLine
MatchToken

fwpolicyiomgr

FwCopyPortsContents

firewallapi

FWSetFirewallRule
FWRestoreGPODefaults
FWRestoreDefaults
FWExportPolicy
FWImportPolicy
FWClosePolicyStore
FwBstrToPorts
FWFreeFirewallRule
FWFreeConnectionSecurityRule
FWEnumPhase2SAs
FWEnumPhase1SAs
FWFreeAuthenticationSets
FWCopyAuthenticationSet
FWEnumAuthenticationSets
FWFreeCryptoSets
FWCopyCryptoSet
FWFreeConnectionSecurityRules
FWCopyConnectionSecurityRule
FWEnumConnectionSecurityRules
FWFreeFirewallRules
FWCopyFirewallRule
FWEnumFirewallRules
FWGetGlobalConfig
FWOpenPolicyStore
FWStatusMessageFromStatusCode
FWDeletePhase2SAs
FWDeletePhase1SAs
FWFreePhase2SAs
FWFreePhase1SAs
FWDeleteFirewallRule
FWAddFirewallRule
FWVerifyFirewallRule
FWEnumMainModeRules
FWSetMainModeRule
FWDeleteMainModeRule
FWFreeMainModeRules
FWAddMainModeRule
FWVerifyMainModeRule
FwGetAddressesAsString
FWSetCryptoSet
FwCopyWFAddressesContents
FWSetConnectionSecurityRule
FWEnumCryptoSets
FWDeleteCryptoSet
FWDeleteAuthenticationSet
FWDeleteConnectionSecurityRule
FWAddConnectionSecurityRule
FWAddAuthenticationSet
FWAddCryptoSet
FWFreeAuthenticationSet
FwFreeAddresses
FWVerifyConnectionSecurityRule
FWVerifyAuthenticationSet
FwStringToAddresses
FWFreeProducts
FWEnumProducts
FwIsRemoteManagementEnabled
FWGetConfig
FWFreeCryptoSet
FWVerifyCryptoSet
FWSetGlobalConfig
FWSetConfig

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

GetResourceString
InitHelperDll

Sections

.text
Size: 324KB - Virtual size: 322KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
authui.dll
.dll windows:10 windows x64 arch:x64

783f487551765864e8f0efb9c979c37a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

authui.pdb

Imports

msvcrt

floorf
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_get_errno
memcmp
memcpy
memmove
__CxxFrameHandler3
memset
_CxxThrowException
_onexit
??1type_info@@UEAA@XZ
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
__CxxFrameHandler4
?terminate@@YAXXZ
malloc
free
_amsg_exit
_XcptFilter
_set_errno
??0exception@@QEAA@AEBV0@@Z
wcscmp

credprovcommoncore

ord18

shcore

ord188
IUnknown_Set
ord141
SHCreateThread
ord109
ord123
IsOS

shlwapi

ord172
PathFileExistsW
ord219

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree

ntdll

memmove_s
_wcsicmp
memcpy_s
_vsnwprintf
_vsnprintf_s
NtQueryWnfStateData
RtlPublishWnfStateData
EtwEventActivityIdControl
WinSqmSetDWORD
WinSqmIsOptedIn
NtPowerInformation
WinSqmAddToStream
EtwEventWriteTransfer
RtlEqualUnicodeString
RtlNtStatusToDosError
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwEventRegister
EtwEventUnregister
EtwEventSetInformation
EtwTraceMessage

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceExecuteOnce
InitOnceComplete
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
OpenThreadToken
GetCurrentThreadId
TlsAlloc
GetCurrentProcessId
GetExitCodeProcess
GetProcessId
GetCurrentThread
OpenProcessToken
TlsGetValue
SetProcessShutdownParameters
TlsFree
TlsSetValue

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
WaitForSingleObjectEx
ResetEvent
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
LeaveCriticalSection
SetEvent
CreateEventExW
OpenEventW
CreateEventW
InitializeCriticalSection
WaitForMultipleObjectsEx
EnterCriticalSection
CreateMutexExW
AcquireSRWLockShared
AcquireSRWLockExclusive
CreateSemaphoreExW
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
ReleaseSRWLockShared
DeleteCriticalSection

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
FindResourceExW
LoadResource
LockResource
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
LoadLibraryExW
FreeLibrary
DisableThreadLibraryCalls

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
GetThreadUILanguage
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-security-base-l1-1-0

CopySid
GetLengthSid
AdjustTokenPrivileges
GetTokenInformation

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
PropVariantClear
CoCreateInstance
CoGetApartmentType
CoTaskMemFree
CoTaskMemRealloc

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics
SystemParametersInfoW

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegGetValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyExW
RegSetValueExW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-oobe-notification-l1-1-0

OOBEComplete

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
CloseServiceHandle

api-ms-win-service-management-l2-1-0

QueryServiceConfigW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-rtcore-ntuser-window-l1-1-0

GetWindowRect
SetWindowPos
DestroyWindow
SetTimer
KillTimer
DefWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
SendMessageW
PostMessageW
GetWindowThreadProcessId
EnumWindows

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-shutdown-l1-1-1

InitiateShutdownW

powrprof

SetSuspendState

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-rtcore-ntuser-powermanagement-l1-1-0

UnregisterPowerSettingNotification
RegisterPowerSettingNotification

api-ms-win-rtcore-ntuser-draw-l1-1-0

RedrawWindow

api-ms-win-rtcore-ntuser-winevent-l1-1-0

SetWinEventHook
UnhookWinEvent

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-rtcore-ntuser-private-l1-1-0

CreateWindowInBand

api-ms-win-ntuser-rectangle-l1-1-0

PtInRect

gdi32

GetObjectW
DeleteObject
CreateDIBSection

dwmapi

DwmIsCompositionEnabled

user32

RecordShutdownReason
RemovePropW
NotifyWinEvent
IsSETEnabled
IsWindowUnicode
DefWindowProcA
MonitorFromPoint
DestroyReasons
PostThreadMessageW
GetThreadDesktop
GetUserObjectInformationW
BuildReasonArray
SetPropW
GetKeyState
GetLastInputInfo

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWriteTransfer

oleaut32

VariantClear
SysFreeString
SysAllocString

api-ms-win-core-com-private-l1-1-0

CoRevokeInitializeSpy
CoRegisterInitializeSpy

api-ms-win-core-path-l1-1-0

PathCchAppend

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
authz.dll
.dll windows:10 windows x64 arch:x64

bcffd8d7d4283c26d0269c2b5bff7376

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

authz.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
wcscmp
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
memcpy
_o__wcsicmp
_o__wcsnicmp
_o__wtoi
_o__wtoi64
_o_free
_o_malloc
_o_wcstol
_o___stdio_common_vswprintf
_o___std_type_info_destroy_list
wcsstr
__C_specific_handler
memcmp

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
WaitForSingleObject
ResetEvent
SetEvent
DeleteCriticalSection
CreateEventW
LeaveCriticalSection
InitializeCriticalSection

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentThread
OpenThreadToken
GetCurrentProcessId
GetCurrentProcess
OpenProcessToken
SetThreadPriority
SetThreadStackGuarantee
TerminateProcess
GetCurrentThreadId

api-ms-win-security-base-l1-1-0

InitializeAcl
GetSidSubAuthority
InitializeSid
AllocateAndInitializeSid
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
IsWellKnownSid
CreateWellKnownSid
EqualDomainSid
AddAccessAllowedAce
IsValidSid
IsValidSecurityDescriptor
GetSecurityDescriptorLength
AdjustTokenPrivileges
GetTokenInformation
GetLengthSid
GetSecurityDescriptorControl
InitializeSecurityDescriptor
GetSecurityDescriptorOwner
SetSecurityDescriptorOwner
GetSecurityDescriptorGroup
SetSecurityDescriptorGroup
GetSidSubAuthorityCount

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegDeleteKeyExW
RegEnumValueW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetComputerNameExW
GetSystemInfo

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlCompareMemory
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-sysinfo-l1-2-0

GetOsSafeBootMode

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc
VirtualQuery
VirtualProtect

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

ntdll

RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlInitializeResource
RtlDeleteResource
RtlAcquireResourceShared
RtlEqualSid
RtlValidSecurityDescriptor
RtlOwnerAcesPresent
RtlLengthSecurityDescriptor
RtlMakeSelfRelativeSD
RtlInitUnicodeString
NtOpenKey
NtQueryValueKey
NtClose
RtlInitializeCriticalSection
RtlIsPackageSid
RtlIsCapabilitySid
RtlCopySid
RtlValidSid
RtlValidRelativeSecurityDescriptor
RtlCopyLuid
RtlCopyLuidAndAttributesArray
RtlSubAuthorityCountSid
RtlSubAuthoritySid
RtlInitString
RtlGetNtProductType
EtwTraceMessage
RtlNtStatusToDosErrorNoTeb
RtlAllocateHeap
RtlImageNtHeader
RtlFreeHeap
RtlEqualUnicodeString
RtlCopyUnicodeString
RtlCompareUnicodeString
RtlUpcaseUnicodeChar
RtlIsNameInExpression
RtlDeleteCriticalSection
RtlSidHashInitialize
NtQuerySecurityAttributesToken
NtQueryInformationToken
RtlReleaseResource
RtlAcquireResourceExclusive
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
RtlLengthSid
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlInitializeSid
RtlNtStatusToDosError
NtAllocateLocallyUniqueId
RtlLengthRequiredSid

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AuthzAccessCheck
AuthzAddSidsToContext
AuthzCachedAccessCheck
AuthzComputeEffectivePermission
AuthzEnumerateSecurityEventSources
AuthzEvaluateSacl
AuthzFreeAuditEvent
AuthzFreeCentralAccessPolicyCache
AuthzFreeContext
AuthzFreeHandle
AuthzFreeResourceManager
AuthzGetInformationFromContext
AuthzInitializeCompoundContext
AuthzInitializeContextFromAuthzContext
AuthzInitializeContextFromSid
AuthzInitializeContextFromToken
AuthzInitializeObjectAccessAuditEvent
AuthzInitializeObjectAccessAuditEvent2
AuthzInitializeRemoteAccessCheck
AuthzInitializeRemoteResourceManager
AuthzInitializeResourceManager
AuthzInitializeResourceManagerEx
AuthzInstallSecurityEventSource
AuthzModifyClaims
AuthzModifySecurityAttributes
AuthzModifySids
AuthzOpenObjectAudit
AuthzRegisterCapChangeNotification
AuthzRegisterSecurityEventSource
AuthzReportSecurityEvent
AuthzReportSecurityEventFromParams
AuthzSetAppContainerInformation
AuthzShutdownRemoteAccessCheck
AuthzUninstallSecurityEventSource
AuthzUnregisterCapChangeNotification
AuthzUnregisterSecurityEventSource
AuthziAccessCheckEx
AuthziAllocateAuditParams
AuthziCheckContextMembership
AuthziFreeAuditEventType
AuthziFreeAuditParams
AuthziFreeAuditQueue
AuthziGenerateAdminAlertAuditW
AuthziInitializeAuditEvent
AuthziInitializeAuditEventType
AuthziInitializeAuditParams
AuthziInitializeAuditParamsFromArray
AuthziInitializeAuditParamsWithRM
AuthziInitializeAuditQueue
AuthziInitializeContextFromSid
AuthziLogAuditEvent
AuthziModifyAuditEvent
AuthziModifyAuditEvent2
AuthziModifyAuditEventType
AuthziModifyAuditQueue
AuthziModifySecurityAttributes
AuthziQuerySecurityAttributes
AuthziSourceAudit
FreeClaimDefinitions
FreeClaimDictionary
GenerateNewCAPID
GetCentralAccessPoliciesByCapID
GetCentralAccessPoliciesByDN
GetClaimDefinitions
GetClaimDomainInfo
GetDefaultCAPESecurityDescriptor
InitializeClaimDictionary
RefreshClaimDictionary

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
autopilot.dll
.dll regsvr32 windows:10 windows x64 arch:x64

9ecc1113444a089dd752c215920605d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

autopilot.pdb

Imports

msvcp_win

?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?exceptions@ios_base@std@@QEAAXH@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?get@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QEBA?AV?$istreambuf_iterator@GU?$char_traits@G@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBG4@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsdup
_o__wcsicmp
memmove
_o__wcsnicmp
_o_free
_o_malloc
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memchr
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
FreeLibraryAndExitThread
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
FreeLibrary

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
CreateSemaphoreExW
EnterCriticalSection
WaitForSingleObject
ReleaseSRWLockExclusive
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateMutexExW
ReleaseMutex
SetEvent
ResetEvent
InitializeCriticalSectionEx
CreateEventW
ReleaseSRWLockShared
LeaveCriticalSection
CreateEventExW
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoCreateInstance
IIDFromString
CoTaskMemFree
StringFromGUID2
CoCreateGuid
CoWaitForMultipleHandles

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventActivityIdControl
EventWriteTransfer
EventRegister

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteStringBuffer
WindowsDuplicateString
WindowsPreallocateStringBuffer
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsPromoteStringBuffer
WindowsCreateString

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
CreateThread
OpenProcessToken
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
ResumeThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegEnumValueW
RegDeleteTreeW
RegGetValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

rpcrt4

UuidCreate

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlReleasePrivilege
RtlIsStateSeparationEnabled
RtlAcquirePrivilege

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

ncrypt

NCryptGetProperty
NCryptOpenStorageProvider

winhttp

WinHttpReadData
WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpConnect
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpOpenRequest

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateDirectoryW
ReadFile
CreateFileW
WriteFile
GetFileSizeEx
SetFilePointerEx

api-ms-win-core-firmware-l1-1-0

SetFirmwareEnvironmentVariableW
GetFirmwareEnvironmentVariableW

api-ms-win-core-sysinfo-l1-2-0

GetSystemFirmwareTable

userenv

ExpandEnvironmentStringsForUserW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-service-management-l1-1-0

StartServiceW
OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AutoPilotGetOobeSettingsOverride
AutoPilotGetPolicyDwordByName
AutoPilotGetPolicyStringByName
AutoPilotIsLocalProfileAvailable
AutoPilotIsNetworkRequired
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
autopilotdiag.dll
.dll windows:10 windows x64 arch:x64

f629bb8789eda421161863c0a2e9ff9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

autopilotdiag.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___std_type_info_destroy_list
_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
__C_specific_handler

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
autoplay.dll
.dll windows:10 windows x64 arch:x64

dd3b4e4c9caeef639cf80353b4e0b614

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

autoplay.pdb

Imports

msvcrt

_XcptFilter
_amsg_exit
free
malloc
_initterm
__C_specific_handler
memcpy_s
_lock
_unlock
__dllonexit
_onexit
memcpy
_vsnwprintf
memset

atl

ord30

shell32

ord18
SHParseDisplayName
ord155
ShellExecuteExW
ord25
SHBindToObject

shlwapi

ord199
ord538
SHDeleteValueW
ord618
SHSetValueW
ord256
SHStrDupW
ord176
ord544
StrCmpIW
ord174
ord204
ord437
ord219
SHGetValueW
ord158
ord156
ord24
ord514

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
LockResource
FindResourceExW
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleExW
DisableThreadLibraryCalls
LoadStringW
GetProcAddress
GetModuleHandleW
LoadResource

api-ms-win-core-synch-l1-1-0

CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegCreateKeyExW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

devobj

DevObjCreateDeviceInfoList
DevObjGetClassDevs
DevObjEnumDeviceInterfaces
DevObjDestroyDeviceInfoList

kernel32

ReleaseActCtx
CreateActCtxW
DeactivateActCtx
ActivateActCtx

ntdll

EtwEventRegister
EtwEventUnregister
EtwLogTraceEvent
WinSqmAddToStream
EtwEventSetInformation
EtwEventWriteTransfer

dui70

UnInitThread
UnInitProcessPriv
InitThread
InitProcessPriv
?CreateXBaby@XProvider@DirectUI@@UEAAJPEAVIXElementCP@2@PEAUHWND__@@PEAVElement@2@PEAKPEAPEAUIXBaby@2@@Z
?SetButtonClassAcceptsEnterKey@XProvider@DirectUI@@UEAAJ_N@Z
?GetAtom@Value@DirectUI@@QEAAGXZ
?Init@NavReference@DirectUI@@QEAAXPEAVElement@2@PEAUtagRECT@@@Z
?SetRegisteredDefaultButton@XProvider@DirectUI@@UEAAJPEAVElement@2@@Z
?ClickDefaultButton@XProvider@DirectUI@@UEAAHXZ
?ForceThemeChange@XProvider@DirectUI@@UEAAJ_K_J@Z
?GetHostedElementID@XProvider@DirectUI@@UEAAJPEAG@Z
?FindElementWithShortcutAndDoDefaultAction@XProvider@DirectUI@@UEAAHGH@Z
?CanSetFocus@XProvider@DirectUI@@UEAAJPEA_N@Z
?Navigate@XProvider@DirectUI@@UEAAJHPEA_N@Z
?SetFocus@XProvider@DirectUI@@UEAAJPEAVElement@2@@Z
?IsDescendent@XProvider@DirectUI@@UEAAJPEAVElement@2@PEA_N@Z
?GetDesiredSize@XProvider@DirectUI@@UEAAJHHPEAUtagSIZE@@@Z
?SetParameter@XProvider@DirectUI@@UEAAJAEBU_GUID@@PEAX@Z
?AddRef@XProvider@DirectUI@@UEAAKXZ
?GetClassInfoPtr@HWNDElement@DirectUI@@SAPEAUIClassInfo@2@XZ
?SetDefaultButtonTracking@XProvider@DirectUI@@UEAAJ_N@Z
?SetHandleEnterKey@XProvider@DirectUI@@IEAAX_N@Z
?CreateDUI@XProvider@DirectUI@@UEAAJPEAVIXElementCP@2@PEAPEAUHWND__@@@Z
?GetRoot@XProvider@DirectUI@@IEAAPEAVElement@2@XZ
?Initialize@XProvider@DirectUI@@QEAAJPEAVElement@2@PEAVIXProviderCP@2@@Z
?Create@XResourceProvider@DirectUI@@SAJPEAUHINSTANCE__@@PEBG11PEAPEAV12@@Z
?QueryInterface@XProvider@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
??1XProvider@DirectUI@@UEAA@XZ
??0XProvider@DirectUI@@QEAA@XZ
?GetID@Element@DirectUI@@QEAAGXZ
?GetType@Value@DirectUI@@QEBAHXZ
?GetBool@Value@DirectUI@@QEAA_NXZ
?GetDisplayNode@Element@DirectUI@@QEAAPEAUHGADGET__@@XZ
?IsDestroyed@Element@DirectUI@@QEAA_NXZ
?GetWidth@Element@DirectUI@@QEAAHXZ
?GetHeight@Element@DirectUI@@QEAAHXZ
?SetHeight@Element@DirectUI@@QEAAJH@Z
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?GetHWND@HWNDHost@DirectUI@@UEAAPEAUHWND__@@XZ
?GetHWNDParent@HWNDHost@DirectUI@@QEAAPEAUHWND__@@XZ
?GetTransparent@HWNDHost@DirectUI@@QEAA_NXZ
?EraseBkgnd@HWNDHost@DirectUI@@MEAA_NPEAUHDC__@@PEA_J@Z
?SetWindowDirection@HWNDHost@DirectUI@@UEAAXPEAUHWND__@@@Z
?OnWindowStyleChanged@HWNDHost@DirectUI@@UEAAX_KPEBUtagSTYLESTRUCT@@@Z
?OnCtrlThemeChanged@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnSinkThemeChanged@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?GetAccessibleImpl@HWNDHost@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?GetKeyFocused@HWNDHost@DirectUI@@UEAA_NXZ
?OnUnHosted@HWNDHost@DirectUI@@MEAAXPEAVElement@2@@Z
?MessageCallback@HWNDHost@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?GetStringNull@Value@DirectUI@@SAPEAV12@XZ
?OnEvent@HWNDHost@DirectUI@@UEAAXPEAUEvent@2@@Z
?OnDestroy@HWNDHost@DirectUI@@UEAAXXZ
?Register@HWNDHost@DirectUI@@SAJXZ
?SetKeyFocus@HWNDHost@DirectUI@@UEAAXXZ
?CreateAccNameLabel@HWNDHost@DirectUI@@IEAAPEAUHWND__@@PEAU3@@Z
?SyncRect@HWNDHost@DirectUI@@IEAAXI_N@Z
?OnAdjustWindowSize@HWNDHost@DirectUI@@UEAAHHHI@Z
?OnNotify@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnHosted@HWNDHost@DirectUI@@MEAAXPEAVElement@2@@Z
?OnPropertyChanged@HWNDHost@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?FireEvent@Element@DirectUI@@QEAAXPEAUEvent@2@_N1@Z
?OnInput@HWNDHost@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?GetBoolFalse@Value@DirectUI@@SAPEAV12@XZ
??1HWNDHost@DirectUI@@UEAA@XZ
??0HWNDHost@DirectUI@@QEAA@XZ
?Initialize@HWNDHost@DirectUI@@QEAAJIIPEAVElement@2@PEAK@Z
?GetClassInfoPtr@HWNDHost@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@P6APEBUPropertyInfo@2@XZHPEAUUpdateCache@2@@Z
?HeightProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?GetInt@Value@DirectUI@@QEAAHXZ
?GetString@Value@DirectUI@@QEAAPEBGXZ
?Release@Value@DirectUI@@QEAAXXZ
??0CritSecLock@DirectUI@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
??1CritSecLock@DirectUI@@QEAA@XZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?UpdateTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?ActivateTooltip@Element@DirectUI@@MEAAXPEAV12@K@Z
?RemoveTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?GetVisible@Element@DirectUI@@QEAA_NXZ
?GetChildren@Element@DirectUI@@QEAAPEAV?$DynamicArray@PEAVElement@DirectUI@@$0A@@2@PEAPEAVValue@2@@Z
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?GetSelected@Element@DirectUI@@QEAA_NXZ
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
?SetID@Element@DirectUI@@QEAAJPEBG@Z
?SetSelected@Element@DirectUI@@QEAAJ_N@Z
?SetAccName@Element@DirectUI@@QEAAJPEBG@Z
?SetAccDesc@Element@DirectUI@@QEAAJPEBG@Z
??0Macro@DirectUI@@QEAA@XZ
??1Macro@DirectUI@@UEAA@XZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UEBAXXZ
?GetChildren@ClassInfoBase@DirectUI@@UEBAHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UEAAXXZ
?AddChild@ClassInfoBase@DirectUI@@UEAAXXZ
?IsGlobal@ClassInfoBase@DirectUI@@UEBA_NXZ
?GetModule@ClassInfoBase@DirectUI@@UEBAPEAUHINSTANCE__@@XZ
?IsSubclassOf@ClassInfoBase@DirectUI@@UEBA_NPEAUIClassInfo@2@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UEBA_NPEBUPropertyInfo@2@@Z
?GetName@ClassInfoBase@DirectUI@@UEBAPEBGXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UEBAIXZ
?GetPICount@ClassInfoBase@DirectUI@@UEBAIXZ
?SetActive@Element@DirectUI@@QEAAJH@Z
?GetUnset@Value@DirectUI@@SAPEAV12@XZ
?GetAtomZero@Value@DirectUI@@SAPEAV12@XZ
?Paint@HWNDHost@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?GetByClassIndex@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?Release@ClassInfoBase@DirectUI@@UEAAHXZ
?AddRef@ClassInfoBase@DirectUI@@UEAAXXZ
?BuildElement@Macro@DirectUI@@MEAAJXZ
?Add@Macro@DirectUI@@UEAAJPEAPEAVElement@2@I@Z
?OnPropertyChanged@Macro@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?GetIntZero@Value@DirectUI@@SAPEAV12@XZ
?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z
?CreateInt@Value@DirectUI@@SAPEAV12@HW4DynamicScaleValue@@@Z
?ContentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?GetClassInfoPtr@Element@DirectUI@@SAPEAUIClassInfo@2@XZ
?StartDefer@Element@DirectUI@@QEAAXPEAK@Z
?EndDefer@Element@DirectUI@@QEAAXK@Z
?Initialize@Element@DirectUI@@QEAAJIPEAV12@PEAK@Z
??0Element@DirectUI@@QEAA@XZ
??1Element@DirectUI@@UEAA@XZ
?GetClassInfoPtr@Macro@DirectUI@@SAPEAUIClassInfo@2@XZ
?Initialize@Macro@DirectUI@@QEAAJPEAVElement@2@PEAK@Z
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
StrToID
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@PEBUPropertyInfo@2@HPEAUUpdateCache@2@@Z
?SetValue@Element@DirectUI@@QEAAJPEBUPropertyInfo@2@HPEAVValue@2@@Z
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?Add@Element@DirectUI@@QEAAJPEAV12@@Z
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?Click@Button@DirectUI@@SA?AVUID@@XZ
?OnEvent@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?OnDestroy@Element@DirectUI@@UEAAXXZ
?CreateGraphic@Value@DirectUI@@SAPEAV12@PEAUHICON__@@_N11@Z
?Register@Element@DirectUI@@SAJXZ
?GetFactoryLock@Element@DirectUI@@SAPEAU_RTL_CRITICAL_SECTION@@XZ
?ClassExist@ClassInfoBase@DirectUI@@SA_NPEAPEAUIClassInfo@2@PEBQEBUPropertyInfo@2@IPEAU32@PEAUHINSTANCE__@@PEBG_N@Z
?Register@ClassInfoBase@DirectUI@@QEAAJXZ
?Register@Macro@DirectUI@@SAJXZ
?Initialize@ClassInfoBase@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG_NPEBQEBUPropertyInfo@2@I@Z
??0ClassInfoBase@DirectUI@@QEAA@XZ
??1ClassInfoBase@DirectUI@@UEAA@XZ
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnGroupChanged@Element@DirectUI@@UEAAXH_N@Z
?OnInput@Element@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?GetAccessibleImpl@Element@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ

duser

AttachWndProcW
ForwardGadgetMessage

gdi32

GetTextExtentPoint32W
ExcludeClipRect
SelectObject

user32

GetComboBoxInfo
GetWindowLongPtrW
CreateWindowExW
EnableWindow
ReleaseDC
GetDC
GetParent
WindowFromDC
SetWindowPos
GetSystemMetrics
CallWindowProcW
SendMessageW
DestroyIcon
GetWindowRect
GetFocus
SetCursor
LoadCursorW
MapWindowPoints

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
autotimesvc.dll
.dll windows:10 windows x64 arch:x64

8f7e503127bde7eb88706cd22ba695da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

autotimesvc.pdb

Imports

msvcp_win

_Thrd_join
_Thrd_id
_Cnd_wait
_Cnd_do_broadcast_at_thread_exit
_Cnd_unregister_at_thread_exit
_Cnd_register_at_thread_exit
_Cnd_destroy_in_situ
_Mtx_init_in_situ
_Mtx_unlock
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Mtx_destroy_in_situ
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Syserror_map@std@@YAPEBDH@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
_Cnd_init_in_situ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
_Mtx_lock
?_Xlength_error@std@@YAXPEBD@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_broadcast

api-ms-win-crt-string-l1-1-0

memset
wcsnlen

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wcsnicmp
_o_free
_o_malloc
_o_terminate
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__callnewh
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__beginthreadex
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_o__cexit
memcpy

rpcrt4

RpcStringFreeW
RpcBindingFree
RpcBindingSetAuthInfoExW
NdrClientCall3
RpcExceptionFilter
RpcStringBindingComposeW
RpcBindingFromStringBindingW

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
LeaveCriticalSection
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
EnterCriticalSection
CreateEventW
AcquireSRWLockExclusive
SleepEx
CreateSemaphoreExW
ReleaseSRWLockExclusive
CreateMutexExW
WaitForSingleObject
DeleteCriticalSection
SetEvent
InitializeCriticalSectionEx

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister
EventUnregister
EventActivityIdControl

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleHandleExW
GetProcAddress

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WaitOnAddress
InitOnceExecuteOnce
Sleep

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW
OpenServiceW
StartServiceW

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoInitializeSecurity

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
OpenProcessToken
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW
ChangeServiceConfigW

api-ms-win-core-sysinfo-l1-2-0

SetSystemTime
GetSystemTimePreciseAsFileTime

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorDacl
AdjustTokenPrivileges

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetTickCount64

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegGetValueW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus
ControlService

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-path-l1-1-0

PathCchCombine

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlPublishWnfStateData
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlIsStateSeparationEnabled
RtlUnsubscribeWnfNotificationWaitForCompletion

umpdc

PdcActivationClientActivityRequest
PdcActivationClientRegister
PdcActivationClientUnregister

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
ServiceMain
SvchostPushServiceGlobalsEx

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
avicap32.dll
.dll windows:10 windows x64 arch:x64

8c7543f435c4b55b0afdf445a15ed1c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

avicap32.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
memmove
_o_atoi
__C_specific_handler
_o__cexit
_o__execute_onexit_table
_o__configure_narrow_argv
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___std_type_info_destroy_list
memcpy

api-ms-win-crt-string-l1-1-0

memset

msvfw32

ICCompressorFree
DrawDibClose
ICImageDecompress
DrawDibRealize
ICSeqCompressFrame
DrawDibGetPalette
ICSeqCompressFrameStart
ICSeqCompressFrameEnd
DrawDibOpen
DrawDibBegin
ICCompressorChoose
DrawDibDraw

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalFree
GlobalAlloc
LocalAlloc
LocalUnlock
LocalLock

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA
lstrcmpiW
lstrlenW

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleW
LoadStringW
LoadStringA
GetModuleFileNameW
GetProcAddress
FreeLibrary

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-heap-obsolete-l1-1-0

GlobalReAlloc
GlobalLock
GlobalUnlock
GlobalHandle

api-ms-win-mm-time-l1-1-0

timeGetTime

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
CreateThread
GetThreadPriority
SetThreadPriority
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThread

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObject
LeaveCriticalSection
SetEvent
CreateEventW
EnterCriticalSection

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GlobalMemoryStatusEx
GetLocalTime

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-file-l1-1-0

GetFileAttributesW
GetFileSize
GetDiskFreeSpaceW
CreateFileW
SetFilePointer
DeleteFileW
GetFullPathNameW
WriteFile

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-io-l1-1-0

GetOverlappedResult

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegQueryValueExA

api-ms-win-core-registry-l2-1-0

RegOpenKeyA
RegOpenKeyW
RegEnumKeyW
RegCreateKeyW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-localization-l1-2-0

GetACP

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

gdi32

GetStockObject
GetDeviceCaps
GetSystemPaletteEntries
GetDCOrgEx
GetClipBox
CreatePalette
DeleteObject
SelectObject
PatBlt
GetNearestPaletteIndex
GetObjectW
RealizePalette
GetPaletteEntries
SelectPalette
SetWindowOrgEx

kernel32

LocalHandle

user32

BeginPaint
EndPaint
GetClipboardData
PeekMessageW
GetDC
MessageBoxW
GetAsyncKeyState
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
SetCursor
GetClientRect
SetRect
UpdateWindow
InvalidateRect
ReleaseDC
CreateWindowExW
UnregisterClassW
GetWindowLongPtrW
GetClassInfoW
RegisterClassW
LoadCursorW
GetParent
ClientToScreen
SetTimer
MsgWaitForMultipleObjects
SendMessageW
SetWindowLongPtrW
EqualRect
DefWindowProcW
TranslateMessage
DispatchMessageW
IsWindow
PostMessageW
KillTimer
MessageBeep

winmm

waveInAddBuffer
waveInStart
waveInOpen
waveInUnprepareHeader
waveOutGetNumDevs
mciSendStringW
waveInReset
waveInPrepareHeader
waveInStop
waveInClose
mmioWrite
mmioOpenW
mmioSeek
mmioClose
mmioRead
SendDriverMessage
mmioCreateChunk
mmioAscend
mmioFlush
CloseDriver
OpenDriver
mmioDescend

Exports

Exports

AppCleanup
capCreateCaptureWindowA
capCreateCaptureWindowW
capGetDriverDescriptionA
capGetDriverDescriptionW
videoThunk32

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
avifil32.dll
.dll windows:10 windows x64 arch:x64

c763e067c6059e40e36cf0484f7dea20

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

avifil32.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__purecall
_o__seh_filter_dll
_o_atoi
_o_free
_o_malloc
_o_mbstowcs
__C_specific_handler
_o___stdio_common_vswprintf
_o___std_type_info_destroy_list
_o__cexit
_o__callnewh
_o__execute_onexit_table
_o__configure_narrow_argv
memmove
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

msvfw32

ICCompress
ICDecompress
ICCompressorChoose
ICClose
ICOpen
ICSendMessage
ICCompressorFree
ICGetInfo
ICLocate
ICGetDisplayFormat

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock
GlobalSize
GlobalReAlloc
GlobalHandle

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrcmpW
lstrlenA

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalAlloc
LocalAlloc
GlobalFree

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
DisableThreadLibraryCalls

api-ms-win-core-com-l1-1-0

CoGetMarshalSizeMax
CoGetMalloc
CoUnmarshalInterface
CoMarshalInterface
CreateStreamOnHGlobal
CoCreateInstance

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetErrorMode

api-ms-win-core-string-l2-1-0

CharPrevW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExA

api-ms-win-core-registry-l2-1-0

RegOpenKeyA
RegQueryValueW
RegOpenKeyW
RegEnumKeyW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
LeaveCriticalSection
CreateEventW
DeleteCriticalSection
InitializeCriticalSection
ResetEvent

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-file-l1-1-0

GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
ReadFile
CreateFileW
GetFileSize

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-io-l1-1-0

GetOverlappedResult

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

gdi32

CreatePalette
CreateHalftonePalette

msacm32

acmStreamPrepareHeader
acmFormatSuggest
acmStreamOpen
acmStreamClose
acmFormatDetailsW
acmFormatChooseW
acmFormatTagDetailsW
acmStreamSize
acmMetrics
acmStreamConvert
acmGetVersion
acmStreamUnprepareHeader

ole32

OleUninitialize
OleSetClipboard
OleInitialize
OleGetClipboard
OleFlushClipboard
ReleaseStgMedium

user32

SetRectEmpty
SetRect
DestroyWindow
EnableWindow
DialogBoxParamW
SetDlgItemInt
CheckDlgButton
GetDlgItem
GetDlgItemInt
IsDlgButtonChecked
IsRectEmpty
SendDlgItemMessageW
SetDlgItemTextW
MessageBeep
EndDialog
SendMessageW
MessageBoxW
ReleaseDC
TranslateMessage
PeekMessageW
GetDC
DispatchMessageW

winmm

mmioRead
mmioClose
mmioWrite
mmioSeek
mmioOpenW

Exports

Exports

AVIBuildFilter
AVIBuildFilterA
AVIBuildFilterW
AVIClearClipboard
AVIFileAddRef
AVIFileCreateStream
AVIFileCreateStreamA
AVIFileCreateStreamW
AVIFileEndRecord
AVIFileExit
AVIFileGetStream
AVIFileInfo
AVIFileInfoA
AVIFileInfoW
AVIFileInit
AVIFileOpen
AVIFileOpenA
AVIFileOpenW
AVIFileReadData
AVIFileRelease
AVIFileWriteData
AVIGetFromClipboard
AVIMakeCompressedStream
AVIMakeFileFromStreams
AVIMakeStreamFromClipboard
AVIPutFileOnClipboard
AVISave
AVISaveA
AVISaveOptions
AVISaveOptionsFree
AVISaveV
AVISaveVA
AVISaveVW
AVISaveW
AVIStreamAddRef
AVIStreamBeginStreaming
AVIStreamCreate
AVIStreamEndStreaming
AVIStreamFindSample
AVIStreamGetFrame
AVIStreamGetFrameClose
AVIStreamGetFrameOpen
AVIStreamInfo
AVIStreamInfoA
AVIStreamInfoW
AVIStreamLength
AVIStreamOpenFromFile
AVIStreamOpenFromFileA
AVIStreamOpenFromFileW
AVIStreamRead
AVIStreamReadData
AVIStreamReadFormat
AVIStreamRelease
AVIStreamSampleToTime
AVIStreamSetFormat
AVIStreamStart
AVIStreamTimeToSample
AVIStreamWrite
AVIStreamWriteData
CreateEditableStream
DllCanUnloadNow
DllGetClassObject
EditStreamClone
EditStreamCopy
EditStreamCut
EditStreamPaste
EditStreamSetInfo
EditStreamSetInfoA
EditStreamSetInfoW
EditStreamSetName
EditStreamSetNameA
EditStreamSetNameW
IID_IAVIEditStream
IID_IAVIFile
IID_IAVIStream
IID_IGetFrame

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
avrt.dll
.dll windows:10 windows x64 arch:x64

9559d57c55d442418a908480f763176b

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d7:f7:82:3b:3e:75:3f:97:79:5e:7f:60:f9:97:54:42:61:5a:2b:b5:95:4d:83:9b:92:93:b4:15:e8:35:59:66
Signer

Actual PE Digest

d7:f7:82:3b:3e:75:3f:97:79:5e:7f:60:f9:97:54:42:61:5a:2b:b5:95:4d:83:9b:92:93:b4:15:e8:35:59:66

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

avrt.pdb

Imports

ntdll

RtlUnhandledExceptionFilter
NtDeviceIoControlFile
RtlNtStatusToDosError
LdrDisableThreadCalloutsForDll
RtlVirtualUnwind
NtTerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlMultiByteToUnicodeN
NtClose
NtSetInformationThread
NtCreateFile
memset

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-service-management-l1-1-0

StartServiceW
CloseServiceHandle
OpenServiceW
OpenSCManagerW

Exports

Exports

AvCreateTaskIndex
AvQuerySystemResponsiveness
AvQueryTaskIndexValue
AvRevertMmThreadCharacteristics
AvRtCreateThreadOrderingGroup
AvRtCreateThreadOrderingGroupExA
AvRtCreateThreadOrderingGroupExW
AvRtDeleteThreadOrderingGroup
AvRtJoinThreadOrderingGroup
AvRtLeaveThreadOrderingGroup
AvRtWaitOnThreadOrderingGroup
AvSetMmMaxThreadCharacteristicsA
AvSetMmMaxThreadCharacteristicsW
AvSetMmThreadCharacteristicsA
AvSetMmThreadCharacteristicsW
AvSetMmThreadPriority
AvSetMultimediaMode
AvTaskIndexYield
AvTaskIndexYieldCancel
AvThreadOpenTaskIndex

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
azroles.dll
.dll regsvr32 windows:10 windows x64 arch:x64

3286800f968191097d7ed93c037813d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

azroles.pdb

Imports

msvcrt

_unlock
_lock
realloc
_errno
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
_wtoi64
wcstol
iswxdigit
towlower
wcsstr
_wcsupr
bsearch
qsort
_wcsnicmp
_wtol
wcsncmp
iswspace
wcspbrk
wcschr
strrchr
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf
_purecall
wcscat_s
wcscpy_s
memcpy_s
free
malloc
wcsncpy_s
__C_specific_handler
_wcsicmp
wcsrchr
_vsnwprintf
__dllonexit
_onexit
memmove
memcpy
memcmp
wcscmp
memset
swscanf
srand
__CxxFrameHandler4

ntdll

RtlCopySid
RtlLengthSid
RtlNtStatusToDosError
NtAllocateLocallyUniqueId
RtlDeleteResource
RtlInitializeResource
RtlAcquireResourceExclusive
RtlReleaseResource
RtlAcquireResourceShared
RtlIdentifierAuthoritySid
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlValidSecurityDescriptor
RtlValidSid
RtlNumberGenericTableElementsAvl
RtlEnumerateGenericTableAvl
NtClose
RtlFreeHeap
NtCreateFile
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
RtlLookupElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlEqualSid
RtlInitString
RtlImageNtHeader
RtlDeleteCriticalSection
RtlEnterCriticalSection
RtlConvertExclusiveToShared
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlConvertSharedToExclusive
RtlInitializeGenericTableAvl

user32

UnregisterClassA
CharUpperW
CharNextW

kernel32

ResolveDelayLoadedAPI
SetThreadStackGuarantee
LoadLibraryW
GetSystemInfo
DelayLoadFailureHook
VirtualQuery
VirtualProtect
VirtualAlloc
OutputDebugStringA
GetTickCount
GetCurrentThreadId
QueryPerformanceCounter
CreateFileW
GetLastError
CloseHandle
MultiByteToWideChar
FindResourceW
SizeofResource
LoadResource
LockResource
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
LeaveCriticalSection
RaiseException
EnterCriticalSection
FindResourceExW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
WideCharToMultiByte
LocalAlloc
LocalFree
GetEnvironmentVariableW
CreateDirectoryW
GetCurrentProcessId
WriteFile
GetLocalTime
GetVersionExW
CreateTimerQueue
DeleteTimerQueueEx
CreateTimerQueueTimer
DeleteTimerQueueTimer
GetCurrentThread
GetCurrentProcess
GetComputerNameW
GetSystemTimeAsFileTime
GetFileAttributesW
GetVolumeInformationW
GetFileAttributesExW
CompareFileTime
DeleteFileW
GetFullPathNameW
TerminateProcess
SetLastError
CompareStringW
FormatMessageW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CLSIDFromString
CoInitializeEx
CoUninitialize
CLSIDFromProgID
StringFromCLSID
CoCreateInstance

oleaut32

LoadRegTypeLi
SysAllocString
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
VariantInit
SafeArrayCreate
VariantClear
SafeArrayPutElement
SysStringLen
VariantCopy
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
VarCmp
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocStringLen
SafeArrayGetDim
RegisterTypeLi
VarUI4FromStr
SysFreeString
LoadTypeLi
SafeArrayGetVartype
VariantChangeType

advapi32

CreateWellKnownSid
LsaNtStatusToWinError
LsaQueryInformationPolicy
LsaFreeMemory
LsaClose
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
PerfCreateInstance
PerfSetCounterRefValue
PerfSetCounterSetInfo
PerfStartProvider
PerfStopProvider
RegDeleteValueW
LookupAccountNameW
LookupAccountSidW
ConvertSidToStringSidW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptReleaseContext
MakeSelfRelativeSD
AdjustTokenPrivileges
SetSecurityDescriptorSacl
AddAuditAccessAceEx
AddAccessAllowedObjectAce
AddAccessAllowedAceEx
IsValidSid
GetAce
GetAclInformation
GetSecurityDescriptorLength
SetNamedSecurityInfoW
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetNamedSecurityInfoW
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
CopySid
DuplicateTokenEx
OpenProcessToken
EqualDomainSid
SetThreadToken
OpenThreadToken
GetTokenInformation
GetLengthSid
RegQueryValueExW
ConvertStringSidToSidW
LsaOpenPolicy

authz

AuthziInitializeAuditEventType
AuthziAllocateAuditParams
AuthziInitializeAuditParamsWithRM
AuthziInitializeAuditEvent
AuthziLogAuditEvent
AuthzFreeAuditEvent
AuthziFreeAuditParams
AuthzAccessCheck
AuthzInitializeContextFromSid
AuthzInitializeContextFromToken
AuthzAddSidsToContext
AuthzGetInformationFromContext
AuthzFreeContext
AuthziFreeAuditEventType
AuthzFreeResourceManager
AuthzInitializeResourceManager

rpcrt4

RpcStringFreeA
UuidCreate
RpcStringFreeW
UuidToStringW
UuidToStringA
UuidFromStringW

dsparse

DsQuoteRdnValueW

ntdsapi

DsBindW
DsCrackNamesW
DsUnBindW
DsFreeNameResultW

odbc32

ord111
ord13
ord26
ord132
ord9
ord141
ord139
ord107
ord31
ord77
ord43
ord29
ord145
ord136
ord72
ord4
ord176

Exports

Exports

AzAddPropertyItem
AzApplicationClose
AzApplicationCreate
AzApplicationDelete
AzApplicationEnum
AzApplicationOpen
AzAuthorizationStoreDelete
AzCloseHandle
AzContextAccessCheck
AzContextGetAssignedScopesPage
AzContextGetRoles
AzFreeMemory
AzGetProperty
AzGroupCreate
AzGroupDelete
AzGroupEnum
AzGroupOpen
AzInitialize
AzInitializeContextFromName
AzInitializeContextFromToken
AzOperationCreate
AzOperationDelete
AzOperationEnum
AzOperationOpen
AzRemovePropertyItem
AzRoleCreate
AzRoleDelete
AzRoleEnum
AzRoleOpen
AzScopeCreate
AzScopeDelete
AzScopeEnum
AzScopeOpen
AzSetProperty
AzSubmit
AzTaskCreate
AzTaskDelete
AzTaskEnum
AzTaskOpen
AzUpdateCache
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 412KB - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
azroleui.dll
.dll regsvr32 windows:10 windows x64 arch:x64

464d4924cd62b4615c7f0073a773ff15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

azroleui.pdb

Imports

mfc42u

ord4770
ord4983
ord5711
ord5730
ord4368
ord5722
ord3468
ord2412
ord6660
ord3396
ord3001
ord912
ord2593
ord6440
ord1778
ord4747
ord5712
ord3806
ord665
ord1287
ord559
ord1003
ord4699
ord2532
ord4722
ord6614
ord2661
ord4127
ord3177
ord620
ord6351
ord1122
ord4602
ord4521
ord1262
ord4214
ord2752
ord659
ord1063
ord1426
ord3916
ord3534
ord6053
ord5065
ord5724
ord5615
ord1388
ord4191
ord6071
ord2515
ord2559
ord4836
ord6813
ord5229
ord4567
ord4609
ord3319
ord6632
ord1677
ord2676
ord1574
ord286
ord2801
ord6021
ord4826
ord3174
ord371
ord877
ord5986
ord3222
ord3780
ord367
ord5602
ord3440
ord5807
ord4623
ord625
ord4262
ord6395
ord6393
ord1259
ord1264
ord6050
ord6704
ord6707
ord3417
ord1286
ord4601
ord2411
ord2781
ord2783
ord3774
ord4599
ord4014
ord4436
ord6184
ord2459
ord2049
ord1082
ord288
ord812
ord1544
ord1586
ord1555
ord1583
ord1585
ord355
ord1477
ord1553
ord1416
ord1491
ord1577
ord3761
ord5702
ord5245
ord4721
ord852
ord337
ord4557
ord6418
ord4131
ord5227
ord2408
ord2906
ord6691
ord2903
ord1650
ord1441
ord2449
ord3820
ord2595
ord4544
ord4860
ord2393
ord3868
ord4771
ord4988
ord4371
ord3164
ord4077
ord4083
ord4082
ord3046
ord3166
ord3052
ord3366
ord3231
ord4815
ord3362
ord3243
ord3049
ord5699
ord2140
ord2457
ord5683
ord1736
ord5484
ord3933
ord6814
ord2060
ord2670
ord4789
ord4017
ord5709
ord4694
ord6812
ord5586
ord2399
ord5663
ord4752
ord1777
ord4365
ord6437
ord2517
ord5077
ord5406
ord5246
ord5687
ord5352
ord5382
ord5114
ord5304
ord5583
ord5585
ord5584
ord999
ord549
ord4582
ord1365
ord1499
ord624
ord1284
ord5887
ord2975
ord2629
ord6886
ord6832
ord5815
ord6821
ord5804
ord2121
ord3830
ord2876
ord1126
ord2273
ord2846
ord1463
ord4473
ord287
ord1040
ord626
ord867
ord6887

msvcrt

__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_onexit
__CxxFrameHandler3
wcstoul
iswdigit
iswprint
_wtoi64
_ltow
_wcsicmp
_itow
_wtol
_wcsicoll
realloc
free
memset
malloc
_purecall
__RTDynamicCast
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler4
_wcsnicmp
wcscmp

atl

ord43
ord22
ord18
ord15
ord32
ord44
ord21
ord45
ord16

ntdll

RtlFreeUnicodeString
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCreateUnicodeString

kernel32

FindActCtxSectionStringW
LoadLibraryW
ActivateActCtx
LoadLibraryExW
DeactivateActCtx
SetLastError
GetProcAddress
GetLastError
GetModuleFileNameW
GetCurrentThreadId
DeleteCriticalSection
LoadLibraryExA
EncodePointer
HeapAlloc
CreateActCtxW
GetProcessHeap
GetModuleHandleExW
QueryActCtxW
OutputDebugStringA
GetModuleHandleW
CloseHandle
CreateEventW
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
SetEvent
GlobalFree
GetSystemWindowsDirectoryW
InitializeCriticalSection
ResetEvent
GetTickCount
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
Sleep
LocalFree
LocalAlloc
FindFirstFileW
FindClose
MultiByteToWideChar
GetVersionExW
FormatMessageW
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
ReleaseActCtx
CompareStringW
GetCommandLineW
ExpandEnvironmentStringsW
GetFullPathNameW
HeapFree
VirtualFree
DecodePointer
VirtualAlloc
GetCurrentProcess

user32

SendMessageW
SetForegroundWindow
GetWindowTextW
EnumWindows
GetDlgItem
EnableWindow
GetWindowLongW
SetWindowLongW
SetWindowTextW
MsgWaitForMultipleObjects
GetDlgCtrlID
CallWindowProcW
GetSubMenu
ScreenToClient
ChildWindowFromPointEx
RegisterClipboardFormatW
LoadStringW
DestroyWindow
CreateWindowExW
GetSysColor
DispatchMessageW
SetFocus
GetClientRect
MapWindowPoints
GetFocus
MessageBoxW
MessageBeep
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
FindWindowExW
GetWindowThreadProcessId
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
DefWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
PostMessageW
LoadBitmapW
LoadImageW
LoadIconW
GetParent
KillTimer
PeekMessageW
SetTimer
PostThreadMessageW
GetSysColorBrush
LoadMenuW

oleaut32

VariantClear
SafeArrayGetVartype
SafeArrayGetDim
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocStringLen
SafeArrayGetElement
SafeArrayGetUBound
VariantInit
VariantChangeType
SysAllocString
SysStringLen
SafeArrayGetLBound
SysFreeString

ole32

CoTaskMemFree
CoInitialize
CreateStreamOnHGlobal
StringFromCLSID
CoCreateInstance
ReleaseStgMedium
CoTaskMemAlloc
CoUninitialize
StringFromGUID2

advapi32

RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
GetLengthSid
RegQueryValueExW
LsaOpenPolicy
ConvertSidToStringSidW
LsaClose
LsaFreeMemory
EqualPrefixSid
LsaLookupSids
ConvertStringSidToSidW
CopySid
RegCloseKey

shlwapi

PathStripPathW
PathFindFileNameW
PathRemoveFileSpecW
PathAddBackslashW

secur32

TranslateNameW

shell32

SHGetPathFromIDListW
ord259
ord258
SHGetFolderLocation
SHBrowseForFolderW
SHGetMalloc
CommandLineToArgvW

netutils

NetApiBufferFree

dsrole

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

logoncli

DsGetDcNameW

gdi32

DeleteObject
GetObjectW

dsuiext

ord10

ntdsapi

DsFreeNameResultW
DsCrackNamesW

activeds

ord9
ord13

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 228KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
basecsp.dll
.dll regsvr32 windows:10 windows x64 arch:x64

6bf1e93819d2b24c202845b3ae178337

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ee:fd:58:95:13:4d:96:99:1e:b1:60:70:9b:e9:d0:2b:0c:4c:78:bc:98:9b:fc:29:7c:09:a7:ee:f6:b9:3a:c1
Signer

Actual PE Digest

ee:fd:58:95:13:4d:96:99:1e:b1:60:70:9b:e9:d0:2b:0c:4c:78:bc:98:9b:fc:29:7c:09:a7:ee:f6:b9:3a:c1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

basecsp.pdb

Imports

msvcrt

__dllonexit
_unlock
??1type_info@@UEAA@XZ
strcmp
__CxxFrameHandler4
_onexit
?terminate@@YAXXZ
_initterm
malloc
free
_amsg_exit
memset
memcpy
memcmp
_CxxThrowException
_XcptFilter
wcsncmp
memmove_s
wcschr
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
_vsnprintf
wcsnlen
time
memcpy_s
_vsnwprintf
__C_specific_handler
_lock
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
LoadStringW
LoadLibraryExA
DisableThreadLibraryCalls
GetModuleFileNameA

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegSetValueExA

api-ms-win-core-synch-l1-1-0

CreateEventW
AcquireSRWLockShared
DeleteCriticalSection
CreateSemaphoreExW
EnterCriticalSection
ReleaseSemaphore
ReleaseSRWLockShared
LeaveCriticalSection
OpenSemaphoreW
SetEvent
CreateMutexExW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
OpenEventW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
TraceMessage
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolCleanupGroup
WaitForThreadpoolTimerCallbacks
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
IsThreadpoolTimerSet

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentProcessId
TerminateProcess
OpenProcessToken
GetCurrentProcess
GetCurrentThreadId
OpenThreadToken

api-ms-win-core-localization-l1-2-0

GetSystemDefaultLCID
LocaleNameToLCID
GetThreadLocale
FormatMessageW
GetUserDefaultLCID

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

rpcrt4

NdrClientCall3
RpcStringFreeW
UuidToStringW
I_RpcExceptionFilter
UuidCreate

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-security-base-l1-1-0

GetTokenInformation

bcrypt

BCryptHashData
BCryptDestroyHash
BCryptFinishHash
BCryptCreateHash

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrlenA

ntdll

RtlImageNtHeader
EtwTraceMessage
RtlNtStatusToDosError
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlFreeAnsiString
RtlInitAnsiString

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CPAcquireContext
CPAcquireContextW
CPCreateHash
CPDecrypt
CPDeriveKey
CPDestroyHash
CPDestroyKey
CPDuplicateHash
CPDuplicateKey
CPEncrypt
CPExportKey
CPGenKey
CPGenRandom
CPGetHashParam
CPGetKeyParam
CPGetProvParam
CPGetUserKey
CPHashData
CPHashSessionKey
CPImportKey
CPReleaseContext
CPSetHashParam
CPSetKeyParam
CPSetProvParam
CPSignHash
CPVerifySignature
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
basesrv.dll
.dll windows:10 windows x64 arch:x64

57bc05d3e17857558dee5d41ff63ffd8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

basesrv.pdb

Imports

ntdll

swprintf_s
_vsnwprintf
RtlAllocateHeap
NtQuerySystemInformation
RtlQueryRegistryValuesEx
wcsncpy_s
RtlInitUnicodeStringEx
NtOpenKey
NtQueryValueKey
_wcsicmp
NtClose
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetSaclSecurityDescriptor
NtCreateDirectoryObject
NtSetInformationObject
NtCreateSymbolicLinkObject
NtQueryInformationProcess
RtlInitializeCriticalSectionAndSpinCount
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
NtCreateFile
RtlFreeHeap
RtlDeleteCriticalSection
RtlEnterCriticalSection
RtlUpcaseUnicodeChar
_snwprintf_s
NtOpenSymbolicLinkObject
wcsnlen
NtQuerySymbolicLinkObject
NtMakeTemporaryObject
_wcsnicmp
RtlAllocateAndInitializeSid
RtlFreeSid
RtlCreateAcl
RtlAddAccessAllowedAce
NtMakePermanentObject
RtlCopyLuid
RtlLeaveCriticalSection
RtlLengthSid
RtlAddAccessAllowedAceEx
RtlAddMandatoryAce
RtlAcquireSRWLockExclusive
LdrGetDllHandle
RtlInitString
LdrGetProcedureAddress
RtlReleaseSRWLockExclusive
wcscpy_s
RtlPrefixUnicodeString
NtQueryInformationToken
RtlCreateUserThread
RtlExitUserThread
LdrLoadDll
LdrUnloadDll
NtOpenProcessToken
NtDuplicateToken
NtSetInformationThread
NtSetInformationProcess
NtOpenProcess
NtOpenThread
NtDuplicateObject
RtlCopyUnicodeString
NtSetEvent
RtlCompareUnicodeString
RtlCreateProcessParametersEx
NtCreateUserProcess
RtlDestroyProcessParameters
RtlAppendStringToString
NtResumeThread
NtWaitForSingleObject
RtlInitAnsiString
RtlAnsiStringToUnicodeString
NtResetEvent
NtCompareTokens
NtOpenThreadToken
NtCreateEvent
DbgPrint
RtlEqualSid
NtVdmControl
NtCreateKey
NtNotifyChangeKey
RtlCopySid
NtEnumerateKey
RtlEqualUnicodeString
NtEnumerateValueKey
RtlLockHeap
RtlUnlockHeap
RtlInitializeSidEx
RtlCheckTokenMembershipEx
LdrDisableThreadCalloutsForDll
NtTerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
memmove
wcscat_s
RtlCreateUnicodeString
RtlExpandEnvironmentStrings_U
RtlInitializeCriticalSection
RtlCreateTagHeap
RtlGetCurrentServiceSessionId
RtlInitUnicodeString
RtlGetAce
NtQueryObject
__C_specific_handler
RtlSubAuthoritySid
RtlConvertSidToUnicodeString
RtlFreeUnicodeString
RtlGetPersistedStateLocation
RtlSubAuthorityCountSid
ZwQueryInformationToken
RtlIsMultiUsersInSessionSku
RtlIsMultiSessionSku
ZwQueryValueKey
RtlOpenCurrentUser
ZwClose
ZwOpenKey
NtQueryMultipleValueKey
memcpy
memset

csrsrv

CsrUnlockThread
CsrLockThreadByClientId
CsrUnlockProcess
CsrCreateThread
CsrLockProcessByClientId
CsrCreateProcess
CsrIsClientSandboxed
CsrRevertToSelf
CsrImpersonateClient
CsrValidateMessageBuffer

Exports

Exports

BaseGetProcessCrtlRoutine
BaseSetProcessCreateNotify
BaseSrvNlsLogon
BaseSrvNlsUpdateRegistryCache
BaseSrvRegisterSxS
ServerDllInitialization

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
batmeter.dll
.dll windows:10 windows x64 arch:x64

85e1a605d44012634df516a5f55e589e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

batmeter.pdb

Imports

msvcrt

_onexit
__dllonexit
memcmp
??3@YAXPEAX@Z
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_purecall
qsort
memmove_s
_vsnwprintf
memcpy_s
_unlock
memset

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW
LoadLibraryExW
LoadStringW
GetModuleFileNameW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
ReleaseMutex
OpenSemaphoreW
CreateEventW
ReleaseSemaphore
LeaveCriticalSection
WaitForSingleObjectEx
ReleaseSRWLockShared
InitializeCriticalSection
SetEvent
CreateMutexExW
ResetEvent
WaitForSingleObject
AcquireSRWLockExclusive
DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
AcquireSRWLockShared
CreateSemaphoreExW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-power-base-l1-1-0

GetPwrCapabilities

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus

api-ms-win-core-sidebyside-l1-1-0

CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

ntdll

EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwTraceMessage
RtlPublishWnfStateData
NtQueryWnfStateData
EtwGetTraceEnableLevel

gdi32

StretchBlt
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteDC
DeleteObject
GetDIBits
SetStretchBltMode

user32

GetSystemMetricsForDpi
GetSystemMetrics
LoadImageW
UnregisterDeviceNotification
GetDC
ReleaseDC
DestroyIcon
RegisterDeviceNotificationW
PostMessageW
SystemParametersInfoW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

BatMeterIconAnimationReset
BatMeterIconThemeReset
BatMeterOnDeviceChange
CleanupBatteryData
CreateBatteryData
GetBatMeterIconAnimationState
GetBatMeterIconAnimationTimeDelay
GetBatMeterIconAnimationUpdate
GetBatteryCapacityInfo
GetBatteryDetails
GetBatteryImmersiveIcon
GetBatteryInfo
GetBatteryStatusText
GetBatteryWorkingState
IsBatteryBad
IsBatteryHealthWarningEnabled
IsBatteryLevelCritical
IsBatteryLevelLow
IsBatteryLevelReserve
PowerCapabilities
QueryBatteryData
SetBatteryHealthWarningState
SetBatteryLevel
SetBatteryWorkingState
SubscribeBatteryUpdateNotification
UnsubscribeBatteryUpdateNotification
UpdateBatteryData
UpdateBatteryDataAsync

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bcastdvr.proxy.dll
.dll regsvr32 windows:10 windows x64 arch:x64

dcb8e8888cb3f6d5dabd70f6f51d684e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bcastdvr.proxy.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
__C_specific_handler
_o___std_type_info_destroy_list

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserUnmarshal64
HSTRING_UserFree
HSTRING_UserSize64
HSTRING_UserFree64
HSTRING_UserMarshal
HSTRING_UserSize
HSTRING_UserMarshal64
HSTRING_UserUnmarshal

rpcrt4

NdrStubForwardingFunction
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrOleFree
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrOleAllocate

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bcastdvruserservice.dll
.dll windows:10 windows x64 arch:x64

40cd1966134cb06042b26f8580efdf9e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bcastdvruserservice.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
_o__wfopen_s
memmove
_o_fclose
_o_fgetws
_o_free
_o_iswupper
_o_malloc
_o_memcpy_s
_o_realloc
_o_terminate
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcstol
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__errno
_o__initialize_narrow_environment
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_name
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcschr
wcsstr
wcsrchr
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsncmp
memset

bcastdvrcommon

?PrintGuid@GameDVRUtility@Internal@Capture@Media@Windows@@YAJU_GUID@@PEAVString@25@@Z
FireCallerManagerEvent
?OutputString@BcastDVR_OutputDebug@@QEAAXXZ
?LogError@BcastDVRLogProviderBase@@SAXJPEBD0H_N@Z
?PrintType@BcastDVR_OutputDebug@@QEAAXPEBDK@Z
?GetGuidStringFromGuid@GameDVRUtility@Internal@Capture@Media@Windows@@YAJAEBU_GUID@@_NPEAVString@25@@Z
??0BcastDVR_OutputDebug@@QEAA@PEBD@Z
?PrintType@BcastDVR_OutputDebug@@QEAAXPEBD0@Z
?Uninitialize@BcastDVR_OutputDebug@@SAXXZ
?GetPlugInPackageFullName@PlugInUtility@Internal@Capture@Media@Windows@@YAJAEBU_GUID@@PEAVString@25@@Z
?PrintType@BcastDVR_OutputDebug@@QEAAXPEBDN@Z
?LogErrorEx@BcastDVRLogProviderBase@@SAXJPEBD0H00_N@Z
?RegGetDwordValue@GameDVRUtility@Internal@Capture@Media@Windows@@YAXPEAUHKEY__@@PEBG1KPEAK@Z
?RegSetDwordValue@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAUHKEY__@@PEBG1K@Z
?RegSetStringValue@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAUHKEY__@@PEBG1PEAVString@25@@Z
GetBroadcastSharedMemoryWriter
?RegSetQwordValue@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAUHKEY__@@PEBG1_K@Z
?RegGetQwordValue@GameDVRUtility@Internal@Capture@Media@Windows@@YAXPEAUHKEY__@@PEBG1_KPEA_K@Z
?PrintType@BcastDVR_OutputDebug@@QEAAXPEBDPEBG@Z
?GetUserGameDVRConfigFolderPath@EnvironmentManager@Internal@Capture@Media@Windows@@YAJPEAVString@25@PEBG@Z
?Initialize@BcastDVR_OutputDebug@@SAXPEBGW4BcastDVR_OutputDebug_TraceToFileType@@0@Z
?GetOSVersionString@GameDVRUtility@Internal@Capture@Media@Windows@@YAXPEAVString@25@@Z
?Printf@BcastDVRLogProviderBase@@SAX_N0PEBD1HPEBGZZ
?RegGetStringValue@GameDVRUtility@Internal@Capture@Media@Windows@@YAXPEAUHKEY__@@PEBG1PEAVString@25@@Z
?GetHKeyCurrentUserForIUser@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAUIUser@System@5@PEAPEAUHKEY__@@@Z
??0ImpersonateHelper@Internal@Capture@Media@Windows@@QEAA@XZ
??1ImpersonateHelper@Internal@Capture@Media@Windows@@QEAA@XZ
?ImpersonateUser@ImpersonateHelper@Internal@Capture@Media@Windows@@QEAAJPEAUIUser@System@5@@Z
?CleanupObsoletePlugIns@PlugInUtility@Internal@Capture@Media@Windows@@YAJPEAUHKEY__@@@Z
?MostRecentErrorInHistory@BcastDVRLogProviderBase@@SAJXZ
?GetBroadcastSebEventIds@PlugInUtility@Internal@Capture@Media@Windows@@YAJPEAKPEAPEAU_GUID@@@Z
?FreeBroadcastSebEventIds@PlugInUtility@Internal@Capture@Media@Windows@@YAXPEAPEAU_GUID@@@Z
?GetDefaultPlugIn@PlugInUtility@Internal@Capture@Media@Windows@@YAJPEAUHKEY__@@PEAU_GUID@@@Z
?SetDefaultPlugIn@PlugInUtility@Internal@Capture@Media@Windows@@YAJPEAUHKEY__@@AEBU_GUID@@@Z
?GetPlugInInfo@PlugInUtility@Internal@Capture@Media@Windows@@YAJPEAUHKEY__@@AEBU_GUID@@PEAVString@25@22@Z
CreateCallerManagerInstance
?CloseDuplicatedHandle@GameDVRUtility@Internal@Capture@Media@Windows@@YAJKPEAX@Z
?GetErrorHistoryCount@BcastDVRLogProviderBase@@SAKXZ
?CloseDuplicatedHandles@GameDVRUtility@Internal@Capture@Media@Windows@@YAJKKQEAPEAX@Z
?AppendPath@EnvironmentManager@Internal@Capture@Media@Windows@@YAJAEBVString@25@0PEAV625@@Z
?PrintType@BcastDVR_OutputDebug@@QEAAXPEBDE@Z
CreateMetadataManagerInstance
?PrintType@BcastDVR_OutputDebug@@QEAAXPEBDH@Z
?GetBroadcastPlugInRegistryPathFromSebEventId@EnvironmentManager@Internal@Capture@Media@Windows@@YAJAEBU_GUID@@PEAVString@25@@Z
?PrintType@BcastDVR_OutputDebug@@QEAAXPEBD_K@Z
ActiveMetadataManagerInstances
?MapConstantToString@GameDVRUtility@Internal@Capture@Media@Windows@@YAPEBGQEAPEBGKKKK@Z
GetPreviewSharedMemoryWriter
?PrintType@BcastDVR_OutputDebug@@QEAAXPEBDI@Z
?PrintHRESULT@BcastDVR_OutputDebug@@QEAAXJ@Z
?PrintType@BcastDVR_OutputDebug@@QEAAXPEBDPEAX@Z
?GetIUserSID@GameDVRUtility@Internal@Capture@Media@Windows@@YAJPEAUIUser@System@5@PEAVString@25@@Z
?GetCallersSebEventId@PlugInUtility@Internal@Capture@Media@Windows@@YAJPEAU_GUID@@@Z
?GetFormattedErrorHistory@BcastDVRLogProviderBase@@SAKPEAVString@Internal@Windows@@@Z
?GetKnownFolderSubFolder@EnvironmentManager@Internal@Capture@Media@Windows@@YAJAEBU_GUID@@PEBGPEAVString@25@@Z

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FreeLibrary
LoadLibraryExW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

CreateEventExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
CreateMutexExW
InitializeSRWLock
DeleteCriticalSection
TryEnterCriticalSection
AcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockExclusive
AcquireSRWLockShared
WaitForSingleObject
CreateSemaphoreExW
InitializeCriticalSectionEx
ReleaseSemaphore
ResetEvent
ReleaseSRWLockShared
CreateEventW
SetEvent
LeaveCriticalSection
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer
WindowsCompareStringOrdinal
WindowsGetStringLen
WindowsConcatString
WindowsCreateString
WindowsDeleteString
WindowsReplaceString
WindowsDuplicateString
WindowsCreateStringReference

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
CreateThread
GetCurrentThreadId
TerminateProcess
GetProcessId
OpenProcessToken
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

PropVariantClear
CoDisconnectContext
CoTaskMemAlloc
CoTaskMemFree
CoReleaseMarshalData
CreateStreamOnHGlobal
CoMarshalInterface
CoWaitForMultipleHandles
CoGetCallContext
CoDecrementMTAUsage
CoCreateGuid
CoCreateFreeThreadedMarshaler
CoReleaseServerProcess
CoResumeClassObjects
CoRegisterClassObject
CoInitializeSecurity
CoCreateInstance
CoAddRefServerProcess
CoRevokeClassObject

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolWork
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CreateThreadpool
CloseThreadpool
SubmitThreadpoolWork
CloseThreadpoolWork

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateErrorW
GetRestrictedErrorInfo
SetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoRevokeActivationFactories
RoGetActivationFactory
RoInitialize
RoRegisterActivationFactories
RoActivateInstance

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-base-l1-1-0

GetTokenInformation
MakeAbsoluteSD
DuplicateTokenEx

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GlobalMemoryStatusEx
GetSystemTime
GetSystemTimeAsFileTime
GetLocalTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

mfplat

MFTEnumEx
MFCreateDXGISurfaceBuffer
MFCreateDXGIDeviceManager
MFShutdown
MFCreateSample
MFCreateMemoryBuffer
MFStartup
MFCreateAttributes
MFCreateFile
MFCreateMediaType
MFCreateAlignedMemoryBuffer

api-ms-win-shcore-scaling-l1-1-1

SetProcessDpiAwareness

dwmapi

ord158
ord157
ord173
ord176
ord175

dcomp

ord2002
ord1060
DCompositionCreateDevice2
ord2000

api-ms-win-appmodel-runtime-l1-1-1

GetApplicationUserModelIdFromToken
ParseApplicationUserModelId
GetPackageFullNameFromToken
FindPackagesByPackageFamily

policymanager

PolicyManager_GetPolicyInt

systemeventsbrokerclient

SebEnumerateEventsByType
SebSignalEvent

audioses

ord1
ord3
ord2

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenCurrentUser
RegCloseKey

api-ms-win-rtcore-ntuser-window-l1-1-0

IsWindowVisible
GetWindowTextW
GetForegroundWindow
SendMessageW
GetPropW
EnumWindows
GetAncestor
GetWindowRect
GetWindowLongW
GetWindowThreadProcessId
GetClientRect
ScreenToClient
DispatchMessageW
TranslateMessage
PeekMessageW
GetDesktopWindow

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

ntdll

RtlQueryPackageClaims
RtlUpcaseUnicodeChar
RtlPublishWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
ZwQuerySystemInformation
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
ZwClose
ZwOpenKey
RtlFreeHeap
RtlInitUnicodeString
ZwEnumerateKey
RtlGetNativeSystemInformation
RtlReAllocateHeap
NtQueryInformationProcess
RtlAllocateHeap
RtlInitUnicodeStringEx
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
NtQueryInformationToken
ZwQueryValueKey

api-ms-win-core-kernel32-legacy-l1-1-0

PulseEvent
RegisterWaitForSingleObject

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem
UnregisterWaitEx

api-ms-win-core-file-l1-1-0

CreateFileW
DeleteFileW
CreateDirectoryW
WriteFile
FindFirstFileW
FindClose
ReadFile
GetFileAttributesW
GetFileSizeEx
GetTempFileNameW
GetDiskFreeSpaceExW
FindNextFileW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-core-com-l1-1-1

RoGetAgileReference

rpcrt4

UuidCreate
RpcRevertToSelf
RpcImpersonateClient

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW
WaitForMultipleObjects

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

oleaut32

VariantInit

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOverStream

dxgi

CreateDXGIFactory2
CreateDXGIFactory1

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-ntuser-rectangle-l1-1-0

IntersectRect
PtInRect

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

api-ms-win-security-cryptoapi-l1-1-0

CryptAcquireContextW
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptCreateHash
CryptReleaseContext

d3d11

D3D11CreateDevice

api-ms-win-core-datetime-l1-1-1

GetTimeFormatEx
GetDateFormatEx

bcrypt

BCryptFinishHash
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptHashData
BCryptCreateHash
BCryptOpenAlgorithmProvider
BCryptGetProperty

mfreadwrite

MFCreateSinkWriterFromURL
MFCreateSinkWriterFromMediaSink
MFCreateSourceReaderFromMediaSource

api-ms-win-core-memory-l1-1-0

ReadProcessMemory

crypt32

CryptBinaryToStringW

api-ms-win-core-path-l1-1-0

PathCchCombine

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-file-l2-1-2

CopyFileW

combase

ord69
ord66
ord68
ord67

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-math-l1-1-0

_finite

aepic

PicRetrieveFileInfo
PicFreeFileInfo

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

gdi32

GetDIBits
DeleteObject
CreateCompatibleDC
DeleteDC

shell32

ShellExecuteW
ShellExecuteExW

user32

GetClassLongPtrW
GetCursorInfo
MonitorFromWindow
GetIconInfo
DestroyIcon

setupapi

SetupDiGetDevicePropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

Exports

Exports

ServiceMain

Sections

.text
Size: 1016KB - Virtual size: 1012KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 416KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bcd.dll
.dll windows:10 windows x64 arch:x64

f188e4ccfee8ca9bc58f1ad2f6535a7b

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

86:e3:20:6d:37:8d:67:b0:3d:0d:5a:c5:dd:00:ac:61:32:b1:9c:bc:1f:2a:23:e7:35:64:46:be:c6:c4:ba:e5
Signer

Actual PE Digest

86:e3:20:6d:37:8d:67:b0:3d:0d:5a:c5:dd:00:ac:61:32:b1:9c:bc:1f:2a:23:e7:35:64:46:be:c6:c4:ba:e5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bcd.pdb

Imports

ntdll

RtlGUIDFromString
RtlAllocateHeap
RtlAppendUnicodeToString
_ultow_s
RtlFreeUnicodeString
RtlInitUnicodeString
wcstoul
RtlStringFromGUID
RtlFreeHeap
ZwQueryAttributesFile
_vsnwprintf
ZwQuerySymbolicLinkObject
ZwDeviceIoControlFile
_wcsicmp
ZwQueryDirectoryObject
ZwOpenSymbolicLinkObject
wcscpy_s
strcpy_s
ZwOpenDirectoryObject
swprintf_s
wcschr
ZwOpenFile
_wcsnicmp
ZwClose
wcsrchr
ZwQuerySystemInformation
_vsnwprintf_s
ZwWaitForSingleObject
ZwQueryKey
wcscat_s
ZwReleaseMutant
ZwOpenMutant
LdrGetProcedureAddress
ZwQueryVolumeInformationFile
ZwCreateFile
LdrGetDllHandle
ZwQueryInformationProcess
RtlInitAnsiString
wcsstr
ZwDeleteFile
ZwQueryInformationFile
ZwOpenProcess
wcsnlen
_wcsupr
strncmp
RtlCompareMemory
wcsncpy_s
ZwAllocateUuids
__C_specific_handler
RtlLengthSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetDaclSecurityDescriptor
ZwCreateKey
ZwLoadKey
RtlAddAccessAllowedAceEx
RtlAllocateAndInitializeSid
RtlLengthSid
ZwFlushKey
ZwDeleteValueKey
ZwSaveKey
RtlFreeSid
ZwDeleteKey
ZwEnumerateKey
ZwQueryValueKey
RtlCreateAcl
ZwSetSecurityObject
ZwUnloadKey
RtlCreateSecurityDescriptor
ZwSetValueKey
ZwOpenKey
LdrDisableThreadCalloutsForDll
NtTerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
memmove
NtQuerySystemInformation
NtAdjustPrivilegesToken
NtOpenProcessTokenEx
NtSetInformationThread
NtOpenThreadTokenEx
NtClose
NtPrivilegeCheck
RtlImpersonateSelf
NtOpenSymbolicLinkObject
NtOpenKey
NtQuerySymbolicLinkObject
_snwscanf_s
_wcslwr
NtDeviceIoControlFile
NtSetValueKey
NtOpenFile
NtQueryValueKey
NtDeleteKey
NtQueryBootEntryOrder
NtQueryBootOptions
NtSetSecurityObject
NtTranslateFilePath
NtOpenDirectoryObject
NtQueryDirectoryObject
NtEnumerateBootEntries
NtCreateKey
memcmp
memcpy
memset

Exports

Exports

BcdCloseObject
BcdCloseStore
BcdCopyObject
BcdCopyObjectEx
BcdCopyObjects
BcdCreateObject
BcdCreateStore
BcdDeleteElement
BcdDeleteObject
BcdDeleteObjectReferences
BcdDeleteSystemStore
BcdEnumerateAndUnpackElements
BcdEnumerateElementTypes
BcdEnumerateElements
BcdEnumerateElementsWithFlags
BcdEnumerateObjects
BcdExportStore
BcdExportStoreEx
BcdFlushStore
BcdForciblyUnloadStore
BcdGetElementData
BcdGetElementDataWithFlags
BcdGetSystemStorePath
BcdImportStore
BcdImportStoreWithFlags
BcdMarkAsSystemStore
BcdMigrateObjectElementValues
BcdOpenObject
BcdOpenStore
BcdOpenStoreFromFile
BcdOpenSystemStore
BcdQueryObject
BcdSetElementData
BcdSetElementDataWithFlags
BcdSetLogging
BcdSetSystemStoreDevice
GUID_BAD_MEMORY_GROUP
GUID_BOOT_LOADER_SETTINGS_GROUP
GUID_CURRENT_BOOT_ENTRY
GUID_DEBUGGER_SETTINGS_GROUP
GUID_DEFAULT_BOOT_ENTRY
GUID_EMS_SETTINGS_GROUP
GUID_FIRMWARE_BOOTMGR
GUID_GLOBAL_SETTINGS_GROUP
GUID_HYPERVISOR_SETTINGS_GROUP
GUID_KERNEL_DEBUGGER_SETTINGS_GROUP
GUID_RESUME_LOADER_SETTINGS_GROUP
GUID_WINDOWS_BOOTMGR
GUID_WINDOWS_LEGACY_NTLDR
GUID_WINDOWS_MEMORY_TESTER
GUID_WINDOWS_OS_TARGET_TEMPLATE_EFI
GUID_WINDOWS_OS_TARGET_TEMPLATE_PCAT
GUID_WINDOWS_RESUME_TARGET_TEMPLATE_EFI
GUID_WINDOWS_RESUME_TARGET_TEMPLATE_PCAT
GUID_WINDOWS_SETUP_EFI
GUID_WINDOWS_SETUP_PCAT
GUID_WINDOWS_SETUP_RAMDISK_OPTIONS
PARTITION_BASIC_DATA_GUID
PARTITION_CLUSTER_GUID
PARTITION_ENTRY_UNUSED_GUID
PARTITION_LDM_DATA_GUID
PARTITION_LDM_METADATA_GUID
PARTITION_MSFT_RECOVERY_GUID
PARTITION_MSFT_RESERVED_GUID
PARTITION_MSFT_SNAPSHOT_GUID
PARTITION_SPACES_GUID
PARTITION_SYSTEM_GUID
SyspartDirectGetSystemDisk
SyspartDirectGetSystemPartition
SyspartDirectSetSystemDevice
SyspartGetPhysicalPartitions
SyspartGetSystemDisk
SyspartGetSystemPartition
SyspartIsSpace

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bcdprov.dll
.dll regsvr32 windows:10 windows x64 arch:x64

ede7e008c69cbd24d00cf35a06dfdb98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bcdprov.pdb

Imports

msvcrt

_purecall
_ui64tow_s
_wtoi64
free
malloc
__CxxFrameHandler4
_callnewh
_XcptFilter
_amsg_exit
_initterm
__C_specific_handler
_wcsicmp
memcpy
wcscpy_s
memset

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameW

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegCloseKey
RegSetValueExW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

QueryDosDeviceW

oleaut32

SafeArrayAccessData
SysStringLen
SafeArrayGetDim
SysAllocString
SysFreeString
VariantInit
SafeArrayUnaccessData
SafeArrayCreate
VariantClear

api-ms-win-core-com-l1-1-0

CoRevertToSelf
CoImpersonateClient
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

Exports

Exports

DllGetClassObject
DllMain
DllRegisterServer

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bcdsrv.dll
.dll regsvr32 windows:10 windows x64 arch:x64

017d3e55bba2e24f2eeaae2b00f0a28c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bcdsrv.pdb

Imports

msvcrt

wcscpy_s
_ui64tow_s
__CxxFrameHandler4
_purecall
wcsstr
_wtoi64
malloc
_callnewh
free
_XcptFilter
_amsg_exit
_initterm
__C_specific_handler
memcpy
memset

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
DisableThreadLibraryCalls

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegCreateKeyExW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

oleaut32

LoadTypeLi
RegisterTypeLi

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

ntdll

RtlAllocateHeap
RtlInitUnicodeString
RtlFreeHeap
RtlStringFromGUID
RtlDosPathNameToNtPathName_U
RtlGUIDFromString

bcd

BcdSetElementData
BcdCloseObject
BcdCreateObject
BcdEnumerateElementTypes
BcdOpenObject
BcdDeleteObject
BcdSetElementDataWithFlags
BcdExportStore
BcdSetSystemStoreDevice
BcdDeleteElement
BcdGetElementData
BcdImportStoreWithFlags
BcdGetElementDataWithFlags
BcdQueryObject
BcdCopyObject
SyspartGetSystemPartition
SyspartGetSystemDisk
BcdDeleteSystemStore
BcdEnumerateElements
BcdEnumerateObjects
BcdOpenSystemStore
BcdOpenStoreFromFile
BcdCopyObjects
BcdCreateStore
BcdCloseStore

Exports

Exports

DllGetClassObject
DllMain
DllRegisterServer

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bcrypt.dll
.dll windows:10 windows x64 arch:x64

aba42e023794a1a4c0a6e7d0d04ae277

Code Sign

33:00:00:04:0a:87:d0:ea:67:86:e3:6b:07:00:00:00:00:04:0a
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/01/2023, 19:22

Not After

15/12/2023, 19:22

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:30:7d:25:01:24:91:41:0a:3f:9f:d5:85:07:04:69:e0:74:a3:4b:22:73:45:31:6e:6a:29:a8:c2:bb:3f:4b
Signer

Actual PE Digest

39:30:7d:25:01:24:91:41:0a:3f:9f:d5:85:07:04:69:e0:74:a3:4b:22:73:45:31:6e:6a:29:a8:c2:bb:3f:4b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bcrypt.pdb

Imports

ntdll

RtlVirtualUnwind
EtwTraceMessage
__C_specific_handler
NtOpenKey
RtlInitUnicodeString
NtClose
NtQueryValueKey
RtlAllocateHeap
wcsncmp
NtQueryInformationProcess
RtlUnhandledExceptionFilter
memset
RtlDeleteResource
RtlAcquireResourceShared
RtlReleaseResource
RtlEnterCriticalSection
RtlInitializeResource
RtlAcquireResourceExclusive
RtlInitializeCriticalSection
RtlLeaveCriticalSection
NtDeviceIoControlFile
NtOpenFile
RtlNtStatusToDosError
RtlCompareUnicodeString
_wcsicmp
RtlImageNtHeader
RtlLookupFunctionEntry
RtlCaptureContext
RtlDeleteCriticalSection
NtTerminateProcess
EtwEventRegister
EtwEventUnregister
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
LdrDisableThreadCalloutsForDll
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
EtwEventWrite
RtlFreeHeap
EtwEventWriteTransfer
__chkstk
memcmp
memcpy
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
GetModuleHandleExW
LoadLibraryExW
GetModuleFileNameW

api-ms-win-core-errorhandling-l1-1-0

GetLastError

api-ms-win-core-synch-l1-1-0

CreateEventW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InitializeSRWLock

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
SetThreadStackGuarantee
GetCurrentProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

PrivilegeCheck

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemDirectoryW

api-ms-win-core-xstate-l2-1-0

GetEnabledXStateFeatures

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery
VirtualAlloc

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

BCryptAddContextFunction
BCryptAddContextFunctionProvider
BCryptCloseAlgorithmProvider
BCryptConfigureContext
BCryptConfigureContextFunction
BCryptCreateContext
BCryptCreateHash
BCryptCreateMultiHash
BCryptDecrypt
BCryptDeleteContext
BCryptDeriveKey
BCryptDeriveKeyCapi
BCryptDeriveKeyPBKDF2
BCryptDestroyHash
BCryptDestroyKey
BCryptDestroySecret
BCryptDuplicateHash
BCryptDuplicateKey
BCryptEncrypt
BCryptEnumAlgorithms
BCryptEnumContextFunctionProviders
BCryptEnumContextFunctions
BCryptEnumContexts
BCryptEnumProviders
BCryptEnumRegisteredProviders
BCryptExportKey
BCryptFinalizeKeyPair
BCryptFinishHash
BCryptFreeBuffer
BCryptGenRandom
BCryptGenerateKeyPair
BCryptGenerateSymmetricKey
BCryptGetFipsAlgorithmMode
BCryptGetProperty
BCryptHash
BCryptHashData
BCryptImportKey
BCryptImportKeyPair
BCryptKeyDerivation
BCryptOpenAlgorithmProvider
BCryptProcessMultiOperations
BCryptQueryContextConfiguration
BCryptQueryContextFunctionConfiguration
BCryptQueryContextFunctionProperty
BCryptQueryProviderRegistration
BCryptRegisterConfigChangeNotify
BCryptRegisterProvider
BCryptRemoveContextFunction
BCryptRemoveContextFunctionProvider
BCryptResolveProviders
BCryptSecretAgreement
BCryptSetAuditingInterface
BCryptSetContextFunctionProperty
BCryptSetProperty
BCryptSignHash
BCryptUnregisterConfigChangeNotify
BCryptUnregisterProvider
BCryptVerifySignature

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bcryptprimitives.dll
.dll windows:10 windows x64 arch:x64

39ad65c22ee924ce5251a7d370c63dcc

Code Sign

33:00:00:04:5c:3d:56:72:66:6c:b7:54:17:00:00:00:00:04:5c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 18:20

Not After

04/09/2024, 18:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:13:e4:94:fe:5b:c1:05:d8:d8:8c:d3:df:06:33:06:46:20:74:b1:e7:0a:b3:5b:78:be:33:7d:91:29:7e:96
Signer

Actual PE Digest

41:13:e4:94:fe:5b:c1:05:d8:d8:8c:d3:df:06:33:06:46:20:74:b1:e7:0a:b3:5b:78:be:33:7d:91:29:7e:96

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bcryptprimitives.pdb

Imports

ntdll

NtTerminateProcess
RtlGetCurrentProcessorNumberEx
RtlAllocateHeap
RtlFreeHeap
RtlCaptureContext
__C_specific_handler
wcscpy_s
_wcsicmp
RtlImageNtHeader
qsort
NtOpenFile
RtlInitUnicodeString
RtlLookupFunctionEntry
RtlGetSystemGlobalData
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwTraceMessage
EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
RtlVirtualUnwind
EtwGetTraceEnableLevel
RtlUnhandledExceptionFilter
memset
NtQueryInformationProcess
_vsnwprintf
__chkstk
_local_unwind
memcmp
memcpy
memmove
wcscmp

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameW
GetModuleHandleExW
GetProcAddress

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
SetThreadStackGuarantee
GetCurrentProcessId

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualAlloc
VirtualQuery

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo

api-ms-win-core-xstate-l2-1-0

GetEnabledXStateFeatures

Exports

Exports

GetAsymmetricEncryptionInterface
GetCipherInterface
GetHashInterface
GetKeyDerivationInterface
GetRngInterface
GetSecretAgreementInterface
GetSignatureInterface
MSCryptConvertRsaPrivateBlobToFullRsaBlob
ProcessPrng
ProcessPrngGuid

Sections

.text
Size: 368KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bderepair.dll
.dll windows:10 windows x64 arch:x64

77800cbb225bf3a6483a0a4765ac77e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bderepair.pdb

Imports

msvcrt

malloc
_wcsicmp
_initterm
_XcptFilter
__C_specific_handler
memmove
memcpy
_amsg_exit
free
memset

ntdll

NtOpenKey
RtlCompareMemory
NtQueryValueKey
NtClose
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlNtStatusToDosError
RtlInitUnicodeString

kernel32

GetTickCount
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapFree
GetProcessHeap
DeviceIoControl
GetLastError
HeapAlloc

bcrypt

BCryptDeriveKeyPBKDF2
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptSetProperty
BCryptGetProperty
BCryptGenerateSymmetricKey
BCryptDestroyKey
BCryptEncrypt
BCryptDecrypt
BCryptDestroyHash

Exports

Exports

FveAuthWithClearKey
FveAuthWithKey
FveAuthWithPassphraseW
FveAuthWithPasswordW
FveCreateRestoreContext
FveDecryptData
FveDestroyRestoreContext
FveGetConvLogOffset
FveGetInterruptedRangeOffset
FveGetMetadataFromRestoreContext
FveLoadConvLog
FveRecoverBlock
FveSupplyInformationBlock
FveSupplyKeyPackage
FveSupplyWatermark

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bdesvc.dll
.dll windows:10 windows x64 arch:x64

6c41daadb0ee25d849e80d72eb601d5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bdesvc.pdb

Imports

msvcrt

?terminate@@YAXXZ
_lock
_onexit
??1type_info@@UEAA@XZ
wcstok
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
_unlock
??0exception@@QEAA@AEBQEBD@Z
_callnewh
rand
wcschr
swprintf_s
free
memset
malloc
_beginthreadex
??_V@YAXPEAX@Z
__C_specific_handler
_wcsicmp
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
iswascii
_stricmp
wcstoul
memcmp
__RTDynamicCast
_purecall
__CxxFrameHandler4
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
??0exception@@QEAA@AEBQEBDH@Z
__dllonexit
wcscmp

ntdll

RtlGetDeviceFamilyInfoEnum
RtlStringFromGUID
NtPowerInformation
RtlVerifyVersionInfo
VerSetConditionMask
RtlCheckPortableOperatingSystem
RtlGUIDFromString
RtlCreateSystemVolumeInformationFolder
RtlPublishWnfStateData
NtQueryInformationFile
NtOpenFile
RtlDosPathNameToNtPathName_U_WithStatus
RtlCompareMemory
RtlInitUnicodeString
NtClose
WinSqmAddToStreamEx
RtlFreeUnicodeString
WinSqmIsOptedIn
WinSqmSetDWORD
RtlNtStatusToDosError
NtSetInformationThread
RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtQuerySystemInformation
RtlSetThreadErrorMode
NtQueryWnfStateData

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
DisableThreadLibraryCalls
GetModuleHandleW
LoadLibraryExW
GetModuleHandleExW
FreeLibrary
GetModuleHandleExA
GetProcAddress
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

TryAcquireSRWLockExclusive
DeleteCriticalSection
AcquireSRWLockShared
InitializeSRWLock
InitializeCriticalSection
CreateEventW
CreateMutexExW
EnterCriticalSection
ReleaseSemaphore
SetEvent
LeaveCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockShared
ResetEvent
WaitForMultipleObjectsEx
CreateSemaphoreExW
OpenSemaphoreW
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
WaitForSingleObjectEx
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapSize
HeapAlloc
HeapFree
GetProcessHeap
HeapReAlloc

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolCleanupGroup
SetThreadpoolTimer
CreateThreadpoolTimer
TrySubmitThreadpoolCallback
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolTimer
SetEventWhenCallbackReturns

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
OpenProcessToken
GetCurrentProcess
SetThreadToken
GetExitCodeProcess
CreateProcessAsUserW
ResumeThread
TerminateProcess
OpenThreadToken
GetCurrentThread
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
GetTraceEnableLevel

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetSystemTime
GetTickCount
GetSystemWindowsDirectoryW

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventRegister
EventUnregister
EventSetInformation
EventWrite
EventWriteTransfer

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

rpcrt4

I_RpcServerDisableExceptionFilter
NdrServerCall2
RpcRevertToSelf
RpcServerUseProtseqW
RpcServerListen
UuidFromStringW
RpcServerRegisterAuthInfoW
RpcServerInqBindings
RpcEpRegisterW
NdrServerCallAll
RpcImpersonateClient
RpcStringFreeW
UuidToStringW
RpcBindingVectorFree
RpcServerUnregisterIfEx
RpcEpUnregister
RpcServerRegisterIfEx

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegDeleteTreeW
RegEnumKeyExW
RegOpenCurrentUser
RegEnumValueW
RegLoadKeyW
RegQueryInfoKeyW
RegCloseKey
RegSetValueExW
RegGetValueA
RegDeleteKeyExW
RegCreateKeyExW
RegGetValueW
RegUnLoadKeyW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation

api-ms-win-core-file-l1-1-0

GetVolumeInformationW
FindClose
GetFileAttributesW
RemoveDirectoryW
ReadFile
FlushFileBuffers
DeleteFileW
GetVolumePathNameW
CreateFileW
FindFirstFileW
FindNextFileW
CreateDirectoryW
WriteFile

api-ms-win-eventing-consumer-l1-1-0

ProcessTrace
OpenTraceW
CloseTrace

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-devices-config-l1-1-1

CM_Register_Notification
CM_Unregister_Notification

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-com-l1-1-0

CLSIDFromString
CoTaskMemAlloc
PropVariantClear
CoTaskMemFree
CoCreateGuid
StringFromGUID2
CoInitializeEx
CoCreateInstance
CoUninitialize
CoWaitForMultipleHandles

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW
RegSetKeyValueW

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
ImpersonateLoggedOnUser
CheckTokenMembership
CreateRestrictedToken
RevertToSelf
GetTokenInformation
FreeSid
CreateWellKnownSid
GetSidSubAuthorityCount
AdjustTokenPrivileges
GetSidSubAuthority
AllocateAndInitializeSid

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-security-grouppolicy-l1-1-0

UnregisterGPNotificationInternal
RegisterGPNotificationInternal

api-ms-win-security-lsalookup-l1-1-1

GetDefaultIdentityProvider
ReleaseIdentityProviderEnumContext
GetIdentityProviderInfoByGUID
EnumerateIdentityProviders

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
DeleteTimerQueueTimer
CreateTimerQueueTimer

fveapi

FveGetStatus
FveOpenVolumeW
FveSelectBestRecoveryPasswordByBackupInformation
FveInitializeDeviceEncryption2
FveGetStatusW
FveGetAuthMethodSid
FveGetAuthMethodSidInformation
FveUnlockVolumeAuthMethodSid
FveApplyGroupPolicy
FveCommitChanges
FveApplyNkpCertChanges
FveConversionEncryptEx
FveDecrementClearKeyCounter
FveGetClearKeyCounter
FveConversionEncryptPendingRebootEx
FveFindFirstVolume
FveCloseVolume
FveGetIdentity
FveUpdateBandIdBcd
FveSetAllowKeyExport
FveAttemptAutoUnlock
FveFindNextVolume
FveRegenerateNbpSessionKey
FveGetAuthMethodInformation
FveGetDataSet
FveSysCloseVolume
FveOpenVolumeByHandle
FveGenerateNkpSessionKeys
FveIsVolumeEncryptable
FveGetVolumeNameW
FveAuthElementFromPassPhraseW
FveGetFveMethod
FveDeleteAuthMethod
FveAddAuthMethodInformation
FveSysSetUserFlags
FveValidateExistingPinW
FveUpdatePinW
FveValidateExistingPassphraseW
FveSysClearUserFlags
FveIsSchemaExtInstalled
FveIsHardwareReadyForConversion
FveIsBoundDataVolume
FveGetAuthMethodGuids
FveBackupRecoveryInformationToADEx
FveIsDeviceLockedOut
FveGetSecureBootBindingState
FveCheckADRecoveryInfoBackupPolicyEx
FveCommitChangesEx
FveInitVolumeEx
FveBindDataVolume
FveRevertVolume
FveIsBoundDataVolumeToOSVolume
FveSysGetUserFlags
FveCheckTpmCapability
FveIsAnyDataVolumeBoundToOSVolume
FveKeyManagement
FveCloseHandle
FveIsHybridVolumeW

wevtapi

EvtClose
EvtNext
EvtQuery
EvtRender
EvtCreateRenderContext

bcd

BcdEnumerateAndUnpackElements
BcdOpenObject
BcdEnumerateObjects
BcdGetElementData
BcdCloseObject
BcdCloseStore
BcdDeleteElement
BcdSetElementData
BcdOpenSystemStore

fvecerts

FveCertIsValidCertInfo

bcrypt

BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDestroyHash

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

samcli

NetUserGetInfo

netutils

NetApiBufferFree

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-security-lsapolicy-l1-1-0

LsaFreeMemory
LsaOpenPolicy
LsaClose
LsaQueryInformationPolicy

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 484KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bdeui.dll
.dll windows:10 windows x64 arch:x64

5a1dc4455ab505bf607c896467517e3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

BdeUi.pdb

Imports

msvcrt

free
_initterm
_callnewh
_vsnwprintf
__C_specific_handler
_wcsicmp
malloc
memcpy
_amsg_exit
towupper
_XcptFilter
memset

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoCreateInstance

bcrypt

BCryptGetFipsAlgorithmMode

api-ms-win-core-synch-l1-1-0

CreateMutexW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW

api-ms-win-core-file-l1-1-0

GetVolumeInformationW

oleaut32

VariantClear
SysAllocString
VariantInit

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

fveapi

FveIsVolumeEncryptable
FveOpenVolumeByHandle
FveIsHardwareReadyForConversion
FveOpenVolumeW
FveGetStatus
FveGetAuthMethodInformation
FveIsBoundDataVolume
FveFindFirstVolume
FveFindNextVolume
FveCloseVolume
FveCloseHandle
FveGetVolumeNameW

ole32

CoGetObject

user32

EnumChildWindows
FindWindowW
GetWindowThreadProcessId
AllowSetForegroundWindow
SendMessageTimeoutW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

ntdll

RtlVerifyVersionInfo

Exports

Exports

??0BuiVolume@@QEAA@XZ
??0BuiVolume@@QEAA@_N@Z
??0VolumeFveStatus@@IEAA@XZ
??0VolumeFveStatus@@QEAA@K_KJW4_FVE_WIPING_STATE@@@Z
??1BuiVolume@@QEAA@XZ
??4BuiVolume@@QEAAAEAV0@AEBV0@@Z
??4VolumeFveStatus@@QEAAAEAV0@$$QEAV0@@Z
??4VolumeFveStatus@@QEAAAEAV0@AEBV0@@Z
?AddSmartCard@BuiVolume@@QEAAJPEAUHWND__@@@Z
?AllowForegroundWindowDisplay@BuiVolume@@AEAAJXZ
?AttemptAutoUnlock@BuiVolume@@QEAAJXZ
?BasicDispatch@BuiVolume@@AEAAJJPEAUHWND__@@PEBGPEAJ@Z
?BasicDispatch@BuiVolume@@AEAAJJPEBG0PEAHPEAJ@Z
?BasicDispatch@BuiVolume@@AEAAJJPEBG0PEAJ@Z
?BasicDispatch@BuiVolume@@AEAAJJPEBG0PEAK@Z
?BasicDispatch@BuiVolume@@AEAAJJPEBGPEAHPEAJ@Z
?BasicDispatch@BuiVolume@@AEAAJJPEBGPEAJ@Z
?BasicDispatch@BuiVolume@@AEAAJJPEBGPEAPEAG@Z
?BasicDispatch@BuiVolume@@AEAAJJPEBGPEAUtagVARIANT@@@Z
?CanBeResumed@BuiVolume@@QEBA_NXZ
?CanRefreshStatus@BuiVolume@@AEBA_NXZ
?ClearProxyObject@BuiVolume@@QEAAXXZ
?Decrypt@BuiVolume@@QEAAJPEAUHWND__@@@Z
?DeleteVolumeList@BuiVolume@@SAXPEAPEAU_BuiVolumeNode@@@Z
?Disable@BuiVolume@@QEAAJPEAUHWND__@@@Z
?DisableAutoUnlock@BuiVolume@@QEAAJXZ
?Dispatch@BuiVolume@@AEAAJJPEAUtagDISPPARAMS@@PEAJ@Z
?Dispatch@BuiVolume@@AEAAJJPEAUtagDISPPARAMS@@PEAUtagVARIANT@@@Z
?EnableAutoUnlock@BuiVolume@@QEAAJXZ
?FailedDryRun@VolumeFveStatus@@QEBA_NXZ
?FindMountPoint@BuiVolume@@AEAAJXZ
?FormatNameAndMountPoint@BuiVolume@@AEAAJXZ
?GetAllVolumes@BuiVolume@@SAJPEAPEAU_BuiVolumeNode@@@Z
?GetConvertedPercent@BuiVolume@@QEBANXZ
?GetDescription@BuiVolume@@QEAAJPEAPEAG@Z
?GetExtendedFlags@VolumeFveStatus@@QEBA_KXZ
?GetLastConvertStatus@VolumeFveStatus@@QEBAJXZ
?GetOsVolume@BuiVolume@@SAJPEAPEAV1@@Z
?GetPasswordBackupTypes@BuiVolume@@QEAAJPEBGPEAK@Z
?GetPasswordId@BuiVolume@@QEAAJPEAPEAG@Z
?GetStatusFlags@VolumeFveStatus@@QEBAKXZ
?GetWipeCount@BuiVolume@@QEBAKXZ
?GetWipedPercent@BuiVolume@@QEBANXZ
?HasAutoUnlockVolumesBound@BuiVolume@@QEAA_NXZ
?HasExternalKey@VolumeFveStatus@@QEBA_NXZ
?HasPBKDF2RecoveryPassword@VolumeFveStatus@@QEBA_NXZ
?HasPassphraseProtector@VolumeFveStatus@@QEBA_NXZ
?HasPinProtector@VolumeFveStatus@@QEBA_NXZ
?HasRecoveryData@VolumeFveStatus@@QEBA_NXZ
?HasRecoveryPassword@VolumeFveStatus@@QEBA_NXZ
?HasSmartCardProtector@VolumeFveStatus@@QEBA_NXZ
?HasStartupKeyProtector@VolumeFveStatus@@QEBA_NXZ
?HasTpmProtector@VolumeFveStatus@@QEBA_NXZ
?ImplicitPauseConversion@BuiVolume@@QEAAJXZ
?Init@BuiVolume@@QEAAJPEAG@Z
?InitMembers@BuiVolume@@AEAAXXZ
?IsAutoUnlockEnabled@BuiVolume@@QEAA_NXZ
?IsConverting@VolumeFveStatus@@QEBA_NXZ
?IsCsvMetadataVolume@VolumeFveStatus@@QEBA_NXZ
?IsCurrentPINEnhanced@BuiVolume@@QEAAJPEAH@Z
?IsDEAutoProvisioned@VolumeFveStatus@@QEBA_NXZ
?IsDecrypted@VolumeFveStatus@@QEBA_NXZ
?IsDecrypting@VolumeFveStatus@@QEBA_NXZ
?IsDisabled@VolumeFveStatus@@QEBA_NXZ
?IsEDriveVolume@VolumeFveStatus@@QEBA_NXZ
?IsEncrypted@VolumeFveStatus@@QEBA_NXZ
?IsEncrypting@VolumeFveStatus@@QEBA_NXZ
?IsFveNotifyNecessary@BuiVolume@@QEBA_NXZ
?IsLocked@VolumeFveStatus@@QEBA_NXZ
?IsOn@VolumeFveStatus@@QEBA_NXZ
?IsOsCriticalVolume@VolumeFveStatus@@QEBA_NXZ
?IsOsVolume@VolumeFveStatus@@QEBA_NXZ
?IsPartiallyConverted@VolumeFveStatus@@QEBA_NXZ
?IsPaused@VolumeFveStatus@@QEBA_NXZ
?IsPreProvisioned@VolumeFveStatus@@QEBA_NXZ
?IsRoamingDevice@VolumeFveStatus@@QEBA_NXZ
?IsSecure@VolumeFveStatus@@QEBA_NXZ
?IsUnknownFveVersion@VolumeFveStatus@@QEBA_NXZ
?IsWiping@VolumeFveStatus@@QEBA_NXZ
?LaunchUpdate@BuiVolume@@QEAAJXZ
?LaunchWizard@BuiVolume@@QEAAJG@Z
?ManagementRequiresElevation@BuiVolume@@QEBA_NXZ
?NO_DRIVE_LETTER@BuiVolume@@2IB
?NeedsDiscoveryVolumeUpdate@BuiVolume@@QEAAJPEAH@Z
?NeedsRestart@VolumeFveStatus@@QEBA_NXZ
?PauseConversion@BuiVolume@@QEAAJXZ
?ProxyAddSmartCard@BuiVolume@@AEAAJPEAUHWND__@@@Z
?ProxyAreVolumesBound@BuiVolume@@AEAAJXZ
?ProxyAttemptAutoUnlock@BuiVolume@@AEAAJXZ
?ProxyDecrypt@BuiVolume@@AEAAJPEAUHWND__@@@Z
?ProxyDisable@BuiVolume@@AEAAJPEAUHWND__@@@Z
?ProxyDisableAutoUnlock@BuiVolume@@AEAAJXZ
?ProxyEnableAutoUnlock@BuiVolume@@AEAAJXZ
?ProxyGetDescription@BuiVolume@@AEAAJPEAPEAG@Z
?ProxyGetPasswordBackupTypes@BuiVolume@@AEAAJPEBGPEAK@Z
?ProxyGetPasswordId@BuiVolume@@AEAAJPEAPEAG@Z
?ProxyGetProcessId@BuiVolume@@AEAAJPEAK@Z
?ProxyImplicitPauseConversion@BuiVolume@@AEAAJXZ
?ProxyIsAutoUnlockEnabled@BuiVolume@@AEAAJXZ
?ProxyLaunchUpdate@BuiVolume@@AEAAJXZ
?ProxyLaunchWizard@BuiVolume@@AEAAJG@Z
?ProxyNeedsDiscoveryVolumeUpdate@BuiVolume@@AEAAJPEAH@Z
?ProxyPauseConversion@BuiVolume@@AEAAJXZ
?ProxyRemovePassphrase@BuiVolume@@AEAAJXZ
?ProxyRemoveSmartCard@BuiVolume@@AEAAJ_N@Z
?ProxyResumeConversion@BuiVolume@@AEAAJXZ
?ProxyServiceDiscoveryVolume@BuiVolume@@AEAAJXZ
?ProxyUnlockVolumeWithKey@BuiVolume@@AEAAJPEBGPEAH@Z
?ProxyUnlockVolumeWithPassphrase@BuiVolume@@AEAAJPEBGPEAH@Z
?ProxyUnlockVolumeWithPassword@BuiVolume@@AEAAJPEBGPEAH@Z
?ProxyUnlockVolumeWithSmartCard@BuiVolume@@AEAAJPEAUHWND__@@PEAH@Z
?ProxyUpgradeVolume@BuiVolume@@AEAAJXZ
?RefreshStatus@BuiVolume@@QEAAJ_N@Z
?RemovePassphrase@BuiVolume@@QEAAJXZ
?RemoveSmartCard@BuiVolume@@QEAAJ_N@Z
?ResumeConversion@BuiVolume@@QEAAJXZ
?ResumeStatusRefreshing@BuiVolume@@QEAAXXZ
?ServiceDiscoveryVolume@BuiVolume@@QEAAJXZ
?SetProxyObject@BuiVolume@@QEAAXPEAUIDispatch@@@Z
?SuspendStatusRefreshing@BuiVolume@@QEAAXXZ
?UnlockRequiresElevation@BuiVolume@@QEBA_NXZ
?UnlockWithKey@BuiVolume@@QEAAJPEBGPEAH@Z
?UnlockWithPassphrase@BuiVolume@@QEAAJPEBGPEAH@Z
?UnlockWithPassword@BuiVolume@@QEAAJPEBGPEAH@Z
?UnlockWithSmartCard@BuiVolume@@QEAAJPEAUHWND__@@PEAH@Z
?UpgradeVolume@BuiVolume@@QEAAJXZ
BuisCreateElevatedProxyObject
BuisCreateProxyObject
BuisDetectExistingWizard
BuisIsFipsEnabled
BuisIsHardwareReadyForConversion

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bi.dll
.dll windows:10 windows x64 arch:x64

abd24111697337a3a339d9ae98ba129b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bi.pdb

Imports

msvcrt

_XcptFilter
_amsg_exit
free
malloc
_initterm
__C_specific_handler

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlLengthSid

rpcrt4

NdrClientCall3
RpcExceptionFilter
RpcBindingCreateW
RpcBindingBind
RpcBindingFree
I_RpcMapWin32Status

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
OpenServiceW

api-ms-win-service-private-l1-1-0

WaitServiceState

Exports

Exports

BiActivateDeferredWorkItem
BiActivateInBackground
BiActivateInBackgroundEx
BiActivateWorkItem
BiAssociateActivationProxy
BiAssociateApplicationExtensionClass
BiCancelWorkItem
BiCancelWorkItemEx
BiCreateEvent
BiCreateEventForPackageName
BiDeleteEvent
BiDisassociateWorkItem
BiDiscardPendingActivations
BiEnumerateBrokeredEvents
BiEnumerateUserContexts
BiEnumerateUserSessions
BiEnumerateWorkItemsForPackageName
BiEnumerateWorkItemsForPackageNameEx
BiFreeMemory
BiPackageChangeState
BiQueryBrokeredEvent
BiQuerySystemStateBroadcastChannels
BiQueryUserContext
BiQueryUserSession
BiQueryWorkItem
BiQueryWorkItemEx
BiQueryWorkItemStatusStateName
BiSignalEvent
BiSignalEventEx
BiSignalMultipleEvents
BiSignalTriggerEvent
BiSignalTriggerEventEx
BiUpdateEventFlags
BiUpdateEventInformation
BiUpdateEventParameters

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bidispl.dll
.dll regsvr32 windows:10 windows x64 arch:x64

b45c19be3c865064173ca0b459a6e170

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bidispl.pdb

Imports

msvcrt

_amsg_exit
_initterm
_XcptFilter
_lock
malloc
swscanf
_vsnwprintf
memcpy_s
free
_callnewh
__C_specific_handler
_unlock
__dllonexit
_onexit
memset
_wcsicmp
memcpy
wcscmp

kernel32

DebugBreak
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
IsDebuggerPresent
GetModuleFileNameW
SetLastError
GetLastError
GetModuleHandleW
GetProcAddress
FindResourceW
SizeofResource
LoadResource
LockResource
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
CreateMutexExW
GetCurrentProcessId
GetProcessHeap

oleaut32

SysStringLen
VariantClear
SysAllocString
SysFreeString
VariantInit
SysAllocStringLen

winspool.drv

OpenPrinterW
ClosePrinter

crypt32

CryptBinaryToStringW
CryptStringToBinaryW

api-ms-win-core-com-l1-1-0

StringFromCLSID
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegDeleteTreeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bindfltapi.dll
.dll windows:10 windows x64 arch:x64

cc045e87d950adfda8848675139f1af1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

BindFltApi.pdb

Imports

api-ms-win-crt-locale-l1-1-0

_lock_locales
_unlock_locales

api-ms-win-crt-string-l1-1-0

memset
wcsnlen

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__fseeki64
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo_noreturn
_o__lock_file
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__unlock_file
_o__wcsdup
_o_abort
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fgetwc
_o_fputwc
_o_free
_o_fsetpos
_o_fwrite
_o_malloc
_o_setlocale
_o_setvbuf
_o_terminate
_o_ungetc
_o_ungetwc
_o_wcstoul
__uncaught_exception
__C_specific_handler
_CxxThrowException
_o__cexit
_o__calloc_base
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vfprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___pctype_func
__std_type_info_compare
_o___acrt_iob_func
_o____mb_cur_max_func
_o____lc_locale_name_func
_o____lc_codepage_func
__CxxFrameHandler3
_local_unwind
memcmp
memcpy
memmove

fltlib

FilterConnectCommunicationPort
FilterSendMessage

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileAttributesW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

ntdll

NtClose
NtDelayExecution
NtSetInformationThread
RtlDosPathNameToNtPathName_U
RtlAllocateHeap
RtlFreeHeap
NtQueryObject
RtlNtStatusToDosError
NtDeviceIoControlFile
NtFsControlFile
NtCreateFile
NtOpenThreadToken
NtWaitForSingleObject
NtAdjustPrivilegesToken
RtlImpersonateSelf
NtQueryInformationFile

api-ms-win-core-string-l1-1-0

GetStringTypeW
WideCharToMultiByte
GetStringTypeExW
MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

GetUserDefaultLCID
LCMapStringEx
LCMapStringW

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSectionEx
WaitForSingleObjectEx
EnterCriticalSection
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
CreateEventW
LeaveCriticalSection

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FreeLibrary
GetProcAddress
LoadStringW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA

Exports

Exports

BfAttachFilter
BfConfigureFilter
BfGenerateBatchedConfig
BfGenerateMappingConfiguration
BfGetMappings
BfRemoveMapping
BfRemoveMappingEx
BfSetupFilter
BfSetupFilterBatched
BfSetupFilterEx
BfTrackWritesFromSilo

Sections

.text
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bisrv.dll
.dll windows:10 windows x64 arch:x64

b3672b0edf3102593816965772dbd5de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bisrv.pdb

Imports

msvcrt

strtoul
swscanf_s
_set_errno
_get_errno
wcstok_s
_wcsnicmp
wcstoul
_wcsicmp
_vsnwprintf
_errno
_wcsdup
_callnewh
memcmp
memcpy
memmove
_onexit
__dllonexit
_unlock
_lock
__CxxFrameHandler3
__C_specific_handler
_initterm
malloc
_amsg_exit
_XcptFilter
free
wcsncmp
memmove_s
_ui64tow_s
_purecall
memcpy_s
wcscpy_s
wcsnlen
qsort
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleHandleExW
GetModuleHandleExA
GetModuleFileNameA

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification
PowerSettingUnregisterNotification

ntdll

RtlNtStatusToDosError
RtlQueryWnfStateData
RtlUnsubscribeWnfStateChangeNotification
NtSetValueKey
NtCreateFile
NtSaveKeyEx
NtCreateKey
NtLoadKeyEx
NtDeleteValueKey
RtlAcquirePrivilege
NtDeleteFile
NtOpenKey
RtlReleasePrivilege
RtlAppendUnicodeToString
NtEnumerateKey
RtlAppendUnicodeStringToString
NtDeleteKey
RtlCompareUnicodeString
RtlRbRemoveNode
TpWaitForWait
RtlRbInsertNodeEx
ZwUpdateWnfStateData
TpSetWait
RtlQueryPackageIdentityEx
NtOpenThreadToken
TpSetTimerEx
RtlQueryPackageClaims
NtOpenProcessToken
RtlFreeUnicodeString
RtlStringFromGUID
NtClearEvent
NtWriteVirtualMemory
NtSetEvent
NtReadVirtualMemory
RtlCopyUnicodeString
NtQueryInformationProcess
RtlQueryUnbiasedInterruptTime
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlGetNextEntryHashTable
RtlLookupEntryHashTable
RtlCreateHashTable
NtDuplicateObject
RtlInsertEntryHashTable
RtlRunOnceExecuteOnce
NtCreateEvent
RtlCompareUnicodeStrings
RtlQueryWnfMetaNotification
NtQueryValueKey
RtlDeleteHashTable
RtlDuplicateUnicodeString
RtlCreateSecurityDescriptor
NtQuerySystemInformation
RtlCreateAcl
RtlIsMultiSessionSku
RtlWaitForWnfMetaNotification
NtQueryAttributesFile
RtlInitEnumerationHashTable
RtlRemoveEntryHashTable
RtlReAllocateHeap
RtlAddAccessAllowedAceEx
NtOpenProcess
RtlInitUnicodeString
RtlGetDeviceFamilyInfoEnum
RtlUpcaseUnicodeChar
RtlSetDaclSecurityDescriptor
RtlEndEnumerationHashTable
NtCreateWnfStateName
TpAllocTimer
NtDeleteWnfStateName
RtlGUIDFromString
RtlEnumerateEntryHashTable
RtlGetLastWin32Error
RtlSetOwnerSecurityDescriptor
RtlTestBit
RtlStringFromGUIDEx
RtlInitializeBitMap
TpWaitForWork
RtlClearBit
RtlSetBit
RtlAcquireSRWLockExclusive
TpReleaseTimer
RtlReleaseSRWLockExclusive
TpWaitForTimer
RtlInitializeSRWLock
TpSetTimer
TpAllocWait
RtlWaitOnAddress
TpSetWaitEx
TpReleaseWait
RtlWakeAddressAll
TpSetPoolMaxThreads
RtlFreeHeap
TpReleaseWork
TpPostWork
TpAllocPool
RtlRunOnceBeginInitialize
TpAllocWork
RtlRunOnceComplete
TpReleasePool
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlValidSid
NtCreateIRTimer
RtlEqualSid
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlCopySid
NtClose
RtlLengthSid
NtQueryInformationToken
NtPowerInformation
NtQueryWnfStateData
RtlConvertSidToUnicodeString
RtlPublishWnfStateData
RtlSubscribeWnfStateChangeNotification
NtSetIRTimer
RtlFreeSid

api-ms-win-core-com-l1-1-0

CoGetClassObject
CoDecrementMTAUsage
CoInitializeSecurity
CoInitializeEx
CoUnmarshalInterface
CoMarshalInterface
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CoDisconnectObject
CoTaskMemFree
CoTaskMemAlloc
CoRegisterClassObject
CLSIDFromString
CoGetCallContext
CoIncrementMTAUsage
CoReleaseMarshalData

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSection
AcquireSRWLockExclusive
OpenEventW
ReleaseSRWLockShared
OpenSemaphoreW
ReleaseMutex
CreateSemaphoreExW
WaitForSingleObjectEx
TryAcquireSRWLockExclusive
DeleteCriticalSection
AcquireSRWLockShared
CreateEventExW
InitializeSRWLock
WaitForSingleObject
ReleaseSemaphore
CreateMutexExW
EnterCriticalSection
SetEvent
ReleaseSRWLockExclusive
InitializeCriticalSectionEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException
GetLastError

api-ms-win-security-base-l1-1-0

GetTokenInformation
SetSecurityDescriptorGroup
InitializeSecurityDescriptor
IsWellKnownSid
IsValidSid
GetSecurityDescriptorDacl
GetLengthSid
InitializeAcl
CopySid
SetSecurityDescriptorDacl
RevertToSelf
SetSecurityDescriptorOwner
ImpersonateLoggedOnUser
CreateWellKnownSid
AddAccessAllowedAce

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventWrite
EventWriteTransfer
EventRegister

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-core-threadpool-l1-2-0

CloseThreadpool
CreateThreadpool
CloseThreadpoolCleanupGroup
SetThreadpoolThreadMinimum
CreateThreadpoolCleanupGroup
CreateThreadpoolTimer
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolWait
CloseThreadpoolTimer
SetThreadpoolTimer
SetThreadpoolThreadMaximum
WaitForThreadpoolTimerCallbacks
IsThreadpoolTimerSet

api-ms-win-core-processthreads-l1-1-0

GetProcessId
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
OpenProcessToken
TerminateProcess

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabledForPackage

api-ms-win-core-quirks-l1-1-1

QuirkIsEnabledForPackage3

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalAlloc
GlobalAlloc
LocalReAlloc
LocalFree

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCompareMemory
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetTickCount64

oleaut32

SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel

api-ms-win-core-psm-key-l1-1-0

PsmCreateKey
PsmGetPackageFullNameFromKey
PsmIsValidKey
PsmGetApplicationNameFromKey
PsmIsDynamicKey

rpcrt4

RpcServerUnregisterIf
RpcEpRegisterW
RpcBindingVectorFree
RpcEpUnregister
NdrAsyncServerCall
Ndr64AsyncServerCallAll
UuidCreate
I_RpcExceptionFilter
RpcImpersonateClient
NdrClientCall3
I_RpcMapWin32Status
I_RpcBindingInqLocalClientPID
RpcRaiseException
RpcRevertToSelf
RpcAsyncCompleteCall
RpcServerRegisterIf3
RpcBindingFree
RpcServerUseProtseqW
RpcBindingBind
RpcBindingCreateW
RpcServerInqCallAttributesW
NdrServerCall2
NdrServerCallAll
RpcServerInqBindings

api-ms-win-appmodel-runtime-internal-l1-1-4

GetPackageStatusForUserSid

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-registry-l2-1-0

RegEnumKeyW
RegOpenKeyW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegQueryValueExW
RegEnumValueW
RegQueryInfoKeyW
RegGetValueW
RegCloseKey
RegEnumValueA
RegDeleteValueA
RegCreateKeyExW
RegOpenKeyExW

api-ms-win-security-lsalookup-l1-1-0

LsaLookupGetDomainInfo
LsaLookupFreeMemory
LsaLookupOpenLocalPolicy
LsaLookupClose

resourcepolicyclient

InterruptiveUIStateChanged_Subscribe
CreateResourcePolicyStoreClient
InterruptiveUIStateChanged_Unsubscribe
CreateResourcePolicyEngineClient
QueryApplicationInterruptiveUIStateByPsmKey

umpdc

Pdcv2ActivationClientRenewActivation
Pdcv2ActivationClientRegister
Pdcv2ActivationClientActivate
Pdcv2ActivationClientSetBrokeredProcessId
Pdcv2ActivationClientUnregister
Pdcv2ActivationClientDeactivate

eventaggregation

BriRegisterToBrokerAvailability
EaCreateAggregation
BriUnregisterFromBrokerAvailability
EaDeleteAggregation
BriIsBrokerRegistered
BriDeleteBrokeredEvent
BriCreateBrokeredEventEx
EaSignalAggregatedEvent
BriGetBrokerAvailabilityChangeStamp

rmclient

CrmActivityFree
HamCloseActivity
HamCreateActivity
HamHostIdInitializeKey
HamSetExternalResourcePriority
CrmActivityAllocate
HamCreateActivityEx
CrmActivityRequest
HamIsHostBeingDebugged
HamPopulateActivityProperties
CrmRegister
HamHostIdCreateSingleUse
CrmUnregister
HamConnectToServer
HamResetExternalResourcePriority
CrmActivityStop
CrmActivityStart
HamDisconnectFromServer
HamTerminateActivityHost
HamStartActivityAsync
HamHostIdFindOrCreate

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-security-provider-l1-1-0

SetNamedSecurityInfoW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueEx
CreateTimerQueue
CreateTimerQueueTimer

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-appmodel-lifecyclepolicy-l1-1-0

AppModelQueryLifecyclePolicy

Exports

Exports

PsmBiExtInitialize
PsmBiExtNotifyAppState
PsmBiExtNotifyRmInitializationComplete
PsmBiExtNotifySessionStateChange
PsmBiExtNotifySessionUserStateChange
PsmBiExtNotifyWerReportProgress
PsmBiExtPrepareToSuspendPackage
PsmBiExtResumePackage
PsmBiExtServerCleanup
PsmBiExtServerInitialize
PsmBiExtServerStart

Sections

.text
Size: 620KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bitsigd.dll
.dll windows:10 windows x64 arch:x64

f1a4ea24ffd79146e66a1badaefdab97

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bitsigd.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
__C_specific_handler
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
__std_terminate
__CxxFrameHandler4
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_CxxThrowException
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp

ntdll

EtwGetTraceLoggerHandle
EtwEventRegister
EtwTraceMessage
EtwEventWrite
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
RtlNtStatusToDosErrorNoTeb
EtwUnregisterTraceGuids
EtwEventUnregister
EtwEventEnabled
RtlGetPersistedStateLocation
EtwGetTraceEnableLevel

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
DisableThreadLibraryCalls

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
CloseThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolCleanupGroup
CreateThreadpoolWork

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-com-l1-1-0

CoCreateGuid
CoDisconnectContext
CoCreateInstance

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSectionEx
CreateEventW
ResetEvent
SetEvent
LeaveCriticalSection
WaitForSingleObject
InitializeCriticalSection
EnterCriticalSection

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
OpenThreadToken
SetThreadToken
GetCurrentThread

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

InitializeEx
UninitializeEx

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bitsperf.dll
.dll windows:10 windows x64 arch:x64

9693b61eb765f62eeb39d42ffdd19508

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bitsperf.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vswprintf
_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
memcpy
_o__wcsicmp
__C_specific_handler
__CxxFrameHandler4
_o___std_type_info_destroy_list

api-ms-win-crt-string-l1-1-0

memset

ntdll

EtwUnregisterTraceGuids
EtwTraceMessage
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlGetPersistedStateLocation
RtlNtStatusToDosError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
EtwGetTraceEnableFlags

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCloseKey
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW

api-ms-win-core-com-l1-1-0

CoCreateInstance

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

Exports

Exports

??0CPerfMon@@QEAA@PEAGPEAU_PERF_ITEM@0@@Z
??1CPerfMon@@QEAA@XZ
??4CPerfMon@@QEAAAEAV0@AEBV0@@Z
?CalcBytesForPerfObject@CPerfMon@@AEBAKPEAU__OBJECT_ORD@1@@Z
?CalcPerfMetrics@CPerfMon@@AEBAXPEAU__OBJECT_ORD@1@PEAU__INSTANCE_ID@1@PEAU_PERF_METRICS@1@PEAPEAU_PERF_ITEM@1@@Z
?Collect@CPerfMon@@QEAAKPEAGPEAPEAEPEAK2@Z
?CollectAllObjects@CPerfMon@@AEBAKPEAGPEAPEAEPEAK2@Z
?CollectAnObject@CPerfMon@@AEBAKPEAU__OBJECT_ORD@1@PEAPEAE@Z
?ConvertInstIdToInUseInstId@CPerfMon@@AEBAHPEAU__OBJECT_ORD@1@PEAU__INSTANCE_ID@1@@Z
?CounterIdToObjectOrd@CPerfMon@@AEBAPEAU__OBJECT_ORD@1@PEAU__COUNTER_ID@1@PEAH@Z
?CounterIdToPerfItem@CPerfMon@@AEBAPEAU_PERF_ITEM@1@PEAU__COUNTER_ID@1@@Z
?CounterIdToPerfItemIndex@CPerfMon@@AEBAHPEAU__COUNTER_ID@1@PEAH@Z
?CounterOrdToPerfItem@CPerfMon@@AEBAPEAU_PERF_ITEM@1@PEAU__OBJECT_ORD@1@PEAU__COUNTER_ORD@1@@Z
?DetermineObjectsToCollect@CPerfMon@@AEBAXPEAU__OBJECT_ORD@1@@Z
?GetCounter32@CPerfMon@@QEAAPEAJPEAU__COUNTER_ID@1@PEAU__INSTANCE_ID@1@@Z
?GetCounter64@CPerfMon@@QEAAPEA_JPEAU__COUNTER_ID@1@PEAU__INSTANCE_ID@1@@Z
?GetCounter@CPerfMon@@AEAAPEAEPEAU__COUNTER_ID@1@PEAU__INSTANCE_ID@1@@Z
?HowManyInstancesAreInUse@CPerfMon@@AEBAHPEAU__OBJECT_ORD@1@@Z
?IdToPerfItemIndex@CPerfMon@@AEBAHH_K@Z
?Initialize@CPerfMon@@QEAAKH@Z
?InitializePerfMon@CPerfMon@@AEAAKH@Z
?IsValidInstId@CPerfMon@@AEBAHPEAU__OBJECT_ORD@1@PEAU__INSTANCE_ID@1@@Z
?IsValidObjOrd@CPerfMon@@AEBAHPEAU__OBJECT_ORD@1@@Z
?ObjectIdToObjectOrd@CPerfMon@@AEBAPEAU__OBJECT_ORD@1@PEAU__OBJECT_ID@1@@Z
?ObjectIdToPerfItem@CPerfMon@@AEBAPEAU_PERF_ITEM@1@PEAU__OBJECT_ID@1@@Z
?ObjectIdToPerfItemIndex@CPerfMon@@AEBAHPEAU__OBJECT_ID@1@@Z
?ObjectOrdToPerfItem@CPerfMon@@AEBAPEAU_PERF_ITEM@1@PEAU__OBJECT_ORD@1@@Z
?ObjectOrdToPerfItemIndex@CPerfMon@@AEBAHPEAU__OBJECT_ORD@1@@Z
?VerifyPerfItemTable@CPerfMon@@AEAAKXZ
PerfMon_Close
PerfMon_Collect
PerfMon_Open

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0171c8b34a2862ac3a0bc42087150e58

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

28:06:9d:51:b3:57:ab:f7:b7:49:d7:a2:d5:50:c3:10:07:c1:39:cc:f8:50:79:7d:67:05:d4:dc:2b:78:ee:bcSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-io-l1-1-1

api-ms-win-core-wow64-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-errorhandling-l1-1-2

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-memory-l1-1-1

api-ms-win-core-file-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-interlocked-l1-1-0

mmdevapi

avrt

api-ms-win-core-psapi-l1-1-0

api-ms-win-devices-query-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 312KB - Virtual size: 308KB

RT_CODE Size: 4KB - Virtual size: 344B

RT_BSS Size: - Virtual size: 40B

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 8KB - Virtual size: 11KB

.pdata Size: 16KB - Virtual size: 13KB

.didat Size: 4KB - Virtual size: 176B

RT_CONST Size: 4KB - Virtual size: 3KB

RT_DATA Size: 4KB - Virtual size: 80B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 2KB

89ce6363d54faf6dbefa67421de8ec1f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

28:06:9d:51:b3:57:ab:f7:b7:49:d7:a2:d5:50:c3:10:07:c1:39:cc:f8:50:79:7d:67:05:d4:dc:2b:78:ee:bc
Signer

.text
Size: 312KB - Virtual size: 308KB

RT_CODE
Size: 4KB - Virtual size: 344B

RT_BSS
Size: - Virtual size: 40B

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 8KB - Virtual size: 11KB

.pdata
Size: 16KB - Virtual size: 13KB

.didat
Size: 4KB - Virtual size: 176B

RT_CONST
Size: 4KB - Virtual size: 3KB

RT_DATA
Size: 4KB - Virtual size: 80B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 68KB - Virtual size: 64KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 2KB

.pdata
Size: 8KB - Virtual size: 5KB

.didat
Size: 4KB - Virtual size: 32B

.rsrc
Size: 4KB - Virtual size: 992B

.reloc
Size: 4KB - Virtual size: 660B