System32Problems15[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

System32Problems15.zip
Size

13.9MB
MD5

109c21f6c6d32adc8abb09663bacb4db
SHA1

51eec3f02a45799f8314e140d9c5dc1869aa0b61
SHA256

2ef90eb1dcf94955d3d457a9482abcc3a8f87e4d240d5e5cc4e6c3b0795c90f6
SHA512

600fa1b06814532b27a9cde0026940c2c67f1bc6bb7336b75838e3194072b6c34f7d4a0e0543b44302320ad6698f4d9998f3321f9ba59eba6beeb047d8a7f6f5
SSDEEP

393216:8+JjvAZ5SzbBkmvEs6wAYsby60iToToRa0tmou2kHXne3EKN:8+JjvAZGbBkmviBYsbyioNcmFjEj

Score

3^/10

Malware Config

Signatures

Unsigned PE 90 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ETWCoreUIComponentsResources.dll
unpack001/ETWESEProviderResources.dll
unpack001/EsdSip.dll
unpack001/EthernetMediaManager.dll
unpack001/EtwRundown.dll
unpack001/EventAggregation.dll
unpack001/ExSMime.dll
unpack001/ExplorerFrame.dll
unpack001/ExtrasXmlParser.dll
unpack001/FDResPub.dll
unpack001/Family.Authentication.dll
unpack001/Family.Cache.dll
unpack001/Family.Client.dll
unpack001/Family.SyncEngine.dll
unpack001/FamilySafetyExt.dll
unpack001/FaxPrinterInstaller.dll
unpack001/FdDevQuery.dll
unpack001/FileAppxStreamingDataSource.dll
unpack001/FilterDS.dll
unpack001/FirewallAPI.dll
unpack001/FirewallControlPanel.dll
unpack001/FirewallUX.dll
unpack001/FirmwareAttestationServerProxyStub.dll
unpack001/FluencyDS.dll
unpack001/FntCache.dll
unpack001/FontGlyphAnimator.dll
unpack001/FontProvider.dll
unpack001/FrameServer.dll
unpack001/FrameServerClient.dll
unpack001/FrameServerMonitor.dll
unpack001/FrameServerMonitorClient.dll
unpack001/FsNVSDeviceSource.dll
unpack001/eShims.dll
unpack001/eUICCsCSP.dll
unpack001/esent.dll
unpack001/esentprf.dll
unpack001/esevss.dll
unpack001/eventcls.dll
unpack001/execmodelproxy.dll
unpack001/f3ahvoas.dll
unpack001/facecredentialprovider.dll
unpack001/fcon.dll
unpack001/fdBth.dll
unpack001/fdBthProxy.dll
unpack001/fdPHost.dll
unpack001/fdPnp.dll
unpack001/fdProxy.dll
unpack001/fdSSDP.dll
unpack001/fdWCN.dll
unpack001/fdWNet.dll
unpack001/fdWSD.dll
unpack001/fde.dll
unpack001/fdeploy.dll
unpack001/fdprint.dll
unpack001/feclient.dll
unpack001/ffbroker.dll
unpack001/fhcat.dll
unpack001/fhcfg.dll
unpack001/fhcleanup.dll
unpack001/fhcpl.dll
unpack001/fhengine.dll
unpack001/fhevents.dll
unpack001/fhsettingsprovider.dll
unpack001/fhshl.dll
unpack001/fhsrchapi.dll
unpack001/fhsrchph.dll
unpack001/fhsvc.dll
unpack001/fhsvcctl.dll
unpack001/fhtask.dll
unpack001/fhuxadapter.dll
unpack001/fhuxapi.dll
unpack001/fhuxcommon.dll
unpack001/fhuxgraphics.dll
unpack001/fhuxpresentation.dll
unpack001/fidocredprov.dll
unpack001/filemgmt.dll
unpack001/findnetprinters.dll
unpack001/fingerprintcredential.dll
unpack001/fmapi.dll
unpack001/fms.dll
unpack001/fontext.dll
unpack001/fontgroupsoverride.dll
unpack001/fontsub.dll
unpack001/fphc.dll
unpack001/framedyn.dll
unpack001/framedynos.dll
unpack001/frprov.dll
unpack001/fsutilext.dll
unpack001/fthsvc.dll
unpack001/fundisc.dll

Files

System32Problems15.zip
.zip
ETWCoreUIComponentsResources.dll
.dll windows:10 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ETWESEProviderResources.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
EsdSip.dll
.dll regsvr32 windows:10 windows x64 arch:x64

ca15c4388d72a0ae9796e6ecf0fe0621

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

esdsip.pdb

Imports

msvcrt

memcmp
memcpy
__C_specific_handler
wcsncmp
memset
_initterm
_wcsnicmp
wcschr
wcscmp
malloc
free
_amsg_exit
_XcptFilter
wcsrchr
_wcsicmp

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

crypt32

CryptEncodeObject
CryptDecodeObject
CryptSIPRemoveProvider
CryptSIPAddProvider
CryptFindOIDInfo

advapi32

CryptCreateHash
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptGetHashParam
CryptAcquireContextW

kernel32

VirtualFree
WriteFile
SetLastError
VirtualAlloc
SetEndOfFile
GetFileSizeEx
ReadFile
CreateFileW
GetModuleFileNameW
GetModuleHandleW
CloseHandle
SetFilePointerEx
Sleep
LocalFree
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
DisableThreadLibraryCalls
GetLastError
QueryPerformanceCounter
LocalAlloc
HeapFree
GetFileAttributesW
HeapAlloc
GetProcessHeap
GetFullPathNameW

Exports

Exports

DllCanUnloadNow
DllMain
DllRegisterServer
DllUnregisterServer
EsdSipCreateHash
EsdSipDelSignature
EsdSipGetCaps
EsdSipGetSignature
EsdSipIsMyFileType
EsdSipPutSignature
EsdSipVerifyHash

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EthernetMediaManager.dll
.dll windows:10 windows x64 arch:x64

f73e95790beff3134809d1b990d97d97

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

EthernetMediaManager.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__configure_narrow_argv
memmove
_o__wtoi
_o_abort
_o_free
_o_iswspace
_o_malloc
_o_mbstowcs_s
_o_memcpy_s
_o_realloc
_o_terminate
_o_wcscpy_s
_o_wcstok_s
_o_wcstombs_s
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__cexit
_o__callnewh
_o__crt_atexit
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
strchr
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
strncmp
wcscmp

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameA
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetModuleHandleW
GetModuleHandleExA
GetProcAddress

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
InitializeCriticalSectionEx
ReleaseMutex
CreateMutexExW
WaitForSingleObject
DeleteCriticalSection
ReleaseSemaphore
AcquireSRWLockShared
EnterCriticalSection
CreateSemaphoreExW
LeaveCriticalSection
CreateEventExW
InitializeCriticalSection
CreateEventW
SetEvent

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
OpenProcessToken
GetCurrentThread
ProcessIdToSessionId
GetCurrentThreadId
OpenThreadToken
TerminateProcess
GetCurrentProcess
SetThreadToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage
GetTraceLoggerHandle

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceExecuteOnce
InitOnceComplete

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

msvcp_win

?id@?$ctype@G@std@@2V0locale@2@A
?_Xbad_alloc@std@@YAXXZ
?id@?$collate@G@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
_Wcsxfrm
_Wcscoll
??1_Lockit@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
??0_Lockit@std@@QEAA@H@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?tolower@?$ctype@G@std@@QEBAGG@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ

api-ms-win-security-base-l1-1-0

DuplicateTokenEx

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-service-management-l1-1-0

CloseServiceHandle
StartServiceW
OpenServiceW
OpenSCManagerW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus
ControlService

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfigW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntdll

NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
RtlIpv4AddressToStringExW
RtlIpv6AddressToStringExW
RtlIpv4StringToAddressExW
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlInitUnicodeString
RtlNtStatusToDosError
NtOpenFile
EtwTraceMessage
RtlIpv6StringToAddressExW

api-ms-win-service-private-l1-1-0

SubscribeServiceChangeNotifications
UnsubscribeServiceChangeNotifications

api-ms-win-core-registry-l2-1-0

RegEnumKeyW

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

rpcrt4

UuidToStringW
RpcStringFreeW

api-ms-win-core-io-l1-1-0

DeviceIoControl

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 284KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EtwRundown.dll
.dll windows:10 windows x64 arch:x64

d2ab7f62ce046b743b790112f9dca7f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

etwrundown.pdb

Imports

ntdll

wcsrchr
RtlGetDeviceFamilyInfoEnum
NtEnumerateKey
EtwpGetCpuSpeed
NtOpenFile
RtlGUIDFromString
RtlIpv6AddressToStringW
RtlCaptureContext
RtlIpv4AddressToStringW
RtlImpersonateSelf
RtlQueryHeapInformation
RtlCreateQueryDebugBuffer
RtlAdjustPrivilege
NtSetInformationThread
RtlQueryProcessDebugInformation
RtlDestroyQueryDebugBuffer
RtlVirtualUnwind
memcpy
NtOpenKey
_vsnwprintf
NtQuerySystemInformation
NtClose
wcsncmp
NtQueryVolumeInformationFile
RtlNtStatusToDosError
_wcsicmp
RtlLookupFunctionEntry
wcsstr
RtlReAllocateHeap
NtTraceEvent
NtQueryValueKey
RtlFreeHeap
RtlAllocateHeap
RtlInitUnicodeString
NtPowerInformation
memset

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-file-l1-1-0

GetDriveTypeW
GetLogicalDriveStringsW
LocalFileTimeToFileTime
GetVolumeInformationW
CreateFileW

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegEnumValueW
RegQueryInfoKeyW
RegCloseKey

api-ms-win-core-synch-l1-1-0

CreateEventW

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetComputerNameExW
GetTickCount
GetSystemTimeAsFileTime
GlobalMemoryStatusEx

api-ms-win-core-sysinfo-l1-2-0

GetSystemFirmwareTable
GetNativeSystemInfo

devobj

DevObjGetDeviceInstanceId
DevObjEnumDeviceInterfaces
DevObjGetClassDevs
DevObjGetDeviceInterfaceDetail
DevObjDestroyDeviceInfoList
DevObjGetDeviceInfoListDetail
DevObjGetDeviceRegistryProperty
DevObjEnumDeviceInfo
DevObjOpenDevRegKey
DevObjCreateDeviceInfoList

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

iphlpapi

GetAdaptersAddresses

cfgmgr32

CM_Free_Res_Des_Handle
CM_Get_Res_Des_Data_Ex
CM_Get_First_Log_Conf_Ex
CM_Get_Res_Des_Data_Size_Ex
CM_Free_Log_Conf_Handle
CM_Get_Next_Res_Des_Ex
CM_Get_DevNode_Status_Ex

api-ms-win-service-core-l1-1-1

EnumServicesStatusExW

api-ms-win-service-private-l1-1-0

I_QueryTagInformation

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

EtwLogHeapRundown
EtwLogSysConfigRundown

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EventAggregation.dll
.dll windows:10 windows x64 arch:x64

db0346dc60876dfa989edbbb8c5bafff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

EventAggregation.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___std_type_info_destroy_list
_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
memcpy
__C_specific_handler

api-ms-win-crt-string-l1-1-0

wcsnlen
memset

ntdll

RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
RtlFreeHeap
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
ZwEnumerateValueKey
RtlAcquireSRWLockExclusive
TpReleaseTimer
RtlCompareUnicodeString
RtlCompareMemory
ZwOpenKey
ZwClose
RtlAllocateWnfSerializationGroup
ZwQueryValueKey
TpWaitForTimer
RtlUnsubscribeWnfNotificationWaitForCompletion
TpAllocTimer
RtlInitializeSRWLock
RtlComputeCrc32
RtlGetLastWin32Error
ZwEnumerateKey
RtlStringFromGUID
NtDuplicateObject
RtlInitUnicodeStringEx
NtClose
RtlRunOnceExecuteOnce
RtlLengthSid
NtQueryWnfStateData
RtlInitUnicodeString
RtlSubscribeWnfStateChangeNotification
RtlGetNextEntryHashTable
RtlReleaseSRWLockExclusive
RtlValidSid
RtlDeleteHashTable
RtlLookupEntryHashTable
RtlNtStatusToDosError
RtlInsertEntryHashTable
RtlInitEnumerationHashTable
RtlRemoveEntryHashTable
RtlCreateHashTable
RtlEndEnumerationHashTable
RtlEnumerateEntryHashTable
RtlAllocateHeap
TpSetTimer
ZwSetValueKey
ZwDeleteKey
ZwCreateKey
RtlFreeUnicodeString
RtlGUIDFromString

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree

rpcrt4

NdrClientCall3
RpcBindingBind
RpcBindingFree
RpcBindingCreateW
UuidEqual
UuidCreate

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

BriAllocateRpcBuffer
BriCleanup
BriCreateBrokeredEvent
BriCreateBrokeredEventEx
BriDeleteBrokeredEvent
BriFreeRpcBuffer
BriGetBrokerAvailabilityChangeStamp
BriIsBrokerRegistered
BriRegisterToBrokerAvailability
BriResolveBrokerIdByEventId
BriUnregisterFromBrokerAvailability
EACreateAggregateEvent
EADeleteAggregateEvent
EAEnumerateAggregateEvents
EAQueryAggregateEventData
EaCreateAggregatedEvent
EaCreateAggregation
EaDecodeBrokeredEvent
EaDeleteAggregatedEvent
EaDeleteAggregatedEventParameters
EaDeleteAggregation
EaDisableAggregatedEvent
EaEnableAggregatedEvent
EaEncodeBrokeredEvent
EaFreeAggregatedEventParameters
EaFreeBuffer
EaGetAggregation
EaQueryAggregateEventConditionState
EaQueryAggregatedEvent
EaQueryAggregatedEventParameters
EaSignalAggregatedEvent
EaStoreAggregatedEventParameters

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExSMime.dll
.dll regsvr32 windows:10 windows x64 arch:x64

bdec343947271a0d51c983b8914101d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

exsmime.pdb

Imports

msvcrt

_initterm
_errno
__C_specific_handler
memcmp
_amsg_exit
_XcptFilter
_lock
_unlock
__dllonexit
_callnewh
_ultoa_s
_onexit
strchr
_snprintf_s
wcscat_s
free
strcpy_s
malloc
wcscpy_s
_purecall
memcpy_s
wcsncpy_s
realloc
memchr
memset

oleaut32

VariantInit
SysAllocString
VariantCopy
VarCmp
VariantClear
SysStringLen
SysFreeString
VarUI4FromStr
VariantChangeType

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
RaiseException
SetLastError
UnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-url-l1-1-0

PathIsURLW
UrlIsW
PathCreateFromUrlW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
FreeLibrary
DisableThreadLibraryCalls
LoadResource
FindResourceExW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegDeleteValueW
RegQueryInfoKeyW
RegOpenKeyExA
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToFileTime

api-ms-win-core-file-l1-1-0

GetTempFileNameW
SetFilePointerEx
GetFileInformationByHandle
WriteFile
SetEndOfFile
FileTimeToLocalFileTime
FlushFileBuffers
ReadFile
CreateFileW

api-ms-win-core-localization-l1-2-0

IsDBCSLeadByteEx

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNIA
StrCmpNA

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo
GetTickCount

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 216KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExecModelClient.dll
.dll windows:10 windows x64 arch:x64

d1dd6feedcc7c7eccd5e7c30aff7ec5b

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8b:bc:2b:a5:70:e2:89:84:1c:78:42:65:47:57:3b:43:2f:e9:91:45:9d:94:7e:9c:5b:31:d2:b5:95:f8:2f:aa
Signer

Actual PE Digest

8b:bc:2b:a5:70:e2:89:84:1c:78:42:65:47:57:3b:43:2f:e9:91:45:9d:94:7e:9c:5b:31:d2:b5:95:f8:2f:aa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ExecModelClient.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__ui64tow_s
memmove
_o_abort
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
_o_wcscpy_s
_o_wcstok_s
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_o__errno
_CxxThrowException
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
__std_type_info_compare
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o____lc_codepage_func
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadLibraryExW
FindResourceExW
LoadResource
GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleExA
LockResource

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
OpenSemaphoreW
SetEvent
CreateEventW
ReleaseMutex
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
CreateSemaphoreExW
InitializeSRWLock
WaitForMultipleObjectsEx
CreateMutexExW
CreateEventExW
ReleaseSemaphore
InitializeCriticalSectionEx
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
OpenProcessToken
GetProcessId
CreateThread
GetThreadId
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageA
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsIsStringEmpty
WindowsCreateStringReference
WindowsStringHasEmbeddedNull
WindowsGetStringLen
WindowsCreateString
WindowsConcatString

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventActivityIdControl
EventUnregister
EventSetInformation

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo
SetRestrictedErrorInfo
RoOriginateErrorW
RoTransformError
RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-com-l1-1-0

CoRevokeClassObject
StringFromGUID2
CoTaskMemAlloc
CoCreateInstance
CoCreateInstanceEx
CoUninitialize
CoInitializeEx
CoCreateGuid
CoReleaseMarshalData
CreateStreamOnHGlobal
CoMarshalInterface
CoGetClassObject
CoGetCallContext
CoTaskMemFree
CoWaitForMultipleHandles
CoGetApartmentType
CoRegisterClassObject
CoResumeClassObjects
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
CoGetCallerTID

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoGetActivationFactory
RoRegisterActivationFactories
RoActivateInstance

api-ms-win-core-synch-l1-2-0

InitializeConditionVariable
WakeConditionVariable
InitOnceBeginInitialize
InitOnceComplete
WaitOnAddress
InitOnceExecuteOnce
WakeByAddressAll

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedFlushSList
InitializeSListHead

combase

ord67
ord68
ord66

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
_Make_dir
_Unlink
_Stat
_Lstat
_Open_dir
_Close_dir
_Remove_dir

api-ms-win-core-heap-l2-1-0

LocalFree
LocalReAlloc
LocalAlloc

ntdll

RtlRunOnceBeginInitialize
RtlAcquireSRWLockExclusive
RtlGetDeviceFamilyInfoEnum
RtlReleaseSRWLockExclusive
RtlDeriveCapabilitySidsFromName
RtlFreeHeap
RtlInitializeSRWLock
NtQuerySystemInformation
RtlValidSid
NtQueryInformationToken
RtlCopySid
RtlAllocateHeap
RtlRunOnceExecuteOnce
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
RtlSleepConditionVariableSRW
RtlQueryUnbiasedInterruptTime

api-ms-win-core-psm-key-l1-1-0

PsmGetKeyFromProcess

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
RoReportFailedDelegate

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-security-base-l1-1-0

GetLengthSid
CopySid
EqualSid
GetTokenInformation

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegGetValueW
RegDeleteKeyExW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-psapi-l1-1-0

K32GetProcessImageFileNameW

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabledForPackage

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-file-l1-1-0

CreateFileW
DeleteFileW
GetFileAttributesExW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

CreateForegroundTaskManager
CreateModernVoipPolicy
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
TestHook_CancelShutdown

Sections

.text
Size: 372KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExplorerFrame.dll
.dll windows:10 windows x64 arch:x64

53ab20cf0dacc912bfe6d28a6c2fe41b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ExplorerFrame.pdb

Imports

msvcp_win

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Xlength_error@std@@YAXPEBD@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
_Thrd_yield
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

api-ms-win-crt-string-l1-1-0

wcsncmp
strncmp
memset
wcscmp
wcsnlen

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o_free
_o_iswspace
_o_malloc
_o_memcpy_s
memmove
_o_rand
_o_realloc
_o_strncpy_s
_o_terminate
_o_towlower
__current_exception
__current_exception_context
__CxxFrameHandler3
_o__set_errno
_o__seh_filter_dll
_o__register_onexit_function
_o__purecall
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__wcsicmp
_o__ultow_s
_o_abort
_o__get_errno
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__C_specific_handler
strchr
__std_terminate
__CxxFrameHandler4
_CxxThrowException
memcmp
memcpy

shcore

SHSetValueW
SHGetThreadRef
SHStrDupA
ord200
ord131
SHRegGetValueW
ord126
SHTaskPoolQueueTask
ord120
SHQueryValueExW
IUnknown_GetSite
SHStrDupW
IStream_Reset
SHEnumValueW
ord187
ord186
ord183
ord210
ord102
ord162
ord182
ord125
ord175
GetProcessDpiAwareness
ord130
ord213
ord192
SHUnicodeToAnsi
SHDeleteValueW
IStream_Write
SHGetValueW
ord188
ord191
SHOpenRegStream2W
SHCreateThread
IsOS
ord141
GetDpiForMonitor
SHCreateThreadRef
ord140
SHDeleteKeyW
ord212
ord193
ord190
ord122
SHCreateMemStream
ord170
ord143
SHAnsiToUnicode
IStream_Size
IStream_Read
SHSetThreadRef
ord142
IUnknown_SetSite
IUnknown_QueryService
IUnknown_Set
ord145
ord172
ord123

shell32

SHChangeNotifyRegisterThread
SHGetInstanceExplorer
SHGetKnownFolderItem
SHChangeNotify
ord947
ord948
ord14
ord162
ord85
ord152
ord153
SHGetFolderPathEx
SHGetPathFromIDListW
ord900
Shell_GetCachedImageIndexW
SHCreateShellItemArrayFromDataObject
SHCreateItemFromParsingName
SHSetTemporaryPropertyForItem
SHGetTemporaryPropertyForItem
SHGetNameFromIDList
ord88
ord193
ord71
ord787
ord727
SHGetIconOverlayIndexW
SHCreateShellItemArrayFromShellItem
SHELL32_AreAllItemsAvailable
ord6
SHCreateItemInKnownFolder
ord912
ord862
SHGetDesktopFolder
ord897
ord942
ord893
SHGetFolderLocation
ord945
ord98
ord853
ord27
SHGetPathFromIDListA
ord103
StateRepoNewMenuCache_EnsureCacheAsync
ord90
SHGetPropertyStoreForWindow
ord59
ShellAboutW
SHCreateShellItemArray
ord888
SHGetItemFromDataObject
ord22
ord134
ord129
ord136
ord173
ord654
ord652
ord747
ord870
RegenerateUserEnvironment
ShellExecuteExW
ord851
ord824
ord147
ord95
ord881
ord137
SHAppBarMessage
ord823
ord777
SHGetItemFromObject
SHCreateShellItemArrayFromIDLists
ord941
ord866
ord833
ord882
ord24
ord4
ord2
SHCreateItemWithParent
SHGetKnownFolderIDList
ord68
ord873
ord23
ord645
ord644
ord939
ord21
SHBindToObject
ord17
ord19
SHBindToFolderIDListParentEx
ord25
DragQueryFileW
ord67
ord132
ord74
ord840
SHPathPrepareForWriteW
SHBindToFolderIDListParent
ord102
SHGetIDListFromObject
ord884
ord77
SHBindToParent
SHGetFileInfoW
ord155
ord100
ord850
SHGetKnownFolderPath
SHGetSpecialFolderLocation
SHParseDisplayName
ord18
SHCreateItemFromIDList
ord16
ord176
ord829
ord871

shlwapi

ord200
ord479
ord202
ord388
ord204
StrDupW
PathIsRelativeW
ord172
ord164
ord165
ord163
ord509
ord268
ChrCmpIW
ord225
ord173
PathFindNextComponentW
PathSkipRootW
StrStrIW
PathIsUNCW
PathIsURLW
StrCmpW
ord219
ord2
ord481
ord267
ord177
ord1
PathAppendW
PathRemoveFileSpecW
ord317
PathRemoveExtensionW
ord639
ord533
ord487
ord538
StrCmpNIW
StrToIntExW
StrPBrkW
StrToIntW
IntlStrEqWorkerW
ord581
ord154
HashData
ord517
ord516
UrlApplySchemeW
UrlCreateFromPathW
UrlCanonicalizeW
ord210
ord287
SHCreateShellPalette
UrlUnescapeA
PathCreateFromUrlA
ord240
ord288
ord635
ord282
GetMenuPosFromID
ord192
ord384
ord187
ord179
ord209
ord208
ord540
AssocCreate
PathFileExistsW
PathCompactPathExW
StrCmpIW
StrTrimW
ord239
PathFindExtensionW
ord545
ord157
ord571
StrCmpNW
ord181
SHRegGetBoolUSValueW
ord638
PathCreateFromUrlW
ord283
ord281
ord286
PathFindFileNameW
ord284
PathUnquoteSpacesW
StrStrW
ord156
ord178
StrChrW
PathGetDriveNumberW
ord616
ord515
PathStripToRootW
ord167
ord168
PathParseIconLocationW
AssocQueryStringW
ord484
SHRegGetUSValueW
ord24
ord197
ord433
ord158
ord201
ord191
ord186
ord190
ord478
ord182
ord198

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
LoadLibraryExW
GetProcAddress
GetModuleHandleExA
GetModuleHandleW
FindStringOrdinal
FreeLibrary
LoadStringW
LockResource
LoadResource
DisableThreadLibraryCalls
FindResourceExW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceExecuteOnce
InitOnceComplete

api-ms-win-core-synch-l1-1-0

SetEvent
CreateEventW
LeaveCriticalSection
ReleaseSemaphore
ResetEvent
OpenEventW
WaitForSingleObject
ReleaseMutex
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventExW
WaitForMultipleObjectsEx
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
InitializeCriticalSection
CreateSemaphoreExW
OpenMutexW
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-com-l1-1-0

CoMarshalInterface
StringFromCLSID
CreateStreamOnHGlobal
CLSIDFromString
CoRegisterClassObject
CoGetClassObject
PropVariantCopy
StringFromGUID2
CoUnmarshalInterface
CoGetObjectContext
CoTaskMemAlloc
CoRevokeClassObject
CoCreateGuid
CoTaskMemFree
CoGetMalloc
CoFreeUnusedLibraries
CoGetApartmentType
CoWaitForMultipleHandles
CoGetInterfaceAndReleaseStream
CoReleaseMarshalData
CoMarshalInterThreadInterfaceInStream
GetHGlobalFromStream
CoInitializeEx
CoUninitialize
CoCreateFreeThreadedMarshaler
CoCreateInstance
PropVariantClear
CoTaskMemRealloc

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventSetInformation
EventWriteTransfer
EventEnabled
EventWrite
EventUnregister
EventRegister

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
CreateThreadpoolTimer
WaitForThreadpoolWaitCallbacks
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWait
CloseThreadpoolTimer
CreateThreadpoolWait
TrySubmitThreadpoolCallback

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
TlsFree
GetCurrentThreadId
TlsAlloc
GetCurrentThread
TlsSetValue
GetThreadPriority
TerminateProcess
GetCurrentProcessId
CreateThread
GetCurrentProcess
SetThreadPriority
GetStartupInfoW

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
GetUserDefaultLCID
FormatMessageW
GetThreadLocale
FindNLSString
FindNLSStringEx
GetThreadUILanguage

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegSetValueExW
RegGetValueW

api-ms-win-core-string-l1-1-0

GetStringTypeW
CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte
CompareStringW

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryW
GetLocalTime
GetSystemTimeAsFileTime
GetSystemTime
GetTickCount64
GetTickCount

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA
LoadLibraryW

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchCombine
PathCchStripToRoot
PathCchRemoveExtension

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

rpcrt4

UuidCreate

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalReAlloc
GlobalFree
LocalAlloc
LocalFree

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-file-l1-1-0

GetDriveTypeW

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
ExpandEnvironmentStringsW
GetCurrentDirectoryW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-string-l2-1-0

CharUpperW
CharNextW

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

ntdll

WinSqmAddToStream
RtlQueryResourcePolicy
WinSqmSetDWORD
WinSqmAddToStreamEx
WinSqmIncrementDWORD
NtQueryWnfStateData
RtlQueryWnfStateData
RtlNtStatusToDosError

advapi32

RegEnumKeyW
RegCreateKeyW
RegOpenKeyW

imm32

ImmNotifyIME
ImmReleaseContext
ImmSetCandidateWindow
ImmGetCompositionStringW
ImmSetCompositionStringW
ImmGetDefaultIMEWnd
ImmIsIME
ImmGetContext

kernel32

lstrcmpiW
RegisterWaitForSingleObject
UnregisterWait
lstrlenW
DeactivateActCtx
GetUserDefaultUILanguage
GlobalLock
GlobalUnlock
lstrcmpW
MulDiv
ActivateActCtx
GlobalSize
AddAtomW
lstrlenA
CreateActCtxW
ReleaseActCtx
lstrcmpA

user32

GetClassLongW
DestroyCaret
SetCaretPos
SetWindowLongPtrW
DefWindowProcW
LoadCursorW
DispatchMessageW
TranslateMessage
SystemParametersInfoW
SystemParametersInfoForDpi
GetDC
GetDpiForWindow
ReleaseDC
GetWindowRect
GetSystemMetricsForDpi
ShowWindow
SendMessageW
GetKeyState
TranslateAcceleratorW
SetFocus
GetFocus
GetWindowTextW
KillTimer
SetTimer
GetSysColor
GetSystemMetrics
DestroyAcceleratorTable
IsWindow
DestroyWindow
LoadAcceleratorsW
RegisterClassW
SetPropW
GetWindowLongW
SetWindowTextW
GetPropW
RemovePropW
CallWindowProcW
GetSystemMenu
GetParent
SetWindowPos
GetClientRect
OffsetRect
InvalidateRect
GetAsyncKeyState
GetAncestor
TrackMouseEvent
EnableWindow
GetWindowTextLengthW
SetCursor
GetCursorPos
MapWindowPoints
PtInRect
PeekMessageW
SendNotifyMessageW
GetClassNameW
FindWindowW
SendMessageTimeoutW
GetForegroundWindow
GetDesktopWindow
ScreenToClient
OpenClipboard
GetClipboardData
CloseClipboard
RegisterWindowMessageA
IsChild
RedrawWindow
LockWindowUpdate
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
GetWindow
RegisterClipboardFormatW
GetMenuItemCount
PostMessageW
SetCapture
InflateRect
GetCapture
ReleaseCapture
CreatePopupMenu
CheckMenuItem
EnableMenuItem
DeleteMenu
DestroyMenu
TrackPopupMenu
MonitorFromWindow
IsWindowVisible
GetWindowLongPtrW
IsWindowUnicode
DefWindowProcA
SetClipboardData
TrackPopupMenuEx
ClientToScreen
GetKeyboardState
CopyRect
SetForegroundWindow
GetClassWord
GetMenuItemID
GetMenuItemInfoW
GetSubMenu
GetMenuState
InsertMenuW
MonitorFromPoint
GetMonitorInfoW
GetMessagePos
GetActiveWindow
AdjustWindowRectEx
MoveWindow
SetParent
SetRectEmpty
IntersectRect
IsRectEmpty
SetWindowRgn
MessageBeep
SetRect
MonitorFromRect
EqualRect
PostQuitMessage
MsgWaitForMultipleObjectsEx
AttachThreadInput
GetWindowThreadProcessId
RegisterWindowMessageW
GetLastActivePopup
GetShellWindow
DestroyIcon
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
SetWindowPlacement
GetWindowPlacement
SetClassLongPtrW
IsWindowEnabled
FillRect
IsIconic
GetPhysicalCursorPos
WaitMessage
EnumDesktopWindows
EnumDisplayMonitors
IsZoomed
SetLayeredWindowAttributes
RegisterClassExW
CreateWindowExW
GetMenuStringW
DrawTextW
AnimateWindow
GetSysColorBrush
DrawEdge
NotifyWinEvent
BeginPaint
EndPaint
GetDlgCtrlID
GetMenuDefaultItem
SetWindowLongW
SetMenuDefaultItem
SetMessageExtraInfo
GetDoubleClickTime
GetMessageExtraInfo
SetClipboardViewer
ChangeClipboardChain
WindowFromPoint
AppendMenuW
LoadBitmapW
GetIconInfo
IsClipboardFormatAvailable
SendInput
GetClassInfoExW
DrawTextExW
LoadMenuW
AddClipboardFormatListener
InsertMenuItemW
SetMenuItemInfoW
RemoveClipboardFormatListener
CallMsgFilterW
LoadIconW
EnumWindows
CreateMenu
IsHungAppWindow
CopyIcon
PhysicalToLogicalPointForPerMonitorDPI
IsWinEventHookInstalled
SetGestureConfig
GetGestureInfo
CloseGestureInfoHandle
UpdateWindow
EnumChildWindows
RemoveMenu
UnionRect
GetScrollBarInfo
GetWindowBand
ord2705
ord2707
GetKeyboardLayout
ActivateKeyboardLayout
ValidateRect
GetMessageTime
GetMenuInfo
SetMenuInfo
GetCurrentInputMessageSource
CreateCaret
HideCaret
ShowCaret

gdi32

GetStockObject
CreateRectRgnIndirect
StretchBlt
SetTextAlign
GetTextExtentPoint32W
CreateSolidBrush
SetTextColor
DeleteDC
GdiAlphaBlend
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
GetDeviceCaps
GetCharWidth32W
GetRgnBox
GetClipRgn
OffsetViewportOrgEx
ExtTextOutW
GetTextMetricsW
SelectClipRgn
GdiTransparentBlt
CreateBitmapFromDxSurface
CreateRectRgn
CreatePalette
RealizePalette
SelectPalette
SetPaletteEntries
GetPaletteEntries
GetDCDpiScaleValue
SetViewportOrgEx
LPtoDP
GetViewportOrgEx
SetLayout
GetLayout
GetObjectType
StretchDIBits
GetDIBits
CreateDIBSection
BitBlt
SetBkMode
Polyline
CreatePen
GetTextExtentPointW
SelectObject
CreateFontIndirectW
SetRectRgn
CombineRgn
EqualRgn
SetBkColor
GetObjectW
SetWindowOrgEx
GetClipBox
OffsetWindowOrgEx

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetVersion

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 492KB - Virtual size: 490KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtrasXmlParser.dll
.dll windows:10 windows x64 arch:x64

a40d8c392081aa3b93f9ab0e1343d83c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ExtrasXmlParser.pdb

Imports

msvcrt

__C_specific_handler
_initterm
memmove
_wcsicmp
_amsg_exit
_XcptFilter
_callnewh
malloc
free
__CxxFrameHandler3
memcpy
memset

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ParseExtrasXmlForExtensionInfo
ParseExtrasXmlForNabSyncExtensionInfo
ParseExtrasXmlForSmsInterceptExtensionInfo

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FDResPub.dll
.dll windows:10 windows x64 arch:x64

e2d1ac7d73cd0ac7ff419efc30fad79f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fdrespub.pdb

Imports

msvcrt

__C_specific_handler
_initterm
_vsnwprintf
_amsg_exit
_XcptFilter
free
_callnewh
malloc
_wcsicmp
memset

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
EtwUnregisterTraceGuids
RtlVirtualUnwind
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwEventUnregister
EtwRegisterTraceGuidsW
EtwTraceMessage
EtwEventEnabled
EtwEventRegister
EtwEventWrite

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
SetEvent
DeleteCriticalSection
CreateEventW
WaitForSingleObject
EnterCriticalSection
InitializeCriticalSection

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

wsdapi

WSDFreeLinkedMemory
WSDXMLAddSibling
WSDXMLCreateContext
WSDXMLCleanupElement
WSDXMLBuildAnyForSingleElement
WSDCreateDeviceHost2
WSDRemoveFirewallCheck
WSDAddFirewallCheck

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

FDResPub_MainHosted
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Facilitator.dll
.dll windows:10 windows x64 arch:x64

b0c38af283c7669e4659012725f6e8f7

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

73:6f:c8:68:fd:cd:6e:0c:f2:54:b7:04:0e:53:7d:97:d8:99:be:23:7b:58:d7:84:48:b5:34:3f:aa:fe:d7:8a
Signer

Actual PE Digest

73:6f:c8:68:fd:cd:6e:0c:f2:54:b7:04:0e:53:7d:97:d8:99:be:23:7b:58:d7:84:48:b5:34:3f:aa:fe:d7:8a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

Facilitator.pdb

Imports

msvcrt

wcstoul
_wcstoui64
iswspace
_wcsnicmp
wcsrchr
wcsncmp
_vsnprintf
memcmp
memcpy
memmove
memset
strcmp
_vscwprintf
_onexit
__dllonexit
_unlock
_lock
__CxxFrameHandler3
__C_specific_handler
_initterm
malloc
free
_amsg_exit
strncmp
_snprintf_s
?terminate@@YAXXZ
_XcptFilter
sprintf_s
strrchr
strchr
_vsnwprintf
strtol
wcsstr
wcschr
_errno
_set_errno
_purecall
wcscpy_s
_wtof
_wtoi
strncpy_s
_wcsicmp
memcpy_s
wcscmp

ntdll

RtlInitUnicodeStringEx
RtlNtStatusToDosErrorNoTeb
RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlCreateHeap
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlDestroyHeap
RtlDowncaseUnicodeChar
DbgPrintEx
NtYieldExecution
RtlRaiseStatus
NtOpenFile
NtWaitForSingleObject
RtlNtStatusToDosError
NtQueryInformationFile
RtlExpandEnvironmentStrings
NtClose
RtlReAllocateHeap
NtReadFile
NtSetInformationFile
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
NtWriteFile
RtlFreeHeap
RtlAllocateHeap
NtSetInformationProcess
NtShutdownSystem
RtlGetVersion
RtlAdjustPrivilege
NtSetInformationThread
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlCompareUnicodeString

kernel32

GetTickCount64
GetLastError
CreateFileA
GetDiskFreeSpaceExW
GetVersionExA
DeleteFileW
HeapReAlloc
CloseHandle
LoadLibraryW
HeapAlloc
CreateFileW
WaitForSingleObject
GetProcAddress
LocalFree
GetFileSize
DeleteCriticalSection
LCMapStringW
GetProcessHeap
FindClose
FreeLibrary
CopyFileW
WideCharToMultiByte
SetFilePointer
DosDateTimeToFileTime
GetSystemWindowsDirectoryW
GetFileAttributesW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
LeaveCriticalSection
LocalFileTimeToFileTime
InitializeCriticalSectionAndSpinCount
GetProductInfo
SetFileTime
GetFinalPathNameByHandleW
GetModuleHandleExW
WriteFile
FindNextFileW
GetModuleHandleW
LoadLibraryExW
MultiByteToWideChar
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetModuleFileNameW
SetLastError
FlushFileBuffers
IsDebuggerPresent
VirtualQuery
lstrcmpW
GetSystemTime
SystemTimeToTzSpecificLocalTime
SetFilePointerEx
GetPriorityClass
GetFullPathNameW
ResetEvent
CreateThread
GlobalFree
GetThreadPriority
GetCurrentThread
SetEvent
OutputDebugStringW
EnterCriticalSection
GetTimeZoneInformation
FormatMessageW
HeapFree
GetExitCodeThread
SetPriorityClass
CreateEventW
CompareStringW
GetFileSizeEx
FindFirstFileW
ReadFile
CreateDirectoryW
CompareStringOrdinal
OutputDebugStringA
GetModuleFileNameA
DebugBreak
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
AcquireSRWLockShared
CreateMutexExW
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
OpenSemaphoreW
WaitForSingleObjectEx
CloseThreadpoolTimer
ReleaseMutex
WaitForThreadpoolTimerCallbacks
SetEndOfFile
InitializeCriticalSectionEx
ReleaseSemaphore
CreateSemaphoreExW
SetThreadPriority
WaitForMultipleObjects

advapi32

InitializeAcl
GetLengthSid
InitiateSystemShutdownExW
AddAccessAllowedAce
OpenThreadToken
GetTokenInformation
FreeSid
RegQueryValueExW
OpenProcessToken
CopySid
AllocateAndInitializeSid
EventUnregister
RegOpenKeyExW
SetSecurityInfo
RegCloseKey
EventWriteTransfer
EventRegister

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen

ole32

CoUninitialize
CoSetProxyBlanket
CoTaskMemFree
CoCreateInstance
CoInitializeEx

winhttp

WinHttpSetTimeouts
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpConnect
WinHttpSendRequest
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpReadData
WinHttpReceiveResponse
WinHttpOpen
WinHttpAddRequestHeaders

crypt32

CertVerifyCertificateChainPolicy

wintrust

WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW
UuidFromStringW
I_RpcMapWin32Status

version

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

Exports

Exports

FC_CreateFCManager
FC_CreateFCRegistrar

Sections

.text
Size: 780KB - Virtual size: 778KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 276KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Family.Authentication.dll
.dll windows:10 windows x64 arch:x64

cf50021a0bc977287defe76a413afbd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Family.Authentication.pdb

Imports

msvcrt

realloc
__CxxFrameHandler3
_callnewh
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
_amsg_exit
_XcptFilter
free
_purecall
memcpy_s
_vsnwprintf
memset

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
_wcstoui64
memmove_s

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsCreateString
WindowsDeleteString
WindowsDuplicateString
HSTRING_UserUnmarshal64
HSTRING_UserUnmarshal
HSTRING_UserMarshal64
HSTRING_UserFree
HSTRING_UserSize64
WindowsIsStringEmpty
HSTRING_UserMarshal
HSTRING_UserSize
WindowsStringHasEmbeddedNull
HSTRING_UserFree64

api-ms-win-core-com-l1-1-0

CoCreateInstance
CreateStreamOnHGlobal
CoGetApartmentType
CoGetInterfaceAndReleaseStream
CoReleaseMarshalData
CoTaskMemAlloc
CoMarshalInterface
CoCreateFreeThreadedMarshaler

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateErrorW
SetRestrictedErrorInfo
RoOriginateError
GetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegGetValueW
RegOpenKeyExW

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask

advapi32

EventUnregister
EventRegister
GetTokenInformation
OpenProcessToken
EventActivityIdControl
EventWriteTransfer
EventSetInformation

kernel32

InitializeSRWLock
OpenProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetTickCount
ReleaseSemaphore
GetCurrentThreadId
Sleep
EncodePointer
ReleaseSRWLockShared
CreateSemaphoreExW
InitOnceExecuteOnce
InitOnceComplete
CreateMutexExW
GetCurrentProcessId
InitOnceBeginInitialize
ReleaseSRWLockExclusive
DecodePointer
DisableThreadLibraryCalls
OpenSemaphoreW
WaitForSingleObject
AcquireSRWLockShared
AcquireSRWLockExclusive
WaitForSingleObjectEx
ReleaseMutex
FormatMessageW
HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
GetModuleHandleW
GetProcAddress
GetLastError
IsDebuggerPresent
OutputDebugStringW
CloseHandle
SetLastError

rpcrt4

NdrOleAllocate
NdrOleFree
NdrDllGetClassObject
NdrDllCanUnloadNow

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Family.Cache.dll
.dll windows:10 windows x64 arch:x64

0e8d06e79197366fd16ba58a45a4acb6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Family.Cache.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o___stdio_common_vswprintf
_o_abort
_o_free
_o_iswspace
_o_malloc
_o_realloc
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__cexit
_o__callnewh
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
_o___stdio_common_vsnprintf_s
memcpy

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-synch-l1-1-0

CreateMutexExW
AcquireSRWLockExclusive
AcquireSRWLockShared
WaitForSingleObject
ReleaseSemaphore
ReleaseMutex
OpenSemaphoreW
ReleaseSRWLockExclusive
InitializeSRWLock
ReleaseSRWLockShared
CreateSemaphoreExW
WaitForSingleObjectEx

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceExecuteOnce
InitOnceComplete

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsDeleteString
WindowsDuplicateString
WindowsGetStringRawBuffer

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoCreateFreeThreadedMarshaler
CoGetCallContext
CoTaskMemAlloc

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegOpenKeyExW
RegDeleteTreeW
RegEnumKeyExW
RegSetValueExW
RegGetValueW
RegCloseKey

api-ms-win-security-capability-l1-1-0

CapabilityCheck

advapi32

EventUnregister
EventRegister
EventWriteTransfer
EventActivityIdControl
RegCreateKeyTransactedW
DuplicateTokenEx
OpenProcessToken
EventSetInformation

kernel32

EncodePointer
GetCurrentProcessId
DecodePointer
DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
GetProcAddress
GetModuleHandleW
SetUnhandledExceptionFilter
SetLastError
GetLastError
IsDebuggerPresent
GetProcessHeap
HeapAlloc
OutputDebugStringW
FormatMessageW
GetCurrentThreadId
HeapFree
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
CloseHandle
LoadLibraryW
InterlockedFlushSList
MultiByteToWideChar
InterlockedPushEntrySList
FreeLibrary
RaiseException

ktmw32

CommitTransaction
CreateTransaction

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoTransformError
RoOriginateError

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

oleaut32

SetErrorInfo
SysStringLen
SysFreeString
GetErrorInfo
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Family.Client.dll
.dll windows:10 windows x64 arch:x64

611408f85a65743a627134476dee3897

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Family.Client.pdb

Imports

msvcrt

free
_XcptFilter
_amsg_exit
malloc
memcpy_s
_vsnwprintf
realloc
__CxxFrameHandler3
_callnewh
memset
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_purecall
_initterm
wcscmp

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
memmove_s

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserUnmarshal64
WindowsGetStringRawBuffer
WindowsIsStringEmpty
HSTRING_UserFree64
WindowsStringHasEmbeddedNull
HSTRING_UserSize
HSTRING_UserSize64
WindowsCreateStringReference
WindowsConcatString
WindowsDeleteString
WindowsDuplicateString
WindowsCreateString
HSTRING_UserFree
HSTRING_UserUnmarshal
HSTRING_UserMarshal64
HSTRING_UserMarshal

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoGetApartmentType
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
CoReleaseMarshalData
CreateStreamOnHGlobal
CoMarshalInterface
CoGetInterfaceAndReleaseStream
CoCreateInstance

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
GetRestrictedErrorInfo
RoOriginateErrorW
SetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegGetValueW
RegOpenKeyExW

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask

advapi32

OpenProcessToken
GetTokenInformation
EventActivityIdControl
EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister

kernel32

FormatMessageW
GetCurrentThreadId
HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
GetModuleHandleW
GetProcAddress
GetLastError
IsDebuggerPresent
OutputDebugStringW
SetLastError
CloseHandle
ReleaseSemaphore
InitializeSRWLock
OpenProcess
CreateEventExW
RaiseException
SetEvent
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
EncodePointer
ReleaseSRWLockShared
CreateSemaphoreExW
InitOnceExecuteOnce
InitOnceComplete
CreateMutexExW
GetCurrentProcessId
InitOnceBeginInitialize
ReleaseSRWLockExclusive
DecodePointer
DisableThreadLibraryCalls
OpenSemaphoreW
WaitForSingleObject
AcquireSRWLockShared
AcquireSRWLockExclusive
WaitForSingleObjectEx
ReleaseMutex

rpcrt4

NdrDllGetClassObject
NdrDllCanUnloadNow
NdrOleAllocate
NdrOleFree

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Family.SyncEngine.dll
.dll windows:10 windows x64 arch:x64

3f3518465e7f202fc3a2663d766690af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Family.SyncEngine.pdb

Imports

msvcrt

_callnewh
memcmp
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
_amsg_exit
_XcptFilter
free
_purecall
memcpy_s
realloc
_vsnwprintf
__CxxFrameHandler3
memset

ntdll

wcscpy_s
_wcsicmp
memmove_s
_wcstoui64
RtlLookupFunctionEntry
RtlCaptureContext
_wcstoi64
RtlVirtualUnwind

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
AcquireSRWLockExclusive
AcquireSRWLockShared
WaitForSingleObject
OpenSemaphoreW
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
DeleteCriticalSection
LeaveCriticalSection
CreateSemaphoreExW
CreateMutexExW
ReleaseSRWLockShared
EnterCriticalSection
InitializeSRWLock

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep
InitOnceExecuteOnce

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserFree64
HSTRING_UserSize64
HSTRING_UserMarshal
HSTRING_UserSize
HSTRING_UserMarshal64
WindowsStringHasEmbeddedNull
HSTRING_UserUnmarshal
HSTRING_UserUnmarshal64
WindowsCreateString
WindowsDeleteString
WindowsDuplicateString
WindowsCreateStringReference
WindowsCompareStringOrdinal
WindowsIsStringEmpty
WindowsGetStringRawBuffer
HSTRING_UserFree

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoCreateInstance
CLSIDFromString
PropVariantClear
CoTaskMemFree
CoTaskMemAlloc

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenKeyExW
RegGetValueW
RegCreateKeyExW
RegCloseKey

advapi32

EventSetInformation
EventRegister
EventWriteTransfer
LookupAccountSidW
ConvertStringSidToSidW
GetLengthSid
EventUnregister
EventActivityIdControl
FreeSid

kernel32

RaiseException
WaitForThreadpoolTimerCallbacks
CompareStringOrdinal
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
CloseThreadpoolTimer
SetThreadpoolTimer
GetCurrentProcess
CreateThreadpoolTimer
SetUnhandledExceptionFilter
LocalFree
UnhandledExceptionFilter
EncodePointer
GetCurrentProcessId
DecodePointer
DisableThreadLibraryCalls
CloseHandle
SetLastError
OutputDebugStringW
IsDebuggerPresent
FormatMessageW
GetProcAddress
GetModuleHandleW
DebugBreak
GetModuleFileNameA
GetModuleHandleExW
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
GetLastError

rpcrt4

NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrOleFree

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateErrorW
RoOriginateError

samcli

NetUserSetInfo
NetUserGetInfo
NetUserDel

netutils

NetApiBufferFree

propsys

PropVariantToStringAlloc

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FamilySafetyExt.dll
.dll windows:10 windows x64 arch:x64

3062d9b37fbb92eb43e0afe02f341cd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

familysafetyext.pdb

Imports

msvcrt

_initterm
malloc
free
_amsg_exit
_XcptFilter
memset
__C_specific_handler
_vsnwprintf

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

Exports

Exports

IsChildAccount

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Faultrep.dll
.dll windows:10 windows x64 arch:x64

71606afcd79932726b391d18cf49dc35

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

aa:cf:16:ef:05:a3:ac:0a:31:17:12:65:79:cc:95:c8:24:7a:7a:03:60:6b:18:ed:b5:16:5c:07:f5:c8:83:f9
Signer

Actual PE Digest

aa:cf:16:ef:05:a3:ac:0a:31:17:12:65:79:cc:95:c8:24:7a:7a:03:60:6b:18:ed:b5:16:5c:07:f5:c8:83:f9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FaultRep.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
_o__wcstoui64
memmove
_o__wtoi
_o_free
_o_isspace
_o_malloc
_o_rand
_o_srand
_o_terminate
_o_tolower
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstol
_o_wcstoul
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_o__initialize_onexit_table
_CxxThrowException
_o__initialize_narrow_environment
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__invalid_parameter_noinfo
__std_terminate
__CxxFrameHandler4
_local_unwind
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleW
GetProcAddress
FreeLibrary
GetModuleFileNameW
GetModuleHandleExW
LoadStringW
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleExA

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
InitializeProcThreadAttributeList
CreateProcessW
GetProcessTimes
GetCurrentProcessId
GetExitCodeProcess
DeleteProcThreadAttributeList
CreateRemoteThread
TerminateProcess
GetThreadId
OpenThread
GetProcessId
UpdateProcThreadAttribute
GetCurrentThreadId
OpenProcessToken
GetThreadPriority
SetThreadPriority
CreateThread
GetCurrentThread

api-ms-win-core-localization-l1-2-0

LCMapStringW
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetErrorMode
GetLastError

api-ms-win-core-processthreads-l1-1-1

GetThreadContext
IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW
GetTickCount64
GetSystemDirectoryW
GlobalMemoryStatusEx
GetSystemTime
GetTickCount
GetSystemInfo
GetWindowsDirectoryW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

NtWaitForMultipleObjects
RtlSetCurrentTransaction
RtlGetCurrentTransaction
NtClearEvent
RtlDecodeSystemPointer
RtlNtStatusToDosError
RtlGetNtSystemRoot
RtlDetermineDosPathNameType_U
NtQueryValueKey
RtlInitUnicodeStringEx
NtOpenKey
wcsstr
RtlReleasePebLock
wcsncmp
RtlTryAcquirePebLock
RtlGetUnloadEventTraceEx
NtQueryInformationToken
NtResumeProcess
RtlSecondsSince1970ToTime
NtSuspendThread
NtResumeThread
EtwCheckCoverage
NtSetInformationProcess
NtSetSystemInformation
DbgPrintEx
PssNtFreeSnapshot
ZwQueryWnfStateNameInformation
ZwUpdateWnfStateData
EtwEventWriteNoRegistration
NtQuerySystemInformation
NtOpenEvent
NtWaitForSingleObject
RtlAllocateAndInitializeSid
RtlInitUnicodeString
NtAlpcConnectPort
NtAlpcSendWaitReceivePort
RtlFreeSid
NtClose
PssNtCaptureSnapshot
NtOpenProcess
RtlQueryResourcePolicy
NtQueryInformationProcess
wcschr
wcsnlen
wcsrchr
NtCreateFile
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
RtlAllocateHeap
RtlFreeHeap
RtlImageNtHeaderEx
NtQueryEvent
NtSetInformationFile
RtlCompareMemory
NtSystemDebugControl
RtlWerpReportException
RtlCreateProcessReflection
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlWakeAllConditionVariable
RtlSleepConditionVariableSRW
ZwQueryInformationThread
RtlQueryWnfStateData
RtlSetThreadErrorMode
DbgPrint
NtQueryInformationThread
RtlAdjustPrivilege
NtFreeVirtualMemory
NtAllocateVirtualMemory
NtDeviceIoControlFile
NtSuspendProcess

kernelbase

CreateProcessAsUserW
Sleep

api-ms-win-core-windowserrorreporting-l1-1-0

GetApplicationRecoveryCallback
WerGetFlags

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
SetEvent
CreateEventW
CreateMutexW
WaitForSingleObject
ResetEvent
ReleaseSRWLockShared
ReleaseMutex
CreateMutexExW
WaitForSingleObjectEx
AcquireSRWLockShared
CreateSemaphoreExW
ReleaseSemaphore
OpenSemaphoreW
ReleaseSRWLockExclusive
OpenEventW
OpenMutexW
AcquireSRWLockExclusive

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-psapi-l1-1-0

K32EnumProcessModules
K32EnumProcesses
K32GetModuleFileNameExW
QueryFullProcessImageNameW
K32GetMappedFileNameW
K32GetProcessImageFileNameW

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemAlloc
CoRevertToSelf
CoUnmarshalInterface
CoImpersonateClient
CoSetProxyBlanket

api-ms-win-core-file-l1-1-0

GetLogicalDriveStringsW
SetEndOfFile
SetFilePointerEx
QueryDosDeviceW
GetDriveTypeW
DeleteFileW
FlushFileBuffers
GetFileAttributesW
FindClose
CreateFileW
WriteFile
FindNextFileW
CompareFileTime
FindFirstFileW
ReadFile
GetFinalPathNameByHandleW
CreateDirectoryW
SetFileAttributesW
GetLongPathNameW

api-ms-win-security-base-l1-1-0

DuplicateToken
AllocateAndInitializeSid
CheckTokenMembership
CreateWellKnownSid
AdjustTokenPrivileges
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
IsValidSid
GetLengthSid
CopySid
AdjustTokenGroups
ImpersonateLoggedOnUser
RevertToSelf
FreeSid

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
CloseThreadpoolWait
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
ExpandEnvironmentStringsW
SetEnvironmentVariableW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegGetKeySecurity
RegSetKeySecurity
RegGetValueW
RegCloseKey
RegQueryValueExW
RegDeleteValueW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-wow64-l1-1-1

IsWow64Process2
GetSystemWow64Directory2W
GetSystemWow64DirectoryW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-errorhandling-l1-1-3

SetThreadErrorMode

api-ms-win-core-memory-l1-1-0

VirtualQueryEx
VirtualFree
VirtualAllocEx
VirtualAlloc
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
ReadProcessMemory
VirtualQuery
VirtualFreeEx
WriteProcessMemory

api-ms-win-core-processsnapshot-l1-1-0

PssFreeSnapshot
PssWalkMarkerCreate
PssDuplicateSnapshot
PssWalkMarkerFree
PssQuerySnapshot

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoUninitialize
RoInitialize

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-debug-l1-1-1

CheckRemoteDebuggerPresent

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

api-ms-win-core-toolhelp-l1-1-0

Thread32First
Module32FirstW
CreateToolhelp32Snapshot
Module32NextW
Process32FirstW
Process32NextW
Thread32Next

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

Exports

Exports

AddERExcludedApplicationA
AddERExcludedApplicationW
BasepReportFault
CancelHangReporting
CheckForReadOnlyResourceFilter
CheckPerUserCrossProcessThrottle
DllCanUnloadNow
DllGetClassObject
ReportCoreHang
ReportFault
ReportHang
UpdatePerUserLastCrossProcessCollectionTime
WerReportHang
WerpGetDebugger
WerpInitiateCrashReporting
WerpLaunchAeDebug

Sections

.text
Size: 320KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FaxPrinterInstaller.dll
.dll windows:10 windows x64 arch:x64

c449049348e26c4c9cc2435dac6e7949

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FaxPrinterInstaller.pdb

Imports

msvcrt

??1type_info@@UEAA@XZ
?terminate@@YAXXZ
memcmp
_XcptFilter
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
memset
_vsnwprintf
_wcsicmp
wcschr
__CxxFrameHandler4
memcpy_s
??3@YAXPEAX@Z
_purecall
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
memmove_s
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
wcscmp

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleFileNameA
FreeLibrary
GetProcAddress
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-file-l1-1-0

FindFirstFileW
DeleteFileW
FindNextFileW
FindClose

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
InitializeCriticalSectionEx
CreateSemaphoreExW
OpenSemaphoreW
ReleaseSRWLockShared
CreateMutexExW
WaitForSingleObjectEx
AcquireSRWLockShared
AcquireSRWLockExclusive
EnterCriticalSection
DeleteCriticalSection
ReleaseMutex
LeaveCriticalSection
ReleaseSRWLockExclusive
ReleaseSemaphore

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer

ext-ms-win-com-sta-l1-1-0

CoInitialize

shell32

SHChangeNotify
SHGetMalloc
SHGetSpecialFolderLocation

winspool.drv

DeletePrinterDriverExW
EnumPrintersW
OpenPrinterW
ClosePrinter
EnumPrinterDriversW
InstallPrinterDriverFromPackageW
DeleteMonitorW
DeletePrinter
AddPrinterW
AddMonitorW
SetPrinterW
GetPrinterW

setupapi

SetupGetInfDriverStoreLocationW

Exports

Exports

InstallLocalFaxPrinter
UninstallLocalFaxPrinter

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FdDevQuery.dll
.dll windows:10 windows x64 arch:x64

edba09902b7fd7396d09a6b8bb672d49

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FDDevQuery.pdb

Imports

msvcrt

__C_specific_handler
_XcptFilter
_initterm
_lock
_unlock
__dllonexit
memcmp
_amsg_exit
_callnewh
malloc
memcpy_s
free
_purecall
_wcsicmp
_onexit
memset

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
SetEvent
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateEventW

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
PropVariantClear
CLSIDFromString
IIDFromString

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-devices-query-l1-1-0

DevCreateObjectQueryFromId
DevCloseObjectQuery
DevFreeObjectProperties
DevFindProperty
DevCreateObjectQuery

api-ms-win-devices-query-l1-1-1

DevGetObjectPropertiesEx

user32

UnregisterClassA

propsys

PSCreateSimplePropertyChange
PSCreateMemoryPropertyStore
PSCreatePropertyChangeArray

shlwapi

StrCmpNW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FileAppxStreamingDataSource.dll
.dll windows:10 windows x64 arch:x64

7f221edc20887b66d051c74c2dbc1a7f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FileAppxStreamingDataSource.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__seh_filter_dll
memmove
_o_free
_o_malloc
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
__CxxFrameHandler4
__std_terminate
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

ntdll

RtlAcquireSRWLockExclusive
RtlEnumerateGenericTableWithoutSplayingAvl
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlReleaseSRWLockExclusive
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlDeleteElementGenericTableAvl

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-url-l1-1-0

PathCreateFromUrlW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-path-l1-1-0

PathAllocCanonicalize

api-ms-win-core-file-l1-1-0

CreateFileW
ReadFile
GetFileTime
GetFileSizeEx
GetFileType

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc

api-ms-win-core-io-l1-1-0

GetOverlappedResult
CancelIoEx

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FilterDS.dll
.dll windows:10 windows x64 arch:x64

aab95556257b2a86681ee194481af49f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FilterDS.pdb

Imports

msvcrt

_CxxThrowException
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
towupper
memcmp
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_onexit
wcstoul
memset
_wcsicmp
_unlock
??_V@YAXPEAX@Z
memmove_s
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_callnewh
?what@exception@@UEBAPEBDXZ
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
memmove
memcpy
_lock
wcsncpy_s
??0exception@@QEAA@XZ
__CxxFrameHandler3
__dllonexit
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
__CxxFrameHandler4

api-ms-win-core-libraryloader-l1-2-0

LoadResource
GetModuleHandleW
FreeLibrary
DisableThreadLibraryCalls
LoadLibraryExW
LockResource
GetModuleHandleExW
GetProcAddress
FindResourceExW
GetModuleFileNameA
SizeofResource

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
InitOnceBeginInitialize
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceComplete

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
OpenSemaphoreW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObjectEx
DeleteCriticalSection
CreateSemaphoreExW
ReleaseSemaphore
AcquireSRWLockShared
CreateMutexExW
WaitForSingleObject
SetEvent
ReleaseMutex
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateEventExW
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
TerminateProcess
OpenProcessToken
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
GetCurrentThread

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

ntdll

RtlIsMultiUsersInSessionSku

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-security-base-l1-1-0

GetSidSubAuthority
IsValidSid
GetSidSubAuthorityCount
GetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCloseKey
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l1-1-0

GetFileAttributesW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

profapi

ord103

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 152KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FirewallAPI.dll
.dll regsvr32 windows:10 windows x64 arch:x64

2058ce3451d2ab2c67a4cc88f143b6f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FirewallAPI.pdb

Imports

msvcrt

??1type_info@@UEAA@XZ
_callnewh
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_lock
_wcsnicmp
_unlock
qsort
_XcptFilter
_vsnwprintf
wcstok
_onexit
_wcsicmp
memset
memcpy
_purecall
wcscpy_s
_amsg_exit
memcmp
realloc
_CxxThrowException
wcscat_s
malloc
_initterm
__dllonexit
free
__C_specific_handler
__CxxFrameHandler4
?terminate@@YAXXZ
wcscmp

rpcrt4

RpcAsyncInitializeHandle
RpcAsyncCancelCall
RpcAsyncCompleteCall
RpcStringFreeW
UuidToStringW
RpcEpResolveBinding
RpcStringBindingComposeW
UuidCreate
RpcBindingSetOption
RpcBindingFromStringBindingW
RpcBindingFree
NdrStubCall3
IUnknown_QueryInterface_Proxy
NdrOleAllocate
IUnknown_Release_Proxy
NdrOleFree
IUnknown_AddRef_Proxy
NdrStubForwardingFunction
NdrDllCanUnloadNow
RpcExceptionFilter
NdrDllGetClassObject
NdrDllRegisterProxy
NdrDllUnregisterProxy
Ndr64AsyncClientCall
NdrClientCall3
RpcBindingSetAuthInfoExW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
ReleaseSemaphore
OpenSemaphoreW
WaitForSingleObjectEx
TryAcquireSRWLockExclusive
CreateMutexExW
InitializeCriticalSectionEx
EnterCriticalSection
AcquireSRWLockShared
WaitForSingleObject
SetEvent
InitializeSRWLock
DeleteCriticalSection
CreateSemaphoreExW
ReleaseMutex
ReleaseSRWLockExclusive
InitializeCriticalSection
AcquireSRWLockExclusive
CreateEventW
LeaveCriticalSection

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleFileNameW
FindResourceExW
FreeLibrary
GetProcAddress
LoadResource
LoadLibraryExW
SizeofResource
GetModuleHandleExW

api-ms-win-core-string-l2-1-0

CharNextW
CharPrevW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegRestoreKeyW
RegSaveKeyExW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegOpenCurrentUser
RegDeleteValueW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcpynW

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect
VirtualAlloc

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount64
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW
MultiByteToWideChar

ntdll

EtwEventWrite
RtlIpv6AddressToStringW
RtlNtStatusToDosError
RtlCapabilityCheck
RtlInitUnicodeString
RtlGetCurrentServiceSessionId
RtlIpv4AddressToStringW
RtlIpv4StringToAddressW
EtwTraceMessage
EtwEventUnregister
EtwEventRegister
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
RtlIpv6StringToAddressW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree
HeapDestroy

api-ms-win-security-base-l1-1-0

AccessCheck
GetTokenInformation
RevertToSelf
IsValidSid
DuplicateTokenEx
CheckTokenMembership
CreateWellKnownSid
GetLengthSid

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-localization-l1-2-0

GetThreadUILanguage
GetSystemDefaultLangID
FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
OpenProcessToken
GetCurrentThreadId
TerminateProcess
OpenThreadToken
GetCurrentProcessId
SetThreadToken
GetCurrentProcess

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForThreadpoolWaitCallbacks
CreateThreadpoolTimer
SetThreadpoolWait
CreateThreadpoolWait
SetThreadpoolWaitEx
CloseThreadpoolWait
SetThreadpoolTimer

api-ms-win-security-base-l1-2-0

CheckTokenCapability

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
FWAddAuthenticationSet
FWAddConnectionSecurityRule
FWAddCryptoSet
FWAddDynamicKeywordAddress0
FWAddDynamicKeywordAddress_Int
FWAddFirewallRule
FWAddHyperVRule0
FWAddHyperVRule1
FWAddMainModeRule
FWAddSecurityRealm
FWChangeNotificationCreate
FWChangeNotificationDestroy
FWChangeTransactionalState
FWClosePolicyStore
FWCopyAuthenticationSet
FWCopyConnectionSecurityRule
FWCopyCryptoSet
FWCopyFirewallRule
FWCreateHyperVPort0
FWCreateHyperVPort1
FWDeleteAllAuthenticationSets
FWDeleteAllConnectionSecurityRules
FWDeleteAllCryptoSets
FWDeleteAllFirewallRules
FWDeleteAllMainModeRules
FWDeleteAuthenticationSet
FWDeleteConnectionSecurityRule
FWDeleteCryptoSet
FWDeleteDynamicKeywordAddress0
FWDeleteDynamicKeywordAddress_Int
FWDeleteFirewallRule
FWDeleteHyperVPort0
FWDeleteHyperVRule0
FWDeleteMainModeRule
FWDeletePhase1SAs
FWDeletePhase2SAs
FWDeleteSecurityRealm
FWDiagGetAppList
FWEnumAdapters
FWEnumAuthenticationSets
FWEnumConnectionSecurityRules
FWEnumCryptoSets
FWEnumDynamicKeywordAddressById0
FWEnumDynamicKeywordAddressesByType0
FWEnumDynamicKeywordAddresses_Int
FWEnumFirewallRules
FWEnumHyperVPorts0
FWEnumHyperVPorts1
FWEnumHyperVRules0
FWEnumHyperVRules1
FWEnumHyperVVMCreators0
FWEnumMainModeRules
FWEnumNetworks
FWEnumPhase1SAs
FWEnumPhase2SAs
FWEnumProducts
FWExportPolicy
FWFreeAdapters
FWFreeAuthenticationSet
FWFreeAuthenticationSets
FWFreeAuthenticationSetsByHandle
FWFreeConnectionSecurityRule
FWFreeConnectionSecurityRules
FWFreeConnectionSecurityRulesByHandle
FWFreeCryptoSet
FWFreeCryptoSets
FWFreeCryptoSetsByHandle
FWFreeDiagAppList
FWFreeDynamicKeywordAddressData0
FWFreeFirewallRule
FWFreeFirewallRules
FWFreeFirewallRulesByHandle
FWFreeFirewallRulesOld
FWFreeHyperVPorts0
FWFreeHyperVPorts1
FWFreeHyperVRules0
FWFreeHyperVRules1
FWFreeHyperVVMCreators0
FWFreeMainModeRule
FWFreeMainModeRules
FWFreeMainModeRulesByHandle
FWFreeNetworks
FWFreePhase1SAs
FWFreePhase2SAs
FWFreeProducts
FWGetConfig
FWGetConfig2
FWGetGlobalConfig
FWGetGlobalConfig2
FWGetGlobalConfig3
FWGetHyperVProfileConfig0
FWGetHyperVVMConfig0
FWGetIndicatedPortInUse
FWImportPolicy
FWIndicatePortInUse
FWIndicateProxyForUrl
FWIndicateProxyResolverRefresh
FWIndicateTupleInUse
FWIndicateTupleInUse2
FWIsTargetAProxy
FWOpenPolicyStore
FWQueryAuthenticationSets
FWQueryConnectionSecurityRules
FWQueryCryptoSets
FWQueryFirewallRules
FWQueryIsolationType
FWQueryMainModeRules
FWRefreshHyperVPorts0
FWRegisterHyperVVMCreator0
FWRegisterProduct
FWResetIndicatedPortInUse
FWResetIndicatedTupleInUse
FWRestoreDefaults
FWRestoreGPODefaults
FWRevertTransaction
FWRuleDuplicateStatusByRuleID
FWSelectConSecRule
FWSetAuthenticationSet
FWSetConfig
FWSetConnectionSecurityRule
FWSetCryptoSet
FWSetFirewallRule
FWSetGlobalConfig
FWSetGlobalConfig2
FWSetHyperVPort0
FWSetHyperVPort1
FWSetHyperVProfileConfig0
FWSetHyperVRule0
FWSetHyperVRule1
FWSetHyperVVMConfig0
FWSetMainModeRule
FWStatusMessageFromStatusCode
FWUnregisterHyperVVMCreator0
FWUnregisterProduct
FWUpdateDynamicKeywordAddress0
FWUpdateDynamicKeywordAddress_Int
FWVerifyAuthenticationSet
FWVerifyAuthenticationSetQuery
FWVerifyConnectionSecurityRule
FWVerifyConnectionSecurityRuleQuery
FWVerifyCryptoSet
FWVerifyCryptoSetQuery
FWVerifyFirewallRule
FWVerifyFirewallRuleQuery
FWVerifyMainModeRule
FWVerifyMainModeRuleQuery
FwActivate
FwAlloc
FwAllocCheckSize
FwAllowedProgramsAdd
FwAllowedProgramsDelete
FwAnalyzeFirewallPolicy
FwAnalyzeFirewallPolicyOnProfile
FwApiHelperFree
FwApiHelperInit
FwBstrToIcmp
FwBstrToInterfaceTypes
FwBstrToPorts
FwConvertIPv6SubNetToRange
FwCopyAuthSet
FwCopyMainModeRule
FwCopyWFAddressesContents
FwEmptyWFAddresses
FwFree
FwFreeAddresses
FwFreePorts
FwGetAddressesAsString
FwGetCurrentProfile
FwGetVersionField
FwIcmpSettingsEnum
FwIcmpSettingsSet
FwIcmpToBstr
FwInterfaceTypesToBstr
FwIsGroupPolicyEnforced
FwIsRemoteManagementEnabled
FwLogSettingsSet
FwMergeAddresses
FwMulticastBroadcastResponsesEnum
FwMulticastBroadcastResponsesSet
FwNotificationsEnum
FwNotificationsSet
FwOpModesEnum
FwOpModesSet
FwPortOpeningsAdd
FwPortOpeningsDelete
FwProfileTypeCurrentGet
FwProfileTypeGet
FwRestoreDefaults
FwServicesEnum
FwServicesSet
FwStringToAddresses
FwStringToPorts
GetDisabledInterfaces
IcfAddrChangeNotificationCreate
IcfChangeNotificationCreate
IcfChangeNotificationDestroy
IcfConnect
IcfDisconnect
IcfFreeDynamicFwPorts
IcfFreeProfile
IcfFreeTickets
IcfGetCurrentProfileType
IcfGetDynamicFwPorts
IcfGetOperationalMode
IcfGetProfile
IcfGetTickets
IcfIsPortAllowed
IcfOpenDynamicFwPortWithoutSocket
IcfSubNetsGetScope
IsFirewallInCoExistanceMode
IsPortOrICMPAllowed
NetworkIsolationAddAllowEnterpriseIdRule
NetworkIsolationCreateAllInterfacesContainer
NetworkIsolationCreateAppContainer
NetworkIsolationCreateAppContainerLoopbackRules
NetworkIsolationCreateContainer
NetworkIsolationCreateInterfaceContainer
NetworkIsolationDeleteAllInterfacesContainer
NetworkIsolationDeleteAllowEnterpriseIdRule
NetworkIsolationDeleteAppContainer
NetworkIsolationDeleteAppContainerLoopbackRules
NetworkIsolationDeleteContainer
NetworkIsolationDeleteInterfaceContainer
NetworkIsolationDeleteUserAppContainers
NetworkIsolationDiagnoseConnectFailure
NetworkIsolationDiagnoseConnectFailureAndGetInfo
NetworkIsolationDiagnoseListen
NetworkIsolationDiagnoseSocketCreation
NetworkIsolationEnumAppContainers
NetworkIsolationEnumerateAppContainerRules
NetworkIsolationFreeAppContainers
NetworkIsolationGetAppContainer
NetworkIsolationGetAppContainerConfig
NetworkIsolationGetEnterpriseId
NetworkIsolationGetEnterpriseIdAsync
NetworkIsolationGetEnterpriseIdClose
NetworkIsolationRegisterForAppContainerChanges
NetworkIsolationSetAppContainerConfig
NetworkIsolationSetupAppContainerBinaries
NetworkIsolationUnregisterForAppContainerChanges

Sections

.text
Size: 376KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FirewallControlPanel.dll
.dll regsvr32 windows:10 windows x64 arch:x64

ad91f41700d53756aa4be9f54680f530

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FirewallControlPanel.pdb

Imports

msvcrt

__CxxFrameHandler3
??1type_info@@UEAA@XZ
_onexit
floorf
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
wcsrchr
towupper
_wcsicmp
_CxxThrowException
memcmp
wcsspn
malloc
qsort
_purecall
_wtol
__C_specific_handler
free
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
__CxxFrameHandler4
__dllonexit
memset

ntdll

EtwLogTraceEvent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WinSqmIncrementDWORD
RtlQueryElevationFlags
WinSqmAddToStream
WinSqmIsOptedIn
EtwEventWrite
EtwEventUnregister
EtwEventRegister
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwEventWriteTransfer

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
LoadLibraryExW
DisableThreadLibraryCalls
GetProcAddress
LoadStringW
GetModuleHandleExW
LoadLibraryExA
GetModuleFileNameA
GetModuleHandleW
FreeLibrary

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
DeleteCriticalSection
ResetEvent
CreateEventW
WaitForSingleObject
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
EnterCriticalSection
LeaveCriticalSection
OpenMutexW
InitializeCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateSemaphoreExW
ReleaseMutex
SetEvent

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventActivityIdControl
EventRegister

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
CheckTokenMembership
FreeSid

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch
StrCmpICW
StrCmpCW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrlenW
lstrcmpW

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

shcore

ord190
IUnknown_SetSite
ord140
ord188
ord145
IUnknown_QueryService
IUnknown_Set
IUnknown_GetSite

kernel32

QueueUserWorkItem
UnregisterWaitEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
DeactivateActCtx
ReleaseActCtx
CreateActCtxW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ShowNotificationDialogW
ShowWarningDialogW

Sections

.text
Size: 216KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FirewallUX.dll
.dll windows:10 windows x64 arch:x64

be3c93ff792962215e2417d4212a16a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FirewallUX.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_abort
_o_free
_o_iswspace
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o__configure_narrow_argv
_o___stdio_common_vsnprintf_s
_o__cexit
_o__callnewh
_o__beginthreadex
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
wcsrchr

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoReleaseServerProcess
CoAddRefServerProcess
CoGetApartmentType
CoCreateInstance
CoGetObjectContext
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoUninitialize

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameA
FreeLibrary
LoadStringW
GetModuleFileNameW
GetModuleHandleExA

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
CreateMutexExW
CreateEventW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DeleteCriticalSection
ReleaseMutex
SetEvent
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
ResetEvent
InitializeCriticalSectionAndSpinCount

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-rtcore-ntuser-window-l1-1-0

PostQuitMessage

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventActivityIdControl
EventUnregister

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
TrySubmitThreadpoolCallback
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
ExitProcess
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList
InterlockedFlushSList

oleaut32

SysFreeString
VariantClear
VariantInit
SysStringLen
SetErrorInfo
SysAllocString
GetErrorInfo

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOverStream

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

ntdll

RtlQueryElevationFlags

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-shlwapi-winrt-storage-l1-1-1

AssocQueryStringW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

msvcp_win

?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
_Mtx_init_in_situ
_Cnd_init_in_situ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
_Cnd_unregister_at_thread_exit
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Throw_C_error@std@@YAXH@Z
_Cnd_wait
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
_Mtx_lock
_Thrd_detach
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
_Mtx_unlock
??0task_continuation_context@Concurrency@@AEAA@XZ
_Cnd_do_broadcast_at_thread_exit
?__ExceptionPtrCreate@@YAXPEAX@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
_Cnd_register_at_thread_exit
_Cnd_broadcast
_Mtx_destroy_in_situ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_destroy_in_situ
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?_Syserror_map@std@@YAPEBDH@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 188KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FirmwareAttestationServerProxyStub.dll
.dll windows:10 windows x64 arch:x64

8b4a45dd471a39b2a468846ac6c0ae67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FirmwareAttestationServerProxyStub.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___std_type_info_destroy_list
_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
__C_specific_handler

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

rpcrt4

NdrOleAllocate
NdrOleFree
NdrDllGetClassObject
NdrDllCanUnloadNow

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FlightSettings.dll
.dll windows:10 windows x64 arch:x64

b547a184c25cf8f85db201712c8b8049

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:90:fe:08:e8:6a:9a:7f:51:85:ab:93:8b:59:15:d7:58:84:59:56:d4:1a:4e:02:f3:fb:21:ea:a1:e5:10:9e
Signer

Actual PE Digest

61:90:fe:08:e8:6a:9a:7f:51:85:ab:93:8b:59:15:d7:58:84:59:56:d4:1a:4e:02:f3:fb:21:ea:a1:e5:10:9e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FlightSettings.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__wcsicmp
memmove
_o__wcstoui64
_o__wcsupr
_o__wtoi
_o__wtol
_o_abort
_o_ceilf
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
_o_towlower
_o_wcstok_s
_o_wcstoul
_o_wctomb_s
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
wcsrchr
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o__crt_atexit
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
_o__configure_narrow_argv
wcsstr
strchr
wcschr

api-ms-win-crt-string-l1-1-0

wcsnlen
wcscmp
wcsncmp
memset

combase

GetErrorInfo
ord67
ord69
ord68
ord66
ord154
ord168
SetErrorInfo

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
LoadLibraryExW
GetModuleHandleExA
GetProcAddress
GetModuleFileNameW
GetModuleHandleW
FreeLibrary
FindStringOrdinal
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

TryEnterCriticalSection
InitializeSRWLock
ReleaseMutex
ReleaseSemaphore
CreateSemaphoreExW
WaitForSingleObjectEx
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockExclusive
OpenSemaphoreW
WaitForSingleObject
ReleaseSRWLockShared
InitializeCriticalSectionEx
SetEvent
CreateEventExW
CreateMutexExW
CreateMutexW
AcquireSRWLockShared
DeleteCriticalSection
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer
IsThreadpoolTimerSet

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
CreateProcessW
GetCurrentProcess
GetExitCodeProcess
GetCurrentThreadId
SetThreadToken
GetCurrentProcessId
OpenProcessToken
TerminateProcess
GetCurrentThread

api-ms-win-core-localization-l1-2-0

GetUserDefaultLocaleName
GetLocaleInfoW
GetSystemPreferredUILanguages
GetUserPreferredUILanguages
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventActivityIdControl
EventRegister
EventWriteTransfer

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep
InitOnceExecuteOnce

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-kernel32-legacy-l1-1-0

CopyFileW
UnregisterWait
MoveFileW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetComputerNameExW
GetSystemWindowsDirectoryW

ntdll

RtlUnsubscribeWnfNotificationWaitForCompletion
RtlNtStatusToDosError
RtlIsStateSeparationEnabled
NtQueryWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlIsMultiUsersInSessionSku
RtlSubscribeWnfStateChangeNotification
RtlConvertDeviceFamilyInfoToString
NtQueryLicenseValue
RtlGetVersion
NtQuerySystemInformation
EtwTraceMessage
NtQueryInformationToken
RtlPublishWnfStateData

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyExW
RegGetValueW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

OpenProcess
GetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-string-l2-1-0

CharLowerBuffW
CharUpperBuffW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
AdjustTokenPrivileges
DuplicateToken
CreateWellKnownSid
GetTokenInformation
IsValidSid
GetLengthSid
CopySid
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
RevertToSelf
DuplicateTokenEx

api-ms-win-core-file-l1-1-0

DefineDosDeviceW
RemoveDirectoryW
SetFileInformationByHandle
FlushFileBuffers
CreateFileA
WriteFile
SetFileAttributesW
SetFilePointer
CreateDirectoryW
DeleteFileW
CreateFileW
GetFileSizeEx
ReadFile
GetFileAttributesW
GetFullPathNameW
FindClose
FindNextFileW
FindFirstFileW
QueryDosDeviceW

api-ms-win-core-url-l1-1-0

UrlEscapeW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathFindFileNameW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrNIW

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW
GetPersistedRegistryValueW

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx

msvcp_win

??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
_Wcscoll
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
??1_Lockit@std@@QEAA@XZ
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
_Wcsxfrm
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?id@?$ctype@G@std@@2V0locale@2@A
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?id@?$collate@G@std@@2V0locale@2@A
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?is@?$ctype@G@std@@QEBA_NFG@Z
?_Xbad_alloc@std@@YAXXZ
?tolower@?$ctype@G@std@@QEBAGG@Z

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchSkipRoot

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-datetime-l1-1-1

GetTimeFormatEx
GetDateFormatEx

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 712KB - Virtual size: 710KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FluencyDS.dll
.dll windows:10 windows x64 arch:x64

6c2d4930e23b88e0290a44a34262ed97

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FluencyDS.pdb

Imports

msvcrt

__crtLCMapStringW
__crtLCMapStringA
_wsetlocale
_Getdays
_Getmonths
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
_Gettnames
_Strftime
abort
isalnum
isdigit
sqrt
___lc_collate_cp_func
memcmp
_wcsdup
sscanf_s
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??_V@YAXPEAX@Z
strpbrk
__iob_func
memchr
tolower
isspace
vsprintf_s
_resetstkoflw
strerror
_errno
_wfsopen
frexp
towlower
ldexp
localeconv
strcspn
exit
fseek
_fseeki64
fsetpos
ungetc
setvbuf
time
_fsopen
fgetpos
__crtCompareStringA
fwrite
??0bad_cast@@QEAA@AEBV0@@Z
___mb_cur_max_func
fgetc
calloc
rand
___lc_codepage_func
fclose
fflush
srand
fputc
sprintf_s
___lc_handle_func
_create_locale
memmove_s
isupper
__pctype_func
iswpunct
__uncaught_exception
_wcstod_l
memset
iswalpha
strncmp
__mb_cur_max
__crtCompareStringW
iswupper
iswdigit
sqrtf
??1type_info@@UEAA@XZ
setlocale
_onexit
realloc
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_snprintf
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
memmove
powf
logf
log10
log
islower
wcsnlen
_wcsicmp
clock
ftell
ferror
_commit
getc
_fileno
_wfopen
iswspace
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
_free_locale
fprintf
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
_ismbblead
__CxxFrameHandler4
floorf
ceil
exp
expf
floor
tanhf

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleHandleExW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
SleepConditionVariableSRW
InitOnceExecuteOnce
Sleep
WakeAllConditionVariable
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
CreateMutexExW
CreateSemaphoreExW
AcquireSRWLockShared
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
ReleaseSemaphore
InitializeCriticalSection
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference
WindowsIsStringEmpty

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetSystemTime
GetWindowsDirectoryW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer
EventSetInformation
EventActivityIdControl

api-ms-win-core-file-l1-1-0

DeleteFileW
FindFirstFileW
GetFileAttributesExW
GetFileAttributesW
CreateDirectoryW
GetTempFileNameW
FindNextFileW
FindClose

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegGetValueW
RegDeleteKeyExW
RegOpenKeyExW
RegQueryValueExW

oleaut32

SysFreeString
SysAllocString
SysStringLen
SysAllocStringLen

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-errorhandling-l1-1-3

TerminateProcessOnMemoryExhaustion

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-file-l2-1-0

MoveFileExW

crypt32

CryptUnprotectData
CryptProtectData

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-shlwapi-legacy-l1-1-0

PathAppendW
PathFileExistsW
PathFindFileNameA

ntdll

RtlIsMultiUsersInSessionSku

profapi

ord104

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 576KB - Virtual size: 574KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FntCache.dll
.dll windows:10 windows x64 arch:x64

38e358bcfe96b9f53daf7c3a581d8e17

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FntCache.pdb

Imports

msvcrt

_snprintf_s
calloc
_amsg_exit
free
_onexit
??1type_info@@UEAA@XZ
tanf
_initterm
__C_specific_handler
_XcptFilter
sqrt
memmove
memcpy
?terminate@@YAXXZ
__CxxFrameHandler3
_CxxThrowException
cosf
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
__dllonexit
sinf
_callnewh
_unlock
malloc
pow
__CxxFrameHandler4
memcmp
memset
_itow_s
realloc
memcpy_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
sprintf_s
??_V@YAXPEAX@Z
_i64tow_s
wcsnlen
wcscpy_s
_vsnwprintf
_vsnprintf_s
memmove_s
rand
iswalpha
wcschr
_purecall
??3@YAXPEAX@Z
_lock
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
LoadLibraryExW
FreeLibrary
GetModuleFileNameW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoTaskMemFree
CoTaskMemAlloc
CoDisconnectObject
CoUninitialize

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA
DebugBreak

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingW
MapViewOfFileEx

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterMemoryBlock

api-ms-win-core-file-l1-1-0

GetFileInformationByHandle
FindFirstChangeNotificationW
ReadFile
FlushFileBuffers
GetDiskFreeSpaceExW
FindCloseChangeNotification
FindNextFileW
FindClose
CreateDirectoryW
FindFirstFileW
SetFileTime
DeleteFileW
CreateFileW

ntdll

AlpcGetMessageAttribute
NtAlpcSendWaitReceivePort
NtAlpcAcceptConnectPort
NtAlpcCreatePort
NtAlpcOpenSenderProcess
NtAlpcImpersonateClientOfPort
AlpcInitializeMessageAttribute
NtClose
RtlIsStateSeparationEnabled
NtSetInformationThread
NtQueryInformationThread
RtlInitUnicodeString
RtlConvertSidToUnicodeString
RtlFreeUnicodeString
RtlDeriveCapabilitySidsFromName
RtlNtPathNameToDosPathName
RtlpEnsureBufferSize
NtSetInformationFile
NtAlpcCancelMessage

api-ms-win-service-core-l1-1-4

GetServiceDirectory

profapi

ord104

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetErrorMode
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-service-core-l1-1-3

GetServiceRegistryStateKey

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry
RtlCaptureStackBackTrace

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentThread
OpenProcessToken
CreateThread
GetCurrentProcess
TerminateProcess
ResumeThread
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GlobalMemoryStatusEx
GetSystemTimeAsFileTime
GetTickCount64
GetSystemTime
GetTickCount
GetSystemWindowsDirectoryW
GetSystemInfo

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte
CompareStringW

api-ms-win-core-file-l1-2-1

GetCompressedFileSizeW

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorDacl
GetAclInformation
GetAce
GetTokenInformation
CopySid
InitializeSecurityDescriptor
GetFileSecurityW
AddAccessAllowedAce
InitializeAcl
CreateWellKnownSid
SetSecurityDescriptorDacl
CreateRestrictedToken
GetLengthSid
IsWellKnownSid
ImpersonateLoggedOnUser
RevertToSelf

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SubmitThreadpoolWork
SetEventWhenCallbackReturns
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
WaitForSingleObject
InitializeCriticalSection
CreateMutexExW
InitializeCriticalSectionEx
EnterCriticalSection
SetEvent
LeaveCriticalSection
CreateEventW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
CreateSemaphoreExW
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForMultipleObjectsEx
DeleteCriticalSection

api-ms-win-core-localization-l1-2-0

LCMapStringW
LocaleNameToLCID
GetUserDefaultLCID
FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation

rpcrt4

UuidCreate

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegEnumValueW
RegSetValueExW
RegNotifyChangeKeyValue
RegQueryInfoKeyW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 936KB - Virtual size: 935KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 356KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FontGlyphAnimator.dll
.dll windows:10 windows x64 arch:x64

0a22cd387eb8faf5f2be3339261ebb97

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FontGlyphAnimator.pdb

Imports

msvcrt

__dllonexit
_unlock
_lock
_callnewh
free
__C_specific_handler
_initterm
malloc
_amsg_exit
_XcptFilter
_onexit
_vsnwprintf
memcpy_s
_purecall
memmove_s
realloc
__CxxFrameHandler3
memset

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateErrorW
RoOriginateError

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateMutexExW
OpenSemaphoreW
WaitForSingleObject
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
ReleaseSRWLockShared
AcquireSRWLockShared
CreateSemaphoreExW

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsIsStringEmpty
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference
WindowsStringHasEmbeddedNull
WindowsCreateString

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW
DisableThreadLibraryCalls

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-com-l1-1-0

CoGetApartmentType
CoTaskMemFree
CoTaskMemAlloc

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FontProvider.dll
.dll windows:10 windows x64 arch:x64

6636a738c96c29c37d8578807ef2d250

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FontProvider.pdb

Imports

msvcrt

??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
memmove
??_V@YAXPEAX@Z
_XcptFilter
_amsg_exit
??0exception@@QEAA@AEBQEBD@Z
__C_specific_handler
_lock
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
memcmp
__CxxFrameHandler4
_CxxThrowException
memcpy
_callnewh
malloc
free
wcsncmp
_i64tow_s
memcpy_s
_purecall
??3@YAXPEAX@Z
_initterm
memset

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
RtlCaptureStackBackTrace

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
ResumeThread

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetTickCount64

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetErrorMode

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation

rpcrt4

UuidCreate

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
DeleteCriticalSection
InitializeCriticalSection
CreateEventW
LeaveCriticalSection
SetEvent
EnterCriticalSection

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW

api-ms-win-core-file-l1-1-0

FindNextFileW
FindFirstFileW
CreateDirectoryW
SetFileTime
SetFilePointer
FindClose
DeleteFileW
FlushFileBuffers
WriteFile
ReadFile
GetFileInformationByHandle
CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFileEx
FlushViewOfFile
VirtualFree

api-ms-win-core-com-l1-1-0

CoDisconnectObject
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx
CoUninitialize

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-file-l1-2-1

GetCompressedFileSizeW

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
RevertToSelf

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWork

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CreateFontDownloadManager

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FrameServer.dll
.dll windows:10 windows x64 arch:x64

fb48f74b2eaae5379178fb03a508cf41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FrameServer.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__ltoa_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__ultoa_s
_o__wcsicmp
_o__wcslwr
_o__wcslwr_s
_o__wcsnicmp
_o__wcsupr_s
memmove
_o__invalid_parameter_noinfo
_o_free
_o_malloc
_o_memcpy_s
_o_qsort
_o_realloc
_o_sqrt
_o_strncpy_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstol
__C_specific_handler
__CxxFrameHandler3
_o__configure_narrow_argv
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__i64toa_s
_o___stdio_common_vsprintf
_o___std_type_info_destroy_list
_o__cexit
_o__callnewh
_o__execute_onexit_table
_o__errno
_o__gcvt_s
_o__crt_atexit
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp

mfsensorgroup

MFCreateSensorProfileCollection
MFCreateSensorGroupById
MFCheckProcessCapabilities
MFCloneSensorProfile
MFCreateSensorProfileWithFlags
MFCreateSensorGroup
MFGetSensorOrientation
MFCreateTranslatedMediaType3
MFCreatePassthroughTranslatedMediaType
MFCreateSensorGroupWithOptions
MFIsStreamAvailableToAppPackage
MFCreateSensorGroupIdManager
MFCreateSensorStream
MFGetSensorGroupAttributesFromId
MFDeleteSensorGroupById

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableFlags
UnregisterTraceGuids
TraceMessage
GetTraceEnableLevel

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameW
LoadLibraryExW
AddDllDirectory
LoadStringW
FreeLibrary
RemoveDllDirectory

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

CreateMutexW
TryEnterCriticalSection
OpenSemaphoreW
DeleteCriticalSection
WaitForSingleObjectEx
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseMutex
ReleaseSemaphore
EnterCriticalSection
SetEvent
CreateSemaphoreExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
OpenMutexW
CreateEventW
ReleaseSRWLockShared
InitializeCriticalSection
CreateMutexExW
AcquireSRWLockShared
InitializeSRWLock
WaitForSingleObject
OpenEventW
CreateEventExW
ResetEvent

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
OpenProcessToken
OpenThreadToken
TerminateProcess
GetPriorityClass
GetThreadPriority
GetCurrentThread
SetThreadPriority
GetCurrentProcess
SetPriorityClass
TlsSetValue
TlsGetValue

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegSetValueExW
RegCloseKey
RegGetValueW
RegOpenKeyExW
RegDeleteKeyExW
RegCreateKeyExW
RegQueryValueExW
RegEnumKeyExW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-com-l1-1-0

CoTaskMemFree
PropVariantCopy
CoCreateGuid
CoCreateInstance
CoSetProxyBlanket
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
PropVariantClear
StringFromGUID2
StringFromCLSID
CLSIDFromString
IIDFromString

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

rpcrt4

RpcServerInqCallAttributesW
RpcStringBindingParseW
NdrServerCallAll
NdrServerCall2
RpcBindingToStringBindingW
RpcStringFreeW
RpcBindingFree
RpcRevertToSelfEx
UuidCreate
RpcImpersonateClient
RpcEpUnregister
RpcEpRegisterW
RpcServerRegisterIf3
RpcServerRegisterAuthInfoW
RpcServerInqDefaultPrincNameW
RpcServerInqBindings
RpcServerUseProtseqW
RpcServerUseProtseqEpW
RpcBindingVectorFree
RpcServerUnregisterIfEx
RpcServerInqBindingHandle

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-security-base-l1-1-0

CreateWellKnownSid
CheckTokenMembership
AllocateAndInitializeSid
FreeSid
EqualSid
GetTokenInformation
ImpersonateLoggedOnUser
RevertToSelf

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification
PowerSettingUnregisterNotification

api-ms-win-power-base-l1-1-0

PowerRegisterSuspendResumeNotification
PowerUnregisterSuspendResumeNotification

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-synch-l1-2-0

WaitOnAddress
Sleep
WakeByAddressAll

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteStringBuffer
WindowsPromoteStringBuffer
WindowsPreallocateStringBuffer
WindowsCreateStringReference
WindowsCompareStringOrdinal
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsDeleteString
WindowsDuplicateString
WindowsCreateString

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateErrorW
RoOriginateError

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_PropertyW
CM_MapCrToWin32Err
CM_Set_Device_Interface_PropertyW
CM_Locate_DevNodeW
CM_Get_DevNode_PropertyW
CM_Open_Device_Interface_KeyW
CM_Get_DevNode_Status
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW
CM_Enable_DevNode
CM_Disable_DevNode

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-file-l1-1-0

GetFinalPathNameByHandleW
CreateFileW
FileTimeToLocalFileTime
GetFileTime

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
OpenFileMappingW

bcrypt

BCryptCreateHash
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptHashData
BCryptGetProperty

crypt32

CryptProtectData
CryptUnprotectData

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

api-ms-win-core-winrt-propertysetprivate-l1-1-1

RoCreatePropertySetSerializer

ntdll

NtQueryInformationProcess
RtlStringFromGUIDEx
NtCreateFile
RtlReleaseSRWLockExclusive
NtClose
RtlAcquireSRWLockExclusive
RtlWakeAllConditionVariable
RtlSleepConditionVariableSRW
memmove_s
wcsstr
wcsncmp
wcschr
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlPublishWnfStateData
NtCreateCrossVmEvent
NtCreateCrossVmMutant
NtAcquireCrossVmMutant
NtReleaseMutant
RtlAppendUnicodeStringToString
RtlFreeUnicodeString
RtlAppendUnicodeToString
NtCreateSection
strnlen

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureUsage
GetFeatureEnabledState
SubscribeFeatureStateChangeNotification
UnsubscribeFeatureStateChangeNotification

api-ms-win-rtcore-ntuser-powermanagement-l1-1-0

UnregisterPowerSettingNotification

cfgmgr32

CM_Get_Device_Interface_AliasW

mf

MFEnumDeviceSources
MFCreateDeviceSource

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFamilyName
GetCurrentPackageFamilyName

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-apiquery-l2-1-0

IsApiSetImplemented

propsys

PropVariantCompareEx

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FrameServerClient.dll
.dll regsvr32 windows:10 windows x64 arch:x64

1559b8333bebe80b7f868b0c89885035

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FrameServerClient.pdb

Imports

mfsensorgroup

MFIsSensorGroupName
MFCreateSensorGroup

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__i64toa_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__ltoa_s
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
_o__ultoa_s
_o__wcslwr
_o_free
_o_malloc
_o_memcpy_s
_o_qsort
_o_strncpy_s
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
__CxxFrameHandler3
_o__gcvt_s
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___std_type_info_destroy_list
__C_specific_handler
memcmp
memcpy
memmove

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
FindResourceExW
GetModuleFileNameA
DisableThreadLibraryCalls
GetProcAddress
LoadResource
SizeofResource
GetModuleHandleW
GetModuleHandleExW
FreeLibrary
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
OpenMutexW
CreateMutexW
OpenEventW
CreateEventW
AcquireSRWLockExclusive
WaitForSingleObjectEx
DeleteCriticalSection
OpenSemaphoreW
CreateEventExW
SetEvent
ReleaseSRWLockShared
CreateMutexExW
InitializeSRWLock
CreateSemaphoreExW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
ResetEvent
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
TlsGetValue
GetCurrentProcess
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle
CompareObjectHandles

oleaut32

VarUI4FromStr

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
TraceMessage
GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoTaskMemRealloc
StringFromCLSID
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
PropVariantCopy
PropVariantClear
StringFromIID

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetSystemInfo

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_PropertyW
CM_Get_Device_Interface_List_SizeW
CM_Open_Device_Interface_KeyW
CM_Set_Device_Interface_PropertyW
CM_MapCrToWin32Err

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

rpcrt4

NdrClientCall3
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcEpResolveBinding
UuidCreate
RpcBindingSetAuthInfoExW
RpcBindingFree
RpcStringFreeW
I_RpcExceptionFilter
RpcBindingBind
RpcBindingCreateW
RpcMgmtInqServerPrincNameW

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-io-l1-1-0

DeviceIoControl

bcrypt

BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptDestroyHash
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptHashData
BCryptCreateHash

api-ms-win-security-base-l1-1-0

EqualSid
CheckTokenMembership
GetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

crypt32

CryptUnprotectData
CryptProtectData

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
MapViewOfFile

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification
GetFeatureEnabledState

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

ntdll

NtCreateSection
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
RtlFreeUnicodeString
NtClose
RtlStringFromGUIDEx
strnlen
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlWakeAllConditionVariable
RtlSleepConditionVariableSRW
RtlConvertHostPerfCounterToPerfCounter
NtCreateFile
NtAcquireCrossVmMutant
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
NtQueryInformationProcess
NtCreateCrossVmEvent
NtCreateCrossVmMutant
NtReleaseMutant

cfgmgr32

CM_Get_Device_Interface_AliasW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-mm-time-l1-1-0

timeEndPeriod
timeBeginPeriod

api-ms-win-appmodel-runtime-l1-1-0

GetCurrentPackageFamilyName

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 492KB - Virtual size: 489KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FrameServerMonitor.dll
.dll windows:10 windows x64 arch:x64

3aa6d04088ba868569ad241582cf943c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FrameServerMonitor.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__ltoa_s
_o__register_onexit_function
_o__seh_filter_dll
_o__wcslwr
_o__wcslwr_s
_o__wcsnicmp
memmove
_o_free
_o_malloc
_o_qsort
_o_strncpy_s
_o_wcsncpy_s
__C_specific_handler
_o__cexit
_o__callnewh
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___std_type_info_destroy_list
_o__crt_atexit
_o__configure_narrow_argv
memcmp
memcpy
__CxxFrameHandler3

api-ms-win-crt-string-l1-1-0

memset
strnlen

mfsensorgroup

MFCloneSensorProfile
MFCreateSensorGroupWithOptions
MFWriteSensorGroupDataToRegistry
MFGenerateAndPublishCameraTelemetry
MFGetSGCH
MFCreateSensorDeviceBlobByObject
MFCreateSensorGroupById
MFCreateSensorGroup
MFGetSensorDeviceProperty
MFGetSensorDeviceRegistryProperty
MFCleanupVirtualCameraEntries
MFInitializeSensorGroupStore
MFCreateSensorGroupIdManager
MFGetSensorGroupAttributesFromId
MFCreateSensorProfileCollection

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-security-logon-l1-1-1

LogonUserW

api-ms-win-core-kernel32-legacy-l1-1-0

LoadLibraryW
RaiseFailFastException

ntdll

RtlPublishWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlSubscribeWnfStateChangeNotification
wcsstr
NtQueryInformationProcess
wcsrchr

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleHandleExW
DisableThreadLibraryCalls
GetModuleFileNameA
FreeLibrary
LoadLibraryExW
LoadStringW

api-ms-win-core-synch-l1-1-0

SetEvent
CreateEventExW
ReleaseMutex
CreateSemaphoreExW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReleaseSRWLockExclusive
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSemaphore
CreateMutexExW
OpenSemaphoreW
WaitForSingleObject

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetThreadPriority
OpenThreadToken
TerminateProcess
SetThreadPriority
SetPriorityClass
GetCurrentProcess
GetPriorityClass
GetCurrentProcessId
TlsSetValue
GetCurrentThread
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegSetValueExW
RegGetValueW
RegDeleteValueW
RegCloseKey
RegDeleteKeyExW
RegCreateKeyExW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-heap-l2-1-0

LocalFree

rpcrt4

RpcServerInqBindingHandle
RpcImpersonateClient
RpcRevertToSelfEx
RpcEpUnregister
RpcServerUnregisterIfEx
RpcServerUseProtseqEpW
RpcServerUseProtseqW
RpcServerInqBindings
RpcServerInqDefaultPrincNameW
RpcServerRegisterAuthInfoW
RpcServerRegisterIf3
RpcEpRegisterW
I_RpcBindingInqLocalClientPID
RpcServerInqCallAttributesW
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcRevertToSelf
RpcStringFreeW
RpcBindingFree
RpcBindingVectorFree
NdrServerCall2
NdrServerCallAll

api-ms-win-security-base-l1-1-0

GetTokenInformation
RevertToSelf
AllocateAndInitializeSid
FreeSid
GetSecurityDescriptorControl
CheckTokenMembership
CreateWellKnownSid
ImpersonateLoggedOnUser
GetLengthSid

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-devices-config-l1-1-1

CM_Get_DevNode_Status
CM_Set_Device_Interface_PropertyW
CM_Unregister_Notification
CM_Open_Device_Interface_KeyW
CM_Query_And_Remove_SubTreeW
CM_Uninstall_DevNode
CM_Disable_DevNode
CM_MapCrToWin32Err
CM_Register_Notification
CM_Get_DevNode_PropertyW
CM_Locate_DevNodeW
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_PropertyW
CM_Enable_DevNode

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
IIDFromString
CLSIDFromString
CoCreateInstance
CoTaskMemFree
PropVariantClear
CoSetProxyBlanket
StringFromIID

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification
PowerSettingUnregisterNotification

api-ms-win-power-base-l1-1-0

PowerRegisterSuspendResumeNotification
PowerUnregisterSuspendResumeNotification

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateString

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime
CreateFileW

api-ms-win-devices-swdevice-l1-1-0

SwDeviceCreate
SwDeviceClose
SwMemFree
SwDeviceInterfaceRegister
SwDeviceInterfaceSetState
SwDeviceInterfacePropertySet

api-ms-win-devices-swdevice-l1-1-1

SwDeviceSetLifetime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification
GetFeatureEnabledState
SubscribeFeatureStateChangeNotification

cfgmgr32

CM_Get_Device_Interface_AliasW

mf

MFCreateDeviceSourceActivate

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-synch-l1-2-0

Sleep

crypt32

CryptUnprotectData
CryptProtectData

bcrypt

BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptDestroyHash
BCryptHashData
BCryptCreateHash

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-apiquery-l2-1-0

IsApiSetImplemented

api-ms-win-appmodel-runtime-l1-1-0

GetCurrentPackageFamilyName
GetPackageFamilyName

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 256KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FrameServerMonitorClient.dll
.dll regsvr32 windows:10 windows x64 arch:x64

1e2cfc6aa89f24d9efd0a6d8884e9732

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FrameServerMonitorClient.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcslwr
_o__wcslwr_s
_o__wtol
_o_free
_o_malloc
_o_qsort
_o_strncpy_s
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
__CxxFrameHandler3
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___std_type_info_destroy_list
__C_specific_handler
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameA
LoadStringW
DisableThreadLibraryCalls
FreeLibrary
GetModuleFileNameW
LoadLibraryExW
LoadResource
SizeofResource
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
CreateMutexExW
WaitForSingleObject
SetEvent
CreateEventExW
ReleaseMutex
AcquireSRWLockExclusive
OpenSemaphoreW
ReleaseSRWLockExclusive
ReleaseSemaphore
DeleteCriticalSection
InitializeCriticalSection
CreateSemaphoreExW
EnterCriticalSection
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
RaiseException
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TlsSetValue
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

oleaut32

VarUI4FromStr

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids

api-ms-win-core-com-l1-1-0

PropVariantClear
CLSIDFromString
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoCreateInstance
CoCreateGuid
CoTaskMemAlloc
CoTaskMemRealloc
CoWaitForMultipleHandles
StringFromGUID2

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-file-l1-1-0

GetFinalPathNameByHandleW
CreateFileW

api-ms-win-core-heap-l2-1-0

LocalFree

rpcrt4

RpcStringFreeW
RpcBindingCreateW
RpcBindingBind
I_RpcExceptionFilter
NdrClientCall3
UuidCreate
RpcBindingFree
RpcBindingSetAuthInfoExW
RpcMgmtInqServerPrincNameW
RpcEpResolveBinding
RpcBindingFromStringBindingW
RpcStringBindingComposeW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-featurestaging-l1-1-0

GetFeatureEnabledState
SubscribeFeatureStateChangeNotification
RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_List_SizeW
CM_MapCrToWin32Err
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_PropertyW
CM_Set_Device_Interface_PropertyW

api-ms-win-security-base-l1-1-0

FreeSid
EqualSid
CheckTokenMembership
CreateWellKnownSid
GetTokenInformation
AllocateAndInitializeSid

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateString

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-appmodel-runtime-l1-1-2

AppPolicyGetLifecycleManagement

ntdll

NtQueryInformationProcess
strnlen

mfsensorgroup

MFCreateSensorDeviceBlobByObject

bcrypt

BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCreateHash
BCryptHashData
BCryptCloseAlgorithmProvider
BCryptFinishHash

crypt32

CryptUnprotectData
CryptProtectData

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

cfgmgr32

CM_Get_Device_Interface_AliasW

api-ms-win-appmodel-runtime-l1-1-0

GetCurrentPackageFamilyName

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FsNVSDeviceSource.dll
.dll windows:10 windows x64 arch:x64

8a2538f759f5d6f4cf2c29907de4fa5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FsNVSDeviceSource.pdb

Imports

api-ms-win-crt-string-l1-1-0

wcsnlen
wcsncmp
strnlen
memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__gcvt_s
_o__gmtime64_s
_o__i64toa_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__ltoa_s
_o__mbstrlen
_o__mkgmtime64
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_asctime
_o_free
_o_malloc
_o_strncat_s
_o_strncpy_s
_o_wcscpy_s
_o_wcstol
__C_specific_handler
__CxxFrameHandler3
_o__difftime64
_o__crt_atexit
_o__configure_narrow_argv
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__callnewh
wcsstr
__std_terminate
__CxxFrameHandler4
_CxxThrowException
memcmp
memcpy
_o__ultoa_s

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleExW
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
CreateMutexExW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids

api-ms-win-core-com-l1-1-0

PropVariantClear
CoCreateInstance
CoTaskMemFree
PropVariantCopy
CoTaskMemAlloc

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-devices-config-l1-1-1

CM_Get_DevNode_PropertyW
CM_Get_Device_Interface_PropertyW
CM_MapCrToWin32Err
CM_Locate_DevNodeW

oleaut32

SysFreeString

api-ms-win-security-credentials-l1-1-0

CredReadW
CredWriteW
CredFree
CredDeleteW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

mfplat

MFCreateMediaEvent
MFCreateAsyncResult
MFCreateEventQueue
MFAllocateSerialWorkQueue
MFCreateSourceResolver
MFShutdown
MFStartup
MFInvokeCallback
MFUnlockWorkQueue
MFCreateMediaType
MFGetSystemTime
MFCreatePresentationDescriptor
MFCreateStreamDescriptor
MFCreateAttributes

propsys

PSCreateMemoryPropertyStore

ext-ms-win-core-iuri-l1-1-0

CreateUri

mfsensorgroup

MFCreateSensorProfile
MFGetSensorDeviceRegistryProperty
MFCreateSensorProfileCollection

cfgmgr32

CM_Get_Device_Interface_AliasW

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister

api-ms-win-core-registry-l1-1-0

RegGetValueW

bcrypt

BCryptDestroyHash
BCryptGenRandom
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider

ws2_32

InetPtonW
WSAGetLastError

api-ms-win-core-featurestaging-l1-1-0

SubscribeFeatureStateChangeNotification
RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification

webservices

WsCreateServiceProxy
WsOpenServiceProxy
WsCloseServiceProxy
WsFreeHeap
WsFreeWriter
WsGetErrorProperty
WsGetErrorString
WsAddCustomHeader
WsCreateChannel
WsFreeChannel
WsResetChannel
WsAbortChannel
WsOpenChannel
WsWriteXmlBufferToBytes
WsSetChannelProperty
WsGetChannelProperty
WsReadMessageStart
WsReadMessageEnd
WsWriteMessageStart
WsWriteMessageEnd
WsAbandonMessage
WsShutdownSessionChannel
WsFreeError
WsCreateHeap
WsCreateError
WsReadXmlBufferFromBytes
WsResetHeap
WsFreeReader
WsCreateWriter
WsCall
WsCloseChannel
WsCreateReader
WsFreeServiceProxy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain

Sections

.text
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 516KB - Virtual size: 513KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eShims.dll
.dll windows:10 windows x64 arch:x64

2cc5df11709c692a9c6355076bc311a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

eshims.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
strncmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__itow_s
_o__register_onexit_function
_o__seh_filter_dll
_o__splitpath_s
_o__strnicmp
memmove
_o__wcsicmp
_o__wcsnicmp
_o__wsplitpath_s
_o_calloc
_o_free
_o_isalpha
_o_iswascii
_o_malloc
_o_memcpy_s
_o_realloc
_o_wcscpy_s
_o___stdio_common_vswprintf
_o__cexit
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcsstr
wcsrchr
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_CxxThrowException
memcpy
_o__stricmp

api-ms-win-downlevel-user32-l1-1-0

CharNextA
CharPrevA

api-ms-win-downlevel-shlwapi-l1-1-0

PathFindFileNameW
StrCmpICA
StrCmpICW
StrCmpCW
StrCmpNIA
StrDupA

api-ms-win-downlevel-ole32-l1-1-0

CoTaskMemRealloc
CoUninitialize
CoTaskMemFree
CoInitializeEx

api-ms-win-downlevel-advapi32-l1-1-0

GetFileSecurityW
GetAce
IsValidSid
RegSetValueExW
RegCreateKeyExW
GetSidSubAuthorityCount
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetSidSubAuthority
GetSecurityDescriptorSacl
EventWriteEx
EventUnregister
EventRegister

api-ms-win-downlevel-version-l1-1-0

VerQueryValueW

ntdll

RtlFreeHeap
ZwOpenFile
RtlInitAnsiString
RtlCompareUnicodeString
ZwMapViewOfSection
RtlUnicodeStringToAnsiString
RtlImageNtHeader
RtlFreeUnicodeString
ZwCreateSection
RtlDosPathNameToNtPathName_U_WithStatus
NtQueryObject
RtlCaptureStackBackTrace
RtlCaptureContext
RtlLookupFunctionEntry
RtlAllocateHeap
RtlAnsiStringToUnicodeString
ZwClose
RtlVirtualUnwind
ZwUnmapViewOfSection

api-ms-win-core-localization-l1-2-0

IsDBCSLeadByte
GetCPInfo
FormatMessageW

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
TlsAlloc
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
GetModuleHandleExW
GetModuleHandleA
FreeLibrary
GetModuleFileNameA
GetModuleHandleW
GetModuleFileNameW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
EnterCriticalSection
DeleteCriticalSection
CreateSemaphoreExW
CreateMutexExW
LeaveCriticalSection
OpenSemaphoreW
ReleaseSemaphore
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryA
GetSystemTimeAsFileTime

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA

oleaut32

SysAllocString
SysFreeString

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-eventing-provider-l1-1-0

EventSetInformation

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA
LoadLibraryW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery

api-ms-win-core-processthreads-l1-1-2

QueryProtectedPolicy

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW

api-ms-win-core-psapi-l1-1-0

K32EnumProcessModules

userenv

GetAppContainerRegistryLocation

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-rtcore-ntuser-window-l1-1-0

AllowSetForegroundWindow
GetPropW

iertutil

ord594
ord597
ord793
ord398
ord58
ord854
ord855
ord791

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

IEShims_CreateFileW
IEShims_FindClose
IEShims_FindFirstFileW
IEShims_GetFileAttributesExW
IEShims_GetFileAttributesW
IEShims_GetFullPathNameW
IEShims_GetLongPathNameW
IEShims_Initialize
IEShims_Uninitialize
IEShims_WNetGetConnectionW
RegisterFlashShimHandler

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mrdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eUICCsCSP.dll
.dll windows:10 windows x64 arch:x64

e1efd337992f3343973d308dbcf0df74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

eUICCsCSP.pdb

Imports

msvcp_win

?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o_ceilf
_o_free
_o_malloc
_o_memcpy_s
_o_wcstoul
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
__std_terminate
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExA
LoadStringW
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA
GetProcAddress

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
CreateEventW
EnterCriticalSection
SetEvent
LeaveCriticalSection
InitializeCriticalSection
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoCreateInstance

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlQueryWnfStateData

wwapi

WwanOpenHandle
WwanQueryInterface
WwanCloseHandle
WwanFreeMemory
WwanEnumerateInterfaces
WwanSetInterface
WwanRegisterNotification

luiapi

LuiDisableProfile
LuiEnableProfile
LuiRegisterForAllProfileNotifications
LuiRegisterForEsimNotifications
LuiRegisterForAllEnterpriseProfileNotifications
LuiRegisterForEnterpriseEsimNotifications
LuiOpenHandle
LuiRegisterForLpaNotifications
LuiCloseHandle
LuiDeleteProfile
LuiSetEsimPolicy
LuiWipeEsim
LuiAddProfile
LuiDownloadServer

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
esent.dll
.dll regsvr32 windows:10 windows x64 arch:x64

b24ff7866552a6b9769133201a264c27

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

esent.pdb

Imports

msvcrt

_strtoui64
time
memmove_s
_wfullpath
iswalpha
strtoul
strtok_s
isupper
wcspbrk
_vsnwprintf
strstr
bsearch
qsort
realloc
wcsncmp
_wmakepath_s
_wsplitpath_s
isdigit
wcsrchr
modf
_wcsnicmp
wprintf
_itoa_s
isprint
_vsnprintf
rand_s
wcstok_s
_wcstoi64
_wtoi64
tolower
_lock
_unlock
vprintf
__dllonexit
_onexit
_amsg_exit
fclose
fflush
fprintf
swprintf_s
strpbrk
_initterm
memset
_wfopen_s
wcsstr
wcstol
strncmp
_wcstoui64
sprintf_s
wcscspn
wcschr
strrchr
_wcsicmp
_snprintf_s
memmove
_strnicmp
_ultoa_s
_stricmp
swscanf_s
memcpy
strchr
malloc
free
isalpha
memcmp
strcspn
printf
iswprint
rand
_wtol
iscntrl
memcpy_s
__iob_func
__C_specific_handler
_purecall
isxdigit
strcmp

ntdll

RtlCaptureContext
RtlCaptureStackBackTrace
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
TerminateProcess
CreateThread
CreateProcessW
GetExitCodeThread
TlsFree
GetCurrentProcessId
TlsSetValue
GetCurrentProcess
GetCurrentThreadId
TlsAlloc
SetThreadPriority
SetThreadPriorityBoost
TlsGetValue
OpenThread
ResumeThread

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
DisableThreadLibraryCalls
FreeLibrary

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapDestroy
HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-sysinfo-l1-1-0

GetLogicalProcessorInformationEx
GetSystemWindowsDirectoryW
GetLocalTime
GetSystemInfo
GetVersionExW
GetTickCount
GlobalMemoryStatusEx
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetSystemTime

api-ms-win-core-memory-l1-1-0

OpenFileMappingW
UnmapViewOfFile
MapViewOfFile
VirtualProtect
VirtualFree
CreateFileMappingW
VirtualAlloc
VirtualQueryEx
MapViewOfFileEx

api-ms-win-core-memory-l1-1-1

CreateMemoryResourceNotification
VirtualUnlock
QueryMemoryResourceNotification

api-ms-win-core-handle-l1-1-0

CloseHandle
SetHandleInformation
DuplicateHandle

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-file-l1-1-0

ReadFileScatter
WriteFile
WriteFileGather
CreateFileW
GetFileSizeEx
SetFileInformationByHandle
SetFileValidData
GetFileAttributesW
GetFinalPathNameByHandleW
GetVolumePathNameW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetTempFileNameW
SetEndOfFile
CreateDirectoryW
RemoveDirectoryW
DeleteFileW
ReadFile
SetFilePointerEx
GetDriveTypeW
GetFullPathNameW
GetFileInformationByHandle
FindFirstVolumeW
GetVolumeInformationW
FindNextVolumeW
FindVolumeClose
FlushFileBuffers
FindFirstFileW
FindNextFileW
FindClose

api-ms-win-core-synch-l1-1-0

CreateMutexW
SetEvent
ReleaseMutex
CreateEventW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
SleepEx
WaitForSingleObjectEx
ResetEvent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
OpenMutexW
WaitForSingleObject
OpenEventW
WaitForMultipleObjectsEx

api-ms-win-core-io-l1-1-0

GetQueuedCompletionStatus
PostQueuedCompletionStatus
DeviceIoControl
GetOverlappedResult
CreateIoCompletionPort

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringA

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
LCMapStringW
LocaleNameToLCID
GetLocaleInfoW
FormatMessageW
LCMapStringEx

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
Sleep

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetThreadIdealProcessorEx

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx
MoveFileExW
CopyFileExW

api-ms-win-core-file-l2-1-1

OpenFileById

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo

api-ms-win-core-errorhandling-l1-1-3

SetThreadErrorMode

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-privateprofile-l1-1-0

GetProfileStringW

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
GetSystemPowerStatus

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterMemoryBlock

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DebugExtensionInitialize
DebugExtensionNotify
DebugExtensionUninitialize
DllRegisterServer
JetAddColumn
JetAddColumnA
JetAddColumnW
JetAttachDatabase
JetAttachDatabase2
JetAttachDatabase2A
JetAttachDatabase2W
JetAttachDatabase3
JetAttachDatabase3A
JetAttachDatabase3W
JetAttachDatabaseA
JetAttachDatabaseW
JetAttachDatabaseWithStreaming
JetAttachDatabaseWithStreamingA
JetAttachDatabaseWithStreamingW
JetBackup
JetBackupA
JetBackupInstance
JetBackupInstanceA
JetBackupInstanceW
JetBackupW
JetBeginDatabaseIncrementalReseed
JetBeginDatabaseIncrementalReseedA
JetBeginDatabaseIncrementalReseedW
JetBeginExternalBackup
JetBeginExternalBackupInstance
JetBeginSession
JetBeginSessionA
JetBeginSessionW
JetBeginSurrogateBackup
JetBeginTransaction
JetBeginTransaction2
JetBeginTransaction3
JetCloseDatabase
JetCloseFile
JetCloseFileInstance
JetCloseTable
JetCommitTransaction
JetCommitTransaction2
JetCompact
JetCompactA
JetCompactW
JetComputeStats
JetConfigureProcessForCrashDump
JetConsumeLogData
JetConvertDDL
JetConvertDDLA
JetConvertDDLW
JetCreateDatabase
JetCreateDatabase2
JetCreateDatabase2A
JetCreateDatabase2W
JetCreateDatabase3
JetCreateDatabase3A
JetCreateDatabase3W
JetCreateDatabaseA
JetCreateDatabaseW
JetCreateDatabaseWithStreaming
JetCreateDatabaseWithStreamingA
JetCreateDatabaseWithStreamingW
JetCreateEncryptionKey
JetCreateIndex
JetCreateIndex2
JetCreateIndex2A
JetCreateIndex2W
JetCreateIndex3A
JetCreateIndex3W
JetCreateIndex4A
JetCreateIndex4W
JetCreateIndexA
JetCreateIndexW
JetCreateInstance
JetCreateInstance2
JetCreateInstance2A
JetCreateInstance2W
JetCreateInstanceA
JetCreateInstanceW
JetCreateTable
JetCreateTableA
JetCreateTableColumnIndex
JetCreateTableColumnIndex2
JetCreateTableColumnIndex2A
JetCreateTableColumnIndex2W
JetCreateTableColumnIndex3A
JetCreateTableColumnIndex3W
JetCreateTableColumnIndex4A
JetCreateTableColumnIndex4W
JetCreateTableColumnIndex5A
JetCreateTableColumnIndex5W
JetCreateTableColumnIndexA
JetCreateTableColumnIndexW
JetCreateTableW
JetDBUtilities
JetDBUtilitiesA
JetDBUtilitiesW
JetDatabaseScan
JetDefragment
JetDefragment2
JetDefragment2A
JetDefragment2W
JetDefragment3
JetDefragment3A
JetDefragment3W
JetDefragmentA
JetDefragmentW
JetDelete
JetDeleteColumn
JetDeleteColumn2
JetDeleteColumn2A
JetDeleteColumn2W
JetDeleteColumnA
JetDeleteColumnW
JetDeleteIndex
JetDeleteIndexA
JetDeleteIndexW
JetDeleteTable
JetDeleteTable2
JetDeleteTable2A
JetDeleteTable2W
JetDeleteTableA
JetDeleteTableW
JetDetachDatabase
JetDetachDatabase2
JetDetachDatabase2A
JetDetachDatabase2W
JetDetachDatabaseA
JetDetachDatabaseW
JetDupCursor
JetDupSession
JetEnableMultiInstance
JetEnableMultiInstanceA
JetEnableMultiInstanceW
JetEndDatabaseIncrementalReseed
JetEndDatabaseIncrementalReseedA
JetEndDatabaseIncrementalReseedW
JetEndExternalBackup
JetEndExternalBackupInstance
JetEndExternalBackupInstance2
JetEndSession
JetEndSurrogateBackup
JetEnumerateColumns
JetEscrowUpdate
JetExternalRestore
JetExternalRestore2
JetExternalRestore2A
JetExternalRestore2W
JetExternalRestoreA
JetExternalRestoreW
JetFreeBuffer
JetGetAttachInfo
JetGetAttachInfoA
JetGetAttachInfoInstance
JetGetAttachInfoInstanceA
JetGetAttachInfoInstanceW
JetGetAttachInfoW
JetGetBookmark
JetGetColumnInfo
JetGetColumnInfoA
JetGetColumnInfoW
JetGetCounter
JetGetCurrentIndex
JetGetCurrentIndexA
JetGetCurrentIndexW
JetGetCursorInfo
JetGetDatabaseFileInfo
JetGetDatabaseFileInfoA
JetGetDatabaseFileInfoW
JetGetDatabaseInfo
JetGetDatabaseInfoA
JetGetDatabaseInfoW
JetGetDatabasePages
JetGetErrorInfoW
JetGetIndexInfo
JetGetIndexInfoA
JetGetIndexInfoW
JetGetInstanceInfo
JetGetInstanceInfoA
JetGetInstanceInfoW
JetGetInstanceMiscInfo
JetGetLS
JetGetLock
JetGetLogFileInfo
JetGetLogFileInfoA
JetGetLogFileInfoW
JetGetLogInfo
JetGetLogInfoA
JetGetLogInfoInstance
JetGetLogInfoInstance2
JetGetLogInfoInstance2A
JetGetLogInfoInstance2W
JetGetLogInfoInstanceA
JetGetLogInfoInstanceW
JetGetLogInfoW
JetGetMaxDatabaseSize
JetGetObjectInfo
JetGetObjectInfoA
JetGetObjectInfoW
JetGetPageInfo
JetGetPageInfo2
JetGetRBSFileInfoA
JetGetRBSFileInfoW
JetGetRecordPosition
JetGetRecordSize
JetGetRecordSize2
JetGetRecordSize3
JetGetResourceParam
JetGetSecondaryIndexBookmark
JetGetSessionInfo
JetGetSessionParameter
JetGetSystemParameter
JetGetSystemParameterA
JetGetSystemParameterW
JetGetTableColumnInfo
JetGetTableColumnInfoA
JetGetTableColumnInfoW
JetGetTableIndexInfo
JetGetTableIndexInfoA
JetGetTableIndexInfoW
JetGetTableInfo
JetGetTableInfoA
JetGetTableInfoW
JetGetThreadStats
JetGetTruncateLogInfoInstance
JetGetTruncateLogInfoInstanceA
JetGetTruncateLogInfoInstanceW
JetGetVersion
JetGotoBookmark
JetGotoPosition
JetGotoSecondaryIndexBookmark
JetGrowDatabase
JetIdle
JetIndexRecordCount
JetIndexRecordCount2
JetInit
JetInit2
JetInit3
JetInit3A
JetInit3W
JetInit4
JetInit4A
JetInit4W
JetIntersectIndexes
JetMakeKey
JetMove
JetOSSnapshotAbort
JetOSSnapshotEnd
JetOSSnapshotFreeze
JetOSSnapshotFreezeA
JetOSSnapshotFreezeW
JetOSSnapshotGetFreezeInfo
JetOSSnapshotGetFreezeInfoA
JetOSSnapshotGetFreezeInfoW
JetOSSnapshotPrepare
JetOSSnapshotPrepareInstance
JetOSSnapshotThaw
JetOSSnapshotTruncateLog
JetOSSnapshotTruncateLogInstance
JetOnlinePatchDatabasePage
JetOpenDatabase
JetOpenDatabaseA
JetOpenDatabaseW
JetOpenFile
JetOpenFileA
JetOpenFileInstance
JetOpenFileInstanceA
JetOpenFileInstanceW
JetOpenFileSectionInstance
JetOpenFileSectionInstanceA
JetOpenFileSectionInstanceW
JetOpenFileW
JetOpenTable
JetOpenTableA
JetOpenTableW
JetOpenTempTable
JetOpenTempTable2
JetOpenTempTable3
JetOpenTemporaryTable
JetOpenTemporaryTable2
JetPatchDatabasePages
JetPatchDatabasePagesA
JetPatchDatabasePagesW
JetPrepareToCommitTransaction
JetPrepareUpdate
JetPrereadColumnsByReference
JetPrereadIndexRange
JetPrereadIndexRanges
JetPrereadKeys
JetPrereadTablesW
JetRBSCancelRevert
JetRBSExecuteRevert
JetRBSPrepareRevert
JetReadFile
JetReadFileInstance
JetRegisterCallback
JetRemoveLogfileA
JetRemoveLogfileW
JetRenameColumn
JetRenameColumnA
JetRenameColumnW
JetRenameTable
JetRenameTableA
JetRenameTableW
JetResetCounter
JetResetSessionContext
JetResetTableSequential
JetResizeDatabase
JetRestore
JetRestore2
JetRestore2A
JetRestore2W
JetRestoreA
JetRestoreInstance
JetRestoreInstanceA
JetRestoreInstanceW
JetRestoreW
JetRetrieveColumn
JetRetrieveColumnByReference
JetRetrieveColumnFromRecordStream
JetRetrieveColumns
JetRetrieveKey
JetRetrieveTaggedColumnList
JetRollback
JetSeek
JetSetColumn
JetSetColumnDefaultValue
JetSetColumnDefaultValueA
JetSetColumnDefaultValueW
JetSetColumns
JetSetCurrentIndex
JetSetCurrentIndex2
JetSetCurrentIndex2A
JetSetCurrentIndex2W
JetSetCurrentIndex3
JetSetCurrentIndex3A
JetSetCurrentIndex3W
JetSetCurrentIndex4
JetSetCurrentIndex4A
JetSetCurrentIndex4W
JetSetCurrentIndexA
JetSetCurrentIndexW
JetSetCursorFilter
JetSetDatabaseSize
JetSetDatabaseSizeA
JetSetDatabaseSizeW
JetSetIndexRange
JetSetLS
JetSetMaxDatabaseSize
JetSetResourceParam
JetSetSessionContext
JetSetSessionParameter
JetSetSystemParameter
JetSetSystemParameterA
JetSetSystemParameterW
JetSetTableInfo
JetSetTableInfoA
JetSetTableInfoW
JetSetTableSequential
JetSnapshotStart
JetSnapshotStartA
JetSnapshotStartW
JetSnapshotStop
JetStopBackup
JetStopBackupInstance
JetStopService
JetStopServiceInstance
JetStopServiceInstance2
JetStreamRecords
JetTerm
JetTerm2
JetTestHook
JetTracing
JetTruncateLog
JetTruncateLogInstance
JetUnregisterCallback
JetUpdate
JetUpdate2
JetUpgradeDatabase
JetUpgradeDatabaseA
JetUpgradeDatabaseW
ese
rgEDBGGlobals

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 612KB - Virtual size: 609KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cachelin
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
esentprf.dll
.dll windows:10 windows x64 arch:x64

3bf2e5ad015e66e21a11ab9795ac3dcd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ESENTPRF.pdb

Imports

msvcrt

wcschr
malloc
_onexit
_lock
qsort
memcpy
free
__dllonexit
wcstok_s
wcstoul
_wcsicmp
_vsnwprintf
_unlock
__C_specific_handler
_amsg_exit
_callnewh
_initterm
bsearch
_XcptFilter
memset

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
MapViewOfFile

api-ms-win-core-synch-l1-1-0

ReleaseMutex
WaitForSingleObject
OpenMutexW
SetEvent
ResetEvent
CreateMutexW
OpenEventW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
RegQueryValueExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-eventlog-legacy-l1-1-0

DeregisterEventSource

Exports

Exports

ClosePerformanceData
CollectPerformanceData
OpenPerformanceData

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
esevss.dll
.dll windows:10 windows x64 arch:x64

7954ca5576aefd644cd0b7ee48815eda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

esevss.pdb

Imports

msvcrt

free
_unlock
_XcptFilter
_purecall
wcsrchr
wcscpy_s
_wcsicmp
_vsnwprintf
__dllonexit
_onexit
memcpy
malloc
wcsncmp
_vsnprintf
strrchr
memmove_s
_wfullpath
_wsplitpath_s
_initterm
iswalpha
_wcsnicmp
swprintf_s
rand_s
wcspbrk
_wtol
strcspn
isprint
vprintf
strstr
strtoul
__C_specific_handler
_wmakepath_s
_lock
_amsg_exit
wprintf
memset

api-ms-win-core-file-l1-1-0

FindFirstFileW
GetFinalPathNameByHandleW
GetVolumePathNameW
CreateFileW
FindClose

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeEx

rpcrt4

RpcStringFreeW
UuidToStringW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
Sleep
WakeAllConditionVariable

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

esent

JetInit3W
JetGetDatabaseFileInfoW
JetTerm2
JetSetSystemParameterW

kernel32

GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
ReadFileScatter
WriteFileGather
ReadFile
SetEndOfFile
GetFileSizeEx
SetFileInformationByHandle
SetFileValidData
RtlCaptureStackBackTrace
SetEvent
CreateMutexW
GetSystemWindowsDirectoryW
ReleaseMutex
WriteFile
SetFilePointerEx
OutputDebugStringA
GetLocalTime
GetModuleHandleW
SetThreadErrorMode
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleFileNameW
GetVersionExW
SetConsoleCtrlHandler
ReleaseSemaphore
GetThreadIdealProcessorEx
GetLogicalProcessorInformationEx
InitializeCriticalSectionAndSpinCount
VirtualQueryEx
GetProcessHeap
HeapDestroy
HeapSetInformation
SetLastError
GetNativeSystemInfo
GetSystemInfo
GlobalMemoryStatusEx
HeapAlloc
HeapFree
VirtualAlloc
VirtualFree
VirtualProtect
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
FormatMessageW
LocalFree
GetFileAttributesW
GetDiskFreeSpaceExW
GetVolumeNameForVolumeMountPointW
DeviceIoControl
GetFileAttributesExW
GetTempFileNameW
CreateDirectoryW
RemoveDirectoryW
DeleteFileW
MoveFileExW
CopyFileExW
SetHandleInformation
GetFileInformationByHandle
CreateEventW
GetOverlappedResult
FlushFileBuffers
FindNextFileW
LCMapStringEx
OpenFileById
FindVolumeClose
FindNextVolumeW
GetVolumeInformationW
FindFirstVolumeW
GetFileInformationByHandleEx
GetFullPathNameW
WaitForSingleObject
OpenThread
GetDriveTypeW
GetWindowsDirectoryW
DebugBreak
WaitForSingleObjectEx
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TlsAlloc
TlsSetValue
TlsFree
GetExitCodeThread
TlsGetValue
LocalAlloc
DuplicateHandle
GetCurrentThread
SleepEx
CreateThread
SetThreadPriority
SetThreadPriorityBoost
ResumeThread
IsProcessorFeaturePresent
QueryPerformanceFrequency
GetSystemTime

vssapi

CreateWriter
CreateVssBackupComponentsInternal
VssFreeSnapshotPropertiesInternal

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive

Exports

Exports

EseShadowCreateShadow
EseShadowCreateSimpleShadow
EseShadowInit
EseShadowMountShadow
EseShadowMountSimpleShadow
EseShadowPurgeShadow
EseShadowTerm
VssIdToString

Sections

.text
Size: 244KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eventcls.dll
.dll regsvr32 windows:10 windows x64 arch:x64

dd6ec004ac2563065bb68f84f0e860f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

eventcls.pdb

Imports

msvcrt

??3@YAXPEAX@Z
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
free
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
__C_specific_handler
_purecall
__CxxFrameHandler4

atl

ord22
ord32
ord16
ord21
ord15
ord18
ord23

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSection

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

vsstrace

ord1
ord14
ord2

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
evr.dll
.dll regsvr32 windows:10 windows x64 arch:x64

7b989a8696496f6c0e9ec255840a1fc4

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

91:fe:d4:dc:b3:88:77:f9:74:38:35:10:6c:36:a8:ab:68:4d:33:09:0d:ee:4a:ba:b0:4d:0f:d3:57:b9:07:14
Signer

Actual PE Digest

91:fe:d4:dc:b3:88:77:f9:74:38:35:10:6c:36:a8:ab:68:4d:33:09:0d:ee:4a:ba:b0:4d:0f:d3:57:b9:07:14

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

EVR.pdb

Imports

msvcp_win

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QEBA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Xlength_error@std@@YAXPEBD@Z
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?flags@ios_base@std@@QEBAHXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_ceil
_o_floor
_o_free
_o_malloc
_o_realloc
_o_sqrt
_o_sqrtf
__C_specific_handler
__std_type_info_compare
_o__crt_atexit
_o__configure_narrow_argv
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__callnewh
__std_terminate
__CxxFrameHandler4
_CxxThrowException
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcscmp
memset

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
CreateMutexExW
LeaveCriticalSection
WaitForSingleObject
CreateEventA
ReleaseMutex
WaitForSingleObjectEx
CreateEventW
EnterCriticalSection
SetEvent
DeleteCriticalSection
ReleaseSemaphore
CreateSemaphoreExW
ResetEvent
OpenSemaphoreW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadLibraryExW
LoadLibraryExA
FreeLibrary
GetModuleHandleExW
GetProcAddress
GetModuleFileNameW
FreeLibraryAndExitThread
GetModuleFileNameA
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetExitCodeThread
GetCurrentProcessId
GetCurrentProcess
SetThreadPriority
GetCurrentThreadId
CreateThread

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
LoadLibraryA

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegQueryInfoKeyW
RegQueryValueExW
RegEnumKeyExW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetTickCount
GetVersionExW

api-ms-win-core-com-l1-1-0

CoUninitialize
CoTaskMemAlloc
CoFreeUnusedLibraries
CoTaskMemFree
PropVariantClear
PropVariantCopy
CoInitializeEx
CoCreateInstance
StringFromGUID2

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus

api-ms-win-power-setting-l1-1-0

PowerReadACValue
PowerReadDCValue
PowerGetActiveScheme

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

rtworkq

RtwqSetLongRunning
RtwqCancelDeadline
RtwqSetDeadline

ntdll

RtlNtStatusToDosError

bcrypt

BCryptDestroyKey
BCryptVerifySignature
BCryptImportKeyPair
BCryptCreateHash
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptHashData

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
MFConvertColorInfoFromDXVA
MFConvertColorInfoToDXVA
MFConvertFromFP16Array
MFConvertToFP16Array
MFCopyImage
MFCreateDXSurfaceBuffer
MFCreateVideoMediaType
MFCreateVideoMediaTypeFromBitMapInfoHeader
MFCreateVideoMediaTypeFromSubtype
MFCreateVideoMediaTypeFromVideoInfoHeader
MFCreateVideoMediaTypeFromVideoInfoHeader2
MFCreateVideoMixer
MFCreateVideoMixerAndPresenter
MFCreateVideoOTA
MFCreateVideoPresenter
MFCreateVideoPresenter2
MFCreateVideoSampleAllocator
MFCreateVideoSampleFromSurface
MFGetPlaneSize
MFGetStrideForBitmapInfoHeader
MFGetUncompressedVideoFormat
MFInitVideoFormat
MFInitVideoFormat_RGB
MFIsFormatYUV

Sections

.text
Size: 568KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
execmodelproxy.dll
.dll windows:10 windows x64 arch:x64

8954ab433db3de3d4ecc70f66fdd2d3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ExecModelProxy.pdb

Imports

msvcrt

free
_amsg_exit
__C_specific_handler
_initterm
malloc
_XcptFilter

rpcrt4

IUnknown_Release_Proxy
NdrOleFree
NdrDllCanUnloadNow
NdrDllGetClassObject
IUnknown_QueryInterface_Proxy
NdrOleAllocate
IUnknown_AddRef_Proxy

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-com-midlproxystub-l1-1-0

NdrProxyForwardingFunction7
NdrProxyForwardingFunction3
NdrProxyForwardingFunction6
NdrProxyForwardingFunction11
NdrProxyForwardingFunction5
NdrProxyForwardingFunction9
ObjectStublessClient12
NdrProxyForwardingFunction8
NdrProxyForwardingFunction10
NdrProxyForwardingFunction4

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserUnmarshal
HSTRING_UserMarshal64
HSTRING_UserFree
HSTRING_UserSize64
HSTRING_UserFree64
HSTRING_UserMarshal
HSTRING_UserSize
HSTRING_UserUnmarshal64

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f1db7d81-95be-4911-935a-8ab71629112a_HyperV-IsolatedVM.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:53:8d:59:82:23:87:c0:2a:78:69:31:d1:5b:24:fe:f7:b7:ae:40:0b:81:a6:ef:7c:fe:e1:8f:ef:60:18:81
Signer

Actual PE Digest

51:53:8d:59:82:23:87:c0:2a:78:69:31:d1:5b:24:fe:f7:b7:ae:40:0b:81:a6:ef:7c:fe:e1:8f:ef:60:18:81

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

f1db7d81-95be-4911-935a-8ab71629112a_HyperV-IsolatedVM.pdb

Sections

.rdata
Size: 4KB - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.apiset
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
f3ahvoas.dll
.dll windows:10 windows x64 arch:x64

ce89c7409de0e634da69add27856afe7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

f3ahvoas.pdb

Imports

win32u

NtUserNlsKbdSendIMENotification

Exports

Exports

FujitsuOyayubiControl
KbdLayerDescriptor
KbdNlsLayerDescriptor

Sections

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 118B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f989b52d-f928-44a3-9bf1-bf0c1da6a0d6_HyperV-DeviceVirtualization.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:80:44:57:bc:49:1a:f9:55:22:96:7b:cf:54:e0:62:fb:17:61:96:86:8d:90:45:89:86:3a:36:de:9a:0f:39
Signer

Actual PE Digest

2e:80:44:57:bc:49:1a:f9:55:22:96:7b:cf:54:e0:62:fb:17:61:96:86:8d:90:45:89:86:3a:36:de:9a:0f:39

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

f989b52d-f928-44a3-9bf1-bf0c1da6a0d6_HyperV-DeviceVirtualization.pdb

Sections

.rdata
Size: 4KB - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.apiset
Size: 4KB - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
facecredentialprovider.dll
.dll windows:10 windows x64 arch:x64

d1fe88e87e9be9faf20ec8c7fd11026f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

facecredentialprovider.pdb

Imports

msvcp_win

?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?width@ios_base@std@@QEBA_JXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?unshift@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?uncaught_exception@std@@YA_NXZ
?flags@ios_base@std@@QEBAHXZ
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?good@ios_base@std@@QEBA_NXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEBA?AVlocale@2@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?_Throw_Cpp_error@std@@YAXH@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
_Thrd_id
_Thrd_join
_Cnd_do_broadcast_at_thread_exit
_Query_perf_counter
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?imbue@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAK@Z
_Cnd_init_in_situ
_Cnd_broadcast
_Mtx_current_owns
_Cnd_timedwait
_Xtime_get_ticks
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGD@Z
??Bid@locale@std@@QEAA_KXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setf@ios_base@std@@QEAAHHH@Z
?fail@ios_base@std@@QEBA_NXZ
?clear@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??Bios_base@std@@QEBA_NXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
_Query_perf_frequency
?_Xbad_function_call@std@@YAXXZ
_Mtx_init_in_situ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
_Cnd_destroy_in_situ
_Mtx_unlock
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__beginthreadex
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__fseeki64
_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__lock_file
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o__unlock_file
_o__wcsicmp
_o__wcsnicmp
_o__wtoi
_o_ceilf
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fgetwc
_o_fputwc
_o_free
_o_fsetpos
_o_fwrite
_o_malloc
_o_setvbuf
_o_terminate
_o_ungetc
_o_ungetwc
_o_wcscpy_s
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

strcmp
wcscmp
memset

dsreg

DsrGetJoinInfo
DsrFreeJoinInfo

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameA
LoadResource
FindResourceExW
GetModuleHandleW
SizeofResource
GetProcAddress
GetModuleHandleExA
FreeLibrary
LoadLibraryExW
LoadStringW
LockResource
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

SetEvent
CreateEventW
InitializeSRWLock
ResetEvent
ReleaseSemaphore
CreateSemaphoreExW
InitializeCriticalSection
WaitForSingleObjectEx
OpenSemaphoreW
InitializeCriticalSectionEx
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
ReleaseMutex
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
CreateEventExW
CreateMutexW
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
GetLastError
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
ProcessIdToSessionId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
CreateProcessW

api-ms-win-core-localization-l1-2-0

GetThreadPreferredUILanguages
SetThreadPreferredUILanguages
GetThreadUILanguage
FormatMessageW
SetThreadUILanguage

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchAppend

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegDeleteTreeW
RegQueryInfoKeyW
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegEnumValueW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventActivityIdControl
EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoTaskMemAlloc
CoGetMalloc
CLSIDFromString
CoCreateFreeThreadedMarshaler
CoCreateGuid
CoUninitialize
CoWaitForMultipleHandles
CoCreateInstance
CoTaskMemFree
CoInitializeEx

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-security-base-l1-1-0

EqualSid
GetLengthSid
CopySid
IsValidSid
GetTokenInformation
IsWellKnownSid

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-synch-l1-2-0

InitializeConditionVariable
SleepConditionVariableCS
WakeConditionVariable
InitOnceBeginInitialize
InitOnceComplete
Sleep
InitOnceExecuteOnce

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError
GetRestrictedErrorInfo
RoOriginateErrorW
RoTransformError

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate
IsErrorPropagationEnabled

api-ms-win-core-file-l1-1-0

GetDiskFreeSpaceExW
CompareFileTime
GetFileAttributesW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
RtlGetDeviceFamilyInfoEnum
RtlUnsubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlAllocateWnfSerializationGroup
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData

api-ms-win-downlevel-shlwapi-l1-1-0

QISearch
PathFileExistsW

api-ms-win-downlevel-kernel32-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-downlevel-kernel32-l2-1-0

WTSGetActiveConsoleSessionId
GetSystemPowerStatus

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedFileLocationW
GetPersistedRegistryLocationW

credprovcommoncore

ord30

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx

mfplat

MFStartup
MFShutdown

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 416KB - Virtual size: 413KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fcon.dll
.dll windows:10 windows x64 arch:x64

0199764d0abd4e434fa6138fd8148c02

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fcon.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__stricmp
_o__wcsdup
_o__wcsicmp
memmove
_o_abort
_o_ceilf
_o_free
_o_iswspace
_o_malloc
_o_qsort
_o_realloc
_o_strtoul
_o_terminate
_o_wcscpy_s
_o_wcsncat_s
_o_wcsncpy_s
_o_wcstol
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o__cexit
_o__callnewh
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o__crt_atexit
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler3
_o__configure_narrow_argv
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
LoadLibraryExW
GetModuleHandleExA
FreeLibraryAndExitThread
GetModuleHandleExW
GetModuleFileNameA
FreeLibrary

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
InitializeSRWLock
EnterCriticalSection
WaitForSingleObjectEx
ReleaseSemaphore
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
ReleaseSRWLockShared
AcquireSRWLockExclusive
InitializeCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
CreateEventExW
ReleaseMutex
ReleaseSRWLockExclusive
OpenMutexW
CreateMutexExW
DeleteCriticalSection
AcquireSRWLockShared
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
ResumeThread
GetCurrentProcess
CreateThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation

api-ms-win-core-com-l1-1-0

CoTaskMemFree
StringFromGUID2
IIDFromString
CoCreateGuid
CoTaskMemAlloc
CoCreateInstance
CoTaskMemRealloc
CoGetApartmentType
CoCreateFreeThreadedMarshaler
PropVariantClear

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegDeleteKeyExW
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegFlushKey

rpcrt4

RpcBindingFromStringBindingW
UuidCreate
RpcStringBindingComposeW
RpcBindingFree
NdrClientCall3
RpcStringFreeW
RpcExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsCreateStringReference
WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCompareStringOrdinal

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW
RoTransformError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

ntdll

RtlUnsubscribeWnfNotificationWaitForCompletion
RtlPublishWnfStateData
NtQueryWnfStateData
RtlQueryFeatureConfigurationChangeStamp
RtlQueryFeatureConfiguration
RtlGetSystemBootStatus
RtlEqualUnicodeString
RtlInitUnicodeString
RtlIntegerToUnicodeString
ZwQueryKey
ZwOpenKeyEx
RtlQueryAllFeatureConfigurations
ZwEnumerateValueKey
ZwEnumerateKey
RtlFreeHeap
ZwQueryValueKey
ZwClose
RtlSetSystemBootStatus
RtlQueryFeatureUsageNotificationSubscriptions
RtlSetFeatureConfigurations
RtlSubscribeForFeatureUsageNotification
RtlUnsubscribeFromFeatureUsageNotifications
RtlIsStateSeparationEnabled
RtlQueryAllInternalFeatureConfigurations
RtlAllocateHeap
RtlSubscribeWnfStateChangeNotification

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-path-l1-1-0

PathAllocCombine

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegEnumKeyW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

msvcp_win

??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?flags@ios_base@std@@QEBAHXZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$ctype@G@std@@2V0locale@2@A
?widen@?$ctype@G@std@@QEBAGD@Z
?_Xbad_function_call@std@@YAXXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Xbad_alloc@std@@YAXXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z

api-ms-win-core-heap-l2-1-0

LocalFree

oleaut32

VariantClear
SysStringLen
SetErrorInfo
VariantInit
GetErrorInfo
SysFreeString
SysAllocString

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
FeatureTuning_WriteConfig
GetCtacPropertyAlloc
ModifyStagingControlVariants
ModifyStagingControls
SubscribeFeatureReporting
UnsubscribeFeatureReporting

Sections

.text
Size: 456KB - Virtual size: 455KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fdBth.dll
.dll windows:10 windows x64 arch:x64

b183a8ad8346c563ffd9c59652cb1a6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fdBth.pdb

Imports

msvcrt

memset
??1type_info@@UEAA@XZ
memcpy
_initterm
__C_specific_handler
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
malloc
free
wcschr
_wtoi
swscanf
_vsnwprintf
wcscmp

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlRbInsertNodeEx
RtlRbRemoveNode
RtlVirtualUnwind
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

ws2_32

WSACleanup
WSAStartup

api-ms-win-core-synch-l1-1-0

SetEvent
WaitForSingleObject
CreateEventW
ReleaseSRWLockExclusive
WaitForMultipleObjectsEx
InitializeSRWLock
AcquireSRWLockExclusive
CreateEventExW

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-heap-l1-1-0

HeapSize
HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
CreateThreadpoolWork
SubmitThreadpoolWork

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
CreateThread

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

rpcrt4

UuidFromStringW

api-ms-win-service-management-l1-1-0

OpenServiceW
OpenSCManagerW
CloseServiceHandle

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult
CancelIoEx

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

user32

RegisterClassExW
UnregisterClassW
DestroyWindow
PostMessageW
CreateWindowExW
DefWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
UnregisterDeviceNotification
PeekMessageW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjectsEx
RegisterDeviceNotificationW
KillTimer
SetTimer

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fdBthProxy.dll
.dll regsvr32 windows:10 windows x64 arch:x64

d4fa54fa14409e6b3c8dc85c6fe8377f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FdBthProxy.pdb

Imports

msvcrt

__C_specific_handler
_initterm
_amsg_exit
malloc
free
_XcptFilter

rpcrt4

NdrDllCanUnloadNow
NdrDllGetClassObject
NdrDllRegisterProxy
NdrOleAllocate
NdrDllUnregisterProxy
NdrOleFree

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fdPHost.dll
.dll windows:10 windows x64 arch:x64

4eec7b420a686c8d7b456b966d2e8561

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fdPHost.pdb

Imports

msvcrt

_initterm
__C_specific_handler
malloc
_amsg_exit
_XcptFilter
free
_callnewh

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
UnregisterTraceGuids
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
RegisterTraceGuidsW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
CreateEventW
EnterCriticalSection
ReleaseSRWLockExclusive
InitializeCriticalSection
InitializeSRWLock
SetEvent
AcquireSRWLockExclusive
DeleteCriticalSection

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventUnregister
EventEnabled
EventRegister

api-ms-win-core-com-l1-1-0

CoRegisterClassObject
CoGetClassObject
CoRevokeClassObject
CoFreeUnusedLibraries
CoDisconnectContext
CoCreateInstance

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
FreeLibrary

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

kernel32

UnregisterWait

combase

ord66
ord69
ord68
ord67

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fdPnp.dll
.dll windows:10 windows x64 arch:x64

d0d5f020c8c137a8126038fcd1711ba8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fdPnp.pdb

Imports

msvcrt

__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
_wcsicmp
wcsncmp
realloc
_purecall
free
memset
memcpy
memmove
wcscmp

atl

ord32
ord15
ord21
ord16
ord23
ord30

oleaut32

SysStringByteLen
SafeArrayGetDim
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreateVector
SafeArrayGetVartype
SafeArrayGetLBound
SafeArrayGetUBound
SysFreeString

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceLoggerHandle
GetTraceEnableLevel
UnregisterTraceGuids
TraceMessage

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

CreateEventW
ReleaseSRWLockExclusive
InitializeSRWLock
AcquireSRWLockExclusive
AcquireSRWLockShared
InitializeCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
ReleaseSRWLockShared

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateGuid
CoUninitialize
CoInitializeEx
CoTaskMemRealloc
IIDFromString
PropVariantClear
CoTaskMemFree
StringFromGUID2

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegEnumKeyExW

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
CreateThread
GetCurrentProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

CheckTokenMembership
FreeSid
AllocateAndInitializeSid

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

user32

CreateWindowExW
MsgWaitForMultipleObjects
RegisterDeviceNotificationW
PeekMessageW
DefWindowProcW
GetWindowLongPtrW
DestroyWindow
DispatchMessageW
RegisterClassExW
TranslateMessage
SetWindowLongPtrW
UnregisterClassW
UnregisterDeviceNotification

devobj

DevObjGetDeviceInterfacePropertyKeys
DevObjSetDeviceProperty
DevObjGetDevicePropertyKeys
DevObjCreateDeviceInfoList
DevObjSetDeviceInterfaceProperty
DevObjEnumDeviceInfo
DevObjDeleteDeviceInfo
DevObjEnumDeviceInterfaces
DevObjOpenDeviceInfo
DevObjOpenClassRegKey
DevObjGetClassDevs
DevObjGetDeviceInterfaceProperty
DevObjGetDeviceProperty
DevObjDestroyDeviceInfoList
DevObjGetDeviceInterfaceDetail
DevObjOpenDeviceInterface
DevObjGetDeviceInstanceId

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fdProxy.dll
.dll regsvr32 windows:10 windows x64 arch:x64

dab9beb092fc40522dc098a919b65ccc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fdProxy.pdb

Imports

api-ms-win-core-crt-l2-1-0

_initterm
_initterm_e

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

oleaut32

BSTR_UserUnmarshal64
LPSAFEARRAY_UserUnmarshal64
BSTR_UserMarshal64
LPSAFEARRAY_UserSize64
BSTR_UserMarshal
BSTR_UserFree64
BSTR_UserUnmarshal
LPSAFEARRAY_UserMarshal64
LPSAFEARRAY_UserFree64
BSTR_UserSize
BSTR_UserSize64
BSTR_UserFree
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserFree

rpcrt4

IUnknown_QueryInterface_Proxy
NdrStubForwardingFunction
NdrOleFree
NdrDllRegisterProxy
NdrDllGetClassObject
IUnknown_Release_Proxy
NdrDllCanUnloadNow
IUnknown_AddRef_Proxy
NdrOleAllocate
NdrStubCall3
NdrDllUnregisterProxy

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient7
NdrProxyForwardingFunction3
ObjectStublessClient5
ObjectStublessClient6
ObjectStublessClient4

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-crt-l1-1-0

__C_specific_handler

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fdSSDP.dll
.dll regsvr32 windows:10 windows x64 arch:x64

bc44eca56f492569776fa5aced1eb72a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fdSSDP.pdb

Imports

msvcrt

_lock
_initterm
_amsg_exit
_XcptFilter
_callnewh
wcsrchr
_strdup
time
srand
rand
wcstok_s
wcsstr
_wcsicmp
_stricmp
realloc
wcscat_s
malloc
free
__C_specific_handler
memmove_s
__dllonexit
_onexit
memmove
memcpy
memcmp
_unlock
_purecall
memcpy_s
_vsnwprintf
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
LoadResource
SizeofResource
GetModuleFileNameA
FindResourceExW
FreeLibrary
GetModuleHandleExW
DisableThreadLibraryCalls
GetProcAddress
LoadLibraryExW
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
InitializeCriticalSection
WaitForSingleObject
ReleaseSemaphore
ReleaseSRWLockExclusive
EnterCriticalSection
ReleaseMutex
SetEvent
InitializeCriticalSectionAndSpinCount
InitializeSRWLock
CreateSemaphoreExW
CreateEventW
LeaveCriticalSection
DeleteCriticalSection
AcquireSRWLockShared
WaitForSingleObjectEx
CreateMutexExW
OpenSemaphoreW
ReleaseSRWLockShared
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
HeapDestroy
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWorkCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWork
CloseThreadpool
CreateThreadpool
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolThreadMaximum
CreateThreadpoolWork
SubmitThreadpoolWork

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThread
OpenThreadToken
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
SetThreadToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

SysFreeString
SysStringLen
SysAllocString
VarUI4FromStr
SysAllocStringLen

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CoCreateInstance
PropVariantClear
CoSetProxyBlanket
CoImpersonateClient
CLSIDFromString
CoRevertToSelf
CoTaskMemFree

api-ms-win-core-string-l2-1-0

CharNextW
CharPrevW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegQueryValueExW

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect
VirtualAlloc

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceEnableFlags
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage

api-ms-win-security-base-l1-1-0

CheckTokenMembership
GetTokenInformation

iphlpapi

GetAdaptersInfo
ConvertInterfaceGuidToLuid

ws2_32

FreeAddrInfoW
WSAStartup
WSACleanup
GetAddrInfoW
inet_addr

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedFlushSList
InitializeSListHead
InterlockedPopEntrySList

winhttp

WinHttpOpen
WinHttpSetTimeouts
WinHttpCrackUrl
WinHttpCloseHandle
WinHttpSetStatusCallback
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpReadData

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-url-l1-1-0

PathIsURLW

kernel32

CreateTimerQueueTimer
CreateTimerQueue
lstrcpynW
DeleteTimerQueueTimer
DeleteTimerQueueEx
lstrcmpiW

ssdpapi

SsdpStartup
RegisterNotificationEx
FindServicesCallbackEx
DeregisterNotification
SsdpCleanup
FindServicesClose

wsdproviderutil

ord18
ord20
ord3
ord7
ord9
ord17
ord5
ord22
ord1
ord6
ord19
ord11

api-ms-win-devices-query-l1-1-1

DevGetObjectPropertiesEx

api-ms-win-devices-query-l1-1-0

DevFreeObjectProperties
DevFindProperty

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
FdphostSessionChange
FdphostSetComContext
FdphostSetSharedService

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fdWCN.dll
.dll windows:10 windows x64 arch:x64

50dd9fa8b7dadaa5a9e8a8c2d895bf3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fdWCN.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_atol
_o_free
_o_malloc
_o_wcscat_s
_o_wcscpy_s
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__C_specific_handler
__CxxFrameHandler4
__C_specific_handler_noexcept
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memmove_s
memset
wcsncmp
wcscmp

ntdll

EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
RtlLookupFunctionEntry
RtlVirtualUnwind
EtwUnregisterTraceGuids
RtlCaptureContext

api-ms-win-core-registry-l1-1-0

RegGetValueW

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemFree
PropVariantClear
IIDFromString
StringFromGUID2
CoGetObject

oleaut32

SysAllocString
SysFreeString

kernel32

CreateActCtxW
GlobalAlloc
lstrcmpW
DelayLoadFailureHook
LocalFree
CloseHandle
CreateFileW
GetFileSizeEx
ReadFile
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WideCharToMultiByte
GetLastError
GetTickCount64
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
LeaveCriticalSection
EnterCriticalSection
RaiseException
DisableThreadLibraryCalls
DeleteCriticalSection
InitializeCriticalSection
ActivateActCtx
SetLastError
GetModuleHandleExW
OutputDebugStringA
GetModuleFileNameW
FindActCtxSectionStringW
GetSystemDirectoryW
DeactivateActCtx
QueryActCtxW
FormatMessageW
LoadLibraryW
FreeLibrary
LoadLibraryExW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ResolveDelayLoadedAPI
GlobalFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fdWNet.dll
.dll regsvr32 windows:10 windows x64 arch:x64

8af4b24979ad9d07896c5b12350649f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fdWNet.pdb

Imports

msvcrt

malloc
_callnewh
_XcptFilter
_amsg_exit
_initterm
_lock
_unlock
__dllonexit
_onexit
memset
__C_specific_handler
realloc
free
wcschr
memmove
wcscmp

atl

ord57
ord18
ord15
ord21
ord16
ord32
ord23
ord30

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle

kernel32

RtlVirtualUnwind
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetTickCount
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
UnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcess
QueueUserWorkItem
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
MultiByteToWideChar
GlobalAlloc
GetComputerNameW
CreateEventW
DisableThreadLibraryCalls
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
GlobalFree
WaitForSingleObject
CloseHandle
InitializeCriticalSectionAndSpinCount
GetLastError

ole32

PropVariantClear
CoTaskMemAlloc
CoTaskMemFree
PropVariantCopy
CLSIDFromString

mpr

WNetEnumResourceW
WNetGetResourceParentW
WNetOpenEnumW
WNetCloseEnum
WNetGetLastErrorW
WNetGetProviderNameW

iphlpapi

ConvertInterfaceIndexToLuid
GetBestInterfaceEx
GetAdaptersAddresses

ws2_32

WSACleanup
FreeAddrInfoW
WSAGetLastError
WSAStartup
GetAddrInfoW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fdWSD.dll
.dll regsvr32 windows:10 windows x64 arch:x64

c9e4ae34c932486b0d60b59a592071fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fdWSD.pdb

Imports

msvcrt

_initterm
_amsg_exit
_XcptFilter
wcschr
time
__C_specific_handler
srand
memcpy
memcmp
rand
_wcsdup
_wcsnicmp
wcsrchr
_vsnwprintf
_wcsicmp
_purecall
realloc
wcscat_s
malloc
free
_callnewh
memset

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

oleaut32

VarUI4FromStr

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
GetTraceLoggerHandle
GetTraceEnableFlags
UnregisterTraceGuids
RegisterTraceGuidsW
TraceMessage

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
DisableThreadLibraryCalls
FindResourceExW
LoadResource
SizeofResource

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoRevertToSelf
CoImpersonateClient
CoSetProxyBlanket
CoInitializeEx
CoTaskMemAlloc
PropVariantCopy
CoTaskMemRealloc
CoUninitialize
PropVariantClear
CoTaskMemFree

api-ms-win-core-string-l2-1-0

CharNextW
CharPrevW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegEnumValueW
RegQueryValueExW
RegOpenKeyExA
RegCreateKeyExW
RegQueryInfoKeyW
RegGetValueW
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualAlloc
VirtualProtect

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemInfo
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
AcquireSRWLockShared
InitializeSRWLock
ReleaseSRWLockExclusive
CreateEventW
AcquireSRWLockExclusive
SetEvent
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
ResetEvent

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-heap-l1-1-0

HeapDestroy

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

GetTokenInformation
CheckTokenMembership

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentProcess
TerminateProcess
SetThreadToken
GetCurrentThread
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-threadpool-l1-2-0

CreateThreadpool
SetThreadpoolThreadMaximum
CreateThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpool
CloseThreadpoolWork
SubmitThreadpoolWork

ws2_32

WSACleanup
WSAStartup
GetAddrInfoW
FreeAddrInfoW

rpcrt4

UuidCreate

iphlpapi

ConvertInterfaceGuidToLuid

api-ms-win-core-localization-l1-2-0

GetSystemDefaultLCID

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
Sleep
SleepConditionVariableSRW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

kernel32

UnregisterWaitEx
lstrcmpiW
lstrcpynW
DeleteTimerQueueTimer
CreateTimerQueueTimer
CreateTimerQueue
DeleteTimerQueueEx

wsdapi

WSDCompareEndpoints
WSDCopyEndpoint
WSDCreateDiscoveryProvider2
WSDCreateMetadataAgent
WSDDetachLinkedMemory
WSDXMLGetValueFromAny
WSDFreeLinkedMemory
WSDXMLCreateContext
WSDXMLGetNameFromBuiltinNamespace
WSDCopyNameList
WSDNotifyNetworkChange
WSDCancelNetworkChangeNotify
WSDAddFirewallCheck
WSDRemoveFirewallCheck

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
FdphostSessionChange
FdphostSetComContext
FdphostSetSharedService

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fde.dll
.dll windows:10 windows x64 arch:x64

3678fde9ef3a969b5cf64e8fb8c24891

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fde.pdb

Imports

mfc42u

ord3790
ord1441
ord1647
ord2846
ord2629
ord1284
ord1287
ord1259
ord1261
ord4523
ord1906
ord549
ord999
ord2384
ord2328
ord2371
ord3182
ord6328
ord5077
ord4582
ord4771
ord4988
ord4371
ord3164
ord4077
ord4083
ord4082
ord3046
ord3166
ord3052
ord3366
ord3231
ord4815
ord3362
ord3243
ord3049
ord5699
ord2140
ord2457
ord5683
ord1736
ord5484
ord3933
ord6814
ord2060
ord2670
ord4789
ord5227
ord4017
ord5709
ord4694
ord6812
ord5586
ord2399
ord5663
ord4752
ord1777
ord4365
ord6437
ord2517
ord5406
ord5246
ord4722
ord5687
ord4699
ord5352
ord5382
ord5114
ord5304
ord5583
ord5585
ord5584
ord1124
ord659
ord1063
ord4214
ord2752
ord1426
ord3916
ord4770
ord4983
ord3534
ord6053
ord5711
ord5730
ord5065
ord4368
ord5724
ord5722
ord3468
ord2412
ord5615
ord1388
ord4191
ord286
ord2515
ord2559
ord4836
ord6813
ord4046
ord1262
ord1264
ord2849
ord4521
ord1263
ord6705
ord6708
ord6706
ord4436
ord1286
ord2781
ord4599
ord2393
ord337
ord852
ord2422
ord2023
ord4542
ord2589
ord6440
ord1778
ord4743
ord5712
ord5229
ord3535
ord3751
ord665
ord832
ord3894
ord1035
ord2586
ord4741
ord3743
ord822
ord3774
ord867
ord4131
ord2094
ord6632
ord6102
ord6612
ord6614
ord2329
ord4557
ord2906
ord6660
ord3761
ord5702
ord5245
ord6418
ord2661
ord3868
ord2593
ord4747
ord3501
ord3806
ord912
ord3417
ord6199
ord1464
ord663
ord1066
ord4262
ord6395
ord6393
ord4257
ord4609
ord2667
ord6351
ord4721
ord3154
ord2975
ord6021
ord1082
ord288
ord812
ord1544
ord1586
ord1555
ord1583
ord1585
ord355
ord1477
ord1553
ord1416
ord1491
ord1577
ord1463
ord3830
ord1574
ord2427
ord2408
ord3740
ord1122
ord6886
ord624
ord620
ord1126
ord1562
ord1040
ord4473
ord626
ord287
ord6071
ord6887

msvcrt

??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
__C_specific_handler
swscanf
??0exception@@QEAA@AEBV0@@Z
__CxxFrameHandler4
_purecall
_wtoi
wcschr
?what@exception@@UEBAPEBDXZ
__RTDynamicCast
_wcsicmp
_vsnwprintf
free
_wcsnicmp
wcsstr
wcsrchr
memcpy
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
malloc
__CxxFrameHandler3
memcpy_s
memset

atl

ord32
ord21
ord15
ord16

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoSetProxyBlanket
CoCreateInstance
CLSIDFromString
StringFromCLSID
CoTaskMemAlloc
CoGetMalloc
CreateStreamOnHGlobal

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalAlloc
GlobalFree
LocalFree

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSection

api-ms-win-security-base-l1-1-0

FreeSid

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateDirectoryW
CreateFileW
DeleteFileW
SetFileAttributesW
WriteFile

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadStringW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegGetValueW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA

logoncli

DsGetDcNameW

netutils

NetApiBufferFree

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW
LookupAccountSidW

mpr

WNetGetUniversalNameW

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
Sleep
WakeAllConditionVariable

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle

comctl32

CreatePropertySheetPageW

kernel32

lstrcmpiW
GlobalLock
GlobalUnlock
lstrcmpW
WritePrivateProfileSectionW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
lstrlenW

ntdll

RtlUnicodeStringToInteger
RtlFreeUnicodeString
RtlConvertSidToUnicodeString
RtlAllocateAndInitializeSid

ole32

ReleaseStgMedium
CoInitialize

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

shlwapi

StrDupW
PathIsUNCW
ord158
PathCompactPathW

user32

SetParent
GetParent
IsWindowVisible
RegisterClipboardFormatW
LoadBitmapW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
EnableWindow
LoadCursorW
SetCursor
MessageBoxW
MessageBeep
SendMessageW
GetWindowRect
GetClientRect

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fdeploy.dll
.dll windows:10 windows x64 arch:x64

dbde29f412132706ad08300dc3ead2e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fdeploy.pdb

Imports

msvcrt

__dllonexit
_unlock
memcpy
??0exception@@QEAA@AEBQEBD@Z
__CxxFrameHandler3
memmove
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
swscanf
__C_specific_handler
_onexit
_wcsicmp
free
_initterm
_wcsnicmp
_amsg_exit
_XcptFilter
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
wcschr
__CxxFrameHandler4
malloc
towupper
_purecall
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
qsort
memset

shell32

SHGetFolderPathEx
SHGetKnownFolderPath

shlwapi

SHStrDupW
ord219
PathRemoveBackslashW
PathIsUNCW
ord270

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameA

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
TerminateProcess
GetCurrentThreadId
SetThreadToken
GetCurrentProcessId
OpenThreadToken
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

oleaut32

VariantClear
SafeArrayCreateVector
SafeArrayRedim
VariantCopyInd
SysStringLen
VariantChangeType
VariantCopy
SysAllocStringLen
SafeArrayPutElement
SafeArrayCreate
VariantInit
SafeArrayLock
SafeArrayUnlock
SafeArrayCopy
SafeArrayGetVartype
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound
SysFreeString
SysAllocString

api-ms-win-security-base-l1-1-0

GetTokenInformation
EqualSid
RevertToSelf
DuplicateTokenEx
CheckTokenMembership
DuplicateToken
ImpersonateLoggedOnUser

api-ms-win-core-com-l1-1-0

CoRevertToSelf
StringFromGUID2
CoGetCallContext
CoTaskMemAlloc
CLSIDFromString
CoCreateInstance
CoTaskMemFree

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

userenv

ExpandEnvironmentStringsForUserW
GetProfileType
RsopResetPolicySettingStatus

wldap32

ord208
ord88
ord26
ord97
ord167
ord13
ord27
ord36
ord145
ord41
ord301
ord16
ord147
ord224
ord140
ord18
ord73
ord14
ord127

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-heap-l2-1-0

GlobalFree
GlobalAlloc
LocalFree

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
DeleteCriticalSection
ReleaseSemaphore
CreateMutexExW
ReleaseMutex
OpenSemaphoreW
CreateSemaphoreExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObjectEx
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegOpenCurrentUser
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegGetValueW
RegCreateKeyExW
RegOpenKeyExW

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTime
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSizeEx
WriteFile
DeleteFileW
GetTempFileNameW
ReadFile

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

wkscli

NetGetJoinInformation

logoncli

DsGetDcNameW

netutils

NetApiBufferFree

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW

api-ms-win-security-activedirectoryclient-l1-1-0

DsCrackNamesW
DsUnBindW
DsBindWithSpnExW
DsFreeNameResultW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegEnumKeyW

gpsvc

ord106

ntdll

WinSqmAddToStream
EtwTraceMessage

cscapi

OfflineFilesQueryStatusEx
OfflineFilesStart

kernel32

lstrcmpiW
GetComputerNameW
GetPrivateProfileStringW
GetPrivateProfileIntW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

GenerateGroupPolicy
ProcessGroupPolicyEx
ProcessWmiPolicy

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fdprint.dll
.dll regsvr32 windows:10 windows x64 arch:x64

bc7ed435f1afc07270fc3a90a4c8a117

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fdprint.pdb

Imports

msvcrt

memcpy_s
??3@YAXPEAX@Z
_purecall
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
__C_specific_handler
__CxxFrameHandler4
??_V@YAXPEAX@Z
wcschr
wcstok_s
malloc
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
_XcptFilter
_amsg_exit
free
_initterm
_lock
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
_vsnwprintf
??1type_info@@UEAA@XZ
memset

ntdll

RtlCaptureContext
RtlVirtualUnwind
NtQueryInformationToken
RtlLookupFunctionEntry

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
QueryPerformanceCounter
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
CompareStringOrdinal
GetSystemTimeAsFileTime
GetTickCount
TerminateProcess
InitializeSRWLock
GetModuleFileNameA
InitOnceBeginInitialize
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
InitOnceComplete
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
DisableThreadLibraryCalls
lstrcmpiW
DeactivateActCtx
LoadLibraryExW
ActivateActCtx
LoadLibraryW
FindActCtxSectionStringW
CreateActCtxW
GetModuleFileNameW
QueryActCtxW
OutputDebugStringA
FreeLibrary
LocalFree
WritePrivateProfileStringW
DeleteFileW
GetTempPath2W
CreateDirectoryW
SetFileAttributesW
RemoveDirectoryW
CheckElevationEnabled
GetCurrentProcess
GetSystemDirectoryW
GetExitCodeProcess
CreateEventW
QueueUserWorkItem
SetEvent

advapi32

TraceMessage
EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer
OpenProcessToken
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle

gdi32

CreateCompatibleDC
SelectObject
DeleteObject
DeleteDC
CreateDIBSection

user32

GetDC
ReleaseDC
GetSystemMetrics
DestroyIcon
InsertMenuItemW
CreatePopupMenu
GetMenuDefaultItem
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
DialogBoxParamW
GetDlgItem
SendMessageW
SetFocus
ShowWindow
EndDialog
EnableWindow
SetTimer
LoadStringW

ole32

CoTaskMemAlloc
CoCreateInstance
CoCreateGuid
StringFromCLSID
StringFromGUID2
CoUninitialize
FreePropVariantArray
CoMarshalInterThreadInterfaceInStream
CoInitializeEx
CoGetInterfaceAndReleaseStream
PropVariantClear
CoInitialize
CLSIDFromString
StringFromIID
PropVariantCopy
CoTaskMemFree

oleaut32

SysStringLen
VariantClear
VariantInit
SysAllocString
SysFreeString

propsys

InitPropVariantFromCLSID
PropVariantToGUID
PropVariantToBoolean
InitPropVariantFromGUIDAsString
InitPropVariantFromStringAsVector

shlwapi

ord388
StrCmpNIW
ord197
ord16

winspool.drv

EnumPrintersW
ord204
ord203
OpenPrinterW
ClosePrinter
GetPrinterDriverDirectoryW
GetPrinterDataExW
EnumPortsW
XcvDataW
EnumFormsW
GetPrinterW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDevicePropertyW
SetupDiGetCustomDevicePropertyW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo

bcrypt

BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptOpenAlgorithmProvider
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptGetProperty

shell32

CommandLineToArgvW
ord100
SHInvokePrinterCommandW
ShellExecuteExW
SHGetItemFromObject
SHGetKnownFolderPath
SHGetFolderLocation

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
InvokeTaskW

Sections

.text
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
feclient.dll
.dll windows:10 windows x64 arch:x64

a84e4a981b9ede99b0850076a114bf63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

feclient.pdb

Imports

msvcrt

malloc
__C_specific_handler
_amsg_exit
_XcptFilter
_wcsnicmp
?terminate@@YAXXZ
free
_initterm
wcsncmp
_lock
_wcsicmp
wcsnlen
wcschr
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
_unlock
_onexit
_purecall
memmove_s
??0exception@@QEAA@AEBV0@@Z
__CxxFrameHandler3
memset
memcmp
??1type_info@@UEAA@XZ
??0exception@@QEAA@XZ
_vsnprintf_s
__CxxFrameHandler4
wcstoul
memcpy_s
_vsnwprintf
??3@YAXPEAX@Z
??1exception@@UEAA@XZ
__dllonexit
wcscmp

api-ms-win-core-localization-l1-2-0

FormatMessageW
IdnToAscii

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentThread
SetThreadToken
ProcessIdToSessionId
OpenThreadToken
TerminateProcess
GetCurrentProcessId
CreateThread

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap
HeapCreate
HeapSetInformation
HeapDestroy

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
DisableThreadLibraryCalls
GetModuleHandleExA
FreeLibrary
LoadLibraryExW
GetProcAddress

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeCriticalSection
ReleaseMutex
DeleteCriticalSection
SleepEx
WaitForSingleObjectEx
AcquireSRWLockExclusive
AcquireSRWLockShared
InitializeCriticalSectionEx
LeaveCriticalSection
InitializeSRWLock
ResetEvent
WaitForSingleObject
SetEvent
CreateEventW
OpenSemaphoreW
EnterCriticalSection
CreateSemaphoreExW
CreateMutexExW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegGetValueW
RegQueryValueExW
RegCloseKey

api-ms-win-core-file-l1-1-0

GetDriveTypeW
SetFileAttributesW
GetFileAttributesW
CreateFileW
GetFinalPathNameByHandleW
DeleteFileW
RemoveDirectoryW
GetVolumePathNameW

api-ms-win-security-base-l1-1-0

ImpersonateSelf
GetTokenInformation
AdjustTokenPrivileges
RevertToSelf

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemInfo
GetSystemWindowsDirectoryW
GetComputerNameExW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

bcrypt

BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptSetProperty
BCryptGetProperty
BCryptEncrypt
BCryptDestroyKey
BCryptGenRandom
BCryptDecrypt
BCryptGenerateSymmetricKey

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCompareMemory
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

rpcrt4

RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingCreateW
RpcStringFreeW
RpcBindingBind
RpcBindingFree
UuidFromStringW
NdrClientCall3
RpcBindingUnbind
RpcExceptionFilter
I_RpcExceptionFilter
RpcBindingSetAuthInfoW

oleaut32

SysFreeString

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree

api-ms-win-core-memory-l1-1-1

GetProcessWorkingSetSizeEx
SetProcessWorkingSetSizeEx
VirtualLock
VirtualUnlock

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW
WritePrivateProfileStringW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

ntdll

RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
NtFsControlFile
RtlMakeSelfRelativeSD
RtlLengthSecurityDescriptor
RtlValidSecurityDescriptor
RtlNtStatusToDosError
RtlGetFullPathName_U
ZwQueryWnfStateData
RtlAllocateHeap
RtlQueryPackageClaims
RtlDosPathNameToNtPathName_U
NtCreateFile
NtQueryInformationFile
RtlCompareUnicodeString
NtQuerySecurityAttributesToken
RtlFreeHeap
RtlInitUnicodeString

iertutil

CreateUri

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

Exports

Exports

DpQueryUserProtectorDescriptor
DpQueryUserProtectorDescriptorInfo
EdpAllowFileAccessForProcess
EdpContainerizeFile
EdpCredentialCreate
EdpCredentialDelete
EdpCredentialExists
EdpCredentialQuery
EdpDecontainerizeFile
EdpDplPolicyEnabledForUser
EdpDplStartCredServiceIfDplEnabledForUser
EdpDplUpgradePinInfo
EdpDplUpgradeVerifyUser
EdpDplUserCredentialsSet
EdpDplUserUnlockComplete
EdpDplUserUnlockStart
EdpFree
EdpGetContainerIdentity
EdpGetCredServiceState
EdpIsConsumerDataProtectionEnforced
EdpIsConsumerDataProtectionSupported
EdpPurgeAppLearningEvents
EdpQueryCredServiceInfo
EdpQueryDplEnforcedPolicyOwnerIds
EdpQueryRevokedPolicyOwnerIds
EdpRmsClearKeys
EdpSetCredServiceInfo
EdpUnprotectFile
EdpWriteLogSiteLearningEvents
EfsClientAddUsers
EfsClientCloseFileRaw
EfsClientCopyFileRaw
EfsClientDecryptFile
EfsClientDuplicateEncryptionInfo
EfsClientEncryptFile
EfsClientEncryptFileEx
EfsClientFileEncryptionStatus
EfsClientFreeHashList
EfsClientFreeKeyInfo
EfsClientFreeProtectorList
EfsClientGetEncryptedFileVersion
EfsClientGetKeyInfo
EfsClientOpenFileRaw
EfsClientQueryProtectors
EfsClientQueryRecoveryAgents
EfsClientQueryUsers
EfsClientReadFileRaw
EfsClientRemoveUsers
EfsClientWriteFileRaw
EfsClientWriteFileWithHeaderRaw
EfsReprotectFile
EfsUtilGetCurrentKey
EfsValidateTokenForConsumer
EfsValidateUserForConsumer
FeClClearCaches
FeClQueryInfo
FeClientInitialize
GetLockSessionUnwrappedKey
GetLockSessionWrappedKey
OefsCheckSupport

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ffbroker.dll
.dll windows:10 windows x64 arch:x64

15ff7e56d2379d0a82d5ca05f0cf5557

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ffbroker.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memcpy
_o_free
_o_malloc
__C_specific_handler
__CxxFrameHandler3
_o__configure_narrow_argv
_CxxThrowException
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA
FreeLibrary
GetModuleHandleW
DisableThreadLibraryCalls
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseSRWLockExclusive
EnterCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
AcquireSRWLockExclusive
DeleteCriticalSection

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoCreateInstance
CLSIDFromString
StringFromGUID2

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserUnmarshal64
WindowsCreateString
HSTRING_UserUnmarshal
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
HSTRING_UserSize
HSTRING_UserMarshal
HSTRING_UserFree64
HSTRING_UserSize64
HSTRING_UserMarshal64
HSTRING_UserFree

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-devices-query-l1-1-0

DevGetObjectProperties
DevFreeObjectProperties

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

rpcrt4

NdrDllGetClassObject
NdrDllCanUnloadNow
NdrStubForwardingFunction
NdrOleAllocate
NdrOleFree

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fhcat.dll
.dll regsvr32 windows:10 windows x64 arch:x64

2372fc4ae8830500bab065af75f75828

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fhcat.pdb

Imports

msvcrt

wcsncmp
_wcsnicmp
__CxxFrameHandler4
??_V@YAXPEAX@Z
_vsnwprintf
memcpy_s
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
__C_specific_handler
wcscpy_s
free
wcscat_s
wcsncpy_s
??3@YAXPEAX@Z
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBD@Z
malloc
memset
realloc
_errno
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
memmove_s
_vsnprintf_s
_purecall
memcmp
memcpy
memmove
wcscmp

kernel32

CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
DeleteCriticalSection
RaiseException
InitializeCriticalSection
GetThreadLocale
SetThreadLocale
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
LoadLibraryExW
WaitForSingleObjectEx
lstrcmpiW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
InitOnceBeginInitialize
InitOnceComplete
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
OutputDebugStringA
CreateFileW
lstrcmpW
GetFinalPathNameByHandleW
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
ReleaseSRWLockShared
OutputDebugStringW
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
SetLastError
AcquireSRWLockShared
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
OpenSemaphoreW
CreateThreadpoolTimer
FreeLibrary
FlushFileBuffers
GetTickCount
CopyFileW
CompareStringOrdinal
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

user32

UnregisterClassA
CharNextW

advapi32

RegisterTraceGuidsW
EventSetInformation
EventWriteTransfer
TraceMessage
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
EventUnregister
EventRegister
UnregisterTraceGuids
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle

oleaut32

BSTR_UserMarshal
BSTR_UserFree64
BSTR_UserSize64
BSTR_UserMarshal64
SysAllocString
VarUI4FromStr
BSTR_UserSize
SysFreeString
BSTR_UserFree
BSTR_UserUnmarshal64
BSTR_UserUnmarshal

rpcrt4

NdrDllRegisterProxy
NdrOleAllocate
NdrDllUnregisterProxy
NdrDllCanUnloadNow
NdrOleFree
NdrDllGetClassObject
UuidToStringW
RpcStringFreeW

api-ms-win-core-com-l1-1-0

CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoCreateGuid
CoTaskMemAlloc

shell32

SHGetKnownFolderPath

esent

JetFreeBuffer
JetBeginTransaction
JetGetColumnInfoW
JetCreateDatabaseW
JetBeginSessionA
JetInit
JetCreateInstanceW
JetSetSystemParameterW
JetCloseDatabase
JetOpenDatabaseW
JetDetachDatabaseW
JetAttachDatabaseW
JetEndSession
JetCreateIndex2W
JetDelete
JetSetColumns
JetOpenTableW
JetCloseTable
JetCreateTableColumnIndexW
JetRollback
JetCommitTransaction
JetMove
JetIndexRecordCount
JetSetCurrentIndexW
JetMakeKey
JetSeek
JetSetIndexRange
JetRetrieveColumn
JetTerm2
JetPrepareUpdate
JetUpdate
JetGetInstanceInfoA

api-ms-win-core-path-l1-1-0

PathCchStripPrefix
PathCchRemoveFileSpec

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fhcfg.dll
.dll regsvr32 windows:10 windows x64 arch:x64

c84c0f9e871f979be5437841132fc7a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fhcfg.pdb

Imports

msvcrt

tolower
isspace
vswprintf_s
_vscwprintf
wctob
wcschr
_ui64tow_s
_i64tow_s
_vsnprintf_s
_wtoi
??0exception@@QEAA@XZ
wcsrchr
wcsncmp
_wtoi64
_wcsnicmp
memmove
memcpy
memchr
wcscmp
memset
_onexit
__dllonexit
_unlock
_lock
_errno
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
_wcsicmp
realloc
memmove_s
towlower
_vsnwprintf
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
iswalpha
wcscat_s
wcscpy_s
_purecall
memcpy_s
free
malloc
wcsncpy_s
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler4
memcmp
??3@YAXPEAX@Z

advapi32

AllocateAndInitializeSid
RegGetValueW
GetUserNameW
EventSetInformation
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
OpenThreadToken
DuplicateTokenEx
AdjustTokenPrivileges
SetThreadToken
RegQueryInfoKeyW
RegEnumKeyExW
EventWriteTransfer
FreeSid
CheckTokenMembership
RegCloseKey
TraceMessage
EventUnregister
EventRegister
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW

kernel32

InitializeCriticalSectionEx
GlobalFree
GlobalAlloc
WaitForSingleObject
WaitForMultipleObjects
CreateThread
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW
FindFirstVolumeW
FindNextVolumeW
DeviceIoControl
FindVolumeClose
GetModuleFileNameA
CreateSemaphoreExW
SetLastError
ReleaseSemaphore
GetModuleHandleExW
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
DebugBreak
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
RaiseException
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
GetThreadLocale
SetThreadLocale
CreateFileW
CloseHandle
DeleteFileW
FindResourceW
Sleep
GetFileAttributesW
SetFileAttributesW
CompareStringOrdinal
HeapAlloc
GetProcessHeap
HeapFree
CreateHardLinkW
CompareFileTime
GetDriveTypeW
FindFirstFileExW
FindNextFileW
GetFileTime
FlushFileBuffers
GetComputerNameW
WriteFile
FindClose
RemoveDirectoryW
GetDiskFreeSpaceExW
CopyFileExW
ExpandEnvironmentStringsW
FormatMessageW
LocalFree
LockResource
InitializeSRWLock
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockExclusive
ReleaseSRWLockShared
GetFileAttributesExW
GetCurrentProcess
QueryFullProcessImageNameW
HeapSize
HeapReAlloc
HeapDestroy
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
ResetEvent
CreateEventW
ReadFile
SetEvent
GetFileInformationByHandleEx
SubmitThreadpoolWork
CreateThreadpoolWork
GetVolumeInformationW
IsDebuggerPresent
OutputDebugStringW
GetSystemDirectoryW
GetLogicalDriveStringsW
GetFinalPathNameByHandleW
GetVolumePathNameW
CreateDirectoryW
GetCurrentThread
VirtualAlloc
VirtualFree
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CopyFileW
TryAcquireSRWLockExclusive
SetThreadpoolTimer
RtlCompareMemory
CreateThreadpoolTimer
ResolveDelayLoadedAPI
DelayLoadFailureHook

user32

CharNextW
LoadStringW
UnregisterClassA

oleaut32

BSTR_UserMarshal64
BSTR_UserSize64
BSTR_UserFree64
BSTR_UserMarshal
BSTR_UserUnmarshal
SysAllocString
BSTR_UserUnmarshal64
BSTR_UserFree
BSTR_UserSize
SysFreeString
VariantInit
SysStringLen
VarUI4FromStr
VariantClear

ole32

HWND_UserFree64
HWND_UserFree
HWND_UserUnmarshal
NdrProxyForwardingFunction6
ObjectStublessClient7
HWND_UserSize64
CoCreateFreeThreadedMarshaler
CreateBindCtx
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
NdrProxyForwardingFunction7
NdrProxyForwardingFunction3
HWND_UserUnmarshal64
ObjectStublessClient10
ObjectStublessClient9
ObjectStublessClient8
ObjectStublessClient6
NdrProxyForwardingFunction5
NdrProxyForwardingFunction4
HWND_UserMarshal64
HWND_UserMarshal
ObjectStublessClient5
HWND_UserSize
CoCreateGuid

ntdll

WinSqmSetDWORD
WinSqmIsOptedIn
WinSqmEndSession
WinSqmSetDWORD64
WinSqmStartSession

shell32

ord165
SHGetKnownFolderPath
SHFileOperationW
SHCreateItemWithParent
SHGetKnownFolderItem
SHCreateItemInKnownFolder
SHCreateItemFromParsingName

shlwapi

PathRemoveFileSpecW
PathIsNetworkPathW
PathIsRootW
ord219
PathFindFileNameW
PathStripPathW
SHCreateStreamOnFileW
ord213

rpcrt4

RpcStringFreeW
UuidToStringW
NdrStubCall3
IUnknown_QueryInterface_Proxy
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
NdrOleFree
NdrDllUnregisterProxy
NdrOleAllocate
NdrDllRegisterProxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrStubForwardingFunction

propsys

PSCreateMemoryPropertyStore
PSPropertyBag_WriteStr

wevtapi

EvtNext
EvtRender
EvtClose
EvtQuery
EvtCreateRenderContext

efsutil

EfsUtilGetCurrentKey

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError

mpr

WNetEnumResourceW
WNetCloseEnum
WNetGetConnectionW
WNetOpenEnumW

netutils

NetpIsRemote

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
PropVariantClear

sspicli

GetUserNameExW

xmllite

CreateXmlReader
CreateXmlWriter

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 268KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fhcleanup.dll
.dll regsvr32 windows:10 windows x64 arch:x64

3fbe5ad755e47f8f69e71d3f1fcf541c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fhcleanup.pdb

Imports

msvcrt

_callnewh
?what@exception@@UEBAPEBDXZ
?terminate@@YAXXZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
memmove_s
_wcsnicmp
wcscat_s
wcscpy_s
realloc
malloc
free
_purecall
memcpy_s
??_V@YAXPEAX@Z
__C_specific_handler
__CxxFrameHandler4
wcschr
_errno
??1type_info@@UEAA@XZ
_lock
_unlock
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
wcsncpy_s
_CxxThrowException
__dllonexit
_onexit
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
memset

advapi32

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
RegCloseKey
RegQueryInfoKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW

kernel32

OutputDebugStringA
GetTickCount
GetCurrentThreadId
FindFirstFileExW
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
FindNextFileW
FindClose
GetCurrentProcessId
SizeofResource
EnterCriticalSection
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
MultiByteToWideChar
GetLastError
RaiseException
FindResourceExW
LoadResource
GetProcAddress
DeleteCriticalSection
GetModuleHandleW
FreeLibrary
lstrcmpiW
LoadLibraryExW
GetThreadLocale
SetThreadLocale
GetSystemTimeAsFileTime
LockResource
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy

user32

UnregisterClassA
CharNextW

oleaut32

SysFreeString
VarUI4FromStr

ntdll

WinSqmSetDWORD
WinSqmStartSession
WinSqmIsOptedIn
WinSqmSetDWORD64
WinSqmEndSession

fhsvcctl

FhServiceBlockBackup
FhServiceOpenPipe
FhServiceClosePipe
FhServiceClearProtectionState
FhServiceUnblockBackup

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoGetCallContext
CoSetProxyBlanket
CoCreateGuid
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fhcpl.dll
.dll regsvr32 windows:10 windows x64 arch:x64

ecd6ba95fb73144bbaa0708ffd6a458c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fhcpl.pdb

Imports

msvcrt

wcscmp
memcmp
memcpy
memset
__CxxFrameHandler3
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_CxxThrowException
?what@exception@@UEBAPEBDXZ
iswalpha
??0exception@@QEAA@AEBQEBD@Z
memmove_s
_wcsicmp
wcsrchr
_wcsnicmp
towupper
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
__CxxFrameHandler4

shell32

SHCreateItemFromParsingName
SHGetKnownFolderItem
SHGetKnownFolderPath
ShellExecuteExW
SHGetFileInfoW
ord727
SHGetStockIconInfo
ShellExecuteW
SHParseDisplayName
ord155
ord18
ord25
SHBindToObject
ExtractIconW

shlwapi

StrFormatByteSizeW
ord199
SHStrDupW
ord278
ord615
ord256
ord176
ord172
ord165
StrCmpNIW
ord354
StrCmpIW
ord158
ord174
ord219
ord156
ord618
ord24
ord514
ord204

uxtheme

SetWindowTheme

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleExW
GetModuleHandleW
SizeofResource
DisableThreadLibraryCalls
LoadStringW
GetProcAddress
GetModuleFileNameW
GetModuleFileNameA
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
CreateMutexExW
AcquireSRWLockShared
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
ReleaseSRWLockShared
DeleteCriticalSection
InitializeCriticalSectionEx
WaitForSingleObjectEx
SetEvent
AcquireSRWLockExclusive
CreateEventExW
CreateSemaphoreExW
ReleaseMutex
WaitForSingleObject
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateThread
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

SysAllocStringLen
SysAllocString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysFreeString
VariantClear

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileAttributesW
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance
CLSIDFromString

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

mpr

WNetGetConnectionW
WNetAddConnection3W
WNetCancelConnection2W

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-sidebyside-l1-1-0

DeactivateActCtx
ActivateActCtx
CreateActCtxW
ReleaseActCtx

fhsvcctl

FhServiceOpenPipe
FhServiceStartBackup
FhServiceStopBackup
FhServiceBlockBackup
FhServiceClearProtectionState
FhServiceClosePipe
FhServiceReloadConfiguration

ntdll

EtwLogTraceEvent
EtwEventWriteTransfer
WinSqmAddToStream

ole32

CoAllowSetForegroundWindow

wevtapi

EvtCreateRenderContext
EvtSubscribe
EvtClose
EvtQuery
EvtNext
EvtRender

dui70

?GetStringNull@Value@DirectUI@@SAPEAV12@XZ
?SetWidth@Element@DirectUI@@QEAAJH@Z
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?GetSelection@Combobox@DirectUI@@QEAAHXZ
?SetSelection@Combobox@DirectUI@@QEAAJH@Z
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
CreateDUIWrapper
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
?SelectionChange@Combobox@DirectUI@@SA?AVUID@@XZ
?Click@Button@DirectUI@@SA?AVUID@@XZ
?AddString@Combobox@DirectUI@@QEAAHPEBG@Z
StrToID
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?EndDefer@Element@DirectUI@@QEAAXK@Z
?Detach@CSafeElementProxy@@QEAAXXZ
?SetActive@Element@DirectUI@@QEAAJH@Z
?GetUnset@Value@DirectUI@@SAPEAV12@XZ
?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z
?ContentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?GetAtomZero@Value@DirectUI@@SAPEAV12@XZ
?GetClassInfoPtr@Element@DirectUI@@SAPEAUIClassInfo@2@XZ
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?StartDefer@Element@DirectUI@@QEAAXPEAK@Z
?CreateGraphic@Value@DirectUI@@SAPEAV12@PEAUHICON__@@_N11@Z
?CreateInstance@CSafeElementProxy@@SAJPEAVElement@DirectUI@@PEAPEAV1@@Z
?SetFont@Element@DirectUI@@QEAAJPEBG@Z
?SetSelected@Element@DirectUI@@QEAAJ_N@Z
?SetContentAlign@Element@DirectUI@@QEAAJH@Z
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
?SetClass@Element@DirectUI@@QEAAJPEBG@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?Initialize@Element@DirectUI@@QEAAJIPEAV12@PEAK@Z
??0Element@DirectUI@@QEAA@XZ
??1Element@DirectUI@@UEAA@XZ
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?OnEvent@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?GetFactoryLock@Element@DirectUI@@SAPEAU_RTL_CRITICAL_SECTION@@XZ
?ClassExist@ClassInfoBase@DirectUI@@SA_NPEAPEAUIClassInfo@2@PEBQEBUPropertyInfo@2@IPEAU32@PEAUHINSTANCE__@@PEBG_N@Z
?Register@ClassInfoBase@DirectUI@@QEAAJXZ
?Initialize@ClassInfoBase@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG_NPEBQEBUPropertyInfo@2@I@Z
??0ClassInfoBase@DirectUI@@QEAA@XZ
??1ClassInfoBase@DirectUI@@UEAA@XZ
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnGroupChanged@Element@DirectUI@@UEAAXH_N@Z
?OnInput@Element@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnDestroy@Element@DirectUI@@UEAAXXZ
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?Register@Element@DirectUI@@SAJXZ
?Init@NavReference@DirectUI@@QEAAXPEAVElement@2@PEAUtagRECT@@@Z
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@PEBUPropertyInfo@2@HPEAUUpdateCache@2@@Z
UnInitThread
UnInitProcessPriv
InitThread
InitProcessPriv
?CreateXBaby@XProvider@DirectUI@@UEAAJPEAVIXElementCP@2@PEAUHWND__@@PEAVElement@2@PEAKPEAPEAUIXBaby@2@@Z
?SetButtonClassAcceptsEnterKey@XProvider@DirectUI@@UEAAJ_N@Z
?SetRegisteredDefaultButton@XProvider@DirectUI@@UEAAJPEAVElement@2@@Z
?ClickDefaultButton@XProvider@DirectUI@@UEAAHXZ
?ForceThemeChange@XProvider@DirectUI@@UEAAJ_K_J@Z
?GetHostedElementID@XProvider@DirectUI@@UEAAJPEAG@Z
?FindElementWithShortcutAndDoDefaultAction@XProvider@DirectUI@@UEAAHGH@Z
?CanSetFocus@XProvider@DirectUI@@UEAAJPEA_N@Z
?Navigate@XProvider@DirectUI@@UEAAJHPEA_N@Z
?SetFocus@XProvider@DirectUI@@UEAAJPEAVElement@2@@Z
?IsDescendent@XProvider@DirectUI@@UEAAJPEAVElement@2@PEA_N@Z
?GetDesiredSize@XProvider@DirectUI@@UEAAJHHPEAUtagSIZE@@@Z
?SetParameter@XProvider@DirectUI@@UEAAJAEBU_GUID@@PEAX@Z
?GetAccessibleImpl@Element@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?AddRef@XProvider@DirectUI@@UEAAKXZ
?GetClassInfoPtr@HWNDElement@DirectUI@@SAPEAUIClassInfo@2@XZ
?SetDefaultButtonTracking@XProvider@DirectUI@@UEAAJ_N@Z
?SetHandleEnterKey@XProvider@DirectUI@@IEAAX_N@Z
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?CreateDUI@XProvider@DirectUI@@UEAAJPEAVIXElementCP@2@PEAPEAUHWND__@@@Z
?GetRoot@XProvider@DirectUI@@IEAAPEAVElement@2@XZ
?Initialize@XProvider@DirectUI@@QEAAJPEAVElement@2@PEAVIXProviderCP@2@@Z
?Create@XResourceProvider@DirectUI@@SAJPEAUHINSTANCE__@@PEBG11PEAPEAV12@@Z
?QueryInterface@XProvider@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
??1XProvider@DirectUI@@UEAA@XZ
??0XProvider@DirectUI@@QEAA@XZ
?Release@Value@DirectUI@@QEAAXXZ
?GetChildren@Element@DirectUI@@QEAAPEAV?$DynamicArray@PEAVElement@DirectUI@@$0A@@2@PEAPEAVValue@2@@Z
??1CritSecLock@DirectUI@@QEAA@XZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?UpdateTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?ActivateTooltip@Element@DirectUI@@MEAAXPEAV12@K@Z
?RemoveTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UEBAXXZ
?GetChildren@ClassInfoBase@DirectUI@@UEBAHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UEAAXXZ
?AddChild@ClassInfoBase@DirectUI@@UEAAXXZ
?IsGlobal@ClassInfoBase@DirectUI@@UEBA_NXZ
?GetModule@ClassInfoBase@DirectUI@@UEBAPEAUHINSTANCE__@@XZ
?IsSubclassOf@ClassInfoBase@DirectUI@@UEBA_NPEAUIClassInfo@2@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UEBA_NPEBUPropertyInfo@2@@Z
?GetName@ClassInfoBase@DirectUI@@UEBAPEBGXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UEBAIXZ
?GetPICount@ClassInfoBase@DirectUI@@UEBAIXZ
?GetByClassIndex@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?Release@ClassInfoBase@DirectUI@@UEAAHXZ
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?AddRef@ClassInfoBase@DirectUI@@UEAAXXZ
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z

duser

DUserSendEvent
DUserPostEvent
DeleteHandle
InitGadgets

gdi32

DeleteObject
GetTextExtentPoint32W

user32

SendMessageW
LoadCursorW
SetCursor
GetDC
ReleaseDC
DestroyIcon
DestroyWindow
GetWindowLongPtrW
DefWindowProcW
SetWindowLongPtrW
GetCursor
GetParent
GetWindowLongW
GetSystemMetrics
SystemParametersInfoW
LoadImageW
GetFocus

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fhengine.dll
.dll regsvr32 windows:10 windows x64 arch:x64

5a291c5d1b0474d0a9e9ff3447c760fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fhengine.pdb

Imports

msvcrt

_wfopen
_errno
feof
fgetws
wcschr
swscanf_s
fclose
towupper
calloc
_wcsicmp
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_callnewh
_CxxThrowException
__CxxFrameHandler3
_XcptFilter
_amsg_exit
_initterm
iswalpha
vswprintf_s
_vscwprintf
wcsncmp
wcsstr
realloc
?terminate@@YAXXZ
_wcsnicmp
memmove_s
wcsrchr
wcscat_s
wcscpy_s
wcsncpy_s
malloc
free
_purecall
memcpy_s
??_V@YAXPEAX@Z
__C_specific_handler
__CxxFrameHandler4
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
_onexit
memset
??3@YAXPEAX@Z
wcscmp

advapi32

EventSetInformation
SystemFunction036
RegGetValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
DuplicateTokenEx
RegSetKeyValueW
EventWriteTransfer
SetThreadToken
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
OpenThreadToken
EventUnregister
EventRegister
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
RegCloseKey
RegQueryInfoKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW

kernel32

HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetFileInformationByHandle
ReadFile
DeviceIoControl
FindFirstFileW
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
OutputDebugStringA
DelayLoadFailureHook
ResolveDelayLoadedAPI
IsNLSDefinedString
RemoveDirectoryW
SetFileInformationByHandle
CreateDirectoryW
FindFirstFileExW
FindNextFileW
FindClose
SetFileAttributesW
PowerSetRequest
PrivCopyFileExW
PowerClearRequest
GetFileInformationByHandleEx
GetProcessHeap
WaitForSingleObject
SizeofResource
EnterCriticalSection
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
MultiByteToWideChar
GetLastError
RaiseException
FindResourceExW
LoadResource
GetProcAddress
DeleteCriticalSection
GetModuleHandleW
FreeLibrary
lstrcmpiW
LoadLibraryExW
GetThreadLocale
SetThreadLocale
FileTimeToSystemTime
LockResource
CloseHandle
PowerCreateRequest
CreateEventW
ResetEvent
SetEvent
GetSystemTimeAsFileTime
GetSystemTime
SystemTimeToFileTime
GetFileAttributesExW
GetFileAttributesW
GetDiskFreeSpaceExW
GetCurrentThread
GetCurrentProcess
LocalFree
CreateFileW
FlushFileBuffers
GetVolumeInformationW
DeleteFileW
CompareStringOrdinal
SetThreadPriority

user32

CharNextW
UnregisterClassW

oleaut32

VarUI4FromStr
SysFreeString
BSTR_UserSize64
BSTR_UserFree
BSTR_UserUnmarshal64
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserFree64
BSTR_UserMarshal64
SysAllocString
SysStringLen
SysAllocStringLen
BSTR_UserSize

rpcrt4

NdrDllUnregisterProxy
NdrOleAllocate
NdrDllRegisterProxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrOleFree

ntdll

WinSqmSetString
WinSqmSetDWORD64
WinSqmStartSession
WinSqmSetDWORD
WinSqmIsOptedIn
WinSqmEndSession
NtCreateFile
RtlDosPathNameToNtPathName_U
RtlNtStatusToDosError
NtWriteFile
RtlIsPartialPlaceholder
RtlFreeUnicodeString

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateGuid
CoCreateInstance
CoGetCallContext
CoTaskMemFree

shell32

SHGetKnownFolderPath

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fhevents.dll
.dll windows:10 windows x64 arch:x64

fb76bfa082ce0bdadd7a1ed3030f517b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fhevents.pdb

Imports

msvcrt

?terminate@@YAXXZ
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_wcsnicmp
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBV0@@Z
iswalpha
wcstok_s
towlower
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_CxxThrowException
??1type_info@@UEAA@XZ
??_V@YAXPEAX@Z
_vsnwprintf
__CxxFrameHandler4
__CxxFrameHandler3
??3@YAXPEAX@Z
memset

advapi32

EventUnregister
EventRegister
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
EventWriteTransfer
TraceMessage

kernel32

RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
RtlLookupFunctionEntry
GetCurrentProcessId
QueryPerformanceCounter
Sleep
FindClose
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetFileInformationByHandleEx
GetFileAttributesW
GetFinalPathNameByHandleW
GetCurrentThreadId
CompareStringOrdinal
CloseHandle
HeapFree
GetProcessHeap
HeapAlloc
DeviceIoControl
GetLastError
CreateFileW
ReadFile
FindFirstFileExW
FindNextFileW

ntdll

NtCreateFile

oleaut32

SysAllocString
SysAllocStringByteLen
SysFreeString
SysStringByteLen

Exports

Exports

DpElGetNextEvent
DpElReleaseObjects
DpElScanEvents

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fhsettingsprovider.dll
.dll windows:10 windows x64 arch:x64

7db328d3383b64d1d50b25ce09dae504

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fhsettingsprovider.pdb

Imports

msvcrt

__CxxFrameHandler3
??1type_info@@UEAA@XZ
__CxxFrameHandler4
memcmp
__dllonexit
malloc
_unlock
?terminate@@YAXXZ
_lock
_purecall
??_V@YAXPEAX@Z
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
__C_specific_handler
_amsg_exit
_initterm
_onexit
_XcptFilter
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
_set_errno
_get_errno
realloc
iswalpha
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
free
memset

api-ms-win-core-path-l1-1-0

PathCchRemoveBackslash

api-ms-win-core-crt-l1-1-0

wcscspn
_wcsnicmp
towupper
wcsncmp
memmove_s

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadResource
GetModuleHandleW
FindResourceExW
GetModuleFileNameA
LockResource
GetProcAddress
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
CreateSemaphoreExW
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseSemaphore
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
ReleaseMutex
WaitForSingleObjectEx
DeleteCriticalSection
InitializeCriticalSectionEx
OpenSemaphoreW
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
TerminateProcess
GetCurrentProcessId
GetExitCodeProcess
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

SysAllocString
SysAllocStringLen
SysStringLen
SysFreeString

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-file-l1-1-0

GetDriveTypeW
GetDiskFreeSpaceExW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW
PathRemoveFileSpecW
PathRemoveBackslashW

shcore

SHTaskPoolQueueTask
SHTaskPoolAllowThreadReuse
SHRegGetValueW

fhsvcctl

FhServiceBlockBackup
FhServiceStopBackup
FhServiceOpenPipe
FhServiceClosePipe

ntdll

RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification

kernelbase

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 312KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fhshl.dll
.dll regsvr32 windows:10 windows x64 arch:x64

643d59caf7c947ead3e5eb5d12998a50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fhshl.pdb

Imports

msvcrt

__CxxFrameHandler4
??0exception@@QEAA@AEBV0@@Z
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
wctob
_vsnwprintf
___lc_handle_func
___lc_codepage_func
__pctype_func
__crtLCMapStringW
abort
_XcptFilter
_amsg_exit
memmove
_set_errno
_get_errno
_initterm
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
??0bad_cast@@QEAA@AEBV0@@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
free
__C_specific_handler
calloc
malloc
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_CxxThrowException
??3@YAXPEAX@Z
__CxxFrameHandler3
_errno
isspace
tolower
memchr
setlocale
memcpy
_purecall
___mb_cur_max_func
_onexit
strerror
memset

advapi32

GetTraceEnableLevel
RegCloseKey
RegGetValueW
RegCreateKeyExW
TraceMessage
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegSetValueExW
RegDeleteTreeW
GetTraceLoggerHandle

kernel32

QueryPerformanceCounter
DecodePointer
EncodePointer
Sleep
GetStringTypeW
WideCharToMultiByte
MultiByteToWideChar
RaiseException
GetModuleFileNameW
LeaveCriticalSection
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
GetCurrentProcess
QueryFullProcessImageNameW
GetModuleHandleW
FindResourceExW
LoadResource
LockResource
SizeofResource
FileTimeToSystemTime
CompareStringOrdinal
GetLastError
GetDiskFreeSpaceExW
CloseHandle
CreateThread
CompareFileTime
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
EnterCriticalSection

user32

UnregisterClassA
LoadStringW

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysAllocString
VariantInit
SystemTimeToVariantTime
SysAllocStringLen
VariantClear
SysFreeString

ole32

CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
CLSIDFromString
PropVariantClear
CoTaskMemFree
CoTaskMemAlloc
CreateBindCtx

shell32

ord25
ord102
ord18
ord68
ord19
SHCreateItemFromParsingName
ord153
ShellExecuteExW
ord155
SHCreateDefaultExtractIcon
SHGetIconOverlayIndexW
ord743
SHBindToParent
SHParseDisplayName
ord256

shlwapi

PathFileExistsW
StrCmpLogicalW
SHStrDupW
ord215
ord346
ord572
ord219

propsys

PSPropertyBag_WriteStr
PSPropertyBag_ReadBOOL
PSPropertyBag_ReadULONGLONG
PSPropertyBag_ReadStrAlloc
PropVariantToVariant
PSCreateMemoryPropertyStore
PSGetPropertyDescription
PSPropertyBag_WriteULONGLONG
InitVariantFromBuffer

api-ms-win-core-path-l1-1-0

PathCchStripToRoot

Exports

Exports

CreateCatalog
CreateSearchBindCtx
CreateVirtualItem
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
FreeCatalog
GetBackupPathFromPidl
ParsePIDL

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fhsrchapi.dll
.dll regsvr32 windows:10 windows x64 arch:x64

b1dfcae981f0599431b210390b5595ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fhsrchapi.pdb

Imports

msvcrt

??3@YAXPEAX@Z
tolower
__CxxFrameHandler3
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
isspace
??1type_info@@UEAA@XZ
realloc
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
malloc
memcpy_s
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
_onexit
_errno
??0exception@@QEAA@AEBQEBD@Z
wctob
_purecall
memchr
_swprintf_c_l
wcsncpy_s
wcscat_s
free
wcscpy_s
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler4
memmove
memcpy
memset

advapi32

RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
GetTokenInformation
ConvertSidToStringSidW
OpenProcessToken
RegQueryInfoKeyW
RegCloseKey
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage

kernel32

UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
SetUnhandledExceptionFilter
FindResourceExW
LoadResource
SizeofResource
MultiByteToWideChar
lstrcmpiW
FreeLibrary
InitializeCriticalSection
GetModuleHandleW
LoadLibraryExW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
FileTimeToSystemTime
LocalFree
CloseHandle
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress

user32

CharNextW
UnregisterClassA

oleaut32

SafeArrayDestroy
VariantClear
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
SysAllocString
BSTR_UserMarshal64
BSTR_UserSize64
BSTR_UserFree64
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
BSTR_UserSize
SysFreeString
BSTR_UserUnmarshal64

rpcrt4

NdrOleFree
NdrDllUnregisterProxy
NdrOleAllocate
NdrDllRegisterProxy
NdrDllGetClassObject
NdrDllCanUnloadNow

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fhsrchph.dll
.dll regsvr32 windows:10 windows x64 arch:x64

319446ddcbf3206d37a2d8e433e8a171

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fhsrchph.pdb

Imports

msvcrt

wcsncpy_s
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_CxxThrowException
__CxxFrameHandler3
_XcptFilter
_amsg_exit
malloc
_initterm
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_errno
??0exception@@QEAA@AEBV0@@Z
memcpy_s
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
_purecall
wcscat_s
free
wcscpy_s
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler4
realloc
memmove
??3@YAXPEAX@Z
memcpy
memset

advapi32

RegSetKeyValueW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
GetTokenInformation
ConvertSidToStringSidW
OpenProcessToken
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage

kernel32

RtlLookupFunctionEntry
RtlCaptureContext
Sleep
RtlVirtualUnwind
SetFilePointer
ReadFile
CloseHandle
SystemTimeToFileTime
GetSystemTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
CompareStringOrdinal
LocalFree
FindResourceExW
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
FreeLibrary
lstrcmpiW
MultiByteToWideChar
SizeofResource
LoadResource
GetFileInformationByHandle
CreateFileW

user32

UnregisterClassA
CharNextW

oleaut32

VariantClear
SysFreeString
VarUI4FromStr
SafeArrayDestroy

fhsvcctl

FhQueryConfiguredUsersCount

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fhsvc.dll
.dll windows:10 windows x64 arch:x64

fbb025a9f3fd1823e7aaae044460d352

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fhsvc.pdb

Imports

msvcrt

??_V@YAXPEAX@Z
memmove_s
memcpy_s
free
swprintf_s
iswalpha
calloc
malloc
_vsnwprintf
__C_specific_handler
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_callnewh
_CxxThrowException
__CxxFrameHandler3
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_errno
realloc
_lock
_unlock
__dllonexit
_onexit
__CxxFrameHandler4
??3@YAXPEAX@Z
memset

advapi32

GetTraceEnableLevel
ControlTraceW
EnableTrace
StartTraceW
RegQueryValueExW
EventWriteTransfer
RegEnumValueW
RegDeleteValueW
ImpersonateLoggedOnUser
SystemFunction036
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
CreateWellKnownSid
RegSetValueExW
RegCreateKeyExW
OpenThreadToken
SetThreadToken
EventUnregister
EventRegister
SetServiceStatus
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
OpenServiceW
OpenSCManagerW
RegCloseKey
RegGetValueW
RegOpenKeyExW
RegisterServiceCtrlHandlerExW
UnregisterTraceGuids
TraceMessage
GetTraceLoggerHandle
GetTraceEnableFlags
RegisterTraceGuidsW

kernel32

LocalFree
GetVersionExW
GetSystemTime
GetComputerNameExW
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
OutputDebugStringA
GetCurrentProcess
CreateEventW
GetLastError
UnregisterWaitEx
SetEvent
CloseHandle
GetCurrentThread
RaiseException
GetSystemTimeAsFileTime
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
LoadLibraryExW
GetProcAddress
CreateThreadpoolCleanupGroup
CreateThreadpoolWait
SetThreadpoolWait
EnterCriticalSection
LeaveCriticalSection
DuplicateHandle
SetFileInformationByHandle
ResetEvent
GetSystemPowerStatus
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDateFormatEx
GetTimeFormatEx
CreateFileW
SetEventWhenCallbackReturns
SubmitThreadpoolWork
CallbackMayRunLong
WaitForSingleObject
SizeofResource
LockResource
LoadResource
FindResourceExW
CreateThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
LocalAlloc
ExpandEnvironmentStringsW
CreateDirectoryW
GetFileAttributesExW

user32

UnregisterDeviceNotification
UnregisterClassA
RegisterDeviceNotificationW

oleaut32

SysAllocString
SysFreeString

rpcrt4

RpcServerRegisterIfEx
RpcServerUseProtseqW
RpcServerRegisterAuthInfoW
RpcServerInqBindings
UuidFromStringW
NdrServerCallAll
NdrServerCall2
RpcStringFreeW
RpcRevertToSelf
RpcImpersonateClient
RpcBindingToStringBindingW
RpcBindingVectorFree
RpcEpRegisterW
RpcServerUnregisterIfEx
RpcEpUnregister

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW

powrprof

PowerSettingRegisterNotification
PowerSettingUnregisterNotification

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance
CoInitializeEx

Exports

Exports

DllMain
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fhsvcctl.dll
.dll windows:10 windows x64 arch:x64

191c62ab425ccb57a455aa046df4cb86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fhsvcctl.pdb

Imports

msvcrt

memcpy
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_callnewh
_CxxThrowException
??1type_info@@UEAA@XZ
__CxxFrameHandler3
_initterm
malloc
free
_amsg_exit
_XcptFilter
_wcsicmp
wcscpy_s
swprintf_s
__C_specific_handler
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
memcmp
memset

advapi32

FreeSid
AllocateAndInitializeSid
CloseServiceHandle
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegCloseKey
RegEnumValueW
RegOpenKeyExW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister
TraceMessage
GetTraceEnableLevel
GetTraceLoggerHandle

kernel32

SetUnhandledExceptionFilter
InitializeSRWLock
HeapFree
TryAcquireSRWLockExclusive
WaitForThreadpoolTimerCallbacks
ReleaseSRWLockExclusive
CloseThreadpoolTimer
AcquireSRWLockExclusive
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
HeapAlloc
AcquireSRWLockShared
TerminateProcess
GetTickCount
GetLastError
Sleep
LocalAlloc
GetCurrentProcess
QueryFullProcessImageNameW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetProcessHeap

rpcrt4

RpcBindingFree
NdrClientCall3
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoExW
RpcStringFreeW

shlwapi

PathStripPathW

Exports

Exports

DllMain
FhQueryConfiguredUsersCount
FhServiceBlockBackup
FhServiceClearProtectionState
FhServiceClosePipe
FhServiceEnterMaintenanceMode
FhServiceExitMaintenanceMode
FhServiceMigrationFinished
FhServiceMigrationStarting
FhServiceOpenPipe
FhServiceReloadConfiguration
FhServiceStartBackup
FhServiceStopBackup
FhServiceUnblockBackup

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fhtask.dll
.dll regsvr32 windows:10 windows x64 arch:x64

a9d9184323a4f502c8235bb12b174675

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fhtask.pdb

Imports

msvcrt

??_V@YAXPEAX@Z
_purecall
__CxxFrameHandler4
free
malloc
wcsncpy_s
wcscpy_s
wcscat_s
_vsnwprintf
wcsrchr
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_CxxThrowException
__CxxFrameHandler3
_XcptFilter
_amsg_exit
_initterm
_errno
realloc
?terminate@@YAXXZ
memcpy
??1type_info@@UEAA@XZ
_lock
_unlock
memcpy_s
??3@YAXPEAX@Z
__dllonexit
_onexit
__C_specific_handler
memmove
memset

advapi32

EventUnregister
EventRegister
EventWriteTransfer
RegGetValueW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
RegCloseKey
RegQueryInfoKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW

kernel32

SetEvent
WaitForSingleObject
SubmitThreadpoolWork
GetFileAttributesW
SystemTimeToFileTime
GetSystemTime
CompareStringOrdinal
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
LocalFree
SetThreadpoolWait
CreateThreadpoolWait
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
CreateThreadpoolWork
CloseHandle
SizeofResource
EnterCriticalSection
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
MultiByteToWideChar
GetLastError
RaiseException
FindResourceExW
LoadResource
GetProcAddress
DeleteCriticalSection
GetModuleHandleW
FreeLibrary
lstrcmpiW
LoadLibraryExW
GetThreadLocale
SetThreadLocale
OpenEventW
CreateEventW

user32

CharNextW
UnregisterClassA

oleaut32

VarUI4FromStr
SysFreeString
SysAllocString
DispCallFunc
VariantClear
VariantInit

ole32

CoInitializeEx
CoCreateInstance
OleRun
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoUninitialize

fhsvcctl

FhServiceExitMaintenanceMode
FhServiceStartBackup
FhServiceOpenPipe
FhServiceEnterMaintenanceMode
FhServiceClosePipe

shell32

SHGetKnownFolderPath
SHGetSpecialFolderPathW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fhuxadapter.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fhuxadapter.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fhuxapi.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fhuxapi.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fhuxcommon.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fhuxcommon.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fhuxgraphics.dll
.dll windows:10 windows x64 arch:x64

91991bdf67d2baf803923b1e80a3b7c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fhuxgraphics.pdb

Imports

msvcrt

?terminate@@YAXXZ
_cexit
_XcptFilter
_amsg_exit
free
__C_specific_handler
_initterm
malloc
_errno

kernel32

GetLastError
GetTickCount
VirtualQuery
GetProcAddress
Sleep
GetSystemTimeAsFileTime
GetCurrentThreadId
SetLastError
GetVersion
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId

mscoree

CorBindToRuntimeEx
_CorDllMain

ole32

CoCreateInstance

user32

GetClientRect

dwrite

DWriteCreateFactory

d2d1

ord1

shell32

SHCreateItemFromParsingName

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fhuxpresentation.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fhuxpresentation.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 877KB - Virtual size: 877KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fidocredprov.dll
.dll windows:10 windows x64 arch:x64

7ea7439f95cdf1dbf804dd776df23d81

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fidocredprov.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_free
_o_malloc
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o__crt_atexit
_o___stdio_common_vsnprintf_s
_o__configure_narrow_argv
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__callnewh
wcschr
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
LockResource
LoadResource
GetModuleHandleExW
GetModuleFileNameA
DisableThreadLibraryCalls
FindResourceExW
SizeofResource
LoadStringW

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
ReleaseSRWLockExclusive
ReleaseSemaphore
ReleaseSRWLockShared
WaitForSingleObject
ReleaseMutex
AcquireSRWLockShared
TryAcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
EnterCriticalSection
SetEvent
ResetEvent
TryAcquireSRWLockShared
CreateEventExW
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
CreateThread

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetThreadUILanguage
SetThreadUILanguage

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
StringFromCLSID
CoTaskMemFree
CLSIDFromString
CoCreateFreeThreadedMarshaler
CoGetClassObject
CoGetMalloc
CoTaskMemAlloc
CoCreateGuid

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

sspicli

LsaConnectUntrusted
LsaDeregisterLogonProcess
LsaLookupAuthenticationPackage

api-ms-win-security-lsalookup-l1-1-2

LsaLookupUserAccountType

ntdll

NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
NtSetThreadExecutionState
RtlIsMultiSessionSku
NtTerminateProcess
RtlUnhandledExceptionFilter
RtlGetDeviceFamilyInfoEnum
RtlSubscribeWnfStateChangeNotification
RtlFreeAnsiString
RtlInitUnicodeString
RtlUnicodeStringToAnsiString

aadauthhelper

GetFidoAuthenticationSessionStatus
StartFidoAuthenticationSession
StartChangingFidoPin
StartSigningFidoClientData
CloseFidoAuthenticationSession
GetSerializedAuthBuffer

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 184KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
filemgmt.dll
.dll regsvr32 windows:10 windows x64 arch:x64

ea4ada27b637179496eabb2119af4256

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

filemgmt.pdb

Imports

mfc42u

ord2586
ord4741
ord3743
ord822
ord3774
ord867
ord3892
ord1033
ord2329
ord6614
ord6418
ord2661
ord4131
ord1498
ord6351
ord2781
ord2393
ord4860
ord2593
ord4747
ord3501
ord3806
ord912
ord4795
ord4894
ord4846
ord852
ord1035
ord4257
ord4262
ord6395
ord6385
ord2906
ord3396
ord3894
ord337
ord2326
ord4557
ord5245
ord1286
ord3761
ord5702
ord665
ord4612
ord1043
ord3754
ord629
ord599
ord6734
ord3182
ord2801
ord1264
ord5694
ord2666
ord1787
ord3177
ord2377
ord6632
ord2324
ord4344
ord1781
ord2665
ord2379
ord2316
ord4521
ord4127
ord4601
ord3003
ord1657
ord2474
ord1082
ord288
ord812
ord1544
ord1586
ord1555
ord1583
ord1585
ord355
ord1477
ord1553
ord1416
ord1491
ord1577
ord1067
ord3751
ord3535
ord5229
ord5712
ord4743
ord1778
ord6440
ord2589
ord4542
ord1566
ord832
ord2023
ord2422
ord1906
ord1499
ord1442
ord2975
ord625
ord6216
ord5585
ord5583
ord5304
ord5114
ord5352
ord4699
ord5687
ord4722
ord5246
ord5406
ord2517
ord6437
ord4365
ord1777
ord4752
ord5663
ord2399
ord5586
ord6812
ord4694
ord5709
ord4017
ord5227
ord4789
ord2670
ord2060
ord6814
ord3933
ord5484
ord1736
ord5683
ord2457
ord2140
ord5699
ord4988
ord4771
ord3868
ord4548
ord6328
ord6147
ord5584
ord6767
ord5077
ord2764
ord2328
ord2311
ord2384
ord5382
ord999
ord549
ord4582
ord2629
ord6708
ord6705
ord2371
ord6813
ord4836
ord2559
ord2515
ord6071
ord4191
ord1388
ord5615
ord2412
ord3468
ord5722
ord5724
ord4368
ord5065
ord5730
ord5711
ord6053
ord3049
ord3243
ord3362
ord4815
ord3231
ord3366
ord3052
ord3166
ord3046
ord3534
ord4082
ord4083
ord4077
ord3164
ord4371
ord4983
ord4770
ord3916
ord1426
ord2752
ord4214
ord1063
ord659
ord1562
ord1647
ord1441
ord2856
ord6050
ord621
ord4436
ord4523
ord2676
ord1677
ord1463
ord3790
ord3830
ord286
ord1574
ord2427
ord3740
ord1284
ord5887
ord2979
ord1287
ord2846
ord4473
ord5719
ord2408
ord287
ord620
ord1122
ord3873
ord568
ord5950
ord1483
ord6880
ord1355
ord626
ord5935
ord6886
ord1126
ord1040
ord624
ord1006
ord4721
ord6887

msvcrt

__RTDynamicCast
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
__CxxFrameHandler3
_vsnwprintf
_wtoi64
_wcsnicmp
wcschr
calloc
iswspace
wcsstr
wcsncmp
_purecall
??_V@YAXPEAX@Z
malloc
free
__C_specific_handler
__CxxFrameHandler4
_wcsicmp
memset

atl

ord16
ord21
ord15
ord18
ord22
ord32

ntdll

RtlCaptureContext
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlLookupFunctionEntry
RtlVirtualUnwind

advapi32

RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
GetLengthSid
CopySid
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeAcl
AddAccessAllowedAce
EnumServicesStatusW
RegDeleteValueW
GetUserNameW
RegConnectRegistryW
IsWellKnownSid
RevertToSelf
MapGenericMask
AllocateAndInitializeSid
MakeSelfRelativeSD
FreeSid
GetSecurityDescriptorLength
GetSecurityDescriptorControl
LsaFreeMemory
LsaClose
LsaSetSystemAccessAccount
LsaGetSystemAccessAccount
LsaCreateAccount
LsaOpenAccount
GetSidSubAuthority
GetSidSubAuthorityCount
LsaLookupNames
LsaOpenPolicy

user32

SetWindowsHookExW
GetWindowThreadProcessId
FindWindowExW
GetDlgCtrlID
GetSystemMetrics
GetWindowRect
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
EnumThreadWindows
IsWindowVisible
GetDesktopWindow
GetFocus
GetWindowLongW
SetActiveWindow
SetWindowTextW
GetClientRect
ShowWindow
MessageBoxW
PostMessageW
GetParent
LoadImageW
UnhookWindowsHookEx
GetActiveWindow
LoadBitmapW
WinHelpW
EnableWindow
SetDlgItemTextW
EndDialog
GetWindowLongPtrW
GetDlgItemTextW
IsDlgButtonChecked
SetFocus
SetWindowLongPtrW
GetDlgItem
SendMessageW
RegisterClipboardFormatW
LoadStringW
DialogBoxParamW
LoadIconW
CallNextHookEx

version

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

gdi32

DeleteObject

cfgmgr32

CM_Disconnect_Machine
CM_Connect_MachineW
CM_Set_HW_Prof_Flags_ExW
CM_Get_HW_Prof_Flags_ExW

kernel32

GetModuleFileNameW
GetCurrentThreadId
MultiByteToWideChar
GetLastError
GetProcAddress
GetModuleHandleW
SetLastError
OutputDebugStringA
DeactivateActCtx
LoadLibraryW
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
GetModuleHandleExW
QueryActCtxW
GetCurrentProcess
lstrcmpiW
CreateThread
WaitForSingleObject
DuplicateHandle
GetSystemWindowsDirectoryW
GlobalLock
GlobalUnlock
ResolveDelayLoadedAPI
DelayLoadFailureHook
EnterCriticalSection
CloseHandle
GetCurrentThread
InitializeCriticalSection
DeleteCriticalSection
FormatMessageW
LocalFree
LeaveCriticalSection
Sleep
ResumeThread
LocalAlloc
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
ReleaseActCtx
lstrlenW
CreateProcessW
GetExitCodeProcess
GetComputerNameExW
CreateEventW
GlobalFree
SetEvent
GlobalAlloc
LoadLibraryExW
GetCommandLineW
FreeLibrary
CompareStringW
GetComputerNameW
WideCharToMultiByte
lstrcmpW

Exports

Exports

CacheSettingsDlg
CacheSettingsDlg2
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 240KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
findnetprinters.dll
.dll regsvr32 windows:10 windows x64 arch:x64

48d092899c34ee5c736d0a163369f4e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

findnetprinters.pdb

Imports

msvcrt

_onexit
__dllonexit
_unlock
memset
_purecall
time
_vsnwprintf
_lock
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
free
_callnewh
malloc
_wcslwr
_wcsicmp
iswprint
memcpy
__CxxFrameHandler3
sqrt

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
TpReleaseAlpcCompletion
TpWaitForAlpcCompletion
TpReleaseIoCompletion
TpReleasePool
TpCallbackMayRunLong
TpSetWait
RtlNtStatusToDosError
TpAllocWait
TpWaitForWork
TpReleaseWork
TpWaitForWait
TpReleaseWait
TpWaitForTimer
TpReleaseTimer
TpWaitForIoCompletion

kernel32

CreateMutexW
GetLastError
CreateThread
ReleaseMutex
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CloseHandle
DisableThreadLibraryCalls
HeapFree
GetProcessHeap
SleepConditionVariableSRW
WakeAllConditionVariable
WideCharToMultiByte
SetThreadpoolTimer
SetEvent
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetModuleHandleExW
CreateEventW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObject
CreateSemaphoreW
ReleaseSemaphore
WaitForMultipleObjects
GetPrivateProfileStringW
GetSystemDirectoryW
GetPrivateProfileIntW
EnterCriticalSection

user32

PeekMessageW
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageW

advapi32

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shlwapi

ord211
ord209
ord210
ord219
ord208

oleaut32

SysFreeString
SysAllocString

ws2_32

WSAGetLastError
WSACleanup
inet_addr
closesocket
socket
WSAStartup

iphlpapi

GetNumberOfInterfaces
GetIpAddrTable

wsnmp32

ord205
ord107
ord105
ord501
ord500
ord600
ord300
ord201
ord903
ord302
ord204
ord602
ord504
ord900
ord402
ord400
ord220
ord103
ord101
ord999
ord200
ord203
ord301
ord604
ord906
ord603

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fingerprintcredential.dll
.dll windows:10 windows x64 arch:x64

44702307a33e4d0bcfe6599cc7314ade

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fingerprintcredential.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o_free
_o_malloc
_o_wcscpy_s
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o__crt_atexit
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_narrow_argv
_o__cexit
_o__callnewh
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
LoadStringW
FindResourceExW
GetModuleHandleW
SizeofResource
LockResource
LoadResource
GetModuleHandleExA
GetModuleHandleExW
DisableThreadLibraryCalls

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer
EventSetInformation

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
ReleaseSRWLockShared
CreateSemaphoreExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
DeleteCriticalSection
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-security-base-l1-1-0

GetLengthSid
IsValidSid
EqualDomainSid
CopySid

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoGetMalloc
CoTaskMemFree
CoTaskMemAlloc

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-credentials-l1-1-0

CredProtectW
CredIsProtectedW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

samcli

NetUserModalsGet

netutils

NetApiBufferFree

rpcrt4

RpcRevertToSelfEx

wkscli

NetGetJoinInformation

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

ntdll

RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fltLib.dll
.dll windows:10 windows x64 arch:x64

a2e518fe01113dc26ecd0b434e4fd20d

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:2d:bc:f0:71:d5:76:7c:fb:9d:8f:a6:75:74:6a:35:50:1c:81:9f:1d:f4:d9:18:5a:5e:96:78:f4:08:0d:63
Signer

Actual PE Digest

04:2d:bc:f0:71:d5:76:7c:fb:9d:8f:a6:75:74:6a:35:50:1c:81:9f:1d:f4:d9:18:5a:5e:96:78:f4:08:0d:63

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fltLib.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o___std_type_info_destroy_list
_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
memcpy
_o_wcscat_s
_o_wcscpy_s
__C_specific_handler
_o__seh_filter_dll

api-ms-win-crt-string-l1-1-0

memset

ntdll

NtFsControlFile
DbgPrint
RtlInitUnicodeString
RtlAllocateHeap
RtlFreeHeap
NtCreateFile
RtlLookupFunctionEntry
RtlCaptureContext
NtWaitForSingleObject
RtlVirtualUnwind
NtDeviceIoControlFile
RtlNtStatusToDosError

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

Exports

Exports

FilterAttach
FilterAttachAtAltitude
FilterClose
FilterConnectCommunicationPort
FilterCreate
FilterDetach
FilterFindClose
FilterFindFirst
FilterFindNext
FilterGetDosName
FilterGetInformation
FilterGetMessage
FilterInstanceClose
FilterInstanceCreate
FilterInstanceFindClose
FilterInstanceFindFirst
FilterInstanceFindNext
FilterInstanceGetInformation
FilterLoad
FilterReplyMessage
FilterSendMessage
FilterUnload
FilterVolumeClose
FilterVolumeFindClose
FilterVolumeFindFirst
FilterVolumeFindNext
FilterVolumeInstanceFindClose
FilterVolumeInstanceFindFirst
FilterVolumeInstanceFindNext

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fmapi.dll
.dll windows:10 windows x64 arch:x64

263c10c599fece235fd961ae69617c3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fmapi.pdb

Imports

msvcrt

__dllonexit
_unlock
_lock
_initterm
free
_amsg_exit
_XcptFilter
memmove
memcpy
_onexit
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
??1type_info@@UEAA@XZ
memcmp
__CxxFrameHandler3
__C_specific_handler
wcsncmp
wcscpy_s
_wcsicmp
memcpy_s
wcschr
_purecall
??3@YAXPEAX@Z
_vsnwprintf
memset

kernel32

GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
GetVersionExW
DebugBreak
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
SetFilePointerEx
DeviceIoControl
ReadFile
DeleteCriticalSection
WriteFile
CreateFileW
GetLastError
DeleteFileW
CloseHandle
MultiByteToWideChar
DosDateTimeToFileTime
SetLastError
LeaveCriticalSection

user32

CharUpperW

advapi32

GetTraceEnableFlags
RegCloseKey
RegOpenKeyExW
GetTraceLoggerHandle
TraceMessage
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids

ntdll

RtlDecompressBuffer

Exports

Exports

CloseFileRestoreContext
CreateFileRestoreContext
DetectBootSector
DetectEncryptedVolume
DetectEncryptedVolumeEx
RestoreFile
ScanRestorableFiles
SupplyDecryptionInfo

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fmifs.dll
.dll windows:10 windows x64 arch:x64

a0ad85b30697340de9c15c2769126dd1

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

df:e0:9e:d6:fc:bd:3a:a1:83:2d:cb:86:8e:fc:3a:1f:a3:48:78:bc:87:23:b0:4c:f0:70:46:67:c1:ce:8d:d0
Signer

Actual PE Digest

df:e0:9e:d6:fc:bd:3a:a1:83:2d:cb:86:8e:fc:3a:1f:a3:48:78:bc:87:23:b0:4c:f0:70:46:67:c1:ce:8d:d0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fmifs.pdb

Imports

msvcrt

memcmp
memcpy
memset
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
__C_specific_handler
malloc
free
realloc
memmove_s
_purecall
swscanf
memcpy_s
_vsnwprintf

ntdll

RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlNtStatusToDosError
NtClose
NtSetVolumeInformationFile
NtOpenFile
NtOpenSymbolicLinkObject
RtlEqualUnicodeString
NtQuerySymbolicLinkObject
RtlInitUnicodeString
RtlPrefixUnicodeString
NtOpenDirectoryObject
NtFsControlFile
NtQueryDirectoryObject
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlAllocateHeap
RtlFreeHeap

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameW
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleExW
FreeLibrary
LoadLibraryExW
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
OpenSemaphoreW
ReleaseSRWLockShared
LeaveCriticalSection
ReleaseSemaphore
WaitForSingleObject
CreateMutexExW
EnterCriticalSection
CreateSemaphoreExW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseMutex
DeleteCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetErrorMode
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventlog-legacy-l1-1-0

ReportEventW
DeregisterEventSource
RegisterEventSourceW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

ulib

?Stricmp@WSTRING@@QEBAJPEBV1@KKKK@Z
?Initialize@WSTRING@@QEAAEPEBV1@KK@Z
?SetLoggingEnabled@MESSAGE@@QEAAXE@Z
?IsLoggingEnabled@MESSAGE@@QEAAEXZ
?DisplayMsg@MESSAGE@@QEAAEK@Z
?Strupr@WSTRING@@QEAAPEAV1@XZ
?GetWSTR@WSTRING@@QEBAPEBGXZ
?QueryChAt@WSTRING@@QEBAGK@Z
?QueryResourceStringV@BASE_SYSTEM@@SAEPEAVWSTRING@@KPEBDPEAD@Z
?LogMessage@MESSAGE@@QEAAEPEBVWSTRING@@@Z
?QuerySTR@WSTRING@@QEBAPEADKKPEADKE@Z
?SPrintfAppend@DSTRING@@UEAAEPEBGZZ
?SPrintf@DSTRING@@UEAAEPEBGZZ
?NewBuf@DSTRING@@UEAAEK@Z
?Resize@DSTRING@@UEAAEK@Z
?QueryMemberCount@ARRAY@@UEBAKXZ
?QueryIterator@ARRAY@@UEBAPEAVITERATOR@@XZ
?Put@ARRAY@@UEAAEPEAVOBJECT@@@Z
?Initialize@ARRAY@@QEAAEKK@Z
??1ARRAY@@UEAA@XZ
??0ARRAY@@QEAA@XZ
?Strcmp@WSTRING@@QEBAJPEBV1@KKKK@Z
?InsertString@WSTRING@@QEAAEKPEBV1@KK@Z
?DeleteChAt@WSTRING@@QEAAXKK@Z
?QueryNumber@WSTRING@@QEBAEPEAJKK@Z
?QueryString@WSTRING@@QEBAPEAV1@KK@Z
??9WSTRING@@QEBAEAEBV0@@Z
??0HMEM@@QEAA@XZ
?Initialize@WSTRING@@QEAAEXZ
??1HMEM@@UEAA@XZ
?QueryChCount@WSTRING@@QEBAKXZ
?Stricmp@WSTRING@@QEBAJPEBV1@@Z
??8WSTRING@@QEBAEAEBV0@@Z
?Initialize@WSTRING@@QEAAEPEBDK@Z
?Initialize@WSTRING@@QEAAEPEBGK@Z
?QueryWSTR@WSTRING@@QEBAPEAGKKPEAGKE@Z
?Strcat@WSTRING@@QEAAEPEBV1@@Z
?QueryLibraryEntryPoint@SYSTEM@@SAP6A_JXZPEBVWSTRING@@0PEAPEAX@Z
?FreeLibraryHandle@SYSTEM@@SAXPEAX@Z
?IsStorageDaxCapable@SYSTEM@@SAEPEBVWSTRING@@PEAE@Z
??0DSTRING@@QEAA@XZ
??1DSTRING@@UEAA@XZ
?SetClassDescriptor@OBJECT@@IEAAXPEBVCLASS_DESCRIPTOR@@@Z
??0MESSAGE@@QEAA@XZ
??1MESSAGE@@UEAA@XZ
?Initialize@MESSAGE@@QEAAEXZ
?IsYesResponse@MESSAGE@@UEAAEE@Z
?QueryStringInput@MESSAGE@@UEAAEPEAVWSTRING@@@Z
?IsInAutoChk@MESSAGE@@UEAAEXZ
?IsInSetup@MESSAGE@@UEAAEXZ
?IsKeyPressed@MESSAGE@@UEAAEKK@Z
?WaitForUserSignal@MESSAGE@@UEAAEXZ
?SelectResponse@MESSAGE@@UEAAKKZZ
?SetDotsOnly@MESSAGE@@UEAAEE@Z
?Compare@OBJECT@@UEBAJPEBV1@@Z
?DebugDump@OBJECT@@UEBAXE@Z
?Strcat@WSTRING@@QEAAEPEBG@Z
?Initialize@HMEM@@QEAAEXZ
?Resize@HMEM@@QEAAEKK@Z
?DisplayMsg@MESSAGE@@QEAAEKPEBDZZ
?Log@MESSAGE@@QEAAEPEBDZZ
?QueryPackedLog@MESSAGE@@QEAAEPEAVHMEM@@PEAK@Z
??0PATH@@QEAA@XZ
?Initialize@PATH@@QEAAEPEBVWSTRING@@E@Z
?Initialize@PATH@@QEAAEPEBGE@Z
??1PATH@@UEAA@XZ
?IsDrive@PATH@@QEBAEXZ
?AppendString@PATH@@QEAAEPEBVWSTRING@@@Z
?AnalyzePath@PATH@@QEAA?AW4PATH_ANALYZE_CODE@@PEAVWSTRING@@PEAV1@0@Z
?QueryDriveType@SYSTEM@@SA?AW4DRIVE_TYPE@@PEBVWSTRING@@@Z
?QueryNextLibraryEntryPoint@SYSTEM@@SAP6A_JXZPEAXPEBVWSTRING@@@Z
?SqmExportOnError@SQMEXPORT@@SAXKKEE_KU_GUID@@@Z
??0CLASS_DESCRIPTOR@@QEAA@XZ
?Strcmp@WSTRING@@QEBAJPEBV1@@Z
?Initialize@CLASS_DESCRIPTOR@@QEAAEPEBD@Z
?IsSuppressedMessage@MESSAGE@@UEAAEE@Z

ifsutil

InvalidateFve
NotifyFveAfterFormat
GetDefaultFileSystemIfs
?QueryUdfMediaNeedsLowLevelFormat@DP_DRIVE@@QEAAEXZ
?QueryNtfsSupportInfo@DP_DRIVE@@SAJPEAXPEAE@Z
?QuerySectors@DP_DRIVE@@UEBA?AVBIG_INT@@XZ
?QuerySectorSize@DP_DRIVE@@UEBAKXZ
?Initialize@DP_DRIVE@@QEAAEPEBVWSTRING@@PEAVMESSAGE@@EE@Z
??1DP_DRIVE@@UEAA@XZ
??0DP_DRIVE@@QEAA@XZ
?EnableVolumeIntegrity@IFS_SYSTEM@@SAEPEBVWSTRING@@G@Z
?DosDriveNameToNtDriveName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@@Z
?QueryFileSystemName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@PEAJ1@Z
GetDefaultFileSystemIfs2
?QueryDriveType@DP_DRIVE@@QEBA?AW4DRIVE_TYPE@@XZ
?ClearMachineSpecificFileSystemState@DP_DRIVE@@QEAAKXZ
?CreateFileSystemRegistryKey@DP_DRIVE@@QEAAKKW4_FMIFS_CREATE_PMFSS_FLAGS@@PEAU_GUID@@PEAPEAUHKEY__@@@Z
?QueryID@DP_DRIVE@@QEAAEPEAU_GUID@@PEBVWSTRING@@@Z
?GetVolumeSnapshot@SNAPSHOT@@SAJPEAVWSTRING@@PEAPEAV1@@Z
?NtDriveNameToDosDriveName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@@Z
?NtDeviceNameToDosDriveName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@@Z
?QueryCorruptionState@IFS_SYSTEM@@SAEPEAVWSTRING@@PEAKPEAEPEAJ@Z
?QueryID@DP_DRIVE@@QEAAEPEAVWSTRING@@PEBV2@@Z
?IsBootCriticalVolume@DP_DRIVE@@QEAAEXZ
??0LOG_IO_DP_DRIVE@@QEAA@XZ
?Initialize@LOG_IO_DP_DRIVE@@QEAAEPEBVWSTRING@@PEAVMESSAGE@@E@Z
??0MOUNT_POINT_MAP@@QEAA@XZ
??1MOUNT_POINT_MAP@@UEAA@XZ
?Initialize@MOUNT_POINT_MAP@@QEAAEXZ
?AddVolumeName@MOUNT_POINT_MAP@@QEAAEPEAVWSTRING@@0@Z
?AddDriveName@MOUNT_POINT_MAP@@QEAAEPEAVWSTRING@@0@Z
?QueryVolumeName@MOUNT_POINT_MAP@@QEAAEPEAVWSTRING@@0@Z
?QueryDriveName@MOUNT_POINT_MAP@@QEAAEPEAVWSTRING@@0@Z
?GetAt@MOUNT_POINT_MAP@@QEAAEKPEAVWSTRING@@0@Z
?GetSnapshotNtDeviceName@SNAPSHOT@@QEAAPEAGXZ
?QuerySnapshotDiffAreaVolume@SNAPSHOT@@QEAAEPEAVWSTRING@@@Z
?ReleaseVolumeSnapshot@SNAPSHOT@@SAEPEAV1@@Z
QueryPersistRegistryKeyValueWithFallback
?IsFatalError@SNAPSHOT@@SAEJ@Z
?GetSnapshotErrorMessage@SNAPSHOT@@SAEJPEAVWSTRING@@@Z
?IsVolumeDirty@IFS_SYSTEM@@SAEPEAVWSTRING@@PEAE1PEAJ@Z
?QueryVolumeSize@IFS_SYSTEM@@SAEPEBVWSTRING@@PEA_K@Z
?GetCurrentSnapshot@SNAPSHOT@@SAPEAV1@XZ

Exports

Exports

Chkdsk
ChkdskEx
ClearPerMachineFileSystemState
ComputeFmMediaType
CreatePerMachineFileSystemStateKey
DiskCopy
EnableVolumeCompression
EnableVolumeIntegrity
Extend
Format
FormatEx
FormatEx2
FreeCorruptionInfo
GetCorruptionInfoClose
GetDefaultFileSystem
GetDefaultFileSystem2
GetFirstCorruptionInfo
GetFsFormatOptions
GetNextCorruptionInfo
QueryAvailableFileSystemFormat
QueryCorruptionState
QueryCorruptionStateByHandle
QueryDeviceInformation
QueryDeviceInformationByHandle
QueryFileSystemName
QueryIsDiskCheckScheduledForNextBoot
QueryLatestFileSystemVersion
QuerySupportedMedia
SetLabel

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fms.dll
.dll windows:10 windows x64 arch:x64

d1a8126525bd04b99a608bd2972d9fa4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fms.pdb

Imports

msvcrt

_initterm
_amsg_exit
_XcptFilter
__C_specific_handler
wcsncpy_s
swprintf_s
wcscat_s
_wtoi
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
realloc
__CxxFrameHandler3
memset
_onexit
_purecall
wcsstr
wcschr
wcsncmp
malloc
_wcsnicmp
free
wcscpy_s
wcsnlen
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
memcpy_s
_vsnwprintf
__CxxFrameHandler4
memcmp
wcscmp

kernel32

DelayLoadFailureHook
FileTimeToSystemTime
ResolveDelayLoadedAPI
GetTickCount
GetModuleFileNameA
HeapFree
GetModuleHandleExW
GetCurrentThreadId
FormatMessageW
DisableThreadLibraryCalls
HeapAlloc
GetProcAddress
GetProcessHeap
GetModuleHandleW
DebugBreak
WaitForMultipleObjects
CompareStringOrdinal
WaitForSingleObject
ReleaseMutex
LCIDToLocaleName
GetLastError
CloseHandle
CreateMutexExW
CloseThreadpoolWork
GetThreadPreferredUILanguages
WaitForThreadpoolWorkCallbacks
CallbackMayRunLong
CreateEventW
GetThreadUILanguage
SetEvent
SubmitThreadpoolWork
LocaleNameToLCID
CreateThreadpoolWork
InitOnceBeginInitialize
CreateSemaphoreExW
SetLastError
ReleaseSemaphore
ReleaseSRWLockExclusive
OutputDebugStringW
InitOnceComplete
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
GetCurrentProcessId
IsDebuggerPresent
GetLocaleInfoEx
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetACP
ExpandEnvironmentStringsW
MulDiv
EnumSystemLocalesEx
LCMapStringW
ReadFile
GetFileSizeEx
WriteFile
CreateFileW
SetFilePointerEx
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter

advapi32

EventUnregister
EventRegister
EventWriteTransfer
RegNotifyChangeKeyValue
EventActivityIdControl
RegCloseKey
EventSetInformation
RegEnumValueW
RegGetValueW
RegCreateKeyExW
RegDeleteKeyValueW
RegQueryInfoKeyW
RegDeleteKeyExW
RegSetKeyValueW
RegOpenKeyExW

user32

ReleaseDC
LoadStringW
SendNotifyMessageW
GetKeyboardLayoutList
GetDC

shlwapi

PathRemoveFileSpecW
PathFindFileNameW

gdi32

GetDeviceCaps
SetGraphicsMode
EnumFontFamiliesExW
TranslateCharsetInfo
GetFontRealizationInfo
GetFontData
GetTextMetricsW
GetFontFileInfo
SelectObject
CreateFontIndirectW
DeleteObject

bcp47langs

IsTransientLcid

Exports

Exports

FmsActivateFonts
FmsAddFilter
FmsDeactivateFonts
FmsFreeEnumerator
FmsGetBestMatchInFamily
FmsGetCurrentFilter
FmsGetDirectWriteLogFont
FmsGetFilteredFontList
FmsGetFilteredPropertyList
FmsGetFontAutoActivationMode
FmsGetFontProperty
FmsGetGDILogFont
FmsGetGdiLogicalFont
FmsInitializeEnumerator
FmsMapGdiLogicalFont
FmsMapLogicalFont
FmsResetEnumerator
FmsResetFontsActivationState
FmsSetDefaultFilter
FmsSetFilter
FmsSetFontAutoActivationMode
FmsSetTextFilter
FmsToggleOnDesignAxis

Sections

.text
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fontext.dll
.dll windows:10 windows x64 arch:x64

4dc3812959807b4b5ed7cb2d1229cae5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fontext.pdb

Imports

msvcrt

memcmp
_CxxThrowException
_vsnwprintf
__CxxFrameHandler3
memmove
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
_initterm
malloc
free
_amsg_exit
_XcptFilter
bsearch_s
_wcsnset_s
wcsstr
_wtoi
wcstok_s
_wcsicmp
__C_specific_handler
iswxdigit
wcschr
swprintf_s
memcpy_s
memcpy
memmove_s
_stricmp
_strcmpi
_vsnprintf
memset

propsys

VariantCompare
VariantToPropVariant
PropVariantToVariant
PSGetPropertyFromPropertyStorage
PSPropertyBag_ReadType
PSPropertyBag_ReadInt
InitPropVariantFromStringVector
InitPropVariantFromFileTime
PSCreateMemoryPropertyStore
VariantGetStringElem
VariantGetElementCount
PSFormatForDisplay
PSPropertyBag_ReadStr

shell32

ord155
SHBindToParent
ord19
ord17
SHGetPathFromIDListW
SHGetFolderPathW
ord256
ord702
SHCreateShellItemArrayFromIDLists
SHParseDisplayName
ord25
ord701
SHCreateDataObject
ord16
SHGetIconOverlayIndexW
SHCreateDefaultContextMenu
SHGetSpecialFolderLocation
SHGetKnownFolderPath
ord680
ord727
ord152
ShellExecuteExW
SHChangeNotify
AssocCreateForClasses
ord18
SHBindToObject
ord763

shlwapi

PathFindFileNameA
ord204
ord156
ord618
ord24
ord514
PathRemoveExtensionA
ord197
ord12
ord639
ord174
ord215
ord16
StrDupW
StrStrW
PathRenameExtensionW
AssocCreate
ord158
ord538
ord172
ord176
ord256
PathFileExistsW
PathCompactPathExW
StrChrW
PathStripPathW
ord619
ord268
ord199
PathRemoveFileSpecA
StrRetToBufW
PathFindExtensionW
PathRemoveFileSpecW
PathRemoveExtensionW
PathCombineW
PathIsPrefixW
SHCreateStreamOnFileW
ord219
PathAppendW
PathAddBackslashW
PathStripToRootW
PathIsUNCW
SHStrDupW
PathFindFileNameW

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
LoadLibraryExW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW
LockResource
LoadStringW
GetProcAddress
DisableThreadLibraryCalls
LoadResource
FindResourceExW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseMutex
WaitForSingleObjectEx
AcquireSRWLockExclusive
CreateMutexExW
ReleaseSRWLockExclusive
LeaveCriticalSection
InitializeCriticalSectionEx
CreateSemaphoreExW
ReleaseSemaphore
OpenSemaphoreW
DeleteCriticalSection
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
OpenProcessToken
GetCurrentProcess
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoW
IsDBCSLeadByte
GetLocaleInfoEx

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

CompareFileTime
FindNextFileW
CreateDirectoryW
CreateFileW
ReadFile
SetFilePointer
FindFirstFileW
CreateFileA
GetFileSize
SetEndOfFile
GetDriveTypeW
FindClose
GetDiskFreeSpaceExW
DeleteFileW
SetFileAttributesW
GetFileAttributesW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-security-base-l1-1-0

DuplicateToken
SetSecurityDescriptorDacl
AccessCheck
GetFileSecurityW
MapGenericMask
InitializeSecurityDescriptor
CreateWellKnownSid

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
CompareStringEx
MultiByteToWideChar
CompareStringW

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal
CoTaskMemRealloc
CoGetMalloc
StringFromGUID2
PropVariantClear
CoCreateInstance
CoUninitialize
CoInitializeEx

mpr

WNetGetConnectionW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventRegister
EventActivityIdControl
EventWriteTransfer

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-synch-l1-2-0

InitOnceComplete
WakeAllConditionVariable
Sleep
InitOnceBeginInitialize
SleepConditionVariableSRW

api-ms-win-core-heap-l2-1-0

GlobalFree
GlobalAlloc
LocalFree
LocalAlloc

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegEnumValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

oleaut32

SysAllocString
VariantClear
VariantInit

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount
GetSystemTime
GetSystemTimeAsFileTime

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW
SetEntriesInAclW

gdi32

AddFontResourceW
RemoveFontResourceW
DeleteObject
EnumFontFamiliesExW
AddFontResourceExW
GetFontResourceInfoW
GetDeviceCaps
CreateSolidBrush
CreateCompatibleDC
DeleteDC
SetTextAlign
SetTextColor
SetBkColor
CreateFontIndirectW
SelectObject
GetTextExtentPoint32W
GetTextMetricsW
MoveToEx
LineTo
GetTextExtentPointI
ExtTextOutW
GetTextExtentExPointI
GetTextExtentExPointW
GetLayout
GetGlyphIndicesW
CreateDIBSection
RemoveFontResourceExW
SetBkMode
GetTextCharsetInfo

kernel32

ReleaseActCtx
LZOpenFileW
LZClose
CreateFileMappingA
LZRead
LZSeek
_lopen
lstrcmpW
lstrlenW
MulDiv
GlobalSize
QueryActCtxW
CreateActCtxW
FindActCtxSectionStringW
ActivateActCtx
DeactivateActCtx
GlobalUnlock
lstrcmpiA
GlobalLock
_lclose

ntdll

EtwLogTraceEvent
WinSqmAddToStream
EtwEventWriteTransfer

ole32

ReleaseStgMedium
CoGetObject
CreateBindCtx

user32

GetMessageW
PeekMessageW
GetSysColorBrush
GetParent
GetDlgItem
CreateDialogParamW
DrawTextW
DefWindowProcW
InvalidateRect
ScrollWindowEx
SetRect
SetScrollInfo
GetClientRect
EndPaint
IsDialogMessageW
BeginPaint
TranslateMessage
DispatchMessageW
SetWindowTextW
ShowWindow
SendMessageW
LoadImageW
SetWindowLongPtrW
GetWindowLongPtrW
DrawIconEx
FillRect
CreateWindowExW
RegisterClassW
GetFocus
SetWindowPos
UnregisterClassW
DestroyWindow
DestroyIcon
MessageBoxW
ReleaseDC
GetDC
GetDesktopWindow
PostMessageW
DrawTextExW
GetSystemMetrics
GetActiveWindow
RegisterClipboardFormatW
GetWindowRect
MoveWindow
InsertMenuItemW
LoadCursorW
SetCursor
SetMenuItemInfoW
GetMenuItemInfoW
SetPropW
GetPropW
SetTimer
KillTimer
RemovePropW

uxtheme

BufferedPaintInit
EndBufferedPaint
BeginBufferedPaint
BufferedPaintUnInit

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DownloadAndInstallOptionalFontsAsync
InstallFontFile

Sections

.text
Size: 212KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 660KB - Virtual size: 659KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fontgroupsoverride.dll
.dll windows:10 windows x64 arch:x64

934a8180cf993111a93de86421469ae6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fontgroupsoverride.pdb

Imports

api-ms-win-core-crt-l2-1-0

_initterm
_initterm_e

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-crt-l1-1-0

__C_specific_handler

Exports

Exports

GetFontOverrides

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fontsub.dll
.dll windows:10 windows x64 arch:x64

3afaaefbff467ddd4361bbf68b53f93a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fontsub.pdb

Imports

msvcrt

memcpy_s
_vsnwprintf
??3@YAXPEAX@Z
memset
_onexit
_purecall
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
qsort
bsearch
realloc
__dllonexit
_XcptFilter
memcmp
memcpy
memmove
strcmp

kernel32

GetLastError
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleExA
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
CreateMutexExW
GetProcAddress
HeapAlloc
CloseHandle
OpenSemaphoreW
GetModuleFileNameA
InitOnceBeginInitialize
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
ReleaseMutex
FormatMessageW
WaitForSingleObjectEx
ReleaseSRWLockExclusive
OutputDebugStringW
InitOnceComplete
AcquireSRWLockExclusive

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventActivityIdControl
EventRegister
EventWriteTransfer

Exports

Exports

CreateFontPackage
MergeFontPackage

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fphc.dll
.dll regsvr32 windows:10 windows x64 arch:x64

f141447386e22cdd8e1beab6f1468c74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fphc.pdb

Imports

msvcrt

??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
wcsnlen
_vscwprintf
?what@exception@@UEBAPEBDXZ
wcsstr
_callnewh
memmove_s
wcsncmp
_purecall
_vsnwprintf
wcscat_s
wcscpy_s
_CxxThrowException
__CxxFrameHandler3
memcpy
memcpy_s
memmove
_XcptFilter
_amsg_exit
_initterm
free
malloc
wcsncpy_s
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler4
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_errno
realloc
_lock
_unlock
__dllonexit
_onexit
memset
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
vswprintf_s
wcscmp

oleaut32

RegisterTypeLi
SysAllocString
LoadTypeLi
SysAllocStringLen
UnRegisterTypeLi
VarUI4FromStr
SysFreeString
SysStringLen

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExA
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
SizeofResource
FindResourceExW
LockResource
LoadResource
FreeLibrary
DisableThreadLibraryCalls
LoadStringW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
GetLastError
UnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

GetThreadLocale
SetThreadLocale
FormatMessageW

ntdll

RtlFreeUnicodeString
RtlConvertSidToUnicodeString
RtlTimeToTimeFields
RtlIntegerToUnicodeString
EtwTraceMessage
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlNtStatusToDosError

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlCompareMemory
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA

user32

UnregisterClassA

api-ms-win-core-heap-l1-1-0

HeapSize
HeapReAlloc
GetProcessHeap
HeapFree
HeapAlloc
HeapDestroy

ws2_32

ntohl
ntohs

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-security-sddl-l1-1-0

ConvertSecurityDescriptorToStringSecurityDescriptorW

fwpuclnt

FwpmFilterDestroyEnumHandle0
FwpmProviderContextGetByKey3
FwpmFilterEnum0
FwpmGetAppIdFromFileName0
FwpmEngineOpen0
FwpmFreeMemory0
FwpmNetEventCreateEnumHandle0
IPsecSaContextCreateEnumHandle0
IPsecSaContextEnum1
IkeextSaEnum2
IPsecSaContextDestroyEnumHandle0
IkeextSaDestroyEnumHandle0
FwpmEngineClose0
FwpmFilterGetById0
FwpmProviderGetByKey0
FwpmNetEventEnum5
IkeextSaCreateEnumHandle0
FwpmNetEventDestroyEnumHandle0
FwpmFilterCreateEnumHandle0

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
framedyn.dll
.dll windows:10 windows x64 arch:x64

d3cb325902233fc77d38f1ca3745d21e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

framedyn.pdb

Imports

msvcrt

wcsspn
iswdigit
wcspbrk
wcsrchr
wcsstr
_wcslwr
_wcsrev
wcscspn
swscanf_s
swscanf
?what@exception@@UEBAPEBDXZ
sscanf_s
atol
_vsnprintf
iswspace
_vsnwprintf
wcschr
??1exception@@UEAA@XZ
_wtoi
_wcstoui64
_ui64tow_s
_i64tow_s
??0exception@@QEAA@AEBQEBDH@Z
malloc
??0exception@@QEAA@AEBV0@@Z
_callnewh
free
_wcsupr
_XcptFilter
_amsg_exit
_initterm
__C_specific_handler
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
__CxxFrameHandler3
_wrename
_wunlink
_wtoi64
wcscoll
_onexit
memset
_purecall
_wcsicmp
_wtol
_CxxThrowException
memcmp
memcpy
memmove
wcscmp

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
OpenMutexW
CreateMutexW
SetEvent
DeleteCriticalSection
WaitForSingleObject
EnterCriticalSection
ReleaseMutex
CreateEventW
InitializeCriticalSection

api-ms-win-core-processthreads-l1-1-0

ExitProcess
GetCurrentThread
OpenThreadToken
CreateThread
OpenProcessToken
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-security-base-l1-1-0

GetLengthSid
InitializeAcl
ImpersonateSelf
GetTokenInformation
ImpersonateLoggedOnUser
RevertToSelf
AddAccessAllowedAceEx

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
SetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemTimeAsFileTime
GetTickCount64
GetVersionExA
GetVersionExW
GetTickCount
GetComputerNameExW

api-ms-win-core-file-l1-1-0

CompareFileTime
FileTimeToLocalFileTime
WriteFile
GetFileSizeEx
CreateFileW
SetFilePointer

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-com-l1-1-0

CoCreateInstance
StringFromGUID2
CoLockObjectExternal
CoGetCallContext

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExA

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

sspicli

GetUserNameExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-localization-l1-2-0

FormatMessageW
LCMapStringW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
GetTimeZoneInformation
FileTimeToSystemTime

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegCloseKey
RegDeleteValueW
RegOpenCurrentUser
RegDeleteKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

??0CAutoEvent@@QEAA@XZ
??0CFrameworkQuery@@QEAA@AEBV0@@Z
??0CFrameworkQuery@@QEAA@XZ
??0CFrameworkQueryEx@@QEAA@AEBV0@@Z
??0CFrameworkQueryEx@@QEAA@XZ
??0CHPtrArray@@QEAA@XZ
??0CHString@@QEAA@AEBV0@@Z
??0CHString@@QEAA@GH@Z
??0CHString@@QEAA@PEBD@Z
??0CHString@@QEAA@PEBE@Z
??0CHString@@QEAA@PEBG@Z
??0CHString@@QEAA@PEBGH@Z
??0CHString@@QEAA@XZ
??0CHStringArray@@QEAA@XZ
??0CInstance@@QEAA@AEBV0@@Z
??0CInstance@@QEAA@PEAUIWbemClassObject@@PEAVMethodContext@@@Z
??0CObjectPathParser@@QEAA@W4ObjectParserFlags@@@Z
??0CRegistry@@QEAA@AEBV0@@Z
??0CRegistry@@QEAA@XZ
??0CRegistrySearch@@QEAA@AEBV0@@Z
??0CRegistrySearch@@QEAA@XZ
??0CThreadBase@@QEAA@AEBV0@@Z
??0CThreadBase@@QEAA@W4THREAD_SAFETY_MECHANISM@0@@Z
??0CWbemGlueFactory@@QEAA@AEBV0@@Z
??0CWbemGlueFactory@@QEAA@PEAJ@Z
??0CWbemGlueFactory@@QEAA@XZ
??0CWbemProviderGlue@@QEAA@AEBV0@@Z
??0CWbemProviderGlue@@QEAA@PEAJ@Z
??0CWbemProviderGlue@@QEAA@XZ
??0CWinMsgEvent@@QEAA@AEBV0@@Z
??0CWinMsgEvent@@QEAA@XZ
??0CreateMutexAsProcess@@QEAA@PEBG@Z
??0KeyRef@@QEAA@PEBGPEBUtagVARIANT@@@Z
??0KeyRef@@QEAA@XZ
??0MethodContext@@QEAA@AEBV0@@Z
??0MethodContext@@QEAA@PEAUIWbemContext@@PEAVCWbemProviderGlue@@@Z
??0ParsedObjectPath@@QEAA@XZ
??0Provider@@QEAA@AEBV0@@Z
??0Provider@@QEAA@PEBG0@Z
??0ProviderLog@@QEAA@AEBV0@@Z
??0ProviderLog@@QEAA@XZ
??0WBEMTime@@QEAA@AEBU_FILETIME@@@Z
??0WBEMTime@@QEAA@AEBU_SYSTEMTIME@@@Z
??0WBEMTime@@QEAA@AEBUtm@@@Z
??0WBEMTime@@QEAA@AEB_J@Z
??0WBEMTime@@QEAA@QEAG@Z
??0WBEMTime@@QEAA@XZ
??0WBEMTimeSpan@@QEAA@AEBU_FILETIME@@@Z
??0WBEMTimeSpan@@QEAA@AEB_J@Z
??0WBEMTimeSpan@@QEAA@HHHHHHH@Z
??0WBEMTimeSpan@@QEAA@QEAG@Z
??0WBEMTimeSpan@@QEAA@XZ
??0_Lockit@std@@QEAA@XZ
??1CAutoEvent@@QEAA@XZ
??1CFrameworkQuery@@QEAA@XZ
??1CFrameworkQueryEx@@QEAA@XZ
??1CHPtrArray@@QEAA@XZ
??1CHString@@QEAA@XZ
??1CHStringArray@@QEAA@XZ
??1CInstance@@UEAA@XZ
??1CObjectPathParser@@QEAA@XZ
??1CRegistry@@QEAA@XZ
??1CRegistrySearch@@QEAA@XZ
??1CThreadBase@@UEAA@XZ
??1CWbemGlueFactory@@QEAA@XZ
??1CWbemProviderGlue@@QEAA@XZ
??1CWinMsgEvent@@QEAA@XZ
??1CreateMutexAsProcess@@QEAA@XZ
??1KeyRef@@QEAA@XZ
??1MethodContext@@UEAA@XZ
??1ParsedObjectPath@@QEAA@XZ
??1Provider@@UEAA@XZ
??1ProviderLog@@UEAA@XZ
??1_Lockit@std@@QEAA@XZ
??4CAutoEvent@@QEAAAEAV0@AEBV0@@Z
??4CFrameworkQuery@@QEAAAEAV0@AEBV0@@Z
??4CFrameworkQueryEx@@QEAAAEAV0@AEBV0@@Z
??4CHPtrArray@@QEAAAEAV0@AEBV0@@Z
??4CHString@@QEAAAEBV0@AEBV0@@Z
??4CHString@@QEAAAEBV0@D@Z
??4CHString@@QEAAAEBV0@G@Z
??4CHString@@QEAAAEBV0@PEAV0@@Z
??4CHString@@QEAAAEBV0@PEBD@Z
??4CHString@@QEAAAEBV0@PEBE@Z
??4CHString@@QEAAAEBV0@PEBG@Z
??4CHStringArray@@QEAAAEAV0@AEBV0@@Z
??4CInstance@@QEAAAEAV0@AEBV0@@Z
??4CObjectPathParser@@QEAAAEAV0@AEBV0@@Z
??4CRegistry@@QEAAAEAV0@AEBV0@@Z
??4CRegistrySearch@@QEAAAEAV0@AEBV0@@Z
??4CThreadBase@@QEAAAEAV0@AEBV0@@Z
??4CWbemGlueFactory@@QEAAAEAV0@AEBV0@@Z
??4CWbemProviderGlue@@QEAAAEAV0@AEBV0@@Z
??4CWinMsgEvent@@QEAAAEAV0@AEBV0@@Z
??4CreateMutexAsProcess@@QEAAAEAV0@AEBV0@@Z
??4KeyRef@@QEAAAEAU0@AEBU0@@Z
??4MethodContext@@QEAAAEAV0@AEBV0@@Z
??4ParsedObjectPath@@QEAAAEAU0@AEBU0@@Z
??4Provider@@QEAAAEAV0@AEBV0@@Z
??4ProviderLog@@QEAAAEAV0@AEBV0@@Z
??4WBEMTime@@QEAAAEAV0@$$QEAV0@@Z
??4WBEMTime@@QEAAAEAV0@AEBV0@@Z
??4WBEMTime@@QEAAAEBV0@AEBU_FILETIME@@@Z
??4WBEMTime@@QEAAAEBV0@AEBU_SYSTEMTIME@@@Z
??4WBEMTime@@QEAAAEBV0@AEBUtm@@@Z
??4WBEMTime@@QEAAAEBV0@AEB_J@Z
??4WBEMTime@@QEAAAEBV0@QEAG@Z
??4WBEMTimeSpan@@QEAAAEAV0@$$QEAV0@@Z
??4WBEMTimeSpan@@QEAAAEAV0@AEBV0@@Z
??4WBEMTimeSpan@@QEAAAEBV0@AEBU_FILETIME@@@Z
??4WBEMTimeSpan@@QEAAAEBV0@AEB_J@Z
??4WBEMTimeSpan@@QEAAAEBV0@QEAG@Z
??8WBEMTime@@QEBAHAEBV0@@Z
??8WBEMTimeSpan@@QEBAHAEBV0@@Z
??9WBEMTime@@QEBAHAEBV0@@Z
??9WBEMTimeSpan@@QEBAHAEBV0@@Z
??ACHPtrArray@@QEAAAEAPEAXH@Z
??ACHPtrArray@@QEBAPEAXH@Z
??ACHString@@QEBAGH@Z
??ACHStringArray@@QEAAAEAVCHString@@H@Z
??ACHStringArray@@QEBA?AVCHString@@H@Z
??BCHString@@QEBAPEBGXZ
??GWBEMTime@@QEAA?AVWBEMTimeSpan@@AEBV0@@Z
??GWBEMTime@@QEBA?AV0@AEBVWBEMTimeSpan@@@Z
??GWBEMTimeSpan@@QEBA?AV0@AEBV0@@Z
??H@YA?AVCHString@@AEBV0@0@Z
??H@YA?AVCHString@@AEBV0@G@Z
??H@YA?AVCHString@@AEBV0@PEBG@Z
??H@YA?AVCHString@@GAEBV0@@Z
??H@YA?AVCHString@@PEBGAEBV0@@Z
??HWBEMTime@@QEBA?AV0@AEBVWBEMTimeSpan@@@Z
??HWBEMTimeSpan@@QEBA?AV0@AEBV0@@Z
??MWBEMTime@@QEBAHAEBV0@@Z
??MWBEMTimeSpan@@QEBAHAEBV0@@Z
??NWBEMTime@@QEBAHAEBV0@@Z
??NWBEMTimeSpan@@QEBAHAEBV0@@Z
??OWBEMTime@@QEBAHAEBV0@@Z
??OWBEMTimeSpan@@QEBAHAEBV0@@Z
??PWBEMTime@@QEBAHAEBV0@@Z
??PWBEMTimeSpan@@QEBAHAEBV0@@Z
??YCHString@@QEAAAEBV0@AEBV0@@Z
??YCHString@@QEAAAEBV0@D@Z
??YCHString@@QEAAAEBV0@G@Z
??YCHString@@QEAAAEBV0@PEBG@Z
??YWBEMTime@@QEAAAEBV0@AEBVWBEMTimeSpan@@@Z
??YWBEMTimeSpan@@QEAAAEBV0@AEBV0@@Z
??ZWBEMTime@@QEAAAEBV0@AEBVWBEMTimeSpan@@@Z
??ZWBEMTimeSpan@@QEAAAEBV0@AEBV0@@Z
??_7CFrameworkQueryEx@@6B@
??_7CInstance@@6B@
??_7CThreadBase@@6B@
??_7CWbemGlueFactory@@6B@
??_7CWbemProviderGlue@@6BIWbemProviderInit@@@
??_7CWbemProviderGlue@@6BIWbemServices@@@
??_7CWinMsgEvent@@6B@
??_7MethodContext@@6B@
??_7Provider@@6B@
??_7ProviderLog@@6B@
??_FCObjectPathParser@@QEAAXXZ
??_FCThreadBase@@QEAAXXZ
?Add@CHPtrArray@@QEAAHPEAX@Z
?Add@CHStringArray@@QEAAHPEBG@Z
?AddFlushPtr@CWbemProviderGlue@@AEAAXPEAX@Z
?AddKeyRef@ParsedObjectPath@@QEAAHPEAUKeyRef@@@Z
?AddKeyRef@ParsedObjectPath@@QEAAHPEBGPEBUtagVARIANT@@@Z
?AddKeyRefEx@ParsedObjectPath@@QEAAHPEBGPEBUtagVARIANT@@@Z
?AddNamespace@ParsedObjectPath@@QEAAHPEBG@Z
?AddProviderToMap@CWbemProviderGlue@@CAPEAVProvider@@PEBG0PEAV2@@Z
?AddRef@CInstance@@QEAAJXZ
?AddRef@CThreadBase@@QEAAJXZ
?AddRef@CWbemGlueFactory@@UEAAKXZ
?AddRef@CWbemProviderGlue@@UEAAKXZ
?AddRef@MethodContext@@QEAAJXZ
?AddToFactoryMap@CWbemProviderGlue@@KAXPEBVCWbemGlueFactory@@PEAJ@Z
?AllPropertiesAreRequired@CFrameworkQuery@@QEAA_NXZ
?AllocBeforeWrite@CHString@@IEAAXH@Z
?AllocBuffer@CHString@@IEAAXH@Z
?AllocCopy@CHString@@IEBAXAEAV1@HHH@Z
?AllocSysString@CHString@@QEBAPEAGXZ
?Append@CHPtrArray@@QEAAHAEBV1@@Z
?Append@CHStringArray@@QEAAHAEBV1@@Z
?AssignCopy@CHString@@IEAAXHPEBG@Z
?BeginRead@CThreadBase@@QEAAHK@Z
?BeginWrite@CThreadBase@@QEAAHK@Z
?CancelAsyncCall@CWbemProviderGlue@@UEAAJPEAUIWbemObjectSink@@@Z
?CancelAsyncRequest@CWbemProviderGlue@@UEAAJJ@Z
?CheckAndAddToList@CRegistrySearch@@AEAAXPEAVCRegistry@@VCHString@@1AEAVCHPtrArray@@11H@Z
?CheckFileSize@ProviderLog@@AEAAXAEAT_LARGE_INTEGER@@AEBVCHString@@@Z
?CheckImpersonationLevel@CWbemProviderGlue@@CAJXZ
?Clear@WBEMTime@@QEAAXXZ
?Clear@WBEMTimeSpan@@QEAAXXZ
?ClearKeys@ParsedObjectPath@@QEAAXXZ
?Close@CRegistry@@QEAAXXZ
?CloseSubKey@CRegistry@@AEAAXXZ
?Collate@CHString@@QEBAHPEBG@Z
?Commit@CInstance@@QEAAJXZ
?Commit@Provider@@IEAAJPEAVCInstance@@_N@Z
?Compare@CHString@@QEBAHPEBG@Z
?CompareNoCase@CHString@@QEBAHPEBG@Z
?ConcatCopy@CHString@@IEAAXHPEBGH0@Z
?ConcatInPlace@CHString@@IEAAXHPEBG@Z
?Copy@CHPtrArray@@QEAAXAEBV1@@Z
?Copy@CHStringArray@@QEAAXAEBV1@@Z
?CopyBeforeWrite@CHString@@IEAAXXZ
?Create@CWbemGlueFactory@@SAPEAV1@PEAJ@Z
?Create@CWbemGlueFactory@@SAPEAV1@XZ
?CreateClassEnum@CWbemProviderGlue@@UEAAJQEAGJPEAUIWbemContext@@PEAPEAUIEnumWbemClassObject@@@Z
?CreateClassEnumAsync@CWbemProviderGlue@@UEAAJQEAGJPEAUIWbemContext@@PEAUIWbemObjectSink@@@Z
?CreateInstance@CWbemGlueFactory@@UEAAJPEAUIUnknown@@AEBU_GUID@@PEAPEAX@Z
?CreateInstanceEnum@CWbemProviderGlue@@UEAAJQEAGJPEAUIWbemContext@@PEAPEAUIEnumWbemClassObject@@@Z
?CreateInstanceEnum@Provider@@AEAAJPEAVMethodContext@@J@Z
?CreateInstanceEnumAsync@CWbemProviderGlue@@UEAAJQEAGJPEAUIWbemContext@@PEAUIWbemObjectSink@@@Z
?CreateMsgProvider@CWinMsgEvent@@CAXXZ
?CreateMsgWindow@CWinMsgEvent@@CAPEAUHWND__@@XZ
?CreateNewInstance@Provider@@IEAAPEAVCInstance@@PEAVMethodContext@@@Z
?CreateOpen@CRegistry@@QEAAJPEAUHKEY__@@PEBGPEAGKKPEAU_SECURITY_ATTRIBUTES@@PEAK@Z
?CtrlHandlerRoutine@CWinMsgEvent@@CAHK@Z
?DecrementMapCount@CWbemProviderGlue@@KAJPEAJ@Z
?DecrementMapCount@CWbemProviderGlue@@KAJPEBVCWbemGlueFactory@@@Z
?DecrementObjectCount@CWbemProviderGlue@@SAJXZ
?DeleteClass@CWbemProviderGlue@@UEAAJQEAGJPEAUIWbemContext@@PEAPEAUIWbemCallResult@@@Z
?DeleteClassAsync@CWbemProviderGlue@@UEAAJQEAGJPEAUIWbemContext@@PEAUIWbemObjectSink@@@Z
?DeleteCurrentKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBG@Z
?DeleteCurrentKeyValue@CRegistry@@QEAAKPEBG@Z
?DeleteInstance@CWbemProviderGlue@@UEAAJQEAGJPEAUIWbemContext@@PEAPEAUIWbemCallResult@@@Z
?DeleteInstance@Provider@@AEAAJPEAUParsedObjectPath@@JPEAVMethodContext@@@Z
?DeleteInstance@Provider@@MEAAJAEBVCInstance@@J@Z
?DeleteInstanceAsync@CWbemProviderGlue@@UEAAJQEAGJPEAUIWbemContext@@PEAUIWbemObjectSink@@@Z
?DeleteKey@CRegistry@@QEAAJPEAVCHString@@@Z
?DeleteValue@CRegistry@@QEAAJPEBG@Z
?Destroy@CWbemGlueFactory@@QEAAXXZ
?DestroyMsgWindow@CWinMsgEvent@@CAXXZ
?ElementAt@CHPtrArray@@QEAAAEAPEAXH@Z
?ElementAt@CHStringArray@@QEAAAEAVCHString@@H@Z
?Empty@CHString@@QEAAXXZ
?Empty@CObjectPathParser@@AEAAXXZ
?EndRead@CThreadBase@@QEAAXXZ
?EndWrite@CThreadBase@@QEAAXXZ
?EnumerateAndGetValues@CRegistry@@QEAAJAEAKAEAPEAGAEAPEAE@Z
?EnumerateInstances@Provider@@MEAAJPEAVMethodContext@@J@Z
?ExecMethod@CWbemProviderGlue@@UEAAJQEAG0JPEAUIWbemContext@@PEAUIWbemClassObject@@PEAPEAU3@PEAPEAUIWbemCallResult@@@Z
?ExecMethod@Provider@@AEAAJPEAUParsedObjectPath@@PEAGJPEAVCInstance@@2PEAVMethodContext@@@Z
?ExecMethod@Provider@@MEAAJAEBVCInstance@@QEAGPEAV2@2J@Z
?ExecMethodAsync@CWbemProviderGlue@@UEAAJQEAG0JPEAUIWbemContext@@PEAUIWbemClassObject@@PEAUIWbemObjectSink@@@Z
?ExecNotificationQuery@CWbemProviderGlue@@UEAAJQEAG0JPEAUIWbemContext@@PEAPEAUIEnumWbemClassObject@@@Z
?ExecNotificationQueryAsync@CWbemProviderGlue@@UEAAJQEAG0JPEAUIWbemContext@@PEAUIWbemObjectSink@@@Z
?ExecQuery@CWbemProviderGlue@@UEAAJQEAG0JPEAUIWbemContext@@PEAPEAUIEnumWbemClassObject@@@Z
?ExecQuery@Provider@@MEAAJPEAVMethodContext@@AEAVCFrameworkQuery@@J@Z
?ExecQueryAsync@CWbemProviderGlue@@UEAAJQEAG0JPEAUIWbemContext@@PEAUIWbemObjectSink@@@Z
?ExecuteQuery@Provider@@AEAAJPEAVMethodContext@@AEAVCFrameworkQuery@@J@Z
?FillInstance@CWbemProviderGlue@@SAJPEAVCInstance@@PEBG@Z
?FillInstance@CWbemProviderGlue@@SAJPEAVMethodContext@@PEAVCInstance@@@Z
?Find@CHString@@QEBAHG@Z
?Find@CHString@@QEBAHPEBG@Z
?FindOneOf@CHString@@QEBAHPEBG@Z
?Flush@Provider@@MEAAXXZ
?FlushAll@CWbemProviderGlue@@AEAAXXZ
?Format@CHString@@QEAAXIZZ
?Format@CHString@@QEAAXPEBGZZ
?FormatMessageW@CHString@@QEAAXIZZ
?FormatMessageW@CHString@@QEAAXPEBGZZ
?FormatV@CHString@@QEAAXPEBGPEAD@Z
?FrameworkLogin@CWbemProviderGlue@@SAXPEBGPEAVProvider@@0@Z
?FrameworkLoginDLL@CWbemProviderGlue@@SAHPEBG@Z
?FrameworkLoginDLL@CWbemProviderGlue@@SAHPEBGPEAJ@Z
?FrameworkLogoff@CWbemProviderGlue@@SAXPEBG0@Z
?FrameworkLogoffDLL@CWbemProviderGlue@@SAHPEBG@Z
?FrameworkLogoffDLL@CWbemProviderGlue@@SAHPEBGPEAJ@Z
?Free@CObjectPathParser@@QEAAXPEAUParsedObjectPath@@@Z
?FreeExtra@CHPtrArray@@QEAAXXZ
?FreeExtra@CHString@@QEAAXXZ
?FreeExtra@CHStringArray@@QEAAXXZ
?FreeSearchList@CRegistrySearch@@QEAAHHAEAVCHPtrArray@@@Z
?GetAllDerivedInstances@CWbemProviderGlue@@SAJPEBGPEAV?$TRefPointerCollection@VCInstance@@@@PEAVMethodContext@@0@Z
?GetAllDerivedInstancesAsynch@CWbemProviderGlue@@SAJPEBGPEAVProvider@@P6AJ1PEAVCInstance@@PEAVMethodContext@@PEAX@Z034@Z
?GetAllInstances@CWbemProviderGlue@@SAJPEBGPEAV?$TRefPointerCollection@VCInstance@@@@0PEAVMethodContext@@@Z
?GetAllInstancesAsynch@CWbemProviderGlue@@SAJPEBGPEAVProvider@@P6AJ1PEAVCInstance@@PEAVMethodContext@@PEAX@Z034@Z
?GetAllocLength@CHString@@QEBAHXZ
?GetAt@CHPtrArray@@QEBAPEAXH@Z
?GetAt@CHString@@QEBAGH@Z
?GetAt@CHStringArray@@QEBA?AVCHString@@H@Z
?GetBSTR@WBEMTime@@QEBAPEAGXZ
?GetBSTR@WBEMTimeSpan@@QEBAPEAGXZ
?GetBuffer@CHString@@QEAAPEAGH@Z
?GetBufferSetLength@CHString@@QEAAPEAGH@Z
?GetByte@CInstance@@QEBA_NPEBGAEAE@Z
?GetCHString@CInstance@@QEBA_NPEBGAEAVCHString@@@Z
?GetCSDVersion@CWbemProviderGlue@@SAPEBGXZ
?GetClassNameW@CRegistry@@QEAAPEAGXZ
?GetClassObjectInterface@CInstance@@QEAAPEAUIWbemClassObject@@XZ
?GetClassObjectInterface@Provider@@AEAAPEAUIWbemClassObject@@PEAVMethodContext@@@Z
?GetComputerNameW@CWbemProviderGlue@@CAXAEAVCHString@@@Z
?GetCurrentBinaryKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBGPEAEPEAK@Z
?GetCurrentBinaryKeyValue@CRegistry@@QEAAKPEBGAEAVCHString@@@Z
?GetCurrentBinaryKeyValue@CRegistry@@QEAAKPEBGPEAEPEAK@Z
?GetCurrentKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBGAEAK@Z
?GetCurrentKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBGAEAVCHString@@@Z
?GetCurrentKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBGAEAVCHStringArray@@@Z
?GetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAK@Z
?GetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAVCHString@@@Z
?GetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAVCHStringArray@@@Z
?GetCurrentRawKeyValue@CRegistry@@AEAAKPEAUHKEY__@@PEBGPEAXPEAK3@Z
?GetCurrentRawSubKeyValue@CRegistry@@AEAAKPEBGPEAXPEAK2@Z
?GetCurrentSubKeyCount@CRegistry@@QEAAKXZ
?GetCurrentSubKeyName@CRegistry@@QEAAKAEAVCHString@@@Z
?GetCurrentSubKeyPath@CRegistry@@QEAAKAEAVCHString@@@Z
?GetCurrentSubKeyValue@CRegistry@@QEAAKPEBGAEAK@Z
?GetCurrentSubKeyValue@CRegistry@@QEAAKPEBGAEAVCHString@@@Z
?GetCurrentSubKeyValue@CRegistry@@QEAAKPEBGPEAXPEAK@Z
?GetDMTF@WBEMTime@@QEBAPEAGH@Z
?GetDMTFNonNtfs@WBEMTime@@QEBAPEAGXZ
?GetDOUBLE@CInstance@@QEBA_NPEBGAEAN@Z
?GetDWORD@CInstance@@QEBA_NPEBGAEAK@Z
?GetData@CHPtrArray@@QEAAPEAPEAXXZ
?GetData@CHPtrArray@@QEBAPEAPEBXXZ
?GetData@CHString@@IEBAPEAUCHStringData@@XZ
?GetData@CHStringArray@@QEAAPEAVCHString@@XZ
?GetData@CHStringArray@@QEBAPEBVCHString@@XZ
?GetDateTime@CInstance@@QEBA_NPEBGAEAVWBEMTime@@@Z
?GetEmbeddedObject@CInstance@@QEBA_NPEBGPEAPEAV1@PEAVMethodContext@@@Z
?GetEmptyInstance@CWbemProviderGlue@@SAJPEAVMethodContext@@PEBGPEAPEAVCInstance@@1@Z
?GetEmptyInstance@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@0@Z
?GetFILETIME@WBEMTime@@QEBAHPEAU_FILETIME@@@Z
?GetFILETIME@WBEMTimeSpan@@QEBAHPEAU_FILETIME@@@Z
?GetIWBEMContext@MethodContext@@UEAAPEAUIWbemContext@@XZ
?GetInstanceByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@@Z
?GetInstanceFromCIMOM@CWbemProviderGlue@@CAJPEBG0PEAVMethodContext@@PEAPEAVCInstance@@@Z
?GetInstanceKeysByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@@Z
?GetInstancePropertiesByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@AEAVCHStringArray@@@Z
?GetInstancesByQuery@CWbemProviderGlue@@SAJPEBGPEAV?$TRefPointerCollection@VCInstance@@@@PEAVMethodContext@@0@Z
?GetInstancesByQueryAsynch@CWbemProviderGlue@@SAJPEBGPEAVProvider@@P6AJ1PEAVCInstance@@PEAVMethodContext@@PEAX@Z034@Z
?GetKeyString@ParsedObjectPath@@QEAAPEAGXZ
?GetLength@CHString@@QEBAHXZ
?GetLocalComputerName@Provider@@IEAAAEBVCHString@@XZ
?GetLocalInstancePath@Provider@@IEAA_NPEBVCInstance@@AEAVCHString@@@Z
?GetLocalOffsetForDate@WBEMTime@@SAJAEB_J@Z
?GetLocalOffsetForDate@WBEMTime@@SAJPEBU_FILETIME@@@Z
?GetLocalOffsetForDate@WBEMTime@@SAJPEBU_SYSTEMTIME@@@Z
?GetLocalOffsetForDate@WBEMTime@@SAJPEBUtm@@@Z
?GetLongestClassStringSize@CRegistry@@QEAAKXZ
?GetLongestSubKeySize@CRegistry@@QEAAKXZ
?GetLongestValueData@CRegistry@@QEAAKXZ
?GetLongestValueName@CRegistry@@QEAAKXZ
?GetMapCountPtr@CWbemProviderGlue@@KAPEAJPEBVCWbemGlueFactory@@@Z
?GetMethodContext@CInstance@@QEBAPEAVMethodContext@@XZ
?GetNamespace@CFrameworkQuery@@IEAAAEBVCHString@@XZ
?GetNamespace@Provider@@IEAAAEBVCHString@@XZ
?GetNamespaceConnection@CWbemProviderGlue@@SAPEAUIWbemServices@@PEBG@Z
?GetNamespaceConnection@CWbemProviderGlue@@SAPEAUIWbemServices@@PEBGPEAVMethodContext@@@Z
?GetNamespacePart@ParsedObjectPath@@QEAAPEAGXZ
?GetOSMajorVersion@CWbemProviderGlue@@SAKXZ
?GetObject@CWbemProviderGlue@@UEAAJQEAGJPEAUIWbemContext@@PEAPEAUIWbemClassObject@@PEAPEAUIWbemCallResult@@@Z
?GetObject@Provider@@AEAAJPEAUParsedObjectPath@@PEAVMethodContext@@J@Z
?GetObject@Provider@@MEAAJPEAVCInstance@@J@Z
?GetObject@Provider@@MEAAJPEAVCInstance@@JAEAVCFrameworkQuery@@@Z
?GetObjectAsync@CWbemProviderGlue@@UEAAJQEAGJPEAUIWbemContext@@PEAUIWbemObjectSink@@@Z
?GetParentNamespacePart@ParsedObjectPath@@QEAAPEAGXZ
?GetPlatform@CWbemProviderGlue@@SAKXZ
?GetPropertyBitMask@CFrameworkQueryEx@@QEAAXAEBVCHPtrArray@@PEAX@Z
?GetProviderGlue@MethodContext@@AEAAPEAVCWbemProviderGlue@@XZ
?GetProviderName@Provider@@IEAAAEBVCHString@@XZ
?GetQuery@CFrameworkQuery@@QEAAAEBVCHString@@XZ
?GetQueryClassName@CFrameworkQuery@@QEAAPEAGXZ
?GetRelativePath@CObjectPathParser@@SAPEAGPEAG@Z
?GetRequiredProperties@CFrameworkQuery@@QEAAXAEAVCHStringArray@@@Z
?GetSYSTEMTIME@WBEMTime@@QEBAHPEAU_SYSTEMTIME@@@Z
?GetSize@CHPtrArray@@QEBAHXZ
?GetSize@CHStringArray@@QEBAHXZ
?GetStatus@CInstance@@QEBA_NPEBGAEA_NAEAG@Z
?GetStatusObject@CWbemProviderGlue@@CAPEAUIWbemClassObject@@PEAVMethodContext@@PEBG@Z
?GetStatusObject@MethodContext@@QEAAPEAUIWbemClassObject@@XZ
?GetStringArray@CInstance@@QEBA_NPEBGAEAPEAUtagSAFEARRAY@@@Z
?GetStructtm@WBEMTime@@QEBAHPEAUtm@@@Z
?GetTime@WBEMTime@@QEBA_KXZ
?GetTime@WBEMTimeSpan@@QEBA_KXZ
?GetTimeSpan@CInstance@@QEBA_NPEBGAEAVWBEMTimeSpan@@@Z
?GetUpperBound@CHPtrArray@@QEBAHXZ
?GetUpperBound@CHStringArray@@QEBAHXZ
?GetValueCount@CRegistry@@QEAAKXZ
?GetValuesForProp@CFrameworkQuery@@QEAAJPEBGAEAV?$vector@V_bstr_t@@V?$allocator@V_bstr_t@@@std@@@std@@@Z
?GetValuesForProp@CFrameworkQuery@@QEAAJPEBGAEAVCHStringArray@@@Z
?GetValuesForProp@CFrameworkQueryEx@@QEAAJPEBGAEAV?$vector@HV?$allocator@H@std@@@std@@@Z
?GetValuesForProp@CFrameworkQueryEx@@QEAAJPEBGAEAV?$vector@V_variant_t@@V?$allocator@V_variant_t@@@std@@@std@@@Z
?GetVariant@CInstance@@QEBA_NPEBGAEAUtagVARIANT@@@Z
?GetWBEMINT16@CInstance@@QEBA_NPEBGAEAF@Z
?GetWBEMINT64@CInstance@@QEBA_NPEBGAEAVCHString@@@Z
?GetWBEMINT64@CInstance@@QEBA_NPEBGAEA_J@Z
?GetWBEMINT64@CInstance@@QEBA_NPEBGAEA_K@Z
?GetWCHAR@CInstance@@QEBA_NPEBGPEAPEAG@Z
?GetWORD@CInstance@@QEBA_NPEBGAEAG@Z
?Getbool@CInstance@@QEBA_NPEBGAEA_N@Z
?GethKey@CRegistry@@QEAAPEAUHKEY__@@XZ
?Gettime_t@WBEMTime@@QEBAHPEA_J@Z
?Gettime_t@WBEMTimeSpan@@QEBAHPEA_J@Z
?IncrementMapCount@CWbemProviderGlue@@KAJPEAJ@Z
?IncrementMapCount@CWbemProviderGlue@@KAJPEBVCWbemGlueFactory@@@Z
?IncrementObjectCount@CWbemProviderGlue@@SAXXZ
?Init2@CFrameworkQuery@@QEAAXPEAUIWbemClassObject@@@Z
?Init@CFrameworkQuery@@QEAAJPEAUParsedObjectPath@@PEAUIWbemContext@@PEBGAEAVCHString@@@Z
?Init@CFrameworkQuery@@QEAAJQEAG0JAEAVCHString@@@Z
?Init@CHString@@IEAAXXZ
?Init@CWbemProviderGlue@@CAXXZ
?InitComputerName@Provider@@CAXXZ
?InitEx@CFrameworkQueryEx@@UEAAJQEAG0JAEAVCHString@@@Z
?Initialize@CWbemProviderGlue@@UEAAJPEAGJ00PEAUIWbemServices@@PEAUIWbemContext@@PEAUIWbemProviderInitSink@@@Z
?InsertAt@CHPtrArray@@QEAAXHPEAV1@@Z
?InsertAt@CHPtrArray@@QEAAXHPEAXH@Z
?InsertAt@CHStringArray@@QEAAXHPEAV1@@Z
?InsertAt@CHStringArray@@QEAAXHPEBGH@Z
?InternalGetNamespaceConnection@CWbemProviderGlue@@AEAAPEAUIWbemServices@@PEBG@Z
?Is3TokenOR@CFrameworkQueryEx@@QEAAHPEBG0AEAUtagVARIANT@@1@Z
?IsClass@ParsedObjectPath@@QEAAHXZ
?IsDerivedFrom@CWbemProviderGlue@@SA_NPEBG0PEAVMethodContext@@0@Z
?IsEmpty@CHString@@QEBAHXZ
?IsExtended@CFrameworkQueryEx@@UEAA_NXZ
?IsInList@CFrameworkQuery@@IEAAKAEBVCHStringArray@@PEBG@Z
?IsInstance@ParsedObjectPath@@QEAAHXZ
?IsLocal@ParsedObjectPath@@QEAAHPEBG@Z
?IsLoggingOn@ProviderLog@@QEAA?AW4LogLevel@1@PEAVCHString@@@Z
?IsNTokenAnd@CFrameworkQueryEx@@QEAAHAEAVCHStringArray@@AEAVCHPtrArray@@@Z
?IsNull@CInstance@@QEBA_NPEBG@Z
?IsObject@ParsedObjectPath@@QEAAHXZ
?IsOk@WBEMTime@@QEBA_NXZ
?IsOk@WBEMTimeSpan@@QEBA_NXZ
?IsPropertyRequired@CFrameworkQuery@@QEAA_NPEBG@Z
?IsReference@CFrameworkQuery@@IEAAHPEBG@Z
?IsRelative@ParsedObjectPath@@QEAAHPEBG0@Z
?KeysOnly@CFrameworkQuery@@QEAA_NXZ
?Left@CHString@@QEBA?AV1@H@Z
?LoadStringW@CHString@@IEAAHIPEAGI@Z
?LoadStringW@CHString@@QEAAHI@Z
?LocalLogMessage@ProviderLog@@QEAAXPEBG0HW4LogLevel@1@@Z
?LocalLogMessage@ProviderLog@@QEAAXPEBGHW4LogLevel@1@0ZZ
?LocateKeyByNameOrValueName@CRegistrySearch@@QEAAHPEAUHKEY__@@PEBG1PEAPEBGKAEAVCHString@@3@Z
?Lock@CThreadBase@@AEAAXXZ
?LockBuffer@CHString@@QEAAPEAGXZ
?LockFactoryMap@CWbemProviderGlue@@CAXXZ
?LockProviderMap@CWbemProviderGlue@@CAXXZ
?LockServer@CWbemGlueFactory@@UEAAJH@Z
?LogError@CInstance@@IEBAXPEBG00J@Z
?MakeLocalPath@Provider@@IEAA?AVCHString@@AEBV2@@Z
?MakeLower@CHString@@QEAAXXZ
?MakeReverse@CHString@@QEAAXXZ
?MakeUpper@CHString@@QEAAXXZ
?Mid@CHString@@QEBA?AV1@H@Z
?Mid@CHString@@QEBA?AV1@HH@Z
?MsgWndProc@CWinMsgEvent@@CA_JPEAUHWND__@@I_K_J@Z
?NextSubKey@CRegistry@@QEAAKXZ
?NextToken@CObjectPathParser@@AEAAHXZ
?NormalizePath@@YAKPEBG00KAEAVCHString@@@Z
?NullOutUnsetProperties@CWbemProviderGlue@@AEAAJPEAUIWbemClassObject@@PEAPEAU2@AEBUtagVARIANT@@@Z
?OnFinalRelease@CThreadBase@@MEAAXXZ
?Open@CRegistry@@QEAAJPEAUHKEY__@@PEBGK@Z
?OpenAndEnumerateSubKeys@CRegistry@@QEAAJPEAUHKEY__@@PEBGK@Z
?OpenCurrentUser@CRegistry@@QEAAKPEBGK@Z
?OpenLocalMachineKeyAndReadValue@CRegistry@@QEAAJPEBG0AEAVCHString@@@Z
?OpenNamespace@CWbemProviderGlue@@UEAAJQEAGJPEAUIWbemContext@@PEAPEAUIWbemServices@@PEAPEAUIWbemCallResult@@@Z
?OpenSubKey@CRegistry@@AEAAKXZ
?Parse@CObjectPathParser@@QEAAHPEBGPEAPEAUParsedObjectPath@@@Z
?PreProcessPutInstanceParms@CWbemProviderGlue@@AEAAJPEAUIWbemClassObject@@PEAPEAU2@PEAUIWbemContext@@@Z
?PrepareToReOpen@CRegistry@@AEAAXXZ
?PutClass@CWbemProviderGlue@@UEAAJPEAUIWbemClassObject@@JPEAUIWbemContext@@PEAPEAUIWbemCallResult@@@Z
?PutClassAsync@CWbemProviderGlue@@UEAAJPEAUIWbemClassObject@@JPEAUIWbemContext@@PEAUIWbemObjectSink@@@Z
?PutInstance@CWbemProviderGlue@@UEAAJPEAUIWbemClassObject@@JPEAUIWbemContext@@PEAPEAUIWbemCallResult@@@Z
?PutInstance@Provider@@AEAAJPEAUIWbemClassObject@@JPEAVMethodContext@@@Z
?PutInstance@Provider@@MEAAJAEBVCInstance@@J@Z
?PutInstanceAsync@CWbemProviderGlue@@UEAAJPEAUIWbemClassObject@@JPEAUIWbemContext@@PEAUIWbemObjectSink@@@Z
?QueryInterface@CWbemGlueFactory@@UEAAJAEBU_GUID@@PEAPEAX@Z
?QueryInterface@CWbemProviderGlue@@UEAAJAEBU_GUID@@PEAPEAX@Z
?QueryObjectSink@CWbemProviderGlue@@UEAAJJPEAPEAUIWbemObjectSink@@@Z
?QueryPostProcess@MethodContext@@UEAAXXZ
?RegisterForMessage@CWinMsgEvent@@IEAAXIH@Z
?Release@CHString@@QEAAXXZ
?Release@CHString@@SAXPEAUCHStringData@@@Z
?Release@CInstance@@QEAAJXZ
?Release@CThreadBase@@QEAAJXZ
?Release@CWbemGlueFactory@@UEAAKXZ
?Release@CWbemProviderGlue@@UEAAKXZ
?Release@MethodContext@@QEAAJXZ
?ReleaseBuffer@CHString@@QEAAXH@Z
?RemoveAll@CHPtrArray@@QEAAXXZ
?RemoveAll@CHStringArray@@QEAAXXZ
?RemoveAt@CHPtrArray@@QEAAXHH@Z
?RemoveAt@CHStringArray@@QEAAXHH@Z
?RemoveFromFactoryMap@CWbemProviderGlue@@KAXPEBVCWbemGlueFactory@@@Z
?Reset@CFrameworkQuery@@AEAAXXZ
?ReverseFind@CHString@@QEBAHG@Z
?RewindSubKeys@CRegistry@@QEAAXXZ
?Right@CHString@@QEBA?AV1@H@Z
?SafeStrlen@CHString@@KAHPEBG@Z
?SearchAndBuildList@CRegistrySearch@@QEAAHVCHString@@AEAVCHPtrArray@@00HPEAUHKEY__@@@Z
?SearchMapForProvider@CWbemProviderGlue@@CAPEAVProvider@@PEBG0@Z
?SetAt@CHPtrArray@@QEAAXHPEAX@Z
?SetAt@CHString@@QEAAXHG@Z
?SetAt@CHStringArray@@QEAAXHPEBG@Z
?SetAtGrow@CHPtrArray@@QEAAXHPEAX@Z
?SetAtGrow@CHStringArray@@QEAAXHPEBG@Z
?SetByte@CInstance@@QEAA_NPEBGE@Z
?SetCHString@CInstance@@QEAA_NPEBG0@Z
?SetCHString@CInstance@@QEAA_NPEBGAEBVCHString@@@Z

Sections

.text
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
framedynos.dll
.dll windows:10 windows x64 arch:x64

7194401a59d515830daa2118cc1d831d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

framedynos.pdb

Imports

msvcrt

wcsspn
iswdigit
wcspbrk
wcsrchr
wcsstr
_wcslwr
_wcsrev
wcscspn
swscanf_s
swscanf
_amsg_exit
_initterm
_vsnwprintf
wcschr
_wtoi
_wcstoui64
_ui64tow_s
_i64tow_s
_XcptFilter
malloc
_wcsupr
iswspace
_wrename
_vsnprintf
_wunlink
memmove
memcpy
_CxxThrowException
_wtoi64
sscanf_s
__C_specific_handler
?terminate@@YAXXZ
?what@exception@@UEBAPEBDXZ
free
??0exception@@QEAA@AEBQEBD@Z
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
_wtol
??1exception@@UEAA@XZ
wcscoll
_onexit
__CxxFrameHandler3
??0exception@@QEAA@AEBV0@@Z
memset
??0exception@@QEAA@AEBQEBDH@Z
_purecall
_wcsicmp
atol
memcmp
wcscmp

api-ms-win-core-synch-l1-1-0

OpenMutexW
ReleaseMutex
SetEvent
CreateMutexW
LeaveCriticalSection
InitializeCriticalSectionEx
InitializeCriticalSection
EnterCriticalSection
WaitForSingleObject
CreateEventW
DeleteCriticalSection

api-ms-win-core-processthreads-l1-1-0

ExitProcess
GetCurrentProcessId
GetCurrentThread
OpenThreadToken
OpenProcessToken
GetCurrentProcess
GetCurrentThreadId
CreateThread
TerminateProcess

api-ms-win-security-base-l1-1-0

GetLengthSid
GetTokenInformation
ImpersonateSelf
ImpersonateLoggedOnUser
InitializeAcl
AddAccessAllowedAceEx
RevertToSelf

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetLocalTime
GetVersionExA
GetTickCount64
GetTickCount
GetSystemTimeAsFileTime
GetComputerNameExW

api-ms-win-core-file-l1-1-0

GetFileSizeEx
CreateFileW
SetFilePointer
WriteFile
CompareFileTime
FileTimeToLocalFileTime

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoLockObjectExternal
StringFromGUID2
CoGetCallContext

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryExA

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

sspicli

GetUserNameExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-localization-l1-2-0

LCMapStringW
FormatMessageW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToFileTime

api-ms-win-core-registry-l1-1-0

RegDeleteKeyExW
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegOpenCurrentUser
RegEnumValueW
RegSetValueExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

??0CAutoEvent@@QEAA@XZ
??0CFrameworkQuery@@QEAA@AEBV0@@Z
??0CFrameworkQuery@@QEAA@XZ
??0CFrameworkQueryEx@@QEAA@AEBV0@@Z
??0CFrameworkQueryEx@@QEAA@XZ
??0CHPtrArray@@QEAA@XZ
??0CHString@@QEAA@AEBV0@@Z
??0CHString@@QEAA@GH@Z
??0CHString@@QEAA@PEBD@Z
??0CHString@@QEAA@PEBE@Z
??0CHString@@QEAA@PEBG@Z
??0CHString@@QEAA@PEBGH@Z
??0CHString@@QEAA@XZ
??0CHStringArray@@QEAA@XZ
??0CInstance@@QEAA@AEBV0@@Z
??0CInstance@@QEAA@PEAUIWbemClassObject@@PEAVMethodContext@@@Z
??0CObjectPathParser@@QEAA@W4ObjectParserFlags@@@Z
??0CRegistry@@QEAA@AEBV0@@Z
??0CRegistry@@QEAA@XZ
??0CRegistrySearch@@QEAA@AEBV0@@Z
??0CRegistrySearch@@QEAA@XZ
??0CThreadBase@@QEAA@AEBV0@@Z
??0CThreadBase@@QEAA@W4THREAD_SAFETY_MECHANISM@0@@Z
??0CWbemGlueFactory@@QEAA@AEBV0@@Z
??0CWbemGlueFactory@@QEAA@PEAJ@Z
??0CWbemGlueFactory@@QEAA@XZ
??0CWbemProviderGlue@@QEAA@AEBV0@@Z
??0CWbemProviderGlue@@QEAA@PEAJ@Z
??0CWbemProviderGlue@@QEAA@XZ
??0CWinMsgEvent@@QEAA@AEBV0@@Z
??0CWinMsgEvent@@QEAA@XZ
??0CreateMutexAsProcess@@QEAA@PEBG@Z
??0KeyRef@@QEAA@PEBGPEBUtagVARIANT@@@Z
??0KeyRef@@QEAA@XZ
??0MethodContext@@QEAA@AEBV0@@Z
??0MethodContext@@QEAA@PEAUIWbemContext@@PEAVCWbemProviderGlue@@@Z
??0ParsedObjectPath@@QEAA@XZ
??0Provider@@QEAA@AEBV0@@Z
??0Provider@@QEAA@PEBG0@Z
??0ProviderLog@@QEAA@AEBV0@@Z
??0ProviderLog@@QEAA@XZ
??0WBEMTime@@QEAA@AEBU_FILETIME@@@Z
??0WBEMTime@@QEAA@AEBU_SYSTEMTIME@@@Z
??0WBEMTime@@QEAA@AEBUtm@@@Z
??0WBEMTime@@QEAA@AEB_J@Z
??0WBEMTime@@QEAA@QEAG@Z
??0WBEMTime@@QEAA@XZ
??0WBEMTimeSpan@@QEAA@AEBU_FILETIME@@@Z
??0WBEMTimeSpan@@QEAA@AEB_J@Z
??0WBEMTimeSpan@@QEAA@HHHHHHH@Z
??0WBEMTimeSpan@@QEAA@QEAG@Z
??0WBEMTimeSpan@@QEAA@XZ
??1CAutoEvent@@QEAA@XZ
??1CFrameworkQuery@@QEAA@XZ
??1CFrameworkQueryEx@@QEAA@XZ
??1CHPtrArray@@QEAA@XZ
??1CHString@@QEAA@XZ
??1CHStringArray@@QEAA@XZ
??1CInstance@@UEAA@XZ
??1CObjectPathParser@@QEAA@XZ
??1CRegistry@@QEAA@XZ
??1CRegistrySearch@@QEAA@XZ
??1CThreadBase@@UEAA@XZ
??1CWbemGlueFactory@@QEAA@XZ
??1CWbemProviderGlue@@QEAA@XZ
??1CWinMsgEvent@@QEAA@XZ
??1CreateMutexAsProcess@@QEAA@XZ
??1KeyRef@@QEAA@XZ
??1MethodContext@@UEAA@XZ
??1ParsedObjectPath@@QEAA@XZ
??1Provider@@UEAA@XZ
??1ProviderLog@@UEAA@XZ
??4CAutoEvent@@QEAAAEAV0@AEBV0@@Z
??4CFrameworkQuery@@QEAAAEAV0@AEBV0@@Z
??4CFrameworkQueryEx@@QEAAAEAV0@AEBV0@@Z
??4CHPtrArray@@QEAAAEAV0@AEBV0@@Z
??4CHString@@QEAAAEBV0@AEBV0@@Z
??4CHString@@QEAAAEBV0@D@Z
??4CHString@@QEAAAEBV0@G@Z
??4CHString@@QEAAAEBV0@PEAV0@@Z
??4CHString@@QEAAAEBV0@PEBD@Z
??4CHString@@QEAAAEBV0@PEBE@Z
??4CHString@@QEAAAEBV0@PEBG@Z
??4CHStringArray@@QEAAAEAV0@AEBV0@@Z
??4CInstance@@QEAAAEAV0@AEBV0@@Z
??4CObjectPathParser@@QEAAAEAV0@AEBV0@@Z
??4CRegistry@@QEAAAEAV0@AEBV0@@Z
??4CRegistrySearch@@QEAAAEAV0@AEBV0@@Z
??4CThreadBase@@QEAAAEAV0@AEBV0@@Z
??4CWbemGlueFactory@@QEAAAEAV0@AEBV0@@Z
??4CWbemProviderGlue@@QEAAAEAV0@AEBV0@@Z
??4CWinMsgEvent@@QEAAAEAV0@AEBV0@@Z
??4CreateMutexAsProcess@@QEAAAEAV0@AEBV0@@Z
??4KeyRef@@QEAAAEAU0@AEBU0@@Z
??4MethodContext@@QEAAAEAV0@AEBV0@@Z
??4ParsedObjectPath@@QEAAAEAU0@AEBU0@@Z
??4Provider@@QEAAAEAV0@AEBV0@@Z
??4ProviderLog@@QEAAAEAV0@AEBV0@@Z
??4WBEMTime@@QEAAAEAV0@$$QEAV0@@Z
??4WBEMTime@@QEAAAEAV0@AEBV0@@Z
??4WBEMTime@@QEAAAEBV0@AEBU_FILETIME@@@Z
??4WBEMTime@@QEAAAEBV0@AEBU_SYSTEMTIME@@@Z
??4WBEMTime@@QEAAAEBV0@AEBUtm@@@Z
??4WBEMTime@@QEAAAEBV0@AEB_J@Z
??4WBEMTime@@QEAAAEBV0@QEAG@Z
??4WBEMTimeSpan@@QEAAAEAV0@$$QEAV0@@Z
??4WBEMTimeSpan@@QEAAAEAV0@AEBV0@@Z
??4WBEMTimeSpan@@QEAAAEBV0@AEBU_FILETIME@@@Z
??4WBEMTimeSpan@@QEAAAEBV0@AEB_J@Z
??4WBEMTimeSpan@@QEAAAEBV0@QEAG@Z
??8WBEMTime@@QEBAHAEBV0@@Z
??8WBEMTimeSpan@@QEBAHAEBV0@@Z
??9WBEMTime@@QEBAHAEBV0@@Z
??9WBEMTimeSpan@@QEBAHAEBV0@@Z
??ACHPtrArray@@QEAAAEAPEAXH@Z
??ACHPtrArray@@QEBAPEAXH@Z
??ACHString@@QEBAGH@Z
??ACHStringArray@@QEAAAEAVCHString@@H@Z
??ACHStringArray@@QEBA?AVCHString@@H@Z
??BCHString@@QEBAPEBGXZ
??GWBEMTime@@QEAA?AVWBEMTimeSpan@@AEBV0@@Z
??GWBEMTime@@QEBA?AV0@AEBVWBEMTimeSpan@@@Z
??GWBEMTimeSpan@@QEBA?AV0@AEBV0@@Z
??H@YA?AVCHString@@AEBV0@0@Z
??H@YA?AVCHString@@AEBV0@G@Z
??H@YA?AVCHString@@AEBV0@PEBG@Z
??H@YA?AVCHString@@GAEBV0@@Z
??H@YA?AVCHString@@PEBGAEBV0@@Z
??HWBEMTime@@QEBA?AV0@AEBVWBEMTimeSpan@@@Z
??HWBEMTimeSpan@@QEBA?AV0@AEBV0@@Z
??MWBEMTime@@QEBAHAEBV0@@Z
??MWBEMTimeSpan@@QEBAHAEBV0@@Z
??NWBEMTime@@QEBAHAEBV0@@Z
??NWBEMTimeSpan@@QEBAHAEBV0@@Z
??OWBEMTime@@QEBAHAEBV0@@Z
??OWBEMTimeSpan@@QEBAHAEBV0@@Z
??PWBEMTime@@QEBAHAEBV0@@Z
??PWBEMTimeSpan@@QEBAHAEBV0@@Z
??YCHString@@QEAAAEBV0@AEBV0@@Z
??YCHString@@QEAAAEBV0@D@Z
??YCHString@@QEAAAEBV0@G@Z
??YCHString@@QEAAAEBV0@PEBG@Z
??YWBEMTime@@QEAAAEBV0@AEBVWBEMTimeSpan@@@Z
??YWBEMTimeSpan@@QEAAAEBV0@AEBV0@@Z
??ZWBEMTime@@QEAAAEBV0@AEBVWBEMTimeSpan@@@Z
??ZWBEMTimeSpan@@QEAAAEBV0@AEBV0@@Z
??_7CFrameworkQueryEx@@6B@
??_7CInstance@@6B@
??_7CThreadBase@@6B@
??_7CWbemGlueFactory@@6B@
??_7CWbemProviderGlue@@6BIWbemProviderInit@@@
??_7CWbemProviderGlue@@6BIWbemServices@@@
??_7CWinMsgEvent@@6B@
??_7MethodContext@@6B@
??_7Provider@@6B@
??_7ProviderLog@@6B@
??_FCObjectPathParser@@QEAAXXZ
??_FCThreadBase@@QEAAXXZ
?Add@CHPtrArray@@QEAAHPEAX@Z
?Add@CHStringArray@@QEAAHPEBG@Z
?AddFlushPtr@CWbemProviderGlue@@AEAAXPEAX@Z
?AddKeyRef@ParsedObjectPath@@QEAAHPEAUKeyRef@@@Z
?AddKeyRef@ParsedObjectPath@@QEAAHPEBGPEBUtagVARIANT@@@Z
?AddKeyRefEx@ParsedObjectPath@@QEAAHPEBGPEBUtagVARIANT@@@Z
?AddNamespace@ParsedObjectPath@@QEAAHPEBG@Z
?AddProviderToMap@CWbemProviderGlue@@CAPEAVProvider@@PEBG0PEAV2@@Z
?AddRef@CInstance@@QEAAJXZ
?AddRef@CThreadBase@@QEAAJXZ
?AddRef@CWbemGlueFactory@@UEAAKXZ
?AddRef@CWbemProviderGlue@@UEAAKXZ
?AddRef@MethodContext@@QEAAJXZ
?AddToFactoryMap@CWbemProviderGlue@@KAXPEBVCWbemGlueFactory@@PEAJ@Z
?AllPropertiesAreRequired@CFrameworkQuery@@QEAA_NXZ
?AllocBeforeWrite@CHString@@IEAAXH@Z
?AllocBuffer@CHString@@IEAAXH@Z
?AllocCopy@CHString@@IEBAXAEAV1@HHH@Z
?AllocSysString@CHString@@QEBAPEAGXZ
?Append@CHPtrArray@@QEAAHAEBV1@@Z
?Append@CHStringArray@@QEAAHAEBV1@@Z
?AssignCopy@CHString@@IEAAXHPEBG@Z
?BeginRead@CThreadBase@@QEAAHK@Z
?BeginWrite@CThreadBase@@QEAAHK@Z
?CancelAsyncCall@CWbemProviderGlue@@UEAAJPEAUIWbemObjectSink@@@Z
?CancelAsyncRequest@CWbemProviderGlue@@UEAAJJ@Z
?CheckAndAddToList@CRegistrySearch@@AEAAXPEAVCRegistry@@VCHString@@1AEAVCHPtrArray@@11H@Z
?CheckFileSize@ProviderLog@@AEAAXAEAT_LARGE_INTEGER@@AEBVCHString@@@Z
?CheckImpersonationLevel@CWbemProviderGlue@@CAJXZ
?Clear@WBEMTime@@QEAAXXZ
?Clear@WBEMTimeSpan@@QEAAXXZ
?ClearKeys@ParsedObjectPath@@QEAAXXZ
?Close@CRegistry@@QEAAXXZ
?CloseSubKey@CRegistry@@AEAAXXZ
?Collate@CHString@@QEBAHPEBG@Z
?Commit@CInstance@@QEAAJXZ
?Commit@Provider@@IEAAJPEAVCInstance@@_N@Z
?Compare@CHString@@QEBAHPEBG@Z
?CompareNoCase@CHString@@QEBAHPEBG@Z
?ConcatCopy@CHString@@IEAAXHPEBGH0@Z
?ConcatInPlace@CHString@@IEAAXHPEBG@Z
?Copy@CHPtrArray@@QEAAXAEBV1@@Z
?Copy@CHStringArray@@QEAAXAEBV1@@Z
?CopyBeforeWrite@CHString@@IEAAXXZ
?Create@CWbemGlueFactory@@SAPEAV1@PEAJ@Z
?Create@CWbemGlueFactory@@SAPEAV1@XZ
?CreateClassEnum@CWbemProviderGlue@@UEAAJQEAGJPEAUIWbemContext@@PEAPEAUIEnumWbemClassObject@@@Z
?CreateClassEnumAsync@CWbemProviderGlue@@UEAAJQEAGJPEAUIWbemContext@@PEAUIWbemObjectSink@@@Z
?CreateInstance@CWbemGlueFactory@@UEAAJPEAUIUnknown@@AEBU_GUID@@PEAPEAX@Z
?CreateInstanceEnum@CWbemProviderGlue@@UEAAJQEAGJPEAUIWbemContext@@PEAPEAUIEnumWbemClassObject@@@Z
?CreateInstanceEnum@Provider@@AEAAJPEAVMethodContext@@J@Z
?CreateInstanceEnumAsync@CWbemProviderGlue@@UEAAJQEAGJPEAUIWbemContext@@PEAUIWbemObjectSink@@@Z
?CreateMsgProvider@CWinMsgEvent@@CAXXZ
?CreateMsgWindow@CWinMsgEvent@@CAPEAUHWND__@@XZ
?CreateNewInstance@Provider@@IEAAPEAVCInstance@@PEAVMethodContext@@@Z
?CreateOpen@CRegistry@@QEAAJPEAUHKEY__@@PEBGPEAGKKPEAU_SECURITY_ATTRIBUTES@@PEAK@Z
?CtrlHandlerRoutine@CWinMsgEvent@@CAHK@Z
?DecrementMapCount@CWbemProviderGlue@@KAJPEAJ@Z
?DecrementMapCount@CWbemProviderGlue@@KAJPEBVCWbemGlueFactory@@@Z
?DecrementObjectCount@CWbemProviderGlue@@SAJXZ
?DeleteClass@CWbemProviderGlue@@UEAAJQEAGJPEAUIWbemContext@@PEAPEAUIWbemCallResult@@@Z
?DeleteClassAsync@CWbemProviderGlue@@UEAAJQEAGJPEAUIWbemContext@@PEAUIWbemObjectSink@@@Z
?DeleteCurrentKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBG@Z
?DeleteCurrentKeyValue@CRegistry@@QEAAKPEBG@Z
?DeleteInstance@CWbemProviderGlue@@UEAAJQEAGJPEAUIWbemContext@@PEAPEAUIWbemCallResult@@@Z
?DeleteInstance@Provider@@AEAAJPEAUParsedObjectPath@@JPEAVMethodContext@@@Z
?DeleteInstance@Provider@@MEAAJAEBVCInstance@@J@Z
?DeleteInstanceAsync@CWbemProviderGlue@@UEAAJQEAGJPEAUIWbemContext@@PEAUIWbemObjectSink@@@Z
?DeleteKey@CRegistry@@QEAAJPEAVCHString@@@Z
?DeleteValue@CRegistry@@QEAAJPEBG@Z
?Destroy@CWbemGlueFactory@@QEAAXXZ
?DestroyMsgWindow@CWinMsgEvent@@CAXXZ
?ElementAt@CHPtrArray@@QEAAAEAPEAXH@Z
?ElementAt@CHStringArray@@QEAAAEAVCHString@@H@Z
?Empty@CHString@@QEAAXXZ
?Empty@CObjectPathParser@@AEAAXXZ
?EndRead@CThreadBase@@QEAAXXZ
?EndWrite@CThreadBase@@QEAAXXZ
?EnumerateAndGetValues@CRegistry@@QEAAJAEAKAEAPEAGAEAPEAE@Z
?EnumerateInstances@Provider@@MEAAJPEAVMethodContext@@J@Z
?ExecMethod@CWbemProviderGlue@@UEAAJQEAG0JPEAUIWbemContext@@PEAUIWbemClassObject@@PEAPEAU3@PEAPEAUIWbemCallResult@@@Z
?ExecMethod@Provider@@AEAAJPEAUParsedObjectPath@@PEAGJPEAVCInstance@@2PEAVMethodContext@@@Z
?ExecMethod@Provider@@MEAAJAEBVCInstance@@QEAGPEAV2@2J@Z
?ExecMethodAsync@CWbemProviderGlue@@UEAAJQEAG0JPEAUIWbemContext@@PEAUIWbemClassObject@@PEAUIWbemObjectSink@@@Z
?ExecNotificationQuery@CWbemProviderGlue@@UEAAJQEAG0JPEAUIWbemContext@@PEAPEAUIEnumWbemClassObject@@@Z
?ExecNotificationQueryAsync@CWbemProviderGlue@@UEAAJQEAG0JPEAUIWbemContext@@PEAUIWbemObjectSink@@@Z
?ExecQuery@CWbemProviderGlue@@UEAAJQEAG0JPEAUIWbemContext@@PEAPEAUIEnumWbemClassObject@@@Z
?ExecQuery@Provider@@MEAAJPEAVMethodContext@@AEAVCFrameworkQuery@@J@Z
?ExecQueryAsync@CWbemProviderGlue@@UEAAJQEAG0JPEAUIWbemContext@@PEAUIWbemObjectSink@@@Z
?ExecuteQuery@Provider@@AEAAJPEAVMethodContext@@AEAVCFrameworkQuery@@J@Z
?FillInstance@CWbemProviderGlue@@SAJPEAVCInstance@@PEBG@Z
?FillInstance@CWbemProviderGlue@@SAJPEAVMethodContext@@PEAVCInstance@@@Z
?Find@CHString@@QEBAHG@Z
?Find@CHString@@QEBAHPEBG@Z
?FindOneOf@CHString@@QEBAHPEBG@Z
?Flush@Provider@@MEAAXXZ
?FlushAll@CWbemProviderGlue@@AEAAXXZ
?Format@CHString@@QEAAXIZZ
?Format@CHString@@QEAAXPEBGZZ
?FormatMessageW@CHString@@QEAAXIZZ
?FormatMessageW@CHString@@QEAAXPEBGZZ
?FormatV@CHString@@QEAAXPEBGPEAD@Z
?FrameworkLogin@CWbemProviderGlue@@SAXPEBGPEAVProvider@@0@Z
?FrameworkLoginDLL@CWbemProviderGlue@@SAHPEBG@Z
?FrameworkLoginDLL@CWbemProviderGlue@@SAHPEBGPEAJ@Z
?FrameworkLogoff@CWbemProviderGlue@@SAXPEBG0@Z
?FrameworkLogoffDLL@CWbemProviderGlue@@SAHPEBG@Z
?FrameworkLogoffDLL@CWbemProviderGlue@@SAHPEBGPEAJ@Z
?Free@CObjectPathParser@@QEAAXPEAUParsedObjectPath@@@Z
?FreeExtra@CHPtrArray@@QEAAXXZ
?FreeExtra@CHString@@QEAAXXZ
?FreeExtra@CHStringArray@@QEAAXXZ
?FreeSearchList@CRegistrySearch@@QEAAHHAEAVCHPtrArray@@@Z
?GetAllDerivedInstances@CWbemProviderGlue@@SAJPEBGPEAV?$TRefPointerCollection@VCInstance@@@@PEAVMethodContext@@0@Z
?GetAllDerivedInstancesAsynch@CWbemProviderGlue@@SAJPEBGPEAVProvider@@P6AJ1PEAVCInstance@@PEAVMethodContext@@PEAX@Z034@Z
?GetAllInstances@CWbemProviderGlue@@SAJPEBGPEAV?$TRefPointerCollection@VCInstance@@@@0PEAVMethodContext@@@Z
?GetAllInstancesAsynch@CWbemProviderGlue@@SAJPEBGPEAVProvider@@P6AJ1PEAVCInstance@@PEAVMethodContext@@PEAX@Z034@Z
?GetAllocLength@CHString@@QEBAHXZ
?GetAt@CHPtrArray@@QEBAPEAXH@Z
?GetAt@CHString@@QEBAGH@Z
?GetAt@CHStringArray@@QEBA?AVCHString@@H@Z
?GetBSTR@WBEMTime@@QEBAPEAGXZ
?GetBSTR@WBEMTimeSpan@@QEBAPEAGXZ
?GetBuffer@CHString@@QEAAPEAGH@Z
?GetBufferSetLength@CHString@@QEAAPEAGH@Z
?GetByte@CInstance@@QEBA_NPEBGAEAE@Z
?GetCHString@CInstance@@QEBA_NPEBGAEAVCHString@@@Z
?GetCSDVersion@CWbemProviderGlue@@SAPEBGXZ
?GetClassNameW@CRegistry@@QEAAPEAGXZ
?GetClassObjectInterface@CInstance@@QEAAPEAUIWbemClassObject@@XZ
?GetClassObjectInterface@Provider@@AEAAPEAUIWbemClassObject@@PEAVMethodContext@@@Z
?GetComputerNameW@CWbemProviderGlue@@CAXAEAVCHString@@@Z
?GetCurrentBinaryKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBGPEAEPEAK@Z
?GetCurrentBinaryKeyValue@CRegistry@@QEAAKPEBGAEAVCHString@@@Z
?GetCurrentBinaryKeyValue@CRegistry@@QEAAKPEBGPEAEPEAK@Z
?GetCurrentKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBGAEAK@Z
?GetCurrentKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBGAEAVCHString@@@Z
?GetCurrentKeyValue@CRegistry@@QEAAKPEAUHKEY__@@PEBGAEAVCHStringArray@@@Z
?GetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAK@Z
?GetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAVCHString@@@Z
?GetCurrentKeyValue@CRegistry@@QEAAKPEBGAEAVCHStringArray@@@Z
?GetCurrentRawKeyValue@CRegistry@@AEAAKPEAUHKEY__@@PEBGPEAXPEAK3@Z
?GetCurrentRawSubKeyValue@CRegistry@@AEAAKPEBGPEAXPEAK2@Z
?GetCurrentSubKeyCount@CRegistry@@QEAAKXZ
?GetCurrentSubKeyName@CRegistry@@QEAAKAEAVCHString@@@Z
?GetCurrentSubKeyPath@CRegistry@@QEAAKAEAVCHString@@@Z
?GetCurrentSubKeyValue@CRegistry@@QEAAKPEBGAEAK@Z
?GetCurrentSubKeyValue@CRegistry@@QEAAKPEBGAEAVCHString@@@Z
?GetCurrentSubKeyValue@CRegistry@@QEAAKPEBGPEAXPEAK@Z
?GetDMTF@WBEMTime@@QEBAPEAGH@Z
?GetDMTFNonNtfs@WBEMTime@@QEBAPEAGXZ
?GetDOUBLE@CInstance@@QEBA_NPEBGAEAN@Z
?GetDWORD@CInstance@@QEBA_NPEBGAEAK@Z
?GetData@CHPtrArray@@QEAAPEAPEAXXZ
?GetData@CHPtrArray@@QEBAPEAPEBXXZ
?GetData@CHString@@IEBAPEAUCHStringData@@XZ
?GetData@CHStringArray@@QEAAPEAVCHString@@XZ
?GetData@CHStringArray@@QEBAPEBVCHString@@XZ
?GetDateTime@CInstance@@QEBA_NPEBGAEAVWBEMTime@@@Z
?GetEmbeddedObject@CInstance@@QEBA_NPEBGPEAPEAV1@PEAVMethodContext@@@Z
?GetEmptyInstance@CWbemProviderGlue@@SAJPEAVMethodContext@@PEBGPEAPEAVCInstance@@1@Z
?GetEmptyInstance@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@0@Z
?GetFILETIME@WBEMTime@@QEBAHPEAU_FILETIME@@@Z
?GetFILETIME@WBEMTimeSpan@@QEBAHPEAU_FILETIME@@@Z
?GetIWBEMContext@MethodContext@@UEAAPEAUIWbemContext@@XZ
?GetInstanceByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@@Z
?GetInstanceFromCIMOM@CWbemProviderGlue@@CAJPEBG0PEAVMethodContext@@PEAPEAVCInstance@@@Z
?GetInstanceKeysByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@@Z
?GetInstancePropertiesByPath@CWbemProviderGlue@@SAJPEBGPEAPEAVCInstance@@PEAVMethodContext@@AEAVCHStringArray@@@Z
?GetInstancesByQuery@CWbemProviderGlue@@SAJPEBGPEAV?$TRefPointerCollection@VCInstance@@@@PEAVMethodContext@@0@Z
?GetInstancesByQueryAsynch@CWbemProviderGlue@@SAJPEBGPEAVProvider@@P6AJ1PEAVCInstance@@PEAVMethodContext@@PEAX@Z034@Z
?GetKeyString@ParsedObjectPath@@QEAAPEAGXZ
?GetLength@CHString@@QEBAHXZ
?GetLocalComputerName@Provider@@IEAAAEBVCHString@@XZ
?GetLocalInstancePath@Provider@@IEAA_NPEBVCInstance@@AEAVCHString@@@Z
?GetLocalOffsetForDate@WBEMTime@@SAJAEB_J@Z
?GetLocalOffsetForDate@WBEMTime@@SAJPEBU_FILETIME@@@Z
?GetLocalOffsetForDate@WBEMTime@@SAJPEBU_SYSTEMTIME@@@Z
?GetLocalOffsetForDate@WBEMTime@@SAJPEBUtm@@@Z
?GetLongestClassStringSize@CRegistry@@QEAAKXZ
?GetLongestSubKeySize@CRegistry@@QEAAKXZ
?GetLongestValueData@CRegistry@@QEAAKXZ
?GetLongestValueName@CRegistry@@QEAAKXZ
?GetMapCountPtr@CWbemProviderGlue@@KAPEAJPEBVCWbemGlueFactory@@@Z
?GetMethodContext@CInstance@@QEBAPEAVMethodContext@@XZ
?GetNamespace@CFrameworkQuery@@IEAAAEBVCHString@@XZ
?GetNamespace@Provider@@IEAAAEBVCHString@@XZ
?GetNamespaceConnection@CWbemProviderGlue@@SAPEAUIWbemServices@@PEBG@Z
?GetNamespaceConnection@CWbemProviderGlue@@SAPEAUIWbemServices@@PEBGPEAVMethodContext@@@Z
?GetNamespacePart@ParsedObjectPath@@QEAAPEAGXZ
?GetOSMajorVersion@CWbemProviderGlue@@SAKXZ
?GetObject@CWbemProviderGlue@@UEAAJQEAGJPEAUIWbemContext@@PEAPEAUIWbemClassObject@@PEAPEAUIWbemCallResult@@@Z
?GetObject@Provider@@AEAAJPEAUParsedObjectPath@@PEAVMethodContext@@J@Z
?GetObject@Provider@@MEAAJPEAVCInstance@@J@Z
?GetObject@Provider@@MEAAJPEAVCInstance@@JAEAVCFrameworkQuery@@@Z
?GetObjectAsync@CWbemProviderGlue@@UEAAJQEAGJPEAUIWbemContext@@PEAUIWbemObjectSink@@@Z
?GetParentNamespacePart@ParsedObjectPath@@QEAAPEAGXZ
?GetPlatform@CWbemProviderGlue@@SAKXZ
?GetPropertyBitMask@CFrameworkQueryEx@@QEAAXAEBVCHPtrArray@@PEAX@Z
?GetProviderGlue@MethodContext@@AEAAPEAVCWbemProviderGlue@@XZ
?GetProviderName@Provider@@IEAAAEBVCHString@@XZ
?GetQuery@CFrameworkQuery@@QEAAAEBVCHString@@XZ
?GetQueryClassName@CFrameworkQuery@@QEAAPEAGXZ
?GetRelativePath@CObjectPathParser@@SAPEAGPEAG@Z
?GetRequiredProperties@CFrameworkQuery@@QEAAXAEAVCHStringArray@@@Z
?GetSYSTEMTIME@WBEMTime@@QEBAHPEAU_SYSTEMTIME@@@Z
?GetSize@CHPtrArray@@QEBAHXZ
?GetSize@CHStringArray@@QEBAHXZ
?GetStatus@CInstance@@QEBA_NPEBGAEA_NAEAG@Z
?GetStatusObject@CWbemProviderGlue@@CAPEAUIWbemClassObject@@PEAVMethodContext@@PEBG@Z
?GetStatusObject@MethodContext@@QEAAPEAUIWbemClassObject@@XZ
?GetStringArray@CInstance@@QEBA_NPEBGAEAPEAUtagSAFEARRAY@@@Z
?GetStructtm@WBEMTime@@QEBAHPEAUtm@@@Z
?GetTime@WBEMTime@@QEBA_KXZ
?GetTime@WBEMTimeSpan@@QEBA_KXZ
?GetTimeSpan@CInstance@@QEBA_NPEBGAEAVWBEMTimeSpan@@@Z
?GetUpperBound@CHPtrArray@@QEBAHXZ
?GetUpperBound@CHStringArray@@QEBAHXZ
?GetValueCount@CRegistry@@QEAAKXZ
?GetValuesForProp@CFrameworkQuery@@QEAAJPEBGAEAV?$vector@V_bstr_t@@V?$allocator@V_bstr_t@@@std@@@std@@@Z
?GetValuesForProp@CFrameworkQuery@@QEAAJPEBGAEAVCHStringArray@@@Z
?GetValuesForProp@CFrameworkQueryEx@@QEAAJPEBGAEAV?$vector@HV?$allocator@H@std@@@std@@@Z
?GetValuesForProp@CFrameworkQueryEx@@QEAAJPEBGAEAV?$vector@V_variant_t@@V?$allocator@V_variant_t@@@std@@@std@@@Z
?GetVariant@CInstance@@QEBA_NPEBGAEAUtagVARIANT@@@Z
?GetWBEMINT16@CInstance@@QEBA_NPEBGAEAF@Z
?GetWBEMINT64@CInstance@@QEBA_NPEBGAEAVCHString@@@Z
?GetWBEMINT64@CInstance@@QEBA_NPEBGAEA_J@Z
?GetWBEMINT64@CInstance@@QEBA_NPEBGAEA_K@Z
?GetWCHAR@CInstance@@QEBA_NPEBGPEAPEAG@Z
?GetWORD@CInstance@@QEBA_NPEBGAEAG@Z
?Getbool@CInstance@@QEBA_NPEBGAEA_N@Z
?GethKey@CRegistry@@QEAAPEAUHKEY__@@XZ
?Gettime_t@WBEMTime@@QEBAHPEA_J@Z
?Gettime_t@WBEMTimeSpan@@QEBAHPEA_J@Z
?IncrementMapCount@CWbemProviderGlue@@KAJPEAJ@Z
?IncrementMapCount@CWbemProviderGlue@@KAJPEBVCWbemGlueFactory@@@Z
?IncrementObjectCount@CWbemProviderGlue@@SAXXZ
?Init2@CFrameworkQuery@@QEAAXPEAUIWbemClassObject@@@Z
?Init@CFrameworkQuery@@QEAAJPEAUParsedObjectPath@@PEAUIWbemContext@@PEBGAEAVCHString@@@Z
?Init@CFrameworkQuery@@QEAAJQEAG0JAEAVCHString@@@Z
?Init@CHString@@IEAAXXZ
?Init@CWbemProviderGlue@@CAXXZ
?InitComputerName@Provider@@CAXXZ
?InitEx@CFrameworkQueryEx@@UEAAJQEAG0JAEAVCHString@@@Z
?Initialize@CWbemProviderGlue@@UEAAJPEAGJ00PEAUIWbemServices@@PEAUIWbemContext@@PEAUIWbemProviderInitSink@@@Z
?InsertAt@CHPtrArray@@QEAAXHPEAV1@@Z
?InsertAt@CHPtrArray@@QEAAXHPEAXH@Z
?InsertAt@CHStringArray@@QEAAXHPEAV1@@Z
?InsertAt@CHStringArray@@QEAAXHPEBGH@Z
?InternalGetNamespaceConnection@CWbemProviderGlue@@AEAAPEAUIWbemServices@@PEBG@Z
?Is3TokenOR@CFrameworkQueryEx@@QEAAHPEBG0AEAUtagVARIANT@@1@Z
?IsClass@ParsedObjectPath@@QEAAHXZ
?IsDerivedFrom@CWbemProviderGlue@@SA_NPEBG0PEAVMethodContext@@0@Z
?IsEmpty@CHString@@QEBAHXZ
?IsExtended@CFrameworkQueryEx@@UEAA_NXZ
?IsInList@CFrameworkQuery@@IEAAKAEBVCHStringArray@@PEBG@Z
?IsInstance@ParsedObjectPath@@QEAAHXZ
?IsLocal@ParsedObjectPath@@QEAAHPEBG@Z
?IsLoggingOn@ProviderLog@@QEAA?AW4LogLevel@1@PEAVCHString@@@Z
?IsNTokenAnd@CFrameworkQueryEx@@QEAAHAEAVCHStringArray@@AEAVCHPtrArray@@@Z
?IsNull@CInstance@@QEBA_NPEBG@Z
?IsObject@ParsedObjectPath@@QEAAHXZ
?IsOk@WBEMTime@@QEBA_NXZ
?IsOk@WBEMTimeSpan@@QEBA_NXZ
?IsPropertyRequired@CFrameworkQuery@@QEAA_NPEBG@Z
?IsReference@CFrameworkQuery@@IEAAHPEBG@Z
?IsRelative@ParsedObjectPath@@QEAAHPEBG0@Z
?KeysOnly@CFrameworkQuery@@QEAA_NXZ
?Left@CHString@@QEBA?AV1@H@Z
?LoadStringW@CHString@@IEAAHIPEAGI@Z
?LoadStringW@CHString@@QEAAHI@Z
?LocalLogMessage@ProviderLog@@QEAAXPEBG0HW4LogLevel@1@@Z
?LocalLogMessage@ProviderLog@@QEAAXPEBGHW4LogLevel@1@0ZZ
?LocateKeyByNameOrValueName@CRegistrySearch@@QEAAHPEAUHKEY__@@PEBG1PEAPEBGKAEAVCHString@@3@Z
?Lock@CThreadBase@@AEAAXXZ
?LockBuffer@CHString@@QEAAPEAGXZ
?LockFactoryMap@CWbemProviderGlue@@CAXXZ
?LockProviderMap@CWbemProviderGlue@@CAXXZ
?LockServer@CWbemGlueFactory@@UEAAJH@Z
?LogError@CInstance@@IEBAXPEBG00J@Z
?MakeLocalPath@Provider@@IEAA?AVCHString@@AEBV2@@Z
?MakeLower@CHString@@QEAAXXZ
?MakeReverse@CHString@@QEAAXXZ
?MakeUpper@CHString@@QEAAXXZ
?Mid@CHString@@QEBA?AV1@H@Z
?Mid@CHString@@QEBA?AV1@HH@Z
?MsgWndProc@CWinMsgEvent@@CA_JPEAUHWND__@@I_K_J@Z
?NextSubKey@CRegistry@@QEAAKXZ
?NextToken@CObjectPathParser@@AEAAHXZ
?NormalizePath@@YAKPEBG00KAEAVCHString@@@Z
?NullOutUnsetProperties@CWbemProviderGlue@@AEAAJPEAUIWbemClassObject@@PEAPEAU2@AEBUtagVARIANT@@@Z
?OnFinalRelease@CThreadBase@@MEAAXXZ
?Open@CRegistry@@QEAAJPEAUHKEY__@@PEBGK@Z
?OpenAndEnumerateSubKeys@CRegistry@@QEAAJPEAUHKEY__@@PEBGK@Z
?OpenCurrentUser@CRegistry@@QEAAKPEBGK@Z
?OpenLocalMachineKeyAndReadValue@CRegistry@@QEAAJPEBG0AEAVCHString@@@Z
?OpenNamespace@CWbemProviderGlue@@UEAAJQEAGJPEAUIWbemContext@@PEAPEAUIWbemServices@@PEAPEAUIWbemCallResult@@@Z
?OpenSubKey@CRegistry@@AEAAKXZ
?Parse@CObjectPathParser@@QEAAHPEBGPEAPEAUParsedObjectPath@@@Z
?PreProcessPutInstanceParms@CWbemProviderGlue@@AEAAJPEAUIWbemClassObject@@PEAPEAU2@PEAUIWbemContext@@@Z
?PrepareToReOpen@CRegistry@@AEAAXXZ
?PutClass@CWbemProviderGlue@@UEAAJPEAUIWbemClassObject@@JPEAUIWbemContext@@PEAPEAUIWbemCallResult@@@Z
?PutClassAsync@CWbemProviderGlue@@UEAAJPEAUIWbemClassObject@@JPEAUIWbemContext@@PEAUIWbemObjectSink@@@Z
?PutInstance@CWbemProviderGlue@@UEAAJPEAUIWbemClassObject@@JPEAUIWbemContext@@PEAPEAUIWbemCallResult@@@Z
?PutInstance@Provider@@AEAAJPEAUIWbemClassObject@@JPEAVMethodContext@@@Z
?PutInstance@Provider@@MEAAJAEBVCInstance@@J@Z
?PutInstanceAsync@CWbemProviderGlue@@UEAAJPEAUIWbemClassObject@@JPEAUIWbemContext@@PEAUIWbemObjectSink@@@Z
?QueryInterface@CWbemGlueFactory@@UEAAJAEBU_GUID@@PEAPEAX@Z
?QueryInterface@CWbemProviderGlue@@UEAAJAEBU_GUID@@PEAPEAX@Z
?QueryObjectSink@CWbemProviderGlue@@UEAAJJPEAPEAUIWbemObjectSink@@@Z
?QueryPostProcess@MethodContext@@UEAAXXZ
?RegisterForMessage@CWinMsgEvent@@IEAAXIH@Z
?Release@CHString@@QEAAXXZ
?Release@CHString@@SAXPEAUCHStringData@@@Z
?Release@CInstance@@QEAAJXZ
?Release@CThreadBase@@QEAAJXZ
?Release@CWbemGlueFactory@@UEAAKXZ
?Release@CWbemProviderGlue@@UEAAKXZ
?Release@MethodContext@@QEAAJXZ
?ReleaseBuffer@CHString@@QEAAXH@Z
?RemoveAll@CHPtrArray@@QEAAXXZ
?RemoveAll@CHStringArray@@QEAAXXZ
?RemoveAt@CHPtrArray@@QEAAXHH@Z
?RemoveAt@CHStringArray@@QEAAXHH@Z
?RemoveFromFactoryMap@CWbemProviderGlue@@KAXPEBVCWbemGlueFactory@@@Z
?Reset@CFrameworkQuery@@AEAAXXZ
?ReverseFind@CHString@@QEBAHG@Z
?RewindSubKeys@CRegistry@@QEAAXXZ
?Right@CHString@@QEBA?AV1@H@Z
?SafeStrlen@CHString@@KAHPEBG@Z
?SearchAndBuildList@CRegistrySearch@@QEAAHVCHString@@AEAVCHPtrArray@@00HPEAUHKEY__@@@Z
?SearchMapForProvider@CWbemProviderGlue@@CAPEAVProvider@@PEBG0@Z
?SetAt@CHPtrArray@@QEAAXHPEAX@Z
?SetAt@CHString@@QEAAXHG@Z
?SetAt@CHStringArray@@QEAAXHPEBG@Z
?SetAtGrow@CHPtrArray@@QEAAXHPEAX@Z
?SetAtGrow@CHStringArray@@QEAAXHPEBG@Z
?SetByte@CInstance@@QEAA_NPEBGE@Z
?SetCHString@CInstance@@QEAA_NPEBG0@Z
?SetCHString@CInstance@@QEAA_NPEBGAEBVCHString@@@Z
?SetCHString@CInstance@@QEAA_NPEBGPEBD@Z
?SetCHStringResourceHandle@@YAXPEAUHINSTANCE__@@@Z

Sections

.text
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
frprov.dll
.dll regsvr32 windows:10 windows x64 arch:x64

904b1d7339a2f50b5e7277d532b4558c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

frprov.pdb

Imports

msvcrt

memmove
??_V@YAXPEAX@Z
_purecall
_initterm
??0exception@@QEAA@AEBQEBD@Z
memcpy
__dllonexit
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
?what@exception@@UEBAPEBDXZ
?terminate@@YAXXZ
_XcptFilter
_amsg_exit
_lock
_CxxThrowException
malloc
__C_specific_handler
_unlock
??0exception@@QEAA@AEBV0@@Z
__CxxFrameHandler3
_onexit
??3@YAXPEAX@Z
??1type_info@@UEAA@XZ
memcpy_s
_vsnwprintf
??1exception@@UEAA@XZ
__CxxFrameHandler4
free
memset

api-ms-win-core-com-l1-1-0

CoTaskMemFree
StringFromGUID2
CLSIDFromString
CoRevertToSelf
CoGetCallContext
CoCreateInstance
StringFromCLSID

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegDeleteValueW
RegDeleteKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegOpenCurrentUser
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegDeleteTreeW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
OpenThreadToken
SetThreadToken
TerminateProcess
GetCurrentProcess
GetCurrentThread

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameW
GetProcAddress

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

oleaut32

VariantCopy
SysStringLen
VariantCopyInd
VariantClear
SysFreeString
SysAllocString
SafeArrayGetElement
SafeArrayPutElement
SafeArrayCreateVector
SysAllocStringLen
SafeArrayRedim
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayUnlock
SafeArrayGetLBound
VariantInit
SafeArrayCopy
SysStringByteLen
SafeArrayGetVartype
VariantChangeType
SafeArrayCreate
SafeArrayLock

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-security-base-l1-1-0

GetTokenInformation
IsValidSid
ImpersonateLoggedOnUser
RevertToSelf

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-processthreads-l1-1-1

OpenProcess

ntdll

EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwGetTraceEnableFlags

shlwapi

SHDeleteKeyW

wtsapi32

WTSQueryUserToken

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 716B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fsutilext.dll
.dll windows:10 windows x64 arch:x64

6fb820210ab2ccd98a14ab8e379a1722

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fsutilext.pdb

Imports

msvcrt

memcmp
memcpy
memmove
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_vsnwprintf
_wcsicmp
wcsnlen
memset

kernel32

ResolveDelayLoadedAPI
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FindFirstVolumeMountPointW
FindVolumeMountPointClose
SetThreadUILanguage
FindNextVolumeMountPointW
GetLastError
Sleep
DelayLoadFailureHook

ulib

?Initialize@WSTRING@@QEAAEPEBV1@KK@Z
?QueryWSTR@WSTRING@@QEBAPEAGKKPEAGKE@Z
?DisplayMsg@MESSAGE@@QEAAEKPEBDZZ
?FreeLibraryHandle@SYSTEM@@SAXPEAX@Z
?DisplayMsg@MESSAGE@@QEAAEK@Z
?QueryLibraryEntryPoint@SYSTEM@@SAP6A_JXZPEBVWSTRING@@0PEAPEAX@Z
?Initialize@WSTRING@@QEAAEPEBDK@Z
?Initialize@WSTRING@@QEAAEPEBGK@Z
??1DSTRING@@UEAA@XZ
??0DSTRING@@QEAA@XZ

ntdll

NtFsControlFile
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlLengthSid
RtlFreeHeap
NtClose
NtDeviceIoControlFile
NtOpenFile
RtlInitUnicodeString
RtlAllocateHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

CreateEventA

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
GetProcAddress

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW

api-ms-win-core-file-l1-1-0

CreateFileW
ReadFile
GetFileAttributesW

api-ms-win-core-processthreads-l1-1-0

SetThreadToken
OpenProcessToken
OpenThreadToken
GetCurrentThread

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
AdjustTokenPrivileges

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-rtlsupport-l1-1-0

RtlCompareMemory

Exports

Exports

CheckSonyMSWorker
DeviceInstIsRemovableWorker
FindFirstVolumeMountPointWStub
FindNextVolumeMountPointWStub
FindVolumeMountPointCloseStub
GetDeviceIDDiskFromDeviceIDVolumeWorker
GetDeviceInstanceWorker
GetRemovableDeviceInstRecursWorker
GetWidgetWorker
InvalidateFveWorker
SendWithSenseParseWorker
SetThreadUILanguageStub
SystemParametersInfoWStub
WaitForUnitAndReportProgressWorker

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fthsvc.dll
.dll windows:10 windows x64 arch:x64

0fc60524567178847eaf42af2d112eda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

fthsvc.pdb

Imports

msvcrt

__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
sprintf_s
_get_errno
_set_errno
vsprintf_s
wcsstr
wcstoul
_wcsicmp
towlower
_wcsnicmp
_vsnwprintf
memset

ntdll

RtlVirtualUnwind
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
WinSqmAddToStream
RtlInitUnicodeString
NtCreateNamedPipeFile
NtQueryObject
EtwTraceMessage
EtwEventUnregister
EtwEventWrite
RtlLookupFunctionEntry
RtlCaptureContext
EtwEventRegister

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

kernel32

TerminateThread
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
GetProcessTimes
GetTempFileNameW
GetProcessHeap
HeapAlloc
CreateFileW
GetTempPathW
OutputDebugStringA
HeapFree
CreateDirectoryW
GetWindowsDirectoryW
DeleteFileW
RemoveDirectoryW
ConnectNamedPipe
DelayLoadFailureHook
ResolveDelayLoadedAPI
MapViewOfFile
GetSystemTime
GlobalMemoryStatusEx
SystemTimeToFileTime
LocalFree
HeapDestroy
ResetEvent
CreateThread
CloseHandle
SetEvent
GetLastError
CreateEventW
OpenProcess
DisconnectNamedPipe
GetTickCount
DuplicateHandle
UnmapViewOfFile
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
DeleteCriticalSection
ReadFile
CancelIo
HeapCreate
GetCurrentProcess
WriteFile
WaitForMultipleObjects
GetNamedPipeClientProcessId
WaitForSingleObject
GetCurrentThreadId
ResumeThread
GetSystemTimeAsFileTime

wevtapi

EvtClose
EvtCreateRenderContext
EvtSubscribe
EvtRender

wer

WerpGetReportConsent
WerReportCreate
WerReportSubmit
WerReportCloseHandle
WerReportAddFile
WerReportSetParameter
WerpSetCallBack

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegOpenKeyExW
RegEnumValueW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyExW
RegCloseKey

api-ms-win-core-namedpipe-l1-1-0

ImpersonateNamedPipeClient

api-ms-win-security-base-l1-1-0

RevertToSelf

Exports

Exports

FthSysprepSpecialize
FthSysprepSpecializeOffline
WdiDiagnosticModuleMain
WdiGetDiagnosticModuleInterfaceVersion
WdiHandleInstance

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fundisc.dll
.dll windows:10 windows x64 arch:x64

f154e35f18bfc2ab553942d1dda8ed50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

FunDisc.pdb

Imports

msvcrt

_lock
__C_specific_handler
_initterm
_amsg_exit
_onexit
??1type_info@@UEAA@XZ
_XcptFilter
memset
_callnewh
memmove
wcsrchr
malloc
_wtoi
wcsstr
wcsncmp
wcschr
memcpy
_CxxThrowException
realloc
__dllonexit
_unlock
free
_wcsicmp
memcpy_s
_vsnwprintf
wcscmp

ntdll

NtQueryInformationToken
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WinSqmAddToStreamEx
NtQueryInformationProcess
RtlCaptureStackBackTrace
WinSqmIsOptedIn
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleFileNameW
GetModuleHandleW
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameA
GetModuleHandleExW
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
CreateMutexExW
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
TryEnterCriticalSection
ReleaseSemaphore
OpenSemaphoreW
WaitForMultipleObjectsEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
WaitForSingleObjectEx
ResetEvent
WaitForSingleObject
SetEvent
DeleteCriticalSection
CreateEventW
LeaveCriticalSection
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentProcess
CreateThread
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

GetUserDefaultLCID
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-registry-l1-1-0

RegNotifyChangeKeyValue
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceBeginInitialize
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 4KB - Virtual size: 256B

.rsrc Size: 4KB - Virtual size: 1KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 4KB - Virtual size: 256B

.rsrc Size: 88KB - Virtual size: 85KB

ca15c4388d72a0ae9796e6ecf0fe0621

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

crypt32

advapi32

kernel32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 1KB

.pdata Size: 4KB - Virtual size: 624B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 44B

f73e95790beff3134809d1b990d97d97

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

msvcp_win

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-string-l2-1-1

api-ms-win-core-file-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

ntdll

api-ms-win-service-private-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

rpcrt4

api-ms-win-core-io-l1-1-0

.rdata
Size: 4KB - Virtual size: 256B

.rsrc
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 256B

.rsrc
Size: 88KB - Virtual size: 85KB

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 1KB

.pdata
Size: 4KB - Virtual size: 624B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 44B

.text
Size: 284KB - Virtual size: 281KB

.rdata
Size: 80KB - Virtual size: 78KB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 20KB - Virtual size: 17KB

.didat
Size: 4KB - Virtual size: 792B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 1KB

.pdata
Size: 4KB - Virtual size: 768B

.didat
Size: 4KB - Virtual size: 40B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 60B